The SSH of the
agent world.
agent-exec gives an AI agent a self-describing, ACL-controlled entry point into a machine. Give it a URL and API key. It reads/SKILL.md, checks/api/acl, and executes allowed commands through/api/exec.
aexec --version. Use localhost, VPN, firewall, or TLS-terminated trusted networks.Install, start, share. Then paste.
aexecis the official command.aeis the short alias for daily use.
# 1. Install $ npm install -g @to-agent/agent-exec # 2. Set up local config and API key $ aexec setup # 3. Start serving $ aexec start # 4. Generate a prompt for an AI agent $ aexec share # Optional: expose installed AI tools as plugins $ aexec starterkit $ aexec restart
Install agent-exec on this machine. Run: 1. Check that Node.js and npm are available. 2. Install globally: npm install -g @to-agent/agent-exec 3. Run: aexec setup 4. Start the server: aexec start 5. Run: aexec share 6. Show me the generated share prompt. Do not edit project files unless needed. Do not expose agent-exec to the public internet. Do not use --public unless I explicitly ask for network access. Do not add broad ACL rules such as allow "*". Fresh installs should only allow: aexec --version If any command fails, stop and show me the error plus the next recommended command.
You have access to a machine through agent-exec. URL: http://<agent-exec-host>:3333 API_KEY: <api-key> Start here: http://<agent-exec-host>:3333/SKILL.md
A machine that explains itself to agents.
agent-exec does not require a special SDK or model-specific integration. The machine publishes a small HTTP entry point and the agent follows the documents.
Read /SKILL.md
The public entry point tells the agent how to start.
Inspect /api/acl
The agent checks what commands are allowed before executing.
Discover /api/plugins
Optional plugin documentation is loaded only when the agent needs it.
POST /api/exec
The server executes only what the ACL permits.
Extend with plugins and skills.
Plugins add tool-specific documentation and optional command behavior. Skills keep detailed usage out of the initial prompt and let agents load detail only when needed.
$ aexec plugin list $ aexec plugin create --name=mytool --command=mytool $ aexec plugin doctor
argv, not shell strings.
/api/execaccepts JSON body arguments only. GET requests and query-string commands never execute.
JSON body only
Commands are sent as{"args":["command","arg"]}.?cmd=and?args=are not execution inputs.
No shell interpretation
agent-exec executes argv. Shell operators such as&&,;, pipes, redirects, and subshell syntax are not interpreted by agent-exec itself.
Deny before allow
ACL matching usesargs.join(' '). Plain strings are exact matches; use explicit glob or regex rules for broader matching. A rule likecmd *allows any arguments tocmd. Deny rules win before allow rules.
Trusted plugins are host code
Trusted plugins should be reviewed like code running as the agent-exec OS user. Do not install unreviewed trusted plugins.
The agent discovers. The server decides.
agent-exec is default-deny. Fresh installs only allowaexec --version. Use ACLs, least-privileged OS users, and network controls. It is SSH-like access for AI agents, not SSH-compatible and not an SSH replacement.
Any HTTP-capable agent can start here.
If your agent can make HTTP requests, it can start with agent-exec.