skyflo

Infrastructure automation tools fall into two categories.

CLI assistants translate prompts into shell commands. Autonomous agents execute infrastructure changes without explicit approval.

Neither model guarantees a deterministic execution process or a complete audit trail.

Skyflo is a self-hosted AI agent for Kubernetes and CI/CD systems. It runs inside your cluster and executes infrastructure operations through a deterministic control loop:

Plan → Approve → Execute → Verify

Every mutating tool call is approval-gated, typed, and auditable.

Skyflo is not a CLI wrapper, not an autonomous mutation bot, and not a GitOps control plane.

It is an in-cluster AI control layer that enforces safe infrastructure changes before anything reaches production.

Quick Start

Install Skyflo inside your Kubernetes cluster.

Using Helm:

helm repo add skyflo https://charts.skyflo.ai
helm repo update skyflo

Create a values.yaml file:

engine:
  secrets:
    llmModel: "gemini/gemini-2.5-pro"
    geminiApiKey: "AI-..."

See helm show values skyflo/skyflo for the full list of configurable values.

helm install skyflo skyflo/skyflo -n skyflo --create-namespace -f values.yaml

Using curl:

Get started quickly with the interactive installer.

curl -fsSL https://skyflo.ai/install.sh | bash

Bring your own LLM (OpenAI, Anthropic, Gemini, Groq, self-hosted). See the quick start guide.

Execution Model

Skyflo enforces a strict loop for every infrastructure change:

1. Plan: generate a concrete, replayable plan
2. Approve: explicit approval for every mutating tool call
3. Execute: run typed tools via MCP (Kubernetes, Helm, Argo Rollouts, Jenkins)
4. Verify: validate cluster state against declared intent
5. Persist: store tool-level audit history

No blind kubectl apply. No silent automation. No untracked changes.

Safety Properties

• Approval gate for every mutating tool call, enforced by the engine
• Typed tool execution with schema-validated inputs
• Persisted audit trail with tool results
• Replayable control loop (plan → approve → execute → verify)
• Runs inside your cluster. No Skyflo telemetry or phone-home
• LLM-agnostic via LiteLLM. No vendor lock-in

Supported Tools

| Tool | Capabilities | | ----------------- | -------------------------------------------------------------------------------- | | Kubernetes | discovery, get/describe, logs/exec, diff-first apply, rollout history, rollbacks | | Helm | template, install/upgrade/rollback, dry-run, diff-first safety | | Argo Rollouts | status, pause/resume, promote/cancel, progressive delivery control | | Jenkins | jobs/builds/logs, parameters, SCM context, build control |

All mutating tool calls require explicit approval.

Demo

Deterministic plans. Explicit approval. Verified execution.

Comparison

| Capability | CLI Assistants | Autonomous Agents | GitOps Platforms | Skyflo | | ----------------------------- | -------------: | ----------------: | ---------------: | ---------: | | Natural language ops | Yes | Yes | Limited | Yes | | Mandatory mutation approval | Optional | No | PR-based | Yes | | Deterministic control loop | No | No | Partial | Yes | | Kubernetes + CI unified | No | Partial | No | Yes | | In-cluster deployment | Partial | Partial | Varies | Yes | | Team RBAC + audit | No | Limited | Yes | Yes | | Real-time execution streaming | No | No | No | Yes |

System Architecture

| Component | Description | | ------------------------ | ---------------------------------------------------------------------------- | | Engine | LangGraph workflow: planner, approval gate, verifier, persistence, auth/RBAC | | MCP Server | Typed tools for Kubernetes, Helm, Argo Rollouts, Jenkins | | Command Center | Next.js UI with real-time streaming, approvals, team admin |

Details: Architecture

Contributing

Apache 2.0 OSS. High-signal contributions welcome. See CONTRIBUTING.md.

License

Apache 2.0. See LICENSE.

Community