Put a small app on any computer you run — a server, cloud box, or Raspberry Pi — and it shows you a short code. From anywhere, hand that code to ChatGPT, Claude, or any AI assistant and ask in plain words — "check the disk", "restart the app", "show the errors" — and it runs on the remote machine and shows you the result. Keep going in the same chat: it reads the output, fixes what's wrong, and reports back. No VPN, firewall, or exposed login to set up.
Think remote SSH for AI — one you talk to in plain words, like remote desktop is for humans.
Run the agent on the machine you want to control, then pick your platform below.
Menu-bar app, bundles the agent · Apple Silicon (M1–M4) · Intel (x64)
Tray app, bundles the agent · Windows x64
curl -fsSL https://aicommander.dev/install | sudo bash
Installs a systemd service · x86_64 & arm64 (servers, VMs, Raspberry Pi). Runs as root by default — the session code is the credential, so guard it.
The agent prints a stable session code like AIC-7K3P-WX9M-RTBN. Full install docs →
No firewall rules. No static IPs. No VPN setup. The target machine keeps one outbound WebSocket open to your relay.
On Linux (cloud VM, home server, GPU box, Raspberry Pi), run the one-line installer — it installs a background systemd service. On macOS or Windows, install the desktop app instead.
The agent registers with your relay and prints a high-entropy code like AIC-7K3P-WX9M-RTBN. The code is stable — it stays the same across reboots and restarts, and the desktop app can copy it (or refresh it on demand).
Mention the code to Claude, Codex, or another MCP client. The remote_exec tool runs the command on that machine and streams the result back.
AI Commander speaks MCP, a plain REST API, and ships an Agent Skill. You can add the connector without logging in — raw-code commands work without an account during the code's first hour; sign in or use an API key for ongoing access. Most CLI agents connect over MCP with one command:
claude mcp add --transport http aicommander https://aicommander.dev/mcp
codex mcp add aicommander --url https://aicommander.dev/mcp
opencode mcp add aicommander --url https://aicommander.dev/mcp
pi install npm:@aicommander/mcp
GUI editor (Cursor, Windsurf, Antigravity), ChatGPT, Claude Desktop — or no MCP at all? All connection guides →
Under the hood there's one capability — run a command on a machine by its session code. Reach it however your client prefers; all three hit the same relay.
The native path for agents — Claude Code, Codex, opencode, Cursor, ChatGPT. One command and the remote_exec tool appears. Setup →
No MCP? POST /api/v1/exec with {code, command} over plain HTTPS. Anything that can call a URL — a script, cron, or a chat model with a fetch tool — drives a machine. API docs →
Claude users can drop in the hosted SKILL.md instead of adding an MCP server — quote a code and it runs over the REST API, no config. Install the Skill →
Remote desktop tools stream pixels for people who need to click around. DevOps tools automate known workflows with inventory, YAML, and credentials. AI Commander is a narrow bridge for live shell work: a small agent on a real machine, a hosted relay, and an MCP tool — or a plain REST call — your AI client can use when you provide a session code. It is for checking logs, running tests, restarting services, or operating headless boxes without exposing SSH.
TeamViewer and AnyDesk are strong when a human needs the whole desktop. AI Commander focuses on the shell, where agents and developers can work with precise text output.
| AI Commander | SSH | TeamViewer | AnyDesk | |
|---|---|---|---|---|
| Designed for AI tool calls | ✓ MCP tool | manual CLI | screen-first | screen-first |
| AI-native (MCP + REST API) | ✓ built-in | ✗ | ✗ | ✗ |
| No public SSH port required | ✓ | ✗ usually port 22 | ✓ | ✓ |
| No GUI / display required | ✓ headless | ✓ headless | ✗ screen needed | ✗ screen needed |
| Works behind NAT / firewall | ✓ | needs bastion | ✓ | ✓ |
| Output format | Text / stdout | Text / stdout | Screen pixels | Screen pixels |
| Cost | Free | Free | Paid commercial plans | Paid commercial plans |
Ansible is excellent for repeatable automation. Tailscale SSH secures SSH access. AWS Session Manager is strong inside AWS-managed fleets. E2B gives agents cloud sandboxes. AI Commander is the direct path when the agent needs a shell on your actual machine.
| AI Commander | Tailscale + SSH | Ansible | E2B | AWS SSM | |
|---|---|---|---|---|---|
| Best fit | Live shell for agents | secure SSH | repeatable automation | AI sandboxes | AWS node access |
| AI integration (MCP + REST) | ✓ native | ✗ | ✗ | SDK only | ✗ |
| Setup complexity | 1 agent command | Tailnet + SSH policy | Inventory + YAML | SDK integration | IAM + AMI agent |
| Your actual machine | ✓ | ✓ | ✓ | ✗ ephemeral sandbox | managed nodes |
| No SSH port required | ✓ | SSH over tailnet | ✗ needs SSH | ✓ | ✓ |
| Any cloud / bare metal | ✓ | ✓ | ✓ | ✗ cloud only | managed nodes |
| Streams command output to MCP client | ✓ SSE | manual pipe | log files | ✓ | CloudWatch |
AI Commander gives an AI agent a real shell — so we treat security as the foundation. Defense in depth, safe defaults, and an honest account of the limits.
The agent keeps a single outbound, TLS-encrypted connection to your relay. Nothing listens for inbound connections on the target machine, so there's no port to scan or expose — it works behind NAT and firewalls untouched.
Session codes and tokens are kept only as values keyed with a server-side secret — a database dump yields no usable codes. Account API keys are stored hashed and are revocable any time. Platform secrets live in the secret store, never in code.
Agent tokens rotate automatically while idle, so any single token is short-lived. Account API keys re-arm with a recent sign-in by default and are revocable any time, so a leaked key in a config file can't act on its own. Session codes stay stable until the owner refreshes them.
Account API keys stay dormant until a human signs in through the web — and an account re-arms its keys with a sign-in once a day. A leaked key sitting in a config file can't act on its own. (On by default; can be turned off, with a clear warning.)
Anyone who knows a current code can run commands on that machine — until the owner resets the code or blocks their account. No account is needed for the first hour after a code is created or refreshed; after that, sign in (free) and use the code for as long as you like.
We guarantee it: command payloads and their output are never logged or persisted. The database holds no commands or output — data is processed only transiently, in the relay's memory, while it streams through, then discarded. Each session is isolated, and output reaches only the connection that asked for it.
Anything with extra reach — like desktop screen sharing — ships off by default and must be turned on by the machine's owner. Safe defaults first; you choose what to expand.
Passwordless magic-link sign-in and OAuth 2.1 + PKCE with an explicit consent screen, a bot gate, rate limiting, and strict security headers. The Linux installer verifies the agent binary's checksum and signature before it ever runs as root.
Command output is handed to the AI strictly as untrusted data to relay back — never as instructions to act on — so a malicious file or log line can't hijack the agent. Output size is capped to keep the relay healthy.
Also from us — more productivity tools, all with a free tier, all AI-ready: