Skip to content

Commit b7be98d

Browse files
committed
docs: add new seo articles
1 parent c3e1532 commit b7be98d

12 files changed

Lines changed: 82 additions & 14 deletions
59.4 KB
Loading
201 KB
Loading

web/docs/.vitepress/config.mts

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,26 +9,25 @@ export default defineConfig({
99
// https://vitepress.dev/reference/default-theme-config
1010
nav: [
1111
{ text: 'Home', link: '/' },
12-
{ text: 'Learn More', link: '/articles/introduction' },
13-
{ text: 'Codex SSH Guide', link: '/articles/codex-ssh-login-with-loris-tunnel' },
14-
{ text: 'OpenClaw + Tunnels', link: '/articles/openclaw-remote-gateway-ssh-tunnel' },
12+
{ text: 'Learn More', link: '/articles/20260316-introduction' },
1513
{ text: 'Articles', link: '/articles/' }
1614
],
1715

1816
sidebar: [
1917
{
2018
text: 'Introduction',
2119
items: [
22-
{ text: 'Overview', link: '/articles/introduction' },
20+
{ text: 'Overview', link: '/articles/20260316-introduction' },
2321
]
2422
},
2523
{
2624
text: 'Articles',
2725
items: [
2826
{ text: 'All Articles', link: '/articles/' },
29-
{ text: 'Codex SSH Login on Remote Servers', link: '/articles/codex-ssh-login-with-loris-tunnel' },
30-
{ text: 'OpenClaw + SSH Tunnels', link: '/articles/openclaw-remote-gateway-ssh-tunnel' },
31-
{ text: 'Sample Template', link: '/articles/sample' },
27+
{ text: 'Cherry Studio, Codex & SSH MCP (SSH Pilot)', link: '/articles/20260405-cherry-studio-codex-ssh-mcp-pilot' },
28+
{ text: 'Codex SSH Login on Remote Servers', link: '/articles/20260331-codex-ssh-login-with-loris-tunnel' },
29+
{ text: 'OpenClaw + SSH Tunnels', link: '/articles/20260329-openclaw-remote-gateway-ssh-tunnel' },
30+
{ text: 'Sample Template', link: '/articles/20260316-sample' },
3231
]
3332
}
3433
],
File renamed without changes.
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ func main() {
7979
## Internal Links
8080

8181
VitePress handles internal links automatically. You can point to other articles or headers:
82-
- Back to [Introduction](./introduction)
82+
- Back to [Introduction](./20260316-introduction)
8383
- Go to [Image Section](#including-images)
8484

8585
---

web/docs/articles/openclaw-remote-gateway-ssh-tunnel.md renamed to web/docs/articles/20260329-openclaw-remote-gateway-ssh-tunnel.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ Loris Tunnel is built for exactly this class of problem: **long-lived SSH port f
4444
| SOCKS or other forwards | **Local, remote, and dynamic (SOCKS5)** modes in one app. |
4545

4646
::: tip Map your existing SSH config
47-
If you already use `LocalForward 18789 127.0.0.1:18789`, you can often **paste the equivalent `ssh` command** into Loris Tunnel’s importer and adjust labels, jumpers, and auto-start from there. See the [introduction](./introduction) for the full feature tour.
47+
If you already use `LocalForward 18789 127.0.0.1:18789`, you can often **paste the equivalent `ssh` command** into Loris Tunnel’s importer and adjust labels, jumpers, and auto-start from there. See the [introduction](./20260316-introduction) for the full feature tour.
4848
:::
4949

5050
## A practical mental model
@@ -62,7 +62,7 @@ If you already use `LocalForward 18789 127.0.0.1:18789`, you can often **paste t
6262
## Get Loris Tunnel
6363

6464
- **Releases**: [GitHub — loris-tunnel-app](https://github.com/RangerWolf/loris-tunnel-app/releases)
65-
- **Product overview**: [Introduction to Loris Tunnel](./introduction)
65+
- **Product overview**: [Introduction to Loris Tunnel](./20260316-introduction)
6666

6767
::: info About OpenClaw
6868
OpenClaw, its gateway, and port conventions are documented on **[openclaws.io](https://openclaws.io/)**. Loris Tunnel is an independent SSH tunnel manager; pairing them is a common operational pattern, not a bundled vendor integration.

web/docs/articles/codex-ssh-login-with-loris-tunnel.md renamed to web/docs/articles/20260331-codex-ssh-login-with-loris-tunnel.md

File renamed without changes.
Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
---
2+
title: "Cherry Studio, Codex & SSH MCP: Control AI Access to Production Servers with Loris Tunnel SSH Pilot"
3+
description: "Connect Cherry Studio or OpenAI Codex to remote Linux hosts over SSH using the Model Context Protocol (MCP). Loris Tunnel SSH Pilot (Beta) exposes read-only execute_bash with whitelist validation, MCP call logs, and a desktop control plane."
4+
---
5+
6+
# Cherry Studio, Codex & SSH MCP: Control AI Access to Production Servers with Loris Tunnel SSH Pilot
7+
8+
Developers and operators often want an **AI assistant to reason about live servers**—for example, whether **Nginx** is installed, which ports listen, or quick read-only diagnostics—**without** handing the model a full interactive shell or opening extra public endpoints.
9+
10+
The **SSH Pilot (Beta)** work on the **loris-69** branch productizes that pattern: inside the **Loris Tunnel** desktop app you pick a **jumper** (bastion / jump host), enable **MCP `execute_bash`**, and carry traffic over **SSH** while exposing a **Model Context Protocol (MCP)** tool surface. That fits **Cherry Studio**, **Codex**, and any other **MCP-capable client** that can point at a local MCP server.
11+
12+
Below, two screenshots show the **SSH Pilot MCP console** in Loris Tunnel and a **Cherry Studio** chat where the model calls **`Loris SSH Pilot MCP : execute_bash`**—useful for English-market SEO around **Cherry Studio MCP**, **Codex SSH**, **SSH MCP**, and **AI server operations**.
13+
14+
## Why "SSH + MCP" instead of raw SSH to the model
15+
16+
- **Single integration surface**: the AI client talks **MCP**, not your ad-hoc terminal session.
17+
- **Auditability**: calls land in **MCP call logs** inside the app so you can answer "what did the model actually run?"
18+
- **Policy, not vibes**: **read-only** semantics plus **whitelist validation** shrink the bash surface from "anything" to an ops-approved command set.
19+
20+
If you already use **Codex** over **SSH** for remote dev and **Cherry Studio** for multi-model chat, point MCP at the endpoint **Loris Tunnel** exposes for SSH Pilot and you can trigger **controlled remote inspection** from natural language—exactly the workflow people search for as **Cherry Studio SSH**, **MCP SSH tunnel**, or **execute_bash MCP**.
21+
22+
## SSH Pilot console: jumper, MCP toggle, connection status
23+
24+
In **Loris Tunnel → SSH Pilot (Beta)** you can:
25+
26+
- **Select a jumper** aligned with your existing bastion / tunnel profiles so host metadata stays in one place.
27+
- **One-click MCP setup** (when available in your build) to reduce friction on the remote side.
28+
- **Enable MCP `execute_bash`** to bring up the bridge; the UI shows protocol details (for example **go-mcp** with **whitelist validation**) and a **Connected** state.
29+
- Use **view command list**, **Debug**, and **Refresh** to verify allowed commands and troubleshoot.
30+
31+
![Loris Tunnel SSH Pilot: jumper selection, MCP execute_bash enabled, connected status, and MCP console](../imgs/screenshot-sshpilot-topview.png)
32+
33+
This screen is the **control plane**: **SSH** carries the session; **MCP** is the **tool layer** the model sees—a practical split for **AI + production servers** when you care about guardrails.
34+
35+
## Cherry Studio demo: ask in natural language, tool calls go through Loris SSH Pilot MCP
36+
37+
After you add an MCP server in **Cherry Studio** that targets SSH Pilot, the transcript shows tool rows such as **`Loris SSH Pilot MCP : execute_bash`**. The model proposes read-only diagnostics; allowed commands pass **whitelist** checks on the remote side, then the assistant summarizes facts back to the user.
38+
39+
Example prompt (works in English or your UI language): *"Is Nginx installed on this server?"*—the model uses **`execute_bash`** (for example `nginx -v` or package-manager queries) and returns version and OS context.
40+
41+
![Cherry Studio: Loris SSH Pilot MCP execute_bash checks whether Nginx is installed on the remote host](../imgs/screenshot-sshpilot-cherrystudio-demo.png)
42+
43+
This screenshot is strong **landing-page proof** for **Cherry Studio + SSH**: visible **tool name**, **success state**, and a **clear natural-language answer**.
44+
45+
## How this relates to Codex and other MCP clients
46+
47+
- **OpenAI Codex**: if your workflow is already **SSH + remote agent + local browser callbacks**, keep using **Loris Tunnel** for [stable port forwards](./20260331-codex-ssh-login-with-loris-tunnel). When you need the model to **read ground truth from a host**, add **MCP via SSH Pilot** alongside that stack.
48+
- **Any MCP-capable IDE or chat app**: if it supports custom MCP servers, it can consume the same SSH Pilot capability; **Cherry Studio** is one of the clearest graphical demos.
49+
50+
## Security and compliance checklist (before production)
51+
52+
- Treat the feature as a **read-only ops copilot**: assume every allowed command was reviewed against policy.
53+
- Use a **dedicated low-privilege SSH user**; avoid blanket **sudo**; pair with bastion auditing where required.
54+
- **Stage on non-prod** first: validate command coverage and logs against internal controls before attaching production read-only accounts.
55+
- **Watch MCP call logs** for unusual frequency or command patterns; wire alerts or circuit-breakers if needed.
56+
57+
## Summary and further reading
58+
59+
**loris-69 / SSH Pilot** addresses **Cherry Studio (or Codex) + MCP + SSH** in a controlled way: structured tools and logs instead of "paste this SSH password into chat."
60+
61+
**Get Loris Tunnel**: [GitHub — loris-tunnel-app Releases](https://github.com/RangerWolf/loris-tunnel-app/releases)
62+
**More on SSH tunnels**: [Introduction to Loris Tunnel](./20260316-introduction) · [Codex SSH login and port forwarding](./20260331-codex-ssh-login-with-loris-tunnel)
63+
64+
::: info Trademarks and beta scope
65+
SSH Pilot is a **beta** capability; menu labels, buttons, and protocol details may vary by release. **Cherry Studio**, **Codex**, **OpenAI**, and other names are trademarks of their respective owners. **Loris Tunnel** is an independent application and is not affiliated with or endorsed by those vendors.
66+
:::

web/docs/articles/index.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,18 @@ Explore in-depth articles, tutorials, and best practices for managing SSH tunnel
44

55
## Featured Content
66

7-
### [Introduction to Loris Tunnel](./introduction)
7+
### [Introduction to Loris Tunnel](./20260316-introduction)
88
A comprehensive guide to getting started with Loris Tunnel, covering its core features and benefits.
99

10-
### [OpenClaw Remote Gateway + SSH Tunnels](./openclaw-remote-gateway-ssh-tunnel)
10+
### [OpenClaw Remote Gateway + SSH Tunnels](./20260329-openclaw-remote-gateway-ssh-tunnel)
1111
How to pair OpenClaw’s remote gateway with Loris Tunnel for stable local port forwarding, auto-reconnect, and a desktop-first workflow.
1212

13-
### [Codex SSH Login on Remote Servers](./codex-ssh-login-with-loris-tunnel)
13+
### [Codex SSH Login on Remote Servers](./20260331-codex-ssh-login-with-loris-tunnel)
1414
A practical guide for the `codex ssh` login callback issue on remote servers, based on issue #2668 and improved with Loris Tunnel tunnel management.
1515

16+
### [Cherry Studio, Codex & SSH MCP (SSH Pilot)](./20260405-cherry-studio-codex-ssh-mcp-pilot)
17+
Use the Model Context Protocol over SSH for read-only `execute_bash` against jump hosts—whitelist validation, MCP call logs, and screenshots of SSH Pilot plus Cherry Studio.
18+
1619
## Upcoming Topics
1720

1821
We are working on more content to help you get the most out of your SSH workflows:
59.4 KB
Loading

0 commit comments

Comments
 (0)