Docs · Architecture · Discord
Infrastructure automation tools fall into two categories.
CLI assistants translate prompts into shell commands. Autonomous agents execute infrastructure changes without explicit approval.
Neither model guarantees a deterministic execution process or a complete audit trail. And neither one remembers what happened last time.
Skyflo is a self-hosted AI agent for Kubernetes and CI/CD systems. It runs inside your cluster and executes infrastructure operations through a deterministic control loop:
Recall → Plan → Approve → Execute → Verify → Persist
Every mutating tool call is approval-gated, typed, and auditable. Every confirmed incident lesson is saved and recalled on the next relevant task.
Skyflo is not a CLI wrapper, not an autonomous mutation bot, and not a GitOps control plane.
It is an in-cluster AI control layer that enforces safe infrastructure changes before anything reaches production -- and builds operational memory across every session.
Install Skyflo inside your Kubernetes cluster.
helm repo add skyflo https://charts.skyflo.ai
helm repo update skyfloCreate a values.yaml file:
engine:
secrets:
llmModel: "gemini/gemini-2.5-pro"
geminiApiKey: "AI-..."See helm show values skyflo/skyflo for the full list of configurable values.
helm install skyflo skyflo/skyflo -n skyflo --create-namespace -f values.yamlGet started quickly with the interactive installer.
curl -fsSL https://skyflo.ai/install.sh | bashBring your own LLM (OpenAI, Anthropic, Gemini, Groq, self-hosted). See the quick start guide.
Skyflo enforces a strict loop for every infrastructure change:
- Recall: retrieve prior incidents, runbooks, and service context from scoped memory
- Plan: generate a concrete, replayable plan
- Approve: explicit approval for every mutating tool call
- Execute: run typed tools via MCP (Kubernetes, Helm, Argo Rollouts, Jenkins)
- Verify: validate cluster state against declared intent
- Persist: store tool-level audit history and save confirmed lessons to memory
No blind kubectl apply. No silent automation. No untracked changes.
- Approval gate for every mutating tool call, enforced by the engine
- Typed tool execution with schema-validated inputs
- Persisted audit trail with tool results
- Replayable control loop (recall → plan → approve → execute → verify → persist)
- Scoped memory with safety scanning (blocks secrets, raw logs, prompt injection)
- Runs inside your cluster. No Skyflo telemetry or phone-home
- LLM-agnostic via LiteLLM. No vendor lock-in
| Tool | Capabilities |
|---|---|
| Kubernetes | discovery, get/describe, logs/exec, diff-first apply, rollout history, rollbacks |
| Helm | template, install/upgrade/rollback, dry-run, diff-first safety |
| Argo Rollouts | status, pause/resume, promote/cancel, progressive delivery control |
| Jenkins | jobs/builds/logs, parameters, SCM context, build control |
All mutating tool calls require explicit approval.
Deterministic plans. Explicit approval. Verified execution.
| Capability | CLI Assistants | Autonomous Agents | GitOps Platforms | Skyflo |
|---|---|---|---|---|
| Natural language ops | Yes | Yes | Limited | Yes |
| Mandatory mutation approval | Optional | No | PR-based | Yes |
| Deterministic control loop | No | No | Partial | Yes |
| Kubernetes + CI unified | No | Partial | No | Yes |
| In-cluster deployment | Partial | Partial | Varies | Yes |
| Team RBAC + audit | No | Limited | Yes | Yes |
| Real-time execution streaming | No | No | No | Yes |
| Component | Description |
|---|---|
| Engine | LangGraph workflow: memory retrieval, planner, approval gate, verifier, persistence, auth/RBAC |
| MCP Server | Typed tools for Kubernetes, Helm, Argo Rollouts, Jenkins |
| Command Center | Next.js UI with real-time streaming, approvals, memory context panel, team admin |
Details: Architecture
Apache 2.0 OSS. High-signal contributions welcome. See CONTRIBUTING.md.
Apache 2.0. See LICENSE.