The ArgoCD Sync Drift Detector skill continuously monitors your GitOps deployments for configuration drift between the desired state in Git and the live state in your Kubernetes clusters. It connects to the ArgoCD server via the ArgoCD REST API (backed by grpc-gateway) to enumerate applications and their sync statuses.

When drift is detected, the skill uses kubectl diff against the target cluster to produce a human-readable comparison of the divergent resources. It categorizes drift into severity levels: critical (security-related changes like RBAC modifications or secret mutations), warning (resource limit changes, replica count modifications), and informational (annotation or label changes).

The skill integrates with the Kubernetes client-go library patterns to authenticate against multiple clusters using kubeconfig contexts or ArgoCD-managed cluster secrets. It can parse Helm values overrides, Kustomize patches, and plain YAML manifests to identify the root cause of drift.

Remediation playbooks are generated automatically, offering options to either force-sync from Git, update Git to match the live state, or create a targeted argocd app sync command with the –prune flag for specific resources.