Infrastructure Agents Guide – Design and operate AI agents for infra safely

https://blog.cloudgeni.ai/why-we-open-sourced-our-infrastructure-agent-architecture/

1•davletdz•1h ago

Comments

davletdz•1h ago

Hi HN — we put together an Infrastructure Agents Guide and open sourced it.

AI is being used actively for infra already today, but the knowledge is still scattered. Every infra team I talk to is re-discovering the same stuff: what permissions to give, how to keep changes reviewable, how to audit what happened, what to do when the agent is wrong, and how not to end up with “LLM + admin role” in production.

If you’re buying an agent, use it like a checklist:

can we run it read-only and keep it that way?

how does it get creds (short-lived? scoped? per env/account?)

what does “apply” actually mean here — is it gated or does it just… do it?

do we get a real audit trail (tool calls, diffs, approvals) and can we replay/debug?

what happens when it’s unsure: does it stop or guess?

drift + partial failures: does it fail safe or make it worse?

If you’re building one, the guide maps those questions to concrete patterns (PR-based flow, explicit boundaries, logging/replay, blast radius limits, stop conditions).

Blog context: https://blog.cloudgeni.ai/why-we-open-sourced-our-infrastruc...

Guide repo: https://github.com/Cloudgeni-ai/infrastructure-agents-guide/

If you’ve tried agents near prod and backed away, I’m curious what tripped the wire.

totto•1h ago

I had great fun running this codebase through a Knowledge Context Protocol setup/benchmark, gaining 50% less tool calls. Nice agents.

Why light-weight websites may one day save your life

Show HN: PLAI.chat – Multi-model AI chat that doesn't store your conversations

Show HN: Rebuilt an old-school browser strategy game inspired by Inselkampf

Ask HN: Statistical learning and non-Statistical learning for humans

Recreating your favorite technologies from scratch

Competitive Intelligence Agent Implementation with HubSpot, OpenAI and SerpApi

Toward Guarantees for Clinical Reasoning in Vision Language Models

Tacit Knowledge

Ai.embed() and ai.classify() as IMMUTABLE Postgres functions. AI-coded for $127

AI Just Got Eyes

Show HN: Argus – VSCode debugger for Claude Code sessions

Show HN: Armada, a K8s orchestrator for bots and scrapers

An Interesting Find: STM32 RDP1 Decryptor

Apple introduces the new iPad Air, powered by M4

CodeReviewr: We switched from pay-per-use to subscriptions

Claude: We have discovered that some API methods are not working

So, can AI agents buy a laptop online?

Lunar Dust Protection Technology and Evaluation: A Review

Storage Beds: Top Benefits and Best Tips to Buy

Why Go Can't Try

iPhone 17e

Apple Introduces iPhone 17e

Show HN: Supervisor IDE: Not your usual IDE, create a team, run tasks flow

The Appalling Stupidity of Spotify's AI DJ

BoquilaHUB – AIs for Nature

Show HN: AI Employee – AI-powered BI CLI for ecommerce reporting

Show HN: Graph-Based Convex Alternative with Real-Time Sync

Steven Fenves has died (January 2026)

He built a hit podcast about the Epstein files. It's AI-generated

Show HN: Sutra.team – The First OS for Autonomous Agents