terminal-bench-env — Summary

terminal-bench-env is a research repository from UC Santa Barbara's ML Security lab providing 3,500+ verified Docker environments and two minimal BashAgent implementations for evaluating terminal-based AI agents. It accompanies the TermiGen paper (arXiv 2602.07274), which introduces a 32B parameter model (TermiGen-32B) fine-tuned from Qwen2.5-Coder via error-correction trajectory synthesis. The repository is not an agent harness in the traditional sense — it is a benchmark environment corpus spanning 11 task categories (infrastructure, DevOps, security, data processing, ML/MLOps, algorithms, software development, scientific computing, interactive environments, distributed computing, formal verification). Tasks are available in TerminalBench 1.0 format (Docker Compose) and Harbor 2.0 format. The BashAgent implementation is a minimal ReAct-style agent with tmux-based shell interaction. This is a Tier B/C entry: no workflow methodology, no skill system, no persistent memory — a pure evaluation infrastructure.

Differs from seeds: No seed is a benchmark environment. terminal-bench-env is closer to evaluation infrastructure than an agent harness. It has no overlap with any seed framework philosophically or architecturally.

terminal-bench-env — Overview

Origin

Developed by the UC Santa Barbara ML Security Lab (ucsb-mlsec). Research artifact accompanying the TermiGen paper. The project was selected as the #2 Hugging Face Daily Papers on 2026-02-10.

Purpose

Provide high-fidelity Docker environments for training and evaluating terminal-based AI agents. The core research contribution is:

1. 3,500+ verified executable Docker tasks
2. BashAgent (minimal ReAct implementation)
3. TermiGen-32B (fine-tuned model, separate on HuggingFace)

Key Metrics (from README)

• 420 unique command-line tools in the corpus
• 16 functional domains
• Average task complexity: 25.5 turns, 8,722 tokens
• TermiGen-32B performance: 31.3% TerminalBench 1.0, 19.3% TerminalBench 2.0, 21.4% SWE-Bench Verified
• +26.8% absolute improvement over base Qwen2.5-Coder-32B

Repo Facts

• GitHub: https://github.com/ucsb-mlsec/terminal-bench-env
• Stars: 82 (2026-05-26)
• Language: Python
• License: unknown
• Last commit: 2026-03-24
• Status: Research artifact (likely static after paper publication)

terminal-bench-env — Architecture

Repository Layout

terminal-bench-env/
├── tasks/                    # 3,500+ task definitions
│   ├── infrastructure/
│   ├── devops/
│   ├── security/
│   ├── data_processing/
│   ├── ml_mlops/
│   ├── algorithms/
│   ├── software_development/
│   ├── scientific_computing/
│   ├── interactive_environments/
│   ├── distributed_computing/
│   └── formal_verification/
├── bash_agent.py             # BashAgent for TerminalBench 1.0 (tb framework)
├── bash_agent_harbor.py      # BashAgent for Harbor 2.0 framework
├── docker-compose.yml        # Task environment composition
└── README.md

Task Structure

Each task is a Docker-based environment:

• docker-compose.yml or Harbor manifest
• task.json / task.yaml describing the goal, success criteria, and setup
• Pre-seeded filesystem state
• Automated verification (bash scripts or test suites)

Tasks are self-contained: start the container → give the agent a terminal → run the verifier.

BashAgent Architecture

Two minimal implementations, both ReAct-style:

bash_agent.py (TerminalBench tb framework)

LLM → think → act (bash command) → observe (stdout/stderr) → repeat

• tmux-based shell: sends commands to a tmux pane, reads output
• No tool abstraction layer — raw bash in/out
• Model: any OpenAI-compatible endpoint
• Context window: sliding window over turn history
• No memory beyond the current session

bash_agent_harbor.py (Harbor 2.0 framework)

• Same ReAct loop, adapted to Harbor task format
• Harbor provides structured task metadata and scoring

Isolation Model

Each task runs in a Docker container with:

• Fresh filesystem state per task
• No network egress in most tasks
• Resource limits via Docker
• Verifier script runs inside or alongside the container

Data Pipeline (TermiGen paper)

The repo is the benchmark environment component of a larger data pipeline:

1. Human-curated task definitions → Docker environments
2. Expert solutions captured as trajectories
3. Error-correction: agent makes mistakes → corrections captured
4. Synthetic trajectory augmentation → fine-tuning dataset
5. TermiGen-32B trained on augmented dataset

terminal-bench-env provides only steps 1-2 (the environment corpus). The trajectory synthesis pipeline is separate.

TerminalBench 1.0 vs Harbor 2.0

Non-Architecture (What's Absent)

• No workflow engine
• No skill system
• No hook infrastructure
• No memory store beyond current session
• No orchestration layer
• No multi-agent coordination

This is intentional: the repo is an evaluation substrate, not an agent harness.

terminal-bench-env — Skills & Commands

Skills

None. terminal-bench-env contains no skill files, no .claude/skills/ directory, and no slash-command definitions. It is not a Claude Code configuration — it is a benchmark corpus.

Commands

None. No commands/ directory exists. No / prefixed commands.

BashAgent "Tools"

The only "tools" in the repo are the two agent scripts. Neither defines a tool registry. The agent's tool is a single implicit action: run a bash command in the tmux session and read the output.

# Pseudocode from bash_agent.py
action = llm.complete(system_prompt + history)
command = extract_bash_command(action)
output = tmux_run(command)
history.append({"role": "assistant", "content": action})
history.append({"role": "user", "content": output})

System Prompt

The BashAgent provides a minimal system prompt describing:

• The task goal (from task.json)
• That the agent has a bash terminal
• Instructions to complete the task and then say DONE

Task Categories as "Domains"

The 11 task categories represent functional domains, not skills:

1. infrastructure (server setup, networking, filesystems)
2. devops (CI/CD, containers, monitoring)
3. security (pen testing, hardening, crypto)
4. data_processing (ETL, CSV/JSON manipulation, pipelines)
5. ml_mlops (model training/serving, MLflow, datasets)
6. algorithms (sorting, graph problems, optimization)
7. software_development (debugging, refactoring, build systems)
8. scientific_computing (numpy, scipy, simulations)
9. interactive_environments (Jupyter, curses, terminal UIs)
10. distributed_computing (MPI, Spark, message queues)
11. formal_verification (Coq, TLA+, property-based testing)

Metrics

• 420 unique command-line tools referenced across all tasks
• Average task length: 25.5 turns, 8,722 tokens
• 3,500+ verified tasks total

No Agent Extensibility

There is no plugin system, no way to add skills, and no mechanism to inject custom tool behavior into the BashAgent. The evaluation harness is deliberately minimal to avoid confounding benchmark results with harness sophistication.

terminal-bench-env — Uniqueness & Positioning

differs_from_seeds

terminal-bench-env has no architectural overlap with any seed framework. All seeds are agent harnesses (providing workflow, skills, commands, memory to humans building software). terminal-bench-env is evaluation infrastructure (providing Docker environments and a minimal reference agent to researchers measuring agent performance). It operates one layer below agent harnesses — it is what you test an agent against, not what you use to build software.

Distinctive Positioning

1. Verified executable environments at scale: 3,500+ Docker tasks with automated verifiers. No other entry in this batch provides a benchmark corpus — all others are agent harnesses or orchestrators.

2. Domain breadth: 11 task categories including unusual domains (formal verification with Coq/TLA+, distributed computing with MPI/Spark, interactive environments with curses/Jupyter). Most agent benchmarks focus on software development (SWE-Bench). terminal-bench-env covers the full terminal-capable surface area.

3. Error-correction trajectory synthesis: The TermiGen paper's core contribution is the data pipeline: collect failure trajectories, add corrections, synthesize training data. The benchmark provides the ground truth for this pipeline. +26.8% absolute improvement over the base model is the claimed result.

4. Companion to a published model: TermiGen-32B (separate HuggingFace artifact) is a direct product of this dataset. The benchmark and the model are co-released — unusual for research artifacts.

5. Harbor 2.0 format support: Dual-format support (TerminalBench 1.0 Docker Compose + Harbor 2.0) means the corpus can be used with different evaluation frameworks. Most benchmark repos are locked to one format.

Observable Limitations

• 82 stars, no license — limits adoption
• Research artifact, likely static after paper publication (last commit 2026-03-24)
• BashAgent is minimal (no tool abstraction, no memory) — for baseline comparison only
• No integration with commercial agent harnesses (Claude Code, Gemini CLI) — would require wrapping
• Tasks are terminal-specific; no GUI, no browser, no document-editing tasks
• Verifier scripts quality varies by domain (formal verification is harder to automate)

Not a Fit For

• Building software with AI assistance
• Persistent multi-session workflows
• Team collaboration on code
• Any use case requiring memory, skills, or tool abstraction

Fit For

• Researchers measuring terminal agent capability
• Teams building training datasets for terminal-focused models
• Ablation studies on agent loop designs
• Curriculum learning: identify which task categories an agent struggles with