Born from a moment that changed how I see AI.

What you get: A safe, read-only AI assistant that watches your databases, networks, or cloud accounts and tells you in plain English what's wrong, what changed, and what to look at first.

The agent has eyes-only access — it can investigate, correlate, and write up findings, but it cannot make changes. You get the diagnostic write-up in minutes instead of hours; the fix stays a human decision.

Technology: OpenClaw agent framework, local LLMs on DGX Spark (Llama 3.1, Qwen3), Azure OpenAI, Azure Resource Graph, Az PowerShell, T-SQL diagnostic packs, RBAC reader-only roles, Managed Identity.

Methodology: read-only-by-design tool surface, RBAC-bounded scope per agent, evidence collection then plain-English summarization, human-in-the-loop on every recommended action, reusable scaffolding across SQL, networking, and cost-monitoring agents, GUARDRAILS file enforced on agent prompts.

What you get: When a critical database fills up its transaction log or starts running slow, an AI-assisted diagnostic walks through 40+ best-practice checks and produces a ranked fix list — no guessing, no panic.

Built on top of community-standard SQL health-check scripts, the assistant runs on a schedule, surfaces the highest-risk findings, and only takes corrective action where you have explicitly pre-approved it.

Technology: Azure SQL Managed Instance, T-SQL, DMVs, sp_Blitz, SQL Agent jobs, PowerShell, CSV-based change tracking, Az.Sql.

Methodology: 40+ best-practice check sweep, ranked CSV-tracked fix list, conservative log-file shrink guard (only over 500 MB and under 10% utilized), Accepted-Risk / Approved / Deferred state machine for fixes, evidence-backed root-cause writeups (real ADR/PVS incident as proof point).

What you get: Best-practice documents fed into an AI pipeline that generates fix scripts, routes them through a human approval workflow, then deploys the approved fixes in the correct sequence — resulting in 100+ improvements across on-prem virtual SQL Servers.

A complete solution built from the ground up: AI reads your standards documents and produces PowerShell remediation scripts, operators review and approve via a CSV workflow column, and the deployment engine applies fixes in dependency order with a full audit trail.

Technology: PowerShell, VMware PowerCLI, SQL Server (on-prem virtualized), T-SQL, DMVs, CSV-tracked approval workflow.

Methodology: same 40+ check sweep used for cloud SQL MI, parity audit between on-prem and cloud, CSV output that feeds the existing Accepted-Risk / Approved / Deferred fix workflow, VM-layer plus OS-layer plus SQL-layer coverage.

What you get: An AI agent that watches your systems and writes up findings — running entirely on your own hardware with a local model, no internet connection required. Same diagnostic value as cloud agents, zero data exposure.

The model, the agent framework, and the systems being watched all live on-premises. An OpenAI-compatible API shim lets you swap the local model for a cloud model and back without changing any agent code.

Technology: OpenClaw agent framework, DGX Spark with Ollama / vLLM, Llama 3.1 / Qwen3 local models, OpenAI-compatible local endpoint, Python tool adapters, Managed Identity for downstream Azure reads.

Methodology: 100% on-prem agent loop (model + reasoning + tool calls), OpenAI-compatible API shim for drop-in cloud-vs-local switch, read-only tool surface, use-case fit for air-gapped or compliance-restricted systems.

What you get: AI drafts thoughtful replies to your incoming email in your voice. You review, edit if needed, and send — turning an hour of inbox triage into ten minutes of approvals.

We connect to your inbox with the permissions you choose, learn from your past sent mail to match your tone, and surface drafts that are ready to go. You stay in the loop on every send.

Technology: OpenClaw agent framework, OpenAI / Azure OpenAI, Microsoft Graph (mail), Office 365 SMTP, prompt templates with conversation-history grounding, OneDrive for review queue.

Methodology: voice-matching prompts grounded in prior conversations, drafts always queued for one-click human approval, no auto-send, fast triage view (oldest first, by sender, by topic), opt-in expansion of automation as trust grows.

What you get: A chat assistant your team can ask anything — trained on your handbooks, SOPs, contracts, and notes — that gives answers backed by citations to the source document.

Runs on a private gateway you control. You decide which documents go in, who can ask which questions, and whether answers come from a local model on your hardware or a hosted model under your account.

Technology: Open WebUI, Ollama, embedding models (BGE / nomic-embed), vector store, hash-based change detection, PDF / DOCX / XLSX text extraction, SharePoint / file-share ingestion, on-prem GPU.

Methodology: hash-based incremental sync (touch a file, embeddings update), format-aware extraction per file type, citation-required answers, department-scoped collections (no cross-leak), afternoon-scale onboarding for a new department.

What you get: One AI service for your whole organization, with each department's data kept separate, each team's spending capped, and sensitive information routed only to private AI models that never leave your premises.

Departments share infrastructure but not data. Content filtering, audit logs, per-team token budgets, and PII-aware routing are built in. Add or remove teams in minutes.

Technology: FastAPI gateway, Ollama, Llama 3.1 8B, Qwen3 32B, Azure OpenAI, NVIDIA DGX Spark, Docker, PostgreSQL (audit), Redis (rate limiting), Open WebUI, hash-based RAG sync, PDF / DOCX / XLSX text extraction.

Methodology: per-department API key with isolated proxy, sensitivity-driven local-vs-cloud routing, per-key rate limit and token budget, hash-based knowledge-collection sync (touch a file, embeddings update), format-aware extraction, centralized content filtering and audit log, per-key usage reporting for chargeback.

A working session model: we sit with you, you talk through what the app should do, AI proposes the code, we review the diff, deploy to a private URL, and iterate. No big up-front spec, no surprise scope creep.

What you get: A clean, SSO-gated landing page that explains the internal AI platform to non-engineers: what is available, who it is for, and how to request access — so the platform actually gets used.

Documentation-first discovery surface with audience-specific pages for developers, business users, and admins. Links directly into Open WebUI and Ollama, and kept in sync with platform changes.

Technology: static site (Astro / Markdown), internal SSO via Entra ID, Azure Static Web Apps or internal IIS, links into Open WebUI and Ollama.

Methodology: documentation-first discovery surface, single landing page per audience (developers, business users, admins), self-service API-key request workflow, kept in sync with platform changes.

What you get: The site you’re reading was vibe-coded with an AI agent and shipped to a free static-hosting tier with a custom domain and a working contact form — a small but honest demo of what the model can do for you.

Every change was AI-proposed and human-approved before commit. The whole site lives in a Git repo, deploys automatically on push, and costs $0/month to run.

Technology: Astro, Tailwind CSS, TypeScript, Azure Static Web Apps, GitHub.

Methodology: prompt-driven full rebuild from an existing brand, content-as-data (single source-of-truth file), drop-in screenshot folders with auto-discovery, free-tier static hosting on Azure, custom-domain preservation, GitHub-based continuous deployment.

What you get: A small, playable indie game where every character and object on screen was drawn by an AI image model. Built end-to-end with AI as the artist and a vibe-coding loop as the developer, and ships to both desktop and the browser.

Solves a real-world quirk in current AI image tools (they bake a checkerboard background into every image) with a custom cleanup step that recovers a clean, transparent character so it can be dropped into the game. The same cleanup pipeline is reused across every game in the studio.

Technology: Python, Pygame, Ubuntu, Nginx, browser localStorage, geolocation lookup service, IP-reputation list.

Methodology: prompt-driven feature changes with live reload, edge security (geolocation blocking, API rate throttling, automatic IP banning), responsive desktop-vs-mobile detection, persistent high-score storage.

What you get: A retro-style racing game built on the same vibe-coded engine as AstroPickle, with cars and roadside objects drawn by the same AI image pipeline.

Reuses the AstroPickle cleanup pipeline so AI-drawn cars and obstacles drop cleanly into the game. Ships to both desktop and the browser.

Technology: Python, Pygame, Emscripten / pygbag for the browser build, OpenAI for voice generation, Google Gemini for sprite generation, Udio for music generation.

Methodology: rapid AI-paired prototyping (working build in about two hours), generative-asset pipeline for sprites and audio, custom alpha-recovery post-processing for clean transparent sprites, cross-platform build (PC desktop and web), prompt-driven ongoing tuning.

What you get: Hardens Python AI tooling for distribution to clients — combining commercial obfuscation, expiration- and hardware-bound licensing, and an automatic PII redaction layer so models never see sensitive data unintentionally.

spaCy NER + Microsoft Presidio detect and anonymize PII before it ever reaches a model. PyArmor obfuscation plus hardware-fingerprint license binding protects the IP you ship.

Technology: Python, spaCy NER, Microsoft Presidio, custom regex rules, lightweight on-device AI, PySide6 GUI, PyInstaller packaging, PyArmor obfuscation, Windows DPAPI / cryptography.

Methodology: pre-flight PII detection on every prompt, token-swap and key-vault round-trip, automatic re-hydration of redacted answers, encrypted local storage with user-controlled auto-delete, hardware-fingerprint license binding, expiration-enforced commercial distribution.

What you get: A daily content-intelligence pipeline that ingests dozens of video and podcast sources, AI-summarizes them into a citation-aware newsletter with audience-specific editions, and publishes to a CMS plus email distribution.

Multi-format ingestion (video + audio), transcript normalization, dual-edition generation in a single model pass, breaking-news detection with source verification, and end-to-end Wix CMS publishing — all on a recurring schedule.

Technology: Python, OpenAI GPT-4.1, Google Vertex AI / Gemini, Speechmatics, Google Cloud Speech-to-Text, yt-dlp, youtube-transcript-api, OpenAI web-search agent, Wix CMS with Velo backend, Office 365 SMTP, Google Drive, Google Apps Script, Azure Virtual Machine, Azure Logic Apps, Wix Secrets Manager.

Methodology: multi-source daily ingestion (video and audio), normalized transcription, dual-perspective generation in a single model pass, IEEE-style citation tracking with source verification, AI-driven breaking-news discovery, cost-optimized scheduled cloud execution, human review before publish, multi-channel delivery (CMS, email, mailing list).

What you get: A weekly pipeline that pulls the latest published recording, transcribes it, generates discussion questions with a high-reasoning model, and delivers PDF + email + cloud copies on schedule — fully unattended.

Privacy-first local processing with no third-party storage of sensitive content. Captioned-vs-uncaptioned fallback, .env-driven credential injection, conditional email/cloud routing.

Technology: Python, OpenAI GPT-5-mini, video and caption ingestion tools, Office 365 SMTP, OneDrive, Windows Task Scheduler.

Methodology: scheduled discovery of newly published content, captioned-vs-uncaptioned transcription fallback, tiered question generation (easy / medium / hard) with an answer key, multi-channel delivery (PDF, email, cloud folder), local-only processing for privacy.

What you get: Auto-detects the next episode in a recurring content series, fetches reference text from a verified source, and produces printable companion guides — with optional thematic cross-referencing across content streams.

Stateful episode auto-detection from JSON metadata, scripture-API caching, cross-project content reuse, printable-output generation, and a comprehensive operations + leaders guide for handoff.

Technology: Python, OpenAI GPT-5-mini, scripture verification API with local verse cache, QR-code generator, OneDrive, Windows Task Scheduler.

Methodology: scheduled series progression from a saved state, source ingestion from a public video library, thematic cross-reference of prior weekly study material, automated scripture verification, printable one-hour small-group lesson generation, scheduled cloud delivery for human proof-check before distribution.

What you get: PowerShell + FFmpeg utilities that turn raw long-form footage into iPhone- and iMovie-ready time-lapses, plus an RSS-driven episode-discovery and batch-download utility for large media catalogs.

FFprobe-driven source analysis, FFmpeg composition with frame-rate math for speed multiplication, H.264 MP4 encoding tuned for iPhone/iMovie ingestion, and robust regex-based episode extraction with deduplication.

Technology: PowerShell, FFmpeg, FFprobe.

Methodology: rapid prompt-engineered scripting, source-file analysis, frame-rate adjustment for time-lapse playback, mobile-friendly H.264 encoding, same-day delivery.

What you get: A safety net that prevents AI surprise bills. The moment usage starts running hot, automated rules slow it down within minutes — and a one-command script restores normal limits when you're ready.

Three layers of defense work together: instant rate limits, automated throttle runbooks tied to spending alerts, and budget hard-stops. A single JSON baseline file lets you reset everything to normal in seconds.

Technology: Azure AI Foundry, Azure OpenAI, Azure Monitor metric alerts, Azure Automation runbooks, Azure Budgets, PowerShell, JSON configuration, Managed Identity, Entra ID.

Methodology: defense in depth (per-deployment TPM limits, alert-driven throttle within 5 minutes, budget cap as safety net), single-source-of-truth JSON for known-good state, one-command recovery, -WhatIf preview on every write, GUARDRAILS-enforced human approval before production change.

What you get: A reusable template that lets a team stand up a new containerized web app in a day instead of a week — with the right network access, the right secrets store, and the right monitoring on day one.

Fill out an intake form, choose your network access level (public, private, or allow-listed), opt in to AI or database add-ons, then preview the change. Nothing deploys until a human approves.

Technology: Azure Container Apps, Bicep, Azure CLI, Azure OpenAI, Azure SQL, Managed Identity, Azure Key Vault, Log Analytics, Azure Front Door (optional).

Methodology: intake-form to Bicep parameter binding, three explicit network tiers (public, private IPs, campus CIDR), what-if preview required before deploy, optional add-ons (OpenAI, SQL) toggled by a flag, GUARDRAILS-enforced human approval on writes.

What you get: New daily file-to-database pipelines stand up in hours, not days. Your team fills in a config, the AI proposes the pipeline, and you review every change before it touches production.

A six-phase loop with hard guardrails on every cloud write. The AI generates the data factory pipelines, stored procedures, and configuration; humans approve and deploy.

Technology: Azure Data Factory, Azure SQL Managed Instance, T-SQL, ARM templates, PowerShell, GitHub Copilot Agent mode, Managed Identity, Azure Key Vault, Bicep.

Methodology: config-as-contract (single CONFIG.md), AI-paired generation of pipeline JSON / DDL / sprocs / deploy scripts, GUARDRAILS-enforced human approval on every cloud write, -WhatIf preview standard, query-plan-driven performance pass (12 min to 2 sec example), repeatable in 6 hours and ~50 prompts.

What you get: Your reports back themselves up nightly, your gateways stay healthy, and you get an alert before a license expires — not after a report stops running.

Service-principal-driven nightly export of every report and data-source configuration in your tenant, with workspace-to-department mapping and orphaned-resource detection.

Technology: PowerShell, Power BI REST API, MicrosoftPowerBIMgmt module, Entra ID service principal, Windows DPAPI, Windows Task Scheduler, on-prem file share.

Methodology: tenant-wide nightly export organized by department, encrypted secret storage via DPAPI, pre-flight access-gap detection, orphan gateway data source surfacing, dual-mode operation (interactive + unattended), -WhatIf and -CheckOnly audit modes.