A real terminal first. A safe AI second.
AI NetShell is a full multi-protocol terminal for network engineers, with an AI assistant that can read anything and touch nothing — until a human approves the exact diff.
Everything you already expect from a serious SSH client
Every protocol you use
SSH, serial, RDP, and file transfer over SFTP/SCP/TFTP — one app, one inventory.
Multi-tab, split panes
Run several devices side by side with a drag-to-snap 2×2 layout, resizable panes.
10k-line scrollback search
Syntax highlighting, quick copy/paste, and fast search across a bounded, in-memory scrollback.
Reusable auth profiles
Keyring, SSH agent, or key file — credentials live in your OS credential store, never in a config file.
Bulk import
Bring your existing inventory in from CSV, ssh_config, or SecureCRT exports.
Encrypted case export
age-encrypted session exports, redacted before they ever touch disk — hand a customer a clean case note.
Four fixed tools. Nothing else. Ever.
The AI's entire capability surface is list, read, propose,
and ask — a fixed enum, exhaustiveness-checked in CI. New abilities require a
software release, not a clever prompt. It cannot invent a fifth verb, and it never sees a raw
credential: device secrets are redacted to stable [REDACTED:kind#N] placeholders
before the model ever reads them.
Ask it to investigate
Point it at a device and ask what's wrong. It reads config and state, correlates across sessions, and answers — free and instant, no approval needed, because reading changes nothing.
Bring your own key
BYOK Anthropic or OpenAI. Your key, your account, your usage — AI NetShell never proxies or retains your conversations. See the privacy page for exactly what's sent.
Read is free and instant. Write is deliberate, reversible, and paid.
The AI is structurally incapable of changing a device except through a gated, human-approved, snapshot-backed, fully-audited path — and any change is one click from being undone. This isn't a slide; it's the product, run against real hardware on 2026-07-04.
1. Propose & diff
The operator describes an intent and statements. Gate 1 (the per-vendor write policy) checks every statement; a device-side snapshot is captured; the exact before→after diff is rendered.
2. A human approves
Gate 2. The approval modal shows the target device, the diff, and an expandable "exact commands" panel — full disclosure of precisely what will run. The AI cannot construct this approval itself.
3. Apply, audit, or undo
Applying writes an append-only, hash-chained audit record first — a write that can't be recorded auto-rolls-back. Rolling back hands the device its own snapshot: byte-for-byte reversed.
The safety floor never moves. Dangerous verbs — reload,
write erase, format, factory-reset, shell/scripting escapes — are
hard-blocked by an immutable floor that no policy, no customer override, and no tier can weaken.
A change set is atomic: one bad line sinks the whole proposal, and the attempt is still recorded.
See exactly which vendors have write proven live today vs. shipping in beta on the security page, including the full two-gate architecture diagram and threat model.