Skip to main content
Live. This area is documented as current, user-reliable behavior.

Goal

Configure terminal governance for a project and move files in and out of a session safely.

Prerequisites

  • terminal.manage_policy to edit policy; terminal.file_read / terminal.file_write for files

Workflow

1
Open the Policy view (requires terminal.manage_policy) to set limits and toggles.
2
Tune session limits, recording requirements, approval gating, and feature toggles.
3
Use the file panel to browse roots, download files, and upload or mutate files in a session.

What the policy controls

  • Enabled and emergency lock: master switches that gate all sessions.
  • Max concurrent sessions, ticket TTL, idle timeout, max duration, and reconnect grace.
  • Production and non-production recording retention days, and non-production recording requirement.
  • Production approval requirement, writable-volumes toggle, and max file bytes.
  • One-off commands enabled plus an optional command allowlist.
  • Runbooks enabled plus an optional allowlist of runbook IDs.

File transfer

Within a session you can list file roots, browse directories, download files, and upload or mutate files — gated by terminal.file_read and terminal.file_write and capped by the policy max file size. In production, file-write actions follow the same reason/approval expectations as other production actions.

Expected result

The project has a terminal policy that matches your risk posture, and file transfer stays within those bounds.

Production safeguards and approvals

How a target’s environment is classified, why production access is gated, and the reason/approval flow members must follow.

Session recordings and history

Review, play back, and download terminal session recordings, and audit session history — including how retention and purging work.

Access and permissions

How terminal permissions are derived from team role, project ownership, per-user grants, and platform admin, and what each permission unlocks.