Capability Map¶
| Capability ID | Label | Description | Commands | Platforms | Risk levels present | Maturity levels present | Network | Notes |
|---|---|---|---|---|---|---|---|---|
| archive_inspection | Archive operations | Inspect archives, extract them only to explicit destinations, and create tar.gz/zip archives only from explicit source paths. | tar, unzip, zip |
all | safe, write | structured | no | Extraction without -d, overwrite flags, password handling, and arbitrary unzip options are not supported. Only tar -czf Only zip -r Supports guarded zip archive creation from explicit source paths. Supports read-only tar archive listing, guarded extraction with an explicit destination, and guarded tar.gz creation from explicit source paths. Supports read-only zip archive listing and guarded extraction with an explicit destination. Tar archive creation is write-risk and may overwrite an existing archive path depending on the underlying tar implementation. Tar extraction is write-risk and can write or overwrite files in the destination. Zip archive creation is write-risk and may overwrite or update an existing archive path depending on the underlying zip implementation. Zip extraction is write-risk and can write or overwrite files in the destination. |
| destructive_operations | Destructive operations | High-risk operations that can remove data or escalate privileges. | rm, sudo |
all | dangerous | blocked, experimental_only | no | — |
| filesystem_inspection | Filesystem inspection | Inspect local files, folders, and metadata safely. | cd, du, file, find, ls, pwd, stat |
all | safe | direct_only, structured | no | Changes the oterminus working directory for the current REPL session. |
| filesystem_mutation | Filesystem mutation | Create, copy, move, or modify files and directory state. | chmod, chown, cp, mkdir, mv, touch |
all | dangerous, write | experimental_only, structured | no | — |
| git_inspection | Git inspection | Read-only inspection of local Git repository state. | git |
all | safe | structured | no | Only read-only Git inspection operations are supported in curated mode. |
| macos_desktop | macOS desktop integration | Open local paths in Finder or default macOS apps. | open |
darwin | safe | structured | no | Opens a local file or folder via macOS LaunchServices. |
| network_diagnostics | Network diagnostics | Run constrained read-only diagnostics that contact external hosts. | curl, dig, nslookup, ping |
all | safe | structured | yes | Only ping with a fixed count, HTTP HEAD requests, dig lookups, and nslookup lookups are supported. POST/PUT/PATCH/DELETE, request bodies, arbitrary or secret-bearing headers, authorization, cookies, downloads, redirects that write files, scanning, traceroute, SSH/SCP, netcat, nmap, wget, sudo network commands, and arbitrary network shell commands are not supported. This command contacts external hosts and may reveal your IP address, DNS query, target host, or network metadata. |
| process_inspection | Process inspection | Inspect running processes and open files. | lsof, pgrep, ps |
all | safe | structured | no | Lists open files and sockets; output can expose sensitive process or path information. |
| system_inspection | System inspection | Inspect local environment, identity, and system properties. | clear, df, env, uname, which, whoami |
all | safe | structured | no | Clears the current terminal screen for a clean session view. Printing the full environment may include sensitive values; curated mode only allows single-variable lookups. |
| text_inspection | Text inspection | Inspect, filter, and transform file text content. | cat, grep, head, sort, tail, uniq, wc |
all | safe | structured | no | — |