A bet I made in 1999
In 1999 I was a mechanical engineer who had just talked his way onto an IT team. I didn't know much yet. But I had one conviction I couldn't shake:
I bet I could run an entire enterprise from a single pane of glass.
People told me that was naïve. Enterprises are sprawling, political, messy, never in one place. You don't run them from a screen.
So I spent the next 25 years learning exactly why they were right — by living in the hardest corners of the problem.
The hardest corners
I went where being wrong is expensive. Identity. Security. The critical architectures you cannot afford to get wrong — ad serving at scale, and at PayPal, the Core Checkout transaction pipeline: the single highest-traffic path in the platform, where milliseconds and trust are the entire game.
Twelve years of operating at 99.999% uptime teaches you something the diagrams never do: a system is defined by how it fails, who is allowed to touch it, and whether you can prove, afterward, exactly what happened. Three of my patents came out of that world — multi-system observability, component-based risk from processing-flow signatures, identity-based risk evaluation. Different problems, one obsession: make the invisible legible, and make every action attributable.
And somewhere in there I finally understood my own bet. The single pane of glass was never about the glass. It was about control — who can do what, to which system, with which data, and whether you can prove it after.
The missing piece was always the hands
For two decades, the pane was missing one thing. A dashboard could show you the enterprise. It could never run it. Someone — some team, some on-call human at 3 a.m. — still had to do the actual work.
A.T.O.M — the live truth of a cloud estate. For 25 years, this is as far as the pane of glass could go: show you everything, act on nothing.
Then the missing piece arrived — and it didn't look like what I expected. It wasn't a better dashboard. It was a new kind of teammate: one that can be a single specialist when you need focus, or a whole party of them when you need a workforce. One that actually understands what it takes to run resilient, secure architecture for humans, agents, and sensitive data — all at once.
That's CortexObserver.
What it actually is
CortexObserver is the natural-language command layer for an AI workforce. You direct a team of specialized AI agents in plain English, and they design, deploy, and operate real systems — inside boundaries you set.
This is Mission Control. On the left, the team. In the middle, a text box. That's the whole interface.
Mission Control: @mention a specialist and dispatch in plain English. The whole workforce, one prompt away.
You type things like "@allen, deploy this CDK repo to dev," or "@amy, build a churn model from this dataset," or "@charles, analyze NVDA" — and a governed agent does the work. It deploys the CloudFormation stack. It trains and versions the model. It writes the research thesis.
Ten specialists, each its own reasoning graph on LangGraph — not a clever prompt, a real pipeline:
Ten specialized agents — a Cloud Architect, an ML Engineer, a trading desk, a software developer, a medical reasoner, identity, knowledge, and more.
And you can watch any of them think, node by node, live:
@amy's 23-node ML pipeline — profile, frame, train, critique (five critics, including a fairness critic), judge, ship a versioned model.
Real truth, rendered live
When @allen deploys infrastructure, it doesn't run a script and hope. It reads my governance policies, plans a deployment that respects them, stops and asks me to approve, deploys, and then renders the live dependency graph of what now exists:
Every box is a real AWS resource. Every line is a real dependency the agent created. Truth, not a diagram.
That word — governed — is the whole thing.
The hard part nobody demos
Here's the unglamorous truth I learned the expensive way: wiring an LLM to a tool is the easy 80%. It's a few lines of code. The 20% that decides whether this is a product or an incident is everything around the agent — and that 20% is my entire career, compiled.
So in CortexObserver, an AI workforce does the labor, but a human stays in command:
- Policies, Procedures & Standards across 19 enterprise domains become the prompts, skills, and guardrails the agents actually run on.
- Budgets and risk limits are checked before every action — not a bill you read after.
- Human approval gates on anything consequential. A deploy, a delete — the agent pauses and shows you the plan and the exact policies it checked before you say yes.
- Every reasoning step is recorded and auditable. Because "the AI did it" is not an answer an auditor accepts.
Humans write intent — Policies, Procedures, Standards. Agents inherit it as prompts, skills, and guardrails.
The agents flow through five governed Farms — managed AI services for tools, models, memory, knowledge, and budgets — each one independently tunable and observable:
The LLM Gateway — every model governed: tiers, budgets, failover, and an end-of-life lifecycle.
It absorbed everything I'd built
Here's the part that still makes me smile. Over the last few years I built a series of AI projects — Commander, WorldMaker, MCPFarm, ml-pipeline, ProblemSolver. Each one solved a piece.
CortexObserver absorbed all of them. Commander became Mission Control. MCPFarm became the tool Farm. The ML pipeline became @amy and the ML Studio. WorldMaker's lifecycle intelligence became A.T.O.M. They stopped being separate apps and became organs of one governed body — every new specialist inheriting the same budgets, the same memory, the same approval gates, the same audit trail. You add a brain, not a whole new platform.
One example of the foundation paying off — @amy's ML Studio, end to end, on the same governed substrate as everything else.
The thesis
Everyone's racing to give AI agents more autonomy. I went the other way: I built a way to give humans more control.
Not because autonomy is bad — because governed autonomy is the only version a serious operator can actually run. The technology that leaves people behind is the one they're subjects of. The one worth building is the one they command — policies they write, budgets they hold, approvals they give, a workforce that answers to them.
It's the rule my whole career drilled into me, one I'll never unlearn: Security first. Trust — but verify. Always. The agents do the work. But the hands never move without a human holding the leash.
Why it's public
The bet I made in 1999 is paid. The single pane of glass finally runs the enterprise — because it finally has hands.
But here's what I didn't see coming back then: the same foundation that lets me command a workforce could let anyone do it. The vision was never "run my enterprise from a screen." It was always: give people the controls.
So CortexObserver is open. Explore the code on GitHub.
25 years. One bet. Still building. 🥃