/revivifyHow Revivify works
Revivify performs a correct rolling restart of a Kubernetes Deployment you own. You cast it from Slack or a terminal as /revivify followed by a service name, and an operator running inside your own cluster resolves the name to a workload you have been granted, then makes exactly one API call: a PATCH that stamps a restart annotation on the Deployment's pod template. Kubernetes does the rest, replacing pods one at a time under your existing rollingUpdate strategy and readiness probes, and the operator watches the rollout and reports. The service account behind it holds patch on Deployments in your namespaces and nothing else. It holds no delete verb, so a restart can never degrade into killing pods, and you are never issued cluster credentials or a shell.
Spellbook is pre-launch. This page describes how Revivify works, not a product you can install today. The transcript figures are from the demo on this site and are labeled where they appear.
How it works
It runs in your cluster, not ours
The Spellbook operator is a Deployment you run in your own cluster, in its own namespace, holding the Kubernetes service accounts the spells act under. Nothing about your cluster is sent anywhere: the operator is the only thing that talks to your API server, and it never leaves.
It holds an outbound connection to Slack (Socket Mode) rather than an inbound endpoint, so no part of Spellbook needs to be reachable from the internet: no ingress, no public URL, no inbound firewall rule. The terminal client reaches the operator over your own network.
The name is resolved before anything is touched
"checkout" is what a person says; checkout-api in namespace storefront is what exists. Revivify resolves one to the other against your ownership map (a file in your repo, or a label on the workload) and checks that the spell has been granted to you for that workload. Both happen before a single Kubernetes API call is made.
If the name is ambiguous, it asks instead of guessing. If the workload belongs to another team, it refuses and names them, because the interesting failure here is not "permission denied", it is restarting the wrong thing confidently.
It makes exactly one call, and Kubernetes does the restart
The action is a single PATCH to the Deployment that sets a restart annotation on the pod template (spec.template.metadata.annotations). Changing the pod template is what makes it a rollout: the Deployment controller creates a new ReplicaSet and replaces the pods under the strategy you already configured, honouring maxSurge, maxUnavailable, your readiness probes and terminationGracePeriodSeconds. This is the same mechanism kubectl rollout restart uses.
Spellbook does not invent a restart. It asks Kubernetes for the one it already has, so a non-expert gets a correct one. No pod is deleted, and no pod could be: the grant behind Revivify contains patch on deployments and nothing else. There is no delete verb anywhere in it, so the crude version of a restart, killing pods and hoping the controller notices, is not available even to a bug in our code.
It watches the rollout, and it does not improvise
After the patch, the operator watches the Deployment's status until every replica is Ready or until the Deployment's own progressDeadlineSeconds expires, then reports which of those happened. It does not roll back for you: a rollback changes what is running, which is a different action with a different blast radius, and it is not this spell.
How long a restart takes is decided by your cluster, not by us: it is the readiness probe plus the grace period, multiplied by however many batches your strategy allows. The demo on this site shows a three-pod deployment coming back in 41 seconds, which is a demo figure, not a measurement from your cluster.
It knows who is asking
Identity comes from Slack or from your SSO in the terminal. The operator maps it to your grants and mints a token for the single cast, valid for minutes. There is no long-lived credential to leak, and offboarding someone is removing a grant rather than rotating a cluster secret.
An AI agent is enrolled the same way: its own identity, its own grants. You can give an agent /revivify on the two services it operates and nothing else. It then holds the ability to restart those two services correctly, and no ability at all to touch anything else, because the permission was never issued.
Setting it up
Setup is done once, by whoever already administers the cluster, and it is the only moment cluster access appears anywhere in this story. Everybody who casts a spell afterwards holds none. The steps below are how the design works; nothing here installs today.
Install the operator, once per cluster
The same operator serves every spell: you install it once, not once per spell. It runs in its own namespace and exposes nothing: no Service, no Ingress, no public endpoint, because it dials out rather than being called in.
shellhelm repo add spellbook https://charts.spellbook.dev helm install spellbook spellbook/operator \ --namespace spellbook --create-namespaceSay what your team owns
This is the file that decides what "checkout" means. Restarting the wrong service is a more interesting failure than being denied permission, and the ownership map is what makes it impossible: a name that matches two workloads is refused, not guessed.
spellbook.yamlteams: - name: storefront members: - ana@northwind.example - sam@northwind.example owns: - deployments.apps/checkout-api in storefront - deployments.apps/cart-api in storefrontGrant the spell
The grant reconciles into an ordinary Kubernetes Role holding one verb. Read the rule it produces: there is no delete in it, so a restart cannot become a deletion even if our code tries. The API server would reject it.
spellbook.yamlgrants: - team: storefront spells: [revivify] # becomes, in namespace storefront: # rules: # - apiGroups: ["apps"] # resources: [deployments] # verbs: [patch] # # One verb. No delete, no create, no exec, no scale.Connect Slack, outbound
Socket Mode holds a connection from your cluster out to Slack, so Slack never calls you. There is no callback URL to expose and no inbound firewall rule to open. The thing that can restart your production service is not reachable from the internet at all.
shellkubectl create secret generic spellbook-slack \ --namespace spellbook \ --from-literal=app-token=xapp-… \ --from-literal=bot-token=xoxb-…Cast it
One PATCH, and Kubernetes performs the rolling restart it already knows how to perform. Ana holds no kubeconfig, and the audit record naming her is written before the call is made.
slack/revivify checkout-api
This is the design, not an install guide: the chart, the file format and the flags do not exist yet. It is written out this far because a mechanism you can argue with is worth more than a promise you cannot.
What it never receives
The list a security review asks for, on the page rather than in a PDF behind a form.
- No kubeconfig and no cluster credential. The operator's service account never leaves the cluster, and you are never issued one.
- No shell. Revivify's grant contains no exec, attach, port-forward or ephemeral-container permission, so there is no path from a cast to a prompt inside a pod.
- No delete verb, anywhere. It cannot delete a pod, a ReplicaSet, or a Deployment, so a restart cannot turn into a deletion.
- No Secrets, no ConfigMaps, no environment. Revivify restarts a workload; it does not read or change what that workload is.
- No long-lived token. You authenticate as yourself; the token behind a single cast expires in minutes.
- No cloud credentials. Nothing in Spellbook holds an IAM role, a cloud access key, or a CI token.
What it refuses to do
A permission that was never issued cannot be misused, by a person, by a compromised account, or by an agent.
- /revivify payments-db
- You do not own it. The reply names the team that does and how to ask them. There is no override flag and no confirmation dialog, because a confirmation dialog is a permission you are holding.
- kubectl rollout restart deploy/checkout-api
- You do not have kubectl. Not revoked: never issued. The spell is the only path, so the version of this action that can be aimed at the wrong namespace does not exist for you.
- Restart a StatefulSet or a DaemonSet
- Not in the grant. Restarting a database replica set is a different blast radius from restarting a stateless API, and it will be a different spell with its own grant before it is a flag on this one.
- Restart while a rollout is in progress
- Refused. It names who started the rollout and when. Stacking restarts is how a slow deploy becomes an outage.
- Scale it, change its image, edit its env
- Not this spell, and not this grant. One spell is one verb on one kind of resource. There is no generic escape hatch: no apply-this-manifest, no run-this-command.
- Explain what broke
- Revivify restores; it does not diagnose. If you restart before you know the cause, it says so in the output, and the audit record shows that no diagnosis preceded the restart.
The audit record
A restart is a write to production. Every cast leaves a record naming the person, the grant it acted under, the exact API call made, and what the cluster did next.
cast cst_9f31c0b4
spell /revivify checkout-api
actor ana@northwind.example (slack:U03QK4T2P · sso:okta|00u1a4h2)
surface slack #checkout-oncall
at 2026-07-13T14:33:07Z
grant revivify → deployments.apps [patch] in ns storefront
target deployments.apps/checkout-api ns storefront uid 9c2a8f1e
call PATCH deployments.apps/checkout-api
spec.template.metadata.annotations[spellbook.dev/restartedAt]
= 2026-07-13T14:33:07Z
rollout revision 18 → 19 · rollingUpdate maxSurge 1 maxUnavailable 0
result ok · 3/3 replicas Ready · 41.2s · 0 requests dropped
priors /scry checkout at 14:31:52Z (cst_4a7d21c0), diagnosed first
also event SpellCast on checkout-api · slack thread permalinkWhere a record lands
- The operator's stdout, as structured JSON, so whatever log pipeline you already run picks it up with no new integration.
- A Kubernetes Event on the target workload, so kubectl describe deployment checkout-api shows the restart and the human who asked for it.
- The Slack thread itself, which is the version a person can actually read six weeks later.
- Your API server's own audit log records the operator's PATCH independently. The cast id is annotated on it, so the two accounts can be joined and compared.
Failure modes
What happens when it cannot do the thing.
- The new pods never become Ready
- The rollout stalls, progressDeadlineSeconds expires, and Revivify reports that it stalled and at what replica count. It does not roll back on your behalf. Under a default rolling strategy the workload sits at reduced capacity until you act, and the report says so plainly rather than reporting success.
- The service does not exist, or two things match the name
- It refuses and lists the candidates. It never picks one for you, because picking the wrong one is the exact failure this spell exists to make impossible.
- The grant is missing or misconfigured
- The cast fails before the API call and names the exact verb and resource that is missing, so whoever administers the cluster can fix it in one line instead of bisecting an RBAC error.
- Slack drops mid-cast
- The PATCH either landed or it did not; there is no partial state to reconcile, because the restart is one call. The operator reports into the thread when it reconnects, and the audit record is written in-cluster whether or not Slack is reachable.
- The restart does not fix it
- It says the pods came back and the symptom did not clear, and it points you at /scry. A restart that appears to work and quietly leaves the cause in place is the worst outcome available, so the spell is loud about it.
Questions
How do I restart a Kubernetes deployment without kubectl access?
Cast /revivify followed by the service name, from Slack or your terminal. A Spellbook operator running inside your cluster resolves the name to a Deployment you have been granted and makes one API call: a PATCH that stamps a restart annotation on the pod template. Kubernetes then performs a normal rolling restart, replacing pods under your existing rollingUpdate strategy and readiness probes. You never hold a kubeconfig, a cluster credential, or a shell, and the operator's own service account holds patch on Deployments and no delete verb at all.
Can I give an AI agent permission to restart a service?
Yes, and without giving it a credential. An agent is enrolled like a person: its own identity, its own grants. Granting it /revivify on the two services it operates gives it the ability to restart exactly those two services, correctly, and no ability to touch anything else. It never receives a kubeconfig, a shell, or a cloud key, so the dangerous actions are not restricted to the agent, they are unavailable to it. The reliable way to stop an agent from deleting a namespace is to never issue the permission to delete one.
What does Revivify actually do to my cluster?
Exactly one thing: a PATCH to the Deployment that sets a restart annotation on spec.template.metadata.annotations. That is the same mechanism kubectl rollout restart uses. Changing the pod template makes the Deployment controller create a new ReplicaSet and replace pods under the strategy already configured on the workload. Spellbook does not delete pods, does not scale, does not edit the image or the environment, and does not roll back.
Can Revivify restart the wrong service?
The name is resolved against your ownership map and checked against your grants before any Kubernetes API call is made, and the operator's RBAC role is scoped to the namespaces your team owns, so a workload outside them is rejected by the API server regardless of what our code does. Ambiguous names are refused rather than guessed. The blast radius of a cast is one Deployment you were already permitted to restart.
Is it a rolling restart or a hard restart?
A rolling restart, performed by Kubernetes itself. Pods are replaced according to the Deployment's rollingUpdate strategy and its readiness probes, so a workload with headroom keeps serving throughout. Revivify holds no delete permission, so the hard version, killing pods and letting the controller notice, is not something it can do.
What happens if the restart does not bring the service back?
The operator watches the rollout until every replica is Ready or the Deployment's progressDeadlineSeconds expires. If it stalls, Revivify reports that it stalled and at what replica count, and does not roll back on your behalf. If the pods come back but the symptom persists, it says so and points at /scry, because a restart that hides a cause is worse than a restart that fails.
The machine-readable version of this page is at /spells/revivify.md. It is generated from the same source, so it says the same thing.
Run this in your own cluster.
Spellbook is not open yet. Leave an address and we will come to you first.