decisions-log

Solanasis Website — Decisions Log

What this is: A record of all decisions made during the website build planning process. Referenced by 02-claude-build-plan.md to ensure Claude Code follows the correct approach.

Last updated: 2026-03-08

Preflight status: ALL CHECKS PASSED (2026-03-05). Test email sent and confirmed (Brevo messageId: 202603051817.68107933449). Ready to build.

---

Decision 1: Contact Email Address

• Decision: hi@solanasis.com is the canonical public-facing email
• Rationale: Matches the verified sender in Brevo, the About Solanasis.md doc, and the .env file
• Action taken: Updated all three website copy versions (v1, v2, v3) from hello@solanasis.com to hi@solanasis.com
• Files changed: website-content/solanasis_site_copy_v1_punchy.md, v2_calm.md, v3_smartcuts.md

Decision 2: Services Architecture (Home Page vs Separate Pages)

• Decision: Follow copy v3’s structure — home page is the primary single-page design with anchor-linked sections. The Resilience Checkup is the primary offer. Follow-on services (Remediation Sprint, Fractional Resilience Partner, Migrations, CRM Setup, Integrations, Responsible AI) are listed as “when you’re ready” items.
• Separate pages: Blog and Contact are standalone pages. An About page with founder bio is a standalone page. No individual service pages at launch (can be added later for SEO).
• Rationale: The approved copy (v3 “Smartcuts”) is designed as a single-page site. The ORB journey is the selling motion — lead with the Checkup, not a menu of services.

Decision 3: About Page Content

• Decision: Use the “About me for LinkedIn Bio” section from About Me for AI.md as the founder bio. Adapt for website context (third-person voice, professional tone).
• Source file: C:\Users\zasya\Documents\_solanasis\About Me for AI.md → “About me for LinkedIn Bio” section (line 92+)
• Supplemental content: Company story from misc-notes.md (mission, differentiators), legal details from About Solanasis.md

Decision 4: FAQ Section

• Decision: Generate FAQ content based on all existing docs (playbooks, copy v1’s FAQ, ORB one-pager, misc-notes)
• Action taken: Added a 10-question FAQ section to solanasis_site_copy_v3_smartcuts.md covering: timeline, audience, MSP coordination, standalone checkup, disruption level, NDAs, differentiation, pen-test clarification, pricing, and money-back guarantee
• Sources used: Copy v1 FAQ section, ORB Client One-Pager, misc-notes.md (limitations section), pricing doc

Decision 5: Phone Number

• Decision: Include phone number (303-900-8969) on the website contact page
• Spam protection: Use JavaScript-based rendering (decode on click/hover) to prevent basic scrapers. The number is a Google Voice number which provides an additional buffer.
• Source: About Solanasis.md

Decision 6: Stock Photos

• Decision: Claude Code will select specific stock photos from Unsplash/Pexels with direct URLs
• Style guidelines (from About Me for AI.md): Documentary photo, natural window light, 35mm lens, shallow depth of field, subtle film grain, slight imperfections, muted colors, high contrast but not HDR, realistic, not glossy, not CGI. No logos, no brand names, no readable text, no futuristic neon, no hoodies, no masks, no “hacker” tropes.
• Updated photo list: Aligned to v3 services (see updated Phase 2.3 in build plan)

Decision 7: Working Directories

• Project build directory: C:\Users\zasya\Documents\solanasis-site
• Brand assets / workspace directory: C:\Users\zasya\Documents\_solanasis
• Website config docs: C:\Users\zasya\Documents\_solanasis\website-config
• Website copy: C:\Users\zasya\Documents\_solanasis\website-content
• Logo files: C:\Users\zasya\Documents\_solanasis\logo

Decision 8: Booking Link

• Decision: Use https://go.solanasis.com/meet for “Book a 30-min intro call” CTAs
• Source: LinkedIn bio in About Me for AI.md (line 114)
• Note: If this Calendly/booking link is not yet configured, the CTA should fall back to the contact page (/contact)

Decision 9: Social Links

• LinkedIn: https://www.linkedin.com/company/solanasis/
• X/Twitter: https://x.com/solanasis
• Instagram: https://www.instagram.com/zasagesunshine/
• Substack: https://zasagesunshine.substack.com/
• Source: About Me for AI.md → “My Links” section

Decision 10: Booking Link — Cal.com Popup Modal Embed

• Decision: Replace external redirect booking links (https://go.solanasis.com/meet) with Cal.com popup modal embeds using data-cal-link="mrsunshine/intro"
• Cal.com link: mrsunshine/intro
• Rationale: Keeps visitors on the Solanasis site instead of redirecting. Reduces friction, maintains analytics context, and provides a polished in-page scheduling experience.
• Implementation: Cal.com embed script loaded in BaseLayout.astro <head>. All booking CTAs use data-cal-link attribute with href="https://cal.com/mrsunshine/intro" as progressive enhancement fallback (works without JS).
• Brand theming: Copper accent (#C47A3D) applied via Cal.com ui config.
• Files changed: BaseLayout.astro, Nav.astro, index.astro, contact.astro, about.astro, Footer.astro, send-email.ts
• Auto-reply email: Updated to plain cal.com/mrsunshine/intro link (no embed in email context)
• Follow-up: Cal.com webhook to Brevo integration for post-booking nurture (separate task)

Decision 12: No Pricing on Website

• Decision: NO pricing data appears anywhere on the public website. No dollar amounts, no “starting at” language, no pricing tables, no pricing signals, no price ranges.
• What IS allowed: The phrase “fixed-fee” as a trust signal (e.g., “Fixed-fee — no hourly surprises”). This communicates the pricing model without disclosing amounts.
• Rationale: Pricing is disclosed during intro calls only. Showing pricing without context leads to sticker shock, premature self-disqualification, and fewer qualified conversations.
• Applies to: All pages (homepage, services, about, contact, blog), JSON-LD structured data, OG metadata, and any future pages.
• Internal pricing docs: _solanasis/playbooks/solanasis_orb_pack_v2/03_Pricing_Packaging.md and 16_Remediation_And_Retainer_Options.md — for internal use only.

Decision 13: About Page — Meet the Team

• Decision: Expand the About page from founder-only to a full “Meet the Team” section with Dmitri Sunshine and Patrick McHeyser
• Patrick’s title: Operations Lead
• Dmitri’s LinkedIn: https://www.linkedin.com/in/dmitri-sunshine/ (personal profile, replaces company page link)
• Patrick’s LinkedIn: https://www.linkedin.com/in/patrickmcheyser/
• Bio sources: _solanasis/about-team/Dmitri Sunshine/Dmitri Sunshine.md (Chosen Option, adapted to third-person) and _solanasis/about-team/Patrick McHeyser/Patrick McHeyser.md (Chosen Option 1 — The Operator)
• Photo sources: _solanasis/about-team/ originals, resized to 500x500 via Sharp → public/images/team/
• Layout: Alternating left/right headshot placement, circular crop, mobile-responsive with inline avatar
• Nav: Added “About” to main navigation between Blog and Contact
• SEO: JSON-LD Organization schema with founder + member data, updated meta title/description
• Date: 2026-03-07
• Files changed: about.astro, Nav.astro, BaseLayout.astro, new TeamMember.astro, new public/images/team/*

Decision 14: CTA Button Text — “Request a Free Consultation”

• Decision: Replace all “Book a 30-min intro call” CTA button text with “Request a Free Consultation”
• Rationale: “Book a 30-min intro call” created friction — time commitment (“30-min”), formal language (“book”), and vague value (“intro call”). The new copy is professional, friendly, and outcome-oriented. “Request” is lower commitment than “book.” “Free” removes risk. “Consultation” implies the visitor receives expert advice, not a sales pitch.
• Implementation: CTA text stored in a single CTA_TEXT constant in src/lib/constants.ts. All 8 instances across 5 files import from this constant — future changes require editing one line.
• Alternatives considered: Tier 1 (outcome-focused: “See Where You Stand”, “Find Your Blind Spots”), Tier 2 (urgency: “Get Your Free Risk Score”, “See What’s Exposed”), Tier 3 (trust-first: “Let’s Talk — No Pitch”, “See If We’re a Fit”, “Pick Our Brain — Free”). Landed on professional + friendly + simple over aggressive marketing language.
• Files changed: src/lib/constants.ts (new CTA_TEXT constant), Nav.astro, Footer.astro, index.astro, contact.astro, about.astro
• Date: 2026-03-07

Decision 15: Image Optimization & Lighthouse Performance

• Decision: Convert all stock photos to WebP with <picture> fallbacks, fix logo aspect ratio, add preconnect hints for third-party origins
• Rationale: Lighthouse audit showed Performance at 78, images oversized (1600px served for 800px containers), logo width/height attributes mismatched actual 4:1 ratio (was 5:1), and missing preconnect to challenges.cloudflare.com adding 270ms to LCP
• Image conversion: All public/images/stock/*.jpg resized to 800px max-width and converted to WebP via Sharp (quality 80). Original JPEGs kept as <picture> fallback. Example: offer-checkup.jpg 237KB → offer-checkup.webp 32KB (~85% reduction)
• Logo fix: width="200" height="40" (5:1) → width="160" height="40" (4:1) matching actual image dimensions (800x200)
• Preconnect: Added <link rel="preconnect"> for challenges.cloudflare.com (Turnstile), app.cal.com (booking embed), cloud.umami.is (analytics)
• Result: Performance 78 → 83, LCP 5.2s → 4.4s, FCP 2.3s → 2.0s. Remaining gap to 90 target is Cal.com sync script render-blocking (~800ms) — documented in FUTURE-SUGGESTIONS.md §7
• Files changed: BaseLayout.astro, Nav.astro, Footer.astro, index.astro, about.astro, blog/index.astro, all public/images/stock/*.webp (new)
• Date: 2026-03-07

Decision 11: Brand Style Guide

• Decision: Use the Matchkeyz Brand Style Guide (brand-style/Matchkeyz_Brand_Style_Guide.md) as the comprehensive design reference, since it contains the same P01 Navy + Parchment + Copper palette with full implementation details (CSS custom properties, button styles, form styles, accessibility, etc.)
• Note: The Matchkeyz guide was created for a different product but uses the identical palette. The design tokens in the build plan’s design-tokens.md should reference this as the authoritative source for spacing, typography, radius, shadows, and accessibility ratios.

Decision 16: Security Hardening (2026-03-08)

• Decision: Comprehensive security hardening of website and hosting infrastructure
• Rationale: Full security assessment identified 18 findings (2 critical, 6 high, 6 medium, 3 low, 1 pre-existing bug). Code-level fixes deployed; infrastructure items require manual dashboard action.
• Code changes: CORS fix (server-side origin), HSTS, Permissions-Policy, input length validation, email regex hardened, honeypot renamed (website→_url), CSP fixed (Umami origins), GitHub Actions SHA-pinned, 15 new E2E tests
• Infrastructure items (manual): Cloudflare WAF rate limiting, DKIM for Brevo, www→apex redirect, CAA DNS record, DMARC escalation, SPF hardfail
• Accepted risks: CSP unsafe-inline required for Astro build output + Cal.com; no SRI on third-party scripts (Cal.com/Turnstile update frequently); npm undici vulnerability is upstream transitive dep
• Plan doc: solanasis-site/SECURITY-HARDENING-PLAN.md
• Hardening guide: website-config/04-security-hardening-guide.md
• Deferred items: solanasis-site/FUTURE-SUGGESTIONS.md §8.4