Digital & AI · Practice in formation · 2026
Software built with discipline.
Websites, internal tools, and AI-assisted document pipelines. Built to be maintainable, traceable, and handed off clean.
This practice is in formation. Three years inside a Canadian generic-pharma microbiology lab taught me what software has to do when every change needs to be traceable. That discipline transfers. This site — preflight gates, leak-audit scripts, design-lock, multi-agent orchestration — is the first artifact built from scratch. First client work open now.
- 01TypeScript · Next.js · Tailwind · Playwright · Cloudflare Pages
Production websites
Next.js static site, clean copy, accessibility built in, deployed to Cloudflare Pages
- 02TypeScript · Next.js · React · Playwright · Cloudflare Pages
Internal tools + dashboards
Checklists, trackers, indexers, log tools — scoped to one clear problem
- 03Claude Code · MCP servers · TypeScript · Shell
AI-assisted document pipelines
Drafting pipeline with human-in-loop review and a clear audit trail of who approved what
- L1
v3 atlas design lock + INDEX system
Scaffold-default deploy because a locked reference sat untracked in parent workspace. Process artifact, not just aesthetic.
- L2
scripts/audit-leaks.sh + .gitleaks.toml
Pre-commit plus build-gate. Blocks private-channel identifiers from public bundles.
- L3
scripts/preflight.sh
5-check session-start verification. Each check is pinned to a prior incident root cause.
- L4
Multi-agent orchestration spec
File-ownership lanes, review protocol, and T0/T2 leak boundary across executors.
- L5
JSON-LD + security headers + sitemap.ts
Practical hardening, no over-engineering.
- L6
Playbook system
Any-AI-agent-executable migration and one-off-task instructions. Pattern available for client work.
GMP doc pipeline
- Brief
- A 200-staff Canadian pharma site spends about 40 hrs/month authoring deviation investigation reports. CAPA narrative quality varies by author. Audit reviewers flag inconsistency.
- Constraint
- All drafts must be human-reviewed before issue. Audit trail must show who-drafted-what-when. No external LLM call may transit T2 facts.
- Method
- Local-first drafting pipeline. Templates derived from sanitized CAPA exemplars. Author dictates incident facts, the pipeline returns a structured first draft, and all transit is logged.
- Outcome
- Hypothetical: time per CAPA narrative drops from about 3 hrs to about 50 min. Quality variance compresses. Audit reviewer sees a clean trail.
- What you'd learn
- Designing AI-assist for a regulated workflow is mostly about what not to send to the model and how to prove it after. The interesting engineering is the boundary, not the prompt.
[ §4C · LIVE PROOF ]
▮ [PREFLIGHT: PASS] sanitized local snapshotpreflight: scanning ~/preflight: 1/5 locked files existpreflight: 2/5 privacy boundarypreflight: 3/5 audit-leaks gatepreflight: 4/5 parent-workspace design scan reviewedpreflight: 5/5 CLAUDE.md -> v3 linkpreflight: PASS with 1 warning(s) - reviewed against docs/design/INDEX.md ▮ [BUILD: PASS] sanitized local snapshotnext build: compiled successfullyroutes exported: /work/digital/ · /work/digital/config-generator/audit-leaks: honeypot canary OKaudit-leaks: T2 markers cleanaudit-leaks: private channel handles cleanaudit-leaks: email allowlist OKaudit-leaks: phone-number scan cleanaudit-leaks: PASS - no leak indicators in out/
- Shape
- 2-week fixed scope · Day 1 brief · Day 5 mid-review · Day 10 delivery
- From buyer
- Access to existing content / data / SOPs, sanitized as needed · 1 decision-maker · 30 min mid-week
- Delivery
- Working artifact + 1-page handoff doc + 30-day support window
- Payment posture
- 50% on brief signoff, 50% on delivery. Deposit non-refundable after Day 1 brief committed. Specific scope and price discussed in inquiry.
- Contact
- Email hello@moontahaj.com — routed via Cloudflare Email Routing, read within 2 business days. Inquiry replies include scope, price, and next-step checklist.
Under draft: open-source skill library under docs/playbooks/ · per-persona OG image generator on Playwright · audit-leaks gate extending to regulated-domain identifiers as client work demands.