Technical Case Study v2.0 — Agentic Execution Open Source

The Autonomic PMO

Orchestrating Sovereign AI Operations with Claude CLI and the Model Context Protocol (MCP)

Architect: Daniel Brody  ·  Yom Shore Ventures LLC dba CTO Rescues  ·  June 11, 2026

View Repository Book a Strategy Call
~$5/mo
Infrastructure Cost
5 Systems
Integrated via MCP
Sovereign
Data & Privacy
4× RT
Audio Transcription

Executive Summary

As organizations scale, executive cognitive load increases non-linearly. Fractional CTOs, project managers, and venture operators are frequently required to perform manual data routing tasks — extracting action items from email, auditing project boards, and cross-referencing calendar schedules. This perpetual manual synchronization introduces significant cognitive context-switching overhead, operational latency, and systemic tracking omissions. When multiple high-velocity initiatives are managed concurrently, the traditional human-in-the-loop PMO model often fails to scale effectively.

To address this bottleneck, the Autonomic PMO was engineered by Daniel Brody, Principal Architect at CTO Rescues. Constructed upon the open-source Model Context Protocol (MCP), this architecture functions as a state-aware, sovereign AI collaborator. Operating locally within a macOS environment, it executes complex, multi-system operational loops across remote server environments — integrating WhatsApp, OpenProject, AWS S3, and Google Workspace to convert unstructured daily communications into structured, verifiable execution paths. The resulting pipeline reconciles raw conversational data with database states, operating entirely within a secure, self-hosted boundary.

Infrastructure Cost
~$5
per month, AWS EC2
Transcription Speed
4× RT
real-time on CPU
Data Sovereignty
Full
local + AWS VPC only
Systems Integrated
5+
via MCP protocol

1. The Engineering Thesis: Context is the Constraint

Standalone web-based chat interfaces and autocomplete plugins are fundamentally limited because they operate as contextual silos. Without continuous, secure access to live enterprise systems, an AI assistant remains isolated from the active state of the business — inducing hallucinations, manual copying errors, and a lack of proactive oversight.

Google Calendar

Dynamic calendar modifications, meeting durations, blocked focus time, and scheduled project milestones.

WhatsApp / Slack

Active coordination threads, client commitments, and team action items buried in unstructured chat.

OpenProject / Jira

Structured execution milestones, work package states, time logs, and sprint progress boards.

AWS S3 / EC2

Remote cloud storage, audio recordings, meeting transcripts, and shared document libraries.

To resolve these limitations, a hybrid local-to-remote architecture was designed — positioning low-latency, privacy-centric interfaces (the Claude CLI and local stdio bridges) on a local macOS workstation, while offloading high-compute workloads to a remote, containerized AWS EC2 instance. This decoupling ensures that sensitive credentials and session keys remain within the physical boundary of the local workstation, while heavy media processing and database transactions are handled elastically on secure cloud nodes.

+────────────────────────────────────────────────────────────────────────────+ │ LOCAL WORKSPACE (macOS) │ │ │ │ Claude CLI ◄──► Local MCP stdio Bridges │ │ (Google Workspace · Filesystem · WhatsApp · Documents) │ +─────────────────────────────────────┬──────────────────────────────────────+ │ │ Secure SSH SSM Tunnel / Proxy (Port 39128) ▼ +────────────────────────────────────────────────────────────────────────────+ │ REMOTE COMPUTE (AWS EC2) │ │ │ │ FastAPI Server ◄──► faster-whisper (int8) ◄──► OpenProject (Postgres) │ +────────────────────────────────────────────────────────────────────────────+

This structural separation respects the Principle of Least Privilege. By containing authentication states — local OAuth tokens and Go-socket session keys — to the physical macOS workstation, the external attack surface of the remote container infrastructure is minimized. No static credentials reside on the remote server, preventing the single-point-of-failure breaches common in fully cloud-integrated SaaS orchestrators.

2. Platform Architecture & Repository Breakdown

The source code in dzbrody/claude-assistant-config is structured to decouple local prompt instructions from remote infrastructure configurations — allowing system administrators to modify system prompts locally without rebuilding or redeploying remote containers.

~/claude-assistant/ ├── .claude/ │ ├── settings.local.json.example # Local MCP server registrations │ └── commands/ # Modular PMO slash-command prompts │ ├── brief-morning.md # Multi-source daily triage script │ ├── brief-evening.md # Automated spent-hour calculation engine │ ├── transcribe.md # Multi-source transcription coordinator │ ├── pmo-menu.md # Master command directory printer │ ├── pmo-dedup.md # Deduplication logic │ ├── pmo-track-time.md # Calendar-to-OpenProject synchronization │ ├── pmo-sweep-completed.md # Automatic task board sweeper │ ├── pmo-schedule-focus.md # Backlog prioritization booking tool │ ├── pmo-clean-backlog.md # Ticket data integrity optimizer │ └── whatsapp-cmd.md # WhatsApp headless command processor ├── mcp-servers/ │ └── remote-mcp-server/ │ ├── Dockerfile # Light Python image with system ffmpeg │ └── server.py # FastAPI FastMCP Server & Auth Middleware ├── scripts/ │ ├── ssm-mcp-tunnel.sh # Native AWS SSM Tunnel wrapper │ ├── run-scheduled-task.sh # Headless cron execution wrapper │ ├── openproject-whatsapp-notifier.py # Bidirectional sync daemon │ └── whatsapp-cmd-hub.py # Polling loop for headless chat control └── infrastructure/ └── terraform/ # Declarative AWS deployment files

The division between local and remote boundaries enforces clean modularity. The Configuration Domain (.claude/) is maintained locally — system prompts are structured markdown files that run on top of standard CLI execution engines. The Server Domain (mcp-servers/) is an independent service container running behind a secure reverse-proxy layer on AWS, processing complex tasks away from the local workstation.

3. High-Performance Core Implementations

To maintain high throughput on standard cloud hardware such as a modest AWS t3.large instance, several key performance optimizations were implemented.

3.1 Memory-Efficient CPU Transcription (Whisper)

Standard audio transcription models consume significant memory and CPU cycles, often leading to Out-Of-Memory (OOM) failures on entry-level cloud instances. To resolve this, the remote container utilizes faster-whisper with 8-bit integer quantization (INT8).

CTranslate2 optimizes transformer models by mapping 32-bit floating-point weights (FP32) to 8-bit signed integers (INT8). The quantized value q for each weight x is computed as:

q = round( x / S ) + Z

where x is the original weight, S is the scale factor, Z is the zero-point offset, and q is the resulting quantized value. This compression reduces memory bandwidth constraints by approximately 75% while maximizing CPU SIMD instruction efficiency via AVX2 and AVX-512 register operations — enabling parallel matrix multiplications without GPU compute layers. The result: transcription at up to 4× real-time speeds on a standard CPU, keeping monthly infrastructure costs at approximately $5.00/month while guaranteeing processing isolation for sensitive voice memos, stakeholder briefings, and meeting recordings.

# mcp-servers/remote-mcp-server/server.py # (c) 2026 Yom Shore Ventures LLC | dba: CTO Rescues - https://ctorescues.com/ # Author: Daniel Brody (@dzbrody) import os import json import tempfile import boto3 from mcp.server.fastmcp import FastMCP from faster_whisper import WhisperModel mcp = FastMCP("AXINA Group MCP Server", mount_path="/mcp") s3_client = boto3.client("s3") S3_BUCKETS = os.environ.get("S3_BUCKETS", "axina-openproject-files").split(",") @mcp.tool() def transcribe_s3_audio(bucket: str, key: str, model_size: str = "tiny") -> str: """Download an audio file from S3 and transcribe it using Whisper on the EC2 instance. Args: bucket: S3 bucket name. key: S3 object key path. model_size: Model size (tiny, base, small). Defaults to tiny. """ if bucket not in S3_BUCKETS: return json.dumps({"error": "Unauthorized bucket access."}) tmp_path = None try: suffix = os.path.splitext(key)[1] with tempfile.NamedTemporaryFile(suffix=suffix, delete=False) as tmp_file: tmp_path = tmp_file.name # Download from S3 using secure IAM Instance Profile credentials s3_client.download_file(bucket, key, tmp_path) # Initialize Whisper on CPU using int8 quantization to prevent OOM errors model = WhisperModel(model_size, device="cpu", compute_type="int8") segments, info = model.transcribe(tmp_path, beam_size=5) text_segments = [] for segment in segments: text_segments.append(f"[{segment.start:.2f}s -> {segment.end:.2f}s]: {segment.text}") return json.dumps({ "bucket": bucket, "key": key, "detected_language": info.language, "duration": round(info.duration, 2), "transcript": "\n".join(text_segments) }, indent=2) except Exception as e: return json.dumps({"error": str(e)}) finally: if tmp_path and os.path.exists(tmp_path): os.unlink(tmp_path)

4. Deploying the Sovereign Assistant Architecture

This section outlines the deployment methodology required to replicate this architecture using the dzbrody/claude-assistant-config repository.

1
Repository Initialization

Clone the codebase onto the local macOS workstation.

git clone https://github.com/dzbrody/claude-assistant-config.git ~/claude-assistant cd ~/claude-assistant
2
Local stdio MCP Server Configuration

Authorize the Claude CLI to communicate with Google Workspace, the local filesystem, and chat accounts.

mkdir -p ~/.claude cp .claude/settings.local.json.example ~/.claude/settings.json

Edit ~/.claude/settings.json to configure: google-workspace (calendar & email search), whatsapp-bridge (local authenticated Go socket), document-loader (DOCX, XLSX, PDF via markitdown-mcp).

{ "mcpServers": { "google-workspace": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-google-workspace"], "env": { "GDOC_CACHE_DIR": "/Users/localuser/.cache/google-workspace" } }, "whatsapp-bridge": { "command": "node", "args": ["/Users/localuser/whatsapp-mcp/dist/index.js"] }, "document-loader": { "command": "python3", "args": ["-m", "markitdown_mcp"] } } }
3
Remote AWS Infrastructure Deployment

Provision the secure EC2 instance and S3 buckets using the included Terraform configurations. The Terraform files establish an isolated VPC, private subnets, security groups, and an IAM instance profile — permitting the EC2 instance to read S3 objects on-demand without hardcoded access keys.

cd ~/claude-assistant/infrastructure/terraform terraform init terraform apply -var-file="terraform.tfvars"
# Rebuild and launch the Docker container stack on the remote server docker compose up -d --build # Validate health status of the remote FastMCP server curl https://your-server-domain.com/health -H "X-MCP-Key: <YOUR_64_HEX_API_KEY>"
4
Establishing the Secure SSM Tunnel

Connect the local macOS workstation to the remote EC2 instance without exposing port 39128 to the public internet. This script wraps SSH port-forwarding over an AWS Systems Manager session — traffic is routed through an encrypted WebSocket tunnel authenticated by IAM, eliminating the need for open SSH (port 22) or API (port 39128) ports and reducing the host's external attack surface to zero.

chmod +x ~/claude-assistant/scripts/ssm-mcp-tunnel.sh ~/claude-assistant/scripts/ssm-mcp-tunnel.sh

5. Executing Autonomous PMO Workflows

Once configured, the local Claude CLI terminal serves as a unified, command-driven operations center. Running /pmo-menu parses the modular instruction files in .claude/commands/ and displays the available workspace utilities:

🛠️ PMO MASTER COMMAND DIRECTORY (Claude CLI Console) /pmo-menu - Prints this list of commands. /brief-morning - Scans WhatsApp messages and drafts team follow-ups. /brief-evening - Evaluates your daily calendar and auto-logs time entries. /transcribe - Transcribes S3 audio keys or Google Meet links on EC2. /ingest-meeting-notes - Pulls Google Meet summaries and creates structured tasks. /pmo-dedup - Scans open work packages and merges duplicates. /pmo-track-time - Automatically matches calendar events with active tasks. /pmo-sweep-completed - Sweeps your task board and closes resolved issues. /pmo-schedule-focus - Scans overdue items and books focused calendar time.

Workflow Analysis: /pmo-track-time

Upon executing /pmo-track-time, Claude queries Google Calendar for the current day's events, compares event durations against the active task list, and automatically logs those hours to corresponding work packages in OpenProject. The system parses calendar subjects, fuzzy-matches string sequences against active work package titles, calculates time deltas of calendar blocks, and logs matching hours directly — fully automating the time-tracking process.

User runs /pmo-track-time
Query Google Calendar Events
Fuzzy-Match Event Title to Active Task
Log Time Delta to OpenProject
Print Detailed Summary in Terminal

Workflow Analysis: /ingest-meeting-notes

When an automated summary arrives from gemini-notes@google.com, it typically contains unstructured, passive descriptions of action items. Running /ingest-meeting-notes initiates a structured sequence:

1. Map People to Projects

Identified names are matched against the active OpenProject team directory to route tasks to the correct assignees.

2. Route to Correct Board

Project context is parsed to categorize items under administration, engineering, or operations boards.

3. Semantic Dedup Check

A semantic deduplication check runs against active packages before issuing the task creation payload — no redundant work items are created.

6. Business Impact & Performance Evaluation

Sovereign Security

Sensitive IP, corporate agreements, and calendar events are processed exclusively within an AWS VPC and the local macOS filesystem — bypassing public training loops entirely.

Eliminated Admin Friction

Workflows like /ingest-meeting-notes and /pmo-dedup bypass web UI page loads entirely — completing in seconds via direct API transactions.

Optimized Compute Costs

Local stdio bridges + lightweight quantized remote models keep monthly infrastructure fixed at ~$5.00/month, eliminating unpredictable metered commercial API costs.

Key Results

~$5/month infrastructure cost 4× real-time audio transcription on CPU Sovereign data — no third-party training exposure Automated calendar-to-task time logging WhatsApp → structured OpenProject tasks Zero manual copy-paste routing Headless cron execution support SSM tunnel — zero public ports exposed

7. About the Architect: Daniel Brody

Daniel Brody, MBA, is a fractional CTO, enterprise architect, and venture operator specializing in high-integrity software platforms and secure, sovereign AI integrations. As the founder of CTO Rescues, Daniel helps fast-growing companies and national entities align complex technical architectures with strict regulatory requirements.

If your organization is looking to replace manual, fragmented workflows with high-efficiency, sovereign AI systems, contact CTO Rescues to schedule a consultation.

GitHub Repository Full Portfolio Schedule a Consultation

Repository: github.com/dzbrody/claude-assistant-config
Release: v2.0 (Agentic Execution Update)  ·  Date: June 11, 2026
Copyright © 2026 Yom Shore Ventures LLC dba CTO Rescues. All Rights Reserved.  ·  8 The Green – Suite 12060, Dover, Delaware 19901, United States

Replace fragmented workflows with sovereign AI operations

The Autonomic PMO is an open-source blueprint for executives and operators who need to eliminate manual data routing without sacrificing data privacy. Fork the repo or bring Daniel Brody in to architect a custom deployment.

Start the Conversation Fork on GitHub