Before the factory, before the twins, before the scenarios and the satisfaction metrics and the agents that wrote code no human would review, Justin McCarthy built a protocol-aware proxy.
It was 2015. The problem was infrastructure access. When a developer needed to connect to a database, or an SSH server, or a Kubernetes cluster, the connection passed through a proxy. Most proxies at the time were dumb pipes—they forwarded bytes without understanding what those bytes meant. Justin's insight was that you could build a proxy that understood the protocols it was carrying. Not just TCP. Not just TLS. The actual application-layer protocols: MySQL's wire protocol, Postgres's message format, SSH's channel multiplexing, HTTP's request-response semantics.
A protocol-aware proxy could do things a dumb pipe couldn't. It could log every SQL query without installing an agent on the database server. It could enforce access policies at the statement level, not just the connection level. It could replay traffic for auditing. It could detect anomalies by understanding the grammar of the conversation between client and server.
This was the core of StrongDM. Everything else—the access management layer, the policy engine, the audit trail—was built on top of that foundational insight: if you understand the protocol, you can mediate the conversation.
Navan didn't fully appreciate this until one afternoon when he was debugging the Jira twin's REST API behavior and realized the twin was, at its core, a kind of protocol-aware proxy in reverse. The twin didn't just respond to requests—it understood the protocol well enough to reproduce the server's behavior, including its idiosyncrasies. The twin knew that Jira's REST API returned different error formats depending on which version of the API you were calling. It knew that certain endpoints accepted query parameters that weren't documented. It knew about the timing characteristics of paginated responses.
"The twins are inverted proxies," Navan told Justin. He'd walked into Justin's office with his notebook open, a diagram already drawn.
Justin looked at the diagram. "Go on."
"A proxy mediates between a client and a server by understanding the protocol. A twin replaces the server entirely by understanding the protocol even more deeply. The proxy watches the conversation. The twin is one side of the conversation."
"That's right," Justin said. "The same skill set. The same instinct. If you can build a proxy that understands MySQL's wire protocol well enough to log every query, you can build a twin that understands Okta's SCIM protocol well enough to reproduce every response."
"Is that why you thought of twins? Because of the proxy?"
Justin leaned back. He had a way of pausing before answering questions about his own thinking, as if he were checking the answer against his memory before releasing it. "I think it's more that the proxy taught me how to think about protocols. Not as specifications to implement, but as behaviors to understand. The specification tells you what should happen. The behavior tells you what does happen. They're not always the same."
Jay, passing by the open door, heard this last sentence and stopped. He leaned against the doorframe. "That's the whole thesis. The twins don't implement the spec. They clone the behavior."
"They clone the behavior," Justin confirmed. "Including the parts where the behavior deviates from the spec. Especially those parts. That's where the interesting bugs live."
The through-line was clear. Protocol-aware proxy to behavioral clone to digital twin. Ten years of the same instinct, applied at increasing scale, toward increasingly ambitious goals. The mind that built StrongDM's core technology was the same mind that built the factory. It had just kept thinking.
The framing of digital twins as "inverted proxies" is one of those insights that seems obvious only after someone states it. The proxy watches the conversation. The twin IS one side of the conversation. That's a decade of thinking distilled into one sentence.