Controlled execution

Controlled execution is what DevAware OS does instead of giving the agent a free shell. Tool calls are filtered through an allowlist; commands matching the destructive denylist are refused at the spawn boundary; any flagged action pauses for explicit user approval before it runs.

PTYs themselves run under the user's UID — scoped and guarded, not OS-sandboxed.