Platform
Doctor: the read-only AI SRE for your live apps
When something breaks in production, Doctor investigates like a site reliability engineer — and hands you the diagnosis and a drafted fix instead of a page of logs.
Doctor is Ciao's read-only AI site reliability engineer. It probes the live application, DNS and CDN, diagnoses the root cause of incidents and drafts the fix. Unlike agents given production write access, Doctor is read-only by design — it can look at everything and change nothing, so diagnosis is fast, continuous and safe to run against real systems.
Published 2026-07-03 · Last updated 2026-07-03
Production breaks; expertise is scarce
Every application eventually has the bad afternoon: the site is down, checkout errors, login fails for one customer and nobody knows why. The traditional answer is a site reliability engineer who digs through logs, DNS records and CDN behavior until a story emerges. Most teams building with AI do not have that person — and should not need to hire one to keep a portal alive.
Doctor is Ciao's read-only AI SRE. It probes the live application, DNS and CDN, diagnoses the root cause and drafts the fix. Read-only is the design decision that matters: Doctor can look at everything and change nothing.
How a diagnosis runs
A diagnosis follows the same path an experienced SRE would take — just immediately, and on the record.
1. Something looks wrong
A production check fails, a health light turns red in Conductor, or a human asks Doctor to investigate a symptom.
2. Doctor probes the live app
It requests real routes, exercises the failing flow and reads responses and errors the way a user's browser would meet them.
3. Then the path to it
DNS resolution, certificate state and CDN behavior are probed too, because "the app is down" is often really "the route to the app is down".
4. Context joins the evidence
Recent deploys, configuration changes and check history narrow down when it broke and what changed around that moment.
5. A root cause, in plain language
The output is a diagnosis, not a log dump: what broke, where, and why — with the evidence attached.
6. A drafted fix, through the front door
Doctor drafts the fix, and it ships the way every change ships: through Builder, Guardrails review where policies require it, and QA gates. Diagnosis is immediate; change stays governed.
Why read-only matters
Giving an AI write access to production is a decision most security teams will not make — and Ciao does not ask them to. Doctor's authority is investigative. That makes it safe to run against real systems continuously and safe to bring into regulated environments: the blast radius of a wrong diagnosis is a wrong sentence, not a wrong change.
It also keeps incentives honest. The fix Doctor drafts must survive the same review and testing as any human change, so speed never buys a bypass around governance.
There is a fleet effect too. Because probing is safe, Doctor does not have to wait for a human to suspect something — production checks and health lights hand it symptoms continuously, across every project in Conductor. The investigation that used to start when someone complained now starts when the first check fails.
Who uses Doctor
Doctor changes the incident experience for everyone who has ever owned one.
- Founders and operators — The person who built the app with Ciao is rarely the person who can debug DNS at midnight. Doctor is the investigator they do not have to become.
- Agencies — With a fleet of client applications in Conductor, Doctor is the first responder — the diagnosis is often done before the client notices the symptom.
- IT and platform teams — Triage arrives pre-investigated: escalations come with a root cause and evidence instead of a vague ticket.
- Engineers — They still make the call — they just start from a diagnosis rather than from grep.
Security and governance notes
- ✓ Doctor is read-only by design — it cannot modify the application, its data or its infrastructure.
- ✓ Probes cover the live application, DNS and CDN.
- ✓ Drafted fixes ship through Guardrails review and QA gates like any other change.
- ✓ Investigations and findings are recorded in the append-only audit trail.
- ✓ Doctor works alongside SysOps, which handles rollback and reconciliation as recorded operations.
Symptom by symptom
Different symptoms, same method: probe, correlate, explain.
| Symptom | What Doctor examines | Typical shape of the diagnosis |
|---|---|---|
| Site unreachable | DNS resolution, certificates, CDN status, origin health | Where the request dies on its way to the app |
| One flow failing | The route, its backend calls, recent changes to that area | The change or dependency that broke the flow |
| Slow pages | Response timing across routes and assets, CDN behavior | Which layer is adding the time |
| Errors after a deploy | The deploy diff, failing checks, runtime errors | Whether to fix forward or hand SysOps a rollback |
Frequently asked questions
Can Doctor make changes to production?
No. Doctor is read-only by design. It diagnoses and drafts fixes, and those fixes are applied through the normal governed pipeline — review, QA gates, then publish. The separation is deliberate: investigation should never mutate the thing being investigated.
What can Doctor actually see?
The behavior of the live application — routes, responses, errors — plus DNS, certificates and CDN behavior, and the project's own history: deploys, configuration changes and check results. That combination is usually enough to place a root cause.
How does the drafted fix become a real fix?
It enters the loop like any change: on a branch, through Guardrails review where policies require it, through QA smoke gates, then publish. If rolling back is faster than fixing forward, Doctor says so and SysOps performs the rollback as a recorded operation.
Does Doctor replace an on-call rotation?
It does the investigation legwork and hands humans a diagnosis instead of raw logs. Someone still decides and approves — that person just starts much further ahead, and for many teams that changes what on-call has to be.
Is Doctor included, or an add-on?
Every Ciao workspace includes the AI software organization — CTO, Doctor, QA analyst, Security engineer, Coder and SysOps operator. For production programs, which start at USD 10,000 per year, book a demo and see a live diagnosis on a real incident.