Safety
OpenSyntax is designed to be useful without being reckless. It routes file, folder, git, and terminal operations through typed tools with permission checks.
Workspace Boundaries
File tools normalize paths, block traversal, stay inside the workspace, respect ignore rules, and refuse protected targets such as .git, the workspace root, home folders, and OS folders.
Terminal Command Safety
Terminal commands are classified as read, safe, workspace-write, network, install, git-write, system-write, destructive, or dangerous. Output streams live and secrets are masked.
Permission Modes
| Mode | Behavior |
|---|---|
read-only | Read/list/search, git diff/status, and version checks. |
workspace-safe | Tests, builds, lint, typecheck, and read-only package-manager operations. |
workspace-write | Workspace-generating commands and dependency installs with approval. |
shell-safe | Normal developer shell commands with prompts for installs, network, and risky commands. |
full-os | OS-level commands require explicit approval per command. |
danger | Destructive commands require typed confirmation. |
Dangerous Commands
Commands such as rm -rf, Remove-Item -Recurse -Force, git reset --hard, git clean -fd, format, diskpart, mkfs, chmod -R 777, and docker system prune require typed confirmation like run rm -rf dist.
Full OS Access
Commands such as apt install, winget install, choco install, brew install, systemctl, netsh, and setx require explicit full OS approval for that command only.
Downloaded Scripts
Patterns such as curl ... | sh, wget ... | bash, and Invoke-WebRequest ... | iex are treated as dangerous and never run silently.