A guided tour for first-time readers
The building blocks first, then a closer look at Claude itself and how software goes from a laptop to live. Two real builds, Modora and Quy Hoa Mat Troi, run throughout as worked examples.
No prior knowledge of AI or automation assumed.
Part zero · Orientation
Part zero · Orientation
Almost any practical AI system has the same outline: people use a single screen, and behind it an AI and a store of data do quiet work. We will keep returning to two real builds, Modora and Hoa Mat Troi, as examples, but the shape is general.
A family, or a Foundation team.
The only thing people touch.
Reads, drafts, proposes.
Kept private, per owner.
The AI only proposes. Nothing leaves for the world until a person confirms it.
An owner's system is private and walled off, not a shared pool. (Modora: one family. Hoa Mat Troi: one Foundation.)
The AI is kept away from the dangerous lever. In Modora it never moves money; in Hoa Mat Troi it never breaks a child's dignity.
Part one
The core building blocks. Each is one simple idea, with an analogy and a real example from both systems.
The basics
01 / 17
A terminal is a plain text window where you talk to a computer in typed commands, no buttons, no mouse. It is where code is run, and for decades it is where almost all software was built, line by careful line.
An editor to write the code; a terminal to run it; a trained person to think of every line.
$ python report.py
Report saved · 3 warnings
You type a line, it runs, it prints back. That loop is the whole interface.
A workshop with only hand tools. Every joint is measured, cut and sanded by a skilled person. Nothing is wasted, but nothing is fast.
Read the manuals, write each line, run it, read the error, fix it, repeat. A small change could take a careful hour, and only a trained programmer could do it at all.
The basics
02 / 17
AI can now read and write code itself. The painstaking work, drafting a tool, fixing an error, wiring two services together, becomes a plain-language request answered in seconds. That one shift is what makes the rest of this deck possible.
The bottleneck was never ideas. It was the slow, manual typing in between. AI removes most of it.
Power tools arriving in that workshop. The skilled hand still guides the work, but a day of joinery now takes minutes.
Writing, reading, explaining and fixing code stop being the bottleneck. One person can now build and run what once needed a whole team.
The human's job shifts from typing every line to deciding what to build, steering it, and checking the result. Coding judgement matters more than ever; routine hand-coding much less. This ripple reaches every job that touches software.
The basics
03 / 17
The product is written as text files: code. The whole collection is a repository, or repo. Deploying means taking that code and making it run live.
A recipe book (the repo) versus the cooked dish served to guests (the live app). Same recipe, many dinners.
One shared codebase is packaged into a single image, and that one image runs every family's instance.
One private repo holds every tool, agent, and rule, sealed into one image that runs each service.
The basics
04 / 17
The passwords, keys, and tokens the system needs to work, kept out of the code so they cannot leak.
The building's master keys live in a locked safe, never taped to the front door (the code).
Keys live in Google's Secret Manager. The code only borrows them at runtime; none is written into the code.
Keys live in a private, never-committed settings file. The Foundation owns every one.
The basics
05 / 17
A secret (a password, an API key, a token) must never be typed into the code or saved to GitHub. If it leaks once, it is burned forever, so secrets live apart from the code, and each place that runs the code keeps its own copy.
Where secrets live
Google Secret Manager GitHub Secrets AWS Secrets Manager 1Password
House keys. You don't engrave them into the front door; you keep them on a ring, hand a copy only to who needs it, and re-cut the locks if one goes missing.
Secrets sit in a local file named .env that is "git-ignored", so it is never committed. The code reads them only at the moment it runs.
Each environment that runs the code, Cloud Run, GitHub, Claude Code Web, keeps its own private copy in a secrets store. The code asks for a key by name; the platform hands it over. Same code, different keys per place.
The basics
06 / 17
The "brain": software trained to understand and write language, or to read images. Both systems use two, each with a different job.
The thoughtful associate who reads, reasons, drafts, and explains in plain words.
The scanner that turns a photographed document into text the system can use.
Claude writes (a summary, a caption, a thank-you); Gemini reads documents (a statement, a report card).
The basics
07 / 17
AI reads and writes in tokens, small chunks of text (roughly ¾ of a word). You pay by the token, and the model can only hold so many at once.
In plain terms: longer documents and longer answers cost more and fill the model's memory faster.
The unit the model counts: about 4 characters, or ¾ of a word. A short sentence is a dozen or so tokens.
How much it can keep in mind at once. Claude Opus 4.8 holds up to 1,000,000 tokens, a whole book, in a single conversation.
Pay-as-you-go by the million tokens, roughly US$5 in / US$25 out for the top Claude model, less for lighter ones. Re-using context ("caching") and overnight "batches" cut this sharply. A monthly Pro / Max plan instead gives an allowance that refills on a schedule, spent faster by heavier models.
The basics
08 / 17
An AI model plus the ability to take actions on your behalf. Not just a chatbot that talks, but an assistant that can read, decide, and do.
The difference between someone who gives advice over the phone, and a capable assistant at the desk who can pull the files and draft the letter.
"Ask Modora" is the agent the family talks to about their own wealth.
Small agents each do one job: one culls photos, one writes captions, one drafts a donor thank-you.
The basics
09 / 17
The specific actions an agent is allowed to take. An agent with no tools can only talk.
Each tool is one narrow, well-defined action, nothing more.
The assistant's hands and instruments: read a document, look up a balance, draft a reply, build a report.
read the registry draft an email generate a report
sanitise a photo cull the best frames build a post pack
The basics
10 / 17
A file isn't automatically readable text. The system first turns each kind, a Word doc, a slide deck, a PDF, a photo of a page, into plain text or Markdown the model can understand.
Tools that do this
Tesseract Google Document AI AWS Textract Pandoc
A scanner with a translator attached. It doesn't just photograph the page; it works out the words, tables and headings on it.
Files born digital (Word, PowerPoint, a text PDF) give up their text directly. A scan or a photo needs OCR, optical character recognition, to read the letters off the image.
Modora reads a bank statement or a brokerage PDF; Hoa Mat Troi reads a scanned report card. Gemini does the seeing; the text then flows to Claude.
The basics
11 / 17
When the answer isn't in the files it already has, an agent can fetch a web page or run a search, read the result, and use it, much like a person opening a browser.
Ways to fetch
Web search Official APIs RSS feeds A saved copy
A researcher with a library card. It can look things up, but only sources it can actually reach and open.
Pages behind a login or paywall, sites that refuse automated visitors, "prove you're human" checks, or pages that only appear after heavy scripts run. The agent meets a wall, not the content.
Use an official data feed (an API) instead of the page, hand the agent the file or text directly, rely on a saved copy, or have a person fetch it and paste it in.
The basics
12 / 17
Skills are packaged know-how the agent pulls out for a task, a reusable playbook. Rules are standing instructions it must always obey.
Recipe cards the assistant keeps in a drawer and reaches for when a task needs them.
The house style pinned above the desk. Modora: "never move money." Hoa Mat Troi: "dignity, never pity."
Rules enforce the human approval gate, so no rule can be quietly skipped.
The basics
13 / 17
So far everything has run on one laptop. To serve real people, the same code runs on a rented computer in someone else's data centre, the cloud, instead of a machine you buy and keep switched on.
a request arrives, it wakes for a moment, then sleeps
A food stall that opens the moment a customer arrives and shuts when the street is empty. You never pay rent for an empty stall.
The family's system lives on Cloud Run. Idle overnight, it sleeps, and costs almost nothing.
The photo intake, donor form, and care services run on Cloud Run, waking only when used.
The basics
14 / 17
The same typed terminal from the start of this part, now pointed at the cloud. Instead of clicking buttons, an operator types one instruction at a time.
gcloud is the typed tool for Google Cloud: turn services on, send new code live, read logs.
gcloud run deploy intake --region asia
Only an operator ever types these lines. The family and the Foundation team never see the command line.
The basics
15 / 17
Three layers keep a system trustworthy. None of them rely on hoping it behaves.
An automatic checklist run every time the code changes, so nothing ships broken.
Hundreds must pass
The AI only proposes. A person must confirm before anything changes or is sent.
AI never acts alone
A full dress rehearsal with fake data and a fake AI, no real keys. A stunt double on a rehearsal stage.
Tested for free, offline
The basics
16 / 17
Both systems put the same three layers (tests, a human gate, an offline rehearsal) around their riskiest step. They differ only in which checks each spells out, because the dangerous lever is different.
The risky step is publishing a child's image, so the checks are about dignity and safety.
The risky step is touching money or sending mail, so the checks fence those off.
Whatever the irreversible action is, it is fenced behind a person.
The basics · the whole picture
17 / 17
the brain
the hands
the playbooks
the guardrails
all four, working as one assistant
approves before anything goes out
A model gains tools and skills, is held by rules, and becomes an agent. The agent proposes; a person decides.
Part two
The assistant this workspace is built around: how you talk to it, how it writes code, how it designs, and how it plugs into everything else.
Meet Claude
01 / 09
The everyday way to talk to Claude: a chat window at claude.ai. You ask in plain language; it answers, explains, drafts, and reasons. Nothing to install.
Others in this category
ChatGPT Google Gemini Microsoft Copilot Perplexity
Cost, basic use: a free tier; Pro around US$20/month for more use.
A knowledgeable colleague on chat. You can paste in a document, ask follow-ups, and think out loud together.
Explaining, drafting, summarising, brainstorming, and checking your reasoning, one conversation at a time.
On its own it only talks. To act on the world, read your files, run code, post, it needs tools (the agent idea from Part one).
Meet Claude
02 / 09
Claude with hands: it reads and changes a whole project's files, runs commands, and uses tools, not just talks about code. It is what built and edits this workspace.
Others in this category
GitHub Copilot Cursor Windsurf Gemini CLI
Cost, basic use: included with a Claude Pro/Max plan, or pay-as-you-go by token.
A capable engineer at the keyboard, not an advisor on the phone. It opens the files, makes the change, runs the tests, and shows you the result.
Locally on a laptop (inside VS Code or a terminal), working on files on your own machine. Online as "Claude Code Web", running in the cloud, able to work overnight on its own branch.
It proposes changes; a human reviews and approves before anything is kept or shipped (the approval gate from Part one).
Meet Claude
03 / 09
Claude doesn't only write code, it designs. Give it a brief and it produces real, working web pages, slide decks, dashboards and mockups, not just a picture of one.
Others in this category
Figma AI v0 Canva Framer
Cost, basic use: part of the same Claude usage, no separate design tool to buy.
A designer who also builds. The thing it hands back is the finished, clickable page, ready to refine, not a flat drawing.
Explainer decks (this one), website pages, the management-hub mockups, quote cards and graphics, on-brand and editable.
Strong layout and typographic instinct, and it iterates fast from your feedback. It still needs a human eye for brand fit and final taste, exactly how this deck was made.
Meet Claude
04 / 09
On its own Claude talks. Connected to tools, it acts. The same model powers the chat, the code, and every small agent here, each given just the tools it needs.
The thread: this ties the whole of Part one together, model + tools + skills + rules.
One brain, many jobs. A single capable mind you can seat at the help desk, the workshop, or the design studio by handing it different tools.
Tools (one narrow action each), skills (packaged know-how), and a shared standard called MCP that lets Claude plug into outside services safely.
One caption agent, one photo-culling agent, one donor thank-you agent, all the same Claude, each fenced to one job and one set of tools.
Meet Claude
05 / 09
There are two separate ways to pay for Claude, and they do not mix. A monthly subscription is for a person using Claude's apps; the API is for your own code calling Claude by the token.
A flat monthly fee to use the Claude apps yourself: the chat and Claude Code. Free to start; Pro about US$20/month; Max higher, for heavy daily use. You get an allowance that refills on a schedule.
Your programs call Claude and pay per token. Roughly, per million tokens: Opus US$5 in / US$25 out; Sonnet $3 / $15; Haiku $1 / $5. Caching and overnight batches cut this sharply.
A subscription pays for one person at a keyboard; the API bills an organisation's account per call. An API key draws on API credit, never a Pro seat. Every automated tool in these systems runs on the API.
Meet Claude
06 / 09
The same model can feel worlds apart depending on what it can see. A blank chat knows only what you paste; a properly set-up Claude Code carries your project's files, tools, skills, rules and memory on every turn.
Most of the magic is the set-up, not the model.
Starts fresh each time. You paste context in by hand; it cannot open your files or run anything. Excellent for thinking and drafting, blind to your actual project.
Reads the whole repository, runs commands and tests, obeys your written rules, and records decisions in memory files. It acts where the chat can only advise.
Asking plain chat to "fix my app" (it can't see it); skipping the rules file so it drifts off-style; pasting half a document and getting an answer for the wrong half.
Meet Claude
07 / 09
Claude is strongest when you point it well. A few habits make the difference between a vague answer and a finished job.
Direction in, quality out. It is a capable colleague, not a mind-reader.
Say what "done" looks like in the first message: the outcome, the constraints, the format. Front-loaded intent beats a trickle of half-instructions.
The files, examples, or data it should work from, and permission to read them. It cannot use what it cannot see.
Let it run tests, search, and verify; then you review. Tell it which decisions are yours to make. Correct what's off, and it learns your taste.
Meet Claude
08 / 09
AI tools have a few failure modes worth knowing. None are mysterious once you have seen them, and each has a simple guard.
In a long session its grip on early details fades; it starts to contradict things said an hour ago. Guard: write decisions into a rules or memory file, and start a fresh session for a new task.
It can state a wrong fact or invent a detail in fluent, convincing prose. Guard: ask for sources, have it run the code, and check anything load-bearing.
A pasted file goes out of date; a remembered fact silently no longer holds. Guard: re-share the current file, and treat old notes as hints to verify, not gospel.
Meet Claude
09 / 09
Point this same idea at your own life: gather your documents and records into one place, then ask questions of them in plain language.
Two kinds of library: tidy records (expenses, contacts, donations) go in a small database for precise queries; loose documents (notes, PDFs, letters) are read into text for Claude to answer across.
A tiny private librarian. You stock the shelves once; afterwards you just ask.
(1) Gather the files into one folder. (2) For records, drop them into a single SQLite file. (3) Ask Claude (Chat or Code) to read the folder or query the file.
Plain-language questions: "which donors gave more than once this year?" or "summarise every letter that mentions a scholarship."
Part three
How software is built on a developer's machine, then shipped to run for real, and the outside tools that make it possible.
From laptop to live
01 / 17
Run the whole system on a laptop with fake data and keys, and change anything.
Real users, real data. Changes arrive only by a deliberate deploy.
Tries something risky on live; that is what local is for.
From laptop to live
02 / 17
The same five steps for every change, in both systems. Nothing reaches live without passing the tests first.
From laptop to live
03 / 17
Tracks every change to the code, the recipe book's full history.
The model that reads and writes language.
The model that reads documents and images.
Where the services actually run, on demand.
Hosts the public review site and website.
A small, file-based database for records.
Process video, and strip a photo's location data.
Where the team uploads photos and reads dashboards.
Notifications, and the public page posts go to.
None are exotic. Each does one job the system would otherwise have to build from scratch. The next four slides open up the ones we lean on most.
From laptop to live
04 / 17
The program where code is written and edited: a smart text editor made for software. It is also the room where Claude sits and works next to the operator.
Others in this category
Cursor Sublime Text PyCharm Neovim Zed
Cost, basic use: free and open-source. (Cursor adds a paid tier around US$20/month.)
A carpenter's workbench. The raw material is shaped here, every tool within reach, before anything is built or shipped.
Every tool, agent instruction, and rule is opened and edited here. Claude works at the same bench, proposing changes the operator reads on screen and accepts or rejects.
Only the operator. The Foundation team and the families never open it; they only ever see the finished screens it produces.
From laptop to live
05 / 17
The programming language nearly all of this is written in. Plain to read, with a huge free library of ready-made parts, and the common tongue of data and AI work.
Others in this category
JavaScript / TypeScript Go Ruby Java
Cost, basic use: free and open-source, language and every safety-net tool alike.
A widely-spoken language. Because so many people write it, almost any problem already has a tested, shareable solution on the shelf.
A set of free checkers rides alongside: Pydantic checks data is shaped right, mypy catches type slips, ruff keeps the style tidy, and pytest runs hundreds of tests before anything ships.
Python is taught everywhere, so the workspace can be handed to someone new without hunting for a rare specialist.
From laptop to live
06 / 17
Three plain-text formats that hold information so both people and computers can read it. No special program needed, just a text editor. Each has a familiar paper equivalent.
Cost, basic use: free, open standards owned by no one.
Like a filled-in form: every field has a printed label and a value next to it. How computers hand each other structured data. Cousins: XML, CSV.
Like a typed letter: headings, lists and emphasis from a few simple marks (# for a heading, * for a list). This plan is written in it. Cousins: HTML, AsciiDoc.
Like a preferences sheet: a tidy list of settings, one per line. The top of each post's status file, the publish plan. Cousins: TOML, INI.
From laptop to live
07 / 17
As code changes, you want a record of every change: what changed, when, why, and the power to step back to any earlier state. That record-keeping is version control. Git is the tool almost everyone uses for it.
Without it, "save as final_v2_FINAL.doc" is the best you can do. With it, history is exact and reversible.
A document's full edit history, but for a whole project: every save is dated, labelled with a note, and reversible. You can read any past version, or undo back to it.
One saved checkpoint: a snapshot of the project plus a short note on why it changed. History is just a chain of these.
A bad change is never permanent, and you can always see exactly what an overnight AI run did before keeping it.
From laptop to live
08 / 17
Git keeps a dated, reversible record of every change to the code. GitHub stores that record online, as a backup and a shared place to work on it.
Others in this category
GitLab Bitbucket Azure DevOps
A logbook that never loses a page, paired with a fire-proof copy kept off-site. Any change can be read back, or undone, even months later.
The whole workspace is one private repository on GitHub. Overnight, Claude can even propose improvements as drafts; a person reviews and accepts them in the morning.
Git is the method, the logbook on the machine. GitHub is the home for it online: the backup, and the place changes are reviewed before they count.
From laptop to live
09 / 17
A complete database that lives in a single file, with no separate server to run. Fast, reliable, and the most widely used database in the world, it's inside every phone.
Others in this category
PostgreSQL MySQL / MariaDB DuckDB
Cost, basic use: free, public domain. No server bill because there's no server.
A meticulous filing cabinet that happens to be one file on disk. Copy the file and you've copied everything; back it up like any document.
It's the system of record. One file holds every post, photo and caption; another the finance ledger; another the beneficiary register.
No server to keep alive or secure, and the whole record is a single file that's trivially backed up.
From laptop to live
10 / 17
The everyday Google suite, Drive, Sheets, Forms, Docs, used as the team's shared desk. Apps Script is the small bit of code that lets those everyday tools wake the system.
Others in this category
Microsoft 365 Dropbox Airtable Zapier / Make
Cost, basic use: free with a personal Google account; Business plans from ~US$6/user a month.
The shared office: filing cabinets (Drive), the wall planner (Sheets), the intake form on the counter (Forms), all in one familiar place.
The team uploads field photos to Drive, fills the brief on a Form, and reads the dashboard in Sheets, the one part of the machinery they touch directly. No code, no command line.
A few lines of Google's own JavaScript attached to a Form or Sheet. A built-in "on submit" trigger fires the moment someone sends the form; the script calls the system's web address to start the work. It is the doorbell between the team's familiar tools and the cloud.
From laptop to live
11 / 17
How a donation is taken and matched. VietQR is Vietnam's standard bank-transfer QR code; SePay watches the bank account and signals the moment a transfer lands.
Others in this category
Casso VNPAY MoMo ZaloPay
Cost, basic use: VietQR is free; SePay has a free tier, paid plans around tens of thousands of VND a month.
A labelled donation box. The QR is the labelled slot; SePay is the clerk who notices a gift drop in and writes down who, how much, and when.
Each donor gets a personalised VietQR carrying a hidden reference code. They scan and transfer; SePay sees the credit land and reads that code, which names the donor. The system records the gift, then builds a PDF receipt and emails it. (The fixed receipt is the one message allowed to send itself.)
No card fees or middle-man, just a plain bank transfer made trackable and self-receipting. (The bank trigger isn't live yet, so today a person does the matching.)
From laptop to live
12 / 17
A service that publishes a web page to the public internet: fast, behind a single web address, with copies served from data centres around the world.
Where Google Cloud runs the private machinery, Cloudflare hands finished pages to the public.
Others in this category
Netlify Vercel GitHub Pages AWS Amplify
A global newsstand. You hand over one finished page; identical copies appear on shelves in every city, so any reader gets it instantly.
It hosts the review site, where this very explainer lives, and the Foundation's public website. Copies sit worldwide, so pages load quickly here in Vietnam.
Only an operator publishes to it; anyone with the link can read. Nothing private, no child's data or keys, is ever put here.
From laptop to live
13 / 17
gcloud is the remote control. Google Cloud is the workshop behind it, a handful of parts that each do one thing.
The typed remote control for everything below.
Runs your code on demand, then sleeps.
Packages the code into a sealed image.
The safe that holds keys and tokens.
Buckets that hold files, photos, and backups.
Robot identities, and exactly what each may touch.
A service account is a robot employee with an ID badge: no person logs in, the service carries its own identity and only the permissions it needs.
Others in this categoryAmazon Web Services (AWS)Microsoft AzureDigitalOcean
From laptop to live
14 / 17
Every action in the cloud happens under an identity. A human account is a person who logs in; a service account is a robot identity the code itself carries, so a program can act with nobody signed in.
It can do the same things a person could, scoped tighter and never asleep.
A night-shift keycard issued to a role, not a person. It opens exactly the doors that role needs, works at 3am with nobody there, and is revoked in one click if lost.
A person signs in with a password and a second factor, at a screen. Broad access, tied to an individual. Good for people; useless for code that must run at midnight.
No password to type: the code holds a key and mints short-lived tokens. Given only the narrow permissions its job needs (that's "IAM"), it acts unattended, on a schedule or a trigger. This is how the pipeline runs overnight with no one logged in.
From laptop to live
15 / 17
Two Google Cloud parts do the real lifting. Cloud Build turns your code into a sealed package; Cloud Run takes that package and runs it on demand.
Cloud Build is the kitchen that preps and vacuum-seals a meal; Cloud Run is the microwave that heats one to order in seconds, then powers down.
Takes the repo and assembles it into one sealed image, code plus every dependency, on Google's own build machines (so you need none of your own). Runs on each deploy and logs every step.
Holds that image asleep. A request, timer, or new file wakes a copy in about a second; it works, replies, and sleeps. Idle costs almost nothing; under load it spins up more copies, then scales back to zero.
From laptop to live
16 / 17
Each tool owns one step. A change walks left to right, from the bench where it is written to the people who finally use it, and a person signs off before it reaches anyone.
Cloud Run runs the AI tools and dashboards only the team logs into. Their data stays walled off.
Cloudflare serves the website and review site, the pages anyone with the link is meant to read.
Nothing reaches either side without a person approving it first. The tools carry the work; they never decide to ship it.
From laptop to live
17 / 17
A form submit, a timer, or a new file.
A container spins up in about a second.
Reads data, may call Claude, writes a result.
Hands back the answer or the saved file.
No work, no running cost.
A request, a schedule, or a file landing in a watched folder.
Fast enough that nobody waiting notices it was asleep.
With no work, it scales to zero and costs almost nothing.
Part four
A private family-office system that Modora runs for one family: mapping their wealth, filing their documents, and handling their email, all from a single secure screen.
Modora · the big picture
Sees and manages their whole wealth in one place.
One secure screen: the only thing the family touches.
Reads, drafts, answers.
The family's own records.
Modora only ever reads money data. It never moves money or trades.
Anything that goes out to the world waits for a person to confirm it.
The family's system is private and walled off. Nothing is shared with anyone outside it.
Modora · how it runs
Its own cloud project, database, encrypted storage, and keys.
No other client, no vendor, no shared pool. Nothing crosses in or out.
Modora runs this family's own private instance. Their records never sit in a shared database with anyone else's.
A private vault with one keyholder, not a locker in a shared room.
Privacy is the product.
Modora · how it runs
The software is configured by one settings file, the family's profile. It sets the name, language, currency, and which modules are turned on.
A car ordered with exactly the options this household wants ticked, and nothing it doesn't.
smith-family · profile
Modules
Modora · functions · 01 / 10
The source of truth. Every person, company, trust, and asset is a node.
Who owns how much of what becomes the connecting lines.
Value is traced up the lines, every currency converted to one base.
A family tree, but for ownership. Value flows upward like streams joining into a river.
The family clicks through the Wealth Map tree and reads the numbers.
The AI never changes a valuation on its own.
Modora · functions · 02 / 10
Private email, watched folder, or upload.
"This statement says the account is now worth X."
The proposal waits. Nothing has changed yet.
A person confirms or dismisses.
Only on confirm does the file get saved.
Confirming is the only thing that writes to the registry.
Modora · functions · 03 / 10
The original file, stored once, never changed, in the family's encrypted bucket.
One row of facts, filled in automatically the moment the file arrives: which node it belongs to, its type, its date, its tags.
Folder tree, tidy filename, search results, all derived automatically from the record.
You never reorganise folders by hand. You change one fact about a document, and the whole tree rearranges itself.
Filename, generated from the record
2026-05-31_pictet-4471_statement_pictet.pdf
A library where you never reshelve a book, you re-label one and the shelves reflow.
Modora · functions · 04 / 10
"Send the advisor last year's Pictet statements."
Matched by the facts on file, not a hunt through folders.
A short cover note, the right files attached.
Reviews the files and wording, then sends.
Retrieval is a question. Sending stays a human act.
Modora · functions · 05 / 10
Once documents are read into text, you can ask questions across all of them in plain language and get a grounded answer in seconds, with the source named.
No more opening ten PDFs to find one clause.
A research assistant who has read the entire filing cabinet and answers from it at once, pointing to the exact page.
"What did the trust deed say about distributions?" "Which statements mention a wire over $1m?" Answered from the family's own files.
Every answer cites the document it came from, so a person can check it. It reads to answer; it never changes a figure.
Modora · functions · 06 / 10
Every mailbox on one desk, each message still tagged with the box it came from.
A household with many letterboxes whose post is all brought to one organised desk, each envelope still showing which box it came from.
Replies go out under the proper address, the trust's, the company's, a person's, all from this one system. The recipient sees the correct sender; the family works from a single inbox.
Modora · functions · 07 / 10
Every connected mailbox in one stream.
Sorted by priority, sender, topic, language.
A short digest of what each thread needs.
The owner picks what matters and what to act on.
A daily briefing, frozen for the record.
From a flooded inbox to one short briefing, with you choosing what to act on.
Modora · functions · 08 / 10
Read-only access to the inbox.
Sorts by priority, sender, and language.
A reply in the family's own voice, grounded in the thread and their records.
Reads and edits the draft.
Pressing send is the only thing that sends.
Each reply uses the real thread, the family's tone, and the relevant records, never a generic template.
Files that arrive on an email are filed automatically, just like any other document.
Sends on its own, and never touches the money registry.
Modora · functions · 09 / 10
"Summarise this inbox", "draft this reply", and "answer a question about our wealth" are all the same three steps.
The family's own data and messages, grounded in real figures.
A short answer or a draft reply. Never the final word.
What to do with it. Send, save, or set aside.
Modora · functions · 10 / 10
Take the whole wealth picture at a moment in time.
Store the numbers so the report keeps saying the same thing later.
Kept alongside every earlier report.
A read-only link, only if the owner opens one.
A photograph of the accounts on a given day. The photo does not change when the scene later does.
Modora · going further
The same building blocks, the registry, the read documents, the email desk, extend naturally. Each of these is the same propose-then-approve shape, just pointed at a new question.
Flag a late statement, a covenant near breach, or cash drifting below a floor, before anyone asks.
"What if the USD/VND moves 5%?" answered against the live wealth map.
Passports, mandates, and insurance renewals watched, with a reminder before each lapses.
A briefing assembled automatically before an advisor call, drawn from records and recent mail.
A forward view across accounts and currencies, flagging shortfalls early.
A scoped window for an advisor or the next generation, granted and revoked by the owner.
Every one keeps the same guardrails: read-only on money, and a human confirms anything that goes out.
Modora · together
Syncs the mailbox, triages it, and freezes a morning briefing.
It waits in the queue as a proposal. Nothing changes yet.
Confirms the statement, and sends two of three drafted replies.
Asks Modora a question, then generates a quarterly report to share.
The human is the decision-maker at every gate.
Part five
An education charity's operations hub. One login over all its work: media & stories, beneficiary care, donor relations, and finance.
Hoa Mat Troi · the big picture
Coordinators, trustees, and the administrator who runs the day.
One login over every area: the screen the team works from.
Culls, captions, drafts.
Three private stores, kept apart.
A separate, private workspace. Beneficiary data and keys never leave it.
Nothing goes public without a person pressing approve. This is "Phase A".
No pity, no poverty-porn. Children are shown as agents in their own story.
Hoa Mat Troi · the map
Field posts, evergreen, journey stories, community, website, recaps.
Choosing students, child profiles, benefits ledger, a safeguarding watchlist.
Donor sign-up, gifts and in-kind, thank-yous, receipts, the donor CRM.
The finance ledger and the public transparency report to supporters.
Hoa Mat Troi · how it runs
Its own repo, its own keys, its own data. Synced privately, never public.
No data crosses in or out. No outside path is ever referenced.
Beneficiary photos, names, donor records, and platform keys stay inside. The settings file with the secrets is never committed.
A private room with one door. What is said inside stays inside.
The firewall is the first rule.
Hoa Mat Troi · how it runs
The whole pipeline runs on its own, right up to the edge. The one step it never takes is publishing. A person approves first, every time.
A kitchen that preps the whole dish, then waits for the chef to taste it before it leaves the pass.
This is "Phase A". It is absolute.
Every post waits for an explicit approve before it is published.
The system hands a person a ready-to-post pack; a human posts it by hand.
The only exception: a donor's receipt may send itself. Never a post, never a newsletter.
Hoa Mat Troi · how it runs
Every story travels as one tidy folder, a bundle. It carries the photos, the copy, the schedule, and a status sheet that tracks where it is.
A job folder on a desk: everything for this one post in one place, with a cover sheet showing its stage.
one bundle
draft → in-review → awaiting-approval → approved → published
Hoa Mat Troi · the workflows
Three field intakes share the same shape: a form makes a folder, you upload into it, a watch job files it onto the hub. They differ only in what comes in.
Photos from an event. Becomes a field record on the hub.
A candidate / family survey. Restricted, internal-only.
A donate form. Produces the donor's personal QR.
Bringing things in never writes a story. Uploading photos just files the activity on the hub. A post is a separate, on-demand step, taken only when someone asks.
Workflows · the media flow
Click "Yeu cau viet bai" on an activity.
Type a steer; pick photos, or let it auto-cull.
Cull, add brand chrome, caption with Claude, in your direction.
Edit, then approve with the dignity check.
A manual post-pack; the final is filed in the story archive.
Photos wait in the hub until someone asks for a story. Then a human posts it by hand.
A self-improve tool periodically gathers the editor's edits and sends a summary for review before anything changes the way it drafts. It never updates itself on its own.
Workflows · planning
Trips with photos but no story; under-covered themes; cadence drift.
A roadmap + a 3-month board of post ideas. Only ideas.
Slot by slot. An unconfirmed idea cannot be drafted.
Routes into the same "on request" draft path.
The agent only ever writes ideas; it never drafts a post or publishes.
The same slot-by-slot human tick as the dignity check.
An anonymised "Hanh trinh cua em" progress story: no name, school, or place.
Workflows · care
A candidate / family survey, internal-only.
Admit, revisit, or not suitable. A person decides.
An admitted child gets a private, coded profile.
A note or a report card becomes a progress entry + benefits ledger.
A watchlist surfaces concerns; the human owns every escalation.
Each child is an internal id, so identifiers never travel.
Child data sits behind stricter permissions than anything else.
Leaves the workspace, and never becomes a public post on its own.
Workflows · donors
A donate link, a short form, a personal QR to give with.
The QR code on the transfer self-identifies the donor.
A warm note; a PDF receipt. Returning donors thanked by name.
The receipt may auto-send. Only the receipt.
Added to the mailing list; the relationship is tracked.
Only the fixed receipt sends itself, and only after a matched gift.
Newsletters and appreciation notes stay human-approved before sending.
Invents a number; every figure traces to a Foundation record.
Workflows · finance
A starting baseline every later report reconciles from.
Bank statements uploaded; each credit classified.
Income, spend, bank reconciliation. Gaps flagged, never rounded.
A transparency summary, only through the same approval gate.
Money and donated goods are two separate ledgers, never added together.
Any non-opted-in name blocks the public report. No override.
"Where your gift went" can seed a media story back to supporters.
Workflows · audience
Comments are brought in, a kind reply is drafted, and a human approves before it is sent. Anything that could identify or endanger a child is hidden and escalated at once.
Replies within 48 hours
Takes an approved post and stages it as news, a gallery item, or an impact update for the Foundation's own site.
From approved posts only
Gathers the month's approved posts into one bilingual impact summary for the website and supporters.
One number that grows
Workflows · the safety spine
Bundle valid. The folder is well-formed and complete.
Location stripped. No GPS survives on any photo.
Voice + access. On-brand, alt-text on every image, captions on video.
Dignity. No pity or white-saviour framing. Cannot be overridden.
Terminology. Program names and mission wording stay consistent.
Claims. Any number traces to a record; no unapproved donation ask.
Platform fit. The right format and chrome for each channel.
Safeguarding sign-off. A named human's final word. Never automated.
Workflows · where the human sits
The bundle has passed every gate.
It waits where the administrator can read it.
One click: editor sign-off and the dignity check, together.
Only now is the ready-to-post pack built.
Pressing post is the only thing that posts.
The AI proposes. A human approves. There is no other way out.
Hoa Mat Troi · the front door
One password opens the hub. It reads all three private stores and builds a single action strip, then sends you into the right area to act.
A front desk that tells you what is waiting and points you to the right room, but never signs anything for you.
It can count and link. It can never approve.
Can ban xu ly hom nay
Each row is read from a different store. Click one, and you land where its gate lives.
Hoa Mat Troi · going further
The same pieces, the bundle, the gates, the private stores, reach further. Each new idea is still propose-then-approve, and anything that shows a child still passes every gate.
Every approved post staged to the public site in Vietnamese and a donor-framed English.
A private page per donor: their giving history and the impact it funded.
"Find photos from the jump-rope day" across the whole sanitised archive.
Each cohort's 8-petal growth, drawn from the care records, for trustees.
Low-risk evergreen could auto-post one day; event and child posts stay manual forever.
Approved stories plus the finance summary, gathered into a funder report.
The floor never moves: dignity, the human gate, and Phase A for anything that shows a child.
Hoa Mat Troi · together
Photos from a skills day are sanitised and filed on the hub. No story yet.
The editor asks for a story, gives direction, then approves two with the dignity tick.
A donor gives by QR; the receipt sends itself; a thank-you waits for a person.
Comments answered; the plan's gaps reviewed; next week's slots confirmed.
The human is the decision-maker at every gate.
Part six
The same handful of ideas, ready to point at a problem of your own.
Putting it together
The cloud is just rented, on-demand computers, almost free when idle.
Code goes laptop to live by write, test, package, deploy. Nothing ships untested.
An agent is a model plus tools and skills, kept on a leash by rules.
Secrets stay in a safe, and every copy of the system is isolated.
The AI only proposes. A human always confirms and sends.
Read-only on what matters: money in Modora, a child's dignity in Hoa Mat Troi.
Modora and Hoa Mat Troi were only two worked examples. The building blocks are yours to point at any problem of your own.