BUILD REGISTER · SAN DIEGO, CA

Fifteen years securing other people's systems. Six months shipping my own.

I build SaaS products with AI coding agents and keep an honest register of what happened — what shipped, what got shelved, what got scrapped, and the security decisions behind each one.

  • 2 live
  • 1 published
  • 4 paused
  • 1 scrapped
+ 2 private engagements

Every non-live verdict carries a lesson forward.

8PRODUCTS BUILT
2,700+COMMITS IN 136 DAYS
35PARALLEL AGENT WORKTREES
5 daysFASTEST BUILD, IDEA → DELIVERED

Latest release

github.com/Doogit/StackBadger
StackBadger screenshot
OPEN SOURCE · SECURITY TOOLING

StackBadger

A pentest harness for AI-assisted development, extracted from a production SaaS codebase, scrubbed, and generalized for any stack. Born inside TariffRefunded; now it outlives the sprint that created it.

VIEW REPO
SECURITY CONTROLS · CROSS-READ 8 controls implemented wrong, caught, and fixed — the ✓⛑ cells of a security cross-read across 7 products. Read the matrix →

The register

Every project gets a verdict and a line on what carried forward. The kills count as much as the launches. Click any row for the full case study, or cross-read the security controls →

ReadySetBind
ReadySetBind2026 · INSURANCE OPS
Placement-to-bind automation for insurance agencies: quote PDF → AI extraction → human verify → e-sign → bind request. 813 commits, 243 PRs, 17 days. CARRIED FORWARDEvery third-party wrapper now returns an explicit status the caller must branch on; recurring defects get an automated gate, not a third paragraph of documentation; and access to every sensitive operation is explicitly denied by default and tested for every role.
LIVE · PILOT
SITE ↗
TariffRefunded
TariffRefunded2026 · CUSTOMS SAAS
IEEPA tariff refund recovery for SMB importers, racing a 180-day protest window. Broker partnership in progress. CARRIED FORWARDStackBadger was born here as the internal pentest harness. The PII-scrubbing patterns, the auth/data-isolation fix, and the decision-hygiene habit — a versioned strategy doc with an open-decisions table, plus dated site-vs-strategy audits — moved into everything after.
LIVE
SITE ↗
StackBadger
StackBadger2026 · SECURITY TOOL
Pentest harness for AI-assisted development — extracted from a production SaaS build, scrubbed, and open-sourced. The only code still earning commits after product work stopped. CARRIED FORWARDThe extract → scrub → review release playbook, now the standard path for anything leaving a private repo.
PUBLISHED
REPO ↗
SafeCircleOps
SafeCircleOps2026 · OSINT / DFIR
Built in 5 days to help a friend being stalked: a local-only OSINT pipeline that discovers and tracks the stalker's online activity, to evidence standards — chain-of-custody manifests, fail-closed no-tip-off defaults, attribution scoring with negative controls. Report delivered to law enforcement. Deliberately unpublished. CARRIED FORWARDThe audit-the-design-before-building gate and the fail-closed posture. The repository itself stays private, permanently — it contains a real case.
PRIVATE
WRITE-UP
DealFinder
DealFinder2026 · REAL ESTATE INTEL
Pre-MLS lead intelligence for San Diego real-estate wholesaling: fragmented distress signals unified into explainable lead scoring. Full MVP in 7 days; paused unlaunched. CARRIED FORWARDCompliance shaping scope at design time — a fair-housing review removed an entire signal class before any code existed — and the checkpoint-and-circuit-breaker pattern for fragile, county-scale scrapers.
PAUSED
WRITE-UP
Interview prep system
Interview prep system2026 · AGENT WORKSPACE
File-based interview prep as an agent workspace: citation-enforced knowledge base, ten evidence-based interviewer personas, and a mock-interview module that argues back in their voice. No database, no server — a directory layout and 12 skills. CARRIED FORWARDA general blueprint for becoming rapidly, defensibly conversant in any organization and its people — reusable for due diligence, sales prep, or expert-witness work.
PRIVATE
WRITE-UP
CyberReadyAI
CyberReadyAI2026 · INSURANCE READINESS
Cyber insurance readiness platform for SMBs. Near-launch; paused with intent. 747 commits and the project that taught me to audit my own guardrails. CARRIED FORWARDThe guardrail rubric, the solution library, and the worktree protocol — and the successor product wrote its launch gates in advance precisely because this one validated late.
PAUSED
SITE ↗
PRD ONLY
PreCloseIntel2026 · M&A INTEL
Attack-surface intelligence for M&A due diligence: read a target's external security posture before the deal closes. Full PRD survived review; paused before build to focus on TariffRefunded. CARRIED FORWARDThe Idea → Build framework itself, which every later project's PRD ran through.
PAUSED
WRITE-UP
RiskScanAI
RiskScanAI2026 · FIRST BUILD
CIS IG1 risk assessment for small businesses — my first product, started off GitHub in late January; 160 commits across 15 active days. CARRIED FORWARDEverything — the successor is literally the same repository continued. Six agent skills and three reviewer agents survived into a roster that grew to 42 and 11, and the honest verdict (“nobody pays for an AI-interview risk assessment”) re-aimed the product at a question businesses do pay attention to.
SHELVED
POSTMORTEM
NO BUILD
PartMatch2026 · 3D PRINTING
3D-printable replacement parts from photos. Scrapped when the adversarial PRD review said "spike first." CARRIED FORWARDAdversarial review as a standing gate before any build.
SCRAPPED
KILL MEMO

The timeline

Jan 27 – Jun 11, 2026. Bar length is calendar time; the labels are commits. Overlaps are real — some of these ran in parallel across ~35 agent worktrees.

JANFEBMARAPRMAYJUN
ReadySetBind 813 commits · 243 PRs · 17 days
TariffRefunded 728 commits · live
StackBadger published
SafeCircleOps 140 commits · 5 days
DealFinder 130 commits · 7 days
CyberReadyAI 747 commits
PreCloseIntel full PRD · paused
RiskScanAI started off-GitHub Jan 27 · 160 commits
PartMatch scrapped at PRD review
LIVE SHELVED / PAUSED PRIVATE SCRAPPED PUBLISHED DAILY COMMITS (GITHUB)

The build journal

The same 136 days as a sequence of decisions. Dates marked ~ are approximate.

~JAN 27

RiskScanAI begins — before the repo

The first build starts off GitHub: landing pages and product shaping ahead of any version control.

FEB 27

RiskScanAI — first commit lands on GitHub

First product, first AI-agent workflow. 160 commits over the next 15 active days.

~MAR 15

PreCloseIntel — full PRD, then a pausePAUSED

First run of the 7-phase Idea → Build framework. The PRD survived; the build slot went elsewhere.

MAR 20

RiskScanAI shelved — and forked the same daySHELVED

The honest read: nobody pays for an AI-interview risk assessment. Everything carried directly into CyberReadyAI on the day of the last commit.

~APR 8

PartMatch scrapped at PRD reviewSCRAPPED

Adversarial review said “spike first.” The kill cost a review session instead of a build month.

~APR 16

TariffRefunded beginsLIVE

The tariff rate monitor PRD dies; refund recovery for SMB importers replaces it, racing a 180-day protest window. 728 commits and counting.

~MAY 6

CyberReadyAI paused with intentPAUSED

Near-launch after 747 commits. The project that taught me to audit my own guardrails.

MAY 17

SafeCircleOps — a five-day sprint for a friendPRIVATE

140 commits in 5 days. Local-only, evidence-grade, deliberately unpublished. Report delivered to law enforcement.

MAY 20

DealFinder — a seven-day MVP, then a pausePAUSED

Ideated inside the SafeCircleOps build, three days in. 130 commits to a working real-estate intelligence MVP, then paused unlaunched.

MAY 26

ReadySetBind — first commitLIVE · PILOT

813 commits and 243 PRs over 17 days. Day one shipped the end of the pipeline before most of the middle existed.

JUN 9

StackBadger publishedPUBLISHED

A pentest harness extracted from TariffRefunded, scrubbed, and released. The extract → scrub → review playbook becomes repeatable.

JUN 11

ReadySetBind live in pilot — and this register goes up

Eight products, two live, one published, one report delivered. The kills count as much as the launches.

Latest posts

Field notes from building with AI agents — specific incidents, real numbers, no generic advice.

SECURITY

1 of 16: auditing my own guardrails

I built sixteen guardrails to stop my AI coding agents from destroying work. Then I audited them like a consultant would. One actually worked.

JUN 2026 · 5 MIN
POSTMORTEM

Compile-green, deploy-broken

Every test passed and it worked on my laptop. In production, placing PDF signature fields failed four different ways — pdf.js in a serverless runtime — each one invisible until the previous fix.

JUN 2026 · 6 MIN
SECURITY

The regulation in my build pipeline

A federal statute constrains what my product is allowed to say. An audit found 18 violations in my own copy — so I wired the forbidden phrasings into the build and made shipping one impossible.

JUN 2026 · 5 MIN

The graveyard

Ideas that got a real PRD, real research, or real validation — and a deliberate no. Each one has a reason on record.

ConceptForge SHELVEDConcept art → 3D print pipeline. Full PRD survived adversarial review; unit economics didn't survive scrutiny.
Tariff rate monitor PIVOTEDv0.1 PRD archived — alerts alone weren't defensible. Became TariffRefunded.
Pet supplement brand SCRAPPEDDied in validation research before a single line of code. Cheapest kill on the board.
Smart-home security audit BACK POCKETConsumer spinoff of RiskScanAI. Real market, wrong time.
Local LLM agent rig DEFERRED2× A100 plan for self-hosted coding agents on existing rack hardware. Spec'd, costed, deferred.
"Prose documents intent. Gates enforce it."
The operating principle behind every project here. The same bug shipped three times past written rules — and zero times past a CI gate. Deterministic enforcement beats advisory documentation, in agent harnesses and security programs alike.