Capabilities define what agents can do (skills), which AI models they use, and what security/compliance rules they must follow (policies). These resources work together to control agent behavior and ensure safe, compliant automation.
Quick Start
# List skills
kubiya skill list
🛠️ Skills (15)
NAME TYPE DESCRIPTION
kubernetes-cli cli Kubernetes cluster management
terraform cli Infrastructure as code
aws-sdk sdk AWS cloud operations
github-api api GitHub repository management
docker-cli cli Container management
slack-api api Slack notifications and messaging
# Create skill
kubiya skill create --file skill.yaml
# List models
kubiya model list
🤖 Available Models (8)
NAME PROVIDER CONTEXT DEFAULT
gpt-4 openai 8K ✓
gpt-4-32k openai 32K
claude-3-opus anthropic 200K
claude-3-sonnet anthropic 200K
claude-3-haiku anthropic 200K
gpt-3.5-turbo openai 4K
# Set default model
kubiya model set-default gpt-4
# Create policy
kubiya policy create --name "Production Policy" --file policy.rego
🛠️ Creating policy...
✅ Policy created successfully!
ID: abc123def456
Name: Production Policy
Status: Enabled
Skills
Agent capabilities including APIs, CLIs, cloud SDKs, and custom functions. Skills replace the V1 concepts of “sources” and “tools” with a unified system.
List Skills
# List all skills
kubiya skill list
# JSON output
kubiya skill list --output json
Get Skill Details
# View skill configuration
kubiya skill get <skill-id>
Create Skill
# Create from file
kubiya skill create --file skill.yaml
# skill.yaml
name: kubernetes
description: Kubernetes cluster management
type: cli
commands:
- kubectl
- helm
CLI Skill
API Skill
SDK Skill
Custom Function
name: docker-cli
description: Docker container management
type: cli
commands:
- docker
- docker-compose
name: github-api
description: GitHub API interactions
type: api
base_url: https://api.github.com
authentication:
type: token
header: Authorization
name: aws-sdk
description: AWS SDK operations
type: sdk
provider: aws
services:
- s3
- ec2
- lambda
name: custom-validator
description: Custom validation logic
type: function
runtime: python
handler: validate_input
Update Skill
# Update skill configuration
kubiya skill update <skill-id> --file skill.yaml
Delete Skill
# Delete skill
kubiya skill delete <skill-id>
Validate Skill
# Validate skill definition
kubiya skill validate skill.yaml
Models
LLM models available to agents for task execution.
List Models
# List all available models
kubiya model list
# JSON output
kubiya model list --output json
| Model | Provider | Use Case | Context Window |
|---|
| gpt-4 | OpenAI | Complex tasks, reasoning | 8K tokens |
| gpt-4-32k | OpenAI | Long context tasks | 32K tokens |
| gpt-3.5-turbo | OpenAI | Fast, efficient tasks | 4K tokens |
| claude-3-opus | Anthropic | Advanced reasoning | 200K tokens |
| claude-3-sonnet | Anthropic | Balanced performance | 200K tokens |
| claude-3-haiku | Anthropic | Fast responses | 200K tokens |
Get Model Details
# View model configuration
kubiya model get <model-id>
Set Default Model
# Set organization default model
kubiya model set-default <model-id>
The default model is used when agents don’t specify a particular model. You can override this per-agent in the agent configuration.
Policies
Security and compliance policies using Open Policy Agent (OPA).
List Policies
# List all policies
kubiya policy list
# JSON output
kubiya policy list --output json
Get Policy Details
# View policy configuration
kubiya policy get <policy-id>
Create Policy
# Create from Rego file
kubiya policy create --file policy.rego
# policy.rego
package kubiya.production
# Deny deployments outside business hours
deny["Production deployments only allowed during business hours"] {
input.environment == "production"
not is_business_hours
}
is_business_hours {
hour := time.now_ns() / 1000000000 / 3600 % 24
hour >= 9
hour < 17
}
Environment Protection
Resource Limits
Skill Requirements
Time Windows
package kubiya.environment
# Require approval for production
deny["Production requires approval"] {
input.environment == "production"
not input.approved
}
package kubiya.resources
# Limit resource consumption
deny["Task exceeds resource limits"] {
input.estimated_cost > 100
}
package kubiya.skills
# Require specific skills
deny["Agent missing required skill"] {
input.action == "deploy"
not has_deployment_skill
}
has_deployment_skill {
input.agent.skills[_] == "kubernetes"
}
package kubiya.schedule
# Maintenance window enforcement
deny["Maintenance only allowed on weekends"] {
input.action == "maintenance"
not is_weekend
}
is_weekend {
day := time.weekday(time.now_ns())
day == "Saturday"
}
is_weekend {
day := time.weekday(time.now_ns())
day == "Sunday"
}
Update Policy
# Update policy
kubiya policy update <policy-id> --file policy.rego
Delete Policy
# Delete policy
kubiya policy delete <policy-id>
Validate Policy
# Validate Rego syntax
kubiya policy validate policy.rego
Best Practices
- Organize skills by domain (aws-, kubernetes-, github-*)
- Reuse shared skills instead of duplicating
- Add clear descriptions and examples to all skills
- Version control skill and policy definitions
- Test skills and policies before production use
- Use GPT-4 for complex reasoning, GPT-3.5 for simple tasks
- Monitor model usage and costs per agent
- Start with permissive policies, enforce gradually
- Document policy intent with clear comments
- Only grant skills agents actually need
- Rotate credentials regularly
Command Reference
# Skills
kubiya skill list
kubiya skill get <id>
kubiya skill create --file skill.yaml
kubiya skill update <id> --file skill.yaml
kubiya skill delete <id>
kubiya skill validate skill.yaml
# Models
kubiya model list
kubiya model get <id>
kubiya model set-default <id>
# Policies
kubiya policy list
kubiya policy get <id>
kubiya policy create --file policy.rego
kubiya policy update <id> --file policy.rego
kubiya policy delete <id>
kubiya policy validate policy.rego
Next Steps
