Launch HN: Datafruit (YC S25) – 面向 DevOps 的 AI
7 分•作者: nickpapciak•9 个月前
嘿,HN!我们是 Abhi、Venkat、Tom 和 Nick,我们正在构建 Datafruit (<a href="https://datafruit.dev/">https://datafruit.dev/</a>),一个 AI DevOps 助手。我们就像 DevOps 领域的 Devin。你可以让 Datafruit 检查你的云支出,查找松散的安全策略,更改你的 IaC,并且它可以根据你的部署标准、设计文档和 DevOps 实践进行推理。<p>演示视频:<a href="https://www.youtube.com/watch?v=2FitSggI7tg" rel="nofollow">https://www.youtube.com/watch?v=2FitSggI7tg</a>。<p>目前,我们有两种主要的与 Datafruit 交互的方式:<p>(1) 自动化基础设施审计——助手会定期扫描你的环境,以发现成本优化机会,检测基础设施漂移,并根据合规性要求验证你的基础设施。<p>(2) 聊天界面(可通过 Web UI 和 Slack 访问)——向助手提问以获取实时见解,或直接分配任务,例如调查支出异常、审查安全状况或对 IaC 资源应用更改。<p>在 FAANG 和各种高增长的初创公司工作时,我们意识到基础设施工作需要大量的上下文,通常比传统的软件工程还要多。业务决策、代码库和云本身在任何已分配的任务中都极其重要。为了最大限度地提高助手的成功率,我们进行了大量的上下文工程。不产生幻觉非常重要!<p>对我们来说非常有效的一件事是多代理系统,我们拥有专门的子代理,可以访问特定工具调用和其专业领域的文档。当代理认为另一个代理更擅长该任务时,它们会选择“移交”给另一个代理。但是,所有代理共享相同的上下文 (<a href="https://cognition.ai/blog/dont-build-multi-agents" rel="nofollow">https://cognition.ai/blog/dont-build-multi-agents</a>)。我们对这种方法非常满意,并相信它可以在其他需要大量专业知识的学科中发挥作用。<p>基础设施可能是任何软件组织中最关键的部分,需要极其严格的保护措施以确保其安全。语言模型还不能完全信任它们来做出更改(我们与几家初创公司交流过,他们使用 Claude Code + AWS CLI 的组合导致了他们的基础设施崩溃)。目前,Datafruit 只能以只读权限访问你的基础设施,并且只能通过对你的 IaC 存储库的拉取请求进行更改。该助手还在沙盒虚拟环境中运行,因此即使它想,也无法编写云 CLI 命令!<p>LLM <i>可以</i>增加显著价值的地方在于减少不断消耗云支出和延误截止日期的运营低效——那些小而紧急的运维工作。一旦 Datafruit 索引了你的环境,你就可以让它做以下事情:<p><pre><code> “授予 @User 对分析 S3 存储桶的 24 小时写入权限”
-> 创建临时 IAM 角色,发送最小权限凭据,明天自动撤销
“找到这个密钥的使用位置,这样我就可以在不停机的情况下轮换它”
-> 发现你的密钥的所有实例,包括你可能不知道的旧的 cron 作业,这样你就可以安全地轮换你的密钥
“为什么数据库成本昨天飙升?”
-> 识别昂贵的查询,显示优化选项,实施修复
</code></pre>
我们为托管版本收取直接的订阅模式,但我们也提供自带云模型。所有 Datafruit 都可以使用 Helm 图表部署在 Kubernetes 上,适用于数据不能离开你的 VPC 的企业客户。
目前,我们自己为客户安装产品。它还没有自助服务形式。我们最终会实现这一目标,但与此同时,如果你有兴趣,我们希望你们通过 founders@datafruit.dev 给我们发邮件。<p>我们很乐意听取你的想法!如果你从事云基础设施工作,我们特别感兴趣的是了解你希望可以交给助手处理的哪些类型的工作。
查看原文
Hey HN! We’re Abhi, Venkat, Tom, and Nick and we are building Datafruit (<a href="https://datafruit.dev/">https://datafruit.dev/</a>), an AI DevOps agent. We’re like Devin for DevOps. You can ask Datafruit to check your cloud spend, look for loose security policies, make changes to your IaC, and it can reason across your deployment standards, design docs, and DevOps practices.<p>Demo video: <a href="https://www.youtube.com/watch?v=2FitSggI7tg" rel="nofollow">https://www.youtube.com/watch?v=2FitSggI7tg</a>.<p>Right now, we have two main methods to interact with Datafruit:<p>(1) automated infrastructure audits— agents periodically scan your environment to find cost optimization opportunities, detect infrastructure drift, and validate your infra against compliance requirements.<p>(2) chat interface (available as a web UI and through slack) — ask the agent questions for real-time insights, or assign tasks directly, such as investigating spend anomalies, reviewing security posture, or applying changes to IaC resources.<p>Working at FAANG and various high-growth startups, we realized that infra work requires an enormous amount of context, often more than traditional software engineering. The business decisions, codebase, and cloud itself are all extremely important in any task that has been assigned. To maximize the success of the agents, we do a fair amount of context engineering. Not hallucinating is super important!<p>One thing which has worked incredibly well for us is a multi-agent system where we have specialized sub-agents with access to specific tool calls and documentation for their specialty. Agents choose to “handoff” to each other when they feel like another agent would be more specialized for the task. However, all agents share the same context (<a href="https://cognition.ai/blog/dont-build-multi-agents" rel="nofollow">https://cognition.ai/blog/dont-build-multi-agents</a>). We’re pretty happy with this approach, and believe it could work in other disciplines which require high amounts of specialized expertise.<p>Infrastructure is probably the most mission-critical part of any software organization, and needs extremely heavy guardrails to keep it safe. Language models are not yet at the point where they can be trusted to make changes (we’ve talked to a couple of startups where the Claude Code + AWS CLI combo has taken their infra down). Right now, Datafruit receives read-only access to your infrastructure and can only make changes through pull requests to your IaC repositories. The agent also operates in a sandboxed virtual environment so that it could not write cloud CLI commands if it wanted to!<p>Where LLMs <i>can</i> add significant value is in reducing the constant operational inefficiencies that eat up cloud spend and delay deadlines—the small-but-urgent ops work. Once Datafruit indexes your environment, you can ask it to do things like:<p><pre><code> "Grant @User write access to analytics S3 bucket for 24 hours"
-> Creates temporary IAM role, sends least-privilege credentials, auto-revokes tomorrow
"Find where this secret is used so I can rotate it without downtime"
-> Discovers all instances of your secret, including old cron-jobs you might not know about, so you can safely rotate your keys
"Why did database costs spike yesterday?"
-> Identifies expensive queries, shows optimization options, implements fixes
</code></pre>
We charge a straightforward subscription model for a managed version, but we also offer a bring-your-own-cloud model. All of Datafruit can be deployed on Kubernetes using Helm charts for enterprise customers where data can’t leave your VPC.
For the time being, we’re installing the product ourselves on customers' clouds. It doesn’t exist in a self-serve form yet. We’ll get there eventually, but in the meantime if you’re interested we’d love for you guys to email us at founders@datafruit.dev.<p>We would love to hear your thoughts! If you work with cloud infra, we are especially interested in learning about what kinds of work you do which you wish could be offloaded onto an agent.