zmx — run local code agents on remote machines

April 17, 2026
aiprivacybusinessopen-source
Closeup of hands typing on an RGB keyboard in a modern office setting.
Photo by www.kaboompics.com on Pexels

What it is

zmx is a zero‑config CLI that detaches and reattaches terminal processes, using libghostty to restore terminal state. Visit zmx.sh or the project on GitHub to see the code. With the v0.5.0 release the tool adds three practical primitives — run, write, and tail — aimed at making it trivial to send commands into a persistent session and capture their output and exit codes.

How the new commands work

zmx run injects bytes into an existing session, tails the command output until completion, and exits with the command’s exit code — so your local process can react to remote failures just like a local one. zmx write streams a base64‑encoded file into the session (cat local_file | zmx write ) and relies only on base64 and printf on the remote side. zmx tail attaches as a read‑only watcher and can be piped into tee for logging. These operations require only basic Unix utilities and a shell that exposes $? or $status; minimal, but important.

Why people care

It has been reported that people are using zmx as an "AI portal": keep the agent locally, with its tools and permissions, and send commands into an arbitrary shell — container, SSH host, even a Kubernetes pod. Auditability is the emotional core here: you can watch what an agent does, up‑arrow to rerun a command, and intervene. Pretty neat, right? There are tradeoffs — tmux can send commands too, but tracking output and exit codes is fiddly, and full MCP servers require cumbersome setup — zmx aims for the middle ground: simple, portable, and immediately useful.

Caveats and context

You still need the usual toolchain available on the target (ls, git, grep, etc.), and scratch containers without base64/printf won’t work. Prior projects (smux, various SSH‑MCP tools) have explored similar space but often add configuration or SSH limits; zmx’s zero‑config approach is the selling point. If you’re running agents against live systems, think about access controls and auditing — convenience is great, but don’t hand the keys to the kingdom without supervision.

Sources: bower.sh, Lobsters