How do I access an IoT device that's behind NAT or on cellular?

The AI Commander agent connects outbound to the relay, so the device is reachable even behind carrier NAT, a home router, or a cellular modem with no public IP. Your AI client runs commands by quoting the device's session code — nothing inbound is required.

Enterprise & fleets

Manage IoT & edge devices remotely

Edge devices live in hard-to-reach places — a factory floor, a kiosk, a field gateway on cellular, a Pi in a cupboard — almost always behind NAT with no public IP. AI Commander gives an AI client a real shell on each one through an outbound-only agent, so you can update an app, restart a service, or read sensor logs without ever opening a port.

The job

The defining constraints of IoT and edge fleets are: headless, behind NAT or cellular, and numerous. That's exactly where an outbound agent shines — the device dials home, and your AI client drives it:

Push an app or firmware update to one device or the whole fleet, then verify the version.
Restart a hung sensor service or reset a flaky network interface.
Read recent logs to see why a device dropped off — power, signal, or a crashed process.
Check connectivity and clock drift before they cause data gaps.
Roll a config change out gradually: one device as a canary, then the rest.

What it looks like

Claude — MCP

You: sensor-gw-12 stopped reporting — find out why and restart the collector if it crashed Claude: > systemctl status collector | head -3 collector.service: failed (Result: oom-kill) > free -m Mem: 462 used / 488 total > systemctl restart collector ✓ collector active · publishing again Claude: The collector was OOM-killed on a low-RAM gateway. Restarted it and it's reporting again — worth adding a memory limit so it recycles cleanly.

Fleet rollouts. To act on many devices, save each under an alias and have the AI client run the same command across the group, canary first. None of them expose an inbound port.

Why AI Commander for edge fleets

	AI Commander	Port forward + SSH	Reverse SSH tunnels	VPN / mesh
Works behind carrier NAT	✓	✗	per-device	✓
ARM / low-RAM friendly	✓	✓	✓	heavier
Run a command across the fleet	✓ via AI	manual	manual	manual
AI reads output & reacts	✓	✗	✗	✗

Honest scope. For large managed IoT estates you'll still want a device-management/OTA platform for provisioning, fleet inventory, and signed update channels. AI Commander is the fast, conversational shell for diagnosing and fixing devices — and for letting an AI agent do it across a group.

Set it up

On each device (Linux, arm64 or x86_64), install the agent:

curl -fsSL https://aicommander.dev/install | sudo bash

FAQ

How do I access an IoT device behind NAT or on cellular?

The agent connects outbound to the relay, so the device is reachable even behind carrier NAT or a cellular modem with no public IP. Your AI client runs commands by quoting the device's session code — nothing inbound is required.

Can I update or restart a service across a fleet of Raspberry Pis?

Yes. Save each device under an alias and ask your AI client to run the update or restart across the group. It executes remote_exec on each, streams output back, and reports which succeeded and which need attention.

Does it run on ARM edge hardware?

Yes. The agent supports Linux on arm64 and x86_64 with systemd, covering Raspberry Pi and most edge gateways. It only needs outbound HTTPS.

Reach every device, wherever it is

Install the agent on your edge devices and let Claude update and triage them from anywhere.

Install the agent Set up aliases