Skip to main content

AI & Stacktic — The Dark Factory Model

AI can now work in production — with no risk

Stacktic is the interface between AI and your infrastructure. It provides AI with structured metadata and relationships, auto-generates governed MCP access per stack layer, restricts all operations to the Stacktic framework, and logs, versions, and rolls back everything. The result: AI operates production autonomously — because every action is bounded, audited, and reversible.

1. Metadata & Relationships — AI Sees What You Designed

Stacktic doesn't give AI raw cluster access. It gives AI structured metadata — the same topology you designed.

What AI receives

  • Components — every service, database, queue, gateway in your stack
  • Links — typed relationships between components (who talks to who, and how)
  • Sub-components — Kafka topics, DB schemas, S3 buckets, RabbitMQ queues
  • Attributes — versions, replicas, namespaces, ports, configurations
  • Cross-stack boundaries — is_external flags for multi-cluster awareness

What AI does NOT receive

  • No raw kubectl access
  • No cluster-wide RBAC
  • No unstructured YAML
  • No raw passwords or secrets
  • No access to services without drawn links
  • No ability to run arbitrary shell commands
┌─────────────────────────────────────────────────────────────┐
│                    Stacktic Topology                         │
│                                                             │
│   FastAPI ──→ PostgreSQL      Kafka ──→ ClickHouse          │
│      │            │             │                           │
│      └──→ Redis   └──→ Grafana └──→ Loki                   │
│                                                             │
│   Every arrow = a typed link = AI metadata = MCP tool       │
└─────────────────────────────────────────────────────────────┘

                    Stack Agent API
                    POST /metadata/q

               ┌────────────┴────────────┐
               │    Structured JSON       │
               │    Components, links,    │
               │    attributes, types     │
               └─────────────────────────┘

The topology you design IS the metadata AI operates on. Every component, link, and sub-component becomes queryable, structured data. AI doesn't parse YAML — it queries relationships.

2. Automated MCP & Permission Governance — Per Layer

When you draw a link to a service in Stacktic, a governed MCP (Model Context Protocol) toolset is auto-generated for that service. Remove the link — the tools disappear. No manual configuration. No permission drift.

Observability Layer

Prometheus queries, Grafana dashboards, Loki log search — read-only by default, typed parameters, no raw PromQL injection

Data Layer

PostgreSQL, MongoDB, ClickHouse, Redis/Valkey — scoped queries, credential substitution, write-access gated independently per database

Operations Layer

ArgoCD sync, Kafka topic management, RabbitMQ publishing — each operation requires explicit write-access flag per service

How permissions work

ControlHow it works
Tool generationDraw a link → tools appear. Remove a link → tools disappear. No link = no access.
Credential scopingAI uses {password}, {host}, {port} variables — Stack Agent resolves them at runtime. AI never sees raw values.
Write gatingEach service has MCP_*_WRITE_ACCESS=false by default. Read always allowed. Write only when explicitly enabled.
Multi-stack isolationEach stack generates its own MCP with its own credentials. Cross-stack boundaries are explicit via is_external.

3. AI Restricted to Stacktic Framework

AI doesn't freestyle. Every operation AI performs goes through the Stacktic framework — validated templates, typed tools, structured queries.

Without Stacktic

AI → kubectl exec -it postgres -- psql
AI → kubectl delete pod kafka-0
AI → curl http://internal-service:8080/admin
AI → kubectl apply -f hallucinated.yaml

Raw access. No boundaries. No audit. One hallucinated command = production incident.

With Stacktic

AI → mcp tools/call pg_query {sql: "SELECT ..."}
AI → mcp tools/call prom_alerts {}
AI → mcp tools/call loki_query {logql: "..."}
AI → mcp tools/call argocd_list_applications {}

Typed tools. Scoped parameters. Governed access. Every call is JSON-RPC with method, params, timestamp.

What this means:

  • AI cannot run arbitrary commands — only pre-defined, typed MCP tools
  • AI cannot access services without drawn links — topology = permission boundary
  • AI cannot see raw credentials — variable substitution at runtime
  • AI cannot write without explicit permission — per-service write flags
  • AI cannot hallucinate operations — tools have typed parameters, invalid calls are rejected

4. Log Everything. Version Everything. Rollback Everything.

This is what makes AI safe in production. Every layer of the stack is versioned, audited, and reversible.

Log Everything

Every MCP call is JSON-RPC — method name, parameters, timestamp, response. Every AI operation is a structured audit trail. Combined with Loki for application logs and Prometheus for metrics — full observability of what AI does and what the stack does.

Version Everything

Stacktic versions the entire stack as a unified snapshot — every component, every link, every configuration, every secret. When AI triggers a change, that change is part of a versioned stack state. Not scattered config files — a single, trackable stack version.

Rollback Everything

Any stack version can be rolled back — completely, to any previous state. If AI triggers a deployment that causes issues, rollback the entire stack to the last known-good version. Not just one service — the full stack with all its relationships intact.

The Safety Guarantee

┌──────────────────────────────────────────────────────────────┐
│                     AI operates production                    │
│                                                              │
│   ✓ Every action → logged (JSON-RPC audit trail)             │
│   ✓ Every state → versioned (unified stack snapshots)        │
│   ✓ Every change → reversible (full-stack rollback)          │
│   ✓ Every tool → validated (generated from tested templates) │
│   ✓ Every credential → scoped (variable substitution)       │
│   ✓ Every write → gated (per-service boolean flag)           │
│                                                              │
│   Result: AI in production with zero risk                    │
└──────────────────────────────────────────────────────────────┘

This is why it's a dark factory. In manufacturing, a dark factory runs lights-out — no humans on the floor, fully automated, everything monitored and reversible. Stacktic brings this model to infrastructure: AI agents operate autonomously through governed metadata, every action is audited, every state is versioned, every mistake is reversible. Production-grade AI operations — lights out.

The Full Picture

LayerWhat Stacktic providesWhat AI gets
MetadataTopology → Stack Agent API → structured JSONComponents, links, types, groups, attributes — full stack awareness
MCPAuto-generated per stack, per linked service50+ typed tools — query, observe, test, operate
PermissionsTopology = governance, write gating, credential scopingBounded access — only what topology defines, only what flags allow
FrameworkValidated templates, typed parameters, no kubectlStructured operations — impossible to hallucinate invalid commands
LoggingJSON-RPC audit trail + Loki + PrometheusFull observability of every AI action and every stack metric
VersioningUnified stack snapshots — every component, link, configTrackable state — know exactly what changed and when
RollbackFull-stack rollback to any previous versionSafety net — any mistake is one rollback away from fixed

Stacktic provides AI with metadata and relationships · automates MCP and permission governance for each layer · restricts AI to the Stacktic framework for ops · logs everything, versions everything, rolls back everything — AI can now work in production with no risk.