Features

A real terminal first. A safe AI second.

AI NetShell is a full multi-protocol terminal for network engineers, with an AI assistant that can read anything and touch nothing — until a human approves the exact diff.

The terminal

Everything you already expect from a serious SSH client

Every protocol you use

SSH, serial, RDP, and file transfer over SFTP/SCP/TFTP — one app, one inventory.

Multi-tab, split panes

Run several devices side by side with a drag-to-snap 2×2 layout, resizable panes.

10k-line scrollback search

Syntax highlighting, quick copy/paste, and fast search across a bounded, in-memory scrollback.

Reusable auth profiles

Keyring, SSH agent, or key file — credentials live in your OS credential store, never in a config file.

Bulk import

Bring your existing inventory in from CSV, ssh_config, or SecureCRT exports.

Encrypted case export

age-encrypted session exports, redacted before they ever touch disk — hand a customer a clean case note.

The read-only AI

Four fixed tools. Nothing else. Ever.

The AI's entire capability surface is list, read, propose, and ask — a fixed enum, exhaustiveness-checked in CI. New abilities require a software release, not a clever prompt. It cannot invent a fifth verb, and it never sees a raw credential: device secrets are redacted to stable [REDACTED:kind#N] placeholders before the model ever reads them.

Ask it to investigate

Point it at a device and ask what's wrong. It reads config and state, correlates across sessions, and answers — free and instant, no approval needed, because reading changes nothing.

Bring your own key

BYOK Anthropic or OpenAI. Your key, your account, your usage — AI NetShell never proxies or retains your conversations. See the privacy page for exactly what's sent.

Governed write — proven live on Cisco NX-OS

Read is free and instant. Write is deliberate, reversible, and paid.

The AI is structurally incapable of changing a device except through a gated, human-approved, snapshot-backed, fully-audited path — and any change is one click from being undone. This isn't a slide; it's the product, run against real hardware on 2026-07-04.

1. Propose & diff

The operator describes an intent and statements. Gate 1 (the per-vendor write policy) checks every statement; a device-side snapshot is captured; the exact before→after diff is rendered.

2. A human approves

Gate 2. The approval modal shows the target device, the diff, and an expandable "exact commands" panel — full disclosure of precisely what will run. The AI cannot construct this approval itself.

3. Apply, audit, or undo

Applying writes an append-only, hash-chained audit record first — a write that can't be recorded auto-rolls-back. Rolling back hands the device its own snapshot: byte-for-byte reversed.

The safety floor never moves. Dangerous verbs — reload, write erase, format, factory-reset, shell/scripting escapes — are hard-blocked by an immutable floor that no policy, no customer override, and no tier can weaken. A change set is atomic: one bad line sinks the whole proposal, and the attempt is still recorded.

See exactly which vendors have write proven live today vs. shipping in beta on the security page, including the full two-gate architecture diagram and threat model.