I build review-gated legal infrastructure for AI, SaaS, privacy and regulated markets.
I am a German-qualified lawyer, former data scientist and partner at gunnercooke. My work sits between legal engineering, product engineering and developer relations: structured intake, deterministic checks first, visible source provenance, human-approved outputs and audit trails.
All public examples use synthetic data only. They contain no client data, privileged material, confidential information, candidate data or personal data.
For the compact reviewer map, start with Portfolio Proof Index.
| Repo | Problem | Solution | What it proves | Stack | Quick demo | Safety note |
|---|---|---|---|---|---|---|
| legal-ops-agent | Legal operations teams need supervised agentic workflows that do not skip review. | Typed matter intake, deterministic risk triage, reviewer routing, MCP-style tools and approval-gated export. | Practical ability to build legal AI workflows with visible blockers, provenance and human approval. | Python, pytest, CLI, MCP-style schemas | make check, then run one matter from docs/evaluator-guide.md |
Draft-only outputs, synthetic matters, export blocked before approval. |
| eu-ai-act-classifier | AI product teams need an explainable first-pass EU AI Act classification path. | Deterministic classifier with risk tiers, obligations, citations, timelines, guidance overlays, CLI and review status. | Legal-source-aware classification that separates binding text, provisional dates and nonbinding guidance. | Python, uv, pytest, ruff, CLI, optional cockpit | uv run eu-ai-act-classify examples/credit_scoring.json |
Classification is a review packet, not legal advice. |
| ai-saas-legal-ops-starter-kit | AI SaaS companies repeat the same commercial, privacy, vendor and launch-governance reviews. | Public-safe legal operating layer with schemas, deterministic rules, risk register, blockers, approvals and audit trail. | How recurring legal work can become typed workflows without hiding judgment. | TypeScript, Node, JSON Schema, Vitest | npm run demo:json |
Synthetic examples only, launch export blocked until required approvals exist. |
| MiCAR-Authorization-Co-Pilot | MiCAR authorisation work needs source-verified drafting, scoped access and lawyer approval. | Regulated product workflow with official source ingestion, redaction, audit logs, deterministic stub mode and approved export. | A reusable pattern for regulated drafting where source anchors and review state travel with the output. | Python, FastAPI, uv, TypeScript, frontend build | make test, then inspect sample output packs |
Draft materials only, no external synthesis before source and approval gates. |
| micar-whitepaper-linter | MiCAR white paper checks should be deterministic, cited and testable. | Rule engine for Annex I, II and III requirements with stable severity, JSON and human-readable reports. | Regulation as code with cited findings for review. | Python, uv, pytest, CLI | make check, then uv run --extra dev python -m micar_linter examples/art-stablecoin.json --json |
Findings are cited review items for a qualified reviewer. |
| eu-financial-reg-horizon-scanner | Regulated product teams need source-aware monitoring and approved delivery for EU financial regulation. | Demo publication ingestion, taxonomy classification, product impact scoring, reviewer queue and delivery gate. | How regulatory monitoring can be made review-gated and transferable across domains. | TypeScript, Next.js, Prisma, Vitest, YAML rules | npm run digest:dry-run |
Delivery disabled by default, reviewer approval required before alerts. |
| SovereignOS | Specialised legal workflows need a small reusable workflow state layer. | Generic engine for intake, deterministic rule evaluation, reviewer assignment, approval, audit log and export. | The platform layer behind review-gated legal, compliance and AI governance workflows. | Bun, TypeScript, typed state machine | bun run demo |
Workflow infrastructure only. Approved outputs carry reviewer identity, timestamp and reason. |
- SaaS Contracting and DPA Playbook: public-safe structured judgment for SaaS contracting, DPA triage, SCCs, CCPA, AI model-provider terms, zero-data-retention and open-source licence risk. It complements the starter kit by expressing legal positions before they become workflow rules.
- ocr_rename: local batch OCR and rename utility with dry-run, manifest rollback, duplicate handling and sensitive filename guards.
- Legal RAG evaluation notes: scorecards and synthetic examples for citation accuracy, source completeness, uncertainty handling and hallucination resistance.
- Case studies: short technical notes for selected prototypes and regulatory workflows.
Forks are kept separate from original proof-of-work repositories. A fork is presented here only where it contains a documented contribution, evaluation branch or clearly marked fork note.
- Dust: upstream interaction evidence through issue #26605 on audit-log events for human approval and rejection of gated tool actions, and PR #26667 fixing
AbortErrordetection in a JavaScript SDK streaming example. No product claims are made from the fork itself. - Model Context Protocol, agent framework and chatbot forks: used as tool references or contribution bases. They carry
FORK_NOTES.mdwhere meaningful local changes exist. - Legacy experiments, including archived compliance prototypes, are labelled as historical and point to the maintained successor repositories.
Start with one flagship repo and run its shortest demo command. A good 90-second review should answer four questions:
- Is the intake structured and synthetic?
- Are deterministic checks visible before any model-style drafting?
- Is export blocked until a human approval state exists?
- Does the output carry source provenance, review status and an audit trail?
Then inspect the tests around blocked export, source rejection, approval state and golden outputs. The strongest evidence lives in the tests and sample packets, not in marketing copy.
- Partner at gunnercooke in Germany, advising on AI, SaaS, crypto, capital markets, payments and EU financial regulation.
- Trained at Hengeler Mueller, Freshfields Bruckhaus Deringer and Cleary Gottlieb. German-qualified lawyer, admitted 2012.
- Former data scientist at Dudenverlag, building Python NLP pipelines.
- Languages: German native, English fluent, French professional working knowledge.
This portfolio uses synthetic examples only. It does not include client data, privileged material, confidential negotiation history, candidate data or personal data. Public outputs are draft-only review artifacts and do not provide legal advice.