ARC Config MCP Server
š AI-Powered
A comprehensive TypeScript MCP (Model Context Protocol) server that transforms complex ARC operations into conversational AI interactions. Deploy, monitor, and manage GitHub Actions runners with natural language commands.
šÆ QUICK START: Add to your MCP client: ghcr.io/tsviz/arc-config-mcp:latest ā Ask AI: "Install ARC in my cluster" ā Done! āØ
š Quick Links: Installation ā¢ š„ Healthcare Demo ā¢ š¬ Demo Guide ā¢ Policy Validation Guide ā¢ Policy Rule Integration ā¢ Hybrid Workflows ā¢ Tool Catalog ā¢ Roadmap ā¢ Contributing
šÆ What is ARC Config MCP Server?
ARC Config MCP Server is an enterprise-grade automation tool that bridges the gap between complex Kubernetes-based GitHub Actions runner management and intuitive AI-powered operations. Instead of memorizing kubectl commands and YAML configurations, simply tell the AI what you want to accomplish.
š ļø Architecture Flow Diagram
flowchart TD
%% Entry Points
ClientChat["Copilot Chat"]
ClientAPI["REST API"]
ClientCLI["CLI/Script"]
ClientChat --> MCPServer
ClientAPI --> MCPServer
ClientCLI --> MCPServer
%% NLP/Natural Language
subgraph "Natural Language"
NLPMapper["Natural Language Mapper (arc_process_natural_language)"]
end
ClientChat --> NLPMapper
NLPMapper --> ToolRouter
%% MCP Core Routing
MCPServer --> ToolRouter["Tool Router"]
%% Tool Registry and Registration
ToolRouter --> ToolRegistry["Tool Registry (registerTool: arc_install_controller/arc_scale_runners/etc)"]
ToolRegistry --> ToolHandler["Tool Handler (async for each tool)"]
NewTool["Add Tool via registerTool()"] --> ToolRegistry
%% Input Validation
ToolHandler --> InputValidation["Input Validation (zod schema)"]
InputValidation -->|Valid| ToolExec["Tool Execution (Business Logic)"]
InputValidation -->|Invalid| ErrorHandling["Return Error + Troubleshooting to Client"]
%% Service Context
subgraph "Service Context"
KubeClient["Kubernetes API Client"]
GitHubClient["GitHub API Client"]
InstallerService["ARC Installer/Manager"]
PolicyEngine["Policy Engine (security, compliance, cost, performance)"]
ConfigManager["Config File Manager (for GitOps/Hybrid workflows)"]
Logger["Logging & Audit"]
ProgressReporter["Progress/Status Reporter (chat-aware)"]
end
ToolExec --> KubeClient
ToolExec --> GitHubClient
ToolExec --> InstallerService
ToolExec --> PolicyEngine
ToolExec --> ConfigManager
ToolExec --> Logger
ToolExec --> ProgressReporter
%% Deterministic Execution / Operations
ToolExec --> MCPAction["MCP Operation (Install, Scale, Deploy, Status, Cleanup, Validate, etc.)"]
MCPAction -->|State Change| ClusterState["Kubernetes/ARC State Change"]
MCPAction --> StructuredResult["Structured Result/Report"]
StructuredResult --> ProgressReporter
%% Feedback to User
ProgressReporter --> ClientResponse["Real-time Updates, Dashboards, Recommendations to Client/Chat"]
ErrorHandling --> ClientResponse
%% GitOps/Config Workflow
ConfigManager --> ConfigFiles["Auto-generate YAML/config files"]
ConfigFiles --> GitAuditTrail["Versioned Git Audit Trail"]
ConfigFiles --> ApplyToCluster["Apply Configs to Cluster"]
ConfigManager --> DriftDetection["Drift Detection (Compare Git state vs Cluster)"]
%% Policy/Compliance Flow
PolicyEngine --> ComplianceReport["Compliance/Policy Report"]
ComplianceReport --> ClientResponse
PolicyEngine --> AutoFix["Auto-fix Violations (optional/apply mode)"]
AutoFix --> ConfigFiles
%% Logging/Audit Flow
Logger --> Logs["System Logs & Audit Reports"]
Logs --> ClientResponse
%% Extensibility / Modular Design
NewTool --> ToolRegistry
%% Annotations
classDef entrypoint fill:#f5faff,stroke:#3f51b5,stroke-width:2px;
classDef core fill:#e3f2fd,stroke:#1976d2,stroke-width:2px;
classDef service fill:#f9fbe7,stroke:#8bc34a,stroke-width:2px;
classDef process fill:#e1f5fe,stroke:#039be5,stroke-width:2px;
classDef feedback fill:#fff9c4,stroke:#fbc02d,stroke-width:2px;
classDef gitops fill:#ffecb3,stroke:#795548,stroke-width:2px;
class ClientChat,ClientAPI,ClientCLI entrypoint;
class MCPServer,ToolRouter,ToolRegistry,ToolHandler,InputValidation,ToolExec,ErrorHandling,StructuredResult,NewTool core;
class KubeClient,GitHubClient,InstallerService,PolicyEngine,ConfigManager,Logger,ProgressReporter service;
class MCPAction,ClusterState,ComplianceReport,AutoFix process;
class ProgressReporter,ClientResponse,ConfigFiles,ApplyToCluster,GitAuditTrail,Logs,DriftDetection feedback;
š NOW SUPPORTS ARC 0.13.0 with advanced container modes, dual-stack networking, Azure Key Vault integration, and OpenShift support!
š Key Features
š¤ Natural Language Operations
Transform complex ARC tasks into simple conversations:
"Install ARC with container mode optimization"
"Scale runners to handle 50 concurrent jobs"
"Set up dual-stack networking for IPv6 support"
"Configure Azure Key Vault for secure secret management"
ā” ARC 0.13.0 Enhancements
š„ Container Mode: kubernetes-novolume eliminates ReadWriteMany storage requirements
š Dual-Stack Networking: IPv4/IPv6 support with automatic fallback
š Azure Key Vault Integration: Secure secret management without workflow exposure
š¢ OpenShift Support: Enterprise-grade deployment with Security Context Constraints
š Enhanced Metrics: New workflow_name and target labels for better monitoring
š Enterprise-Ready Capabilities
Intelligent Installation: Zero-configuration ARC deployment with smart defaults
Real-time Monitoring: Live status dashboards and proactive health monitoring
Enterprise Security: Built-in policy validation and compliance enforcement with 20+ security rules
š Guided Workflows: Auto-fix tool now prompts for drift detection to maintain GitOps sync
Automated Policy Remediation: Auto-fix feature generates corrected configs for 6+ common violations
Compliance Reporting: Generate SOC2/enterprise compliance reports with scoring and recommendations
Cost Intelligence: Automatic scaling and resource optimization
Self-Healing: Automated troubleshooting and remediation
Platform Support: Kubernetes, OpenShift, AKS, EKS, GKE compatibility
š Quick Start
šÆ Step 1: Connect to MCP Client
Use with AI assistants like GitHub Copilot in VS Code
Add this configuration to your MCP client settings (e.g., ~/.mcp.json or VS Code settings):
{
"mcpServers": {
"arc-config": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-v", "${HOME}/.kube:/home/node/.kube:ro",
"-v", "/path/to/your/project/configs:/app/configs",
"-e", "GITHUB_TOKEN",
"ghcr.io/tsviz/arc-config-mcp:latest"
]
}
}
}
š” Configuration Path: Replace /path/to/your/project/configs with your actual project path (e.g., /Users/username/projects/my-arc-project/configs)
šÆ Step 2: Choose Your Workflow
The MCP server supports three deployment workflows to match your team's needs:
Workflow | Best For | Config Files | Auto-Apply | Version Control |
Recommended (Default) | Most teams | ā
Saved | ā Manual* | ā
Yes |
Direct Apply | Quick testing | ā Not saved | ā
Automatic | ā No |
Full GitOps | Enterprise teams | ā
Saved | ā CI/CD handles it | ā
Yes + CI/CD |
*You review the generated config, then tell the AI to apply it (e.g., "apply it" or "deploy it")
š” Choosing a workflow: The default (Recommended) balances safety and convenience. For quick experiments, use Direct Apply. For production deployments, stick with Recommended or Full GitOps to maintain audit trails and enable rollbacks.
šÆ Step 3: Start Using Natural Language
āØ That's it! Talk to your AI assistant to manage ARC:
"Install ARC controller in my cluster"
"Deploy 10-20 autoscaling runners for my organization"
"Show me the status of my runners"
"Scale up to handle more load"
š Learn More: See Understanding Workflows below to choose the best approach for your team.
š¬ Live Demo: Healthcare Compliance in 5 Minutes
Want to see the power of AI-driven ARC management? Check out our Healthcare Demo Workflow where we:
Deploy 20-40 auto-scaling runners with a single command
Generate HIPAA-compliant policies automatically
Auto-fix security violations with AI remediation
Ensure zero configuration drift with GitOps validation
Final Result: Production-ready healthcare environment with 85% compliance score!
User: "Deploy 20-40 runners"
ā ā
ARC installed, runners deployed with auto-scaling
User: "Generate arc policies for healthcare production"
ā ā
HIPAA/SOC2/ISO27001 policies created
User: "Auto-fix any policy violations"
ā ā
55.6% ā 72.2% compliance improvement
User: "Run drift detection"
ā ā
Drift detected & auto-fixed (configs regenerated)
šÆ Perfect for demos, POCs, and training sessions!
š Full Demo Guide ā¢ Technical Workflow
š Understanding Workflows
The MCP server offers three ways to deploy and manage ARC, each suited for different needs:
šÆ Recommended Workflow (Default)
Perfect for most teams - Combines AI convenience with version control best practices.
How it works:
AI generates configuration files in configs/ directory
You review the YAML files (they're in your project!)
Apply using AI commands: "Apply the runner configuration"
Changes are tracked in Git for audit trail
Benefits:
ā
Version control for all infrastructure
ā
Review changes before applying
ā
Easy rollback via Git
ā
Team collaboration via Pull Requests
ā
Still simple to use with AI
Example:
You: "Deploy 20-40 runners for my-org"
AI: ā
Created configs/runner-sets/my-org-runners.yaml
š Review the file, then say "apply it" when ready
You: "Apply it"
AI: ā
Applied to cluster! 20 runners starting...
š Detailed Guide: Workflow Guide | Visual Guide
ā” Direct Apply Workflow
Best for quick testing - Deploy immediately without saving configuration files.
How it works:
AI deploys directly to cluster
No config files created
Fastest approach
Tradeoffs:
Example:
You: "Install ARC controller with direct mode"
AI: ā
Installing directly to cluster...
ā
Done in 45 seconds!
š¢ Full GitOps Workflow
Best for enterprise teams - Integrates with ArgoCD, Flux, or CI/CD pipelines.
How it works:
AI generates configuration files only
You commit to Git
Your GitOps tool (ArgoCD/Flux) applies automatically
Never applies directly to cluster
Benefits:
ā
Full GitOps compliance
ā
Automated deployments via CI/CD
ā
Policy enforcement before apply
ā
Complete audit trail
Example:
You: "Generate runner config for my-org in gitops mode"
AI: ā
Created configs/runner-sets/my-org-runners.yaml
š Commit to Git - your GitOps tool will handle deployment
š GitOps Guide: Setting up ArgoCD/Flux
š ļø Alternative Installation Methods
š³ Docker Standalone
# Pull and run the latest version
docker run -p 3000:3000 ghcr.io/tsviz/arc-config-mcp:latest
# With custom configuration
docker run -p 3000:3000 \
-e GITHUB_TOKEN=your_token \
-e KUBECONFIG_PATH=/kubeconfig \
-v ~/.kube/config:/kubeconfig:ro \
ghcr.io/tsviz/arc-config-mcp:latest
š ļø Local Development
git clone https://github.com/tsviz/arc-config-mcp.git
cd arc-config-mcp
npm install
npm run build
npm start -- --stdio # For MCP protocol connection
š Natural Language Examples
Transform complex ARC operations into simple conversations:
š„ ARC 0.13.0 Enhanced Examples
š§ "Install ARC with the new container mode to eliminate storage issues"
š¤ ā
Installing ARC controller with kubernetes-novolume container mode...
š¦ Helm chart: actions-runner-controller v0.13.0
š„ Container mode: kubernetes-novolume (no RWX storage needed!)
š Enhanced metrics: workflow_name and target labels enabled
š Security: JIT token secure mode enabled
ā±ļø Installation completed in 52 seconds
š§ "Set up dual-stack networking for IPv6 support"
š¤ ā
Configuring dual-stack networking for ARC runners...
š IPv4/IPv6: Dual-stack support enabled
š Fallback: IPv4 only if IPv6 unavailable
š”ļø Network policies: Updated for dual-stack
š DNS config: Optimized for both protocols
ā±ļø Network configuration completed in 30 seconds
š§ "Configure Azure Key Vault integration for secure secrets"
š¤ ā
Setting up Azure Key Vault CSI integration...
š Key Vault: Connected to production vault
š« Workload Identity: Configured for secure access
š« Workflow context: Secrets isolated from workflows
š Secret Provider Class: Created and validated
ā±ļø Azure Key Vault integration completed in 75 seconds
š§ "Deploy runners optimized for OpenShift with enterprise security"
š¤ ā
Deploying OpenShift-optimized ARC runners...
š¢ Platform: OpenShift Security Context Constraints applied
š¤ Security: Non-root user with restricted capabilities
š·ļø SELinux: Multi-Category Security labels configured
š Pod Security: Restricted standard enforced
ā±ļø OpenShift deployment completed in 95 seconds
š” Traditional Examples
š§ "Install ARC in my dev cluster with basic security settings"
š¤ ā
Installing ARC controller with development security profile...
š¦ Helm chart: actions-runner-controller v0.13.0
š Security: Basic validation enabled
š Namespace: arc-systems
ā±ļø Installation completed in 45 seconds
š§ "Scale my repo runners to handle the evening build rush"
š¤ ā
Analyzing current load and scaling runners...
š Current: 3 runners, Target: 8 runners
š Load factor: 85% ā 45%
š° Cost impact: +$12/hour (estimated)
ā±ļø Scaling completed in 90 seconds
š§ "Show me why my runners keep failing"
š¤ š Analyzing runner health and recent failures...
ā Issue found: Insufficient CPU resources
š” Recommendation: Increase runner resource limits
š ļø Auto-fix available: Update resource quotas
š Policy violation: Resource limits below minimum
š§ "Check ARC policies and fix what you can"
š¤ ā
Running policy validation and auto-remediation...
š Compliance Score: 55.6% (10/18 policies passing)
š§ Auto-fixing 3 violations (CPU limits, memory requests, labels)
š Generated: configs/runner-sets/my-runners-fixed.yaml
š” Manual fixes needed: 2 violations (see recommendations)
ā±ļø Auto-fix completed in 18 seconds
š§ "Validate policies and apply fixes to the cluster"
š¤ ā
Running policy validation with cluster remediation...
š Initial Compliance: 44.4% (8/18 policies passing)
š§ Applied 4 fixes to cluster (resources, security contexts)
š Saved audit trail: configs/runner-sets/production-runners-fixed.yaml
ā
Final Compliance: 77.8% (14/18 policies passing)
ā±ļø Validation and remediation completed in 32 seconds
šļø Architecture Overview
āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā
ā AI Client ā ā MCP Server ā ā Kubernetes ā
ā (Copilot) āāāāāŗā (This Repo) āāāāāŗā (ARC Runs) ā
āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā āāāāāāāāāāāāāāāāāāā
ā²
ā
āāāāāāāāāāāāāāāāāāā
ā GitHub API ā
ā (Runner Mgmt) ā
āāāāāāāāāāāāāāāāāāā
Components
Natural Language Processor: Converts human intent to structured operations
ARC Policy Engine: Validates configurations against 18 built-in enterprise policies
Configuration Manager: GitOps-ready config generation with version control support
Kubernetes Orchestrator: Manages cluster resources and deployments
GitHub Integration: Handles runner registration and lifecycle
Monitoring Hub: Tracks performance and health metrics
š ļø Complete Tool Catalog
š Full Documentation: See TOOLS.md for comprehensive tool documentation with examples and parameters.
šÆ Core Operations
Tool | Purpose | Example Usage |
arc_install_controller
| Deploy ARC to Kubernetes | Install with custom config |
arc_get_status
| Comprehensive health check | Monitor all components |
arc_scale_runners
| Horizontal runner scaling | Handle load spikes |
arc_manage_runners
| Full lifecycle management | Create/update/delete runners |
arc_cleanup_installation
| Safe ARC cleanup/uninstall | Remove ARC with AI guidance |
arc_analyze_cleanup_state
| Pre-cleanup analysis | Analyze before removing ARC |
š”ļø Safety Note: Cleanup functionality is disabled by default. Set CLEANUP_ARC=true environment variable to enable. See Cleanup Documentation for details.
š Configuration Management Tools
Use these tools with the Recommended Workflow for version-controlled deployments.
Tool | Purpose | Example Usage |
arc_install_controller_hybrid
| Install ARC with config files | Generate controller configuration |
arc_deploy_runners_hybrid
| Deploy runners with versioning | Generate and apply runner configs |
arc_apply_config
| Apply existing config files | Deploy from repository configs |
arc_list_configs
| List stored configurations | View all config files |
arc_detect_drift
| Compare config vs deployed | Find configuration drift |
š¤ AI-Powered Features
Tool | Purpose | Example Usage |
arc_process_natural_language
| Convert speech to action | "Scale up for deployment" |
š Security & Compliance
Tool | Purpose | Example Usage |
arc_validate_policies
| Validate & auto-fix policy violations (generates fixed configs in configs/
) | Compliance reports, config-based remediation |
šļø Legacy Tools
Tool | Purpose | Status |
deploy_github_runners
| Original deployment tool | Deprecated |
šŗļø Roadmap & Future Tools
The following tools are planned for future releases to enhance ARC management capabilities:
š Security & Compliance (High Priority)
Tool | Purpose | Priority | Complexity |
arc_audit_logs
| Security audit log analysis | High | Medium |
arc_manage_secrets
| Secret rotation and management | Medium | High |
arc_configure_networking
| Network policy management | Medium | Medium |
šÆ Operations & Monitoring (Medium Priority)
Tool | Purpose | Priority | Complexity |
arc_troubleshoot_issues
| Automated diagnostics for common issues | High | High |
arc_optimize_costs
| Resource and cost optimization | Medium | Medium |
arc_generate_reports
| Operational reports and metrics | Medium | Low |
arc_performance_tuning
| Auto-tune runner performance settings | Low | High |
š Advanced Features (Lower Priority)
Tool | Purpose | Priority | Complexity |
arc_backup_config
| Configuration backup and restore | Medium | Low |
arc_upgrade_components
| Automated ARC version upgrades | Medium | High |
arc_migrate_runners
| Migrate runners between clusters | Low | High |
arc_disaster_recovery
| DR planning and execution | Low | Very High |
š” Want to contribute? These tools are tracked as GitHub issues. Check the Issues page for details and implementation discussions.
š Prerequisites & Requirements
System Requirements
Node.js: 18.0+ (LTS recommended)
Kubernetes: 1.24+ (tested up to 1.30)
Memory: 512MB+ for server
Storage: 100MB for installation
Kubernetes Permissions
The server requires these cluster permissions:
Namespaces: List, create, watch
Deployments: Full CRUD operations
Services: Create, update, delete
ConfigMaps/Secrets: Manage runner configurations
RBAC: Create service accounts and roles
GitHub Requirements
š§ Installation & Configuration
Environment Configuration
Create a .env file with your settings:
# GitHub Configuration
GITHUB_TOKEN=ghp_your_personal_access_token
GITHUB_ORG=your-organization
GITHUB_REPO=your-repository
# Kubernetes Configuration
KUBECONFIG_PATH=/path/to/kubeconfig
ARC_NAMESPACE=arc-systems
RUNNER_NAMESPACE=arc-runners
# MCP Server Configuration
MCP_PORT=3000
LOG_LEVEL=info
ENABLE_METRICS=true
# Security Settings
ENABLE_POLICY_VALIDATION=true
SECURITY_PROFILE=standard # basic|standard|strict
AUTO_FIX_VIOLATIONS=false
CLEANUP_ARC=false # Enable ARC cleanup/uninstall functionality (disabled by default for safety)
# Performance Tuning
MAX_CONCURRENT_OPERATIONS=5
OPERATION_TIMEOUT=300
RETRY_ATTEMPTS=3
VS Code + GitHub Copilot Integration
Configure MCP Server (already shown above):
The JSON configuration from the Quick Start section works directly with VS Code + GitHub Copilot.
Enable MCP in GitHub Copilot:
Add to your VS Code settings:
{
"github.copilot.enable": {
"*": true,
"mcp": true
}
}
Start using natural language commands with GitHub Copilot to manage your ARC infrastructure!
Production Deployment
Kubernetes Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: arc-config-mcp
namespace: mcp-system
spec:
replicas: 2
selector:
matchLabels:
app: arc-config-mcp
template:
metadata:
labels:
app: arc-config-mcp
spec:
containers:
- name: mcp-server
image: ghcr.io/tsviz/arc-config-mcp:latest
ports:
- containerPort: 3000
env:
- name: GITHUB_TOKEN
valueFrom:
secretKeyRef:
name: github-credentials
key: token
- name: LOG_LEVEL
value: "info"
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
Docker Compose
version: '3.8'
services:
arc-mcp:
image: ghcr.io/tsviz/arc-config-mcp:latest
ports:
- "3000:3000"
environment:
- GITHUB_TOKEN=${GITHUB_TOKEN}
- LOG_LEVEL=info
volumes:
- ~/.kube/config:/app/.kube/config:ro
restart: unless-stopped
šØ Usage Patterns & Examples
š„ ARC 0.13.0 Advanced Patterns
1. Container Mode Optimization
š§ "Upgrade my existing ARC to use the new container mode"
š¤ I'll migrate you to kubernetes-novolume container mode:
1ļøā£ Analyzing current deployment...
š Current: kubernetes mode with PVC storage
š RWX storage usage: 15 GB across 8 runners
š° Storage cost: $45/month
2ļøā£ Planning migration to kubernetes-novolume...
ā” Benefits: No RWX storage dependency
š Performance: ~30% faster job startup
š° Cost savings: $45/month storage eliminated
š§ Lifecycle hooks: preStart/preStop configured
3ļøā£ Executing migration...
š Creating new runner deployment with container mode
š¦ Adding workspace lifecycle hooks
š Rolling out updated configuration
š§¹ Cleaning up legacy PVC resources
ā
Migration complete!
šÆ Container mode: kubernetes-novolume active
ā” Job startup time: Reduced by 28 seconds
š¾ Ephemeral storage: 10Gi per runner
2. Dual-Stack Networking Setup
š§ "Configure my runners for IPv6 support"
š¤ Setting up dual-stack networking for future-ready infrastructure:
1ļøā£ Evaluating network requirements...
š Current: IPv4 only
š Target: IPv4/IPv6 dual-stack
š GitHub API: IPv6 endpoints available
2ļøā£ Configuring dual-stack support...
š§ DNS policy: ClusterFirst with IPv6
š”ļø Network policies: Updated for dual protocols
š·ļø Service configuration: Dual-stack enabled
š” Ingress: IPv4/IPv6 load balancing
3ļøā£ Testing connectivity...
ā
IPv4 GitHub API: Connected
ā
IPv6 GitHub API: Connected
š Fallback mechanism: IPv4 verified
š Latency: IPv6 -12ms vs IPv4
ā
Dual-stack networking active!
š Protocols: IPv4 + IPv6 with automatic fallback
š Performance: Optimized routing selection
š”ļø Security: Enhanced network isolation
3. Azure Key Vault Integration
š§ "Secure my secrets using Azure Key Vault instead of Kubernetes secrets"
š¤ Implementing Azure Key Vault CSI integration:
1ļøā£ Validating Azure setup...
š Key Vault: arc-secrets-prod detected
š¤ Workload Identity: Configured for AKS
š« Service Principal: Permissions verified
š¦ CSI Driver: secrets-store-csi-driver v1.4.1
2ļøā£ Creating SecretProviderClass...
š·ļø Name: arc-azure-keyvault
š Secrets: github-token, webhook-secret
š”ļø Access: Workload Identity federation
š Mount path: /mnt/secrets
3ļøā£ Updating runner deployment...
š¦ Volume: CSI secrets-store driver
š Security: No secrets in workflow context
š Rotation: Automatic on key vault update
š Monitoring: Secret access auditing
ā
Azure Key Vault integration complete!
š Secrets: Managed externally in Azure
š« Context isolation: Secrets hidden from workflows
š Auto-rotation: 90-day lifecycle
š Audit trail: All access logged
š” Traditional Deployment Patterns
1. First-Time ARC Installation
š§ "I need to set up GitHub Actions runners in my new cluster"
š¤ I'll help you install ARC with best practices:
1ļøā£ Checking cluster compatibility...
ā
Kubernetes 1.28 detected
ā
Sufficient resources available
ā
RBAC permissions verified
2ļøā£ Installing ARC controller...
š¦ Adding Actions Runner Controller Helm repository
āļø Configuring with security defaults
š Deploying to namespace: arc-systems
3ļøā£ Setting up runner infrastructure...
š„ Creating runner group: default-runners
š Configuring GitHub webhook authentication
š Enabling monitoring and metrics
ā
Installation complete!
š Controller endpoint: https://arc.your-cluster.com
š Grafana dashboard: https://monitoring.your-cluster.com/arc
š Next steps: Configure your first runner set
2. Scaling for High Load
š§ "Our deployment pipeline is slow, we need more runners during business hours"
š¤ I'll set up intelligent scaling for your deployment pipeline:
š Current Analysis:
ā¢ 3 active runners
ā¢ 12 queued jobs
ā¢ Average wait time: 8 minutes
šÆ Optimization Plan:
ā¢ Scale to 8 runners immediately
ā¢ Configure auto-scaling: 3-15 runners
ā¢ Business hours boost: 9AM-6PM EST
ā¢ Weekend scale-down: 1-3 runners
āļø Implementing changes...
ā
HorizontalPodAutoscaler configured
ā
Schedule-based scaling rules applied
ā
Cost optimization policies enabled
š° Cost Impact:
ā¢ Current: ~$180/month
ā¢ Optimized: ~$245/month (+36%)
ā¢ ROI: 2.5x faster deployments
3. Troubleshooting Runner Issues
š§ "My runners keep dying and I don't know why"
š¤ Let me analyze your runner health:
š Diagnostic Results:
ā 3 runners crashed in last hour
ā OOMKilled events detected
ā CPU throttling at 95%
šÆ Root Cause: Resource constraints
ā¢ Memory limit: 2Gi (insufficient)
ā¢ CPU limit: 1000m (too low for builds)
ā¢ Recommended: 4Gi memory, 2000m CPU
š ļø Auto-fix Available:
1. Update resource quotas
2. Configure memory overcommit protection
3. Add resource monitoring alerts
Would you like me to apply these fixes? [y/N]
4. Security Compliance Check
š§ "Check if our ARC setup meets SOC2 requirements"
š¤ Running comprehensive policy validation and compliance audit...
ļæ½ Analyzing ARC Resources:
ā
Controller: Healthy and compliant
š RunnerScaleSets: 3 found
š Security Policies: 23 rules evaluated
š Compliance Report:
ā
Security Policies: 18/20 passed (90%)
ā ļø Compliance Policies: 8/10 passed (80%)
ā
Performance Policies: 5/5 passed (100%)
š“ Critical Issues Found:
1. Privileged runner detected (arc-sec-002)
2. Missing resource limits (arc-perf-001)
š High Priority Issues:
1. GitHub token secret not configured (arc-sec-003)
2. Runner not scoped to repository (arc-comp-001)
š” Auto-Fix Available:
š§ 2 violations can be automatically fixed
š ļø Remediation Plan:
1. Remove privileged flag from runner pods
2. Add resource limits (CPU: 2000m, Memory: 4Gi)
3. Configure GitHub token secret reference
4. Scope runners to specific repositories
š Overall Compliance Score: 78/100
Target for SOC2: 95/100
Would you like me to auto-fix the applicable violations? [y/N]
ā” Quick Command Reference
Common commands you'll use frequently with this MCP server:
Policy & Compliance
# Basic validation
"Check ARC policies"
"Validate my runners against compliance rules"
# Generate compliance report
"Show me a compliance report for arc-runners namespace"
"Generate compliance report as JSON"
# Auto-fix violations (generates config files for review)
"Fix policy violations"
"Auto-fix compliance issues"
# Auto-fix and apply to cluster immediately
"Fix violations and apply to cluster"
"Auto-remediate and deploy fixes"
Installation & Deployment
# Install ARC controller
"Install ARC in my cluster"
"Deploy ARC controller with production settings"
# Deploy runners with config versioning
"Deploy runners for my-org repository"
"Create runner set for enterprise-repo with 5 minimum runners"
# Apply existing configurations
"Apply the my-runners config"
"Deploy config from configs/runner-sets/production.yaml"
Monitoring & Status
# Check overall health
"Show ARC status"
"What's the health of my runners?"
# Detect configuration drift
"Check for config drift"
"Compare deployed state with my config files"
# View logs and troubleshoot
"Show me runner logs"
"Why are my runners failing?"
Scaling & Management
# Scale runners
"Scale my-runners to 10"
"Increase runner capacity for evening builds"
# Manage lifecycle
"Update runner image to latest"
"Delete old runner sets"
Configuration Management
# List configurations
"Show all my configs"
"List runner configurations"
# Review generated configs before applying
"Generate runner config but don't apply"
"Create configuration for review only"
š” Pro Tip: All commands are natural language - no need to memorize exact syntax!
š Security & Best Practices
š”ļø Security Framework
Our security model implements defense-in-depth principles:
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā Security Layers ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā š Authentication ā GitHub tokens, RBAC, mTLS ā
ā š”ļø Authorization ā Fine-grained permissions ā
ā š Audit Logging ā All operations tracked ā
ā š¦ Container Securityā Image scanning, non-root users ā
ā š Network Policies ā Zero-trust networking ā
ā š Secrets Managementā Encrypted storage, rotation ā
ā š Monitoring ā Real-time threat detection ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
šØ Security Policies
The server includes built-in security policies:
Critical Security Rules
Container images must be from approved registries
No privileged containers allowed
Resource limits must be specified
Network policies required for all namespaces
Access Control Policies
GitHub tokens must have minimal required scopes
Kubernetes RBAC follows least-privilege principle
MCP client authentication required in production
Operational Security
All operations are logged and auditable
Sensitive data is masked in logs
Failed operations trigger security alerts
š Secure Configuration Example
# Security-hardened ARC configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: arc-security-config
data:
security_profile: "strict"
audit_logging: "enabled"
network_policies: "enforced"
image_scanning: "required"
resource_quotas: "mandatory"
# Policy definitions
allowed_registries: |
- ghcr.io
- gcr.io
- docker.io/library
mandatory_labels: |
- app.kubernetes.io/name
- app.kubernetes.io/version
- security.policy/compliant
ā ļø Security Notice: This tool provides administrative access to Kubernetes clusters and GitHub repositories. Always follow your organization's security policies and use appropriate access controls.
š Policy Validation & Auto-Fix
š”ļø Enterprise Policy Engine
The ARC MCP Server includes a comprehensive policy engine that validates your GitHub Actions Runner deployments against 18 built-in policies covering security, compliance, performance, cost optimization, and operational best practices.
Policy Categories
Category | Rules | Description |
š Security | 6 rules | Prevent privileged runners, enforce security contexts, validate secrets |
š Compliance | 2 rules | Repository scoping, runner group requirements |
š Performance | 4 rules | Resource limits, container mode optimization |
š° Cost | 2 rules | Reasonable CPU/replica limits, cost optimization |
āļø Operations | 3 rules | Proper labeling, valid runner images, observability |
š Networking | 1 rule | Dual-stack networking support |
Policy Configuration & Environments
Generate environment-specific policy configurations with 24 pre-configured profiles:
š§ "Generate a HIPAA policy config"
š¤ ā
Generated HIPAA-compliant policy configuration
š Security rules: Critical severity (PHI protection)
š Compliance rules: Critical severity (HIPAA/HITECH)
š Performance rules: High severity (reliability)
š Saved: configs/policies/arc-policy-config.json
š§ "List all available security rules"
š¤ š Security Policy Rules (6 total)
ā
arc-sec-001: Require Runner Security Context (High)
ā
arc-sec-002: Prohibit Privileged Runners (Critical)
ā
arc-sec-003: Require GitHub Token Secret (Critical)
ā
arc-013-003: JIT Token Security (High)
ā
arc-013-005: Azure Key Vault Integration (Medium)
ā
arc-013-006: OpenShift Compatibility (Medium)
Supported Environments:
Core: development, staging, production
Compliance: hipaa, fedramp, pci-dss, sox, gdpr
Industry: financial, healthcare, government, education
Infrastructure: edge, iot, embedded, multi-tenant
Organization: startup, enterprise
Workload: aiml, research
Security: high-security, zero-trust, air-gapped
š Complete Policy Guide: See Policy Validation Usage Guide for step-by-step instructions, real-world workflows, and troubleshooting
šÆ Policy Rule Integration: See Policy Rule Integration Guide for comprehensive documentation on how policy configs integrate with the 18 built-in rules
š Policy Reference: See POLICY_VALIDATION.md for detailed rule descriptions and technical specifications
š Auto-Fix Capabilities
The policy engine can automatically remediate violations by generating fixed configuration files that follow best practices.
How Auto-Fix Works
š§ "Check my runners for policy violations"
š¤ š Running policy validation...
ā
Compliance Score: 55.6%
ā 8 violations found (6 can be auto-fixed)
Critical Issues:
š“ None found
High Priority:
š Missing security context
š Repository scope too broad
š” Auto-fix available for 6 violations
š§ "Auto-fix the violations"
š¤ š Generating fixed configuration files...
ā
Fixed security context issues
ā
Added dual-stack networking support
ā
Configured OpenShift compatibility
ā
Added enhanced metrics labels
š Generated Files:
- configs/runner-sets/my-runners.yaml
š Next Steps:
1. Review: configs/runner-sets/my-runners.yaml
2. Commit: git add configs/ && git commit -m "fix: policy violations"
3. Apply: Say "apply the runner configuration"
4. Validate: Say "check compliance again"
š” Config files saved for audit trail!
Two Auto-Fix Modes
1. Generate Only (Default - Recommended)
Perfect for GitOps workflows - generates fixed config files in .
# Ask AI:
"Auto-fix my policy violations"
# What happens:
ā
Fetches current runner configuration from cluster
ā
Applies policy fixes to the configuration
ā
Generates fixed YAML in configs/runner-sets/
ā
Adds audit annotations (timestamp, violations fixed)
āøļø STOPS - does NOT apply to cluster
š Shows you the changes and next steps
Benefits:
ā
Review before apply - See exactly what will change
ā
Git version control - Config files ready to commit
ā
Audit trail - Track all policy fixes over time
ā
Rollback capable - Easy to revert changes
ā
Team collaboration - Create PRs for review
2. Generate + Apply Mode
For development environments - generates configs in .
# Ask AI:
"Auto-fix my violations and apply them"
# or
"Auto-fix with apply=true"
# What happens:
ā
Everything from mode 1 (generates configs in configs/), PLUS:
š Applies fixes directly to cluster
š Shows apply results (success/failure per resource)
ā
Config files still saved in configs/ for audit trail
When to use:
š§Ŗ Development/testing environments
š Quick fixes needed urgently
š¤ Single-person projects
ā” Speed over review process
Fixable Violations
The auto-fix feature can remediate these policy violations automatically:
Violation | Fix Applied | Impact |
Missing security context | Adds pod security context with non-root user | Security ā |
Container mode not optimized | Sets kubernetes-novolume
mode | Performance ā, Storage costs ā |
OpenShift incompatibility | Configures runAsUser: 999
and SCC compatibility | OpenShift support ā |
Missing enhanced metrics labels | Adds workflow_name
and target
labels | Observability ā |
Dual-stack networking | Configures dnsPolicy: ClusterFirst
| IPv4/IPv6 support ā |
Missing lifecycle hooks | Adds container lifecycle hooks for novolume mode | Reliability ā |
Manual Remediation Required
Some violations require human decision-making and cannot be auto-fixed:
Violation | Why Manual? | What to Do |
Missing GitHub token secret | Requires actual GitHub PAT/App credentials | Configure in cluster secrets |
Privileged runner detected | Security decision needed | Remove privileged flag or justify |
Repository scope too broad | Business logic decision | Scope to specific repos |
Invalid runner image | Image selection requires approval | Use official images from ghcr.io |
Missing required labels | Naming conventions vary by org | Add org-specific labels |
Azure Key Vault not configured | Requires Azure setup | Configure AKV CSI driver |
š Compliance Reporting
Generate comprehensive compliance reports for your ARC deployments:
š§ "Generate a compliance report for all my runners"
š¤ š ARC Compliance Report
Cluster: production-aks
Namespace: arc-systems
Compliance Score: 78.5%
ā
Passed: 14 rules
ā Failed: 4 rules
ā ļø Warnings: 3 rules
By Severity:
š“ Critical: 0
š High: 2
š” Medium: 3
š¢ Low: 2
By Category:
š Security: 3 violations
š Compliance: 1 violation
āļø Operations: 3 violations
Top Issues:
1. [HIGH] Security context not configured (3 runners)
2. [HIGH] Runners scoped to entire org (security risk)
3. [MED] Container mode not optimized (performance impact)
š” 6 violations can be auto-fixed
š° Estimated cost savings from fixes: $45/month
šÆ Policy Validation Commands
Common AI commands for policy management:
# Validation
"Check my runners for policy violations"
"Validate ARC compliance"
"Run a security audit on my runners"
# Auto-Fix
"Auto-fix the policy violations"
"Fix the violations and save configs"
"Auto-fix and apply immediately" (with apply=true)
# Reporting
"Generate a compliance report"
"Show me all critical violations"
"List security policy violations"
# Specific Checks
"Check if my runners meet SOC2 requirements"
"Validate runners against security policies"
"Show me cost optimization opportunities"
š Policy Customization
While the server comes with 20+ built-in policies, you can customize enforcement levels:
# Configure policy behavior via environment variables
export ARC_POLICY_ENFORCEMENT="strict" # strict, advisory, or disabled
export ARC_POLICY_AUTO_FIX_ENABLED="true" # Enable/disable auto-fix
export ARC_POLICY_CATEGORIES="security,compliance" # Focus on specific categories
š Advanced Policy Configuration: See EXTERNAL_POLICY_CONFIG.md for custom policy definitions
š Learn More
New to policy validation? Check out the Complete Policy Validation Usage Guide for:
š Step-by-step tutorials for each operation
š¬ Real-world workflow examples
š§ Troubleshooting common issues
š Advanced usage patterns
ā
Best practices and tips
Quick Links:
š Monitoring & Observability
š Built-in Metrics
The server exposes comprehensive metrics for monitoring:
// Prometheus metrics available at /metrics
arc_operations_total{operation="install",status="success"} 42
arc_operations_duration_seconds{operation="scale"} 1.23
arc_runners_active{namespace="production"} 8
arc_policy_violations_total{severity="critical"} 0
arc_github_api_requests_total{endpoint="runners"} 1337
š Health Checks
Multiple health check endpoints:
/health - Basic server health
/health/kubernetes - Cluster connectivity
/health/github - GitHub API status
/health/runners - Runner status summary
š Grafana Dashboard
Pre-built dashboard for comprehensive monitoring:
{
"dashboard": {
"title": "ARC MCP Server Monitoring",
"panels": [
{
"title": "Runner Utilization",
"type": "stat",
"targets": ["arc_runners_active / arc_runners_total"]
},
{
"title": "Operation Success Rate",
"type": "gauge",
"targets": ["rate(arc_operations_total{status='success'}[5m])"]
}
]
}
}
š Advanced Features
šÆ Cost Optimization Engine
Intelligent cost management for runner infrastructure:
š° Cost Analysis Report
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā Monthly Runner Costs: $1,247 ā
ā Optimization Potential: -$312 (25%) ā
ā ā
ā š Recommendations: ā
ā ā¢ Scale down during weekends (-$89) ā
ā ā¢ Use spot instances (-$156) ā
ā ā¢ Optimize resource allocations (-$67) ā
ā ā
ā šÆ Auto-optimization Available ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š¤ Predictive Scaling
AI-powered scaling based on workload patterns:
apiVersion: v1
kind: ConfigMap
metadata:
name: predictive-scaling-config
data:
enabled: "true"
prediction_window: "2h"
confidence_threshold: "0.8"
scale_up_factor: "1.5"
scale_down_factor: "0.7"
# ML model configuration
model_type: "time_series_forecast"
training_data_days: "30"
retrain_interval: "24h"
š ļø Self-Healing Capabilities
Automated problem detection and resolution:
š§ Self-Healing Engine Status
āāā š Issue Detection: Active
ā āāā Resource exhaustion monitoring
ā āāā Network connectivity checks
ā āāā GitHub API rate limit tracking
ā āāā Runner health verification
ā
āāā š ļø Auto-Remediation: Enabled
ā āāā Restart unhealthy runners
ā āāā Scale up on resource pressure
ā āāā Rotate expired credentials
ā āāā Clean up orphaned resources
ā
āāā š Success Rate: 94.2%
āāā Issues detected: 127
āāā Auto-resolved: 119
āāā Manual intervention: 8
š§Ŗ Testing & Validation
š¬ Comprehensive Test Suite
Run the full test suite to ensure reliability:
# Unit tests
npm run test:unit
# Integration tests (requires cluster)
npm run test:integration
# End-to-end tests
npm run test:e2e
# Performance tests
npm run test:performance
# Security tests
npm run test:security
šÆ Test Coverage
Current test coverage metrics:
Unit Tests: 94% line coverage
Integration Tests: 87% API coverage
E2E Tests: 78% workflow coverage
Security Tests: 100% vulnerability checks
šļø Local Testing Environment
Set up a complete local testing environment:
# Start local Kubernetes cluster
npm run dev:cluster:start
# Deploy test ARC environment
npm run dev:arc:setup
# Run MCP server in development mode
npm run dev:server
# Execute test scenarios
npm run dev:test:scenarios
š CI/CD Integration
GitHub Actions Workflow
Example workflow for automated ARC management:
name: ARC Management
on:
schedule:
- cron: '0 */6 * * *' # Every 6 hours
workflow_dispatch:
jobs:
arc-health-check:
runs-on: ubuntu-latest
steps:
- name: Check ARC Status
uses: ./
with:
mcp-server: 'ghcr.io/tsviz/arc-config-mcp:latest'
operation: 'health-check'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Scale for Peak Hours
if: github.event.schedule == '0 9 * * 1-5' # Weekday mornings
uses: ./
with:
operation: 'scale-runners'
target-replicas: 10
- name: Cost Optimization
if: github.event.schedule == '0 18 * * 5' # Friday evenings
uses: ./
with:
operation: 'optimize-costs'
apply-recommendations: true
š API Reference
MCP Protocol Integration
The server implements the full MCP specification:
// Tool invocation example
interface MCPToolCall {
method: "tools/call";
params: {
name: "arc_install_controller";
arguments: {
namespace: "arc-systems";
security_profile: "standard";
auto_scaling: true;
};
};
}
// Response format
interface MCPToolResponse {
content: [
{
type: "text";
text: "ā
ARC controller installed successfully";
}
];
isError: false;
}
REST API Endpoints
When running in HTTP mode, these endpoints are available:
GET /health - Server health check
GET /metrics - Prometheus metrics
POST /api/v1/arc/install - Install ARC controller
GET /api/v1/arc/status - Get ARC status
POST /api/v1/arc/scale - Scale runners
GET /api/v1/tools - List available tools
POST /api/v1/execute - Execute natural language command
š Documentation
Core Guides
Guide | Description | When to Use |
Policy Validation Usage Guide | Complete guide to using the policy validation tool with real-world workflows | Essential for security/compliance teams |
Policy Reference | Technical reference for all 20+ built-in policies | When you need detailed policy specifications |
Workflow Guide | Understanding deployment workflows (Recommended, Direct, GitOps) | Setting up your deployment process |
Hybrid Workflow Visual Guide | Visual diagrams of the GitOps workflow | Visual learners or architecture planning |
Advanced Security | Deep dive into security configurations | Hardening production deployments |
Cleanup Functionality | Safe ARC uninstallation and cleanup | Decommissioning or troubleshooting |
Enhanced Troubleshooting | Debugging guide and common issues | When things go wrong |
Quick References
External Resources
š¤ Contributing
We welcome contributions to improve ARC Config MCP Server!
š Getting Started
Fork the repository
Create a feature branch: git checkout -b feature/amazing-feature
Set up development environment:
npm install
npm run dev:setup
Make your changes
Run tests: npm test
Submit a pull request
š Development Guidelines
Follow TypeScript best practices
Maintain 90%+ test coverage
Update documentation for new features
Follow conventional commit messages
Ensure all security checks pass
š Code Review Process
All contributions go through our review process:
Automated Checks: CI/CD pipeline validation
Security Review: Vulnerability scanning
Performance Review: Load testing for critical paths
Documentation Review: Ensure docs are updated
Maintainer Review: Final approval by core team
š Troubleshooting
Common Issues
Installation Problems
ā Error: KUBECONFIG not found
š§ Solution: Set KUBECONFIG environment variable
export KUBECONFIG=/path/to/kubeconfig
ā Error: GitHub token invalid
š§ Solution: Check token scopes and expiration
- Required scopes: repo, admin:org, workflow
- Generate new token: https://github.com/settings/tokens
Runtime Issues
ā Error: Runners not starting
š§ Diagnosis: Check resource constraints
kubectl describe pod -n arc-runners
ā Error: High API rate limits
š§ Solution: Configure rate limiting
Set GITHUB_API_RATE_LIMIT=5000 in environment
Configuration Drift Issues
ā Issue: Config file shows minRunners: 20 but only 1 runner is running
š§ Diagnosis: Manual Helm commands can override YAML configs
# Check actual deployed values
kubectl get autoscalingrunnersets -n arc-systems <name> -o yaml
š§ Solution: Re-apply using MCP tools to sync with config files
#arc_apply_config --configType runnerSet --name <runner-set-name>
# Or use drift detection to find all mismatches
#arc_detect_drift
š” Best Practice: Always use MCP tools (#arc_apply_config) instead of
manual Helm commands. MCP tools read your YAML files and apply all
values correctly. Manual Helm --set commands bypass the config files.
Policy Validation Issues
ā Issue: False positive violations reported
š§ Diagnosis: Check actual deployed resource structure
kubectl get autoscalingrunnersets -n arc-runners <name> -o yaml | grep -A5 <field>
š§ Solution: Policy engine validates against deployed resources, not config templates
- Ensure field paths match actual Kubernetes resource structure
- Array indices like containers[0] are supported
ā Issue: Auto-fix not applying to cluster
š§ Solution: Use apply=true parameter to apply fixes
#arc_validate_policies operation=auto_fix apply=true
Default behavior (apply=false): Generates config files only for review
With apply=true: Generates config files AND applies to cluster
ā Issue: Compliance score lower than expected
š§ Diagnosis: Check for manual remediation required
#arc_validate_policies operation=validate
- Auto-fixable: Resources, labels, annotations, security contexts
- Manual required: GitHub secrets, container images, privileged mode
š” Best Practice: Always review generated config files in configs/runner-sets/
before applying to production clusters. Config files are created for
audit trail regardless of apply parameter.
Performance Issues
ā Issue: Slow response times
š§ Optimization: Enable caching
Set ENABLE_CACHE=true
Set CACHE_TTL=300
ā Issue: High memory usage
š§ Solution: Tune garbage collection
NODE_OPTIONS="--max-old-space-size=512"
š Debug Mode
Enable detailed logging for troubleshooting:
# Environment variable
export LOG_LEVEL=debug
# Runtime flag
npm start -- --log-level debug
# Specific component debugging
export DEBUG=arc:*,mcp:*,k8s:*
š Getting Help
š Learning Resources
š Official GitHub Documentation
Essential ARC Resources:
š Additional Reading
š„ Video Tutorials
š” Best Practices Guide
š Roadmap
šÆ Upcoming Features
Version 1.6.0 (Next Release)
Multi-cluster Support: Manage ARC across multiple Kubernetes clusters
Advanced Cost Analytics: ML-powered cost prediction and optimization
Webhook Integration: Real-time event processing from GitHub
Custom Policy DSL: Domain-specific language for policy configuration
Version 1.7.0 (Q2 2024)
GitOps Integration: ArgoCD and Flux compatibility
Advanced Scheduling: Complex workload-aware runner scheduling
Integration Hub: Pre-built integrations with popular DevOps tools
Mobile Dashboard: React Native app for on-the-go monitoring
Version 2.0.0 (Q3 2024)
Multi-Cloud Support: AWS, GCP, Azure runner orchestration
AI-Powered Optimization: GPT-4 powered operational intelligence
Enterprise SSO: SAML, OIDC, and LDAP integration
Compliance Framework: SOC2, ISO27001, PCI-DSS automation
šŗļø Long-term Vision
Transform ARC management from manual operations to fully autonomous, AI-driven infrastructure that:
Predicts and prevents issues before they occur
Optimizes costs automatically across cloud providers
Ensures compliance with evolving security standards
Scales intelligently based on development team patterns
š License & Legal
License
This project is licensed under the MIT License - see the LICENSE file for details.
Third-Party Dependencies
Node.js Ecosystem: Various MIT and Apache 2.0 licensed packages
Kubernetes Client: Apache 2.0 License
GitHub API: Used under GitHub Terms of Service
Security Disclosure
For security vulnerabilities, please email security@tsviz.com instead of using public issues.
Contributing License Agreement
By contributing to this project, you agree that your contributions will be licensed under the same MIT License.
š Related Projects & Ecosystem
Official Projects
Community Projects
Complementary Tools
Monitoring: Prometheus, Grafana, DataDog integration examples
Security: Falco, OPA Gatekeeper policy examples
GitOps: ArgoCD, Flux configuration templates
Cost Management: Kubecost, OpenCost integration guides
š Ready to transform your ARC operations?
Get Started ā¢ View Examples ā¢ Join Community
Transforming GitHub Actions runner management from manual kubectl commands to conversational AI-powered automation āØ