A robust Rust-based CLI toolset designed for efficient DevOps workflows.
| Feature | Description |
|---|---|
| Terraform Cleanup | Remove .terraform, .terragrunt-cache and lock files |
| AI Assistant Upgrade | Batch update Claude Code, Codex, Gemini CLI |
| Package Manager | Install/update nvm, pnpm, Rust, Go, kubectl, k9s, tmux, vim, etc. |
| MCP Manager | Manage MCP servers for Claude/Codex/Gemini |
| Security Scanner | Run gitleaks, trufflehog, git-secrets, trivy, semgrep |
| Prompt Generator | 4-step LLM workflow with progress tracking |
| Skill Installer | Install AI CLI extensions (Claude/Codex/Gemini) |
| Rust Build | Build cross-platform binaries (cargo/cross) |
| Container Builder | Docker/Buildah multi-arch builds (x86, arm64, armv7, Jetson) |
| Kubeconfig Manager | tmux window-isolated kubeconfig |
Intelligently cleans cache files generated by Terraform and Terragrunt:
.terragrunt-cachedirectories.terraformdirectories.terraform.lock.hclfiles- Automatically filters duplicate sub-paths to avoid redundant deletions.
Batch upgrades for popular AI code assistants:
Claude Code(@anthropic-ai/claude-code)OpenAI Codex(@openai/codex)Google Gemini CLI(@google/gemini-cli)
Install, remove, and update common tools with an interactive checklist:
nvm(installs latest Node.js)pnpmRust(via rustup)Go(downloads latest official archive/pkg)Terraformkubectlkubectxk9sgituv(installs latest Python)tmux(includes TPM + tmux.conf setup)vim(includes vim-plug + molokai config)ffmpeg(build script on Linux, Homebrew on macOS)
Manages MCP servers for Claude, Codex, and Gemini CLI:
| MCP Tool | Description |
|---|---|
sequential-thinking |
Sequential Thinking |
context7 |
Documentation Query |
chrome-devtools |
Chrome DevTools |
kubernetes |
K8s Management |
tailwindcss |
Tailwind CSS (Utility-first CSS) |
arxiv-mcp-server |
arXiv Academic Paper Search & Download |
github |
GitHub Integration |
cloudflare-* |
Cloudflare MCP Servers (Docs/Workers/Observability/etc.) |
Optional Feature Flags & MCP Credentials (build-time only via .env):
How to enable:
cp .env.example .env- Fill in the values you need.
- Build the binary (
cargo build --release).
Available MCP options:
- Context7 MCP: set
CONTEXT7_API_KEYto enable thecontext7tool. - GitHub MCP: set
GITHUB_PERSONAL_ACCESS_TOKEN(required) to enable thegithubtool.GITHUB_MCP_MODE:docker(default, works without Copilot subscription) orremote(requires GitHub Copilot subscription)GITHUB_HOST: optional, defaultgithub.com(for GitHub Enterprise)GITHUB_TOOLSETS: optional, comma-separated list of toolsets to enable (e.g.,repos,issues,pull_requests,actions)
- Cloudflare MCP: set
enable_cloudflare_mcp=trueto enablecloudflare-*tools (OAuth during install). - arXiv MCP: set
ARXIV_STORAGE_PATH(optional, default~/.arxiv-papers) to configure paper storage location.
For Codex MCP installs, build-time values for CONTEXT7_API_KEY, GITHUB_PERSONAL_ACCESS_TOKEN, and GITHUB_HOST are written into ~/.codex/config.toml, so runtime env vars aren't required.
Cloudflare MCP installs use OAuth in interactive mode (stdio inherited) so URL prompts and auth codes work. On WSL, open the auth URL with wslview or run the CLI on Windows if the localhost callback cannot reach WSL.
Cloudflare's MCP server catalog: https://developers.cloudflare.com/agents/model-context-protocol/mcp-servers-for-cloudflare/
Quickly installs and runs strict scans against the current Git repo:
gitleaks(history + working tree)trufflehog(history + working tree)git-secrets(history + working tree)trivy(SCA + misconfig on working tree)semgrep(SAST on working tree)
Auto-install tries common package managers, Trivy's install script, and pipx/venv for Semgrep, then falls back to GitHub releases (requires curl/wget and tar/unzip).
Working tree scans only include Git-tracked files and skip anything ignored by .gitignore, with raw logs printed per scan.
Generate and execute 4-step prompts for LLM workflows:
- Generate: Create prompt files from YAML/JSON specification files
- Run: Interactive runner for Claude/Codex/Gemini CLI (run all or selected features)
- Status: View feature execution progress and status
- Validate: Validate spec file format
- YAML Prompt: Generate a YAML spec prompt (built-in template)
- Spec field
verification_urlmay be empty to indicate no validation URL
The 4-step workflow:
- P1: Requirements, implementation, and deployment
- P2: E2E validation in verification environment
- P3: Refactoring and optimization
- P4: E2E regression testing in verification environment
Progress is tracked per feature with session management for resumable execution.
Install and manage extensions for AI CLI tools:
| CLI | Extension Format | Install Path |
|---|---|---|
| Claude Code | Plugins + Skills | ~/.claude/plugins/, ~/.claude/skills/ |
| OpenAI Codex | Skills (SKILL.md) | ~/.codex/skills/ |
| Google Gemini | Extensions (TOML) | ~/.gemini/extensions/ |
Available Extensions:
ralph-wiggum- AI Agent Loop (Claude/Gemini)security-guidance- Security Best Practices (Claude/Gemini)frontend-design- Frontend Interface Design (All CLIs)code-review- Code Review Assistant (All CLIs)pr-review-toolkit- PR Review Tools (All CLIs)commit-commands- Git Commit Helper (All CLIs)writing-rules- Writing Style Rules (All CLIs)
Note: Gemini uses a different extension format. The installer automatically converts Claude plugins to Gemini's native TOML format and registers them in extension-enablement.json.
See docs/SKILL_INSTALLER.md for development guide.
Build multi-architecture container images with Docker or Buildah:
- Build Engines: Docker (buildx) or Buildah (daemonless OCI builder)
- Multi-Architecture Support:
- x86_64 / amd64 (Intel/AMD 64-bit)
- arm64 / aarch64 (Apple Silicon, AWS Graviton)
- armv7 / arm/v7 (Raspberry Pi 2/3)
- Jetson Nano (NVIDIA Jetson Nano aarch64)
- Dockerfile Scanner: Auto-detects Dockerfile, Containerfile, and variants (Dockerfile.dev, etc.)
- Registry Push: Optional push to container registries
- Quick Selection: Remembers recent image names, tags, and registries for fast reuse
curl -fsSL https://raw.githubusercontent.com/DennySORA/Ops-Tools/main/install.sh | bashDownload the version corresponding to your system from the Releases page.
# Build
cargo build --release
# Configure environment variables (Optional, for MCP management features)
cp .env.example .env
# Edit .env and fill in your credentialsIf installed via the script, run directly:
ops-toolsIf built from source:
cargo run
# or
./target/release/toolsSelect a function from the menu:
- Clean Terraform/Terragrunt cache files
- Upgrade AI code assistant tools
- Install/Update system packages (macOS/Linux)
- Upgrade Rust projects and toolchain
- Build Rust binaries for multiple platforms (glibc vs musl, cargo or cross)
- Security scan (Gitleaks/TruffleHog/Git-Secrets/Trivy/Semgrep)
- Manage MCP tools (Claude/Codex/Gemini)
- LLM Prompt Generator (4-step workflow)
- Container Image Builder (Docker/Buildah multi-arch)
- Kubeconfig Manager (tmux window-isolated)
- Language settings (English/Traditional Chinese/Simplified Chinese/Japanese)
Rust Build target hints
*-unknown-linux-gnu(glibc): best for mainstream distros; dynamic linking, smaller binary but needs system glibc.*-unknown-linux-musl(musl, mostly static): best for Alpine/scratch images; single-file style deployment.i686-*legacy 32-bit x86;powerpc64le-*OpenPOWER/IBM Cloud;wasm32-unknown-unknownfor browser/wasm runtimes (no std).
You'll be prompted to choose a language at startup, and you can switch languages later from the menu.
Language preference is saved to ~/.config/ops-tools/config.toml (Linux), ~/Library/Application Support/ops-tools/config.toml (macOS), or %APPDATA%\\ops-tools\\config.toml (Windows).
Contributions are welcome! Please submit a Pull Request or open an Issue.
MIT License