启动 HN:Datafruit(YC S25)– 用于 DevOps 的人工智能
大家好!我们是 Abhi、Venkat、Tom 和 Nick,我们正在构建 Datafruit(<a href="https://datafruit.dev">https://datafruit.dev</a>),一个 AI DevOps 代理。我们就像 DevOps 领域的 Devin。你可以让 Datafruit 检查你的云支出,寻找松散的安全策略,修改你的基础设施即代码(IaC),并能够在你的部署标准、设计文档和 DevOps 实践之间进行推理。
<p>演示视频:<a href="https://www.youtube.com/watch?v=2FitSggI7tg" rel="nofollow">https://www.youtube.com/watch?v=2FitSggI7tg</a>。</p>
目前,我们有两种主要方式与 Datafruit 互动:
<p>(1) 自动化基础设施审计——代理定期扫描你的环境,以寻找成本优化机会,检测基础设施漂移,并验证你的基础设施是否符合合规要求。</p>
<p>(2) 聊天界面(可通过网页 UI 和 Slack 使用)——向代理提问以获取实时洞察,或直接分配任务,例如调查支出异常、审查安全态势或对 IaC 资源进行更改。</p>
在 FAANG 和各种高增长初创公司工作时,我们意识到基础设施工作需要大量的上下文,往往比传统软件工程还要多。业务决策、代码库和云本身在任何分配的任务中都极为重要。为了最大化代理的成功,我们进行了相当多的上下文工程。避免幻觉是非常重要的!
<p>我们采用的一个非常有效的方法是多代理系统,其中我们有专门的子代理,能够访问特定工具调用和文档。代理在觉得其他代理更适合某项任务时,可以选择“交接”。然而,所有代理共享相同的上下文(<a href="https://cognition.ai/blog/dont-build-multi-agents" rel="nofollow">https://cognition.ai/blog/dont-build-multi-agents</a>)。我们对这种方法感到非常满意,并相信它可以在其他需要大量专业知识的领域中发挥作用。</p>
基础设施可能是任何软件组织中最关键的部分,需要非常严格的保护措施来确保安全。语言模型尚未达到可以信任其进行更改的程度(我们与几家初创公司交谈过,其中 Claude Code + AWS CLI 的组合导致了他们的基础设施崩溃)。目前,Datafruit 仅获得对你的基础设施的只读访问权限,只能通过对你的 IaC 仓库的拉取请求进行更改。代理还在一个沙盒虚拟环境中运行,因此即使它想写云 CLI 命令也无法做到!
<p>大型语言模型(LLMs)可以显著增加价值的地方在于减少那些消耗云支出并延误截止日期的持续操作低效——这些小而紧急的操作工作。一旦 Datafruit 索引了你的环境,你可以让它执行以下操作:</p>
<pre><code> "授予 @User 24 小时内对分析 S3 桶的写入访问权限"
-> 创建临时 IAM 角色,发送最小权限凭证,明天自动撤销
"找出这个密钥的使用位置,以便我可以在不造成停机的情况下进行轮换"
-> 发现所有密钥的实例,包括你可能不知道的旧定时任务,以便你可以安全地轮换密钥
"为什么昨天数据库成本激增?"
-> 识别高成本查询,展示优化选项,实施修复
</code></pre>
我们采用简单的订阅模式收费,提供托管版本,但也提供自带云的模式。Datafruit 的所有功能都可以使用 Helm 图表在 Kubernetes 上部署,适用于数据不能离开你的 VPC 的企业客户。
目前,我们正在客户的云上自行安装产品。它尚未以自助服务的形式存在。我们最终会实现这一点,但在此期间,如果你感兴趣,我们非常希望你能通过 founders@datafruit.dev 给我们发邮件。
<p>我们期待听到你的想法!如果你从事云基础设施工作,我们特别希望了解你希望能够转交给代理的工作类型。</p>
查看原文
Hey HN! We’re Abhi, Venkat, Tom, and Nick and we are building Datafruit (<a href="https://datafruit.dev/">https://datafruit.dev/</a>), an AI DevOps agent. We’re like Devin for DevOps. You can ask Datafruit to check your cloud spend, look for loose security policies, make changes to your IaC, and it can reason across your deployment standards, design docs, and DevOps practices.<p>Demo video: <a href="https://www.youtube.com/watch?v=2FitSggI7tg" rel="nofollow">https://www.youtube.com/watch?v=2FitSggI7tg</a>.<p>Right now, we have two main methods to interact with Datafruit:<p>(1) automated infrastructure audits— agents periodically scan your environment to find cost optimization opportunities, detect infrastructure drift, and validate your infra against compliance requirements.<p>(2) chat interface (available as a web UI and through slack) — ask the agent questions for real-time insights, or assign tasks directly, such as investigating spend anomalies, reviewing security posture, or applying changes to IaC resources.<p>Working at FAANG and various high-growth startups, we realized that infra work requires an enormous amount of context, often more than traditional software engineering. The business decisions, codebase, and cloud itself are all extremely important in any task that has been assigned. To maximize the success of the agents, we do a fair amount of context engineering. Not hallucinating is super important!<p>One thing which has worked incredibly well for us is a multi-agent system where we have specialized sub-agents with access to specific tool calls and documentation for their specialty. Agents choose to “handoff” to each other when they feel like another agent would be more specialized for the task. However, all agents share the same context (<a href="https://cognition.ai/blog/dont-build-multi-agents" rel="nofollow">https://cognition.ai/blog/dont-build-multi-agents</a>). We’re pretty happy with this approach, and believe it could work in other disciplines which require high amounts of specialized expertise.<p>Infrastructure is probably the most mission-critical part of any software organization, and needs extremely heavy guardrails to keep it safe. Language models are not yet at the point where they can be trusted to make changes (we’ve talked to a couple of startups where the Claude Code + AWS CLI combo has taken their infra down). Right now, Datafruit receives read-only access to your infrastructure and can only make changes through pull requests to your IaC repositories. The agent also operates in a sandboxed virtual environment so that it could not write cloud CLI commands if it wanted to!<p>Where LLMs <i>can</i> add significant value is in reducing the constant operational inefficiencies that eat up cloud spend and delay deadlines—the small-but-urgent ops work. Once Datafruit indexes your environment, you can ask it to do things like:<p><pre><code> "Grant @User write access to analytics S3 bucket for 24 hours"
-> Creates temporary IAM role, sends least-privilege credentials, auto-revokes tomorrow
"Find where this secret is used so I can rotate it without downtime"
-> Discovers all instances of your secret, including old cron-jobs you might not know about, so you can safely rotate your keys
"Why did database costs spike yesterday?"
-> Identifies expensive queries, shows optimization options, implements fixes
</code></pre>
We charge a straightforward subscription model for a managed version, but we also offer a bring-your-own-cloud model. All of Datafruit can be deployed on Kubernetes using Helm charts for enterprise customers where data can’t leave your VPC.
For the time being, we’re installing the product ourselves on customers' clouds. It doesn’t exist in a self-serve form yet. We’ll get there eventually, but in the meantime if you’re interested we’d love for you guys to email us at founders@datafruit.dev.<p>We would love to hear your thoughts! If you work with cloud infra, we are especially interested in learning about what kinds of work you do which you wish could be offloaded onto an agent.