Security model

RalphTerm automates terminals. The default posture is conservative.

Hard rules

• Do not store provider credentials.
• Do not emulate private APIs.
• Do not alter account identity.
• Do not auto-approve interactive prompts unless the operator configured that policy.
• Do not expose the API on a public interface without auth.

Local-first default

The daemon binds to 127.0.0.1. If a deployment binds elsewhere, it must add authentication and network controls.

Credential boundary

Claude Code, Codex, and future CLIs own auth. RalphTerm should only see terminal bytes.

Audit trail

Every meaningful run should preserve transcripts, event logs, approval decisions, final status, and artifacts.