What Kestrel Does
Workflows
Build workflows with natural language or a drag-and-drop canvas that automate incident response, cloud resource provisioning, CI/CD pipelines, and on-demand developer requests. Chain actions across Kubernetes, AWS, Slack, GitHub, PagerDuty, Datadog, Vercel, and more. Trigger from K8s signals, cloud events, Slack requests, custom webhooks, or any integration — with built-in observability.
Incident Response
AI agents that monitor 24/7 for Kubernetes and cloud incidents. Automatic root cause analysis; YAML, Terraform, and code fix generation, causal PR detection, and postmortem creation — with optional auto-remediation.
Cloud AI Copilot
Ask questions about your infrastructure and applications in plain English. Investigate K8s clusters, cloud resources, metrics, network traffic, costs and more through a chat interface or the Slack
/kestrel command.How It Works
Connect your integrations
Link Kubernetes clusters, cloud accounts, PaaS and deployment platforms, databases, CI/CD pipelines, observability tools, notification channels, code repositories, and knowledge sources from the Kestrel platform. Each integration takes less than two minutes to setup. Once connected, Kestrel automatically starts monitoring for Kubernetes and cloud incidents across both infrastructure and application layers. The Cloud AI Copilot also becomes available immediately — ask any question about your infrastructure through the dashboard chat or the Slack
/kestrel command.Build workflows
Describe what you want in natural language to the Workflow Agent — or drag and drop actions on the canvas, configuring triggers and actions using template variables. Kestrel’s AI assembles and validates the workflow for you.
Integrations
Kestrel connects to your clouds, clusters, PaaS and deployment platforms, AI compute and sandbox providers, databases, CI/CD pipelines, IaC platforms, observability tools, notification channels, and knowledge sources.Clouds & Infrastructure
| Integration | Purpose |
|---|---|
| Kubernetes | Cluster monitoring, incident detection, resource inventory. Workflows: trigger on pod crashes, node failures, rollout issues; actions include RCA, fix generation, manifest creation, kubectl investigations |
| Karpenter | Node autoscaling. Workflows: trigger on provisioning failures, node interruptions, NodePool limit exhaustion; actions include scaling NodePool limits, tuning disruption policy, applying NodePools, recycling nodes |
| AWS | Cloud resource inventory, incident detection, VPC Flow Logs. Workflows: trigger on IAM, S3, EC2, RDS, Lambda events; actions include cloud RCA, Terraform/CLI generation, cost queries, anomaly detection, forecasting |
| OCI | Oracle Cloud resource inventory, incident detection, VCN Flow Logs |
| Cloudflare | Edge, DNS, and security automation. Workflows: trigger on security events, health check failures, Worker failures, SSL expiration; actions include DNS records, WAF/firewall rules, cache purges, Worker deploys/rollbacks, load balancer pools, tunnels |
PaaS & Deployment Platforms
| Integration | Purpose |
|---|---|
| Vercel | Deployment events and build management. Workflows: trigger on deployment failures/successes, error anomalies; actions include getting deployments, build logs, rollbacks, promotions, AI investigation |
| Railway | Deployment automation. Workflows: trigger on deployment events; actions include deployment logs, redeploys, restarts, rollbacks, environment variables, AI investigation |
| Fly.io | Machine lifecycle management. Workflows: trigger on machine start/stop/crash/create/destroy; actions include machine start/stop/restart, secrets, AI investigation |
AI Compute & Sandboxes
| Integration | Purpose |
|---|---|
| Nebius | AI cloud GPU infrastructure. Workflows: trigger on GPU/node lifecycle events; actions include instance start/stop/restart, managed Kubernetes node-group scaling, AI investigation |
| Beam | Serverless AI compute. Workflows: trigger on task, container, deployment, and machine events; actions include deployment scaling/start/stop, sandbox lifecycle, running commands, AI investigation |
| Daytona | Dev sandboxes. Workflows: trigger on sandbox, snapshot, and volume lifecycle events; actions include sandbox management, command execution, file transfer, AI investigation |
Databases
| Integration | Purpose |
|---|---|
| Supabase | Project and branch automation. Workflows: actions include project/branch/backup/read-replica lifecycle, network restrictions, AI investigation |
| Neon | Serverless Postgres. Workflows: actions include branch lifecycle, compute suspend/resume and autoscaling, reset-from-parent, credential rotation, AI investigation |
| PlanetScale | MySQL branching and schema migrations. Workflows: trigger on branch/deploy-request events; actions include branch, deploy-request (schema migration), backup, and credential automation |
| ClickHouse | ClickHouse Cloud services. Workflows: trigger on error spikes; actions include service start/stop/scale, IP access lists, backups, ClickPipes ingestion, usage costs, AI investigation |
CI/CD & GitOps
| Integration | Purpose |
|---|---|
| GitHub | GitOps deployments, causal PR detection, IaC remediation. Workflows: actions include creating PRs/issues, triggering Actions, waiting for runs, AI code investigation, AI code fix generation |
| GitLab | GitOps deployments, merge request remediation. Workflows: actions include creating MRs/issues, triggering pipelines, waiting for pipeline completion |
| Jenkins | Build automation. Workflows: trigger on build failures; actions include triggering builds (with parameters), monitoring builds, console logs, stopping runaway builds, AI investigation |
| CircleCI | Pipeline automation. Workflows: trigger on pipeline/workflow failures; actions include triggering pipelines, rerunning/canceling workflows, approving on-hold jobs, test results, AI investigation |
| ArgoCD | GitOps deployment management. Workflows: actions include triggering syncs, waiting for sync completion, checking application health status |
| Argo Rollouts | Progressive delivery. Workflows: actions include promoting, aborting, retrying, and rolling back canary and blue-green rollouts |
| Flux CD | GitOps reconciliation. Workflows: actions include reconciling, suspending, and resuming Kustomizations, HelmReleases, and sources |
| Helm | Release management. Workflows: actions include installing, upgrading, rolling back, and uninstalling Helm releases |
Infrastructure as Code
| Integration | Purpose |
|---|---|
| Terraform Cloud | Run lifecycle automation. Workflows: trigger on run events; actions include plan/apply/discard/cancel, workspace locking, variables, state outputs, drift detection, AI investigation |
| Pulumi Cloud | Stack automation. Workflows: trigger on stack/deployment events; actions include stack updates, drift detection and remediation, deployment queue control, stack tags and outputs, AI investigation |
Observability & Analytics
| Integration | Purpose |
|---|---|
| Datadog | Metrics, monitors, and observability context. Workflows: actions include querying metrics, creating monitors, sending events, muting monitors |
| OpenTelemetry | Metrics for incident root cause analysis and copilot context |
| PostHog | Product analytics events and session replay. Workflows: trigger on exceptions, rage clicks, console errors, log alerts; actions include session summaries, event queries, error issue details |
Incident Management & Ticketing
| Integration | Purpose |
|---|---|
| PagerDuty | On-call alerting with RCA context and auto-resolution. Workflows: trigger on PD incidents; actions include creating/acknowledging/resolving alerts, adding notes, escalation |
| Jira | Ticket creation and incident tracking. Workflows: actions include creating tickets, adding comments, transitioning ticket status |
| Linear | Issue tracking. Workflows: actions include creating issues. Also used as a knowledge source |
Notifications & Knowledge
| Integration | Purpose |
|---|---|
| Slack | Notifications, interactive Q&A, /kestrel copilot, /kestrel-workflow triggers. Workflows: trigger from Slack requests; actions include sending messages, threaded replies, approval requests, DMs |
| Confluence | RCA publishing, postmortems, runbooks. Workflows: actions include publishing RCA pages, postmortems, runbook entries, updating existing pages. Also used as a knowledge source during incident investigation |
| Glean | Enterprise knowledge search during incident investigation |
| Knowledge Sources | Connect Slack, Confluence, Jira, Linear, Notion, and Glean as knowledge sources so incident investigations include similar past incidents, runbooks, and postmortems |
Enterprise Security
Built for organizations that demand the highest standards of data privacy, security, and compliance.- SOC 2 Compliant — Enterprise-grade security controls audited by an independent third party
- Complete Data Isolation — Your data is never combined with other customers
- No Cross-Customer Training — AI models are never trained on another customer’s data
- Read-Only by Default — No write access unless you explicitly enable auto-remediation
- Full Control Over Fixes — Every AI-generated change requires your explicit approval
- No Sensitive Data Storage — Secrets are never sent to or stored on Kestrel servers
Getting Started
Workflows Quickstart
Build your first workflow automation in seconds.
Incident Response Quickstart
Set up agentic incident detection and response.
Copilot Quickstart
Start asking questions about your infrastructure and applications.