The most secure agent built for operations & DevOps. Stakpak CLI is a powerful, security-hardened tool designed for the grittiest parts of software development with enterprise-grade security features.
Choose your preferred installation method:
brew tap stakpak/stakpak
brew install stakpakDownload the latest binary for your platform from GitHub Releases.
# Basic usage
docker pull ghcr.io/stakpak/agent:latest
# For containerization tasks (mount Docker socket)
docker run -it \
-v "/var/run/docker.sock":"/var/run/docker.sock" \
-v "{your app path}":"/agent/" \
--entrypoint stakpak ghcr.io/stakpak/agent:latestgit clone https://github.com/stakpak/agent.git
cd agent
cargo build --release- Visit stakpak.dev
- Click "Login" → "Create API Key" (no card required)
# Option 1: Environment variable
export STAKPAK_API_KEY=<your-api-key>
# Option 2: Save to config file
stakpak login --api-key $STAKPAK_API_KEY
# Verify your account
stakpak account# Start the interactive TUI
stakpak
# Or run a single command
stakpak --async "Help me understand this codebase"Stakpak offers multiple operation modes to fit different workflows:
stakpak- Full-featured terminal interface
- Real-time chat with AI agent
- Visual progress tracking
- Tool call approval interface
stakpak --async "Deploy my application"
stakpak --print "Analyze this error log"- Non-interactive execution
- Perfect for automation and scripting
- Configurable step limits
# Local tools only (no API key required)
stakpak mcp --tool-mode local
# Combined mode (recommended)
stakpak mcp --tool-mode combined
# With custom configuration
stakpak mcp --enable-slack-tools --privacy-mode- Model Context Protocol server
- Integrates with AI coding assistants
- Secure tool access control
stakpak acp- Agent Client Protocol for editor integration
- Real-time code analysis and modification
- Works with Zed editor and other ACP-compatible editors
- End-to-end encrypted communication
- Automatically generated certificates
- Enabled by default for all modes
# Automatic secret detection and redaction
stakpak --privacy-mode
# Disable redaction (NOT recommended)
stakpak --disable-secret-redaction- Redacts IP addresses, AWS account IDs, and other sensitive data
- Perfect for sharing logs or screenshots
- Automatic indexing of Terraform, Kubernetes, Dockerfile, and GitHub Actions
- Semantic search across your infrastructure code
- Real-time file watching and updates
stakpak --enable-subagents- ResearchAgent: Fast code exploration and documentation lookup
- SandboxResearchAgent: Secure containerized analysis with command execution
# View current config
stakpak config show
# Generate sample config
stakpak config sample
# Set machine name
stakpak set --machine-name "my-dev-machine"Stakpak supports multiple configuration profiles for different environments:
# ~/.stakpak/config.toml
[profiles.default]
api_key = "your_api_key_here"
allowed_tools = ["view", "search_docs", "create", "run_command"]
[profiles.production]
api_key = "prod_api_key_here"
allowed_tools = ["view", "search_docs"] # Read-only for safety
[profiles.development]
api_key = "dev_api_key_here"
allowed_tools = ["view", "search_docs", "create", "str_replace", "run_command"]allowed_tools: Control which tools the agent can useauto_approve: Automatically approve specific tool callsrulebooks: Customize agent behavior with organizational policiesmachine_name: Device identification for multi-machine setups
Arrow keys/Tab: Navigate optionsEsc: Exit current prompt?: Show shortcuts help/: Access commandsEnter: Send messageShift + Enter/Ctrl + J: Insert newlineCtrl + C: Quit application
# Resume from a checkpoint
stakpak -c <checkpoint-id>
# Run with specific working directory
stakpak --workdir /path/to/project# Allow only specific tools
stakpak --tool view --tool search_docs
# Use custom system prompt
stakpak --system-prompt-file ./my-prompt.txtstakpak --study-modeOptimizes the agent for learning and educational purposes.
stakpak --index-big-projectAllows indexing of projects with more than 500 files.
The Docker image includes popular DevOps tools:
- Docker CLI
- AWS CLI
- Google Cloud CLI
- Azure CLI
- DigitalOcean CLI
- Terraform
- kubectl
- And more...
# Basic containerized agent
docker run -it ghcr.io/stakpak/agent:latest
# With volume mounts for your project
docker run -it \
-v "$(pwd)":/agent \
-v "/var/run/docker.sock":"/var/run/docker.sock" \
ghcr.io/stakpak/agent:latest
# With cloud credentials
docker run -it \
-v "$(pwd)":/agent \
-v "$HOME/.aws":/home/agent/.aws:ro \
-v "$HOME/.kube":/home/agent/.kube:ro \
ghcr.io/stakpak/agent:latestStakpak Warden provides additional security by running agents in isolated containers:
# Run with default warden configuration
stakpak warden
# Custom warden setup
stakpak warden --volume "./:/agent:ro" --env "DEBUG=true"# Check for updates
stakpak update
# Auto-update is enabled by default- Explore the TUI: Run
stakpakand start chatting with the agent - Try MCP Mode: Set up integration with your preferred AI coding assistant
- Configure Profiles: Set up different profiles for development and production
- Index Your Code: Let Stakpak automatically index your infrastructure code
- Enable Subagents: Experiment with specialized research agents
- Documentation: stakpak.gitbook.io
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Website: stakpak.dev
Stakpak CLI is now installed and configured. Start with the interactive TUI (stakpak) to explore its capabilities, or dive into specific modes based on your workflow needs.
Remember: Stakpak is designed for security-first operations. All file modifications are automatically backed up, secrets are redacted by default, and communication is encrypted with mTLS.
Happy coding! 🚀