
Two terminal agents was one too many
For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

In 2026, there is a clear bifurcation in how teams ship software. On one side, the external developer-experience companies — Vercel, Railway, Render, Fly.io, Lovable, and a dozen more — have made deploying a new app something a single engineer does between coffee and lunch. Push a branch, get a preview URL, click to promote. Their interfaces are excellent. Their abstractions are tight. Their default behavior is “it just works.”
On the other side, inside the enterprise, deploying a new internal app still takes eight weeks. A platform team has to approve. A security team has to scan. A networking team has to wire up DNS. A compliance team has to sign off. The CTO mentions Vercel in a town hall and engineering exchanges glances, because they know that the moment their app touches the consumer cloud, the data classification conversation gets ugly fast.
The reason these two worlds have not converged is not that internal teams are slow. It is that the external developer-experience companies have made a tradeoff the enterprise cannot make: they run your code on their multi-tenant infrastructure. For a side project, fine. For a regulated workload, an HR app, a customer-data app, an AI app touching prompts that include sensitive context — that tradeoff is unacceptable.
The result is a frustrating asymmetry. Your developers know how good the external experience is. They see it every weekend on their personal projects. They come back to work and ship into a slower, clunkier internal system. The morale tax, the velocity tax, and the talent retention tax of that asymmetry are all real.
The fix is also real: bring the external developer experience inside your cloud. Same workflow, same speed, same UX — running entirely on infrastructure you own.
Strip away the branding and the external-cloud DX vendors are converging on the same set of primitives. A serious internal version has to match each one:
The app has a single, declarative configuration file in its repo. Not five YAML files glued together with Helm and an admission controller. Not a Confluence page with a deploy runbook. One file that says: this is the app, these are its services, these are its environments, these are its managed-service dependencies. Push the repo, the platform reads the manifest, the platform does the rest.
A pull request opens; a preview environment appears on a unique URL. It is a real environment — real database, real services, real DNS — not a mock. A reviewer clicks the link and sees the change live. When the PR closes, the environment evaporates. No long-lived “staging” sludge accumulating cruft.
Some PRs need explicit approval — a schema change, a new managed-service dependency, a policy override. The right primitive is a one-time link. The reviewer clicks it, sees a structured review, approves or rejects. No second login, no SSO redirect, no portal scavenger hunt.
The app needs a database. The app says postgres. The platform provisions a database. Production gets a real managed Postgres (RDS, Cloud SQL, Azure Database — or an in-cluster operator for sovereign or air-gapped installs). Preview gets a smaller one with the same API. The app never sees the difference.
Per-app dashboards. Per-environment views. Per-deploy comparison. The developer does not have to know whether their logs are in CloudWatch, Stackdriver, Log Analytics, or self-hosted Loki. They open the platform UI, they see their logs.
The audit trail is a Git history. Roll back is git revert. Drift detection is automatic. The platform reconciles toward desired state, not toward what was last clicked.
It is 2 a.m. The deploy needs an approval to ship a hotfix. The on-call engineer’s laptop is closed. They tap the platform’s mobile app, see the PR, see the diff, biometric-confirm the approval, and the deploy proceeds. The runbook does not require finding a laptop.
It is tempting to assume the external vendors have a magic ingredient. They do not. They have a deeply integrated implementation of an idea that is no longer secret. The hard parts of bringing that inside the enterprise are three:
Your enterprise probably has more than one cloud. AWS in one division, GCP in a research arm, Azure for a recently-acquired company. The internal platform has to feel the same on all three. That requires a typed provider plugin model — an abstract “ingress,” “managed Postgres,” “workload identity,” “object bucket” — with a per-cloud plugin that knows how each native service works.
You cannot get there by writing the same Helm chart for every cloud. You get there by defining abstract kinds in the manifest, and pushing the cloud-specific behavior into provider plugins that the platform team owns. Then a developer writes one manifest. The platform deploys correctly on every cloud you operate.
Your internal platform has dozens or hundreds of teams. Each team has projects. Each project has apps. Each app has environments. The identity model has to walk all the way from the human in the UI down to the workload identity that talks to the cloud’s IAM. That model has to be shared with your governance layer (so policies scope correctly) and with your observability layer (so logs scope correctly).
Most internal “platform” projects fail here. They get the manifest right; they get the deploy right; they get the UI right; and then they have one identity model in the platform, a different one in the governance system, and a third one in the observability stack. The developer experience suffers because every cross-system question is a join.
A preview environment with a mocked database is not a preview environment; it is a unit test in disguise. A real preview gives the reviewer a usable, isolated, full-fidelity copy of the app. Cheaper than production, smaller than production — but real. Real managed services or real in-cluster operators. Real DNS. Real ingress. Real secrets, scoped to the preview’s identity.
This is engineering work the platform team has to do once and never again. Most internal platforms skip it because it is the hard 20%. The teams that did the hard 20% are the ones whose engineers do not envy their friends at Vercel.
Astrolift is the runtime pillar of Calliope’s private-AI stack. It is, specifically, the in-house Railway / Render / Lovable alternative — without the multi-tenant SaaS infrastructure that makes those external products incompatible with regulated workloads.
The shape:
One manifest per app. astrolift.toml declares your app, its services, its environments, and its managed-service dependencies. Portable mode says “I do not care which cloud”; cloud-pinned mode says “I need this specific provider variant.” The variant resolution is explicit and recorded.
Per-PR preview environments. Spun up automatically on PR open, in the same cloud as production (or a cheaper region — your call). Real services, not mocks. Tear down on PR close.
Magic-link approvals. Email or Slack DM. Click once. See the diff, the preview link, the policy simulator output. Approve or reject. No portal login.
Managed-service brokerage. Abstract Postgres, Redis, Bucket, Queue. On AWS the platform provisions RDS / ElastiCache / S3 / SQS. On GCP, Cloud SQL / Memorystore / GCS / Pub/Sub. On Azure, Azure Database / Cache / Blob / Service Bus. For sovereign and air-gapped installs, in-cluster operators provide the same abstract kinds with the same API.
Single-pane-of-glass observability. Logs, metrics, traces, health — per app, per environment, per deploy. Cloud-native backends abstracted behind the platform UI.
GitOps delivery. Optional Git-driven CD topology. Drift reconciliation. Audit trail in Git.
Mobile control plane. iOS and Android, biometric-gated, server-pluggable for SaaS or self-hosted. Push-driven approvals. The 2 a.m. hotfix scenario, solved.
Multi-cloud, multi-tenant by construction. EKS, GKE, AKS, vanilla Kubernetes. Org → Team → Project → App. RBAC + ABAC.
The point of naming Astrolift is not “use our product.” It is to make concrete what an inside-your-cloud developer experience needs to provide. The teams who get this right — whatever software they use to build it — are the teams whose developers stop envying Vercel.
For internal AI apps specifically, the developer-experience question is even sharper, because the failure mode is worse. A misconfigured Vercel deploy of a marketing landing page is embarrassing. A misconfigured deploy of an internal AI agent that calls a foundation model with customer data on a path that is not governed is a regulatory event.
The platform answer is that the runtime pillar and the governance pillar share an identity model. When an Astrolift preview environment spins up, Zentinelle is wired into it automatically. The preview inherits production’s policies by default. A PR that changes a policy gets the policy simulator’s output as a comment on the PR — “if this had been live in the last 30 days, X requests would have been blocked, here are the top examples.”
So the internal-cloud developer experience for AI apps is not “the external experience, minus the AI safety.” It is “the external experience, plus AI safety, because both layers live in your cloud and share an identity model.”
If you are running an enterprise platform team in May 2026 and your developers are quietly migrating to external developer-experience tools because internal is too slow, the diagnostic questions are:
How long does it take to ship a new internal app to production? If the answer is more than two weeks, you have a DX problem, not a tooling problem.
How many places does a developer have to look to debug a deploy? If the answer is more than two, your observability is fragmented across the platform / cloud / app boundary.
What happens when a developer wants a database for a new app? If the answer involves a ticket and a multi-day wait, you do not have managed-service brokerage.
Is there one identity model from the human all the way down to the workload? If not, every cross-system question is a join, and your DX is paying for it.
If you said no to any of those — and most enterprises will say no to all four — the gap is not “we need to buy a better tool.” It is “we need to commit to the inside-your-cloud developer experience as a real platform investment.” That investment, made once, pays back across every team, every app, every quarter.
In 2026, the question is not whether developers will get the external DX they want. They will, one way or another. The question is whether you give it to them inside your cloud — or whether you let them quietly route around you.
Next in this series: what your AI agents are actually doing in production, and why “live observability” is the difference between knowing and guessing.

For most of this year we were building two terminal agents. AGTerm had a CLI and an orchestration layer of its own, and …

When Operational Reliability Is the Regulation Most regulated industries have a data-protection focus: customer …