Reduce accidental damage. Do not pretend it is a sandbox.
Termyte is strongest when command text is explicitly evaluated through the stable check path or an experimental governed runtime surface.
Designed to reduce
- Accidental dangerous shell commands and destructive file operations.
- Secret and config access, Git history rewrites, package publishing mistakes, and destructive database commands.
- Repeated unsafe exact-command patterns through local user memory.
Outside the boundary
- Commands and direct API calls that bypass Termyte.
- Malicious root-level attackers, arbitrary malware, and kernel-level attacks.
- All shell obfuscation, full sandbox isolation, and guaranteed subprocess interception.
Runtime boundary
The agent runner prepares policy, JSONL logs, memory, and session context, then starts a supported agent in runtime mode: limited. Interception remains shell- and platform-dependent.