ENGINEERING // STANDARDS

Engineering Standards

The operating model behind the public website: measurable quality, accessible interfaces, localized content, and repeatable delivery.

Languages
8

Localized UI paths with hreflang alternates.

Prerender
Static

SEO-critical routes generated at build time.

Quality gates
CI

Strict TypeScript, tests, audit, build, and Lighthouse checks.

Design discipline

The interface favors restrained enterprise patterns: clear hierarchy, low decoration, measurable proof, and predictable navigation.

  • WCAG-oriented color and control states
  • Stable route structure
  • Evidence cards tied to actual repository and build data

Delivery discipline

Each release should be reproducible through the same commands used in CI.

  • npm audit gate
  • Strict TypeScript no-emit check
  • Cloudflare Pages Functions build validation
  • Documented release and rollback process

Internationalization

Localized URLs are first-class pages, not query parameters.

  • Self-canonical localized pages
  • hreflang alternates
  • Localized project descriptions
// Security

Hardened at the edge.

Every response ships strict security headers — enforced by Cloudflare on the production domain, not just promised in a policy.

Transport security
HSTS · 1y · includeSubDomains · preload
Content Security Policy
CSP · script-src 'self' (no inline) · object-src 'none' · frame-ancestors 'none'
Clickjacking
X-Frame-Options: DENY
MIME sniffing
X-Content-Type-Options: nosniff
Referrer
Referrer-Policy: strict-origin-when-cross-origin
Browser features
Permissions-Policy · ~20 features denied
Verify it yourself

Live response headers, measured on the production domain.