Skip to main content

AI Insights (Beta)

Beta

AI Insights are in beta and disabled by default for every Signadot organization. Behavior and the underlying model may change without notice during the beta. Production-critical workflows should not depend on AI Insights yet.

Overview

AI Insights are optional, AI-powered helpers built into Signadot. They are opt-in per organization and disabled by default, because enabling them sends a subset of your Signadot data to a hosted Large Language Model (LLM).

Currently available:

FeatureWhere you see itWhat it does
Sandbox AnalyzeSandbox detail page (when "Not Ready")Generates a plain-language explanation of why a sandbox isn't ready and what to investigate next.

Each feature has its own switch, gated behind a single master switch for AI Insights as a whole. More features will be added under the same controls as the beta progresses.

What is sent

Data is only sent when you explicitly invoke an action (for example, clicking Analyze Sandbox). For that action, the following is gathered and sent to the LLM:

  • The sandbox spec: name, cluster, and the workloads it forks or runs locally.
  • The sandbox's current status and the reason it is not ready.
  • Status of the forked workloads and their pods: replica counts, container states, recent restart counts, and the most recent Kubernetes events for them.
  • Routing health for the sandbox's services: which mesh is in use (Istio, Gateway API), and per-service readiness with any error messages from routing controllers.
  • Recent ERROR log lines from the Signadot operator in your cluster, scoped to this sandbox. These are the operator's own diagnostic logs; your application's logs are never read.
  • Background on Signadot concepts, so the model can reason about your sandbox.

What is never sent

The following are never sent:

  • Your application's traffic, request bodies, response bodies, or HTTP headers (other than Signadot's own routing headers, which are used for transport only).
  • Sandbox secrets, environment variable values, or files mounted into pods.
  • Your application's logs. Signadot does not read your workload pods' log streams for this feature.
  • Data from other organizations.

Where data is processed

When you invoke an AI Insights action, the request is sent to a hosted LLM service operated by Signadot, which uses a third-party model provider to generate the response. Data is processed in transit and used only to generate the response for that request; it is not retained for model training by the upstream provider under their standard API terms. Specific provider details are available on request from your Signadot account team during the beta.

How it's controlled

AI Insights are controlled at the organization level by an org admin in Admin → Settings → General, under the AI Insights card. There are two switches:

  1. The master switch on the AI Insights card. This gates AI Insights as a whole.
  2. A per-feature switch (for example, Sandbox Analyze).

A feature is active only when both the master switch and its own switch are on. The per-feature switches can only be changed while the master switch is on. Turning the master switch off preserves your per-feature choices, so turning it back on restores them.

Both kinds of switch take effect immediately and are recorded in your organization's audit log.

On the sandbox detail page

When Sandbox Analyze is enabled, the Status card on a not-ready sandbox shows an Analyze Sandbox button in its header. Clicking it generates an explanation and renders it inline in the card.

When Sandbox Analyze is off, the Analyze Sandbox button is shown but disabled, with a tooltip explaining how an admin can enable it under Admin → Settings. Nothing is sent anywhere while the feature is off, and the underlying endpoint returns 403 Forbidden.

FAQ

Does enabling AI Insights cost anything? During the beta, AI Insights are included with your existing Signadot plan at no additional charge. Pricing for general availability will be announced separately.

Can I limit AI Insights to specific users? Not in the beta. The switches are org-wide. Role-based limits will be considered for GA based on customer feedback.

Can I keep AI Insights off forever? Yes. The master switch defaults to off and never auto-enables. Signadot will not call the LLM service on your behalf without the switch being on.

Will this affect existing API integrations? Only if your integration calls the AI-gated endpoints. Existing integrations that don't reach those endpoints are unaffected.

Where can I see when AI Insights were toggled? Switch changes appear in the audit log with event type update-settings. The master switch uses settingType: "ai-enabled", and Sandbox Analyze uses settingType: "ai-sandbox-explain-enabled".