Software · Platform

Program Builder

Program execution, on your infrastructure

The single workspace where a federal program lives — WBS, schedule, requirements, risk, and fully-burdened pricing — deployed inside your perimeter.

See it

Five views of the platform.

Interface portraits. Generic data shown — real deployments run on your programs, your WBS, your schedule, your risks.

AW Program Builder Mission Control Programs WBS IMS Risks Cost & Pricing Reports MN MISSION CONTROL · ACTIVE PROGRAMS Four programs. One operational picture. All Active On hold Closed Sort: schedule health ↓ PROGRAM Iron Compass ATO Acme PEO Cyber · FFP · IDIQ TO-22-0044-008 PoPQ3 26 — Q2 28 Value$8.4M PMJ. Reyes PhaseExecution CV+$22K · favorable SVon track 44% complete · 17 of 39 WBS elements closed · 4 risks open HEALTHY PROGRAM Skyhawk Constellation USAF AFWERX · SBIR Phase II · FA8649-26-P-0192 PoPQ1 26 — Q2 27 Value$1.85M PMA. Patel PhaseOT&E CV-$8K · watch SV2 days behind 75% complete · 22 of 30 WBS elements closed · 2 risks open WATCH PROGRAM Pathfinder Mesh PEO C3T · Cost-Plus · W56KGY-26-D-0044 PoPQ2 26 — Q4 27 Value$12.6M PMM. Chen PhaseBuild CV-$148K · breach SV9 days behind 32% complete · 14 of 44 WBS elements closed · 7 risks open · 2 critical AT RISK PROGRAM Trident Phase II DAF CIO · T&M · GSA MAS · 47QTCK-26-D-0017 PoPQ4 25 — Q3 26 Value$640K PMR. O'Brien PhaseClose-out CV+$11K · favorable SV5 days ahead 94% complete · 31 of 33 WBS elements closed · 0 risks open HEALTHY Deployed on your infrastructure · single-tenant · no program data leaves your perimeter
Mission Control.   Every program your organization runs, in one operational picture — with health, variance, and risk surfaced at a glance.
AW Program Builder Mission Control Programs WBS IMS Risks Cost & Pricing Reports PROGRAMS · IRON COMPASS ATO · DASHBOARD Iron Compass ATO — Acme PEO Cyber · IDIQ TO-22-0044-008 COST VARIANCE +$22.4K Favorable · 0.3% of EAC SCHEDULE VARIANCE +1.2 days Ahead · 17 of 39 WBS closed OPEN RISKS 4 1 high · 2 medium · 1 low NEXT MILESTONE SRR — 14 days 2026-05-27 · SRD §3.2 review Schedule Health 44% complete · 17 of 39 WBS elements closed · 9 in progress Closed · 17 In progress · 9 Not started · 13 Critical path: 1.2 → 2.1 → 2.3 → 3.0 · 0.4 days of float Active Operations · Next 7 See all → 2.1.3 ZTNA policy authoring · J. Reyes Due 5d 2.2.1 Identity provider integration test · A. Patel Due 7d 3.0.0 SRR prep · M. Chen Due 14d 2.1.4 Segmentation enforcement gate · R. O'Brien Due 21d + 3 more Recent activity 2.1.3 ZTNA policy authoring marked 60% complete by J. Reyes 12m ago Risk RR-014 (vendor dependency on Pinnacle SDK) raised to medium 1h ago SRD §3.2 amended · deployment-pattern requirement clarified by M. Chen 3h ago Cost volume v4 rolled up · new fully-burdened total $8.42M (+$22K vs. baseline) yesterday Action item AI-022 closed · Atlas teaming agreement countersigned yesterday
Program dashboard.   Cost, schedule, risk, milestones, and the next seven actions for a single program — rolled up from the WBS and IMS underneath.
WBS · IRON COMPASS ATO WBS TASK OWNER DUR % STATUS 1.0 Zero Trust Architecture J. Reyes 540 d 44% Active 1.1 Requirements baseline M. Chen 60 d 100% Closed 1.1.1 SRD draft & review M. Chen 22 d 100% Closed 1.1.2 Stakeholder concurrence J. Reyes 14 d 100% Closed 1.2 Architecture design A. Patel 90 d 100% Closed 2.0 Build & integration A. Patel 220 d 58% Active 2.1 Policy authoring & enforcement J. Reyes 110 d 72% Active 2.1.3 ZTNA policy authoring J. Reyes 30 d 60% In progress 2.1.4 Segmentation enforcement gate R. O'Brien 28 d 15% In progress 2.2 Identity & device trust A. Patel 85 d 38% Active 3.0 SRR & gate reviews M. Chen 45 d 12% In progress 4.0 ATO package & submission M. Chen 60 d 0% Not started 5.0 Sustainment & transition TBD 90 d 0% Not started 39 WBS elements · 13 shown · CPM float: 0.4 d Expand all · Export
WBS.   Hierarchical work breakdown with owner, duration, percent complete, and status — the schedule's structural truth.
RISKS · IRON COMPASS ATO · 4 OPEN Likelihood × Impact Likelihood → RR-014 RR-009 RR-011 RR-016 low high Impact → RR-016 FedRAMP High control mapping gap §AC-17 HIGH · 20 Mitigation: dual-track POAM authored · M. Chen · review by SRR RR-014 Pinnacle SDK vendor dependency — release slip MED · 12 Mitigation: parallel integration with Atlas mesh SDK · A. Patel RR-011 Identity provider integration latency > 250ms MED · 9 Mitigation: caching layer + edge enforcement · R. O'Brien RR-009 CMMC L2 evidence gathering cadence LOW · 4 Mitigation: monthly automated evidence pack · M. Chen
Risk register.   Likelihood × impact heatmap plus the live list — mitigations, owners, and review cadence on every entry.
IMS · IRON COMPASS ATO · CRITICAL PATH HIGHLIGHTED Q3 26 Q4 26 Q1 27 Q2 27 Q3 27 Q4 27 Today 1.1 Requirements baseline M. Chen · closed 1.2 Architecture design A. Patel · closed 2.1 Policy authoring · enforcement J. Reyes · 72% 2.2 Identity & device trust A. Patel · 38% 2.3 Edge enforcement gate R. O'Brien · upcoming 3.0 SRR & gate reviews SRR · 2026-05-27 4.0 ATO package & submission M. Chen · not started ★ ATO award (milestone) 2027-04-15 (gated) 5.0 Sustainment & transition option year CDRL A001 quarterly progress reports delivery cadence Closed Active Not started Critical path Milestone CDRL delivery CPM float: 0.4 d Cost & pricing volumes regenerate when WBS or IMS changes — one source of truth.
IMS.   Integrated master schedule with critical path highlighted, CDRL cadence, and gated milestones. The WBS and cost volumes stay in sync with this view.

Illustrative interface portraits · All program names, customers, contract numbers, owner names, and dollar figures are fictional.

The problem

A federal program lives in twenty spreadsheets. None of them agree, and the one that's right is on a laptop in someone's bag.

The WBS is in one workbook. The IMS is in another. Requirements are in a third, and the trace matrix that's supposed to connect them was last updated before the redirect. Risks live on a slide. Pricing is on a tab in a workbook a former analyst built, and nobody else fully understands the indirect-rate stack.

Each artifact carries its own ground truth. None of them roll up. A program review starts with a half-day reconciling numbers that disagree, and the answer the PM gives at the gate is the most-recent of seven versions, not necessarily the right one.

The cost is real. Re-keyed data, mis-priced bids, requirements that drift from the schedule, risks that don't make it into the brief, color-team comments that vanish into a folder, BOEs that auditors can't trace. Programs miss windows not because the work isn't getting done — because the system holding the work is held together with email.

The bearing: a single workspace, isolated per program, where every artifact lives in one place, every number rolls up, and the pricing volume comes out the back end already burdened and DCMA-traceable.

What it is

Five capabilities. One platform, deployed on your infrastructure.

i.

Decomposes

Four-level WBS with period of performance, complexity tier, critical-path flagging, predecessor logic, and security-domain tagging. Integrated Master Schedule with tasks, milestones, dependencies, and status. WBS and IMS share the same backbone, so a schedule edit and a work-package edit can't disagree.

ii.

Traces

Requirements register modeled on the SRD — track, status, verification method, compliance reference, priority, and traceability back to the WBS. Five-by-five risk register with score, mitigation, contingency, gate, and program-track alignment. Crosswalk against MIL-HDBK-516C, MIL-STD-810H, Cyber RMF, TEMP, and software standards.

iii.

Prices

Direct labor cost builder with per-instance rate tables — sixteen standard labor categories, FY-flat or escalation curves, DCAA-aligned. Purchased labor, ODCs, materials, travel, and subcontractor quotes. Indirect rate stacks (fringe, overhead, G&A, fee) configurable per company instance. Executive pricing summary with waterfall and burdened-labor breakdown.

iv.

Isolates

Multi-program by design. One deployment hosts every program the organization runs, each with isolated data and per-company workspaces inside it. A joint venture between two primes gets a single program with two instance workspaces — each company sees their own labor and cost, the PM/Admin sees both. Cost surfaces are hidden from non-admin instances by a separate gate.

v.

Reports

Mission-control dashboard rolls up airworthiness progress, cyber-authorization progress, critical risks, pending docs, approved requirements, and active tasks at a glance. Schedule-health view with on-track / at-risk / delayed buckets and upcoming milestones. Charts page for direct-labor distribution and cost-by-resource roll-up. The pricing volume comes out the back end already structured for the proposal.

How it works

Five layers. Each replaceable. All under your control.

The platform is private. No program data leaves your infrastructure. The application stack runs inside your perimeter on Docker. Authentication is PIN-based out of the box and integrates with corporate SSO when required. Backups land in object storage you control.

Layer 1

Tenancy

Two levels of isolation. A program is the top-level tenant — every WBS row, task, risk, requirement, and cost entry is scoped to one. Inside a program, instances represent company workspaces (prime, sub, PM/Admin). Foreign keys, application middleware, and admin controls enforce the boundary at every layer. Onboarding a new program is a single form plus an Excel upload.

Layer 2

Data

PostgreSQL 16, schema versioned in code, idempotent auto-seed on first boot. Twenty-one scoped tables tie every artifact back to its program. Excel import per program replaces only that program's data. Nightly pg_dump to object storage (S3, R2, MinIO, or on-prem) with fourteen-day rotation. Restore is a documented one-liner.

Layer 3

Compute

Node 24 + Express, bundled to a single binary with esbuild. Drizzle ORM. Multer for spreadsheet upload. Pino structured logging. Sub-1 GB of RAM in steady state. The whole stack — API, database, and outbound tunnel — ships as a three-service Docker Compose file. Runs on a Synology NAS, a corporate VM, AWS GovCloud, or an air-gapped container host with one configuration change.

Layer 4

Surfaces

React + Vite frontend served as static assets behind any CDN or reverse proxy. Mission Control landing page lists every program in the organization. Per-program workspace exposes the WBS, IMS, SRD, risk register, documents, contacts, cost builder, materials, ODC, travel, subcontractors, pricing summary, and executive report. Cost surfaces gated behind a separate admin PIN by default.

Layer 5

Operations

HTTPS-only. Defaults to an outbound-only tunnel so the API never exposes an inbound port. CORS-locked to the application origin. Push-to-deploy CI loop for organizations that want it, scheduled pull-and-rebuild on the host for those that don't. Architecture document, restore runbook, and design-system reference ship with the platform so your operations team can run and extend it without us.

Implementation

Four phases. A kill switch at each one.

i.

Diagnosis

1–2 weeks

Audit how programs are run today — which artifacts exist, which are authoritative, how indirect rates are structured, what auditors look at. Confirm hosting target (corporate VM, on-prem container host, cloud, or NAS). Confirm authentication path. Pick one pilot program small enough to deliver in weeks, real enough to prove the system.

ii.

Pilot

2–3 weeks

Stand up the Docker stack in your environment. Map your WBS / SRD / risk / IMS templates to the platform's import schema (or adapt the schema to yours). Import the pilot program. Verify rollups against the existing spreadsheets, line for line. Configure indirect rates, labor categories, and FY escalation curves to your DCAA-approved structure.

iii.

Production

3–6 weeks

Per-instance PIN or SSO provisioning. Persona training in 45 to 60-minute sessions — CAM, PM, pricer, executive viewer. Onboard remaining programs. Wire backups to your object storage. Establish the deploy loop your IT organization is comfortable with. Cutover plan timed to your next proposal or program review.

iv.

Compounding

Ongoing

Backup verification drill. Restore-from-backup tabletop. Optional: SSO integration, custom report templates, deeper integration with the system of record (Costpoint, Unanet, SAP). The aim is not a one-time delivery. The aim is an executable backbone the program-management organization runs on for years.

Engagement shapes

Three ways to work together.

Advisory

Your team has the engineering capacity to stand it up. We architect, set the eval bar, review the implementation at phase gates, and stay close enough to course-correct before the architecture commits the team to a dead end. Best fit: mature internal IT and PMO teams.

Oversight build

Your team has some capacity but not the right specialization. We run the build in partnership with your engineers — doing integration, data mapping, and the cost-volume math — while your team owns operations and the long-term roadmap. Best fit: federal contractors that need the deliverable operable internally after handoff.

End-to-end build

Your team is full-up, or this is too far outside the existing skill set. We deliver the platform, the runbooks, and the persona training, and stay engaged on a defined retainer to keep the system healthy while you decide who owns it long-term.

What this is not

Three clarifications.

  • Not a SaaS product. Not a license. Not a "platform we resell." Every deployment is built against the program structure and the indirect rates of the organization that owns it, on infrastructure they control. The architectural pattern is reusable. The implementation is not.
  • Not a replacement for your system of record. Costpoint, Unanet, SAP, and the agency-side EVMS tools all keep their seats. Program Builder is the workspace the program team actually executes inside — the layer that produces clean inputs for those systems and clean outputs for proposal volumes and program reviews.
  • Not a program manager. The platform does not run the program. It removes the friction that consumes a PM's week — reconciling numbers across tools, chasing version drift, hand-rolling roll-ups for a gate review — so the PM can spend the time on the work that actually matters.
Next step

If your program team is held together with email and spreadsheets, the next move is a diagnosis.

One conversation, one written summary, no commitment to build. The bearing comes first.

Schedule a call — 30 min
or write directly: mark.young@azimuth-wayfinder.com
Melbourne, FL · Working nationwide