Design goals
The site is intentionally deployable on ordinary PHP hosting without a database, package manager, build service, JavaScript framework, or external content platform. It remains structured enough to grow into a substantial technical publication.
Request path
REQUEST
-> index.php
-> bootstrap strict runtime and autoloader
-> Request value object
-> Router exact or parameterized route
-> Controller
-> file-backed repository
-> Markdown renderer and diagram library
-> shared layout, header, footer, and partials
-> security headers
-> ResponseDirectory responsibilities
| Directory | Responsibility |
|---|---|
/ | Shared-hosting web root with front controller, Apache/LiteSpeed rules, manifest, and robots file |
/assets | Public static assets and generated browser search index |
/src | Application, HTTP, content, security, support, and view classes |
/templates | Shared layout, header, footer, page templates, and partials |
/content/pages | Curated Markdown pages with front matter |
/docs | Original research reports and integrity manifest |
/config | Site configuration and environment defaults |
/tools | Validation and search-index build scripts |
/tests | Smoke tests |
/deploy | Example server configuration |
/storage/logs | Runtime error logs; must not be web-accessible |
Content model
Each curated page has a stable slug, title, description, section, order, status, evidence label, audience level, tags, source-report slugs, update date, and Markdown body. The repository loads and validates files on request. For very large deployments, a generated cache can be added without changing authoring format.
Security posture
- root
.htaccessblocks direct access to source, configuration, reports, memory, intake, tests, tools, templates, and logs; - strict PHP types and centralized error handling;
- output escaping by default in templates;
- a Markdown renderer that permits only safe link schemes and does not execute raw HTML;
- Content Security Policy with self-hosted scripts and styles;
- frame denial, MIME sniffing protection, restrictive permissions policy, and referrer policy;
- HSTS when the request is HTTPS;
- source downloads routed through an allowlisted manifest rather than arbitrary paths;
- no upload endpoint, session state, cookies, database credentials, or remote API keys.
Extension points
A database can later replace repositories behind the same page and document interfaces. Search can move from generated JSON or in-process scanning to a dedicated index. An admin workflow can write Markdown through a reviewed Git process. None of those changes require modifying public URLs.
Performance model
The site favors HTTP caching and immutable static assets. Content is parsed per PHP process; for higher traffic, enable PHP OPcache, reverse-proxy caching, and a generated content cache. Because pages are read-heavy and deterministic, the site is well suited to edge caching.
Source reports used for this guide
These reports are preserved verbatim in the site archive. The guide above is an editorial synthesis and may narrow, qualify, or reorganize claims from the source material.