---
title: TinyToes Auditor
description: On-device AI, zero PHI exposure
section: craft
tags: [project, ai-and-automation]
genre: reference
stability: stable
lastUpdated: 2026-04-19
url: https://fardiniqbal.com/docs/craft/projects/tinytoes-auditor
---


HIPAA by design. PHI never leaves the device. A local-first PDF validator for
pediatric therapy clinical workflows — every byte of patient data stays inside
the browser tab. No API routes, no analytics, no network calls during
validation. The model downloads once from a CDN, then the app runs fully
offline.

## What it is [#what-it-is]

A browser-resident validator for clinical Service Coordination Notes. Drop a
PDF into the dropzone and the app extracts text page-by-page with `pdfjs-dist`
(tagging every line with a `[PAGE:N]` marker), runs six deterministic pattern
engines in parallel, optionally verifies edge cases with an on-device LLM
running on WebGPU, and returns a categorized report: Must Fix (critical) vs
Fill In (warnings), each with page number, excerpt, and surrounding context.
The model download is the only network call the app ever makes.

## By the numbers [#by-the-numbers]

| Metric                          | Value                    |
| ------------------------------- | ------------------------ |
| Lines of code                   | 6,570                    |
| Commits                         | 96                       |
| UI components                   | 9                        |
| Validation engines              | 6                        |
| E2E test specs                  | 3 (Playwright)           |
| Model size (largest tier)       | 3.8B params / \~2.5GB    |
| Network calls during validation | 0                        |
| Server-side processing          | 0                        |
| Analytics events                | 0                        |
| Model-tier verdict parity       | 100% (360M matches 3.8B) |

## Architecture [#architecture]

```
PDF file (local)
    |
    v
pdfjs-dist  ->  parallel page extraction with [PAGE:N] markers
    |
    v
6 validation engines (regex + structural checks, in parallel)
    |
    v
Candidate findings
    |
    v
Phi-3.5-mini (WebGPU)  ->  binary YES/NO verification per finding
    |
    v
Categorized report: Must Fix | Fill In
```

The pattern engines do the heavy lifting. The LLM exists solely to reject
false positives on ambiguous cases, so validation logic stays deterministic,
auditable, and reproducible across model sizes.

## Key features [#key-features]

* **Six validation engines** — Template-artifact detection (`[CHILD'S NAME]`
  placeholders, stray `?`, `TBD`/`TODO`); date validation (referral date, 30-
  and 45-day compliance windows, year mismatches, impossible dates);
  terminology consistency (ISC vs OSC cross-contamination); instructional-text
  detection (unfilled `(describe here)` hints); staffing-contact validation
  (named contacts required); service-type classification with structural
  cross-checks for Initial / Ongoing / Staffing / ParentContact.
* **LLM verification layer** — Phi-3.5-mini-instruct (3.8B params, \~2.5GB) via
  WebGPU. Binary YES/NO verification prompts only; the LLM confirms findings
  from the pattern engines but never generates free text. Three tiers (Quick
  360M / Balanced 1.5B / Thorough 3.8B) for older hardware, with GPU detection
  surfacing recommendations before download.
* **Drag-drop PDF intake** — In-browser preview, real-time progress log
  showing which engine is running and what it found, keyboard shortcuts (`N`
  new document, `C` copy report, `P` preview), dark/light theme with
  eye-comfort warm grays, Framer Motion transitions.
* **Page-anchored findings** — Every issue carries a page number, excerpt,
  and surrounding context, so a clinician can jump directly to the source.

## What makes it stand out [#what-makes-it-stand-out]

* **HIPAA by absence, not by attestation.** The app passes HIPAA because
  there is no mechanism by which PHI could leave the device — no API route
  accepts a PDF, no analytics, no telemetry, no `sendBeacon`, no
  `console.log` of PHI. Devtools Network tab stays empty during validation.
* **Zero-cloud inference.** The LLM runs inside the browser via WebGPU.
  Weights download once from the MLC CDN and cache in origin storage; every
  subsequent run is offline.
* **Model-tier parity.** The 360M model produces the same verdicts as the
  3.8B model, because deterministic pattern engines do the finding and the
  LLM only answers binary YES/NO.
* **Auditable by design.** Pattern engines are regex + structural checks —
  readable, reproducible, diffable. No opaque model output drives the
  verdict.

## Stack [#stack]

| Layer        | Technology                                                                  |
| ------------ | --------------------------------------------------------------------------- |
| Framework    | Next.js 16 (App Router), React 19, TypeScript 5 strict                      |
| On-device AI | WebLLM (`@mlc-ai/web-llm`), WebGPU, Phi-3.5-mini-instruct                   |
| PDF          | `pdfjs-dist`                                                                |
| UI           | Tailwind CSS v4, Framer Motion                                              |
| Testing      | Playwright (3 E2E specs: core flow, zero-network guarantee, theme contrast) |
| Tooling      | ESLint 9                                                                    |

## Links [#links]

* **Source:** [github.com/FardinIqbal/TinyToes-Auditor](https://github.com/FardinIqbal/TinyToes-Auditor)