ARCHITECTURE.md
April 21, 2026 Β· View on GitHub
ποΈ Hack23 Homepage β Architecture
C4 Architecture Model: Static Website on AWS S3 + CloudFront
Corporate Cybersecurity Consulting Website β hack23.com
π Document Owner: CEO | π Version: 1.1 | π
Last Updated: 2026-04-21 (UTC)
π Review Cycle: Quarterly | β° Next Review: 2026-07-21
π·οΈ Classification:
π Architecture Documentation Map
| Document | Focus | Description |
|---|---|---|
| ποΈ Architecture | C4 Model | C4 model showing system structure (this document) |
| π‘οΈ Security Architecture | Security | Security controls and infrastructure |
| π Data Model | Data | Content model and data structures |
| π Flowchart | Processes | CI/CD and content workflows |
| π State Diagram | States | Deployment and content lifecycle states |
| π§ Mindmap | Concepts | System conceptual relationships |
| πΌ SWOT | Strategy | Strategic analysis and positioning |
| π Workflows | CI/CD | GitHub Actions workflow documentation |
| π― Threat Model | Threats | STRIDE threat analysis |
| π‘οΈ CRA Assessment | Compliance | EU Cyber Resilience Act conformity |
| π BCP Plan | Resilience | Business continuity & recovery |
| π° Financial & Security Plan | Cost | Infrastructure cost & security investment |
| π End-of-Life Strategy | Lifecycle | Technology lifecycle management |
| π·οΈ Classification | Data | Security classification framework |
| π Future Architecture | Roadmap | Architectural evolution plans |
π Table of Contents
- π System Context
- π’ Container View
- π§© Component View
- π File Structure
- βοΈ Technology Stack
- π Deployment Architecture
- π ISMS Compliance
π System Context
%%{init: {"theme": "base", "themeVariables": {"primaryColor": "#2196F3", "primaryTextColor": "#ffffff", "lineColor": "#455A64", "secondaryColor": "#4CAF50", "tertiaryColor": "#FF9800", "primaryBorderColor": "#1565C0"}}}%%
C4Context
title System Context - Hack23 Homepage (hack23.com)
Person(visitor, "π§ Website Visitor", "Potential clients, partners, developers exploring Hack23's cybersecurity services")
Person(admin, "π€ Content Admin", "CEO/developer maintaining website content")
System(homepage, "π Hack23 Homepage", "Static HTML/CSS corporate website showcasing cybersecurity consulting services, open-source projects, and ISMS transparency")
System_Ext(cloudfront, "βοΈ AWS CloudFront", "Global CDN with 400+ edge locations, DDoS protection, HTTPS termination")
System_Ext(s3, "πΎ AWS S3", "Static website hosting with versioning and encryption")
System_Ext(github, "π§ GitHub", "Source control, CI/CD, security scanning")
System_Ext(ghpages, "π GitHub Pages", "DR hosting fallback")
Rel(visitor, cloudfront, "Views website", "HTTPS/TLS 1.3")
Rel(cloudfront, s3, "Serves content", "HTTPS")
Rel(admin, github, "Pushes content changes", "HTTPS/SSH")
Rel(github, s3, "Deploys via CI/CD", "AWS OIDC")
Rel(visitor, ghpages, "DR fallback", "HTTPS")
π’ Container View
%%{init: {"theme": "base", "themeVariables": {"primaryColor": "#2196F3", "primaryTextColor": "#ffffff", "lineColor": "#455A64", "secondaryColor": "#4CAF50", "tertiaryColor": "#FF9800", "primaryBorderColor": "#1565C0"}}}%%
C4Container
title Container View - Hack23 Homepage
Person(visitor, "Website Visitor", "Browser user")
System_Boundary(website, "Hack23 Homepage") {
Container(html, "π HTML Pages", "HTML5", "1,353 pages β 105 English source pages Γ 14 languages: project showcases, blog posts, services, ISMS docs, sitemaps")
Container(css, "π¨ Stylesheet", "CSS3", "Single styles.css with responsive design, CSS custom properties, dark theme")
Container(sitemap, "πΊοΈ Sitemap", "XML", "SEO sitemap with hreflang tags for 14 languages")
Container(robots, "π€ Robots.txt", "Text", "Search engine crawling directives")
Container(schema, "π Schema.org", "JSON-LD", "Structured data for SEO: Organization, WebPage, FAQPage, BreadcrumbList, Service")
}
System_Boundary(infra, "AWS Infrastructure") {
Container(cf, "βοΈ CloudFront", "CDN", "Global edge delivery, HTTPS, caching, security headers")
Container(s3bucket, "πΎ S3 Bucket", "Storage", "Static content with versioning, AES-256 encryption at rest")
Container(route53, "π Route53", "DNS", "Domain management with health checks")
Container(acm, "π ACM", "TLS", "SSL/TLS certificate management")
}
System_Boundary(cicd, "CI/CD Pipeline") {
Container(actions, "βοΈ GitHub Actions", "CI/CD", "Build, validate, scan, deploy workflows")
Container(scanning, "π Security Scanning", "Tools", "CodeQL, ZAP, Scorecard, Dependency Review")
}
Rel(visitor, cf, "HTTPS requests", "TLS 1.3")
Rel(cf, s3bucket, "Origin fetch", "HTTPS")
Rel(actions, s3bucket, "Deploy content", "AWS OIDC")
Rel(actions, scanning, "Security checks", "API")
π§© Component View
%%{init: {"theme": "base", "themeVariables": {"primaryColor": "#2196F3", "primaryTextColor": "#ffffff", "lineColor": "#455A64", "secondaryColor": "#4CAF50", "tertiaryColor": "#FF9800", "primaryBorderColor": "#1565C0"}}}%%
C4Component
title Component View - Hack23 Homepage Content
Container_Boundary(content, "Website Content") {
Component(index, "π Homepage", "HTML", "Main landing page with services overview")
Component(projects, "π¦ Project Pages", "HTML", "7 product portfolio: CIA, CIA Compliance Manager, Black Trigram, EU Parliament MCP Server, Riksdagsmonitor, EU Parliament Monitor, Homepage")
Component(docs, "π Documentation Pages", "HTML", "Project documentation pages with ISMS cards")
Component(features, "β Feature Pages", "HTML", "Project feature showcase pages")
Component(blog, "π Blog Posts", "HTML", "26 English blog articles on security, compliance, AI, Discordian framework")
Component(services, "πΌ Services", "HTML", "Consulting services and offerings")
Component(i18n, "π Translations", "HTML", "13 language variants Γ 96 pages each (sv, ko, ar, zh, de, fi, fr, es, ja, he, nl, da, no)")
}
Container_Boundary(seo, "SEO & Metadata") {
Component(meta, "π·οΈ Meta Tags", "HTML", "Open Graph, Twitter Cards, hreflang")
Component(schemaorg, "π Schema.org", "JSON-LD", "Structured data markup")
Component(breadcrumbs, "π Breadcrumbs", "HTML", "Navigation with Schema.org BreadcrumbList")
}
Container_Boundary(style, "Styling") {
Component(stylesheet, "π¨ styles.css", "CSS3", "Single CSS file with custom properties and responsive grid")
}
π File Structure
hack23-homepage/
βββ π index.html # Main landing page (and 12 lang variants)
βββ π *-project.html / *.html # 7 product overview pages (CIA, CIA Compliance Manager,
β # Black Trigram, EU Parliament MCP Server, Riksdagsmonitor,
β # EU Parliament Monitor, Hack23 Homepage)
βββ π *-features.html # Project feature pages
βββ π *-docs.html # Project documentation pages
βββ π blog-*.html # 26 English blog articles (+ translations)
βββ π services.html # Services page
βββ π why-hack23.html # About / differentiators
βββ π *_{lang}.html # Translated pages β 13 languages Γ 96 pages
β # (sv, ko, ar, zh, de, fi, fr, es, ja, he, nl, da, no)
βββ π¨ styles.css # Single stylesheet (responsive, dark theme)
βββ πΊοΈ sitemap.xml # XML sitemap with hreflang
βββ π sitemap_*.html # HTML sitemaps per language
βββ π€ robots.txt # Crawling directives
βββ π budget.json # Lighthouse performance budgets
βββ π .htmlhintrc # HTML linting configuration
βββ π screenshots/ # Visual assets and product screenshots
βββ π docs/ # Auto-generated release docs (Lighthouse, a11y, security reports)
βββ π .github/
β βββ π workflows/ # 10 workflow YAMLs + agentic workflow markdown templates
β βββ π skills/ # 58 Copilot skills (12 categories)
β βββ π agents/ # 8 custom Copilot agents
β βββ π aw/ # Agentic workflow shared prompts
β βββ π copilot-mcp.json # MCP server configuration
βββ π ARCHITECTURE.md # C4 architecture (this file)
βββ π SECURITY_ARCHITECTURE.md # Security design
βββ π THREAT_MODEL.md # STRIDE / MITRE ATT&CK threat analysis
βββ π CRA-ASSESSMENT.md # EU Cyber Resilience Act conformity
βββ π BCPPlan.md # Business Continuity Plan
βββ π FinancialSecurityPlan.md # Cost & security investment
βββ π End-of-Life-Strategy.md # Technology lifecycle
βββ π DATA_MODEL.md # Content & data model
βββ π FLOWCHART.md # Process flows
βββ π STATEDIAGRAM.md # Lifecycle states
βββ π MINDMAP.md # Conceptual relationships
βββ π SWOT.md # Strategic analysis
βββ π WORKFLOWS.md # CI/CD documentation
βββ π FUTURE_ARCHITECTURE.md # Architectural roadmap
βββ π FUTURE_SECURITY_ARCHITECTURE.md # Security enhancement roadmap
βββ π FUTURE_WORKFLOWS.md # CI/CD evolution
βββ π CLASSIFICATION.md # Data classification per ISMS
βββ π ISMS_REFERENCE_GUIDE.md # Blog-to-policy mapping
βββ π SECURITY.md # Vulnerability disclosure policy
βββ π README.md # Project overview
βοΈ Technology Stack
| Layer | Technology | Purpose |
|---|---|---|
| Content | HTML5 | Semantic markup with Schema.org structured data |
| Styling | CSS3 | Responsive design with custom properties; single styles.css |
| Hosting | AWS S3 (private bucket) | Static website hosting with versioning + AES-256 encryption |
| CDN | AWS CloudFront | Global edge delivery (450+ PoPs) with HTTPS, security headers, OAC |
| DNS | AWS Route53 | Domain management with health-check based DR failover |
| TLS | AWS ACM | Certificate management (TLS 1.3) |
| DR Hosting | GitHub Pages | Free fallback origin via Route53 health-check failover |
| CI/CD | GitHub Actions (10 workflows) | Automated build, validate, scan, deploy, release pipeline |
| Security Scanning | CodeQL, OWASP ZAP, OpenSSF Scorecard, Dependency Review | Multi-layer security scanning |
| Quality | HTMLHint, Lighthouse CI, html5validator, Linkinator | Content validation and performance |
| Build Hardening | StepSecurity Harden Runner | Runtime egress filtering and process monitoring |
| Supply Chain | SLSA Build Level 3, Anchore Syft (SBOM), GitHub Attestations | Build provenance, SBOM, signed releases |
| Build Tooling | Node.js (LTS), dra1ex/minify-action | HTML/CSS/JS minification |
| AI Tooling | GitHub Copilot, 58 skills, 8 custom agents, MCP servers | DevSecOps assistance |
π Deployment Architecture
%%{init: {"theme": "base", "themeVariables": {"primaryColor": "#2196F3", "primaryTextColor": "#1a1a2e", "lineColor": "#455A64", "secondaryColor": "#e8f5e9", "tertiaryColor": "#fff8e1", "primaryBorderColor": "#1565C0"}}}%%
flowchart LR
subgraph GitHub["π§ GitHub"]
repo[Repository] --> actions[GitHub Actions]
actions --> validate[Validate HTML/CSS]
validate --> scan[Security Scan]
scan --> build[Minify & Build]
end
subgraph AWS["βοΈ AWS"]
build --> s3[S3 Bucket]
s3 --> cf[CloudFront CDN]
cf --> edge[Edge Locations]
end
edge --> visitor[π§ Visitor]
classDef default fill:#e3f2fd,stroke:#1565C0,stroke-width:2px,color:#1a1a2e
classDef primary fill:#2196F3,stroke:#1565C0,stroke-width:2px,color:#ffffff
classDef success fill:#4CAF50,stroke:#2E7D32,stroke-width:2px,color:#ffffff
classDef warning fill:#FF9800,stroke:#F57C00,stroke-width:2px,color:#ffffff
classDef danger fill:#D32F2F,stroke:#B71C1C,stroke-width:2px,color:#ffffff
classDef info fill:#455A64,stroke:#263238,stroke-width:2px,color:#ffffff
π ISMS Compliance
This architecture aligns with the following ISMS frameworks:
| Framework | Controls | Status |
|---|---|---|
| ISO 27001:2022 | A.8.9 Configuration Management, A.8.25 Secure Development | β Implemented |
| NIST CSF 2.0 | PR.DS-1 Data-at-Rest Protection, PR.IP-1 Configuration Baseline | β Implemented |
| CIS Controls v8.1 | CIS 2 Software Inventory, CIS 16 Application Software Security | β Implemented |
Related ISMS Policies
- π Secure Development Policy β Development lifecycle requirements
- π Network Security Policy β CDN and network architecture
- π Cryptography Policy β TLS and encryption standards
- π Access Control Policy β AWS IAM and OIDC
- π Information Security Policy β Overall security governance