Add sentinel documentation (#534)

* Add sentinel documentation

Just a basic docs page on setting up sentinels

* add arch diagram docs

Author: michaeljguarino

generated/routes.json

@@ -13,11 +13,11 @@
   },
   "/overview/management-api-reference": {
     "relPath": "/overview/management-api-reference.md",
-    "lastmod": "2025-10-15T00:53:52.000Z"
+    "lastmod": "2025-11-03T09:07:35.000Z"
   },
   "/overview/agent-api-reference": {
     "relPath": "/overview/agent-api-reference.md",
-    "lastmod": "2025-10-15T00:53:52.000Z"
+    "lastmod": "2025-11-03T09:07:35.000Z"
   },
   "/getting-started": {
     "relPath": "/getting-started/index.md",
@@ -121,7 +121,7 @@
   },
   "/plural-features/continuous-deployment/resource-application-logic": {
     "relPath": "/plural-features/continuous-deployment/resource-application-logic.md",
-    "lastmod": "2025-10-15T13:54:02.028Z"
+    "lastmod": "2025-10-15T14:09:53.000Z"
   },
   "/plural-features/continuous-deployment/lua": {
     "relPath": "/plural-features/continuous-deployment/lua.md",
@@ -223,6 +223,14 @@
     "relPath": "/plural-features/plural-ai/architecture.md",
     "lastmod": "2025-03-12T14:59:41.000Z"
   },
+  "/plural-features/plural-ai/sentinels": {
+    "relPath": "/plural-features/plural-ai/sentinels.md",
+    "lastmod": "2025-11-08T15:56:41.000Z"
+  },
+  "/plural-features/plural-ai/arch-diagram": {
+    "relPath": "/plural-features/plural-ai/arch-diagram.md",
+    "lastmod": "2025-11-08T16:28:24.261Z"
+  },
   "/plural-features/plural-ai/cost": {
     "relPath": "/plural-features/plural-ai/cost.md",
     "lastmod": "2025-03-12T14:59:41.000Z"
@@ -389,7 +397,7 @@
   },
   "/getting-started/agent-api-reference": {
     "relPath": "/overview/agent-api-reference.md",
-    "lastmod": "2025-10-15T00:53:52.000Z"
+    "lastmod": "2025-11-03T09:07:35.000Z"
   },
   "/getting-started/readme": {
     "relPath": "/getting-started/index.md",

pages/plural-features/plural-ai/arch-diagram.md

@@ -0,0 +1,40 @@
+---
+title: Deep Infrastructure Research
+description: Agentic Search of Your Infrastructure to Generate Arch Diagrams and More
+---
+
+The best way to understand complex software infrastructure is to find a way to diagram it out to get to a visual representation of the data at hand.  Plural AI has all the tools to automate this process in many cases, even across cloud and kubernetes boundaries.  In particular, Plural has a few key datasources that enable an agentic diagramming engine:
+
+1. A constantly refreshing semantic index of your infrastructure generated by our GitOps engine
+2. The ability to reference source code and terraform state when necessary in an agentic process
+3. The ability to live query Kubernetes or your cloud when necessary to fill in needed gaps
+
+{% callout severity="info" %}
+We are also actively working on ebpf network inspection which will improve this source data even more
+{% /callout %}
+
+That enables our AI to draft basic arch diagrams with a simple prompt.
+
+## Create An Research Session
+
+Diagram creation is simple and UI-based. Navigate to `AI -> Infra Research`.  You'll have a prompt button to spawn a new research, and from there you'll see a few threads spawn in as the AI is working in the background.  The process takes about 1-2 minutes, and is completely headless, so feel free to grab a coffee while its churning. Once done, you'll have a full result looking something like (using the prompt `Show me the architecture of the grafana deployment`):
+
+![](/assets/ai/research-diagram.png)
+
+![](/assets/ai/research-analysis.png)
+
+This will have:
+
+1. A complete architecture diagram of the infrastructure tied to your prompt
+2. A text summary of the infrastructure and any other learnings found
+3. A list of notes of what the AI still doesn't seem to understand from its investigation
+4. A list of associated Plural Services and Stacks used as source data for the investigation
+
+The graph itself is created in [Mermaid](https://mermaid.js.org/) format, and can be quite complex.  This can easily lead to hallucinations.  To correct these you have two tools:
+
+1. AI fix - we provide a fix with ai button that will take any javascript errors from mermaid parsing and attempt to correct them.
+2. Try it again - in other cases, it's oftentimes easier to just rerun the generation.  You can use the `Try Again` button to do this. 
+
+## Publish Your Researc
+
+Once you feel like the diagram and research is suitable for broader acceptance, you can chose to publish it.  From there, anyone can view your research results and we'll index it for use in other investigations in the future.

pages/plural-features/plural-ai/sentinels.md

@@ -0,0 +1,88 @@
+---
+title: At-Scale Infrastructure Testing with Sentinels
+description: Automate testing over any set of Kubernetes Clusters with the Sentinel Resource
+---
+
+Validating the correctness of any infrastructure change is a meaningfully complex task that has no parallel to a local unit test that is effective at the application layer. Slight differences almost always require some degree of live integration testing.  Multiply this by n kubernetes clusters, for any large n, and you definitely need to automate.
+
+Sentinels are meant to provide a flexible abstraction to solve for this.  In particular, they allow you to bundle a sequence of checks that can:
+
+* Run terratest-based integration tests across any subset of your clusters and aggregate the results
+* Tail logs across any set of clusters using search filters, and analyze it with AI and git-source rules files
+* Deep-query a kubernetes resource on a cluster and analyze its health with AI and git-sourced rules files
+
+Once a sentinel is defined, it can be run anytime on-demand via API.  This can be triggered:
+
+* in our UI
+* in github actions or other CI systems
+* in Plural pipelines
+
+Some common usecases that we find they are particularly well suited for are:
+
+1. Validating kubernetes upgrades do not introduce regressions
+2. Cross-cutting kubernetes operator changes (eg istio upgrades)
+3. Validating network reconfigurations are safe.
+
+But there are likely many more.
+
+The motivation behind all of these, and the use of AI, is that oftentimes confirming infra health requires aggregating multiple textual datasources and interpreting them using some degree of discretion that consumes meaningful man-hours as a result.  You simply cannot do that deterministically, so a governed AI-based approach is needed.  For deterministic correctness, a full terratest run can exercise common paths like validating pods start, storage volumes can be mounted, networking is enabled, etc.
+
+## Set Up Your First Sentinel
+
+Defining a new sentinel is best done via CRD.  If you set up Plural with `plural up` you can register this at a file like `bootstrap/sentinels/example.yaml`:
+
+```yaml
+apiVersion: deployments.plural.sh/v1alpha1
+kind: Sentinel
+metadata:
+  name: example
+spec:
+  description: Test baseline kubernetes health
+  repositoryRef:
+    name: infra
+    namespace: infra
+  git:
+    ref: main
+    folder: rules
+  checks:
+    - name: console-logs
+      type: LOG
+      ruleFile: logrule.md
+      configuration:
+        log:
+          query: error
+          duration: 5m
+          namespaces:
+          - cert-manager
+          - external-dns
+          - kube-system
+    - name: integration-tests
+      type: INTEGRATION_TEST
+      configuration:
+        integrationTest:
+          format: JUNIT
+          tags:
+            tier: dev
+          
+          # notice no job image is specified, we ship with a working integration test out of the box that can be used
+          # without upfront development.
+          jobSpec:
+            namespace: plrl-deploy-operator
+            serviceAccount: deployment-operator
+```
+
+{% callout severity="info" %}
+To see the full api spec, go to our [Management API Docs](https://docs.plural.sh/overview/management-api-reference#sentinel)
+{% /callout %}
+
+What this particular sentinel will do when run is, in parallel:
+
+1. Query the logs for the configured namespaces (cert-manager, external-dns, and kube-system, some common low-level operator namespaces) for 5m for errors, and then analyze any results found according to a rule file specified in git.  You as the engineer can tune how the AI operates with that rule file.
+2. Launch our default terratest job across all `tier: dev` clusters, doing a basic sequence of health checks.
+
+You can run a sentinel at any time in your Plural Console instance by navigating to `AI -> Sentinels -> {sentinel-name}`, and once run, you'll see an experience something like this:
+
+![](/assets/ai/sentinel-landing.png)
+
+![](/assets/ai/sentinel-open.png)
+

public/assets/ai/research-analysis.png

@@ -143,6 +143,11 @@ export const docsStructure: DocSection[] = [
         sections: [
           { path: 'setup', title: 'Setup Plural AI' },
           { path: 'architecture', title: 'Plural AI Architecture' },
+          {
+            path: 'sentinels',
+            title: 'At-Scale Infrastructure Testing with Sentinels',
+          },
+          { path: 'arch-diagram', title: 'Infrastructure Deep Research' },
           { path: 'cost', title: 'Plural AI cost analysis' },
           {
             path: 'multi-model-configuration',