[JeremyNT]

In practice I just don't think this is a real problem, or at least not one I've seen.

I do something like this a lot with local VMs managed through Incus (so not literally invoking ssh but the exact same pattern) and they don't "mess up" in that particular way. If they ever did they figured it out immediately and I didn't even make note of it happening.

I guess to sum up my feelings on it: if you don't think the tool is reliable enough to correctly use ssh to execute remote commands, you probably shouldn't be trusting it to run remote commands in the first place.

[cyanydeez]

You're still ignoring the crux of the difference in _risk_. Say the risk of `rm -rf /` for any given model is 1%. That is, the probabilty, that it'll just absolutely saveagly destroy the system you're working on. We know it's lower than that, because millions of tokens per day are generated and we only get a few of these "production database was wiped" news items.

There difference is still: If that risk-reward is to be recieved, you can't tell me you'd rather have it run locally than on some system you're managing. Because POV, you're the one responsible and if a coding tool _takes out your system_, you no longer have any means to fix the problem.

So, maybe the risk-reward is _technically_ equal, but only if the operator of the coding tool continues to operate regardless of what commands it's issuing. That's not the case if you're just saying "hey guy, use ssh for all your commands"