Squadron AI
Guide
Guide

What is Squadron AI?

Squadron AI provides AI-powered pull request code reviews, issue analysis and real-time chat for your GitHub repository to accelerate your team's code review process. Let us increase the quality of your code reviews and add an extra set of eyes without increasing your headcount.

How it works

Squadron AI is a GitHub application, We integrate securely and directly through GitHub, simply install our application and the rest is magic.

Interact seamlessly with our AI bot in your pull requests using comments, and get real-time feedback on your code changes.

What we do

We support the following features:

  • Automated AI pull request code reviews
  • Real-time chat through comments
  • Automated linked issue analysis against code changes
  • Daily reports detailing issues and pull requests in the last 24 hours.

What we don't do

We do not save your source code nor can any employee view your source code. The only time your source code is used in any of our processes is when you submit a pull request or chat with our bot in GitHub. Once that process is triggered, Squadron will begin processing files both in memory and on ephemeral storage. Our application that processes source code is:

  • Stateless
  • Separate from other organizations
  • Ephemeral
  • Follows encrypted in transit and at rest standards

Our Security Practice

We take security very seriously. Our AI platform offers a competitive edge by performing a deep analysis across your codebase. All connections have multiple layers of encryption, storage mediums are encrypted at rest and data encrypted in transit; processes that analyze code are epheremal.

Employees do not have access to production, machines are created and destroyed on demand in order to perform code reviews.

Corporate Security (“CorpSec”)

CorpSec is the practice of making sure team members have secure access to company infrastructure, and that secured channels are the only exposed channels to Squadron. CorpSec controls are the primary concern of standards like SOC2.

  • Access to our services and applications is gated on a SSO Identity Provider.
  • We require strong, phishing-resistant 2FA in all enrolled IdP accounts.
  • We rely on IdP-backed WireGuard with strict, default-deny, role-based access controls to access internal applications.

Process Controls: Network/Infrastructure Security (“InfraSec”)

InfraSec is the practice of ensuring a hardened, minimal attack surface for components we deploy on our network.

Our cloud hosting provider deploys in secure data centers like Equinix. Our services are locked down further with Mutual TLS. Our hosting provider works with upstream traffic providers to perform automated and manual DDoS mitigation. Customer information on databases and volumes at Fly.io is encrypted with the Linux LUKS block storage encryption secrets.