Cloudgeni gives agents infrastructure context without giving them deployment control.Documentation Index
Fetch the complete documentation index at: https://docs.cloudgeni.ai/llms.txt
Use this file to discover all available pages before exploring further.
The Short Version
- Agents do not deploy. No direct apply, deploy, or production cloud mutation.
- Cloud access is read-first. Inventory, findings, resource context, and validation inputs.
- Changes land as PRs. Your team reviews, merges, and deploys.
- Runs are scoped. Selected repositories, integrations, tools, and organization data only.
Architecture Overview
Four paths matter:- Customer environment: users, Git providers, cloud accounts, and CI/CD stay under customer control.
- Cloudgeni control plane: the web app, CLI, API, queues, workers, storage, audit logs, and telemetry coordinate work.
- Read-first cloud path: Cloudgeni reads control-plane metadata, findings, resource relationships, and validation context.
- Pull-request write path: code changes are delivered through branches and pull requests, then deployed by customer CI/CD.
A task starts
A user prompt, schedule, webhook, scan result, drift item, or import request creates work.
Cloudgeni authorizes scope
The API resolves organization, workspace, repository, integration, and actor before dispatch.
A worker runs the agent
The agent receives selected context, task-specific tools, and an ephemeral run context.
Evidence is recorded
Session messages, tool output, scan state, credential usage, audit events, and telemetry are
persisted for review.
Commitments
Human-controlled delivery
Human-controlled delivery
Cloudgeni produces reviewable output, not production deployment.
Least privilege
Least privilege
Cloud access is read-first by default. Git access is scoped to connected providers and selected
repositories.
Bounded execution
Bounded execution
Agent runs use task-specific tools, selected context, and execution limits.
Tenant scoping
Tenant scoping
Organization context is enforced through API, worker, storage, and audit paths.
Validation and traceability
Validation and traceability
Supported workflows run plan-style or static checks before output is finalized. Sessions, scans,
credential usage, and security events are logged.
Data And Credentials
Cloudgeni is a control-plane and IaC-plane product. Cloudgeni needs infrastructure metadata, selected repository content, findings, prompts, generated changes, and audit events. Cloudgeni does not need application databases, runtime traffic, end-user app data, or production secrets embedded in customer systems. Deployment-grade credentials should stay in customer CI/CD. Cloudgeni can generate and validate the proposed IaC; the final plan/apply or deploy step remains customer-controlled.Related Public References
Infrastructure Agents Guide
Our open guide to designing, building, and operating infrastructure agents safely.
OpenGeni
A self-hostable managed agent service for long-running infrastructure work.
Connect Cloud Accounts
Provider setup paths and read-first cloud access guidance.
AI DevOps
How interactive agent sessions work in the product.