Skip to content

Roadmap

Shipped

  • v1kubeagent scan: deterministic whole-cluster scan and diagnosis of CrashLoopBackOff, ImagePullBackOff/ErrImagePull, OOMKilled, and Pending/Unschedulable pods
  • v2 — optional --explain flag: one Claude API call summarizes findings in plain English; the deterministic core still works offline with no API key
  • Resource context — compact CPU/memory summary (allocatable, reserved, limits, live usage); OOMKilled findings annotated with the container's requests/limits; sent to --explain — see Resource context
  • Platform facts — CNI, ingress, storage provisioner, Kubernetes version + distribution, container runtime, and cloud detected read-only and shown under the cluster verdict; sent to --explain — see Platform facts
  • Service health — flags selector-based Services with zero ready endpoints and LoadBalancer Services with no external address; backing-workload annotations distinguish expected-empty from broken — see Service health
  • NetworkPolicy hints — when a workload is degraded with no detector finding, names the NetworkPolicies whose podSelector matches its pods — see NetworkPolicy hints
  • Connectivity diagnostics — when the API server is unreachable, prints an actionable diagnosis (down control plane, timeout, TLS/cert error, 401/403, DNS) instead of a raw transport error — see Connectivity diagnostics
  • Credential lintscan --lint-secrets flags credentials stored in the clear in ConfigMaps and pod env literals; reports location and pattern only, never the value, and never sends findings to --explain — see Credential lint

Version history

GitHub Releases and the CHANGELOG are the source of truth for what shipped in each version.