Why Termyte?

Coding agents can search, edit, test, publish, deploy, and operate developer tools at machine speed. That increases engineering velocity, but the agent usually inherits the same local permissions as the developer who launched it. A single mistaken command can:

expose a secret file;
delete source or repository metadata;
rewrite shared Git history;
publish a package;
change infrastructure;
remove database records.

Prompting is not enforcement

Instructions such as “do not read secrets” or “ask before publishing” are useful, but they depend on the agent remembering and following them. Termyte makes the local decision layer responsible instead. It uses explicit parsing, target analysis, risk rules, policy, and memory. No LLM is used in the critical decision path.

More autonomy with visible boundaries

Termyte is designed to help you let agents do more routine work while keeping high-impact actions reviewable:

test risky command text before execution;
define personal and repository rules;
record why an action was allowed, warned, asked about, or blocked;
remember exact commands you marked unsafe;
evaluate experimental governed execution locally.

Local by default

Termyte does not require an account or cloud service. Policy, check logs, memory, and runtime records remain on the local machine.

What Termyte is not

Termyte is not a sandbox, malware detector, or complete operating-system security boundary. It governs recognized actions that enter its check or experimental runtime surfaces. It does not make untrusted code safe.

​Why Termyte?

​Prompting is not enforcement

​More autonomy with visible boundaries

​Local by default

​What Termyte is not

Why Termyte?

Prompting is not enforcement

More autonomy with visible boundaries

Local by default

What Termyte is not