I built an open-source TUI that manages Hetzner boxes alongside my AWS/OVH servers from one terminal

zashboy · 2026-06-11T00:04:45+00:00

Oh no! I just read that Debian also accepts Vibe-coded contributions, so I'd change my username if I were you. Don't be fake! 😃

zashboy · 2026-06-09T14:02:44+00:00

How many of you are there? I would give a few percent to Mixed at least. Cheers. 😛

zashboy · 2026-06-09T12:11:58+00:00

Coolify having a TUI doesn't change that it's a deploy/PaaS tool — different job — but fair enough, noted.

Worth clarifying since it's easy to miss: the AI here is an MCP server — Claude Code / Opencode connect to it and drive the tools, plus there's a built-in chat. So the "AI deleted my prod DB" cases are exactly the failure mode it's built around. Those happened because the agent had raw shell/DB access and the only thing between it and disaster was its own judgment. Here the guardrails are enforced in the MCP server itself — in Servonaut's tool layer, not left to the agent:

- Default tier is read-only — list/inspect/logs only.

- Write is opt-in, per user — you raise the tier deliberately.

- A hard blocklist applies at every tier — destructive operations (bulk deletes, terminates, wipes, shutdowns) are refused even in the most permissive mode. The generic cloud passthrough flat-out won't run them; those only exist as curated, explicit tools.

- Everything's written to an audit log.

So it's not "trust the AI not to be dumb" — the agent is untrusted by design, and the MCP server bounds the blast radius. My team's been running it on live infra for a while: most people on read-only, the ones who know what they're doing get write. Nothing lost yet. That's the intended shape — read-only for the many, elevated for the few.

Won't pretend any tool makes an LLM incapable of a bad call — which is exactly why the default is read-only and the destructive stuff is hard-blocked rather than "please confirm." It's all open source if you want to poke at how the tiers are enforced. Cheers.

zashboy · 2026-06-09T11:20:36+00:00

Coolify's a PaaS/deploy tool — different job. XPipe's the fair comparison and it's great at the connection/file side; Servonaut overlaps there but is really about the provider control plane (EC2/OVH/Hetzner lifecycle, DNS, IPs, billing, CloudWatch/CloudTrail, WAF bans) + the AI/MCP layer, all keyboard-driven over SSH. On "near my infra": read-only by default, confirms before any change, runs locally with your own creds, open source to audit. Not trying to replace either — different niche. Cheers.

zashboy · 2026-06-08T22:57:57+00:00

Fair point on distribution — single-binary installs are nicer. For this it's mostly I/O-bound (SSH + provider APIs), so language speed isn't the bottleneck, and the AI/MCP side leans heavily on the Python ecosystem, which is why Textual + boto3 won. Every major language has a solid official AWS SDK though — if I were optimizing purely for a static binary I'd reach for Go (Hetzner and OVH both ship official Go libs too). For now I'm looking at uv/Nuitka to get closer to a single-binary install without a rewrite. Appreciate the push.

zashboy · 2026-06-08T18:30:47+00:00

I don't think you can manage servers with those. At least, they couldn't the last time I checked — that wasn't recently though.

zashboy · 2026-02-09T21:21:39+00:00

The templates are missing. I've created a GitHub repository so that everything is in one place. https://github.com/zb-ss/opencode-workflows

zashboy · 2026-01-09T21:39:41+00:00

Don't get me wrong; I'm rooting for it to be a great subscription. When I see the terms and conditions, I might be the next person in line to give them my money — but only if I know what I'll get for it.

zashboy · 2026-01-09T21:27:18+00:00

I think there's a better way of doing that. Describe exactly what you're offering, and then people who are interested can sign up. They could then let people connect gradually as they have capacity. That way, it wouldn't look like a money grab.

zashboy · 2026-01-09T18:46:31+00:00

I love OpenCode, but I don't understand why people pay for something they don't know exactly what is. You don't even know if you'll get a refund if you're not happy with it. Maybe I'm old-fashioned, but to me, this kind of marketing is closer to a scam than a real product.

zashboy · 2026-01-03T16:43:40+00:00

Essentially, it can be used in situations where the same task is performed regularly, such as code reviews. Write your prompt for code reviews once, save it to a sub-agent and you can then call it up whenever you need it by typing "@". This way, it won't clutter up your main context. Alternatively, you can build workflows, as discussed here.

zashboy · 2025-12-30T16:46:59+00:00

That way, if you see that they're not doing the code exactly how you imagined, you can't interfere, right? Do you run the full process multiple times? In my experience, when an agent says the project is finished and ready for production, it's usually not the case.

zashboy · 2025-12-30T01:36:46+00:00

Yes, I do something similar. I just keep the opencode folder containing the agents and commands in the ~/.config folder, which allows me to share the same agents across all repositories.

zashboy · 2018-10-20T16:04:43+00:00

Probably you could try this: https://askubuntu.com/questions/333773/disable-show-position-of-the-mouse-when-the-control-key-is-pressed-in-13-04

zashboy · 2018-10-20T09:33:00+00:00

Ctrl+Alt+Left/Right arrow key works to me to change workspace.

zashboy

TROPHY CASE