alt Hacker NewsI don't think you understand. I'm well aware it can run whatever command on bash. You're taking a significant risk asking it to do what it's doing via ssh, because it could easily forget that it's suppose to be doing ssh and do whatever locally.
The point is: opencode should have a specific deterministic tool like https://www.npmjs.com/package/node-ssh where commands can only be run; the environment can only be the remote; etc.
The last thing I would want is for it to suddenly forget it's suppose to be running commands as ssh and does something local.
In practice I just don't think this is a real problem, or at least not one I've seen.
I do something like this a lot with local VMs managed through Incus (so not literally invoking ssh but the exact same pattern) and they don't "mess up" in that particular way. If they ever did they figured it out immediately and I didn't even make note of it happening.
I guess to sum up my feelings on it: if you don't think the tool is reliable enough to correctly use ssh to execute remote commands, you probably shouldn't be trusting it to run remote commands in the first place.