A walkthrough of Obmondo Code, an SRE co-pilot CLI built in Go that connects an AI agent to 290+ diagnostic runbooks, SSH command execution, Gitea issue parsing, and time registration — with a strict safety model baked into every layer.
Artoo, Obmondo’s Mattermost bot, got a PR review engine that runs on a self-hosted Qwen3-14B with a ~32K context window. The key problem: a single Kubernetes PR can have 10,000+ lines of diff. The solution: Go pre-processing that compresses diffs to ~2KB before the LLM ever sees them — using go/ast for Go files, YAML key-level diffing for Helm/K8s configs, and priority-based file truncation. This post covers why each decision was made and what the LLM still cannot do.
The Symptom After standing up a Kubernetes cluster on a bare-metal node with Cilium as the CNI, CoreDNS pods were running but completely unable to reach the kube-apiserver service IP (10.96.0.1). DNS resolution inside the cluster was broken, and any pod trying to talk to the API server via the service IP timed out. The apiserver itself was healthy — direct connections to the node’s IP worked fine. The problem was specifically with the virtual service IP routed through Cilium’s BPF dataplane. ...
security-exporter returned 0 CVEs on every CentOS and RHEL host. The root cause was a silent data drop: ParsePackages silently skips any line that does not match its exact tab-separated format, and our rpm collector was producing the wrong format. This post covers the full diagnosis, the fix using the vuls-recommended 6-field rpm query, source package extraction using the NVR last-two-hyphens algorithm, and the Helm chart simplification that removed the entire legacy go-cve-dictionary + PostgreSQL pipeline.