Nirmata Assistant

AI-powered personal agent for platform engineers — policy development, testing, and Kubernetes operations from your terminal.

Applies to: nctl 4.0 and later

The Nirmata Personal Agent (nctl ai) runs on your workstation and integrates directly into your development workflow, offering specialized guidance and automation without requiring a dedicated server.

nctl ai is built with a security-first design — it only accesses directories you explicitly allow, loads built-in skills and only the skills you provide (with --skills), and asks for your confirmation before performing any operation. See Security for details.

Step-by-Step Install

Install nctl using Homebrew:

brew tap nirmata/tap
brew install nctl

For more installation options, see nctl installation.

Run the personal agent in interactive mode:

nctl ai

You will be prompted to enter your business email to:

  • sign up for a free trial
  • or sign in to your account
Using nctl AI requires authentication with Nirmata Control Hub to access 
AI-enabled services. Please enter your business email to sign up for a 
free trial, or sign in to your account

Enter email: ****@******.com

A verification code has been sent to your email.
Enter verification code: ******

Email verified successfully!
Your credentials have been fetched and successfully saved.

👋 Hi, I am your Nirmata AI Platform Engineering Assistant!

I can help you automate security, compliance, and operational best practices 
across your clusters and pipelines.

💡 Here are some tasks I can do for you, or ask anything:
  ▶ scan clusters
  ▶ generate policies and tests
  ▶ optimize costs

💡 type 'help' to see commands for working in nctl ai

───────────────────────────────────────────────────────────────────────────────────────
>
───────────────────────────────────────────────────────────────────────────────────────

Try some sample prompts like:

  • scan my cluster
  • generate a policy to require pod labels
  • summarize violations across my clusters
  • perform a Kyverno health check

Non-Interactive Mode:

You can also provide a prompt directly for single shot requests:

nctl ai --prompt "create a policy that requires all pods to have resource limits"

See Command Reference for full details.

Accessing Nirmata Control Hub

After successful authentication, you can also access the Nirmata Control Hub web interface:

  1. Navigate to https://nirmata.io
  2. Use the same email address you provided during nctl setup
  3. Use the password you created in the authentication process

Alternatively, you can sign up for a 15-day free trial and log in manually using the CLI:

nctl login --userid YOUR_USER_ID --token YOUR_API_TOKEN

Key Capabilities

nctl ai is a personal agent specializing in Kubernetes, Policy as Code and Platform Engineering. It provides comprehensive support across these domains:

Policy as Code

  • Generate Kyverno policies from natural language descriptions
  • Create and execute comprehensive Kyverno CLI and Chainsaw tests
  • Generate policy exceptions for failing workloads
  • Upgrade Kyverno policies from older versions to CEL
  • Convert policies from OPA/Sentinel to Kyverno

Platform Engineering

  • Troubleshoot Kyverno engine, webhook, and controller issues
  • Get policy recommendations for your environments
  • Manage compliance across clusters
  • Manage Nirmata agents across your clusters
  • Install and configure Kyverno and other controllers

Available Tools

The agent has access to tools for command execution, Kyverno and policy workflows, file system operations, Slack and email, and task management. See the Available Tools reference for the full list in a searchable table.

Examples:

List Slack channels:

nctl ai --prompt "list my slack channels"

Send a message to a channel:

nctl ai --prompt "scan my cluster and send the report to dev-general channel"

Available Skills

nctl ai loads specialized skills dynamically based on your task (policy generation, cluster assessment, troubleshooting, cost management, and more). See the Available Skills reference for the full list in a table.

Skills Safety

Built-in skills are curated and safe. They require read-only permissions and do not write to external URLs. They follow all security best practices.

You can also add your own skills to customize the agent.

Command Reference

The authoritative reference for nctl ai flags and examples is the nctl ai command documentation. That page is maintained to match the CLI.

  • In interactive mode: type help for a full list of commands and capabilities.
  • From the terminal: run nctl ai --help for the latest usage, examples, and flags from your installed version.

More Topics

TopicDescription
SecurityFilesystem sandboxing, permission checks, and automation flags
Session & Task ManagementSessions, task tracking, execution limits, and plan mode
AI Provider ConfigurationNirmata, Anthropic, Gemini, Azure OpenAI, and Bedrock
Extending Nirmata AssistantMCP servers, custom skills, and running as an MCP server
Available Tools

Reference of tools available to the nctl ai agent.

Available Skills

Reference of built-in skills loaded by nctl ai for policy, clusters, and operations.

Security

How Nirmata Assistant limits filesystem access, requires operation confirmations, and controls destructive actions.

Session & Task Management

Manage nctl ai sessions, track tasks, control execution limits, and use plan mode for structured review before execution.

AI Provider Configuration

Configure nctl ai to use Nirmata, Anthropic Claude, Google Gemini, Azure OpenAI, or Amazon Bedrock as the AI backend.

Extending Nirmata Assistant

Add MCP servers, custom skills, and run nctl ai as an MCP server for Cursor and Claude Desktop.