Nokshi Technology

Case study · Rud Pedersen Group · 2025 — present

Chat:R — a language-model platform, deployed inside a public-affairs consultancy.

An extended LibreChat deployment serving approximately one thousand staff at Rud Pedersen Group, with three bespoke enterprise features and a tenant-bound Azure deployment operating across three environments.

Language-model platform Azure React, Node.js, MongoDB Public affairs

~1,000

staff served

3 environments

development, staging, production

~½ the cost

of the initial managed-Kubernetes design

3

bespoke enterprise features

01 · The problem

A public-affairs firm required artificial intelligence that did not require its data to leave the firm.

Rud Pedersen Group is a European public-affairs and strategic communications consultancy serving politicians, regulators, and brand clients. The firm's staff had begun using public language-model tools for everyday work — drafting, research, summarisation — and the consequent privacy exposure was no longer tenable. Client briefings, policy positions, and personally identifying material were, in practice, being pasted into interfaces that lay outside the firm's tenancy and outside its contractual control.

The available off-the-shelf options were each unsuitable for a different reason. ChatGPT Enterprise resolved the data-residency question, but committed the firm to a single model, to a per-seat commercial model that scaled awkwardly across approximately one thousand staff, and to a feature set that the firm could not extend on its own terms. What was actually required was an interface in the broad shape of a ChatGPT-style application, deployed inside the firm's own Microsoft tenant, extended with features tailored to the working pattern of its consultants — and held as an asset rather than rented as a subscription.

02 · What was built

An extended LibreChat deployment, held inside the firm's Microsoft tenant.

The starting point was LibreChat, the most credible open-source language-model chat platform at the time of the engagement. Beginning from an existing, actively maintained codebase — rather than reconstructing the generic eighty per cent of such a platform from first principles — freed the engagement to attend to the twenty per cent that actually determined whether the system would be useful to Rud Pedersen: the bespoke feature set, the tenancy integration, and the production deployment.

Three bespoke enterprise features sit above the extended platform:

  • Projects — a workspace layer that groups conversations, agents, and files by client or brief, modelled as a first-class MongoDB entity with a set of REST endpoints and a virtualised React sidebar. Supports collapsible sections and optimistic updates via React Query.
  • Project-to-agent linking — an agent-picker interface, agent cards that surface the relevant provider, model, tools, and file scope, and endpoints that allow specialised agents to be added and removed from a project without the consultant having to leave it.
  • SharePoint Model Context Protocol gateway — a Node.js MCP server exposing a small set of Microsoft Graph tools to the platform over a streamable HTTP transport, with credentials injected from Azure Key Vault and the service containerised and deployed alongside the main application.

Engineering notes

A selection of the decisions worth naming.

The notes below are selective rather than exhaustive. Each describes a choice whose reasoning is likely to be useful to a reader evaluating a similar engagement.

Deployment model: virtual machines, Azure-first

The initial architecture assumed managed Kubernetes. A cost and operational analysis conducted shortly after the first environment was stood up led to a considered pivot to Azure virtual machines: the workload, at three environments and approximately one thousand users, did not require the additional complexity that a managed Kubernetes control plane introduced. Monthly infrastructure cost fell to roughly one half of the initial figure, with no practical loss of reliability observed for this class of workload. Infrastructure is authored as Bicep, with federated OpenID Connect authentication between GitHub Actions and the Azure tenant, and separate continuous-integration and deployment pipelines per environment.

Identity: Microsoft Entra single sign-on, domain-scoped

Single sign-on is wired through Microsoft Entra, with domain-level scoping so that only authenticated Rud Pedersen identities are admitted. Group membership in Entra drives application-level authorisation. Several subtle token-refresh issues were resolved during the build, in each case through adjustments to the OpenID configuration rather than through bespoke code.

Search and retrieval behaviour

The platform's search and retrieval behaviour is extended beyond the defaults of the upstream project. File search is conducted automatically within the scope of the active project. Web search, where enabled, routes through a provider-neutral search API, fetches full content through a web-ingestion service, and reranks the retrieved documents before presenting them to the model. The set of active tools is determined per model by explicit configuration rather than by runtime heuristics.

Production operation

Several production incidents have been investigated and resolved since the first deployment, including a slow memory leak in one of the auxiliary containers traced to a particular upload pattern, a rendering defect in the text-to-speech path that appeared only under load, and a cache-sizing defect in the virtualised conversation list. In each case the resolution was accompanied by a written post-mortem that has been retained by the client.

The platform and deployment work described here was conducted at an architecturally literate level. Where an engagement calls for deep individual-contributor cloud-platform engineering beyond the shape of this build, the studio pairs with specialist cloud engineers with whom it has worked previously.

03 · Outcomes

An operating system, owned by the firm, into which subsequent work is layered.

The platform operates across three environments and serves the consultancy's full staff. Conversation history, uploaded files, and ancillary data remain inside the firm's Microsoft tenancy. The codebase, the infrastructure-as-code, and the deployment pipelines are the property of the client; the studio operates them under a continuing engagement, and the client's own engineers can take them over at the point at which it makes sense to do so.

  • Approximately one thousand staff served, with single sign-on scoped to the firm's domain.
  • Three separated environments (development, staging, production) with automated deployment.
  • Operating cost reduced to approximately one half of the initial managed-Kubernetes design, after a considered architectural pivot.
  • SharePoint integration through a purpose-built Model Context Protocol gateway, by which agents reach internal briefings without those briefings being exported from the tenancy.

Operating envelope

The operational shape of the platform in production.

The figures below describe the platform's production shape. Some are commercially sensitive and are stated as ranges or marked as available under non-disclosure; each is drawn from the operating record rather than from the initial design.

  • [~XXX peak]

    Concurrent user envelope, peak observed during a working week

  • [X models]

    Language models actively routed to from the platform

  • [X tools]

    Distinct Microsoft Graph tools surfaced through the SharePoint MCP gateway

  • [X s p50 / Y s p95]

    Mean per-query latency budget at the platform layer

  • [~X,000/month]

    Steady-state monthly request volume (available under NDA if preferred)

  • [X integrations]

    Distinct enterprise integrations live (SSO, Microsoft Graph, Key Vault, and related)

Interface imagery — pending client approval

A redacted interface screenshot or architecture diagram will be placed here once the specific form of disclosure has been approved by the client.

04 · Considering a comparable engagement?

A short conversation tends to be more useful than a written brief.

If the decision under consideration is ChatGPT Enterprise against a bespoke platform, or whether extending an open-source project is the right approach for the particular constraints in question, a thirty-minute introduction is usually sufficient to establish whether further engagement would be productive.

Arrange an introduction Review the service disciplines

A thirty-minute conversation is usually sufficient to establish whether an engagement is likely to be productive.

Arrange a call →