Show HN: Open-source Agent in Rust that can't delete your database (github.com)

Stakpak is an open‑source Rust agent for DevOps and ops workflows that prioritizes enterprise-grade security and operational safety. It ships as a CLI/binary and Docker image and supports Homebrew installation. Core features include mutual TLS (mTLS) for encrypted agent-component communication, dynamic secret substitution (AI can read/write/compare secrets without seeing raw values), privacy mode redaction, secure password generation, reversible file operations (automatic backups + recovery), asynchronous task management with cancellation, real‑time progress streaming for long jobs, and automatic local indexing/semantic search for Terraform, Kubernetes, Dockerfiles and GitHub Actions. It also offers subagents (sandboxed, flag-enabled), bulk message approval for batched tool calls, persistent knowledge/memory, and Rulebooks (markdown SOPs) to customize behavior. The significance for the AI/ML and DevOps communities is that Stakpak attempts to address common safety and trust issues with autonomous agents — secrets exposure, unreviewed destructive commands, and unchecked remote execution — by combining protocol-level security (mTLS), privacy-preserving secret handling, approval workflows, and reversible changes. Technically it can run as an MCP/ACP server to integrate with editors (Zed) for live code analysis and tool execution, supports local/remote/combined tool modes (local mode works without an API key and enables mTLS by default), and is extensible via rulebooks and subagents. For teams exploring AI-assisted infrastructure automation, Stakpak provides a secure, auditable foundation that reduces the risk of accidents like inadvertent DB deletion while keeping developer ergonomics (streaming, indexing, editor integration).