A multi-session desktop terminal with a Rust core that classifies the risk of every command — and refuses git push origin main before the interface gets a say.
macOS · Windows · Linux — no binary published yet.
TerminalWorkspace
01.31.00
tyba on ⎇ main via 🦀 v1.31.0
→ cargo test approvals
test core_recusa_push_para_main_master ok
→ git push origin main
✗ refused by the core — main is protected
→
Available on
macOS
Windows
Linux
Keep scrolling
The why
TYBA is not a terminal. It is not an IDE. It is the habitat where developers and technologies converge to create.
Software development has evolved. Our tools have multiplied — each one solves a problem. But none of them were designed to live together. Tyba was.
Not by replacing the tools you already trust, but by giving them a place to truly work together. A habitat for modern development.
The name
Tyba comes from the Tupi language.
A place where things gather in abundance. Where different lives coexist.
A village.
A Brazilian name for a universal idea.
Modern software development looks the same.
ShellGitAIContainersCloudWorkspaces
Each one is powerful. Together they become something greater.
Tyba is where they meet.
Concept
Four rivers, one meeting point
The mark is not decoration: it is the shape of the product.
Independent systems
Shell, git, containers, agents. Each with its own window, state and context.
Convergence
The currents bend toward one another. Context becomes shared.
One living environment
A habitat. What is alive emits light; what is destructive goes through you.
The habitat
One window. Seven surfaces.
Each surface is a tool you already use, in the same workspace and on the same context. What already runs is marked as such — the rest is under construction, and says so.
Sessionstoday
Rust PTY, xterm.js with WebGL. Multiple sessions, splits and re-attach. This is the floor of the habitat.
Gittoday
The current branch always in sight. Pushing to main is refused in the core, not in the interface.
Agentsunder construction
Claude Code and Codex as first-class sessions, output streaming, risk classified at every step.
Dockerunder construction
The project containers next to the sessions. Bring them up, tear them down, read logs without leaving the window.
MCPunder construction
The servers wired into the habitat. What an agent may touch is declared, not discovered.
Filesunder construction
The project tree and the diff of the agent worktree, inside the app, before any merge.
Settingstoday
17 themes, each with a light pair. Shortcuts visible in the UI itself. Import via JSON.
Diff · what the agent changed
src/pty/pool.rs31012000..HEAD+2−1
41
fn kill(&self, id: SessionId) {
42
- child.kill()?;
42
+ // kill the whole process group, not just the parent
43
+ killpg(child.pgid(), SIGTERM)?;
44
}
Session metadata
⎇ Branch
feat/terminal-selection-clipboard
◈ Environment
Active · Node 20 · Docker
✦ Agent
✹ Claude · active
What exists today
A terminal first
Nothing here is a promise. This is what ships in the app today.
Terminal sessions
Rust PTY, xterm.js with WebGL, 16ms batching. Multiple sessions, splits and re-attach.
Refused in the core
Pushing to main or master is blocked in Rust — direct name, refspec and force-push. With tests.
Risk classification
Every command arrives green, yellow or red before it ever reaches the approvals inbox.
A real kill
Ending a session kills the whole process group, not just the parent. No orphans left behind.
Command palette
Actions on ⌘P, sessions on ⌘⇧P. Every recurring action has a shortcut, and the shortcut shows in the UI.
17 themes
Solarized, Dracula, Gruvbox, GitHub and the Monokai family — each with a light pair. Import via JSON.
Security
Three sources of commands. One of them you do not control.
A terminal that accepts commands from an agent inherits the attack surface of whatever that agent reads.
1You
Trusted
You typed it, you read it, you know what you want.
2An agent
Gets it wrong
Good faith, incomplete context. Sooner or later it will propose nonsense.
3What the agent read
Untrusted
An issue, a README, the output of a command. This is where prompt injection lives.
Every command gets a colour
The core classifies risk before anything happens. It is the model that governs the approvals inbox.
Green
Reads. Approved automatically.
Yellow
Local writes. Auto-approval is configurable.
Red
Network, remote, destructive. Always goes through you.
Pushing to main is refused by the core, not by the UI
The refusal lives in Rust, beneath the interface. It covers the direct name, the refspec and force-push. A compromised window does not route around it.
src-tauri/src/approvals/mod.rs
pub fnis_refused_by_core(command: &str) -> bool
Covered by tests
✓core_recusa_push_para_main_master
✓core_nao_recusa_push_para_feature
Does not exist yet
What comes next
It is on the roadmap, not in the release. Until it runs, it does not become a marketing bullet.
Coming soon
Orchestrated agents
Claude Code and Codex running as sessions, output streaming, risk classified at every step.
Coming soon
Isolated worktrees
Each agent in its own git worktree. What it writes never touches your working tree.
Coming soon
Local diff review
Three-dot diff between the base and the agent worktree, inside the app, before any merge.
Coming soon
A real sandbox
Agent spawn behind an operating system boundary, not behind a trait we trust.
No release yet
I will tell you when you can download it
A binary that does not exist does not become a download button. Leave your email and you will know first — on the system you are using right now.