Projects / Portfolio App (Next.js + TypeScript)
Gold Standard
Docs Available
Threat Model
ADR Complete
Portfolio App (Next.js + TypeScript)
Reviewer-ready portfolio application with evidence-first links, CI gates, and production-grade governance.
RepoDemo: (add when deployed)
What This Project Proves
Technical Competency
- • Next.js 15+ (App Router, React Server Components)
- • TypeScript 5+ (strict mode)
- • Tailwind CSS 4 (responsive design)
- • Evidence-first UX
Engineering Discipline
- • CI quality gates (lint, format, typecheck, secrets scan)
- • Automated smoke testing (Playwright)
- • Frozen lockfile builds (determinism)
- • PR-only merge discipline
Security Awareness
- • Public-safe by design (no secrets)
- • CodeQL + Dependabot (supply chain)
- • Least-privilege CI permissions
- • Secrets incident response runbook
Operational Maturity
- • Deploy/rollback runbooks
- • CI triage procedures
- • Vercel promotion gating
- • Evidence-based release notes
Evidence Artifacts
Architecture Decisions
ADR decision records
Verification Checklist
The following checklist allows a reviewer to verify gold standard claims in < 5 minutes without running local builds.
Enforced quality gates: Open .github/workflows/ci.yml → see
quality, secrets-scan, build-and-test, codeql jobs all required.PR discipline: Open Branch Protection → confirm require-PR + status-checks enabled.
Secrets safety: Grep
src/ for API_KEY, PASSWORD, SECRET → zero matches expected. See public-safety rules.Smoke tests: Check recent CI runs → see Playwright smoke tests passing post-build.
Dependencies: Open package.json → see Next 15+, React 19, Tailwind 4, TypeScript 5.
Tech Stack
Next.js 15+React 19TypeScript 5Tailwind CSS 4PlaywrightESLint 9PrettierpnpmVercel