How I build
These are the non-negotiable rules that govern every AI system I design and operate. Not aspirations. Not guidelines. Hard constraints enforced at the architecture level.
Sensitive personal documents — tax records, bank statements, health data, legal contracts — are processed exclusively on-device using local OCR. Raw documents never reach any cloud API. Only anonymised, extracted values are passed upstream when reasoning is required. This is non-negotiable.
All data storage, processing infrastructure, and cloud services operate within EU jurisdiction wherever possible. Servers in Frankfurt. Databases in EU regions. No sensitive data routed through non-EU providers. GDPR compliance is architecture — not a policy document.
Total monthly AI infrastructure hard-capped at €40. Enforced by the Supervisor Agent in real time — not by manual checking. When the cap is reached, agents automatically degrade to local models and alert me. No exceptions. No surprise bills.
Pure cloud violates privacy. Pure local lacks current knowledge. The correct architecture routes tasks by sensitivity and complexity — local models for private document processing, cloud API only when genuine reasoning is required. This is a deliberate design decision, not a compromise.
Every agent reads and operates within a machine-readable Constitution before executing any task. Agents cannot self-modify their boundaries, override cost limits, or expand their scope without a Constitution update. The Constitution is the single source of truth for all agent behaviour.
All specialist agents report to a Supervisor Agent which coordinates tasks, enforces the Constitution, monitors budget consumption, and escalates anomalies directly to me. No agent operates independently of this oversight layer. The Supervisor reports to one person — me.
A dedicated set of audit agents operates independently of the specialist agents — monitoring output quality, checking decisions against Constitution rules, flagging anomalies, and reviewing agent-to-agent interactions. Audit agents have no execution capability — they observe, assess, and report only. No agent marks its own homework.
Every agent action is logged with timestamp, model used, tokens consumed, decision made, and outcome. No agent executes any task without a corresponding audit trail. Logs are immutable, stored in Supabase, and reviewable at any time. If it is not logged, it did not happen.
Any decision, transaction, commitment, or action involving a value above €550 requires mandatory human approval before execution. The Supervisor Agent surfaces these decisions directly to me with full context. Agents propose. I decide. This threshold applies to financial transactions, contract commitments, and any irreversible action above this value.
AI is an excellent assistant. Fast, thorough, and occasionally brilliant. It is also confidently wrong in ways that only human experience across multiple perspectives can catch.
Twenty-two years of enterprise delivery across nine companies, industries, and geographies — plus managing my own properties, finances, and tax filings in Germany for eleven years — has given me genuine lived perspective from each of these angles.
I will not always have the right answer wearing each hat. But asking the question from each angle is often enough to catch what AI confidently misses.
That is the human judgment layer no agent replaces.
These principles are documented publicly because accountability without transparency is theatre. If you are building AI systems and find them useful — they are yours to take.
