Terminal Access
Terminal Access
Concierge can execute shell commands on your machine to diagnose issues, check service status, and inspect system state. Terminal access is off by default — you choose when to enable it and how much access to grant.
Enabling Terminal Access
- Open the Chat tab in the QUI Core dashboard
- Below the input field, expand Terminal Settings
- Toggle Enable Terminal Access on
- A safety warning appears — read it and accept to proceed
[Screenshot: Terminal Settings panel with the enable toggle]
Choosing a Preset
Presets control which commands Concierge can run. Select one from the dropdown:
| Preset | What It Allows | Best For |
|---|---|---|
| Read Only | Safe inspection commands — ls, cat, grep, curl, ps, df, ping, etc. (69 commands) |
Checking system state without any risk of modification |
| Read & Write | File operations — mkdir, cp, mv, rm, chmod, tar, etc. (35 commands) |
Managing files through Concierge |
| Developer | Development tools — git, npm, python, docker, make, etc. (61 commands) |
DevOps and development diagnostics |
| System Admin | System administration — systemctl, journalctl, useradd, sudo, etc. (46 commands) |
Full system management |
| Manual | No preset — you define your own whitelist entirely | Custom access control |
Start with Read Only if you're unsure. You can always switch later.
Manual Approval Mode
Toggle Require Manual Approval to review every command before it runs:
- Off — whitelisted commands execute automatically when Concierge proposes them
- On — every command shows an Execute button. You review the command and click to approve.
Manual approval is recommended when you're first exploring terminal access, or when using higher-privilege presets.
How Commands Work in Chat
When terminal is enabled, Concierge can propose commands in its responses. They appear as command blocks with an Execute button:
$ docker ps -a --filter "name=qui-"
If manual approval is on: Click Execute to run the command. The output appears below.
If manual approval is off: Whitelisted commands run automatically. Concierge receives the output and analyzes it in its next response.
After execution, Concierge automatically receives the command output and explains what it means. It can then propose follow-up commands to investigate further — up to 3 commands before pausing for your confirmation.
Custom Whitelist and Blacklist
Below the preset dropdown, you can fine-tune access:
Whitelist (Manual Approve List)
Commands added here are always allowed, regardless of the active preset. Use this to add specific commands your preset doesn't include.
Blacklist (Manual Block List)
Commands added here are always blocked, regardless of the active preset. Use this to remove specific commands you don't want Concierge to run.
Command Discovery
Click Discover System Commands to see all commands available on your system. From the discovery panel, you can add commands directly to your whitelist or blacklist.
Custom Presets
You can save your current whitelist configuration as a custom preset for reuse:
- Configure your whitelist and blacklist
- Check Save this as a custom preset
- Enter a name
- Click Save Preset
Custom presets appear in the preset dropdown alongside the system presets.
What's Always Blocked
Regardless of your preset, whitelist, or manual approval, certain dangerous operations are always blocked:
- Recursive root deletion (
rm -rf /) - Writing to disk devices
- Filesystem formatting
- Fork bombs
- Piping untrusted URLs to shell (
curl | bash) - Recursive world-writable permissions (
chmod -R 777)
These protections cannot be overridden. If you need to run a dangerous command, do it directly in your terminal — not through Concierge.
The Execute Button
When Concierge proposes a command and you click Execute, the command bypasses the preset/whitelist check (since you're explicitly approving it). However, the Terminal Service's built-in safety layer still blocks inherently destructive operations.
A command that has been executed shows a greyed-out "Executed" label instead of the Execute button, preventing accidental re-execution.
Audit Trail
Every command attempt is logged — allowed, blocked, executed, or failed. The audit trail includes the command, the result, and who ran it. Logs are retained for 90 days.
