Skip to content

Add documentation for using AI to create controls in Powerpipe mods #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jun 25, 2025
Merged

Add documentation for using AI to create controls in Powerpipe mods #67

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
645be58
Add documentation for using AI to create controls in Powerpipe mods
misraved Jun 12, 2025
a378c4b
Add 'Developers' category to sidebar with AI usage documentation link
misraved Jun 12, 2025
a120101
Remove link to 'Developers' overview in sidebar.json
misraved Jun 13, 2025
b608ff3
Refactor AI documentation for Powerpipe controls
misraved Jun 13, 2025
6c8c62a
Remove the Best practices and common pitfalls section
misraved Jun 13, 2025
618f9a4
Refactor the doc
misraved Jun 16, 2025
989cdbc
Refactor AI usage documentation for clarity and conciseness
misraved Jun 18, 2025
3b9a57c
Refactor prompts
misraved Jun 19, 2025
0120b34
Refactor doc
misraved Jun 20, 2025
3b91f5e
Update sidebar to include new 'Developers' documentation on using AI …
misraved Jun 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 101 additions & 0 deletions docs/develop/using-ai.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
---
title: Using AI for Control Development
sidebar_label: Using AI for Control Development
---

# Using AI for Control Development

Creating new benchmarks, dashboards, and controls for Powerpipe mods with AI tools and IDEs works remarkably well. At Turbot, we develop these components frequently and use AI for almost every new implementation. The key is working within existing mod repositories - this gives AI tools access to established patterns and conventions to generate consistent, high-quality results.

If you're looking to use AI to run Powerpipe controls rather than develop new ones, you can use the [Powerpipe MCP server](../run/mcp), which provides powerful tools for AI agents to inspect and run controls, benchmarks, and queries.

## Getting Started

While AI often works well with simple requests like "Create a control for [requirement]", here are some prompts we use at Turbot that you may find helpful as starting points.

### Prerequisites

1. Open the mod repository in your IDE (Cursor, VS Code, Windsurf, etc.) to give AI tools access to all existing code and documentation.
2. Ensure you have Powerpipe installed with all necessary plugins configured.
3. Set up access to create test resources in the provider.
4. Configure the [Powerpipe MCP server](https://github.com/turbot/powerpipe-mcp) which allows the agent to run controls.

### Create Control

First, create the new control using existing controls and docs as reference.

#### Prompt

```md
Your goal is to create a new Powerpipe control for <service> <resource type> and <check condition>.
Copy link
Contributor

@cbruno10 cbruno10 Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Your goal is to create a new Powerpipe control for <service> <resource type> and <check condition>.
Your goal is to create a new Powerpipe control for <resource type> to check for <condition>.

Copy link
Contributor

@cbruno10 cbruno10 Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make the same changes in other prompts as well


1. Review existing benchmarks and controls and their documentation in the mod to understand the established patterns, naming conventions, and query structure.

2. Create the control and add it to any benchmark with similar controls in it.

```

### Run Control

Next, verify your control is properly configured and can be executed without errors.

#### Prompt

```md
Your goal is to verify the <service> <resource type> control compiles and runs correctly.

1. Check the Steampipe service status with `steampipe service status`. Start it with `steampipe service start` if not running, or restart it with `steampipe service restart` if already running.

2. Test if the Powerpipe MCP server is available by running the `powerpipe_mod_location` tool.

3. If the MCP server is available, use it to verify the control exists and can be run successfully.
- When passing in the control name, do not add a qualifier, just pass the control name

4. If the MCP server is not available, verify the control exists with `powerpipe control list` and can be run with `powerpipe control run <control_name>`.
```

### Create Test Resources

To test the control's functionality, you'll need resources to query. You can either use existing resources or create new test resources with appropriate properties.

#### Prompt

To test the control's functionality, you'll need resources that will trigger both passing and failing results.

```md
Your goal is to create test resources for validation.
Copy link
Contributor

@cbruno10 cbruno10 Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a bit longer, please see the prompt in the Steampipe doc as an example


1. Create resources using provider's CLI, Terraform, or API.
- Use the most cost-effective configuration. If the estimated cost is high, e.g., $50, warn about the expense rather than proceeding.

2. Verify that all resources were created successfully using the same tool or method used for creation.
```

### Validate Results

Next, run the control to verify it correctly identifies the test resources.

#### Prompt

```md
Your goal is to verify the control correctly identifies compliant and non-compliant resources.

1. Run the control using the MCP server or `powerpipe control run <control_name>`.

2. Verify the control returns expected results.

```

### Cleanup Test Resources

After testing is completed, remove any resources created for testing.

#### Prompt

```md
Your goal is to remove all test resources created for this control.

1. Delete all test resources using the same tool used to create them (CLI, Terraform, API).

2. Run the control again to verify no resources are returned.
```
8 changes: 8 additions & 0 deletions docs/sidebar.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,14 @@
"build/mod-dependencies"
]
},
{
"type": "category",
"id": "develop",
"label": "Developers",
"items": [
"develop/using-ai"
]
},
{
"type": "category",
"id": "powerpipe-hcl",
Expand Down