agstaff Private AI infrastructure · one server per seat

Every seat on your team gets its own AI chief of staff.

Not a login to somebody's shared cloud. A dedicated, private server per person — running an always-on agent that briefs them, tracks their commitments, and does real work — inside a network only your company can reach.

1 seat = 1 server
No shared tenancy. Your seat's data, memory, and compute are physically yours.
0 public ports
Agents live inside your private Tailscale network. The internet cannot see them.
Daily offsite backups
To versioned storage with credentials that cannot delete history.
§ 01Premise

Dedicated hardware. Private network. Shared memory, if you want it.

A · The box

One machine per person

Each team member gets their own EC2 instance (Elastic Compute Cloud — a rented server in Amazon's cloud) running their personal chief-of-staff agent. Nothing is pooled between seats.

B · The network

Joined to your tailnet

Every box joins your company's Tailscale network — an encrypted private mesh only your devices can enter. Sign-in uses the SSO (Single Sign-On — the Google or Okta login you already have) your company runs today.

C · The memory

One organizational brain

Add the memory hub and every chief shares recall of meetings, decisions, and context — read-only, through a single controlled door, so no agent can rewrite the record.

§ 02Fleet manifest — interactive

Assemble the fleet you'd actually run.

Seats form AG-1 · monthly service
Monthly tally
Total $0 /mo

§ 03Security model

Why Tailscale changes the conversation.

Nothing to attack from the internet

Tailscale builds a private mesh on WireGuard (a modern, publicly audited encryption protocol). Your agents have no public IP address and no open ports — there is nothing for a scanner, bot, or attacker to find, let alone breach.

Your identity provider is the front door

Access flows through your existing SSO. When someone leaves the company, revoking their login revokes their reach into every agent — one action, everywhere, instantly.

Your network, your written rules

Teams bring their own tailnet (your company's private Tailscale network — your billing, your policy). Who may reach what is governed by an ACL (Access Control List — the written access policy) that stays under your control; when we add a rule, we make surgical, insert-only edits that preserve every line and comment you've written.

We are never inside your network

Provisioning happens over SSM (AWS Systems Manager — Amazon's audited administration channel). Our operators never join your tailnet and can never observe your traffic.

Backed up daily. Un-erasable.

Every database is snapshotted daily to versioned S3 storage (Amazon's Simple Storage Service) using credentials that cannot delete — so even a fully compromised machine cannot erase your history.

PUBLIC INTERNET scanners · bots · attackers · everyone no route in — zero open ports YOUR PRIVATE TAILNET WireGuard-encrypted mesh · entry by your SSO only · governed by your ACL Your laptopSSO login Your phoneSSO login Seat agentsone box each every connection encrypted, device to device

fig. 03 — the perimeter is your identity provider, not a firewall rule.

§ 04Rate card

Per seat, per month. Dedicated hardware at every tier.

Walkthe essentials Bikethe working default Carthe full apparatus
Dedicated private server✓ largest class
Morning & evening briefings
Email, calendar & task awareness
Always-on, any-hour response
Custom tools & integrations
Meeting transcription & recall
White-glove onboarding
Rate $99per seat / month $199per seat / month $349per seat / month
Team memory hub
$299 / org · month

One dedicated box for the whole organization. Meetings and decisions flow into a shared knowledge graph every chief can recall — read-only through a single controlled door, backed up daily, rebuildable from backup at any time.

All tiers include the private tailnet posture, daily un-erasable backups, and zero shared tenancy. Mix tiers freely across seats.

See a live fleet before you buy one.

A 30-minute walkthrough of a real deployment — the agents, the network, the backups, and the day-to-day of a chief of staff that never sleeps.

matthias@nashvilleautomation.io