Case Study · Solo-Built Platform
Glass is in active Beta development — this is a living platform

The Glass Platform

A self-hosted, AI-native operating system for a managed service provider. Sixteen independently deployable microservices, a local LLM intelligence layer, a multi-tenant XDR security engine, and a unified single-pane UI — designed, written, and operated end to end.

29
Docker containers
11
Specialized dashboards
94%
Est. commercial parity
120K+
Lines of code
Interactive Tour

See Glass in action

Walk through the platform's key screens — from the unified dashboard to AI ticket intelligence, the 3D facility viewer, and the security command center.

Architecture

A monolith UI orchestrating 16 services.

The PHP core serves the unified experience and orchestrates everything over internal HTTP. Authentication is centralized in an identity service (JWT RS256 + OIDC + MFA), each domain owns its own data, and cross-module lookups are resolved by HTTP hydration — never by reaching into another service's tables.

  • Event-driven — Redis pub/sub & Streams broadcast domain events across services.
  • Profile-based deploys core, rmm, security, all Compose profiles.
  • Polyglot by design — Go for high-throughput security/CRM, Python for AI, PHP for domain logic.
request flow
// Ticket created → AI pipeline
POST /api/v2/tickets
   │
   ├─▶ glass-tickets  // persist + state machine
   │      │
   │      ├─▶ ai-worker  // Dual-LLM screen
   │      │     sandboxprivileged
   │      │     ↳ intent, urgency, entities
   │      │
   │      └─▶ pgvector   // top-3 similar (RAG)
   │
   └─▶ redis pub/sub  // glass.tickets.createdsla-monitor · webhooks · chat
The 16 Services

Every domain, its own service

Each is independently deployable, versioned, and owns its schema. Hover any card.

CRU-Glass

Core monolith — 11 dashboards, ticket UI, admin, AI report builder, 3D facility viewer.

glass-core

Auth & identity — JWT RS256, SSO/OIDC, MFA, 7-tier RBAC, settings manager.

glass-tickets

PSA/ITSM — lifecycle state machine, SLA sidecar, rules engine, time tracking.

glass-assets

CMDB — asset lifecycle, dynamic 0–100 health scoring, warranties, RMA claims.

glass-cyber

Security posture — Wazuh ingestion, sandboxed remediation via bubblewrap.

glass-rmm

RMM — MeshCentral wrapper, remote shell, patch management, hybrid deploy scripts.

glass-email

Email — Exchange ingestion, AI triage & noise scoring, push notifications.

glass-unifi

Telephony — UniFi Talk events, voicemail → text via local Whisper transcription.

glass-chat

Real-time messaging — WebSocket, WebRTC voice/video, call transcription.

glass-qbo

Billing — QuickBooks OAuth2 PKCE, AES-256 tokens, invoicing, recurring automation.

glass-superops

PSA sync — bidirectional SuperOps.ai integration with HMAC-validated webhooks.

glass-procurement

Procurement — purchase-order lifecycle, supplier catalog, computed totals.

glass-crm

CRM — campaigns, .docx merge, queue dispatch with SKIP LOCKED, Redis Streams.

glass-feedback

Bug tracking — AI developer-prompt generation, threaded clarification notes.

glass-sentinel

XDR engine — Wazuh/Rspamd/ClamAV, cryptographic multi-tenant isolation, Redis blocklists.

glass-ai-worker

AI worker — Dual-LLM sandbox, pgvector RAG, Pydantic-enforced LLM outputs.

Signature Engineering

The parts I'm proudest of

A few pieces of Glass that go beyond what off-the-shelf platforms attempt.

Dual-LLM privilege isolation

Untrusted text is screened by a sandbox model (gemma) for prompt injection before the privileged automation model (qwen) ever processes it — a security boundary borrowed from OS design and applied to AI.

NLP → SQL report builder

A plain-English prompt becomes a validated SQL query against 70+ tables, executed safely and rendered as a report — no query language required from the user.

Go XDR at multi-tenant scale

glass-sentinel ingests high-volume security telemetry with cryptographically verified tenant isolation on every query and sub-millisecond Redis-cached blocklists.

3D facility viewer

A Three.js floor-plan visualizer maps physical assets to their live health and alert state — bridging the CMDB with the real world in the browser.

PHP → Go rewrite

The CRM was re-implemented from PHP into idiomatic Go 1.25 with a React SPA — a deliberate reference build for performance-critical services.

Defense-in-depth security

SSO/OIDC + mandatory admin MFA, CRU CA mutual TLS on the agent/edge layers, hardened Docker networking, CSP, and a Loki/Grafana + Wazuh observability pipeline with a daily security digest.

This is the kind of work I do.

Glass is one person's answer to "how much platform can you actually build and run?" If that resonates, I'd love to talk.