OxideSens AI

OxideSens is OxideTerm’s built-in AI assistant for the SSH workspace. It is target-first: saved connections, live SSH sessions, terminal buffers, SFTP paths, settings, and knowledge base entries are treated as workspace targets instead of a loose pile of functions.

It can help diagnose remote output, run approved commands, inspect files, explain failures, search your knowledge base, and open the right OxideTerm surface without requiring an OxideTerm account.

Bring Your Own Key

OxideSens follows a BYOK (Bring Your Own Key) model:

API keys are stored in the OS keychain.
OxideTerm does not proxy your AI traffic through an OxideTerm cloud account.
Provider costs belong to your selected provider.
Local models via Ollama can keep AI requests on your machine.

Supported provider families include OpenAI, Anthropic, Google, DeepSeek, Ollama, and OpenAI-compatible endpoints.

Target-first Orchestration

Older agent UIs often expose dozens of low-level tools directly to the model. OxideSens instead uses a small set of task-oriented actions backed by a local orchestrator.

The orchestrator can see:

Connections — saved SSH targets and live SSH nodes.
Terminal sessions — visible local or remote terminal panes, buffers, and readiness state.
SFTP and files — current remote paths and file resources.
Settings — readable and writable app settings exposed through typed resources.
Knowledge base — RAG collections and searchable documentation.
App surfaces — settings, SFTP, IDE, local terminal, and connection management tabs.

When you ask “what remote hosts can I connect to?”, OxideSens lists connection targets. When you ask “run pwd on this server”, it must bind the command to a live target. Current UI state can help ranking, but it is not the capability boundary.

Tool Results and Verification

Tool results are returned as structured action results rather than raw stdout blobs:

verified and runtimeEpoch tell the model whether the result belongs to the current app runtime.
Long command output is summarized for the model while the UI can keep a larger raw output preview when safe.
Failed tool results carry recoverable next actions instead of encouraging the model to guess.
Old tab IDs, pane IDs, and terminal session IDs from prior app runs are treated as stale unless re-verified.

Approval and Safety

OxideSens has capability-level approval rather than a giant per-function whitelist.

Read-only discovery is always allowed: target discovery, terminal observation, settings reads, preference recall, and knowledge search.
Command execution, terminal input, resource writes, SFTP transfers, and app-surface opening can be auto-approved or require confirmation depending on your settings.
Dangerous commands are classified locally by OxideTerm. In Default mode they require approval even when command execution is generally allowed.
Bypass mode is per conversation and must be explicitly confirmed. It can skip dangerous-command approval for that conversation, but it does not handle passwords, sudo prompts, passphrases, or credentials for you.

Every tool call remains visible in the transcript, including target, risk, approval mode, elapsed time, summary, and expandable raw details.

The sidebar chat is the full OxideSens workspace assistant:

Ask about remote errors, logs, commands, scripts, and system administration.
Use context chips such as current terminal, selected text, recent buffer, recent error, or knowledge base query.
Let OxideSens open the correct app surface, inspect SFTP paths, or run approved commands against a target.
Keep persistent chat history while treating runtime-only IDs as stale after app reloads.

Inline Panel

Press ⌘I (macOS) or Ctrl+Shift+I (Windows/Linux) to open the inline panel. It is optimized for short, in-terminal interactions:

Explain selected output.
Suggest a command without leaving the terminal.
Insert suggestions via bracketed paste.
Execute a suggested command when you explicitly choose to.

For multi-step target-aware actions, use the sidebar chat.

Knowledge Base and RAG

The knowledge base supports project docs, runbooks, snippets, and internal references:

Keyword search remains available without embeddings.
Optional semantic search uses your configured embedding provider.
Collections can be global or scoped to a connection.
Chinese, Japanese, and Korean content use bigram segmentation for better keyword retrieval.

Knowledge base queries use the same target-first system as other resources, so “search the plugin development docs” is a read-only knowledge action, not a terminal command.

MCP Integration

OxideTerm can connect MCP servers to extend OxideSens:

stdio for local MCP server processes.
Streamable HTTP for modern MCP HTTP endpoints, with legacy SSE fallback where supported.
Custom HTTP auth headers and non-secret extra headers are configurable.

MCP tools are wrapped in OxideTerm’s result envelope so they remain visible, auditable, and compatible with the same approval UI.

Privacy and Security

OxideTerm has no telemetry.
AI provider keys are stored in the OS keychain.
Terminal/context data is sent only when you choose to use AI with that context.
Core SSH workflows do not require an OxideTerm account or subscription.
Cloud Sync is an optional plugin, not a prerequisite for OxideSens or SSH workflows.