My canonical stack

The tools I actually ship with

A short, stable list, built up over years of production work. TypeScript and Python for most of it, Go and Rust where the bytes matter. Next.js on the edge, Postgres at rest, Cloudflare and DigitalOcean for the wire and the metal. Not AWS, not Azure. Each tool earns its place by saving me a class of bugs, not by looking good on a CV.

5
Languages I reach for
19 repos
Production systems on this stack
on day one
Observability by default

Grouped by tier

Eight tiers, every choice deliberate. If something is on this list it has earned a place by saving me a class of bugs or buying me real headroom. If something is missing, I either tried it and dropped it, or I have not needed it yet.

Languages

Five languages, picked for the part of the system they suit.

  • TypeScript
    The default for everything web and most servers. Strict mode, no any.
  • Python 3.12
    AI infra, evals, scripts, data work. uv for env, ruff for lint.
  • Go
    Storage engines and distributed bits. lsmdb and raftkv live here.
  • Rust
    Sandboxing and hot inner loops. sandboxd is Rust.
  • SQL
    Postgres dialect. Migrations as code, RLS on every table.

Runtime and framework

Server-rendered HTML first. SPA frameworks only when the page is genuinely an app.

  • Next.js (App Router)
    React Server Components, route handlers, edge runtime.
  • Node 20+
    Long-running services and CLIs. No transpilers in production.
  • Hono
    Lean APIs on Workers and Node alike.
  • FastAPI
    Python services where I want type-checked routes.
  • Tailwind v4
    Utility-first styling. No CSS-in-JS.

Data

Postgres before anything else. Row-level security on by default, denied by default.

  • Supabase Postgres
    Hosted Postgres with auth, storage and realtime baked in.
  • PostgreSQL 16
    When I run the database myself on DigitalOcean.
  • Drizzle ORM
    Typed queries that map cleanly to migrations.
  • DuckDB
    Local analytics. Eval runs and ad-hoc joins live here.
  • pgvector
    Embeddings next to the rows they belong to.

Infrastructure

Cloudflare on the wire, Vercel for the app, DigitalOcean for the metal. No AWS, no Azure.

  • Cloudflare
    DNS, Workers, R2, KV, D1, Pages, no egress surprises.
  • Vercel
    Where the Next.js sites deploy. Preview branches on every push.
  • DigitalOcean
    VPS and managed Postgres for the self-hosted services.
  • Docker
    Reproducible builds locally and in CI.
  • Kubernetes (Helm)
    Helm chart in k8s-ops-toolkit for self-hosted Next.js workloads.
  • Terraform
    Vercel, Supabase, Cloudflare and DigitalOcean modules in one repo.

Observability

You cannot fix what you cannot see. Metrics, logs and traces from day one.

  • OpenTelemetry
    Traces and spans across services. Vendor-neutral.
  • Prometheus
    Metrics with histograms that match service-level objectives.
  • Grafana
    Dashboards that read like a runbook, alerts wired to Telegram.
  • Loki
    Log aggregation alongside Prometheus, same labels.
  • Sentry
    Error tracking with source maps and release health.

AI infrastructure

Multi-provider by default. No single vendor sits between me and a working request.

  • SarmaLink-AI
    My own multi-provider gateway with 14-engine failover.
  • Groq, OpenRouter, local Ollama
    The three rails behind the gateway.
  • MCP (Model Context Protocol)
    Tools the agent calls, not whole-file reads.
  • slipstream
    My token-efficient runner with persistent memory.
  • forge-infer
    Minimal inference server with paged KV cache.

Security and auth

Real auth, real RLS, real audit logs. The defaults you would want if you cloned my code at midnight.

  • Supabase Auth
    Email, magic link, OAuth, JWT verified server-side.
  • Row-level security
    Default deny, explicit policies per role.
  • Cloudflare Turnstile
    Bot challenge on every public form.
  • sandboxd
    WebAssembly sandbox with strict CPU, wall-clock and memory limits.

Workflow and shipping

Tight commits, frequent deploys, observability before features.

  • GitHub
    Source of truth, Actions for CI, CodeQL on the riskier repos.
  • n8n
    Self-hosted workflow automation for the boring glue.
  • Resend
    Transactional email with a verified domain.
  • Telegram bot
    Where my alerts land. Faster than a paging service.

Why this matters

A stable stack means a small surface area to know deeply. I would rather understand eight tiers in detail than dabble in forty. The list grows slowly. When something new arrives it replaces something old, never just adds noise. Boring tech, surgical complexity.

Want the receipts?

Every tier on this page is wired into something on GitHub you can read. Nineteen open-source repositories, MIT-licensed, with architecture diagrams in the wiki.

See the open-source body of workgithub.com/sarmakska

Hiring for a senior engineering role? See /hire-me.