Skip to main content

How governance works

Termyte uses deterministic local analysis. It does not ask an agent or LLM whether a command is safe.

Shared decision flow

Two operating paths

Dependable check path

termyte check:
  1. understands the command;
  2. resolves visible targets;
  3. calculates risk;
  4. loads built-in, global, and repository YAML policy;
  5. applies exact user memory;
  6. writes a redacted JSONL event;
  7. returns a decision without execution.
Use this path to understand and test governance behavior.

Experimental execution path

termyte run -- <command> and termyte shell use repository-local SQLite runtime policy, ledger, and semantic memory. They can execute approved commands and record outcomes. The governed shell uses command shims and supported shell hooks to request a decision before execution. Intercepted commands fail closed if the local guard is unavailable.

How blocking works

A recognized action can be blocked by built-in risk or policy. Policy decisions are combined using: 
block > ask > warn > allow
Stronger decisions cannot be weakened by a lower-priority layer or memory. Examples of built-in high-impact behavior:
  • secret access is blocked by the default YAML preset;
  • broad wildcard deletes are blocked;
  • force push to main, master, or trunk is blocked;
  • DROP TABLE, TRUNCATE TABLE, and unscoped SQL delete are blocked;
  • package publishing and destructive Git history operations warn.

How agents are governed today

termyte run <agent> prepares repository policy, logs, memory, and session context, then launches the supported agent in limited mode. It does not currently guarantee that all agent subprocesses pass through the experimental governed shell. Use termyte check to validate policy and termyte shell when deliberately testing interception.

Coverage boundary

Unknown command forms fall back to a generic shell action and may be allowed. Commands that bypass Termyte, use unsupported execution paths, or avoid the governed shell are not controlled by Termyte.