by skyflo-ai
Self-Hosted AI Agent for Kubernetes & DevOps. Approval-Gated. Deterministic Control Loop.
# Add to your Claude Code skills
git clone https://github.com/skyflo-ai/skyfloInfrastructure automation tools fall into two categories.
CLI assistants translate prompts into shell commands. Autonomous agents execute infrastructure changes without explicit approval.
Neither model guarantees a deterministic execution process or a complete audit trail.
Skyflo is a self-hosted AI agent for Kubernetes and CI/CD systems. It runs inside your cluster and executes infrastructure operations through a deterministic control loop:
Plan → Approve → Execute → Verify
Every mutating tool call is approval-gated, typed, and auditable.
Skyflo is not a CLI wrapper, not an autonomous mutation bot, and not a GitOps control plane.
It is an in-cluster AI control layer that enforces safe infrastructure changes before anything reaches production.
Install Skyflo inside your Kubernetes cluster.
Helm:helm repo add skyflo https://charts.skyflo.ai
helm repo update skyflo
Create a values.yaml file:
engine:
secrets:
llmModel: "gemini/gemini-2.5-pro"
geminiApiKey: "AI-..."
See helm show values skyflo/skyflo for the full list of configurable values.
helm install skyflo skyflo/skyflo -n skyflo --create-namespace -f values.yaml
curl:Get started quickly with the interactive installer.
curl -fsSL https://skyflo.ai/install.sh | bash
Bring your own LLM (OpenAI, Anthropic, Gemini, Groq, self-hosted). See the guide.
No comments yet. Be the first to share your thoughts!
Skyflo enforces a strict loop for every infrastructure change:
No blind kubectl apply. No silent automation. No untracked changes.
| Tool | Capabilities | | ----------------- | -------------------------------------------------------------------------------- | | Kubernetes | discovery, get/describe, logs/exec, diff-first apply, rollout history, rollbacks | | Helm | template, install/upgrade/rollback, dry-run, diff-first safety | | Argo Rollouts | status, pause/resume, promote/cancel, progressive delivery control | | Jenkins | jobs/builds/logs, parameters, SCM context, build control |
All mutating tool calls require explicit approval.
Deterministic plans. Explicit approval. Verified execution.
| Capability | CLI Assistants | Autonomous Agents | GitOps Platforms | Skyflo | | ----------------------------- | -------------: | ----------------: | ---------------: | ---------: | | Natural language ops | Yes | Yes | Limited | Yes | | Mandatory mutation approval | Optional | No | PR-based | Yes | | Deterministic control loop | No | No | Partial | Yes | | Kubernetes + CI unified | No | Partial | No | Yes | | In-cluster deployment | Partial | Partial | Varies | Yes | | Team RBAC + audit | No | Limited | Yes | Yes | | Real-time execution streaming | No | No | No | Yes |
| Component | Description | | ------------------------ | ---------------------------------------------------------------------------- | | Engine | LangGraph workflow: planner, approval gate, verifier, persistence, auth/RBAC | | MCP Server | Typed tools for Kubernetes, Helm, Argo Rollouts, Jenkins | | Command Center | Next.js UI with real-time streaming, approvals, team admin |
Details: Architecture
Apache 2.0 OSS. High-signal contributions welcome. See CONTRIBUTING.md.
Apache 2.0. See LICENSE.