// the find
zapier/kubechecks
Check your Kubernetes changes before they hit the cluster
kubechecks is a webhook server that runs validation checks on Kubernetes manifests when a PR is opened, then posts the results as a PR comment. It's ArgoCD-specific: it queries the live ArgoCD state and uses ArgoCD's repo server directly to generate what the new resources would actually look like, giving you a real diff rather than a naive YAML compare. Built and run by Zapier's SRE team.
It talks to ArgoCD's repo server to generate manifests the same way ArgoCD does, so Helm values, Kustomize overlays, and ApplicationSet generators all get rendered correctly — no hand-rolled diff logic that diverges from reality. The AI review layer (pkg/aireview) supports both Anthropic and OpenAI and is structured as an agent with tools, not just a prompt dump. Local dev setup with Tilt and Terraform that provisions real GitHub/GitLab repos with test apps is unusually thorough for a project this size. Actively maintained by a team that runs it in production, which matters more than star count for infrastructure tooling.
Hard ArgoCD dependency makes this a non-starter if your shop uses Flux, Crossplane, or anything else — there's no abstraction layer and no stated plans to add one. Small community (44 forks) means you're largely on your own when something breaks in your specific ArgoCD version or VCS setup. The local dev path requires a running Kubernetes cluster plus ArgoCD plus ngrok for webhook tunneling — the onboarding friction is real. The AI review feature is bolted on without clear documentation of what it actually checks or how reliable it is in practice, which makes it hard to know whether to trust or ignore its output.