@aicommander/agent — remote-machine agent for AI Commander
The on-machine agent for AI Commander. Run it on a
server, laptop, container, or CI box and it dials out to the relay and listens for
commands — letting your AI client execute shell/bash commands on that machine
through the @aicommander/mcp
server (or any MCP client pointed at the relay).
It's an SSH alternative with no exposed SSH, no open inbound ports, and no
VPN: the agent connects outbound, prints an AIC-… session code, and you drive it
from your AI by that code (or a saved alias, with an account API key).
Requires Node ≥ 18 on the target machine.
Install this on the machine you want to manage/control (the server, VM, container, or laptop you want your AI to run commands on) — NOT on the machine running your AI client. The client side is a different package,
@aicommander/mcp(the MCP server your editor/Claude talks to). Install@aicommander/agenton the target,@aicommander/mcpnext to your AI client.
Quick run (ephemeral, foreground)
npx @aicommander/agentRuns in the foreground and prints the full session code (you ran it yourself in your own terminal, so there's nothing to reveal), then listens until you press Ctrl-C. Nothing is installed and no service is created — ideal for containers, CI, dev boxes, or a quick one-off connection.
# Point at a different relay if you self-host:
AICOMMANDER_SERVER=https://relay.example.com npx @aicommander/agentThe printed code is what you give to your AI client: "execute df -h on AIC-…".
(aicommander-agent status --reveal is only for the systemd service below,
where logs/status keep the code masked.)
Persistent service (Linux, systemd)
Install globally and register a systemd unit that starts on boot and restarts on failure:
sudo npm i -g @aicommander/agent
sudo aicommander-agent installinstall writes /etc/systemd/system/aicommander-agent.service, enables it,
(re)starts it, and prints the session code. The unit runs aicommander-agent run
via the absolute path of the installed CLI and the Node binary that performed the
install (so it doesn't depend on PATH).
# Bake a custom relay URL into the unit:
sudo aicommander-agent install --server https://relay.example.comManage the service:
| Command | What it does |
|---|---|
sudo aicommander-agent status [--reveal] |
Show status, uptime, session code (masked unless --reveal) |
sudo aicommander-agent enable / disable |
Start+enable / stop+disable the service |
sudo aicommander-agent change-code |
Mint a new code and revoke all current access |
sudo aicommander-agent uninstall --force |
Stop, disable, and remove everything |
journalctl -u aicommander-agent -f |
Follow service logs |
npm channel vs the curl installer
npx / npm i -g (this package) |
curl -fsSL https://aicommander.dev/install | sudo bash |
|
|---|---|---|
| Runtime | Your Node ≥ 18 | Self-contained native binary (no Node) |
| Best for | Ephemeral / dev / CI / Node-managed hosts | Production root installs |
| Integrity | npm's tarball integrity + registry-side checksums | SHA-256 checksum enforced before install |
| Authenticity | — | Ed25519 signature verified against a pinned key |
| Update | npm i -g @aicommander/agent@latest |
Re-run the curl command |
Security
This npm package relies on npm's tarball integrity for trust. The
curl … | sudo bash installer additionally verifies the downloaded binary
against a pinned Ed25519 public key before installing it as root — so the
curl installer remains the canonical, recommended path for production root
installs.
Prefer this npm package for ephemeral / dev use and Node-managed
environments. In all cases: the session code is a root-exec credential —
anyone who has it can run commands as root on the machine. Keep it secret, don't
paste it into shared chats/screenshots/tickets, and rotate it with
aicommander-agent change-code if it leaks.
License
MIT