Eagle Eye
AI Grid Flexibility · Energy
AI Distribution System Operator platform proving a governed closed loop — observe → predict → recommend → dispatch → evidence — across 20–200 controllable DER assets today, architected to sustain 1 Hz telemetry from 5,000+ assets without re-architecture. A modular .NET 9 monolith, independently-scaled Python forecasting/optimisation services, PostgreSQL + TimescaleDB and a NATS JetStream event backbone keep the platform at roughly an eighth the run cost of a conventional Kubernetes + managed-Kafka baseline.
The problem
Let AI recommend grid dispatch actions on real assets (EV chargers, batteries, solar, heat pumps) without ever letting it bypass operator authority, prove every action with an immutable evidence trail, hold p99 telemetry-to-console latency under 500ms at scale — and do it on a budget a 4-person team can operate without on-call dread.
System topology
Hover or tap any component. Amber packets carry control and approvals; cyan packets carry data.
Component inspector
Select any component in the topology to see the technology behind it, why it was chosen, and the trade-off accepted with it.
Decision log
The choices that shaped the system, and what each one cost.
PostgreSQL + TimescaleDB over SQL Server
Hypertables auto-partition telemetry by time with native 10–20x columnar compression and continuous aggregates as declared SQL — turning a 17M-rows/day growth problem into a bounded, cheap one, at $0 licensing versus SQL Server's per-core cost. The domain model was already correct in EF Core; this was a provider swap, not a rewrite.
Clean/Hexagonal Architecture with governance as a Specification chain
Domain has zero dependencies; Application orchestrates use cases against ports; Infrastructure/Api are the only layers allowed to know about EF Core, NATS or Redis — enforced by the compiler, not code review. Each governance rule (protected-load, emergency-threshold, max-dispatch, ramp-limit) is an independently versioned, independently unit-testable rule evaluated in a fixed Chain-of-Responsibility order, so 'deterministic, version-controlled, not self-modifying' governance is structurally true rather than a policy statement.
NATS JetStream as the canonical event bus, contracts generated once
Every canonical event (telemetry.validated, dispatch.commanded, governance.checked, …) is defined once as JSON Schema and code-generated into both C# records and Python Pydantic models, with a CI check that fails the build on drift — so the .NET and Python services can never silently disagree on payload shape in this polyglot system.
Modular monolith with day-one horizontal partitioning
Core services run as modules inside one .NET process to avoid service sprawl for a small team, but every stateful component is already partitionable by zone_id/feeder_id, and modules only communicate through the event bus or gRPC — never shared in-process state. Any module can be pulled into its own deployable the moment its resource profile diverges, without touching the others.
AI proposes, governance disposes — enforced by the compiler
Recommendation ranking (Python, LightGBM/OR-Tools) and governance validation (.NET, deterministic rules) are separate object graphs with no shared dependency — governance rule implementations have no reference to the ML/forecast namespace at all. Adaptive learning is confined to ranking weights; it structurally cannot rewrite a protection constraint.