Trust Center

Security that matches the power of a system operator.

TerminaI is designed for governed autonomy. Every risky action pauses for approval, every command is logged, and you decide what happens next.

Safety Ladder

Governed Autonomy

Every action follows an approval ladder with human-in-the-loop control.

Audit-Ready Trails

Every approval and command is recorded for review and compliance.

Privacy by default

Local-first execution keeps data within your trust boundary. Zero telemetry.

Bring Your Own Model

Route prompts to your own providers, keys, or on-prem models.

Approval Ladder

Three tiers of governed action

Level A

Safe & Reversible

List files, check status, summarize logs

Level B

Sensitive Changes

Install packages, modify configs, restart services

Level C

Destructive or High Risk

Delete data, change firewall rules, rotate credentials

Data boundaries and transparency

Zero telemetry.

Local sessions stay on-device unless you explicitly enable remote access.

Remote viewing uses a separate relay with end-to-end encryption.

Every action can be traced back to the approval decision.

Security posture

Bring your own keys

Model keys stay with you and can be rotated without server dependency.

Audit-ready logs

Approvals and commands are captured for review and export.

Retention control

You decide how long logs persist and when they are purged.

Approval ladder

Remote Review Threat Model

Remote viewing is disabled by default. When enabled (via --web-remote), it creates a self-hosted relay point.

End-to-End Encryption

Session data is encrypted before leaving your machine.

Ephemeral Pairings

Remote keys are transient and valid only for the active session.

Bound by the Ladder

Even when viewing remotely, all mutations (Level B and C actions) still require explicit approval on the local terminal where the operator is running. Remote view is primarily for observation and emergency stop.