<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0"><channel><title>Pulumi Blog: Claude code</title><link>https://www.pulumi.com/blog/tag/claude-code/</link><description>Pulumi blog posts: Claude code.</description><language>en-us</language><pubDate>Mon, 13 Apr 2026 00:00:00 +0000</pubDate><item><title>Superpowers, GSD, and GSTACK: Picking the Right Framework for Your Coding Agent</title><link>https://www.pulumi.com/blog/claude-code-orchestration-frameworks/</link><pubDate>Mon, 13 Apr 2026 00:00:00 +0000</pubDate><guid>https://www.pulumi.com/blog/claude-code-orchestration-frameworks/</guid><description>
&lt;img src="https://www.pulumi.com/images/generated/blog/claude-code-orchestration-frameworks/index.png" /&gt;
&lt;p&gt;Three community frameworks have emerged that fix the specific ways AI coding agents break down on real projects. &lt;a href="https://github.com/obra/superpowers"&gt;Superpowers&lt;/a&gt; enforces test-driven development. &lt;a href="https://github.com/gsd-build/get-shit-done"&gt;GSD&lt;/a&gt; prevents context rot. &lt;a href="https://github.com/garrytan/gstack"&gt;GSTACK&lt;/a&gt; adds role-based governance. All three started with Claude Code but now work across Cursor, Codex, Windsurf, Gemini CLI, and more.&lt;/p&gt;
&lt;p&gt;Pulumi uses general-purpose programming languages to define infrastructure. TypeScript, Python, Go, C#, Java. Every framework that makes AI agents write better TypeScript also makes your &lt;code&gt;pulumi up&lt;/code&gt; better. After spending a few weeks with each one, I have opinions about when to use which.&lt;/p&gt;
&lt;h2 id="the-problem-all-three-frameworks-solve"&gt;The problem all three frameworks solve&lt;/h2&gt;
&lt;p&gt;AI coding agents are impressive for the first 30 minutes. Then things go sideways. The patterns are predictable enough that three separate teams independently built frameworks to fix them.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Context rot.&lt;/strong&gt; Every LLM has a context window. As that window fills up, earlier instructions fade. You start a session asking for an &lt;a href="https://www.pulumi.com/docs/iac/clouds/aws/guides/"&gt;S3 bucket&lt;/a&gt; with AES-256 encryption, proper ACLs, and access logging. Two hours and 200K tokens later, the agent creates a new bucket with none of those requirements. The context window got crowded and your original instructions lost weight.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;No test discipline.&lt;/strong&gt; Agents write code that looks plausible. Plausible code compiles. Plausible code even runs, for a while. But plausible code without tests is a liability. The agent adds a feature and quietly breaks two others because nothing verified the existing behavior was preserved.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Scope drift.&lt;/strong&gt; You ask for a &lt;a href="https://www.pulumi.com/docs/iac/clouds/aws/guides/vpc/"&gt;VPC with three subnets&lt;/a&gt;. The agent decides you also need a NAT gateway, a transit gateway, a VPN endpoint, and a custom DNS resolver. Helpful in theory. In practice, you now have infrastructure you never requested and barely understand. You will also pay for it monthly.&lt;/p&gt;
&lt;p&gt;These problems are not specific to Claude Code or any particular agent. They happen with Cursor, Codex, Windsurf, and every other LLM-powered coding tool. The context window does not care which brand name is on the wrapper.&lt;/p&gt;
&lt;h2 id="superpowers-the-test-driven-discipline-enforcer"&gt;Superpowers: the test-driven discipline enforcer&lt;/h2&gt;
&lt;p&gt;&lt;a href="https://github.com/obra/superpowers"&gt;Superpowers&lt;/a&gt; was created by &lt;a href="https://www.linkedin.com/in/jessevincent/"&gt;Jesse Vincent&lt;/a&gt; and has accumulated over 149K GitHub stars. The core idea is simple: no production code gets written without a failing test first.&lt;/p&gt;
&lt;p&gt;The framework enforces a 7-phase workflow. Brainstorm the approach. Write a spec. Create a plan. Write failing tests (TDD). Spin up subagents to implement. Review. Finalize. Every phase has gates. You cannot skip ahead. The iron law is that production code only exists to make a failing test pass.&lt;/p&gt;
&lt;p&gt;This sounds rigid. It is. That is the point.&lt;/p&gt;
&lt;p&gt;Superpowers includes a Visual Companion for design decisions, which helps when you are making architectural choices that need visual reasoning. The main orchestrator manages the entire workflow from a single context window, delegating implementation work to subagents that run in isolation.&lt;/p&gt;
&lt;p&gt;The tradeoff is that the mega-orchestrator pattern means the orchestrator itself can hit context limits on very long sessions. One big brain coordinating everything works well until the big brain fills up. For most projects, this is not an issue. For marathon sessions with dozens of files, keep it in mind.&lt;/p&gt;
&lt;p&gt;The workflow breaks down into skills that trigger automatically:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;Phase&lt;/th&gt;
&lt;th&gt;What it does&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;brainstorming&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Design&lt;/td&gt;
&lt;td&gt;Refines rough ideas through Socratic questions, saves design doc&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;writing-plans&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Planning&lt;/td&gt;
&lt;td&gt;Breaks work into 2-5 minute tasks with exact file paths and code&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;test-driven-development&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Implementation&lt;/td&gt;
&lt;td&gt;RED-GREEN-REFACTOR: failing test first, minimal code, commit&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;subagent-driven-development&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Implementation&lt;/td&gt;
&lt;td&gt;Dispatches fresh subagent per task with two-stage review&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;requesting-code-review&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Review&lt;/td&gt;
&lt;td&gt;Reviews against plan, blocks progress on critical issues&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;finishing-a-development-branch&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Finalize&lt;/td&gt;
&lt;td&gt;Verifies tests pass, presents merge/PR/keep/discard options&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;The results speak for themselves. The &lt;a href="https://github.com/chardet/chardet"&gt;chardet&lt;/a&gt; maintainer used Superpowers to rewrite chardet v7.0.0 from scratch, achieving a 41x performance improvement. Not a 41% improvement. 41 times faster. That is what happens when every code change has to pass a test: the agent optimizes aggressively because it has a safety net.&lt;/p&gt;
&lt;p&gt;Superpowers works with Claude Code, Cursor, Codex, OpenCode, GitHub Copilot CLI, and Gemini CLI.&lt;/p&gt;
&lt;h2 id="gsd-preventing-context-rot-before-it-ruins-your-project"&gt;GSD: preventing context rot before it ruins your project&lt;/h2&gt;
&lt;p&gt;&lt;a href="https://github.com/gsd-build/get-shit-done"&gt;GSD&lt;/a&gt; (Get Shit Done) was created by &lt;a href="https://www.linkedin.com/in/lexchristopherson/"&gt;Lex Christopherson&lt;/a&gt; and has over 51K stars. Where Superpowers focuses on test discipline, GSD attacks the context window problem directly.&lt;/p&gt;
&lt;p&gt;The key architectural decision: GSD does not use a single mega-orchestrator. Instead, it assigns a separate orchestrator to each phase of work. Each orchestrator stays under 50% of its context capacity. When a phase completes, the orchestrator writes its state to disk as Markdown files, then a fresh orchestrator picks up where the last one left off.&lt;/p&gt;
&lt;p&gt;Think about why this matters. With a single orchestrator, your 200K token context window is a shared resource. Instructions from hour one compete with code from hour three. GSD sidesteps this entirely. Every phase starts with a full context budget because the previous phase&amp;rsquo;s orchestrator handed off cleanly and shut down.&lt;/p&gt;
&lt;p&gt;The state files use XML-formatted instructions because (it turns out) LLMs parse structured XML more reliably than freeform Markdown. GSD also includes quality gates that detect schema drift and scope reduction. If the agent starts cutting corners or wandering from the plan, the gates catch it.&lt;/p&gt;
&lt;p&gt;GSD evolved from v1 (pure Markdown configuration) to v2 (TypeScript SDK), which tells you something about the level of engineering behind it. The v2 SDK gives you programmatic control over orchestration, not just static instruction files.&lt;/p&gt;
&lt;p&gt;The tradeoff: GSD has more ceremony than the other two frameworks. For a quick script or a single-file change, the phase-based workflow is overkill. GSD earns its keep on projects that span multiple files, multiple sessions, or multiple days.&lt;/p&gt;
&lt;p&gt;The core commands map to a phase-based workflow:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Command&lt;/th&gt;
&lt;th&gt;What it does&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-new-project&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Full initialization: questions, research, requirements, roadmap&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-discuss-phase&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Capture implementation decisions before planning starts&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-plan-phase&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Research, plan, and verify for a single phase&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-execute-phase&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Execute all plans in parallel waves, verify when complete&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-verify-work&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Manual user acceptance testing&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-ship&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Create PR from verified phase work with auto-generated body&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/gsd-fast&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Inline trivial tasks, skips planning entirely&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;GSD supports the widest range of agents: 14 and counting. Claude Code, Cursor, Windsurf, Codex, Copilot, Gemini CLI, Cline, Augment, Trae, Qwen Code, and more.&lt;/p&gt;
&lt;h2 id="gstack-when-you-need-a-whole-team-not-just-an-engineer"&gt;GSTACK: when you need a whole team, not just an engineer&lt;/h2&gt;
&lt;p&gt;&lt;a href="https://github.com/garrytan/gstack"&gt;GSTACK&lt;/a&gt; was created by &lt;a href="https://www.linkedin.com/in/garrytan/"&gt;Garry Tan&lt;/a&gt; (CEO of Y Combinator) and has over 71K stars. It takes a fundamentally different approach from the other two frameworks.&lt;/p&gt;
&lt;p&gt;Instead of disciplining a single agent, GSTACK models a 23-person team. CEO, product manager, QA lead, engineer, designer, security reviewer. Each role has its own responsibilities, its own constraints, and its own slice of the problem.&lt;/p&gt;
&lt;p&gt;The framework enforces five layers of constraint. Role focus keeps each specialist in their lane. Data flow controls what information passes between roles. Quality control gates ensure standards at handoff points. The &amp;ldquo;boil the lake&amp;rdquo; principle means each role finishes what it can do perfectly and skips what it cannot, rather than producing mediocre work across everything. And the simplicity layer pushes back against unnecessary complexity.&lt;/p&gt;
&lt;p&gt;The role isolation is what makes GSTACK distinctive. The engineer role does not see the product roadmap. The QA role does not see the implementation details. Each role only receives the context it needs to do its job. This is not just about efficiency. It prevents the kind of scope creep where an agent that knows everything tries to do everything.&lt;/p&gt;
&lt;p&gt;&amp;ldquo;Boil the lake&amp;rdquo; is my favorite principle across all three frameworks. It is the opposite of how most agents work. Agents default to attempting everything and producing something mediocre. GSTACK says: do fewer things, but do them right.&lt;/p&gt;
&lt;p&gt;The tradeoff: 23 specialist roles feels heavy for pure infrastructure work. If you are writing Pulumi programs and deploying cloud resources with &lt;a href="https://www.pulumi.com/docs/iac/concepts/components/"&gt;component resources&lt;/a&gt;, you probably do not need a product manager role or a designer role. GSTACK shines when you are building a product, not just provisioning infrastructure.&lt;/p&gt;
&lt;p&gt;Each slash command activates a different specialist:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Command&lt;/th&gt;
&lt;th&gt;Role&lt;/th&gt;
&lt;th&gt;What it does&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/office-hours&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;YC partner&lt;/td&gt;
&lt;td&gt;Six forcing questions that reframe your product before you write code&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/plan-ceo-review&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;CEO&lt;/td&gt;
&lt;td&gt;Four modes: expand scope, selective expand, hold, reduce&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/plan-eng-review&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Engineering manager&lt;/td&gt;
&lt;td&gt;Lock architecture, map data flow, list edge cases&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/review&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Staff engineer&lt;/td&gt;
&lt;td&gt;Find bugs that pass CI but break in production, auto-fix the obvious ones&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/qa&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;QA lead&lt;/td&gt;
&lt;td&gt;Real Playwright browser testing, not simulated&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/ship&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Release engineer&lt;/td&gt;
&lt;td&gt;One-command deploy with coverage audit&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/cso&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Security officer&lt;/td&gt;
&lt;td&gt;OWASP and STRIDE security audits&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;GSTACK works with Claude Code, Codex CLI, OpenCode, Cursor, Factory Droid, Slate, and Kiro.&lt;/p&gt;
&lt;h2 id="where-each-framework-fits"&gt;Where each framework fits&lt;/h2&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;&lt;/th&gt;
&lt;th&gt;Superpowers&lt;/th&gt;
&lt;th&gt;GSD&lt;/th&gt;
&lt;th&gt;GSTACK&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;What it locks down&lt;/td&gt;
&lt;td&gt;The dev process itself&lt;/td&gt;
&lt;td&gt;The execution environment&lt;/td&gt;
&lt;td&gt;Who decides what&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Orchestration&lt;/td&gt;
&lt;td&gt;Single orchestrator&lt;/td&gt;
&lt;td&gt;Per-phase orchestrators&lt;/td&gt;
&lt;td&gt;23 specialist roles&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Context management&lt;/td&gt;
&lt;td&gt;One window&lt;/td&gt;
&lt;td&gt;State-to-disk, fresh per phase&lt;/td&gt;
&lt;td&gt;Role-scoped handoffs&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Where it shines&lt;/td&gt;
&lt;td&gt;TDD, subagent delegation, disciplined plan execution&lt;/td&gt;
&lt;td&gt;Marathon sessions, parallel workstreams, crash recovery&lt;/td&gt;
&lt;td&gt;Product strategy, multi-perspective review, real browser QA&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Where it struggles&lt;/td&gt;
&lt;td&gt;Anything beyond the build phase&lt;/td&gt;
&lt;td&gt;Overkill for small tasks, no role separation&lt;/td&gt;
&lt;td&gt;The actual writing-code part&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Best for&lt;/td&gt;
&lt;td&gt;Solo devs who need test discipline&lt;/td&gt;
&lt;td&gt;Complex projects that span days or weeks&lt;/td&gt;
&lt;td&gt;Founder-engineers shipping a product&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;GitHub stars&lt;/td&gt;
&lt;td&gt;149K&lt;/td&gt;
&lt;td&gt;51K&lt;/td&gt;
&lt;td&gt;71K&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Agent support&lt;/td&gt;
&lt;td&gt;6 agents&lt;/td&gt;
&lt;td&gt;14+ agents&lt;/td&gt;
&lt;td&gt;7 agents&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;For infrastructure work, GSD&amp;rsquo;s context management matters most. Long Pulumi sessions that provision dozens of resources across multiple stacks are exactly the scenario where context rot bites hardest. GSD&amp;rsquo;s phase-based approach keeps each orchestrator fresh.&lt;/p&gt;
&lt;p&gt;Superpowers&amp;rsquo; TDD workflow maps well to application code where unit tests are straightforward. Infrastructure testing is different. You cannot unit test whether an &lt;a href="https://www.pulumi.com/docs/iac/clouds/aws/guides/iam/"&gt;IAM policy&lt;/a&gt; actually grants the right permissions. You can test the shape of the policy with &lt;a href="https://www.pulumi.com/docs/iac/guides/testing/"&gt;Pulumi&amp;rsquo;s testing frameworks&lt;/a&gt;, but the real validation happens at &lt;a href="https://www.pulumi.com/docs/iac/cli/commands/pulumi_preview/"&gt;&lt;code&gt;pulumi preview&lt;/code&gt;&lt;/a&gt; and &lt;a href="https://www.pulumi.com/docs/iac/cli/commands/pulumi_up/"&gt;&lt;code&gt;pulumi up&lt;/code&gt;&lt;/a&gt;. Superpowers still helps here (discipline is discipline), but the TDD cycle is less natural for infra than for app code.&lt;/p&gt;
&lt;p&gt;GSTACK shines when the project has product dimensions. If you are building a SaaS platform where the infrastructure serves a product vision, GSTACK&amp;rsquo;s multi-role governance keeps the product thinking connected to the engineering work. For pure infra provisioning, the extra roles add overhead without much benefit.&lt;/p&gt;
&lt;p&gt;My honest take: none of these is universally best. Knowing your failure mode is the real decision.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;What keeps going wrong&lt;/th&gt;
&lt;th&gt;Try this&lt;/th&gt;
&lt;th&gt;The reason&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Code works today, breaks tomorrow&lt;/td&gt;
&lt;td&gt;Superpowers&lt;/td&gt;
&lt;td&gt;Forces every change through a failing test first&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Quality drops after the first hour&lt;/td&gt;
&lt;td&gt;GSD&lt;/td&gt;
&lt;td&gt;Fresh context per phase, nothing carries over&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;You ship features nobody asked for&lt;/td&gt;
&lt;td&gt;GSTACK&lt;/td&gt;
&lt;td&gt;Product review before engineering starts&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;All of the above&lt;/td&gt;
&lt;td&gt;GSTACK for direction, bolt on Superpowers TDD&lt;/td&gt;
&lt;td&gt;No single framework covers everything yet&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="rounded-lg bg-violet-50 p-6 my-8"&gt;
&lt;p class="heading-4 m-0 mb-3 flex items-center gap-1.5"&gt;Point your coding agent at Pulumi&lt;/p&gt;
&lt;div class="body-base m-0 text-gray-950"&gt;Whichever framework and agent you run, Pulumi defines infrastructure in TypeScript, Python, and Go, so your agent generates cloud resources it already knows how to write.&lt;/div&gt;
&lt;a href="https://www.pulumi.com/docs/ai/" data-track="blog-body-cta" class="btn btn-primary mt-4"&gt;
Get started
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--regular size-4" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-arrow-right-regular"/&gt;&lt;/svg&gt;
&lt;/a&gt;
&lt;/div&gt;
&lt;h2 id="combining-frameworks-with-pulumi-workflows"&gt;Combining frameworks with Pulumi workflows&lt;/h2&gt;
&lt;p&gt;These frameworks solve the &amp;ldquo;how&amp;rdquo; of agent orchestration. &lt;a href="https://www.pulumi.com/blog/top-8-claude-skills-devops-2026/"&gt;Skills&lt;/a&gt; (like the ones from &lt;a href="https://github.com/pulumi/agent-skills"&gt;Pulumi Agent Skills&lt;/a&gt;) solve the &amp;ldquo;what,&amp;rdquo; teaching agents the right patterns for specific technologies. Frameworks and skills complement each other. A skill tells the agent to use &lt;a href="https://www.pulumi.com/docs/esc/guides/configuring-oidc/aws/"&gt;OIDC&lt;/a&gt; instead of hardcoded credentials. A framework makes sure the agent still remembers that instruction 200K tokens later.&lt;/p&gt;
&lt;p&gt;GSD&amp;rsquo;s state-to-disk approach pairs naturally with &lt;a href="https://www.pulumi.com/docs/iac/concepts/inputs-outputs/"&gt;Pulumi stack outputs&lt;/a&gt;. Each phase can read the previous phase&amp;rsquo;s stack outputs from the state files, so a networking phase can provision a VPC and the compute phase can reference the subnet IDs without any context window gymnastics.&lt;/p&gt;
&lt;p&gt;Superpowers&amp;rsquo; TDD cycle maps to infrastructure validation. Write a failing test (the expected shape of your infrastructure). Run &lt;a href="https://www.pulumi.com/docs/iac/cli/commands/pulumi_preview/"&gt;&lt;code&gt;pulumi preview&lt;/code&gt;&lt;/a&gt; (red, the resources do not exist yet). Run &lt;a href="https://www.pulumi.com/docs/iac/cli/commands/pulumi_up/"&gt;&lt;code&gt;pulumi up&lt;/code&gt;&lt;/a&gt; (green, the infrastructure matches the test). This is not a perfect analogy since infrastructure tests are broader than unit tests, but the discipline of &amp;ldquo;verify before moving on&amp;rdquo; translates directly.&lt;/p&gt;
&lt;p&gt;You do not have to pick one framework and commit forever. Try GSD for a long multi-stack project. Try Superpowers for a focused library. See which failure mode bites you most and let that guide your choice.&lt;/p&gt;
&lt;h2 id="getting-started"&gt;Getting started&lt;/h2&gt;
&lt;a href="https://github.com/obra/superpowers" target="_blank" rel="noopener noreferrer" class="github-card"&gt;
&lt;img
src="https://opengraph.githubassets.com/1/obra/superpowers"
alt="GitHub repository: obra/superpowers"
class="github-card-image"
loading="lazy"
/&gt;
&lt;div class="github-card-content"&gt;
&lt;div class="github-card-domain"&gt;
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon github-card-icon" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#b-github"/&gt;&lt;/svg&gt;
github.com/obra/superpowers
&lt;/div&gt;
&lt;/div&gt;
&lt;/a&gt;
&lt;a href="https://github.com/gsd-build/get-shit-done" target="_blank" rel="noopener noreferrer" class="github-card"&gt;
&lt;img
src="https://opengraph.githubassets.com/1/gsd-build/get-shit-done"
alt="GitHub repository: gsd-build/get-shit-done"
class="github-card-image"
loading="lazy"
/&gt;
&lt;div class="github-card-content"&gt;
&lt;div class="github-card-domain"&gt;
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon github-card-icon" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#b-github"/&gt;&lt;/svg&gt;
github.com/gsd-build/get-shit-done
&lt;/div&gt;
&lt;/div&gt;
&lt;/a&gt;
&lt;a href="https://github.com/garrytan/gstack" target="_blank" rel="noopener noreferrer" class="github-card"&gt;
&lt;img
src="https://opengraph.githubassets.com/1/garrytan/gstack"
alt="GitHub repository: garrytan/gstack"
class="github-card-image"
loading="lazy"
/&gt;
&lt;div class="github-card-content"&gt;
&lt;div class="github-card-domain"&gt;
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon github-card-icon" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#b-github"/&gt;&lt;/svg&gt;
github.com/garrytan/gstack
&lt;/div&gt;
&lt;/div&gt;
&lt;/a&gt;
&lt;p&gt;All three frameworks support multiple agents. For Claude Code, the install commands are straightforward:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;# Superpowers&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;/plugin install superpowers@claude-plugins-official
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;# GSD (the installer asks which agents and whether to install globally or locally)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx get-shit-done-cc@latest
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;# GSTACK&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;git clone --single-branch --depth &lt;span class="m"&gt;1&lt;/span&gt; https://github.com/garrytan/gstack.git ~/.claude/skills/gstack &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nb"&gt;cd&lt;/span&gt; ~/.claude/skills/gstack &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; ./setup
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Check each repository&amp;rsquo;s README for Cursor, Codex, Windsurf, and other agents.&lt;/p&gt;
&lt;p&gt;If you want a managed experience that handles orchestration for you, &lt;a href="https://www.pulumi.com/product/neo/"&gt;Pulumi Neo&lt;/a&gt; is &lt;a href="https://www.pulumi.com/blog/grounded-ai-why-neo-knows-your-infrastructure/"&gt;grounded in your actual infrastructure&lt;/a&gt;, not internet patterns. It understands your stacks, your dependencies, and your deployment history. The &lt;a href="https://www.pulumi.com/blog/10-things-you-can-do-with-neo/"&gt;10 things you can do with Neo&lt;/a&gt; post shows what that looks like in practice.&lt;/p&gt;
&lt;p&gt;Pick one and give it a project. You will know within an hour whether it fixes your particular failure mode.&lt;/p&gt;
&lt;a
href="https://www.pulumi.com/docs/get-started/"
class="btn btn-primary"
&gt;
Try Pulumi for Free
&lt;/a&gt;</description><author>Engin Diri</author><category>ai</category><category>claude-code</category><category>ai-agents</category><category>devops</category><category>cursor</category><category>ai-coding</category></item><item><title>The Claude Skills I Actually Use for DevOps</title><link>https://www.pulumi.com/blog/top-8-claude-skills-devops-2026/</link><pubDate>Mon, 09 Feb 2026 00:00:00 +0000</pubDate><guid>https://www.pulumi.com/blog/top-8-claude-skills-devops-2026/</guid><description>
&lt;img src="https://www.pulumi.com/images/generated/blog/top-8-claude-skills-devops-2026/index.png" /&gt;
&lt;p&gt;When Claude Code first released &lt;a href="https://docs.anthropic.com/en/docs/claude-code/skills"&gt;skills&lt;/a&gt;, I ignored them. They looked like fancy prompts, another feature to add to the pile of things I would get around to learning eventually. Then I watched a few engineers demonstrate what skills actually do, and something clicked. By default, language models do not write good code. They write plausible code based on what they have read. Plausible code turns into bugs, horrible UX, and infrastructure that breaks at 3am.&lt;/p&gt;
&lt;p&gt;Skills fill that gap. They package engineering expertise into something Claude can use. The workflows and judgment matter more than the raw information. Without skills, every conversation starts from zero. You explain the same conventions and correct the same mistakes. Every morning, back to zero.&lt;/p&gt;
&lt;p&gt;Think about what separates a junior engineer from a senior one. Both can write code that compiles. Both can deploy infrastructure that runs. The difference is that the senior engineer knows the patterns that prevent problems before they happen. They know when to use component resources instead of plain resources. They know that creating infrastructure inside an &lt;code&gt;apply()&lt;/code&gt; callback (Pulumi&amp;rsquo;s way of transforming outputs that are not known until deployment) breaks preview. They know that hardcoded credentials will eventually end up in a git log somewhere embarrassing.&lt;/p&gt;
&lt;p&gt;This knowledge takes years to accumulate through painful experience. Skills let you transfer that knowledge to Claude in minutes. And here is the thing that makes them practical: if you find yourself doing the same type of task with different content each time, that is a skill waiting to be built. You encode the process once, then feed it new inputs forever.&lt;/p&gt;
&lt;h2 id="the-mechanic-the-tools-and-the-manual"&gt;The mechanic, the tools, and the manual&lt;/h2&gt;
&lt;p&gt;I heard an analogy recently that made skills click for me. Imagine Claude as a mechanic. A capable mechanic who knows engines, can diagnose problems, and fix most cars that come through the shop.&lt;/p&gt;
&lt;p&gt;&lt;a href="https://modelcontextprotocol.io/"&gt;MCP servers&lt;/a&gt; are like giving that mechanic a set of tools. Wrenches, diagnostic equipment, lift systems. Without tools, the mechanic cannot do much. With tools, the mechanic can work on whatever comes through the door.&lt;/p&gt;
&lt;p&gt;But what happens when someone brings in a Formula 1 race car? Or a 1967 Ford Mustang that has been modified beyond recognition? The mechanic knows engines in general, but these specific vehicles require specific knowledge. The F1 car has procedures that must be followed in exact order. The vintage Mustang has quirks that only someone who has worked on that model would know.&lt;/p&gt;
&lt;p&gt;Skills are the user manuals and standard operating procedures for these specific vehicles. They tell the mechanic what needs to happen and when. They encode the expertise of someone who has done this work a thousand times.&lt;/p&gt;
&lt;p&gt;Or think about it from a carpenter&amp;rsquo;s perspective. Skills are the process to make the table: the measurements, the design, the exact steps. MCPs are the tools: the saw, the hammer, the drill. You need both. The process alone is theoretical, and tools without a process just sit in the garage.&lt;/p&gt;
&lt;p&gt;For DevOps engineers working with Pulumi, this matters because infrastructure as code has its own quirks and patterns. Generic AI assistance produces code that looks reasonable but breaks conventions the community learned the hard way. Skills teach Claude those conventions.&lt;/p&gt;
&lt;h2 id="why-skills-instead-of-mcps"&gt;Why skills instead of MCPs&lt;/h2&gt;
&lt;p&gt;Before skills clicked for me, I tried solving the expertise problem with MCPs. I kept adding servers until I noticed Claude getting slower and making worse decisions. Turns out the GitHub MCP alone &lt;a href="https://smcleod.net/2025/08/stop-polluting-context-let-users-disable-individual-mcp-tools/"&gt;eats 46,000 tokens across 91 tools&lt;/a&gt; before you type anything. Cursor eventually &lt;a href="https://demiliani.com/2025/09/04/model-context-protocol-and-the-too-many-tools-problem/"&gt;capped MCPs at 40 tools&lt;/a&gt; because &lt;a href="https://jentic.com/blog/the-mcp-tool-trap"&gt;too many options made everything worse&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Slash commands were another option, but you had to remember to invoke them. Anthropic apparently agreed, because in January 2026 they &lt;a href="https://medium.com/@asher-at-plato/why-did-anthropic-merge-slash-commands-into-skills-4bf6464c96ca"&gt;merged slash commands into skills&lt;/a&gt;. One unified system instead of two.&lt;/p&gt;
&lt;p&gt;Skills avoid this through progressive disclosure. Claude reads just the description at startup, maybe a hundred tokens. The full procedures only load when Claude decides they are relevant. Unlike those massive system prompts that used to eat through your context window, skills stay out of the way until they are needed. For DevOps engineers running long infrastructure sessions with dozens of resources, this matters. You keep your context budget for the actual work instead of burning it on instructions. Skills can also fork context, spinning up isolated subagents that do work without polluting your main conversation. Think of it like handing a colleague a written brief. They go work on it, hand back a summary, and never sit in on your conversation.&lt;/p&gt;
&lt;p&gt;I still use MCPs for connecting Claude to external systems. The &lt;a href="https://www.pulumi.com/blog/mcp-server-ai-assistants/"&gt;Pulumi MCP server&lt;/a&gt; lets Claude query the registry and validate code. But MCPs give Claude access to things. Skills teach Claude how to think about things. Different jobs. They get more useful when you combine them. One engineer built a financial reporting skill that connects to his Mercury bank account via MCP, pulls every transaction for a given month, classifies the expenses into categories, and generates a styled HTML report with totals and breakdowns. A skill that knows your deployment process connecting to MCPs that talk to your actual infrastructure is the same idea, just pointed at ops instead of accounting.&lt;/p&gt;
&lt;div class="note note-note"&gt;
&lt;div class="icon-and-line"&gt;
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--fill" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-pencil-simple-fill"/&gt;&lt;/svg&gt;
&lt;div class="line"&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;div class="content"&gt;&lt;p&gt;Skills are portable. They follow an &lt;a href="https://agentskills.io"&gt;open standard&lt;/a&gt;, so a skill you write for Claude Code works in Cursor, GitHub Copilot, or anywhere else that supports agent skills. You can even copy the skill content into ChatGPT as a starting prompt. No vendor lock-in.&lt;/p&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;h2 id="teaching-claude-to-write-pulumi-like-an-expert"&gt;Teaching Claude to write Pulumi like an expert&lt;/h2&gt;
&lt;p&gt;The first time you ask Claude to help with a Pulumi project, the process is painful. You have to explain the patterns you want. You correct mistakes. You explain why creating resources inside &lt;code&gt;apply()&lt;/code&gt; breaks things. By the third or fourth project, you start copying your corrections from previous conversations.&lt;/p&gt;
&lt;p&gt;I built the &lt;a href="https://github.com/dirien/claude-skills"&gt;dirien/claude-skills&lt;/a&gt; &lt;code&gt;pulumi-typescript&lt;/code&gt; skill after going through this painful process too many times. It knows the patterns that prevent common mistakes: &lt;a href="https://www.pulumi.com/blog/pulumi-esc-ga/"&gt;Pulumi ESC (Environments, Secrets, and Configuration)&lt;/a&gt; integration, &lt;a href="https://www.pulumi.com/blog/oidc-trust-relationships/"&gt;OIDC (OpenID Connect) instead of hardcoded access keys&lt;/a&gt;, ComponentResource abstractions (reusable groups of related resources), and proper output structuring so dependent stacks can consume them cleanly.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;pulumi-typescript&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Pulumi with TypeScript, ESC secrets management, component patterns, and multi-cloud deployment&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/dirien/claude-skills --skill pulumi-typescript
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Skills install as markdown files in your project&amp;rsquo;s &lt;code&gt;.claude/skills/&lt;/code&gt; directory, so they travel with your repo and are easy to review.&lt;/p&gt;
&lt;p&gt;The next time you ask Claude to create infrastructure, it applies these patterns automatically. You do not have to remember to invoke the skill or correct the same mistakes repeatedly.&lt;/p&gt;
&lt;h2 id="the-official-pulumi-skills"&gt;The official Pulumi skills&lt;/h2&gt;
&lt;p&gt;Pulumi maintains its own skills repository at &lt;a href="https://github.com/pulumi/agent-skills"&gt;pulumi/agent-skills&lt;/a&gt;, which they &lt;a href="https://www.pulumi.com/blog/pulumi-agent-skills/"&gt;announced recently&lt;/a&gt;. The repo includes skills for ComponentResource patterns, Automation API, and migration from Terraform, CDK, CloudFormation, and ARM. The two I use daily are &lt;code&gt;pulumi-esc&lt;/code&gt; and &lt;code&gt;pulumi-best-practices&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;The &lt;code&gt;pulumi-esc&lt;/code&gt; skill teaches Claude how to work with &lt;a href="https://www.pulumi.com/product/esc/"&gt;Pulumi ESC (Environments, Secrets, and Configuration)&lt;/a&gt;. It knows the difference between &lt;code&gt;pulumi env get&lt;/code&gt;, &lt;code&gt;pulumi env open&lt;/code&gt;, and &lt;code&gt;pulumi env run&lt;/code&gt;. It sets up OIDC for dynamic credentials, integrates with external secret stores like AWS Secrets Manager and Vault, and structures layered environment composition so your dev, staging, and production configs inherit from a shared base.&lt;/p&gt;
&lt;p&gt;The &lt;code&gt;pulumi-best-practices&lt;/code&gt; skill catches the mistakes that burn you in production. It stops Claude from creating resources inside &lt;code&gt;apply()&lt;/code&gt; callbacks, enforces proper parent relationships in ComponentResources, encrypts secrets from day one, and makes sure &lt;code&gt;pulumi preview&lt;/code&gt; runs before any deployment. These are the patterns that took me years to internalize, and now Claude follows them by default.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;pulumi-esc&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Environment, secrets, and configuration management with OIDC, dynamic credentials, and secret store integration&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;pulumi-best-practices&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Resource dependencies, ComponentResource patterns, secret encryption, and safe refactoring&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/pulumi/agent-skills --skill pulumi-esc
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/pulumi/agent-skills --skill pulumi-best-practices
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="making-claude-a-monitoring-expert-by-default"&gt;Making Claude a monitoring expert by default&lt;/h2&gt;
&lt;p&gt;You deploy something, it works, and six months later something breaks and you realize you never added monitoring. We have all been there. The monitoring skills from the community teach Claude to add observability from the start.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://github.com/jeffallan/claude-skills"&gt;jeffallan/claude-skills&lt;/a&gt; repository contains a &lt;code&gt;monitoring-expert&lt;/code&gt; skill that knows Prometheus, Grafana, and DataDog.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;monitoring-expert&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Structured logging, metrics, distributed tracing, alerting, and performance testing for production systems&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill monitoring-expert
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;In my testing, deploying a static website with these skills installed looks different from vanilla Claude. Instead of just creating the S3 bucket and CloudFront distribution, Claude asked about error rate thresholds before writing any code. It suggested CloudWatch alarms and created an SNS topic for alerts. The results are not always this clean. Sometimes the monitoring suggestions are generic or miss your specific SLO requirements. But the baseline shifted from &amp;ldquo;no monitoring at all&amp;rdquo; to &amp;ldquo;monitoring that needs tuning,&amp;rdquo; and that is a better starting point.&lt;/p&gt;
&lt;h2 id="kubernetes-configuration-that-actually-passes-security-review"&gt;Kubernetes configuration that actually passes security review&lt;/h2&gt;
&lt;p&gt;Kubernetes has hundreds of configuration options. Most deployments use a handful of them. The problem is that the important options like security contexts, resource limits, and pod disruption budgets are easy to forget when you are focused on getting something to run.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://github.com/jeffallan/claude-skills"&gt;jeffallan/claude-skills&lt;/a&gt; &lt;code&gt;kubernetes-specialist&lt;/code&gt; skill focuses on configurations that production deployments actually need. Without it, ask Claude for a deployment and you get something that runs: the right image, the right ports, maybe a service. With the skill, the same request comes back with &lt;code&gt;runAsNonRoot: true&lt;/code&gt; in the security context, resource requests and limits that reflect actual usage patterns, liveness and readiness probes with sensible intervals, and a pod disruption budget. These are the things that make the difference between &amp;ldquo;it works in staging&amp;rdquo; and &amp;ldquo;it survives a node failure in production.&amp;rdquo; The skill also understands when RollingUpdate makes sense versus Recreate, which is the kind of judgment call that usually requires context a generic model does not have.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://github.com/wshobson/agents"&gt;wshobson/agents&lt;/a&gt; repository fills in the gaps around Kubernetes with CI/CD, cost management, and deployment workflows:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;kubernetes-specialist&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Production cluster management, security hardening, and cloud-native architectures&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;cost-optimization&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Cloud cost reduction across AWS, Azure, and GCP with right-sizing and reserved instances&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;github-actions-templates&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;CI/CD workflows, Docker builds, Kubernetes deployments, security scanning, and matrix builds&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;gitops-workflow&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;ArgoCD and Flux CD for automated Kubernetes deployments&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill kubernetes-specialist
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill gitops-workflow
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill github-actions-templates
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill cost-optimization
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="debugging-like-a-senior-engineer"&gt;Debugging like a senior engineer&lt;/h2&gt;
&lt;p&gt;The &lt;a href="https://github.com/obra/superpowers"&gt;obra/superpowers&lt;/a&gt; repository contains a skill that changed how I debug with Claude. The &lt;code&gt;systematic-debugging&lt;/code&gt; skill implements a four-phase framework: root cause investigation, pattern analysis, hypothesis testing, and implementation.&lt;/p&gt;
&lt;p&gt;Without this skill, Claude tends to suggest solutions immediately. Something is broken, here are five things that might fix it. This feels helpful but often wastes time because none of the suggestions address the actual problem.&lt;/p&gt;
&lt;p&gt;With the systematic debugging skill, Claude approaches problems differently. It asks clarifying questions. It wants to see logs. It builds a model of what is happening before suggesting changes. When it proposes a fix, it explains why that fix addresses the root cause. Sometimes skills find problems you did not know about. One engineer pointed a skills-equipped Claude at a set of SEO pages and discovered they had been decaying for months with nobody watching. The infrastructure parallel is obvious: configuration drift, unused resources, permissions that expanded over time. A debugging skill that investigates before prescribing will find these things.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;systematic-debugging&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Root cause investigation, pattern analysis, hypothesis testing, and verified implementation&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/obra/superpowers --skill systematic-debugging
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="catching-security-issues-before-they-ship"&gt;Catching security issues before they ship&lt;/h2&gt;
&lt;p&gt;Two skills cover different sides of security review. The &lt;a href="https://github.com/wshobson/agents"&gt;wshobson/agents&lt;/a&gt; &lt;code&gt;k8s-security-policies&lt;/code&gt; skill handles Kubernetes-specific hardening: NetworkPolicies, Pod Security Standards, RBAC, OPA Gatekeeper constraints, and service mesh mTLS configuration. The &lt;a href="https://github.com/sickn33/antigravity-awesome-skills"&gt;sickn33/antigravity-awesome-skills&lt;/a&gt; &lt;code&gt;security-review&lt;/code&gt; skill covers application-level concerns like secrets management, SQL injection, XSS prevention, and input validation.&lt;/p&gt;
&lt;p&gt;I asked Claude to check a Pulumi program that created an S3 bucket. Without the security skills, Claude confirmed the code was correct and moved on. With the skills loaded, it flagged that the bucket had no server-side encryption configured, the bucket policy allowed &lt;code&gt;s3:*&lt;/code&gt; from an overly broad principal, and there was no access logging enabled. On the Kubernetes side, the &lt;code&gt;k8s-security-policies&lt;/code&gt; skill catches things like missing default-deny NetworkPolicies and containers running as root. These skills are not a replacement for deterministic tools like tfsec, checkov, or trivy. Those catch known issues every time. Skills are probabilistic and work best as an extra layer during development, not as your only security gate.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;k8s-security-policies&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Network policies, pod security standards, RBAC, and admission control for defense-in-depth&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;security-review&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Secrets management, input validation, SQL injection, XSS/CSRF prevention, and dependency auditing&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill k8s-security-policies
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill security-review
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="incident-response-before-you-need-it"&gt;Incident response before you need it&lt;/h2&gt;
&lt;p&gt;At 3am when something breaks, you want runbooks. The &lt;code&gt;incident-runbook-templates&lt;/code&gt; skill from &lt;a href="https://github.com/wshobson/agents"&gt;wshobson/agents&lt;/a&gt; helps Claude create these before you need them. It includes a four-level severity model (SEV1 through SEV4) with response time expectations, escalation decision trees, and communication templates for status updates.&lt;/p&gt;
&lt;p&gt;When you ask Claude to document your deployment process, it produces runbooks with diagnostic steps, rollback protocols, and verification checks. It knows kubectl commands for Kubernetes recovery and SQL procedures for PostgreSQL troubleshooting. The output needs editing. Generated runbooks tend to be thorough on the happy path but thin on the failure modes that matter most at 3am. I treat them as a first draft that gets me to 60% in minutes instead of hours, then fill in the gaps from experience.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;incident-runbook-templates&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Detection, triage, mitigation, resolution, and communication procedures for production incidents&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill incident-runbook-templates
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="general-purpose-devops-and-sre-skills"&gt;General-purpose DevOps and SRE skills&lt;/h2&gt;
&lt;p&gt;The skills above target specific problems. The &lt;a href="https://github.com/jeffallan/claude-skills"&gt;jeffallan/claude-skills&lt;/a&gt; repository also includes two broader skills that cover the day-to-day work that does not fit neatly into one category.&lt;/p&gt;
&lt;p&gt;The &lt;code&gt;devops-engineer&lt;/code&gt; skill gives Claude a senior DevOps engineer persona covering CI/CD pipelines, container management, deployment strategies like blue-green and canary, and infrastructure as code across AWS, GCP, and Azure. It enforces constraints I care about: no deploying to production without approval, no secrets in code, no unversioned container images.&lt;/p&gt;
&lt;p&gt;The &lt;code&gt;sre-engineer&lt;/code&gt; skill focuses on reliability: SLO/SLI definitions, error budget calculations, golden signal dashboards, and toil reduction through automation. It produces Prometheus/Grafana configs, remediation runbooks, and reliability assessments. If you run production systems and want Claude to think about error budgets instead of just uptime, this is the skill.&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Skill&lt;/th&gt;
&lt;th&gt;What it teaches Claude&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;devops-engineer&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;CI/CD pipelines, container management, deployment strategies, and infrastructure as code across clouds&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;sre-engineer&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;SLI/SLO management, error budgets, monitoring, automation, and incident response&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill devops-engineer
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill sre-engineer
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="vetting-the-skills-you-install"&gt;Vetting the skills you install&lt;/h2&gt;
&lt;p&gt;Before you install everything in sight, a warning. Skills run with the same permissions as your AI agent. A malicious skill can exfiltrate credentials, download backdoors, or disable safety mechanisms, and it will look like your agent doing it.&lt;/p&gt;
&lt;p&gt;Snyk researchers published &lt;a href="https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/"&gt;ToxicSkills&lt;/a&gt; in February 2026 after scanning 3,984 skills from public registries. 13.4% had critical-level vulnerabilities, and they found 76 confirmed malicious payloads. The attack techniques included base64-encoded commands that steal AWS credentials, skills that direct you to download password-protected executables from attacker infrastructure, and jailbreak attempts that try to disable safety mechanisms. 91% of malicious skills combine code-level malware with prompt injection, so they attack on two fronts simultaneously.&lt;/p&gt;
&lt;p&gt;Treat skills like you treat any third-party dependency:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Read the source before installing. Skills are markdown and YAML files. If you cannot read the full skill in a few minutes, that is a red flag.&lt;/li&gt;
&lt;li&gt;Check the repository. Look at stars, contributors, and commit history. A single-commit repository from an unknown account deserves scrutiny.&lt;/li&gt;
&lt;li&gt;Run &lt;code&gt;uvx mcp-scan@latest --skills&lt;/code&gt; to scan installed skills for known malicious patterns, prompt injection, and credential exposure.&lt;/li&gt;
&lt;li&gt;Be cautious with skills that fetch external content at runtime. The Snyk research found 17.7% of skills on ClawHub pull from third-party URLs, which means the skill&amp;rsquo;s behavior can change after you install it.&lt;/li&gt;
&lt;li&gt;Stick to known repositories. Every skill recommended in this post comes from a repository with visible maintainers and community activity.&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Eight malicious skills were still publicly available on ClawHub when Snyk published their findings. The skills ecosystem is young, and the vetting infrastructure is still catching up.&lt;/p&gt;
&lt;div class="rounded-lg bg-violet-50 p-6 my-8"&gt;
&lt;p class="heading-4 m-0 mb-3 flex items-center gap-1.5"&gt;Build infrastructure with agent skills&lt;/p&gt;
&lt;div class="body-base m-0 text-gray-950"&gt;Pulumi&amp;rsquo;s Agent Skills teach Claude Code, Cursor, or any coding agent the infrastructure patterns covered here. Install them, then build and deploy your stacks with fewer corrections.&lt;/div&gt;
&lt;a href="https://www.pulumi.com/docs/ai/skills/" data-track="blog-body-cta" class="btn btn-primary mt-4"&gt;
Get started
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--regular size-4" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-arrow-right-regular"/&gt;&lt;/svg&gt;
&lt;/a&gt;
&lt;/div&gt;
&lt;h2 id="putting-it-together"&gt;Putting it together&lt;/h2&gt;
&lt;p&gt;Stacking skills is where this pays off. Install the Pulumi skills and Claude writes better infrastructure code. Add monitoring and security on top and you start catching problems that used to slip through to production.&lt;/p&gt;
&lt;p&gt;A note on stacking: I have not hit conflicts running all of these simultaneously, but more skills means more descriptions for Claude to evaluate at startup. If you notice Claude getting slower or making odd choices, pare back to the skills you actually use for that project. Start with the Pulumi and monitoring skills, add others as you need them.&lt;/p&gt;
&lt;p&gt;Here is how to set up a new project with all of them:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;mkdir -p pulumi-skills-demo &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; &lt;span class="nb"&gt;cd&lt;/span&gt; pulumi-skills-demo
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;pulumi new aws-typescript --name skills-demo --yes
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/dirien/claude-skills --skill pulumi-typescript
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/pulumi/agent-skills --skill pulumi-esc
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/pulumi/agent-skills --skill pulumi-best-practices
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/obra/superpowers --skill systematic-debugging
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill monitoring-expert
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill kubernetes-specialist
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill gitops-workflow
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill github-actions-templates
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill cost-optimization
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill incident-runbook-templates
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill devops-engineer
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/jeffallan/claude-skills --skill sre-engineer
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/wshobson/agents --skill k8s-security-policies
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill security-review
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Then try these two prompts to see how many skills activate at once:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;# Static website — triggers Pulumi TypeScript, monitoring, and security skills&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Create a Pulumi TypeScript program &lt;span class="k"&gt;for&lt;/span&gt; a static website on AWS with S3, CloudFront, OIDC credentials via Pulumi ESC, CloudWatch monitoring, and /security-review the infrastructure before deploying
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;# EKS cluster — stacks Kubernetes, GitOps, incident response, cost, and SRE skills&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Create a Pulumi TypeScript program &lt;span class="k"&gt;for&lt;/span&gt; an EKS cluster with /kubernetes-specialist security hardening, /gitops-workflow &lt;span class="k"&gt;for&lt;/span&gt; ArgoCD deployment, /incident-runbook-templates &lt;span class="k"&gt;for&lt;/span&gt; the cluster, /cost-optimization recommendations, and /sre-engineer SLO definitions &lt;span class="k"&gt;for&lt;/span&gt; the services
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The first prompt triggers the Pulumi TypeScript, monitoring, and security review skills in a single conversation. The second stacks Kubernetes, GitOps, incident response, cost, and SRE skills on one cluster build. You get infrastructure code, operational runbooks, and security policies from a single request.&lt;/p&gt;
&lt;h2 id="what-changes"&gt;What changes&lt;/h2&gt;
&lt;p&gt;Fair warning: not every skill works perfectly on the first try. Some need iteration. Some produce output that you have to review and tweak before it matches your standards. Skills do not replace your judgment.&lt;/p&gt;
&lt;p&gt;That said, after a few weeks with these skills installed, I stopped correcting the same mistakes. The code Claude writes now looks like code I would write, not code I would have to fix. That is the whole point. Skills just stop you from repeating the same corrections across every conversation.&lt;/p&gt;
&lt;h2 id="get-started"&gt;Get started&lt;/h2&gt;
&lt;p&gt;Every skill in this post includes its install command. Pick the section that matches your biggest pain point, run the &lt;code&gt;npx skills add&lt;/code&gt; command, and try it on your next task. Skills work in Claude Code, Cursor, GitHub Copilot, and anything else that supports the &lt;a href="https://agentskills.io"&gt;Agent Skills standard&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;The &lt;a href="https://www.pulumi.com/blog/pulumi-agent-skills/"&gt;Pulumi Agent Skills announcement&lt;/a&gt; has more details, and the &lt;a href="https://github.com/pulumi/agent-skills"&gt;GitHub repository&lt;/a&gt; has the source. If you want something that goes further, with organizational context and deployment governance, look at &lt;a href="https://www.pulumi.com/product/neo/"&gt;Pulumi Neo&lt;/a&gt;. Neo is &lt;a href="https://www.pulumi.com/blog/grounded-ai-why-neo-knows-your-infrastructure/"&gt;grounded in your actual infrastructure&lt;/a&gt;, not internet patterns. The &lt;a href="https://www.pulumi.com/blog/10-things-you-can-do-with-neo/"&gt;10 things you can do with Neo&lt;/a&gt; post shows what that looks like in practice.&lt;/p&gt;
&lt;p&gt;Give it one project. That is all it took for me.&lt;/p&gt;
&lt;a
href="https://www.pulumi.com/docs/get-started/"
class="btn btn-primary"
&gt;
Try Pulumi for Free
&lt;/a&gt;</description><author>Engin Diri</author><category>ai</category><category>devops</category><category>platform-engineering</category><category>claude-code</category><category>ai-agents</category></item><item><title>Pulumi Agent Skills: Best practices and more for AI coding assistants</title><link>https://www.pulumi.com/blog/pulumi-agent-skills/</link><pubDate>Thu, 29 Jan 2026 00:00:00 +0000</pubDate><guid>https://www.pulumi.com/blog/pulumi-agent-skills/</guid><description>
&lt;img src="https://www.pulumi.com/images/generated/blog/pulumi-agent-skills/index.png" /&gt;
&lt;p&gt;AI coding assistants have transformed how developers write software, including infrastructure code. Tools like Claude Code, Cursor, and GitHub Copilot can generate code, explain complex systems, and automate tedious tasks. But when it comes to infrastructure, these tools often produce code that works but misses the mark on patterns that matter: proper secret handling, correct resource dependencies, idiomatic component structure, and the dozens of other details that separate working infrastructure from production-ready infrastructure.&lt;/p&gt;
&lt;p&gt;We built &lt;a href="https://www.pulumi.com/product/neo/"&gt;Neo&lt;/a&gt; for teams that want deep Pulumi expertise combined with organizational context and deployment governance. But developers have preferred tools, and we want people to succeed with Pulumi wherever they work. Some teams live in Claude Code. Others use Cursor, Copilot, Codex, Gemini CLI, or other platforms. That is why we are releasing Pulumi Agent Skills, a collection of packaged expertise that teaches any AI coding assistant how to work with Pulumi the way an experienced practitioner would.&lt;/p&gt;
&lt;h2 id="what-are-agent-skills"&gt;What are agent skills?&lt;/h2&gt;
&lt;p&gt;Skills are structured knowledge packages that follow the open &lt;a href="https://agentskills.io"&gt;Agent Skills&lt;/a&gt; specification. They work across multiple AI coding platforms including Claude Code, GitHub Copilot, Cursor, VS Code, Codex, and Gemini CLI. When you install Pulumi skills, your AI assistant gains access to detailed workflows, code patterns, and decision trees for common infrastructure tasks.&lt;/p&gt;
&lt;h2 id="available-pulumi-skills"&gt;Available Pulumi skills&lt;/h2&gt;
&lt;p&gt;We are launching a set of skills organized into two plugin groups: authoring and migration. You can install all skills at once or choose specific plugin groups based on your needs.&lt;/p&gt;
&lt;h3 id="authoring-skills"&gt;Authoring skills&lt;/h3&gt;
&lt;p&gt;This plugin includes four skills focused on code quality, reusability, and configuration.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Pulumi best practices&lt;/strong&gt; encodes the patterns that prevent common mistakes. It covers output handling, component structure, secrets management, safe refactoring with aliases, and deployment workflows. The skill flags anti-patterns that can cause issues with preview, dependencies, and production deployments.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Pulumi Component&lt;/strong&gt; provides a complete guide for authoring ComponentResource classes. The skill covers designing component interfaces, multi-language support, and distribution. It teaches assistants how to build reusable infrastructure abstractions that work across TypeScript, Python, Go, C#, Java, and YAML.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Pulumi Automation API&lt;/strong&gt; covers programmatic orchestration of Pulumi operations. The skill explains when to use Automation API versus the CLI, the tradeoffs between local source and inline programs, and patterns for multi-stack deployments.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Pulumi ESC&lt;/strong&gt; covers centralized secrets and configuration management. The skill guides assistants through setting up dynamic OIDC credentials, composing environments, and integrating secrets into Pulumi programs and other applications.&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="migration-skills"&gt;Migration skills&lt;/h3&gt;
&lt;p&gt;Convert and import infrastructure from other tools to Pulumi. This plugin includes four skills covering complete migration workflows, not just syntax translation.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Terraform to Pulumi&lt;/strong&gt; walks through the full migration workflow. It handles state translation, provider version alignment, and the iterative process of achieving a clean &lt;code&gt;pulumi preview&lt;/code&gt; with no unexpected changes.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;CloudFormation to Pulumi&lt;/strong&gt; covers the complete AWS CloudFormation migration workflow, from template conversion and stack import to handling CloudFormation-specific constructs.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;CDK to Pulumi&lt;/strong&gt; covers the complete AWS CDK migration workflow end to end, from conversion and import to handling CDK-specific constructs like Lambda-backed custom resources and cross-stack references.&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;&lt;strong&gt;Azure to Pulumi&lt;/strong&gt; covers the complete Azure Resource Manager and Bicep migration workflow, handling template conversion and resource import with guidance on achieving zero-diff validation.&lt;/p&gt;
&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="how-to-install"&gt;How to install&lt;/h2&gt;
&lt;h3 id="claude-code-plugin-marketplace"&gt;Claude Code plugin marketplace&lt;/h3&gt;
&lt;p&gt;For Claude Code users, the plugin system provides the simplest installation experience:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;claude plugin marketplace add pulumi/agent-skills
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;claude plugin install pulumi-authoring &lt;span class="c1"&gt;# Install authoring skills&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;claude plugin install pulumi-migration &lt;span class="c1"&gt;# Install migration skills&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;You can install both plugin groups or choose only the ones you need.&lt;/p&gt;
&lt;h3 id="universal-installation"&gt;Universal installation&lt;/h3&gt;
&lt;p&gt;For Cursor, GitHub Copilot, VS Code, Codex, Gemini and other platforms, use the universal &lt;a href="https://agentskills.io"&gt;Agent Skills&lt;/a&gt; CLI:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npx skills add pulumi/agent-skills --skill &lt;span class="s1"&gt;&amp;#39;*&amp;#39;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This works across all platforms that support the Agent Skills specification.&lt;/p&gt;
&lt;h2 id="using-skills"&gt;Using skills&lt;/h2&gt;
&lt;p&gt;Once installed, skills activate automatically based on context. When you ask your assistant to help migrate a Terraform project, it draws on the Terraform skill&amp;rsquo;s workflow. When you are debugging why resources are being recreated unexpectedly, the best practices skill helps the assistant check for missing aliases.&lt;/p&gt;
&lt;p&gt;In Codex and Claude Code, you can invoke skills directly via slash commands.&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-text" data-lang="text"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;/pulumi-terraform-to-pulumi
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Or describe what you need in natural language:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;&amp;ldquo;Help me migrate this CDK application to Pulumi&amp;rdquo;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;blockquote&gt;
&lt;p&gt;&amp;ldquo;Review this Pulumi code for best practices issues&amp;rdquo;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;blockquote&gt;
&lt;p&gt;&amp;ldquo;Create a reusable component for a web service with load balancer&amp;rdquo;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;The assistant will follow the skill&amp;rsquo;s procedures, ask clarifying questions when needed, and produce output that reflects Pulumi best practices rather than generic code generation.&lt;/p&gt;
&lt;h2 id="get-started"&gt;Get started&lt;/h2&gt;
&lt;p&gt;We expect this collection to grow. If you have Pulumi expertise worth packaging, whether provider-specific patterns, debugging workflows, or operational practices, we welcome contributions. See the &lt;a href="https://github.com/pulumi/agent-skills/blob/main/CONTRIBUTING.md"&gt;contributing guide&lt;/a&gt; for details.&lt;/p&gt;
&lt;p&gt;The skills are available now in the &lt;a href="https://github.com/pulumi/agent-skills"&gt;agent-skills repository&lt;/a&gt;. Install them in your preferred AI coding environment and let us know what you build.&lt;/p&gt;</description><author>Pulumi Neo Team</author><category>ai</category><category>platform-engineering</category><category>features</category><category>claude-code</category><category>codex</category><category>ai-agents</category></item><item><title>Self-Verifying AI Agents: Vercel's Agent-Browser in the Ralph Wiggum Loop</title><link>https://www.pulumi.com/blog/self-verifying-ai-agents-vercels-agent-browser-in-the-ralph-wiggum-loop/</link><pubDate>Tue, 20 Jan 2026 00:00:00 +0000</pubDate><guid>https://www.pulumi.com/blog/self-verifying-ai-agents-vercels-agent-browser-in-the-ralph-wiggum-loop/</guid><description>
&lt;img src="https://www.pulumi.com/images/generated/blog/self-verifying-ai-agents-vercels-agent-browser-in-the-ralph-wiggum-loop/index.png" /&gt;
&lt;p&gt;In my &lt;a href="https://www.pulumi.com/blog/how-ralph-wiggum-built-a-serverless-saas-with-pulumi/"&gt;previous post about the Ralph Wiggum technique&lt;/a&gt;, Claude Code built a complete serverless URL shortener on AWS. The setup included &lt;a href="https://github.com/microsoft/playwright-mcp"&gt;Playwright MCP&lt;/a&gt; for end-to-end testing. It worked. But I kept wondering if there was something better for AI-driven browser automation. Then Vercel released &lt;a href="https://github.com/vercel-labs/agent-browser"&gt;agent-browser&lt;/a&gt;, and I had to try it.&lt;/p&gt;
&lt;h2 id="why-browser-automation-matters-for-ai-coding"&gt;Why browser automation matters for AI coding&lt;/h2&gt;
&lt;p&gt;When an AI coding agent builds a frontend, someone has to verify it works. Without browser automation, that someone is you. The AI finishes and says &amp;ldquo;done,&amp;rdquo; but you can&amp;rsquo;t trust that claim until you open a browser and click around yourself.&lt;/p&gt;
&lt;p&gt;Browser automation changes this. The AI verifies its own work. It builds a component, launches a browser, tests the interaction, confirms behavior matches expectations. If something breaks, it fixes the code and tests again. The validation loop runs without you.&lt;/p&gt;
&lt;p&gt;This matters more as AI agents take on larger tasks. A quick component fix might not need automated testing. But when an agent builds an entire dashboard from scratch, you need proof that the deployed application actually works.&lt;/p&gt;
&lt;h2 id="the-context-problem-with-browser-automation"&gt;The context problem with browser automation&lt;/h2&gt;
&lt;p&gt;Playwright MCP gives you powerful browser control, but it comes with overhead. Every screenshot, every DOM snapshot, every accessibility tree adds tokens to your context window. &lt;a href="https://github.com/microsoft/playwright-mcp/issues/889"&gt;GitHub issue #889&lt;/a&gt; documents a 6x token increase between versions 0.0.30 and 0.0.32. Users report single screenshots consuming over 15,000 tokens. Some exhausted their entire five-hour token allocation in just a few automation steps.&lt;/p&gt;
&lt;p&gt;The problem is verbose output. Full accessibility trees contain every element on the page with all their properties. Console message logging adds more. Each piece of information might be useful for debugging, but together they overwhelm the context window.&lt;/p&gt;
&lt;p&gt;This creates a frustrating tradeoff. You want rich browser interaction for thorough testing, but that richness costs tokens. Fewer tokens means fewer iterations before hitting limits.&lt;/p&gt;
&lt;h2 id="vercels-less-is-more-philosophy"&gt;Vercel&amp;rsquo;s &amp;ldquo;less is more&amp;rdquo; philosophy&lt;/h2&gt;
&lt;p&gt;Vercel ran into something similar with their D0 text-to-SQL agent. &lt;a href="https://vercel.com/blog/we-removed-80-percent-of-our-agents-tools"&gt;Their research&lt;/a&gt; documents what happened when they reduced tool complexity.&lt;/p&gt;
&lt;p&gt;The original architecture used 17 specialized tools. Each tool handled one specific operation: create tables, insert rows, run queries, validate schemas. The approach seemed logical. Specialized tools should produce better results than general ones.&lt;/p&gt;
&lt;p&gt;The numbers told a different story. With 17 tools, they got 80% success (4 out of 5 queries), averaging 274.8 seconds and ~102,000 tokens. The worst case took 724 seconds, burned 145,463 tokens, and still failed.&lt;/p&gt;
&lt;p&gt;Then they rebuilt with just two tools: ExecuteCommand and ExecuteSQL. Success jumped to 100%. Average execution dropped to 77.4 seconds (3.5x faster). Token usage fell to ~61,000 (37% reduction). The worst case took 141 seconds, used 67,483 tokens, and succeeded.&lt;/p&gt;
&lt;p&gt;Vercel&amp;rsquo;s takeaway: &amp;ldquo;We were constraining reasoning because we didn&amp;rsquo;t trust the model to reason.&amp;rdquo; Fewer tools meant the model could think more freely about how to accomplish tasks. The simplicity reduced confusion and context waste.&lt;/p&gt;
&lt;h2 id="applying-less-is-more-to-browser-automation"&gt;Applying &amp;ldquo;less is more&amp;rdquo; to browser automation&lt;/h2&gt;
&lt;p&gt;agent-browser takes the same approach. Instead of separate tools for clicking, typing, scrolling, and navigating, it has a unified CLI with one clever idea: the snapshot + refs system.&lt;/p&gt;
&lt;p&gt;When you request a page snapshot, agent-browser returns something like this:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-text" data-lang="text"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &amp;#34;Sign In&amp;#34; [ref=e1]
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- textbox &amp;#34;Email&amp;#34; [ref=e2]
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- textbox &amp;#34;Password&amp;#34; [ref=e3]
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &amp;#34;Documentation&amp;#34; [ref=e4]
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Those &lt;code&gt;@e1&lt;/code&gt;, &lt;code&gt;@e2&lt;/code&gt; references are stable element identifiers. To click the sign-in button, you run &lt;code&gt;click @e1&lt;/code&gt;. No CSS selectors. No XPath expressions. No waiting for the DOM to stabilize. The reference points to that exact element.&lt;/p&gt;
&lt;p&gt;This cuts out the verbosity of full accessibility trees. You get just enough information to understand the page structure and interact with elements. The AI can reason about what it sees without drowning in metadata.&lt;/p&gt;
&lt;h2 id="installing-agent-browser"&gt;Installing agent-browser&lt;/h2&gt;
&lt;p&gt;Setup is simple:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;npm install -g agent-browser &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; agent-browser install
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;This installs the CLI and downloads a bundled browser. You don&amp;rsquo;t need to install any additional browsers.&lt;/p&gt;
&lt;p&gt;For Claude Code integration, install the official skill from the agent-browser package. You can either copy it from node_modules:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;cp -r node_modules/agent-browser/skills/agent-browser .claude/skills/
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Or download it directly:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;mkdir -p .claude/skills/agent-browser
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;curl -o .claude/skills/agent-browser/SKILL.md &lt;span class="se"&gt;\
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; https://raw.githubusercontent.com/vercel-labs/agent-browser/main/skills/agent-browser/SKILL.md
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The skill gives Claude Code better context than just running &lt;code&gt;agent-browser --help&lt;/code&gt;.&lt;/p&gt;
&lt;p&gt;Unlike Playwright MCP, there&amp;rsquo;s no server configuration. Agent-browser runs as a standalone CLI that Claude Code invokes directly through bash.&lt;/p&gt;
&lt;h2 id="the-experiment-adding-analytics"&gt;The experiment: adding analytics&lt;/h2&gt;
&lt;p&gt;I wanted a realistic test scenario, so I added an analytics dashboard to the &lt;a href="https://github.com/dirien/url-shortener-saas"&gt;url-shortener-saas&lt;/a&gt; project from my previous post. The feature tracks click events with metadata (browser, device, country, referrer) and displays them through interactive charts.&lt;/p&gt;
&lt;p&gt;This follows the same &amp;ldquo;Ralph Wiggum&amp;rdquo; workflow from my previous post: write a &lt;code&gt;feature-prompt.md&lt;/code&gt; that describes what you want, then let Claude Code implement, deploy with Pulumi, and verify with browser automation. Here&amp;rsquo;s a snippet from the feature prompt:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-markdown" data-lang="markdown"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Backend Requirements
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### New DynamoDB Table: Analytics Events
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Create a new DynamoDB table &lt;span class="sb"&gt;`url-shortener-analytics-{stack}`&lt;/span&gt; with:
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Partition Key: shortCode (String)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Sort Key: timestamp (String, ISO 8601 format)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Attributes: browser, deviceType, country, referrer, etc.
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### New Lambda: analytics.ts
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;GET /api/analytics/{shortCode}
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Returns timeline, browsers, devices, countries, referrers
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Query params: from, to, granularity
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Success Criteria
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; &lt;span class="sb"&gt;`pulumi up`&lt;/span&gt; deploys successfully without errors
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;2.&lt;/span&gt; All existing E2E tests still pass
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;3.&lt;/span&gt; New analytics E2E tests pass
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;4.&lt;/span&gt; Charts render with real data after generating test clicks
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Claude Code reads this, writes the Lambda handlers, updates the Pulumi infrastructure code, and deploys. The infrastructure changes are straightforward:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-typescript" data-lang="typescript"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;// Analytics events table
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;analyticsTable&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;aws&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;dynamodb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Table&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;analytics-table&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;projectName&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;-analytics-&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;stack&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;billingMode&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;PAY_PER_REQUEST&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;hashKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shortCode&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;rangeKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;timestamp&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;attributes&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shortCode&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kr"&gt;type&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;S&amp;#34;&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;timestamp&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kr"&gt;type&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;S&amp;#34;&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;globalSecondaryIndexes&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;by-date&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;hashKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shortCode&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;rangeKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;timestamp&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;projectionType&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;ALL&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;After &lt;code&gt;pulumi up&lt;/code&gt; succeeds, the agent needs to verify the deployed feature works. That&amp;rsquo;s where browser automation comes in. The feature prompt specifies verification requirements:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-markdown" data-lang="markdown"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## End-to-End Verification
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;After deployment, use the &lt;span class="sb"&gt;`/agent-browser`&lt;/span&gt; skill to verify:
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Analytics link appears in navigation
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;2.&lt;/span&gt; Analytics page loads without errors
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;3.&lt;/span&gt; Charts render (timeline, browser, device, geographic)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;4.&lt;/span&gt; URL-specific analytics work from dashboard
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;5.&lt;/span&gt; Click data appears after generating test clicks
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;&lt;img src="analytics-dashboard.png" alt="Analytics dashboard interface displaying metric cards for total clicks and unique visitors, an interactive timeline chart showing daily click data over time, and date range filter buttons for Last 7, 30, and 90 days"&gt;&lt;/p&gt;
&lt;p&gt;The test suite covered six scenarios: homepage load, URL shortening, dashboard view, analytics navigation, analytics overview, and date filter functionality. Nothing fancy, just the basics you&amp;rsquo;d want to verify after deploying.&lt;/p&gt;
&lt;p&gt;I ran the exact same tests with both Playwright MCP and agent-browser to see how much context each consumed.&lt;/p&gt;
&lt;h2 id="agent-browser-workflow-in-practice"&gt;Agent-browser workflow in practice&lt;/h2&gt;
&lt;p&gt;Here&amp;rsquo;s what the CLI interaction looked like during my test run.&lt;/p&gt;
&lt;p&gt;Navigate to the deployed application:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser open https://d1232drths1aav.cloudfront.net
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Snip.ly - Modern URL Shortener
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; https://d1232drths1aav.cloudfront.net/
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Snapshot to see available elements (the &lt;code&gt;-i&lt;/code&gt; flag filters to interactive elements only):&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser snapshot -i
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;S Snip.ly&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e1&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Home&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Dashboard&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e3&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Analytics&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e4&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Docs&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e5&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &lt;span class="s2"&gt;&amp;#34;Switch to dark mode&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e6&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Get Started&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e7&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- textbox &lt;span class="s2"&gt;&amp;#34;Paste your long URL here...&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e8&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &lt;span class="s2"&gt;&amp;#34;Shorten URL&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e9&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;That entire homepage snapshot is 280 characters. Playwright MCP returned 8,247 characters for the same page.&lt;/p&gt;
&lt;p&gt;Fill the URL input and click the shorten button:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser fill @e8 &lt;span class="s2"&gt;&amp;#34;https://example.com/agent-browser-e2e-test&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser click @e9
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Each action confirmation is 6 characters. Playwright MCP returns the full page state after every click - 12,891 characters when I clicked the shorten button.&lt;/p&gt;
&lt;p&gt;Navigate to analytics:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser click @e4
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser &lt;span class="nb"&gt;wait&lt;/span&gt; --load networkidle &lt;span class="o"&gt;&amp;amp;&amp;amp;&lt;/span&gt; agent-browser snapshot -i
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;S Snip.ly&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e1&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Home&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e2&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Dashboard&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e3&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;Analytics&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e4&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &lt;span class="s2"&gt;&amp;#34;Last 7 days&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e8&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &lt;span class="s2"&gt;&amp;#34;Last 30 days&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e9&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- button &lt;span class="s2"&gt;&amp;#34;Last 90 days&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e10&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;1 analytics-e2e-test https://example.com/analytics-test-verification 5&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e11&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- link &lt;span class="s2"&gt;&amp;#34;2 test-url https://www.example.com/this-is-a-very-long-url... 4&amp;#34;&lt;/span&gt; &lt;span class="o"&gt;[&lt;/span&gt;&lt;span class="nv"&gt;ref&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;e12&lt;span class="o"&gt;]&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The analytics snapshot shows date filter buttons and top URLs with click counts. 385 characters versus Playwright MCP&amp;rsquo;s 4,127.&lt;/p&gt;
&lt;p&gt;Test the date filter:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser click @e9
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;$ agent-browser screenshot analytics-30-day-filter.png
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Screenshot saved to analytics-30-day-filter.png
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The ref-based workflow is deterministic. Each command operates on a specific element from the snapshot. No guessing about selectors.&lt;/p&gt;
&lt;h2 id="the-numbers-825-context-reduction"&gt;The numbers: 82.5% context reduction&lt;/h2&gt;
&lt;p&gt;Same six tests, both tools:&lt;/p&gt;
&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Metric&lt;/th&gt;
&lt;th&gt;Playwright MCP&lt;/th&gt;
&lt;th&gt;Agent-Browser&lt;/th&gt;
&lt;th&gt;Reduction&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;Total response characters&lt;/td&gt;
&lt;td&gt;31,117&lt;/td&gt;
&lt;td&gt;5,455&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;82.5%&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Largest single response&lt;/td&gt;
&lt;td&gt;12,891&lt;/td&gt;
&lt;td&gt;2,847&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;77.9%&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Average response size&lt;/td&gt;
&lt;td&gt;3,112&lt;/td&gt;
&lt;td&gt;328&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;89.5%&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Homepage snapshot&lt;/td&gt;
&lt;td&gt;8,247&lt;/td&gt;
&lt;td&gt;280&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;96.6%&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;Dashboard snapshot&lt;/td&gt;
&lt;td&gt;12,891&lt;/td&gt;
&lt;td&gt;2,847&lt;/td&gt;
&lt;td&gt;&lt;strong&gt;77.9%&lt;/strong&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;
&lt;p&gt;The difference is what each tool returns after every action.&lt;/p&gt;
&lt;p&gt;Playwright MCP returns the full accessibility tree after every click:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-yaml" data-lang="yaml"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c"&gt;### Page state&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- &lt;span class="nt"&gt;Page URL&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;https://d1232drths1aav.cloudfront.net/dashboard&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- &lt;span class="nt"&gt;Page Title&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;Snip.ly - Modern URL Shortener&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- &lt;span class="nt"&gt;Page Snapshot&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;- &lt;span class="nt"&gt;generic [ref=e2]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;banner [ref=e3]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;generic [ref=e4]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="l"&gt;link &amp;#34;S Snip.ly&amp;#34; [ref=e5] [cursor=pointer]:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;/url&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;/&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;generic [ref=e6]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;S&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;generic [ref=e7]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;Snip.ly&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;navigation [ref=e8]&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="l"&gt;link &amp;#34;Home&amp;#34; [ref=e9] [cursor=pointer]:&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;/url&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;/&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;- &lt;span class="nt"&gt;text&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;Home&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;...&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="m"&gt;12&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="m"&gt;891&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="l"&gt;characters continues...]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Agent-browser returns:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-text" data-lang="text"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;✓ Done
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;6 characters versus 12,891 for the same button click.&lt;/p&gt;
&lt;p&gt;Six tests consumed ~31K characters with Playwright MCP versus ~5.5K with agent-browser. At roughly 4 characters per token, that&amp;rsquo;s ~7,800 tokens versus ~1,400. An AI agent could run 5.7x more tests in the same context budget.&lt;/p&gt;
&lt;h2 id="what-i-noticed"&gt;What I noticed&lt;/h2&gt;
&lt;p&gt;Past the numbers, working with agent-browser felt different in ways that are hard to quantify.&lt;/p&gt;
&lt;p&gt;The compact snapshots changed the rhythm of iteration. A typical page fit in a few hundred tokens instead of thousands, so Claude Code could run more test cycles before hitting limits. I spent less time worrying about context and more time actually testing.&lt;/p&gt;
&lt;p&gt;Element refs removed a frustration I&amp;rsquo;d had with Playwright. CSS selectors break when someone changes a class name or restructures the DOM. With agent-browser, a button is just &lt;code&gt;@e9&lt;/code&gt;. It doesn&amp;rsquo;t care about styling. That predictability was a relief.&lt;/p&gt;
&lt;p&gt;What worked well:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Snapshots stay small enough that you don&amp;rsquo;t think about them&lt;/li&gt;
&lt;li&gt;Refs mean no selector debugging&lt;/li&gt;
&lt;li&gt;The CLI just works with Claude Code&amp;rsquo;s bash tool&lt;/li&gt;
&lt;li&gt;No MCP server to configure&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Agent-browser is early. Documentation is thin, and I read the source more than once to figure out edge cases.&lt;/p&gt;
&lt;p&gt;Where I hit friction:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Modals that appear after API calls needed manual wait logic&lt;/li&gt;
&lt;li&gt;Playwright&amp;rsquo;s waiting mechanisms are more mature&lt;/li&gt;
&lt;li&gt;Hidden or dynamically loaded elements sometimes didn&amp;rsquo;t show up without explicit waits&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;For my URL shortener tests, agent-browser used fewer tokens per cycle, and the ref-based approach was more predictable than selector-driven automation.&lt;/p&gt;
&lt;p&gt;Playwright MCP still wins on depth. Network interception, multi-tab handling, PDF generation, better waiting logic—if you need those, you need Playwright. For complex browser automation, it&amp;rsquo;s the more capable tool.&lt;/p&gt;
&lt;div class="rounded-lg bg-violet-50 p-6 my-8"&gt;
&lt;p class="heading-4 m-0 mb-3 flex items-center gap-1.5"&gt;Deploy what your agent builds&lt;/p&gt;
&lt;div class="body-base m-0 text-gray-950"&gt;Pulumi provisions the infrastructure your coding agent builds and tests, so a single &lt;code&gt;pulumi up&lt;/code&gt; takes each verified change to the cloud.&lt;/div&gt;
&lt;a href="https://app.pulumi.com/signup" data-track="blog-body-cta" class="btn btn-primary mt-4"&gt;
Get started
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--regular size-4" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-arrow-right-regular"/&gt;&lt;/svg&gt;
&lt;/a&gt;
&lt;/div&gt;
&lt;h2 id="when-to-use-each"&gt;When to use each&lt;/h2&gt;
&lt;p&gt;&lt;strong&gt;Agent-browser&lt;/strong&gt; fits long autonomous sessions where context budget matters, basic navigation and verification tasks, and setups where you want to skip MCP configuration. CLI-based skills also avoid the schema overhead—tool definitions for multi-tool MCPs eat tokens even when idle.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Playwright MCP&lt;/strong&gt; fits when you need the advanced stuff: network interception, PDF generation, multi-tab workflows, or sophisticated synchronization. It&amp;rsquo;s also the right choice if you have existing Playwright test suites. If the full MCP schema feels heavy, &lt;a href="https://github.com/lackeyjb/playwright-skill"&gt;Playwright skills&lt;/a&gt; offer a lighter wrapper.&lt;/p&gt;
&lt;p&gt;Start with agent-browser for AI validation loops. Move to Playwright when you outgrow it.&lt;/p&gt;</description><author>Engin Diri</author><category>ai</category><category>automation</category><category>testing</category><category>claude-code</category><category>serverless</category></item><item><title>How Ralph Wiggum Built a Serverless SaaS with Pulumi</title><link>https://www.pulumi.com/blog/how-ralph-wiggum-built-a-serverless-saas-with-pulumi/</link><pubDate>Wed, 14 Jan 2026 00:00:00 +0000</pubDate><guid>https://www.pulumi.com/blog/how-ralph-wiggum-built-a-serverless-saas-with-pulumi/</guid><description>
&lt;img src="https://www.pulumi.com/images/generated/blog/how-ralph-wiggum-built-a-serverless-saas-with-pulumi/index.png" /&gt;
&lt;p&gt;I was about to do something that felt either genius or completely reckless: hand over my AWS credentials to an AI and step away from my computer. The technique is called &amp;ldquo;&lt;a href="https://simpsons.fandom.com/wiki/Ralph_Wiggum"&gt;Ralph Wiggum&lt;/a&gt;,&amp;rdquo; named after the Simpsons character who eats glue and says &amp;ldquo;I&amp;rsquo;m in danger&amp;rdquo; while everything burns around him. And honestly, that felt about right for what I was attempting.&lt;/p&gt;
&lt;h2 id="the-problem-with-ai-coding-assistants"&gt;The problem with AI coding assistants&lt;/h2&gt;
&lt;p&gt;If you have spent any time with AI coding assistants, you know the frustration. You are in the middle of a task. It is going great. Claude is writing beautiful infrastructure code, understanding your architecture, making progress&amp;hellip; and then it says &amp;ldquo;I have completed your request.&amp;rdquo;&lt;/p&gt;
&lt;p&gt;You stare at the screen. &amp;ldquo;No. No, you have not. You maybe did a third of what I asked.&amp;rdquo;&lt;/p&gt;
&lt;p&gt;So you reprompt it. It does a little more. Then it stops again. You are babysitting. The whole point of using an AI assistant was to save time, but if you have to check on it every five minutes, you are not saving anything. You are just a very expensive supervisor.&lt;/p&gt;
&lt;p&gt;This is the problem &lt;a href="https://x.com/GeoffreyHuntley"&gt;Geoffrey Huntley&lt;/a&gt; decided to solve.&lt;/p&gt;
&lt;h2 id="what-if-we-just-do-not-let-it-stop"&gt;What if we just do not let it stop?&lt;/h2&gt;
&lt;p&gt;Geoffrey Huntley, a developer based in rural Australia (who, according to internet lore, lives on a property with goats), had a deceptively simple idea: what if every time Claude Code finishes and tries to exit, we just feed it the prompt again?&lt;/p&gt;
&lt;p&gt;He named the technique &amp;ldquo;Ralph Wiggum&amp;rdquo; because the character embodies a kind of childlike persistence. Ralph repeatedly fails, makes silly mistakes, yet stubbornly continues in an endless loop until he eventually succeeds. Sound familiar? That is exactly how AI coding agents work. They make mistakes. They try again. They iterate.&lt;/p&gt;
&lt;p&gt;The philosophy behind Ralph is beautifully stated: &amp;ldquo;Better to fail predictably than succeed unpredictably.&amp;rdquo; Every failure is just data for the next iteration.&lt;/p&gt;
&lt;h2 id="how-the-ralph-loop-works"&gt;How the Ralph loop works&lt;/h2&gt;
&lt;p&gt;At its core, the Ralph Wiggum technique is almost embarrassingly simple. It is a bash loop:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;while&lt;/span&gt; true&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="k"&gt;do&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; cat PROMPT.md &lt;span class="p"&gt;|&lt;/span&gt; claude --print --dangerously-skip-permissions
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;done&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;That is it. That is the whole thing. You write your instructions in a &lt;code&gt;PROMPT.md&lt;/code&gt; file, and the loop keeps feeding it to Claude Code over and over.&lt;/p&gt;
&lt;p&gt;But here is why it works: each time Claude starts up, it looks at the project. It sees the files that exist, the code that is already written, the git history. It is not starting from zero. It picks up where it left off, sees what still needs to be done, and keeps going.&lt;/p&gt;
&lt;p&gt;The official Claude Code plugin formalizes this with some important additions:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Completion promises&lt;/strong&gt;: You tell Claude to output a specific string like &lt;code&gt;&amp;lt;promise&amp;gt;COMPLETE&amp;lt;/promise&amp;gt;&lt;/code&gt; when it has genuinely finished&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Max iterations&lt;/strong&gt;: A safety limit so your API bill does not reach infinity&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Stop hooks&lt;/strong&gt;: &lt;a href="https://docs.anthropic.com/en/docs/claude-code/hooks"&gt;The mechanism that intercepts exit attempts and re-injects the prompt&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;To install it:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;/plugin install ralph-wiggum@ghuntley
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;For end-to-end testing of deployed infrastructure, you will also want the Playwright MCP server. This lets Claude interact with your deployed application in a real browser:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;claude mcp add playwright npx @playwright/mcp@latest
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h2 id="why-pulumi-is-perfect-for-ralph"&gt;Why Pulumi is perfect for Ralph&lt;/h2&gt;
&lt;p&gt;&lt;a href="https://www.pulumi.com/what-is/infrastructure-as-code/"&gt;Infrastructure as code&lt;/a&gt; has something most application code does not: objective success criteria. Your Lambda either deploys or it does not. Your DynamoDB table either exists or it does not. Tests either pass or they fail.&lt;/p&gt;
&lt;p&gt;This makes Pulumi an ideal candidate for autonomous AI development:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;&lt;strong&gt;Clear completion signals&lt;/strong&gt;: &lt;code&gt;pulumi preview&lt;/code&gt; and &lt;code&gt;pulumi up&lt;/code&gt; provide unambiguous feedback&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Iterative feedback&lt;/strong&gt;: Failed deployments tell Claude exactly what went wrong&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Testable outputs&lt;/strong&gt;: You can write integration tests that verify your infrastructure actually works&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Registry access&lt;/strong&gt;: With the &lt;a href="https://www.pulumi.com/blog/mcp-server-ai-assistants/"&gt;Pulumi MCP server&lt;/a&gt;, Claude has real-time access to documentation and examples&lt;/li&gt;
&lt;/ol&gt;
&lt;h2 id="the-experiment"&gt;The experiment&lt;/h2&gt;
&lt;p&gt;I decided to build a serverless URL shortener on AWS. Not because the world needs another URL shortener, but because it is the perfect test case: multiple AWS services, clear requirements, and objective success criteria. But I did not want just a basic demo. I wanted a full SaaS-like experience with a polished frontend.&lt;/p&gt;
&lt;p&gt;Here is the &lt;code&gt;PROMPT.md&lt;/code&gt; file I wrote:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-markdown" data-lang="markdown"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gh"&gt;# Build a Production-Ready URL Shortener SaaS on AWS
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Using Pulumi TypeScript, create a complete URL shortener SaaS with a polished frontend experience.
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Infrastructure Requirements
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; DynamoDB table for storing URL mappings (shortCode -&amp;gt; originalUrl, clickCount, createdAt)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Lambda functions for: creating short URLs, redirecting to original URLs, getting stats
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; API Gateway REST API exposing the Lambda functions
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; S3 bucket for the React frontend with static website hosting
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; CloudFront distribution with HTTPS for the frontend and API
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Use the Pulumi ESC environment pulumi-idp/auth for the AWS credentials
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Frontend Requirements (Use /frontend-design skill)
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Create a polished, production-ready SaaS website with:
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### Landing Page
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Hero section with catchy headline and URL input form
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Feature highlights (fast redirects, analytics, custom aliases)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Pricing section (Free tier, Pro tier, Enterprise tier)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Testimonials section with 3 fake but realistic customer reviews
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Footer with links to Docs, Privacy, Terms
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### Dashboard Page
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; URL shortening form with optional custom alias
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; List of created short URLs with click counts
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Copy-to-clipboard functionality
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Delete URL option
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### Documentation Page
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Getting started guide
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; API reference (POST /shorten, GET /{code}, GET /stats/{code})
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Rate limits and usage policies
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; FAQ section
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;### Design Requirements
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Modern, clean aesthetic (no generic AI look)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Responsive design (mobile, tablet, desktop)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Dark mode support
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Smooth animations and transitions
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; Consistent color scheme and typography
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## API Requirements
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; POST /shorten: accepts { url: string, alias?: string }, returns { shortCode, shortUrl }
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; GET /{shortCode}: redirects to original URL (301)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; GET /stats/{shortCode}: returns { originalUrl, clickCount, createdAt }
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Success Criteria
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; All unit tests pass
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; All integration tests pass
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; pulumi preview shows no errors
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; pulumi up deploys successfully
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## End-to-End Verification (Required)
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;After deployment, use Playwright MCP to verify the live site:
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Open the CloudFront URL and verify the landing page loads with all sections
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Navigate to the docs page and verify content renders
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Create a short URL using the dashboard
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Verify the short URL redirects correctly (301 status)
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Check the stats show the click was recorded
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Test responsive design by resizing the viewport
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Take screenshots of landing page, dashboard, and docs as proof
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Only output &amp;lt;promise&amp;gt;COMPLETE&amp;lt;/promise&amp;gt; after ALL of the above including E2E tests pass.
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;The key addition here is the end-to-end verification section. Without it, Claude reports success after &lt;code&gt;pulumi up&lt;/code&gt; finishes, but you have no guarantee the deployed infrastructure actually works. By requiring Playwright to test the live URLs, you catch issues like the CloudFront 403 error I mentioned earlier.&lt;/p&gt;
&lt;p&gt;Before running the loop, I started Claude Code with permission bypass mode to prevent it from stopping to ask for approval on every file write or command:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;claude --permission-mode bypassPermissions
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;There are other ways to handle permissions, but this is the simplest for autonomous execution. Then I ran the Ralph loop:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-bash" data-lang="bash"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;/ralph-wiggum:ralph-loop PROMPT.md --max-iterations &lt;span class="m"&gt;25&lt;/span&gt; --completion-promise &lt;span class="s2"&gt;&amp;#34;COMPLETE&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;Then I stepped away and let it run unsupervised. For complex projects, you could even let it run overnight while you sleep.&lt;/p&gt;
&lt;p&gt;Here is Claude Code in action during the Ralph loop, fixing CloudFront configuration issues and writing unit tests:&lt;/p&gt;
&lt;p&gt;&lt;img src="claude-fixing-cloudfront.png" alt="Claude Code fixing the CloudFront originPath configuration and running pulumi up"&gt;&lt;/p&gt;
&lt;p&gt;&lt;img src="claude-writing-tests.png" alt="Claude Code writing unit tests and creating utility functions"&gt;&lt;/p&gt;
&lt;h2 id="the-results"&gt;The results&lt;/h2&gt;
&lt;div class="note note-info"&gt;
&lt;div class="icon-and-line"&gt;
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--fill" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-info-fill"/&gt;&lt;/svg&gt;
&lt;div class="line"&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;div class="content"&gt;The complete source code for this project is available on GitHub: &lt;a href="https://github.com/dirien/url-shortener-saas"&gt;url-shortener-saas&lt;/a&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;p&gt;When Claude finished, it had:&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Successfully built:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;A complete Pulumi program with proper resource organization&lt;/li&gt;
&lt;li&gt;DynamoDB table with a GSI for querying by creation date&lt;/li&gt;
&lt;li&gt;Three Lambda functions with proper error handling&lt;/li&gt;
&lt;li&gt;API Gateway with CORS configuration&lt;/li&gt;
&lt;li&gt;S3 bucket with static website hosting&lt;/li&gt;
&lt;li&gt;CloudFront distribution with proper cache behaviors&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;The frontend was genuinely impressive:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;A polished landing page with hero section, feature cards, and pricing tiers&lt;/li&gt;
&lt;li&gt;Working testimonials section with three fictional but believable customer reviews&lt;/li&gt;
&lt;li&gt;A functional dashboard where you could create and manage short URLs&lt;/li&gt;
&lt;li&gt;A documentation page with API reference and getting started guide&lt;/li&gt;
&lt;li&gt;Dark mode toggle that actually worked&lt;/li&gt;
&lt;li&gt;Responsive design that looked good on mobile&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="home-screen"&gt;Home screen&lt;/h3&gt;
&lt;p&gt;&lt;img src="landing-page.png" alt="The landing page Claude built, complete with hero section, features, and pricing tiers"&gt;&lt;/p&gt;
&lt;h3 id="dashboard"&gt;Dashboard&lt;/h3&gt;
&lt;p&gt;&lt;img src="dashboard-page.png" alt="The dashboard showing the URL shortening form and list of created URLs"&gt;&lt;/p&gt;
&lt;h3 id="documentation"&gt;Documentation&lt;/h3&gt;
&lt;p&gt;&lt;img src="docs-page.png" alt="The documentation page with API reference and getting started guide"&gt;&lt;/p&gt;
&lt;p&gt;Here is a snippet of what it generated:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-typescript" data-lang="typescript"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;import&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="kr"&gt;as&lt;/span&gt; &lt;span class="nx"&gt;pulumi&lt;/span&gt; &lt;span class="kr"&gt;from&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;@pulumi/pulumi&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;import&lt;/span&gt; &lt;span class="o"&gt;*&lt;/span&gt; &lt;span class="kr"&gt;as&lt;/span&gt; &lt;span class="nx"&gt;aws&lt;/span&gt; &lt;span class="kr"&gt;from&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;@pulumi/aws&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;stack&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nx"&gt;pulumi&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;getStack&lt;/span&gt;&lt;span class="p"&gt;();&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;projectName&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;url-shortener&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;// DynamoDB Table
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;urlTable&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;aws&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;dynamodb&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Table&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;url-table&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;projectName&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;-urls-&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;stack&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;billingMode&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;PAY_PER_REQUEST&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;hashKey&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shortCode&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;attributes&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[{&lt;/span&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shortCode&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="kr"&gt;type&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;S&amp;#34;&lt;/span&gt; &lt;span class="p"&gt;}],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;tags&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;Environment&lt;/span&gt;: &lt;span class="kt"&gt;stack&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;Project&lt;/span&gt;: &lt;span class="kt"&gt;projectName&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;ManagedBy&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;Pulumi&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;// Lambda function for URL shortening
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;shortenFunction&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;aws&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;lambda&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nb"&gt;Function&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;shorten-function&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;name&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;projectName&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;-shorten-&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;stack&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;runtime&lt;/span&gt;: &lt;span class="kt"&gt;aws.lambda.Runtime.NodeJS20dX&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;handler&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;shorten.handler&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;role&lt;/span&gt;: &lt;span class="kt"&gt;lambdaRole.arn&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;timeout&lt;/span&gt;: &lt;span class="kt"&gt;30&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;memorySize&lt;/span&gt;: &lt;span class="kt"&gt;256&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;code&lt;/span&gt;: &lt;span class="kt"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;pulumi&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;asset&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;AssetArchive&lt;/span&gt;&lt;span class="p"&gt;({&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="s2"&gt;&amp;#34;.&amp;#34;&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;pulumi&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;asset&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;FileArchive&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;./lambda&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;),&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}),&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;environment&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;variables&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;TABLE_NAME&lt;/span&gt;: &lt;span class="kt"&gt;urlTable.name&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="c1"&gt;// CloudFront Distribution with S3 and API Gateway origins
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="kr"&gt;const&lt;/span&gt; &lt;span class="nx"&gt;distribution&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="k"&gt;new&lt;/span&gt; &lt;span class="nx"&gt;aws&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;cloudfront&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;Distribution&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;frontend-distribution&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;enabled&lt;/span&gt;: &lt;span class="kt"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;defaultRootObject&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;index.html&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;origins&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;domainName&lt;/span&gt;: &lt;span class="kt"&gt;frontendBucketWebsite.websiteEndpoint&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originId&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;S3Origin&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;customOriginConfig&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;httpPort&lt;/span&gt;: &lt;span class="kt"&gt;80&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;httpsPort&lt;/span&gt;: &lt;span class="kt"&gt;443&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originProtocolPolicy&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;http-only&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originSslProtocols&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;TLSv1.2&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;domainName&lt;/span&gt;: &lt;span class="kt"&gt;pulumi.interpolate&lt;/span&gt;&lt;span class="sb"&gt;`&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;api&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;id&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;.execute-api.&lt;/span&gt;&lt;span class="si"&gt;${&lt;/span&gt;&lt;span class="nx"&gt;aws&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;config&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nx"&gt;region&lt;/span&gt;&lt;span class="si"&gt;}&lt;/span&gt;&lt;span class="sb"&gt;.amazonaws.com`&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originId&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;APIGatewayOrigin&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;customOriginConfig&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;httpPort&lt;/span&gt;: &lt;span class="kt"&gt;80&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;httpsPort&lt;/span&gt;: &lt;span class="kt"&gt;443&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originProtocolPolicy&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;https-only&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;originSslProtocols&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;TLSv1.2&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;defaultCacheBehavior&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;targetOriginId&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;S3Origin&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;viewerProtocolPolicy&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;redirect-to-https&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;allowedMethods&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;GET&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;HEAD&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;OPTIONS&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;cachedMethods&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;GET&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;HEAD&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;forwardedValues&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;queryString&lt;/span&gt;: &lt;span class="kt"&gt;false&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;cookies&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;forward&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;none&amp;#34;&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;orderedCacheBehaviors&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;pathPattern&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;/api/*&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;targetOriginId&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;APIGatewayOrigin&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;viewerProtocolPolicy&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;https-only&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;allowedMethods&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;DELETE&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;GET&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;HEAD&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;OPTIONS&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;PATCH&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;POST&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;PUT&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;cachedMethods&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;GET&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;HEAD&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;forwardedValues&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;queryString&lt;/span&gt;: &lt;span class="kt"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;headers&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="s2"&gt;&amp;#34;Authorization&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;Content-Type&amp;#34;&lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;cookies&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt; &lt;span class="nx"&gt;forward&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s2"&gt;&amp;#34;none&amp;#34;&lt;/span&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;minTtl&lt;/span&gt;: &lt;span class="kt"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;defaultTtl&lt;/span&gt;: &lt;span class="kt"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;maxTtl&lt;/span&gt;: &lt;span class="kt"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;}],&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;viewerCertificate&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="p"&gt;{&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="nx"&gt;cloudfrontDefaultCertificate&lt;/span&gt;: &lt;span class="kt"&gt;true&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt; &lt;span class="p"&gt;},&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="p"&gt;});&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;&lt;strong&gt;Where it struggled:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;The first few iterations had the Lambda code inline instead of in separate files&lt;/li&gt;
&lt;li&gt;It initially forgot to set up IAM permissions for the Lambda to access DynamoDB&lt;/li&gt;
&lt;li&gt;The CloudFront configuration took three attempts to get the cache behaviors right&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;The funny parts:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;At iteration 12, it decided to completely refactor the project structure. Then at iteration 13, it refactored it back&lt;/li&gt;
&lt;li&gt;One commit message simply read: &amp;ldquo;fix the fix that fixed the previous fix&amp;rdquo;&lt;/li&gt;
&lt;li&gt;It wrote a test, ran the test, fixed the code to pass the test, then realized the test was wrong&lt;/li&gt;
&lt;/ul&gt;
&lt;div class="rounded-lg bg-violet-50 p-6 my-8"&gt;
&lt;p class="heading-4 m-0 mb-3 flex items-center gap-1.5"&gt;Pair your coding agent with Pulumi&lt;/p&gt;
&lt;div class="body-base m-0 text-gray-950"&gt;You can point Claude Code, Cursor, Codex, or any coding agent at Pulumi through the Pulumi MCP server and Agent Skills, and let infrastructure as code give it objective success criteria. Start a project to try it.&lt;/div&gt;
&lt;a href="https://www.pulumi.com/docs/ai/" data-track="blog-body-cta" class="btn btn-primary mt-4"&gt;
Get started
&lt;svg xmlns="http://www.w3.org/2000/svg" class="ph-icon ph-icon--regular size-4" fill="currentColor" aria-hidden="true" focusable="false"&gt;&lt;use href="https://www.pulumi.com/icons/sprite.4a9ac1016b9d8a688a5e7e867f96bdf80115a0739af8c688ba04791e15f64461.svg#p-arrow-right-regular"/&gt;&lt;/svg&gt;
&lt;/a&gt;
&lt;/div&gt;
&lt;h2 id="best-practices-for-ralph-with-pulumi"&gt;Best practices for Ralph with Pulumi&lt;/h2&gt;
&lt;p&gt;After running several experiments, here is what I have learned:&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Write extremely specific prompts.&lt;/strong&gt; Vague instructions lead to vague implementations. Be explicit about every requirement, every edge case, every success criterion.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Use &lt;code&gt;pulumi preview&lt;/code&gt; as your feedback loop.&lt;/strong&gt; Add this to your success criteria:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-markdown" data-lang="markdown"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;Success Criteria:
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; pulumi preview completes with no errors
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;-&lt;/span&gt; pulumi preview shows expected resource count (approximately X resources)
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;&lt;strong&gt;Set realistic iteration limits.&lt;/strong&gt; For infrastructure projects, I have found 20-30 iterations is usually sufficient. More than that and you are probably missing something in your prompt.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Include test requirements.&lt;/strong&gt; Claude is surprisingly good at test-driven development when you tell it to write tests first:&lt;/p&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" class="chroma"&gt;&lt;code class="language-markdown" data-lang="markdown"&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="gu"&gt;## Development Approach
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Write unit tests for each Lambda function first
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Implement Lambda functions to pass the tests
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Write integration tests that verify the deployed infrastructure
&lt;/span&gt;&lt;/span&gt;&lt;span class="line"&gt;&lt;span class="cl"&gt;&lt;span class="k"&gt;1.&lt;/span&gt; Only output COMPLETE when all tests pass
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;&lt;strong&gt;Mention cost awareness.&lt;/strong&gt; Add a note like &amp;ldquo;Use PAY_PER_REQUEST billing for DynamoDB&amp;rdquo; or &amp;ldquo;Use the smallest Lambda memory allocation that works.&amp;rdquo; Claude will optimize for what you tell it to optimize for.&lt;/p&gt;
&lt;h2 id="the-honest-assessment"&gt;The honest assessment&lt;/h2&gt;
&lt;p&gt;Is this the future of infrastructure development? Probably not entirely. But it is a genuinely useful technique for specific scenarios:&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Great for:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Greenfield projects where you have clear requirements&lt;/li&gt;
&lt;li&gt;Large migrations or refactors&lt;/li&gt;
&lt;li&gt;Building proof-of-concept infrastructure while you focus on other work&lt;/li&gt;
&lt;li&gt;Tasks where iteration is more valuable than perfection on the first try&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;Not great for:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Production infrastructure changes (please do not let an AI modify your production AWS account unsupervised)&lt;/li&gt;
&lt;li&gt;Complex architecture decisions that require human judgment&lt;/li&gt;
&lt;li&gt;Anything involving sensitive data or security configurations&lt;/li&gt;
&lt;li&gt;Small tweaks or quick fixes (overkill)&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;The API costs were reasonable for what I got. For a complete infrastructure project built autonomously, a few dollars in Claude API calls is a bargain compared to my hourly rate.&lt;/p&gt;
&lt;h2 id="try-it-yourself"&gt;Try it yourself&lt;/h2&gt;
&lt;p&gt;If you want to experiment with Ralph Wiggum and Pulumi:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;Install Claude Code and the Ralph Wiggum plugin&lt;/li&gt;
&lt;li&gt;Set up your &lt;a href="https://app.pulumi.com/signup"&gt;Pulumi account&lt;/a&gt; and AWS credentials&lt;/li&gt;
&lt;li&gt;Write a detailed &lt;code&gt;PROMPT.md&lt;/code&gt; with clear success criteria&lt;/li&gt;
&lt;li&gt;Start with a small project and low iteration limits&lt;/li&gt;
&lt;li&gt;Review the git history when it finishes&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;The combination of autonomous AI loops and infrastructure as code feels like a glimpse of where development is heading. Not replacing developers, but changing how we use our time. Instead of babysitting an AI through each step, you hand it a well-defined problem and come back to working infrastructure.&lt;/p&gt;
&lt;p&gt;Just make sure you have billing alerts set up. Ralph Wiggum does not know when to stop spending your money.&lt;/p&gt;
&lt;h2 id="or-try-pulumi-neo-ralph-built-in"&gt;Or try Pulumi Neo: Ralph built-in&lt;/h2&gt;
&lt;p&gt;If setting up the Ralph Wiggum plugin feels like too much ceremony, Pulumi has something similar built right into &lt;a href="https://www.pulumi.com/docs/ai/tasks/"&gt;Pulumi Neo&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Neo Tasks work on the same principle: you describe what you want, and Neo plans and executes the infrastructure changes. The key is &lt;strong&gt;auto mode&lt;/strong&gt;. When you set a task to auto mode, Neo runs without requesting approvals. It plans, executes, validates with &lt;code&gt;pulumi preview&lt;/code&gt;, and iterates until the task is complete.&lt;/p&gt;
&lt;p&gt;The experience is remarkably similar to Ralph:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Persistent execution&lt;/strong&gt;: Tasks continue running even if you close your browser. Come back later and Neo shows you what it accomplished while you were away.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Iterative refinement&lt;/strong&gt;: Failed deployments inform the next attempt, just like Ralph re-reading the project state.&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Clear completion&lt;/strong&gt;: Neo knows when the infrastructure matches your requirements.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;The main difference is that Neo runs in Pulumi Cloud rather than on your local machine, and it is purpose-built for infrastructure tasks. You get the autonomous loop experience without needing to configure plugins or bash loops.&lt;/p&gt;
&lt;p&gt;&lt;img src="img.png" alt="Pulumi Neo interface showing task configuration with auto mode enabled"&gt;&lt;/p&gt;
&lt;p&gt;For teams already using Pulumi Cloud, Neo with auto mode might be the fastest path to autonomous infrastructure development.&lt;/p&gt;
&lt;h2 id="resources"&gt;Resources&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href="https://ghuntley.com/ralph/"&gt;Geoffrey Huntley&amp;rsquo;s original Ralph Wiggum post&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://docs.anthropic.com/claude-code/"&gt;Claude Code documentation&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.pulumi.com/docs/ai/tasks/"&gt;Pulumi Neo Tasks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.pulumi.com/blog/mcp-server-ai-assistants/"&gt;Pulumi MCP Server for AI assistants&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.pulumi.com/docs/clouds/aws/get-started/"&gt;Getting started with Pulumi on AWS&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.pulumi.com/docs/iac/concepts/testing/"&gt;Testing Pulumi programs&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;</description><author>Engin Diri</author><category>aws</category><category>serverless</category><category>automation</category><category>typescript</category><category>ai</category><category>claude-code</category></item></channel></rss>