What this site is
actually built on.

Tailwind CSS 4 driven by CSS custom-prop tokens. Geist for type. Lenis + Motion for motion. Pagefind for static search. Satori + resvg-js for OG.

Cloudflare Pages Functions for gated surfaces. Wrangler for Workers (growthhub cron). Terraform manages Pages projects and domains. Node 24 in CI.

Astro content collections for insights, work, testimonials. Eight languages for CV and SEO surfaces. Seven fully translated locale homepages (de, dk, no, jp, it, es, pl) on top of EN.

Cloudflare Web Analytics runs anonymously by default. Everything else loads only after explicit consent.

Vitest for units and coverage. Playwright (Chromium + WebKit) for smoke, SEO, hreflang, axe a11y, broken-link checks, critical paths, meta and asset probes. Daily smoke against production.

CI runs on every push and PR. Deploy runs only on CI success via workflow_run, deploying site and subdomains in parallel through Wrangler. Commitlint enforced. Release Please is run manually, not on push.

Branch protection on main with required checks. Secrets only in Cloudflare environment. Strict CSP, HSTS preload, X-Frame-Options DENY, sandboxed Permissions-Policy. Auth gates use HMAC-SHA256 signed cookies with timing-safe compares and rate limiting.

Azure Static Web Apps holds a weekly cold-standby copy. Failover is operator-triggered via workflow_dispatch (auto-detects health, then flips DNS via the Cloudflare API). Rollback is a non-destructive git revert. BetterStack drives the smoke probes.

Claude Code implements. Codex reviews. GPT-5.5 Thinking handles strategy and go/no-go calls. Claude Design owns visuals. Handoff is strategy, docs, code, review, accept, merge once docs and code agree.