decision (260)
- Enable auto-sync scripts for cross-machine parity 2026-07-03Reverse the 2026-06-29 manual-only stance; MEMORY sync + globals-derived + mirror hosts now auto on hooks/cron with grill-on-drift.
- Publish knowledge/ to knowledge.oriz.in via Kiso + CF Pages 2026-07-03OKF bundle mirrored to public URL; Kiso as build engine; CF Pages host; llms.txt + sitemap.xml + RSS/Atom on top.
- Boone as OKF search engine — replaces stdlib prompt-lookup 2026-07-03Community boone CLI (BM25 + graph) adopted for OKF search; swap into UserPromptSubmit hook; stdlib script kept as fallback.
- Dropped-agent configs deleted early — override 90-day cooldown 2026-07-03.opencode/.kilocode/.antigravity/.mimo/ config directories deleted now instead of waiting 2026-10-02; pointer stubs preserved for AGENTS.md portability.
- Triple-fanout skills publishing — skills.oriz.in + registry + GH Pages 2026-07-03agent-skills submodule published to CF Pages branded site + skillshare/openskills registry + GH Pages default. Maximum reach.
- OKF build engine — Astro custom (Kiso deferred) 2026-07-03Fresh verification found Kiso is HN-post-only (no npm/repo). Fallback to custom Astro via api-fleet-template pattern. Revisit Kiso when installable.
- Public knowledge MCP server — chirag127-knowledge-mcp 2026-07-03MCP server exposing knowledge/ OKF bundle over MCP; boone-backed; no auth; any AGENTS.md-reader can wire and query.
- MEMORY.md cross-machine sync via chirag127/claude-memory + sops+age 2026-07-03Private GH repo with sops+age encrypted MEMORY.md and per-project memory/ trees. Auto-push on session end, auto-pull on session start.
- OKF publishing conventions for oriz bundles 2026-07-03Filenames, feeds, structure for public OKF bundles at knowledge.oriz.in / skills.oriz.in; adopts Kiso defaults + adds RSS/Atom first-mover.
- oriz-org dissolved — everything to chirag127 2026-07-03GitHub org dissolved 2026-07-03; all repos + workspace umbrella now under chirag127 personal account; sweep replaces all references.
- OKF v0.2 additions upstreamed to Google 2026-07-03PR to GoogleCloudPlatform/knowledge-catalog proposing optional `confidence` and `durability` fields; agentmemory precedent cited.
- Auto-generate skills from knowledge/rules 2026-07-03Every knowledge/rules/agent/*.md compiled to a SKILL.md so rules are invokable as skills; cross-linked, not merged.
- Tampermonkey userscript audit — 2026-07-03 2026-07-03Automated inventory + static-scan of 137 installed userscripts. 1 provable finding filed; rest logged for future triage.
- Strix AI pentesting — adopted for oriz API fleet 2026-07-03Strix open-source agentic DAST+LLM pentesting wired into ci-astro-api shared workflow.
- Brand-independent repo naming — drop oriz- prefix 2026-07-02 2026-07-02All chirag127/* repos use descriptive names without brand prefix. Enables future brand/domain migration without repo renames. Only npm package scope will migrate separately (deferred).
- chirag127 owns everything — oriz-org dissolved 2026-07-02 2026-07-02Every repo (own, forks, workflows, umbrella) lives under chirag127. oriz-org GitHub org is dissolved. Secrets consolidated in the umbrella (chirag127/workspace).
- Fleet cut to Claude Code only (2026-07-02) 2026-07-02Drop ZCode, OpenCode, Kilo Code, Antigravity, MiMoCode from installed fleet. Claude Code + Bedrock chain is the sole agent.
- Scope-cut reversed — all 99 archived repos back in fleet 2026-07-02 2026-07-02Reverses scope-cut-2026-06-25. Every archived repo unarchived and returns to the maintained fleet. Fleet now = 119 (20 active + 99 revived). Maintenance level: alive (Dependabot + working CI), not full-feature reactivation.
- Dagger keep + full sweep — confirmed 2026-07-02 2026-07-02After a re-grill on Dagger's disadvantages (Docker dep, cold start, ecosystem loss), the 2026-07-01 pipeline-stack decision is confirmed. Full retro-migration of all 20 own/* repos proceeds. Local pipeline runs justify Dagger over `act`.
- LangChain ecosystem — deferred, revisit 2026-10-02 2026-07-02LangChain / LangGraph / LangSmith / integrations. Not adopted, not rejected. Current MCP + skills + AGENTS.md stack covers the same surface. Revisit in 3 months if real gaps surface.
- MCP toolbox allowlist + audit 2026-07-02 2026-07-02Blessed MCP server allowlist grouped by purpose plus audit notes flagging duplicates, health-check candidates, and removal candidates.
- Hybrid Dagger+GHA architecture locked — 2026-07-02 2026-07-02Per-class Dagger modules in chirag127/workflows. GHA = 5-line adapter. Tauri Windows = GHA host for cargo, Dagger for portable parts. Both cacheVolume() + actions/cache.
- Reusable workflows layered with Dagger — 2026-07-02 2026-07-02chirag127/oriz-workflows publishes reusable GH Actions workflows per repo class. Each workflow calls `dagger call` — the actual logic lives in Dagger TS modules. Downstream repos are 5-line pins.
- SAP hyperspace docs crawl — deferred to interactive SSO 2026-07-02Crawl of SAP corp AI-proxy docs + internal GHE profile blocked by MS Entra SSO; requires user's live browser session.
- Workspace-owns-secrets model 2026-07-02 2026-07-02chirag127/workspace umbrella holds ALL deploy secrets. Per-repo CI runs public-only (lint/test/build). Deploy triggered via repository_dispatch after CI green.
- Fleet cut 2026-07-01 — drop gocode, Codeep, Claurst, Coddy 2026-07-01Reduce coding-agent fleet from 10 → 6. Remove marginal agents (gocode, Codeep, Claurst, Coddy) after audit found no differentiating usage patterns.
- OSS audit — file real gaps as upstream issues (2026-07-01) 2026-07-01Systematic audit of every OSS tool we depend on. 60+ issues + comments + PRs filed across 29 upstream repos in one session. Filing at upstream, never patching locally, is the family default.
- Blog strategy 2026-07-01 — one source, multi-target cross-posting 2026-07-01Canonical blog format (Markdown+frontmatter) + list of platforms + API-driven cross-posting workflow
- Pipeline stack lock 2026-07-01 — pnpm + MegaLinter + Dagger TS 2026-07-01The five-layer canonical stack for every oriz repo: pnpm 11 (package + tasks), MegaLinter (lint), Dagger TS (CI pipelines), TypeScript everywhere. No mise, no super-linter, no Earthly, no Python for new scripts.
- Zero-cost inference backends — Ollama + Cloudflare Workers AI + Puter.js 2026-06-30Approved LLM endpoints when not using paid Claude/GPT keys. Local (Ollama) + serverless (Workers AI) + browser (Puter.js). Zero card, zero subscription. Grill-locked 2026-06-30 alongside gemini-cli-agent-addition.
- freellmapi: run from source, auto-pull on boot, free-tier aggregator 2026-06-30Run `tashfeenahmed/freellmapi` (14K-star OpenAI-compat proxy stacking 16 free LLM provider tiers) from the local fork's dev server. Auto-start on Windows login on ports :3001 (server) + :5173 (Vite client).
- OmniRoute: run from source via dev server, auto-pull on boot 2026-06-30Switch from `npm install -g omniroute` to running the cloned fork's dev server. Auto-start on Windows login pulls upstream and launches pnpm dev in a dedicated Windows Terminal tab.
- Add Gemini CLI to oriz coding-agent fleet 2026-06-3011th interactive agent. Free tier via Google OAuth. 1,000 req/day + 60 req/min. Headless scripting flag, no public REST API. No card-on-file. Grill-locked 2026-06-30.
- MCP config single source of truth across all 5 agents 2026-06-29Single .mcp.json synced to all 5 agents via script
- Corp laptop vs personal laptop split (2026-06-29) 2026-06-29CC + Bedrock corp-only. Personal on free providers. No-card blocks CC paid on personal
- Workspace canonical; globals derived by script (2026-06-29) 2026-06-29Workspace files canonical. Global configs derived via sync-globals.mjs. Drift triggers grill-me
- claude-notifications-cli — deleted 2026-06-29 2026-06-29CLI fork dropped. Notifications no longer fit 4-agent fleet
- OKF auto-lookup via UserPromptSubmit hook (CC) + manual script (other agents) 2026-06-29Fix for OKF-not-triggering symptom: a 50-LOC Python script scores knowledge/index.md lines by prompt-token overlap, returns top-3 paths. CC fires it automatically; other agents run it manually because their harnesses lack pre-prompt hooks.
- Hosting migration: Cloudflare Pages -> GitHub Pages + analytics-everywhere stack 2026-06-28CF Pages abandoned for GH Pages, CF DNS retained, analytics everywhere
- Skills in .agents/skills/ workspace-scoped + junctions for all 5 agents 2026-06-28Canonical skills dir .agents/skills/, NTFS junctions, 5 agents
- Public-only multi-Git mirror + auto-start services + datasets-to-build queue 2026-06-28Mirror chirag127 to 4-5 Git hosts. Auto-start Hr/RTK/cavemem. Ship datasets as static APIs
- Mirror repos/own/* to 9 popular GitHub alternatives — weekly cron from the umbrella repo 2026-06-28Mirror repos/own/* to 9 free Git hosts via GH Actions
- Personal notes in public repo — discipline-only 2026-06-27Obsidian vault in public repo, discipline not tooling
- Headroom 0.27 via Docker — chain Hr ? hai ? Bedrock 2026-06-27Hr 0.27 native build blocked by ASR. Docker bypasses. Backend anthropic passthrough
- MCP server registry — 11 servers installed 2026-06-27 2026-06-27Final MCP set after audit. Searxng, github Docker, npx/uvx tools, chirag127 toolbox
- Headroom: always-on proxy (not on-demand) 2026-06-26Headroom persistent background proxy. Idle RAM for zero cold-start. Starts at login
- Headroom install: all paths (Claude Code + ScriptCat + standalone) 2026-06-26Headroom 3 paths: CC (CLI), ScriptCat, standalone. One binary, three entry points
- Headroom proxy auto-start via Windows Task Scheduler at login 2026-06-26Headroom launches at logon via Task Scheduler. Runs as logged-in user with env + creds
- Knowledge hierarchy: add log/, core-concepts/, runbooks/ as top-level dirs 2026-06-26OKF adds log/, core-concepts/, runbooks/ top-level dirs
- Memory -> knowledge migration plan 2026-06-26MEMORY.md durable entries migrated to OKF, memory retains ephemeral
- Subdomains — category-based with path routing per tool 2026-06-25Per-tool subdomains abandoned. Tools at category.oriz.in/tool for SEO
- Umbrella repo — chirag127/oriz as the single clone entrypoint 2026-06-25Umbrella repo entrypoint: one clone pulls entire fleet
- Workspace layout — flat repos/<slug>/ with type-suffix sort 2026-06-25Flat repos/<slug>/ dir, type in suffix, forks via .is-fork file
- Donations only — no Pro tier, no ads, no Razorpay checkout 2026-06-25Donations only: BuyMeACoffee, GH Sponsors, UPI
- Donations only — no Pro, no ads 2026-06-25Donations only, no Pro, no ads, Razorpay killed
- No auth in apps or APIs — login is a separate project 2026-06-25Apps/APIs 100% public, login redirects to dedicated login-manager
- All apps static — no SSR 2026-06-25All 6 apps static Astro builds. CF Pages SSR deprecation does not affect us
- Eleven saturated apps archived 2026-06-25 2026-06-2511 saturated-market apps archived. Subdomains freed. Repos read-only
- Finance — one repo, ten routes at finance.oriz.in 2026-06-2510 finance calculators into single repo. Shared @oriz/finance package
- agent-skills monorepo + symlinks 2026-06-25chirag127/agent-skills single truth for skills. Symlinked into agent skill dirs
- Build-gate: top-3 Google results must have a defect 2026-06-25Build tool only when top-3 Google results have real defect
- Own/frk split — two buckets on top of flat repos/ 2026-06-25Repos split into repos/own/ (originals) and repos/frk/ (forks)
- openmodel-shim-api deleted 2026-06-25 2026-06-25openmodel-shim-api deleted. Kept freellmapi + omniroute only
- Polyrepo with category consolidation 2026-06-25Polyrepo, one repo per category. Tools share repo as routes
- Submodules for single-clone fleet 2026-06-25Git submodules for single clone. OK under 50 submodules
- Frontend default stack — Astro + React islands + Tailwind + shadcn/ui 2026-06-25Default stack: Astro + React + Tailwind + shadcn/ui. Per-repo design pass sets palette, typography, signature
- frontend-design skill pass per repo 2026-06-25Each repo gets frontend-design pass for per-repo palette on shared baseline
- Default stack: Astro + React + Tailwind + shadcn 2026-06-25Default stack: Astro + React + Tailwind + shadcn/ui. React over Preact
- Analytics stack: no card, no self-host 2026-06-25GA4 + CF Analytics + Clarity + PostHog + Fathom + GoatCounter
- Backup: Restic→B2 nightly + Windows built-in monthly 2026-06-25Nightly Restic to B2 for files, monthly Windows Backup for disk
- Disk image backups — Windows built-in Backup-and-Restore 2026-06-25Windows Backup-and-Restore replaces Macrium for disk images
- Workspace layout: repos/<owner>/<own|forks>/<bucket>/<category>/<repo> 2026-06-245-level hierarchy: owner, own/forks, 4 buckets, category, repo
- Shipping a forked extension to Chrome Web Store under our name 2026-06-24GPL-3.0 forks to CWS: keep license, note modified, rename
- Private repos are excluded from the 9-host mirror cron 2026-06-24Mirror cron excludes private repos via isPrivate + name list
- Tweeks (NextByte) modification — personal mods OK, no public redistribution 2026-06-24Tweeks: closed-source, personal use only, no redistribution
- Secrets workflow: sops+age primary, Doppler ALONGSIDE for runtime sync (hybrid) 2026-06-24Sops+age source of truth. Doppler parallel CI sync only
- Userscript creation flow: prototype in Tweeks, port to portable .user.js 2026-06-24USerscript prototyping via Tweeks at tweeks.io that generates per-site JS from plain English) as a fast in-browser PROTOTYPE. If the result is keepable, copy the generated JS, port to a proper Tampermonkey-format .user.js with a metadata block (@name, @namespace, @version, @match, @grant, @updateURL pointing at GitHub raw), commit to chirag127/userscripts monorepo, cross-publish to Greasefork + OpenUserJS. This gets AI generation speed PLUS portable + auditable + versionable artifacts without vendor lock-in.
- Alternative free-forever backup channels for GitHub code and metadata 2026-06-24Alternative free backup channels for GH protection repositories and their metadata (issues, PRs, wikis, releases) using Cloudflare R2, Backblaze B2, Hugging Face Datasets, and the native GitHub Migration API. Integrated into our overall disaster recovery options.
- Alternative free-forever backup channels for GitHub code and metadata 2026-06-24Alternative free backup channels repositories and their metadata (issues, PRs, wikis, releases) using Cloudflare R2, Backblaze B2, Hugging Face Datasets (with caveats), and the native GitHub Migration API. Integrated into our overall disaster recovery options.
- Chromium Engine Hardware Scaling Profiles 2026-06-24Chromium optimization profiles: cloud vCPU, hybrid local, mobile
- Flat subdomain pattern: <slug>.oriz.in for every public-facing repo 2026-06-23Flat <slug>.oriz.in for every public repo, ~85 total
- Monetization centralized on oriz.in 2026-06-23Razorpay checkout only on oriz.in/pricing, apps redirect
- Hono framework — write once, deploy to all 4 serverless rails 2026-06-23Every API/Worker uses Hono. Same logic writes once, deploys everywhere \ logic compiles to CF Workers, Deno Deploy, AWS Lambda, and Render Node \u2014\ \ via 4 thin adapter shims (~10 LOC each). Removes per-rail rewrites when failover\ \ requires switching rails."
- Modal Labs for GPU batch + Val.town for utility scripts 2026-06-23Modal Labs + Val Town for specialized compute (verified). Modal handles GPU-heavy batch jobs ($30/mo recurring credits = ~50 T4-hours, no card at signup, hard Workspace budget cap). Val.town handles utility scripts + webhook receivers + cron reminders (100K runs/day free, GitHub OAuth signup). Modal is NOT part of the 4-rail HTTP fallback chain; it's a specialized rail.
- Journal photo pipeline — 4-host replicate-everywhere 2026-06-23Journal uploads photos to four free hosts in parallel + ImageKit + imgbb + GitHub Releases) with client-side WebP compression, sha256-dedup on GH Releases, and first-200-wins HEAD race on read. Replaces the legacy Firebase Storage single-host path.
- Cloudflare Web Analytics on every public surface — single SITE_TAG family-wide 2026-06-23Single CF Web Analytics token shared family-wide covers ALL family domains: the 26 apps on CF Pages, the 19 APIs'' docs/HTML landing pages on GitHub Pages, and any package/book/skill landing page. APIs JSON-only responses are NOT instrumented (no HTML to beacon). Single site_tag family-wide per Rule 15 (shared-tenant-by-default); apps separated via the CF Web Analytics ''Hostname'' filter.
- Feature flags — deferred (YAGNI) until first real need 2026-06-23No feature flags in family every concrete need we have today is solved by something else (tier checks via Firebase Auth claims for Pro/Max gating; git push for incident response; A/B testing has no users yet). Adding a flag system would be infra we''d maintain to solve problems we don''t have. Trigger to revisit: first real incident where a runtime kill-switch would have helped, OR first product decision that needs per-user A/B.
- No separate dev/prod projects — one prod + emulator + 5 cheap defensive moves 2026-06-23No separate dev/prod projects fan-out): a separate dev Firebase project is net-negative at oriz scale today\ (Spark plan, no paying users, solo founder, mostly stub apps). Emulator + one\ prod + 5 cheap pre-emptive moves (GCP lien, defineSecret(), wrangler env split,\ 1Password CLI, CF Tunnel for Razorpay webhooks) is right-sized. Triggers to flip\ and add `oriz-dev`: first ₹99 live payment, second deploy-rights human, or\ first prod-data incident — whichever comes first. Razorpay structurally forbids\ a second staging account (one business-PAN per merchant).
- Public image-upload tool on image.oriz.in — gated by free/pro tier 2026-06-23Locked 2026-06-23. oriz-pixie gets public /upload page using the 5-host replicate pipeline (Cloudinary + ImageKit + imgbb + freeimage\ + GH Releases). Free tier: 5 uploads/day, requires sign-in + reCAPTCHA v3. Pro\ tier: unlimited. Reuses lib/photos.ts from oriz-roam-journal-app. Durability promise:\ best-effort only, no SLA — free tier compliance limits guarantees. Anonymous\ users see paywall card.
- Per-surface monetisation recommendations — what rail to use where 2026-06-22Payment rail per distribution surface (Play, MS Store, web, etc.)
- Monetisation playbook — only rails that do NOT require a card on file 2026-06-22Master matrix of no-card-compatible monetisation rails
- Domain registrar exception: Spaceship card-on-file auto-renew (oriz.in) 2026-06-22Spaceship exception to no-card rule: oriz.in auto-renew only
- data.oriz.in aggregator app + centralized auth.oriz.in + Phone-Auth Pro-tier-only 2026-06-22oriz-data-aggregator-app + central auth hub \ at `data.oriz.in` renders ECharts dashboards + JSON browser for all 14+ API repos\ \ (separate from per-API GH Pages). (2) `auth.oriz.in` is the central Firebase Auth\ \ domain; all apps redirect there for sign-in; redirect back after success. (3)\ \ Firebase Phone Auth is enabled but UI-gated to Pro tier (Phone SMS costs $0.05/SMS\ \ ~ \u20B94/SMS \u2014 not free; rate-limit free users to 0/day, Pro to 5/day, Max\ \ unlimited). (4) Authentication ONLY in apps, never APIs (APIs serve pure JSON,\ \ no auth)."
- Three-env file split — .env / .env.development / .env.production 2026-06-22Three env files per NODE_ENV. Sops-encrypted. Loaded via Vite/Astro
- Single env source: c:/D/oriz/.env ? auto-push to chirag127 GH Org Secrets ? apps consume at build 2026-06-22Master .env single source. GH Action pushes org secrets daily
- Payment architecture — direct platform links via CF Worker click-tracker 2026-06-22Direct platform links, redirect to payment provider to a provider's hosted checkout (Razorpay Payment Page, Gumroad URL, Paddle checkout\ link, Substack subscribe URL). Provider hosts the checkout; we host the button.\ User picked a small CF Worker proxy that logs the click anonymously to CF Analytics\ Engine and then 302s to the platform URL — ~1 Worker call per checkout, 20x\ headroom on the 100K/day free envelope. Zero payment secrets on our infra (no\ API keys); all payouts go to the creator's bank account after the platform's own\ KYC. Per-region routing: Razorpay (INR) + Paddle (USD/EUR/GBP/ROW) + Gumroad (digital\ downloads) + Substack (newsletters) + Play Billing (in-app).
- Razorpay donation button — pl_T4iEPIDcALKLPk, one-click flow 2026-06-22Razorpay-hosted donation button mounted on site on every app''s /sponsors route + oriz-cs-me-app footer. One-click: opens Razorpay-hosted donation page; user picks amount; payment received. Separate from subscription flow (donations are one-time, not recurring). Integrated as shared <SponsorButton /> in @chirag127/astro-billing.
- API hosting triple-rail: GH Pages per API + RapidAPI listing + data.oriz.in aggregator hub 2026-06-22Every API repo serves data via THREE rails simultaneously GitHub Pages per API with custom domain `<name>.api.oriz.in` (CNAME). (2) RapidAPI\ marketplace listing (free + paid tiers for monetization). (3) Single `data.oriz.in`\ aggregator app on Cloudflare Pages that catalogs all APIs + provides unified docs\ + dashboard. NO Cloudflare Workers anywhere. Each API repo also ships native distributables\ (APK/MSIX/EXE/PWA) via PWABuilder — even API repos get installable apps.\ 14 APIs scaffolded: existing FII/DII + MMI + 12 new (NSE-BSE tickers, MF-NAV proxy\ of api.mfapi.in, RBI rates, gold/silver, IRCTC PNR, CPCB AQI, global AQI proxy,\ petrol/diesel, pincode, IFSC, India holidays, currency aggregator).
- Billing webhook architecture: CF Pages Function → Firestore 2026-06-22Razorpay (INR) + Paddle (ROW) + Play Billing + MS Store \ webhook handlers all land on a single CF Pages Function endpoint per provider\ \ (4 endpoints total). The function (1) verifies the provider's webhook signature,\ \ (2) writes user subscription state to Firestore, (3) returns 200. Zero CF Workers\ \ in the hot path of payments. Each provider's pricing page button is a direct platform\ \ link \u2014 no proxy through our infra. ~1 Pages Function call per purchase."
- No Firebase Functions — Blaze requires a card on file, hard blocked 2026-06-22No Firebase Functions, avoids Blaze plan which requires a card on file with no real spend cap. Per the no-card-on-file rule, Functions are excluded. Replaces with: GitHub Actions cron (free for public repos), Cloudflare Workers (100K req/day free), Cloudflare Pages Functions (shared 100K/day free), browser-side compute, static JSON in Pages.
- Data lives in each app's own repo — no separate data repos for janaushdhi/ncert/financial-cards 2026-06-22Locked 2026-06-22. Reverses proposal to create separate data repos `oriz-*-data` repos for data-driven apps. Reason: ''I don''t want to increase the number of repositories just for the sake of it.'' Each app''s `data/` dir holds its own data. Per-app GH Action cron writes fresh data to that dir + commits. Push to app''s main branch triggers CF Pages redeploy automatically. Apps consume data via build-time import (static fastest). Where runtime freshness needed: lazy fetch + SWR + localStorage cache. Existing `oriz-flow-fii-dii-activity-api` + `oriz-mmi-tickertape-mmi-api` repos STAY (they''re API services, not data; data lives in their own data/ dir per-repo).
- ncert.oriz.in app — combined PDF directory (scrape + merge + release) 2026-06-22ncert.nic.in only per-chapter PDFs. ncert.oriz.in combines them is to provide COMBINED whole-book PDFs that don't exist anywhere else. GH Action\ scrapes https://ncert.nic.in/textbook.php via Playwright (using the playwright-cli\ skill or playwright-mcp), enumerates every Class \xD7 Subject \xD7 Language combination,\ downloads each chapter PDF, merges them in correct order using pdftk/qpdf, names\ the output {class}-{subject}-{lang}.pdf, releases on GitHub as artefacts. Website\ is the catalog UI that links to GH release URLs. Sorted properly so downloads\ are obvious. Languages: English + Hindi (other regional NCERTs deferred to v1).
- NCERT app: dual-mode downloads — GH Release pre-merged + client-side on-the-fly merge 2026-06-22Both download modes: pre-merged PDFs + per-chapter PDFs' Release artefacts (free GH bandwidth + CDN); (2) Client-side on-the-fly merger\ using pdf-lib in browser — user clicks 'Build my book', browser fetches all\ chapter PDFs from ncert.nic.in URLs, merges in browser via pdf-lib WASM, downloads.\ Zero server storage for the on-the-fly path. (3) Individual chapter links also\ exposed for users who want only a few chapters. Three options per book card.
- oriz-status-app — self-hosted status page replaces UptimeRobot + Better Stack 2026-06-22Locked 2026-06-22. In-house status page at status.oriz.in CF Worker cron every 5 min probes every URL in FAMILY_* registries, writes to KV, served by sibling read-only Worker behind 60-sec edge cache. Replaces UptimeRobot (commercial-use ban Oct 2024) and supersedes the 10-monitor Better Stack ceiling. Telegram alerts on transition. RSS feed for incidents. 30/90-day uptime rollups.'
- Per-app website briefs (2026-06-22 grill lock) 2026-06-22Source of truth for what each of 26 apps does + sections + features. Locked via grill 2026-06-22 (Q-APP-* + Q-NCERT-* + Q-TOOLS-*). Supersedes\ per-app scope files where they conflict. Renames: oriz-lore-app → oriz-lore-app\ (broader scope: book/course/documentary summaries, not just books).
- First book: 'My Learnings from the Oriz Project family' — replaces Oriz Me as first draft 2026-06-22First-book pick changed from Oriz Me to Oriz Learnings to 'My Learnings from the Oriz Project family' — a memoir + manual hybrid\ documenting building the oriz family. Quality bar: 'good books, not bad books'.\ Minimum publishing setup: KDP + Play Books Partner Center + Leanpub + Draft2Digital\ (all free signup, all royalty-on-sale, no card). ISBN free from KDP/D2D; not required\ for digital-only on Leanpub/Gumroad.
- stats.oriz.in family-wide-stats dashboard + per-app feeds + Changesets + single oriz-app-template 2026-06-22oriz-stats-app at stats.oriz.in shows family-wide usage stats \ aggregate metrics (visits, npm downloads, GitHub stars, books sold, Sentry errors).\ \ RSS published from blog app only (not all 26 apps \u2014 too noisy). Package versioning\ \ via Changesets per-package; auto-bump on merge. Single `chirag127/oriz-app-template`\ \ repo used for every new app via `gh repo create --template`."
- Charts: Apache ECharts (lazy per page) covers every chart type 2026-06-22ECharts (Apache-2.0, 50+ chart types) family-wide chart library ~300 KB gzip but lazy-loaded ONLY on pages with charts (zero hit on non-chart pages). Apps that load ECharts: paisa-finance + janaushdhi + stats.oriz.in + blog post embeds + others as new apps need charts. Client-side interactive rendering (no SSR for charts in v0). Provides line / bar / pie / scatter / candlestick / boxplot / treemap / sunburst / heatmap / radar / sankey / parallel / gauge / funnel / geo (map) / 3D / chord / liquidFill / wordCloud / graph (network).
- FINAL: Every visual surface per-app; only behavior/utility packages stay shared 2026-06-22Resolves shared-vs-divergent design sequence chrome. FINAL POLICY: every VISUAL surface (Header / Footer / Sidebar / BottomBar / Wordmark / token CSS variable NAMES) is FULLY per-app. NOTHING visual shipped from packages. Only behavioral / utility / non-visual packages stay shared (auth-core, astro-billing, oriz-seo, oriz-analytics, oriz-consent, oriz-ai-providers, oriz-rate-limit, astro-data, astro-pwa, astro-content, astro-forms, astro-distribute, astro-test-utils, omni-publish, oriz-book-build, oriz-ui ContactForm). Legal pages per-app (no shared LegalFooter). Every footer includes 6 standard legal links (/privacy /terms /contact /about /refunds /disclaimer) with per-app visual treatment. Triple-supersedes the on-again/off-again shared-chrome reversals from earlier same-day.
- Footer column structure: 5 columns (4 standard + 1 per-app), 4/2/1 responsive, accordion default-closed mobile 2026-06-22Each app footer has 5 responsive columns \ 4 standard (Legal / Family / Connect / Brand) + 1 per-app-specific. Desktop \u2265\ 1024px = 5-column grid. Tablet 768-1023px = 2-column grid (pairs of 2-3 cols stacked).\ \ Mobile <768px = single accordion (default-closed; tap to expand). Family column\ \ shows individual links to other oriz apps + tools + books + packages (mini sitemap)."
- Every app ships all 4 navigation surfaces: Header + Footer + Sidebar + BottomBar 2026-06-22Every app must include all 4 nav surfaces: header, footer, sidebar, nav' Footer at bottom, Sidebar at side, BottomBar mobile-tab-bar at bottom-fixed) so users have maximum navigation options. The 4 surfaces share a family-wide STRUCTURE (CSS/responsive/breakpoints from @chirag127/astro-chrome) but content divergence is per-app: Header is fully divergent (per-app file), Sidebar + BottomBar use the package''s shell with per-app slot content / per-app actions, Footer is the single fully-consolidated surface (mega-sitemap).
- Footer per-app design + universal legal section (refines maximalist-footer) 2026-06-22Refines maximalist-footer decision. Each app gets own footer draws its own footer (per-app visual design, per-app content links related to\ that app's surface area) BUT every footer INCLUDES the universal legal section\ (links to /privacy /terms /contact /about /refunds /disclaimer /sitemap /security.txt\ — all in-domain). Pattern: each app's footer is its own component; the legal\ section is a shared sub-component `<LegalFooter />` from astro-chrome that drops\ in. Per-app legal pages content is also CUSTOMIZED per app (the app's own copy,\ not generic boilerplate from astro-chrome/legal/*).
- Maximalist mega-sitemap footer everywhere + monetization on EVERY app (reversals) 2026-06-22Footer = MAXIMALIST mega-sitemap + monetization every section on every app (reverses per-app-divergent footer from shared-vs-divergent-matrix). Reason: AdSense + Play Store + MS Store + Razorpay approval gates all require visible legal links + family-nav + contact. Mega-sitemap satisfies all gates uniformly. (2) Monetization on EVERY app including janaushdhi (reverses the ''no ads on public-health'' carve-out from ads-allowed-everywhere-except.md). Reason: ''every app should have monetization regardless of category''.
- Add 4 packages to family — oriz-rate-limit, oriz-analytics, oriz-seo, oriz-consent (22 packages total) 2026-06-22Family expands 18 to 22 packages: rate-limit, analytics, seo, consent
- Legal pages package: @chirag127/astro-chrome/legal/* mounted in-domain per app 2026-06-228+ legal pages in domain package /sitemap /security.txt) shipped as Astro page components in `@chirag127/astro-chrome/legal/`. Every app mounts them at its own domain (not external legal.oriz.in) so AdSense + Play Store + MS Store + Razorpay approval gates are satisfied. Single source of legal text; same content everywhere; design adapts to each app's theme.
- Single family-wide pricing page (ad-free is the only paid feature) 2026-06-22Shared pricing page across all oriz apps \ so it's identical everywhere. The ONLY paid feature family-wide is 'ad-free' \u2014\ \ remove AdSense + AdMob. Same price tier across web + Play + MS Store. Single Razorpay/Paddle/Play-Billing\ \ link. No per-app paywall complexity."
- @chirag127/oriz-ai-providers (18th package) + chirag127/oriz-ai-providers-data data repo 2026-06-22@chirag127/oriz-ai-providers aggregates free AI providers LLM API (Cerebras, Groq, Cohere, NVIDIA NIM, GitHub Models, Cloudflare Workers\ AI, HuggingFace, Mistral, SambaNova, OpenRouter, LLM7, OVHcloud, Pollinations,\ Kilo Code, Ollama Cloud, Z.AI, Aion Labs, SiliconFlow, ModelScope — 20+ providers).\ Provider data + model lists + rate limits + base URLs maintained in a SEPARATE\ data repo `chirag127/oriz-ai-providers-data` so the package can stay slim and\ the data can be updated independently of the code. Priority order: no-key-required\ providers first (anonymous OVHcloud / LLM7 / Pollinations), then free-with-key\ providers as fallback chain. NIM + OpenRouter demoted from primary.
- Auth + Billing + Polish + Webhook locks (2026-06-22 evening grill) 2026-06-22Final locks: 6 auth providers, Razorpay TEST, discount codes
- Backup everywhere weekly + backup-status dashboard app 2026-06-22Weekly cron backs up to multiple destinations git mirror (already running), Firestore exports to CF R2, Restic snapshots of master to Backblaze B2. New post-MVP app `oriz-backup-status-app` provides a dashboard at backup.oriz.in showing total bytes backed up, per-rail health, last-success timestamps, per-source breakdown. Decoupled from any single host failing.'
- Dynamic family-data registry: @chirag127/astro-shell/family-data + auto-discovery cron 2026-06-22Dynamic registry for constantly changing family inventory every app must read from a SINGLE dynamic registry instead of hardcoding the list. Registry lives in `@chirag127/astro-shell/family-data.ts` (TS module). A daily GH Action scans `chirag127/*` repos via the GH API, classifies each by slug suffix (-app / -npm-pkg / -api / -book / -ext / etc.), regenerates family-data.ts, commits + bumps astro-shell version, triggers Renovate auto-PR across all consuming apps. Zero manual edit. Surfaces consuming this registry: footer Family column / sidebar ''other apps'' / home-app index pages / packages-catalog auto-discovery / API hub aggregator at data.oriz.in.
- Market-data per repo — GH Actions cron + GH Pages JSON serve, one repo per API 2026-06-22FII/DII + MMI each in own GitHub repo GH Actions scrapes (weekdays post-NSE-close for FII/DII, hourly for MMI) and commits JSON back into the repo's data/ directory. GitHub Pages + raw.githubusercontent.com serve the JSON publicly. Zero Cloudflare Workers, zero shared aggregator repo.
- Maximum libraries policy — reverse 'minimal-libraries'; consume community libs heavily 2026-06-22Maximum libraries policy, minimal-libraries reversed MAXIMUM number of community libraries so we write less code ourselves. Every `@chirag127/oriz-*` and `@chirag127/astro-*` package internally uses community libraries as much as possible. Goal: 90% community code / 10% glue. Performance impact mitigated by Astro per-route island hydration + tree-shaking + lazy-load.
- SEO + A11y + CDN + SSL + multi-engine indexing (Q3 2026) 2026-06-22Multi-engine SEO + IndexNow auto-submission \ + JSON-LD structured data per page + WCAG 2.2 AA + Pa11y CI gate + Lighthouse\ \ a11y \u226595 required + CF Pages tight cache rules (HTML 1h, assets 1yr, API\ \ 0) + Brotli + HTTP/3 + CF Universal SSL + HSTS preload submission for oriz.in\ \ + robots.txt allow-all (including AI scrapers) + single family-wide GA4 property\ \ with `app` custom dimension."
- Shared-vs-divergent matrix family-wide (FINAL 2026-06-22 evening) 2026-06-22Matrix: shared packages vs per-app divergence' Auth FULLY shared. Pricing FULLY shared. Theme tokens API shared, but hex colors\ + type stack PER-APP. Footer DATA shared (FAMILY_APPS/BOOKS/PACKAGES from astro-shell),\ but footer VISUAL per-app per content. Theme: ONE forced theme per app (NO dark/light\ toggle). NOT every app needs all 4 nav surfaces — only what's needed for\ AdSense + Play Store + MS Store approval gates.
- Three-tier pricing: Free / Pro / Max — single package, minimum manual work, community-support only 2026-06-223 tiers Free/Pro/Max. Single @chirag127/astro-billing package
- Observability, AI, search, auth, DB stack (Q3 2026 lock) 2026-06-22Service picks locked 2026-06-22. AI: @chirag127/oriz-ai-providers' (20-provider fallback chain — OVHcloud / LLM7 / Pollinations anonymous first,\ then Cerebras / Groq / NIM / OpenRouter / etc keyed) — see decisions/architecture/oriz-ai-providers-package.\ Search: Pagefind for static + Algolia free hybrid. Errors: Sentry free + OSS tier\ apply. Uptime: UptimeRobot free 50 monitors. Auth: Firebase Auth (Spark). DB:\ Firestore only. I18n: English-only v0 + Crowdin OSS community translations. Privacy:\ single family-wide /privacy page. Cookie consent: Klaro EU + DPDP India geo-route.
- Tool app feature scopes (locked 2026-06-22 — full client-side feature sets per app) 2026-06-22Final feature scope per tool app. All 100% client-side server, no upload). Heavy features deferred to v1+ where bundle size would blow budget. Per-app feature list grilled and locked 2026-06-22.
- GitHub repo naming best practices — consolidated rules for the family 2026-06-21Single source for all naming rules v5+v6+best practices
- Naming policy v6 — family brand + product brand + category + suffix 2026-06-21Repos: oriz-<product>-<category>-<suffix>. Forks exempt
- Repo naming locked: <subdomain-prefix>-site for every site + role suffix matrix for everything else 2026-06-21Naming suffixes per repo type (-site, -bs-ext, -vsc-ext, -cli, -mcp)
- Revenue channels 2026 — every product fans out to every viable channel via omni-publish 2026-06-21Revenue channels across 26 apps + 17 packages + 5 books + future browser-/VS-Code-extensions + CLIs + MCP servers) auto-publishes\ to as many revenue channels as 2026's API reality allows. Orchestrated by @chirag127/omni-publish\ on every tag push. AI copy via NVIDIA NIM primary + OpenRouter free-models fallback.\ Drafts for manual-only platforms (X, Reddit, LinkedIn, Medium — all dead/closed\ APIs in 2026) land in a single Telegram channel split into 4 sections. Rate-limit\ ceiling: 1 auto-post per channel per day per repo.
- Drafts queue host — private GitHub repo with Issues (replaces Telegram) 2026-06-21Drafts queue lives in private GitHub repo chirag127/oriz-drafts using GitHub Issues. omni-publish creates one issue per draft per platform with platform-labelled tags. Issue body is ready-to-paste copy + canonical URL + cover image URL. Close issue when manually posted; reopen if retry needed. Replaces Telegram (banned in India). Requires OMNI_DRAFTS_GH_PAT env var with repo scope.
- GitHub Pages as canonical static JSON API host 2026-06-21Static read-only JSON APIs via GitHub Pages in name-api repos Pages with a custom subdomain. GH Actions cron updates the JSON. Cloudflare Worker only for dynamic / write / auth-gated endpoints. APIs are publishable to RapidAPI + other monetization marketplaces.
- Market-data APIs — FII/DII Activity + Tickertape MMI as standalone repos (GH Actions + GH Pages) 2026-06-21Two India-market data APIs, each in own GitHub repo oriz-flow-fii-dii-activity-api (NSE/Moneycontrol FII/DII net activity) + oriz-mmi-tickertape-mmi-api (Tickertape Market Mood Index). GH Actions cron scrapes; GH Pages + raw.githubusercontent.com serve. The earlier CF Worker design (and the briefly-tried oriz-market-data aggregator) were both reverted on 2026-06-22; this file is now active again under the per-repo + GH-Pages shape.'
- Chrome contract — @chirag127/astro-chrome v0.1 2026-06-214 per-site config files drive generic components, 3-level contract \ sidebar (Section \u2192 Group \u2192 Leaf); shared Datasheet Dark tokens across\ \ every site (no per-site accent); Iosevka wordmark stamp (slug-only, no ORIZ prefix);\ \ 24 auto-generated legal pages; pnpm workspace at the workspace umbrella root."
- Content apps scope — tabs / journal / lore-summaries, ship after Wave 1 2026-06-21Three Wave 3 content apps. tabs-cards-app at tabs.oriz.in cards, Notion/Tabby style). roam-journal-app at journal.oriz.in (networked daily journal, Roam-style backlinks). lore-book-summaries-app at lore.oriz.in (book + movie + show summaries). All three: anonymous-first, free + sponsor footer. Ship after janaushdhi + ncert + blog land.
- cs-me-app scope — personal canon at me.oriz.in / cs.oriz.in 2026-06-21Personal site at me.oriz.in (aliased cs.oriz.in to same site) Maximal personal canon: resume + project portfolio + writing + contact + reading\ log + music + books-read + photo dump + movies/watch list. Pulls from knowledge/\ where possible. Wider scope than a classic dev personal site — treat as the\ user's personal everything-page.
- home-app shape — marketing landing, 5-section grid, not a dashboard 2026-06-21oriz.in marketing landing page. Single hero + 5-section grid linking to /apps, /tools, /books, /packages, /me. Minimal copy. Designed for first impression and discovery. NOT a logged-in dashboard, NOT a personal home, NOT a status overview.
- janaushdhi-app scope — daily Jan Aushadhi scrape, substitutes, stores, savings 2026-06-21janaushdhi.oriz.in scrapes Janaushadhi Pariyojana \ product portfolio daily via GH Action, commits CSV + JSON snapshots, renders per-product\ \ price-history graphs, brand \u2192 generic substitute finder, per-state store\ \ locator, and savings calculator. Free + sponsor footer ONLY \u2014 public health\ \ ethics forbid ads, affiliate, third-party tracking."
- ncert-app scope — merge per-chapter NCERT PDFs into one-per-book, all classes, EN + HI 2026-06-21ncert.oriz.in catalogs all NCERT textbooks (Pre-Primary + 1-12) \ all subjects, English + Hindi. Daily GH Action URL-merges per-chapter PDFs from\ \ ncert.nic.in into one PDF per book using qpdf/pdftk, publishes as GH Release artefacts\ \ (NOT CF Pages \u2014 25MB limit). Catalog UI shows class/subject grid \u2192 download\ \ links."
- omni-post-app shape — admin dashboard for the omni-publish package 2026-06-21omni-post.oriz.in wraps @chirag127/omni-publish with admin dashboard. /admin shows the pending GH Issues drafts queue, cross-post history per platform, retry-per-platform controls, and edit-before-publish UI. Public root (/) is a read-only 'where I post' catalog. /admin is Firebase Auth + admin-email allowlist gated.
- Per-app contents specification — sidebar + pages + CI/CD 2026-06-21Every app follows contents spec. 4-config structure split (site/nav/sidebar/footer) lives in src/config/. Common pages (landing, about, changelog, admin) + per-tool pages + 24 legal pages from astro-chrome. CI/CD via reusable workflow from astro-shell-npm-pkg + separate test.yml.
- Q3 2026 ship order — home + janaushdhi + ncert + blog first, then 16 tools, books in parallel 2026-06-21Q3 2026 ship order. Home, janaushdhi, ncert, blog FIRST. 16 tool subdomains. 5 books
- Blog cross-post strategy — daily post, omni-publish fan-out, GH Issues drafts (not Telegram) 2026-06-21pages-blog-app posts daily to blog.oriz.in. omni-publish fans out \ out automatically to dev.to + Hashnode + Bluesky + Mastodon + Threads. Drafts\ \ for manual channels (X, Reddit, LinkedIn, Medium) queue to GitHub Issues in private\ \ chirag127/oriz-drafts repo \u2014 NOT Telegram (banned in India). Per-channel\ \ AI rewrite via NVIDIA NIM primary + OpenRouter fallback. Canonical URL = oriz.in\ \ on every channel for SEO."
- Book publish pipeline — Markua .md → 5 channels via @chirag127/oriz-book-build + omni-publish 2026-06-21Books written as Markua Markdown and published via pipeline (Leanpub-compatible), built by the new @chirag127/oriz-book-build npm package\ (17th family package) which wraps Pandoc to emit EPUB3 + PDF + MOBI artefacts.\ omni-publish takes those artefacts and fans out to 5 channels: Leanpub (Markua\ git push, 80% royalty) + Draft2Digital aggregator (manual upload, documented)\ + Gumroad (API auto, 10%) + LemonSqueezy (API auto, 5%+50\xA2 MoR) + Amazon KDP\ (browser-uploader bot, no API). Plus Google Play Books Partner Center (manual\ upload, ISBN-recommended). 5 first books locked, all brand-first naming. Prose\ licensed CC-BY-NC-ND 4.0 + code samples MIT.
- books.oriz.in shape — static catalog, Oriz Me drafts first, others outlines 2026-06-21books.oriz.in static catalog showing cover + price + buy-links per book. First book to draft fully: Oriz Me (PWYW $9, personal essays, biographical). Other 4 (Oriz Stack, Oriz Paisa, Oriz PDF, Oriz Janaushdhi) get chapter outlines initially. Per-book channels per book-publish-pipeline. Substack is the newsletter platform; free chapter drops via Substack.
- Per-runtime framework matrix locked 2026-06-21Astro 6 for sites, Vite+React+WXT for extensions extensions; esbuild+TS for VS Code extensions; tsup+Node 22 for CLIs and MCP servers. Each runtime gets the framework that ships best to its target.
- PWABuilder is the primary PWA→native converter; Tauri optional 2026-06-21PWABuilder primary PWA converter for Astro apps Microsoft-hosted, CLI available) converts the PWA into Android AAB + Windows MSIX without per-app native code. Tauri stays available as opt-in for apps that want auto-update + smaller binaries. iOS is PWA-only (no Apple Developer Program, no test devices). Bubblewrap, Capacitor, Cordova all rejected.
- @chirag127/omni-publish package — auto-blog releases to 8+ platforms 2026-06-21@chirag127/omni-publish handles auto-publishing releases notes / blog posts to dev.to + hashnode + medium + X + LinkedIn + Bluesky + Mastodon\ + Reddit on tag push or release create. Triggered by GitHub Actions reusable workflow\ per repo. Platforms are env-gated — if DEVTO_API_KEY isn't set globally,\ dev.to is skipped automatically. Lives alongside the existing oriz-omni-post-app\ (the orchestrator UI / catalog of cross-posts).
- omni-publish v0.1.2 follow-ups (deferred from v0.1.1) 2026-06-215 follow-ups deferred from omni-publish v0.1.1 v0.1.2: per-repo per-day rate-limit cache (high), retry on transient 5xx (medium),\ compile TS → dist/ for non-bundler consumers (medium), Hashnode tag _id resolution\ (low), Threads single-user-token assumption validation (low).
- packages.oriz.in shape — auto-discovery Starlight catalog with showcase pages 2026-06-21packages.oriz.in auto-discovery Starlight catalog lists every chirag127/*-npm-pkg repo, fetches README + version + bundle metadata, and renders per-package showcase pages with live demo iframe, copy-paste install snippet, badge wall, and StackBlitz playground link. Rebuilds daily via cron + on tag push from any package repo.
- Dual-location package surfacing — oriz.in overview + packages.oriz.in catalog 2026-06-21Packages surfaced on oriz.in/apps + packages.oriz.in /packages + /mobile + /desktop + /extensions overview with cards per app + store/channel badges (Play Store, Microsoft Store, Chrome Web Store, etc.) with ''Coming soon'' for unreleased channels; (2) packages.oriz.in is a standalone Astro Starlight catalog that auto-discovers every chirag127/*-npm-pkg repo and renders the full README + npm/GH/bundlephobia metadata per package. Channels metadata lives in home-app/src/data/apps.ts (manual) + auto-discovery from GitHub Releases for native installer URLs.'
- Mirror every chirag127/oriz* repo to 4 git hosts weekly 2026-06-21Friday-4am cron mirrors submodules to 4 hosts
- MIT license on all 41 chirag127/oriz* repos 2026-06-21MIT license across all repos \ to MIT on 2026-06-21. Unlocks every free-for-OSS perk (Sentry for OSS, Crowdin\ \ for OSS, BrowserStack OSS, FOSSA, etc.) and clarifies commercial use is fine \u2014\ \ the family still monetises via ads/affiliate/subscription, that's orthogonal to\ \ the source license."
- Family deploy architecture — DNS, gating, releases, dashboards 2026-06-21Per-app GH Actions: main to prod, PR to preview, tags to APK/EXE
- Weekly release train — Wednesday 9 AM IST, CalVer per app, hot-fix bypass, git-cliff changelog 2026-06-21Weekly release train Wed 9 AM IST workspace-level cron that tags + releases each app that has commits since its last tag. Versioning is CalVer per app (v2026.06.21). Hot-fixes bypass the train via [hotfix] in the commit message, triggering an immediate tag + deploy. Changelogs auto-generated by git-cliff from conventional commits.
- Newsletter on Substack — single family newsletter, free tier, 10% if paid 2026-06-21Single family newsletter at chirag127.substack.com (or brand-aligned name). Free tier; Substack takes 10% if a paid tier ever ships. ONE newsletter, NOT per-app. Daily blog feed + weekly digest + book drop announcements. Embed signup form on home-app + every content app footer. Replaces the earlier Buttondown + EmailOctopus split.
- Tools shape + priority — 16 single-purpose subdomains, locked ship order 2026-06-2116 tool apps, each at own *.oriz.in subdomain pixie, grid, forge, shift, dice, cipher, paper, vitals, rank, reel, echo, pivot + remainder). Anonymous-first auth. Free + opt-in sponsor footer. Affiliate allowed only where ethically clean (Amazon book links on scribe-text; NOT on health tools). Locked ship priority for Wave 2.
- Family-wide /privacy page on oriz.in 2026-06-20Locked 2026-06-20: single canonical /privacy on oriz.in
- i18n — English-only today, Weblate Hosted Libre when ready 2026-06-20English-only until non-English demand; then Weblate
- Cross-post engine package is named oriz-omnipost 2026-06-20RSS cross-poster named @chirag127/oriz-omnipost
- Brand capitalisation — Title-Case 'Oriz' in user-facing copy 2026-06-20Title-Case Oriz user-facing; lowercase oriz-* in code
- Family-wide design system locked: Oriz Datasheet Dark 2026-06-20Single dark design system: Oriz Datasheet Dark across all surfaces
- Each Chrome extension is its own GitHub repo, added as a submodule 2026-06-20Each extension = own repo as git submodule
- Cloudflare Pages hosts every website and app; no other host 2026-06-20All sites to Cloudflare Pages free. GH Pages backup only
- Extension auth: Firebase primary, license-key fallback 2026-06-20Extensions: Firebase Auth + license-key fallback
- Stay on Firebase Spark forever — never enable Blaze 2026-06-20Firebase capped to Spark. Blaze excluded (no-card rule)
- Every extension publishes to Chrome + Firefox + Edge stores 2026-06-20Each extension: GH Actions publishes to Chrome, Firefox, Edge
- Every site builds a static GitHub Pages mirror per §16 2026-06-20Each site CI builds GH Pages fallback on push to main
- Add Hookdeck for Razorpay webhook reliability 2026-06-20Hookdeck queues Razorpay webhooks. 100K/mo free
- Spaceship is the registrar; Cloudflare hosts DNS + email routing 2026-06-20Domains at Spaceship. NS to Cloudflare. Email Routing to Gmail
- Monitor only oriz.in apex, not subdomains 2026-06-20SSL + uptime on apex only. Subdomains inherit via CF
- Custom-domain strategy is *.oriz.in subdomains 2026-06-20Every surface under *.oriz.in, never separate apex
- AdSense apex application; Ezoic / Mediavine fallback 2026-06-20Single AdSense for oriz.in apex. Fallback: Ezoic, Mediavine
- No service in the stack may require a paid subscription 2026-06-20All external services must work free-tier indefinitely
- Support every viable payment method, geo-routed 2026-06-20Max payment methods: Razorpay, Lemon Squeezy, keygen.sh, 6 donations
- ONE subscription unlocks every site and every extension 2026-06-20Single Razorpay sub in Firestore unlocks all paid features
- Razorpay is the primary subscription provider 2026-06-20Razorpay primary billing. Stripe, Lemon Squeezy, Paddle fallbacks
- Consent management for many categories — Klaro config + GA4 Consent Mode v2 + geo routing + cookie-less default 2026-06-20Klaro consent: 5 categories. EU/UK denied, US/CA accepted
- Anti-bot — defense in depth (CF WAF + Turnstile + Hono rate-limit) 2026-06-20Bot defense: CF WAF + Turnstile + Hono rate-limit. All free
- Captcha — Turnstile primary + hCaptcha fallback (both, regional auto-detect) 2026-06-20Turnstile primary, hCaptcha fallback. Single Captcha component
- Cookie banner policy — none by default; Klaro lazy-loaded only for EU+tracker pages 2026-06-20No cookie banner default. Klaro only for EU/UK with trackers
- Env keys + GH Actions secrets — single source of truth, two delivery tracks 2026-06-20Two-track env: public .env.example, private GH Secrets at org
- Multi-provider auth — 6 providers on Firebase Auth, Apple deferred 2026-06-20Firebase Auth: 6 providers (Email, Google, GitHub, Anonymous, MS, Passkeys)
- Security headers — strict CSP via _headers + dual CI audit 2026-06-20Strict CSP/HSTS/Permissions-Policy via CF _headers from oriz-kit
- Doppler is the source of truth for secrets; GitHub / Cloudflare / Firebase are runtime mirrors 2026-06-20Doppler single source for secrets. GH/CF/Firebase synced downstream
- Family-wide naming policy — repo, npm, subdomain 2026-06-20GitHub slug = npm name. Subdomains shorter. Suffix every repo
- AI split — Puter.js (browser) + Cloudflare Workers AI (server) 2026-06-20Two AI providers picked by surface. Puter.js for browser, CF Workers AI for server (user-pays, no API key client-side). Cloudflare Workers AI for server-side calls inside the Hono Worker (10K neurons/day, zero-egress, native binding). Different surfaces, different reasons.
- API mocks — MSW (in-process) + Mockoon (out-of-process), split by surface 2026-06-20Two API-mock tools. MSW handles in-browser + in-Node test mocks (unit / Vitest, component stories, Playwright dev). Mockoon handles E2E + manual dev mocks of third-party APIs (Razorpay sandbox, Open-Meteo, Alpha Vantage when offline). Both free OSS. Different surfaces, different reasons.
- Cron split — Cloudflare Cron Triggers + GitHub Actions schedule, by job shape 2026-06-20Cron on both substrates. CF Triggers for low-latency, GH Actions for heavy jobs; GH Actions schedule for build / publish jobs that need a runner. Pick by the job's shape, not by convenience.
- Cloudflare Worker quota mitigation playbook 2026-06-208-step playbook for staying under CF Workers free tier free-tier quota (100K req/day per Worker, 10ms CPU/req). Cache aggressively at the edge, split Workers by domain, and prefer `_headers`/`_redirects` over Worker logic when possible. Generalises the URL-shortener cache trick to every Worker in the family.'
- Data APIs — Open-Meteo (weather) + Alpha Vantage (finance) 2026-06-20Open-Meteo for weather, Alpha Vantage for finance / market data. Both free, no card. Both fronted by the umbrella Hono Worker with KV-backed cache (1h TTL on weather, 1d TTL on finance EOD) per the CF Worker quota mitigation playbook.'
- Distribution + queues locked: 3-store browser-ext + dual VS Code marketplace + PWA-only + CF Queues + Hookdeck 2026-06-20Batch 13 lock covering distribution + reliability \ publish to Chrome + Firefox + Edge. VS Code extensions publish to VS Code Marketplace\ \ + Open VSX (JetBrains walked back). Every site is a PWA via @vite-pwa/astro (Capacitor\ \ + Tauri walked back). Webhook reliability is Hookdeck \u2192 Cloudflare Queues\ \ (Trigger.dev walked back). All free, no card."
- Hono RPC for type-safe API client 2026-06-20Type-safe site to API client via Hono. No codegen \ no schema files \u2014 backend types flow to N frontends through a workspace package."
- Health checks — split between healthchecks.io (cron heartbeats) and Better Stack (HTTP uptime) 2026-06-20Cron-job liveness verified by healthchecks.io \ heartbeat pings (dead-man-switch on 20 free checks), HTTP endpoint uptime is verified\ \ by Better Stack monitors (10 free monitors). Two distinct surfaces, two free tools,\ \ no overlap. Reinforces the auto-only-tracking rule \u2014 both verify auto-tracked\ \ surfaces without human polling."
- One Hono Worker at api.oriz.in is the entire API layer 2026-06-20All 11+ sites and extensions share single Hono Worker at api.oriz.in, NOT per-site Pages Functions.
- Queue — Cloudflare Queues, picked for stack cohesion 2026-06-20Cloudflare Queues primary durable queue. Picked for native Worker bindings + same-account billing surface, not for feature richness. Upstash QStash + Inngest documented as deferred alternatives.
- Local dev tunneling — Wrangler + Astro dev + Cloudflare Tunnel 2026-06-20Local dev runs on three substrates via CF Tunnel \ picked by surface \u2014 Wrangler dev for Cloudflare Workers, Astro dev for sites,\ \ Cloudflare Tunnel (cloudflared) for exposing localhost to the public internet\ \ for webhook testing. ngrok and localtunnel REJECTED."
- cards-site — all financial cards, India 2026-06-20cards-site (cards.oriz.in) covers all financial cards in India market: credit + debit + forex + prepaid + travel. Inspired by CardInsider / TechnoFino / Paisabazaar / BookMyForex. Reviews + comparisons + calculators + guides + offers + tools. Affiliate-monetisable.
- Family-wide /stats page on oriz.in (auto-tracked, public, all 11 sites + all repos) 2026-06-20oriz.in/stats aggregates visitor data from all family sites sites + code-stats data from all family repos, build-time fetched from CF Web Analytics + GitHub Insights + Wakatime + Tokei. Public, transparent, auto-refreshed via daily cron. Reinforces the auto-only-tracking and auto-tracking-everywhere posture. Single oriz-kit component pulls everything.'
- Lifestream auto-event sources — three streams (GitHub webhooks + Wakatime daily + CF Web Analytics daily) 2026-06-20Three auto-sources feed oriz-me JSONL lifestream \ auto-tracked event sources only \u2014 GitHub webhooks via Hookdeck, Wakatime\ \ daily-summary cron, and Cloudflare Web Analytics daily-summary cron. No manual\ \ entry, no minute-grain coding capture, no per-pageview visitor capture. Reinforces\ \ the auto-only-tracking rule."
- oriz-me-site stays a single site with sections — not split into now/uses/gear/cv subdomains 2026-06-20me.oriz.in single Astro site, not split /gear, /reading, /coding, /lifestream, /cv, /contact). Not split into now.oriz.in, uses.oriz.in, gear.oriz.in, etc.
- Build cache — GitHub Actions cache + pnpm CAS (3-layer strategy) 2026-06-20Three-layer build cache: pnpm, GH Actions cache' global store dedupes deps cross-repo locally. Layer 2: GitHub Actions cache (10\ GB/repo free) keyed by pnpm-lock.yaml hash + Astro build cache keyed by source\ hash. Layer 3: Turbo Remote Cache + Bazel REJECTED — Vercel signup + card\ / overengineering.
- DB admin — console-only, no desktop DB tool 2026-06-20Every DB administered through vendor browser console only \ console (Firebase Console, Neon Console) or its first-party CLI (Turso CLI, libSQL\ \ CLI). NO desktop DB tool \u2014 Drizzle Studio / Outerbase / Beekeeper Studio\ \ / TablePlus all REJECTED. Zero install footprint, every team member can access\ \ via browser, no per-user license."
- firebase-rest-firestore (NOT firebase-admin) for Workers compatibility 2026-06-20Hono Worker uses firebase-rest-firestore (REST + service-account) JWT). The firebase-admin SDK is excluded because workerd only partially supports gRPC.
- Add Neon Postgres as the relational tier of the DB stack 2026-06-20Neon Postgres added as relational DB. Free plan \ no card, scale-to-zero, branching for previews. Sits alongside Firestore (documents/auth),\ \ Turso libSQL (warm cache), and JSONL canonical (archive) \u2014 the 4-tier DB\ \ stack is now picked-by-shape."
- Object storage split — GitHub Releases for binaries, Backblaze B2 for blobs; Cloudflare R2 rejected 2026-06-20Versioned binaries in GitHub Releases. Unversioned blobs elsewhere Backblaze B2. Cloudflare R2 is rejected because adjacent paid features pull in a card-on-file requirement.
- Each extension gets a rich website, not a small landing page 2026-06-20Per-extension full marketing/docs/changelog/support sites
- Markdown-in-repo only — no headless CMS, anywhere 2026-06-20Content as .md/.mdx in-repo, no CMS CMS, TinaCMS, Strapi, Sanity, Contentful, Storyblok and every other headless CMS are explicitly REJECTED.
- RSS-driven cross-post engine — oriz-omnipost 2026-06-20@chirag127/post-site fans RSS posts to other platforms new entry out to every blogging platform that exposes a public API. Adapter pattern; idempotent; canonical URL preserved; short-link fallback when the target truncates content.
- Keep extensions.oriz.in catalog AS WELL AS per-extension subdomains 2026-06-20Central catalog + per-extension subdomains
- Three-format feed publishing — RSS 2.0 + Atom 1.0 + JSON Feed 2026-06-20Every content site publishes RSS, Atom, JSON feeds 2.0, source-of-truth for oriz-omnipost), /atom.xml (Atom 1.0), /feed.json (JSON Feed v1.1). oriz-kit ships <FeedDiscovery /> + generators.'
- Forms — trio (Web3Forms primary + Static Forms fallback + Tally for rich) 2026-06-20Vendor-redundant contact forms: Web3Forms + backup' primary, Static Forms fallback, both browser-only, both free unlimited). Tally handles rich / multi-step / conditional forms. Three roles, no overlap.
- journal-site — best features of all five journal apps 2026-06-20journal.oriz.in mines best features of Day One, Bear Notion, Obsidian, and Logseq into one journaling experience. Big scope chosen knowingly; flagship-grade polish target.
- Newsletter split — Buttondown for technical, EmailOctopus for marketing 2026-06-20Two newsletter senders. Buttondown technical, EmailOctopus marketing / dev audience (Markdown + API). EmailOctopus handles general marketing (visual editor, larger free tier).
- Lifestream federation — mirror to BOTH AT Protocol and ActivityPub 2026-06-20oriz-me JSONL canonical, AT Protocol mirror under me.oriz.in.atproto AND ActivityPub outbox at me.oriz.in/activitypub/outbox. Single source, two protocols.
- Each Chrome extension gets its own subdomain on oriz.in 2026-06-20Each extension gets dedicated *.oriz.in subdomain + catalog slot
- Each extension has its own /privacy page; family boilerplate at oriz.in/privacy-base 2026-06-20Per-extension /privacy. Boilerplate at oriz.in/privacy-base
- oriz-home portal also lists extensions 2026-06-20oriz.in home shows extensions catalog section for cross-promo
- Image CDN — chained 3-tier fallback (Cloudflare Images → wsrv.nl → ImageKit) 2026-06-20Every image goes through oriz-kit Image wrapper with fallback chain resolves through a 3-tier fallback: Cloudflare Images first, wsrv.nl on 5xx, ImageKit on 5xx.
- Linkroll — Raindrop.io is source of truth, blog.oriz.in/links built at deploy time 2026-06-20Family linkroll lives in public Raindrop.io collection blog.oriz.in/links is built at deploy time from the Raindrop REST API. Cached via the Cloudflare edge with a 1-hour TTL on the build artifact; nightly cron re-deploys to surface new links.
- Multi-engine 'Search the web' button on every family site 2026-06-20Every site ships single Search the web button button (in the header or footer) that opens a popover with multiple search engines. Component lives in @chirag127/oriz-kit as <MultiSearch />.
- OG card generation — Satori on api.oriz.in/og + ray.so for code 2026-06-20Non-code posts get OG cards from Satori on Hono Worker route at api.oriz.in/og. Code-heavy posts continue on ray.so. Static-cached via CF edge cache headers, no per-post PNGs in any site repo.
- Status banner on every site 2026-06-20Dismissible <StatusBanner /> from oriz-kit on every site that consumes Better Stack's RSS incident feed; visible only when an incident is live, with severity + link to status.oriz.in.
- Sidebar — 4 tiers based on site shape 2026-06-20Sidebar via @chirag127/sidebar, 4-tier config differs by site type. Four tiers: A) auto-generated for tools, B) curated TOC for longform, C) browse + search for catalogs, D) family directory for the brand hub.
- Knowledge bundle depth scales with folder size, ceiling 5 2026-06-20Folder depth adaptive: flat for tiny, 5 levels for big
- 4-level hierarchy for big knowledge directories 2026-06-20services/, decisions/, glossary/ use 4-level paths
- Code quality stack — Dependabot + biome + CodeRabbit + Sonarcloud 2026-06-20Code quality: Dependabot, biome, CodeRabbit, Sonarcloud. Free OSS
- OKF v0.1 is the canonical format for all family knowledge 2026-06-20OKF v0.1 for all concept files in knowledge bundles
- Per-repo CI workflows; master matrix only owns deploys 2026-06-20REVERSES master-matrix CI. Each repo owns its ci.yml
- Image host — chained 4-tier origin (repo + ImgBB + Imgur + GitHub user-content) 2026-06-204-tier image host: CF Pages, imgbb, imgur, GH user content' → ImgBB → Imgur → GitHub user-content. Composes alongside the 3-tier\ image-CDN chain in the oriz-kit <Image> wrapper.
- Analytics — 5-tier stack (CFWA + GA4 + PostHog + Clarity + UTM) 2026-06-20Five analytics layers in parallel on every site \ \u2014 Cloudflare Web Analytics (raw load), Google Analytics 4 (marketing funnel),\ \ PostHog (product + session replay + flags), Microsoft Clarity (heatmaps + Microsoft-side\ \ session replay), UTM tracking (attribution convention). Each layer covered by\ \ an `ENABLE_<TOOL>` env-var kill-switch so no single quota pinch can break a site."
- Auto-tracking everywhere — every family-wide metric is captured automatically 2026-06-20All metrics auto-tracked across oriz family \ is auto-captured. The oriz-me lifestream specifically pulls from auto sources\ \ only \u2014 GitHub commits via webhook, npm publishes via post-publish hook, VS\ \ Code coding sessions via Wakatime API, site visits via CF Web Analytics, builds\ \ via GH Actions webhook. No manual entry anywhere in the metric pipeline. Manual\ \ = decay; auto = honest."
- Bug tracker — GitHub Issues only 2026-06-20GitHub Issues only bug tracker across family \ repo uses its own GitHub Issues as the sole bug tracker. Linear, Trello, Jira,\ \ Plane.so, Asana, Height \u2014 all REJECTED. Cross-repo triage via repo:org searches.\ \ Free unlimited, GitHub-native, integrates with PRs and commits via
- Backups — restic CLI in GH Actions cron, target Backblaze B2 2026-06-20Weekly encrypted restic backups to B2 via GH Actions Actions schedule, targeting a Backblaze B2 bucket. Locks the restic + B2 + GH Actions triple.
- Code stats — every metric tool turned on (9-tool stack) 2026-06-20Code-stats across every public family repo \ stack \u2014 Sonarcloud + CodeRabbit + Codecov + CodeClimate + DeepSource + biome\ \ + GitHub Insights + Tokei + Lines-of-Code badge. All free for OSS. Auto-tracked\ \ per the auto-only-tracking rule. Extends the 5-tool code-quality decision with\ \ three more stat-shaped tools (GH Insights / Tokei / LoC badge) on top of the 5\ \ quality tools."
- Geocoding — deferred (no current need); CF-IPCountry covers geo-routing today 2026-06-20No geocoding, deferred \ need address\u2194coordinate translation. Cloudflare's free `CF-IPCountry` request\ \ header covers all current geo-routing needs (consent banner geo, payment-route\ \ geo). When a site lands a map feature, the swap target is OpenStreetMap Nominatim\ \ or Mapbox \u2014 both free, no card."
- Logs — Better Stack Logs (aggregation) + Cloudflare Workers Tail (live) 2026-06-20Two-layer logs: CF Workers Tail + Better Stack' (5-min retention, 0 cost, wrangler tail). Better Stack Logs for cross-Worker aggregation + alerts + searchable retention (3 GB/mo free, same vendor as our status page + uptime monitors). Quota math: ~30 MB/mo realistic load vs 3 GB/mo cap = ~100x headroom.
- Project management — GitHub Projects only 2026-06-20GitHub Projects for family-wide task management \ single GitHub Projects board on chirag127/oriz master, with kanban + table + roadmap\ \ views. Notion, Obsidian Tasks, Linear, ClickUp, Asana, Trello \u2014 all REJECTED.\ \ The knowledge/ OKF bundle covers documentation; GitHub Projects covers tasks."
- Perf monitoring — Vercel Speed Insights as RUM 2026-06-20Vercel Speed Insights for RUM Web Vitals site, complementing Cloudflare's edge-measured metrics and Sentry's API traces. Free, no Vercel hosting required.
- Notifications — FCM (transport) + Knock (orchestration) 2026-06-20Two-layer notifications: Knock + FCM' (in-app + email + SMS + web push); FCM stays as the web-push transport. Free 10K notifs/mo on Knock, free unlimited on FCM.
- SEO — three pillars: sitemap + IndexNow + JSON-LD 2026-06-20Three SEO pillars: sitemap, IndexNow, JSON-LD' IndexNow (instant indexing), and JSON-LD structured data (semantic). Submitted to Google Search Console + Bing Webmaster Tools. All free, all no-card.
- Time tracking — Wakatime ONLY (Toggl walked back) 2026-06-20Wakatime only time tracking ONLY. Wakatime auto-tracks coding time via IDE plugin (VS Code + JetBrains). Toggl Track was originally adopted alongside it for manual non-coding tracking, then walked back the same day under the new auto-only-tracking rule. Non-coding time is intentionally NOT tracked rather than manually tracked. File renamed via git mv from time-tracking-toggl-plus-wakatime.md.'
- URL shortener quota mitigation — cache the 301 itself at the CF edge 2026-06-20s.oriz.in CF Worker, 100K req/day free tier script. We send `Cache-Control: public, max-age=31536000, immutable` on every\ 301 redirect so CF's edge caches the redirect itself; subsequent visitors hit\ the cache, not the Worker. With caching, only the first visitor per URL per edge\ POP per year burns a Worker request. Realistic upper bound at family-wide traffic\ is ~1-2K requests/day — well under 100K. No external shortener required.
- Testing — three-layer stack (Vitest unit + Playwright E2E + Storybook+Chromatic visual) 2026-06-20Three-layer testing: Vitest, Playwright, Chromatic per PR' against Storybook in parallel. PR fails on any failure in any layer. All free, no card.
- URL shortener three-tier free stack — s.oriz.in primary, TinyURL fallback, GitHub Gist redirect zero-infra 2026-06-20Three-tier URL shortener, all free, no card s.oriz.in CF Worker (primary, edge-cached 301s). Tier 2: TinyURL API (fallback, unlimited free, no auth, no card). Tier 3: GitHub Gist HTML meta-refresh redirect (zero-infra, last-resort). Quota math shows the family sits at ~1-2% of the CF Worker free envelope.
- UTM-only marketing attribution 2026-06-20UTM params for marketing attribution on outbound links links, captured by PostHog + Cloudflare Web Analytics. No paid attribution tool, no SaaS click-tracker, no bounce-redirect domain. oriz-kit ships <UtmLink> to enforce kebab-case naming.
- Accessibility — three-tool stack (axe + Pa11y + Lighthouse CI) 2026-06-20axe-core + Pa11y + Lighthouse CI per PR on any new a11y violation in any tool. Each tool catches a different category.
- Voice / SMS — deferred; route via Knock when needed 2026-06-20Voice/SMS deferred to Knock, no standalone provider \ on card-on-file grounds. If/when SMS becomes needed, the family routes it through\ \ Knock's bundled SMS channel \u2014 already locked as the multi-channel notification\ \ orchestrator (10K notifs/mo free)."
- Code quality — 5-tool stack (Sonarcloud + CodeRabbit + Codecov + Code Climate + DeepSource) 2026-06-20Five code-quality tools per public repo \ tools. Sonarcloud (SAST + smells), CodeRabbit (LLM PR review), Codecov (coverage\ \ delta), Code Climate (A \u2014 F maintainability), DeepSource (autofix). All five\ \ free for the family's public / OSS repos. Builds on the earlier 4-tool stack \u2014\ \ adds Codecov + Code Climate + DeepSource alongside the existing Dependabot + biome\ \ + CodeRabbit + Sonarcloud."
- Family stack lock — Astro 6 + React 19 islands + Tailwind v4 + pnpm + Biome 2026-06-20Same stack all sites. CF Pages monetised, GH Pages info-only
- Tool categories roadmap — Tier 1 + Tier 2 + anti-list 2026-06-2015 tool subdomains: 8 Tier 1 ship day 1' + 7 Tier 2 (stub day 1, fill in later). Tier 3 is explicitly skipped. Anti-list captures categories deliberately rejected (URL shorteners, AI image gen, etc.).
- Tools shipped as 15 separate repos, one per subdomain 2026-06-20Each tool category = own GitHub repo deployed to its own Cloudflare Pages project at <category>.oriz.in. No tools-site monorepo. Picked over 'one repo, 15 subdomain builds' for portfolio framing and SEO concentration.
- oriz-me added to the family as the 11th site 2026-06-192026-06-19: oriz-me added as submodule under sites/
- Lifestream JSONL in git is canonical; Turso is warm cache 2026-06-19chirag127/oriz-me-data holds canonical JSONL events sharded by year by year. Turso libSQL is a rebuilt warm cache for live edge reads, not a source of truth.
- 100-year strategy locked 2026-06-1916-point strategic contract: 50-yr horizon, 10-min/day, JSONL
- Age-gating policy adopted for adult-content sections 2026-06-19Adult-content items behind 18+ gate
- me.oriz.in does NOT publish journal; journal stays auth-gated 2026-06-19Journal: numeric aggregates public, text auth-gated
- One-branch-only rule: main branch only 2026-06-19All repos: main branch only. No feature/fix/chore branches
- All 11 sites have v2 designs landed 2026-06-19v2 designs committed + pushed for all 11 sites. Cross-links fixed