$67projects.app

Generated 2026-05-31 13:28 GMT+2 ·2 sessions ·26 commits

9min

Active tool time

Time the agent spent running tools (edits, reads, commands) — not wall-clock.

3,921

Lines of code

Non-blank source lines across the codebase.

Commits

Git commits recorded (— if not a git repo).

Features detected

Distinct capabilities found, each backed by code evidence.

SUMMARYreadme.md

67projects.app is a production marketing and CMS site for Bartek's 67-day shipping challenge that serves the public site and an embedded Payload 3 admin panel from one Next.js 15 deploy, one Postgres database, and one set of generated types. It renders project, repo, and build-log pages from CMS-driven content in collections/ and globals/SiteSettings.ts, streams a mock revenue feed over Server-Sent Events from app/api/sales-stream/route.ts, and ships a hardened request path with a per-request CSP nonce, Zod-validated env, rate-limited routes, and daily-rotated IP hashing.

Features 8

CMS-driven public site with no redeploy

Lets you edit projects, repos, build-log entries, and site copy in the Payload admin and see them live without shipping code.

collections/Projects.ts, globals/SiteSettings.ts, app/(frontend)/projects/[slug]/page.tsx

Instant edits via revalidation hooks

Pushes every admin save to the matching public route through afterChange/afterDelete hooks so changes appear immediately instead of waiting for a revalidate window.

lib/revalidate.ts, globals/SiteSettings.ts, collections/LogEntries.ts

Spam-resistant contact intake

Accepts contact messages only through a server action gated by a token-bucket rate limiter, a honeypot, and Zod validation, and rejects direct REST writes by design.

app/(frontend)/contact/actions.ts, lib/rate-limit.ts, collections/ContactSubmissions.ts

Strict CSP with per-request nonce

Hardens every page against injection by emitting a fresh nonce per request and a strict-dynamic script policy from middleware, with admin and static paths excluded.

middleware.ts

GDPR-minimal visitor tracking

Stores no raw IPs and sets no cookies — IPs are SHA-256 hashed with a daily-rotating salt, and analytics load only the self-hosted Umami tracker when configured.

lib/ip.ts, app/(frontend)/layout.tsx, lib/env.ts

Live revenue feed over SSE

Streams the homepage revenue log over Server-Sent Events with a stable encoder and heartbeat, so swapping the mock source for Stripe needs no client change.

app/api/sales-stream/route.ts, lib/revenue-stream.ts, components/home/RevenueLogStream.tsx

Cached, rate-limited GitHub stars

Serves open-source star counts from a per-repo route guarded by its own rate limiter and an in-memory LRU cache so the public GitHub limit is never hit.

app/api/github-stars/[owner]/[repo]/route.ts, lib/github.ts, lib/rate-limit.ts

Boot-safe migrate-and-seed deploy

Brings up a fresh container by waiting for Postgres, applying committed Payload migrations, running an idempotent seed, and ensuring an admin user before the server starts.

scripts/entrypoint.sh, migrations/20260510_104121_initial.ts

Stack

next framework react framework tailwindcss styling vitest build/test

Production

@payloadcms/db-postgres ^3.81.0 @payloadcms/next ^3.81.0 @payloadcms/richtext-lexical ^3.81.0 @payloadcms/ui ^3.81.0 lru-cache ^11.0.0 next ^15.1.0 payload ^3.81.0 react ^19.0.0 react-dom ^19.0.0 tsx ^4.19.0 zod ^3.23.8

Dev

@axe-core/playwright ^4.10.0 @playwright/test ^1.48.0 @tailwindcss/postcss ^4.1.0 @types/node ^22.10.0 @types/react ^19.0.0 @types/react-dom ^19.0.0 @vitest/coverage-v8 ^2.1.0 babel-plugin-react-compiler ^1.0.0 eslint ^9.15.0 eslint-config-next ^15.1.0 eslint-plugin-security ^3.0.1 tailwindcss ^4.1.0 typescript ^5.7.0 vitest ^2.1.0

Activity timeline

Language breakdown

3,921

lines

TypeScript3,78296%

CSS862%

JavaScript531%

$DOCS · 11 files · 706 lines

Top files 10

migrations/20260510_104121_initial.ts298 ln

globals/SiteSettings.ts167 ln

scripts/seed.ts134 ln

.../[slug]/page.tsx131 ln

lib/site-settings.ts127 ln

.../(frontend)/page.tsx126 ln

scripts/seed-fresh.ts113 ln

.../home/Hero.tsx112 ln

.../home/RevenueLogStream.tsx95 ln

app/globals.css86 ln

Sessions 2

2026-05-14

9min

173 tool calls
top: Bash

2026-05-31

20 tool calls
top: Read

Commit log

GIT LOG--oneline

2026-05-14feat(analytics): self-hosted Umami tracker (stats.67projects.app) — gated <Script> w prod (NEXT_PUBLIC_UMAMI_SRC + WEBSITE_ID opcjonalne), CSP allowlist derived od env, brak cookies/DNT respected, TRACKER_SCRIPT_NAME=ascii.js bypass adblock
2026-05-14docs(claude): initial CLAUDE.md — architecture, commands, security model, deployment dla future Claude Code sessions
2026-05-11feat(cms): revalidatePath hooks na SiteSettings/Projects/Repos/LogEntries/Categories — zmiany w admin natychmiast widoczne na stronie (bez czekania na revalidate window)
2026-05-10chore(deploy): commit .coolify.env (UUIDs only, no secrets)
2026-05-10fix(deploy): entrypoint uses .bin/payload (not direct dist/bin) so tsx loader handles payload.config.ts
2026-05-10fix(deploy): pages render-resilient when DB unavailable at build time (try/catch + empty fallback) — fixes Coolify build failure
2026-05-10feat(deploy): production entrypoint (migrate + idempotent seed-fresh + admin), Dockerfile build-time args, .gitignore + .dockerignore for .coolify.env
2026-05-10feat(cms): rozszerzenie SiteSettings o branding (Hero, Sections, Footer, Contact, Branding tabs); lib/site-settings z fallback; podpięcie wszystkich komponentów pod CMS; Nav prompt linkuje do home + większy font; ChallengeGrid minmax(0,1fr) fix; Footer build timestamp stable
2026-05-10fix: Payload admin (RootLayout + serverFunction wiring), regenerated importMap, hydration mismatch in RevenueLogStream timestamp; .env script loading via tsx --env-file
2026-05-10feat: bundle JetBrains Mono v2.304 woff2 (Regular/Bold/ExtraBold) + OFL license; wire next/font/local in layout
2026-05-10fix(security): post-audit fixes — auth-001 (REST create lockdown), rate-001 (github limiter), upload-001 (size cap); SECURITY.md aligned with reality
2026-05-10fix(verify): typecheck + build fixes (importMap.d.ts, generateStaticParams resilience, sitemap fallback, slug regex disable, payload migrations)
2026-05-10docs: README + SECURITY.md + e2e test suites
2026-05-10feat(scripts): create-admin + idempotent seed (14 projects, 5 repos, 10 logs)
2026-05-10feat(security): CSP nonce middleware
2026-05-10feat(pages): home, projects list+detail, open-source, log, contact, sitemap, robots, error, not-found
2026-05-10feat(api): github-stars + sales-stream + ContactForm
2026-05-10feat(ui): cards, filter, home sections, checkout box
2026-05-10feat(ui): primitives + Nav + Footer
2026-05-10feat(payload): mount admin + REST API in app router
2026-05-10feat(payload): all collections + SiteSettings global + payload.config
2026-05-10feat(lib): TDD env, ascii, ip, validators, rate-limit, github, revenue-stream
2026-05-10feat: docker compose + healthcheck
2026-05-10test: vitest + playwright config
2026-05-10feat: next.js + tailwind v4 wiring with @theme tokens
2026-05-10chore: bootstrap project skeleton