// STANDARDS

Infrastructure Standards

Every build follows a documented baseline for performance, accessibility, security, deployment, and ownership. These standards keep delivery predictable as systems scale.

Lighthouse Performance Targets

We set and track Lighthouse thresholds to maintain speed during new feature releases and ongoing iteration.

  • Performance score target: 90+ on critical templates
  • Best Practices score target: 95+
  • SEO technical baseline target: 95+
  • Regression checks run prior to major launches

Google Core Web Vitals Targets

Vitals targets are built into implementation decisions, not treated as a post-launch cleanup activity.

  • Largest Contentful Paint (LCP): ≤ 2.5s (75th percentile)
  • Interaction to Next Paint (INP): ≤ 200ms (75th percentile)
  • Cumulative Layout Shift (CLS): ≤ 0.10 (75th percentile)
  • Vitals monitored with production data after release

Accessibility Compliance Levels

Accessibility requirements are integrated into design, content structure, and component QA.

  • Baseline target: WCAG 2.2 AA for public-facing experiences
  • Keyboard navigation and visible focus states on interactive UI
  • Semantic headings, landmarks, labels, and readable contrast
  • Assistive-tech checks included in launch verification

Deployment Environments

Delivery pipelines stay consistent by defining frameworks, hosting, and domain routing rules before build-out.

  • Environment separation: local, preview/staging, and production
  • Framework fit selected by use case (Astro, Next.js, etc.)
  • Hosting selected by requirements (Vercel, Cloudflare, Netlify, AWS)
  • Domain and DNS conventions documented for all properties

Code Ownership Policies

Clear ownership prevents drift and reduces risk when multiple contributors touch the same system.

  • Primary owner assigned per repository and major feature area
  • Peer review required for protected branches
  • Decision logs maintained for architectural changes
  • Handoff notes required for transitions or long-term maintenance

Security Practices

Security controls are treated as baseline infrastructure requirements across every project phase.

  • Dependency and package hygiene reviewed on a regular cadence
  • Secrets and API keys never committed to source control
  • Role-based access and least-privilege controls across tooling
  • HTTPS enforcement, secure headers, and incident response readiness