A safety envelope you can audit in the source.

Set cloud.enabled=false and Srenix runs entirely in your cluster with zero external dependency. The K8s-native value (probes, fixers, ticketing) is unchanged. Verifiable in helm template output.

No vendor SaaS. No telemetry exfiltration. Srenix runs the same way in EU sovereign clouds, FedRAMP-trackable workloads, and on-prem regulated environments as it does on public EKS / GKE / AKS.

Every M1 / M2 cloud probe uses workload-identity-scoped read-only IAM. Cloud-resource mutation is deliberately deferred to M4 with a separate signed-approval envelope. Read the IAM policies in the Helm chart.

The OSS fixer set is exactly five named actions: StaleErrorPods, StuckJobsWithBadSecretRef, StuckRSPods, StuckCertificateRequests, TLSSecretMismatch. Each fixer is opt-in via Helm flag. Protected namespaces are allowlisted out by default.

AI-tier fix proposals require human approval via signed-JWT URLs delivered to Slack or ticket. The approval-server enforces signature, expiry, one-time-use, and a per-(approver, action-class) rate budget (default 10 executions/hour per pair). Without the click, nothing mutates — unless you explicitly enable an autonomy tier: either PR auto-merge (off by default; Wilson lower bound ≥0.95; the PR body is re-fetched and its Ed25519 attestation re-verified before merge) or in-cluster confidence-gated auto-apply (off by default; reversible-action allowlist; confidence ≥0.95). Both require every safety gate to pass.

Run --dry-run to log every fix Srenix would have applied without applying it. The fix log is identical to production mode minus the mutation. Use this in your eval cycle before flipping fixers on.

Apache-2.0 source. Helm-rendered RBAC visible before install. DriftReport CRs are first-class audit objects. AI AuditEvents are hash-chained (prev_hash) in OSS pkg/audit; the Loki / OTLP / JSONL streaming sinks for compliance pipelines are paid.

IRSA on EKS, Workload Identity on GKE, AAD Workload Identity on AKS. No long-lived cloud credentials in Srenix. Same IAM your cluster already uses — same audit trail.

The Firecrawl web-research step is active only when a Firecrawl API key is configured (K8s Secret `srenix-firecrawl-key`); it can be disabled explicitly with `--firecrawl-enabled=false`. When active, Srenix sends exactly one outbound HTTPS request per investigation to the Firecrawl API. The payload is a generic technical query synthesized by the LLM — no cluster namespace, hostname, IP address, pod name, or secret value is included. Without a key, the deep-RCA investigator falls back to cluster-only root-cause analysis (Describe + events + LLM synthesis) — no external call is made. The Firecrawl API key is sourced from a K8s Secret (never a flag literal). This is the only intentional external-egress exception in the paid tier.