Start Building
← All customer stories
Customer story
worksfusion

Building a sovereign digital workforce on Kimss

A production multi-agent team that runs headless on Azure — without binding engineering to an IDE or direct cloud AI SDKs. Every worker routes cognition through KimssClient; every Git and telemetry action flows through a self-hosted MCP tool plane authenticated with Microsoft Entra ID.

SDK documentation Talk to sales

The challenge

Modern teams want AI that ships work: reviews code, fixes incidents, drafts content, triages support — not chat in a sidebar. They also need governance: one model gateway, auditable actions, human approval where it matters, and no scattered API keys in scripts.

worksfusion set out to operate Kimss with a persistent digital workforce: specialized agents, clear ownership per task, and orchestration that survives beyond a single developer session.

The solution

worksfusion built a multi-agent, multi-service architecture on three pillars:

1

Kimss SDK for all cognition

Every worker uses kimss.KimssClient for chat, agents, and vector stores. No direct OpenAI or Azure AI SDK calls in application code — a runtime guard enforces that policy.

2

Dedicated tool plane (MCP)

Git, GitHub, logs, and repo introspection run through a self-hosted MCP server on Azure Container Apps, authenticated with Microsoft Entra ID. Secrets never reach agent containers.

3

Apache Airflow for orchestration

Scheduled and event-driven DAGs run workers on Azure Container Apps. Private PostgreSQL holds missions and content state; Slack provides ingress and human-in-the-loop approval.

How the fleet runs

Ingress, orchestration, cognition, tools, and state — separated by design.

Ingress
Slack
Agent router
Orchestration
Airflow
Cognition
Kimss SDK
Tools
Azure MCP
State & HITL
PostgreSQL
Slack approval

Hover or scroll to see each layer highlight in sequence.

Who does what

A single agent router listens on Slack and delegates to the right worker — one channel reaches the whole fleet.

🛡

Guardian

Architecture review and controlled merges to staging.

🔧

SRE

Log-driven bug fixes as pull requests.

QA

Staging validation and PR feedback.

📝

Writer

API documentation from route changes.

👥

HR Meta-Architect

Turns CTO missions into structured hiring packages for new workers.

Dynamic worker

Runs any role defined by a hiring package — no redeploy per job title.

💬

Support & telemetry

Ticket triage and usage digests to Slack.

📰

Social pipeline

Daily content drafts with approval, then scheduled publishing.

Sovereign by design Models and agents flow through Kimss workspaces, not ad-hoc provider clients.
Safe GitOps Autonomous agents open PRs to staging; only the Guardian merges. Production branches are protected at the tool layer.
Workforce that scales HR designs new workers as JSON; dynamic workers execute them with optional RAG via Kimss vector stores.
Enterprise-ready ops Entra auth, Key Vault secrets, private PostgreSQL, canonical run results, and per-worker Slack identities.

Operational outcomes

Daily
Social content drafts with human approval before publish
Headless
Workers on Azure Container Apps — not IDE-bound demos
Zero
Autonomous merges to production — Guardian-gated staging only
1 channel
Slack ingress routes to the full digital worker fleet
"Kimss gave us a sovereign control plane for a fleet of agents that actually ships work — with governance we could put in front of our platform team."

Executive sponsor, worksfusion

Replace with approved customer quote before publish.

Built with

Kimss SDK Kimss API Apache Airflow Azure MCP Microsoft Entra ID PostgreSQL Slack Azure Container Apps

Run your workforce on Kimss

Start with the SDK or talk to us about enterprise governance and dedicated Azure capacity.

Start Building Enterprise