I run a one-person compliance consultancy that operates like a team of ten. Four AI agents handle research, content, sales intelligence, and regulatory monitoring around the clock. A chief-of-staff AI orchestrates them all. And the whole thing runs on zero-trust infrastructure that costs less than $200 a month.
This isn't a thought experiment. This is what I built, what I run in production every day, and what I'm going to walk you through — starting with the part that matters most: the people.
TL;DR — What You'll Learn
- The virtual agency: An org chart with four AI agents, defined roles, team norms, and a human-in-the-loop approval chain — running a real compliance practice.
- The infrastructure beneath it: A zero-trust stack organized by the OSI model — WireGuard mesh networking, Tailscale identity-based access, encrypted everything.
- What it costs: Under $200/month for infrastructure that replaces $50K+ in traditional tooling and headcount.
- Alternative approaches: This isn't the only way — I cover comparable tools and architectures so you can build your own version.
- Lessons: Seven operating principles that keep it from going sideways, applicable to any security program.
The Virtual Agency: Org Chart & Team Norms
What I've built is a virtual agency — a digital compliance firm with defined roles, reporting lines, and team norms. Before I show you a single network diagram, let me show you the org chart:
🏛️ The Digital Compliance Firm
Principal · Final Decision Authority
Chief of Staff · AI Orchestrator (Claude Opus)
Every morning at 5 AM, the orchestrator compiles overnight agent output into an actionable briefing: top leads (approve/skip), draft content (approve/edit/skip), regulatory alerts (send advisory/note only). Inline buttons in Telegram. Decisions take 2 minutes, not 2 hours.
Team Norms
AI agents without structure are just expensive random number generators. These are the operating norms that make the virtual agency function like an actual team:
1. Human-in-the-loop for all external actions. No agent can send an email, publish a post, or contact a lead without explicit human approval. Agents propose; I dispose. This is non-negotiable.
2. Structured handoffs between agents. Scout's research feeds Maven's content and Hunter's outreach. Sentinel's alerts feed Maven's thought leadership. These aren't ad hoc — they're defined data flows through shared workspace files.
3. Least privilege, enforced by design. Scout can search the web but can't send emails. Hunter can draft outreach but can't send it. Each agent's tool access is scoped to its mission — just like you'd scope IAM policies for a human employee.
4. Isolated sessions. Each agent runs in its own context. No shared conversation state. If Maven hallucinates a compliance framework that doesn't exist, it doesn't contaminate Sentinel's regulatory monitoring. Blast radius: one agent, one run.
5. Written memory, not mental notes. Agents wake up fresh every session. Continuity comes from files — daily logs, long-term memory, workspace artifacts. If it's not written down, it didn't happen.
6. Quiet hours. No alerts between 11 PM and 8 AM unless genuinely urgent. The goal is augmentation, not interruption.
The Browser Relay: Solving the Auth-Gated Problem
How do you let an AI system monitor authenticated web dashboards (Google Ads, LinkedIn Campaign Manager) without storing session cookies or OAuth tokens on a cloud server?
The answer is a browser relay. My workstation runs a real browser with my authenticated sessions. The AI orchestrator on the cloud gateway requests page snapshots through a WireGuard-encrypted tunnel. The browser relay executes the navigation locally and returns the rendered content.
The credentials never leave the workstation. The gateway never sees my Google or LinkedIn cookies. It's clunky compared to an API integration, but it's architecturally sound.
The Infrastructure: Secured Layer by Layer
The virtual agency runs on a zero-trust stack. I organize it using the OSI model — not because it's academic, but because it forces you to think about security at every level.
🔐 Interactive Architecture Diagram
Drag nodes, hover for details, toggle between OSI layers and free layout.
Explore the Interactive Diagram →Layer 7 — Application: Where the Value Lives
The application layer is the virtual agency itself, plus client-facing products:
- VibeCmply — Compliance practice management platform (Next.js 14, TypeScript, Prisma)
- LeadGen Go — Assessment engine for qualifying inbound leads
- Telegram Bot — Primary command interface
- GitHub — Source control and CI/CD
- Google Ads + LinkedIn Ads — Monitored via browser relay
Layer 6 — Presentation: Data & Delivery
- Supabase — PostgreSQL with Row-Level Security, two environments with strict separation
- AWS Amplify — Build, deploy, and CDN for three web properties
Lesson learned the hard way: A hardcoded fallback connection string caused every branch build to silently hit production. We eliminated all fallback URLs — if the env var isn't set, the build fails. Loudly.
Layer 5 — Session: AI Orchestration & Auth
AI Orchestration (Vitruvius) — An OpenClaw gateway running Claude. Receives inputs, maintains context, orchestrates actions through a controlled tool interface.
Authentication — NextAuth.js + Google OAuth 2.0, JWT sessions, role-based access control.
Layer 4 — Transport: Three Protocols
- TLS 1.3 — All external API calls and cloud services
- SSH (Ed25519) — Git operations. Key-based only. No passwords.
- MTProto 2.0 — Telegram command channel. E2E encrypted.
Layer 3 — Network: The Zero-Trust Backbone
Tailscale mesh networking with WireGuard encryption. Peer-to-peer overlay. No VPN concentrator. MagicDNS, ACL policies, NAT traversal, zero exposed ports. If you're not on the tailnet, the infrastructure doesn't exist.
Layer 2 — Data Link: Encrypted at the Interface
Every node has a virtual tailscale0 interface using the Noise protocol framework. By encrypting at L2, we don't trust the physical network. Works at home, coffee shops, or client WiFi.
Layer 1 — Physical: Minimal Attack Surface
- EC2 Instance — Security gateway. AWS Nitro, no open ports.
- HallenTower — Workstation + browser relay. Behind residential NAT.
- My endpoint — Telegram client, browser.
Result: zero cleartext routes across the entire stack.
What This Costs
- EC2: ~$15/month
- Tailscale: Free tier
- Supabase: ~$25/month
- AI APIs: ~$60-120/month
- Cloudflare: Free tier
- AWS Amplify: ~$5/month
- Total: ~$105-165/month
Lessons for Your Company
- Start with the org chart, not the network diagram. Define who does what before you decide how it's connected.
- AI agents need security posture too. Least privilege, audit trails, human approval for external actions.
- Zero trust means zero cleartext. Audit every connection.
- Mesh beats hub-and-spoke. WireGuard mesh gives peer-to-peer resilience.
- Map your infrastructure to the OSI model. It exposes gaps flat diagrams hide.
- Fail loud, not silent. Make misconfigurations crash the build.
- Defense in depth is real. Every layer validates independently.
Alternative Tooling
Mesh Networking
- ZeroTier — DIY, self-hosted controllers
- Cloudflare Tunnel — Enterprise-grade, no mesh
- NetBird — Open-source WireGuard mesh with SSO
AI Agent Orchestration
- LangGraph — Stateful multi-agent workflows
- CrewAI — Role-based multi-agent framework
- AutoGen — Multi-agent conversations
- n8n — Visual workflow automation with AI
Compliance Automation
- Vanta — SOC 2/ISO 27001/HIPAA (~$10K/year)
- Drata — Similar features, some prefer the UX
- Secureframe — Good for startups
- Prowler — Open-source cloud security
Try It Yourself
OpenClaw is open source. Tailscale has a generous free tier. WireGuard is built into the Linux kernel.
Start with the question: "If I were building this company from scratch — knowing everything I know — what would I actually build?"
Then build it.
Peter Hallen is a fractional CISO and SOC 2 compliance expert based in Charleston, SC. He helps growing companies build security programs that actually work. Book a strategy session to discuss your architecture.