The register: eight products in 136 days
This site is an honest ledger of building with AI agents: every project gets a verdict, a reason on record, and a line on what carried forward.
- Between Jan 27 and Jun 11, 2026: eight products built, more than 2,700 commits, two live, one published as open source, two deliberately private, and a graveyard of ideas scrapped before a line of code.
- Stopping is the discipline: the cheapest one died in validation research; another in a design review that said “prove it's feasible first.”
- Nothing here is wasted — each project's hardest lesson became the next project's day-one rule.
- The operating principle the whole register keeps re-proving: written rules decay; automated enforcement holds.
Fifteen years of my career went to securing other people's systems. Starting in late January I spent 136 days shipping my own — eight products, more than 2,700 commits, built almost entirely with AI coding agents. This site is the ledger of what happened, and the ledger is honest: every project gets a verdict, a reason on the record, and a line on what it left behind.
The arc
It started with RiskScanAI, a security self-assessment for small businesses, begun off GitHub in late January — my first product, and a fast education in what agents do well and where they quietly fail. Its honest verdict: nobody pays for an AI-interview risk assessment. So it didn't die so much as turn into CyberReadyAI the same day, re-aimed at a question small businesses actually fund — are you ready for cyber insurance? — and the same repository carried straight on; every one of RiskScanAI's commits is an ancestor of what came next.
CyberReadyAI grew to 747 commits and a near-launch state, then paused with intent when a time-boxed opportunity opened: a Supreme Court ruling had cleared the way for importers to recover billions in wrongly-collected tariffs, on a window closing monthly. TariffRefunded was built into it. Along the way came a five-day sprint that mattered more than any product — a local-only investigation tool built to help a friend being stalked, delivered as a report to law enforcement — and an interview-prep system with no application code at all, just disciplined files and agents.
The most recent act: StackBadger, a security-testing harness born inside TariffRefunded, generalized and published as open source — the one piece of this run anyone can use today.
The graveyard is load-bearing
Below the register sits a graveyard of ideas that got real work — a design document, real research, a real validation pass — and then a deliberate no. A 3D-printing product scrapped when an adversarial design review said "prove the hard part first." A pet-supplement brand scrapped by validation research before a single line of code — the cheapest no on the board. Each has its reason on the record.
I document the scrapped ideas as carefully as the launches, because the discipline of stopping is most of what separates a portfolio from a pile of half-finished apps. Agents make starting nearly free; that makes the decision not to build the most expensive judgment left.
What compounds
The real product of these 136 days isn't any single app — it's the chain of lessons, each becoming the next project's day-one rule. The first product's timeout war became a permanent architecture pattern. The second's guardrail audit became a rubric for what counts as a real control. The later products inherited solution libraries, security baselines, and tooling on day one, and moved faster for it.
And one principle kept re-proving itself everywhere, in agent harnesses and security programs alike: a written rule is a suggestion; a gate is a control. The rules I wrote down got broken. The rules I automated held. That's the thesis of this site, and every post here is one more piece of its evidence.