Finds it. Fixes it. Every time.

Catch Kubernetes failures before they hit production.

Most tools tell you what's wrong. Yamlr heals it.

Finds and fixes every class of Kubernetes manifest problem — in your terminal, CI pipeline, or pre-commit hook — before anything reaches the cluster.

Install now — it's freeTry the sandbox
Built for every team that ships to Kubernetesv0.1.0 · Public BetaLocal-First Audit • Anonymous Usage Signals
CLI Demo

Scan. Diff. Heal.

See exactly what Yamlr detects and fixes — directly in your terminal.

1
Engine Monitoring
v0.1.0-sovereign

Analysis & Repair Pipeline

Build. Dry-run. Heal.

Step 01

Ingest

Parsing & Discovery

Parse fragmented manifests and reconstruct resource identities — even in malformed YAML.

Step 02

Contextualize

Graph Construction

Maps cross-resource relationships — Services to Deployments, ConfigMaps to Pods — into a single structural graph to surface orphaned references and broken links.

Step 03

Verify

Schema Alignment

Validating structural integrity against the definitive Kubernetes OpenAPI schema for your target cluster version.

Step 04

Heal

Schema-Based Remediation

Applying precise, comment-preserving corrections derived from the Kubernetes OpenAPI specification.

Schema-Grounded Remediation

Probabilistic tools suggest. Deterministic engines enforce.

No heuristics. No probabilistic output. Only structurally valid, version-accurate corrections derived from the Kubernetes OpenAPI specification.

Step 1: Forensic Preview
Step 2: Atomic Apply
Step 3: Engine Verification
Step 1
Step 2
Step 3
Verified Output
Technical Authority

DNA Trust Score.
Mathematical certification.

Forget subjective linting results. Yamlr transforms every manifest audit into a deterministic, high-gravity health score (0-100) — the deterministic benchmark for production readiness and architectural integrity.

Deterministic

Identical inputs always yield the same score. A stable anchor for CI/CD gates.

Audit-Ready

Generate signed "DNA Receipts" to prove manifest compliance across every commit.

DNA Integrity
100/100
FactorImpact
Critical Schema Error
-40
OOM Risk (No Limits)
-10
Unpinned Image Tag
-5
Surgical Repair Bonus
+10.0
Analyzing Clean Manifest
Zero-Risk Surgery

Absolute Safety.
100% Reversible.

Fear of breaking production stops developers from adopting auto-healing tools. Yamlr eliminates this by automatically generating a cryptographic snapshot into `.yamlr/backups` before any file is touched. Audits run 100% locally; only anonymized technical pulses are shared to improve the engine.

1

Automatic Snapshot

Every time you run a heal command, Yamlr quietly backups your precise local state first.

2

Semantic Healing

Yamlr restructures your YAML to match OpenAPI specifications while preserving human comments.

3

Instant Rewind

Don't like the mutations? A single command overwrites the changes with the exact prior state.

$ waiting...
deployment.yaml
System Idle

Engineered for Manifest Integrity

Forensic Manifest Auditing. Zero probabilistic guess-work. Every class of Kubernetes manifest problem — found and fixed.

Free Healing · 5 files/day — Unlimited on Pro
Predictable
Lossless

Atomic Configuration Repair

Repair configuration violations without destroying your YAML structure or comments. Surgical remediations that change only what's wrong — nothing else.

Unpinned image tags → pinned to digest or stable version
Missing resource limits and requests → enforced with safe defaults
Absent securityContext → hardened with non-root, read-only filesystem
Deprecated apiVersions → migrated to supported schema
Empty namespace fields → resolved from context
Structural YAML errors → corrected without comment loss

Structural Integrity

Graph Forensics

Operational Safety

Semantic Schema Verification

Validates every manifest field against official Kubernetes OpenAPI specs — catches typos, wrong types, and missing fields.

Cross-Resource Audit

Detects broken linkages between Services, Deployments, and ConfigMaps in a single structural graph.

OOM Risk Detection

Flags containers missing memory limits before they trigger silent out-of-memory kills.

API Lifecycle Audit

Detects deprecated apiVersions and flags pending schema migrations before you apply manifests.

Port Mismatch Detection

Catches Service targetPort values that don't match any Container port — a silent routing breaker.

Namespace Isolation Guard

Hard enforcement of namespace boundaries and cross-boundary resource reference violations.

DNA Integrity Certification

Generates a deterministic 0-100 metric for manifest health — transforms subjective linting into actionable, audit-ready data.

Engine Certification
Integrations

Works Everywhere You Ship

Run Yamlr in GitHub Actions, pre-commit hooks, or directly in your IDE. Every audit stays private and local to your environment.

Privacy & Security Protocol

"Yamlr audits run 100% locally — your manifests never leave your environment. Only anonymous usage signals (Pulses) are transmitted to certify engine integrity."

Local-FirstAnonymized Pulses
.github/workflows/yamlr.yaml
- name: Yamlr Scan
  uses: yamlr-dev/yamlr-action@v1
  with:
    path: './manifests'
    fail-level: error

Free for individuals. Built for teams.

Full detection and surgical healing for individual engineers — free, forever. Upgrade for CI/CD integration, custom policy enforcement, and unlimited remediations across your entire org.

Individual

$0/ forever
Free

Full detection engine for individual engineers and small projects. No credit card. No expiry.

  • Unlimited scanning & detection
  • Semantic schema verification
  • Cross-resource reference audit
  • API lifecycle & deprecation audit
  • OOM risk & port mismatch detection
  • 5 surgical heals / day
  • Zero cluster access required
  • Local-First Audit • Anonymous signals only
Install CLI — No credit card

Pro

Early Access
Waitlist

For teams that ship to Kubernetes daily. Unlimited healing, CI/CD integration, and org-wide policy enforcement.

  • Unlimited surgical remediations
  • CI/CD pipeline integration (SARIF)
  • Cross-resource auto-remediation
  • Namespace isolation enforcement
  • Automated drift prevention
  • OPA/Rego Policy Support
  • Enterprise compliance vault
  • Priority support & SLA
  • Early access to new detections

No credit card required · Runs locally · Anonymized pulses

Install Yamlr.

Install Yamlr globally or use it within your CI/CD pipelines.

macos Setup

Get the Signed Binary

Automate your installation with our secure shell script, or tap directly into our Homebrew repository.

$ brew tap yamlr/tap && brew install yamlr
Signed Binary
Zero Dependencies