cmdop connect
cmdop connect is the CLI surface for reaching machines registered in
your CMDOP fleet. It replaces what other tools call “SSH”: no
keys, no port forwarding, no IPs — just an outbound-only relay
identified by hostname or UUID.
cmdop ssh was renamed to cmdop connect. There is no cmdop ssh
verb. connect exposes exactly three subcommands —
connect [host], connect exec, and connect password. Older
drafts mentioned connect share, connect key, and
connect workspace; those never shipped — fleet selection is the
--workspace flag below, not a subcommand.
This is the verb reference. For the story of how connect fits with the desktop machine inspector and server-to-server agent comms, see the Connect overview.
The subcommand tree
cmdop connect [hostname] # interactive picker / direct attach
cmdop connect exec <host> -- <cmd...> # one-shot command, structured output
cmdop connect password {set|clear|list|status} # per-machine agent passwordcmdop connect (no args) drops you into the picker — a fuzzy-search
TUI over the workspace’s machines, sorted by recent usage. With a
hostname argument it skips the picker and attaches directly.
Global flags
These work on every subcommand:
| Flag | Purpose |
|---|---|
--api-key, -k <key> | Override the resolved API key for this call. |
--server, -s <addr> | Override the gRPC server (for self-hosted relays). |
--workspace <name> | Use the named fleet (workspace) instead of the active one. |
--json | Emit structured output (implies --no-interactive). |
--no-interactive, -q | Never prompt; fail fast if data is missing. |
--list | Print machine inventory and exit. |
--online | With --list, show only online machines. |
Interactive attach
cmdop connect # picker → confirm → attach
cmdop connect vps-audi # direct attach (skip picker)The picker honors Ctrl-C to cancel. After picking, a confirm step shows machine name, hostname, online status, fleet name, and last heartbeat before opening the PTY. Inside the session:
- Ctrl-C is forwarded to the remote shell as SIGINT.
- Ctrl-D disconnects locally — it is not forwarded.
- Window resizes (SIGWINCH) propagate so
top/htop/editors redraw correctly. - Disconnects bubble up as
ErrUserDisconnected, returning you to the picker if you rancmdop connectwith no args.
Hostname accepts exact hostname, display name, unique prefix, or full UUID. Ambiguous matches print a candidate list; UUID-shaped arguments never fall through to fuzzy matching. See Machines & identity.
One-shot exec
cmdop connect exec vps-audi -- uname -a
cmdop connect exec mac-studio --json -- df -h
cmdop connect exec prod-api-1 --timeout 60 -- systemctl status nginxexec runs a single command, streams stdout/stderr back, and exits
with the remote’s status code. With --json it prints a structured
envelope ({stdout, stderr, exit_code, duration_ms}) — useful for
scripts and the agent tool surface.
The default timeout is 30s. Anything longer than your network’s
keepalive can drop without warning unless you bump --timeout.
Per-machine passwords
Some machines are registered with an attach password (bcrypt-hashed
server-side). The first time you attach you’ll see a streaming
AuthChallenge; CMDOP prompts for the password and caches a
24-hour session token in memory. Subsequent unary RPCs against the
same session reuse the token automatically.
cmdop connect password set # store password for this machine
cmdop connect password status # check if a password is set
cmdop connect password clear # remove it
cmdop connect password list # list machines that have a password storedBackground: Auth & passwords.
Fleet selection
A fleet (the --workspace flag still carries the legacy name) is the
credential boundary around a set of machines. To target a specific
fleet without changing your active one, use the --workspace flag —
it is a flag, not a subcommand:
cmdop connect --workspace acme-prod vps-audi
cmdop connect --workspace acme-staging exec prod-1 -- uptime
cmdop connect --list --workspace acme-prodSee Fleets & workspaces for credential precedence and local storage details.
Credential resolution
When any cmdop connect subcommand needs a credential it walks this
chain (first hit wins):
--api-keyflag.CMDOP_API_KEYenvironment variable.- The named fleet from
--workspace. - The active fleet’s stored key.
- A legacy
cfg.Chat.GrpcAPIKey(one-shot migration). - The OAuth access token from
cmdop login— the universal fallback for humans.
Long-form: Credential resolver.
API keys are fleet-scoped. OAuth tokens are user-scoped and
work across fleets. If a command fails with unauthorized, the
error message names the source so you can fix the right one.
Scripting
--json plus --no-interactive is the safe combination for CI and
agents. With both set, cmdop connect never prompts, never opens a
picker, and emits structured output:
cmdop connect exec vps-audi --json --no-interactive -- date
# {"stdout":"...","stderr":"","exit_code":0,"duration_ms":42}Exit codes follow conventions: 0 success, 1 generic error, 2
auth failure, 3 machine offline, 4 ambiguous hostname.
Machine inventory
cmdop connect --list # all registered machines in the active fleet
cmdop connect --list --online # only currently connected machines
cmdop connect --list --json # machine list as JSONRelated
- Connect overview — the full story (CLI + Desktop + agent-to-agent).
- Server-to-server —
ask_machineandask_machinesbetween machines. - Fleets & workspaces — fleet selection and credential management.
Cmdop