Builder Log January 5, 2025 3 min read

What I Learned Connecting an AI Agent to a Live Publishing System

The first time you wire an AI agent to a live system, you learn exactly what breaks, why auth matters, and where the safe boundaries are. A field note from day one.

What I Learned Connecting an AI Agent to a Live Publishing System

Giving an AI agent access to a live production system forces a clarity that documentation never does. You find out exactly what the agent can reach, where auth fails, and where the real boundaries sit. This is a field note from the first time I wired a local AI agent into a live hosting account — what broke, and what that taught me about keeping automation safely bounded.

Connecting an AI agent to live infrastructure — real servers, real credentials, real consequences if something goes wrong — is harder than any demo suggests. This is a first-person account of what broke on day one: the auth failures, the credential mistakes, the SSH gotchas, and what each one taught about building AI systems that touch real systems safely.

What We Built

The goal: give the AI agent programmatic access to this site — without needing to click around in a browser. My hosting provider had an official REST API. Once we found that, the path was clear: generate an API token, store it securely in macOS Keychain, and connect via SSH.

What Broke

  • API token sent over Telegram by accident. The agent flagged it immediately. Lesson: credentials never go in chat. Always Terminal + Keychain.
  • zsh “event not found” error. Passwords with ! break double-quoted shell commands. Fix: use single quotes.
  • npm install failed with EACCES. Homebrew is owned by the admin user, not the AI agent service user. Needs sudo npm install -g as admin.
  • Astra theme parse error. Astra 4.x had a corrupt file incompatible with the server setup. Switched to Kadence — cleaner and faster.
  • PHP version mismatch. SSH CLI defaulted to PHP 7.2 while the web server ran 8.4. Had to explicitly set the PHP binary path for WP-CLI.
  • /tmp is local, not remote. Files written to /tmp on the local machine do not exist on the server. Used SCP to transfer them first.

What We Learned

  • A good managed hosting provider gives you full SSH and REST API access. More powerful than it looks in the dashboard.
  • The API integration means the AI can manage hosting programmatically — no browser required.
  • macOS Keychain is the right place for credentials. One command to store, one to retrieve at runtime.
  • expect CLI is a solid workaround when sshpass is not installed.
  • SCP is the reliable way to get files onto the server when /tmp tricks fail.
  • WordPress was already installed. Sometimes you have more than you think.

What Is Next

The pipeline is now live. The AI agent publishes directly to this blog via WP-CLI over SSH. Daily posts logging what we build, break, and fix across AI tools and systems. No polish — just real lessons.

The larger lesson: When an AI agent touches a live system, the most important thing you build is not the connection — it is the constraint layer. What the agent can reach, what it cannot, and how credentials are handled determines whether the integration is safe to run unattended.

Related notes: