惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
Last Week in AI
Last Week in AI
博客园 - 司徒正美
The GitHub Blog
The GitHub Blog
O
OpenAI News
The Last Watchdog
The Last Watchdog
T
The Blog of Author Tim Ferriss
M
MIT News - Artificial intelligence
P
Proofpoint News Feed
Forbes - Security
Forbes - Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
有赞技术团队
有赞技术团队
Jina AI
Jina AI
GbyAI
GbyAI
V
Vulnerabilities – Threatpost
L
LangChain Blog
Vercel News
Vercel News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
AI
AI
博客园 - 聂微东
W
WeLiveSecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Scott Helme
Scott Helme
罗磊的独立博客
Martin Fowler
Martin Fowler
S
Security Affairs
T
Tor Project blog
Recent Announcements
Recent Announcements
F
Fortinet All Blogs
美团技术团队
C
Cisco Blogs
PCI Perspectives
PCI Perspectives
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
A
About on SuperTechFans
Cisco Talos Blog
Cisco Talos Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
Intezer
B
Blog
WordPress大学
WordPress大学
I
InfoQ
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
V2EX
P
Privacy & Cybersecurity Law Blog
雷峰网
雷峰网

Hacker News: Show HN

PurrrrrFocus: Pomodoro Timer App - App Store Workflow Engine — Multi-Step Orchestration for Bun RapidPhoto: Pro Photo Editor App - App Store GitHub - DheerG/swarms: Achieve extraordinary results with claude code across a variety of tasks SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads Show HN: VCoding – A 5 MB native Windows IDE with no dynamic dependencies Show HN: LLMs don't hallucinate because they're bad at math, it's the format GitHub - Agent-FM/agentfm-core: AgentFM is a peer-to-peer network that turns everyday computers into a decentralized AI supercomputer. AgentFM lets you run massive AI workloads directly across a global mesh of idle CPUs and GPUs. Show HN: Tracking Top US Science Olympiad Alumni over Last 25 Years GitHub - Potarix/agent-hub: One place to talk to all your agents Show HN: Runtime security for AI agents(injection,tool abuse, data exfiltration) GitHub - dubeyKartikay/lazyspotify: Terminal Spotify client for macOS and Linux GitHub - the-banana-tool/king-louie: Easy to use GUI Personal AI Assistant. Win/Linux/Mac. Show HN I made my vacation rental bookable by AI agents–no Airbnb, 0% commission GitHub - basteez/jsf-autoreload: maven plugin to enable hot reload on jsf projects uvm32/hosts/host-gdbstub at main · ringtailsoftware/uvm32 GitHub - labsai/EDDI: Config-driven engine that turns JSON into production-grade AI agents. Multi-agent orchestration, 12+ LLM providers, MCP/A2A protocols, RAG, persistent memory, and enterprise compliance (EU AI Act, GDPR, HIPAA). Built on Quarkus. GitHub - glitchnsec/fortyone-oss: AI Executive Assistant Platform Quickstart | Alien GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. GitHub - ocrbase-hq/ocrbase: 📄 PDF/IMG ->.MD/JSON Document OCR API for PaddleOCR and GLMOCR. Self-hostable. GitHub - impactjo/home-memory: MCP server that lets your AI assistant remember everything about your home. GitHub - Sets88/dbcls: DbCls is a powerful terminal database client that supports various databases GitHub - neptun2000/heor-agent-mcp GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh RollQuation: Math Puzzles - Apps on Google Play GitHub - dropbox/witchcraft Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis GitHub - opentalon/opentalon: OpenTalon is an open-source platform built from the ground up in Go as a robust alternative to OpenClaw LinkedIn™ 职位抓取工具 - Chrome 应用商店 GitHub - EdoardoBambini/Agent-Armor-Iaga: AI agents are getting tool access — shell, file system, databases, APIs, secrets. But **nobody is governing what they actually do with it**. Frameworks like LangChain, CrewAI, AutoGen, and Claude Code give agents the power to execute. Agent Armor gives you the power to control, audit, and approve every single action before it happens. HN Vibes — Week 15, Apr 7–13 2026 GitHub - chojs23/ec: Easy terminal-native 3-way git mergetool vim-like workflow GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - JakOb-dotcom/cloud-sandbox-security-analysis: Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks. Springboards - Flint Alpha Show HN: A simpler coding agent harness GitHub - audiodude/sudomake-friends GitHub - 256thFission/mini-mythos: OSS clone of Anthropic’s Mythos harness to locate C/C++ memory vulnerabilities Show HN: OpenParallax: OS-level privilege separation for AI agent execution Hacker News Sorted - Chrome 应用商店 Show HN: How to Install Docker on Ubuntu 24.04 LTS: Complete 2026 Guide GitHub - himanshudongre/smriti GitHub - sverrirsig/claude-control: macOS desktop dashboard for monitoring and managing multiple Claude Code sessions GitHub - ory/dockertest: Write better integration tests! Dockertest helps you boot up ephermal docker images for your Go tests with minimal work. Chiral - Chrome 应用商店 Show HN: Two Claudes collaborating through shared memory on a $100 mini-PC GitHub - pmichaillat/latex-cv: Minimalist LaTeX template for academic CVs GitHub - oguzbilgic/posse: A web UI for Anthropic Managed Agents. GitHub - sshiraz/depsly: Dependency risk analysis tool for npm packages ABI Add safari/agent-harness — Safari browser automation via safari-mcp by achiya-automation · Pull Request #212 · HKUDS/CLI-Anything GitHub - Halfblood-Prince/trustcheck: Verify PyPI package attestations and improve Python supply-chain security GitHub - oguzbilgic/kern-ai: Agents that do the work and show it. GitHub - bruits/satteri: High-performance Markdown and MDX processing for the JavaScript ecosystem GitHub - tylergibbs1/feedstock: High-performance web crawler and scraper for TypeScript, powered by Bun and Playwright GitHub - Grimm67123/grimmbot: The self-improving sandboxed and open-source AI agent. With persistent memory and scheduling. GitHub - whitevanillaskies/whitebloom: Local whiteboard that blooms. GitHub - hwdsl2/docker-whisper: Docker image for a self-hosted Whisper speech-to-text server with speaker diarization and OpenAI-compatible transcription and translation APIs. Powered by faster-whisper. Supports all Whisper models, NVIDIA GPU (CUDA) acceleration, JSON/SRT/VTT output, SSE streaming, offline mode, and multi-arch (amd64, arm64). GitHub - yisding/reviewwiggum GitHub - MarwanAlsoltany/serrors: Structured errors for Go: sentinel hierarchies, typed data, custom formatting, and slog integration. GitHub - soatok/age-php GitHub - Luthiraa/markitme GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits GitHub - tombedor/excalicharts GitHub - wh1le/excalidraw-edit: Open and edit .excalidraw files from the terminal. Offline, auto-saves to disk. MalExt Sentry - Malicious Extension Scanner - Chrome 应用商店 GitHub - syi0808/asciianimesvg: Generate animated ASCII art SVGs from text. CLI, Rust library, WASM, and web editor. GitHub - zaina-ml/ml_forge: A visual-based graph node editor for training computer vision models. GitHub - anakin87/llm-rl-environments-lil-course: 🌱 A little course on Reinforcement Learning Environments for evaluating and training Language Models GitHub - takaakit/superpowers-uml: Superpowers-UML modifies Superpowers to ensure a software development workflow in which AI agents design through UML modeling. AdriByte Studio - Sviluppo Web e Soluzioni Digitali GitHub - chouligi/angel-copilot: Your personalized Angel Investment Advisor Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 GitHub - agenteractai/lodmem: Level Of Detail Context Management for Agents GitHub - ostefani/subnetlens: A fast, concurrent network scanner with a TUI and plain-text CLI, built in Go. It discovers live hosts on your network, scans their open ports, resolves hostnames, and fingerprints operating systems—delivered. Cyber Pulse: Agentic Intel - Apps on Google Play Whisper API: Self-Hostable Speech to Text Transcription The Agent-Web Protocol Stack: A Research Thesis GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Show HN: Provepy – A Python decorator that proves your code using Lean and LLMs Show HN: Pardonned.com – A searchable database of US Pardons GitHub - patrickdappollonio/dux: Dux is a terminal UI that lets you run multiple AI coding agents side by side, each in its own git worktree, with full companion terminals, macros, commit generation, and a command palette that knows more tricks than you do. kMC Crystal Simulator Show HN: HyperFlow – A self-improving agent framework built on LangGraph GitHub - stef41/vibescore: 🎵 Grade your vibe-coded project. One command, instant letter grade across security, quality, dependencies, and testing. GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. imgur.com GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. GitHub - nowork-studio/toprank: Open-source Claude Code skills for SEO, SEM, Google Ads GitHub - tacomanator/sash: Lightweight macOS menu bar app for reliably cycling through windows of the current application. Appents | Social Media Management for Product-First Teams GitHub - pnhoang/youtube-spam-blocker: Automatically detects and hides spam messages in YouTube Live chat. Set rate limits, keyword filters, and block repeat offenders. GitHub - decisionnode/DecisionNode: CLI + Local MCP - A shared structured memory store across Claude Code, Cursor, Windsurf, Antigravity, and every MCP client. Semantically queryable. GitHub - AvaCodeSolutions/django-email-learning: An open source Django app for creating email-based learning platforms with IMAP integration and React frontend components. The $100K Gap in Kubernetes Security Tooling Function Calling Harness: From 6.75% to 100%
GitHub - kubetail-org/kstack: Skill pack for Claude Code that helps you monitor and troubleshoot your K8s clusters superintelligently
andres · 2026-05-07 · via Hacker News: Show HN

Skill pack for Claude Code that helps you monitor your K8s clusters superintelligently

Slack Contributor Covenant Contributor Resources

English | 简体中文 | 日本語 | 한국어 | Deutsch | Español | Português | Français

Introduction

kstack

Kstack is a skill pack for Claude Code that helps you perform monitoring, troubleshooting and auditing tasks on your K8s clusters in a smart and efficient way. In addition to using standard tools like kubectl, it hands off shell work to tools like Kubetail, Helm, Trivy, Pluto before sending results to Claude, keeping reponses fast and token efficient. Kstack also detects the services running in your cluster and uses their specialized tooling when necessary (e.g. Cilium, Istio).

Once you install kstack you'll have access to these skills inside Claude Code:

Monitoring

  • /cluster-status — Health snapshot (pod restarts, node conditions, resource pressure)
  • /events — Recent events, ranked by severity

Troubleshooting

  • /investigate — Root-cause analysis across events, logs, and related resources
  • /logs — Shared tmux session that translates natural language into log fetches and analysis (via Kubetail)
  • /metrics — Fetch CPU, memory, and other resource metrics for pods, nodes, and workloads
  • /exec — Shared tmux shell into a pod, node, or ephemeral debug container

Audits

  • /audit-security — RBAC, pod security posture, privilege tightening
  • /audit-network — NetworkPolicy, Service, Ingress, GatewayAPI, DNS and encryption checks
  • /audit-cost — Requests vs. usage, over-provisioning, idle capacity
  • /audit-outdated — Outdated services, known CVEs, available version bumps

Miscellaneous

  • /cleanup — Remove all kstack-owned resources from the cluster (debug containers, pod clones, watcher jobs)
  • /forget — Clear kstack's local cache and discard what it learned about your cluster(s)

Our goal is to bring the power of AI to K8s monitoring in a user-friendly and cost-effective way that keeps you in control. If you notice a bug or have a suggestion please create a GitHub Issue or send us an email (hello@kubetail.com)!

Quickstart

To install the kstack skills globally, run this command:

curl -sS https://kstack.sh/install | bash

Alternatively, you can install them locally inside a specific project directory:

curl -sS https://kstack.sh/install | bash -s -- --local

Once installed, the skills will be available inside your agent sessions:

───────────────────────────────────
❯ /kstack-cluster-status
───────────────────────────────────

By default, the script will install the skills with a kstack-* namespace prefix but you can disable this with the --no-prefix flag. It will also install the skills for all of your available agents (e.g. Claude, Codex, OpenCode) but you can choose to target individual agents with the --agent flag instead (see Installation).

Kstack uses your local kubeconfig file for authentication so it will be able to use your RBAC permissions to perform actions on your behalf. If it runs into permissions problems, it will let you know.

Other AI Agents

Kstack works with any AI agent that supports skills, not just Claude. The curl bootstrap auto-detects which agent CLIs are on your PATH and installs for each. You can target a specific agent with --agent <name>:

Agent Flag Global install path
OpenAI Codex CLI --agent codex ~/.codex/skills/
OpenCode --agent opencode ~/.config/opencode/skills/
Cursor --agent cursor ~/.cursor/skills/
Factory Droid --agent factory ~/.factory/skills/
Slate --agent slate ~/.slate/skills/
Kiro --agent kiro ~/.kiro/skills/
Hermes --agent hermes ~/.hermes/skills/

Local installs mirror this structure under the project directory (e.g. <project>/.codex/skills/) and are picked up only when the agent is run from inside that directory.

Skills Reference

Each skill is invoked with /<name> inside an agent session. All skills are read-only by default — any action that mutates cluster state requires explicit confirmation. Skills honor your local kubeconfig context and respect RBAC.

Global flags (supported by every skill):

Flag Description
--context <ctx> Override the current kubeconfig context
--namespace <n> Scope the run to a single namespace (defaults to all accessible)
--json Emit structured output for piping into other tools
--help Open the reference documentation for the skill in your browser

Monitoring

/cluster-status

A dense health snapshot of the cluster — node conditions, pod aggregates, and a ranked list of the issues that actually matter.

What it checks: cluster identity (context, Kubernetes version, platform), node Ready/MemoryPressure/DiskPressure/PIDPressure conditions and SchedulingDisabled, control-plane vs. worker split, pod phase and Ready across all namespaces, pods with non-zero restart counts, and a ranked top-issues list (top 5 by severity).

How it works: fans out kubectl version, kubectl get nodes -o json, and kubectl get pods -A -o json in parallel, writing each to a per-context cache (cluster.json, nodes.json, pods.json). Aggregation and severity ranking happen client-side. Follow-up questions ("list pods", "pods on ", "which nodes are tainted") are answered by reading the cache with jq rather than re-invoking the skill.

Options:

  • --refresh — fetch most recent data, bypassing and refreshing the cache (default: false)
  • --ttl <duration> — only update the cache if older than <duration> (default: 15m)

Reference: kstack.sh/reference/skills/cluster-status

/events

Recent cluster events, grouped by reason and ranked by severity so the signal isn't drowned in Pulled/Created/Started noise.

What it checks: Warning events across all namespaces, grouped by (reason, involvedObject.kind, namespace); notable Normal events (Killing, Preempting, NodeNotReady, Rebooted, FailedScheduling) with chatty reasons (Pulled, Created, Started, Scheduled, SuccessfulCreate) collapsed into a tail line. Each group includes count, first/last timestamp, the most recent message, and the involved objects.

How it works: a single kubectl get events --all-namespaces call (against events.k8s.io/v1, sorted server-side by lastTimestamp), written to a per-context cache as events.json. Aggregation and ranking happen client-side. Follow-ups ("only payments", "events on pod/checkout-7c9", "show suppressed") are answered by reading the cache with jq — and walk owners one level up (PodReplicaSetDeployment) so controller-fired events aren't missed.

Options:

  • --refresh — fetch most recent data, bypassing and refreshing the cache (default: false)
  • --ttl <duration> — only update the cache if older than <duration> (default: 5m)

Reference: kstack.sh/reference/skills/events


Troubleshooting

/investigate

Kick off a root-cause investigation on a failing or suspicious resource. When the skill is invoked, it runs a script to gather an initial data bundle and briefs the agent. From there, you can ask follow-up questions in natural language and the agent decides whether to answer from what it has, fetch something new, or reach for another tool.

What it gathers: spec and status of the problematic resources; events on those resources and their owners (a Pod's ReplicaSet and Deployment, a Job's CronJob, etc.); logs from current and previous containers, truncated to the lines most likely to contain the failure; obvious related resources (backing Service, mounted ConfigMap/Secret names, bound PVCs, referenced ServiceAccount); and the node the pods are scheduled on when relevant.

How it works: the skill loads the bundle from the Kubernetes API and briefs the agent on how to read it (exit codes, event reasons, common state combinations), when follow-ups should re-fetch rather than reason from the stale bundle, and when to hand off to /logs, /exec, or /metrics.

Arguments:

  • <target><kind>/<name> (e.g. pod/checkout-7c9) or natural language (the api deployment, why is checkout crashing). Optional — the skill will prompt if omitted.

Options: none. Scope logs, time windows, or resources via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/investigate

/logs

An AI-powered log fetcher. Describe what you're looking for in natural language and the agent finds the right pods, picks the time window, and builds the grep filter to fetch only the lines that matter. The stream runs inside a tmux window that you and the agent are both attached to.

How it works: the agent translates your description into a Kubetail query, starts a detached tmux session (e.g. kstack-logs-api-server), tries to open a new terminal window attached to it, and prints the tmux attach command in chat as a fallback. You and the agent share the same pane — you can scroll, search, or watch the live tail; the agent reads conservatively to save tokens.

Requirements: tmux on the agent's $PATH, and Kubetail installed in the cluster (the skill offers to install it via Helm if missing).

Arguments:

  • <target> — natural-language description of what to fetch (api, errors from the last hour on api, checkout for "timeout" in last 15m). Optional — the skill will prompt if omitted.

Options:

  • --attach — attach the agent to an existing kstack tmux session instead of starting a new one
  • --detach — start a new session detached (no terminal window opened, attach manually)

Reference: kstack.sh/reference/skills/logs

/metrics

An AI-powered metrics fetcher. Describe what you want to see and the agent resolves the right target, picks a sensible time window, and returns a compact summary. Read-only and never mutates cluster state.

How it works: the agent translates your description into a query against whichever source fits (metrics-server or Prometheus), reports summary statistics (p50, p95, max) rather than piping the full series through the model, and shows the resolved query before running it when the scope looks broader than intended. For why a metric moved, it hands off to /logs; for root-cause context, /investigate; for a full right-sizing sweep, /audit-cost.

Arguments:

  • <target> — natural-language description (api, memory on checkout last 1h, top pods by cpu in payments). Optional — the skill will prompt if omitted.

Options: none. Scope the target, metric, and time window via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/metrics

/exec

An AI-powered version of kubectl exec. Describe the target in natural language and the agent picks the right mechanism: a normal exec into a running container, an ephemeral debug container when the target has no usable shell, or a privileged shell on a node. The session runs inside a tmux window that you and the agent are both attached to — either of you can type, both see the output.

How it works: the agent starts a detached tmux session (e.g. kstack-exec-api-server), tries to open a new terminal window attached to it, and prints the tmux attach command in chat as a fallback. The agent reads from the pane conservatively to save tokens. Tell it to tear down and it kills the tmux session and deletes any pod it created.

Requirements: tmux on the agent's $PATH.

Safety: /exec ships with disable-model-invocation: true — the agent never starts a shell on its own. It only runs when you type /exec, deliberately, given the privileged modes above.

Arguments:

  • <target> — natural-language description (api, api/sidecar, node worker-3, debug api). Optional — the skill will prompt if omitted.

Options:

  • --image <image> — image to use for node and debug-container modes (default netshoot)
  • --attach — attach the agent to an existing kstack tmux session instead of starting a new one
  • --detach — start a new session detached (no terminal window opened, attach manually)

Reference: kstack.sh/reference/skills/exec


Audits

All audit skills produce a ranked findings list (severity + evidence + suggested fix).

/audit-security

RBAC review, pod security posture, and privilege-tightening recommendations. Looks for over-privileged identities and workloads — ServiceAccounts with more access than they use, pods running as root or with host-level escapes, and bindings that grant cluster-wide power where a namespace-scoped role would do.

How it works: queries the Kubernetes API only; no exec, no log access. Findings are ranked by blast radius (cluster-scoped wildcards above namespace-scoped ones, host escapes above missing seccomp). RBAC checks are static — they find what Roles grant, not what subjects actually use; detecting truly unused permissions requires audit-log analysis, which this skill does not do. Secrets are referenced by name, namespace, and type only — contents are never read.

Arguments:

  • <scope> — natural-language scope (rbac, pods in kube-system). Optional — omit for a full sweep.

Options: none. Scope via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/audit-security

/audit-network

NetworkPolicy, Service, Ingress, Gateway API, DNS, and encryption sanity checks. Looks for broken or missing pieces in cluster networking such as NetworkPolicy instances that don't match anything, Services with no endpoints, Ingress and Gateway API routes that won't resolve, DNS problems, and workloads talking in plaintext when a mesh is available.

How it works: queries the Kubernetes API plus CoreDNS metrics and mesh CRDs when present. TLS checks distinguish "Secret contents not readable due to RBAC" from "expired" rather than reporting false positives. Findings are grouped by workflow and include the evidence (selectors, endpoints, ConfigMap keys), not just the verdict.

Arguments:

  • <scope> — natural-language scope (policies, ingress in prod). Optional — omit for a full sweep.

Options: none. Scope via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/audit-network

/audit-cost

Resource waste and right-sizing recommendations. Looks for workloads that are over-provisioned, idle, or holding storage and load balancers nothing is using.

How it works: runs several workflows in parallel, joining metrics-server and Prometheus reads against the Kubernetes API for Job/CronJob status, PV/PVC binding, and LoadBalancer endpoints. Findings are ranked by potential impact (large requests-vs-usage gaps and idle workloads above unmounted PVCs and Released PVs), and only requests-vs-usage gaps large enough to matter in practice are flagged — small deltas are noise. The header always states the source (metrics-server for live, Prometheus for history) and the effective lookback so the reader can judge how much weight to give the recommendations.

Arguments:

  • <scope> — natural-language scope (requests, idle in staging). Optional — omit for a full sweep.

Options: none. Scope via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/audit-cost

/audit-outdated

Outdated cluster components, known CVEs, and available version bumps. Looks for version drift across control plane, nodes, container images, Helm charts, CRDs, operators, and the API surface your manifests target.

How it works: runs the workflows in parallel against the Kubernetes API plus external indexes (release schedules, registries, Helm repos, Trivy DB, CVE feeds). Findings are de-duplicated by image digest so one outdated image shared across many pods doesn't dominate the report. CVE entries include severity and CISA KEV status when available — KEV hits rank above CVSS-high findings without known exploitation. "Drift within the supported window" is reported distinctly from "EOL" — the first is routine, the second is urgent. For registries outside the supported list, the skill says so rather than silently skipping the image.

Arguments:

  • <scope> — natural-language scope (images, cves in kube-system). Optional — omit for a full sweep.

Options: none. Scope via natural language in the prompt or follow-ups.

Reference: kstack.sh/reference/skills/audit-outdated


Miscellaneous

/cleanup

Remove every resource kstack has created in the cluster. The counterpart to /forget, which clears local state.

What it removes: anything annotated kstack.kubetail.com/owned-by=kstack — ephemeral debug containers and privileged node-shell pods from /exec, short-lived toolbox pods, and any temporary RBAC or ConfigMaps created to support them. Resources without the annotation are never touched, even if they live in the same namespace.

How it works: the agent lists everything it found, grouped by namespace and kind, and asks you to confirm before deleting. You can approve the whole set or tell it in natural language to skip specific items. If a delete fails — usually a finalizer or a permissions issue — the agent reports which resources remain and why, rather than retrying blindly.

Safety: /cleanup ships with disable-model-invocation: true — the agent never starts a cleanup on its own. It only runs when you type /cleanup, since it deletes cluster resources.

Options: none. Use the global --context <ctx> flag to target a different cluster.

Reference: kstack.sh/reference/skills/cleanup

/forget

Wipe kstack's local state on your machine. Over time kstack builds up a working memory of your clusters — recent query results, detected integrations, resource fingerprints, and baselines it uses to detect anomalies. This skill forces a clean slate. It does not touch the cluster itself; for that, see /cleanup.

What it clears: state lives under ~/.config/kstack/, partitioned per kubeconfig context.

  • Cache (~/.config/kstack/cache/<context>/) — recent query results, log buffers, dedup tables, in-flight watcher state. Cheap to rebuild; cleared freely.
  • Learned state (~/.config/kstack/state/<context>/) — detected integrations, resource fingerprints, baselines, per-cluster preferences. Rebuilt on next use, but may take a few interactions to fully re-form.

How it works: by default clears both cache and learned state for the current kubeconfig context — forgetting staging never affects prod. Use the global --context <ctx> flag to target a different cluster. Run it after a cluster is rebuilt or migrated (so kstack stops trusting stale fingerprints), when baselines feel stale, when an earlier session taught it something wrong, or when you're handing the machine off and want no cluster-specific state left behind.

Safety: /forget ships with disable-model-invocation: true — the agent never wipes local state on its own. It only runs when you type /forget, so cached context isn't lost unexpectedly.

Options:

  • --all — Clear cache and learned state for every context, not just the current one.

Reference: kstack.sh/reference/skills/forget

Upgrade

When you run a kstack skill, agent quietly checks whether a newer kstack release is available and surfaces a one-line notice at the top of its response when it finds one. Just say "upgrade kstack" and the agent will run the kstack upgrade script on your behalf; say "dismiss" to hide the notice until the next release. This works the same for both global and local installs.

You can also run the helper directly:

# Global install
~/.config/kstack/bin/upgrade

# Local install (from the project directory)
./.kstack/bin/upgrade

Upgrades are idempotent and safe to run any time.

Uninstall

Run the uninstall helper bundled with your install:

# Global install
~/.config/kstack/bin/uninstall

# Local install (from the project directory)
./.kstack/bin/uninstall

Both helpers prompt before removing. They clear the install root (~/.config/kstack or <project>/.kstack) and every kstack-owned skill slot, leaving user-authored skills in the same agent dirs untouched.

Development

The installer payload lives under src/ (skills, helpers, lib, schemas). Dev tooling — the Makefile, scripts/, tests/, CI — sits at the repo root. If you're hacking on kstack, see CONTRIBUTING.md for the full contributor guide.

Common contributor commands, via the root Makefile:

make install      # dev-mode install — renders skills into <repo>/.<agent>/skills/
make test         # fast bats tiers (unit + integration)
make test-e2e     # cluster-backed tier (kind + docker)
make test-evals   # eval harness (requires ANTHROPIC_API_KEY or Claude CLI)
make lint         # shellcheck
make clean        # remove dev-mode artifacts

Each target shells out to a script under scripts/ that's also runnable directly.

make test requires bats-core (brew install bats-core / apt install bats). Tests live in tests/unit/ (sourced-function tests) and tests/integration/ (end-to-end CLI tests against isolated $HOME and local bare git repos). CI runs the full suite on Ubuntu, macOS, and Windows for every PR — see .github/workflows/ci.yml.

Get Involved

At Kubetail, we're building the most user-friendly, cost-effective, and secure logging platform for Kubernetes and we'd love your contributions! Here's how you can help:

  • UI/UX design
  • React frontend development
  • Reporting issues and suggesting features

See CONTRIBUTING.md for development setup and guidelines. Reach us at hello@kubetail.com, or join our Discord server or Slack channel.

Notes

  • Inspired by Garry Tan's gstack

Made with 🧿 in Istanbul