TinyToes Auditor

HIPAA by design. PHI never leaves the device. A local-first PDF validator for pediatric therapy clinical workflows — every byte of patient data stays inside the browser tab. No API routes, no analytics, no network calls during validation. The model downloads once from a CDN, then the app runs fully offline.

What it is

A browser-resident validator for clinical Service Coordination Notes. Drop a PDF into the dropzone and the app extracts text page-by-page with pdfjs-dist (tagging every line with a [PAGE:N] marker), runs six deterministic pattern engines in parallel, optionally verifies edge cases with an on-device LLM running on WebGPU, and returns a categorized report: Must Fix (critical) vs Fill In (warnings), each with page number, excerpt, and surrounding context. The model download is the only network call the app ever makes.

By the numbers

Architecture

PDF file (local)
    |
    v
pdfjs-dist  ->  parallel page extraction with [PAGE:N] markers
    |
    v
6 validation engines (regex + structural checks, in parallel)
    |
    v
Candidate findings
    |
    v
Phi-3.5-mini (WebGPU)  ->  binary YES/NO verification per finding
    |
    v
Categorized report: Must Fix | Fill In

The pattern engines do the heavy lifting. The LLM exists solely to reject false positives on ambiguous cases, so validation logic stays deterministic, auditable, and reproducible across model sizes.

Key features

• Six validation engines — Template-artifact detection ([CHILD'S NAME] placeholders, stray ?, TBD/TODO); date validation (referral date, 30- and 45-day compliance windows, year mismatches, impossible dates); terminology consistency (ISC vs OSC cross-contamination); instructional-text detection (unfilled (describe here) hints); staffing-contact validation (named contacts required); service-type classification with structural cross-checks for Initial / Ongoing / Staffing / ParentContact.
• LLM verification layer — Phi-3.5-mini-instruct (3.8B params, ~2.5GB) via WebGPU. Binary YES/NO verification prompts only; the LLM confirms findings from the pattern engines but never generates free text. Three tiers (Quick 360M / Balanced 1.5B / Thorough 3.8B) for older hardware, with GPU detection surfacing recommendations before download.
• Drag-drop PDF intake — In-browser preview, real-time progress log showing which engine is running and what it found, keyboard shortcuts (N new document, C copy report, P preview), dark/light theme with eye-comfort warm grays, Framer Motion transitions.
• Page-anchored findings — Every issue carries a page number, excerpt, and surrounding context, so a clinician can jump directly to the source.

What makes it stand out

• HIPAA by absence, not by attestation. The app passes HIPAA because there is no mechanism by which PHI could leave the device — no API route accepts a PDF, no analytics, no telemetry, no sendBeacon, no console.log of PHI. Devtools Network tab stays empty during validation.
• Zero-cloud inference. The LLM runs inside the browser via WebGPU. Weights download once from the MLC CDN and cache in origin storage; every subsequent run is offline.
• Model-tier parity. The 360M model produces the same verdicts as the 3.8B model, because deterministic pattern engines do the finding and the LLM only answers binary YES/NO.
• Auditable by design. Pattern engines are regex + structural checks — readable, reproducible, diffable. No opaque model output drives the verdict.

Stack

Links

• Source: github.com/FardinIqbal/TinyToes-Auditor