sshDCommander & hive-gatekeeper — safe remote access and hard limits for AI agents

When we let AI agents operate on production servers, we needed guarantees that a runaway loop could not consume a machine — so we built the guardrails ourselves. sshDCommander is our SSH infrastructure daemon: it pools persistent sessions, keeps credentials inside the OS keyring, verifies every SFTP transfer with SHA-256, and exposes everything through short CLI tools (sshcmd, sshcp, sshctl) plus an MCP server that AI frameworks can plug into natively. hive-gatekeeper is the enforcement half. Every risky subprocess an agent spawns runs under hard OS-level CPU, memory and timeout caps, so a bad prompt or an infinite loop is bounded by the machine instead of the agent. Compliance stops being a retrospective audit and becomes a pre-emptive wall. Together they make it safe to hand real shell access to agents: production servers remain reachable, credentials never leak into logs, and the worst-case blast radius of any single command is known up front. This is the SSH-and-governance backbone of every other system on this page.