Guidance for AI coding agents working in this repository.
Kite is a single-binary Kubernetes web console with a Go backend and a React
frontend. The backend serves API routes, embeds the built frontend from
static/, manages users/RBAC/settings through GORM, and talks to Kubernetes
clusters through controller-runtime/client-go clients. The frontend is a Vite
React app that renders resource lists, detail pages, settings, terminals, Helm
views, metrics, global search, and the AI chat UI.
Keep changes narrow. Do not add tests, refactors, helpers, feature flags, broad validation, compatibility shims, comments, or docs unless the current task requires them. If a change is local to one handler or component, keep it there.
The root Makefile is the main command surface.
make deps # pnpm install in ui/ and go mod download
make frontend # build ui/ into static/
make backend # build the Go binary
make build # frontend + backend
make dev # run Go backend and Vite dev server
make lint # go vet, golangci-lint, frontend eslint
make format # go fmt and frontend prettier
make pre-commit # required before committingBackend-only checks can be run directly:
go test ./...
go test ./pkg/resources
go test ./pkg/clusterFrontend commands live in ui/:
pnpm --dir ui run build
pnpm --dir ui run type-check
pnpm --dir ui run lint
pnpm --dir ui run testEnd-to-end tests live in e2e/ and use Playwright plus a local kind cluster:
make e2e-test
make e2e-run SPEC=specs/cluster-management.spec.tsRun only the checks relevant to the files you changed unless the user asks for a
larger sweep. Before creating a commit, always run make pre-commit and use its
result as the commit gate.
Process startup is split across the root Go files:
main.gohandles flags, pprof on localhost, HTTP server startup, shutdown, and build-version logging.app.goloads environment settings, initializes DB, RBAC, templates, config file/env input, the cluster manager, config watcher, scheduler, and Gin middleware.routes.goregisters public, auth, admin, protected, resource, Helm, terminal, metrics, proxy, and AI routes.static.goembedsstatic/, serves hashed assets with cache middleware, and falls back tostatic/index.htmlfor frontend routes.
The backend package layout is feature-oriented:
pkg/modelis the GORM layer.InitDBauto-migrates all models and supports sqlite, mysql, and postgres. Sensitive persisted strings useSecretString.pkg/clusterownsClusterManager, Kubernetes client creation, Prometheus discovery, and cluster sync.pkg/kubewraps controller-runtime/client-go clients and owns the shared runtime scheme.pkg/resourcesowns Kubernetes resource APIs. Most resources useGenericResourceHandler; version-dependent APIs useversionedResourceHandler; CRDs useCRHandler.pkg/common/resource.gois the backend resource registry for kinds, aliases, scope, searchability, and related-resource support.pkg/rbacchecks Kite RBAC roles before resource access.pkg/auth,pkg/users, andpkg/apikeysown login, OAuth/LDAP/password users, cookies, API keys, and admin gates.pkg/helmandpkg/helmutilown chart repositories, chart content, and Helm release actions.pkg/terminal,pkg/kube, andpkg/resources/logs_handler.goown websocket terminals, exec, and log streaming.pkg/aiowns provider configuration, chat handling, tool definitions, interaction pauses, Kubernetes tool execution, and tool authorization.
Most protected API calls go through:
authHandler.RequireAuth()middleware.ClusterMiddleware(cm)- feature-specific handlers
middleware.RBACMiddleware()before registered Kubernetes resource routes
The current cluster is passed as x-cluster-name. The frontend writes it to
localStorage and a cookie in ui/src/lib/current-cluster.ts, and the API client
adds the encoded header in ui/src/lib/api-client.ts. The backend middleware
also accepts the same value from query params or cookies for websocket and other
non-fetch flows.
Frontend entry points:
ui/src/main.tsxwires top-level providers.ui/src/App.tsxowns the app shell, cluster gate, search, terminal, and AI chat surfaces.ui/src/routes.tsxowns routing.ui/src/lib/api/owns API functions, re-exported byui/src/lib/api.ts.
UI rules:
- Keep UI simple and consistent with existing visual and interaction patterns.
- Reuse existing components before creating new ones.
- Treat
ui/src/components/uias shadcn-managed primitives; edit them only when the primitive itself must change. - Put reusable feature-level components under
ui/src/components.
When adding or renaming a resource surface, keep these in sync:
- backend constants and registry in
pkg/common/resource.go - backend handler registration in
pkg/resources/handler.go - frontend resource catalog in
ui/src/lib/resource-catalog.ts - route/page/component files under
ui/src/pagesandui/src/components - translation keys in
ui/src/i18n/locales/en.jsonandzh.json
Frontend formatting is Prettier-driven: no semicolons, single quotes, 2-space indentation, sorted imports. Let the configured formatter handle import order.
Runtime settings are loaded in pkg/common/common.go from environment variables
such as PORT, JWT_SECRET, KITE_ENCRYPT_KEY, DB_TYPE, DB_DSN,
KITE_BASE, KITE_CONFIG_FILE, and CORS settings.
External config files are parsed in internal/config.go. File-managed sections
(clusters, oauth, ldap, rbac, superUser) become read-only in the UI.
The config watcher reloads managed sections at runtime.
The Helm chart lives under charts/kite. Chart templates wire environment,
secrets, sqlite persistence, config file mounts, service account/RBAC, ingress,
gateway, probes, and deployment strategy. If changing runtime env behavior,
check both pkg/common/common.go and the chart template/value path that sets
the same variable.
Do not edit these files by hand:
static/: generated bypnpm --dir ui run buildormake frontendkiteandbin/: generated binariesui/node_modules/,e2e/node_modules/, and Vite cache directories
Only update lockfiles (go.sum, ui/pnpm-lock.yaml, e2e/pnpm-lock.yaml) when
dependency changes require it.
- Use
go fmt. Keep handlers direct and feature-local. - Follow existing Gin response, klog, and request-context patterns.
- For Kubernetes resources, use the existing registry, handlers, and clients;
preserve cluster scope, namespace scope, and
_allbehavior. - Do not bypass auth, cluster, RBAC, or AI tool authorization paths.
- Store sensitive persisted values with
model.SecretString; never log secrets. - For user-visible frontend text, use i18n keys and keep
en.jsonandzh.jsonin sync.