Fewshell: A Self-Hosted SSH Copilot That Refuses to Run Commands Without Human Approval
Fewshell is a collaborative, self-hosted mobile+desktop SSH copilot designed for on-calls, DevOps, MLOps, AI researchers, sysadmins, and self-hosting enthusiasts. Its core design principle: AI will never run any command without human approval. There is no setting to enable command auto-approval – by design, to eliminate any risk of accidental misconfiguration.
Why It Exists
The author, an ex-Amazon Sr. SDE for Alexa AI now working on AI safety research for agentic RLVR, created Fewshell after seeing high-profile incidents where an AI agent deleted a production database. The tool is intended to be the opposite of an autonomous agent. Use cases include:
- Quickly restart, fix, or update an autonomous agent (e.g., OpenClaw) remotely, without using the agent itself (e.g., if it fails to start).
- Start a long-running command from desktop and check on it from mobile.
- Manage a self-hosted server and run admin commands on the go.
- Run serverless infrastructure and fix things remotely via a bastion.
- Keep a full transcript of every command you've ever run on your infrastructure, useful for postmortems.
- Share a terminal with a collaborator (e.g., two-person rule).
Architecture & Security
Fewshell is self-hosted, with no cloud dependency. Communication between client and server uses an SSH tunnel. Secrets are stored in the system keychain and are redacted before being sent to the LLM. The server holds secrets in memory for command use and replication across authenticated devices, and the private SSH key never leaves the client device.
Optional features include push notifications for long-running commands via a relay service, and SSH public key provisioning during initial device pairing.
Features
- Cross-platform GUI clients: iOS, macOS, Linux, Android (Windows planned).
- Built in Flutter – low memory footprint, native execution.
- Secret management: user and per-project secrets stored in keychain with per-secret LLM visibility control.
- Cross-device sync using your own server.
- Command snippet library for reusable commands injected into LLM context.
- Session archival – full transcripts for postmortems.
- BYOM (Bring Your Own Model): supports OpenAI, Anthropic, Google, DeepSeek, Ollama, Groq, xAI, OpenRouter, and more.
- Custom agent instructions: user and per-project system prompts with template variables.
Quick Start
tl;dr – Using SSH on mobile is painful. Modern AI is really good at shell commands, but letting AI control infrastructure is dangerous. Fewshell's three core principles: secure defaults (mandatory SSH and secrets management), must be self-hosted (cloudless desktop-mobile sync), and human-first (AI will not run any command without approval).
To get started, visit the GitHub repo or get.fewshell.com for download links.
📖 Read the full source: HN AI Agents
👀 See Also
New Tool Injects Instructions into Claude Code Based on Context Usage
A developer created a tool that monitors context usage and injects custom instructions to prevent mid-task compaction disasters.
MarkView: Open-source tool renders and manages AI-generated Markdown files
MarkView is a private-first rendering engine that displays Markdown files with Mermaid diagrams and KaTeX math, available as a web app, native macOS app, and MCP server for Claude Desktop and Cursor integration.
Open Source Dashboard Reveals Actual Claude Code Compute Costs
A developer reverse-engineered Claude Code's rate limit formula to build a local dashboard that shows real-time usage percentage, actual dollar costs, burn rate, peak hours, and which skills/hooks are firing. The tool revealed a $100/month plan consumed $13,286 in equivalent API compute in one month.
Brain: A Persistent Error Memory System for Claude Code via MCP
Brain is an open-source MCP server that gives Claude Code persistent, cross-project memory for errors and solutions. It captures error context, suggests proven fixes with confidence scores, and builds a weighted synapse network connecting errors, solutions, and code modules across all projects.