Where Does the Calculator Live?

infrastructure path for deal desk deterministic services

The calculator service is stateless Python - it doesn't care where it runs. But Glean needs to reach it over HTTPS, and Contentful needs to own it in production. This creates a phased path: prove the pattern locally, then migrate to Contentful infrastructure once the sandbox environment (G07) is ready.

Network Topology (Production State)

SaaS Glean Cloud Managed by Glean

Agent Runtime

Deal Desk Agent

Runs Search, Branch, Think, Respond steps. LLM-driven workflow hosted entirely in Glean's infrastructure.

Action Gateway

Glean Actions

Outbound HTTP calls to external services. Configured per-action with endpoint URL, auth method, and input/output schema.

HTTPS / TLS

Auth mechanism TBD - Tyler conversation Apr 20

Internal Contentful Infrastructure IS Sandbox Environment (G07)

Compute

Calculator Service

Python / FastAPI. Stateless - no database, no sessions. Receives JSON, returns JSON. Scales horizontally.

Observability

Audit Log

Every calculation logged with timestamp, inputs, outputs, caller identity. Required for finance compliance and deal review.

[G07] Sandbox initiative. Engineering told IS to be self-sufficient for hosting AI apps. Danny (infrastructure), Steffan (security), Kevin (infrastructure) are key partners. The calculator service is a concrete first tenant that demonstrates the need.

Open Questions - Glean Actions Feasibility

Tyler - Apr 20

Can Actions pass structured JSON bodies?

Calculators need typed fields (numbers, arrays), not just query string parameters. Does the Action config support POST with JSON body?

Tyler - Apr 20

What auth methods for outbound Actions?

API key in header? OAuth? mTLS? This determines whether the calculator can sit on the open internet with a key or needs network-level access control.

Tyler - Apr 20

Can the agent use Action response fields?

The Think step after the Action needs to reference specific fields from the calculator response (e.g., within_policy, approval_level). Does Glean pass structured responses back to the workflow?

Deployment Path

Now Build + Validate Locally Before Apr 20

Port Excel logic to Python, test against original outputs. No hosting needed yet. Run locally, validate row-by-row against the spreadsheet calculators. This is pure business logic extraction - the hardest part is getting the formulas right, not the infrastructure.

Runs on

Local machine

pytest against Excel test cases

Deliverable

Validated calculator + test suite

Proof that Python matches Excel exactly

Depends on

Access to current Excel calculators

Steven / Emily / Danette provide these

Risk

None - fully local, reversible

No infrastructure, no security review

Next Demo with Temporary Endpoint Tyler session + stakeholder demo

Stand up a temporary HTTPS endpoint to test with Glean Actions. Confirm the full loop works: Glean agent sends structured request, calculator returns deterministic response, agent uses result in its response. This is the "does the pattern actually work in Glean?" validation.

Runs on

Temporary endpoint (ngrok / fly.io staging)

Throwaway - not production

Deliverable

Working end-to-end demo

Glean agent calling live calculator

Depends on

Tyler confirms Actions capability

JSON bodies, auth, response passthrough

Risk

Low - demo data only, no real deals

Temporary infra, torn down after demo

Production Deploy to Contentful Sandbox After G07 sandbox is available

Move validated calculator into Contentful-owned infrastructure. Same code, new home. The service is stateless Python - migration is a deployment config change, not a rewrite. This is where the sandbox pitch becomes concrete: "we have a working tool that saves X hours per deal, it needs a home."

Runs on

IS Sandbox (G07)

Contentful-owned, security-reviewed

Deliverable

Production-ready calculator service

Audit logging, monitoring, auth

Depends on

G07 sandbox ready + security sign-off

Danny (infra), Steffan (security)

Unlocks

Sandbox as proven pattern

First tenant justifies the platform for future AI apps

The Strategic Play

Don't pitch the sandbox in the abstract. Build the calculator, demo it working, then say "this saves the deal desk team X hours per deal and it needs a production home." The sandbox conversation shifts from "we need infrastructure for AI apps" (vague) to "we have a working tool that needs hosting" (concrete). The deal desk calculator becomes the first tenant that justifies the platform - and every future deterministic service (legal calculators, finance tools, HR automation) follows the same pattern.

Key Dependencies

Tyler

Glean Actions Capability

Confirm Actions support JSON POST, auth mechanisms, and structured response passthrough to agent workflow.

Target: Apr 20 deep-dive session

Danny / Kevin

Sandbox Environment (G07)

IS-managed compute that can host stateless Python services with HTTPS endpoints accessible from Glean's cloud.

Target: TBD - pending Danny conversation

Steffan

Security Review

Approve external SaaS (Glean) making authenticated API calls to internal Contentful service. Auth pattern and network access.

Target: After sandbox + Glean auth are confirmed

Phase 1: Build locally

Phase 2: Temp demo endpoint

Phase 3: Contentful sandbox

Glean (SaaS)

Contentful (Internal)

Open questions