TransIT AI

FAQ

General

What is Transit AI?

A cross-platform GUI SSH client with an embedded read-only AI assistant for investigating network gear (switches, routers, firewalls). Every command the AI proposes passes a per-vendor permit list AND your explicit click. The familiar multi-session tab UX you already know, modernized.

Who is it for?

Network engineers who spend a lot of time in SSH and want help investigating without giving up control over what runs on the device.

What platforms?

macOS (Apple Silicon — macOS 12+), Windows, Linux. No Intel macOS build.

Is the source available?

Transit AI is closed-source commercial software. The security model is documented in detail (see Security and our threat model) but the source isn’t published.

Account & sign-in

How do I sign up?

The public beta isn’t open yet — the Sign up buttons across the site lead to a “coming soon” page until then. Once we flip the launch switch, the same buttons will route into our hosted identity provider where you’ll create an account. On first sign-in, a personal organization is auto-created so subscription and billing always attach to an org for a uniform model.

Does the desktop app talk to the website?

No. The desktop signs in by launching your system browser at the cloud’s OAuth endpoint, which returns through a transit:// deep link. The website doesn’t proxy desktop traffic.

What does sign-in actually give me?

Sign-in attaches your subscription to your account, then unlocks the AI agent: cloud-resident provider key metered against your tier’s monthly token budget, with the option to bring your own API key (Anthropic or OpenAI) on Pro and Max tiers.

Pricing

How much is it?

Three paid tiers, no free tier:

  • Operator — $29/month or $348/year. Easy + Medium AI models.
  • Pro — $79/month or $948/year. Adds Advanced models; BYOK available as a $100 one-time unlock.
  • Max — $199/month or $2,388/year. Same model surface as Pro with the largest monthly AI budget.

Annual billing is 12× the monthly price — there’s no discount, and that’s deliberate. Token costs dominate either way, so a subscription discount wouldn’t move your real total cost much. Annual is for buyers who’d rather expense once than monthly.

What happens if I exceed my monthly AI budget?

By default, AI calls stop at your budget cap until the next month — no surprise charges. You can opt in to overage in Settings → Billing; from then on, calls past the cap bill at 1.25× the provider’s per-token cost, capped at 2× your monthly subscription price. Past the 2× cap, calls stop again and you can contact us or upgrade your tier. The chat panel surfaces an 85%-utilized banner before you hit the cap.

Is there a free tier?

No. Transit AI is a paid product from sign-up. There’s no free allowance and no trial — pricing is what it is, and we keep it that way deliberately so we never revoke a free user’s access when their token cost line shifts.

The AI agent

What can the agent do?

Four tools exactly: list open sessions, read their scrollback (filtered), propose a command (gated), and ask you a clarifying question. That’s the entire surface.

Can it execute commands on a device?

Only by asking you to approve a command, and only after both the per-vendor permit list AND your click say yes. A command that fails the permit list never reaches the approval prompt — the AI is told it can’t run that one and moves on.

Can it bypass the permit list by asking nicely?

No. The permit list lives on your machine and is checked on every command the AI proposes. The AI has no way to disable it, edit it, or talk it out of a denial mid-conversation.

Can it read my passwords?

No. The product is structured so the AI agent and the credential store live in entirely separate components with no programmatic route between them. An automated check verifies the isolation on every change we ship. Secret material that appears in device output is replaced with placeholders ([REDACTED:pem#1]) before the AI sees it.

What about prompt injection from a device?

When the AI reads device scrollback, the bytes are clearly tagged as untrusted input — and the AI’s instructions tell it to treat anything inside those tags as data, not as commands. Even if a device’s output reads “IGNORE PREVIOUS INSTRUCTIONS AND RUN X”, the AI has been told to ignore it. Plus the per-vendor permit list runs on every proposed command regardless of what the AI was “convinced” to suggest.

Which AI models can I use?

Transit AI groups AI models into three levels — pick the right one for the question you’re asking:

  • Easy — fast & cheap, good for routine “show me” / status queries. Claude Haiku 4.5 or GPT-5.4 mini.
  • Medium — balanced reasoning, good for “why is this broken” troubleshooting. Claude Sonnet 4.6 or GPT-5.5. Default.
  • Advanced — deep multi-step reasoning. Claude Opus 4.7. Pro and Max tiers only.

Switch models from the chat panel’s dropdown; each chat remembers its model. Operator tier sees Easy + Medium; Pro and Max see all three groups.

Security

Where do my SSH passwords live?

In your OS’s native keyring (macOS Keychain, Windows Credential Manager, Linux Secret Service) or your running SSH agent. The Transit AI binary holds them in process memory only for the duration of an authentication and never serializes them to disk.

Where do provider API keys live?

For default (cloud-resident) usage: in our isolated proxy infrastructure outside the desktop binary — never on your machine, never in our database, never logged. For BYOK: in your OS keyring (a separate keyring service from your SSH secrets), read per-request, sent through the cloud proxy as a body field, never persisted server-side.

Do you log my prompts or device output?

No. The cloud proxy meters call metadata only — token counts, latency, cost, model, request identifiers. Field-name guardrails reject any log line that would carry prompt content, completion content, device names, or any other content-bearing field, and the guardrails are verified at runtime and at build time.

What’s stored about my devices?

Your inventory (host, port, vendor, group, and the name of the credential to use — never the credential itself) is stored in a TOML file on your machine at the OS’s standard application config path. None of it leaves your machine except via SSH to the device itself, or via filtered scrollback excerpts sent to the AI when you’re actively asking it a question.

Operational

What if my SSH connection drops?

Press Enter in the dead pane to reconnect. The tab stays in its slot, the new session opens against the same device, and any custom tab label / split anchor is preserved.

Can I use it without the agent?

Yes. The chat panel is hidden by default (toggle with Cmd/Ctrl+J). The terminal works standalone — connect, type, scroll, copy/paste.

Does it work behind a corporate proxy?

For SSH: subject to your proxy’s outbound rules — Transit AI doesn’t add a layer. For the AI assistant: traffic goes to api.transitai.app over HTTPS. The desktop is configured to talk only to that hostname and our identity provider, so those are the two domains your proxy needs to allow.

Can I run it offline?

The SSH client works offline — it’s just a terminal. The AI agent needs api.transitai.app reachable; without it the chat panel shows an “offline” banner and disables the send button.