LIVE · CmdNOC / Command Operations Center · 2 tenants in production · 76 Cora tools online PREVIEW · v2-DRAFT
From the Bridge · Est. 2026

An AI that finds
the problem before
your client calls.

CmdNOC is a managed-services operations platform with an AI engine at the wheel — one that reads from real systems, says I don't know when it doesn't, and never writes without your confirmation.

See it in production Platform overview Meet Cora
CORA
Intelligence Engine
Number One
76 tools / 19 categories / 4-layer auth / 2 tenants live / 1 prime directive

Most managed-services tools start with a dashboard and bolt on an assistant. CmdNOC inverts that: the AI engine is the interface, the dashboards are what it reads to answer you, and every action that changes production state stops to ask first. It is operations as a conversation — with a clear record of who said what, who decided, and what it did.

— Built by an operating MSP for operating MSPs.

What the platform does

Three things, in order.

§ 01 · WATCHES

It watches everything at once.

Wireless health, switch and router state, security and intrusion events, endpoint alerts, mobile device posture, identity systems, mailbox anomalies, backup status. Every source pulled on its own cadence; every event archived; every change tracked back to a who and a when.

§ 02 · ANSWERS

It answers from real data.

You ask a question in plain language. Cora picks the right tool — out of seventy-six — calls it against the live system, reads the result, and answers. The answer is grounded in what just came back. There is no guessing about "what it probably is" and no my training data suggests. If she can't find it, she says so.

Every tool call is logged. Every answer can be traced to its evidence.

§ 03 · ACTS

It acts only when authorized.

Cora can draft an email, propose a calendar event, generate a firewall change, mark a ticket complete. None of it happens silently. Outbound mail lands as a draft in your real Drafts folder and only ships when you say send it. Calendar events display as a preview until you set confirm: true. Firewall blocks require a click in a confirmation modal that names the IP, the network, and the rollback path.

The credential layer enforces this independently. Cora's read keys cannot mutate production even if the model intends to. Write keys live behind separate, human-confirmed code paths.

Connected systems

Works with the tools you already run.

CmdNOC reads from the platforms you already operate — each pulled live on its own cadence, every event archived. No rip-and-replace.

Cisco Meraki WyeBot WiFi Datto RMM Datto SaaS Microsoft 365 Microsoft Entra ID Google Workspace IT Glue Autotask PSA JAMF Pro
Meet Cora
// the intelligence engine

Not a chatbot.
Not autopilot.
An intelligence engine.

Cora is the AI engine inside CmdNOC. She holds the rank of Number One under operator authority — empowered to recommend, obligated to be honest, restricted from writing without confirmation.

Where typical LLM assistants improvise, Cora is bounded by a tool surface. Every reply comes from a specific call against a specific system. Every recommendation comes with its evidence and its confidence rating attached.

76 production tools 19 categories
5 write paths
all logged
search_datto_alerts
Live alert search across RMM — by description, device, severity, time window.
draft_my_mail
Composes an Outlook draft. Never sends until you confirm.
run_dcdiag
Runs domain controller diagnostics in parallel via the RMM queue. ~3 min.
create_incident
Opens an incident; joins seven data sources into one correlated timeline.
View the full tool index →
// LIVE EXCERPT · 2026-05-23 SESSION 4F12
captain ▸ any blue screens across the campus this week?
// cora · thinking
▸ tool_use search_datto_alerts({ q:"bsod", days:7 })
▸ returned 2,847 alerts in window · 3 matched
cora ◇
Three BSOD events in the last 7 days: LAB-04 2026-05-22 09:14 bugcheck 0x7E (driver fault) FAC-12 2026-05-21 14:33 bugcheck 0xF4 (process death) ADM-02 2026-05-19 11:02 bugcheck 0x124 (WHEA — hardware)

The WHEA on ADM-02 has happened twice this month — the prior was 2026-05-09. Hardware-class bugchecks rarely fix themselves. Want me to pull its alert history and the Datto inventory so we can decide on a replacement?

The Prime Directive · v1.0

Do no harm. Take your time. Tell the truth.

Every AI agent operating on this platform is bound by a published, versioned governance document. It says what is acceptable to do, what is acceptable to refuse, what requires human confirmation, and what must never happen. It is not a marketing statement. It is loaded into every session, every model, every time.

Established · May 8, 2026 Authority · James Rafferty Binding on · Cora · Scotty · Makee

Real deployments.
Measured outcomes.

From the engagement library
· /use-cases/
Private K-12 · O365

A wired-network O365 issue silently affecting 1,500 users — caught and fixed before a single complaint.

Performance telemetry from the wireless side showed pristine numbers. Wired-side Microsoft 365 wasn't so lucky. Cora correlated WyeBot pass-rate data with firewall configuration, identified a misconfiguration silently degrading O365 traffic for every wired device on campus, and recommended the corrective rule. The operator approved. The fix shipped before any user noticed.

1,500+users affected
0tickets filed
Private K-12 · M365 Identity

An active password-spray campaign detected, classified, and surfaced — under a minute, no human in the loop.

The sign-in anomaly scheduler reads M365 activity logs on a tight cadence. A failed-then-succeeded sign-in pattern across multiple users from a foreign network triggered the post-spray-takeover classifier, opened a Bridge Report, escalated to Makee for second-opinion analysis, and alerted the operator — before the attacker could pivot.

< 60sdetect → alert
2AI analysts in chain
Private K-12 · Wireless

Campus-wide wireless tuned for academic testing — without a site survey, without a downtime window.

Bluebook iPad testing day was approaching. Cora cross-referenced WyeBot channel utilization with Meraki AP placement, identified contention in Room 325, proposed a channel-plan and power adjustment per AP, and queued the changes for operator approval. The room passed Bluebook with margin.

100saccess points
0downtime windows
Private K-12 · Security

An active threat actor detected and blocked at the perimeter in under sixty seconds.

IDS surfaced a brute-force pattern from an outside IP. Cora summarized the activity, identified the source, drafted a firewall block rule for the affected MX, and presented the operator with the proposed change — IP, network, rule position, rollback path — all on one screen. One click. Block in place.

< 60sdetect → block
1human click
Compliance readiness

Know where you stand — before the audit.

PCI DSS 4.0 and the HIPAA Security Rule treat your technical controls as something to prove, not assert. We monitor those controls continuously, run authorized vulnerability assessments and penetration testing, and keep the evidence mapped and current — so when an assessor asks, the answer is already on file.

Readiness and evidence — not attestation. The formal sign-off stays with a certified ASV or QSA; we hand them a package that's already in order.

PCI & HIPAA readiness — how it works
01

Continuous control monitoring

PCI 1 · 4 · 10  ·  HIPAA §164.312
02

Vulnerability assessment & penetration testing

PCI 11.3.1 · 11.3.2  ·  HIPAA §164.308
03

Audit-ready evidence

Mapped · dated · exportable
Behind the Bridge

The crew that runs the Control Center.

Four characters. One human. Three AI roles, each with a defined scope, a defined credential set, and a defined governance contract. Naming them is not whimsy — it is how authority and accountability are made legible.

JR 001 · Captain
James Rafferty
Captain · Owner · Operator

The design architect and creative mind behind CmdNOC, with 25+ years in managed services. He built the Control Center because the tooling he'd relied on for decades didn't trust its operators with real answers — and wouldn't admit when it didn't know. He runs it in production, approves every write, and holds the only break-glass keys.

002 · Cora
Cora
Number One · Intelligence Engine

The platform's primary AI. 76 tools across every connected system. Empowered to recommend with calibrated confidence. Restricted from writing without explicit operator confirmation. Speaks plainly when she doesn't know. Her institutional memory is the Ship's Library — a curated knowledge base she searches on demand to ground answers in your own runbooks, notes, and history rather than generic advice. Every conversation and tool call is logged and archived.

003 · Scotty
Scotty
Development Engineer

The AI that maintains the Control Center itself. Operates directly on the codebase, snapshots before changes, verifies after, reports honestly when something breaks. Holds the same Prime Directive as Cora, applied to a different surface. And unlike a stock assistant that forgets between conversations, Scotty runs on a custom-engineered persistent memory system — a self-indexing, health-monitored knowledge base that carries every lesson and hard-won gotcha forward, so engineering context compounds across sessions instead of resetting to zero.

004 · Makee
Makee
Second-Opinion Analyst

Quiet between reports. Watches the operational data and writes a digest twice each day — what changed, what's anomalous, what to look at first. Independent of Cora, by design. Named for the perceptive intermediary from Halo.

Built on Anthropic Claude.

Cora, Scotty, and Makee are powered by the Claude model family from Anthropic. The Prime Directive is custom; the calibrated honesty and the willingness to say I don't know are not — they are values baked into the model itself, and they are why we chose it.

POWERED BY
Claude · Anthropic
Sonnet · Opus · Haiku
CONTACT THE BRIDGE

If this looks like
what your network
has been missing.

CmdNOC isn't on a marketplace. It's an operations platform we run on our own clients first. If you want to see what an AI-governed NOC looks like on your stack — write to us.

For more information Read the engagement library
Direct: contact@cmdnoc.com