Five Microsoft tenants, 200+ locations, and no unified view of cost, identity, compliance, or lifecycle evidence. Leadership couldn't answer basic governance questions across the estate.

Python/FastAPI + HTMX + PostgreSQL on the Azure SDK (Cost Management, Resource Manager, Policy, Defender). Containerized to GHCR with OIDC-only auth — no stored secrets. I chose server-rendered HTMX over a SPA to keep the attack surface small and the system auditable.

Built by a supervised agent fleet. Every release gated by 7,386 automated tests and a 48/48 automated judge score, with DR drills completed before promotion.

v2.5.0 in production June 2026, all five tenants syncing live.

I'd stand up the evaluation harness earlier. The judge caught regressions the test suite missed and quietly became the real release gate.

Support knowledge scattered across POS configs (Mindbody, Zenoti), SharePoint, and 100K+ Freshdesk tickets. Answers had to respect brand and role boundaries — staff in one brand shouldn't surface another brand's playbook.

A multi-agent ingestion pipeline with SQLite + FTS5 memory and Entra identity as the grounding layer — 1,523 verified humans across a 15-slot attribute schema. Identity is the filter, not an afterthought bolted on later.

A planner agent orchestrating specialists — crawler, programmer, code-reviewer, security-auditor. Phase 1 closed at 52/52 QA checks.

Phase 1 shipped; Phase 2 in build, with consumers planned for Teams, Outlook, and Freshdesk.

Grounding on identity from day one paid off — retrofitting role boundaries into a RAG system after the fact is painful.

Nobody could answer 'what do we run and what does it cost' across 41 repos, 11 subscriptions, 178 Azure resources, plus reseller-billed licensing.

Live-pull scripts against GitHub, Microsoft Graph, and Azure Cost Management feeding a single canonical workbook — with 12/12 verification checks gating every refresh.

Each pull is verified against the prior canonical snapshot; all 12/12 checks must pass before the workbook is published as source of truth.

~$12K/mo run-rate quantified with a ~40% optimization path and 25 prioritized remediation actions. It drives executive financial decisions.

The real value was the verification checks. Once people trusted the numbers, the workbook became the thing every cost conversation started from.

Lifecycle automation — onboarding, offboarding, leave-of-absence — across five tenants, without storing a single credential anywhere.

GitHub Actions with workload identity federation per tenant, driven from Monday.com and CSV inputs. Least privilege and federated trust by construction, zero long-lived secrets.

Every run leaves an audit trail; permissions are scoped per-tenant and least-privilege — the security story FDE interviewers ask about.

Lifecycle automation running across all five tenants with no stored secrets and full audit trails.

Federated identity took longer to wire than secrets would have, but it removed an entire class of risk. Worth every hour.

Email overwhelm — but running cloud AI over a personal inbox is a privacy non-starter. I wanted the same production discipline off the clock.

FastAPI + SvelteKit, 5,700+ LOC backend, with 5 classifiers and approval workflows before any destructive write. Local Ollama by default, cloud opt-in. WCAG 2.2 AA throughout.

Audit-trailed inference with explicit approval gates before destructive actions — the agent proposes, the human disposes.

Shipped and in daily use, with local-first inference and an accessible UI.

The approval-before-write pattern is the thing I now reach for in every agent I build.

Group and access sprawl across four tenants — 334 groups with no consistent governance or quality bar.

The same supervised-agent discipline as Control Tower, held to a strict gate: 7,984 tests and WCAG AA across the UI.

7,984 automated tests gating every release; accessibility validated to WCAG AA before promotion.

Production across four tenants managing 334 groups — the exhibit for the quality bar I hold every system to.

Boring, exhaustive testing is the unglamorous reason these systems can be agent-built and still trusted in production.