AI Team Fundamentals

Understand how Edge Delta AI teammates connect to data, orchestrate investigations, and deliver guided operations.

  8 minute read  

Overview

Edge Delta AI Team introduces purpose-built teammates that stay engaged with the same telemetry powering your pipelines. Rather than waiting for a prompt, they monitor changing signals, start conversations when something needs attention, and keep humans informed when it is time to decide on next steps. Each teammate draws on streaming data, historical context, and sanctioned knowledge sources to outline what changed, why it matters, and which actions they recommend.

Beyond User-Directed Workflows

Most agent platforms operate in a single-interaction model: a user submits a prompt, the agent executes a bounded task, and the workflow terminates. The agent has no memory of external events, no awareness of system state between invocations, and no ability to initiate work based on conditions it observes. This user-directed paradigm mirrors traditional automation but cannot handle the asynchronous, event-driven nature of production operations.

Edge Delta’s AI Team departs from this model by introducing external context as a first-class capability. Teammates listen to event streams, correlate signals across time windows, and initiate investigations autonomously when patterns warrant attention. A PagerDuty incident arrives, triggering immediate log correlation and metric queries without human prompting. A GitHub pull request triggers code analysis and test validation before reviewers engage. Security events from AWS CloudTrail automatically initiate compliance checks and access reviews. These workflows proceed continuously rather than episodically, building context across interactions instead of resetting with each request.

This shift unlocks operational patterns that user-directed agents cannot address: continuous monitoring with intelligent triage, proactive remediation before incidents escalate, and collaborative investigation where specialists hand off context without losing the thread. The AI Team maintains workflow state, shares findings across teammates, and sequences actions that span hours or days—capabilities essential for managing complex distributed systems.

Core Building Blocks

OnCall AI is the coordinator. It interprets incoming questions, looks for anomalies, and passes work to the right specialists before drafting a single response. Built-in teammates—Cloud Engineer, Code Analyzer, DevOps Engineer, Issue Coordinator, Security Engineer, and SRE—stay aligned through that shared narrative, which keeps context intact across stakeholders.

You can extend the roster with custom teammates by shaping system prompts, defining how they speak, controlling connector access, and scheduling recurring checks. Connectors remain the data backbone: event connectors stream alerts and tickets into an automatically created OnCall AI pipeline, while streaming connectors plug additional telemetry sources into existing Edge Delta pipelines so teammates can query them through the Edge Delta MCP connector. For a deeper look at how the protocol keeps context, permissions, and automations in sync, read Model Context Protocol in Edge Delta.

The Prompt Engineering Challenge

Effective agentic systems depend on precisely crafted system prompts that define responsibilities, tool usage patterns, communication style, and decision boundaries. A poorly constructed prompt produces generic outputs, fails to invoke available tools correctly, or exceeds acceptable risk thresholds. Tuning these prompts requires deep domain knowledge and iterative refinement—each failed attempt consuming tokens and delaying value realization.

Organizations face a difficult choice: invest significant time learning prompt engineering patterns for operational domains, or accept suboptimal agent behavior that undermines trust and adoption. This barrier compounds when teams need multiple specialized agents covering distinct operational areas—cloud infrastructure, security compliance, incident response, code review—each requiring domain-specific prompting expertise.

Edge Delta addresses this through pre-tuned specialized teammates that ship with production-ready system prompts, carefully constructed tool assignments, and model selections proven effective for their domains. Each specialist encodes operational best practices accumulated across customer deployments, eliminating the prompt iteration tax. Organizations gain immediate value without prompt engineering expertise, while retaining the option to refine behavior as workflows mature.

The platform also includes an AI-powered teammate builder that generates system prompts from natural language descriptions, bridging the gap for custom use cases.

Multi-Agent Orchestration

Complex operational scenarios require coordination across multiple domains of expertise. A performance degradation might begin with SRE investigating metrics and logs, escalate to DevOps examining recent deployments, involve Code Analyzer reviewing changes in the suspect service, and conclude with Cloud Engineer adjusting infrastructure capacity. Managing these handoffs manually introduces latency, context loss, and coordination overhead.

The AI Team orchestrates these workflows through OnCall AI, which maintains conversation state, delegates tasks to appropriate specialists, and synthesizes findings into coherent narratives. When an investigation spans multiple teammates, OnCall AI:

  1. Routes initial triage to the specialist best positioned to assess the signal—SRE for incidents, Security Engineer for compliance alerts, Code Analyzer for pull requests
  2. Coordinates parallel analysis when multiple perspectives inform the diagnosis—correlating infrastructure changes with application metrics and code deployments
  3. Sequences dependent actions where one teammate’s findings trigger work for another—security findings necessitating code review, capacity trends requiring deployment planning
  4. Synthesizes consolidated summaries that preserve attribution while presenting unified recommendations to human decision-makers

This orchestration extends beyond the initial investigation. The SRE teammate identifies root cause and hands context to the Code Analyzer for fix validation. Code Analyzer confirms the proposed change and transfers to DevOps Engineer for deployment planning. DevOps Engineer coordinates with Cloud Engineer to provision infrastructure before the rollout. Each handoff preserves full context—the originating event, intermediate findings, data sources consulted, and actions taken—enabling seamless progression through complex operational workflows.

Channels provide the collaboration surface where these multi-agent workflows unfold transparently. Humans observe specialist interactions, approve high-risk actions, and inject expertise when edge cases arise. The complete thread becomes an auditable record capturing not just outcomes but the reasoning chain that produced them.

Collaboration Model

AI Team work happens in shared channels such as alerts-feed, incident-response, platform-ops, code-issues, and security-events, where both specialists and humans can coordinate quickly. Any action that affects infrastructure stays in-channel for transparency and approvals. Direct messages provide read-only conversations for quick checks, but OnCall AI still mirrors a summary back to the relevant channel so teams have the full story.

Data Access Model

Setting up the first event connector provisions an AI Team cloud pipeline that routes events to the OnCall AI destination. Additional event connectors become inputs on that same pipeline. Streaming connectors prompt you to choose an Edge Delta pipeline (or create one) so the data is processed alongside existing telemetry. AI teammates read from these pipelines via the Edge Delta backend, respecting all processors, RBAC, and masking rules in place.

Token Economics and Resource Management

Foundation models charge by token consumption—both input tokens (prompts, context, tool definitions) and output tokens (responses, reasoning chains). Different models exhibit dramatically different cost profiles: switching from GPT-4o to Claude Sonnet 3.5 can multiply token costs by an order of magnitude for equivalent interactions. Organizations must balance response quality, latency, and operational expense as they scale AI operations.

Edge Delta provides visibility into token consumption at multiple granularities: per teammate, per model, per channel, and aggregated across the organization. This transparency enables informed decisions about model selection and usage patterns. The platform tracks actual token burn rates, enabling organizations to monitor consumption patterns and optimize usage.

Model assignments follow the principle of matching capability to requirement. Specialized teammates ship with carefully selected default models proven effective for their domain—balancing response quality with cost efficiency. OnCall AI uses a more capable model to handle complex orchestration decisions, while specialists use lighter-weight models for routine analysis. Organizations can override these defaults when specific workflows justify the trade-off, guided by consumption metrics showing the cost implications of each choice.

Human-in-the-Loop and Trust Boundaries

Operational AI systems face a fundamental tension: autonomy enables velocity, but unchecked automation introduces unacceptable risk. Organizations must define boundaries carefully—which operations teammates perform independently versus which require explicit human approval. This becomes particularly acute for state-changing actions like infrastructure modifications, code deployments, or security policy updates.

Edge Delta implements granular permission controls at the tool level. Every connector operation—whether querying logs, creating tickets, or restarting services—carries a permission flag: Allow (execute autonomously) or Ask Permission (require human approval). Organizations configure these policies based on risk tolerance and operational maturity. Read-only operations typically run autonomously, while write operations default to requiring approval until teams establish confidence.

When a teammate encounters a permission-gated action, it packages the full context—the triggering event, investigation findings, data consulted, and proposed change—into a structured approval request presented in Slack or the Edge Delta UI. Humans review the reasoning, validate the proposed action against operational knowledge the AI may lack, and either approve, modify, or reject. The decision feeds back to the teammate, which then proceeds or adjusts its approach accordingly.

This pattern supports progressive trust building. Teams begin with conservative policies requiring approval for most actions. As they observe teammate behavior and validate its reasoning, they selectively grant autonomous execution for lower-risk operations. The approval history becomes a training corpus showing which decisions were sound and which required human correction, informing future refinements to system prompts and tool assignments.

The goal is not to replace human judgment but to shift human effort from routine execution to strategic oversight. Teammates handle the mechanical work of gathering evidence, correlating signals, and formatting recommended actions. Humans focus on edge cases, policy decisions, and situations requiring contextual knowledge the AI cannot access. This division of labor preserves safety while eliminating toil.

When to Use the AI Team

  • Investigate incidents end to end: teammates connect telemetry patterns to the relevant specialists, assemble a timeline, and tee up remediation options while humans approve critical steps.
  • Watch infrastructure health and resource usage: teammates share recurring summaries, highlight cost or capacity trends, and suggest next steps before a spike becomes an outage.
  • Maintain security posture: they correlate IAM changes, CloudTrail activity, and inbound alerts, then share findings with the right responders and log which data was masked or retained.
  • Guard code quality: they flag risky pull requests, missing tests, or newly failing checks so reviewers arrive with context.
  • Coordinate routine operational work: opening tickets, updating deployment plans, and recapping outcomes across Slack and other connected tools so nothing slips between teams.