The Challenge
The client is building a hardware company with complex cloud infrastructure. Their systems run on a managed hosting provider, but the founder had a specific problem: he didn't want to give developers direct access to the hosting provider. No dashboard logins, no ad-hoc changes, no drift between what's deployed and what's in code.
He wanted a CLI where YAML files are the single source of truth for infrastructure, and developers manage everything through scoped tokens and declarative config. Longer term, the tool should work across hosting providers.
What We Built
A full-featured CLI with 13 commands that manages the complete environment lifecycle declaratively.
YAML as Source of Truth
Every environment is described in a YAML file: services, their configuration, environment variables, domains, volumes, build settings, and database sources. Developers edit YAML and run commands - the CLI reconciles the difference between what the YAML says and what's actually deployed. No manual changes in dashboards, no configuration drift.
The YAML format supports cross-service variable references, shell environment variable injection for secrets, and multiple service categories with different upgrade behaviors. Tokens reference environment variables that are resolved at runtime and never committed to version control.
Diff Engine & Upgrade Pipeline
The core of the tool: a diff engine that compares the YAML blueprint against live infrastructure and generates the exact set of changes needed. The upgrade command runs a three-stage pipeline - service configuration, database migrations, then deployment triggers - applying only what's changed. Dry-run mode previews every change before anything is applied.
Environment Lifecycle
Beyond deploy and status, the CLI handles the full lifecycle: create new environments from existing blueprints (with strategies for how data and dependencies are handled), clone configurations, start and stop services, and tear down environments. A dependency graph ensures services are deployed in the correct order.
Database Operations
Full database dump and restore - export data to portable archives and selectively restore into any environment. Combined with the upgrade pipeline's migration stage, this gives teams reproducible environments from scratch.
Watch Mode
A continuous monitoring mode that outputs environment state as structured YAML on a refresh interval - designed specifically for LLM agents to consume and act on. The CLI works for both human operators and AI-driven automation.
Access Control by Design
The token system is the feature the founder originally asked for. Developers never see hosting provider credentials. They get scoped tokens embedded in YAML config, resolved from their local environment at runtime. They can deploy, check status, and manage environments - but they can't make ad-hoc changes outside the declared state. The YAML enforces discipline.
The Result
The client's developers manage their cloud infrastructure entirely through the CLI. The founder got the access control he wanted - developers have exactly the capabilities they need, nothing more - and the declarative model prevents the configuration drift that plagues teams using hosting dashboards directly. The provider-agnostic YAML format sets up the path toward multi-cloud support as the company scales.