DEV Community: Ajanthan HR

Part 2: AI Agent Truly Intelligent?

Ajanthan HR — Sun, 06 Apr 2025 02:29:14 +0000

What Makes an AI Agent Truly Intelligent?

We’ve all heard the buzz around AI agents, but what really sets an intelligent agent apart from a basic chatbot or automation script?

At the core, a powerful AI agent is built from five essential components — each working together to create a system that’s not just reactive, but proactive, adaptable, and intelligent.

Profile / Persona

This defines the identity and purpose of the agent.
Is it a coder that writes backend logic? A tester that writes unit tests? A researcher that gathers insights?
The persona sets the tone, behavior, and capabilities of the agent.

Actions

What can the agent actually do?
This could include:

Calling APIs
Writing files
Sending emails
Generating code
Interfacing with tools or databases

The more precise and powerful the action set, the more capable the agent becomes.

Knowledge / Memory

An agent needs to remember context — not just within a session, but across interactions.
This includes:

Factual knowledge
Past interactions
Task history
User preferences

This memory layer is what enables long-term learning and personalization.

Reasoning / Evaluation

Can the agent analyze, compare, and make decisions?
Good agents don’t just follow instructions blindly — they evaluate outcomes, suggest alternatives, and learn from errors.
This is where AI starts to mimic critical thinking.

Planning / Feedback

Finally, an intelligent agent should be able to:

Break down complex tasks into steps
Execute a plan
Adjust based on real-time feedback from the user or system

Think of it as the agent’s ability to learn and improve through iteration.

Wrapping Up

We’re entering an era where AI agents will handle real-world responsibilities — from coding and testing to customer service and research. But only those agents with a strong foundation in these five components will truly deliver value.

Part-1: Agents Are the New Interfaces — Welcome to the Future of AI

Ajanthan HR — Sat, 05 Apr 2025 19:15:23 +0000

What Is an AI Agent?

An agent, by definition, is something that acts, produces an effect, or achieves a result through intelligence. In AI, the term refers to systems that can understand tasks, make decisions, and take action — often with or without human involvement.

In modern AI, the term assistant is often used interchangeably with agent. Think ChatGPT, GPT-based plugins, or any intelligent system that works on your behalf.

Four Ways We Interact with AI Today

Direct Interaction
This is the simplest form — you talk directly to the LLM (like early ChatGPT). No middle layer, no interpretation, just raw conversation.
Agent/Assistant Proxy
Here, the LLM refines or reformulates your request before performing the task. Example: When ChatGPT rephrases your prompt before sending it to DALL·E 3 for image generation.
Agent/Assistant with Function Calls
In this case, the LLM understands available tools (like plugins) and prepares to use them. It asks for your approval before executing and returns the result wrapped in a natural-language response.
Autonomous Agent
The most powerful — and potentially risky — form. These agents create a plan, make decisions, and execute steps independently. They may ask for feedback occasionally but operate with a high level of autonomy.

Multi-Agent Systems: AI Teams in Action

As tasks grow in complexity, we move from single agents to multi-agent systems.

Imagine this setup:

A controller agent communicates with the user.
A coder agent writes the requested code.
A tester agent writes unit tests for it.

These agents collaborate, share information, and refine their outputs before delivering a final solution. It’s like having a virtual team — one that never sleeps.

Why Multi-Agent Systems Matter

Parallel task execution
Specialization by role
Collaborative feedback loops
Reduced error rates
Scalable intelligence

Platforms like Microsoft AutoGen are leading the way, letting developers create flexible, powerful multi-agent configurations to solve real-world problems.

From One Agent to Many: The Future of AI

We’re evolving from chat-based AI into intelligent, proactive, and collaborative agent systems.

These agents don’t just assist — they plan, build, test, evaluate, and deliver — together.

AI is no longer a tool. It’s becoming your team.

[Boost]

Ajanthan HR — Sat, 05 Apr 2025 19:02:09 +0000

How to Automate Azure Storage Using Pulumi ESC & Automation API

Ajanthan HR — Thu, 03 Apr 2025 05:26:26 +0000

This is a submission for the Pulumi Deploy and Document Challenge: Shhh, It's a Secret!

What I Built

I developed a Python-based automation tool that streamlines the provisioning of Azure Storage Accounts using Pulumi ESC (Environment, Secrets, and Config) and the Pulumi Automation API. This tool enables infrastructure as code (IaC) by dynamically retrieving environment-specific configurations, securely handling authentication credentials, and deploying cloud resources in a fully automated manner.

The implementation leverages Pulumi ESC SDK to fetch environment variables, secrets, and configuration details, ensuring a secure and scalable infrastructure deployment process. Additionally, the Pulumi Automation API is used to programmatically create and manage stacks, enabling seamless provisioning, updating, and destruction of cloud resources.

Key features of the tool include:

Environment-aware provisioning: Automatically fetches required configurations and credentials.
Secure authentication: Uses OIDC-based authentication to interact with Azure.
Infrastructure as Code (IaC): Automates the creation of Azure Resource Groups and Storage Accounts.
Automated stack management: Supports creation, update, and teardown of resources with minimal manual intervention.

Live Demo Link

https://github.com/Ajanhari/azure-pulumi-esc/blob/main/README.md#Demo

Project Repo

https://github.com/Ajanhari/azure-pulumi-esc

My Journey

Create a new pulumi program:

'ajan@LAPTOP-I71Q9TDP:~/pulumi-esc-demo$' pulumi new python
This command will walk you through creating a new Pulumi project.

Enter a value or leave blank to accept the (default), and press <ENTER>.
Press ^C at any time to quit.

Project name (pulumi-esc-demo):
Project description (A minimal Python Pulumi program): Automate Azure Storage Creation Using Pulumi ESC & Automation API
Created project 'pulumi-esc-demo'

Please enter your desired stack name.
To create a stack in an organization, use the format <org-name>/<stack-name> (e.g. `acmecorp/dev`).
Stack name (dev): DemoESCOrg/prod
Created stack 'prod'

The toolchain to use for installing dependencies and running the program pip
Installing dependencies...

Creating virtual environment...
Finished creating virtual environment
Updating pip, setuptools, and wheel in virtual environment...
Requirement already satisfied: pip in ./venv/lib/python3.10/site-packages (22.0.2)
Collecting pip
  Using cached pip-25.0.1-py3-none-any.whl (1.8 MB)
  ...
  ...
Requirement already satisfied: setuptools in ./venv/lib/python3.10/site-packages (59.6.0)
Installing collected packages: six, semver, pyyaml, protobuf, grpcio, dill, debugpy, pulumi
Successfully installed debugpy-1.8.13 dill-0.3.9 grpcio-1.66.2 protobuf-4.25.6 pulumi-3.159.0 pyyaml-6.0.2 semver-3.0.4 six-1.17.0
Finished installing dependencies
Finished installing dependencies

Your new project is ready to go!

To perform an initial deployment, run `pulumi up`

'ajan@LAPTOP-I71Q9TDP:~/pulumi-esc-demo$' ls
Pulumi.yaml  __main__.py  requirements.txt  venv

We now have a pulumi project YAML configuration file and the beginnings of a small python program all set up.

According to the pulumi documentation, we need to add a pulumi cloud access token

export PULUMI_ACCESS_TOKEN="your pulumi cloud org token"

Setup Azure Service Principal and Configure Federated Credentials for pulumi ESC

This guide will walk you through creating a Service Principal in Azure with Federated Credentials using the Azure Portal.

Steps to Create a Service Principal with Federated Credentials

1. Create an App Registration

- In the Azure portal, navigate to Azure Active Directory.
- Select App registrations and then click New registration.
- Provide a name for your application (e.g., pulumi-azure-esc-auth).
- In the Supported account types section, select Accounts in this organizational directory only.
- Click Register.

After the Microsoft Entra application has been created, take note of the following details:

Subscription ID
Application (client) ID
Directory (tenant) ID

These values will be necessary when enabling OIDC for your service.

2. Configure Federated Credentials

Once your application is registered, navigate to the Certificates & secrets pane in the left navigation menu.

Select the Federated credentials tab.
Click on Add credential to start the Add a credential wizard.
In the wizard, select Other Issuer as the Federated credential scenario.
Fill in the remaining form fields as follows:
- Issuer: https://api.pulumi.com/oidc
- Subject Identifier: pulumi:environments:org:DemoESCOrg:env:DevDemo/prod
- Name: An arbitrary name for the credential, e.g., "pulumi-oidc-credentials".
- Audience:
- For Pulumi Deployments, this is only the name of your Pulumi organization.
- For ESC (Enterprise Service Connection), this is the name of your Pulumi organization prefixed with azure: (e.g., azure:DemoESCOrg).

3. Assign Roles

Go to the resource group/subscription you want the service principal to access.
Select Access control (IAM).
Click on Add role assignment, choose the appropriate role (e.g., Contributor), and select your newly created application.
Click Save.

Once these steps are completed, your Service Principal with Federated Credentials will be set up and ready to use.

Creating Pulumi ESC environment:

ESC environments can be established using two methods: through the ESC CLI or via Pulumi Cloud. This guide specifically outlines the process for creating an environment using the ESC CLI.

Before proceeding, please ensure that the ESC CLI is installed on your system.

Create a New Organization (Optional): If desired, you can create a new organization to help manage your projects and environments more effectively. This step is optional and can be skipped if you prefer to use your existing organization.

Initialize a New Environment: Use the following command to create a new environment

esc login
esc env init DemoESCOrg/DevDemo/prod

Pulumi uses OIDC (OpenID Connect) to authenticate with Azure via Microsoft Entra Workload Identity Federation. This requires configuring ESC environment to pass the correct credentials.
Run the following command to modify the environment configuration:

  esc env edit DemoESCOrg/DevDemo/prod

Replace Default Content with OIDC Configuration and add the following environment variables:

  values:
    azure:
      login:
        fn::open::azure-login:
          clientId: <your-client-id>
          tenantId: <your-tenant-id>
          subscriptionId: /subscriptions/<your-subscription-id>
          oidc: true
    environmentVariables:
      ARM_USE_OIDC: 'true'
      ARM_CLIENT_ID: ${azure.login.clientId}
      ARM_TENANT_ID: ${azure.login.tenantId}
      ARM_OIDC_TOKEN: ${azure.login.oidc.token}
      ARM_SUBSCRIPTION_ID: ${azure.login.subscriptionId}

Replace the placeholder 'your-client-id', 'your-tenant-id' and 'your-subscription-id' with actual value based your service principle and azure subscription.
To confirm that the environment variables were set correctly, run below and output verify values are set properly:

esc env get DemoESCOrg/DevDemo/prod

Retrieve Secrets from Azure Key Vault using Pulumi ESC

The azure-secrets provider enables you to dynamically import Secrets and Configuration from Azure Key Vault into your Environment. The provider will return a map of names to Secrets.

Run the following command to modify/update the environment configuration:

  esc env edit DemoESCOrg/DevDemo/prod

Replace Default Content with OIDC Configuration and add the following environment variables:

  values:
    azure:
      login:
        fn::open::azure-login:
            ...
            ...
      secrets:
        fn::open::azure-secrets:
          login: ${azure.login}
          vault: example-vault-name # your keyvault name
          get:
            api-key:
              name: api-key # Replace with actual secret name from keyvault
      app-secret:
        name: app-secret
    environmentVariables:
        ...
        ...
        ...

Replace the placeholder 'your-client-id', 'your-tenant-id' and 'your-subscription-id' with actual value based your service principle and azure subscription.
To confirm that the environment variables were set correctly, run below and output verify values are set properly:
```
 esc env get DemoESCOrg/DevDemo/prod OR
 esc env open DemoESCOrg/DevDemo/prod
```
You should see output similar to the following and the value for "api-key" is fetched from azure key vault:

    {
    "azure": {
      "login": {
        "clientId": "aaaa....",
        "oidc": {
          "token": "ey...."
                },
        "subscriptionId": "000....",
        "tenantId": "8888...."
              },
      "secrets": {
        "api-key": "my-api-key-value",
               }
          }
    }

Using Pulumi ESC

Using Pulumi ESC, achieved below goals

Establish Secrets and Configurations: Utilize Pulumi ESC environments within Pulumi Cloud to create and manage secrets and configurations effectively.
Securely Retrieve Secrets: Fetch secrets from Azure Key Vault and securely store them in the Pulumi Cloud environment for streamlined access and management.
Integrate and Provision Resources: Developed a program that leverages Pulumi ESC configurations to provision an Azure Resource Group and a Storage Account.

Challenges:

According to this document (https://www.pulumi.com/docs/pulumi-cloud/access-management/oidc/provider/azure/#configure-oidc-in-the-pulumi-console), enabling Azure integration automatically stores the fetched credentials as environment variables. However, since I am unable to save the configuration, the credentials are not stored automatically.

As a workaround, I retrieved the values using the ESC SDK in a Python program and set the required values through code. This enables authentication to Azure using the OIDC token.

Note: Pulumi has very decent documentation, which helps me a lot to configure the project setup.

Conclusion.

This script seamlessly integrates Pulumi with ESC to retrieve environment values and authenticate with Azure using OIDC. It automates the creation and management of Azure resources, ensuring a streamlined and secure deployment process. Additionally, it allows you to easily update or destroy the stack as needed, providing flexibility and control over your infrastructure.

If you have any queries, let me know in the comments section. Happy to assist you.

GitHub Access Governance with Pulumi.

Ajanthan HR — Sun, 30 Mar 2025 03:30:14 +0000

This is a submission for the Pulumi Deploy and Document Challenge: Get Creative with Pulumi and GitHub

Introduction

Managing user access in GitHub at scale is not easy, especially when you have to handle multiple repositories, teams, and permissions across an organization. It becomes even more challenging when you need to ensure security and compliance.

That's where Pulumi comes in. It's a powerful Infrastructure as Code (IaC) tool that allows you to define and enforce access policies using familiar programming languages like Python, TypeScript, and Go. Instead of manually managing permissions, you can automate everything with code, making it more efficient and scalable.

What I Built: Automated GitHub Access Management

This project aims to create a fully automated system for simplified permission management, eliminating the need to manually configure settings within GitHub's interface.

The solution allows you to define user roles and repository access configurations within a straightforward YAML file. Pulumi, combined with Python and GitHub Actions, automates the provisioning and enforcement of these access controls.

This approach is ideal for startups, enterprises, open-source projects, and any team seeking a hassle-free, scalable solution for GitHub access management.

Live Demo: Setting Up and Running the Project

Note: Make sure pulumi installation is done before. if not kindly refer https://www.pulumi.com/docs/iac/download-install
Follow these steps to see the project in action:

Step 1: Clone the Repository

git clone https://github.com/Ajanhari/pulumi-github-access-governance.git
cd pulumi-github-access-governance

Step 2: Set Up Pulumi and Install Dependencies

pip install pulumi pulumi-github pyyaml

Step 3: Configure Pulumi for Your GitHub Organization

# Login to Pulumi locally
pulumi login --local

# Set GitHub Personal Access Token (Replace with actual token)
pulumi config set --secret githubToken "<YOUR_GITHUB_PERSONAL_ACCESS_TOKEN>"

# Initialize a new Pulumi stack named "dev"
pulumi stack init dev

# Set GitHub organization/owner (Replace 'YourOrgName' with your actual org)
pulumi config set github:owner "YourOrgName"

# Set GitHub API Base URL
pulumi config set github:baseUrl "https://api.github.com"

Note: Replace with your actual GitHub Personal Access Token. Treat this token as a secret and manage it accordingly. YourOrgName should be replaced with your GitHub Organization name.

Step 4: Modify `users.yaml` to Assign Roles

Modify the users.yaml file to define roles and assign users to repositories.

repositories:
  repo1:
    admin:
      - Ajanthan
      - Sachin
    maintain:
      - maintainer1
    write:
      - Varun
      - dev2
    triage: []
    read: []
  repo2:
    admin:
      - Ajanthan
      - Sachin
    write:
      - Varun

Step 5: Deploy Changes

pulumi up --yes

Step 6: Verify in GitHub

Check your GitHub repository settings to confirm the updated access permissions.

Step 7: Automate with GitHub Actions

Push the updated users.yaml file to the repository and let GitHub Actions handle the provisioning.

git add users.yaml
git commit -m "Updated user roles"
git push origin main

GitHub Actions will automatically apply the changes.

Project Repo

https://github.com/Ajanhari/pulumi-github-access-governance

Key Advantages

Centralized User Management: Define and manage all access permissions in a single YAML file.
Automated Access Control: Eliminates the need for manual configuration, reducing human error and saving time.
Scalability: Designed to efficiently handle access management for hundreds of repositories.
Compliance & Security: Leverages GitHub Actions for audit trails and logs, enhancing compliance and security.

Conclusion

If you're seeking to streamline GitHub access governance across multiple repositories, Pulumi offers a powerful and efficient solution. By leveraging Infrastructure as Code principles, Pulumi simplifies permission management, enhances scalability, and improves the reliability of your GitHub access controls. This approach saves time and reduces risk, allowing your team to focus on development and innovation.

If you have any queries, let me know in the comments section. Happy to assist you.

Note: This code is tested in github enterprise account.

DEV Community: Ajanthan HR

Part 2: AI Agent Truly Intelligent?

Profile / Persona

Actions

Knowledge / Memory

Reasoning / Evaluation

Planning / Feedback

Wrapping Up

Part-1: Agents Are the New Interfaces — Welcome to the Future of AI

What Is an AI Agent?

Four Ways We Interact with AI Today

Multi-Agent Systems: AI Teams in Action

Why Multi-Agent Systems Matter

From One Agent to Many: The Future of AI

[Boost]

How to Automate Azure Storage Using Pulumi ESC & Automation API

What I Built

Key features of the tool include:

Live Demo Link

Project Repo

My Journey

Create a new pulumi program:

Setup Azure Service Principal and Configure Federated Credentials for pulumi ESC

Steps to Create a Service Principal with Federated Credentials

1. Create an App Registration

2. Configure Federated Credentials

3. Assign Roles

Creating Pulumi ESC environment:

Retrieve Secrets from Azure Key Vault using Pulumi ESC

Using Pulumi ESC

Challenges:

Conclusion.

GitHub Access Governance with Pulumi.

Introduction

What I Built: Automated GitHub Access Management

Live Demo: Setting Up and Running the Project

Step 1: Clone the Repository

Step 2: Set Up Pulumi and Install Dependencies

Step 3: Configure Pulumi for Your GitHub Organization

Step 4: Modify users.yaml to Assign Roles

Step 5: Deploy Changes

Step 6: Verify in GitHub

Step 7: Automate with GitHub Actions

Project Repo

Key Advantages

Conclusion

Step 4: Modify `users.yaml` to Assign Roles