feat (infra): add helm chart and publish pipeline

Adds a production Helm chart under charts/skyflo/ with templates
for all components, CRD, RBAC, secrets, and configmaps. CI
publishes to charts.skyflo.ai via GitHub Pages on each release.

Author: KaranJagtiani

.github/workflows/release.yml

@@ -4,9 +4,14 @@ on:
   push:
     tags:
       - "v*"
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Chart version to publish (without v prefix, e.g. 0.6.0)"
+        required: true
 
 jobs:
-  publish:
+  dockerhub:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
@@ -29,10 +34,15 @@ jobs:
       - name: Extract version metadata
         id: meta
         run: |
-          TAG="${GITHUB_REF_NAME}"
-          IS_TEST="false"
-          if [[ "$TAG" == *"test"* ]]; then
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            TAG="v${{ github.event.inputs.version }}"
             IS_TEST="true"
+          else
+            TAG="${GITHUB_REF_NAME}"
+            IS_TEST="false"
+            if [[ "$TAG" == *"test"* ]]; then
+              IS_TEST="true"
+            fi
           fi
           {
             echo "tag=${TAG}"
@@ -78,3 +88,80 @@ jobs:
           build-args: |
             APP_VERSION=${{ steps.meta.outputs.version }}
             NEXT_PUBLIC_APP_VERSION=${{ steps.meta.outputs.version }}
+
+  helm:
+    runs-on: ubuntu-latest
+    needs: dockerhub
+    if: always() && !cancelled() && (needs.dockerhub.result == 'success' || needs.dockerhub.result == 'skipped')
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Extract version
+        id: meta
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="${{ github.event.inputs.version }}"
+            IS_TEST="false"
+          else
+            TAG="${GITHUB_REF_NAME}"
+            VERSION="${TAG#v}"
+            IS_TEST="false"
+            if [[ "$TAG" == *"test"* ]]; then
+              IS_TEST="true"
+            fi
+          fi
+          {
+            echo "version=${VERSION}"
+            echo "is_test=${IS_TEST}"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4
+
+      - name: Set chart version
+        run: |
+          sed -i "s/^version:.*/version: ${{ steps.meta.outputs.version }}/" charts/skyflo/Chart.yaml
+          sed -i "s/^appVersion:.*/appVersion: \"${{ steps.meta.outputs.version }}\"/" charts/skyflo/Chart.yaml
+
+      - name: Package Helm chart
+        run: helm package charts/skyflo
+
+      - name: Publish to charts.skyflo.ai (GitHub Pages)
+        if: steps.meta.outputs.is_test != 'true'
+        env:
+          CHART_PKG: skyflo-${{ steps.meta.outputs.version }}.tgz
+        run: |
+          PAGES_DIR=$(mktemp -d)
+
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+          if git ls-remote --exit-code --heads origin gh-pages >/dev/null 2>&1; then
+            git clone --single-branch --branch gh-pages \
+              "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git" \
+              "$PAGES_DIR"
+          else
+            git init "$PAGES_DIR"
+            git -C "$PAGES_DIR" checkout --orphan gh-pages
+            git -C "$PAGES_DIR" remote add origin \
+              "https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git"
+          fi
+
+          cp "$CHART_PKG" "$PAGES_DIR/"
+          echo "charts.skyflo.ai" > "$PAGES_DIR/CNAME"
+
+          if [ -f "$PAGES_DIR/index.yaml" ]; then
+            helm repo index "$PAGES_DIR" --url https://charts.skyflo.ai --merge "$PAGES_DIR/index.yaml"
+          else
+            helm repo index "$PAGES_DIR" --url https://charts.skyflo.ai
+          fi
+
+          cd "$PAGES_DIR"
+          git add .
+          git commit -m "Release skyflo-${{ steps.meta.outputs.version }}"
+          git push origin gh-pages

CONTRIBUTING.md

@@ -1,10 +1,10 @@
-# Contributing to Skyflo.ai
+# Contributing to Skyflo
 
-Thank you for considering contributing to Skyflo.ai. This document outlines how to contribute effectively and what standards are expected.
+Thank you for considering contributing to Skyflo. This document outlines how to contribute effectively and what standards are expected.
 
 We are committed to providing a friendly, safe, and welcoming environment for all contributors. Please read and follow our [Code of Conduct](CODE_OF_CONDUCT.md).
 
-Before making changes, read the [Architecture Guide](docs/architecture.md). It explains the system layout and will save you time.
+Before making changes, read the [Architecture Guide](https://skyflo.ai/docs/architecture). It explains the system layout and will save you time.
 
 ## Quick Start
 
@@ -165,14 +165,13 @@ These timelines can be extended if the contributor communicates delays proactive
 
 ## License
 
-Skyflo.ai is licensed under the Apache License 2.0.
+Skyflo is licensed under the Apache License 2.0.
 
 By contributing, you agree that your contributions are licensed under Apache License 2.0.
 
 ## Trademarks
 
-The Skyflo name and logos are trademarks and are **not** covered by the Apache License.
-See [TRADEMARKS.md](TRADEMARKS.md) for usage rules.
+The Skyflo name and logo are trademarks and are **not** covered by the Apache License. See [TRADEMARKS.md](TRADEMARKS.md) for usage rules.
 
 ## Community
 

README.md

@@ -1,10 +1,10 @@
 <p align="center">
   <a href="https://skyflo.ai">
-    <img src="./assets/readme.png" alt="Skyflo – Self-Hosted AI Control Layer for Kubernetes and CI/CD (Jenkins)" width="1000"/>
+    <img src="https://skyflo.ai/assets/hero.png" alt="Skyflo – Self-Hosted AI Agent for Kubernetes and CI/CD" width="1000"/>
   </a>
 </p>
 
-<h3 align="center">Self-Hosted AI Control Layer for Kubernetes & CI/CD</h3>
+<h3 align="center">Self-Hosted AI Agent for Kubernetes & CI/CD</h3>
 
 <p align="center">
   <a href="https://github.com/skyflo-ai/skyflo/actions">
@@ -19,29 +19,64 @@
 </p>
 
 <p align="center">
-  <a href="https://skyflo.ai">Website</a> ·
-  <a href="docs/install.md">Installation</a> ·
-  <a href="docs/architecture.md">Architecture</a> ·
+  <a href="https://skyflo.ai/docs">Docs</a> ·
+  <a href="https://skyflo.ai/docs/architecture">Architecture</a> ·
   <a href="https://discord.gg/kCFNavMund">Discord</a>
 </p>
 
 ---
 
-Skyflo is a **self-hosted AI operations agent** for **Kubernetes and CI/CD** with **native Jenkins support**. It turns natural language into **typed, auditable tool execution**, enforced by an **approval gate for every mutating operation**.
+Infrastructure automation tools fall into two categories.
 
-Skyflo is not a CLI wrapper, not an autonomous mutation bot, and not a GitOps control plane. It is an **in-cluster execution runtime** that enforces deterministic control before anything changes in production.
+CLI assistants translate prompts into shell commands.
+Autonomous agents execute infrastructure changes without explicit approval.
+
+Neither model guarantees a deterministic execution process or a complete audit trail.
+
+Skyflo is a **self-hosted AI agent for Kubernetes and CI/CD systems**. It runs inside your cluster and executes infrastructure operations through a deterministic control loop:
+
+**Plan → Approve → Execute → Verify**
+
+> Every mutating tool call is approval-gated, typed, and auditable.
+
+Skyflo is not a CLI wrapper, not an autonomous mutation bot, and not a GitOps control plane.
+
+It is an **in-cluster AI control layer** that enforces safe infrastructure changes before anything reaches production.
 
 ---
 
 ### Quick Start
 
-Install Skyflo inside your Kubernetes cluster:
+Install Skyflo inside your Kubernetes cluster.
+
+**Helm:**
+
+```bash
+helm repo add skyflo https://charts.skyflo.ai
+helm repo update skyflo
+helm install skyflo skyflo/skyflo -n skyflo-ai --create-namespace -f values.yaml
+```
+
+Minimum `values.yaml`:
+
+```yaml
+engine:
+  secrets:
+    llmModel: "gemini/gemini-2.5-pro"
+    moonshotApiKey: "AI-..."
+```
+
+See complete [Helm Values Reference](https://github.com/skyflo-ai/skyflo/blob/main/charts/skyflo/values.yaml) for full configuration.
+
+**curl:**
+
+Get started quickly with the interactive installer.
 
 ```bash
 curl -fsSL https://skyflo.ai/install.sh | bash
 ```
 
-Bring your own LLM (OpenAI, Anthropic, Gemini, Groq, self-hosted). See [docs/install.md](docs/install.md).
+Bring your own LLM (OpenAI, Anthropic, Gemini, Groq, self-hosted). See the [installation guide](https://skyflo.ai/docs/quick-start).
 
 ---
 
@@ -52,7 +87,7 @@ Skyflo enforces a strict loop for every infrastructure change:
 1. **Plan**: generate a concrete, replayable plan
 2. **Approve**: explicit approval for every mutating tool call
 3. **Execute**: run typed tools via MCP (Kubernetes, Helm, Argo Rollouts, Jenkins)
-4. **Verify**: validate state against the declared intent
+4. **Verify**: validate cluster state against declared intent
 5. **Persist**: store tool-level audit history
 
 No blind `kubectl apply`. No silent automation. No untracked changes.
@@ -61,13 +96,12 @@ No blind `kubectl apply`. No silent automation. No untracked changes.
 
 ### Safety Properties
 
-* Approval gate for every mutating operation
-* Typed tool execution (schema-validated inputs)
+* Approval gate for every mutating tool call, enforced by the engine
+* Typed tool execution with schema-validated inputs
 * Persisted audit trail with tool results
 * Replayable control loop (plan → approve → execute → verify)
-* Runs inside your cluster (data stays in your environment)
-* No outbound data to Skyflo servers
-* LLM-agnostic (no vendor lock-in)
+* Runs inside your cluster. No Skyflo telemetry or phone-home
+* LLM-agnostic via LiteLLM. No vendor lock-in
 
 ---
 
@@ -80,14 +114,14 @@ No blind `kubectl apply`. No silent automation. No untracked changes.
 | **Argo Rollouts** | status, pause/resume, promote/cancel, progressive delivery control               |
 | **Jenkins**       | jobs/builds/logs, parameters, SCM context, build control                         |
 
-All mutating operations require explicit approval.
+All mutating tool calls require explicit approval.
 
 ---
 
 ### Demo
 
 <p align="center">
-  <img src="assets/demo.gif" alt="Skyflo Demo" width="100%"/>
+  <img src="https://skyflo.ai/assets/demo.gif" alt="Skyflo Demo" width="100%"/>
 </p>
 
 Deterministic plans. Explicit approval. Verified execution.
@@ -116,7 +150,7 @@ Deterministic plans. Explicit approval. Verified execution.
 | [**MCP Server**](mcp)    | Typed tools for Kubernetes, Helm, Argo Rollouts, Jenkins                     |
 | [**Command Center**](ui) | Next.js UI with real-time streaming, approvals, team admin                   |
 
-Details: [docs/architecture.md](docs/architecture.md)
+Details: [Architecture](https://skyflo.ai/docs/architecture)
 
 ---
 
@@ -135,7 +169,7 @@ Apache 2.0. See [LICENSE](LICENSE).
 ### Community
 
 <p>
-  <a href="https://skyflo.ai">Website</a> ·
+  <a href="https://skyflo.ai/docs">Docs</a> ·
   <a href="https://discord.gg/kCFNavMund">Discord</a> ·
   <a href="https://x.com/skyflo_ai">X</a> ·
   <a href="https://www.linkedin.com/company/skyflo">LinkedIn</a>

charts/skyflo/.helmignore

@@ -0,0 +1,13 @@
+.DS_Store
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+.git
+.gitignore
+.bzr
+.bzrignore
+.hg
+.hgignore
+.svn

charts/skyflo/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: skyflo
+description: Self-hosted AI control layer for Kubernetes and CI/CD systems
+type: application
+version: 0.1.0
+appVersion: "0.1.0"
+home: https://skyflo.ai
+sources:
+  - https://github.com/skyflo-ai/skyflo
+maintainers:
+  - name: skyflo-ai
+    url: https://github.com/skyflo-ai
+keywords:
+  - kubernetes
+  - ai
+  - infrastructure
+  - cicd
+  - mcp