Secure NL-to-Bash execution
Natural language tasks, host-aware generation, parallel multi-server SSH, and JSON responses with summaries and formatted technical reports.
Key Implemented Features
Script archive lifecycle
Multi-line scripts are saved remotely under a configurable home directory
with timestamped ShellSentry_*.sh names; users can list scripts
(including date scopes), re-run, or request an LLM explanation of saved content.
Safe re-execution
Strict *.sh basename rules, per-server existence checks, and
re-validation of script contents against the current policy before any rerun.
Safe Cron mode
List only ShellSentry-managed cron lines or schedule updates for archived scripts; destructive crontab removal intents are blocked at the intent layer.
Reliability and UX
SSH port pre-checks, bounded parallel workers, independent per-host outcomes, LLM retries with backoff for timeouts and HTTP 429, and clearer UI error context.
Security Features
Command Sanitization
Strips risky symbols and suspicious prompt patterns before processing.
Input Validation
Rejects unsafe requests using regex checks and rule-based policy gates.
Whitelist & Blacklist Filtering
Allows approved commands while blocking privileged or destructive actions.
Secure SSH Execution
Runs validated commands over authenticated Paramiko SSH sessions.
Activity Logging
Records user requests, generated commands, and execution results for audits.
Read-only execution mode
Deployment can default to read-only command profiles so routine checks are less likely to mutate systems—tightened further by whitelist, blacklist, and normalization rules.