Documentation

Docs

Technical reference for ft3.tronboll.us. Architecture, stack, playbook, and compliance.

Tech Stack

  • Runtime: Next.js 14.2 on Vercel Edge Network
  • Language: TypeScript (strict mode)
  • Database: Neon Postgres (serverless) via Prisma 6.0 ORM
  • Auth: NextAuth 5.0-beta with Prisma Adapter — email (Resend) + GitHub OAuth
  • Editor: Tiptap (ProseMirror) with Markdown storage via Turndown
  • AI (tri-motor): Anthropic Claude Sonnet 4 + OpenAI GPT-4o + xAI Grok-3 — all live in /admin/ai-forge
  • AI (editor): Claude Sonnet 4 — tag/excerpt generation, prose refinement, theme analysis
  • Email: Resend (transactional + newsletter)
  • Styling: Tailwind CSS 3.4 with custom semantic color system (cream/night theme)
  • Search: Client-side full-text over pre-built index
  • Fonts: Crimson Pro (display), Outfit (body), IBM Plex Mono (code)
  • Deployment: Vercel (auto-deploy from main branch, preview deploys on PR)
  • Cron: Vercel Cron Jobs — 1-minute (publish scheduler) + 4-hour (social dispatch)
  • Social: Facebook Graph API + X API v2 (twitter-api-v2) + Instagram Graph API (stubbed)
  • Build Provenance: Automated git SHA + ISO timestamp injection at build time

Platforms

Property Domain Stack
FT3 (essays) ft3.tronboll.us Next.js + Neon Postgres
Stoic Preparedness stoic.tronboll.us Next.js + Supabase
Store store.tronboll.us Next.js + Stripe
Tronboll.us tronboll.us Next.js (static)

All properties share the same design language: flat, monospace-accented, zero-ornament typography. Each runs independently — no shared backend, no microservices, no orchestration layer. Lone Ranger architecture.

Site Architecture Overview

ft3.tronboll.us
├── app/                    # Next.js App Router
│   ├── (public routes)     # Feed, Archive, Posts, Tags, About, Works
│   ├── admin/              # Dashboard, Editor, Scheduled Posts, Preview
│   ├── api/                # REST endpoints (posts, auth, search, cron, AI)
│   └── docs/               # This page
├── components/             # React components (zero external UI library)
├── content/docs/           # Markdown source for /docs
├── lib/                    # Shared utilities (db, auth, posts, build-info)
├── prisma/                 # Schema + migrations
└── public/                 # Static assets

Data Flow

  1. Write: Admin → Tiptap editor → Turndown → Markdown → Prisma → Neon Postgres
  2. Read: Request → Prisma query (published + publishedAt ≤ now) → Remark → HTML → React
  3. Schedule: Admin sets future publishedAt → Vercel Cron (every 60s) → flip published flag
  4. AI: Admin triggers action → API route → Anthropic SDK → Claude Sonnet 4 → structured response

Principles

  • Server components by default. Client components only for interactivity.
  • No state management library. React state + server actions.
  • No component library. Every element is hand-written Tailwind.
  • No analytics, no tracking, no cookies (beyond auth session).
  • Build provenance injected at compile time — never hardcoded.

Developer Playbook

Local Development

git clone <repo>
cp .env.example .env.local
npm install
npx prisma db push
npm run dev

Environment Variables

Variable Purpose
DATABASE_URL Neon Postgres connection string
AUTH_SECRET NextAuth encryption key
AUTH_RESEND_KEY Resend API key for email auth
AUTH_GITHUB_ID / SECRET GitHub OAuth credentials
ANTHROPIC_API_KEY Claude API access
CRON_SECRET Bearer token for /api/cron/publish
RESEND_API_KEY Newsletter sending

Conventions

  • Commits: Imperative mood, one sentence. No emoji.
  • Branches: Feature branches off main. No develop branch.
  • Deploys: Push to main = production. No staging environment.
  • CSS: Tailwind utility classes only. No custom CSS except prose-content and thread-connector.
  • Types: TypeScript strict. No any unless truly necessary.
  • AI assistance: Claude.md governs all automated behavior. Build-info.ts handles provenance.

Command Palette

Press Cmd+K anywhere on the site to open the command palette. Press ? for all keyboard shortcuts.

Compliance & Legal

  • Data Residency: All data stored in Neon Postgres (US regions)
  • Authentication: Email verification (Resend) + GitHub OAuth. No password storage.
  • Session Management: NextAuth with secure HTTP-only cookies. CSRF protection enabled.
  • GDPR: No tracking, no analytics, no third-party cookies. Newsletter subscription is explicit opt-in with email confirmation.
  • Content License: All essays © F. Tronboll III. All rights reserved unless stated otherwise.
  • Open Source: Site infrastructure patterns are documented publicly at /docs. Source code is private.
  • Cookie Policy: Single session cookie for authenticated admin users. No cookies for public visitors.
  • Data Deletion: Subscribers can unsubscribe at any time. Contact for full data deletion requests.

Security Profile

NSA-exceeding protection. Documented. Public. Verifiable.

Full security documentation: /docs/security

Summary

  • Zero-trust authentication with email verification + OAuth
  • Edge-first architecture — no origin server exposed
  • All secrets managed via environment variables, never committed
  • Database connections use SSL with connection pooling
  • Immutable deploy history via Vercel + git SHA provenance
  • Admin routes protected by middleware + session validation + role checks
  • CRON endpoints secured with bearer token verification
  • No user-uploaded files, no file system writes, no shell execution

Release Notes

Auto-generated from deploy history.

v2026.04 — Last compiled 2026-04-16T06:15:59.076Z

Deploy SHA: 2b3f3d3

System Performance

Runtime: Vercel Edge (auto-scaling, zero cold starts on edge functions)

Database: Neon Postgres (serverless, auto-suspend on idle)

Build: 2026-04-16T06:15:59.076Z

Cron: 60s (publish) + 4h (social dispatch) — live proof sheet

AI engines: Claude Sonnet 4 + GPT-4o + Grok-3

CDN: Vercel Edge Network (global)

Last Forge Run

Run ID: 7277a2b0

Model: grok-3

Tokens: 1,464

SHA: 99cdb76

Time: 2026-03-18T22:24:00.379Z

Social Dispatch

Last posted: x2026-04-16T08:02:02.439Z

Post: part-one-the-lie-you-bought

Platform ID: 2044687747722424704

Knowledge Base

How does scheduled publishing work?

Posts with a future publishedAt date are saved with published=false. A Vercel Cron job hits /api/cron/publish every 60 seconds, finds posts where publishedAt ≤ now and published=false, and flips them to published=true. The cron endpoint is secured with a bearer token (CRON_SECRET).

How does the AI assistant work?

The admin editor includes AI actions powered by Claude Sonnet 4 via the Anthropic SDK. Actions: generate tags/excerpt, refine prose, suggest titles, analyze themes. All processing happens server-side via /api/admin/ai. The system prompt enforces the author's voice: philosophical, intentional, unplugged, measured, sometimes provocative.

How does build provenance work?

At build time, next.config.js runs git rev-parse --short HEAD and captures the ISO timestamp. These values are injected as NEXT_PUBLIC env vars and consumed by lib/build-info.ts. The footer, /docs, and HTML comments all read from this single source. Every deploy auto-updates — zero manual work.

ft3 • v2026.04 • last compiled 2026-04-16T06:15:59.076Z • frontier-built with next.js + vim