CARINA Control is an AI advisory system that follows a strict confirm-to-execute model. It proposes actions, validates them against security policies, and executes approved commands only inside sandbox environments.
CARINA Control operates in advisory mode by default:
No command executes without explicit human approval.
The execution path is:
Proposal → Policy Validation → Human Approval → Sandbox Execution → Destruction
carina sandbox up (no direct shell)| Boundary | Rule |
|---|---|
| Proposal creation | AI can propose; cannot execute |
| Policy validation | Automatic; blocks dangerous patterns |
| Human approval | Required for all execution |
| Sandbox execution | Only path to run commands |
| Host access | Never. All execution is isolated |
Commands are validated against security policies that block:
| Level | Meaning |
|---|---|
| LOW | Read-only operations, information gathering |
| MEDIUM | File creation, package installation inside sandbox |
| HIGH | Network operations, system configuration changes |
# Create a proposal
carina control propose "Check Python version" "python --version" python
# List all proposals
carina control list
# List pending proposals
carina control list pending
# Approve and execute a proposal
carina control approve <id>
# Reject a proposal
carina control reject <id> "Reason"
# Clear completed proposals
carina control clear
All control actions are logged to /var/log/carina-control.log:
2026-02-10 14:30:00 user=ubuntu action=propose proposal=1 status=created sandbox=python
2026-02-10 14:30:15 user=ubuntu action=approve proposal=1 status=approved sandbox=python
2026-02-10 14:30:20 user=ubuntu action=execute proposal=1 status=success sandbox=python