> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackshift.cloud/llms.txt
> Use this file to discover all available pages before exploring further.

# Terminal policy and file transfer

> The policy controls owners/admins use to govern terminal behavior, plus browsing and transferring files within a session.

<Tip>
  **Live.** This area is documented as current, user-reliable behavior.
</Tip>

## Goal

Configure terminal governance for a project and move files in and out of a session safely.

## Prerequisites

* terminal.manage\_policy to edit policy; terminal.file\_read / terminal.file\_write for files

## Workflow

<Steps>
  <Step>
    Open the Policy view (requires terminal.manage\_policy) to set limits and toggles.
  </Step>

  <Step>
    Tune session limits, recording requirements, approval gating, and feature toggles.
  </Step>

  <Step>
    Use the file panel to browse roots, download files, and upload or mutate files in a session.
  </Step>
</Steps>

## What the policy controls

* Enabled and emergency lock: master switches that gate all sessions.
* Max concurrent sessions, ticket TTL, idle timeout, max duration, and reconnect grace.
* Production and non-production recording retention days, and non-production recording requirement.
* Production approval requirement, writable-volumes toggle, and max file bytes.
* One-off commands enabled plus an optional command allowlist.
* Runbooks enabled plus an optional allowlist of runbook IDs.

## File transfer

Within a session you can list file roots, browse directories, download files, and upload or mutate files — gated by terminal.file\_read and terminal.file\_write and capped by the policy max file size. In production, file-write actions follow the same reason/approval expectations as other production actions.

## Expected result

<Check>
  The project has a terminal policy that matches your risk posture, and file transfer stays within those bounds.
</Check>

## Related guides

<CardGroup cols={2}>
  <Card title="Production safeguards and approvals" href="/terminal/production-safeguards">
    How a target’s environment is classified, why production access is gated, and the reason/approval flow members must follow.
  </Card>

  <Card title="Session recordings and history" href="/terminal/recordings-and-history">
    Review, play back, and download terminal session recordings, and audit session history — including how retention and purging work.
  </Card>

  <Card title="Access and permissions" href="/terminal/access-and-permissions">
    How terminal permissions are derived from team role, project ownership, per-user grants, and platform admin, and what each permission unlocks.
  </Card>
</CardGroup>