The full catalog.

Mean sensitivity 0.982 / FNR 0.018 across 15 published SRMAs (~150K citations); perfect 1.000 sensitivity with 20–40pp specificity improvements over Tran et al. 2024's GPT-3.5 PICOS baseline on 4 held-out benchmark SRMAs (Ann Intern Med). Four small agents — Classifier, PICOS Detailed Screener, Reviewer (LLM-as-a-judge), Improver — cooperate through a bounded review/improve loop, producing a full written audit trail for every inclusion decision. ~150 lines of orchestration plus six prompt files; the design thesis is that small composition is enough when composed carefully. End-to-end cost: ~$0.07 per 10 candidates. Sole first author; code, manuscript, and per-SRMA results tables released under CC BY-NC 4.0.

A deterministic downstream calculator absorbs 83% of LLM-layer prompt-injection successes (ρ = 1 − ASR_end / ASR_screening = 0.83 on the 12-case held-out pilot; ρ = 1.00 on direct-override attacks) before they reach users — and the exact figure is predictable ex ante from the calculator's source code. Derives a closed-form 7.30pp single-document perturbation budget from the production calculator's source; freezes three-way attackability predictions before running the pilot; 6/6 predictions hold. Identifies attack-surface rotation as a failure mode distinct from Nasr et al.'s ASR recovery — aggregate ASR invariant, attack-family distribution changes. System under study: VYNN AI (my own production deployment, ~500 pilot users; all attacks run against offline replica). 52 tests, frozen manifests with commit pinning, deterministic LLM cache, CI-green on bare clone.

Sequoia predicts 1.68× speedup on T4; I measured 0.56×. A four-term decomposition reconciles the 3× gap to within 1.1% of measurement noise — the algorithm is sound, but three specific cost-model assumptions break on bandwidth-bound hardware. Attempting the natural fix (cross-iteration KV persistence, a clear A100 win) measurably worsens T4 performance (0.56× → 0.46×) because each cache-extension forward still pays a ~20ms weight-loading floor — the paper's sharpest finding and the fourth hidden assumption. A single controlled probe unifies every finding: per-call cost flat at 20.0 ± 0.2ms across an 8.5× range of cache lengths. PLD is the only family that wins on T4 (1.28–1.39×) because Cr ≈ 0 via CPU n-gram matching is the only structural bypass of the bandwidth floor.

~30% of LoRA's parameters, +2.1 F1 over standard LoRA on IMDB — average effective rank collapses from 8 to 2.42 after SVD-guided truncation + brief post-compression fine-tuning, with no accuracy lost on SST-2 and a measurable gain on IMDB. A controlled study of a simple question: after training a LoRA adapter, how much of its rank is actually task-useful? And if you truncate down to that effective rank and keep training, what happens? Compression pass is ~30 lines of code, exact to the Eckart–Young–Mirsky bound — the provably optimal low-rank approximation under Frobenius norm, not a heuristic.

On the 2022 FIFA World Cup held-out set (n=128), QLoRA-fine-tuned Llama-3.1 8B hits 79.7% O/U 2.5 directional accuracy (84.4% on named-only, Wilson CI [0.736, 0.913]) — and under a coherence-required metric that credits a prediction only when text label, score line, and ground truth all agree, the headline 61.7% score_acc for QLoRA collapses to 42.2%, tying 5-shot ICL. The magnitude/direction decomposition is the contribution: LLM ties feature-matched XGBoost on 1X2 direction but beats it by 19pp pregame / 16pp halftime on O/U 2.5 magnitude — driven by pretrained scoreline priors tabular features can't replicate. Paired McNemar on pregame → halftime+events O/U 2.5: p = 0.006. The broader claim — benchmarks over structured multi-field generative outputs should report coherence-required accuracy as a cheap diagnostic, because parser rescue inflates headline numbers.