AI-agent CLI that provisions and manages cloud resources using natural language — with zero secret exposure.

quickdeploy provision "a PostgreSQL database on Neon"
quickdeploy deploy "my app to Fly.io"
quickdeploy rotate "the API key for PlanetScale"
quickdeploy secrets export --format env

QuickDeploy wraps an AI agent that follows a three-phase loop for every operation:

1. Research — searches documentation, reads CLI --help output, checks its local knowledge base
2. Plan — presents a step-by-step plan, collects credentials securely
3. Execute — runs CLI commands with auto-injected credentials, stores provisioned secrets

The agent installs whatever CLI a service needs, authenticates via your OS keychain, executes the operation, and stores any provisioned secrets (connection strings, passwords, API keys). It learns from each interaction, so future operations against the same service are faster and more reliable.

Credentials never appear in the LLM context window, tool results, or logs. The credential_prompt tool writes directly to the OS keychain — the LLM only receives a confirmation that storage succeeded. The cli_runner reads Auth Injection mappings from knowledge files and injects credentials as environment variables at process spawn time.

bun install -g quickdeploy

Requires Node.js >= 20 or Bun.

quickdeploy provision "a MySQL database on PlanetScale"
quickdeploy provision "a Redis instance on Upstash"

quickdeploy deploy "my Next.js app to Vercel"
quickdeploy deploy "this Docker container to Fly.io"

quickdeploy status "my PlanetScale database"

quickdeploy destroy "the Neon database I created"

quickdeploy auth aws              # Store credentials in OS keychain
quickdeploy auth list             # List stored credentials
quickdeploy rotate "PlanetScale API key"

quickdeploy secrets list                    # List all provisioned secrets
quickdeploy secrets export --format env     # Export as .env
quickdeploy secrets export --format json    # Export as JSON
quickdeploy secrets export --project        # Export only secrets linked to current project
quickdeploy secrets validate                # Test if stored secrets are still valid
quickdeploy secrets link                    # Link secrets to the current project

Operations are tracked as sessions. If something gets interrupted — budget exceeded, manual step needed, auth failure — resume where you left off:

quickdeploy sessions list
quickdeploy resume <session-id>

Built with TypeScript on Bun, using the Vercel AI SDK for agent orchestration.

src/
├── agent/          # AI agent engine, tools (16 total), system prompt
├── auth/           # OS keychain integration, LLM provider setup
├── secrets/        # Provisioned secret metadata, export, project linking
├── knowledge/      # Self-learning knowledge base (local + registry)
├── sessions/       # Session persistence and resume
├── output/         # Human-readable and JSON renderers
├── logging/        # Scrubbed logger (strips secrets from output)
└── cli.ts          # CLI entry point (Commander)

• Runtime: Bun
• Language: TypeScript (ESM)
• Agent orchestration: Vercel AI SDK v6
• LLM providers: Anthropic Claude, OpenAI
• CLI framework: Commander
• Validation: Zod
• Secrets: cross-keychain (macOS Keychain, Windows Credential Vault, Linux Secret Service)
• Terminal UI: picocolors, ora, cli-table3, @inquirer/prompts

MIT