AI root cause analysis that never leaves your VPC
Wachd runs Ollama inside the same Kubernetes namespace as the rest of your stack. Your incident data, alert context, and on-call history never reach an external API. Air-gapped mode is not a workaround — it is the default deployment model for regulated teams.
One config line to go fully offline
Switch the AI backend to Ollama and Wachd deploys an in-cluster LLM alongside the rest of the stack. No API key. No external endpoint. No egress rule required.
# values.yaml
analysis:
backend: ollama
ollama:
enabled: true
model: llama3.2
# runs in your cluster — no network egress
GPU acceleration available — set analysis.ollama.gpu.enabled: true if GPU nodes are present.
How the pipeline works — fully in-cluster
Every step runs inside your Kubernetes cluster. No step requires outbound internet access.
Grafana, Datadog, or Prometheus sends a webhook to Wachd. HMAC signature validated in-cluster.
Wachd queries your in-cluster Loki, Prometheus, and GitHub — read-only. Nothing goes outbound.
Every email, IP, account ID, and API key is removed before anything reaches the LLM. Non-negotiable.
The sanitised context is sent to Ollama running in the same Kubernetes namespace. No API key. No external endpoint. No network egress.
SMS, voice, email, or Slack — with the probable cause already written. Your phone rings less than a minute after the alert fires.
What stays inside your cluster
In air-gapped mode, none of the following ever touches an external API or leaves your network boundary.
Alert payloads
Raw webhook data from Grafana, Datadog, or Prometheus — never forwarded anywhere
Log context
Error logs pulled from your Loki or Splunk endpoint — read-only, stays in cluster
Metric history
Prometheus query results used for timeline correlation — never cached externally
Commit context
GitHub API responses (read-only) — processed in-cluster, not sent to any third party
AI prompts
The sanitised incident summary sent to Ollama — stays inside the pod, never leaves the node
On-call schedules
Rotation members, escalation chains, override history — stored in your Postgres PVC
Incident history
Every past incident, its AI analysis, and its resolution — your data, your cluster
PII is stripped before the LLM sees anything
Even though Ollama runs in your own cluster, Wachd still strips PII before the sanitised context reaches it. This is not optional — the sanitiser runs synchronously in the alert pipeline. If it fails, the AI call is aborted.
What gets removed: email addresses, IPv4 and IPv6 addresses, account IDs, UUIDs, API keys and tokens, internal hostnames, JWT tokens, AWS/GCP/Azure resource ARNs, credit card patterns. What stays: error types, stack trace structure, service names, metric values, HTTP status codes, commit hashes.
Who runs Wachd in air-gapped mode
Financial services and banking
Incident data contains transaction IDs, account references, and internal service names. None of that can leave a regulated boundary. Wachd's air-gapped mode was designed for exactly this constraint.
Healthcare and life sciences
HIPAA, SOC 2, and internal data governance rules often prohibit sending operational logs to cloud AI APIs. In-cluster Ollama means your incident pipeline never touches a third-party endpoint.
Government and defense contractors
Classified environments and FedRAMP-aligned deployments need AI capabilities that work offline. Wachd runs completely without internet access once deployed.
Any team with a strict VPC boundary
If your security team blocks egress to *.anthropic.com or *.openai.com, Wachd still works. Switch analysis.backend to ollama and nothing changes in the alert pipeline.
Deploy in your isolated environment
Wachd deploys on any Kubernetes cluster with no internet access required after the initial image pull. Apache 2.0, no account required, no telemetry sent home.
Questions about regulated deployments? sales@wachd.io