slajax's comments

Founder here. AMA. Our goal was to build a serverless experience on top of k8s that felt like a PaaS but still provided the flexibility for teams to grow into their own private cloud k8s environment, as they scale. We're big fans of Cloud Native and k8s so we're hoping to ease adoption of these tools for smaller teams who don't have as much DevOps available on day 1 or larger teams who want to give their developers a really agile delivery flow on top of their private k8s infra. We've also done some interesting things with measuring workflow events to automatically calculate Delivery Insights (using DORA) to help provide stakeholder viability into operational cadence and stability. Happy to answer any questions or hear feedback! Be gentle!

Give yourself more credit. The rest will come.

Absolutely. We have about 5 that are currently in the works that cover many different use case from our community. We’ll be sharing soon on our blog so please keep an eye out for them!

Founder here - we agree. ChatOps has traditionally required you to build out a specific solution for Chat, which failed the cost of ownership equation, after you consider the cost of setting up servers, code and chat specific logic to run your workflows. Hubot is a good example but we've taking it way further and rethought DevOps from a Slack first perspective.

With CTO.ai your existing CLI "just works" in Slack and you have none of the additional overhead but get all of the benefits of chat such as distribution, transparency and collaboration as well. It's a big paradigm shift.

Many of our users are going all in because of this!

Thanks for your feedback! We'll keep iterating!

Founder here - for our users, the initial value proposition of being able to deploy a Slack bot in less than 5 minutes without servers, is usually the starting point.

After that they start digging into our team features for Secrets, Configs, Logs and Events which along with our public registry gives them a significant feature set to work against!

Founder here - We recognize that Slack certainly isn't for everyone which is why everything also works in our CLI and also soon by public API. Slack have a great uptime and regularly stay above 99.9% uptime according to their status pages - that said, if you wanted to bypass Slack and still run cloud native workflows using CTO.ai, serverless-ly, we allow you to also do that via CLI or API. This means you could build your own client and just leverage us for inexpensive compute.

Thanks for sharing your feedback!

Founder here - can you clarify what you mean by "data plane"?

We let you aggregate events and process metrics, should you want to use our platform as the way you aggregate event driven workflows or calculate delivery metrics.

You can run your entire workload on our serverless environment or you can push your workloads to your existing CI/CD + cloud computes - it's really up to you!

Founder here - great question.

The way this works is that you first build a CLI, which is a container and then you publish it to us so that it also runs in Slack. It's shared code that runs in both environments.

So if Slack is ever down, you still have the CLI.

The big benefit here is that you build once and it runs in both places which means don't need a separate runbook or even infra to make your CLI run in Slack - it's 100% serverless.

For our users the Ops engineers obviously prefer the CLI, but the Dev's really love Slack - this creates a nice balance in the DX that works on both sides, on top of existing CI/CD.

Well first of all, as a public company Slack is held to extremely well regulated security protocols to ensure this never happens, so we get the benefit of that out of the box.

Additionally, we require the user to associate their Slack user to their CTO.ai account using a secure authentication layer that has dependencies outside of Slack.

Theoretically, if a Slack employee were to try to execute a workflow, we would be able to see that they don't have this privilege and flag / reject that request because they wouldn't have the CTO.ai associated membership.

At this point, it's just as secure as any web application or even CLI, which have better understood virtual and physical attack vectors. We take it a step further by ensuring that tokens MUST be vaulted, avoiding the chance that you leak them through a lost laptop or public commit.

We're also looking at 2fa for some of our enterprise use cases and have been working on a deeper integration with Slack enterprise grid which makes this even more secure.

Are there additional approaches you'd recommend we take here?

Thanks, we've tried to re-think DevOps from a Slack first point of view and this was a major consideration so I'm glad to see you recognize it but we've still got a long way to go and we're very open to feedback too!

Of course, generally difficult to explain in HN threads but there are a number of things at play here...

The first is secrets + credentials. You can use our hosted vault or bring your own vault so that your credentials are encrypted and can only be accessed directly by your user code.

The next ACL - we set up teams so that you can control which Slack channels (private or public) they can run in, to deeply control who has access to the workflow. Even if someone has access to the workflow, they can't see the secret as if it's printed, we remove it from the output. Additionally, we push your user outside of Slack (browser or CLI) to manage secrets.

Next, is the actual PaaS itself. Slack doesn't know what's being run, they just send us a webhook and we deal with executing the workload, completely outside Slack. Slack is just a client, it doesn't really know anything about your systems or workflows.

Next is the shared workflow environment, which has multiple layers of virtual sandboxing to ensure, what runs inside your container, only runs inside your container. You can make requests to external wide area network io or inside your container to disk. All of this goes through a sidecar type analysis that we use to ensure security at a very granular level for anything that runs inside these systems.

Lastly, Slack never has access to your code. They are simply the client which tells our platform to run it and in a secure enterprise case, our PaaS can run inside your VPC, which gives you full control end to end as long as you are willing to let Slack send you HTTP request - but this is a standard expectation for any Slack app, we just dramatically simplify it.

I've been thinking about doing a detailed blog post about this in the near future, so i really appreciate these questions!

Founder here - Thanks! Yes that's the general idea.

We're making it so you can port your existing scripts and allow them to easily run in Slack so that they are more discoverable and intuitive for all experiences.

Founder here - Since a workflow in the context of CTO.ai is just a container, which executes your code, you can build out as robust permissions as you need to by leveraging our vault integration, configs and teams.

Currently, our teams are a basic ACL that lets you manage who in Slack can run the workflow, but we also allow you to associate any of your teams to private channels, so you can more granularly control access using Slack's user membership.

We're looking at more RBAC on top of this for enterprise but for most smaller teams, this covers the majority of their use cases. They often create a team for ops and a team for dev and then associate these teams to members + channels as needed.

Founder here - 100% not. We've build a specialized PaaS that ensures your credentials and workflows are encrypted and there is no additional security vector here. Also Slack is one of our investors and they have worked with us a great deal to make sure that the security is handled properly!

Founder here - We created CTO.ai to help foster accessible developer experiences by lowering the cost of leveraging Slack in your developer workflows.

The key idea is that you build a CLI using our SDK (it's a container) and then we make it instantly accessible to your whole team in Slack, while also providing 12 factor principals such as Secrets, Configs, Logs, Events and Metrics.

We are early on but have a very vibrant and growing Slack community of developers who want to build their own Cloud PaaS using AWS, GCP, Azure etc but want an easy to use DX so they can distribute there knowledge and process to others and save themselves tons of time and context switching.

Please AMA, we'd love to hear your thoughts.

Freenode

Freenode, here I come.

Does IRC still exist?

Drop me an email? [kc at hc dot ai]

We've got a team of ~40 super passionate engineers creating the worlds best developer experience; CTO.ai.

We're on market with Vancouver comp and are very comfortable with hiring people with 3-4 years experience. We hire based on potential rather then simply raw experience.

Check us out. If we're not a fit for you, I would personally be happy to introduce you to a number of other companies that I know.

My advice; I've worked / lived across Canada and if you can stick it out in BC and get rolling - the W/L balance and mild winters definitely win out over the rest of Canada.

Hey Everyone - Founder of CTO.ai here - happy to answer any questions you might have about our goals here. We're still in a pretty early alpha but our goal is to provide every company engineering insights like the one shown in the link. Would love to get some feedback from the community!