Platform Capabilities

Execution surfaces built for real operations

Live capability surfaces across agent execution, governance, integrations, and outputs.

Scoped AWS Connection

Connect AWS with a cross-account IAM role so the agent can read cost, inventory, tags, and metrics.

Read-first access gives the agent evidence without granting broad infrastructure control.

  • CloudFormation-based connection setup
  • Cost Explorer, EC2, CloudWatch, tags, and optimization signals
  • No object-level S3 reads and no broad ReadOnlyAccess policy
Read docsOpen in product

Cost Investigations

Select the highest-signal issue and enrich it with owner, utilization, and safety evidence.

Built to reduce noisy alerts and avoid generic recommendation dumps.

  • Anomaly, waste, and rightsizing signals
  • CloudWatch-backed EC2 utilization context
  • Owner/team/environment inference from tags
Read docsOpen in product

Safety Classification

Every resource is classified before any action is routed or requested.

The agent checks ASG membership, IaC management, production tags, and missing context before proposing any change.

  • safe_to_schedule — eligible for an approval-gated action request
  • needs_owner_review — routed to the resource owner instead of execution
  • do_not_touch — production, ASG-managed, IaC-managed resources are excluded from execution entirely
Read docsOpen in product

Safe Savings Execution

Approval-gated low-risk AWS optimizations — minimal blast radius, no data loss, no downtime.

The SAFE_SAVINGS_REVIEW workflow handles the class of changes that are reversible and broadly safe to approve.

  • EBS gp2→gp3 migration — same performance, lower cost, fully online
  • CloudWatch log retention — set retention on infinite-retention log groups (does not delete existing logs)
  • S3 lifecycle policy — add abort-incomplete-multipart rule (does not affect existing objects)
  • ECR image cleanup — lifecycle policy for untagged images (running containers unaffected)
Read docsOpen in product

Owner Routing

Turn cost findings into owner-aware action instead of alerts that die in shared channels.

Every actionable finding includes who should review it and why.

  • Owner, team, environment, project, and cost-center context
  • Slack/Jira-ready investigation messages
  • Fallback routing when ownership is unclear
Read docsOpen in product

Four Managed Workflow Types

Choose the right workflow for each cost category — investigation, waste cleanup, safe optimization, or commitment review.

The agent runs each workflow on its own cadence — daily for investigation, weekly for cleanup and savings, monthly for commitments.

  • COST_INVESTIGATION — daily enrichment of the highest-value finding with evidence artifact
  • WASTE_CLEANUP — idle resource routing with owner attribution and approval gating
  • SAFE_SAVINGS_REVIEW — auto-execute zero-downtime optimizations (gp2→gp3, retention, lifecycle)
  • COMMITMENT_REVIEW — Savings Plans and RI coverage, utilization, and expiry analysis
Read docsOpen in product

Verified Savings Artifacts

Record the investigation, action, and follow-up check so estimated savings become accountable outcomes.

Leadership gets evidence of what changed, not just a recommendation number.

  • Cloud Cost Investigation Briefs
  • Savings Verification Reports
  • Run-linked provenance and audit context
Read docsOpen in product