Public Engineering Case Study

How Tazou Runtime Works

This portfolio is an inspectable runtime, not a static gallery. The goal is to show how Mootez Aloui designs AI systems that stay useful under constraints, misuse attempts, and adversarial traffic.

8 public systems12 experience records7 skill domains

System Overview

The runtime has two explicit paths. Human visitors get the narrative portfolio plus a constrained digital twin. Scraping agents are routed to a machine-readable layer designed for precise summarization.

Incoming Request
      |
      v
Edge Middleware (Agent Detection)
      |
  +---+-----------------------------+
  |                                 |
Human Browser                   Scraping Agent
  |                                 |
  v                                 v
App Router                      /agent Routes
  |                                 |
  +-----> Landing + Twin UI         +-----> profile.json / projects.json / verdict.json / llms.txt
               |
               v
         /api/twin/chat
               |
      classify -> retrieve -> prompt -> provider -> validate -> return

Digital Twin Controls

The twin is intentionally narrow. It only answers about Mootez's work, systems, and professional judgments. Scope is enforced before and after the model call to reduce cost and prevent drift.

User Message
    |
    v
[Layer 1] Prompt Scope Contract
    |
    v
[Layer 2] Pre-call Classifier
  - in_scope      -> continue
  - out_of_scope  -> deflect, no LLM call
  - ambiguous     -> fallback classifier path
    |
    v
[Layer 3] Post-call Validator
  - pass -> return answer
  - fail -> replace with scoped deflection

Out-of-scope prompts are deflected without provider calls.
Response validator blocks generic-assistant or drifted outputs.
Retrieval is corpus-grounded and prompt assembly is deterministic.

Agent Gauntlet

Middleware evaluates user-agent and request context. High-confidence agents are rewritten to `/agent`, where stable JSON and text endpoints provide a more reliable summary surface.

Request -> middleware.ts
    |
    +-> Known agent signatures? (GPTBot, ClaudeBot, PerplexityBot, BingBot, ...)
    |       yes -> confidence high -> rewrite to /agent
    |
    +-> Explicit self-identification? (/agent path or ?agent=1)
    |       yes -> confidence high -> rewrite to /agent
    |
    +-> Behavioral hints (headers/cookies/fetch hints)
            medium confidence -> keep human page + detection headers
            low confidence    -> normal human experience

`/agent/profile.json``/agent/projects.json``/agent/verdict.json``/llms.txt`

Failure Modes and Mitigations

Prompt Drift

Risk: the twin starts behaving like a generic assistant. Mitigation: validator checks phrasing and behavior constraints, then substitutes deflections when needed.

Agent Misclassification

Risk: some automated traffic looks browser-like. Mitigation: confidence bands, self-identification override (`?agent=1`), and conservative routing for medium confidence.

Provider Instability

Risk: one model endpoint fails or rate-limits. Mitigation: provider fallback chain and safe deflection behavior under degraded conditions.

Low-Signal Summaries

Risk: crawlers produce vague candidate summaries. Mitigation: machine-readable profile/projects/verdict routes with evidence-linked strengths and concerns.

Inspection Entry Points

Twin interactive mode: /twin
Agent landing: /agent
Human portfolio: /