So... I already tell Claude Code to do this. Just run kubectl for me please and figure out why my helm chart is broken.
Scary? A little but it's doing great. Not entirely sure why a specialized tool is needed when the general purpose CLI is working.
So... I already tell Claude Code to do this. Just run kubectl for me please and figure out why my helm chart is broken.
Scary? A little but it's doing great. Not entirely sure why a specialized tool is needed when the general purpose CLI is working.
I've noticed a lot of LLM-based tools that are essentially this sort of thing. Just a slightly more specific prompt wrapper around the core capability that can already do the thing. It's so bad.
That has been the case this entire time. The "ChatGPT-wrapper" startups were little more than a webapp frontend for ChatGPT with a clever prompt.
Lol, that does sounds a little scary but if it works it works. Mainly I built this to prevent there being a chance that changes affect production. This is meant to be used with scale (say hundreds of VMs) vs 1. From a safety perspective running Claude Code with just a watchful eye would not fly in my environment, which is why I built something like this.
More power to you! Good luck!
Yeah. The times I have let claude off the read-only leash, it's gone fine for me too (with stern warnings not to do anything stupid, and a close eye). But that's not really solving the same problem as this project, I guess. From what I can see this is using a safer and more reproducible method (and not k8s native, so it feels a little foreign to me).
Opus 4.5 is pretty good about following instructions to not do anything destructive, but Gemini 3 Flash actively disregards my advice and just starts running commands. Definitely recommend setting up default-readonly access for stuff like this and requiring some kind of out-of-band escalation process for when you need to do writes/destroys.
In Zed I just have it auto approve everything, macOS will scream if "Zed" tries to escape the folder its in anyway.
Same. I’ve had good results with read only accounts / tokens and let the agent have at it. Also works with terraform, aws cli, etc.
One does not need a new/separate tool to do any of this, just include it in your agents instructions.
I do the same. I was thinking about creating read-only kubeconfigs for him to make sure it can't do bad stuff but with a good SKILL.md, it works perfectly.
Him! That settles the Turing test debate.
I let it read-only and gitops driven and find it's really good and feels pretty safe to get it to PR fixes. Run it with no permission checks
I do this but make sure to only have readonly/nondestructive access. It's extremely cool how well it works.
Yeah, I'm telling it to use aws cli to spin up instances, configure them, start servers, read cw logs etc.