terminal-guardian-mcp
Allows interaction with Docker containers: list and inspect containers, read logs with timestamps, view real-time resource stats, and restart containers with confirmation.
Provides Git repository analysis: full status breakdown, diff viewer with per-file changes, commit history with authors and dates, and branch listing (local and remote).
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@terminal-guardian-mcprun git status in the current repo"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
๐ฌ Live Demo
๐ก Demo shows the core analysis engine. In real use, this runs automatically when Claude executes terminal commands via MCP โ no CLI needed.
Terminal Guardian MCP
Secure, sandboxed terminal access for AI assistants via the Model Context Protocol
Features ยท Quick Start ยท Claude Desktop ยท Tools ยท Security ยท Configuration ยท Windows ยท Roadmap
Related MCP server: Command Executor MCP Server
Overview
Terminal Guardian MCP is a production-grade Model Context Protocol server that gives AI assistants like Claude safe, controlled, and auditable access to your terminal. Every command is analyzed for risk, logged with full context, and executed inside configurable safety boundaries.
Built for developers who want to leverage AI in their workflows without compromising system integrity.
AI Assistant โ Terminal Guardian MCP โ Risk Analysis โ Sandboxed Execution โ Structured Resultโ ๏ธ This server provides real terminal access. Configure it carefully. Review the Security Philosophy before deploying.
Features
๐ก๏ธ Risk Analysis Engine
Every command passes through a multi-layer safety analysis before execution:
Risk Level | Example Commands | Behavior |
|
| Executed immediately |
|
| Requires explicit confirmation |
|
| Blocked by default |
|
| Always blocked, always logged |
โก Secure Terminal Execution
Shell command execution with full
stdout/stderrcaptureConfigurable per-command timeouts (default: 30s, max: 5m)
SIGTERM โ SIGKILL escalation for hanging processes
Working directory isolation within workspace root
Output size limits to prevent memory exhaustion
Cross-platform: auto-detects bash, sh, PowerShell, or cmd
๐ค AI Commit Message Generator (new in v1.3)
Analyzes
git diffand generates Conventional Commits suggestions via ClaudeReturns 1โ5 suggestions with type, scope, subject, body, and breaking change flags
Three styles:
conventional,simple,detailedAutomatically truncates large diffs to keep API costs low
Requires
ANTHROPIC_API_KEYenvironment variable
๐ฆ Workspace Templates (new in v1.3)
Scaffold new projects instantly from 8 production-ready templates:
Template ID | Stack |
| Node.js + TypeScript + ESLint + Vitest |
| Node.js ESM |
| FastAPI + Pydantic v2 + pytest |
| Typer + Rich |
| React 18 + Vite + TypeScript |
| Next.js 15 App Router + TypeScript |
| Express + Zod + TypeScript |
| MCP Server starter (TypeScript) |
๐ Process Management
List all running processes with CPU, memory, PID, and command
Filter by name or command substring, sort by CPU / memory / PID / name
Terminate processes by PID with signal control (SIGTERM / SIGKILL / SIGINT / SIGHUP)
Protected PID list โ system processes (init, systemd, launchd, PID 0/1) can never be killed
SIGKILL requires
confirmed: trueas an additional safety gate
๐ Environment Variables
Inspect environment variables with automatic secret masking
Secrets are never revealed in full โ shown as
sk**...xyformatAuto-detects secrets by key name (
API_KEY,TOKEN,PASSWORD,DATABASE_URL,SECRET, ...)Auto-detects secrets by value shape (base64 blobs, JWTs, GitHub/Stripe/Slack/OpenAI tokens)
Filter by key name, category (
secret,path,system,runtime,unknown), or fetch specific keys
๐ Network Diagnostics
Ping โ check host reachability and measure round-trip latency, cross-platform
HTTP requests โ GET/POST/PUT/PATCH/DELETE/HEAD with headers, body, redirect control; response body capped at 512KB
DNS lookup โ resolve hostnames via
digโnslookupโ Node.js DNS fallbackPrivate/loopback addresses blocked by default (
127.x,10.x,192.168.x,::1, link-local)Only
http://andhttps://allowed โfile://,ftp://,ldap://and others are blocked
๐ Filesystem Access
File listing, reading, and content search
Configurable workspace root with path traversal prevention
Glob pattern matching for targeted file searches
Project structure analysis with language detection
๐ณ Docker Integration (optional)
List and inspect containers
Read container logs with timestamp support
Real-time resource stats (CPU, memory, network, block I/O)
Execute commands inside containers (
docker_exec) with confirmation gateContainer restart with confirmation gate
Disabled by default โ opt-in via config
๐ฟ Git Repository Analysis
Full
git statuswith staged/unstaged/untracked breakdownDiff viewer with per-file additions/deletions
Commit history with author, date, and refs
Branch listing (local + remote)
Read-only by default (push/commit require explicit opt-in)
๐ Session Logging
Structured JSON logs via pino
Every command, tool call, and security event is recorded
Configurable log levels and output destinations
Optional output logging (disabled by default for privacy)
๐ Rate Limiting
Per-minute and per-hour request limits
In-memory bucket algorithm with automatic reset
Clear error messages with retry-after hints
๐ WebSocket Transport (new in v1.4)
Run as a persistent HTTP + WebSocket server โ multiple clients connect simultaneously
Every WebSocket connection gets its own isolated MCP Server instance
Bearer token authentication (via
Authorizationheader or?token=query string)Built-in web dashboard at
GET /โ live stats, connection count, uptime, config snippetHealth check at
GET /healthand stats API atGET /statsKeepalive ping/pong with automatic dead connection cleanup
Configurable max connections (default: 10)
Works alongside stdio โ choose the mode at startup via CLI flag
๐ฅ๏ธ Remote SSH Execution (new in v1.5)
Execute commands on remote servers via SSH โ with the same risk analysis as local execution
Named server profiles in config (
prod,staging,dev, ...)Key-based auth (reads
~/.ssh/id_rsaor any specified key path) and password authConnection pool โ reuses SSH sessions, no new handshake on every command
Host fingerprint verification to protect against MITM attacks
BLOCKED/WARNING/DANGEROUSrules apply identically on remote hostsConfigurable timeout, max connections, keepalive interval
Quick Start
Prerequisites
Node.js โฅ 18.0.0
npm or yarn
Install from npm
npm install -g terminal-guardian-mcpInstall from source
git clone https://github.com/7Majesty-M/terminal-guardian-mcp.git
cd terminal-guardian-mcp
npm install
npm run buildRun directly
# stdio mode โ for Claude Desktop (default)
terminal-guardian-mcp
# WebSocket mode โ persistent server, multiple clients
terminal-guardian-mcp --transport ws --port 3000
# WebSocket with token auth
terminal-guardian-mcp --transport ws --port 3000 --token mysecret
# Help
terminal-guardian-mcp --helpClaude Desktop Integration
Add Terminal Guardian to your Claude Desktop configuration:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json
{
"mcpServers": {
"terminal-guardian": {
"command": "npx",
"args": ["terminal-guardian-mcp"],
"env": {
"GUARDIAN_CONFIG": "/path/to/your/terminal-guardian.config.json",
"ANTHROPIC_API_KEY": "sk-ant-..."
}
}
}
}
ANTHROPIC_API_KEYis only required for thegit_suggest_committool. All other tools work without it.
Or if installed globally:
{
"mcpServers": {
"terminal-guardian": {
"command": "terminal-guardian-mcp",
"env": {
"GUARDIAN_CONFIG": "/absolute/path/to/terminal-guardian.config.json"
}
}
}
}After saving, restart Claude Desktop. You should see Terminal Guardian appear in the tools list.
WebSocket mode (remote / persistent server)
If you're running Terminal Guardian as a persistent WebSocket server (e.g. on a remote machine or in Docker), connect via URL instead:
{
"mcpServers": {
"terminal-guardian": {
"url": "ws://localhost:3000",
"headers": {
"Authorization": "Bearer mysecret"
}
}
}
}# Start the server first
terminal-guardian-mcp --transport ws --port 3000 --token mysecret
# Then open the dashboard in your browser
open http://localhost:3000MCP Tools
Terminal Guardian exposes 24 tools across 8 domains.
Terminal
run_command
Execute a shell command with full safety analysis.
{
"command": "npm run build",
"cwd": "./my-project",
"timeout": 60000,
"confirmed": false
}Returns:
{
"success": true,
"data": {
"command": "npm run build",
"exitCode": 0,
"stdout": "...",
"stderr": "",
"duration": 4230,
"timedOut": false,
"workingDir": "/workspace/my-project",
"timestamp": "2024-01-15T10:30:00.000Z",
"riskAssessment": {
"level": "SAFE",
"score": 5,
"reasons": ["No dangerous patterns detected"],
"blocked": false
}
}
}analyze_command
Analyze a command without running it.
{ "command": "rm -rf ./old-build" }Returns:
{
"level": "WARNING",
"score": 40,
"reasons": ["Recursive deletion โ verify target path carefully"],
"requiresConfirmation": true,
"blocked": false,
"recommendation": "Review this command carefully before proceeding."
}SSH
ssh_list_profiles
List all configured SSH profiles.
{}Returns:
[
{ "name": "prod", "host": "prod.example.com", "port": 22, "username": "deploy", "authMethod": "key", "connected": false },
{ "name": "staging", "host": "stg.example.com", "port": 22, "username": "ubuntu", "authMethod": "key", "connected": true }
]ssh_test
Test SSH connectivity and measure latency.
{ "profile": "prod" }Returns:
{
"profile": "prod",
"host": "prod.example.com",
"port": 22,
"username": "deploy",
"connected": true,
"latencyMs": 42
}ssh_exec โจ
Execute a command on a remote server. Uses the same risk engine as local execution.
{
"profile": "prod",
"command": "systemctl status nginx",
"cwd": "/var/app"
}Returns:
{
"profile": "prod",
"host": "prod.example.com",
"command": "systemctl status nginx",
"exitCode": 0,
"stdout": "โ nginx.service - A high performance web server...",
"stderr": "",
"duration": 312,
"timedOut": false,
"riskAssessment": { "level": "SAFE", "score": 5, "blocked": false }
}Dangerous commands (
rm -rf /,shutdown, fork bombs) are blocked on remote hosts just like locally.
Git
git_status
{ "path": "." }git_diff
{ "staged": false, "file": "src/api.ts" }git_log
{ "limit": 20 }git_suggest_commit โจ
Generate AI-powered commit message suggestions from your staged diff.
{ "staged": true, "count": 3, "style": "conventional" }Returns:
{
"suggestions": [
{
"message": "feat(auth): add JWT refresh token rotation\n\nImplements automatic rotation on each use\nto prevent token reuse attacks.",
"type": "feat",
"scope": "auth",
"subject": "add JWT refresh token rotation",
"breaking": false,
"confidence": "high"
}
],
"model": "claude-sonnet-4-20250514",
"tokensUsed": 312,
"diffSummary": "Added refresh token rotation to AuthService",
"truncated": false
}Workspace Templates
list_templates
List all available project templates with optional tag filtering.
{ "tag": "python" }Returns:
[
{ "id": "python-fastapi", "name": "Python FastAPI", "tags": ["python", "api", "backend"], "fileCount": 6, "postInstall": ["python -m venv .venv", "pip install -r requirements.txt"] },
{ "id": "python-cli", "name": "Python CLI Tool", "tags": ["python", "cli"], "fileCount": 4 }
]apply_template โจ
Scaffold a new project from a template. Safe โ cannot write outside workspace root.
{
"templateId": "mcp-server",
"projectName": "my-mcp-tool",
"targetDir": "./projects/my-mcp-tool"
}Returns:
{
"templateId": "mcp-server",
"projectName": "my-mcp-tool",
"targetDir": "/workspace/projects/my-mcp-tool",
"filesCreated": ["package.json", "tsconfig.json", "src/index.ts", "claude_desktop_config.example.json", ".gitignore", "README.md"],
"filesSkipped": [],
"postInstall": ["npm install", "npm run build"]
}Processes
list_processes
{ "filter": "node", "sortBy": "memory", "limit": 20 }kill_process
{ "pid": 12345, "signal": "SIGTERM" }
"signal": "SIGKILL"requires"confirmed": true.
Environment
get_env
{ "keys": ["NODE_ENV", "PORT", "DATABASE_URL"] }Secret masking:
Original | Shown as |
|
|
|
|
|
|
|
|
Network
ping
{ "host": "api.github.com", "count": 4 }http_request
{
"url": "https://api.github.com/zen",
"method": "GET",
"headers": { "Accept": "application/json" }
}dns_lookup
{ "host": "github.com" }Filesystem
list_files
{ "path": "./src", "recursive": true }read_file
{ "path": "./src/index.ts" }search_files
{ "query": "TODO", "path": "./src", "pattern": "**/*.ts" }Docker (requires docker.enabled: true)
docker_ps ยท docker_logs ยท docker_stats ยท docker_exec
{ "container": "my-app", "command": ["node", "--version"], "confirmed": true }Architecture
terminal-guardian-mcp/
โโโ src/
โ โโโ index.ts # MCP server entrypoint & tool routing (24 tools)
โ โโโ types/index.ts # Shared TypeScript types
โ โโโ config/loader.ts # Config file loading with deep merge
โ โโโ security/
โ โ โโโ riskAnalyzer.ts # Multi-layer command risk analysis engine
โ โ โโโ rateLimiter.ts # Per-minute/hour request throttling
โ โโโ tools/
โ โ โโโ executor.ts # Cross-platform shell execution engine
โ โ โโโ processManager.ts # Process listing and safe termination
โ โ โโโ schemas.ts # Zod input validation schemas
โ โโโ system/
โ โ โโโ envManager.ts # Env vars with automatic secret masking
โ โโโ network/
โ โ โโโ diagnostics.ts # Ping, HTTP requests, DNS lookup
โ โโโ filesystem/
โ โ โโโ manager.ts # Safe file access with path enforcement
โ โโโ docker/
โ โ โโโ manager.ts # Dockerode integration + container exec
โ โโโ git/
โ โ โโโ manager.ts # Git operations via child_process
โ โ โโโ commitGenerator.ts # AI commit message generation (Anthropic API)
โ โโโ ssh/
โ โ โโโ manager.ts # SSH connection pool + profile management
โ โ โโโ executor.ts # Remote command execution with risk analysis
โ โโโ workspace/
โ โ โโโ templates.ts # Project scaffolding โ 8 templates
โ โโโ transport/
โ โ โโโ wsServer.ts # WebSocket HTTP server + auth + multi-client
โ โ โโโ dashboard.ts # Live web dashboard (dark theme, auto-refresh)
โ โโโ logging/
โ โโโ logger.ts # Pino-based structured logging
โโโ tests/ # Vitest unit tests (170 tests)
โโโ .github/workflows/ # CI/CD pipeline (Node 18/20/22)
โโโ Dockerfile # Multi-stage build, non-root user
โโโ docker-compose.yml
โโโ terminal-guardian.config.jsonConfiguration
{
"workspace": {
"rootDir": "/home/user/projects",
"allowedPaths": ["/home/user/projects"],
"maxFileSize": 10485760,
"maxFilesPerOperation": 100
},
"execution": {
"timeout": 30000,
"maxOutputSize": 1048576,
"maxConcurrentProcesses": 5,
"shell": "auto"
},
"security": {
"enableRiskAnalysis": true,
"blockDangerousCommands": true,
"requireConfirmationForWarnings": true,
"allowSudo": false,
"allowNetworkCommands": true,
"customBlocklist": [],
"customAllowlist": []
},
"rateLimit": {
"enabled": true,
"maxRequestsPerMinute": 60,
"maxRequestsPerHour": 500
},
"docker": {
"enabled": false,
"socketPath": "/var/run/docker.sock",
"allowContainerRestart": false,
"allowLogAccess": true
},
"git": {
"enabled": true,
"allowPush": false,
"allowCommit": false,
"maxLogEntries": 50
},
"logging": {
"enabled": true,
"level": "info",
"logDir": "./logs",
"logCommands": true,
"logOutputs": false,
"logSecurityEvents": true,
"prettyPrint": false
},
"ssh": {
"enabled": false,
"timeout": 30000,
"keepaliveInterval": 10000,
"maxConnections": 5,
"profiles": {}
}
}SSH Profiles
To use SSH tools, add profiles to ssh.profiles and set ssh.enabled: true:
{
"ssh": {
"enabled": true,
"profiles": {
"prod": {
"host": "prod.example.com",
"port": 22,
"username": "deploy",
"privateKeyPath": "~/.ssh/id_rsa"
},
"staging": {
"host": "staging.example.com",
"username": "ubuntu",
"privateKeyPath": "~/.ssh/staging_key"
}
}
}
}Configuration Reference
Key | Default | Description |
|
| Absolute root for all filesystem operations |
|
| Max readable file size in bytes (10MB) |
|
| Default command timeout in ms |
|
| Max stdout+stderr size in bytes (1MB) |
|
| Shell โ |
|
| Whether sudo commands are permitted |
|
| Additional regex patterns to always block |
|
| Patterns that bypass risk analysis |
|
| Enable Docker tool integration |
|
| Allow restarting containers |
|
| Allow |
|
| Log stdout/stderr (may contain secrets!) |
|
| Enable SSH tool integration |
|
| Max pooled SSH connections |
Security Philosophy
Terminal Guardian operates on a deny-by-default model with explicit allowlisting.
Always blocked
Recursive filesystem deletion of system paths (
rm -rf /)Fork bombs (
:(){:|:&};:)System power management (
shutdown,reboot,halt)Filesystem formatting (
mkfs,wipefs,dd of=/dev/)Reverse shells and TCP redirections (
/dev/tcp/)chmod 777 /and similar root-level permission changesfile://,ftp://,ldap://URL schemes in HTTP requestsPrivate/loopback addresses in network tools
Requires confirmation
Recursive deletions (
rm -rf ./anything)Docker container stop/kill/remove
Docker container exec (
docker_exec)Force kills โ
kill_processwithSIGKILLPermission modifications (
chmod,chown)Git destructive operations (
reset --hard,push)Service management (
systemctl stop)
Always safe
Read-only shell commands:
ls,cat,grep,findGit inspection:
status,log,diff,branchgit_suggest_commitโ reads diff only, never writes anythinglist_templatesโ no filesystem changesDocker read operations:
ps,images,inspect,stats,logsnpm read operations:
list,outdated,auditSystem info:
whoami,uptime,df,unamelist_processesโ read-only, never modifies stateget_envโ secrets masked before they leave the moduledns_lookupโ read-only DNS querypingto public hostsssh_list_profiles,ssh_testโ read-only, no command execution
Threat model
AI hallucination safety โ blocks commands an AI might suggest incorrectly
Prompt injection defense โ rate limiting and explicit confirmation prevent automation abuse
Supply chain protection โ blocks pipe-to-shell patterns (
curl | bash)Privilege escalation โ sudo blocked by default
Secret leakage โ env vars masked at read time, raw values never reach AI context
SSRF protection โ private network ranges blocked in all network tools
Data exfiltration โ output size limits, no secret logging by default
Workspace isolation โ templates and filesystem tools cannot escape workspace root
Remote command safety โ same risk engine on SSH as locally, BLOCKED means BLOCKED everywhere
Windows Support
Terminal Guardian auto-detects the available shell at startup โ no manual configuration needed.
Platform | Default Shell | Fallback |
Linux / macOS |
|
|
Windows |
|
|
Windows quick start
# Option 1: PowerShell Core (recommended)
winget install Microsoft.PowerShell
# Option 2: WSL โ shell auto-detects, no config change needed
# Option 3: Git Bash โ set path explicitly{
"execution": {
"shell": "C:\\Program Files\\Git\\bin\\bash.exe"
}
}Note: On Windows without WSL, Unix commands like
ls,grep,catrequire PowerShell equivalents or Git Bash.
Docker Usage
docker build -t terminal-guardian-mcp .
docker-compose up -d
docker-compose logs -f terminal-guardianThe container runs as a non-root user (guardian:guardian) with a read-only root filesystem.
Development
npm install # Install dependencies
npm run dev # Start in watch mode
npm test # Run tests
npm run test:coverage # Coverage report
npm run typecheck # TypeScript check
npm run lint # ESLint
npm run format # Prettier
npm run build # Production buildUsage Examples
With Claude Desktop
"Check the git status of my project and tell me what files have changed"
"I've staged my changes โ write me a commit message"
"Scaffold a new FastAPI project in ./services/users"
"Which process is eating the most CPU right now?"
"Show me all environment variables related to Node โ keep secrets masked"
"Is api.github.com reachable? What's the latency?"
"Make a GET request to https://api.github.com/zen and show me the response"
"Run the test suite and show me any failures"
"There's a hung process using 4GB of RAM โ find it and kill it gracefully"
"List Docker containers and check if the database is healthy"
"Run
node --versioninside the api container"
Tool call examples
Safe command:
User: Run `ls -la` in the src directory
Claude: [calls run_command {"command": "ls -la", "cwd": "src"}]
โ Returns file listing immediately (SAFE)Confirmation required:
User: Clean up the dist directory
Claude: [calls analyze_command โ WARNING]
"rm -rf ./dist requires confirmation. Proceed?"
User: Yes
Claude: [calls run_command with confirmed: true]Blocked:
User: Run rm -rf /
Claude: "Terminal Guardian has blocked this โ it would delete the root filesystem."AI commit message:
User: I've staged my auth refactor, suggest a commit message
Claude: [calls git_suggest_commit {"staged": true, "count": 3}]
1. refactor(auth): extract token validation into AuthGuard class
2. refactor(auth): decouple token logic from UserService
3. chore(auth): reorganize auth module structure
Which one would you like to use?Scaffold a project:
User: Create a new MCP server called "weather-mcp"
Claude: [calls apply_template {"templateId": "mcp-server", "projectName": "weather-mcp", "targetDir": "./weather-mcp"}]
Created 6 files. Next steps:
cd weather-mcp && npm install && npm run buildNetwork check:
User: Is my API server reachable?
Claude: [calls ping {"host": "api.myapp.com", "count": 3}]
"api.myapp.com is reachable. Avg latency: 24ms, 0% packet loss."Env inspection:
User: What's my runtime environment?
Claude: [calls get_env {"filter": "NODE"}]
"NODE_ENV=production, NODE_VERSION=20.11.0.
DATABASE_URL and API_KEY are present โ values masked for security."Docker exec:
User: Check the Node version inside the api container
Claude: [calls docker_exec {"container": "api", "command": ["node", "--version"], "confirmed": true}]
"v20.11.0"SSH โ remote server management:
User: Check nginx status on prod
Claude: [calls ssh_test {"profile": "prod"}]
"Connected to prod.example.com (42ms latency)."
Claude: [calls ssh_exec {"profile": "prod", "command": "systemctl status nginx"}]
"โ nginx.service โ active (running) since..."
User: Restart it
Claude: [calls ssh_exec {"profile": "prod", "command": "systemctl restart nginx", "confirmed": true}]
"Done โ nginx restarted. Exit code 0."WebSocket mode โ remote access:
# On your dev server
terminal-guardian-mcp --transport ws --port 3000 --token mytoken
# Dashboard: http://your-server:3000
# Claude Desktop connects via ws://your-server:3000
# Multiple Claude sessions can connect simultaneously โ each gets isolated MCP instanceRoadmap
Released
v1.0 โ Secure terminal execution with risk analysis engine
v1.0 โ Filesystem access with path traversal protection
v1.0 โ Git repository analysis (status, diff, log, branches)
v1.0 โ Docker integration (ps, logs, stats, restart)
v1.0 โ Session logging, rate limiting, configurable security
v1.0 โ Cross-platform shell auto-detection (Linux / macOS / Windows)
v1.1 โ Process management (
list_processes,kill_process)v1.1 โ Environment variable inspection with automatic secret masking
v1.2 โ Network diagnostics (
ping,http_request,dns_lookup)v1.2 โ Docker container exec (
docker_exec) with confirmation gatev1.3 โ AI-powered commit message generation (
git_suggest_commit)v1.3 โ Workspace templates โ 8 project starters (
list_templates,apply_template)v1.4 โ WebSocket transport (alongside stdio) with auth, dashboard, multi-client
v1.5 โ Remote SSH execution with key-based auth, connection pool, risk analysis
Planned
v2.0 โ Full gVisor/nsjail sandbox integration
v2.0 โ Per-session permission scoping
v2.0 โ Audit log export (JSON/CSV/SIEM formats)
Contributing
Fork the repository
Create a feature branch:
git checkout -b feature/my-featureCommit:
git commit -m 'feat: add my feature'Push:
git push origin feature/my-featureOpen a Pull Request
Please ensure all tests pass, TypeScript compiles cleanly, and new security patterns have test coverage.
Related Projects
Model Context Protocol โ The protocol specification
MCP TypeScript SDK โ Official SDK
Claude Desktop โ The AI assistant this was built for
License
MIT ยฉ Terminal Guardian Contributors
Built with โค๏ธ for the AI infrastructure community
โญ Star this project if it's useful to you
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/7Majesty-M/terminal-guardian-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server