Termin

Termin is an open-source application platform that compiles constrained English specifications into running software whose security properties are enforced by the structure of the language itself.

AI can generate application code faster than any human can audit it. In large organizations, every new application goes through security, accessibility, architecture, and design review before it can ship. Review is human, review is slow, and it is now the bottleneck on enterprise software delivery. Termin shrinks the audit surface: security, access control, and structural correctness are properties of the runtime, not properties of each application. A Termin application is pre-audited by construction — the review queue shrinks to the part of each application that is actually unique, its business logic. The full thesis is on /why-termin/.

Termin is three things at once.

A language for describing applications. You write what the application does — its content, its roles, its workflows, its pages — and the compiler produces a running web application with structural security properties.

An ecosystem of conforming implementations. The specification is open, the conformance suite is public, and applications run on any conforming runtime. Presentation, storage, identity, and compute providers let the same application target different operational environments without code changes.

A substrate designed for AI agents. The language is small enough to fit entirely in an LLM's context window. Agents can author Termin applications that are safe by construction, not by review. Agents can also participate in applications as typed primitives with declared scopes, typed channels, and complete audit logs — the Termin runtime enforces what an agent can see and do, regardless of how it was prompted. This is a structural boundary between the deterministic zone and the nondeterministic zone (AI), not a convention.

The sections below start with the first layer. Why Termin states the founding insight in one page. The vision page covers what is true today and what is on the path. The roadmap shows the development timeline.

A .termin file describes content, roles, scopes, state machines, and operations. The compiler produces a .termin.pkg archive (a package containing the compiled specification). A conforming runtime serves it over HTTP. SQL injection, command injection, and broken access control are not achievable through Termin application code, because the language provides no construct for expressing them.

Every structural claim is backed by a test in the conformance suite. The structural claims themselves are backed by five independently verifiable layers of defense-in-depth — see how to verify.

# What a .termin file looks like

Content called "products":
  Each product has a SKU which is unique text, required
  Each product has a name which is text, required
  Each product has a category which is one of: "raw material", "finished good", "packaging"
  Anyone with "inventory.read" can view products
  Anyone with "inventory.write" can update products
  Anyone with "inventory.admin" can create or delete products

State for products called "lifecycle":
  A product starts as "draft"
  A product can also be "active" or "discontinued"
  A draft product can become active if the user has "inventory.write"
  An active product can become discontinued if the user has "inventory.admin"

The full warehouse example is roughly 120 lines and implements content management, access control, state machines, event-driven computations, and a role-appropriate presentation layer.

# What you get when you run it

When the compiler processes a .termin file, it produces a .termin.pkg archive. A conforming runtime reads that archive and serves a complete web application:

• A web UI rendered server-side, with pages, forms, tables, and role-appropriate content. The presentation layer is declarative and covers the interactions common to internal tools and back-office workflows — list and detail views, create and edit forms, filtering, searching, pagination, and action buttons gated by permission. Rich client-side interactivity beyond this surface is not part of Termin's scope.
• A REST API for every content type declared in the source. Create, read, update, and delete records — all parameterized, all scope-checked, all audit-logged. The API is generated from the specification, not hand-written.
• A WebSocket endpoint for real-time subscriptions. When a record changes, every client subscribed to that content type receives the update. Live dashboards, collaborative editing, and real-time alerts are declarative features, not bolt-ons.
• A database managed by the runtime. The reference runtime uses SQLite; alternative runtimes can use PostgreSQL, MySQL, or other storage backends through the storage provider interface.
• Access control enforced on every call. Declared scopes are checked on every record operation, every state transition, every Compute invocation, every Channel send, and every page render. There is no code path that bypasses the access-control layer.
• A complete audit log. Every modification is recorded with the caller's identity, the operation, the affected record, and a timestamp.

This is what you get from the 120-line warehouse example: a working inventory application with role-based access, state transitions, filterable tables, real-time updates, and a complete audit trail. No separate framework to learn. No plumbing to write. No access-control layer to audit.

# Where to go next

• Why Termin — the founding insight in one page: why audit is the bottleneck, why AI-integrated software needs a structural zone boundary, why this is a conceptual reframe rather than a tactical framework improvement.
• What Termin is — the mechanism: compiler, runtime, DSL primitives, fit diagnostic, comparisons to Rails, Django, Hasura, Supabase, and Retool.
• The vision — the full three-layer future: language, ecosystem, AI substrate.
• Try it — install the reference runtime, compile the warehouse example, run it locally.
• See the guarantees — the three-tier model, with a link to the conformance test backing each structural claim.

# About the project

Termin is authored by Jamie-Leigh Blake and released under Apache 2.0. There is no paid tier, no hosted offering, no enterprise edition, and no commercial services contract. The project has no monetization plan. Source is on GitHub. The conformance suite and IR (intermediate representation) schema are in a separate repository.

Termin is pre-v1.0. The IR format is versioned and breaking changes between minor versions are still permitted. See the roadmap for the path to v1.0.