Stats
Actions
Tags
From klanker
Operates the `km` CLI for Klanker Maker: creating sandboxes, running agents, managing lifecycle. Auto-activates when users aim to use the km CLI or manage sandboxes.
How this skill is triggered — by the user, by Claude, or both
Slash command
/klanker:userThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill guides usage of the `km` CLI on the operator's workstation. It covers sandbox creation, agent execution, learn mode, and lifecycle management.
This skill guides usage of the km CLI on the operator's workstation. It covers sandbox creation, agent execution, learn mode, and lifecycle management.
klanker:init — one-time platform setup (km configure, km init, multi-instance resource_prefix, Slack bootstrap, rollout sequences)klanker:vscode — VS Code Remote-SSH operator workflowklanker:cluster — cross-account k8s IRSA onboardingklanker:email / klanker:slack / klanker:operator — the matching agent-side skills that run inside a sandboxklanker-terraform profilekm binary built: make buildThe platform configuration lives in km-config.yaml. See docs/km-config.example.yaml for the full template. Required fields:
artifacts_bucket — S3 bucket for sandbox artifactsstate_bucket — S3 bucket for Terraform stategithub_app_id / github_installation_id — GitHub App credentials (for source access)operator_email — Operator inbox addressAlways start by verifying platform health:
km doctor
This runs 17 checks: config, credentials, SES, Lambda, VPC, stale resources, etc. Fix any failures before proceeding.
km info
Shows: platform config, AWS accounts, SES quota, current AWS spend, DynamoDB tables, storage.
See the klanker:init skill for full coverage of km configure, km init (and its --sidecars / --lambdas / --dry-run variants), multi-instance resource_prefix isolation, Slack bootstrap, and post-edit rollout sequences. Quick reference:
make build # always required after editing km source
km init --sidecars # refresh sidecar binaries + management Lambda
km init --dry-run=false # apply Terraform module changes
km doctor # verify
When the user doesn't specify a profile, or is exploring/getting started, use the learn profile:
km create profiles/learn.yaml --alias my-sandbox
The learn profile (profiles/learn.yaml) is designed for exploration:
"*") — all network traffic allowed"*") — all repos accessibleboth mode with full observabilityprivileged: true for sudo accessteardownPolicy: stop — pause instead of destroy on TTLkm validate <profile.yaml>
Always validate custom profiles before creating sandboxes.
km create <profile.yaml> [flags]
| Flag | Description |
|---|---|
--alias <name> | Human-friendly name (used in hostname, tips, email display name) |
--on-demand | Use on-demand EC2 instead of spot (enables pause/hibernate) |
--docker | Create as local Docker container instead of EC2 |
--no-bedrock | Skip Bedrock configuration (use direct API) |
--ttl <duration> | Override profile TTL (e.g., --ttl 4h) |
--idle <duration> | Override idle timeout (e.g., --idle 30m) |
km clone <source> <alias> # Clone with workspace copy
km clone <source> <alias> --no-copy # Clone profile only (fresh workspace)
km clone <source> <alias> --count 3 # Create 3 clones (alias-1, alias-2, alias-3)
km agent run <sandbox> --prompt "fix the failing tests"
Returns immediately. Agent runs in a persistent tmux session.
km agent run <sandbox> --prompt "What model are you?" --wait
Blocks until done, prints JSON result with result, total_cost_usd, token usage.
km agent run <sandbox> --prompt "refactor the auth module" --interactive
Creates tmux session and attaches you. Detach with Ctrl-B d — agent keeps running.
km agent attach <sandbox>
km agent results <sandbox> # Latest run
km agent results <sandbox> --run 20260410T143000Z # Specific run
km agent results <sandbox> | jq '.result' # Just the answer
km agent results <sandbox> | jq '.total_cost_usd' # Cost
km agent list <sandbox>
km agent run <sandbox> --prompt "..." --no-bedrock --wait
Requires claude login on the sandbox first, or set spec.cli.noBedrock: true in the profile.
km agent run <sandbox> --prompt "..." --auto-start
Resumes the sandbox if it's paused/stopped before running the agent.
Generate a minimal SandboxProfile from observed traffic:
km create profiles/learn.yaml --alias learn-1
km shell --learn learn-1
This starts an SSM session with eBPF traffic recording. All DNS queries, HTTP hosts, and GitHub repos are observed.
Inside the sandbox, do whatever the target workload does — clone repos, install packages, call APIs. The observer records everything.
When you exit the shell, the observer flushes observations to S3 and generates an annotated profile:
observed-profile.yaml
The generated profile includes:
allowedDNSSuffixes collapsed from observed DNS domainsallowedHosts for hosts not covered by DNS suffixesallowedRepos from observed GitHub clone/fetch operationsallowedRefs from observed Git ref operationskm validate observed-profile.yaml
Review the generated profile, tighten the allowlists, adjust lifecycle settings, then use it for production sandboxes.
km list # Narrow view: #, alias, sandbox-id, status, TTL
km list --wide # All columns including substrate, region, profile
km pause <sandbox> # Hibernate (on-demand) or stop (spot)
km resume <sandbox> # Restart a paused/stopped sandbox
km stop <sandbox> # Stop without destroying infrastructure
km destroy <sandbox> # Full teardown (remote by default)
km lock <sandbox> # Prevent accidental destroy/stop/pause
km unlock <sandbox> # Remove safety lock (requires confirmation)
km at 'in 2 hours' destroy <sandbox> # Deferred destroy
km at '5pm tomorrow' agent run <sandbox> --prompt "nightly tests" --auto-start
km at 'every day at 15:00' agent run <sandbox> --prompt "daily check" --auto-start # daily, local time
km at 'every hour' agent run <sandbox> --prompt "heartbeat" --auto-start # rate, from creation
km at 'cron(0 * * * ? *)' agent run <sandbox> --prompt "heartbeat" --auto-start # top of every hour
km at 'cron(0/15 * * * ? *)' agent run <sandbox> --prompt "status" --auto-start # :00/:15/:30/:45
km at list # List scheduled operations
km at cancel <schedule-name> # Cancel a schedule
Recurring
cron()schedules run in your local timezone (e.g.every day at 15:00= 15:00 local).every N minutes/hourscompiles torate(...)and drifts from creation time — use a rawcron(...)for clock-aligned firing.
km otel <sandbox> # Summary: AI spend, token usage
km otel <sandbox> --prompts # All prompts sent to AI models
km otel <sandbox> --events # Lifecycle events
km otel <sandbox> --tools # Tool usage breakdown
km otel <sandbox> --timeline # Chronological activity timeline
km shell <sandbox> # SSM shell as sandbox user
km shell <sandbox> --root # Root shell
km shell <sandbox> --ports 8080:8080 # Port forwarding
km email send --to <sandbox> --subject "task spec" --body spec.md
km email send --from <sandbox-a> --to <sandbox-b> --subject "results" --attach output.tar.gz
km email read <sandbox> # Table format with signature verification
km email read <sandbox> --json # JSON for scripting
km email read <sandbox> --mark-read # Mark as processed
| Task | Command |
|---|---|
| Validate platform | km doctor |
| Create sandbox | km create profiles/learn.yaml --alias name |
| Shell in | km shell name |
| Run agent | km agent run name --prompt "..." --wait |
| Check results | km agent results name |
| Pause | km pause name |
| Resume | km resume name |
| Destroy | km destroy name |
| Schedule | km at 'time' command args |
| Monitor | km otel name |
Searches MemPalace before answering questions about past work, people, projects, or prior decisions. Returns verbatim stored content instead of guessing from model memory.
Guides Payload CMS config (payload.config.ts), collections, fields, hooks, access control, APIs. Debugs validation errors, security, relationships, queries, transactions, hook behavior.
Implements vector databases with Pinecone, Weaviate, Qdrant, Milvus, pgvector for semantic search, RAG, recommendations, and similarity systems. Optimizes embeddings, indexing, and hybrid search.
npx claudepluginhub whereiskurt/klanker-maker --plugin klanker