# knowledge.oriz.in — 828 concept files ## About Open Knowledge Format bundle. Every concept file has YAML frontmatter (type/title/description/tags) + markdown body. Source: https://github.com/chirag127/workspace/tree/main/knowledge ## Concepts ### Oriz Knowledge Change Log Chronological record of all knowledge file changes. URL: https://knowledge.oriz.in/log Type: log Tags: okf, meta, changelog ### Oriz Knowledge Index The canonical brain for the oriz family. Single navigable index of every current knowledge file, organized by area. URL: https://knowledge.oriz.in/index Type: index Tags: okf, index, family ### Brand-independent repo naming — drop oriz- prefix 2026-07-02 All chirag127/* repos use descriptive names without brand prefix. Enables future brand/domain migration without repo renames. Only npm package scope will migrate separately (deferred). URL: https://knowledge.oriz.in/branding/brand-independent-naming-2026-07-02 Type: decision Tags: naming, branding, repos, migration ### chirag127 owns everything — oriz-org dissolved 2026-07-02 Every repo (own, forks, workflows, umbrella) lives under chirag127. oriz-org GitHub org is dissolved. Secrets consolidated in the umbrella (chirag127/workspace). URL: https://knowledge.oriz.in/branding/chirag127-owns-everything-2026-07-02 Type: decision Tags: org, github, branding, recruiter, migration ### Family-wide /privacy page on oriz.in Locked 2026-06-20: single canonical /privacy on oriz.in URL: https://knowledge.oriz.in/branding/family-wide-privacy-page Type: decision Tags: privacy, legal, branding, decisions, oriz-in, compliance ### GitHub repo naming best practices — consolidated rules for the family Single source for all naming rules v5+v6+best practices URL: https://knowledge.oriz.in/branding/github-repo-naming-best-practices Type: decision Tags: naming, repo, branding, best-practices, github, seo ### Headroom AI — how it works internally 3-layer compression proxy for LLM agents. CacheAligner, ContentRouter, SmartCrusher per-type URL: https://knowledge.oriz.in/core-concepts/headroom-internals-2026-06-27 Type: concept Tags: headroom, compression, proxy, ccr, mcp, cache-aligner ### Token-compression techniques catalogue — researched 2026-06-28 Survey of context-compression tools, techniques, agent levers URL: https://knowledge.oriz.in/core-concepts/token-compression-techniques-2026-06-28 Type: concept Tags: compression, tokens, headroom, rtk, caveman, mcp, performance, research, agent-tooling ### i18n — English-only today, Weblate Hosted Libre when ready English-only until non-English demand; then Weblate URL: https://knowledge.oriz.in/branding/i18n-weblate-when-ready Type: decision Tags: decisions, branding, i18n, weblate, deferred-then-locked ### Branding decisions Locked decisions on family naming — repos, packages, domain, and member sites. URL: https://knowledge.oriz.in/branding/index Type: index Tags: decisions, branding, index ### oriz-me added to the family as the 11th site 2026-06-19: oriz-me added as submodule under sites/ URL: https://knowledge.oriz.in/branding/oriz-me-added-to-family Type: decision Tags: oriz-me, family, lifestream, sites, milestone ### Naming policy v6 — family brand + product brand + category + suffix Repos: oriz---. Forks exempt URL: https://knowledge.oriz.in/branding/naming-policy-v6 Type: decision Tags: naming, repo, suffix, family, branding, v6, oriz, single-brand ### Cross-post engine package is named oriz-omnipost RSS cross-poster named @chirag127/oriz-omnipost URL: https://knowledge.oriz.in/branding/omnipost-name Type: decision Tags: decisions, branding, packages, naming, omnipost, cross-post ### Brand capitalisation — Title-Case 'Oriz' in user-facing copy Title-Case Oriz user-facing; lowercase oriz-* in code URL: https://knowledge.oriz.in/branding/title-case-oriz Type: decision Tags: decision, branding, capitalisation, naming ### Repo naming locked: -site for every site + role suffix matrix for everything else Naming suffixes per repo type (-site, -bs-ext, -vsc-ext, -cli, -mcp) URL: https://knowledge.oriz.in/branding/repo-naming-suffixes Type: decision Tags: naming, repo, packages, suffix, family, branding ### Subdomains — category-based with path routing per tool Per-tool subdomains abandoned. Tools at category.oriz.in/tool for SEO URL: https://knowledge.oriz.in/branding/subdomain-path-based-on-category-2026-06-25 Type: decision Tags: decision, branding, subdomain, seo, category, routing ### Family-wide design system locked: Oriz Datasheet Dark Single dark design system: Oriz Datasheet Dark across all surfaces URL: https://knowledge.oriz.in/design/datasheet-dark Type: decision Tags: design, theme, tokens, typography, layout, family ### Design Index of concepts in decisions/design. URL: https://knowledge.oriz.in/design/index Type: index Tags: index, design ### oriz-blog v2 design brief Engineer notebook: cream paper, Fraunces drop-cap, cobalt accent URL: https://knowledge.oriz.in/design/oriz-blog Type: design-brief Tags: design, oriz-blog, v2 ### oriz-book-lore v2 design brief Aged-cream reading-room: pencil-red marginalia, bottle-green ribbon URL: https://knowledge.oriz.in/design/oriz-book-lore Type: design-brief Tags: design, oriz-book-lore, v2 ### oriz-books v2 design brief NCERT directory: library catalogue drawer, ink-block desk URL: https://knowledge.oriz.in/design/oriz-books Type: design-brief Tags: design, oriz-books, v2 ### oriz-finance v2 design brief Finance: graph-paper grid, decimal-aligned numbers, teal, Fraunces URL: https://knowledge.oriz.in/design/oriz-finance Type: design-brief Tags: design, oriz-finance, v2 ### oriz-home v2 design brief Hub: dark leather, monochrome until hover, mustard-yellow URL: https://knowledge.oriz.in/design/oriz-home Type: design-brief Tags: design, oriz-home, v2 ### oriz-cards v2 design brief Credit card dashboard: slate surface, carbon-blue, vermilion negatives URL: https://knowledge.oriz.in/design/oriz-cards Type: design-brief Tags: design, oriz-cards, v2 ### oriz-image-tools v2 design brief Browser darkroom: 13 client-side tools, #C8FF3C accent, no uploads URL: https://knowledge.oriz.in/design/oriz-image-tools Type: design-brief Tags: design, oriz-image-tools, v2 ### oriz-journal v2 design brief Auth-gated PWA: dusk surface, animated wax seal, libsodium encryption URL: https://knowledge.oriz.in/design/oriz-journal Type: design-brief Tags: design, oriz-journal, v2 ### oriz-me v2 design brief Personal site as build manifest: datasheet white, archival-blue URL: https://knowledge.oriz.in/design/oriz-me Type: design-brief Tags: design, oriz-me, v2 ### oriz-pdf-tools v2 design brief Typesetter desk: cream manuscript, all-serif, green CTAs URL: https://knowledge.oriz.in/design/oriz-pdf-tools Type: design-brief Tags: design, oriz-pdf-tools, v2 ### Glossary — family-specific terms Alphabetical index of family-specific terms used across the chirag127/oriz* repos. Grouped into 5 alphabetical subdirs. URL: https://knowledge.oriz.in/glossary/index Type: index Tags: glossary, index, meta ### General Index of concepts in decisions/architecture/general. URL: https://knowledge.oriz.in/decisions/index Type: index Tags: index, general ### Each Chrome extension is its own GitHub repo, added as a submodule Each extension = own repo as git submodule URL: https://knowledge.oriz.in/infrastructure/chrome-extensions-as-submodules Type: decision Tags: extensions, submodules, repos, structure ### Cloudflare Pages hosts every website and app; no other host All sites to Cloudflare Pages free. GH Pages backup only URL: https://knowledge.oriz.in/infrastructure/cloudflare-pages-for-all-sites Type: decision Tags: hosting, cloudflare, firebase, pages ### Extension auth: Firebase primary, license-key fallback Extensions: Firebase Auth + license-key fallback URL: https://knowledge.oriz.in/infrastructure/extension-auth-firebase-plus-license-key Type: decision Tags: extensions, auth, firebase, license-key ### Stay on Firebase Spark forever — never enable Blaze Firebase capped to Spark. Blaze excluded (no-card rule) URL: https://knowledge.oriz.in/infrastructure/firebase-spark-forever Type: decision Tags: firebase, billing, free-tier, constraint ### Every extension publishes to Chrome + Firefox + Edge stores Each extension: GH Actions publishes to Chrome, Firefox, Edge URL: https://knowledge.oriz.in/infrastructure/extensions-cross-store-publish Type: decision Tags: extensions, publishing, ci, github-actions ### Flat subdomain pattern: .oriz.in for every public-facing repo Flat .oriz.in for every public repo, ~85 total URL: https://knowledge.oriz.in/infrastructure/flat-subdomain-pattern Type: decision Tags: decision, subdomains, dns, naming, flat-namespace ### Every site builds a static GitHub Pages mirror per §16 Each site CI builds GH Pages fallback on push to main URL: https://knowledge.oriz.in/infrastructure/github-pages-mirror-per-site Type: decision Tags: hosting, fallback, github-pages, durability ### Add Hookdeck for Razorpay webhook reliability Hookdeck queues Razorpay webhooks. 100K/mo free URL: https://knowledge.oriz.in/infrastructure/hookdeck-for-webhook-reliability Type: decision Tags: decisions, infrastructure, webhooks, payment, razorpay, hookdeck ### Workspace layout: repos///// 5-level hierarchy: owner, own/forks, 4 buckets, category, repo URL: https://knowledge.oriz.in/infrastructure/projects-owner-own-forks-layout Type: decision Tags: layout, monorepo, submodules, workspace, hierarchy, branding ### Hosting migration: Cloudflare Pages -> GitHub Pages + analytics-everywhere stack CF Pages abandoned for GH Pages, CF DNS retained, analytics everywhere URL: https://knowledge.oriz.in/infrastructure/hosting-github-pages-with-analytics-everywhere-2026-06-28 Type: decision Tags: hosting, migration, analytics, observability, github-pages, cloudflare-dns ### MCP config single source of truth across all 5 agents Single .mcp.json synced to all 5 agents via script URL: https://knowledge.oriz.in/infrastructure/mcp-config-sync-2026-06-29 Type: decision Tags: mcp, config, agents, sync, infrastructure ### Infrastructure decisions Locked decisions on hosting, DNS, auth, submodule shape, and webhook reliability. URL: https://knowledge.oriz.in/infrastructure/index Type: index Tags: decisions, infrastructure, index ### Spaceship is the registrar; Cloudflare hosts DNS + email routing Domains at Spaceship. NS to Cloudflare. Email Routing to Gmail URL: https://knowledge.oriz.in/infrastructure/spaceship-registrar-cloudflare-dns Type: decision Tags: decisions, infrastructure, dns, email, spaceship, cloudflare ### Monitor only oriz.in apex, not subdomains SSL + uptime on apex only. Subdomains inherit via CF URL: https://knowledge.oriz.in/infrastructure/monitor-apex-only Type: decision Tags: monitoring, ssl, decision ### Custom-domain strategy is *.oriz.in subdomains Every surface under *.oriz.in, never separate apex URL: https://knowledge.oriz.in/infrastructure/subdomains-under-oriz-in Type: decision Tags: dns, domains, subdomain, oriz-in ### Umbrella repo — chirag127/oriz as the single clone entrypoint Umbrella repo entrypoint: one clone pulls entire fleet URL: https://knowledge.oriz.in/infrastructure/umbrella-as-clone-entrypoint-2026-06-25 Type: decision Tags: decision, umbrella, monorepo, submodules, workspace, infrastructure, clone ### Workspace layout — flat repos// with type-suffix sort Flat repos// dir, type in suffix, forks via .is-fork file URL: https://knowledge.oriz.in/infrastructure/workspace-flat-repos-2026-06-25 Type: decision Tags: decision, layout, monorepo, submodules, workspace, flat-layout ### Donations only — no Pro tier, no ads, no Razorpay checkout Donations only: BuyMeACoffee, GH Sponsors, UPI URL: https://knowledge.oriz.in/monetisation/donations-only-2026-06-25 Type: decision Tags: decision, monetisation, donations, buymeacoffee, github-sponsors, upi, no-ads, no-subscriptions ### AdSense apex application; Ezoic / Mediavine fallback Single AdSense for oriz.in apex. Fallback: Ezoic, Mediavine URL: https://knowledge.oriz.in/monetisation/adsense-apex-application Type: decision Tags: monetisation, adsense, ads, services ### Donations only — no Pro, no ads Donations only, no Pro, no ads, Razorpay killed URL: https://knowledge.oriz.in/monetisation/donations-only-no-pro-no-ads Type: decision Tags: monetisation, donations ### Monetisation decisions Locked decisions on how the family makes money — subscriptions, billing rails, ads. URL: https://knowledge.oriz.in/monetisation/index Type: index Tags: decisions, monetisation, index ### No service in the stack may require a paid subscription All external services must work free-tier indefinitely URL: https://knowledge.oriz.in/monetisation/no-subscriptions-anywhere Type: decision Tags: budget, free-tier, services, constraint ### Monetization centralized on oriz.in Razorpay checkout only on oriz.in/pricing, apps redirect URL: https://knowledge.oriz.in/monetisation/monetization-centralized-on-oriz-in Type: decision Tags: monetisation, razorpay, superseded ### Support every viable payment method, geo-routed Max payment methods: Razorpay, Lemon Squeezy, keygen.sh, 6 donations URL: https://knowledge.oriz.in/monetisation/max-payment-methods Type: decision Tags: billing, payments, india, international, donations, monetisation ### ONE subscription unlocks every site and every extension Single Razorpay sub in Firestore unlocks all paid features URL: https://knowledge.oriz.in/monetisation/one-subscription-unlocks-all Type: decision Tags: subscription, billing, firebase, entitlement ### Per-surface monetisation recommendations — what rail to use where Payment rail per distribution surface (Play, MS Store, web, etc.) URL: https://knowledge.oriz.in/monetisation/per-surface-recommendations Type: decision Tags: decision, monetisation, per-surface, recommendations, playbook ### Monetisation playbook — only rails that do NOT require a card on file Master matrix of no-card-compatible monetisation rails URL: https://knowledge.oriz.in/monetisation/playbook-no-card-rails Type: decision Tags: decision, monetisation, payments, no-card-on-file, play-store, microsoft-store, chrome-web-store, amo, edge-addons, razorpay, paddle, lemon-squeezy, polar-sh, ko-fi, gumroad, leanpub, kdp, github-sponsors, liberapay, substack, patreon, affiliate ### Revenue channels 2026 — every product fans out to every viable channel via omni-publish Revenue channels across 26 apps + 17 packages + 5 books + future browser-/VS-Code-extensions + CLIs + MCP servers) auto-publishes\ to as many revenue channels as 2026's API reality allows. Orchestrated by @chirag127/omni-publish\ on every tag push. AI copy via NVIDIA NIM primary + OpenRouter free-models fallback.\ Drafts for manual-only platforms (X, Reddit, LinkedIn, Medium — all dead/closed\ APIs in 2026) land in a single Telegram channel split into 4 sections. Rate-limit\ ceiling: 1 auto-post per channel per day per repo. URL: https://knowledge.oriz.in/monetisation/revenue-channels-2026 Type: decision Tags: decision, revenue, monetisation, distribution, omni-publish, ai-copy, nvidia-nim, openrouter, automation, channels ### Razorpay is the primary subscription provider Razorpay primary billing. Stripe, Lemon Squeezy, Paddle fallbacks URL: https://knowledge.oriz.in/monetisation/razorpay-as-primary-billing Type: decision Tags: billing, razorpay, subscription, services ### Age-gating policy (family-wide) Adult content: 18+ cookie, 365-day, annual review URL: https://knowledge.oriz.in/policy/age-gating Type: policy Tags: policy, age-gate, privacy, compliance ### Repos never to archive Allowlist of repos archive scripts MUST NOT touch URL: https://knowledge.oriz.in/policy/archive-allowlist Type: policy Tags: policy, repo, archive, allowlist, safety, family ### Commercial-use boundaries per host Commercial use defined. Checkout on api/razorpay, never landing URL: https://knowledge.oriz.in/policy/commercial-use Type: policy Tags: policy, commercial, hosting, terms-of-service ### Canonical store is the git repo; cloud DBs are caches chirag127/oriz-me-data git repo = canonical lifestream store URL: https://knowledge.oriz.in/policy/data-canonical-store Type: policy Tags: policy, data, storage, git, lifestream ### Shipping a forked extension to Chrome Web Store under our name GPL-3.0 forks to CWS: keep license, note modified, rename URL: https://knowledge.oriz.in/policy/forked-extension-cws-rules Type: decision Tags: decision, policy, forks, chrome-web-store, gpl, licensing ### Policy decisions Locked decisions on family-wide policies — monetisation channel matrix, content posture per channel, ethics overrides per app category. URL: https://knowledge.oriz.in/policy/index Type: index Tags: decisions, policy, index ### Monetisation channel matrix — per-channel revenue + ethics rules Canonical matrix: monetisation per publish channel URL: https://knowledge.oriz.in/policy/monetisation-channel-matrix Type: policy Tags: policy, monetisation, channel-matrix, affiliate, ethics, public-health ### Ingester contract (family-wide) Every ingester: idempotent, backfill-capable, 7-day auto-pause, bounded URL: https://knowledge.oriz.in/policy/ingester-contract Type: policy Tags: policy, ingester, lifestream, durability ### Journal text is never public Numeric journal aggregates on me.oriz.in. Text auth-gated URL: https://knowledge.oriz.in/policy/journal-not-public Type: policy Tags: policy, privacy, journal, aggregates ### Per-extension privacy policy with shared boilerplate Each extension: own /privacy. Boilerplate at oriz.in/privacy-base URL: https://knowledge.oriz.in/policy/privacy-policy-per-extension Type: policy Tags: policy, privacy, extensions, compliance ### No paid tier in the dependency stack No paid subs for family services. Free-tier walls fail closed URL: https://knowledge.oriz.in/policy/no-paid-tier Type: policy Tags: policy, free-tier, billing, no-card-on-file ### Private repos are excluded from the 9-host mirror cron Mirror cron excludes private repos via isPrivate + name list URL: https://knowledge.oriz.in/policy/private-repos-excluded-from-mirror-cron Type: decision Tags: decision, policy, mirror, private, secrets, security ### Monetisation — AdSense apex, no ad-slot divs Single AdSense for apex. No ad-slot divs, runtime inject URL: https://knowledge.oriz.in/policy/monetisation Type: policy Tags: policy, monetisation, ads, adsense ### Public / private visibility tiers Four content tiers: public, age-gated, aggregates, private URL: https://knowledge.oriz.in/policy/public-private-line Type: policy Tags: policy, privacy, visibility ### Secrets — envpact only, never in chat Secrets from envpact. Pasted in chat = compromised: revoke, rotate URL: https://knowledge.oriz.in/policy/secrets-handling Type: policy Tags: policy, secrets, security, envpact ### Runbooks index — every operational procedure Step-by-step procedures for the family. Auth setup, adding new sites/extensions, rotating leaked secrets, bumping submodule pointers, and the OKF self-update workflow. Each runbook is one concept file with numbered commands. URL: https://knowledge.oriz.in/runbooks/index Type: index Tags: index, runbook, meta ### Tweeks (NextByte) modification — personal mods OK, no public redistribution Tweeks: closed-source, personal use only, no redistribution URL: https://knowledge.oriz.in/policy/tweeks-personal-use-only Type: decision Tags: decision, tweeks, closed-source, license, cws-tos, personal-use-only ### reference/config-via-file-feature-request-spec-2026-07-02 URL: https://knowledge.oriz.in/reference/config-via-file-feature-request-spec-2026-07-02 Type: other ### Family rules — index The non-negotiable rules every oriz repo follows. One file per atomic rule; this file is the table of contents. URL: https://knowledge.oriz.in/rules/index Type: index Tags: rules, index, meta ### Consent management for many categories — Klaro config + GA4 Consent Mode v2 + geo routing + cookie-less default Klaro consent: 5 categories. EU/UK denied, US/CA accepted URL: https://knowledge.oriz.in/security/consent-management-multi-category Type: decision Tags: security, privacy, consent, klaro, gdpr, ccpa, gpc, cookies, multi-category, geo ### Anti-bot — defense in depth (CF WAF + Turnstile + Hono rate-limit) Bot defense: CF WAF + Turnstile + Hono rate-limit. All free URL: https://knowledge.oriz.in/security/anti-bot-defense-in-depth Type: decision Tags: security, anti-bot, decisions, defense-in-depth, cloudflare, turnstile, hono ### Captcha — Turnstile primary + hCaptcha fallback (both, regional auto-detect) Turnstile primary, hCaptcha fallback. Single Captcha component URL: https://knowledge.oriz.in/security/captcha-turnstile-plus-hcaptcha Type: decision Tags: decisions, security, captcha, turnstile, hcaptcha ### Cookie banner policy — none by default; Klaro lazy-loaded only for EU+tracker pages No cookie banner default. Klaro only for EU/UK with trackers URL: https://knowledge.oriz.in/security/cookie-banner-policy Type: decision Tags: security, privacy, gdpr, cookie-banner, klaro, geo, posthog, ga4 ### Cross-site auth via auth.oriz.in auth.oriz.in shared across all *.oriz.in apps subdomain and every Chrome/Firefox/Edge extension. One sign-in, one Firebase user, every surface. URL: https://knowledge.oriz.in/security/cross-site-auth-via-auth-oriz-in Type: architecture Tags: architecture, auth, firebase, cross-site, extensions ### Domain registrar exception: Spaceship card-on-file auto-renew (oriz.in) Spaceship exception to no-card rule: oriz.in auto-renew only URL: https://knowledge.oriz.in/security/domain-registrar-exception-spaceship Type: decision Tags: decision, exception, domain, registrar, card-on-file ### Env keys + GH Actions secrets — single source of truth, two delivery tracks Two-track env: public .env.example, private GH Secrets at org URL: https://knowledge.oriz.in/security/env-and-secrets-single-source Type: decision Tags: decisions, security, env, dotenv, secrets, doppler, github, org-level, sync, drift ### data.oriz.in aggregator app + centralized auth.oriz.in + Phone-Auth Pro-tier-only oriz-data-aggregator-app + central auth hub \ at `data.oriz.in` renders ECharts dashboards + JSON browser for all 14+ API repos\ \ (separate from per-API GH Pages). (2) `auth.oriz.in` is the central Firebase Auth\ \ domain; all apps redirect there for sign-in; redirect back after success. (3)\ \ Firebase Phone Auth is enabled but UI-gated to Pro tier (Phone SMS costs $0.05/SMS\ \ ~ \u20B94/SMS \u2014 not free; rate-limit free users to 0/day, Pro to 5/day, Max\ \ unlimited). (4) Authentication ONLY in apps, never APIs (APIs serve pure JSON,\ \ no auth)." URL: https://knowledge.oriz.in/security/data-hub-and-central-auth Type: decision Tags: decision, data-hub, auth, firebase, phone-sms, central-auth ### Three-env file split — .env / .env.development / .env.production Three env files per NODE_ENV. Sops-encrypted. Loaded via Vite/Astro URL: https://knowledge.oriz.in/security/env-three-file-split Type: decision Tags: decision, env, secrets, sops, razorpay, vite, astro ### Single env source: c:/D/oriz/.env ? auto-push to chirag127 GH Org Secrets ? apps consume at build Master .env single source. GH Action pushes org secrets daily URL: https://knowledge.oriz.in/security/env-single-source-auto-push Type: decision Tags: decision, env, secrets, single-source, automation, gh-org-secrets, minimum-manual ### Security Index of concepts in decisions/architecture/security. URL: https://knowledge.oriz.in/security/index Type: index Tags: index, security ### Layer 3 — auth on Firebase Spark forever Single Firebase project on Spark plan, never Blaze auth domain auth.oriz.in shared by every site and every extension. URL: https://knowledge.oriz.in/security/layer-3-auth-firebase-spark Type: architecture Tags: architecture, auth, firebase, spark, layer-3 ### Multi-provider auth — 6 providers on Firebase Auth, Apple deferred Firebase Auth: 6 providers (Email, Google, GitHub, Anonymous, MS, Passkeys) URL: https://knowledge.oriz.in/security/multi-provider-auth Type: decision Tags: decisions, security, auth, firebase, microsoft, passkeys ### No auth in apps or APIs — login is a separate project Apps/APIs 100% public, login redirects to dedicated login-manager URL: https://knowledge.oriz.in/security/no-auth-in-apps-or-apis-2026-06-25 Type: decision Tags: auth, public, login-manager, simplicity, donations-only ### Package isolation rule — every external service wraps in a typed package External services wrapped in typed @chirag127 packages so swapping providers is a package version bump, not a 50-file rewrite. Any new service crossing 3+ sites' boundary gets a wrapper on first introduction. URL: https://knowledge.oriz.in/security/package-isolation-rule Type: architecture Tags: architecture, packages, isolation, swap-cost, rule ### Personal notes in public repo — discipline-only Obsidian vault in public repo, discipline not tooling URL: https://knowledge.oriz.in/security/personal-notes-public-discipline-2026-06-27 Type: decision Tags: decision, security, pkm, obsidian, public-repo, discipline ### Payment architecture — direct platform links via CF Worker click-tracker Direct platform links, redirect to payment provider to a provider's hosted checkout (Razorpay Payment Page, Gumroad URL, Paddle checkout\ link, Substack subscribe URL). Provider hosts the checkout; we host the button.\ User picked a small CF Worker proxy that logs the click anonymously to CF Analytics\ Engine and then 302s to the platform URL — ~1 Worker call per checkout, 20x\ headroom on the 100K/day free envelope. Zero payment secrets on our infra (no\ API keys); all payouts go to the creator's bank account after the platform's own\ KYC. Per-region routing: Razorpay (INR) + Paddle (USD/EUR/GBP/ROW) + Gumroad (digital\ downloads) + Substack (newsletters) + Play Billing (in-app). URL: https://knowledge.oriz.in/security/payment-architecture-direct-links Type: decision Tags: decision, architecture, payments, razorpay, paddle, gumroad, substack, cloudflare-workers, no-card-on-file ### Security headers — strict CSP via _headers + dual CI audit Strict CSP/HSTS/Permissions-Policy via CF _headers from oriz-kit URL: https://knowledge.oriz.in/security/security-headers-strategy Type: decision Tags: decisions, security, headers, csp, hsts ### Secrets workflow: sops+age primary, Doppler ALONGSIDE for runtime sync (hybrid) Sops+age source of truth. Doppler parallel CI sync only URL: https://knowledge.oriz.in/security/sops-plus-doppler-hybrid Type: decision Tags: decision, secrets, sops, age, doppler, hybrid, env-management ### Doppler is the source of truth for secrets; GitHub / Cloudflare / Firebase are runtime mirrors Doppler single source for secrets. GH/CF/Firebase synced downstream URL: https://knowledge.oriz.in/security/secrets-management-doppler Type: decision Tags: decisions, security, secrets, doppler, github, cloudflare, firebase ### Razorpay donation button — pl_T4iEPIDcALKLPk, one-click flow Razorpay-hosted donation button mounted on site on every app''s /sponsors route + oriz-cs-me-app footer. One-click: opens Razorpay-hosted donation page; user picks amount; payment received. Separate from subscription flow (donations are one-time, not recurring). Integrated as shared in @chirag127/astro-billing. URL: https://knowledge.oriz.in/security/razorpay-donation-button Type: decision Tags: decision, razorpay, donation, sponsor, billing, button ### Naming Index of concepts in branding/naming. URL: https://knowledge.oriz.in/branding/naming/index Type: index Tags: index, naming ### Family-wide naming policy — repo, npm, subdomain GitHub slug = npm name. Subdomains shorter. Suffix every repo URL: https://knowledge.oriz.in/branding/naming/policy-family-naming-policy Type: decision Tags: naming, repo, npm, subdomain, family, branding ### Service catalog — oriz family One-line index of every external service the chirag127/oriz family uses. Grouped by role into 20 subdirectories — see each subdir's index.md for the per-service detail. URL: https://knowledge.oriz.in/services/index Type: index Tags: services, catalog, index ### App Check Firebase bot-defence layer, gates Firestore calls to verified clients URL: https://knowledge.oriz.in/glossary/a-c/app-check Type: glossary Tags: glossary, firebase, security ### auth domain auth.oriz.in: custom domain, one Firebase project serves all *.oriz.in sites URL: https://knowledge.oriz.in/glossary/a-c/auth-domain Type: glossary Tags: glossary, firebase, auth, domain ### card on file Payment instrument linked to service account; family avoids for paid-tier providers URL: https://knowledge.oriz.in/glossary/a-c/card-on-file Type: glossary Tags: glossary, billing, rule ### cache rebuild GitHub Actions job reads JSONL canonical, re-populates Turso warm cache URL: https://knowledge.oriz.in/glossary/a-c/cache-rebuild Type: glossary Tags: glossary, ci, lifestream, turso ### Glossary — A through C Family-specific terms starting with A, B, or C. URL: https://knowledge.oriz.in/glossary/a-c/index Type: index Tags: glossary, index ### concept file One OKF unit: markdown + YAML frontmatter, one fact/decision/rule URL: https://knowledge.oriz.in/glossary/a-c/concept-file Type: glossary Tags: glossary, okf, format ### data repo chirag127/oriz-me-data: authoritative JSONL store for me.oriz.in lifestream URL: https://knowledge.oriz.in/glossary/d-h/data-repo Type: glossary Tags: glossary, data, lifestream ### digital twin Broader concept lifestream implements: public-facing mirror of one person consumption URL: https://knowledge.oriz.in/glossary/d-h/digital-twin Type: glossary Tags: glossary, digital-twin, lifestream ### -ext suffix -ext suffix on Chrome extension repo names (oriz--ext) URL: https://knowledge.oriz.in/glossary/d-h/extension-suffix Type: glossary Tags: glossary, naming, extensions ### Firestore Spark Firebase free tier; family never upgrades to Blaze URL: https://knowledge.oriz.in/glossary/d-h/firestore-spark Type: glossary Tags: glossary, firebase, billing, rule ### family anchor site oriz-home: v2 design defines patterns other 10 sites reuse URL: https://knowledge.oriz.in/glossary/d-h/family-anchor-site Type: glossary Tags: glossary, design, oriz-home ### Glossary — I through N Family-specific terms starting with I, J, K, L, M, or N. URL: https://knowledge.oriz.in/glossary/i-n/index Type: index Tags: glossary, index ### family chirag127/oriz-* family: 11 sites + N extensions + 6 packages + 1 API URL: https://knowledge.oriz.in/glossary/d-h/family Type: glossary Tags: glossary, family, structure ### lifestream Public daily-rebuilt event store concept powers me.oriz.in URL: https://knowledge.oriz.in/glossary/i-n/lifestream Type: glossary Tags: glossary, lifestream, me-oriz-in ### Glossary — D through H Family-specific terms starting with D, E, F, G, or H. URL: https://knowledge.oriz.in/glossary/d-h/index Type: index Tags: glossary, index ### Hono RPC Type-safe API client pattern: hc from @hono/client URL: https://knowledge.oriz.in/glossary/d-h/hono-rpc Type: glossary Tags: glossary, hono, api, types ### master repo chirag127/oriz: umbrella repo holding every submodule + knowledge/ + design/ URL: https://knowledge.oriz.in/glossary/i-n/master-repo Type: glossary Tags: glossary, git, structure ### omnipost @chirag127/oriz-omnipost: RSS-driven cross-post engine to every platform via Adapter pattern URL: https://knowledge.oriz.in/glossary/o-r/omnipost Type: glossary Tags: glossary, package, cross-post, omnipost ### OKF bundle Directory of concept files per organization; knowledge/ is one such bundle URL: https://knowledge.oriz.in/glossary/o-r/okf-bundle Type: glossary Tags: glossary, okf, format ### Glossary — O through R Family-specific terms starting with O, P, Q, or R. URL: https://knowledge.oriz.in/glossary/o-r/index Type: index Tags: glossary, index ### parallel fan-out Spawning N subagents simultaneously for independent work URL: https://knowledge.oriz.in/glossary/o-r/parallel-fan-out Type: glossary Tags: glossary, agents, parallel ### oriz Family brand, master GitHub repo name, apex domain (oriz.in) URL: https://knowledge.oriz.in/glossary/o-r/oriz Type: glossary Tags: glossary, brand, domain ### Glossary — S through Z Family-specific terms starting with S through Z. URL: https://knowledge.oriz.in/glossary/s-z/index Type: index Tags: glossary, index ### package isolation Wrap external service in typed package; swapping providers = version bump, not rewrite URL: https://knowledge.oriz.in/glossary/o-r/package-isolation Type: glossary Tags: glossary, rule, packages ### parallel by default Family rule: parallelisable work MUST fan out via subagents URL: https://knowledge.oriz.in/glossary/o-r/parallel-by-default Type: glossary Tags: glossary, rule, agents ### self-update rule Every chat decision lands in knowledge/ same conversation URL: https://knowledge.oriz.in/glossary/s-z/self-update-rule Type: glossary Tags: glossary, rule, knowledge ### -site suffix -site suffix on website repo names (oriz--site) URL: https://knowledge.oriz.in/glossary/s-z/site-suffix Type: glossary Tags: glossary, naming, sites ### submodule pointer Master oriz repo recorded SHA per submodule; production state contract URL: https://knowledge.oriz.in/glossary/s-z/submodule-pointer Type: glossary Tags: glossary, git, submodule ### the provenance strip oriz-me signature element: live build manifest at top of every page URL: https://knowledge.oriz.in/glossary/s-z/the-provenance-strip Type: glossary Tags: glossary, design, oriz-me, lifestream ### the seal oriz-journal signature animation (only motion in app), encryption metaphor URL: https://knowledge.oriz.in/glossary/s-z/the-seal Type: glossary Tags: glossary, design, oriz-journal ### survival fallback Layer surviving if all primary services die (GitHub Pages mirrors + git-canonical data repo) URL: https://knowledge.oriz.in/glossary/s-z/survival-fallback Type: glossary Tags: glossary, survival, hosting, 100-year-strategy ### AI split — Puter.js (browser) + Cloudflare Workers AI (server) Two AI providers picked by surface. Puter.js for browser, CF Workers AI for server (user-pays, no API key client-side). Cloudflare Workers AI for server-side calls inside the Hono Worker (10K neurons/day, zero-egress, native binding). Different surfaces, different reasons. URL: https://knowledge.oriz.in/decisions/compute/ai-puter-plus-cf-workers-ai Type: decision Tags: ai, puter, cloudflare-workers-ai, surface-split, llm ### the spine oriz-blog typographic series indicator URL: https://knowledge.oriz.in/glossary/s-z/the-spine Type: glossary Tags: glossary, design, oriz-blog ### API hosting triple-rail: GH Pages per API + RapidAPI listing + data.oriz.in aggregator hub Every API repo serves data via THREE rails simultaneously GitHub Pages per API with custom domain `.api.oriz.in` (CNAME). (2) RapidAPI\ marketplace listing (free + paid tiers for monetization). (3) Single `data.oriz.in`\ aggregator app on Cloudflare Pages that catalogs all APIs + provides unified docs\ + dashboard. NO Cloudflare Workers anywhere. Each API repo also ships native distributables\ (APK/MSIX/EXE/PWA) via PWABuilder — even API repos get installable apps.\ 14 APIs scaffolded: existing FII/DII + MMI + 12 new (NSE-BSE tickers, MF-NAV proxy\ of api.mfapi.in, RBI rates, gold/silver, IRCTC PNR, CPCB AQI, global AQI proxy,\ petrol/diesel, pincode, IFSC, India holidays, currency aggregator). URL: https://knowledge.oriz.in/decisions/compute/api-hosting-triple-rail Type: decision Tags: decision, apis, github-pages, rapidapi, data-aggregator, hosting, monetization ### API mocks — MSW (in-process) + Mockoon (out-of-process), split by surface Two API-mock tools. MSW handles in-browser + in-Node test mocks (unit / Vitest, component stories, Playwright dev). Mockoon handles E2E + manual dev mocks of third-party APIs (Razorpay sandbox, Open-Meteo, Alpha Vantage when offline). Both free OSS. Different surfaces, different reasons. URL: https://knowledge.oriz.in/decisions/compute/api-mocks-msw-plus-mockoon Type: decision Tags: decisions, architecture, testing, api-mock, msw, mockoon ### API routes — apps/api/src/routes/ structure Hono Worker splits routes by concern under apps/api/src/routes/ \ \u2014 contact, recaptcha, razorpay, firestore, turso, auth. Each folder owns\ \ the integration with one external service." URL: https://knowledge.oriz.in/decisions/compute/api-routes-structure Type: architecture Tags: architecture, api, hono, routes ### API umbrella — one Hono Worker at api.oriz.in Single Hono Worker at api.oriz.in serves all family API routes See the decision file for why. URL: https://knowledge.oriz.in/decisions/compute/api-umbrella-hono-worker Type: architecture Tags: architecture, api, hono, worker, umbrella ### decisions/compute/api-scraping-tos-audit URL: https://knowledge.oriz.in/decisions/compute/api-scraping-tos-audit Type: other ### Chromium Engine Hardware Scaling Profiles Chromium optimization profiles: cloud vCPU, hybrid local, mobile URL: https://knowledge.oriz.in/decisions/compute/chromium-hardware-scaling-profiles Type: decision Tags: architecture, decisions, performance, hardware, optimization ### Cron split — Cloudflare Cron Triggers + GitHub Actions schedule, by job shape Cron on both substrates. CF Triggers for low-latency, GH Actions for heavy jobs; GH Actions schedule for build / publish jobs that need a runner. Pick by the job's shape, not by convenience. URL: https://knowledge.oriz.in/decisions/compute/cron-split-cf-vs-gh Type: decision Tags: decisions, architecture, cron, cloudflare, github-actions ### Cloudflare Worker quota mitigation playbook 8-step playbook for staying under CF Workers free tier free-tier quota (100K req/day per Worker, 10ms CPU/req). Cache aggressively at the edge, split Workers by domain, and prefer `_headers`/`_redirects` over Worker logic when possible. Generalises the URL-shortener cache trick to every Worker in the family.' URL: https://knowledge.oriz.in/decisions/compute/cf-worker-quota-mitigation Type: decision Tags: cloudflare, workers, quotas, caching, performance, decisions, architecture ### Data APIs — Open-Meteo (weather) + Alpha Vantage (finance) Open-Meteo for weather, Alpha Vantage for finance / market data. Both free, no card. Both fronted by the umbrella Hono Worker with KV-backed cache (1h TTL on weather, 1d TTL on finance EOD) per the CF Worker quota mitigation playbook.' URL: https://knowledge.oriz.in/decisions/compute/data-apis-open-meteo-alpha-vantage Type: decision Tags: decisions, architecture, data-api, weather, finance, open-meteo, alpha-vantage ### Billing webhook architecture: CF Pages Function → Firestore Razorpay (INR) + Paddle (ROW) + Play Billing + MS Store \ webhook handlers all land on a single CF Pages Function endpoint per provider\ \ (4 endpoints total). The function (1) verifies the provider's webhook signature,\ \ (2) writes user subscription state to Firestore, (3) returns 200. Zero CF Workers\ \ in the hot path of payments. Each provider's pricing page button is a direct platform\ \ link \u2014 no proxy through our infra. ~1 Pages Function call per purchase." URL: https://knowledge.oriz.in/decisions/compute/billing-webhook-cf-pages-function Type: decision Tags: decision, billing, webhook, razorpay, paddle, play-billing, ms-store, cf-pages-function ### Distribution + queues locked: 3-store browser-ext + dual VS Code marketplace + PWA-only + CF Queues + Hookdeck Batch 13 lock covering distribution + reliability \ publish to Chrome + Firefox + Edge. VS Code extensions publish to VS Code Marketplace\ \ + Open VSX (JetBrains walked back). Every site is a PWA via @vite-pwa/astro (Capacitor\ \ + Tauri walked back). Webhook reliability is Hookdeck \u2192 Cloudflare Queues\ \ (Trigger.dev walked back). All free, no card." URL: https://knowledge.oriz.in/decisions/compute/distribution-and-queues-locked Type: decision Tags: decisions, architecture, distribution, extensions, vscode, pwa, queue, hookdeck, batch-13 ### Drafts queue host — private GitHub repo with Issues (replaces Telegram) Drafts queue lives in private GitHub repo chirag127/oriz-drafts using GitHub Issues. omni-publish creates one issue per draft per platform with platform-labelled tags. Issue body is ready-to-paste copy + canonical URL + cover image URL. Close issue when manually posted; reopen if retry needed. Replaces Telegram (banned in India). Requires OMNI_DRAFTS_GH_PAT env var with repo scope. URL: https://knowledge.oriz.in/decisions/compute/drafts-queue-host Type: decision Tags: decision, drafts, queue, github-issues, replaces-telegram, omni-publish ### Hono RPC for type-safe API client Type-safe site to API client via Hono. No codegen \ no schema files \u2014 backend types flow to N frontends through a workspace package." URL: https://knowledge.oriz.in/decisions/compute/hono-rpc-for-type-sharing Type: decision Tags: api, hono, types, typescript, rpc ### GitHub Pages as canonical static JSON API host Static read-only JSON APIs via GitHub Pages in name-api repos Pages with a custom subdomain. GH Actions cron updates the JSON. Cloudflare Worker only for dynamic / write / auth-gated endpoints. APIs are publishable to RapidAPI + other monetization marketplaces. URL: https://knowledge.oriz.in/decisions/compute/github-pages-as-json-api Type: decision Tags: architecture, api, json, github-pages, monetization, rapidapi, static ### Health checks — split between healthchecks.io (cron heartbeats) and Better Stack (HTTP uptime) Cron-job liveness verified by healthchecks.io \ heartbeat pings (dead-man-switch on 20 free checks), HTTP endpoint uptime is verified\ \ by Better Stack monitors (10 free monitors). Two distinct surfaces, two free tools,\ \ no overlap. Reinforces the auto-only-tracking rule \u2014 both verify auto-tracked\ \ surfaces without human polling." URL: https://knowledge.oriz.in/decisions/compute/health-check-cron-plus-uptime Type: decision Tags: monitoring, health-check, heartbeat, uptime, cron, decisions, architecture ### Hono RPC type-sharing — `hc` client across sites API consumers get full type inference from Hono Worker via rpc client. See the decision file for why. URL: https://knowledge.oriz.in/decisions/compute/hono-rpc-type-sharing Type: architecture Tags: architecture, hono, rpc, type-safety ### One Hono Worker at api.oriz.in is the entire API layer All 11+ sites and extensions share single Hono Worker at api.oriz.in, NOT per-site Pages Functions. URL: https://knowledge.oriz.in/decisions/compute/hono-worker-api-umbrella Type: decision Tags: api, cloudflare, hono, workers, architecture ### Hono framework — write once, deploy to all 4 serverless rails Every API/Worker uses Hono. Same logic writes once, deploys everywhere \ logic compiles to CF Workers, Deno Deploy, AWS Lambda, and Render Node \u2014\ \ via 4 thin adapter shims (~10 LOC each). Removes per-rail rewrites when failover\ \ requires switching rails." URL: https://knowledge.oriz.in/decisions/compute/hono-write-once-deploy-all-rails Type: decision Tags: decision, framework, hono, portability, serverless, multi-rail ### Layer 5 — compute, in three tiers Compute split: GH Actions cron, CF Workers, specialized' Workers (edge runtime), and the user's browser. Each tier has a free quota and a clear remit. URL: https://knowledge.oriz.in/decisions/compute/layer-5-compute Type: architecture Tags: architecture, compute, workers, github-actions, browser, layer-5 ### Compute Index of concepts in decisions/architecture/compute. URL: https://knowledge.oriz.in/decisions/compute/index Type: index Tags: index, compute ### Queue — Cloudflare Queues, picked for stack cohesion Cloudflare Queues primary durable queue. Picked for native Worker bindings + same-account billing surface, not for feature richness. Upstash QStash + Inngest documented as deferred alternatives. URL: https://knowledge.oriz.in/decisions/compute/queue-cloudflare-native Type: decision Tags: queue, cloudflare, workers, stack-cohesion ### Market-data APIs — FII/DII Activity + Tickertape MMI as standalone repos (GH Actions + GH Pages) Two India-market data APIs, each in own GitHub repo oriz-flow-fii-dii-activity-api (NSE/Moneycontrol FII/DII net activity) + oriz-mmi-tickertape-mmi-api (Tickertape Market Mood Index). GH Actions cron scrapes; GH Pages + raw.githubusercontent.com serve. The earlier CF Worker design (and the briefly-tried oriz-market-data aggregator) were both reverted on 2026-06-22; this file is now active again under the per-repo + GH-Pages shape.' URL: https://knowledge.oriz.in/decisions/compute/market-data-apis Type: decision Tags: decision, architecture, api, market-data, github-actions, github-pages, india, free-tier ### Local dev tunneling — Wrangler + Astro dev + Cloudflare Tunnel Local dev runs on three substrates via CF Tunnel \ picked by surface \u2014 Wrangler dev for Cloudflare Workers, Astro dev for sites,\ \ Cloudflare Tunnel (cloudflared) for exposing localhost to the public internet\ \ for webhook testing. ngrok and localtunnel REJECTED." URL: https://knowledge.oriz.in/decisions/compute/local-dev-tunneling-cf-tunnel Type: decision Tags: decisions, architecture, dev-tools, tunneling, cloudflare-tunnel, wrangler, astro, webhook-testing ### Zero-cost inference backends — Ollama + Cloudflare Workers AI + Puter.js Approved LLM endpoints when not using paid Claude/GPT keys. Local (Ollama) + serverless (Workers AI) + browser (Puter.js). Zero card, zero subscription. Grill-locked 2026-06-30 alongside gemini-cli-agent-addition. URL: https://knowledge.oriz.in/decisions/compute/zero-cost-inference-backends-2026-06-30 Type: decision Tags: ai, inference, ollama, cloudflare-workers-ai, puter-js, no-card, grill-decision, fallback-ladder ### Modal Labs for GPU batch + Val.town for utility scripts Modal Labs + Val Town for specialized compute (verified). Modal handles GPU-heavy batch jobs ($30/mo recurring credits = ~50 T4-hours, no card at signup, hard Workspace budget cap). Val.town handles utility scripts + webhook receivers + cron reminders (100K runs/day free, GitHub OAuth signup). Modal is NOT part of the 4-rail HTTP fallback chain; it's a specialized rail. URL: https://knowledge.oriz.in/decisions/compute/modal-plus-val-town-specialized-rails Type: decision Tags: decision, gpu, modal, val-town, batch, specialized-rails, free-tier ### Enable auto-sync scripts for cross-machine parity Reverse the 2026-06-29 manual-only stance; MEMORY sync + globals-derived + mirror hosts now auto on hooks/cron with grill-on-drift. URL: https://knowledge.oriz.in/decisions/agent-tooling/auto-sync-enabled-2026-07-03 Type: decision Tags: sync, hooks, automation, cross-machine ### No Firebase Functions — Blaze requires a card on file, hard blocked No Firebase Functions, avoids Blaze plan which requires a card on file with no real spend cap. Per the no-card-on-file rule, Functions are excluded. Replaces with: GitHub Actions cron (free for public repos), Cloudflare Workers (100K req/day free), Cloudflare Pages Functions (shared 100K/day free), browser-side compute, static JSON in Pages. URL: https://knowledge.oriz.in/decisions/compute/no-firebase-functions Type: decision Tags: decision, architecture, firebase, no-functions, no-card-on-file, cloudflare-workers, cloudflare-pages-functions, github-actions, serverless ### Service Bindings — future privileged-Worker split CF Service Bindings: zero-cost, zero-hop RPC between Workers' Workers. Reserved for a future split where the Hono umbrella Worker delegates privileged auth/billing logic to a separate "auth-core" Worker. URL: https://knowledge.oriz.in/decisions/compute/service-bindings-future Type: architecture Tags: architecture, api, cloudflare-workers, service-bindings, future ### Skills in .agents/skills/ workspace-scoped + junctions for all 5 agents Canonical skills dir .agents/skills/, NTFS junctions, 5 agents URL: https://knowledge.oriz.in/decisions/agent-tooling/agent-skills-monorepo Type: decision Tags: architecture, skills, agents, junctions, workspace-scoped ### Publish knowledge/ to knowledge.oriz.in via Kiso + CF Pages OKF bundle mirrored to public URL; Kiso as build engine; CF Pages host; llms.txt + sitemap.xml + RSS/Atom on top. URL: https://knowledge.oriz.in/decisions/agent-tooling/cloud-publish-knowledge-2026-07-03 Type: decision Tags: okf, publishing, cloudflare-pages, kiso, knowledge ### Boone as OKF search engine — replaces stdlib prompt-lookup Community boone CLI (BM25 + graph) adopted for OKF search; swap into UserPromptSubmit hook; stdlib script kept as fallback. URL: https://knowledge.oriz.in/decisions/agent-tooling/boone-as-okf-search-2026-07-03 Type: decision Tags: okf, boone, search, bm25, hook ### Dropped-agent configs deleted early — override 90-day cooldown .opencode/.kilocode/.antigravity/.mimo/ config directories deleted now instead of waiting 2026-10-02; pointer stubs preserved for AGENTS.md portability. URL: https://knowledge.oriz.in/decisions/agent-tooling/dropped-agent-configs-early-cleanup-2026-07-03 Type: decision Tags: fleet-cut, cleanup, agents ### Corp laptop vs personal laptop split (2026-06-29) CC + Bedrock corp-only. Personal on free providers. No-card blocks CC paid on personal URL: https://knowledge.oriz.in/decisions/agent-tooling/corp-vs-personal-laptop-split-2026-06-29 Type: decision Tags: agent-tooling, fleet, claude-code, personal-laptop, corp-laptop, free-providers ### Triple-fanout skills publishing — skills.oriz.in + registry + GH Pages agent-skills submodule published to CF Pages branded site + skillshare/openskills registry + GH Pages default. Maximum reach. URL: https://knowledge.oriz.in/decisions/agent-tooling/cloud-publish-skills-2026-07-03 Type: decision Tags: skills, publishing, cloudflare-pages, registry ### Workspace canonical; globals derived by script (2026-06-29) Workspace files canonical. Global configs derived via sync-globals.mjs. Drift triggers grill-me URL: https://knowledge.oriz.in/decisions/agent-tooling/globals-derived-rule-2026-06-29 Type: decision Tags: global, workspace, mcp, agent-tooling, grill-decision, sync-script ### Fleet cut to Claude Code only (2026-07-02) Drop ZCode, OpenCode, Kilo Code, Antigravity, MiMoCode from installed fleet. Claude Code + Bedrock chain is the sole agent. URL: https://knowledge.oriz.in/decisions/agent-tooling/fleet-cut-to-cc-only-2026-07-02 Type: decision Tags: fleet, agents, cc, drops ### Fleet cut 2026-07-01 — drop gocode, Codeep, Claurst, Coddy Reduce coding-agent fleet from 10 → 6. Remove marginal agents (gocode, Codeep, Claurst, Coddy) after audit found no differentiating usage patterns. URL: https://knowledge.oriz.in/decisions/agent-tooling/fleet-cut-gocode-2026-07-01 Type: decision Tags: fleet, agents, cut, gocode, codeep, claurst, coddy ### freellmapi: run from source, auto-pull on boot, free-tier aggregator Run `tashfeenahmed/freellmapi` (14K-star OpenAI-compat proxy stacking 16 free LLM provider tiers) from the local fork's dev server. Auto-start on Windows login on ports :3001 (server) + :5173 (Vite client). URL: https://knowledge.oriz.in/decisions/agent-tooling/freellmapi-dev-server-from-source-2026-06-30 Type: decision Tags: freellmapi, dev-server, ai-gateway, free-tier, auto-start, windows ### Headroom: always-on proxy (not on-demand) Headroom persistent background proxy. Idle RAM for zero cold-start. Starts at login URL: https://knowledge.oriz.in/decisions/agent-tooling/headroom-always-on-proxy-2026-06-26 Type: decision Tags: decision, agent-tooling, headroom, proxy, lifecycle ### Headroom 0.27 via Docker — chain Hr ? hai ? Bedrock Hr 0.27 native build blocked by ASR. Docker bypasses. Backend anthropic passthrough URL: https://knowledge.oriz.in/decisions/agent-tooling/headroom-027-docker-2026-06-27 Type: decision Tags: headroom, hai, docker, compression, sap, bedrock, asr ### Tooling decisions Locked decisions about specific developer tools used across the family. Placeholder bucket — currently empty. URL: https://knowledge.oriz.in/decisions/agent-tooling/index Type: index Tags: decisions, tooling, index ### OKF build engine — Astro custom (Kiso deferred) Fresh verification found Kiso is HN-post-only (no npm/repo). Fallback to custom Astro via api-fleet-template pattern. Revisit Kiso when installable. URL: https://knowledge.oriz.in/decisions/agent-tooling/okf-build-engine-astro-2026-07-03 Type: decision Tags: okf, astro, static-site, build ### Public knowledge MCP server — chirag127-knowledge-mcp MCP server exposing knowledge/ OKF bundle over MCP; boone-backed; no auth; any AGENTS.md-reader can wire and query. URL: https://knowledge.oriz.in/decisions/agent-tooling/knowledge-mcp-server-public-2026-07-03 Type: decision Tags: mcp, okf, knowledge, public ### MCP server registry — 11 servers installed 2026-06-27 Final MCP set after audit. Searxng, github Docker, npx/uvx tools, chirag127 toolbox URL: https://knowledge.oriz.in/decisions/agent-tooling/mcp-server-registry-2026-06-27 Type: decision Tags: mcp, claude-code, registry, agent-tooling ### Headroom install: all paths (Claude Code + ScriptCat + standalone) Headroom 3 paths: CC (CLI), ScriptCat, standalone. One binary, three entry points URL: https://knowledge.oriz.in/decisions/agent-tooling/headroom-install-all-paths-2026-06-26 Type: decision Tags: decision, agent-tooling, headroom, proxy, install ### MEMORY.md cross-machine sync via chirag127/claude-memory + sops+age Private GH repo with sops+age encrypted MEMORY.md and per-project memory/ trees. Auto-push on session end, auto-pull on session start. URL: https://knowledge.oriz.in/decisions/agent-tooling/memory-cross-machine-sync-2026-07-03 Type: decision Tags: memory, sync, sops, age, encryption, hooks ### OKF publishing conventions for oriz bundles Filenames, feeds, structure for public OKF bundles at knowledge.oriz.in / skills.oriz.in; adopts Kiso defaults + adds RSS/Atom first-mover. URL: https://knowledge.oriz.in/decisions/agent-tooling/okf-publishing-conventions-2026-07-03 Type: decision Tags: okf, publishing, conventions, rss ### OmniRoute: run from source via dev server, auto-pull on boot Switch from `npm install -g omniroute` to running the cloned fork's dev server. Auto-start on Windows login pulls upstream and launches pnpm dev in a dedicated Windows Terminal tab. URL: https://knowledge.oriz.in/decisions/agent-tooling/omniroute-dev-server-from-source-2026-06-30 Type: decision Tags: omniroute, dev-server, ai-gateway, auto-start, windows ### oriz-org dissolved — everything to chirag127 GitHub org dissolved 2026-07-03; all repos + workspace umbrella now under chirag127 personal account; sweep replaces all references. URL: https://knowledge.oriz.in/decisions/agent-tooling/org-dissolved-migration-2026-07-03 Type: decision Tags: github, migration, ownership, org ### OKF v0.2 additions upstreamed to Google PR to GoogleCloudPlatform/knowledge-catalog proposing optional `confidence` and `durability` fields; agentmemory precedent cited. URL: https://knowledge.oriz.in/decisions/agent-tooling/okf-v0.2-upstream-to-google-2026-07-03 Type: decision Tags: okf, upstream, google, spec ### All apps static — no SSR All 6 apps static Astro builds. CF Pages SSR deprecation does not affect us URL: https://knowledge.oriz.in/decisions/apps/all-apps-static-no-ssr Type: decision Tags: astro, static, ssr, cloudflare-pages ### Headroom proxy auto-start via Windows Task Scheduler at login Headroom launches at logon via Task Scheduler. Runs as logged-in user with env + creds URL: https://knowledge.oriz.in/decisions/agent-tooling/task-scheduler-at-login-2026-06-26 Type: decision Tags: decision, agent-tooling, headroom, autostart, windows, task-scheduler ### OSS audit — file real gaps as upstream issues (2026-07-01) Systematic audit of every OSS tool we depend on. 60+ issues + comments + PRs filed across 29 upstream repos in one session. Filing at upstream, never patching locally, is the family default. URL: https://knowledge.oriz.in/decisions/agent-tooling/oss-audit-2026-07-01 Type: decision Tags: oss, upstream, issues, audit, agents, mcp, fleet ### Chrome contract — @chirag127/astro-chrome v0.1 4 per-site config files drive generic components, 3-level contract \ sidebar (Section \u2192 Group \u2192 Leaf); shared Datasheet Dark tokens across\ \ every site (no per-site accent); Iosevka wordmark stamp (slug-only, no ORIZ prefix);\ \ 24 auto-generated legal pages; pnpm workspace at the workspace umbrella root." URL: https://knowledge.oriz.in/decisions/apps/chrome-config-contract Type: decision Tags: architecture, chrome, components, config, design, legal, pnpm, workspace ### cards-site — all financial cards, India cards-site (cards.oriz.in) covers all financial cards in India market: credit + debit + forex + prepaid + travel. Inspired by CardInsider / TechnoFino / Paisabazaar / BookMyForex. Reviews + comparisons + calculators + guides + offers + tools. Affiliate-monetisable. URL: https://knowledge.oriz.in/decisions/apps/cards-site-scope Type: decision Tags: architecture, sites, cards, finance, india ### Auto-generate skills from knowledge/rules Every knowledge/rules/agent/*.md compiled to a SKILL.md so rules are invokable as skills; cross-linked, not merged. URL: https://knowledge.oriz.in/decisions/agent-tooling/rules-become-skills-2026-07-03 Type: decision Tags: skills, rules, discovery, automation ### Content apps scope — tabs / journal / lore-summaries, ship after Wave 1 Three Wave 3 content apps. tabs-cards-app at tabs.oriz.in cards, Notion/Tabby style). roam-journal-app at journal.oriz.in (networked daily journal, Roam-style backlinks). lore-book-summaries-app at lore.oriz.in (book + movie + show summaries). All three: anonymous-first, free + sponsor footer. Ship after janaushdhi + ncert + blog land. URL: https://knowledge.oriz.in/decisions/apps/content-apps-scope Type: decision Tags: decision, app, content-apps, tabs, journal, lore, wave-3 ### Data lives in each app's own repo — no separate data repos for janaushdhi/ncert/financial-cards Locked 2026-06-22. Reverses proposal to create separate data repos `oriz-*-data` repos for data-driven apps. Reason: ''I don''t want to increase the number of repositories just for the sake of it.'' Each app''s `data/` dir holds its own data. Per-app GH Action cron writes fresh data to that dir + commits. Push to app''s main branch triggers CF Pages redeploy automatically. Apps consume data via build-time import (static fastest). Where runtime freshness needed: lazy fetch + SWR + localStorage cache. Existing `oriz-flow-fii-dii-activity-api` + `oriz-mmi-tickertape-mmi-api` repos STAY (they''re API services, not data; data lives in their own data/ dir per-repo). URL: https://knowledge.oriz.in/decisions/apps/data-in-app-repos-not-separate Type: decision Tags: decision, data, mono-app-repos, no-data-split, cron ### cs-me-app scope — personal canon at me.oriz.in / cs.oriz.in Personal site at me.oriz.in (aliased cs.oriz.in to same site) Maximal personal canon: resume + project portfolio + writing + contact + reading\ log + music + books-read + photo dump + movies/watch list. Pulls from knowledge/\ where possible. Wider scope than a classic dev personal site — treat as the\ user's personal everything-page. URL: https://knowledge.oriz.in/decisions/apps/cs-me-app-scope Type: decision Tags: decision, app, cs-me, personal-site, canon, oriz-cs-me-app ### Eleven saturated apps archived 2026-06-25 11 saturated-market apps archived. Subdomains freed. Repos read-only URL: https://knowledge.oriz.in/decisions/apps/eleven-saturated-apps-archived-2026-06-25 Type: decision Tags: scope-cut, fleet, apps, archive ### Finance — one repo, ten routes at finance.oriz.in 10 finance calculators into single repo. Shared @oriz/finance package URL: https://knowledge.oriz.in/decisions/apps/finance-one-repo-ten-routes-2026-06-25 Type: decision Tags: decision, apps, finance, consolidation, routing, repo-shape ### Family-wide /stats page on oriz.in (auto-tracked, public, all 11 sites + all repos) oriz.in/stats aggregates visitor data from all family sites sites + code-stats data from all family repos, build-time fetched from CF Web Analytics + GitHub Insights + Wakatime + Tokei. Public, transparent, auto-refreshed via daily cron. Reinforces the auto-only-tracking and auto-tracking-everywhere posture. Single oriz-kit component pulls everything.' URL: https://knowledge.oriz.in/decisions/apps/family-wide-stats-page Type: decision Tags: stats, oriz-in, transparency, public, auto-tracking, decisions, architecture ### home-app shape — marketing landing, 5-section grid, not a dashboard oriz.in marketing landing page. Single hero + 5-section grid linking to /apps, /tools, /books, /packages, /me. Minimal copy. Designed for first impression and discovery. NOT a logged-in dashboard, NOT a personal home, NOT a status overview. URL: https://knowledge.oriz.in/decisions/apps/home-app-shape Type: decision Tags: decision, home-app, landing, marketing, oriz-in ### janaushdhi-app scope — daily Jan Aushadhi scrape, substitutes, stores, savings janaushdhi.oriz.in scrapes Janaushadhi Pariyojana \ product portfolio daily via GH Action, commits CSV + JSON snapshots, renders per-product\ \ price-history graphs, brand \u2192 generic substitute finder, per-state store\ \ locator, and savings calculator. Free + sponsor footer ONLY \u2014 public health\ \ ethics forbid ads, affiliate, third-party tracking." URL: https://knowledge.oriz.in/decisions/apps/janaushdhi-app-scope Type: decision Tags: decision, app, janaushdhi, health, india, public-data, scraping ### Apps Index of concepts in decisions/architecture/apps. URL: https://knowledge.oriz.in/decisions/apps/index Type: index Tags: index, apps ### Lifestream auto-event sources — three streams (GitHub webhooks + Wakatime daily + CF Web Analytics daily) Three auto-sources feed oriz-me JSONL lifestream \ auto-tracked event sources only \u2014 GitHub webhooks via Hookdeck, Wakatime\ \ daily-summary cron, and Cloudflare Web Analytics daily-summary cron. No manual\ \ entry, no minute-grain coding capture, no per-pageview visitor capture. Reinforces\ \ the auto-only-tracking rule." URL: https://knowledge.oriz.in/decisions/apps/lifestream-auto-event-sources Type: decision Tags: lifestream, jsonl, auto-tracking, github-webhooks, wakatime, cloudflare-web-analytics, decisions, architecture ### ncert-app scope — merge per-chapter NCERT PDFs into one-per-book, all classes, EN + HI ncert.oriz.in catalogs all NCERT textbooks (Pre-Primary + 1-12) \ all subjects, English + Hindi. Daily GH Action URL-merges per-chapter PDFs from\ \ ncert.nic.in into one PDF per book using qpdf/pdftk, publishes as GH Release artefacts\ \ (NOT CF Pages \u2014 25MB limit). Catalog UI shows class/subject grid \u2192 download\ \ links." URL: https://knowledge.oriz.in/decisions/apps/ncert-app-scope Type: decision Tags: decision, app, ncert, pdf, education, india, gh-releases ### ncert.oriz.in app — combined PDF directory (scrape + merge + release) ncert.nic.in only per-chapter PDFs. ncert.oriz.in combines them is to provide COMBINED whole-book PDFs that don't exist anywhere else. GH Action\ scrapes https://ncert.nic.in/textbook.php via Playwright (using the playwright-cli\ skill or playwright-mcp), enumerates every Class \xD7 Subject \xD7 Language combination,\ downloads each chapter PDF, merges them in correct order using pdftk/qpdf, names\ the output {class}-{subject}-{lang}.pdf, releases on GitHub as artefacts. Website\ is the catalog UI that links to GH release URLs. Sorted properly so downloads\ are obvious. Languages: English + Hindi (other regional NCERTs deferred to v1). URL: https://knowledge.oriz.in/decisions/apps/ncert-combined-pdf-directory Type: decision Tags: decision, ncert, app, scraping, pdf-merge, github-releases, education ### oriz-me-site stays a single site with sections — not split into now/uses/gear/cv subdomains me.oriz.in single Astro site, not split /gear, /reading, /coding, /lifestream, /cv, /contact). Not split into now.oriz.in, uses.oriz.in, gear.oriz.in, etc. URL: https://knowledge.oriz.in/decisions/apps/oriz-me-single-site-not-split Type: decision Tags: oriz-me, branding, architecture, single-site, sections ### omni-post-app shape — admin dashboard for the omni-publish package omni-post.oriz.in wraps @chirag127/omni-publish with admin dashboard. /admin shows the pending GH Issues drafts queue, cross-post history per platform, retry-per-platform controls, and edit-before-publish UI. Public root (/) is a read-only 'where I post' catalog. /admin is Firebase Auth + admin-email allowlist gated. URL: https://knowledge.oriz.in/decisions/apps/omni-post-app-shape Type: decision Tags: decision, app, omni-post, omni-publish, admin-dashboard, auth-gated ### NCERT app: dual-mode downloads — GH Release pre-merged + client-side on-the-fly merge Both download modes: pre-merged PDFs + per-chapter PDFs' Release artefacts (free GH bandwidth + CDN); (2) Client-side on-the-fly merger\ using pdf-lib in browser — user clicks 'Build my book', browser fetches all\ chapter PDFs from ncert.nic.in URLs, merges in browser via pdf-lib WASM, downloads.\ Zero server storage for the on-the-fly path. (3) Individual chapter links also\ exposed for users who want only a few chapters. Three options per book card. URL: https://knowledge.oriz.in/decisions/apps/ncert-dual-mode-download Type: decision Tags: decision, ncert, pdf-merge, client-side, storage, github-releases, dual-mode ### oriz-status-app — self-hosted status page replaces UptimeRobot + Better Stack Locked 2026-06-22. In-house status page at status.oriz.in CF Worker cron every 5 min probes every URL in FAMILY_* registries, writes to KV, served by sibling read-only Worker behind 60-sec edge cache. Replaces UptimeRobot (commercial-use ban Oct 2024) and supersedes the 10-monitor Better Stack ceiling. Telegram alerts on transition. RSS feed for incidents. 30/90-day uptime rollups.' URL: https://knowledge.oriz.in/decisions/apps/oriz-status-app Type: decision Tags: status, monitoring, uptime, cloudflare, workers, kv, telegram, rss, decisions, architecture ### Per-app website briefs (2026-06-22 grill lock) Source of truth for what each of 26 apps does + sections + features. Locked via grill 2026-06-22 (Q-APP-* + Q-NCERT-* + Q-TOOLS-*). Supersedes\ per-app scope files where they conflict. Renames: oriz-lore-app → oriz-lore-app\ (broader scope: book/course/documentary summaries, not just books). URL: https://knowledge.oriz.in/decisions/apps/per-app-briefs-2026-06-22 Type: decision Tags: decision, apps, briefs, scope, family-inventory, supersedes ### Per-app contents specification — sidebar + pages + CI/CD Every app follows contents spec. 4-config structure split (site/nav/sidebar/footer) lives in src/config/. Common pages (landing, about, changelog, admin) + per-tool pages + 24 legal pages from astro-chrome. CI/CD via reusable workflow from astro-shell-npm-pkg + separate test.yml. URL: https://knowledge.oriz.in/decisions/apps/per-app-contents-spec Type: decision Tags: architecture, apps, scaffold, ci-cd, sidebar, pages ### Q3 2026 ship order — home + janaushdhi + ncert + blog first, then 16 tools, books in parallel Q3 2026 ship order. Home, janaushdhi, ncert, blog FIRST. 16 tool subdomains. 5 books URL: https://knowledge.oriz.in/decisions/apps/ship-order-2026q3 Type: decision Tags: decision, roadmap, q3-2026, ship-order, priority ### Userscript creation flow: prototype in Tweeks, port to portable .user.js USerscript prototyping via Tweeks at tweeks.io that generates per-site JS from plain English) as a fast in-browser PROTOTYPE. If the result is keepable, copy the generated JS, port to a proper Tampermonkey-format .user.js with a metadata block (@name, @namespace, @version, @match, @grant, @updateURL pointing at GitHub raw), commit to chirag127/userscripts monorepo, cross-publish to Greasefork + OpenUserJS. This gets AI generation speed PLUS portable + auditable + versionable artifacts without vendor lock-in. URL: https://knowledge.oriz.in/decisions/apps/userscript-prototype-via-tweeks Type: decision Tags: decision, userscripts, tweeks, prototyping, workflow ### Canonical store — JSONL in chirag127/oriz-me-data chirag127/oriz-me-data git repo authoritative store for lifestream events. JSONL append-only files are the source of truth; everything else is derived. URL: https://knowledge.oriz.in/decisions/database/canonical-store-jsonl Type: architecture Tags: architecture, data, jsonl, git, canonical, lifestream ### Build cache — GitHub Actions cache + pnpm CAS (3-layer strategy) Three-layer build cache: pnpm, GH Actions cache' global store dedupes deps cross-repo locally. Layer 2: GitHub Actions cache (10\ GB/repo free) keyed by pnpm-lock.yaml hash + Astro build cache keyed by source\ hash. Layer 3: Turbo Remote Cache + Bazel REJECTED — Vercel signup + card\ / overengineering. URL: https://knowledge.oriz.in/decisions/database/build-cache-gh-actions-plus-pnpm Type: decision Tags: decisions, architecture, build, cache, ci, pnpm, github-actions ### DB admin — console-only, no desktop DB tool Every DB administered through vendor browser console only \ console (Firebase Console, Neon Console) or its first-party CLI (Turso CLI, libSQL\ \ CLI). NO desktop DB tool \u2014 Drizzle Studio / Outerbase / Beekeeper Studio\ \ / TablePlus all REJECTED. Zero install footprint, every team member can access\ \ via browser, no per-user license." URL: https://knowledge.oriz.in/decisions/database/db-admin-console-only Type: decision Tags: decisions, architecture, db, admin, console, firebase, neon, turso ### Events table schema (Turso warm cache) SQL shape lifestream JSONL normalised into for Turso \ warm cache. Lives concretely in oriz-me but the contract is family-wide \u2014\ \ any site reading lifestream events sees this shape." URL: https://knowledge.oriz.in/decisions/database/events-table-schema Type: architecture Tags: architecture, schema, turso, sqlite, events, lifestream ### Cloud DBs are caches, not sources Firestore, Turso, R2 are caches rebuilt from canonical JSONL git store on every deploy. If any of them dies, the next deploy reconstructs it from JSONL. URL: https://knowledge.oriz.in/decisions/database/cloud-dbs-as-caches Type: architecture Tags: architecture, data, firestore, turso, r2, caches ### firebase-rest-firestore (NOT firebase-admin) for Workers compatibility Hono Worker uses firebase-rest-firestore (REST + service-account) JWT). The firebase-admin SDK is excluded because workerd only partially supports gRPC. URL: https://knowledge.oriz.in/decisions/database/firebase-rest-firestore-not-admin Type: decision Tags: firebase, cloudflare, workers, dependency, firestore ### Database Index of concepts in decisions/architecture/database. URL: https://knowledge.oriz.in/decisions/database/index Type: index Tags: index, database ### Add Neon Postgres as the relational tier of the DB stack Neon Postgres added as relational DB. Free plan \ no card, scale-to-zero, branching for previews. Sits alongside Firestore (documents/auth),\ \ Turso libSQL (warm cache), and JSONL canonical (archive) \u2014 the 4-tier DB\ \ stack is now picked-by-shape." URL: https://knowledge.oriz.in/decisions/database/db-add-neon-postgres Type: decision Tags: database, neon, postgres, relational, four-tier, stack ### Layer 4 — database, sharded by data shape Data shapes spread across free tiers by type load so no single quota gets exhausted. Git for canonical, Firestore for user state, Turso for warm cache, browser for per-user search, R2 only when needed. URL: https://knowledge.oriz.in/decisions/database/layer-4-database-by-shape Type: architecture Tags: architecture, database, firestore, turso, jsonl, layer-4 ### Lifestream JSONL in git is canonical; Turso is warm cache chirag127/oriz-me-data holds canonical JSONL events sharded by year by year. Turso libSQL is a rebuilt warm cache for live edge reads, not a source of truth. URL: https://knowledge.oriz.in/decisions/database/lifestream-jsonl-canonical Type: decision Tags: lifestream, jsonl, turso, canonical, durability ### agent-skills monorepo + symlinks chirag127/agent-skills single truth for skills. Symlinked into agent skill dirs URL: https://knowledge.oriz.in/decisions/fleet/agent-skills-monorepo Type: decision Tags: agent-skills, monorepo, submodule, fleet ### Object storage split — GitHub Releases for binaries, Backblaze B2 for blobs; Cloudflare R2 rejected Versioned binaries in GitHub Releases. Unversioned blobs elsewhere Backblaze B2. Cloudflare R2 is rejected because adjacent paid features pull in a card-on-file requirement. URL: https://knowledge.oriz.in/decisions/database/object-storage-split Type: decision Tags: storage, github, backblaze, b2, r2, rejection ### claude-notifications-cli — deleted 2026-06-29 CLI fork dropped. Notifications no longer fit 4-agent fleet URL: https://knowledge.oriz.in/decisions/fleet/claude-notifications-cli-deleted-2026-06-29 Type: decision Tags: fleet, fork, deletion, claude-code ### Build-gate: top-3 Google results must have a defect Build tool only when top-3 Google results have real defect URL: https://knowledge.oriz.in/decisions/fleet/build-gate-top3-must-have-defect Type: decision Tags: build-gate, fleet, product ### Own/frk split — two buckets on top of flat repos/ Repos split into repos/own/ (originals) and repos/frk/ (forks) URL: https://knowledge.oriz.in/decisions/fleet/fs-own-frk-split Type: decision Tags: filesystem, fleet, forks ### Public-only multi-Git mirror + auto-start services + datasets-to-build queue Mirror chirag127 to 4-5 Git hosts. Auto-start Hr/RTK/cavemem. Ship datasets as static APIs URL: https://knowledge.oriz.in/decisions/fleet/multi-git-mirror-and-auto-start-2026-06-28 Type: decision Tags: backup, mirroring, auto-start, datasets, master-plan ### openmodel-shim-api deleted 2026-06-25 openmodel-shim-api deleted. Kept freellmapi + omniroute only URL: https://knowledge.oriz.in/decisions/fleet/openmodel-shim-api-deleted-2026-06-25 Type: decision Tags: scope-cut, ai, llm, fleet ### Polyrepo with category consolidation Polyrepo, one repo per category. Tools share repo as routes URL: https://knowledge.oriz.in/decisions/fleet/polyrepo-with-category-consolidation Type: decision Tags: fleet, polyrepo, categorization ### 100-year strategy locked 16-point strategic contract: 50-yr horizon, 10-min/day, JSONL URL: https://knowledge.oriz.in/decisions/content/100-year-strategy-locked Type: decision Tags: strategy, durability, lifestream, contract, 100-year ### Scope-cut reversed — all 99 archived repos back in fleet 2026-07-02 Reverses scope-cut-2026-06-25. Every archived repo unarchived and returns to the maintained fleet. Fleet now = 119 (20 active + 99 revived). Maintenance level: alive (Dependabot + working CI), not full-feature reactivation. URL: https://knowledge.oriz.in/decisions/fleet/scope-cut-reversed-2026-07-02 Type: decision Tags: fleet, scope, archived, unarchive, maintenance, reversal ### Submodules for single-clone fleet Git submodules for single clone. OK under 50 submodules URL: https://knowledge.oriz.in/decisions/fleet/submodules-for-single-clone Type: decision Tags: fleet, submodules, git, ops ### Each extension gets a rich website, not a small landing page Per-extension full marketing/docs/changelog/support sites URL: https://knowledge.oriz.in/decisions/content/big-website-per-extension Type: decision Tags: extensions, website, marketing, content ### Age-gating policy adopted for adult-content sections Adult-content items behind 18+ gate URL: https://knowledge.oriz.in/decisions/content/age-gating-policy-adopted Type: decision Tags: age-gating, policy, content, privacy, compliance ### Blog cross-post strategy — daily post, omni-publish fan-out, GH Issues drafts (not Telegram) pages-blog-app posts daily to blog.oriz.in. omni-publish fans out \ out automatically to dev.to + Hashnode + Bluesky + Mastodon + Threads. Drafts\ \ for manual channels (X, Reddit, LinkedIn, Medium) queue to GitHub Issues in private\ \ chirag127/oriz-drafts repo \u2014 NOT Telegram (banned in India). Per-channel\ \ AI rewrite via NVIDIA NIM primary + OpenRouter fallback. Canonical URL = oriz.in\ \ on every channel for SEO." URL: https://knowledge.oriz.in/decisions/content/blog-cross-post-strategy Type: decision Tags: decision, blog, cross-post, omni-publish, seo, ai-rewrite ### Blog strategy 2026-07-01 — one source, multi-target cross-posting Canonical blog format (Markdown+frontmatter) + list of platforms + API-driven cross-posting workflow URL: https://knowledge.oriz.in/decisions/content/blog-strategy-2026-07-01 Type: decision Tags: blog, content, cross-post, mdx, markdown ### Book publish pipeline — Markua .md → 5 channels via @chirag127/oriz-book-build + omni-publish Books written as Markua Markdown and published via pipeline (Leanpub-compatible), built by the new @chirag127/oriz-book-build npm package\ (17th family package) which wraps Pandoc to emit EPUB3 + PDF + MOBI artefacts.\ omni-publish takes those artefacts and fans out to 5 channels: Leanpub (Markua\ git push, 80% royalty) + Draft2Digital aggregator (manual upload, documented)\ + Gumroad (API auto, 10%) + LemonSqueezy (API auto, 5%+50\xA2 MoR) + Amazon KDP\ (browser-uploader bot, no API). Plus Google Play Books Partner Center (manual\ upload, ISBN-recommended). 5 first books locked, all brand-first naming. Prose\ licensed CC-BY-NC-ND 4.0 + code samples MIT. URL: https://knowledge.oriz.in/decisions/content/book-publish-pipeline Type: decision Tags: decision, books, publishing, markua, pandoc, oriz-book-build, leanpub, kdp, gumroad, lemonsqueezy, draft2digital ### books.oriz.in shape — static catalog, Oriz Me drafts first, others outlines books.oriz.in static catalog showing cover + price + buy-links per book. First book to draft fully: Oriz Me (PWYW $9, personal essays, biographical). Other 4 (Oriz Stack, Oriz Paisa, Oriz PDF, Oriz Janaushdhi) get chapter outlines initially. Per-book channels per book-publish-pipeline. Substack is the newsletter platform; free chapter drops via Substack. URL: https://knowledge.oriz.in/decisions/content/books-publishing-shape Type: decision Tags: decision, books, publishing, catalog, oriz-me, draft-order ### Markdown-in-repo only — no headless CMS, anywhere Content as .md/.mdx in-repo, no CMS CMS, TinaCMS, Strapi, Sanity, Contentful, Storyblok and every other headless CMS are explicitly REJECTED. URL: https://knowledge.oriz.in/decisions/content/cms-markdown-in-repo-only Type: decision Tags: cms, content, markdown, mdx, no-vendor-lock-in, monorepo ### RSS-driven cross-post engine — oriz-omnipost @chirag127/post-site fans RSS posts to other platforms new entry out to every blogging platform that exposes a public API. Adapter pattern; idempotent; canonical URL preserved; short-link fallback when the target truncates content. URL: https://knowledge.oriz.in/decisions/content/cross-post-engine Type: decision Tags: decisions, architecture, oriz-omnipost, cross-post, rss, blog ### Keep extensions.oriz.in catalog AS WELL AS per-extension subdomains Central catalog + per-extension subdomains URL: https://knowledge.oriz.in/decisions/content/extensions-catalog-and-subdomains Type: decision Tags: extensions, catalog, subdomain, navigation ### Three-format feed publishing — RSS 2.0 + Atom 1.0 + JSON Feed Every content site publishes RSS, Atom, JSON feeds 2.0, source-of-truth for oriz-omnipost), /atom.xml (Atom 1.0), /feed.json (JSON Feed v1.1). oriz-kit ships + generators.' URL: https://knowledge.oriz.in/decisions/content/feeds-rss-atom-json Type: decision Tags: feeds, rss, atom, json-feed, syndication, seo ### Forms — trio (Web3Forms primary + Static Forms fallback + Tally for rich) Vendor-redundant contact forms: Web3Forms + backup' primary, Static Forms fallback, both browser-only, both free unlimited). Tally handles rich / multi-step / conditional forms. Three roles, no overlap. URL: https://knowledge.oriz.in/decisions/content/forms-trio Type: decision Tags: forms, decisions, architecture, web3forms, static-forms, tally ### Content Index of concepts in decisions/architecture/content. URL: https://knowledge.oriz.in/decisions/content/index Type: index Tags: index, content ### journal-site — best features of all five journal apps journal.oriz.in mines best features of Day One, Bear Notion, Obsidian, and Logseq into one journaling experience. Big scope chosen knowingly; flagship-grade polish target. URL: https://knowledge.oriz.in/decisions/content/journal-site-sources Type: decision Tags: architecture, sites, journal ### First book: 'My Learnings from the Oriz Project family' — replaces Oriz Me as first draft First-book pick changed from Oriz Me to Oriz Learnings to 'My Learnings from the Oriz Project family' — a memoir + manual hybrid\ documenting building the oriz family. Quality bar: 'good books, not bad books'.\ Minimum publishing setup: KDP + Play Books Partner Center + Leanpub + Draft2Digital\ (all free signup, all royalty-on-sale, no card). ISBN free from KDP/D2D; not required\ for digital-only on Leanpub/Gumroad. URL: https://knowledge.oriz.in/decisions/content/first-book-oriz-learnings Type: decision Tags: decision, books, publishing, first-book, oriz-learnings, kdp ### Journal photo pipeline — 4-host replicate-everywhere Journal uploads photos to four free hosts in parallel + ImageKit + imgbb + GitHub Releases) with client-side WebP compression, sha256-dedup on GH Releases, and first-200-wins HEAD race on read. Replaces the legacy Firebase Storage single-host path. URL: https://knowledge.oriz.in/decisions/content/journal-photo-pipeline Type: decision Tags: decisions, architecture, journal, photos, image-cdn, cloudinary, imagekit, imgbb, github-releases, replication ### Newsletter split — Buttondown for technical, EmailOctopus for marketing Two newsletter senders. Buttondown technical, EmailOctopus marketing / dev audience (Markdown + API). EmailOctopus handles general marketing (visual editor, larger free tier). URL: https://knowledge.oriz.in/decisions/content/newsletter-split-buttondown-emailoctopus Type: decision Tags: email, newsletter, buttondown, emailoctopus, omnipost ### Lifestream federation — mirror to BOTH AT Protocol and ActivityPub oriz-me JSONL canonical, AT Protocol mirror under me.oriz.in.atproto AND ActivityPub outbox at me.oriz.in/activitypub/outbox. Single source, two protocols. URL: https://knowledge.oriz.in/decisions/content/lifestream-federation Type: decision Tags: decisions, architecture, lifestream, federation, atproto, bluesky, activitypub, fediverse ### me.oriz.in does NOT publish journal; journal stays auth-gated Journal: numeric aggregates public, text auth-gated URL: https://knowledge.oriz.in/decisions/content/journal-stays-auth-gated Type: decision Tags: journal, privacy, public-private, lifestream ### Each Chrome extension gets its own subdomain on oriz.in Each extension gets dedicated *.oriz.in subdomain + catalog slot URL: https://knowledge.oriz.in/decisions/content/per-extension-subdomain Type: decision Tags: extensions, dns, hosting, subdomain ### Each extension has its own /privacy page; family boilerplate at oriz.in/privacy-base Per-extension /privacy. Boilerplate at oriz.in/privacy-base URL: https://knowledge.oriz.in/decisions/content/per-extension-privacy-policy Type: decision Tags: extensions, privacy, policy, legal ### stats.oriz.in family-wide-stats dashboard + per-app feeds + Changesets + single oriz-app-template oriz-stats-app at stats.oriz.in shows family-wide usage stats \ aggregate metrics (visits, npm downloads, GitHub stars, books sold, Sentry errors).\ \ RSS published from blog app only (not all 26 apps \u2014 too noisy). Package versioning\ \ via Changesets per-package; auto-bump on merge. Single `chirag127/oriz-app-template`\ \ repo used for every new app via `gh repo create --template`." URL: https://knowledge.oriz.in/decisions/content/stats-feeds-versioning-template Type: decision Tags: decision, stats, feeds, versioning, template, ops ### Charts: Apache ECharts (lazy per page) covers every chart type ECharts (Apache-2.0, 50+ chart types) family-wide chart library ~300 KB gzip but lazy-loaded ONLY on pages with charts (zero hit on non-chart pages). Apps that load ECharts: paisa-finance + janaushdhi + stats.oriz.in + blog post embeds + others as new apps need charts. Client-side interactive rendering (no SSR for charts in v0). Provides line / bar / pie / scatter / candlestick / boxplot / treemap / sunburst / heatmap / radar / sankey / parallel / gauge / funnel / geo (map) / 3D / chord / liquidFill / wordCloud / graph (network). URL: https://knowledge.oriz.in/decisions/frontend/charts-echarts-lazy Type: decision Tags: decision, charts, echarts, lazy-load, visualization ### FINAL: Every visual surface per-app; only behavior/utility packages stay shared Resolves shared-vs-divergent design sequence chrome. FINAL POLICY: every VISUAL surface (Header / Footer / Sidebar / BottomBar / Wordmark / token CSS variable NAMES) is FULLY per-app. NOTHING visual shipped from packages. Only behavioral / utility / non-visual packages stay shared (auth-core, astro-billing, oriz-seo, oriz-analytics, oriz-consent, oriz-ai-providers, oriz-rate-limit, astro-data, astro-pwa, astro-content, astro-forms, astro-distribute, astro-test-utils, omni-publish, oriz-book-build, oriz-ui ContactForm). Legal pages per-app (no shared LegalFooter). Every footer includes 6 standard legal links (/privacy /terms /contact /about /refunds /disclaimer) with per-app visual treatment. Triple-supersedes the on-again/off-again shared-chrome reversals from earlier same-day. URL: https://knowledge.oriz.in/decisions/frontend/final-per-app-visual-shared-behavior Type: decision Tags: decision, FINAL, shared, divergent, per-app, scrap, chrome, visual, behavior ### oriz-home portal also lists extensions oriz.in home shows extensions catalog section for cross-promo URL: https://knowledge.oriz.in/decisions/content/oriz-home-cross-promos-extensions Type: decision Tags: extensions, home, portal, cross-promo ### Footer column structure: 5 columns (4 standard + 1 per-app), 4/2/1 responsive, accordion default-closed mobile Each app footer has 5 responsive columns \ 4 standard (Legal / Family / Connect / Brand) + 1 per-app-specific. Desktop \u2265\ 1024px = 5-column grid. Tablet 768-1023px = 2-column grid (pairs of 2-3 cols stacked).\ \ Mobile <768px = single accordion (default-closed; tap to expand). Family column\ \ shows individual links to other oriz apps + tools + books + packages (mini sitemap)." URL: https://knowledge.oriz.in/decisions/frontend/footer-5-columns-responsive Type: decision Tags: decision, footer, columns, responsive, accordion, multi-column ### Frontend default stack — Astro + React islands + Tailwind + shadcn/ui Default stack: Astro + React + Tailwind + shadcn/ui. Per-repo design pass sets palette, typography, signature URL: https://knowledge.oriz.in/decisions/frontend/framework-astro-react-tailwind-shadcn-2026-06-25 Type: decision Tags: decision, frontend, stack, astro, react, tailwind, shadcn, design-system ### Every app ships all 4 navigation surfaces: Header + Footer + Sidebar + BottomBar Every app must include all 4 nav surfaces: header, footer, sidebar, nav' Footer at bottom, Sidebar at side, BottomBar mobile-tab-bar at bottom-fixed) so users have maximum navigation options. The 4 surfaces share a family-wide STRUCTURE (CSS/responsive/breakpoints from @chirag127/astro-chrome) but content divergence is per-app: Header is fully divergent (per-app file), Sidebar + BottomBar use the package''s shell with per-app slot content / per-app actions, Footer is the single fully-consolidated surface (mega-sitemap). URL: https://knowledge.oriz.in/decisions/frontend/four-nav-surfaces-every-app Type: decision Tags: decision, navigation, design-system, package, family-wide, mobile-first ### frontend-design skill pass per repo Each repo gets frontend-design pass for per-repo palette on shared baseline URL: https://knowledge.oriz.in/decisions/frontend/frontend-design-pass-per-repo Type: decision Tags: frontend, design, scaffold ### Footer per-app design + universal legal section (refines maximalist-footer) Refines maximalist-footer decision. Each app gets own footer draws its own footer (per-app visual design, per-app content links related to\ that app's surface area) BUT every footer INCLUDES the universal legal section\ (links to /privacy /terms /contact /about /refunds /disclaimer /sitemap /security.txt\ — all in-domain). Pattern: each app's footer is its own component; the legal\ section is a shared sub-component `` from astro-chrome that drops\ in. Per-app legal pages content is also CUSTOMIZED per app (the app's own copy,\ not generic boilerplate from astro-chrome/legal/*). URL: https://knowledge.oriz.in/decisions/frontend/footer-per-app-with-universal-legal Type: decision Tags: decision, footer, legal, per-app, refinement ### Default stack: Astro + React + Tailwind + shadcn Default stack: Astro + React + Tailwind + shadcn/ui. React over Preact URL: https://knowledge.oriz.in/decisions/frontend/framework-astro-react-tailwind-shadcn Type: decision Tags: stack, frontend, astro, react, tailwind, shadcn ### Image CDN — chained 3-tier fallback (Cloudflare Images → wsrv.nl → ImageKit) Every image goes through oriz-kit Image wrapper with fallback chain resolves through a 3-tier fallback: Cloudflare Images first, wsrv.nl on 5xx, ImageKit on 5xx. URL: https://knowledge.oriz.in/decisions/frontend/image-cdn-fallback-chain Type: decision Tags: images, cdn, fallback, oriz-kit, never-hit-quotas ### Frontend Index of concepts in decisions/architecture/frontend. URL: https://knowledge.oriz.in/decisions/frontend/index Type: index Tags: index, frontend ### Layer 1 — static hosting on Cloudflare Pages Cloudflare Pages free primary host for all sites and extensions catalog. Unlimited bandwidth, no card required, fails-closed at quota. URL: https://knowledge.oriz.in/decisions/frontend/layer-1-static-hosting Type: architecture Tags: architecture, hosting, cloudflare, layer-1 ### Layer 2 — survival fallback on GitHub Pages Every site static fallback to chirag127.github.io/site \ every push to main. If Cloudflare Pages dies, /work + /me + /legal still serve\ \ from github.io. Per the 100-year strategy \xA716." URL: https://knowledge.oriz.in/decisions/frontend/layer-2-survival-fallback Type: architecture Tags: architecture, hosting, github-pages, layer-2, survival ### Linkroll — Raindrop.io is source of truth, blog.oriz.in/links built at deploy time Family linkroll lives in public Raindrop.io collection blog.oriz.in/links is built at deploy time from the Raindrop REST API. Cached via the Cloudflare edge with a 1-hour TTL on the build artifact; nightly cron re-deploys to surface new links. URL: https://knowledge.oriz.in/decisions/frontend/linkroll-raindrop-to-links-page Type: decision Tags: linkroll, raindrop, blog, build-time, deploy ### Multi-engine 'Search the web' button on every family site Every site ships single Search the web button button (in the header or footer) that opens a popover with multiple search engines. Component lives in @chirag127/oriz-kit as . URL: https://knowledge.oriz.in/decisions/frontend/multi-engine-search-button Type: decision Tags: decisions, architecture, oriz-kit, search, ui ### Maximalist mega-sitemap footer everywhere + monetization on EVERY app (reversals) Footer = MAXIMALIST mega-sitemap + monetization every section on every app (reverses per-app-divergent footer from shared-vs-divergent-matrix). Reason: AdSense + Play Store + MS Store + Razorpay approval gates all require visible legal links + family-nav + contact. Mega-sitemap satisfies all gates uniformly. (2) Monetization on EVERY app including janaushdhi (reverses the ''no ads on public-health'' carve-out from ads-allowed-everywhere-except.md). Reason: ''every app should have monetization regardless of category''. URL: https://knowledge.oriz.in/decisions/frontend/maximalist-footer-and-monetization-everywhere Type: decision Tags: decision, footer, mega-sitemap, monetization, ads, approval, reversal ### OG card generation — Satori on api.oriz.in/og + ray.so for code Non-code posts get OG cards from Satori on Hono Worker route at api.oriz.in/og. Code-heavy posts continue on ray.so. Static-cached via CF edge cache headers, no per-post PNGs in any site repo. URL: https://knowledge.oriz.in/decisions/frontend/og-card-generation-satori Type: decision Tags: decisions, architecture, og-image, satori, cloudflare-workers, social ### Per-runtime framework matrix locked Astro 6 for sites, Vite+React+WXT for extensions extensions; esbuild+TS for VS Code extensions; tsup+Node 22 for CLIs and MCP servers. Each runtime gets the framework that ships best to its target. URL: https://knowledge.oriz.in/decisions/frontend/per-runtime-framework Type: decision Tags: architecture, framework, stack, runtime, astro, vite, esbuild, tsup, wxt ### Status banner on every site Dismissible from oriz-kit on every site that consumes Better Stack's RSS incident feed; visible only when an incident is live, with severity + link to status.oriz.in. URL: https://knowledge.oriz.in/decisions/frontend/status-banner-on-every-site Type: decision Tags: status, banner, monitoring, oriz-kit, comms, ux ### PWABuilder is the primary PWA→native converter; Tauri optional PWABuilder primary PWA converter for Astro apps Microsoft-hosted, CLI available) converts the PWA into Android AAB + Windows MSIX without per-app native code. Tauri stays available as opt-in for apps that want auto-update + smaller binaries. iOS is PWA-only (no Apple Developer Program, no test devices). Bubblewrap, Capacitor, Cordova all rejected. URL: https://knowledge.oriz.in/decisions/frontend/pwabuilder-as-primary-converter Type: decision Tags: architecture, distribution, pwa, pwabuilder, tauri, stores ### Sidebar — 4 tiers based on site shape Sidebar via @chirag127/sidebar, 4-tier config differs by site type. Four tiers: A) auto-generated for tools, B) curated TOC for longform, C) browse + search for catalogs, D) family directory for the brand hub. URL: https://knowledge.oriz.in/decisions/frontend/sidebar-4-tier Type: decision Tags: architecture, sidebar, ui, design ### Knowledge hierarchy: add log/, core-concepts/, runbooks/ as top-level dirs OKF adds log/, core-concepts/, runbooks/ top-level dirs URL: https://knowledge.oriz.in/decisions/knowledge-bundle/hierarchy-add-log-concepts-playbooks-2026-06-26 Type: decision Tags: decision, knowledge-bundle, okf, hierarchy, structure ### Knowledge Bundle Index of concepts in decisions/architecture/knowledge-bundle. URL: https://knowledge.oriz.in/decisions/knowledge-bundle/index Type: index Tags: index, knowledge-bundle ### Knowledge bundle depth scales with folder size, ceiling 5 Folder depth adaptive: flat for tiny, 5 levels for big URL: https://knowledge.oriz.in/decisions/knowledge-bundle/depth-5-level-hierarchy Type: decision Tags: architecture, knowledge, okf, agent-context ### Memory -> knowledge migration plan MEMORY.md durable entries migrated to OKF, memory retains ephemeral URL: https://knowledge.oriz.in/decisions/knowledge-bundle/memory-to-knowledge-migration-2026-06-26 Type: decision Tags: decision, knowledge-bundle, memory, migration ### 4-level hierarchy for big knowledge directories services/, decisions/, glossary/ use 4-level paths URL: https://knowledge.oriz.in/decisions/process/4-level-hierarchy-for-big-dirs Type: decision Tags: decisions, process, okf, knowledge, hierarchy ### Code quality stack — Dependabot + biome + CodeRabbit + Sonarcloud Code quality: Dependabot, biome, CodeRabbit, Sonarcloud. Free OSS URL: https://knowledge.oriz.in/decisions/process/code-quality-stack Type: decision Tags: decisions, process, code-quality, ci, oss ### Process decisions Locked decisions on how work flows — CI shape, branching, knowledge format, code quality. URL: https://knowledge.oriz.in/decisions/process/index Type: index Tags: decisions, process, index ### One-branch-only rule: main branch only All repos: main branch only. No feature/fix/chore branches URL: https://knowledge.oriz.in/decisions/process/one-branch-only-rule Type: decision Tags: git, branches, workflow, rule ### OKF v0.1 is the canonical format for all family knowledge OKF v0.1 for all concept files in knowledge bundles URL: https://knowledge.oriz.in/decisions/process/okf-as-canonical-format Type: decision Tags: okf, knowledge, convention, format ### Add 4 packages to family — oriz-rate-limit, oriz-analytics, oriz-seo, oriz-consent (22 packages total) Family expands 18 to 22 packages: rate-limit, analytics, seo, consent URL: https://knowledge.oriz.in/decisions/packages/four-more-packages-22-total Type: decision Tags: decision, packages, expansion, 22-packages, rate-limit, analytics, seo, consent ### Tampermonkey userscript audit — 2026-07-03 Automated inventory + static-scan of 137 installed userscripts. 1 provable finding filed; rest logged for future triage. URL: https://knowledge.oriz.in/decisions/process/userscripts-audit-2026-07-03 Type: decision Tags: decision, userscripts, tampermonkey, audit, chrome ### Per-repo CI workflows; master matrix only owns deploys REVERSES master-matrix CI. Each repo owns its ci.yml URL: https://knowledge.oriz.in/decisions/process/per-repo-ci-workflows Type: decision Tags: ci, workflows, github-actions, repos ### Packages Index of concepts in decisions/architecture/packages. URL: https://knowledge.oriz.in/decisions/packages/index Type: index Tags: index, packages ### All 11 sites have v2 designs landed v2 designs committed + pushed for all 11 sites. Cross-links fixed URL: https://knowledge.oriz.in/decisions/process/v2-design-implementation Type: decision Tags: design, v2, sites, milestone, design-briefs ### Legal pages package: @chirag127/astro-chrome/legal/* mounted in-domain per app 8+ legal pages in domain package /sitemap /security.txt) shipped as Astro page components in `@chirag127/astro-chrome/legal/`. Every app mounts them at its own domain (not external legal.oriz.in) so AdSense + Play Store + MS Store + Razorpay approval gates are satisfied. Single source of legal text; same content everywhere; design adapts to each app's theme. URL: https://knowledge.oriz.in/decisions/packages/legal-pages-package-in-domain Type: decision Tags: decision, legal, package, approval, adsense, play-store ### @chirag127/omni-publish package — auto-blog releases to 8+ platforms @chirag127/omni-publish handles auto-publishing releases notes / blog posts to dev.to + hashnode + medium + X + LinkedIn + Bluesky + Mastodon\ + Reddit on tag push or release create. Triggered by GitHub Actions reusable workflow\ per repo. Platforms are env-gated — if DEVTO_API_KEY isn't set globally,\ dev.to is skipped automatically. Lives alongside the existing oriz-omni-post-app\ (the orchestrator UI / catalog of cross-posts). URL: https://knowledge.oriz.in/decisions/packages/omni-publish-package Type: decision Tags: decision, package, omni-publish, automation, blogging, cross-posting ### Image host — chained 4-tier origin (repo + ImgBB + Imgur + GitHub user-content) 4-tier image host: CF Pages, imgbb, imgur, GH user content' → ImgBB → Imgur → GitHub user-content. Composes alongside the 3-tier\ image-CDN chain in the oriz-kit wrapper. URL: https://knowledge.oriz.in/decisions/packages/image-host-four-tier Type: decision Tags: images, host, origin, fallback, oriz-kit, never-hit-quotas ### omni-publish v0.1.2 follow-ups (deferred from v0.1.1) 5 follow-ups deferred from omni-publish v0.1.1 v0.1.2: per-repo per-day rate-limit cache (high), retry on transient 5xx (medium),\ compile TS → dist/ for non-bundler consumers (medium), Hashnode tag _id resolution\ (low), Threads single-user-token assumption validation (low). URL: https://knowledge.oriz.in/decisions/packages/omni-publish-v0-1-2-followups Type: decision Tags: decision, package, omni-publish, followups, v0-1-2, technical-debt ### packages.oriz.in shape — auto-discovery Starlight catalog with showcase pages packages.oriz.in auto-discovery Starlight catalog lists every chirag127/*-npm-pkg repo, fetches README + version + bundle metadata, and renders per-package showcase pages with live demo iframe, copy-paste install snippet, badge wall, and StackBlitz playground link. Rebuilds daily via cron + on tag push from any package repo. URL: https://knowledge.oriz.in/decisions/packages/packages-catalog-shape Type: decision Tags: decision, app, packages-catalog, starlight, auto-discovery, showcase ### Single family-wide pricing page (ad-free is the only paid feature) Shared pricing page across all oriz apps \ so it's identical everywhere. The ONLY paid feature family-wide is 'ad-free' \u2014\ \ remove AdSense + AdMob. Same price tier across web + Play + MS Store. Single Razorpay/Paddle/Play-Billing\ \ link. No per-app paywall complexity." URL: https://knowledge.oriz.in/decisions/packages/single-pricing-page-package Type: decision Tags: decision, pricing, paywall, package, ad-free, family-wide ### Dual-location package surfacing — oriz.in overview + packages.oriz.in catalog Packages surfaced on oriz.in/apps + packages.oriz.in /packages + /mobile + /desktop + /extensions overview with cards per app + store/channel badges (Play Store, Microsoft Store, Chrome Web Store, etc.) with ''Coming soon'' for unreleased channels; (2) packages.oriz.in is a standalone Astro Starlight catalog that auto-discovers every chirag127/*-npm-pkg repo and renders the full README + npm/GH/bundlephobia metadata per package. Channels metadata lives in home-app/src/data/apps.ts (manual) + auto-discovery from GitHub Releases for native installer URLs.' URL: https://knowledge.oriz.in/decisions/packages/packages-oriz-in-catalog Type: decision Tags: decision, docs, catalog, packages, astro-starlight, hub, dual-location ### @chirag127/oriz-ai-providers (18th package) + chirag127/oriz-ai-providers-data data repo @chirag127/oriz-ai-providers aggregates free AI providers LLM API (Cerebras, Groq, Cohere, NVIDIA NIM, GitHub Models, Cloudflare Workers\ AI, HuggingFace, Mistral, SambaNova, OpenRouter, LLM7, OVHcloud, Pollinations,\ Kilo Code, Ollama Cloud, Z.AI, Aion Labs, SiliconFlow, ModelScope — 20+ providers).\ Provider data + model lists + rate limits + base URLs maintained in a SEPARATE\ data repo `chirag127/oriz-ai-providers-data` so the package can stay slim and\ the data can be updated independently of the code. Priority order: no-key-required\ providers first (anonymous OVHcloud / LLM7 / Pollinations), then free-with-key\ providers as fallback chain. NIM + OpenRouter demoted from primary. URL: https://knowledge.oriz.in/decisions/packages/oriz-ai-providers-package Type: decision Tags: decision, package, ai, providers, free-tier, data-repo ### The twenty-three packages — the locked oriz family package set 23 npm packages: 10 Astro, 4 auth, 5 cross-cutting, 4 specialized URL: https://knowledge.oriz.in/decisions/packages/the-23-packages Type: architecture Tags: architecture, packages, astro, npm, locked ### Alternative free-forever backup channels for GitHub code and metadata Alternative free backup channels for GH protection repositories and their metadata (issues, PRs, wikis, releases) using Cloudflare R2, Backblaze B2, Hugging Face Datasets, and the native GitHub Migration API. Integrated into our overall disaster recovery options. URL: https://knowledge.oriz.in/decisions/ops/alternative-free-backup-channels Type: decision Tags: decision, backup, disaster-recovery, metadata, cloudflare-r2, backblaze-b2, huggingface, github-migration ### [REDIRECT] the-six-packages.md → the-23-packages.md Legacy file, canonical set in the-23-packages.md (18 packages locked 2026-06-22). URL: https://knowledge.oriz.in/decisions/packages/the-six-packages Type: architecture Tags: architecture, redirect, legacy ### Analytics stack: no card, no self-host GA4 + CF Analytics + Clarity + PostHog + Fathom + GoatCounter URL: https://knowledge.oriz.in/decisions/ops/analytics-stack-no-card-no-selfhost Type: decision Tags: analytics, no-card, ops ### Analytics — 5-tier stack (CFWA + GA4 + PostHog + Clarity + UTM) Five analytics layers in parallel on every site \ \u2014 Cloudflare Web Analytics (raw load), Google Analytics 4 (marketing funnel),\ \ PostHog (product + session replay + flags), Microsoft Clarity (heatmaps + Microsoft-side\ \ session replay), UTM tracking (attribution convention). Each layer covered by\ \ an `ENABLE_` env-var kill-switch so no single quota pinch can break a site." URL: https://knowledge.oriz.in/decisions/ops/analytics-five-tier-stack Type: decision Tags: analytics, decisions, architecture, clarity, ga4, posthog, cloudflare-analytics, utm ### Auth + Billing + Polish + Webhook locks (2026-06-22 evening grill) Final locks: 6 auth providers, Razorpay TEST, discount codes URL: https://knowledge.oriz.in/decisions/ops/auth-billing-polish-locks-2026-06-22-evening Type: decision Tags: decision, auth, billing, polish, webhook, promo, referral, refund, v0-launch ### Alternative free-forever backup channels for GitHub code and metadata Alternative free backup channels repositories and their metadata (issues, PRs, wikis, releases) using Cloudflare R2, Backblaze B2, Hugging Face Datasets (with caveats), and the native GitHub Migration API. Integrated into our overall disaster recovery options. URL: https://knowledge.oriz.in/decisions/ops/backup-channels-alternative Type: decision Tags: decision, backup, disaster-recovery, metadata, cloudflare-r2, backblaze-b2, huggingface, github-migration ### Auto-tracking everywhere — every family-wide metric is captured automatically All metrics auto-tracked across oriz family \ is auto-captured. The oriz-me lifestream specifically pulls from auto sources\ \ only \u2014 GitHub commits via webhook, npm publishes via post-publish hook, VS\ \ Code coding sessions via Wakatime API, site visits via CF Web Analytics, builds\ \ via GH Actions webhook. No manual entry anywhere in the metric pipeline. Manual\ \ = decay; auto = honest." URL: https://knowledge.oriz.in/decisions/ops/auto-tracking-everywhere Type: decision Tags: decisions, architecture, tracking, observability, lifestream, auto, metrics ### Backup: Restic→B2 nightly + Windows built-in monthly Nightly Restic to B2 for files, monthly Windows Backup for disk URL: https://knowledge.oriz.in/decisions/ops/backup-restic-b2-plus-windows-builtin Type: decision Tags: backup, restic, b2, windows, ops ### Cloudflare Web Analytics on every public surface — single SITE_TAG family-wide Single CF Web Analytics token shared family-wide covers ALL family domains: the 26 apps on CF Pages, the 19 APIs'' docs/HTML landing pages on GitHub Pages, and any package/book/skill landing page. APIs JSON-only responses are NOT instrumented (no HTML to beacon). Single site_tag family-wide per Rule 15 (shared-tenant-by-default); apps separated via the CF Web Analytics ''Hostname'' filter. URL: https://knowledge.oriz.in/decisions/ops/cf-web-analytics-family-wide Type: decision Tags: decision, analytics, cloudflare-web-analytics, instrumentation, single-tenant ### Bug tracker — GitHub Issues only GitHub Issues only bug tracker across family \ repo uses its own GitHub Issues as the sole bug tracker. Linear, Trello, Jira,\ \ Plane.so, Asana, Height \u2014 all REJECTED. Cross-repo triage via repo:org searches.\ \ Free unlimited, GitHub-native, integrates with PRs and commits via URL: https://knowledge.oriz.in/decisions/ops/bug-tracker-github-issues-only Type: decision Tags: decisions, architecture, bug-tracker, github-issues, intake ### Backups — restic CLI in GH Actions cron, target Backblaze B2 Weekly encrypted restic backups to B2 via GH Actions Actions schedule, targeting a Backblaze B2 bucket. Locks the restic + B2 + GH Actions triple. URL: https://knowledge.oriz.in/decisions/ops/backup-restic-to-b2 Type: decision Tags: backup, restic, backblaze, b2, github-actions, cron ### Backup everywhere weekly + backup-status dashboard app Weekly cron backs up to multiple destinations git mirror (already running), Firestore exports to CF R2, Restic snapshots of master to Backblaze B2. New post-MVP app `oriz-backup-status-app` provides a dashboard at backup.oriz.in showing total bytes backed up, per-rail health, last-success timestamps, per-source breakdown. Decoupled from any single host failing.' URL: https://knowledge.oriz.in/decisions/ops/backup-everywhere-weekly Type: decision Tags: decision, backup, redundancy, dashboard, mirror, cron ### Code stats — every metric tool turned on (9-tool stack) Code-stats across every public family repo \ stack \u2014 Sonarcloud + CodeRabbit + Codecov + CodeClimate + DeepSource + biome\ \ + GitHub Insights + Tokei + Lines-of-Code badge. All free for OSS. Auto-tracked\ \ per the auto-only-tracking rule. Extends the 5-tool code-quality decision with\ \ three more stat-shaped tools (GH Insights / Tokei / LoC badge) on top of the 5\ \ quality tools." URL: https://knowledge.oriz.in/decisions/ops/code-stats-everything Type: decision Tags: code-stats, code-quality, decisions, architecture, oss, auto-tracking ### Disk image backups — Windows built-in Backup-and-Restore Windows Backup-and-Restore replaces Macrium for disk images URL: https://knowledge.oriz.in/decisions/ops/disk-image-windows-builtin-2026-06-25 Type: decision Tags: decision, ops, backup, disk-image, windows, macrium, restic ### Geocoding — deferred (no current need); CF-IPCountry covers geo-routing today No geocoding, deferred \ need address\u2194coordinate translation. Cloudflare's free `CF-IPCountry` request\ \ header covers all current geo-routing needs (consent banner geo, payment-route\ \ geo). When a site lands a map feature, the swap target is OpenStreetMap Nominatim\ \ or Mapbox \u2014 both free, no card." URL: https://knowledge.oriz.in/decisions/ops/geocoding-deferred Type: decision Tags: decisions, architecture, geocoding, nominatim, mapbox, cf-ipcountry, deferred ### Dynamic family-data registry: @chirag127/astro-shell/family-data + auto-discovery cron Dynamic registry for constantly changing family inventory every app must read from a SINGLE dynamic registry instead of hardcoding the list. Registry lives in `@chirag127/astro-shell/family-data.ts` (TS module). A daily GH Action scans `chirag127/*` repos via the GH API, classifies each by slug suffix (-app / -npm-pkg / -api / -book / -ext / etc.), regenerates family-data.ts, commits + bumps astro-shell version, triggers Renovate auto-PR across all consuming apps. Zero manual edit. Surfaces consuming this registry: footer Family column / sidebar ''other apps'' / home-app index pages / packages-catalog auto-discovery / API hub aggregator at data.oriz.in. URL: https://knowledge.oriz.in/decisions/ops/dynamic-family-data-registry Type: decision Tags: decision, family-data, registry, dynamic, auto-discovery, single-source ### Ops Index of concepts in decisions/architecture/ops. URL: https://knowledge.oriz.in/decisions/ops/index Type: index Tags: index, ops ### Feature flags — deferred (YAGNI) until first real need No feature flags in family every concrete need we have today is solved by something else (tier checks via Firebase Auth claims for Pro/Max gating; git push for incident response; A/B testing has no users yet). Adding a flag system would be infra we''d maintain to solve problems we don''t have. Trigger to revisit: first real incident where a runtime kill-switch would have helped, OR first product decision that needs per-user A/B. URL: https://knowledge.oriz.in/decisions/ops/feature-flags-deferred Type: decision Tags: decision, feature-flags, yagni, deferred ### Logs — Better Stack Logs (aggregation) + Cloudflare Workers Tail (live) Two-layer logs: CF Workers Tail + Better Stack' (5-min retention, 0 cost, wrangler tail). Better Stack Logs for cross-Worker aggregation + alerts + searchable retention (3 GB/mo free, same vendor as our status page + uptime monitors). Quota math: ~30 MB/mo realistic load vs 3 GB/mo cap = ~100x headroom. URL: https://knowledge.oriz.in/decisions/ops/logs-better-stack-plus-cf-tail Type: decision Tags: decisions, architecture, logs, observability, better-stack, cloudflare ### Market-data per repo — GH Actions cron + GH Pages JSON serve, one repo per API FII/DII + MMI each in own GitHub repo GH Actions scrapes (weekdays post-NSE-close for FII/DII, hourly for MMI) and commits JSON back into the repo's data/ directory. GitHub Pages + raw.githubusercontent.com serve the JSON publicly. Zero Cloudflare Workers, zero shared aggregator repo. URL: https://knowledge.oriz.in/decisions/ops/market-data-per-repo Type: decision Tags: decision, architecture, market-data, github-actions, github-pages, json, india, free-tier, no-cf-workers ### Extension distribution — Chrome, Firefox, Edge, automated Each extension own GH repo, submoduled under extensions/ Each repo has its own CI workflow that publishes to Chrome Web Store, Firefox Add-ons, and Edge Add-ons on release. Landing pages live on extensions.oriz.in (with a copy at oriz.in/extensions). URL: https://knowledge.oriz.in/decisions/ops/extension-distribution Type: architecture Tags: architecture, extensions, distribution, ci, chrome, firefox, edge ### Master pointer as production SHA Master repo submodule pointers = production SHA state of the family. Bumping a submodule pointer + pushing master = deploying that submodule to production via the matrix workflow. URL: https://knowledge.oriz.in/decisions/ops/master-pointer-as-production-sha Type: architecture Tags: architecture, git, submodules, deploy, production ### Maximum libraries policy — reverse 'minimal-libraries'; consume community libs heavily Maximum libraries policy, minimal-libraries reversed MAXIMUM number of community libraries so we write less code ourselves. Every `@chirag127/oriz-*` and `@chirag127/astro-*` package internally uses community libraries as much as possible. Goal: 90% community code / 10% glue. Performance impact mitigated by Astro per-route island hydration + tree-shaking + lazy-load. URL: https://knowledge.oriz.in/decisions/ops/maximum-libraries-policy Type: decision Tags: decision, libraries, community, max-deps, supersedes ### Mirror repos/own/* to 9 popular GitHub alternatives — weekly cron from the umbrella repo Mirror repos/own/* to 9 free Git hosts via GH Actions URL: https://knowledge.oriz.in/decisions/ops/mirror-to-9-popular-alternatives-2026-06-28 Type: decision Tags: decision, mirror, insurance, git-host, backup, multi-platform, disaster-recovery, radicle, notabug, gitgud, rocketgit ### Mirror every chirag127/oriz* repo to 4 git hosts weekly Friday-4am cron mirrors submodules to 4 hosts URL: https://knowledge.oriz.in/decisions/ops/mirror-to-4-git-hosts Type: decision Tags: decision, mirror, insurance, git-host, backup, multi-platform ### No separate dev/prod projects — one prod + emulator + 5 cheap defensive moves No separate dev/prod projects fan-out): a separate dev Firebase project is net-negative at oriz scale today\ (Spark plan, no paying users, solo founder, mostly stub apps). Emulator + one\ prod + 5 cheap pre-emptive moves (GCP lien, defineSecret(), wrangler env split,\ 1Password CLI, CF Tunnel for Razorpay webhooks) is right-sized. Triggers to flip\ and add `oriz-dev`: first ₹99 live payment, second deploy-rights human, or\ first prod-data incident — whichever comes first. Razorpay structurally forbids\ a second staging account (one business-PAN per merchant). URL: https://knowledge.oriz.in/decisions/ops/no-separate-dev-prod-projects Type: decision Tags: decision, dev-env, firebase, cloudflare, razorpay, no-staging, single-prod, gcp-lien, emulator ### MIT license on all 41 chirag127/oriz* repos MIT license across all repos \ to MIT on 2026-06-21. Unlocks every free-for-OSS perk (Sentry for OSS, Crowdin\ \ for OSS, BrowserStack OSS, FOSSA, etc.) and clarifies commercial use is fine \u2014\ \ the family still monetises via ads/affiliate/subscription, that's orthogonal to\ \ the source license." URL: https://knowledge.oriz.in/decisions/ops/mit-license-all-repos Type: decision Tags: decision, license, mit, oss-eligible ### Family deploy architecture — DNS, gating, releases, dashboards Per-app GH Actions: main to prod, PR to preview, tags to APK/EXE URL: https://knowledge.oriz.in/decisions/ops/multi-target-build Type: decision Tags: architecture, deploy, ci, dns, sentry, sitemap, robots, dashboard, posthog, comments, monetization ### Project management — GitHub Projects only GitHub Projects for family-wide task management \ single GitHub Projects board on chirag127/oriz master, with kanban + table + roadmap\ \ views. Notion, Obsidian Tasks, Linear, ClickUp, Asana, Trello \u2014 all REJECTED.\ \ The knowledge/ OKF bundle covers documentation; GitHub Projects covers tasks." URL: https://knowledge.oriz.in/decisions/ops/project-mgmt-github-projects-only Type: decision Tags: decisions, architecture, project-management, github-projects, kanban, roadmap ### Perf monitoring — Vercel Speed Insights as RUM Vercel Speed Insights for RUM Web Vitals site, complementing Cloudflare's edge-measured metrics and Sentry's API traces. Free, no Vercel hosting required. URL: https://knowledge.oriz.in/decisions/ops/perf-monitoring-vercel-speed-insights Type: decision Tags: decisions, architecture, perf, rum, web-vitals, vercel ### Weekly release train — Wednesday 9 AM IST, CalVer per app, hot-fix bypass, git-cliff changelog Weekly release train Wed 9 AM IST workspace-level cron that tags + releases each app that has commits since its last tag. Versioning is CalVer per app (v2026.06.21). Hot-fixes bypass the train via [hotfix] in the commit message, triggering an immediate tag + deploy. Changelogs auto-generated by git-cliff from conventional commits. URL: https://knowledge.oriz.in/decisions/ops/release-cadence Type: decision Tags: architecture, release, ci, cron, calver, git-cliff, hotfix, cadence ### Notifications — FCM (transport) + Knock (orchestration) Two-layer notifications: Knock + FCM' (in-app + email + SMS + web push); FCM stays as the web-push transport. Free 10K notifs/mo on Knock, free unlimited on FCM. URL: https://knowledge.oriz.in/decisions/ops/notifications-fcm-plus-knock Type: decision Tags: decisions, architecture, notifications, push, knock, fcm ### SEO + A11y + CDN + SSL + multi-engine indexing (Q3 2026) Multi-engine SEO + IndexNow auto-submission \ + JSON-LD structured data per page + WCAG 2.2 AA + Pa11y CI gate + Lighthouse\ \ a11y \u226595 required + CF Pages tight cache rules (HTML 1h, assets 1yr, API\ \ 0) + Brotli + HTTP/3 + CF Universal SSL + HSTS preload submission for oriz.in\ \ + robots.txt allow-all (including AI scrapers) + single family-wide GA4 property\ \ with `app` custom dimension." URL: https://knowledge.oriz.in/decisions/ops/seo-a11y-cdn-ssl Type: decision Tags: decision, seo, accessibility, cdn, ssl, indexnow, ga4, structured-data ### Subscription flow — Razorpay → webhook → Firestore → every site One subscription unlocks everything via Razorpay webhook lands at api.oriz.in, Worker writes users/{uid}/subscription, every site and extension reads that doc to gate features. URL: https://knowledge.oriz.in/decisions/ops/subscription-flow Type: architecture Tags: architecture, subscription, razorpay, firestore, webhook ### SEO — three pillars: sitemap + IndexNow + JSON-LD Three SEO pillars: sitemap, IndexNow, JSON-LD' IndexNow (instant indexing), and JSON-LD structured data (semantic). Submitted to Google Search Console + Bing Webmaster Tools. All free, all no-card. URL: https://knowledge.oriz.in/decisions/ops/seo-three-pillars Type: decision Tags: decisions, architecture, seo, sitemap, indexnow, json-ld, structured-data ### Submodule pattern — each site/package/extension is a separate GitHub repo Each site/package/extension standalone GH repo repo added as a git submodule under sites/, packages/, or extensions/. The submodule has its own commits, releases, CI, and main branch. The master oriz repo stores a SHA pointer per submodule. URL: https://knowledge.oriz.in/decisions/ops/submodule-pattern Type: architecture Tags: architecture, git, submodules, repo, workflow ### Shared-vs-divergent matrix family-wide (FINAL 2026-06-22 evening) Matrix: shared packages vs per-app divergence' Auth FULLY shared. Pricing FULLY shared. Theme tokens API shared, but hex colors\ + type stack PER-APP. Footer DATA shared (FAMILY_APPS/BOOKS/PACKAGES from astro-shell),\ but footer VISUAL per-app per content. Theme: ONE forced theme per app (NO dark/light\ toggle). NOT every app needs all 4 nav surfaces — only what's needed for\ AdSense + Play Store + MS Store approval gates. URL: https://knowledge.oriz.in/decisions/ops/shared-vs-divergent-matrix Type: decision Tags: decision, shared, divergent, family-wide, theme, no-toggle, matrix ### Time tracking — Wakatime ONLY (Toggl walked back) Wakatime only time tracking ONLY. Wakatime auto-tracks coding time via IDE plugin (VS Code + JetBrains). Toggl Track was originally adopted alongside it for manual non-coding tracking, then walked back the same day under the new auto-only-tracking rule. Non-coding time is intentionally NOT tracked rather than manually tracked. File renamed via git mv from time-tracking-toggl-plus-wakatime.md.' URL: https://knowledge.oriz.in/decisions/ops/time-tracking-wakatime-only Type: decision Tags: decisions, architecture, productivity, time-tracking, wakatime, toggl-rejected, walk-back ### URL shortener quota mitigation — cache the 301 itself at the CF edge s.oriz.in CF Worker, 100K req/day free tier script. We send `Cache-Control: public, max-age=31536000, immutable` on every\ 301 redirect so CF's edge caches the redirect itself; subsequent visitors hit\ the cache, not the Worker. With caching, only the first visitor per URL per edge\ POP per year burns a Worker request. Realistic upper bound at family-wide traffic\ is ~1-2K requests/day — well under 100K. No external shortener required. URL: https://knowledge.oriz.in/decisions/ops/url-shortener-quota-mitigation Type: decision Tags: short-link, cloudflare, worker, quota, caching, mitigation ### Testing — three-layer stack (Vitest unit + Playwright E2E + Storybook+Chromatic visual) Three-layer testing: Vitest, Playwright, Chromatic per PR' against Storybook in parallel. PR fails on any failure in any layer. All free, no card. URL: https://knowledge.oriz.in/decisions/ops/testing-three-layer Type: decision Tags: decisions, architecture, testing, vitest, playwright, storybook, chromatic ### URL shortener three-tier free stack — s.oriz.in primary, TinyURL fallback, GitHub Gist redirect zero-infra Three-tier URL shortener, all free, no card s.oriz.in CF Worker (primary, edge-cached 301s). Tier 2: TinyURL API (fallback, unlimited free, no auth, no card). Tier 3: GitHub Gist HTML meta-refresh redirect (zero-infra, last-resort). Quota math shows the family sits at ~1-2% of the CF Worker free envelope. URL: https://knowledge.oriz.in/decisions/ops/url-shortener-mitigation-tiers Type: decision Tags: architecture, short-link, cloudflare, tinyurl, github-gist, quota, mitigation, fallback ### Three-tier pricing: Free / Pro / Max — single package, minimum manual work, community-support only 3 tiers Free/Pro/Max. Single @chirag127/astro-billing package URL: https://knowledge.oriz.in/monetisation/pricing/three-tier-free-pro-max Type: decision Tags: decision, pricing, tiers, free, pro, max, single-package, minimum-manual ### UTM-only marketing attribution UTM params for marketing attribution on outbound links links, captured by PostHog + Cloudflare Web Analytics. No paid attribution tool, no SaaS click-tracker, no bounce-redirect domain. oriz-kit ships to enforce kebab-case naming. URL: https://knowledge.oriz.in/decisions/ops/utm-attribution-strategy Type: decision Tags: marketing, attribution, utm, analytics, posthog, oriz-kit ### Accessibility — three-tool stack (axe + Pa11y + Lighthouse CI) axe-core + Pa11y + Lighthouse CI per PR on any new a11y violation in any tool. Each tool catches a different category. URL: https://knowledge.oriz.in/decisions/stack/a11y-three-tools Type: decision Tags: decisions, architecture, a11y, accessibility, axe, pa11y, lighthouse ### Automation Minimalist & Modern Stack Best minimalist stack for automation and testing URL: https://knowledge.oriz.in/decisions/stack/automation Type: architecture Tags: automation, testing, playwright, stack, tooling ### Voice / SMS — deferred; route via Knock when needed Voice/SMS deferred to Knock, no standalone provider \ on card-on-file grounds. If/when SMS becomes needed, the family routes it through\ \ Knock's bundled SMS channel \u2014 already locked as the multi-channel notification\ \ orchestrator (10K notifs/mo free)." URL: https://knowledge.oriz.in/decisions/ops/voice-sms-deferred-to-knock Type: decision Tags: decisions, architecture, sms, voice, knock, twilio, vonage, deferred ### CLI Tools Minimalist & Modern Stack Best minimalist stack for CLI tools URL: https://knowledge.oriz.in/decisions/stack/cli-tools Type: architecture Tags: cli, commander, clack, typer, cobra, clap, stack ### C++ Minimalist & Modern Stack Best minimalist stack for C++ URL: https://knowledge.oriz.in/decisions/stack/cpp Type: architecture Tags: cpp, stack, frameworks, libraries, tooling ### Code quality — 5-tool stack (Sonarcloud + CodeRabbit + Codecov + Code Climate + DeepSource) Five code-quality tools per public repo \ tools. Sonarcloud (SAST + smells), CodeRabbit (LLM PR review), Codecov (coverage\ \ delta), Code Climate (A \u2014 F maintainability), DeepSource (autofix). All five\ \ free for the family's public / OSS repos. Builds on the earlier 4-tool stack \u2014\ \ adds Codecov + Code Climate + DeepSource alongside the existing Dependabot + biome\ \ + CodeRabbit + Sonarcloud." URL: https://knowledge.oriz.in/decisions/stack/code-quality-five-tools Type: decision Tags: code-quality, decisions, architecture, sast, coverage, ci, oss ### C# Minimalist & Modern Stack Best minimalist stack for C# URL: https://knowledge.oriz.in/decisions/stack/csharp Type: architecture Tags: csharp, dotnet, stack, frameworks, libraries, tooling ### Dagger keep + full sweep — confirmed 2026-07-02 After a re-grill on Dagger's disadvantages (Docker dep, cold start, ecosystem loss), the 2026-07-01 pipeline-stack decision is confirmed. Full retro-migration of all 20 own/* repos proceeds. Local pipeline runs justify Dagger over `act`. URL: https://knowledge.oriz.in/decisions/stack/dagger-confirmed-2026-07-02 Type: decision Tags: ci, dagger, pipeline, migration ### Databases Minimalist & Modern Stack Best minimalist DB stack: serverless SQL, edge SQL, KV, object storage URL: https://knowledge.oriz.in/decisions/stack/databases Type: architecture Tags: database, sql, nosql, storage, serverless, edge, stack, architecture ### Extensions Minimalist & Modern Stack Minimalist stack for browser/editor extensions URL: https://knowledge.oriz.in/decisions/stack/extensions Type: architecture Tags: extensions, wxt, chrome, vscode, stack ### Family stack lock — Astro 6 + React 19 islands + Tailwind v4 + pnpm + Biome Same stack all sites. CF Pages monetised, GH Pages info-only URL: https://knowledge.oriz.in/decisions/stack/family-stack-lock Type: decision Tags: architecture, stack, hosting, astro, tailwind ### Go Minimalist & Modern Stack Minimalist stack for Go and dev tools for Go. URL: https://knowledge.oriz.in/decisions/stack/go Type: architecture Tags: go, stack, architecture, minimalist, tooling ### Hosting Minimalist & Modern Stack Minimalist hosting: static frontends, edge workers, containers URL: https://knowledge.oriz.in/decisions/stack/hosting Type: architecture Tags: hosting, deployment, edge, serverless, containers, microservices, stack, architecture ### Stack Index of concepts in decisions/architecture/stack. URL: https://knowledge.oriz.in/decisions/stack/index Type: index Tags: index, stack ### Java Minimalist & Modern Stack Minimalist stack for Java URL: https://knowledge.oriz.in/decisions/stack/java Type: architecture Tags: java, stack, frameworks, libraries, tooling ### JavaScript/TypeScript Minimalist & Modern Stack Minimalist stack for JavaScript/TypeScript and dev tools for JS/TS. URL: https://knowledge.oriz.in/decisions/stack/javascript-typescript Type: architecture Tags: javascript, typescript, stack, frameworks, libraries, tooling ### LangChain ecosystem — deferred, revisit 2026-10-02 LangChain / LangGraph / LangSmith / integrations. Not adopted, not rejected. Current MCP + skills + AGENTS.md stack covers the same surface. Revisit in 3 months if real gaps surface. URL: https://knowledge.oriz.in/decisions/stack/langchain-deferred-2026-07-02 Type: decision Tags: stack, ai, orchestration, langchain, langsmith, langgraph, deferred ### Rust Minimalist & Modern Stack Minimalist stack for Rust URL: https://knowledge.oriz.in/decisions/stack/rust Type: architecture Tags: rust, stack, frameworks, libraries, tooling ### Pipeline stack lock 2026-07-01 — pnpm + MegaLinter + Dagger TS The five-layer canonical stack for every oriz repo: pnpm 11 (package + tasks), MegaLinter (lint), Dagger TS (CI pipelines), TypeScript everywhere. No mise, no super-linter, no Earthly, no Python for new scripts. URL: https://knowledge.oriz.in/decisions/stack/pipeline-stack-2026-07-01 Type: decision Tags: stack, pnpm, dagger, megalinter, typescript, ci, pipelines ### Observability, AI, search, auth, DB stack (Q3 2026 lock) Service picks locked 2026-06-22. AI: @chirag127/oriz-ai-providers' (20-provider fallback chain — OVHcloud / LLM7 / Pollinations anonymous first,\ then Cerebras / Groq / NIM / OpenRouter / etc keyed) — see decisions/architecture/oriz-ai-providers-package.\ Search: Pagefind for static + Algolia free hybrid. Errors: Sentry free + OSS tier\ apply. Uptime: UptimeRobot free 50 monitors. Auth: Firebase Auth (Spark). DB:\ Firestore only. I18n: English-only v0 + Crowdin OSS community translations. Privacy:\ single family-wide /privacy page. Cookie consent: Klaro EU + DPDP India geo-route. URL: https://knowledge.oriz.in/decisions/stack/stack-picks-2026-06-22 Type: decision Tags: decision, stack, observability, ai, search, auth, db, privacy, i18n ### Tool app feature scopes (locked 2026-06-22 — full client-side feature sets per app) Final feature scope per tool app. All 100% client-side server, no upload). Heavy features deferred to v1+ where bundle size would blow budget. Per-app feature list grilled and locked 2026-06-22. URL: https://knowledge.oriz.in/decisions/stack/tool-feature-scopes-2026-06-22 Type: decision Tags: decision, tools, features, client-side, scope ### Public image-upload tool on image.oriz.in — gated by free/pro tier Locked 2026-06-23. oriz-pixie gets public /upload page using the 5-host replicate pipeline (Cloudinary + ImageKit + imgbb + freeimage\ + GH Releases). Free tier: 5 uploads/day, requires sign-in + reCAPTCHA v3. Pro\ tier: unlimited. Reuses lib/photos.ts from oriz-roam-journal-app. Durability promise:\ best-effort only, no SLA — free tier compliance limits guarantees. Anonymous\ users see paywall card. URL: https://knowledge.oriz.in/decisions/stack/public-image-upload-tool Type: decision Tags: decision, image-upload, public, pricing-tier, image-cdn, photos, pixie-app ### Newsletter on Substack — single family newsletter, free tier, 10% if paid Single family newsletter at chirag127.substack.com (or brand-aligned name). Free tier; Substack takes 10% if a paid tier ever ships. ONE newsletter, NOT per-app. Daily blog feed + weekly digest + book drop announcements. Embed signup form on home-app + every content app footer. Replaces the earlier Buttondown + EmailOctopus split. URL: https://knowledge.oriz.in/decisions/stack/newsletter-substack Type: decision Tags: decision, newsletter, substack, single-newsletter, family-wide ### Python Minimalist & Modern Stack Minimalist stack for Python and dev tools for Python. URL: https://knowledge.oriz.in/decisions/stack/python Type: architecture Tags: python, stack, architecture, minimalist, tooling ### Tool categories roadmap — Tier 1 + Tier 2 + anti-list 15 tool subdomains: 8 Tier 1 ship day 1' + 7 Tier 2 (stub day 1, fill in later). Tier 3 is explicitly skipped. Anti-list captures categories deliberately rejected (URL shorteners, AI image gen, etc.). URL: https://knowledge.oriz.in/decisions/stack/tool-categories-roadmap Type: decision Tags: architecture, tools, roadmap ### Tools shape + priority — 16 single-purpose subdomains, locked ship order 16 tool apps, each at own *.oriz.in subdomain pixie, grid, forge, shift, dice, cipher, paper, vitals, rank, reel, echo, pivot + remainder). Anonymous-first auth. Free + opt-in sponsor footer. Affiliate allowed only where ethically clean (Amazon book links on scribe-text; NOT on health tools). Locked ship priority for Wave 2. URL: https://knowledge.oriz.in/decisions/stack/tools-shape-and-priority Type: decision Tags: decision, tools, subdomains, ship-order, sixteen-tools ### Tools shipped as 15 separate repos, one per subdomain Each tool category = own GitHub repo deployed to its own Cloudflare Pages project at .oriz.in. No tools-site monorepo. Picked over 'one repo, 15 subdomain builds' for portfolio framing and SEO concentration. URL: https://knowledge.oriz.in/decisions/stack/tools-site-15-repos Type: decision Tags: architecture, tools, repos, seo ### Free hosting — Azure for Students (student-verified, NO card at signup) Azure for Students: $100/yr, no card, student-verified URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/azure-student Type: runbook Tags: runbook, hosting, free-tier, azure, azure-students, student-account, no-card-on-file ### Free hosting — image CDN + transforms + durability replication (Cloudinary, ImageKit, imgbb, GitHub Releases, Uploadcare) 4-host replicate-everywhere image CDN strategy URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/image-cdn Type: runbook Tags: runbook, hosting, free-tier, image-cdn, cloudinary, imagekit, imgbb, github-releases, replication ### Free hosting providers catalog — no-card, large-fleet picks (2026-06-22) Catalog of every free-tier hosting provider vetted for the oriz family. Hard rule: NO card-on-file at signup. Must support a 50+ project fleet, decent bandwidth, and commercial use. Each sub-file is one category with provider-by-provider numbers, sources, and a KEEP / EVALUATE / DROP verdict. URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/index Type: runbook Tags: runbook, hosting, free-tier, no-card-on-file, catalog, cloudflare, render, supabase, neon, vercel, netlify ### Free hosting — object storage (R2, B2, IDrive, Filebase, Storj, Wasabi) Object storage free tiers: R2, B2, Storj URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/object-storage Type: runbook Tags: runbook, hosting, free-tier, object-storage, cloudflare-r2, backblaze-b2, storj ### Free hosting — databases (Firestore, Supabase, Neon, Turso, Mongo, CockroachDB, Upstash, D1, KV) DB free-tier numbers for Firestore, Neon, D1, Turso, KV URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/databases Type: runbook Tags: runbook, hosting, free-tier, databases, firestore, neon, supabase, turso, cloudflare-d1, upstash ### Free hosting — monitoring (Better Stack, UptimeRobot, Healthchecks, Sentry, Axiom) Monitoring free-tier: Better Stack, Sentry, Axiom URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/monitoring Type: runbook Tags: runbook, hosting, free-tier, monitoring, uptime, sentry, better-stack, axiom ### Free hosting — queues + pub-sub (CF Queues, Upstash QStash, Inngest, Trigger.dev, Pusher) Queues + pub-sub free tiers: CF, QStash, Inngest URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/queues-pubsub Type: runbook Tags: runbook, hosting, free-tier, queues, pubsub, cloudflare-queues, upstash-qstash, inngest ### Free hosting — serverless functions + edge (CF Workers, Deno Deploy, AWS Lambda EXCEPTION, Render, Koyeb, Val.town, HF Spaces, Modal — 2026-06-23 audit) Serverless free tiers: CF Workers → Deno → Lambda → Render URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/serverless-functions Type: runbook Tags: runbook, hosting, free-tier, serverless, edge, cloudflare-workers, deno-deploy, aws-lambda, render, koyeb, hugging-face, modal, val-town ### Free hosting — static sites (CF Pages, GH Pages, Netlify, Vercel, Surge, Render, Neocities, Bunny, Fleek) Static site free tiers: CF Pages primary, GH Pages mirror URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/static-sites Type: runbook Tags: runbook, hosting, free-tier, static-sites, cloudflare-pages, github-pages, netlify, vercel ### Start screenpipe dev GUI on corp VDI Run the full screenpipe desktop GUI in dev mode (free, no build needed) on Windows 11 corp VDI using the chirag127/screenpipe fork. URL: https://knowledge.oriz.in/runbooks/operations/screenpipe-dev-gui-corp-vdi Type: runbook Tags: screenpipe, gui, dev, windows, fork ### Free hosting — web services (Render, Fly, Railway, Koyeb, Replit, Cyclic, Glitch) Web services free tiers: Render (sleep) and Koyeb (1 nano) URL: https://knowledge.oriz.in/runbooks/free-hosting-providers/web-services Type: runbook Tags: runbook, hosting, free-tier, web-services, render, koyeb, fly-io, railway ### Umbrella deploy workflow usage How to trigger, test, and debug .github/workflows/deploy.yml on chirag127/workspace. URL: https://knowledge.oriz.in/runbooks/operations/deploy-workflow-usage-2026-07-02 Type: runbook Tags: ci, deploy, github-actions, umbrella, dispatch, cloudflare ### Start dev server from source (OmniRoute, freellmapi, any fleet fork) Step-by-step: replace global npm install with a local cloned-fork dev server. Auto-start on Windows login, pull upstream on every launch, run via Windows Terminal tab. URL: https://knowledge.oriz.in/runbooks/operations/start-dev-server-from-source Type: runbook Tags: runbook, dev-server, omniroute, freellmapi, fork, windows, startup ### Hosting Index of concepts in runbooks/hosting. URL: https://knowledge.oriz.in/runbooks/platform/index Type: index Tags: index, hosting ### ZCode MCP Server Setup Step-by-step guide for configuring all 8 workspace MCP servers in ZCode via the GUI. URL: https://knowledge.oriz.in/runbooks/hosting/zcode-mcp-setup Type: runbook Tags: zcode, mcp, setup, runbook ### Scaffolding Index of concepts in runbooks/scaffolding. URL: https://knowledge.oriz.in/runbooks/scaffolding/index Type: index Tags: index, scaffolding ### Operations Index of concepts in runbooks/operations. URL: https://knowledge.oriz.in/runbooks/workflow/index Type: index Tags: index, operations ### Security Index of concepts in runbooks/security. URL: https://knowledge.oriz.in/runbooks/security/index Type: index Tags: index, security ### npm publish — token setup for chirag127/* packages Generate npm Granular Access Token; store as NPM_TOKEN for unattended publish/unpublish URL: https://knowledge.oriz.in/runbooks/security/npm-publish-token-setup Type: runbook Tags: runbook, npm, publish, 2fa, token, automation ### Set / update GitHub Actions secrets at the chirag127 org level Pull secret from Doppler, push to chirag127 org-level GH secrets via gh CLI URL: https://knowledge.oriz.in/runbooks/security/set-github-org-level-secrets Type: runbook Tags: runbook, github, secrets, org-level, doppler, sync, ci ### WORKSPACE_DISPATCH_PAT setup Create fine-grained PAT for downstream repos to trigger umbrella deploy via repository_dispatch. URL: https://knowledge.oriz.in/runbooks/security/workspace-dispatch-pat-setup Type: runbook Tags: security, pat, github, ci, deploy, dispatch ### Frontend-design skill: distinctive intentional visual design for every UI Distinctive intentional visual design for every UI URL: https://knowledge.oriz.in/rules/design/frontend-design-skill-baked-in Type: rule Tags: rule, design, frontend, distinctive, intentional, agent-philosophy ### Design divergence is NOT duplication Per-app design divergence, not duplication URL: https://knowledge.oriz.in/rules/design/design-divergence-vs-dedup Type: rule Tags: rules, design-system, dedup, packages, components ### Design Index of concepts in rules/design. URL: https://knowledge.oriz.in/rules/design/index Type: index Tags: index, design ### No emoji in site chrome No emoji in site chrome — SVG icons only URL: https://knowledge.oriz.in/rules/design/no-emoji-in-chrome Type: rule Tags: rules, design, emoji, chrome, branding ### No ad-slot rectangles reserved in markup No reserved ad-slot divs in markup URL: https://knowledge.oriz.in/rules/design/no-ad-slots-in-markup Type: rule Tags: rules, ads, monetisation, layout, design ### Per-app distinctive frontend design — adopt the frontend-design skill principles family-wide Each app gets distinctive visual identity, same chrome stays family-wide URL: https://knowledge.oriz.in/rules/design/per-app-distinctive-frontend-design Type: rule Tags: rule, design, frontend, per-app, distinctive, identity ### Agent minimum-context protocol — find before deriving How AI agent operates on this repo with minimum upfront token cost Read knowledge/_navigation.md FIRST. Grep before writing. Terse self-contained files. [[wikilinks]] for chaining. Commit knowledge same-turn. Plus a cookbook of recurring tasks with entry-point file paths. URL: https://knowledge.oriz.in/rules/agent/agent-minimum-context Type: rule Tags: rule, agent, knowledge, navigation, context, protocol, cookbook ### Adaptive commit granularity Commits sized to work unit: single decision = 1 commit; batch grill = 1; refactor = 1 per unit URL: https://knowledge.oriz.in/rules/agent/adaptive-commit-granularity Type: rule Tags: agent-behavior, commits, git, granularity ### Agent fleet parity: same rules + MCPs across all agents All fleet agents share same rules + MCP servers. Sync via scripts/sync-mcp-configs.mjs. No private rule sets URL: https://knowledge.oriz.in/rules/agent/agent-fleet-parity Type: rule Tags: agent, fleet, parity, sync, mcp, claude-code, opencode, kilocode, antigravity, hard-rule ### AGENTS.md is a living doc — update when patterns recur AGENTS.md is not written-once. When a recurring issue surfaces during development (tool quirk, banned pattern, style rule), update AGENTS.md before moving on. Solve once, document, forget. URL: https://knowledge.oriz.in/rules/agent/agents-md-living-doc Type: rule Tags: agent, agents-md, hygiene, living-doc, workflow ### 2025 agents.md discipline — tight context, knowledge bundle, don't drift to 2026 yolo User locked 2025 mindset 2026-06-23: AGENTS.md stays short sharp, knowledge/ is the brain, every concept gets a file. Reject the 'just let\ agents figure it out from context' 2026 yolo for non-toy projects. For oriz family\ this means: AGENTS.md ≤200 lines pointing at README.md and knowledge/, never\ inline rules in AGENTS.md if a knowledge file exists, prune stale knowledge weekly,\ treat context as a precious limited resource. URL: https://knowledge.oriz.in/rules/agent/agents-md-2025-discipline Type: rule Tags: rule, agents-md, knowledge, context-management, discipline ### Rule additions land in 3 places: concept file + AGENTS.md table + count Add rule: write to knowledge/rules/ + AGENTS.md entry + bump section count. All three same commit URL: https://knowledge.oriz.in/rules/agent/agents-md-three-place-update Type: rule Tags: agents-md, self-update, knowledge-discipline, hard-rule ### Automate everything — never deliver a runbook Ship one executable script per setup/host/deploy request. Manual steps = defect URL: https://knowledge.oriz.in/rules/agent/automate-never-runbook Type: rule Tags: automation, deployment, hard-rule, user-identity ### Auto-grill on architectural decisions Before multi-file architectural choice — grill first \ framework, data model), agents MUST run the grill skill or its inline equivalent\ \ (3\u20134 ranked-recommendation questions via multi-choice question prompt). Decision must\ \ be locked into knowledge/decisions/ before code lands. Locked 2026-06-23 in response\ \ to user explicitly choosing the auto-grill cadence. Compounds with self-update-on-every-decision:\ \ grill produces the decision, that rule files it." URL: https://knowledge.oriz.in/rules/agent/auto-grill-on-architectural-decisions Type: rule Tags: rule, grill, architecture, knowledge, decision-discipline ### Bitwarden CLI as cross-machine secrets source-of-truth Bitwarden CLI (bw): canonical age key retrieval + secondary secrets backup. Read-only locally; updates via Web UI URL: https://knowledge.oriz.in/rules/agent/bitwarden-as-secrets-source Type: rule Tags: secrets, bitwarden, age, sops, recovery, industry-standard ### Caveman — terse prose discipline ACTIVE every prose response. Drop articles, filler, pleasantries, hedging. Code unchanged. Drop terse mode for irreversible actions URL: https://knowledge.oriz.in/rules/agent/caveman Type: rule Tags: caveman, terse-prose, token-compression, output-discipline, hard-rule, agent-behavior ### Cross-machine parity via sync Every machine can act as primary; sync auto keeps them equal; no machine-specific state that can't be reproduced from cloud+workspace. URL: https://knowledge.oriz.in/rules/agent/cross-machine-parity-via-sync Type: rule Tags: cross-machine, sync, parity, availability ### Grill the user on every new input that contradicts existing knowledge When user contradicts/narrows/widens/reverses knowledge — confirm before acting a decision already in knowledge/, the agent must explicitly call out the delta, ask the user to confirm whether to overwrite knowledge or treat as one-off, and only then act. Latest user input is the source of truth ONLY after explicit confirmation. URL: https://knowledge.oriz.in/rules/agent/confirm-knowledge-deltas Type: rule Tags: rule, communication, knowledge, drift, latest-overrides ### Context interview — agent asks user first when uncertain When unsure what context is needed for a task, agent asks the user targeted questions BEFORE attempting. 'Ask me any further questions you need to achieve the best result.' URL: https://knowledge.oriz.in/rules/agent/context-interview Type: rule Tags: agent, prompting, context, interview, uncertainty ### Delegate to sub-agents by default — researcher for reads, Haiku for batch ACTIVE every response. Use sub-agent before reading 3+ files. Isolated context; only summary returns. Cuts tokens 40-70% URL: https://knowledge.oriz.in/rules/agent/delegate-to-subagents-by-default Type: rule Tags: sub-agents, token-reduction, delegation, agent-behavior, hard-rule ### Distill the winning prompt — save the retrospective one-shot After long back-and-forth to reach a working answer, ask Claude to write the prompt that would have gotten there first-try. Save that prompt. Skip the iteration next time. URL: https://knowledge.oriz.in/rules/agent/distill-winning-prompt Type: rule Tags: prompting, agent, iteration, skills, retrospective ### Don't install MCP tools already bundled in Smithery toolbox chirag127 Smithery = meta-toolbox. Check before adding separate MCP server URL: https://knowledge.oriz.in/rules/agent/dont-dup-smithery-tools Type: rule Tags: mcp, smithery, deduplication ### Draft ≠ send: external comms need explicit approval Never send/publish/post/comment/PR-file externally without explicit human approval. Draft means draft. Insurance-agent-sent-email pattern is the failure mode this prevents. URL: https://knowledge.oriz.in/rules/agent/draft-not-send Type: rule Tags: agent, safety, external-comms, approval, email, github ### Everything durable → cloud Every long-lived artefact (knowledge, skills, memory, secrets, repo mirrors) has a cloud copy; local machine is a cache, not source of truth. URL: https://knowledge.oriz.in/rules/agent/everything-durable-to-cloud Type: rule Tags: cloud, backup, sync, availability ### Fable 5 prompting — 6 habits + safety-route awareness Six locked prompting habits for Claude Fable 5: give why, negative-prompt, act when enough, make it prove, don't ask for reasoning, say less. Plus safety-router awareness (Fable→Opus 4.8 on suspicious intent). URL: https://knowledge.oriz.in/rules/agent/fable-5-prompting Type: rule Tags: agent, prompting, fable, claude, effort-levels, safety ### Firebase: use the CLI directly, never install Firebase skills Firebase CLI + agent context enough. No skill wrappers. Saves context, kills doc rot URL: https://knowledge.oriz.in/rules/agent/firebase-cli-direct-no-skills Type: rule Tags: firebase, skills, scope, hard-rule ### Fork model: chirag127-owned + upstream tracking + weekly auto-sync Forks live under chirag127 personal account. origin=chirag127 + upstream=source. PRs directly from origin. Weekly auto-PR sync from upstream. URL: https://knowledge.oriz.in/rules/agent/fork-thin-upstream-tracking Type: rule Tags: forks, upstream, sync, ci, chirag127, hard-rule ### Globals derived from workspace by script (with grill on drift) .mcp.json + workspace anchors canonical. Globals synced by scripts/sync-globals.mjs. Fires grill-me on drift URL: https://knowledge.oriz.in/rules/agent/globals-derived-from-workspace Type: rule Tags: global, workspace, mcp, sync, derived, hard-rule ### Forks are submodules, never plain clones Every fork under repos/frk/ is added via `git submodule add`, never via `git clone`. Locks fork pointer in umbrella, keeps umbrella tree clean. URL: https://knowledge.oriz.in/rules/agent/forks-as-submodules Type: rule Tags: rules, agent, forks, submodules, workspace, hard-rule ### Grill before adding any rule — choose the right artefact type Every proposed rule triggers a grill to determine if it belongs as a rule, skill, hook, knowledge file, or AGENTS.md line. Adding rules without grilling = knowledge bloat. URL: https://knowledge.oriz.in/rules/agent/grill-before-adding-rule Type: rule Tags: agent, meta, grill, rules, knowledge ### Grill on LOC removal >= 50 lines per sweep (TIGHTENED 2026-06-22 evening) TIGHTENED 2026-06-22: threshold dropped from 1000 LOC 50 LOC. When a dedup/refactor/cleanup sweep removes ≥50 lines of code in\ a single agent action, the agent MUST surface this as a delta, ask the user MCQs\ about what was removed + why, offer restoration paths, and confirm before deleting.\ Reason: 50-LOC sweeps can hide substantive functional removal (an entire component,\ a route, a feature). Design pattern consolidation safe ONLY after grill; content/feature\ deletion NEVER safe without grill. URL: https://knowledge.oriz.in/rules/agent/grill-on-loc-removal Type: rule Tags: rule, dedup, refactoring, loc-threshold, content-vs-pattern, grill, tightened ### Grill me properly before non-trivial work Default grill-mode for >1 interpretation. Walk decision tree branch-by-branch. Surface assumptions, lock, act URL: https://knowledge.oriz.in/rules/agent/grill-me-default Type: rule Tags: grill, askuserquestion, decision-discipline, hard-rule ### Grill-to-knowledge — every grill-me answer lands in knowledge/ Invoke grill-me or design Q&A — write results to knowledge/ EVERY locked answer (question stem + chosen option + rejected options + 'why') MUST land in knowledge/ in the same conversation. No locked answer may live only in chat history. The conversation context is the audit trail; the decision file is the durable truth. URL: https://knowledge.oriz.in/rules/agent/grill-to-knowledge Type: rule Tags: rule, grill, knowledge, self-update ### Ground first, ask second For tasks requiring domain knowledge or fresh context, send a research/ground prompt FIRST, then the action prompt. Two-prompt pattern. Reduces hallucination + generic answers. URL: https://knowledge.oriz.in/rules/agent/ground-first-ask-second Type: rule Tags: prompting, agent, grounding, hallucination ### Headroom scoped-use policy Headroom (Hr): input-compression proxy only. No memory/Qdrant/TOIN/learn. Docker-only URL: https://knowledge.oriz.in/rules/agent/headroom-scoped-use Type: rule Tags: headroom, proxy, compression, docker ### ICC prompt formula — Instructions + Context + Constraints Every non-trivial prompt must have all three: what to do (instructions), what to know (context), what shape/limits apply (constraints). Order doesn't matter, completeness does. Optional: output example. URL: https://knowledge.oriz.in/rules/agent/icc-prompt-formula Type: rule Tags: prompting, agent, structure, quality ### Agent Index of concepts in rules/agent. URL: https://knowledge.oriz.in/rules/agent/index Type: index Tags: index, agent ### Junctions on Windows, symlinks on Unix Use directory junctions on Windows (mklink /J), symlinks on Unix (ln -s). No Developer Mode needed URL: https://knowledge.oriz.in/rules/agent/junctions-on-windows Type: rule Tags: windows, junction, symlink, link, hard-rule ### Iterate before creating a skill Never invoke skill-creator on the first attempt. Iterate manually 3-5 times, tag responses as good/bad with reasoning, THEN distill into a skill. Prevents overfit-on-one-example. URL: https://knowledge.oriz.in/rules/agent/iterate-before-skill Type: rule Tags: agent, skills, iteration, taste ### Karpathy — surface uncertainty, clean orphans, goal-loop execution ACTIVE every coding task. State assumptions. Surface ambiguity via MCQ. Clean orphaned imports. Define success criteria + loop URL: https://knowledge.oriz.in/rules/agent/karpathy-guidelines Type: rule Tags: karpathy, agent-behavior, coding-discipline, hard-rule, uncertainty, goal-driven ### kepano/obsidian-skills: global install Steph Ango obsidian-skills cloned to ~/skill-sources/; 5 sub-skills symlinked global URL: https://knowledge.oriz.in/rules/agent/kepano-obsidian-skills-global Type: rule Tags: rules, agent-tooling, obsidian, skills, claude-code ### Keep knowledge fresh — read first, write current truth, delete obsoletes Every session reads knowledge before acting, writes decisions into knowledge/ as CURRENT TRUTH (not historical logs), and deletes obsoleted content same-turn. Knowledge files are snapshots of what IS, not journeys of how we got here. URL: https://knowledge.oriz.in/rules/agent/keep-knowledge-fresh Type: rule Tags: rules, knowledge, okf, self-update, family, current-truth ### Knowledge — hard-delete superseded files Superseded decision: git rm old file same commit as new. Audit trail in git history URL: https://knowledge.oriz.in/rules/agent/knowledge-deletion-not-supersession Type: rule Tags: knowledge, okf, supersession, deletion, agent-rule ### All durable knowledge in knowledge/ — caveman style, no exceptions Everything worth remembering lives in knowledge/ as an OKF file. Caveman style: terse, dense, no filler. README/AGENTS.md stay lean. URL: https://knowledge.oriz.in/rules/agent/knowledge-everything-caveman Type: rule Tags: rules, agent, knowledge, documentation, caveman ### Knowledge-only, no memory dual-write Durable prefs + locked decisions ? knowledge/ ONLY. Not mirrored to MEMORY.md URL: https://knowledge.oriz.in/rules/agent/knowledge-only-no-memory-dual-write Type: rule Tags: agent-behavior, knowledge, memory, single-source-of-truth ### MCP config single source of truth .mcp.json canonical MCP config. All 5 agents sync via scripts/sync-mcp-configs.mjs. Never edit per-agent configs URL: https://knowledge.oriz.in/rules/agent/mcp-config-single-source-of-truth Type: rule Tags: mcp, config, agents, sync, infrastructure ### Loop engineering for AI agents AI agent loops across engines/tools with fan-out, fallback, self-correction. No infinite loops URL: https://knowledge.oriz.in/rules/agent/loop-engineering Type: rule Tags: loop, engineering, fallback, web-search, fan-out ### MCP env credentials — Win env vars + Smithery profile (both layers) MCP env vars sync via Win system env (local) + Smithery profile (cross-machine). Never commit values URL: https://knowledge.oriz.in/rules/agent/mcp-env-sync-both-layers Type: rule Tags: mcp, env, sync, smithery, no-commit-keys ### MCP no-key in repo, keyed in Smithery No-API-key MCP servers committed as configurable entries. Keyed/auth MCP servers go in Smithery toolbox URL: https://knowledge.oriz.in/rules/agent/mcp-no-key-in-repo-keyed-in-smithery Type: rule Tags: mcp, smithery, api-keys, security, tool-config ### MCP servers: use workspace scope, not global Workspace-scoped MCP in committed .mcp.json. claude mcp add -s project. Default scope wrong URL: https://knowledge.oriz.in/rules/agent/mcp-workspace-not-global Type: rule Tags: mcp, scope, workspace-only, hard-rule ### Memory file mapping by `type` field Migrating MEMORY.md to knowledge/: type field determines directory (rule?rules/, decision?decisions/, etc.) URL: https://knowledge.oriz.in/rules/agent/memory-mapping-by-type-field Type: rule Tags: agent-behavior, knowledge, migration, type-field, routing ### No dual-remote backup. GitHub IS the backup. Never add second remote to forks. chirag127 fork on GitHub = backup. Stop re-asking URL: https://knowledge.oriz.in/rules/agent/no-dual-remote-backup Type: rule Tags: git, backup, fleet, hard-rule, never-reask ### No fork divergence — upstream PRs only Local forks in repos/frk/* stay byte-identical to upstream main. Every local change files as an upstream PR immediately. URL: https://knowledge.oriz.in/rules/agent/no-fork-divergence Type: rule Tags: rules, agent, forks, upstream, pr ### Ecosystem first-mover on emerging OKF conventions When a new tool/format/convention emerges in the OKF ecosystem, adopt fast + contribute upstream — first-mover shapes the standard. URL: https://knowledge.oriz.in/rules/agent/okf-ecosystem-first-mover Type: rule Tags: okf, ecosystem, contribution, upstream ### OKF graph discipline (inspired by okf-mcp) Validate cross-links, prefer index-scan over directory-scan, propose-first authoring, structured graph queries URL: https://knowledge.oriz.in/rules/agent/okf-graph-discipline Type: rule Tags: agent-behavior, knowledge, okf, graph, discipline ### Review per-project memory monthly, prune stale entries Auto-saved memory files (~/.claude/projects/*/memory/MEMORY.md) get stale — 'currently working on X' after X shipped. Monthly review + prune. URL: https://knowledge.oriz.in/rules/agent/memory-review-monthly Type: rule Tags: agent, memory, hygiene, maintenance ### Run okf-prompt-lookup before answering knowledge-touching prompts Every agent must surface top-3 OKF concept files before answering any non-trivial prompt. Claude Code does it via UserPromptSubmit hook; other agents must run scripts/okf-prompt-lookup.py themselves. URL: https://knowledge.oriz.in/rules/agent/okf-lookup-before-acting Type: rule Tags: agent, knowledge, okf, discoverability, fleet-parity ### Own the memory, rent the intelligence Memory + skills + orchestration are portable and belong to you. Intelligence (frontier models) is rented — swap providers freely. Never couple your knowledge to one vendor's tool. URL: https://knowledge.oriz.in/rules/agent/own-memory-rent-intelligence Type: rule Tags: agent, memory, skills, portability, strategy, karpathy ### Output minimalism — no preamble, no restatement, answer-first, no abstract language ACTIVE every response. Bans 4 verbosity anti-patterns. Cuts ~20-40% beyond Caveman URL: https://knowledge.oriz.in/rules/agent/output-minimalism Type: rule Tags: output-discipline, hard-rule, agent-behavior, token-reduction, verbosity ### Minimum everything — fewest lines, fewest tool calls, fewest packages Hard rule. Smallest unit of everything. Per response, per file, per workflow URL: https://knowledge.oriz.in/rules/agent/minimum-everything Type: rule Tags: minimalism, output-discipline, agent-behavior, hard-rule ### Ponytail — lazy senior dev (ULTRA level) ACTIVE every code-gen response. 7-rung ladder picks laziest working solution. ULTRA = no-code, one-line, zero abstraction URL: https://knowledge.oriz.in/rules/agent/ponytail Type: rule Tags: ponytail, output-discipline, code-generation, hard-rule, agent-behavior, ultra ### Per-batch grill log granularity Grill sessions logged at batch granularity — one log per session. Lives in knowledge/log/grills/ URL: https://knowledge.oriz.in/rules/agent/per-batch-grill-log Type: rule Tags: agent-behavior, knowledge, log, grill, granularity ### PowerShell scripts: ASCII only (no em-dash, smart quotes, etc.) PS 5.1 without UTF-8 BOM reads as Windows-1252. Em-dashes + smart quotes break parser. Use ASCII hyphens + straight quotes in .ps1 URL: https://knowledge.oriz.in/rules/agent/powershell-ascii-only Type: rule Tags: powershell, encoding, windows, automation, hard-rule ### Practical vibe coding — the middle way Neither over-plan nor yolo. Iterate feature-by-feature with an anchoring AGENTS.md, focused ICC prompts, behavior-constraints, and verify each before starting next. The umbrella framework. URL: https://knowledge.oriz.in/rules/agent/practical-vibe-coding Type: rule Tags: agent, philosophy, prompting, workflow, practical-vibe-coding ### Always Read a file before Edit Always Read file before Edit in current session \ enforces this; the rule restates the why so agents don't fight it \u2014 it prevents\ \ stale-match failures and accidental clobbering." URL: https://knowledge.oriz.in/rules/agent/read-before-edit Type: rule Tags: rules, agent-harness, edit, claude-code, safety ### Read the file, not just the grep, before claiming a gap Claims about external project gap must be backed by Read of source file — not grep alone URL: https://knowledge.oriz.in/rules/agent/read-the-file-not-just-grep Type: rule Tags: external-issues, verification, anti-hallucination ### PowerShell: native commands writing to stderr trip strict mode Cargo/winget/npm/gcc print to stderr. PS 5.1 + EAP=Stop wraps stderr in RemoteException. Pipe through cmd /c ... 2>&1 URL: https://knowledge.oriz.in/rules/agent/powershell-native-stderr Type: rule Tags: powershell, stderr, automation, hard-rule ### Proactively add rules and knowledge — don't wait to be asked Every session that surfaces a durable insight, decision, taste rule, or pattern must write it to knowledge/ or memory/ in the same turn. Don't wait for user to ask. URL: https://knowledge.oriz.in/rules/agent/proactive-knowledge-capture Type: rule Tags: agent, meta, knowledge, proactive, self-update ### Web search — 3-MCP fallback chain (10 engines, no keys) searxng + duckduckgo + open-websearch. 10 engines, no API key. Try in order on failure URL: https://knowledge.oriz.in/rules/agent/search-multi-engine-fallback Type: rule Tags: mcp, search, fallback, no-card, no-key ### Session hygiene — break sessions between distinct features Reset chat/session when moving between distinct features. Stale context leaks confuse the agent and waste tokens. Stay in same chat only when tied to what you just built. URL: https://knowledge.oriz.in/rules/agent/session-hygiene Type: rule Tags: agent, session, hygiene, context, tokens ### chirag127/backup is the new-laptop bootstrap + disaster recovery repo Private repo. Bootstrap: one-command new-laptop setup + restic recovery + encrypted secrets (sops+age) URL: https://knowledge.oriz.in/rules/agent/setup-repo-as-bootstrap Type: rule Tags: setup, bootstrap, backup, disaster-recovery, sops, age, secrets, private ### Self-update on every decision (durable info only) Decisions written to knowledge/ same session URL: https://knowledge.oriz.in/rules/agent/self-update-rule Type: rule Tags: rules, agent, knowledge, process ### Terse upstream issues + comments — less is less hallucination GitHub issues and comments: short, factual, no filler. Every unverified claim is a potential hallucination. Min words = min risk. URL: https://knowledge.oriz.in/rules/agent/terse-issues-less-hallucination Type: rule Tags: rules, agent, issues, github, caveman, hallucination ### Subagent transparency — show what they do, don't silent-pass-through When spawning a subagent, show what it will do + return format + verification plan. Summarize subagent output back to user before acting on it. URL: https://knowledge.oriz.in/rules/agent/subagent-transparency Type: rule Tags: agent, subagent, transparency, orchestration ### Thank maintainers on every upstream issue/PR/comment Every upstream contribution ends with a one-line thanks to the maintainer for their work on the project. URL: https://knowledge.oriz.in/rules/agent/thank-maintainers Type: rule Tags: rules, agent, github, issues, community ### Small composable skills, not mega-skills One skill does one thing well. Chain 4-6 small skills > one 500-line mega-skill. Enables auto-invocation per sub-task + composition across workflows. URL: https://knowledge.oriz.in/rules/agent/small-composable-skills Type: rule Tags: agent, skills, composition, modularity ### Ticketing primitive — agent operations visible via TaskCreate Every multi-step operation and every external-state operation goes through the task system. No hidden work in chain-of-thought. URL: https://knowledge.oriz.in/rules/agent/ticketing-primitive Type: rule Tags: agent, tasks, visibility, ticketing, orchestration ### Try multiple alternatives on failure — never stop at first fail Website/API/tool/install failure: try 3+ alternatives before reporting blocker URL: https://knowledge.oriz.in/rules/agent/try-multiple-on-failure Type: rule Tags: agent-behavior, resilience, fallback, retries ### 5-agent workspace setup: the AI agent, OpenCode, Cline, Kilo Code, Antigravity Workspace supports exactly 5 agents. All config inside C:\D\oriz\. Never touch global files URL: https://knowledge.oriz.in/rules/agent/workspace-scoped-agents Type: rule Tags: agents, claude-code, opencode, kilocode, cline, antigravity, scope, hard-rule ### Always install the latest version of every dependency Always install latest version of every dependency URL: https://knowledge.oriz.in/rules/development/always-latest-deps Type: rule Tags: rule, pnpm, dependencies, versioning, no-quotas ### Write + commit per decision (not per session) Each locked decision ? knowledge/ + committed as discrete unit. Not batched end-of-session URL: https://knowledge.oriz.in/rules/agent/write-commit-per-decision Type: rule Tags: agent-behavior, knowledge, commits, discipline ### Community packages first — prefer external dependencies over hand-rolling Prefer well-maintained community packages over hand-rolling URL: https://knowledge.oriz.in/rules/development/community-packages-first Type: rule Tags: rule, dependencies, npm, community, build-vs-buy, default-yes ### Astro version pin: major in package.json, auto-update minors weekly Astro pinned at major, minors auto-update weekly URL: https://knowledge.oriz.in/rules/development/astro-version-pin Type: rule Tags: rules, astro, dependencies, versioning, pnpm ### Conventional commits Conventional Commits prefixes for every commit URL: https://knowledge.oriz.in/rules/development/conventional-commits Type: rule Tags: rules, git, commits, style ### Everything should be in Dagger — GHA/GitLab/Codeberg are thin adapters only All CI/CD logic lives in Dagger TS modules. GitHub Actions, GitLab CI, Woodpecker, Codeberg are 5-line wrappers that call `dagger call`. No real logic in YAML. URL: https://knowledge.oriz.in/rules/development/everything-in-dagger Type: rule Tags: ci, dagger, pipeline, portable ### Fork discipline — minimum diff, rebase-friendly, upstream-aligned Minimum-diff forks, rebase-friendly, upstream-aligned URL: https://knowledge.oriz.in/rules/development/fork-discipline Type: rule Tags: rule, forks, git, rebase, submodule, minimum-diff ### Git identity — always use chirag127's GitHub noreply email chirag127 noreply email for all commits URL: https://knowledge.oriz.in/rules/development/git-identity-chirag127-noreply Type: rule Tags: rule, git, identity, github, attribution, security ### Development Index of concepts in rules/development. URL: https://knowledge.oriz.in/rules/development/index Type: index Tags: index, development ### MCP forks live in repos/frk/-mcp/; fixes go upstream via PR Fork MCP servers to frk/ and PR upstream URL: https://knowledge.oriz.in/rules/development/mcp-fork-pattern-in-frk Type: rule Tags: mcp, fork, frk, upstream, pr, hard-rule ### Don't rebuild software that already exists completely free Don't rebuild software that exists free URL: https://knowledge.oriz.in/rules/development/no-rebuilding-free-software Type: rule Tags: rule, scope, build-or-buy, anti-reinvention ### Never force-push to main Force-push to main needs explicit user instruction URL: https://knowledge.oriz.in/rules/development/no-force-push-to-main Type: rule Tags: rules, git, agent, safety ### Obsidian vault: minimal plugin set Only 3 Obsidian plugins: Terminal, Templater, Dataview URL: https://knowledge.oriz.in/rules/development/obsidian-vault-plugins-minimal Type: rule Tags: rules, obsidian, pkm, plugins, vault, minimalism ### MCP server repo naming: -mcp suffix MCP repos use -mcp suffix URL: https://knowledge.oriz.in/rules/development/mcp-repo-naming-suffix Type: rule Tags: mcp, repo-naming, convention, suffix ### One branch only — main Only main branch across all repos URL: https://knowledge.oriz.in/rules/development/one-branch-only Type: rule Tags: rules, git, branches ### Playwright Persistent Browser Context Rules Playwright persistent auth, cookie encryption, memory leak prevention URL: https://knowledge.oriz.in/rules/development/playwright-persistent-sessions Type: rule Tags: rule, automation, playwright, testing, development ### Never call Web3Forms from server-side code Web3Forms browser-only, never server-side URL: https://knowledge.oriz.in/rules/development/no-web3forms-server-side Type: rule Tags: rules, web3forms, contact-forms, cloudflare, workers ### Push to main by default — no explicit say-so needed Push to main by default without explicit say-so URL: https://knowledge.oriz.in/rules/development/push-by-default Type: rule Tags: rule, git, workflow, autonomy ### Every repo README must carry a star-this-repo badge near the top Star-this-repo badge near top of every README URL: https://knowledge.oriz.in/rules/development/readme-star-badge-required Type: rule Tags: rule, readme, branding, family-convention ### Every repo in the family must work independently when cloned alone Every repo works independently when cloned alone URL: https://knowledge.oriz.in/rules/development/repos-work-independently Type: rule Tags: rule, repos, submodules, independence, ci ### Apply the role suffix to every new repo, and audit before publish Role suffix on every repo slug URL: https://knowledge.oriz.in/rules/development/repo-naming Type: rule Tags: rules, naming, repo, suffix, audit ### Windows shortcuts/wt-spawned shells: use absolute paths to .cmd/.exe binaries Windows Terminal tabs launched via wt new-tab + a -Command string don't reliably inherit the User PATH. Always use the absolute path to npm.cmd / pnpm.cmd / python.exe etc. when constructing startup scripts. URL: https://knowledge.oriz.in/rules/development/windows-shortcut-absolute-binary-paths Type: rule Tags: windows, powershell, startup-scripts, path, gotcha ### pnpm is the package manager for every JS repo in the family pnpm mandatory across oriz family URL: https://knowledge.oriz.in/rules/development/use-pnpm Type: rule Tags: rule, pnpm, package-manager, tooling, no-duplication ### Userscript @author metadata uses GitHub handle `chirag127` Userscript @author = chirag127 URL: https://knowledge.oriz.in/rules/development/userscript-author-handle Type: rule Tags: rule, userscript, metadata, attribution ### Tests in parallel + master `pnpm install -r` is THE install command Tests parallel, pnpm install -r from master URL: https://knowledge.oriz.in/rules/development/tests-parallel-and-master-install Type: rule Tags: rule, tests, parallel, install, pnpm, monorepo ### AWS Lambda EXCEPTION to no-card-on-file rule AWS Lambda exception to no-card rule URL: https://knowledge.oriz.in/rules/infrastructure/aws-lambda-exception Type: rule Tags: rules, billing, free-tier, aws, aws-lambda, exception, serverless ### Cloudflare Pages = apps only. Everything else = GitHub Pages CF Pages for apps, GH Pages for everything else URL: https://knowledge.oriz.in/rules/infrastructure/cloudflare-pages-apps-only Type: rule Tags: rule, hosting, cloudflare-pages, github-pages, apps, scope ### Cloudflare Pages only — every website and every app hosts on CF Pages CF Pages family hosting lock URL: https://knowledge.oriz.in/rules/infrastructure/cloudflare-pages-only Type: rule Tags: rule, hosting, cloudflare ### Card-on-file allowed BUT only on free-tier-safe providers with hard cost controls Card-on-file OK with hard $0 spend cap URL: https://knowledge.oriz.in/rules/infrastructure/free-tier-with-cost-controls Type: rule Tags: rules, billing, free-tier, cost-controls, card-allowed ### No firebase-admin inside Cloudflare Workers No firebase-admin in CF Workers, use REST URL: https://knowledge.oriz.in/rules/infrastructure/no-firebase-admin-in-workers Type: rule Tags: rules, cloudflare, workers, firebase, gRPC, runtime ### No Firebase Cloud Functions — Blaze requires a card on file No Firebase Functions — Blaze requires card URL: https://knowledge.oriz.in/rules/infrastructure/no-firebase-functions-blaze Type: rule Tags: rule, firebase, no-functions, no-card-on-file, cloudflare-workers, github-actions ### No subscriptions — no service requiring a recurring paid plan No recurring paid subscriptions URL: https://knowledge.oriz.in/rules/infrastructure/no-subscriptions Type: rule Tags: rule, no-subscriptions, no-paid-tier, monetisation ### Infrastructure Index of concepts in rules/infrastructure. URL: https://knowledge.oriz.in/rules/infrastructure/index Type: index Tags: index, infrastructure ### No PAID self-hosting — free + no-card-on-file providers are fine Self-hosting OK on free / no-card providers URL: https://knowledge.oriz.in/rules/infrastructure/no-paid-self-hosting-only Type: rule Tags: rule, hosting, no-card, free-tier, self-hosting ### One-level subdomains only — never two levels deep below oriz.in One-level subdomains only below oriz.in URL: https://knowledge.oriz.in/rules/infrastructure/one-level-subdomain-only Type: rule Tags: rule, subdomain, ssl, dns, one-level, cloudflare, free-tier ### Shared-tenant-by-default for every 3rd-party service Single shared tenant for every 3rd-party service URL: https://knowledge.oriz.in/rules/infrastructure/shared-tenant-by-default Type: rule Tags: rule, shared-tenant, third-party, observability, no-per-app-projects, scale ### Auto-only tracking Auto-only tracking for system metrics URL: https://knowledge.oriz.in/rules/interaction/auto-only-tracking Type: rule Tags: rules, tracking, observability, metrics, auto, free-tier ### Workspace Root Cleanliness Workspace root is canonical-config-only. No generated, derived, or junction content lives here — only committed-first source files. URL: https://knowledge.oriz.in/rules/infrastructure/workspace-root-cleanliness Type: rule Tags: workspace, config, junctions, clean-root, infrastructure ### Communication is STT-friendly — accept transcription noise, infer intent STT-friendly communication, infer intent, ≤4 MCQ options URL: https://knowledge.oriz.in/rules/interaction/communication-stt-friendly Type: rule Tags: rule, communication, stt, askuserquestion, ambiguity-handling ### Future decisions override past decisions Chat contradicts file → chat wins, update same turn URL: https://knowledge.oriz.in/rules/interaction/future-overrides-past Type: rule Tags: rules, agent, knowledge, authority ### iOS is PWA-only — user has no Mac iOS PWA-only, no Apple devices URL: https://knowledge.oriz.in/rules/interaction/ios-pwa-only-no-mac Type: rule Tags: user-identity, ios, pwa, distribution ### Interaction Index of concepts in rules/interaction. URL: https://knowledge.oriz.in/rules/interaction/index Type: index Tags: index, interaction ### Linux/Ubuntu only on CI runners — never Windows or macOS Linux/Ubuntu only on CI runners URL: https://knowledge.oriz.in/rules/interaction/linux-ci-only Type: rule Tags: rule, ci, linux, runners, cost ### Match the surrounding code style Match surrounding code style when editing URL: https://knowledge.oriz.in/rules/interaction/match-surrounding-style Type: rule Tags: rules, style, code-review, consistency ### Never delete an empty placeholder repo without explicit user authorisation Never delete empty placeholder repos without user OK URL: https://knowledge.oriz.in/rules/interaction/never-delete-empty-placeholder-repos Type: rule Tags: rule, repo, delete, placeholder, slug-reservation, family, safety ### Never hit a free-tier quota Architect for headroom, never hit quotas URL: https://knowledge.oriz.in/rules/interaction/never-hit-quotas Type: rule Tags: rules, quotas, architecture, free-tier ### Every AI provider adapter must be OpenAI-compatible (SDK schema) Every AI adapter uses OpenAI SDK schema URL: https://knowledge.oriz.in/rules/interaction/openai-compat-for-all-ai-providers Type: rule Tags: rule, ai, openai-compatible, sdk, adapters, minimum-code ### Recruiter strategy: optimize pinned repos + contribution graph, not the repo list Optimize pinned repos + contribution graph for recruiters URL: https://knowledge.oriz.in/rules/interaction/recruiter-strategy Type: rule Tags: rule, branding, recruiter, github, profile, signal ### No card on file — one-time prepaid OK One-time prepaid OK, no recurring cards URL: https://knowledge.oriz.in/rules/interaction/no-card-on-file-prepaid-escape Type: rule Tags: feedback, no-card, distribution, monetisation ### Always parse 'Other' answers in MCQs for additional context beyond the literal question Parse MCQ 'Other' answers for extra directives URL: https://knowledge.oriz.in/rules/interaction/parse-mcq-other-for-context Type: rule Tags: rule, communication, mcq, askuserquestion, parsing, context, stt-friendly ### Profile README must cross-link chirag127 ↔ chirag127 chirag127 ↔ chirag127 cross-link in profile READMEs URL: https://knowledge.oriz.in/rules/interaction/profile-readme-cross-link Type: rule Tags: rule, branding, recruiter, github, readme, profile ### React > Preact — ecosystem over bundle size React over Preact — ecosystem over bundle size URL: https://knowledge.oriz.in/rules/interaction/react-ecosystem-over-bundle-size Type: rule Tags: user-identity, frontend, framework ### Parallel fan-out by default (background subagents) Parallel fan-out via background subagents URL: https://knowledge.oriz.in/rules/interaction/parallel-fan-out-by-default Type: rule Tags: rules, agent, subagents, parallel, context-window, productivity ### Telegram channels and roles (restored 2026-06-22) 4 Telegram channels in Oriz namespace URL: https://knowledge.oriz.in/rules/interaction/telegram-channels-and-roles Type: rule Tags: rule, telegram, channels, india, geo, notifications, drafts ### User prefers features-on when cost is small User prefers features-on when cost is small URL: https://knowledge.oriz.in/rules/interaction/user-prefers-features-on-when-cost-small Type: rule Tags: user-identity, preference, defaults, feedback, learn-from-answers ### User prefers atomic split over consolidation User prefers atomic split over consolidation URL: https://knowledge.oriz.in/rules/interaction/user-prefers-atomic-split Type: rule Tags: meta, taste, preferences ### User prefers deletion over archive for superseded repos (same-day migration) User prefers deletion over archive for superseded repos URL: https://knowledge.oriz.in/rules/interaction/user-prefers-deletion-over-archive Type: rule Tags: taste, mcq-learned, repos, github ### User prefers per-product brand over family chrome User prefers per-tool brand over family chrome URL: https://knowledge.oriz.in/rules/interaction/user-prefers-pure-tool-brand Type: rule Tags: taste, mcq-learned, branding, seo ### User prefers same name across GitHub repo and npm package Same slug across GitHub repo and npm package URL: https://knowledge.oriz.in/rules/interaction/user-prefers-same-name-repo-and-npm Type: rule Tags: taste, mcq-learned, naming, npm, github ### User prefers strict-no-toggle interpretation of locked rules User prefers strict-no-toggle for locked rules URL: https://knowledge.oriz.in/rules/interaction/user-prefers-strict-no-toggle Type: rule Tags: taste, mcq-learned, ui, rules ### Security Index of concepts in rules/security. URL: https://knowledge.oriz.in/rules/security/index Type: index Tags: index, security ### User prefers wider topical coverage over narrow SEO concentration User prefers wider topical coverage over narrow SEO URL: https://knowledge.oriz.in/rules/interaction/user-prefers-wider-coverage Type: rule Tags: meta, taste, preferences, seo ### No hardcoded secrets — everything via envpact No hardcoded secrets, envpact provides at runtime URL: https://knowledge.oriz.in/rules/security/no-hardcoded-secrets Type: rule Tags: rules, secrets, security, envpact ### AWS REJECTED — card required at sign-up URL: https://knowledge.oriz.in/services/infra/aws Type: service Tags: cloud, aws, rejected ### Oracle Cloud REJECTED — excluded by user policy URL: https://knowledge.oriz.in/services/infra/oracle-cloud Type: service Tags: hosting, rejected ### Add Gemini CLI to oriz coding-agent fleet 11th interactive agent. Free tier via Google OAuth. 1,000 req/day + 60 req/min. Headless scripting flag, no public REST API. No card-on-file. Grill-locked 2026-06-30. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/gemini-cli-agent-addition-2026-06-30 Type: decision Tags: agent, fleet, gemini-cli, google, free-tier, no-card, grill-decision ### OKF auto-lookup via UserPromptSubmit hook (CC) + manual script (other agents) Fix for OKF-not-triggering symptom: a 50-LOC Python script scores knowledge/index.md lines by prompt-token overlap, returns top-3 paths. CC fires it automatically; other agents run it manually because their harnesses lack pre-prompt hooks. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/okf-auto-lookup-hook-2026-06-29 Type: decision Tags: architecture, agent-tooling, okf, discoverability, hook ### MCP toolbox allowlist + audit 2026-07-02 Blessed MCP server allowlist grouped by purpose plus audit notes flagging duplicates, health-check candidates, and removal candidates. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/mcp-toolbox-allowlist-2026-07-02 Type: decision Tags: mcp, tools, allowlist, agent-tooling ### Hybrid Dagger+GHA architecture locked — 2026-07-02 Per-class Dagger modules in chirag127/workflows. GHA = 5-line adapter. Tauri Windows = GHA host for cargo, Dagger for portable parts. Both cacheVolume() + actions/cache. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/hybrid-dagger-gha-2026-07-02 Type: decision Tags: ci, dagger, gha, hybrid, caching, architecture ### Azure (paid tiers) REJECTED — card required; Azure for Students documented separately URL: https://knowledge.oriz.in/services/infra/azure-paid-tiers Type: service Tags: cloud, azure, rejected ### Reusable workflows layered with Dagger — 2026-07-02 chirag127/oriz-workflows publishes reusable GH Actions workflows per repo class. Each workflow calls `dagger call` — the actual logic lives in Dagger TS modules. Downstream repos are 5-line pins. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/reusable-workflows-layered-2026-07-02 Type: decision Tags: ci, github-actions, dagger, dry, reusable-workflows ### SAP hyperspace docs crawl — deferred to interactive SSO Crawl of SAP corp AI-proxy docs + internal GHE profile blocked by MS Entra SSO; requires user's live browser session. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/sap-hyperspace-crawl-2026-07-02 Type: decision Tags: sap, corp, mcp, sso, entra, hyperspace, agent-browser ### Workspace-owns-secrets model 2026-07-02 chirag127/workspace umbrella holds ALL deploy secrets. Per-repo CI runs public-only (lint/test/build). Deploy triggered via repository_dispatch after CI green. URL: https://knowledge.oriz.in/decisions/architecture/agent-tooling/workspace-owns-secrets-2026-07-02 Type: decision Tags: security, secrets, ci, github-actions, umbrella, deploy ### runbooks/platform/cf-pages/cf-dns-audit-2026-06-23 URL: https://knowledge.oriz.in/runbooks/platform/cf-pages/cf-dns-audit-2026-06-23 Type: other ### runbooks/platform/cf-pages/cf-dns-add-api-subdomain URL: https://knowledge.oriz.in/runbooks/platform/cf-pages/cf-dns-add-api-subdomain Type: other ### Cloudflare Pages — branch deploys mitigation for 100-project limit Branch-based environments inside each CF Pages project URL: https://knowledge.oriz.in/runbooks/platform/cf-pages/cf-pages-branch-deploys Type: runbook Tags: runbook, cloudflare-pages, deploys, limits, environments ### Strix AI pentesting — adopted for oriz API fleet Strix open-source agentic DAST+LLM pentesting wired into ci-astro-api shared workflow. URL: https://knowledge.oriz.in/decisions/architecture/security/strix-ai-pentesting-2026-07-03 Type: decision Tags: security, strix, dast, ci, pentesting ### Sites Index of concepts in runbooks/scaffolding/sites. URL: https://knowledge.oriz.in/runbooks/scaffolding/sites/index Type: index Tags: index, sites ### Scaffold a new chirag127 tool site (Astro + dark theme + CI) Bootstrap tool site from stub README to deployable Astro app URL: https://knowledge.oriz.in/runbooks/scaffolding/sites/scaffold-tool-site Type: runbook Tags: scaffolding, astro, sites, tools ### Codeberg as 2nd git remote — DR mirror for the family Codeberg as DR mirror via nightly GH Actions URL: https://knowledge.oriz.in/runbooks/platform/mirrors/codeberg-mirror-2026-06-23 Type: runbook Tags: runbook, codeberg, git, mirror, backup, dr, free-tier ### Mirror all hosts setup — one-time token generation + repo pre-creation for the 9 popular hosts One-time 9-host mirror setup URL: https://knowledge.oriz.in/runbooks/platform/mirrors/mirror-all-hosts-setup Type: runbook Tags: runbook, mirror, git-host, gitlab, codeberg, bitbucket, gitflic, azure-devops, notabug, gitgud, rocketgit, radicle, secrets, setup ### Mirror cron — pre-flight checklist Pre-flight checklist for 4-host git mirror cron URL: https://knowledge.oriz.in/runbooks/platform/mirrors/mirror-cron-prep Type: runbook Tags: runbook, mirror, git-host, gitlab, codeberg, bitbucket, gitflic, secrets, pre-flight ### Publish a userscript to Greasy Fork (manual paste, then webhook auto-update) Publish userscript to Greasy Fork; manual paste first version, webhook auto-update URL: https://knowledge.oriz.in/runbooks/workflow/deploy/publish-userscript-to-greasyfork Type: runbook Tags: runbook, userscript, greasyfork, publishing, marketplace ### Publish a VS Code extension to the Marketplace (vsce publish) Ship VS Code extension to Marketplace + Open VSX via vsce + ovsx URL: https://knowledge.oriz.in/runbooks/workflow/deploy/publish-vscode-extension-to-marketplace Type: runbook Tags: runbook, vscode, marketplace, publishing, vsce, open-vsx ### Rename a repo to its role-suffixed slug Rename chirag127/oriz* repo to role-suffixed slug; update .gitmodules + submodules URL: https://knowledge.oriz.in/runbooks/workflow/deploy/rename-repo Type: runbook Tags: runbook, git, submodule, rename, naming ### Manage a private organization repository mirroring public upstream releases Merge upstream updates into private fork URL: https://knowledge.oriz.in/runbooks/workflow/deploy/git-upstream-merge-private-fork Type: runbook Tags: runbook, github, git, upstream-sync, private-repo, chrome-extension ### Apply per-site CI templates to every oriz-* submodule Apply CI templates to every submodule in one pass URL: https://knowledge.oriz.in/runbooks/workflow/deploy/apply-per-site-ci Type: runbook Tags: runbook, ci, github-actions, cloudflare-pages, dependabot, codeql, coderabbit, sonarcloud, biome ### Migrate the knowledge bundle to a new OKF spec version Run when OKF spec moves beyond v0.1; batch-update format_version across concept files URL: https://knowledge.oriz.in/runbooks/workflow/migrate/migrate-okf-to-new-version Type: runbook Tags: runbook, okf, migration, knowledge, schema ### Fix cavemem hooks failing with "Executable not found in $PATH: sh" Claude Code wraps every command hook in `sh -c`. On Windows without Git\bin in PATH, sh.exe isn't found and every hook silently fails. Add Git\bin to user PATH + verify. URL: https://knowledge.oriz.in/runbooks/workflow/maintain/cavemem-hook-sh-not-found-fix Type: runbook Tags: cavemem, claude-code, hooks, windows, path, troubleshooting ### chirag127 fork cleanup 2026-06-26 — bulk delete with downstream-aware sparelist 43 chirag127 forks deleted, 5 spared URL: https://knowledge.oriz.in/runbooks/workflow/maintain/chirag127-fork-cleanup-2026-06-26 Type: runbook Tags: github, forks, cleanup, profile, audit-log ### runbooks/workflow/maintain/dependabot-notification-tuning URL: https://knowledge.oriz.in/runbooks/workflow/maintain/dependabot-notification-tuning Type: other ### Install auto-start services (Headroom + cavemem) URL: https://knowledge.oriz.in/runbooks/workflow/maintain/install-auto-start-services-2026-06-28 Type: runbook Tags: windows, task-scheduler, headroom, cavemem, autostart ### GitHub profile customization — what works via API vs manual GH profile: API-patchable fields vs pinned repos URL: https://knowledge.oriz.in/runbooks/workflow/maintain/github-profile-customization Type: runbook Tags: github, profile, api, pinning, manual ### GitHub Apps audit — chirag127 account, 2026-06-22 One-shot audit of GitHub Apps on chirag127 account URL: https://knowledge.oriz.in/runbooks/workflow/maintain/github-apps-audit-2026-06-22 Type: runbook Tags: runbook, github-apps, audit, security, free-tier ### runbooks/workflow/maintain/hr-autostart-2026-06-27 URL: https://knowledge.oriz.in/runbooks/workflow/maintain/hr-autostart-2026-06-27 Type: other ### Install free GitHub Apps to all 39+ chirag127/oriz* repos in one pass Install free GH Apps to all org repos in one pass URL: https://knowledge.oriz.in/runbooks/workflow/maintain/install-github-apps Type: runbook Tags: runbook, github-apps, ci, bulk-install, oss-services ### Lifestream auto-sources setup — wire the 3 pipelines to live cron + webhooks Wire 3 lifestream pipelines to cron + webhooks URL: https://knowledge.oriz.in/runbooks/workflow/maintain/lifestream-auto-sources-setup Type: runbook Tags: runbook, lifestream, github-webhooks, hookdeck, wakatime, cloudflare-analytics, cron, ingest ### Migrate CI/CD from GitHub Actions to GitLab CI or CircleCI Plan-B runbook when GitHub Actions unusable; translates CI to GitLab CI + CircleCI URL: https://knowledge.oriz.in/runbooks/workflow/maintain/migrate-ci-platform Type: runbook Tags: runbook, ci, migration, gitlab-ci, circleci, plan-b ### runbooks/workflow/maintain/visual-audit-2026-06-22 URL: https://knowledge.oriz.in/runbooks/workflow/maintain/visual-audit-2026-06-22 Type: other ### VS Code Copilot warning suppression + GitHub Copilot Free signup Silence VS Code Copilot nag; claim free 2k-completions/mo tier (no card) URL: https://knowledge.oriz.in/runbooks/workflow/maintain/vscode-copilot-suppression-2026-06-26 Type: runbook Tags: vscode, copilot, github, ide, settings, free-tier, no-card ### Auth setup — log in once, publish + deploy forever Login commands + dashboard URLs for publish/deploy; tokens in envpact vault URL: https://knowledge.oriz.in/runbooks/security/auth/auth-setup Type: runbook Tags: runbook, auth, secrets, publish, deploy ### Set up Razorpay Subscriptions + Paddle Checkout (Pro Monthly/Yearly + Max Monthly/Yearly) Set up Razorpay (INR) + Paddle (USD) subscription tiers URL: https://knowledge.oriz.in/runbooks/security/auth/razorpay-paddle-subscriptions-setup Type: runbook Tags: runbook, setup, razorpay, paddle, subscriptions, billing ### Razorpay end-to-end setup — TEST keys + 4 plans + 4 promos + webhook + E2E test + LIVE Step-by-step Razorpay subscriptions setup: test keys, webhook, promo codes, E2E test, LIVE URL: https://knowledge.oriz.in/runbooks/security/auth/razorpay-end-to-end-setup Type: runbook Tags: runbook, billing, razorpay, subscriptions, webhook, env, secrets ### Web crawler MCPs (3-tier fallback) URL: https://knowledge.oriz.in/runbooks/workflow/maintain/web-crawler-mcps-2026-06-27 Type: runbook Tags: mcp, crawler, scraper, firecrawl, apify, smithery, runbook ### Auth bug: 'Sign in shows even after login' — root causes + fix layers Fix cross-domain auth-state-not-reflected bug; cookie sync across account.oriz.in URL: https://knowledge.oriz.in/runbooks/security/auth/auth-signin-still-showing-2026-06-24 Type: runbook Tags: runbook, auth, firebase, cookie, debugging, cross-domain ### Add a new decision to the knowledge bundle Capture decisions as knowledge before session ends URL: https://knowledge.oriz.in/runbooks/workflow/setup/add-new-decision Type: runbook Tags: runbook, okf, knowledge, self-update, workflow ### Add a new Chrome / Firefox / Edge extension Add extension repo with cross-store publish workflow URL: https://knowledge.oriz.in/runbooks/workflow/setup/add-new-extension Type: runbook Tags: runbook, extension, submodule, chrome, firefox, edge ### Add a new site to the family Add new site submodule with CI + CF Pages deploy URL: https://knowledge.oriz.in/runbooks/workflow/setup/add-new-site-to-family Type: runbook Tags: runbook, site, submodule, scaffold, family ### Add a new chirag127/*-npm-pkg repo to packages.oriz.in catalog Publish npm package, auto-appears in catalog URL: https://knowledge.oriz.in/runbooks/workflow/setup/add-package-to-catalog Type: runbook Tags: runbook, catalog, packages, oss, automation ### Build PWA + Android AAB/APK + Windows MSIX + desktop EXE from one app Build PWA + Android + MSIX + desktop from one app URL: https://knowledge.oriz.in/runbooks/workflow/setup/build-distributable Type: runbook Tags: runbook, distribute, pwa, pwabuilder, tauri, aab, msix ### Env management — sops + age + GitHub Org Secrets sops + age + GH Org Secrets env pipeline URL: https://knowledge.oriz.in/runbooks/workflow/setup/env-management Type: runbook Tags: runbook, env, secrets, sops, age, rotation, recovery, single-source ### Keyed MCPs via Smithery CLI URL: https://knowledge.oriz.in/runbooks/workflow/setup/keyed-mcp-via-smithery-2026-06-27 Type: runbook Tags: mcp, smithery, secrets, runbook ### Install + bootstrap the umbrella workspace Umbrella workspace clone + bootstrap procedure URL: https://knowledge.oriz.in/runbooks/workflow/setup/install-and-bootstrap Type: runbook Tags: runbook, install, workspace, pnpm, submodule, bootstrap ### Bump a submodule pointer in master Bump master submodule pointer after feature lands URL: https://knowledge.oriz.in/runbooks/workflow/setup/bump-submodule-pointer Type: runbook Tags: runbook, git, submodule, workflow ### Scaffold a new chirag127 site Add new Astro site in <10 min: clone starter, edit config, deploy to CF Pages URL: https://knowledge.oriz.in/runbooks/workflow/setup/scaffold-a-new-site Type: runbook Tags: runbook, scaffold, astro, site, workspace ### Clean install — bootstrap the entire family on a fresh machine Clone + pnpm install boots full family in under 10 min URL: https://knowledge.oriz.in/runbooks/workflow/setup/clean-install Type: runbook Tags: runbook, install, bootstrap, pnpm, submodules ### Sync .env.example from master to every repo Add/remove/rename family-wide env var; sync from master to all submodules URL: https://knowledge.oriz.in/runbooks/workflow/setup/sync-env-example-to-all-repos Type: runbook Tags: runbook, env, dotenv, sync, submodules, master ### Upload MCP servers to Smithery toolbox `@chirag127/toolbox` Add MCP server to Smithery toolbox under @chirag127/toolbox endpoint URL: https://knowledge.oriz.in/runbooks/workflow/setup/upload-mcp-to-smithery-toolbox Type: runbook Tags: mcp, smithery, toolbox, runbook, single-source-of-truth ### Backup metadata to Backblaze B2 (weekly, single umbrella workflow) Weekly backup of repo metadata (issues/PRs/wiki/releases) to Backblaze B2 URL: https://knowledge.oriz.in/runbooks/security/backup/backup-metadata-to-b2 Type: runbook Tags: runbook, backup, backblaze-b2, metadata, github-migration-api, weekly-cron, restore-test ### Rotate a leaked secret Revoke, reissue, re-login, store via envpact, verify, audit leak URL: https://knowledge.oriz.in/runbooks/security/rotate/rotate-leaked-secret Type: runbook Tags: runbook, secrets, security, incident, envpact ### Set up the weekly restic → Backblaze B2 backup Weekly encrypted restic backup to Backblaze B2 via GH Actions URL: https://knowledge.oriz.in/runbooks/security/backup/restic-backup-setup Type: runbook Tags: runbook, backup, restic, backblaze, b2, github-actions, doppler ### Rotate Cloudflare + npm tokens, set as org-level GH secrets Rotate Cloudflare + npm tokens; store at chirag127 org level URL: https://knowledge.oriz.in/runbooks/security/credentials/rotate-cf-and-npm-tokens Type: runbook Tags: security, credentials, cloudflare, npm, github-actions ### Always search the web at least twice before any non-trivial decision Two independent web searches before recommending tool/hosting/library/API/architecture. No memory-only answers URL: https://knowledge.oriz.in/rules/agent/preferences/always-search-twice-before-deciding Type: rule Tags: research, web-search, decision-quality, agent-preferences, feedback ### Atomic packages — extract lazily on second use 2+ apps need same logic ? extract to @oriz/* or oriz-* package. Concern-atomic (3-5 exports, 100-300 LOC). Build only when forced URL: https://knowledge.oriz.in/rules/agent/preferences/atomic-packages-lazy Type: rule Tags: feedback, packaging, agent-preferences ### Credentials Index of concepts in runbooks/security/credentials. URL: https://knowledge.oriz.in/runbooks/security/credentials/index Type: index Tags: index, credentials ### Claude Code settings balance — speed × accuracy × cost (2026-06-29 pin) 12 settings.json picks from 2026-06-29 grill. Opus-default + always-thinking-floor + adaptive-on + 85% compact + agent-teams-on URL: https://knowledge.oriz.in/rules/agent/preferences/cc-settings-balance Type: rule Tags: claude-code, settings, balance, speed, accuracy, cost, preference ### Fork features ? also file upstream issues Feature patched in repos/frk/ ? file upstream issue requesting same. If merged, drop patch URL: https://knowledge.oriz.in/rules/agent/preferences/fork-features-also-as-upstream-issues Type: rule Tags: feedback, agent-preferences, forks, upstream ### Don't create .bak folders User rejected src.bak/ pattern. Git history = durable backup. Destructive edit? ASK FIRST URL: https://knowledge.oriz.in/rules/agent/preferences/dont-create-bak-folders Type: rule Tags: feedback, agent-preferences, destructive-edits ### Edit-mode preferences — tool choice + task tracking Edit > Write, batch parallel tool calls, task-list for 3+ steps, no .md deliverables URL: https://knowledge.oriz.in/rules/agent/preferences/edit-mode-prefs Type: rule Tags: edit-mode, tools, task-tracking, agent-behavior, feedback ### Don't recreate what already exists freely as open source Before forking/scaffolding/building: 2 web searches confirming no free OSS equivalent. If exists, use it URL: https://knowledge.oriz.in/rules/agent/preferences/dont-recreate-what-exists-freely Type: rule Tags: scope, build-gate, dont-duplicate, agent-preferences, feedback ### "Free for the developer" means services we consume, not license \"Free for developer\" = services we consume free (no card, no quotas). NOT code OSS URL: https://knowledge.oriz.in/rules/agent/preferences/free-for-developer-not-for-services Type: rule Tags: feedback, agent-preferences, licensing, no-card ### Lean by need, not count Build-gate applies to npm deps as features. No min/max dep count. Each dep justifies itself URL: https://knowledge.oriz.in/rules/agent/preferences/lean-by-need-not-count Type: rule Tags: feedback, agent-preferences, dependencies, build-gate ### GH org secrets, build-time inject Shared tokens flow from GH org-level Actions secrets into each repo CI, baked into Astro static output URL: https://knowledge.oriz.in/rules/agent/preferences/gh-org-secrets-build-time-inject Type: rule Tags: feedback, agent-preferences, secrets, ci, github-actions ### GitHub repo names are brand identity Prefer renaming local folder over renaming GitHub repo. GitHub repo names = brand identity URL: https://knowledge.oriz.in/rules/agent/preferences/github-repo-names-are-brand-identity Type: rule Tags: feedback, agent-preferences, naming, branding ### 4 options per MCQ (default) MCQs: exactly 4 ranked options (Recommended + 2nd choice + 2 others). Never 3 or 2 URL: https://knowledge.oriz.in/rules/agent/preferences/mcq-4-options-default Type: rule Tags: agent-behavior, preferences, mcq, askuserquestion ### Never recreate headroom-proxy container without checking entrypoint headroom-extras ENTRYPOINT already headroom. docker run CMD must start with proxy..., not headroom proxy... URL: https://knowledge.oriz.in/rules/agent/preferences/never-recreate-headroom-without-entrypoint-check Type: rule Tags: headroom, docker, agent-behavior, hard-rule, feedback, incident ### Proactive creative workarounds — don't just report blockers When a constraint blocks the ideal path, suggest a creative workaround before reporting the blocker. Blocked = opportunity to be creative. URL: https://knowledge.oriz.in/rules/agent/preferences/proactive-creative-workarounds Type: rule Tags: rules, agent, creativity, workarounds, preferences ### Direct commit to main on own repos; branches only for upstream contributions No feature branches on chirag127/* or chirag127/*. Commit to main. Branches only for upstream PRs URL: https://knowledge.oriz.in/rules/agent/preferences/no-branches-on-own-repos Type: rule Tags: git, workflow, branches, agent-preferences, feedback ### Repo slug `-npm-pkg` suffix for npm packages GitHub repo slugs for npm packages get -npm-pkg suffix even though npm name does not. 22 packages converged URL: https://knowledge.oriz.in/rules/agent/preferences/repo-slug-suffix-npm-pkg Type: rule Tags: feedback, agent-preferences, naming, npm, packaging ### Output style: terse + acronyms Agent output terse, uses acronyms freely (OKF, MCQ, MCP, LOC, CF, GH, PWA, SERP). Expand only if non-obvious URL: https://knowledge.oriz.in/rules/agent/preferences/output-style-terse-acronyms Type: rule Tags: agent-behavior, preferences, output-style, communication ### Scope-cut: only shipping survives Only shipping-content repos survive. In-progress/scaffold/will-build-someday archived. 33 repos cut URL: https://knowledge.oriz.in/rules/agent/preferences/scope-cut-only-shipping-survives Type: rule Tags: feedback, agent-preferences, fleet, scope-cut, build-gate ### Rules centralized at umbrella — no per-repo rules All rules + .env.example ONLY in umbrella. Submodules have NO own rules. Reverses earlier per-repo rule URL: https://knowledge.oriz.in/rules/agent/preferences/rules-centralized-at-umbrella-no-per-repo Type: rule Tags: feedback, agent-preferences, knowledge, fleet, env ### PWABuilder is primary PWA→native converter PWABuilder (Microsoft, free, CLI) = primary PWA→native converter. Tauri demoted to opt-in. iOS PWA-only URL: https://knowledge.oriz.in/rules/agent/preferences/pwabuilder-primary-converter Type: rule Tags: feedback, agent-preferences, pwa, distribution, native ### Spare forks with downstream forkers Bulk-deleting forks: spare forks others forked. Downstream fork = real user chose your fork as upstream URL: https://knowledge.oriz.in/rules/agent/preferences/spare-forks-with-downstream-forkers Type: rule Tags: feedback, agent-preferences, forks, github, housekeeping ### Storage decision needs explicit grill User voices DB/storage concern → grill on concern, not preemptively pick different stack URL: https://knowledge.oriz.in/rules/agent/preferences/storage-decision-needs-explicit-grill Type: rule Tags: feedback, agent-preferences, grill, decisions ### vsce: publish VS Code extensions to all marketplaces VS Code extensions ALWAYS publish to both VS Code Marketplace (vsce) + Open VSX (ovsx). Both tokens in .env URL: https://knowledge.oriz.in/rules/agent/preferences/vsce-publish-to-all-marketplaces Type: rule Tags: feedback, agent-preferences, vscode, distribution, publishing ### Ezoic Fallback ad provider — no minimum traffic URL: https://knowledge.oriz.in/services/business/ads/ezoic Type: service Tags: ads, monetisation, fallback ### Ad network services Ad networks. Both fallback — primary is AdSense at apex domain (see decisions). URL: https://knowledge.oriz.in/services/business/ads/index Type: index Tags: services, ads, index ### Mediavine Fallback ad provider — higher RPM, requires 50K sessions/month URL: https://knowledge.oriz.in/services/business/ads/mediavine Type: service Tags: ads, monetisation, fallback ### Giscus GitHub-Discussions-backed comments — free forever, no card URL: https://knowledge.oriz.in/services/business/comments/giscus Type: service Tags: comments, giscus, github-discussions, primary ### Cloudflare Cron Triggers In-Worker scheduled jobs — sub-second invocation, free unlimited URL: https://knowledge.oriz.in/services/business/cron/cloudflare-cron-triggers Type: service Tags: cron, cloudflare, workers, primary ### Comments services Blog comment systems used on long-form content sites (oriz-blog-site, oriz-book-lore-site). One pick — Giscus — with click-to-load privacy gating per the consent decision. App sites carry no comments. URL: https://knowledge.oriz.in/services/business/comments/index Type: index Tags: services, comments, index ### GitHub Actions schedule (cron) Build- and publish-shaped scheduled jobs on GitHub Actions — free for public repos URL: https://knowledge.oriz.in/services/business/cron/github-actions-schedule Type: service Tags: cron, github, actions, primary ### Cron services Two cron substrates with different jobs — Cloudflare Cron Triggers for in-Worker low-latency jobs, GitHub Actions schedule for build / publish jobs. URL: https://knowledge.oriz.in/services/business/cron/index Type: index Tags: services, cron, index ### Firebase App Check Bot defense layer for Firestore — required by all security rules URL: https://knowledge.oriz.in/services/business/auth/app-check-firebase Type: service Tags: firebase, security, primary ### Clerk Fallback auth — 10K MAU free URL: https://knowledge.oriz.in/services/business/auth/clerk Type: service Tags: auth, clerk, fallback ### Firebase Auth provider list 6 sign-in providers wired into family Firebase Auth project URL: https://knowledge.oriz.in/services/business/auth/firebase-auth Type: service Tags: auth, firebase, providers, primary ### Firebase Spark Auth + Firestore on free Spark plan — never upgraded to Blaze URL: https://knowledge.oriz.in/services/business/auth/firebase-spark Type: service Tags: firebase, auth, firestore, primary ### Auth + bot defense services User auth, bot defense, and account-management services for the oriz family. URL: https://knowledge.oriz.in/services/business/auth/index Type: index Tags: services, auth, index ### Microsoft sign-in (Firebase OAuth provider) Microsoft / Entra ID OAuth via Firebase Auth — free, unlimited, no card URL: https://knowledge.oriz.in/services/business/auth/microsoft-sign-in Type: service Tags: auth, microsoft, oauth, primary ### reCAPTCHA Enterprise Bot-defense assessments wired into Firebase App Check — 10K/mo free URL: https://knowledge.oriz.in/services/business/auth/recaptcha-enterprise Type: service Tags: security, captcha, google-cloud, audit-card ### Passkeys / WebAuthn Passwordless WebAuthn sign-in via Firebase Auth passkey integration URL: https://knowledge.oriz.in/services/business/auth/passkeys Type: service Tags: auth, passkeys, webauthn, passwordless, primary ### Supabase Fallback Auth + Postgres — 500 MB DB free URL: https://knowledge.oriz.in/services/business/auth/supabase Type: service Tags: auth, database, supabase, fallback ### Cloudflare Workers AI Native AI inference inside Hono Worker — 10K neurons/day free, zero-egress URL: https://knowledge.oriz.in/services/business/ai/cloudflare-workers-ai Type: service Tags: ai, cloudflare, workers, inference, server-side, primary ### AI services Two-surface AI stack: Puter.js for browser-side calls (user-pays), Cloudflare Workers AI for server-side calls inside the Hono Worker (zero-egress, 10K neurons/day). Different surfaces, different reasons. URL: https://knowledge.oriz.in/services/business/ai/index Type: index Tags: services, ai, index ### OpenRouter LLM API gateway — rejected; Puter.js mirrors its model IDs URL: https://knowledge.oriz.in/services/business/ai/openrouter Type: service Tags: ai, llm, gateway, rejected ### Puter.js Browser-side AI inference — user-pays, free unlimited from our side URL: https://knowledge.oriz.in/services/business/ai/puter-js Type: service Tags: ai, llm, browser, primary ### Alpha Vantage Free finance/market-data API — 25 req/day, no card, API key via free signup URL: https://knowledge.oriz.in/services/business/data-api/alpha-vantage Type: service Tags: services, data-api, finance, stocks, forex, crypto, alpha-vantage, primary ### Data APIs (weather + finance) Locked external data APIs the family uses for non-first-party data. Open-Meteo for weather, Alpha Vantage for finance. Geocoding deferred (no current need). All free, no card. URL: https://knowledge.oriz.in/services/business/data-api/index Type: index Tags: services, data-api, weather, finance, geocoding, index ### Buttondown Developer-friendly newsletter — Markdown-native, API-first, 100 subs free URL: https://knowledge.oriz.in/services/business/email/buttondown Type: service Tags: email, newsletter, technical, markdown, primary ### EmailOctopus Marketing email + newsletter — 2.5K subs / 10K emails/mo free URL: https://knowledge.oriz.in/services/business/email/email-octopus Type: service Tags: email, newsletter, marketing, primary ### Open-Meteo Free unlimited weather API — no auth, no API key, no card URL: https://knowledge.oriz.in/services/business/data-api/open-meteo Type: service Tags: services, data-api, weather, open-meteo, primary ### Chrome Web Store Browser-extension distribution channel — $5 one-time dev fee, CI auto-publish URL: https://knowledge.oriz.in/services/business/extension-store/chrome-web-store Type: service Tags: services, extension-store, chrome, distribution, primary ### MailerLite Fallback marketing email / newsletter — 1K subs free URL: https://knowledge.oriz.in/services/business/email/mailerlite Type: service Tags: email, newsletter, fallback ### Email services Three distinct email roles: transactional (Resend), marketing newsletter (EmailOctopus), technical newsletter (Buttondown). URL: https://knowledge.oriz.in/services/business/email/index Type: index Tags: services, email, index ### Resend Transactional email API — 3K/mo free, behind @chirag127/email-send URL: https://knowledge.oriz.in/services/business/email/resend Type: service Tags: email, transactional, primary ### Visual Studio Code Marketplace Microsoft official VS Code extension marketplace — free unlimited, no dev fee URL: https://knowledge.oriz.in/services/business/extension-store/vs-code-marketplace Type: service Tags: services, extension-store, vscode, microsoft, distribution, primary ### Microsoft Edge Add-ons Microsoft add-on store via Partner Center — free unlimited, no dev fee URL: https://knowledge.oriz.in/services/business/extension-store/edge-add-ons Type: service Tags: services, extension-store, edge, microsoft, distribution, primary ### Firefox Add-ons (AMO) Mozilla add-on store — free unlimited submissions, no reg fee, CI via web-ext + AMO URL: https://knowledge.oriz.in/services/business/extension-store/firefox-add-ons Type: service Tags: services, extension-store, firefox, mozilla, distribution, primary ### Open VSX Registry Eclipse Foundation's vendor-neutral VS Code extension registry — free OSS, no card URL: https://knowledge.oriz.in/services/business/extension-store/open-vsx-registry Type: service Tags: services, extension-store, vscodium, cursor, theia, eclipse, distribution, primary ### Extension store services Five distribution channels for the family's browser and editor extensions. Browser extensions trio: Chrome / Firefox / Edge. VS Code dual: VS Code Marketplace + Open VSX. JetBrains walked back. URL: https://knowledge.oriz.in/services/business/extension-store/index Type: index Tags: services, extension-store, index ### Formspree Fallback contact-form backend — 50 submissions/month free URL: https://knowledge.oriz.in/services/business/forms/formspree Type: service Tags: forms, contact, fallback ### Tally.so Rich form builder — surveys, waitlists, payment collection, unlimited free URL: https://knowledge.oriz.in/services/business/forms/tally Type: service Tags: forms, surveys, waitlist, primary ### Form services Form submission backends used by the family. URL: https://knowledge.oriz.in/services/business/forms/index Type: index Tags: services, forms, index ### Static Forms Form-submission backend — fallback to Web3Forms, free unlimited, no card URL: https://knowledge.oriz.in/services/business/forms/static-forms Type: service Tags: forms, contact, fallback ### Web3Forms Browser-only contact form backend — domain-bound key, no server, free unlimited URL: https://knowledge.oriz.in/services/business/forms/web3forms Type: service Tags: forms, contact, primary ### Family privacy page (oriz.in/privacy) Self-built family privacy page at oriz.in/privacy — canonical URL all sites reference URL: https://knowledge.oriz.in/services/business/legal/privacy-page Type: service Tags: legal, privacy, compliance, oriz-in, primary ### i18n / translation services Translation-management services for the day the family picks up a non-English audience. Today: English-only, no service active in the hot path. URL: https://knowledge.oriz.in/services/business/i18n/index Type: index Tags: services, i18n, localization, index ### Tolgee REJECTED — i18n deferred, English-only family URL: https://knowledge.oriz.in/services/business/i18n/tolgee Type: service Tags: i18n, localization, rejected ### Legal services Self-hosted legal pages — currently the family-wide privacy policy on oriz.in. No third-party legal-doc tool; everything is self-built static content. URL: https://knowledge.oriz.in/services/business/legal/index Type: index Tags: services, legal, index ### Buy Me a Coffee Creator donations — 5% fee, no subscription, alongside Ko-fi URL: https://knowledge.oriz.in/services/business/payment/buymeacoffee Type: service Tags: donations, buymeacoffee, creator ### Weblate — Hosted Libre Translation management — free for OSS, picked for future i18n URL: https://knowledge.oriz.in/services/business/i18n/weblate-hosted-libre Type: service Tags: i18n, localization, translation, weblate, when-ready ### Crypto addresses (BTC / ETH / USDC) Crypto wallet addresses for tips — no KYC, tax-reportable URL: https://knowledge.oriz.in/services/business/payment/crypto-bitcoinaddr Type: service Tags: donations, crypto, bitcoin, ethereum, usdc, fallback ### GitHub Sponsors GitHub-native developer donations — zero platform fees URL: https://knowledge.oriz.in/services/business/payment/github-sponsors Type: service Tags: donations, github-sponsors, developer ### Payment services Every payment rail the family supports — geo-routed checkout, license-key fulfilment, OSS-friendly checkout, and nine donation channels on /support. URL: https://knowledge.oriz.in/services/business/payment/index Type: index Tags: services, payment, index ### Ko-fi Creator donations — 0% platform fee, PayPal/Stripe payout URL: https://knowledge.oriz.in/services/business/payment/ko-fi Type: service Tags: donations, ko-fi, creator ### Lemon Squeezy MoR checkout for non-Indian buyers — auto VAT/GST, card + Apple Pay URL: https://knowledge.oriz.in/services/business/payment/lemon-squeezy Type: service Tags: billing, lemon-squeezy, mor, international, fallback ### Liberapay Recurring-donation-only — 0% fee, OSS, no card URL: https://knowledge.oriz.in/services/business/payment/liberapay Type: service Tags: donations, liberapay, recurring, oss ### keygen.sh License-key fulfilment — validates keys for extensions + SDKs URL: https://knowledge.oriz.in/services/business/payment/keygen-sh Type: service Tags: billing, keygen, licensing, fulfilment ### PayPal.me Personal PayPal payment link — F&F free, G&S fee URL: https://knowledge.oriz.in/services/business/payment/paypal-me Type: service Tags: donations, paypal, p2p, payout ### Polar.sh OSS-friendly MoR checkout — digital products + subscriptions, lower fees than LS URL: https://knowledge.oriz.in/services/business/payment/polar-sh Type: service Tags: billing, polar, oss, mor, donations, checkout ### UPI Direct (static QR) Static UPI QR for India inbound — zero fees, instant settlement URL: https://knowledge.oriz.in/services/business/payment/upi-direct Type: service Tags: donations, upi, india, p2p ### Productivity services Personal-productivity services for the user — Wakatime is the sole time-tracking pick (auto via IDE plugin). Toggl Track was considered + rejected on 2026-06-20 because manual timers violate the auto-only-tracking rule. URL: https://knowledge.oriz.in/services/business/productivity/index Type: index Tags: services, productivity, time-tracking, wakatime, toggl-rejected, index ### Open Collective Transparent fund accounting for OSS — public transactions, fiscal-host model URL: https://knowledge.oriz.in/services/business/payment/opencollective Type: service Tags: donations, opencollective, transparent, oss, fiscal-host ### Wakatime Free auto-tracking via IDE plugin — sole pick, auto-only, 2-week history URL: https://knowledge.oriz.in/services/business/productivity/wakatime Type: service Tags: services, productivity, time-tracking, wakatime, auto, ide-plugin, recruiter-facing, primary, sole-pick ### Razorpay India-first subscription provider — UPI, cards, netbanking, webhook-driven URL: https://knowledge.oriz.in/services/business/payment/razorpay Type: service Tags: billing, razorpay, primary, india ### Toggl Track (REJECTED) REJECTED — manual tracking violates auto-only rule, kept for audit URL: https://knowledge.oriz.in/services/business/productivity/toggl-track Type: service Tags: services, productivity, time-tracking, toggl, manual, rejected ### Firebase Cloud Messaging (FCM) Web push transport — free unlimited on Spark, Knock on top for multi-channel URL: https://knowledge.oriz.in/services/business/push/fcm Type: service Tags: push, fcm, firebase, web-push, primary ### Push + notifications services Web push transport (FCM) + multi-channel notification orchestration (Knock). Together they cover every notification surface across the family. URL: https://knowledge.oriz.in/services/business/push/index Type: index Tags: services, push, notifications, index ### Knock Multi-channel notification orchestration — 10K notifs/mo free, on top of FCM URL: https://knowledge.oriz.in/services/business/push/knock Type: service Tags: notifications, multi-channel, knock, primary ### GitHub Secrets Runtime secret store for GH Actions — written by Doppler, free unlimited URL: https://knowledge.oriz.in/services/business/secrets/github-secrets Type: service Tags: secrets, github, ci, primary ### Doppler Single source of truth for secrets — syncs to GH, CF, Firebase, local URL: https://knowledge.oriz.in/services/business/secrets/doppler Type: service Tags: secrets, doppler, sync, primary ### @vite-pwa/astro Astro-native PWA — manifest + SW + offline cache at build URL: https://knowledge.oriz.in/services/business/pwa/vite-pwa-astro Type: service Tags: services, pwa, astro, vite, primary ### PWA services Every site in the family ships as an installable Progressive Web App via @vite-pwa/astro. Native wrappers (Capacitor, Tauri) walked back. URL: https://knowledge.oriz.in/services/business/pwa/index Type: index Tags: services, pwa, index ### SOPS + Age Secrets Encryption Primary file-based secrets encryption — age keys + SOPS, CNCF URL: https://knowledge.oriz.in/services/business/secrets/sops-age Type: service Tags: secrets, encryption, sops, age, security, gitops ### Secrets management services Doppler is the single source of truth; GitHub Secrets / Cloudflare / Firebase config are runtime mirrors synced from it. URL: https://knowledge.oriz.in/services/business/secrets/index Type: index Tags: services, secrets, index ### Cloudflare Worker short-link (s.oriz.in) Self-hosted URL shortener at s.oriz.in — 100k req/day free URL: https://knowledge.oriz.in/services/business/short-link/cloudflare-worker Type: service Tags: short-link, cloudflare, worker, oriz-omnipost, primary ### GitHub Gist redirect (HTML meta-refresh) Zero-infra URL redirect via GitHub gist — tier 3 fallback, survives CF outage URL: https://knowledge.oriz.in/services/business/short-link/github-gist-redirect Type: service Tags: short-link, github, gist, meta-refresh, zero-infra, fallback, immutable ### Short-link services URL shorteners used by the oriz family. Primary use case: oriz-omnipost cross-posts to platforms that truncate long content. URL: https://knowledge.oriz.in/services/business/short-link/index Type: index Tags: services, short-link, index ### TinyURL Free, unlimited, no-auth URL shortener — tier 2 fallback URL: https://knowledge.oriz.in/services/business/short-link/tinyurl Type: service Tags: short-link, tinyurl, fallback, free, no-auth ### ActivityPub federation mirror Mirrors lifestream to ActivityPub fediverse — Mastodon, Pleroma, etc URL: https://knowledge.oriz.in/services/business/social/activitypub Type: service Tags: social, lifestream, activitypub, fediverse, mastodon, federation, mirror, primary ### AT Protocol firehose mirror (Bluesky) Mirrors lifestream to AT Protocol — Bluesky PDS URL: https://knowledge.oriz.in/services/business/social/atproto-firehose Type: service Tags: social, lifestream, atproto, bluesky, federation, mirror, primary ### Social services Tools for the social-distribution layer — og:images, share-card generators, social previews, and federation mirrors of the canonical lifestream. URL: https://knowledge.oriz.in/services/business/social/index Type: index Tags: services, social, federation, lifestream, index ### Ray.so Code screenshot PNGs for OG cards — free, OSS URL: https://knowledge.oriz.in/services/business/social/ray-so Type: service Tags: code-screenshot, social, og-image, primary ### Raindrop.io Bookmarking SaaS — source of truth for linkroll, free unlimited bookmarks URL: https://knowledge.oriz.in/services/business/social/raindrop-io Type: service Tags: social, bookmarks, linkroll, raindrop, primary ### Axiom Log management — 0.5 TB ingest, 30-day retention free URL: https://knowledge.oriz.in/services/business/tooling/axiom Type: service Tags: logs, observability, primary ### Satori on Cloudflare Worker (`api.oriz.in/og`) Self-built OG card generator via Satori + CF Worker — free unlimited URL: https://knowledge.oriz.in/services/business/social/satori-og-cards Type: service Tags: og-image, satori, cloudflare-workers, social, primary ### Azure for Students Available — free Azure credits via student program, no card URL: https://knowledge.oriz.in/services/business/tooling/azure-for-students Type: service Tags: cloud, azure, student, conditional ### Cloudinary Image CDN fallback — 25 monthly credits free URL: https://knowledge.oriz.in/services/business/tooling/cloudinary Type: service Tags: images, cdn, fallback ### Hypertune Type-safe feature flags + A/B testing + typed config, Git-style version control URL: https://knowledge.oriz.in/services/business/tooling/hypertune Type: service Tags: feature-flags, ab-testing, config, primary ### Broken / unreliable MCP servers — skip list MCP servers that failed during 2026-06-28 testing; skip list, re-evaluate quarterly URL: https://knowledge.oriz.in/services/business/tooling/broken-mcp-servers-2026-06-28 Type: reference Tags: mcp, blocklist, web-tools, reference, services ### Easy free-tier services — only the ones that work for chirag127/oriz* without applications, without cards SSoT catalog of free-tier services: public repos, no card, commercial use OK URL: https://knowledge.oriz.in/services/business/tooling/easy-free-tier Type: services Tags: services, catalog, free-tier, easy, no-application, no-card, commercial-use-ok ### Hookdeck Webhook reliability — queues + retries + replay, 100K req/mo free URL: https://knowledge.oriz.in/services/business/tooling/hookdeck Type: service Tags: services, webhooks, payment, reliability, tooling ### ImageKit Image CDN + transforms — 20 GB bandwidth/mo free URL: https://knowledge.oriz.in/services/business/tooling/imagekit Type: service Tags: images, cdn, primary ### envpact Secrets vault — chirag127's tool, primary store for cross-site secrets URL: https://knowledge.oriz.in/services/business/tooling/envpact Type: service Tags: secrets, envpact, primary ### Tooling / utility services Cross-cutting utility services — secrets, image CDN, logs, feature flags, webhook reliability, free credits. URL: https://knowledge.oriz.in/services/business/tooling/index Type: index Tags: services, tooling, index ### Macrium Reflect Free discontinued Jan 2024 Macrium Reflect Free discontinued Jan 2024; alternatives listed URL: https://knowledge.oriz.in/services/business/tooling/macrium-reflect-free-discontinued Type: service Tags: backup, windows, disk-image, reference ### age — modern file encryption (X25519 + ChaCha20-Poly1305) Modern file encryption (X25519+ChaCha20-Poly1305) — SOPS master-key backend, single key file URL: https://knowledge.oriz.in/services/business/security/age Type: service Tags: service, security, encryption, age, sops-backend ### No-card-on-file rule veto history Services killed by no-card-on-file rule — running list URL: https://knowledge.oriz.in/services/business/tooling/no-card-rule-veto-history Type: service Tags: no-card, reference, history ### Read the Docs SDK + API reference docs — versioned, searchable, free for OSS URL: https://knowledge.oriz.in/services/business/tooling/readthedocs Type: service Tags: docs, sdk, hosting, primary ### Cloudflare _headers (security headers) Static security-headers via CF Pages `_headers` — ships in oriz-kit URL: https://knowledge.oriz.in/services/business/security/cloudflare-headers Type: service Tags: security, headers, csp, hsts, cloudflare, primary ### Open Knowledge Format (OKF) Vendor-neutral spec for representing knowledge as Markdown + YAML frontmatter URL: https://knowledge.oriz.in/services/business/tooling/open-knowledge-format Type: service Tags: okf, standard, knowledge, google-cloud, format ### Cloudflare Turnstile Privacy-friendly CAPTCHA — free unlimited, CF-native, primary captcha URL: https://knowledge.oriz.in/services/business/security/cloudflare-turnstile Type: service Tags: security, captcha, cloudflare, turnstile, privacy, primary ### Cloudflare WAF + Bot Fight Mode Edge WAF + Bot Fight Mode — included in CF free plan, no card URL: https://knowledge.oriz.in/services/business/security/cloudflare-waf Type: service Tags: security, waf, anti-bot, cloudflare, primary ### hCaptcha Regional CAPTCHA fallback — 1M verifications/mo free, Turnstile backup URL: https://knowledge.oriz.in/services/business/security/hcaptcha Type: service Tags: security, captcha, hcaptcha, fallback ### Security services Static security-header config (Cloudflare _headers) plus two complementary CI auditors (securityheaders.com + Mozilla Observatory) plus a two-provider captcha pair (Turnstile + hCaptcha). URL: https://knowledge.oriz.in/services/business/security/index Type: index Tags: services, security, headers, audit, captcha, index ### Klaro OSS consent manager — lazy-loaded for EU/UK visitors, hosted on jsDelivr URL: https://knowledge.oriz.in/services/business/security/klaro Type: service Tags: security, consent, cookie-banner, klaro, oss, privacy, gdpr ### Mozilla Observatory Comprehensive security auditor — headers + TLS + cookies + redirects, run in CI URL: https://knowledge.oriz.in/services/business/security/mozilla-observatory Type: service Tags: security, audit, mozilla, ci, primary ### Hono rate-limit middleware (per-IP, sliding window via KV) Custom per-IP rate-limit via Hono + KV — fine-grained per-route throttling URL: https://knowledge.oriz.in/services/business/security/hono-rate-limit Type: service Tags: security, anti-bot, rate-limit, hono, cloudflare-workers, kv, primary ### securityheaders.com External security-header auditor — CI run on every PR, fails below A URL: https://knowledge.oriz.in/services/business/security/securityheaders-com Type: service Tags: security, audit, headers, ci, primary ### CodePen CSS-heavy front-end demos embedded as pens — free unlimited, no card URL: https://knowledge.oriz.in/services/code/code-embed/codepen Type: service Tags: code-playground, embed, css, primary ### SOPS — Secrets OPerationS (getsops/sops, CNCF Sandbox) Git-native secrets encryption — encrypts values in structured files, keeps structure visible, CNCF URL: https://knowledge.oriz.in/services/business/security/sops Type: service Tags: service, security, secrets, sops, encryption, cncf ### StackBlitz Full-stack browser sandboxes embedded as iframes — free unlimited public projects URL: https://knowledge.oriz.in/services/code/code-embed/stackblitz Type: service Tags: code-playground, embed, fullstack, primary ### GitHub Gists Static code snippets embedded via script — free unlimited public gists URL: https://knowledge.oriz.in/services/code/code-embed/github-gists Type: service Tags: code-snippet, embed, static, primary ### Code embed services Code playgrounds and snippet hosts embedded in oriz-blog-site posts. Three-tier picks: full-stack, CSS-heavy, static. URL: https://knowledge.oriz.in/services/code/code-embed/index Type: index Tags: services, code-embed, index ### Code Climate Quality Maintainability scoring with A-F grades per file; free for public repos URL: https://knowledge.oriz.in/services/code/code-quality/codeclimate Type: service Tags: services, code-quality, maintainability, technical-debt ### CodeRabbit AI code review per PR — free forever for OSS/public repos URL: https://knowledge.oriz.in/services/code/code-quality/coderabbit Type: service Tags: services, code-quality, ai, reviews ### Codecov Coverage tracking per PR — uploads LCOV from Vitest, free for public repos URL: https://knowledge.oriz.in/services/code/code-quality/codecov Type: service Tags: services, code-quality, coverage, testing ### Lines of Code badge (GitHub Action) Auto-generated LoC badge in README via GitHub Action — free OSS URL: https://knowledge.oriz.in/services/code/code-quality/lines-of-code-badge Type: service Tags: services, code-quality, code-stats, badge, readme, github-actions, auto-tracking ### Code quality + code stats services The 9-tool stack that keeps every oriz repo's code healthy AND auto-tracks every available metric. All free for OSS / public repos. URL: https://knowledge.oriz.in/services/code/code-quality/index Type: index Tags: services, code-quality, code-stats, index ### DeepSource Static analysis with autofix — JS/TS/Python/Go, free unlimited for public repos URL: https://knowledge.oriz.in/services/code/code-quality/deepsource Type: service Tags: services, code-quality, static-analysis, autofix ### Dependabot Automated dependency security updates — GitHub-native, free for all repos URL: https://knowledge.oriz.in/services/code/code-quality/dependabot Type: service Tags: services, code-quality, security, dependencies ### NPM publish via .env token (bypass 2FA) NPM_TOKEN from .env bypasses 2FA for unattended npm publish URL: https://knowledge.oriz.in/services/code/code-quality/npm-publish-via-env-token Type: service Tags: npm, publish, secrets, reference ### GitHub Insights Native repo insights — contributors, commits, code frequency, dependents, traffic URL: https://knowledge.oriz.in/services/code/code-quality/github-insights Type: service Tags: services, code-quality, code-stats, github, native, auto-tracking ### Sonarcloud Deeper static analysis — SAST, code smells, duplication, complexity, coverage; free for OSS URL: https://knowledge.oriz.in/services/code/code-quality/sonarcloud Type: service Tags: services, code-quality, sast, static-analysis ### Tokei Rust CLI for per-language line counts; runs in CI, outputs JSON to /stats page URL: https://knowledge.oriz.in/services/code/code-quality/tokei Type: service Tags: services, code-quality, code-stats, line-count, rust, oss, auto-tracking ### Chromatic Visual regression diff on Storybook snapshots — 5K snapshots/mo free URL: https://knowledge.oriz.in/services/code/testing/chromatic Type: service Tags: testing, visual-regression, chromatic, storybook, ci, primary ### MSW (Mock Service Worker) In-process API mocking for browser + Node — SW in browser, interceptor in tests URL: https://knowledge.oriz.in/services/code/testing/msw Type: service Tags: testing, api-mock, msw, in-process, primary ### Testing services Three-layer testing stack — Vitest (unit) + Playwright (E2E) + Storybook+Chromatic (visual regression). API mocks via MSW (in-process) + Mockoon (out-of-process). All free, no card. URL: https://knowledge.oriz.in/services/code/testing/index Type: index Tags: services, testing, vitest, playwright, storybook, chromatic, msw, mockoon, ci, index ### Mockoon Out-of-process API mock — OSS desktop + CLI, real HTTP server on localhost URL: https://knowledge.oriz.in/services/code/testing/mockoon Type: service Tags: testing, api-mock, mockoon, out-of-process, e2e, primary ### Playwright Cross-browser E2E test runner — Chromium + WebKit + Firefox, free OSS URL: https://knowledge.oriz.in/services/code/testing/playwright Type: service Tags: testing, e2e, playwright, ci, primary ### Storybook Isolated component sandbox + interactive docs — source of Chromatic snapshots URL: https://knowledge.oriz.in/services/code/testing/storybook Type: service Tags: testing, component, storybook, ci, primary ### Vitest Vite-native unit + integration test runner — free, OSS, fast URL: https://knowledge.oriz.in/services/code/testing/vitest Type: service Tags: testing, unit, vitest, vite, ci, primary ### Algolia Hosted search for large-corpus sites — 1M docs + 10K searches/mo free URL: https://knowledge.oriz.in/services/data/search/algolia Type: service Tags: search, hosted, large-corpus, primary ### Pagefind Static-site search — build-time, tiny client, zero infra URL: https://knowledge.oriz.in/services/data/search/pagefind Type: service Tags: search, static, primary ### Search services On-site search. Algolia for big-corpus sites, Pagefind for small/static sites. URL: https://knowledge.oriz.in/services/data/search/index Type: index Tags: services, search, index ### Orama Cloud Deferred — in-browser vector + keyword search, revisit if needed URL: https://knowledge.oriz.in/services/data/search/orama-cloud Type: service Tags: search, orama, vector, hybrid, deferred, future ### Backblaze B2 REJECTED — excluded by user policy URL: https://knowledge.oriz.in/services/data/storage/backblaze-b2 Type: service Tags: storage, rejected ### Cloudflare R2 REJECTED — card-on-file on Workers Paid plan, replaced by B2 + GH Releases URL: https://knowledge.oriz.in/services/data/storage/cloudflare-r2 Type: service Tags: storage, cloudflare, r2, rejected ### restic Encrypted, deduplicating backup CLI — weekly GH Actions cron to B2 URL: https://knowledge.oriz.in/services/data/storage/restic Type: service Tags: storage, backup, restic, oss, encryption, deduplication, primary ### GitHub Releases Versioned-binary storage — unlimited releases, 2 GB/asset, free URL: https://knowledge.oriz.in/services/data/storage/github-releases Type: service Tags: storage, github, releases, binary, primary ### Object storage services Two-way split — GitHub Releases for versioned binaries, Backblaze B2 for unversioned blobs. Cloudflare R2 rejected. URL: https://knowledge.oriz.in/services/data/storage/index Type: index Tags: services, storage, index ### Cloudflare Queues Primary durable queue — native to Workers, 1M ops/mo free URL: https://knowledge.oriz.in/services/data/queue/cloudflare-queues Type: service Tags: queue, cloudflare, workers, primary ### Hookdeck (webhook ingress) Webhook-ingress reliability for CF Queues — 50K events/mo free URL: https://knowledge.oriz.in/services/data/queue/hookdeck Type: service Tags: services, queue, webhook-ingress, hookdeck, primary ### Inngest Deferred queue alternative — durable workflows, held in reserve URL: https://knowledge.oriz.in/services/data/queue/inngest Type: service Tags: queue, inngest, durable-functions, deferred ### Upstash QStash Deferred queue alternative — 500 msg/day free, held in reserve URL: https://knowledge.oriz.in/services/data/queue/upstash-qstash Type: service Tags: queue, upstash, qstash, deferred ### Database services The 4-tier database stack — Firestore (documents) + Turso libSQL (warm cache) + JSONL canonical (in oriz-me-data) + Neon Postgres (relational). Picked by data shape, not by vendor preference. URL: https://knowledge.oriz.in/services/data/database/index Type: index Tags: services, database, index ### Turso (libSQL) Read-only warm cache for lifestream events — edge replicas, free tier URL: https://knowledge.oriz.in/services/data/database/turso Type: service Tags: database, turso, libsql, cache ### Neon Postgres Serverless Postgres — free tier, no card, scale-to-zero, branching for previews URL: https://knowledge.oriz.in/services/data/database/neon-postgres Type: service Tags: database, postgres, relational, neon, serverless, primary ### CDN services Public package CDNs used for browser-side delivery of family npm packages. URL: https://knowledge.oriz.in/services/infra/cdn/index Type: index Tags: services, cdn, index ### Queue services Durable message queue + webhook ingress reliability. Cloudflare Queues primary (fan-out); Hookdeck primary (webhook ingress); Upstash QStash + Inngest documented as deferred alternatives. Trigger.dev walked back. URL: https://knowledge.oriz.in/services/data/queue/index Type: index Tags: services, queue, index ### jsDelivr npm + GitHub package CDN — free, unlimited, no card URL: https://knowledge.oriz.in/services/infra/cdn/jsdelivr Type: service Tags: cdn, npm, package-delivery, primary ### Cloudflare R2 S3-compatible object storage — no egress fees, 10 GB free URL: https://knowledge.oriz.in/services/infra/compute/cloudflare-r2 Type: service Tags: cloudflare, storage, r2 ### Cloudflare Workers Edge compute for Hono Worker at api.oriz.in — fails-closed at free quota URL: https://knowledge.oriz.in/services/infra/compute/cloudflare-workers Type: service Tags: cloudflare, edge-compute, primary ### GitHub Actions Build-time cron + CI runner — free for public repos URL: https://knowledge.oriz.in/services/infra/compute/github-actions Type: service Tags: github, ci, cron, primary ### Compute services Edge compute, object storage, and build-time cron services. URL: https://knowledge.oriz.in/services/infra/compute/index Type: index Tags: services, compute, index ### Cloudflare Registrar Domain registrar at wholesale cost — no markup, free WHOIS privacy URL: https://knowledge.oriz.in/services/infra/domain/cloudflare-registrar Type: service Tags: domain, cloudflare, primary ### Cloudflare DNS DNS host for oriz.in and all subdomains — free, fast, same dashboard URL: https://knowledge.oriz.in/services/infra/domain/cloudflare-dns Type: service Tags: dns, cloudflare, primary ### Cloudflare Email Routing Free email forwarder — *@oriz.in and extension subdomains into Gmail URL: https://knowledge.oriz.in/services/infra/domain/cloudflare-email-routing Type: service Tags: email, forwarding, cloudflare, primary ### Domain services DNS hosting and domain registrar — both Cloudflare. URL: https://knowledge.oriz.in/services/infra/domain/index Type: index Tags: services, domain, index ### Spaceship (registrar) Existing domain registrar; NS delegated to Cloudflare DNS, email via Cloudflare Routing URL: https://knowledge.oriz.in/services/infra/domain/spaceship Type: service Tags: domain, spaceship, registrar, primary ### Azure DevOps Repos — push-mirror target for chirag127 + chirag127 Git mirror host #5 — unlimited private repos, 5 free users, push via GH Actions URL: https://knowledge.oriz.in/services/infra/hosting/azure-devops-mirror Type: service Tags: service, git-host, mirror, backup, azure-devops, microsoft, free-tier ### Cloudflare Pages Primary static host for all oriz sites — unlimited bandwidth, free forever URL: https://knowledge.oriz.in/services/infra/hosting/cloudflare-pages Type: service Tags: hosting, cloudflare, primary ### Bitbucket Cloud — push-mirror target for chirag127 + chirag127 Git mirror host #3 — unlimited private repos, 1 GB storage, push via GH Actions URL: https://knowledge.oriz.in/services/infra/hosting/bitbucket-mirror Type: service Tags: service, git-host, mirror, backup, bitbucket, atlassian, free-tier ### Codeberg.org — push-mirror target for chirag127 + chirag127 FOSS non-profit git mirror #2 — push-mirror via GH Actions, 750 MiB soft cap URL: https://knowledge.oriz.in/services/infra/hosting/codeberg-mirror Type: service Tags: service, git-host, mirror, backup, codeberg, forgejo, free-tier, foss ### Firebase Hosting REJECTED — Spark 360 MB/day shared cap too tight URL: https://knowledge.oriz.in/services/infra/hosting/firebase-hosting Type: service Tags: hosting, firebase, rejected ### GitHub Pages Survival fallback static host — every oriz site mirrors to it URL: https://knowledge.oriz.in/services/infra/hosting/github-pages Type: service Tags: hosting, github, fallback ### GitGud.io — mirror host #7 GitLab+Sapphire mirror #7 — unlimited free repos, CI/CD, no card URL: https://knowledge.oriz.in/services/infra/hosting/gitgud-mirror Type: service Tags: service, hosting, mirror, gitgud, gitlab, sapphire, free ### GitFlic.ru — push-mirror + built-in pull-mirror for oriz repos Russian-hosted git mirror #4 — daily pull-mirror built-in, geopolitical risk URL: https://knowledge.oriz.in/services/infra/hosting/gitflic-mirror Type: service Tags: service, git-host, mirror, backup, gitflic, russia, free-tier ### GitLab.com — push-mirror target for chirag127 + chirag127 Mirror host #1 — push-mirror via GH Actions, unlimited repos, 10 GiB/project URL: https://knowledge.oriz.in/services/infra/hosting/gitlab-mirror Type: service Tags: service, git-host, mirror, backup, gitlab, free-tier ### Netlify Fallback static host — free starter tier URL: https://knowledge.oriz.in/services/infra/hosting/netlify Type: service Tags: hosting, netlify, fallback ### NotABug.org — mirror host #6 Gogs-based mirror #6 — free git hosting, no signup wall, no card URL: https://knowledge.oriz.in/services/infra/hosting/notabug-mirror Type: service Tags: service, hosting, mirror, notabug, gogs, free ### Hosting services Static hosting providers used (or considered) by the oriz family. URL: https://knowledge.oriz.in/services/infra/hosting/index Type: index Tags: services, hosting, index ### Radicle — mirror host #7 (P2P) P2P git mirror #7 — push via `rad` CLI, no self-hosted node needed URL: https://knowledge.oriz.in/services/infra/hosting/radicle-mirror Type: service Tags: service, hosting, mirror, radicle, p2p, free ### Cloudflare Images Primary image CDN — first in 3-tier fallback, bundled with CF Pages URL: https://knowledge.oriz.in/services/media/image-cdn/cloudflare-images Type: service Tags: images, cdn, cloudflare, primary ### RocketGit.com — mirror host #8 Niche git mirror #8 — unlimited free repos, no API, web UI setup URL: https://knowledge.oriz.in/services/infra/hosting/rocketgit-mirror Type: service Tags: service, hosting, mirror, rocketgit, free ### ImageKit Final image CDN fallback — 20 GB/mo + DAM, no card URL: https://knowledge.oriz.in/services/media/image-cdn/imagekit Type: service Tags: images, cdn, dam, fallback ### Vercel Fallback static host — free hobby tier URL: https://knowledge.oriz.in/services/infra/hosting/vercel Type: service Tags: hosting, vercel, fallback ### Image CDN services 3-tier fallback chain for image delivery: Cloudflare Images → wsrv.nl → ImageKit. URL: https://knowledge.oriz.in/services/media/image-cdn/index Type: index Tags: services, image-cdn, index ### wsrv.nl Public URL-transform image proxy — second in 3-tier fallback, no signup URL: https://knowledge.oriz.in/services/media/image-cdn/wsrv-nl Type: service Tags: images, cdn, proxy, fallback ### Cloudflare Tunnel (cloudflared) Free Cloudflare-native local-to-public tunnel for webhook testing — no card, no quota URL: https://knowledge.oriz.in/services/infra/dev-tools/cloudflare-tunnel Type: service Tags: services, dev-tools, tunnel, cloudflare, webhook-testing, primary ### cavemem — cross-agent persistent memory daemon SQLite-backed memory daemon with FTS + local-embedding semantic search. Wired into Claude Code via SessionStart/UserPromptSubmit/PostToolUse/Stop/SessionEnd hooks. URL: https://knowledge.oriz.in/services/infra/dev-tools/cavemem Type: service Tags: memory, cavemem, claude-code, daemon, hooks, agent-tooling ### Dev-tools services Local development substrates — Wrangler for Workers, Astro dev for sites, Cloudflare Tunnel for webhook testing. All free, no card, all native to the existing Cloudflare stack. URL: https://knowledge.oriz.in/services/infra/dev-tools/index Type: index Tags: services, dev-tools, index, wrangler, cloudflare-tunnel ### Family inventory — canonical counts of apps, packages, books, APIs, submodules Canonical chirag127 family count totals; cite this file to avoid drift URL: https://knowledge.oriz.in/services/infra/dev-tools/family-inventory Type: service Tags: service, inventory, counts, family, canonical-source-of-truth ### Wrangler Cloudflare official CLI for Workers/Pages/KV/R2/D1/Queues — free with Cloudflare account URL: https://knowledge.oriz.in/services/infra/dev-tools/wrangler Type: service Tags: services, dev-tools, cloudflare, workers, cli, primary ### ImgBB Tier 2 image origin — free unlimited hosting + REST API, no card URL: https://knowledge.oriz.in/services/media/image-host/imgbb Type: service Tags: images, host, origin, imgbb, fallback ### GitHub user-content (raw.githubusercontent.com) Tier 4 image origin — push to `assets` branch, hot-link from raw GH, free unlimited URL: https://knowledge.oriz.in/services/media/image-host/github-user-content Type: service Tags: images, host, origin, github, raw, user-content, fallback ### Imgur Tier 3 image origin — free unlimited hosting + REST API, ImgBB mirror URL: https://knowledge.oriz.in/services/media/image-host/imgur Type: service Tags: images, host, origin, imgur, fallback, mirror ### Repo-hosted images on Cloudflare Pages Tier 1 image origin — static images committed to repo, served via CF Pages URL: https://knowledge.oriz.in/services/media/image-host/repo-hosted-cf-pages Type: service Tags: images, host, origin, repo-hosted, cloudflare-pages, primary ### Image host services 4-tier fallback chain for image origin storage: repo-hosted on CF Pages → ImgBB → Imgur → GitHub user-content. URL: https://knowledge.oriz.in/services/media/image-host/index Type: index Tags: services, image-host, index ### gumlet Privacy-sensitive video hosting — 250 GB/mo free, no tracking URL: https://knowledge.oriz.in/services/media/video/gumlet Type: service Tags: video, hosting, streaming, privacy, primary ### axe-core Industry-standard a11y rule engine; @axe-core/playwright in CI URL: https://knowledge.oriz.in/services/monitoring/a11y/axe-core Type: service Tags: a11y, accessibility, axe, ci, primary ### Accessibility (a11y) services Three-tool a11y stack on every PR — axe-core (static rules) + Pa11y (dynamic, different ruleset) + Lighthouse CI (score + perf). URL: https://knowledge.oriz.in/services/monitoring/a11y/index Type: index Tags: services, a11y, accessibility, ci, index ### YouTube Primary video host + embed — unlimited storage, public-content only URL: https://knowledge.oriz.in/services/media/video/youtube Type: service Tags: video, hosting, embed, primary ### Lighthouse CI Lighthouse score + a11y + perf budgets enforced per PR via free GitHub App URL: https://knowledge.oriz.in/services/monitoring/a11y/lighthouse-ci Type: service Tags: a11y, accessibility, lighthouse, ci, perf, primary ### Video hosting services Two-provider split for video: YouTube for public content, gumlet for privacy-sensitive content. URL: https://knowledge.oriz.in/services/media/video/index Type: index Tags: services, video, index ### Pa11y Dynamic a11y test runner; different ruleset from axe, free CLI URL: https://knowledge.oriz.in/services/monitoring/a11y/pa11y Type: service Tags: a11y, accessibility, pa11y, ci, primary ### Google Analytics 4 (GA4) Marketing-funnel analytics — acquisition/engagement/conversion, free, no card URL: https://knowledge.oriz.in/services/monitoring/analytics/google-analytics Type: service Tags: analytics, ga4, google, marketing, funnel, primary ### PostHog Product analytics + feature flags + A/B — 1M events/month free URL: https://knowledge.oriz.in/services/monitoring/analytics/posthog Type: service Tags: analytics, product, posthog, primary ### UTM tracking Marketing attribution via UTM params on outbound links; captured by GA4 + PostHog URL: https://knowledge.oriz.in/services/monitoring/analytics/utm-tracking Type: service Tags: analytics, marketing, attribution, utm, primary ### Microsoft Clarity Session recording + heatmaps — no traffic limits, free forever URL: https://knowledge.oriz.in/services/monitoring/analytics/microsoft-clarity Type: service Tags: analytics, session-recording, primary ### Cloudflare Web Analytics Privacy-friendly pageview analytics — free, no cookie banner URL: https://knowledge.oriz.in/services/monitoring/analytics/cloudflare-web-analytics Type: service Tags: analytics, cloudflare, privacy, primary ### Analytics services 5-tier analytics stack — CFWA (raw load) + GA4 (marketing funnel) + PostHog (product + replay + flags) + Clarity (heatmaps + redundant replay) + UTM (attribution convention). All free, no card. Each layer covered by an ENABLE_ env-var kill-switch. URL: https://knowledge.oriz.in/services/monitoring/analytics/index Type: index Tags: services, analytics, index ### Better Stack Logs Log aggregation — 3 GB/mo free, 30-day retention, searchable, alertable URL: https://knowledge.oriz.in/services/monitoring/monitoring/better-stack-logs Type: service Tags: logs, observability, better-stack, aggregation, retention, primary ### Better Stack Uptime monitoring + status page — 10 monitors free URL: https://knowledge.oriz.in/services/monitoring/monitoring/better-stack Type: service Tags: uptime, status-page, primary ### Cloudflare Workers Tail Live Worker console tail via wrangler — free, 5 min retention, active debugging URL: https://knowledge.oriz.in/services/monitoring/monitoring/cloudflare-workers-tail Type: service Tags: logs, observability, cloudflare, workers, live-tail, primary ### Monitoring services Uptime, heartbeat, error-tracking, and log services. URL: https://knowledge.oriz.in/services/monitoring/monitoring/index Type: index Tags: services, monitoring, index ### healthchecks.io Heartbeat monitoring for ingesters — 20 checks free URL: https://knowledge.oriz.in/services/monitoring/monitoring/healthchecks-io Type: service Tags: monitoring, heartbeat, primary ### Sentry Primary error tracking — 5K events/mo, per-site env toggle URL: https://knowledge.oriz.in/services/monitoring/monitoring/sentry Type: service Tags: errors, monitoring, sentry, primary ### GlitchTip REJECTED — Sentry-compat error tracker, 1K events/mo, rejected for Sentry URL: https://knowledge.oriz.in/services/monitoring/monitoring/glitchtip Type: service Tags: errors, monitoring, sentry-compat, rejected ### Instatus Redundant status page — 5 components, 25K subscribers, no card URL: https://knowledge.oriz.in/services/monitoring/monitoring/instatus Type: service Tags: status-page, monitoring, redundancy, fallback ### Atom 1.0 feed Atom 1.0 syndication feed at /atom.xml on every site URL: https://knowledge.oriz.in/services/monitoring/seo/atom-feed Type: service Tags: seo, feed, atom, syndication, primary ### Bing Webmaster Tools Bing sitemap submission + index monitoring + IndexNow key management URL: https://knowledge.oriz.in/services/monitoring/seo/bing-webmaster Type: service Tags: seo, bing, microsoft, search-console, primary ### @astrojs/sitemap Official Astro sitemap integration — generates sitemap.xml at build URL: https://knowledge.oriz.in/services/monitoring/seo/astrojs-sitemap Type: service Tags: seo, sitemap, astro, build-time, primary ### Google Search Console Google sitemap submission + index monitoring + manual-action notices URL: https://knowledge.oriz.in/services/monitoring/seo/google-search-console Type: service Tags: seo, google, search-console, monitoring, primary ### Performance services Real-user perf measurement (Web Vitals RUM). Pairs with Sentry traces and Cloudflare server-side analytics for the full perf picture. URL: https://knowledge.oriz.in/services/monitoring/perf/index Type: index Tags: services, perf, rum, web-vitals, index ### SEO services The SEO stack across the family — sitemap (Astro plug), IndexNow (instant), JSON-LD (structured), three-format feeds (RSS + Atom + JSON Feed), Google Search Console + Bing Webmaster (consoles). URL: https://knowledge.oriz.in/services/monitoring/seo/index Type: index Tags: services, seo, index ### JSON Feed v1.1 JSON syndication feed at /feed.json on every site URL: https://knowledge.oriz.in/services/monitoring/seo/json-feed Type: service Tags: seo, feed, json-feed, syndication, primary ### IndexNow Open API for instant URL change notification — submit-on-publish via oriz-omnipost URL: https://knowledge.oriz.in/services/monitoring/seo/indexnow Type: service Tags: seo, indexing, indexnow, instant, primary ### Vercel Speed Insights RUM for Web Vitals — free, works on CF Pages without Vercel hosting URL: https://knowledge.oriz.in/services/monitoring/perf/vercel-speed-insights Type: service Tags: perf, rum, web-vitals, vercel, primary ### JSON-LD structured data (schema.org) Schema.org JSON-LD via oriz-kit component URL: https://knowledge.oriz.in/services/monitoring/seo/json-ld-structured-data Type: service Tags: seo, structured-data, schema-org, json-ld, primary