Field notes
Hello, UpNumbers
Why we rebuilt the stack, what shipped in wave 1, and what's next.
We audited the original UpNumbers (Next.js / MongoDB, 11 vulns) and took the whole stack over. This post is the first write-up on what that rebuild looks like in practice.
What landed in wave 1
- Rust + axum backend with a 26-rule compile-time constitution (
build.rs) - Vue 3 frontend with PrimeVue Lara preset, rem-scaled root, zero tailwind
- Postgres schema — 13 tables, money in integer cents, time in
BIGINTunix seconds - Opaque session tokens (no JWT), Argon2id password hashes with params in
app_config - Catalog → order → pay loop end to end, with mock payments behind a config flag
Payments ship last, not first. Customer UX first.
Why the campaign framing
Public marketing language is corporate: “Instagram — Audience Growth Campaign”, not “buy 10k followers for $5”. Per-1k rates are not indexable; the catalog is auth-gated and noindex. The compliance posture is in docs/SECURITY.md.
What’s next
- Real Google SSO (OAuth redirect + callback, replacing the stub)
- Checkout flow wired to
/api/discount/validateand/api/orders/{id}/pay - Bundle trim on the icon packs (~800KB gzip → only used weights)
More when it ships.