AI coding agents in VS Code can run terminal commands, and that should make you uncomfortable. A new approach uses a PowerShell guard script to restrict agents to a whitelist of approved commands, intercepting every keystroke before it hits the shell.
The technique works by loading a custom VS Code terminal profile that hooks into PowerShell's PSReadLine key handler. When anything presses Enter, the guard captures the buffer, splits chained commands on semicolons, and checks each one against a set of regex patterns. Match the whitelist? The command runs. Miss it? The input gets silently reverted. An agent trying to run rm -rf / or curl to an unknown endpoint just gets... nothing.
The regex patterns are specific enough to be useful. You can allow git status and git diff while blocking git push --force. You can permit scripts in a particular folder (./scripts/*.ps1) while blocking everything else. Each pipeline's first command word is what gets evaluated, so piping output around is fine as long as the initial command is approved.
The smartest part is the escape hatch. A Disable-TerminalGuard function exists for when you genuinely need to run something outside the whitelist, but it requires interactive human authentication. An automated agent can't call it programmatically. You, the human, can temporarily unlock the terminal, run what you need, and lock it back down.
This solves a real problem. Tools like Claude Code, GitHub Copilot's agent mode, and Cursor all request terminal access, and most developers just click "allow" without thinking twice. A whitelist approach puts a ceiling on what can go wrong, even if the agent hallucinates a dangerous command or gets manipulated through prompt injection.
The guard has been tested on both Windows and Ubuntu (using the PowerShell snap package). It's not a polished extension you install from the marketplace - it's a script you drop into your project and configure. But for teams running AI agents on production codebases, that fifteen minutes of setup buys meaningful peace of mind.