datumctl ai translates natural language into Datum Cloud operations. Ask it a
question — “list all DNS zones”, “which projects am I in?” — and the assistant
figures out which resources to read and shows you the answer. When it wants to
make a change, it always pauses and asks you to confirm first.
The assistant reasons over your resources through a large language model, so
you supply your own model API key (Anthropic, OpenAI, or Gemini). Your key and
requests go directly to the provider you choose.
Before you start
You need two things:- A logged-in
datumctl. The assistant reads and writes real Datum Cloud resources, so you must be authenticated. Rundatumctl loginfirst. - A model API key for the Anthropic Console, OpenAI, or Google Gemini.
Quick start
Asking questions
One-shot questions
Pass your question as an argument to get a single answer and return to your shell:When input is piped in (no terminal attached), the assistant answers questions
but will not perform any write — mutating actions are skipped because they
can’t be confirmed. See The confirmation gate.
Interactive session
Rundatumctl ai with no question to start an interactive REPL. The assistant
keeps conversation context, so you can ask follow-up questions that build on
earlier answers:
> prompt, type your next question. Type exit or quit (or press
Enter on an empty line) to leave the session.
Choosing scope
The assistant needs to know which control plane to operate against. You can set scope three ways, from most to least specific:- Per-invocation flags
- Active datumctl context
- Saved ai defaults
datumctl context → saved ai config defaults. Because the active
context wins over saved ai defaults, switching with datumctl ctx use is
respected without having to clear your ai config values. This mirrors how every
other command resolves scope.
A few rules:
--organizationand--projectare mutually exclusive — set one, not both.--namespacesets the default namespace for the session (defaults todefault).--platform-widetargets the platform root instead of a single org or project. This is a staff-only mode and can’t be combined with--organizationor--project.
The confirmation gate
Reads and writes are treated very differently:- Read operations run immediately. Listing, getting, and describing resources happen without a prompt.
- Write operations always pause for confirmation. Before creating, updating, or deleting anything, the assistant prints a preview of the exact action and asks you to approve it.
y proceeds; anything else declines.
Built-in tools
Behind the scenes the assistant works through a fixed set of tools scoped to the current organization or project. Read tools run on their own; the two write tools are gated by the confirmation prompt above.| Tool | What it does | Gated? |
|---|---|---|
list_resource_types | Lists the Datum Cloud resource types available in the current context | No |
get_resource_schema | Returns the schema for a resource type so the assistant knows its fields | No |
list_resources | Lists resources of a given type | No |
get_resource | Retrieves a single resource by kind and name | No |
validate_manifest | Validates a manifest with a server-side dry run, without persisting changes | No |
apply_manifest | Creates or updates a resource by applying a manifest (upsert) | Yes |
delete_resource | Deletes a resource by kind and name | Yes |
change_context | Switches the active organization, project, or namespace for the session | No |
Before proposing a write, the assistant can run
validate_manifest to check
your change with a server-side dry run — the same safety net as
datumctl apply --dry-run=server — so you see problems before you approve
anything.Configuration
Saved settings provide defaults for everydatumctl ai invocation, so you don’t
have to repeat flags or export environment variables. Manage them with
datumctl ai config:
Configuration keys
| Key | Purpose |
|---|---|
organization | Default organization ID (overridden by --organization) |
project | Default project ID (overridden by --project) |
namespace | Default namespace (defaults to default) |
provider | LLM provider: anthropic, openai, or gemini |
model | Model override, e.g. claude-sonnet-4-6, gpt-4o, gemini-2.0-flash |
max_iterations | Agentic loop iteration cap (default 20) |
anthropic_api_key | Anthropic API key |
openai_api_key | OpenAI API key |
gemini_api_key | Gemini API key |
datumctl ai config show to print the resolved config path along with your
current values; API keys are shown redacted.
Precedence and environment variables
- Flags always win over config file values for a single invocation.
-
API keys can also come from environment variables, which override any key
stored in the config file:
Choosing a provider and model
You don’t have to set aprovider explicitly — the assistant selects one using
this order:
- Model name prefix.
claude-*→ Anthropic,gpt-*/o1*/o3*→ OpenAI,gemini-*→ Gemini. - An explicit
providersetting, if you set one. - Whichever API key is available (environment variable first, then config file).
--model, or save one as a default:
claude-sonnet-4-6 for Anthropic, gpt-4o for OpenAI, and gemini-2.0-flash
for Gemini.
Next steps
- Logging in — authenticate
datumctlbefore your first question. - MCP server — prefer a graphical AI client? Connect Claude Desktop, Cursor, or another MCP-aware app to the Datum MCP server.
- Datum MCP — install the standalone MCP server and get its full tool catalog.
- Contexts & scoping — how scope resolution decides which organization or project the assistant operates against.
- Reading resources — the
getanddescribecommands the assistant runs on your behalf. - datumctl overview — new to the CLI? See how
datumctlis structured.