Policy reference

YAML policy locations

Layer	Location
Built-in	included with Termyte
Global	`~/.termyte/policy.yaml` or `$TERMYTE_HOME/policy.yaml`
Repository	`<repo>/termyte.policy.yaml`

YAML document schema

version: 1
presets:
  - "safe-default"
rules:
  - name: "review-example"
    description: "Optional description"
    action: ask
    match:
      semantic_ids:
        - "package.*.publish"
      commands:
        - "npm publish"
      paths:
        - "src/auth/**"

Allowed top-level fields:

version
presets
rules

Allowed rule fields:

name
description
action
match

Allowed matcher groups:

semantic_ids
commands
paths

If one rule contains multiple matcher groups, every group must match.

Actions

Action	Meaning
`allow`	No policy review required
`warn`	Flag the action as risky
`ask`	Require explicit review in a supporting workflow
`block`	Do not permit the recognized action

Conflict order:

block > ask > warn > allow

Built-in presets

Preset	Purpose
`safe-default`	Blocks recognized secret access, broad destructive deletes, protected force pushes, and destructive SQL; warns on publishing, remote scripts, deploys, and elevation
`strict-filesystem`	Blocks recursive forced and wildcard deletes
`git-safe`	Blocks force push and warns on destructive Git history
`secrets-guard`	Blocks recognized secret reads
`deploy-guard`	Warns on deployment mutations
`package-manager-safe`	Warns on package publishing
`ci-safe`	Warns when resolved paths touch CI configuration
`dangerous-tools`	Blocks or warns on destructive Docker, elevation, and remote scripts

List the presets included with your installed version:

termyte policy presets

Matcher behavior

Semantic IDs

Case-insensitive wildcard matching:

semantic_ids:
  - "git.reset.*"
  - "package.*.publish"

Commands

Commands are whitespace normalized and can use * wildcards:

commands:
  - "npm publish"
  - "git push --force*"

Paths

Paths are normalized across slash styles and can use wildcard patterns:

paths:
  - "src/auth/**"
  - ".github/workflows/**"

Path rules only match targets that Termyte resolves for the checked action.

Runtime policy

The experimental runtime stores a separate repository-local semantic policy in SQLite. It supports block and warn pattern lists only.

{
  "block": ["filesystem.delete.wildcard"],
  "warn": ["package.*.publish"]
}

Patterns may use letters, numbers, ., -, _, and *. A bare * is rejected as too broad. Use:

termyte policies status
termyte policies export
termyte policies validate <path>

​Policy reference

​YAML policy locations

​YAML document schema

​Actions

​Built-in presets

​Matcher behavior

​Semantic IDs

​Commands

​Paths

​Runtime policy