I do this but make sure to only have readonly/nondestructive access. It's extremely cool how well it works.
replyLol, that does sounds a little scary but if it works it works. Mainly I built this to prevent there being a chance that changes affect production. This is meant to be used with scale (say hundreds of VMs) vs 1. From a safety perspective running Claude Code with just a watchful eye would not fly in my environment, which is why I built something like this.
replyMore power to you! Good luck!
replyI've noticed a lot of LLM-based tools that are essentially this sort of thing. Just a slightly more specific prompt wrapper around the core capability that can already do the thing. It's so bad.
replyYeah. The times I have let claude off the read-only leash, it's gone fine for me too (with stern warnings not to do anything stupid, and a close eye). But that's not really solving the same problem as this project, I guess. From what I can see this is using a safer and more reproducible method (and not k8s native, so it feels a little foreign to me).
replyOpus 4.5 is pretty good about following instructions to not do anything destructive, but Gemini 3 Flash actively disregards my advice and just starts running commands. Definitely recommend setting up default-readonly access for stuff like this and requiring some kind of out-of-band escalation process for when you need to do writes/destroys.
replyIn Zed I just have it auto approve everything, macOS will scream if "Zed" tries to escape the folder its in anyway.
replyI let it read-only and gitops driven and find it's really good and feels pretty safe to get it to PR fixes. Run it with no permission checks
replyI do the same. I was thinking about creating read-only kubeconfigs for him to make sure it can't do bad stuff but with a good SKILL.md, it works perfectly.
replyHim! That settles the Turing test debate.
replyYeah, I'm telling it to use aws cli to spin up instances, configure them, start servers, read cw logs etc.
reply