A Framework for AI-Managed Infrastructure

The Uplink

Multi-tier AI orchestration, self-documenting systems, and phased execution with human-in-the-loop safety gates. Built on consumer hardware. Tested on live infrastructure.

By Gabe / 2026 / homemind.net

The Lie We Keep Telling Ourselves

Every infrastructure engineer has a moment — usually at 2 AM, usually after something breaks — where they realize no one actually knows how their environment works anymore. Not fully. Not the whole picture. The containers have spawned across too many nodes. The VPN tunnels thread through firewalls configured by someone who left the company, or by you, six months ago, at a level of exhaustion you'd rather not think about. Backup scripts fire on cron schedules nobody remembers setting. Configuration files are everywhere, and half of them are lying.

The industry's response has been predictable: add more tools. Ansible playbooks. Terraform state files. Kubernetes manifests. CI/CD pipelines. Each one solves one layer of the problem and adds its own operational overhead. The engineer becomes a professional translator — converting business intent into YAML, applying it, and praying the documentation from three months ago still reflects reality.

Then came the AI coding assistants. Claude Code, GitHub Copilot, Cursor — and they're genuinely powerful. On a greenfield project, they're transformative.

But infrastructure is almost never greenfield. It's a system built over months or years by multiple people (or by one person at varying levels of exhaustion), and every change has to account for a living web of dependencies. When you point a general-purpose AI agent at a live environment and say "deploy this," it doesn't know that port 8080 is already occupied by a documentation server. It doesn't know that a backup script on node three depends on an NFS mount from node five. The model is extraordinarily capable.

It is also completely blind to your context.

The Uplink was built to solve that blindness.

What This Actually Is

The Uplink is a six-node Linux cluster managed through a four-layer AI orchestration system. The hardware is deliberately unremarkable: a GPU workstation for AI inference, a media and application hub, a log aggregation node, a VPN gateway, an authentication and monitoring server, and a NAS for centralized backups. Consumer mini PCs. Managed switches. Nothing exotic.

What makes it different is the management layer.

The entire system is governed by a single, centralized configuration file distributed via NFS. This file is the absolute source of truth for every IP address, hostname, API endpoint, and application parameter in the environment. There are no hardcoded values — anywhere. Every application imports a shared loader that reads from this central config. Change a service endpoint or a health threshold, and the change propagates to every dependent system automatically.

This wasn't the original design. It was the result of a brutal audit that surfaced over 200 scattered API keys, IP references, and endpoint definitions buried across six nodes. The subsequent 19-step migration to centralize them was planned and executed by AI agents, with human review at every gate. That migration is also the proof that the methodology works — but we'll get there.

The Orchestration Model: Three Tiers, Zero Trust

The core architectural idea is simple: different AI models should operate at different levels of autonomy, and none of them should trust their own assumptions.

Tier 1 — The Strategist

A cloud-based conversational AI serves as the strategic planning layer. This is where the human operator states intent in plain language: "Migrate logging from Graylog to Loki across three nodes."

The strategist never touches the infrastructure. It produces structured execution plans — phased Markdown documents specifying pre-conditions, exact commands, expected outputs, explicit rollback procedures, and hard stop-gates where execution must pause for human approval. The output is a contract, not a conversation.

Tier 2 — The Amnesiac

Local AI coding agents run directly on the infrastructure nodes. They have SSH access. They can read files, execute commands, and modify configurations. They take the strategist's execution plans and work through them step by step.

Here is the critical design principle: the local agent is treated as a highly capable amnesiac. It retains absolutely no memory between sessions. No stale mental model. No assumptions about the current state of the environment. Every time it spins up, it starts from documentation and the plan in front of it.

This sounds like a limitation. It is the single most important safety feature in the system.

A stateful agent accumulates assumptions. It "remembers" that a port was available last Tuesday and skips the check. It "knows" a service is running because it deployed it three sessions ago — except someone restarted the node since then. Stale context is where outages come from. The amnesia isn't a bug; it's the guardrail. The agent is forced to verify before it acts, every single time.

Tier 3 — The Watchers

Ultra-lightweight language models run on every node in the cluster. They perform exactly one job: collect system health metrics, compare them against defined thresholds, and classify the node as healthy, degraded, or critical.

They do not make decisions. They do not take actions. They observe and report.

This separation of observation from action is deliberate and non-negotiable. A small model can flag that disk usage has hit 90%. Only a human-approved plan, executed by Tier 2 through a gated procedure, can actually fix it. The watchers are sensors, not actuators.

The Economics

This architecture is cost-optimized by design. The cloud strategist is expensive per interaction but cheap per decision — one plan drives dozens of execution steps. The local coding agent eliminates expensive discovery API calls through a custom shell wrapper that pre-loads full environmental context. The node-level health models run on hardware that would otherwise be idle, making them effectively free.

Self-Documenting Infrastructure: The Active Memory

Documentation rot is not a discipline problem. It's a design problem. If documentation is a separate chore from the work itself, it will always fall behind. The Uplink treats documentation as a side effect of operation, not an afterthought.

Layer 1: Automated Inventory. A network scanner runs on a weekly cadence, SSHing into every node to inventory running containers, map network interfaces, and generate comprehensive wiki pages representing the current state of the infrastructure. Because it writes directly to a structured wiki, you get a week-over-week changelog for free — without anyone having to maintain it.

Layer 2: File-Level Watchdog. A file watchdog monitors source code directories across the environment. When a script or configuration file is modified, the watchdog detects the change via file hashing, generates updated documentation, and publishes it to the wiki automatically. The documentation updates because the code changed, not because someone remembered to update it.

But the most important part isn't writing the documentation. It's reading it.

A custom skill forces the Tier 2 AI agents to query the wiki before they take any action. Before opening a port, creating a container, or modifying a route, the agent checks the living documentation to see if something is already there. This "sanity check first" discipline is what prevents AI agents from blindly stepping on existing services.

The documentation isn't a reference archive. It's the active institutional memory of the entire infrastructure. The agents read it like a pilot reads a checklist — not optional, not skippable, and verified against reality before every action.

Phased Execution: Atomic Operations with Hard Stops

When the strategist plans a complex operation, it doesn't produce a single monolithic runbook. It generates a sequence of self-contained execution documents, each representing one atomic operation: one service migrated, one configuration updated, one firewall rule changed.

Each document contains:

This was battle-tested during the global configuration migration — the one that centralized those 200+ scattered references. Each of the 19 steps was a separate document with its own rollback. When the executing agent discovered unexpected conditions — like an IP address formatted two different ways in different files — it hit the stop-gate and waited for human resolution. No step proceeded on an assumption.

The entire migration completed without a single service interruption. Not because nothing went wrong, but because every problem was caught in pre-verification, before it could cascade.

Why This Matters Beyond the Lab

Everything described here runs on consumer hardware — mini PCs, a workstation GPU, and managed switches. There is no custom silicon, no enterprise budget, and no vendor lock-in. The open-source stack underneath is interchangeable.

The durable contribution is the methodology itself:

AI agents must read before they write.

Documentation isn't a nicety; it's a prerequisite for safe autonomous action. Without active institutional memory, every agent session is a coin flip.

Observation and action must be separated.

The system that detects a problem should never be the same system that fixes it. This boundary is what prevents a misclassification from becoming an outage.

Amnesia is a feature.

Stateless execution agents that verify preconditions from documentation on every run are safer than stateful agents carrying assumptions from previous sessions. The cost of re-reading is trivial. The cost of a wrong assumption is not.

Centralized configuration is a prerequisite for AI-managed infrastructure.

If an agent can't trace the impact of a change from a single source of truth, it cannot safely make that change. Scattered configuration makes autonomous management impossible.

Atomic rollback is not optional.

Every operation must be independently reversible. If you can't undo step 7 without also undoing steps 1 through 6, your plan isn't granular enough.

The specific tools will change. The models will improve. The hardware will turn over. But this pattern — strategic AI planning, stateless local execution with safety gates, living documentation as institutional memory, and centralized configuration as the foundation — is durable. It works at the scale of a homelab. It works at the scale of an enterprise. It is not a product to install. It is a way of thinking about how humans and AI systems collaborate in operations: the human provides intent and accountability; the AI provides precision and documentation discipline.

The machines carry the weight. They never fly blind.

The Uplink Series

Five weeks. Five principles. Each one stands alone.

Week 01
The Amnesiac Engineer
Why the safest AI agent on your infrastructure is the one that remembers absolutely nothing.
Statelessness
Week 02
Your Documentation Is Dead
Documentation rot isn't a discipline problem. It's a design problem. Here's what alive looks like.
Active Memory
Week 03
213 Hardcoded Secrets
The scariest audit I ever ran, and the migration that changed how I think about AI in operations.
Safety Gates
Week 04
Sensors, Not Actuators
If your AI monitoring can also remediate issues, you have a bomb with a brain.
Observation
Week 05
The $0 AI Operations Lab
The most common excuse for not experimenting with AI in operations. Consider it off the table.
Accessibility