AI that knows your platform,
not your secrets.
Sciple’s AI assistant knows every feature in the platform and how the integrations wire together. It uses that knowledge plus resource metadata to help engineers solve problems quickly and keep the platform aligned with compliance. It never reads credential values, secret configuration, or your data plane.
The boundary
What the AI sees. What it does not.
We are explicit about this because it matters. The assistant operates on the platform’s structural knowledge and resource metadata. The secret values your team stores in AWS Secrets Manager stay there.
What the assistant sees
- The platform’s feature catalogue and integration topology
- Service metadata: name, kind, runtime, tier, owner group, SCM repo, links, environments
- Cloud resource metadata across every connected AWS service family
- Kubernetes manifests and recent events
- Credential metadata: kind, provider type, expiry, last rotation, references
- Configuration scope and override structure, without secret values
- Audit events and group membership
What the assistant cannot see
- Credential values: passwords, tokens, SSH keys, certificates, OAuth secrets
- Secret configuration values backed by AWS Secrets Manager
- Anything you have classified as a secret
- Your application data and request payloads
- Anything in your data plane outside the cloud resource cache
By design, the tool surface that the assistant can call simply does not include endpoints that return secret values.
How it works
Grounded answers, not free-form guesses.
The assistant only acts through the same actions that are available in the dashboard. Your workspace boundary and your permissions apply to it exactly the way they apply to a human user. The result is fast, accurate answers that you can trust.
1. You ask
Type a question in chat or click the Explain button on any resource. No prompt engineering, no special syntax.
2. It looks things up
The assistant runs real platform actions to gather the metadata it needs. It does not make up resources, services, or AWS state.
3. You get the answer
A plain-English explanation with the relevant resource names, owners, and links straight to the page where you can act on it.
Capability 01
Platform navigator
The assistant knows every feature in Sciple and how the integrations wire together. Ask "how do I add a new SCM provider?" or "where do I configure environment promotion?" and it routes you to the right page with the right steps. No more digging through tabs.
Examples
- “How do I onboard a new AWS account for read-only cloud browsing?”
- “Where do I update branch protection visibility for a service?”
- “How do I override a configuration value for one service in one environment?”
- “How does environment promotion work in the CI/CD wrapper?”
Capability 02
Natural language cloud query
Ask a question in plain English about your AWS resources and get an answer. The assistant only reads resource metadata that is already in the dashboard, with full workspace isolation. It does not touch your data plane and does not access anything secret.
Examples
- “Show me all EC2 instances in us-east-1 with state=stopped that haven’t synced in 3 days.”
- “Which Lambda functions have memory over 1 GB and fewer than 100 invocations this week?”
- “List all IAM roles with no attached policies.”
Capability 03
Service scorecard with narrative
Every service gets a score plus a written explanation of each gap, with a remediation link that points to the exact page in the platform where the gap can be fixed. The scorecard operates on service metadata: owner, links, branch protection, expiry timelines. Not on application code or runtime data.
Examples
- Has an owner group
- Has docs, runbook, and on-call links
- Branch protection active on the default branch
- Configuration values correctly marked as secret where needed
- No referenced credentials expiring within 14 days
- Active development on the default branch
Capability 04
Cloud anomaly detection
After every cloud sync, an AI pass runs over the newly cached resource metadata and surfaces findings in a dashboard panel. Each finding is grounded in a specific table. Helps keep the platform aligned with security and cost hygiene.
Examples
- Security groups open to 0.0.0.0/0 on port 22 or 3389
- Unattached EBS volumes you are paying for
- EC2 instances sustaining under 5% CPU (rightsizing candidates)
- Lambda functions with high memory and low invocation count
- EIPs not associated with any instance
- ECR repositories with no images pushed
- Tier-1 RDS instances without Multi-AZ
Capability 05
Kubernetes resource explainer
When a pod or deployment is in an error state, an Explain button fetches the manifest and recent events and returns a plain-English diagnosis with remediation steps. It also explains CRDs without needing the user to read upstream docs.
Examples
- OOMKilled with the actual memory ceiling
- ImagePullBackOff with the registry and image path
- CrashLoopBackOff with the failing command
- Liveness probe failures with the probe definition
Capability 06
Compliance and hygiene guide
The assistant knows what a credential rotation looks like for each provider, what a complete service record looks like, what a tight branch protection rule looks like, and what RBAC overreach looks like. It walks you through the work using the platform’s features. You do the rotation. The assistant never sees the secret.
Examples
- Step-by-step rotation guide for a GitLab PAT used by three SCM providers
- Ranked list of credentials approaching expiry, sorted by blast radius
- Tier-1 services missing required documentation links
- Groups with overly broad permission sets relative to their users
Why it does not hallucinate
It is grounded in your workspace’s metadata.
Every answer comes from a real platform action, run with the same workspace boundary the UI uses. If the data is not there, the assistant says so. If your AWS account has not synced, cloud queries say so plainly rather than making up an answer.
The set of actions the assistant can take is curated. Anything that would return a secret value is intentionally excluded from the assistant’s reach, so a clever prompt cannot trick it into surfacing one.
What grounding looks like in practice
Ask "are any tier-1 services missing a runbook?" The assistant looks up the tier-1 services in the catalog, filters for those without a runbook link, and reports the result with the service names and owners. It tells you exactly where in the catalog to fix each one.
Ask "what does this credential unlock?" and you get the kind, the provider, the expiry, and the integrations that reference it. The value itself is never returned, and there is no action the assistant can take that would return it.