Different protection boundaries
A sandbox aims to isolate execution. Termyte does not provide that boundary. It evaluates recognized command text, applies deterministic local policy, records decisions, and remembers user-marked unsafe exact patterns.
That can reduce accidental damage from secret access, force pushes, package publishing, destructive SQL, and broad filesystem deletion.
Outside the boundary
- malicious root-level attackers
- arbitrary malware and kernel-level attacks
- every shell obfuscation
- commands and direct API calls that bypass Termyte
- full sandbox isolation
Termyte does not make agents safe. It gives developers a local, inspectable decision path for recognized command risks.