Tl;dr you don’t give your llm ssh access. You give it tools that have individual access to particular executions.

—-

Yes, easily. This isn’t a problem when using a proxy system with built in safeguards and guardrails.

‘An interface for your agents.’

Or, simply, if you have a list of available tools the agent has access to.

Tool not present? Will never execute.

Tool present? Will reason when to use it based on tool instructions.

It’s exceptionally easy to create an agent with access to limited tools.

Lots of advice in this thread, did we forget that ithe age of AI, anything is possible?

Have you taken a look at tools such as Xano?

Your agent will only execute whichever tool you give it access to. Chain of command is factored in.

This is akin to architecting for the Rule of Two, and similarly is the concept of Domain Trusts (fancy way of saying scopes and permissions).