Docs

Frequently asked questions

What exactly can the AI do?

Its entire capability surface is four fixed tools: list, read, propose, and ask. It can read whatever a permit-listed read command exposes and, if you've opted a vendor into governed write, propose a change as a diff. It cannot execute anything itself — a human always approves the diff before an apply reaches the device.

Is write really gated on every plan, or just Free?

The gates are identical on every tier, including Free: deny-by-default policy, the dangerous-verb floor, snapshot-before-apply, and the audit log. Paying unlocks capability (unlimited read-AI on Pro, the governed-write feature on Team) — never a weaker safety check.

What happens if my license lapses?

It degrades politely. Offline or unreachable license checks get a 14-day grace period on full entitlements. After grace expires you drop to Free behavior — read-only AI keeps working at trial level, and nothing destructive happens. Rollback is a safety feature and is never gated behind a license at all.

Does it work in an air-gapped or maintenance-window environment?

The terminal, inventory, and vault work fully offline. AI features need a path to your chosen model provider (Anthropic/OpenAI) when you use them. License validation is offline-first with a 14-day grace window specifically for ugly networks and 3am maintenance windows.

Which AI providers are supported?

Bring-your-own-key Anthropic and OpenAI today. You use your own account and your own API key, stored in your OS credential store — AI NetShell doesn't run its own hosted inference and never sees your key outside the request it's used in.

What platforms does it run on?

Windows 10 22H2+ and Windows 11 today (Windows-first, built on Tauri). macOS and Linux are behind platform traits already in the codebase and are on the roadmap, not yet shipped.

Is there a team/multi-user mode?

Team tier is per-seat licensing for governed write, not a shared multi-user backend — each engineer runs their own local install and their own credentials. There's no shared server component.

Why can't I override the dangerous-verb floor even in my own custom policy?

Bring-Your-Own-Policy (BYOP) can only add allowed read commands — it can never remove a shipped block. Commands like reload, write erase, format, factory-reset, and shell/scripting escapes are hard-blocked at the policy layer on every tier, with no override, by design.

What's the difference between a vendor marked "live-proven" and one marked "beta"?

Live-proven means the full pipeline — propose, snapshot, human-approved apply, and rollback — has been run end-to-end against real hardware and recorded. Beta means the same pipeline is implemented but hasn't yet cleared that hardware bar for that vendor. We label this honestly on the Security page rather than implying uniform readiness.

What is NetClaw, and is it part of the gated AI?

NetClaw is an optional, separate, off-by-default external agent integration that reaches devices with its own credentials, outside the two gates entirely. It's always presented as a distinct surface in the app — the read-only/gated claims on this site describe the built-in AI assistant, not NetClaw.