← mordechaipotash.com● Shipped · Apr 24, 2026
Viter / Apr 17 → Apr 24 / solo / 1 paying design partner
88commits · +24,022 lines · 7 days · solo

Agentic AI with an audit spine, multi-tenant Postgres, generative UI. One engineer. One paying design partner. No PM, no four-week sprint. This is what AI-native product delivery looks like in 2026 when you skip the framework tax and write the audit layer yourself.

Apr 17Apr 18Apr 19Apr 20Apr 21Apr 22Apr 23Apr 24
auditchatdataxeroextractfixother
If you only click one thing
github.com/viterAi/viter/compare/108912d…9e0ced4 →
The full 7-day diff. 87 commits, 148 files, every commit GPG-verified. Scrollable timeline, annotatable diff. Private repo; access on request — send your company domain, get it within the hour.
What got built

A multi-tenant supplier-reconciliation product for an accountancy running on Xero. The end user opens a chat surface and asks which suppliers can I pay today or why is this one in variance. The LLM calls typed tools that return generative-UI components — tables, PDF viewers, drill-downs, action buttons. Every tool call writes an immutable audit row. Every PDF view is logged. Every reconciliation override is signed by a human.

30% feature. 70% audit / RLS / tenant isolation / observability / "who did what and when." That ratio is what lets the Big-4 audit partner sign off. Most AI demos skip it. This one does not.

Three patterns worth stealing
01

Factory-level audit wrap

Problem. Per-tool audit logging leaves holes. The auditor's first question always lands on the one call that wasn't logged.

Fix. Wrap audit at the registry, not per-tool. One choke point.

const tool = createAuditedTool({
  name: 'mark_reconciled',
  execute: async (args, ctx) => { ... },
})
// every tool shipped through this factory is audit-wrapped at the boundary
3f2d204
02

BEFORE-INSERT triggers derive tenant_id

Problem. Multi-tenant Postgres RLS silently leaks when an edge function under service-role forgets to set tenant_id.

Fix. The DB derives tenant_id from the parent and rejects orphans. RLS policies stay simple.

CREATE TRIGGER set_tenant_id BEFORE INSERT ON statement_lines
FOR EACH ROW EXECUTE FUNCTION derive_tenant_from_statement();
c631b46
03

SECURITY DEFINER RPC for atomic ops

Problem. Chat tool, UI, and CLI doing the same soft-delete via three paths means three different bugs.

Fix. One RPC. Tenant-scoped. Re-entrant. Fully auditable. Every caller takes the same path.

CREATE FUNCTION delete_statement_line(p_line_id uuid, p_reason text)
RETURNS jsonb LANGUAGE plpgsql SECURITY DEFINER AS $$
  -- soft-delete, override matches, log, return state
$$;
7f181db
The rest of the week — 38 shipped items
06Enterprise observability+
  • ·PostHog + Microsoft Clarity with audit-actor fix
  • ·Per-turn audit on /api/chat — messages, tool calls, latency, exact USD cost
  • ·record_tool_call RPC bypassing audit_log_lockdown revoke
  • ·Hourly canary self-test + silent-failure alarm
  • ·pipeline_health tool + Heartbeat component
  • ·/admin/conversations + tool-gap detection
12Chat with typed generative UI+
  • ·12 production tools — supplier_state, ready_for_payment, explain_variance, mark/unmark_reconciled, list_statements, list_failed_extractions, find_statement, view_pdf, delete_statement, delete_statement_line, restore_statement, recent_activity
  • ·2-pane resizable layout, viewport-breakout, PDF-dominant canvas
  • ·Anti-speculation prompt + tool-first system prompt + Sonnet 4.6
07Reconciliation dashboard+
  • ·Dense list + side panel + realtime comments (2026 redesign)
  • ·FTC (failed-to-communicate) detector on real sources
  • ·Deterministic fix for missing simple matches
  • ·Variance in source currency (native USD/EUR/GBP per supplier)
  • ·Provenance chips + deep-link icons on every row
  • ·view-as-customer toggle · PG Pages Audit module
05Data-model hardening+
  • ·23 drifted migrations synced + RLS hardened
  • ·tenant_id from JWT claims, not user.app_metadata
  • ·BEFORE-INSERT triggers on every child table
  • ·verify_jwt: true enforced + session token plumbed from browser
  • ·Audit triggers on 16 tables, actor priority chain
03Extraction — three bugs, same family+
  • ·Hidden rows + hidden sheets on xlsx ingest
  • ·Supplier invoice # vs customer reference disambiguation
  • ·Skip summary rows (Overdue Balance / Brought Forward / Total)
05MCP + infra+
  • ·viter_mcp server — FastMCP 3.x, dual stdio/http transport
  • ·Every customer prompt + Claude response → activity_log
  • ·/me live feed + /q shareable pages
  • ·Edge functions unified under supabase/functions/
  • ·Playwright harness
The operating loop
   client signal  →  diagnose  →  ship  →  audit log proves it
        ↑                                         │
        └─────────────────────────────────────────┘

No PM. No four-week sprint. The engineer is the PM, diagnosis happens in the audit log plus the LLM transcript plus the canary output, and the ship cadence is the meeting cadence.

Work with me
$500$800/ hour, direct

Send me your repo and a bottleneck you're trying to get through. I diagnose and scope a 5-day proof in 48 hours. You pay nothing until you see the proof working.

mordechaipotash@gmail.com →
$25K–$60K
Sprint · 2–4 weeks · fixed

I parachute in, build the audit spine + tool registry + first 5 production tools, hand off a pattern your team extends.

$8K–$20K
Fractional · 3–6 months · /mo

10–20 hrs / week. I own the agentic AI surface end-to-end while your team owns the rest of the product.

For staff / principal AI engineer full-time roles — open to talk.

"Design and implement core protocol features. Build SDKs. Drive open-source technical discussions on agent infrastructure. Deep familiarity with multi-tenant systems, observability, and audit primitives."

— representative 2026 staff AI engineer JD

Not 1% of applicants have shipped this combination in production this year. This week is the proof.