Show HN: Open-source DevOps agent in Rust to secure and manage production infra

3 months ago 1

The most secure agent built for operations & DevOps. Designed for the grittiest parts of software development with enterprise-grade security features including mutual TLS (mTLS) encryption, dynamic secret redaction, and privacy-first architecture.

Warning This CLI tool is under heavy development, and breaking changes should be expected. Use with caution 🚧

Mutual TLS (mTLS) - End-to-end encrypted communication between agent components
Dynamic Secret Redaction - AI can work with secrets without seeing actual values
Secure Password Generation - Generate cryptographically secure passwords with configurable complexity
Privacy Mode - Redacts sensitive data like IP addresses and AWS account IDs

Asynchronous Task Management - Run background commands like port forwarding and servers with proper tracking and cancellation
Real-time Progress Streaming - Long-running processes (Docker builds, deployments) stream progress updates in real-time
Infrastructure Code Indexing - Automatic local indexing and semantic search for Terraform, Kubernetes, Dockerfile, and GitHub Actions
Documentation Research Agent - Built-in web search for technical documentation, cloud providers, and development frameworks

Rule Books - Customize agent behavior with internal standard operating procedures, playbooks, and organizational policies
Persistent Knowledge - Agent learns from interactions, remembers incidents, resources, and environment details to adapt to your workflow

All installation options (Linux, MacOs, Windows)

Check the docs

brew tap stakpak/stakpak brew install stakpak

To update it you can use

brew update brew upgrade stakpak

Download the latest binary for your platform from our GitHub Releases.

This image includes the most popular CLI tools the agent might need for everyday DevOps tasks like docker, kubectl, aws cli, gcloud, azure cli, and more.

docker pull ghcr.io/stakpak/agent:latest

Get an API Key (no card required)

Visit stakpak.dev
Click "Login" in the top right
Click "Create API Key" in the account menu

Set the environment variable STAKPAK_API_KEY

export STAKPAK_API_KEY=<mykey>

Save your API key to ~/.stakpak/config.toml

stakpak login --api-key $STAKPAK_API_KEY

View current account (Optional)

stakpak # Resume execution from a checkpoint stakpak -c <checkpoint-id>

Start Stakpak Agent TUI with Docker

docker run -it --entrypoint stakpak ghcr.io/stakpak/agent:latest # for containerization tasks (you need to mount the Docker socket) docker run -it \ -v "/var/run/docker.sock":"/var/run/docker.sock" \ -v "{your app path}":"/agent/" \ --entrypoint stakpak ghcr.io/stakpak/agent:latest

Use Arrow keys or Tab to select options
Press Esc to exit the prompt
? for Shortcuts
/ for commands
↵ to send message
Shift + Enter or Ctrl + J to insert newline
Ctrl + C to quit

Stakpak can run as an Model Context Protocol (MCP) server, providing secure and controlled access to system operations through different tool modes:

Local Mode (--tool-mode local) - File operations and command execution only (no API key required)
Remote Mode (--tool-mode remote) - AI-powered code generation and search tools (API key required)
Combined Mode (--tool-mode combined) - Both local and remote tools (default, API key required)

# Local tools only (no API key required, mTLS enabled by default) stakpak mcp --tool-mode local # Remote tools only (AI tools optimized for DevOps) stakpak mcp --tool-mode remote # Combined mode (default - all tools with full security) stakpak mcp # Disable mTLS (NOT recommended for production) stakpak mcp --disable-mcp-mtls