Wolfberg WOLFBERG

TL;DR

What the model produces as a runtime — and the cloud-native substrate Refactory ships to by default. Six modules, seven AI employees live. Two operator instances in production today. Built solo in 41 hours for $40 in API costs.

What the operating model produces as a runtime

Keystone

KEYSTONE.

The runtime that runs the work.

Wolfberg's operating model grew from 27 years of pattern-recognition in defense, intelligence, and commercial. Pointed at engineering work, the model produced this: AWS-native, serverless, multi-tenant operational substrate. Six modules, seven AI employees live, 151 AWS resources in production today (108 at first ship) — up in roughly 100 seconds on a clean apply. Already running its first vertical end-to-end.

The Thesis

Every service vertical has the same operational structure: intake, triage, dispatch, communication, collection, renewal, escalation.

The operating model points at that structure. Keystone is what it produces — AI-native, serverless, at near-zero unit cost. Operators don't have to build it.

One model. Many verticals. One runtime.

Cloud-native infrastructure is one of the five substrate pillars named in the evidence. Keystone is what that pillar looks like in production.

The other half

This is what cloud-native, done right, looks like.

Everyone's using the cloud wrong — EC2 pretending to be servers, Kubernetes running 24/7 for traffic that shows up eight hours a day, always-on compute for event-driven work, SaaS pricing for software you should own. That's the indictment. Keystone is the answer to it.

Keystone is serverless by construction. Lambda, not servers. EventBridge and Step Functions, not always-on compute. Idle cost is literally zero — you pay per invocation, not per hour the lights are on. A new tenant spins up for about twenty cents. The same workload that costs an incumbent $13M–$29M/mo at 100,000 users runs here for $10K/mo. That isn't a discount. It's a different architecture.

And it's all here on day one. Multi-tenant isolation, KMS encryption on every bucket, Cognito PKCE auth, full audit trail, NIST 800-171 (70% coverage today) — the cloud-native foundation an enterprise pays a senior architect six months to get right, shipped correct out of the box. The AI employees are what you see. This is what you're actually buying.

Bottom line: cloud-native infrastructure is one of the five substrate pillars the evidence names. Keystone is what that pillar looks like in production — the worked example of using the cloud the way it was designed to be used.

Where Refactory ships to

Two entry points.
Same runtime.

Greenfield prospects build on Keystone directly. AWS-native, serverless, multi-tenant. Domain pack defines the vertical. Ship.

Legacy-app prospects enter at Refactory — the six AI-agent pipeline that converts legacy applications to cloud-native architecture. Refactory's default target topology IS the Keystone shape. Refactored code lands here with AI employees ready in the workflows.

Both come out of running Wolfberg's operating model on engineering work — two products, one runtime, one model behind both.

6 / 6

Modules in production

7 / 7

AI employees live

NIST 800-171

Security hardening

2 live

Operator instances

Demonstrated under recovery

Zero data lost.

Keystone was configured for a new operator on 2026-05-19 under a real mid-flight recovery event. The destroy script's allowlist had a category error and started emptying a stack-managed S3 bucket that turned out to hold 37 business documents. The model's halt-and-surface instinct caught the run mid-execution; recovery via delete-marker removal and archive-and-repopulate. Zero data lost.

Active AWS API time across destroy and apply: 3 minutes 36 seconds. 158 resources up under keystone-wolfberg-prod-*. 25 minutes wall-clock including provisioning waits and three iteration fixes. Berg authored zero lines of remediation code. The audit trail compounds across CloudTrail, PowerShell history, git, CloudWatch, and Notion such that the case study writes itself from primary sources.

Setting up the next operator is the same code with one variable changed.

Operator-namespaced by construction

operator_id=wolfberg produces keystone-wolfberg-prod-* end-to-end. State backend, lock table, IAM roles, Lambdas, DynamoDB, SES sender, SSM tenant config — all namespaced under the operator on a single apply.

operator_id=acme-hvac produces keystone-acme-hvac-prod-* end-to-end. Same Terraform. Same Lambdas. Same DynamoDB schema. The multi-tenant operator pattern is not aspirational. It is the literal variable substitution that runs on every apply.

The Stack

Four layers. One stack.

Like a city — streets and buildings on top, plumbing and power underneath. The tenant lives in the city. Keystone is the infrastructure beneath the street.

Keystone as City Layers: the tenant's business loop sits on seven AI employees, who run on six modules, which sit on the AWS serverless substrate (108 resources, NIST 800-171, $0.20/tenant)

Click to enlarge

Layer 2 · The Modules

Six modules. One spine.

Each module owns a single concern. Together they are the operating structure of every service vertical.

Arch icon

Arch

Workflow Engine

Production

EventBridge, SQS, Step Functions orchestration. Multi-stage state machines with audit trails, dead-letter queues, and waitForTaskToken — no polling.

Lintel icon

Lintel

AI Employee Runtime

Production

Where every AI employee lives. Claude (Bedrock) agent loop, tool use, conversation state, system prompts. Every role-specific employee shares one runtime.

Sanctum icon

Sanctum

Data & API

Production

JWT-verified API Lambda, role-scoped DynamoDB, KMS-encrypted S3, Cognito PKCE OAuth2, full audit trail, multi-tenant isolation. NIST 800-171 controls (70% coverage today), MFA enforced.

Buttress icon

Buttress

Notification & Escalation

Production

SES email, Twilio SMS, Twilio voice with Polly Generative — AI-personalized emergency calls. Escalation retry loop with deterministic state machine.

Plinth icon

Plinth

Per-Tenant Configuration

Production

SSM Parameter Store. Add a new operator = create SSM params. No code change. No redeployment. White-label branding per operator.

Portico icon

Portico

Frontend SDK

Production

React + TypeScript role-aware shell. Tenant, owner, vendor, admin views from the same codebase. White-label from Plinth config. Deployed via CloudFront.

AI Employees

Real interfaces. Real models. Real data.

Each AI employee is a Claude agent with role-scoped data access and tool use. They answer questions from live data, generate reports and documents on demand, and escalate to a human operator when they should. Available on web and mobile, same conversation thread, same context.

Concierge icon
AE-00
Concierge
First contact → tenant intake for issues, requests, questions
Live
Steward icon
AE-01
Steward
Coordination → maintenance triage, work routing, vendor management
Live
Liaison icon
AE-02
Liaison
Owner asks anything about their portfolio → AI answers from real data, generates reports
Live
Custodian icon
AE-03
Custodian
Lease expiring → 90 / 60 / 30-day outreach with conversation capability
Live
Bursar icon
AE-04
Bursar
Rent late → reminder sequences and payment conversations within defined limits
Live
Quartermaster icon
AE-05
Quartermaster
Vendor assigned → AI answers questions, tracks the work, captures completion
Live
Envoy icon
AE-06
Envoy
Prospective tenant asks about a unit → AI answers and pre-qualifies. Deployed as the chat widget on wolfberg.ai.
Live

LIVE = running production traffic today. All seven AI employees in production. Envoy is the chat widget you can talk to on this site.

First Internal Use Case

Wolfberg LLC.

The AI operating-model company that builds and sells Keystone runs on Keystone. The platform you're reading about powers the company that builds and sells it.

Wolfberg Property Management is the first vertical instance inside that — first tenant, first real-customer-shape. Two operator instances live today: wolfberg-llc and wolfberg-pm.

The setup

Every workflow, every conversation, every escalation routes through Keystone — a real operator on the substrate, validating the pattern before any external license sells. Northern Virginia residential property management, AI-native from day one.

What's running

Maintenance triage with multi-turn AI conversation. Emergency voice escalation via Twilio. Owner portal with maintenance timeline. Vendor dispatch. Document vault. Multi-tenant infrastructure with operator scoping — same architecture serves the LLC tenant and the PM tenant from one platform.

What it proves

Keystone runs a real operating company end-to-end across multiple tenants on the same substrate. Not a demo. Not a prototype. Production AWS infrastructure with the full operational stack live — ready to drop into any other service vertical via a domain pack.

The Deck

Get the formal deck.

30 slides. The full platform thesis — architecture, AI workforce, market opportunity, competitive position, use case, licensing model. Wolfberg LLC Proprietary & Confidential.

View Keystone deck (PDF)

Beyond the First Use Case

The same architecture
runs any service business.

A domain pack defines the stakeholder roles, data schema, tools, and system prompts. Keystone provides the agent runtime, auth and scoping, conversation state, chat UI, outbound triggers, and escalation.

Property management is the first domain pack. Legal services, home services, healthcare practices, accounting, property leasing, government program offices — same infrastructure, different domain pack.

For Operators

Want to run your operation on Keystone?

Tell us about your vertical. We'll tell you what a domain pack looks like.

Start the conversation

Wolfberg LLC — an AI operating-model company. We sell the way of working we run on.

Work with me →