Technology stackTools that have earned their place.
No logo cemetery. We list what we actually run in production — and briefly why. Decisions sit on an 18-month horizon, not the next GitHub trend.
- Next.js 15 (App Router)RSC by default, Turbopack in dev
- TypeScript 5Minimise runtime surprises
- Tailwind v4Visual consistency without CSS-module chaos
- shadcn/ui (eigene Forks)Copy-own instead of npm dependencies
- next-intlReal URL prefixes /de/* /sr/*
- MDXContent ops for case studies
- FastAPIPydantic schemas + OpenAPI 3.0 out of the box
- Uvicorn (multi-worker)MALLOC_ARENA_MAX tuned, daily auto-restart
- Node 20 LTSFor frontend-adjacent services
- JWT · OAuth2Standard — we don't reinvent the wheel
- Rate-LimitingPer key + per IP, never just one of the two
- PostgreSQL 15+Transactional + JSONB — usually enough
- PgBouncerPool exhaustion is not destiny
- AlembicSchema migrations with rollback discipline
- RedisCache & queues — not a primary-DB replacement
- Idempotente ETLShard-based, mini-batch, re-runnable
- PlaywrightFor anything that only exists in a browser
- PyTorchLSTM, transformer — anything we train ourselves
- XGBoostStill gold for tabular features
- scikit-learnFeature engineering, baselines, validation
- hmmlearnRegime detection, transparent states
- FRED · yfinance · EDGARPrimary sources for macro and market data
- MLflow-kompatible ArtefakteModel versioning is required, not optional
/05
Smart contracts & DeFi
100 % contract coverage before a single line hits mainnet. Audit reports as a gate, not decoration.
- Solidity 0.8.24+Latest stable, no experimental forks
- Hardhat + FoundryHardhat for the pipeline, Foundry for fuzzing
- OpenZeppelinYou don't hand-roll access control
- The Graph (Subgraphs)Event indexing as a standard
- Ethers.js v6Wallet and chain interaction
- Arbitrum · EVM-kompatibelL2 by default, mainnet when required
- Docker ComposeDev on one node, prod on several
- systemdBecause it simply works on Linux
- cron + daemon-keeperScheduling without the complexity tax
- nginxReverse proxy + TLS termination
- Let's Encrypt (certbot)Auto-renewal via systemd timer
- GitHub ActionsCI/CD with coverage gates
- TailscaleZero-trust mesh for server-to-server
/07
Observability & alerting
If it wasn't logged, it didn't happen. Metrics, alerts and health checks belong in the first PR.
- Prometheus + GrafanaStandard metrics stack, nothing exotic
- Structured logs (JSON)greppable + machine-parseable
- Telegram Bot APIAlert delivery without an enterprise paging stack
- UptimeRobot / Health-ChecksExternally verified, not just internally
- Auto-Healer-ScriptsSelf-healing before operator intervention
What we don't useAnd why not.
Positioning includes what you leave out. These tools have their place — but not in every project, and rarely as first choice. We are honest when the answer is no.
✗
Kubernetes (für Teams < 10)
Over-engineering without a payoff. 90 % of production stacks run happily on Docker Compose + systemd.
✗
NoSQL als Primary Database
Schema evolution, joins, transactions — SQL is right most of the time. NoSQL goes on top, not instead.
✗
Agentur-CMS (WordPress & Co.) für Produkt-Software
Inflexible for custom logic, expensive lock-ins, plugin hell. OK for a plain corporate site — not for a product.
✗
Bleeding-Edge JS-Frameworks ohne Production-Proof
We pick tools on an 18-month horizon, not by GitHub trend. Proof before hype.
✗
Manuelles Deployment via SSH + scp
Not reproducible, not auditable, not rollback-able. Every deploy session produces technical debt.
✗
Mocks für Integrations-Tests gegen externe APIs
Mocks lie about reality. Contract tests against real sandboxes — or nothing.
Stack fits?
See how this stack looks in production — or tell us what you need.