Principle 01
Persona and memory as architecture
Tone and boundaries live in a persona file; long-term memory is curated and pruned on a schedule, kept separate from raw daily logs — not prompt dressing.
Case study · JEGantic Hospitality, Montreal
One AI operations layer running 8+ hospitality venues — answering from live POS, reservation, and ticketing data in the chat apps the team already uses.
01 / The problem
JEGantic Hospitality operates 8+ distinct venues in Montreal — restaurants, nightclubs, lounges, and a luxury transport service — each running on different operational systems: point-of-sale, reservations and guest CRM, event ticketing, project management, and multiple messaging channels.
Leadership needed sales figures, reservation data, ticket sales, and task status on demand — across venues that must never leak each other's commercially sensitive data — without hiring a data team or building a bespoke dashboard for every request.
The brief: a persistent AI “right hand,” reachable from WhatsApp and Discord, that understands the business, queries live data from every backend system, respects strict per-venue boundaries, and gets safer and smarter over time instead of being rebuilt for every new request.
02 / Architecture
Orchid lives on a persistent agent runtime that keeps one identity alive across channels and days, routing work to data-isolated sub-agents. Tap any component to explore it.
Channels
Runtime
Main session
Specialized agents
Integration layer
03 / Design principles
Principle 01
Tone and boundaries live in a persona file; long-term memory is curated and pruned on a schedule, kept separate from raw daily logs — not prompt dressing.
Principle 02
Each venue's channel binds to an agent forbidden from querying or disclosing any other venue's data. Cross-venue questions route to one portfolio-level agent.
Principle 03
Every external API has a documented knowledge base with endpoint docs and a pinned venue-to-ID map, so agents look up trusted identifiers instead of guessing.
Principle 04
Math, pagination, auth signing, and formatting happen in small testable scripts. The model decides what to fetch; code guarantees how — keeping numbers auditable.
Principle 05
Outbound email, calendar invites, and destructive operations require explicit human confirmation — codified in operating rules, not left to model judgment.
Principle 06
Daily task lists, nightly recaps, weather-driven staffing alerts, and drift audits run unattended on cron — idempotent, so re-runs never double-post.
04 / Integrations
Every integration is a real production API connection wired through a purpose-built script and a documented knowledge base.
Point-of-sale · sales, labor, invoices, master data
Reservations & guest CRM · deliberately read-only
Event ticketing · HMAC-signed reporting pipeline
Project management · two-way synced
Calendar, Gmail, Sheets, Drive, Analytics, Ads, Search Console
Outbound email · approval-gated, never auto-sent
Self-healing reliability & cost controls
05 / In action
Pick a scenario to watch how a request actually moves through the system.
Illustrative conversations — figures and task names are placeholders, the flows are real.
06 / Security & governance
Boundaries are enforced by scoping and routing — not just prompt instructions.
The reservations platform is restricted to read-only calls; POS and ticketing credentials are venue-scoped and never shared across venues.
All keys and tokens live in environment files excluded from version control. The assistant is instructed never to echo credentials under any circumstance.
Cross-venue disclosure is prevented by agent scoping and channel binding, documented as a standing architectural rule — a real multi-tenancy control.
Outbound email, calendar invites, and destructive operations all require explicit confirmation before they execute.
Portfolio-wide reports strip guest names and identifying detail; guest-level detail is reserved for the single venue's own channel.
07 / What this build demonstrates
Not a proof of concept — Orchid runs day-to-day operations for the group, and each capability below was engineered against production systems.
Persona, memory, multi-agent routing, tool orchestration, and scheduled autonomy composed into one coherent operating layer — not just prompt engineering.
OAuth and token auth, custom HMAC request signing, live API version migrations against production, and rate-limit-aware scripting.
Cross-venue leakage — a genuinely hard problem — solved architecturally, matching patterns used in enterprise B2B SaaS.
Chat surface and system of record kept in lockstep, including dependency-graph propagation — a non-trivial distributed-state problem.
Self-healing cost and config drift, idempotent report generation, and durable scheduled jobs — rather than one-shot demos.
Per-venue brand voice, venue-specific accounting-day rollovers, and recurring city-event calendars encoded directly into the system's operating context.
Client, venue, and staff names are used with permission for portfolio purposes. Credentials and private identifiers are excluded from this write-up.
Start here
If your business runs on systems that don't talk to each other, this is exactly the kind of problem we build for. Let us walk you through how we would approach yours.