NCTL AI

Local Nirmata AI Platform Engineering Assistant

Local Nirmata AI Platform Engineering Assistant runs on engineer’s workstation and integrates directly into their development workflow, offering intelligent guidance and automation without requiring cluster access or cloud services.

Key Benefits

  • Local Development: Run entirely on your machine with no external dependencies
  • Instant Feedback: Get immediate assistance as you develop policies and configurations
  • Privacy-First: Your code and data never leave your local environment
  • Developer-Focused: Designed to integrate seamlessly with your existing tools and workflows

Core Capabilities

nctl ai is an advanced AI assistant specializing in Platform Engineering and Policy as Code. It provides comprehensive support across multiple domains:

Policy as Code (Kyverno)

  • Generate, convert, and fix Kyverno policies from natural language descriptions
  • Create comprehensive Kyverno CLI and Chainsaw tests automatically
  • Generate policy exceptions for failing workloads
  • Troubleshoot Kyverno engine, webhook, and controller issues
  • Convert policies from OPA/Sentinel to Kyverno

Development Workflows

  • Read, write, and modify files across codebases
  • Execute bash commands and scripts for automation
  • Search code patterns and analyze project structures
  • Generate documentation and configuration files
  • Git repository operations and version control

Available Tools

Kubernetes & Policy Tools:

  • kubectl commands with direct cluster access
  • scan_kubernetes_cluster - Scan running clusters for policy violations
  • scan_resources - Validate resource manifests against policies
  • run_kyverno_tests - Execute policy test suites
  • generate_kyverno_tests - Auto-generate test cases from policies
  • generate_policy - Create policies from natural language descriptions

File & Code Management:

  • Complete filesystem access for reading and writing files
  • Pattern-based search across files and directories
  • Directory traversal and file manipulation
  • Git integration for version control operations

Specialized Skills

nctl ai loads specialized knowledge dynamically based on your needs:

  • generating-policies - Best practices for policy creation and structure
  • converting-policies - Migration strategies from other policy engines
  • generate-policy-exception - Automated exception generation for violations
  • kyverno-cli-tests - Unit testing for policy validation
  • chainsaw-tests - End-to-end policy testing workflows

How It Works

  • Direct & Efficient - Focused on action over verbose explanations
  • Safety First - Explains critical operations before execution
  • Tool-Driven - Uses specialized tools rather than manual processes
  • Context Aware - Dynamically loads relevant skills based on your task

Simply describe what you need - whether creating policies, fixing violations, optimizing clusters, or troubleshooting issues - and nctl ai will handle the rest.

Getting Started

Preview Feature: Nirmata AI Platform Engineering Assistant is currently available for preview. Contact us to get early access and provide feedback. Contact Us

Prerequisites

Before using nctl ai, you need to have nctl installed and be authenticated with Nirmata.

Installation

First, install nctl by following the nctl installation guide.

Note: nctl ai requires version 4.8 or higher. Download the latest 4.8 RC from https://downloads.nirmata.io/nctl/allreleases/

Authentication

You need a Nirmata account to use nctl ai. You have two options:

  1. Automatic Setup (Recommended): Simply run nctl ai. If you’re not logged in, the assistant will guide you through creating a trial account.

  2. Manual Setup:

    • Sign up for a 15-day free trial to get your API token
    • Login using the command:
      nctl login --userid YOUR_USER_ID --token YOUR_API_TOKEN

Quick Start

Start Interactive Mode:

Launch the AI assistant in interactive mode:

nctl ai

You’ll see a welcome message and prompt:

Hi, I am your Nirmata AI Platform Engineering Assistant! How can I help you?

💡 enter 'help' to learn what I can do for you

>

Simply type your request at the prompt. For example:

  • create a policy that requires all pods to have resource limits
  • generate tests for my policy
  • help me troubleshoot a failing validation

Non-Interactive Mode:

You can also provide a prompt directly for one-off requests:

nctl ai --prompt "create a policy that requires all pods to have resource limits"

MCP Server Integration

You can run nctl ai as an MCP (Model Context Protocol) server to integrate it with AI coding assistants like Cursor, Claude Desktop, and other MCP-compatible tools.

Start MCP Server Mode:

nctl ai --mcp-server --token YOUR_NIRMATA_TOKEN

Configuration:

To configure nctl ai as an MCP server in your AI coding assistant, add the following to your MCP configuration file:

For Cursor and Claude Desktop, edit ~/.cursor/mcp.json or ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "nctl": {
      "command": "nctl",
      "args": ["ai", "--mcp-server", "--token", "YOUR_NIRMATA_TOKEN"]
    }
  }
}

Note: Replace YOUR_NIRMATA_TOKEN with your actual Nirmata API token. You can also use the full path to the nctl binary if it’s not in your system PATH.

Once configured, your AI coding assistant will have access to all nctl ai capabilities, including policy generation, testing, and Kubernetes operations.

Getting Help:

Type help at the prompt to see what the assistant can do:

> help

I can help you with writing and testing Kyverno policies. For example, you can say "Check that all pods have a label called 'app'". I will then write a policy for you along with test files to verify it.

💡 type 'help' to see this message
⚙️ type 'tools' to see available tools

Best Practices

  1. Start Simple

    • Begin with a basic policy description
    • Let the AI help you refine it

  2. Review Generated Content

    • Always review generated policies
    • Test policies before deployment

  3. Iterative Development

    • Use the interactive mode to refine policies
    • Ask for explanations when needed

  4. Version Control

    • Store all generated policies and tests in Git
    • Keep policies and tests together

Common Use Cases

  1. Kyverno Policy Development

    • Create new policies from natural language descriptions
    • Convert existing policies from OPA/Sentinel to Kyverno
    • Generate policy variations for different environments
    • Fix and update existing policies

  2. Testing & Validation

    • Create comprehensive Kyverno CLI test suites
    • Generate Chainsaw end-to-end tests
    • Create example resources for testing
    • Validate policy behavior against different scenarios

  3. Troubleshooting & Debugging

    • Debug Kyverno webhook and controller issues
    • Troubleshoot policy validation failures
    • Analyze why policies aren’t working as expected
    • Get help with Kyverno engine errors

  4. Cluster Scanning & Compliance

    • Scan Kubernetes clusters for policy violations
    • Validate resource manifests against policies
    • Generate compliance reports
    • Identify non-compliant workloads

  5. Policy Exceptions

    • Generate policy exceptions for failing workloads
    • Create exception requests for specific resources
    • Manage exception documentation

  6. Resource Optimization

    • Analyze CPU and memory usage patterns
    • Get optimization recommendations
    • Review resource requests and limits
    • Identify over-provisioned workloads

  7. Documentation & Knowledge Sharing

    • Generate policy documentation
    • Create usage examples and best practices
    • Document test cases and scenarios
    • Build team knowledge bases

  8. CI/CD Integration

    • Automate policy validation in pipelines
    • Generate policies for GitOps workflows
    • Create pre-commit validation tests
    • Build policy-as-code repositories