Skip to content
Foyre Foyre

AI workload validation before production

Give every AI app a sandbox, then approve it with evidence.

Foyre gives IT, platform, and security teams a self-hosted review path for AI workloads. Requesters deploy into an isolated per-request vcluster; admins run configurable validation pipelines before anything is accepted into production.

Connect your own Kubernetes cluster, let Foyre create vcluster environments, and define validation pipelines for inventory, Kubernetes security, image scanning, policy checks, and custom review steps.

  • Structured intake Who owns it, what it uses, where it talks
  • Isolated vcluster Deploy the real workload before review
  • Validation pipelines Evidence-backed approval gates

IT needs more than an AI request form.

Chatbots, RAG services, agents, and inference APIs show up from every direction. Foyre gives IT departments one place to capture the request, score the risk, create a vcluster sandbox, and run validation pipelines against the deployed app before production approval.

  • The pattern

    Surprises after the fact

    External model APIs, regulated data, vector stores, agent actions, GPU needs, and internet egress are captured before the app is reviewed for production.

  • The pattern

    Reviews without proof

    A ticket cannot show pods, services, image names, security settings, scan results, or policy findings. A Foyre validation run can.

  • The pattern

    Shadow paths

    Without a clear front door, teams route around IT. Foyre records the request, risk score, vcluster events, and review state in one request history.

Intake, validate, then decide

A requester fills out the AI workload form, Foyre classifies risk with human-readable reasons, the requester deploys into a per-request vcluster, and IT runs configurable validation pipelines to turn the live deployment into review evidence.

  1. 1

    Submit the intake

    The requester documents owners, workload type, data classification, external model APIs, vector databases, agent actions, GPU needs, and egress.

  2. 2

    Create the validation cluster

    Foyre provisions a per-request vcluster on your host Kubernetes cluster and gives the requester scoped access.

  3. 3

    Where Foyre differs

    Deploy and validate

    The requester deploys the app with kubectl or Helm. Reviewers run admin-defined validation pipelines against what is actually running.

  4. 4

    Approve with evidence

    Pipeline results, findings, artifacts, and approval gates help reviewers approve, reject, or send the request back with a clear reason.

Workflow: requester submits intake; intake and risk score; deploy and flag ready on isolated vcluster; review ends in approved or rejected.

Key platform feature

Validation pipelines turn a sandbox into an approval gate.

Foyre is not just an intake queue. Every request can get its own vcluster, and admins decide which checks must run against that live deployment before reviewers accept it into production.

For requesters

Deploy the real app into a scoped vcluster. No guessing from a form; reviewers can inspect what actually runs.

For admins

Configure reusable pipelines for inventory, Kubernetes posture, image scans, policy checks, and custom logic.

For reviewers

Review pass, warning, and failed checks with findings and evidence artifacts attached to the request.

For governance

Block approval on failed validation, allow reasoned overrides, and keep the decision history in one place.

What you get

These are the product surfaces Foyre uses to turn an AI app request into a validated Kubernetes deployment.

Validation clusters per request

Each submitted request can get its own vcluster. Requesters deploy there first; reviewers use kubeconfig access to inspect resources and validate the workload before approval.

Configurable validation pipelines

Admins define reusable checks in YAML: workload inventory, Kubernetes security, image scans, organization policy, inline scripts, or custom containers.

Smart intake forms

Conditional fields ask about the AI details IT needs: model APIs, enterprise data, vector stores, agent actions, GPU requirements, and internet egress.

Risk scoring you can explain

Regulated data plus an external model API rates higher. Agents taking user actions rate higher. Missing answers become unknown until the requester fills them in.

Roles that match how you work

Requesters submit and deploy. Admins configure pipelines. Reviewers inspect evidence and decide. Statuses keep the handoff explicit.

History you’ll actually use

Every request keeps comments, status changes, risk evaluations, vcluster events, validation runs, overrides, and teardown events tied to the acting user.

Security-minded defaults

Bcrypt-backed passwords, rotation for admin-created accounts, Fernet-encrypted kubeconfigs at rest, SQLite out of the box with a path to Postgres when you need it.

Who Foyre is for

Mid-sized and larger organizations that already take AI seriously—and want one disciplined door before production.

You’ll get the most value if…

  • Platform or IT is rolling out internal AI services and needs a repeatable queue—not another heavyweight ITSM clone.
  • Security or architecture wants to read manifests, exec into pods, and confirm networking—not approve from a paragraph in Confluence.
  • Engineering leadership needs a single place to answer “what AI systems are proposed, and where are they in review?”

What we’re honest about

Foyre is internal tooling you self-host—not a consumer app and not a hosted SaaS. Today you sign in with local accounts (LDAP, AD, and OIDC are future extension points, not shipped yet). There are no native integrations for ServiceNow, Jira, Slack, email, or Teams; plan to bridge those yourself if you need them.

Each deployment is aimed at one organization. Backup and DR are whatever you already practice for SQLite or Postgres.

Your infrastructure. Your data.

Apache 2.0 means you can run, inspect, and adapt Foyre without a vendor in the middle. Intake data, credentials, and validation clusters stay inside the boundaries you already trust.

Open the GitHub repository

Quick start with Helm

Install Foyre into a Kubernetes cluster in a few commands. This quick path uses SQLite and is intended for demos and evaluation. Use Postgres for shared, long-running, or production-style deployments.

Install Foyre

helm repo add foyre https://foyre.github.io/foyre/
helm repo update

helm install foyre foyre/foyre \
  --namespace foyre \
  --create-namespace \
  --set seed.admin.password='change-me' \
  --set postgresql.enabled=false \
  --wait

Evaluation install

This installs Foyre with SQLite. Change the admin password after login, and use Postgres before sharing the environment with a team.

Open the UI

For a local evaluation, port-forward the service and open Foyre in your browser.

kubectl port-forward svc/foyre 8080:80 -n foyre

Then open http://localhost:8080. Initial login: admin / change-me.

Questions we hear often

Is Foyre a fit for our organization?
If you want a self-hosted intake lane for AI-facing systems, can attach Kubernetes for sandboxes, and value reviewers seeing real deployments—Foyre is built for you. If you need multitenant SaaS, turnkey SSO, or deep ITSM connectors on day one, you’ll want to wait or integrate those yourself.
What do validation pipelines check?
Admins configure ordered checks for workload inventory, Kubernetes security settings, container image scans, organization policy, and custom scripts or containers. The latest run can warn reviewers or block approval.
Any integrations with ServiceNow, Jira, Slack, or email?
Not built in today. Foyre is the workflow of record; hook your notification or ticketing stack externally if you need pings in those channels.
Why vcluster?
You get a dedicated Kubernetes API per request on infrastructure you already operate—fast isolation without handing everyone a shared namespace and hoping for the best.
How do you handle credentials?
Passwords are bcrypt-hashed. Host and per-request kubeconfigs are encrypted at rest with Fernet using APP_SECRET_KEY. Requester kubeconfigs are shown once when minted—handle them like any other secret.

Contact

Questions about Foyre, partnerships, or press—reach us at the address below.

hello@foyre.ai