--- title: "Service Agents" description: "Autonomous AI agents deployed inside your Kubernetes clusters for continuous policy violation detection and GitOps-friendly remediation." diataxis: explanation applies_to: product: "nirmata-ai-agents" audience: ["platform-engineer"] last_updated: 2026-04-16 url: https://docs.nirmata.io/docs/ai/service-agents/ --- Service Agents are autonomous AI agents deployed directly inside your Kubernetes clusters. They run continuously — watching for policy violations, generating AI-powered remediation plans, and creating pull requests in your Git repositories to fix them — without requiring any manual intervention. Unlike [Cloud Agents](/docs/ai/cloud-agents/), which are ephemeral jobs you launch on-demand from Nirmata Control Hub, Service Agents are long-running deployments that operate on a schedule or respond to events in real time. ## The Remediator Agent The primary Service Agent is the **Remediator Agent**. It connects Kyverno's policy enforcement with your GitOps workflow: 1. Kyverno detects a policy violation and writes it to a `ClusterPolicyReport`. 2. The Remediator Agent reads the report and calls an AI model (Nirmata AI, AWS Bedrock, or Azure OpenAI) to generate a compliant fix. 3. The agent opens a pull request in the target Git repository with the proposed change. 4. A human reviews and merges the PR — the agent never bypasses branch protection or pushes directly. ## Use Cases | Scenario | How It Helps | |----------|-------------| | **Continuous compliance** | Fix policy violations within hours rather than days — on a recurring schedule | | **Multi-cluster governance** | Manage hundreds of clusters from a single ArgoCD hub without proportional team growth | | **Shift-left feedback loop** | Developers see auto-generated fix PRs alongside violation alerts — no need to look up how to fix them | | **Audit-ready remediation** | Every fix is a Git commit with a PR — a complete, reviewable audit trail | | **Selective automation** | Configure the agent to only open PRs when it's highly confident, or for all findings | ## How Confidence Works When the AI generates a fix, it assigns a confidence level: | Level | Meaning | |-------|---------| | **High** | The fix is straightforward and the AI is highly confident it is correct and safe | | **Low** | The AI identified a potential fix but recommends human review before merging | You can configure the agent to create PRs only for high-confidence fixes, only for low-confidence (for review), or both. This gives you control over how much automation you want in your workflow. ## GitOps Integration Service Agents are designed to work with your existing GitOps workflow — not replace it: - All changes are proposed as pull requests, not applied directly - PR branch names, titles, and labels are fully configurable - A single PR can cover multiple violations; the [Split PR](/docs/control-hub/agent-hub/service-agents/configuration/#split-pr) feature lets you break it apart for independent review - The agent monitors open PRs for comments, responding to `@nirmatabot` commands ## Deploy and Configure Service Agents are installed via Helm and configured through Kubernetes custom resources. [Get Started with Service Agents →](/docs/control-hub/agent-hub/service-agents/getting-started/)