Stack
One stack. Every product.
We use the same technical foundation across every product and every client engagement. That's how a small team ships and operates so much in parallel — new code lands on the surface you already understand.
One stack, not five
Every fleet product uses the same web stack, the same hosting, the same security baseline. New engineers ramp once. Operational surface area stays tractable.
No vendor lock-in by accident
We use Firebase + Postgres pragmatically, but data is exportable, schemas are documented, and nothing relies on a proprietary feature we couldn’t replace in a week.
Boring infrastructure
Hetzner + PM2 + Cloudflare + Nginx is unfashionable. It’s also been working unchanged for the entire fleet for years. We prefer boring infrastructure under exciting products.
Production-first
Every project ships with security headers, structured data, sitemap, robots, llms.txt, analytics, backup, monitoring — on day one. Not retrofitted at month three when somebody notices.
Web frontend
Marketing sites and customer-facing applications.
Next.js 15-16
App Router, RSC, streaming, standalone build for self-hosted ops.
React 19
Use cases beyond marketing — admin consoles, Rezerva customer app, Meza HR.
TypeScript 5.7
Strict mode by default across every fleet repo.
Tailwind CSS 4
@theme tokens, design-token-driven. No CSS-in-JS overhead.
shadcn/ui
For internal tooling where speed > differentiation.
Mobile
Cross-platform native and PWA fallbacks.
Expo SDK 53-54
Single codebase → iOS, Android, web. EAS Build + EAS Submit.
React Native
Hermes engine, Fabric renderer, new architecture by default.
React Native tvOS
For Rezerva TV — Android TV + Fire TV Stick.
PWA (service worker)
Offline-first fallback — HariSuku runs entirely as PWA.
Backend & data
APIs, databases, queues, and auth.
Postgres 15+
Primary OLTP. Graph-shaped schemas (Belun AtReS), multi-tenant (Rezerva, Meza), full-text search.
Firebase
Firestore for write-heavy realtime, Firebase Auth for sign-in surfaces, Cloud Functions for glue.
Express + Node 20
API services where REST is right. SSE + WebSockets for live streams.
pg_cron + pg_vector
Scheduled jobs in-DB, semantic search where it earns its keep.
AI / ML
How AI shows up in shipped products and how we build internally.
Claude API (Anthropic)
Production-grade summarisation, RAG, structured extraction. With prompt caching to keep cost predictable.
OpenClaw
Our shared WebSocket gateway in front of Claude. Per-tenant rate limits, observability, cost guardrails.
Tetun MT (tetumdili.com)
Our own Tetun ↔ EN ↔ PT ↔ ID translation pipeline. Powers TMM, Belun AtReS, content workflows.
Embeddings + vector search
Where semantic similarity matters more than keyword. Postgres pg_vector when scale stays modest.
Hosting & ops
One fleet box, one pattern, every product.
Hetzner dedicated
Falkenstein, Germany. 4 vCPU, 7.6 GB RAM — runs 14+ live services concurrently.
Cloudflare
CDN, WAF, DNS, free SSL. Page rules + bot management on every fleet vhost.
Nginx
Reverse proxy. Shared security snippets across vhosts so hardening lives in one place.
PM2
Process supervision. Every service has an ecosystem.config.js — git is the source of truth.
Let's Encrypt
Auto-renewing certs via certbot. Same wildcard for fleet-internal subdomains.
Security baseline
Day-one hardening on every shipped site.
HTTPS + HSTS + preload
max-age=31536000 with includeSubDomains and preload. No exceptions.
CSP
Report-Only mode for 2-3 weeks, then enforce. Per-vhost, tuned to actual usage.
X-Content-Type-Options + X-Frame-Options + Referrer-Policy
Plus Permissions-Policy denying camera/mic/geolocation by default.
WordPress hardening
REST user-enum block, xmlrpc lockdown, fingerprint strip, mu-plugin pattern.
CI / Delivery
How code reaches production.
GitHub Actions
Lint, type-check, build on PR. Deploy on merge to main where the project warrants it.
rsync + PM2 restart
Per the CLAUDE.md runbook — same flow across every fleet service.
Daily backups
Off-box, encrypted at rest. Restored monthly to verify the chain.
pm2 logs aggregation
Centralised access. Errors trip our shared monitoring before users notice.
SEO + content
Built-in, not bolted on.
Schema.org JSON-LD
Organization, WebSite, Service, Article, FAQPage, Resort, Hotel, Event, BreadcrumbList — whatever the page is.
hreflang
Correct for every trilingual project. Locale-keyed URLs, x-default, en/pt-PT/tet-TL/id-ID.
sitemap.xml + robots.txt
Per-fleet pattern. AI-crawler allow/deny rules tuned per site.
llms.txt
Curated content map for AI engines — Bing, Perplexity, Claude.ai, ChatGPT.
GA4 + GSC
Set up on every shipped site. Day-30 and day-90 retest checkpoints baked into the engagement model.
Localisation
TL is multilingual by default. So are we.
English (en)
Primary for international audiences and policy work.
Tetun (tet-TL)
Primary for community-level products. Tetun-first interfaces, not English translated late.
Portuguese (pt-PT)
Government, civil society, legal contexts.
Bahasa Indonesia (id-ID)
Cross-border partner businesses, news intelligence.
Want to use the same stack?
We build on this for every engagement — from a $2.5k marketing site to a multi-app SaaS like Rezerva. Reach out about yours.