-
Feature
-
Resolution: Unresolved
-
Major
-
None
-
None
-
Product / Portfolio Work
-
-
False
-
-
False
-
None
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
Feature Overview (aka. Goal Summary)
Users can preview the assistant’s execution plan, see tool steps as they complete, and approve or reject the plan before actions are executed.
https://docs.google.com/document/d/1spo_V5jDyEiC69KbbDnsYsHlWhNYzq8B1i-aYWH77VQ/edit?tab=t.0
| Use Case | Purpose | When It Runs | Scenario & System Action | User Experience & Result |
| 1. Gating for Destructive Operations | Enforces HITL approval for write/delete MCP tool executions to prevent accidental resource loss. | After the LLM selects a tool, but before the MCP Host sends the request to the MCP Server. | Scenario: User asks to "clean up old test deployments." |
• Action: Agent attempts to run resources_delete for deployments matching env=test.|UX: Safety Interception prompt appears showing the target cluster (prod-billing). Options: [Approve], [Deny], [Edit].
• Result: User realizes they are in the wrong environment and clicks [Deny], preventing production data loss.|
| 2. Protecting OpenShift Secrets | Prevents accidental exfiltration of OpenShift secrets to external LLM providers. | After the Agent requests a tool, but before the read data is returned to the LLM context. | Scenario: User asks to check a database secret to troubleshoot a crash. |
• Action: Agent attempts to run resources_get on Secret/db-credentials.|UX: Security Alert pauses the flow, warning that raw secrets will be visible to the LLM. Options: [Approve], [Deny], [Edit].
• Result: User chooses [Edit] to enforce redaction, replacing sensitive values with [REDACTED] before sending to the LLM.|
| 3. Controlling MCP Tools | Strictly controls which tools the AI can invoke, preventing unauthorized cluster changes (fail-closed). | After tool/argument generation, but before the MCP server executes against the Kubernetes API. | Scenario: User asks to give the default service account cluster-admin rights. |
• Action: Agent attempts resources_create_or_update to build a ClusterRoleBinding.|UX: Authorization Validation modal warns of privilege escalation. Options: [Approve], [Deny], [Edit Request].
• Result: User chooses [Edit Request], changing it to a safer, namespace-level RoleBinding before applying.|
| 4. Post-Processing Code | Automatically formats, lints, or scans AI-generated code to enforce cluster compliance. | After the Agent generates or edits a file, before presenting the final output to the user. | Scenario: User asks for a Node.js Deployment YAML. |
• Action: Agent drafts the file. An intercepting scanner detects it violates Restricted SCCs (container runs as root).|UX: Compliance Alert shows the policy violation and a proposed YAML fix. Options: [Approve and Apply Fixes], [Deny], [Edit].
• Result: User chooses [Approve and Apply Fixes], saving a compliant, secure-by-default file.|
| 5. Validate User Prompts | Scans outgoing user prompts to prevent leaking sensitive information or to enforce policies. | Before sending the user's prompt from the OLS chat to the LLM. | Scenario: User pastes a massive log dump containing a live sha256~... authentication token into the chat. |
• Action: OLS detects a high-entropy string matching a secret pattern.|UX: Policy Violation warning intercepts the message. Options: [Approve], [Deny], [Edit].
• Result: User edits/redacts the token from the prompt, preventing a live cluster token from leaking externally.|
| 6. Retry Logic & Validation | Implements automatic retry or human-assisted validation when an operation fails. | When the agent loop ends or validation fails post-execution. | Scenario: User asks to deploy an Nginx config. |
• Action: Agent deploys it, but a validation loop detects a CrashLoopBackOff. Agent diagnoses a typo in the mountPath.|UX: Validation Failed card displays the AI diagnosis and proposes a patch to fix the typo. Options: [Approve Fix & Retry], [Deny], [Edit].
• Result: User reviews the diagnosis, clicks [Approve Fix & Retry], and the Agent successfully resumes the rollout.|
