Confirming that Pi can definitely handles this. I've written a harness "factotum" based on pi just for managing my homelab and my radio club's systems. Has absolutely no issue sshing into things remotely, running ansible/helm/kubectl/talosctl commands.
There's a few skills, a and an extension to switch inventory. The extension is only needed because I want to switch between the two organizations. It's pretty slick. One of my use cases was just getting my homelab under control. So one of the first tasks I gave it was to go find everything that's running on these hosts, system services, docker compose, kube pods, etc. Builds an inventory, memory, todos.
Switches the script from "ai helps me launch more experiments to lose track of" to "organized and back under config management".
How do you use `pi` to ssh? I use `oh-my-pi`, and tried the `/ssh` command, but I couldn't get it to work. Then I saw a suggestion somewhere to just run `!ssh` to place things into the agent's context.
Is there a way to use it like "The current directory is at `ssh server`" and have the agent work from there?
Most if not every agent has access to bash or similar, which ssh typically is available. You don't need any bloated skills or anything, as long as you include `host is available via user@10.55` or whatever, and you have authentication properly setup, it'll figure it out.
Just tell it to use ssh from the shell. From there you can give it extra context to describe the target (if you know/care about it), or just let it loose and if the environment doesn't have what it expects it will "figure something out" - just the same as with your local env.
If there's some least common denominator you know about e.g. python it can streamline things if you tell it to just use that for everything.
I don't think you understand. I'm well aware it can run whatever command on bash. You're taking a significant risk asking it to do what it's doing via ssh, because it could easily forget that it's suppose to be doing ssh and do whatever locally.
The point is: opencode should have a specific deterministic tool like https://www.npmjs.com/package/node-ssh where commands can only be run; the environment can only be the remote; etc.
The last thing I would want is for it to suddenly forget it's suppose to be running commands as ssh and does something local.
In practice I just don't think this is a real problem, or at least not one I've seen.
I do something like this a lot with local VMs managed through Incus (so not literally invoking ssh but the exact same pattern) and they don't "mess up" in that particular way. If they ever did they figured it out immediately and I didn't even make note of it happening.
I guess to sum up my feelings on it: if you don't think the tool is reliable enough to correctly use ssh to execute remote commands, you probably shouldn't be trusting it to run remote commands in the first place.
You're still ignoring the crux of the difference in _risk_. Say the risk of `rm -rf /` for any given model is 1%. That is, the probabilty, that it'll just absolutely saveagly destroy the system you're working on. We know it's lower than that, because millions of tokens per day are generated and we only get a few of these "production database was wiped" news items.
There difference is still: If that risk-reward is to be recieved, you can't tell me you'd rather have it run locally than on some system you're managing. Because POV, you're the one responsible and if a coding tool _takes out your system_, you no longer have any means to fix the problem.
So, maybe the risk-reward is _technically_ equal, but only if the operator of the coding tool continues to operate regardless of what commands it's issuing. That's not the case if you're just saying "hey guy, use ssh for all your commands"
It can equally hallucinate commands. Fine. The problem is, if I'm working on a remote machine, I'm generally doing things that I'd be less concerned about. If I'm on a VPN and it rm -rf / while I'm trying to clean it up; bad break, but it's not _my machine_ it just removed root on.
So if your LLM is just running something like `ssh <remote> "<cmd>"` it could easily foget the ssh <remote> part and suddenly you're modifying your local system.
So it's one thing to YOLO on production servers, etc, but wiping out something locally is a significantly different event. Imagine it erasing all your scripts or whatever.
Anyway, the point is: I wouldn't trust an agent operating with just a bash cli running ssh commands.
There's a few skills, a and an extension to switch inventory. The extension is only needed because I want to switch between the two organizations. It's pretty slick. One of my use cases was just getting my homelab under control. So one of the first tasks I gave it was to go find everything that's running on these hosts, system services, docker compose, kube pods, etc. Builds an inventory, memory, todos.
Switches the script from "ai helps me launch more experiments to lose track of" to "organized and back under config management".