CloudDeploy: enterprise terminal + AI workspace and MCP server for guided cloud deployments (IBM Cloud first).
Project description
CloudDeploy ๐๐ค๐ฅ๏ธ
Terminal + AI Workspace for Cloud Deployments (Local-First, Enterprise-Ready)
If you've ever lost hours to "works on my machine" deployments, interactive CLIs, missing env vars, or confusing cloud logs โ CloudDeploy is for you.
CloudDeploy is a local workspace that runs your real interactive deployment CLI in a browser (left panel), while an AI deployment copilot (right panel) explains what's happening, flags issues early, and suggests next actions โ with intelligent autopilot modes that can both drive wizard prompts and execute approved AI plans under guardrails.
โญ If CloudDeploy saves you even one deployment incident, please star the repo.
โจ Highlights
- ๐ฅ๏ธ Real Terminal in the Browser (PTY-backed, not fake logs)
- ๐ Live Streaming Output + prompt detection
- ๐ค AI Copilot reads sanitized terminal tail + state
- ๐ฏ AI Plan Execution - AI suggests commands, you approve, they execute in terminal
- ๐ก๏ธ Dual Autopilot Modes:
- Wizard Mode: Safely drives interactive prompts (y/n, numeric choices)
- AI Auto-Execution: Auto-approves and runs AI-generated plans (dev mode)
- ๐งฐ MCP Tool Server (same tool layer powers UI + agents)
- ๐งพ Audit-Friendly UX: timeline, summary, issues, approval workflows
- ๐ Provider-Extensible (prompt maps + automation modules)
๐ง What is CloudDeploy?
CloudDeploy combines three things into one workflow:
1) Web Workspace (Terminal + AI)
- Runs a real PTY-backed terminal session in your browser
- Streams logs live
- Detects wizard prompts & steps automatically
- Shows status / summary / issues in a clean enterprise UI
2) AI Copilot for Deployments
- Reads sanitized terminal output (redaction by default)
- Explains current step in plain language
- NEW: Creates executable plans for user requests (create folders, list files, check status)
- Suggests the safest next action
- Helps troubleshoot failures with actionable hints
3) MCP Server (Tooling Interface)
- Exposes the deployment session as tools (stdio MCP)
- Enables external agents/orchestrators to observe, reason, and optionally automate
- Same tool layer powers UI Autopilot โ no duplicated automation systems
v1 focus: IBM Cloud Container Registry + Code Engine deployment wizards
v2 new: AI-powered terminal operations (file management, inspections, deployments)
Roadmap: multi-cloud providers, reusable prompt maps, enterprise policy packs, audit trails
๐ข Why teams adopt CloudDeploy (Enterprise mindset)
- ๐ฉโ๐ป Zero-to-hero onboarding: consistent wizard experience across engineers
- ๐ฅ Incident reduction: step detection + AI explanations reduce "unknown unknowns"
- ๐งพ Audit-friendly: timeline, step snapshots, and policy-guarded actions with approval workflows
- ๐ก๏ธ Safe automation: autopilot answers wizard prompts OR auto-executes AI plans (configurable)
- ๐ฏ AI-assisted operations: create folders, inspect files, check deployments via natural language
- ๐งฉ Extensible: add providers via prompt maps + automation modules
๐ฆ Install
pip install clouddeploy
CloudDeploy runs locally and uses your system tools (Docker/CLIs/etc). No vendor lock-in: the AI provider is configurable.
โ Prerequisites
System Requirements
- Python 3.11+
- macOS / Linux recommended (PTY-based runner)
- Windows: supported via WSL2 (recommended)
IBM Cloud Requirements (v1)
Ensure these are available in your PATH:
ibmcloudCLIdockerjq
Permissions needed:
- Container Registry access
- Code Engine project access
- IAM API key creation (optional; only if using auto-key creation flow)
๐ Quick Start
1) Run the Web Workspace (Terminal + AI)
Launches a browser workspace where:
- Left = real CLI wizard running in a PTY
- Right = AI assistant (Assistant / Summary / Issues)
- Top = status + Autopilot toggle
clouddeploy ui --cmd ./scripts/push_to_code_engine.sh --host 127.0.0.1 --port 8787
Open:
Tip: You can run any interactive CLI wizard โ detection is pluggable.
Choose Script
Building and Deployment Scripts
AI Assistant
Interactive Shells
๐ฏ NEW: AI Plan Execution (Interactive Commands)
CloudDeploy now features AI-powered terminal operations with a Plan โ Approve โ Execute workflow.
How It Works
- Ask the AI to perform a task (in natural language)
- AI creates a plan with specific commands, reasons, and risk levels
- Review the plan in an approval card (see what will run)
- Approve or reject - commands only execute after your approval
- Watch execution in the left terminal (you'll see commands being typed)
๐ Example: Creating Folders and Files
You ask:
"Create a folder called 'example' and put a README.md file inside"
AI responds with plan card:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Create folder structure โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ 1. mkdir example โ
โ Why: Create the 'example' directory โ
โ Risk: Medium โ
โ โ
โ 2. touch example/README.md โ
โ Why: Create README file inside example folder โ
โ Risk: Medium โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ [Reject] [Approve & Run โ] โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
You click "Approve & Run"
Left terminal shows:
$ mkdir example
$ touch example/README.md
$
Result: โ Folder created with README file inside
๐ฎ More Examples
List Files
You: "List all files in this directory"
AI Plan:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ List directory contents โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ls -la โ
โ Why: Show all files + details โ
โ Risk: Low โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Check Docker Status
You: "Check if Docker is running"
AI Plan:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Check Docker status โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ docker ps โ
โ Why: List running containers โ
โ Risk: Low โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Copy Files
You: "Copy config.json to config.backup.json"
AI Plan:
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Backup configuration file โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ cp config.json config.backup.json โ
โ Why: Create backup copy โ
โ Risk: Medium โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ก๏ธ Safety Features
3-Layer Validation:
- AI suggests only safe, relevant commands
- Server validates against allowlist/blocklist before execution
- User approves manually (or autopilot auto-approves in dev mode)
Command Policy:
- โ
Allowed:
mkdir,touch,ls,cp,mv,cat,grep,docker,kubectl,git, etc. - โ ๏ธ Restricted:
rm(only safe patterns likerm file.txt, blocksrm -rf /) - โ Blocked:
sudo,shutdown,chmod 777, destructive wildcards
Risk Labeling:
- ๐ข Low: Read-only operations (
ls,cat,docker ps) - ๐ก Medium: Write operations (
mkdir,touch,cp,npm install) - ๐ด High: Destructive/deployment operations (
rm,kubectl delete,git push)
๐ค Autopilot (Two Modes)
CloudDeploy includes an Autopilot toggle with two distinct behaviors:
Mode 1: Wizard Automation (Default Autopilot)
When running deployment scripts/wizards, autopilot:
- Prefers defaults (ENTER)
- Uses safe yes/no answers (
Y/n) - Selects numeric choices when clearly detected
- Stops on errors (does not guess destructive fixes)
This is the original autopilot behavior for script wizards.
Mode 2: AI Plan Auto-Execution (NEW) ๐
When autopilot is enabled and you ask the AI to do something:
Autopilot OFF (Manual Mode - Default):
You: "Create folder 'test'"
AI: [Shows approval card]
You: [Must click "Approve & Run"]
Result: Commands execute after approval
Autopilot ON (Auto Mode):
You: "Create folder 'test'"
AI: ๐ค Autopilot Plan: Create folder
1. mkdir test (medium)
Auto-executing nowโฆ
Result: Commands execute IMMEDIATELY (no approval needed)
๐ฏ When to Use Each Mode
Autopilot OFF (Recommended for Production):
- โ Production deployments
- โ Sensitive operations
- โ Learning mode (review what AI suggests)
- โ Manual oversight required
Autopilot ON (Great for Development):
- โ Development/testing environments
- โ Fast iteration workflows
- โ Trusted operations (file management, inspections)
- โ Demo scenarios
๐ก๏ธ Safety Guardrails (Both Modes)
Autopilot and AI plan execution are filtered through the same policy engine:
- Blocks dangerous patterns (
rm -rf /, shutdown, destructive payloads) - Command allowlist (only approved commands can run)
- Risk assessment (labels each command low/medium/high)
- Maximum 15 steps per plan
- Server-side validation (double-checks every command)
Even in autopilot mode, blocked commands will fail.
๐งญ UX: Ending / Switching Sessions (Best Practice)
CloudDeploy follows an enterprise-safe pattern:
- Clicking End Session opens a Switch Session picker
- Cancel returns to the current session (nothing is stopped)
- The current session is stopped only when you click "Start session" for a new script (commit point prevents accidental termination)
This prevents "oops I clicked End Session" incidents and supports rapid restarts.
๐จ Complete Workflow Example
Scenario: Setting Up a New Project Structure
Step 1: Start Interactive Shell
clouddeploy ui --cmd bash --host 127.0.0.1 --port 8787
Step 2: Ask AI to Set Up Project
You: "Create a project structure with folders: src, tests, docs, and a README.md"
AI: ๐ฏ Create project structure
1. mkdir src (medium)
2. mkdir tests (medium)
3. mkdir docs (medium)
4. touch README.md (medium)
[Reject] [Approve & Run]
Step 3: Approve and Watch Execution
$ mkdir src
$ mkdir tests
$ mkdir docs
$ touch README.md
$
Step 4: Verify Structure
You: "List all folders and files"
AI: ๐ List directory contents
1. ls -la (low)
[Approve & Run]
Terminal Output:
$ ls -la
drwxr-xr-x 2 user staff 64 Dec 13 10:30 src
drwxr-xr-x 2 user staff 64 Dec 13 10:30 tests
drwxr-xr-x 2 user staff 64 Dec 13 10:30 docs
-rw-r--r-- 1 user staff 0 Dec 13 10:30 README.md
Step 5: Enable Autopilot for Faster Workflow
[Click Autopilot button to enable]
You: "Create a test file in the tests folder"
AI: ๐ค Autopilot Plan: Create test file
1. touch tests/test_main.py (medium)
Auto-executing nowโฆ
$ touch tests/test_main.py
โ
Done. Check the terminal output on the left.
๐ง Run as an MCP Server (stdio)
CloudDeploy can run as a tool server for external agents:
clouddeploy mcp --cmd ./scripts/push_to_code_engine.sh
Example tool call (read sanitized tail output):
echo '{"id":"1","tool":"cli.read","args":{"tail_chars":1200,"redact":true}}' \
| clouddeploy mcp --cmd ./scripts/push_to_code_engine.sh
This enables:
- agent-driven observability
- enterprise orchestration integrations
- automated pipelines with human approvals
๐ LLM Provider Configuration
CloudDeploy uses a provider abstraction (clouddeploy/llm/llm_provider.py) and supports:
- watsonx.ai (default, recommended)
- OpenAI
- Claude (Anthropic)
- Ollama (local)
โ watsonx.ai (Recommended)
export GITPILOT_PROVIDER=watsonx
export WATSONX_API_KEY="YOUR_KEY"
export WATSONX_PROJECT_ID="YOUR_PROJECT_ID"
# Optional overrides
export WATSONX_BASE_URL="https://us-south.ml.cloud.ibm.com"
export GITPILOT_WATSONX_MODEL="ibm/granite-3-8b-instruct"
OpenAI
export GITPILOT_PROVIDER=openai
export OPENAI_API_KEY="YOUR_KEY"
export GITPILOT_OPENAI_MODEL="gpt-4o-mini"
# Optional
export OPENAI_BASE_URL="https://api.openai.com"
Claude (Anthropic)
export GITPILOT_PROVIDER=claude
export ANTHROPIC_API_KEY="YOUR_KEY"
export GITPILOT_CLAUDE_MODEL="claude-sonnet-4-5"
# Optional
export ANTHROPIC_BASE_URL="https://api.anthropic.com"
Ollama (Local)
export GITPILOT_PROVIDER=ollama
export OLLAMA_BASE_URL="http://localhost:11434"
export GITPILOT_OLLAMA_MODEL="llama3"
๐ Security & Compliance Notes (Important)
CloudDeploy is designed for enterprise usage:
๐งผ Redaction by default
Terminal logs sent to the AI are sanitized (clouddeploy/redact.py):
- masks API keys, tokens, passwords
- masks Bearer tokens
- can optionally redact
.envvalues while keeping keys
๐ก๏ธ Policy-guarded automation
All automation is gated (clouddeploy/mcp/policy.py):
- blocks destructive patterns
- strict mode restricts to safe wizard responses
- AI plan commands validated by allowlist/blocklist
- manual approval required by default (autopilot is opt-in)
๐ Local-first
You run CloudDeploy locally; it uses the same credentials/tools you already use:
- no credential harvesting
- no remote terminal execution layer required
- commands execute in your local PTY (you see them typing)
Best practice: use least-privilege IAM keys and managed secret stores.
๐งฑ Project Structure
clouddeploy/
server.py # FastAPI app + WebSockets + session/plan endpoints
web/
index.html # UI shell (no bundler)
app.js # UI logic (xterm + websockets + plan approval + autopilot)
styles.css # UI styles
mcp/
tools.py # ToolRegistry interface (CLI read/send/state)
policy.py # Input guardrails + command validation
llm/
llm_provider.py # Provider abstraction
prompts.py # System + status + plan protocol prompts
ibm/
automation.py # IBM-specific autopilot heuristics
scripts/
push_to_code_engine.sh # Example deployment script
๐งช Development (uv-only workflows)
CloudDeploy uses uv for fast, reproducible installs.
make sync
make run-ui CMD=./scripts/push_to_code_engine.sh
make test
make lint
๐งช Testing the New AI Features
Test 1: File Management
# Start interactive shell
clouddeploy ui --cmd bash
# In AI chat:
"Create a folder called 'demo' with files: app.py, config.json, README.md"
# Expected: AI creates 4-step plan
# You approve, watch execution in left terminal
Test 2: Docker Operations
# In AI chat:
"Check what Docker containers are running"
# Expected: AI suggests "docker ps"
# You approve, see container list in terminal
Test 3: Autopilot Mode
# Enable autopilot (click button)
# In AI chat:
"Create folders: src, tests, docs"
# Expected: AI plan auto-executes immediately
# Terminal shows all 3 mkdir commands running
Test 4: Safety Validation
# In AI chat:
"Delete all files recursively"
# Expected: AI might suggest "rm -rf ."
# Validation rejects (blocked by policy)
# Error shown: "Command contains blocked keyword"
๐ Allowed Commands Reference
Read-Only (Risk: Low)
- File inspection:
ls,cat,head,tail,grep,find,tree - System info:
pwd,whoami,date,uname,env - Docker:
docker ps,docker images,docker logs - Kubernetes:
kubectl get,kubectl describe,kubectl logs - Git:
git status,git log,git diff
Write Operations (Risk: Medium)
- Create:
mkdir,touch - Copy/Move:
cp,mv - Package managers:
npm install,pip install - Build:
docker build,make
Deployment (Risk: High when applicable)
- Kubernetes:
kubectl apply,kubectl delete - Helm:
helm install,helm upgrade - Git:
git push,git commit
Blocked Commands
- โ
sudo(privilege escalation) - โ
rm -rf /(destructive wildcards) - โ
shutdown,reboot(system control) - โ
chmod 777(unsafe permissions)
๐งฉ Contributing
We welcome PRs for:
- new cloud provider prompt maps
- improved step detection rules
- better policy packs
- UI enhancements
- wizard regression samples
- NEW: Additional allowed commands (with safety validation)
- NEW: AI plan templates for common workflows
Guidelines:
- keep automation conservative (safe-by-default)
- never leak secrets; respect redaction
- prefer deterministic state detection over heuristics
- validate all AI-suggested commands server-side
- provide clear risk labels (low/medium/high)
๐ Support / Community
If you hit a tricky deployment edge-case:
- capture sanitized logs (Export Logs button)
- open an issue with the step + error section
- or propose a new prompt map rule
For AI plan execution issues:
- share the plan JSON that was generated
- indicate which command failed validation
- suggest allowlist additions (with safety justification)
โญ If CloudDeploy helps your team ship faster, please star the repo โ it drives adoption and accelerates multi-cloud support.
๐ License
Apache 2.0 โ see LICENSE.
๐ What's New in v2
AI Plan Execution
- โ Natural language to terminal commands
- โ Plan โ Approve โ Execute workflow
- โ Real-time execution in left terminal
- โ Risk-labeled command steps
- โ Multi-step plan support (up to 15 steps)
Enhanced Autopilot
- โ Dual-mode operation (wizard + AI plans)
- โ Auto-execution mode for development
- โ Visual feedback for mode switching
- โ Safety validation in both modes
Security Improvements
- โ Command allowlist/blocklist
- โ
Safe
rmpattern validation - โ Server-side command validation
- โ Execution locks (prevent conflicts)
- โ Audit trail (timeline logging)
UX Enhancements
- โ Approval cards with risk indicators
- โ Compact plan summaries in autopilot mode
- โ Clear mode indicators (manual vs auto)
- โ Execution status in UI
Made with โค๏ธ for DevOps teams tired of deployment incidents
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file clouddeploy-0.1.1.tar.gz.
File metadata
- Download URL: clouddeploy-0.1.1.tar.gz
- Upload date:
- Size: 80.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7c0d6133474a482d7007ae975de672982101039af1f09d3c24b9a7b25e726e13
|
|
| MD5 |
fac2ecd2009f3c4009dae53a03cc522b
|
|
| BLAKE2b-256 |
e78d874b9173ccad52bd2bd8d59309ade479a814dd0cadaca8ad977e6971aba0
|
Provenance
The following attestation bundles were made for clouddeploy-0.1.1.tar.gz:
Publisher:
release.yml on ruslanmv/clouddeploy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
clouddeploy-0.1.1.tar.gz -
Subject digest:
7c0d6133474a482d7007ae975de672982101039af1f09d3c24b9a7b25e726e13 - Sigstore transparency entry: 762753375
- Sigstore integration time:
-
Permalink:
ruslanmv/clouddeploy@efbebbe92cec6d66ecf655325a4cb44791ad3bb6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/ruslanmv
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@efbebbe92cec6d66ecf655325a4cb44791ad3bb6 -
Trigger Event:
release
-
Statement type:
File details
Details for the file clouddeploy-0.1.1-py3-none-any.whl.
File metadata
- Download URL: clouddeploy-0.1.1-py3-none-any.whl
- Upload date:
- Size: 70.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
19d6751b8ca2001bd1b14e40770f9ed9cf4c6b295da2aaf09a9c3656bd26b267
|
|
| MD5 |
b2cdfce25b558c17a4a5ec19ae8d5299
|
|
| BLAKE2b-256 |
93c9503570f5f64d2a2b8c80e8a0e368e140f34c7c35d6df66f6078f2701a3c9
|
Provenance
The following attestation bundles were made for clouddeploy-0.1.1-py3-none-any.whl:
Publisher:
release.yml on ruslanmv/clouddeploy
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
clouddeploy-0.1.1-py3-none-any.whl -
Subject digest:
19d6751b8ca2001bd1b14e40770f9ed9cf4c6b295da2aaf09a9c3656bd26b267 - Sigstore transparency entry: 762753379
- Sigstore integration time:
-
Permalink:
ruslanmv/clouddeploy@efbebbe92cec6d66ecf655325a4cb44791ad3bb6 -
Branch / Tag:
refs/tags/v0.1.1 - Owner: https://github.com/ruslanmv
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@efbebbe92cec6d66ecf655325a4cb44791ad3bb6 -
Trigger Event:
release
-
Statement type: