Writing

I Built Three Production Apps with AI. Here's the Complete Paper Trail.

A multi-tenant modeling platform and two server-rendered documentation portals — built with an AI copilot under a governance discipline I call STRATA. Every decision, deviation, and sign-off is on the record. This is what fast and auditable looks like at the same time.

Anyone can build an app with AI now. That is no longer the interesting claim. The interesting question is the one that surfaces three months later, when something breaks in production and somebody asks: why is it built this way, who decided that, and where is the record? For most AI-assisted projects, the honest answer is that there is no record. The model generated the code, the code shipped, and the reasoning evaporated.

Over the past stretch I built three production applications with an AI copilot — and I built them specifically to answer that second question. Not just can I ship this fast, but can I account for every decision in it afterward. The three are a multi-tenant modeling platform and two server-rendered documentation portals, and each one carries a complete, navigable audit trail: a paper record of what was planned, what was built, what deviated from the plan, and why. This is a walk through how that worked, and why the audit trail turned out to be the thing that made the speed safe.

The three applications

The three systems are deliberately different from one another, because a method is only worth trusting if it survives more than one shape of problem.

Fractal OSI (app.fractalosi.com) — a production-grade, multi-tenant visual object-relationship modeling platform on Vue, Vite, and Pinia. Cookie-based authentication with CSRF protection and two-factor sign-in, team workspaces, a pluggable storage-provider layer, deterministic-first AI schema generation, and an embeddable interactive canvas. It is the deepest of the three, and the one where the method was first discovered by doing.
fractalosi.com — the official Nuxt 4 / Docus documentation portal for Fractal OSI. On the surface it reads like effortless documentation; underneath it is a stateless, server-rendered application with two independent layers of access control, a topic-scoped entitlement model, multi-surface single sign-on with the app, and a drop-in interactive diagram component.
StrataProtocol.org (strataprotocol.org) — the documentation portal and member toolkit for the STRATA Protocol itself: a server-rendered Nuxt 4 / Docus platform with two-layer role-based content protection, a full account lifecycle, an admin console with an audit log, a PostgreSQL data layer, and a hardened lead-capture funnel. It was built by running the very methodology it documents on itself.

None of these is a toy. Each is a real application with authentication, access control, a data layer, and a deployment story. And each one I can hand to you with its entire construction history attached.

What "fully documented with auditable logs" actually means

When I say auditable, I do not mean a README and some comments. I mean that before a single feature was implemented, it was derived — written down as two documents generated from fixed templates:

an analysis — the feature's structural, functional, risk, and dependency picture, reasoned through against the existing codebase before any code existed;
an implementation plan — the same feature broken into phases, each phase carrying explicit deliverables, acceptance criteria, and a testing strategy.

Then the work advanced one phase at a time, with me as the human gate between phases. Nothing moved forward on the model's say-so. After each phase, a phase manifest recorded exactly what was added, modified, and removed, and a running commit log narrated the reasoning. When reality diverged from the plan — and it always does — the deviation was not quietly absorbed. It was written down and fed forward as context into the next phase.

The payoff of templating is consistent prompting. Because every feature's analysis and plan share the same shape, the AI copilot receives the same well-formed context every time, and produces traceable output every time. The templates are not paperwork — they are the prompt-engineering surface that makes AI-assisted delivery reproducible.

The last piece is the cheapest and, in practice, the most valuable: every commit is tagged to its requirement and phase. A commit message reads feat(REQ-020-legal): Phase 5 — footer legal links row, not "updates" or "fix stuff." That single discipline means the entire history of a project is legible directly from git log — you can reconstruct the month of work commit by commit, decision by decision, without opening a single file.

Fractal OSI — where the discipline was found

Fractal OSI is the largest of the three and the oldest. Its core build ran across roughly four high-intensity months from late 2025, taking it from an empty repository to a multi-tenant, authenticated, AI-assisted modeling platform — and it has been continuously refined ever since. It carries a four-thousand-eight-hundred-plus unit-test suite, and a quality gate that runs type-check, build, and the full test run before any work is called done.

What matters for this story is not the feature list — it is that the platform was built feature by feature, each one in its own folder, each prepared with an analysis and an implementation plan before implementation, and each closed out with a manifest and a commit log. Long before the practice had a name, it was already running in that repository. The uniform, template-derived structure of its documentation is the evidence. Fractal OSI is where I learned that the discipline was not overhead — it was the thing letting a single engineer move that fast across that much surface area without shedding architecture or tests.

Two portals, about a month each

The two Nuxt 4 / Docus portals were built later and faster, and they are the clearest demonstration that the method compounds.

fractalosi.com went from first commit to a stable, deployable state in about a month, across nine governed features (a documentation corpus, two-layer access control, a stateless integration with a shared identity backend, multi-surface single sign-on, a monetization funnel, a containerized SSR deployment, SEO and authorship infrastructure, systematic content gating, and an interactive embed). The striking thing is not just the speed — it is that the method visibly matured from feature to feature, adding deviation handling, build-verified operational notes, and cross-project lessons as it went.

StrataProtocol.org reached a stable, production-ready version in under a month from its first commit — a window of about twenty-nine days that took it from nothing to two-layer role-based access control, a full account lifecycle, an admin console with an audit trail, a hardened lead funnel, and a containerized PostgreSQL deployment. It was delivered across twenty numbered requirements and twenty-three execution sessions, leaving behind roughly four hundred governance artifact files alongside the code — every one of them traceable from the commit history.

Both portals share an architectural spine with Fractal OSI's embeddable canvas, and both enforce a strict layering that keeps shared logic pure and independently testable. But the headline is the cadence: two production applications, built about a month apart in pace, each fully documented as it was built.

The audit trail, in practice

Here is the test I actually care about. Pick any feature in any of the three repositories. You can open its analysis and read what was known before the work started. You can open its implementation plan and see how it was phased. You can open its manifest and see precisely what shipped. You can read the running commit log to see why. And you can run git log and watch the whole thing reassemble itself, each commit stamped with the requirement and phase it belongs to.

That is what I mean by auditable. Not "well-commented." Reconstructable. A reviewer — or an auditor, or a future maintainer, or me in a year — can answer "why is it built this way?" without guessing, because the answer was written down at the moment it was decided and never thrown away. As the STRATA framework puts it, a codebase without an artifact trail is a system with amnesia. These three have near-total recall.

The part that surprised people: speed did not cost traceability

The common assumption is that governance slows delivery — that all this analysis, planning, and manifest-writing is a tax you pay for safety. My experience across these three builds was the opposite, and it is the single most important thing I took away.

Because every feature reused the same templates, the same phased loop, and the same artifact trail, the cost of starting each new feature kept falling while the quality bar stayed fixed. Repeatability was not the brake on velocity. Repeatability was the velocity.

The discipline is what let one person, driving an AI copilot, behave like a disciplined delivery team — and move at a pace that looks reckless until you notice that every step is on the record. The speed is the visible half. The governed method is the half that made the speed sustainable, and auditable, at the same time.

Why I bother

I work on the governance side of AI, and my conviction is simple: in an era of drag-and-drop AI, deep understanding is the edge. The model can generate code, but only an engineer can make that code reliable, auditable, and safe to scale. AI accelerates the work; it does not lead it.

The five-layer discipline running through all three of these projects is what I eventually extracted and named the STRATA Protocol — classify the project, derive its documents, bind the AI to an authority chain, execute in gated phases, and preserve the artifact trail. I did not invent those layers. The same structure kept reappearing across these builds, in different stacks and domains, with no shared specification between them. STRATA is the write-up of something that already worked. If you want the worldview behind it, that is what my methodology is about; the framework itself lives at strataprotocol.org.

Three production apps. Three complete audit trails. Built with AI, governed by an engineer, and able to account for every decision after the fact. That last part is not a nice-to-have. In a world where anyone can generate convincing software in an afternoon, it is the whole game.

See the work, or read the method

Each of these systems was delivered through the same governed, document-first approach. Browse the portfolio, or read the methodology that runs through all of it.

See the work Read the methodology

Edit this pageorReport an issue

What Vince Gilligan's "AI Slop" Remarks Got Me Thinking About Governance

Vince Gilligan worries AI might one day break bad. My concern is that governance breaks first — why critical workflows need accountability and guardrails before we get anywhere near sentient systems.