The AI never has direct power over your AWS account.
It proposes; the system enforces.
You don't have to trust the model — you trust the safety cage around it.
Describe what you want in plain English; the tool builds a real, tagged, cost-estimated AWS resource for you —
no Terraform state file, no CDK bootstrap, no console clicks.
Every change waits for a human "yes" before anything is created in AWS.
Existing infrastructure-as-code tools — Terraform, Pulumi, CDK — need a dedicated specialist. They define resources. They don't run them day-to-day. The gap is where the cost, the waste, and the senior-engineer hours pile up.
It still takes multiple days to set up a managed database inside an enterprise today.
A large share of senior-engineer time goes into routine infrastructure plumbing.
Wasted every year on misconfigured cloud and over-provisioned resources.
A backend or full-stack engineer who was handed the AWS account by someone who left. Tried Terraform and CDK and got stuck on state backends and bootstrap steps. Works inside Claude Code or Cursor — values "local-first: my credentials never leave my machine."
Market-size figures are indicative — drawn from public industry surveys (Gartner Cloud Management Platforms estimates, Flexera State of the Cloud 2024); they are not a committed forecast for this course submission.
Mara is one person, not a whole buying committee. The product meets her wherever she is — at a terminal, inside an AI coding assistant, or at the approval prompt — and every path goes through the same safety checks.
Types plain English at a terminal; runs assignee plan and assignee apply.
Wants a VPC without owning a state file. No HCL, no bootstrap, no AWS console clicks.
Mara's teammate Dev drives the same workflow from Claude Code, Cursor, or Windsurf through an MCP server (Anthropic's open tool-use protocol that lets AI assistants call external tools). Same pipeline, same best-practice (BP) rules, same human-in-the-loop (HITL) approval gate — just a different entry point.
Mara reviews the plan box before anything is written to AWS. Bundled BP rules flag violations automatically; the auto-fix step shows what changed and why. No apply happens without Mara's explicit "yes".
The Mara test — "can a solo operator safely set up a compliant VPC plus an ECS Cluster in under 10 minutes — without learning HCL, without setting up a state backend, without a bootstrap step?"
You describe what you want in plain English; the tool builds it for you, with safety checks at every step.
The CLI reads plain English → fetches the live CloudFormation schema (the official AWS rules for that resource) → runs an interactive wizard for the options → evaluates a bundled best-practice (BP) rule library → estimates cost via the AWS Pricing API → stops every apply for a human "yes."
Agentic CLIs hand the model your AWS credentials and a shell. Assignee.ai never does that, by design.
No HCL. No Pulumi stack. No CDK bootstrap. The "state" is the live AWS account itself.
Bundled AWS Foundational Security Best Practices (FSBP) and Well-Architected rules — not behind a paid plugin.
The price is checked before you approve — not as a plugin, not as a comment on a pull request.
The CLI and the MCP server share one approval step. AI assistants cannot skip it.
Of the 14 steps, the AI runs in 4; the other 10 are deterministic checks, validators, and AWS API calls. The AI proposes; the system enforces.
| # | Step | What it does (plain English) | AI? |
|---|---|---|---|
| 1 | intent_parser | Reads the user's English request and figures out which AWS resource they want (for example, "create an S3 bucket" → AWS::S3::Bucket). |
✓ LLM |
| 2 | schema_fetcher | Downloads the official AWS rules for that resource type from CloudFormation. | · no |
| 3 | option_elicitor | Asks follow-up questions about resource options (size, region, encryption, …) and uses an AI sub-step to suggest sensible defaults from the request context. | ✓ LLM |
| 4 | compound_dispatcher | Detects multi-resource patterns (for example, "create a VPC" actually means 17 resources together) and queues them in the right order. | · no |
| 5 | plan_generator | Builds the actual AWS resource configuration as JSON, validated against the schema. | ✓ LLM |
| 6 | validate_desired_state | Re-checks the generated JSON against schema rules to catch errors before AWS sees them. | · no |
| 7 | advice_generator | Writes friendly advice about cost and security trade-offs and likely pitfalls. | ✓ LLM |
| 8 | bp_evaluator | Runs the bundled best-practice (BP) rule library against the plan (encryption, access control, tagging, …). | · no |
| 9 | fix_applicator | Auto-fixes the violations marked "fixable" (for example, enables S3 encryption automatically). | · no |
| 10 | preflight_guard | Final safety check; rejects placeholder ARNs and plans that exceed the operator's cost ceiling. The LLM is used as a fallback when the rule-based check is unsure. | ✓ LLM |
| 11 | human_approval | STOPS. Renders the plan box. Waits for the operator to type "yes". This is the human-in-the-loop gate. | · human |
| 12 | resource_provisioner | Calls the AWS Cloud Control API to actually create the resource. | · no |
| 13 | status_poller | Watches the AWS provisioning status until success or failure (polls every 2 seconds, with retries on throttling). | · no |
| 14 | result_formatter | Renders the success or failure output and writes a record to local memory. | · no |
nova-litecreateGraph() function shared by the CLI and the MCP server — one source of truth.Each guardrail is enough on its own. Together they form a safety cage the AI cannot talk its way out of — because the AI was never given the keys.
Cost is checked before you approve, using the AWS Pricing MCP server. If the cost goes above the operator's configured limit, the change is blocked. No surprise bills, by design.
bedrock:InvokeModel is scoped to one specific model ARN. cloudcontrol:CreateResource requires a Condition on TypeName. No wildcards on role-management actions.
All LLM tool schemas use .strict(). If the LLM invents an extra field, the schema rejects it at the edge; the LLM corrects itself on the next turn.
Bedrock Guardrails block topics like iam-privilege-escalation and credential-exfiltration. The system prompt is kept structurally separate from user input.
If the live AWS state changes between plan time and apply time, the apply is cancelled with a "stale plan" error. This prevents race conditions and silent overwrites.
The plan box appears, the operator types "yes", and only then is any change written to AWS. The MCP path goes through the identical gate; an AI assistant cannot bypass it.
The future paid tiers below are design intent for the product, not a price commitment for this course submission. The numbers below describe what ships today and what has to be true before the next phase starts.
Everything you need to set up, check, and run a small AWS estate from one machine.
Phase 0 is a POC — a working prototype to prove the approach. Each later phase opens only after the gate below it is met.
Three paths through the same pipeline — happy path, blocked by budget, and driven by an AI assistant — each one stopping at the same human approval gate.
~/.config/assignee/config.yaml —
set budget.warn_only: true to switch to warn-only mode.
Same pipeline. Same safety checks. Different ways in.
Thank you. Happy to go deeper on the 14-step pipeline, the safety sandwich, the cost check, or anything else under the hood.