{
  "product": "Terminal Guardian",
  "version": "2.3.3",
  "generated": "2026-05-29",
  "description": "Machine-readable record of all homepage-safe, evidence-backed security claims. Use this artifact to drive future homepage updates. Any claim not listed here must not appear on the homepage without new evidence.",
  "claims": [
    {
      "id": "powershell-module",
      "label": "PowerShell module",
      "supported": true,
      "evidence": "TerminalGuardian.psd1 (module manifest), TerminalGuardian.psm1 (public API). Native pwsh module with selftest command (tg selftest) and profile hook installer.",
      "homepage_safe_text": "Native PowerShell 7+ module with module manifest, selftest, and profile hook installer."
    },
    {
      "id": "denylist-enforcement",
      "label": "Denylist enforcement",
      "supported": true,
      "evidence": "TerminalGuardian/Rules/default-rules.json — 13 shipped rules (TG-001 through TG-013) covering destructive delete, disk wipe, format, recursive remove, and redaction test token. Verified by test-failclosed.ps1 Test 2.",
      "homepage_safe_text": "13 default rules enforce a denylist covering destructive disk and recursive delete operations."
    },
    {
      "id": "json-first-rule-evaluation",
      "label": "Explicit JSON-first rule evaluation",
      "supported": true,
      "evidence": "TerminalGuardian/Private/RuleEngine.ps1 lines 179-197. JSON denylist rules are evaluated before the semantic analysis pipeline. This ordering is an architectural invariant. Verified by BrainLane.Integration.Tests.ps1 (TG-003 fires before TG-SEM-RM-ROOT).",
      "homepage_safe_text": "JSON denylist rules are evaluated before any semantic analysis pipeline. No command can bypass explicit rules via a later stage."
    },
    {
      "id": "action-tiers",
      "label": "Action tiers: block, challenge, warn",
      "supported": true,
      "evidence": "TerminalGuardian/Rules/default-rules.json. block: TG-006, TG-007, TG-012, TG-013. challenge: TG-001, TG-002, TG-003, TG-005. warn: TG-004, TG-008, TG-009, TG-010, TG-011. allow: default fallthrough. Verified by full Pester suite (458 passed).",
      "homepage_safe_text": "Four deterministic outcomes: block (halts execution), challenge (requires confirmation), warn (alerts and logs), allow (proceeds normally)."
    },
    {
      "id": "audit-logging",
      "label": "Audit logging",
      "supported": true,
      "evidence": "TerminalGuardian/Private/Logger.ps1. Tab-separated log format: timestamp, eventType, severity, ruleId, forcedRuleId, description, userChoice, redactedCommandLine. Log file: guardian_YYYY-MM-DD.log. Blocked and forced events are unconditionally logged even when logLevel=off. Critical events (rules load failure) always logged.",
      "homepage_safe_text": "Every enforcement event is written to a local tab-separated log. Blocked and forced events are unconditionally logged regardless of log level setting."
    },
    {
      "id": "secret-redaction",
      "label": "Secret redaction in logs",
      "supported": true,
      "evidence": "TerminalGuardian/Private/Redaction.ps1. Secrets matching known patterns (passwords, tokens, API keys) are replaced with [REDACTED] before any log write. Verified by deterministic test (TG-013 rule, TG_REDACTION_TEST_SECRET pattern).",
      "homepage_safe_text": "Passwords, API keys, and tokens are replaced with [REDACTED] before any audit log write."
    },
    {
      "id": "local-first-enforcement",
      "label": "Local-first enforcement path",
      "supported": true,
      "evidence": "TerminalGuardian/Private/RuleEngine.ps1 — command evaluation, JSON rule matching, and enforcement are fully local. No command content is sent to a remote server during normal enforcement. The optional tg selftest integrity check is the only network call and is user-initiated.",
      "homepage_safe_text": "Core command evaluation, policy matching, and enforcement run entirely on the local machine. No command content is sent anywhere during normal operation."
    },
    {
      "id": "forced-bypass-audit-logging",
      "label": "Forced bypass audit logging",
      "supported": true,
      "evidence": "TerminalGuardian/Private/Logger.ps1 line 33: forced events are treated as always-logged (same as blocked events). EventType=forced is written with HIGH severity regardless of logLevel setting. The --TG-Force flag is the bypass mechanism.",
      "homepage_safe_text": "--TG-Force can override a block or challenge, but is itself logged as a forced event at HIGH severity — unconditionally, even when logLevel is off."
    },
    {
      "id": "fail-closed-rule-load",
      "label": "Fail-closed rule load protection",
      "supported": true,
      "evidence": "TerminalGuardian/Private/RuleEngine.ps1 lines 43-116 (Get-TerminalGuardianRules) and lines 165-177 (Get-TerminalGuardianAction). Triggers: default rules file missing, unreadable, or malformed JSON; user rules file exists but unreadable or malformed. Policy: onRuleLoadError=block-all (default) → all commands return action=block with RuleId=FAIL-CLOSED. Audit: EventType=critical written unconditionally. Verified: test-failclosed.ps1 — 15 assertions, 0 failed.",
      "homepage_safe_text": "If rule files are missing, unreadable, or malformed, all commands are blocked — not silently allowed. A CRITICAL audit event is written unconditionally."
    },
    {
      "id": "sha256-integrity-manifest",
      "label": "SHA-256 checksum and integrity manifest",
      "supported": true,
      "evidence": "docs/CHECKSUMS.txt — SHA-256 hash published for every release ZIP including v2.3.3: 14b4d6da1d8a888500463c66b592f63c9b95ea1c22620229f372a9411905205e. TerminalGuardian/Private/Get-TGRemoteIntegrityManifest.ps1 — tg selftest computes local SHA-256 hashes of module files and compares against remote integrity manifest. docs/RELEASE_MANIFEST.json — build metadata for v2.3.3.",
      "homepage_safe_text": "Every release ZIP has a published SHA-256 checksum. tg selftest computes local file hashes and compares them against the remote integrity manifest."
    },
    {
      "id": "semantic-pipeline-error-fail-closed",
      "label": "Semantic pipeline error fail-closed",
      "supported": true,
      "evidence": "TerminalGuardian/Private/RuleEngine.ps1 lines 200-221. The semantic pipeline (AST-based analysis) is wrapped in try/catch. On any unhandled exception, the catch block returns Action=block, RuleId=sem-pipeline-error, TgCode=TG-SEM-ERR. Pipeline errors default to the safe outcome, not allow.",
      "homepage_safe_text": "If the AST semantic analysis pipeline throws an unexpected error, the policy decision is block — not allow. All pipeline failures default to the safe outcome."
    },
    {
      "id": "clean-automated-test-evidence",
      "label": "Clean automated test evidence",
      "supported": true,
      "evidence": "Full Pester suite (tests/ directory, Pester v3.4.0): 458 passed, 0 failed. Fail-closed dedicated tests (TerminalGuardian/test-failclosed.ps1): 15 passed, 0 failed. Results are deterministic and reproducible from the installed module.",
      "homepage_safe_text": "Full Pester test suite: 458 passed, 0 failed. Fail-closed assertions: 15 passed, 0 failed. Results are deterministic and reproducible."
    }
  ],
  "do_not_use_claims": [
    {
      "id": "code-signing",
      "label": "Code signing / Authenticode signing",
      "reason": "Not implemented. Module is not Authenticode-signed. Release ZIPs are not signed artifacts.",
      "safe_alternative": "SHA-256 release checksum verified via docs/CHECKSUMS.txt"
    },
    {
      "id": "signed-release-artifact",
      "label": "Signed release artifact",
      "reason": "Not implemented. The release ZIP ships with a SHA-256 checksum only, not a digital signature.",
      "safe_alternative": "SHA-256 release checksum — 14b4d6da1d8a888500463c66b592f63c9b95ea1c22620229f372a9411905205e for v2.3.3"
    },
    {
      "id": "tamper-evident-log-chaining",
      "label": "Tamper-evident log chaining",
      "reason": "Not implemented. Logs are plain text files with no cryptographic chaining between entries.",
      "safe_alternative": "Local audit log with unconditional write for blocked and forced events"
    },
    {
      "id": "central-policy-enforcement",
      "label": "Central / remote policy enforcement",
      "reason": "Not implemented. Rules are loaded locally only. There is no remote rules server or central policy push.",
      "safe_alternative": "Local-first enforcement — JSON rules evaluated entirely on the local machine"
    },
    {
      "id": "microsoft-certified",
      "label": "Microsoft certified",
      "reason": "Not certified. Terminal Guardian is not a Microsoft product and has not been submitted to any Microsoft certification program.",
      "safe_alternative": null
    },
    {
      "id": "compliance-approved",
      "label": "Compliance approved / certified compliant",
      "reason": "Not certified. Terminal Guardian has not been submitted to or approved by any compliance body.",
      "safe_alternative": null
    },
    {
      "id": "cloud-behavioral-telemetry",
      "label": "Cloud behavioral telemetry (commands sent to cloud)",
      "reason": "Not implemented. No command content is sent to any remote service during normal operation.",
      "safe_alternative": "Local-only enforcement — no command data leaves the machine during normal operation"
    }
  ]
}