Safety and Security
AITerm's safety model is layered. A command is assessed for risk, your active Safety Profile can tighten the result, per-host floors and policy packs can tighten it further, and only then can a command run. Every command — typed, AI- authored, from a runbook, or from an agent — passes this one gate.
Risk badges
Each command is tiered and shown with a badge:
- Safe (green) — looks safe to run.
- Caution (orange) — worth a glance; runs without interruption on most profiles.
- Destructive (red) — deletes or overwrites data.
- Dangerous (red) — the most severe tier: irreversible and system-wide.
Click a badge to open the risk popover. It lists the findings (why this tier), can offer a safer alternative ("Use this instead"), an Explain in detail option, and for risky commands a dry-run preview.
Safety Profiles
Change the active profile from the AI ▸ Safety Profile menu; the current one has a checkmark. Profiles only ever escalate strictness — they never loosen the gate.
The profile order below is generated from SafetyProfile.allCases.
- Personal (
personal, rank 0): Default profile. It does not add extra confirmation beyond the base gate, and Personal never hard-blocks. - Work (
work, rank 1): Adds a confirmation floor for destructive commands. - Production (
production, rank 2): Confirms caution and destructive commands, and blocks Dangerous-tier commands. - Locked Down (
lockedDown, rank 3): Confirms caution commands and blocks destructive or Dangerous-tier commands.
What the tiers do under each profile
- Safe runs without interruption.
- Caution runs without interruption, except Production and Locked Down ask you to confirm.
- Destructive shows a red badge; Work and Production ask you to confirm, Locked Down blocks it.
- Dangerous requires confirmation on Personal, and stricter profiles block it.
Personal is intentionally solo-developer friendly: a would-be hard block becomes a confirmation instead. Work, Production, and Locked Down can hard-block.
Dry-run preview
Two things carry the "dry run" name:
- Start in Dry Run Mode (Settings ▸ Security) evaluates and previews every command but executes nothing until you turn it off.
- Dry-run preview in the risk popover previews one specific command on demand. Click Preview what this will do to either see a read-only list of the files a delete/move/chmod would touch ("computed without running anything"), or, for tools like rsync, get a native dry-run form you can Load dry-run into the input bar and run through the normal gate.
Rollback and "back up, then run"
When a destructive command reaches the confirmation alert and a backup makes sense, the alert offers up to four choices:
- Run anyway — run the original now, no backup.
- Back up, then run — run a backup first; the original runs only if the backup succeeds (exits 0). The backup is a separate command that passes the same security gate on its own — it is never glued onto your command as a string.
- Use safer alternative — swap in a suggested safer command.
- Cancel — do nothing.
If the backup fails, the original is not run and you're told so.
Policy packs
Policy packs are importable bundles of tightenings — a Safety Profile floor, extra per-host rules, custom ask/deny patterns, and optional force-enforcement. A pack can only ever tighten your gate; it has no "allow" action.
- Import a pack… and enforce it — Free.
- Authoring, adding rules, and Export this pack to share — Pro.
- Deleting a pack, or any single rule, is always allowed (removing a tightening is never gated).
See Settings Reference for the editor fields.
Audit log
Open AI ▸ Security Log… to see every gate decision — the command, its risk tier, the decision (allow / confirm / block), the exit code, whether it was AI- authored, and the time. The header notes: "Every command passed one gate before running — typed or AI-authored."
- Reveal audit file (Free) shows the durable log on disk.
- Export signed transcript… (Pro) exports a tamper-evident record whose hash chain and signature detect any edit, reorder, or post-export change.
- Clear log clears the in-memory view.
Related pages: The AI Command Loop, Remote Commands, Settings Reference, Free vs. Pro.