Where Termin is going
Termin at v0.8 is a declarative language for building secure web applications. That is the foundation, not the destination. This page describes the full thesis, what is true today, and what is on the path.
Layer 1: The language — true today
You describe applications in constrained English. The compiler produces a running web application with structural security properties. Entire classes of vulnerability — SQL injection, broken access control, unauthorized state transitions, confidential data leakage — are not achievable through Termin application code because the language has no construct for expressing them.
This is what the rest of the site documents. See what Termin is and what Termin guarantees. The theory page covers the language in depth.
Layer 2: The ecosystem — partial today, expanding
Termin is a language with an open specification and a public conformance suite, not a framework with one implementation. Any runtime that passes the conformance suite is a conforming Termin runtime. Applications are portable across conforming runtimes without code changes.
Runtimes. The reference runtime is written in Python. A second conforming runtime is already in development, validated against the same conformance suite. Future runtimes could target specialized environments: edge deployment, mobile, on-premises appliances, cloud-provider-specific integrations.
Providers. Four provider categories extend Termin's capabilities while maintaining structural guarantees at their boundary:
- Presentation providers let applications target different design systems. A Carbon provider renders enterprise aesthetics; a custom provider renders domain-specific UI. The same application code produces different UIs depending on the registered provider.
- Storage providers let applications target different databases. SQLite today, PostgreSQL on the roadmap, anything a provider author wants to add.
- Identity providers let applications plug into enterprise identity systems (SSO, SAML, OIDC — the standards corporate IT uses for single sign-on) or internal authentication systems without application code changes.
- Compute providers let applications extend the language's native operations with specialized logic — geospatial functions, financial calculations, ML inference, domain-specific primitives.
The Tier 2 provider review framework — the standard that gates which providers inherit structural guarantees — is on the roadmap.
Layer 3: The substrate for AI — designed in, arriving in stages
Termin is designed from the language up to be infrastructure for applications that AI agents help build and participate in.
Agents author applications. The language is small enough for an LLM to fully master. Termin applications are declarative, so an agent can reason about what an application does without simulating execution. The conformance suite verifies agent-authored applications are safe regardless of how the agent was prompted. Today this is demonstrable with any competent model; the authorship loop gets tighter as tools mature.
Agents participate in applications. Termin's agent primitive is a Compute node backed by an LLM, with declared scopes and complete audit logs. An application declares "this step consults an agent, which can read these fields and write these fields." The agent interacts through the same access-control and audit infrastructure as human users. An agent that tries to access data outside its declared scope is rejected by the runtime, not by prompt engineering. Agent participation primitives work in v0.8.
Agents compose across applications. Channels are typed interfaces for data crossing a Boundary. When multiple Termin applications expose Channels, an agent can discover them, reason about the types, and compose workflows that span applications — with identity preserved, audit logs intact, and permissions enforced at every hop. Channel composition for cross-application agent workflows is on the v1.x roadmap.
Why this matters
The conventional software stack was designed when humans wrote all the code and reviewed all the changes. Security properties were earned through code review. The stack is not ready for a world where AI agents write production code, participate in workflows, and act on behalf of humans at scale. Structural security, declared scopes, typed channels, and complete audit logs are not nice-to-haves in that world. They are prerequisites.
Termin is the infrastructure for that world, designed from the language up. Current-stage Termin is useful for internal-tool developers who want structural security today. Future-stage Termin is useful for anyone building software where AI agents will be real participants.
What is committed vs. what is exploratory
Layer 1 is shipping today. Layer 2 is partial — multiple runtimes exist, the provider interfaces exist, the review framework is on the roadmap. Layer 3 has working primitives (agent Compute nodes, typed Channels, declared scopes, audit logs) and an architectural direction; the cross-application agent workflows require more work.
The roadmap tracks what is committed versus what is trigger-gated. This page describes where the project is heading. The guarantees page describes what is true today.