Pre-Flight Twin

Rehearse the change.
Sign the approval.

Pre-Flight Twin clones your live environment, simulates the implementation against it, and gates approval until every high-risk change is reviewed — with a signed audit anchor that goes stale the moment any input shifts.

Try Pre-FlightSee how it works
Pre-Flight Twin·Lakebase → AWS RDS Warm Replica
Ready for review
Twin coverage
57/100
57% rehearsal-backed · 43% graph inferenceCalibration: calibrating
Live domains
8
from Sensor
Predicted ops
48
43 change · 5 risk
Findings
3
2 blocking

Rehearse before you write. Sign before you ship.

Zero
provider writes during rehearsal

The Twin is a read-only clone of your live ontology. Vault credentials are swapped for a tagged proxy; every write-shaped call is no-op shimmed.

57 / 100
Coverage, deterministic

Every prediction is scored by how it was reasoned — real provider preview API, SA graph reasoning, or operator assertion. Not a confidence number; a math one.

1 hash
Approval signature

Seven inputs sign into a single audit anchor — checklist, ontology, guardrails, vault, findings, SA model, rule registry. Change any one, the approval goes stale.

Materializing rehearsal
step 2 of 4
Pinned inputs
checklist_version_hashabc123ef
ontology_snapshot_idsnap_2026-05-21
guardrails_version_hashg_v3.14
vault_bindings_version_hashv_v7.01
Cloning live baseline487 KB
14 tasks · dependency orderno writes

Materialize a rehearsal in one click

Pre-Flight Twin pins your checklist, ontology snapshot, guardrails, and vault bindings into an immutable session — then clones the live baseline and simulates the plan against it. Materialization never writes to a provider.

Predictions · Modifications43 predicted
~SecurityEngineering approvalGovernance Gate
Resource id
securityengineering-approval-to-read-lakebase-backup
Before
target_state: healthy
After
approval required
Phase 0 · Measure Before BuildingCoverage 74%

See every predicted delta before it ships

Predictions group resource changes into additions, modifications, and removals — with field-level before / after diffs grounded in the live ontology. Project artifacts never appear as fake resources.

HIGHguardrail_violation
blocking
Datadog ingestion exceeds cost guardrail by $140/mo

Predicted ingest of ~2.1 GB/day at current M365 audit volume crosses the Operating cost ≤ $200/mo guardrail.

Suggested fix
edit_task · t-06 · add filter + sample at 30%
evidence · graph_reasoning

Resolve findings in a single click

Every finding ships with a structured suggestion — edit a task, add a guardrail, accept the risk. One click applies it back to the checklist with an idempotent audit log entry. No prose to parse.

Approval signatureReady to sign
Inputs pinned into the hash
checklist_version
ontology_snapshot
guardrails_version
vault_bindings
findings_hash
sa_model_id
rule_registry
approval_signature
sha256: 7b3f…a91c · signer maya.chen
stale watcher · live

Approve with a signed audit anchor

Approval signs seven inputs into a single hash — checklist, ontology snapshot, guardrails, vault, findings, SA model, and rule registry. Change any of them and the approval goes stale automatically.

Coverage

Rehearses against your real estate.

Pre-Flight reasons over the providers Panaptico already maps — real provider preview APIs where they exist, structured graph inference where they don't. Each provider promotes from inference to preview as APIs come online.

AWSpreview
Azurepreview
Terraformpreview
GCPinferred
Oktainferred
Cloudflareinferred
Microsoft Graphpreview
Datadoginferred
Snowflakeinferred
Databricksinferred

Sign the next change with confidence.

Run a rehearsal. Review every predicted delta. Sign the approval and let the stale watcher catch what changes after.

Try Pre-FlightBack to Panaptico