From c610cb28ed2b22069ba35e575c3359f8e7b731d3 Mon Sep 17 00:00:00 2001 From: bog Date: Fri, 29 May 2026 10:27:39 +0800 Subject: [PATCH] feat: tencent docs --- README.md | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 96 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7a2034c..7af7e77 100644 --- a/README.md +++ b/README.md @@ -207,10 +207,11 @@ The standalone CLI MCP currently exposes these tools: Flags: - `--aws`: force AWS context/tooling for the question (uses the default env/profile from `~/.clanker.yaml` unless you pass `--profile`) +- `--tencent`: force Tencent Cloud context/tooling for the question (uses `tencent.*` config or `TENCENTCLOUD_*` env vars) - `--profile `: override the AWS CLI profile for this run - `--ai-profile `: select an AI provider profile from `ai.providers.` (overrides `ai.default_provider`) -- `--maker`: generate an AWS CLI plan (JSON) for infrastructure changes -- `--destroyer`: allow destructive AWS CLI operations when using `--maker` +- `--maker`: generate a provider execution plan (JSON) for infrastructure changes +- `--destroyer`: allow destructive cloud operations when using `--maker` - `--apply`: apply an approved maker plan (reads from stdin unless `--plan-file` is provided) - `--plan-file `: optional path to maker plan JSON file for `--apply` - `--debug`: print diagnostics (selected tools, AWS CLI calls, prompt sizes) @@ -240,6 +241,9 @@ clanker ask --aws --maker --apply --plan-file plan.json | cat # Allow destructive operations (only with explicit intent) clanker ask --aws --maker --destroyer "delete the clanka-postgres rds instance" | cat + +# Tencent Cloud maker uses direct Tencent API calls +clanker ask --tencent --maker "create a VPC named clanker-demo in ap-singapore" | cat ``` ### Security @@ -622,6 +626,96 @@ clanker ask --apply --plan-file plan.json | cat clanker ask --hetzner --maker --destroyer "delete the test server" | cat ``` +## Tencent Cloud + +Clanker supports Tencent Cloud through direct SDK/API calls. You do not need to install a separate Tencent CLI. The `clanker tencent` command tree is useful for raw inventory, security scans, billing checks, renewal alerts, and TKE kubeconfig export; `clanker ask --tencent` adds natural-language answers on top of that inventory. + +### Setup + +Create a Tencent Cloud CAM secret ID / secret key with the permissions needed for the services you want to inspect. + +Set credentials with environment variables: + +```bash +export TENCENTCLOUD_SECRET_ID="AKID..." +export TENCENTCLOUD_SECRET_KEY="..." +export TENCENTCLOUD_REGION="ap-singapore" +``` + +Or configure in `~/.clanker.yaml`: + +```yaml +tencent: + secret_id: "AKID..." + secret_key: "..." + region: ap-singapore +``` + +Legacy env var aliases are also supported: `TENCENT_SECRET_ID`, `TENCENT_SECRET_KEY`, and `TENCENT_REGION`. If no region is set, Clanker defaults to `ap-singapore`. Static commands also accept `--region`. + +### Static Commands + +```bash +# List resources directly (no AI) +clanker tencent list cvm +clanker tencent list vpc --region ap-singapore +clanker tencent list security-groups --all-regions +clanker tencent list tke --format json +clanker tencent regions + +# Aliases +clanker tc list cvm +clanker tencentcloud list cos +``` + +Common `list` resources include `cvm`, `vpc`, `subnets`, `security-groups`, `mysql`, `postgres`, `cos`, `tke`, `clb`, `eip`, `cbs`, `ssl`, `cam`, `redis`, `mongodb`, `cynosdb`, `cdn`, `edgeone`, `waf`, `antiddos`, `nat`, `vpn`, `ccn`, `dc`, `monitor`, `cls`, and `cloudaudit`. + +### AI Queries + +```bash +clanker ask --tencent "what CVMs are running?" +clanker ask --tencent "which security groups expose SSH to the internet?" +clanker ask --tencent "show me TKE clusters and their node counts" +``` + +### Security, Cost, and TKE Helpers + +```bash +# Security group audit +clanker tencent sg-rules sg-abc12345 --region ap-singapore + +# JSON security scans +clanker tencent security public-exposure --region ap-singapore +clanker tencent security db-exposure --region ap-singapore +clanker tencent security all --region ap-singapore + +# Billing and vouchers +clanker tencent cost by-product --month 2026-05 +clanker tencent cost top --month 2026-05 --limit 20 +clanker tencent cost vouchers --status unUsed + +# Renewal alerts for prepaid resources +clanker tencent expiry --regions=ap-singapore,ap-jakarta --threshold=14 --format=json + +# TKE kubeconfig export +clanker tencent kubeconfig cls-abc123 --region ap-singapore > ~/.kube/tencent +``` + +### Maker (Plan + Apply) + +Tencent maker plans use a `tencent-api` verb internally, so execution goes through signed Tencent API requests directly. Destructive API actions require `--destroyer`. + +```bash +# Generate a plan +clanker ask --tencent --maker "create a security group that allows HTTPS" | tee plan.json + +# Apply an approved plan +clanker ask --apply --plan-file plan.json | cat + +# Allow destructive operations +clanker ask --tencent --maker --destroyer "delete the unused test CVM" | cat +``` + ## Fly.io Clanker supports Fly.io apps, machines, volumes, secrets, and addons via the Machines REST API plus the legacy GraphQL endpoint for orgs, Postgres, Wireguard, tokens, and marketplace extensions. The `flyctl` (a.k.a. `fly`) CLI is required only for `deploy`, `ssh`, `proxy`, and `secrets set` (which pipes values over stdin so they never appear on the command line).