# Agent Overview ## Overview The agent uses Bluebricks' [context layer](/docs/getting-started/building-blocks.md#the-context-layer) to discover, reason about, and take action across your infrastructure through natural conversation. It sees every resource, relationship, and dependency in your connected cloud accounts, whether managed by code or not. You can reach the agent in the [Bluebricks app](https://app.bluebricks.co/agent), from [Slack](/docs/integrations/slack.md), or programmatically via the [Bluebricks MCP](/docs/integrations/bricks-mcp.md) server. ## Use cases The agent handles workflows across three areas: security, infrastructure operations, and cost optimization. In each case, it can both discover the current state and take action to change it. ### Security Identify configuration risks, compliance gaps, and remediate them through code. The agent queries the context layer for security-relevant configuration across all connected accounts. When it finds an issue, it can open a pull request to fix it, so remediation follows the same governed, auditable workflow as any other change. | What you can ask | What the agent does | | ------------------------------------------------------------------------ | ------------------------------------------------------ | | "Which S3 buckets are publicly accessible?" | Queries the context layer for bucket ACLs and policies | | "Are there any security groups allowing inbound traffic from 0.0.0.0/0?" | Scans security group rules across all VPCs | | "Which RDS instances don't have encryption at rest?" | Checks encryption configuration across accounts | | "Open a PR to enforce encryption at rest on all RDS instances" | Generates Terraform changes and opens a pull request | You can also point the agent at findings from your existing security tools. Paste a finding or describe the issue, and the agent maps it to the affected resources in the context layer and proposes a fix. ### Infrastructure Discover what is running, identify drift, and manage resources across accounts. The agent can answer questions about resource inventory, ownership, and code coverage. It can also codify unmanaged resources, scale infrastructure, and deploy changes. | What you can ask | What the agent does | | ------------------------------------------------------- | -------------------------------------------------------------------- | | "Show me all EKS components across my AWS accounts" | Cross-account resource discovery | | "List all databases tagged as 'legacy'" | Filtered resource search by tags | | "Which resources in production aren't managed by code?" | Identifies unmanaged resources (drift and coverage analysis) | | "What percentage of my infrastructure is codified?" | Calculates managed vs. unmanaged ratio | | "Codify the unmanaged S3 buckets in production" | Generates Terraform code and opens a PR to bring resources under IaC | | "Scale the EKS cluster in staging to 5 nodes" | Modifies Terraform and opens a PR with the change | To bring unmanaged resources under code control, see [Codifying Infrastructure](/docs/agent/codifying-infrastructure.md). ### FinOps Find cost savings and act on them. The agent analyzes resource configuration to surface optimization opportunities. It can identify orphaned resources, recommend rightsizing, and open PRs to implement the changes. | What you can ask | What the agent does | | -------------------------------------------------------------- | ---------------------------------------------- | | "Show me unattached EBS volumes across all accounts" | Finds orphaned storage still incurring costs | | "Which Elastic IPs aren't associated with a running instance?" | Identifies unused IPs incurring charges | | "What would it save to downsize all gp2 volumes to gp3?" | Estimates savings from a specific optimization | | "Compare RDS instance counts between production and staging" | Cross-account comparison for right-sizing | ### Narrowing scope The agent queries across all connected cloud providers by default. Add an account or provider name to narrow the results: ``` Show me all Lambda functions ``` ``` Show me all Lambda functions in the staging account ``` {% hint style="info" %} **Prefer a visual interface?** You can also explore your infrastructure through the [Cloud Graph](/docs/orchestration/cloud-graph.md), which shows resources, relationships, and managed vs. unmanaged status across all your collections. {% endhint %} ## How it works The agent has two classes of tools: * **Read tools** query the context layer without modifying anything: resource discovery, environment listing, deployment outputs, and package inspection. You can ask questions freely without side effects * **Write tools** create or modify infrastructure: opening pull requests, deploying environments, and approving or rejecting plans. Every write operation requires your explicit approval before it executes Responses reflect what is actually running in your accounts, not what a language model was trained on. For details on how the context layer is built and why it matters, see [What is Bluebricks?](/docs/getting-started/building-blocks.md) ## Safety and governance Infrastructure changes go through a plan-and-approve workflow. The agent always presents the plan and waits for your confirmation before applying. * **Read-only by default**: inspection tools never modify your infrastructure. Write operations require you to take explicit action * **All changes go through IaC**: the agent codifies changes in Terraform and routes them through pull requests, rather than making direct cloud API calls * **Organization-scoped**: all queries are scoped to your organization. The agent cannot access resources outside your org * **RBAC**: the agent respects your organization roles and permissions * **Transparent execution**: the agent shows its reasoning step by step. Tool calls, query results, and logs are visible in the chat * **Audit trail**: every message and action is logged and stored in your task history For roles and permissions, see [Roles and Permissions](/docs/organization-and-security/roles-and-permissions.md). ## Agent and orchestration If your team uses the Bluebricks [orchestration platform](/docs/orchestration/orchestration.md), the agent can manage blueprints, environments, and approval flows through conversation. The same governance policies, RBAC rules, and audit trails apply whether you work through the agent or the app. ``` Deploy the postgres blueprint to staging ``` ``` Approve my latest staging environment ``` ``` What went wrong with the last production deploy? ``` For details on how approval flows, collection policies, and permissions work in conversation, see [Agent Governance](/docs/agent/governance.md). For the orchestration concepts themselves, see [Collections](/docs/orchestration/collections.md), [Packages](/docs/orchestration/packages.md), and [Environments](/docs/orchestration/environments.md). ## The chat interface From the agent page, click **New task** to open a fresh conversation. Type your question or request and press **Enter** to send. The agent begins working immediately, and your task auto-titles based on your first message. Your recent tasks appear in the sidebar. Click any task to resume where you left off. To rename a task, click the title at the top of the conversation. To archive it, open the menu next to the title and select **Archive**. ### Resource graphs When you ask about relationships or dependencies, the agent returns an interactive resource graph. Nodes represent cloud resources and edges show how they connect. You can pan, zoom, and click nodes for detail. ### Pull request blocks When the agent opens a PR, the conversation shows a PR block with the title, branch names, and an expandable inline diff. You can review the proposed changes directly in the chat before navigating to GitHub. For a full breakdown of PR structure, see [Reading a Bluebricks PR](/docs/agent/reading-a-bluebricks-pr.md). ### Agent reasoning and logs While the agent works, an expandable **Working** block shows the reasoning process in real time. Once complete, the block collapses to **Worked** with the total duration. Agent logs show the tools called and their results. These are useful for understanding how the agent arrived at an answer, especially when troubleshooting unexpected results. ## Programmatic access Beyond the chat interface, you can interact with the agent from other tools:
Cover image
Slack
Mention @Bluebricks in any channel or send a direct message to talk to the agent where your team already works		/files/E21i5dqLo9yWJjdtoLCw/pages/BbLL8HAiAWS8pYAPUPSE
Bluebricks MCP
Connect any MCP-compatible client (VS Code, Claude Desktop, Cursor) to plan, deploy, and approve infrastructure		/files/B5g045FfRNXDmBjyJrb8/pages/lCqJ2UXQQOfXqaFbS3hf
Claude Code Plugin
Deploy blueprints, create packages, and manage environments directly from your terminal		/files/pQBH7E3mRH42EVoC75Vg/pages/LawfMBptIo5x6AUdNIyP
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://bluebricks.co/docs/agent/agents-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.