Capabilities define what agents can do (skills), which AI models they use, and what security/compliance rules they must follow (policies). These resources work together to control agent behavior and ensure safe, compliant automation.
Quick Start # List skills kubiya skill list
Output: 🛠️ Skills (15) NAME TYPE DESCRIPTION kubernetes-cli cli Kubernetes cluster management terraform cli Infrastructure as code aws-sdk sdk AWS cloud operations github-api api GitHub repository management docker-cli cli Container management slack-api api Slack notifications and messaging
# Create skill kubiya skill create --file skill.yaml # List models kubiya model list
Output: 🤖 Available Models (8) NAME PROVIDER CONTEXT DEFAULT gpt-4 openai 8K ✓ gpt-4-32k openai 32K claude-3-opus anthropic 200K claude-3-sonnet anthropic 200K claude-3-haiku anthropic 200K gpt-3.5-turbo openai 4K
# Set default model kubiya model set-default gpt-4 # Create policy kubiya policy create --name "Production Policy" --file policy.rego
Output: 🛠️ Creating policy... ✅ Policy created successfully! ID: abc123def456 Name: Production Policy Status: Enabled
Skills Agent capabilities including APIs, CLIs, cloud SDKs, and custom functions. Skills replace the V1 concepts of “sources” and “tools” with a unified system.
List Skills # List all skills kubiya skill list # JSON output kubiya skill list --output json
Get Skill Details # View skill configuration kubiya skill get < skill-i d >
Create Skill # Create from file kubiya skill create --file skill.yaml
# skill.yaml name : kubernetes description : Kubernetes cluster management type : cli commands : - kubectl - helm
Skill Types: CLI Skill
API Skill
SDK Skill
Custom Function
name : docker-cli description : Docker container management type : cli commands : - docker - docker-compose
name : github-api description : GitHub API interactions type : api base_url : https://api.github.com authentication : type : token header : Authorization
name : aws-sdk description : AWS SDK operations type : sdk provider : aws services : - s3 - ec2 - lambda
name : custom-validator description : Custom validation logic type : function runtime : python handler : validate_input
Update Skill # Update skill configuration kubiya skill update < skill-i d > --file skill.yaml
Delete Skill # Delete skill kubiya skill delete < skill-i d >
Validate Skill # Validate skill definition kubiya skill validate skill.yaml
Models LLM models available to agents for task execution.
List Models # List all available models kubiya model list # JSON output kubiya model list --output json
Available Models: Model Provider Use Case Context Window gpt-4 OpenAI Complex tasks, reasoning 8K tokens gpt-4-32k OpenAI Long context tasks 32K tokens gpt-3.5-turbo OpenAI Fast, efficient tasks 4K tokens claude-3-opus Anthropic Advanced reasoning 200K tokens claude-3-sonnet Anthropic Balanced performance 200K tokens claude-3-haiku Anthropic Fast responses 200K tokens
Get Model Details # View model configuration kubiya model get < model-i d >
Set Default Model # Set organization default model kubiya model set-default < model-i d >
The default model is used when agents don’t specify a particular model. You can override this per-agent in the agent configuration.
Policies Security and compliance policies using Open Policy Agent (OPA).
List Policies # List all policies kubiya policy list # JSON output kubiya policy list --output json
Get Policy Details # View policy configuration kubiya policy get < policy-i d >
Create Policy # Create from Rego file kubiya policy create --file policy.rego
# policy.rego package kubiya.production # Deny deployments outside business hours deny["Production deployments only allowed during business hours"] { input.environment == "production" not is_business_hours } is_business_hours { hour := time.now_ns() / 1000000000 / 3600 % 24 hour >= 9 hour < 17 }
Common Policy Examples: Environment Protection
Resource Limits
Skill Requirements
Time Windows
package kubiya.environment # Require approval for production deny["Production requires approval"] { input.environment == "production" not input.approved }
package kubiya.resources # Limit resource consumption deny["Task exceeds resource limits"] { input.estimated_cost > 100 }
package kubiya.skills # Require specific skills deny["Agent missing required skill"] { input.action == "deploy" not has_deployment_skill } has_deployment_skill { input.agent.skills[_] == "kubernetes" }
package kubiya.schedule # Maintenance window enforcement deny["Maintenance only allowed on weekends"] { input.action == "maintenance" not is_weekend } is_weekend { day := time.weekday(time.now_ns()) day == "Saturday" } is_weekend { day := time.weekday(time.now_ns()) day == "Sunday" }
Update Policy # Update policy kubiya policy update < policy-i d > --file policy.rego
Delete Policy # Delete policy kubiya policy delete < policy-i d >
Validate Policy # Validate Rego syntax kubiya policy validate policy.rego
Best Practices
Organize skills by domain (aws-, kubernetes- , github-*)
Reuse shared skills instead of duplicating
Add clear descriptions and examples to all skills
Version control skill and policy definitions
Test skills and policies before production use
Use GPT-4 for complex reasoning, GPT-3.5 for simple tasks
Monitor model usage and costs per agent
Start with permissive policies, enforce gradually
Document policy intent with clear comments
Only grant skills agents actually need
Rotate credentials regularly
Command Reference # Skills kubiya skill list kubiya skill get < i d > kubiya skill create --file skill.yaml kubiya skill update < i d > --file skill.yaml kubiya skill delete < i d > kubiya skill validate skill.yaml # Models kubiya model list kubiya model get < i d > kubiya model set-default < i d > # Policies kubiya policy list kubiya policy get < i d > kubiya policy create --file policy.rego kubiya policy update < i d > --file policy.rego kubiya policy delete < i d > kubiya policy validate policy.rego
Next Steps
Core Resources Apply capabilities to agents and teams
Execution Resources Execute tasks with configured capabilities
Infrastructure Configure environments with policies
Smart Execution Execute tasks with automatic planning
