Autopilot — Enterprise DevOps/SRE Automation

How Autopilot works

1) Connect (read-only)

• Connect GitHub/GitLab, CI, Kubernetes, and metrics with scoped tokens
• Ingest change events and production signals with no writes enabled

2) Observe (DRY_RUN)

• Generate proposed PRs every 15 minutes under your policies (no apply)
• Surface impact previews, receipts, and dashboards

3) Approve (policy-gated)

• CODEOWNERS + path/policy allowlists + explicit approvals
• Security checks: secret scanning, drift detection, change windows

4) Apply or Rollback (canary)

• Rate-limited canary applies with automatic rollback on SLO breach
• Every action is signed with audit receipts (who/what/why/when)

2) Biggest gap (DevOps/SRE)

Current state

• Manual PR reviews, infra drift, noisy CI flakes
• Cautious deploy cadence, slow incident response
• Inconsistent rollback practices

Autopilot interventions

• Policy checks (CODEOWNERS, path/policy allowlists, secret scanning)
• Sim/sandbox (SANDBOX_VERIFY=1) + PR artifacts every 15 min
• Canary apply with rate caps + auto-rollback + signed receipts
• Snapshots/rollback drills + audit trails (who/what/why/when)

Quantified deltas (30–60 days)

• Deploy frequency: 2–3×
• MTTR: ↓ 30–60%
• Change fail rate: ↓ to 5–10% (with instant rollback)
• Toil time saved: 8–12 hrs/eng/month
• Incidents with “no‑rollback‑needed”: ↑ 20–30%

3) ICP + buyer map

ICP: 200–2,000 engineers; Kubernetes + GitHub/GitLab; ArgoCD/Flux/Spinnaker; Terraform; SOC 2/ISO 27001; SSO (Okta/AAD).

Data sources: Git provider, CI logs, metrics (Prometheus/Grafana/Datadog), K8s API (read + canary write in a constrained namespace), change mgmt (Jira/ServiceNow optional).

Buyers: Economic (CTO/VP Eng/COO); Technical (Head of SRE/Platform, DevX/Infra); Security (CISO/AppSec/Trust).

Disqualifiers: No CI; no canary env; forbids any write even in staged namespaces; monolithic legacy with no automation hooks.

4) Value by role

CTO / VP Engineering

• Ship faster with guardrails: 2–3× deploys without raising CFR
• Proof in 30 days; expand by team, service, or platform-wide
• Executive dashboards with before/after ROI

Head of SRE / Platform

• Reduce toil with policy-driven automation and receipts
• Safer changes: DRY_RUN → canary → auto-rollback
• Integrates with your Git/CI/K8s, no vendor lock-in

Security / CISO / Trust

• Read-only by default; least-privilege writes in canary namespaces
• SSO, audit trails, and explicit approvals for every apply
• SOC 2/ISO posture; data stays scoped with encryption

Pilot offer (fixed fee, 30 days)

• Scope: 2 repos + 1 service (prod canary), 1 infra module (staging→prod); DRY_RUN → canary under approvals
• Success criteria: Deploy freq 2×; MTTR −30%; CFR ≤10%; ≥10 approved Autopilot PRs; ≥1 rollback drill pass
• Price: $50k fixed (includes integration, policy authoring, dashboards, training)
• We provide: Integration, policy packs, PR/canary bots, dashboards, audit bundle
• They provide: Limited tokens/creds, read‑only Git/CI, canary namespace writes, CODEOWNERS
• Expansion path: per‑team seats + per‑apply pricing or platform annual

5) Onboarding runbook (4 weeks)

Week 0 (prep): SSO/JWKS, service accounts, CODEOWNERS, pick 2 repos + 1 service, define change policies.

Week 1: Connect Git/CI/K8s (read), install WS metrics, set DRY_RUN=1, SANDBOX_VERIFY=1; Author policies; begin DRY_RUN PRs; dashboards live; rollback drill (staging).

Week 2: Approve 2–3 PRs to canary; verify rollback receipts; tune policies; raise apply cadence.

Week 3: Add infra module (Terraform); run canary plan/apply with auto‑rollback; incident simulation.

Week 4: Expand to second service; increase cadence; executive readout; sign‑off on DORA + CFR; agree expansion.

Definition of Ready: SSO/JWKS; canary namespace/SA; CODEOWNERS; metrics feed; secrets scanning policy.

Definition of Done: DORA deltas met; ≥10 approved PRs; ≥1 rollback drill pass; stakeholder sign‑off; expansion plan.

6) Safety & compliance posture

• Guardrails: DRY_RUN=1 baseline; SANDBOX_VERIFY=1; CANARY_APPLY_RATE high (rare applies); REQUIRE_APPROVAL=1; kill switch; audit log retention ≥90 days.
• Data handling: scoped tokens; no PII exfil; encrypt at rest/in transit; read‑only by default; write only in canary namespaces; all changes signed and attributable.
• Security review: SSO/JWKS, least‑privilege SAs, policy allowlists, secure secret management, network egress controls, audit reports.

7) Metrics & proof pack

• Dashboards: DORA (deploy freq, lead time, MTTR, CFR), Autopilot (PRs generated/approved/applied/rollbacks, TTA), Reliability (error budget burn, SLOs, incident volume).
• Study design: 2‑week pre baseline vs 4‑week pilot; same services; canary gates consistent.
• Case study template: customer, stack, scope; before→after metrics; controls; notable PRs; incident saved; ROI in 60 days; next steps.

FAQ

Does Autopilot write to production?

No. Default is read‑only DRY_RUN. Canary writes only after explicit approvals and under rate limits, with automatic rollback.

Where does it run?

Run in your cloud (preferred) or Featherweight‑managed. All creds are scoped and encrypted.

How fast to value?

Connect in days; proof in weeks. 30‑day fixed‑fee pilot with explicit DORA goals.

What integrations are required?

Git provider and CI are sufficient to start. Kubernetes and metrics unlock canary + rollback receipts.

How is security handled?

SSO/JWKS, least‑privilege SAs, policy allowlists, secret scanning, audit retention ≥90 days.

Pricing?

30‑day pilot at $50k fixed (integration, policy, dashboards, training). Expansion by team/service or platform annual.