Remote Commands
AITerm treats remote work as higher blast-radius. SSH/mosh host profiles and transfer-risk checks make production and remote-machine actions visible before you run them.
Remote command escalation
When a command runs on a remote host over ssh or mosh, AITerm raises its risk by one tier (a caution becomes destructive, a destructive becomes the most severe), and the risk popover adds a finding noting that the command runs on the remote host and is harder to undo. Wrapped forms (for example an ssh buried inside sh -c '...') are unwrapped so the real remote command is still assessed.
Per-host SSH and mosh safety profiles
In Settings ▸ Security ▸ Per-host SSH profiles (Pro) you can map a host to a raised safety floor. Each profile has:
- a host pattern (glob, e.g.
prod-*; auser@prefix is ignored), - a Safety Profile floor (Work, Production, or Locked Down),
- a pane tint color,
- a short label.
Authoring profiles is Pro; enforcement of any already-configured or imported profile is always on, and deleting a profile is always allowed. A one-click Add prod-* template button drops in a ready-made prod-* → Production (red) profile you can tune.
When a pane runs ssh/mosh to a matching host, only that pane's gate floor rises (it can only tighten, never loosen), and it lifts when the remote command finishes. If an end-of-command signal is ever missed, the next command recomputes the floor from scratch, so a raised floor never gets stuck on.
The host tint warning
While a host profile is active, the pane shows a colored ring and a label pill (white text on the tint color, with a lock-shield icon) — for example a red pane labeled PROD — so you can see at a glance that this shell is pointed at a more sensitive machine. Hovering explains that the pane's gate is raised until the SSH session ends.
scp and rsync transfer gating
AITerm assesses scp and rsync by what they actually do, not just the verb:
- Uploading to a remote destination is caution (it can overwrite remote files).
- Recursive transfers are caution (they affect a whole tree).
rsync --deleteandrsync --remove-source-filesare destructive (they wipe the destination, or delete the source after transfer).- Copying a local credential or secret file to a remote destination is destructive (a secret would leave the machine).
The active Safety Profile and any per-host floor then decide whether that tier runs, asks for confirmation, or is blocked — so a destructive transfer against a prod-* host is confirmed or blocked rather than run silently.
Related pages: Safety and Security, Settings Reference.