A remote shell for AI agents. Let Claude, ChatGPT, Codex, or any AI assistant run real shell commands on machines you own.
No exposed SSH, no open ports, no VPN.
Install the app, share the machine code, and ask your AI what to do. The app connects out on its own, so there are no firewall changes.
On Linux — a cloud server, home server, or Raspberry Pi — paste one line. On Mac or Windows, install the desktop app. You get a stable code like AIC-7K3P-WX9M-RTBN.
Give the code to ChatGPT, Claude, or another AI assistant, then ask in plain words. It runs the command on that machine and shows you the result.
Sign in for a command center that keeps every machine in one place and lets you give them names like prod-db. You do not need an account to try it.
Pick your platform. The app gives you the machine code you will use to connect.
Menu-bar app, everything included · Apple Silicon (M1–M4) · Intel (x64)
Tray app, everything included · Windows x64
Signed release installer verified before sudo · x86_64 & arm64 · OpenSSL 3 required
Buttons above use mutable /dist/latest/* paths for convenience.
For stronger assurance, prefer the immutable release directory and checksum manifest on GitHub.
Desktop PKG/DMG/ZIP installers are signed with Apple Developer ID and notarized.
They do not ship detached Ed25519 signatures like the Linux agent.
Download from the GitHub Release, then verify with
shasum -a 256 -c SHA256SUMS after extracting the manifest alongside the artifact.
Gatekeeper validates code signing when you open the installer.
The NSIS .exe is Authenticode-signed (Azure Trusted Signing).
There is no detached Ed25519 signature. Download from the GitHub Release and verify with
certutil -hashfile AICommander-Setup.exe SHA256 against the matching line in
SHA256SUMS. Windows SmartScreen checks the embedded signature at install time.
Use the signed installer flow in install docs:
verify install.sig with the pinned public key before sudo.
Direct binary downloads from /dist/latest/agent-linux-* include matching
.sha256 and .sig files, but the installer pins an immutable
/dist/v/<ver>/ set.
Works with Claude, ChatGPT, Codex, and more. Connecting signs you in (free) so your machines stick around by name; to try one for its first hour without an account, add ?anonymous=1 to the URL. Most AI tools connect with one command:
claude mcp add --transport http aicommander https://aicommander.dev/mcp
codex mcp add aicommander --url https://aicommander.dev/mcp
opencode mcp add aicommander --url https://aicommander.dev/mcp
pi install npm:@aicommander/mcp
Or just ask any AI in plain words — it figures out the rest:
use aicommander.dev to connect to AIC-XXX
Using Cursor, Windsurf, ChatGPT, or Claude Desktop instead? All connection guides →
Each option does the same job: it lets your AI run something on your machine. Pick the one that fits the tool you already use.
The simplest path for Claude, Codex, opencode, Cursor, ChatGPT, and other MCP clients. Run one command and you're connected. Setup →
Prefer plain web requests? Send the code and your command to a simple web address. Anything that can call a URL — a script, a scheduled job, or a chatbot — can drive a machine. API docs →
Drop a ready-made Skill into any AI agent that supports skills. Then mention a machine code and it works. Install the Skill →
A simple, direct way for your AI to work on a real machine: install a small app, use the machine code, and ask. Great for checking logs, running tests, restarting an app, or managing a machine with no screen — with nothing left open or exposed.
| AI Commander | SSH | TeamViewer | Tailscale + SSH | |
|---|---|---|---|---|
| Built for AI | ✓ built in | manual | screen-first | ✗ |
| Works with Claude, ChatGPT, Codex | ✓ built in | ✗ | ✗ | ✗ |
| No open ports needed | ✓ | ✗ needs a port | ✓ | ✓ |
| No screen needed | ✓ headless | ✓ | ✗ screen needed | ✓ |
| Works behind a firewall | ✓ | extra setup | ✓ | ✓ |
| What you get back | Text you can read | Text you can read | A screen to watch | extra setup |
We give an AI real access to your machine — so security comes first. Safe by default, and honest about the limits.
The app only reaches out — nothing on your machine waits for incoming connections. There's no open door to find or attack, and it works behind firewalls untouched.
We never keep your codes or keys in readable form. Even if our database leaked, there'd be nothing usable in it — the only readable fragment is a two-character label for your linked machines, which can't be used on its own. And you can cancel a key anytime.
Access refreshes on its own and quietly expires. Keys go dormant until you sign in again, so a forgotten one can't keep working forever.
Your commands and their results are never logged or saved. They pass through and are gone — and each machine stays separate from the others.
A brand-new code works for anyone for one hour, so it's easy to get started. After that, only approved accounts can use it — until you choose to reset and clear access.
Whatever a machine sends back is treated as plain results to show you, not as new orders to follow — so a sneaky line in a log is far less likely to fool the AI.
Need unattended access for a script or scheduled job? A service token runs as a non-root user, on one machine, with only the exact commands you allow — and no shell, so nothing can be injected. Long-lived but revoke-anytime.
Every one with a free tier.