Introducing Read-Only Mode for Pulumi Neo

Neo's read-only mode in Pulumi Cloud allows platform engineers to have the tool analyze infrastructure and suggest changes without directly applying them, maintaining a secure boundary by restricting Neo's permissions during task creation. This mode enables Neo to perform tasks such as reading infrastructure, running previews, refactoring code, and generating pull requests, but it cannot deploy, update, or destroy resources. Engineers can choose between full access and read-only permissions, with the latter ensuring that operations requiring write access fail and are reported. Read-only mode pairs effectively with auto-approve, allowing Neo to operate autonomously and produce pull requests without making production changes. Available to all Pulumi Cloud users, this feature encourages a seamless workflow by providing insights and suggested changes while ensuring oversight and control over infrastructure alterations.