title: Overview description: Arsvine site runtime: DNS, deployment, object storage, SEO, security.
Website Infrastructure overview
This is the "runtime" manual: domains, DNS, deployment platform, object storage, fonts, SEO, telemetry, security boundaries. All content is public fact; no secret values.
Top-level locations
Reading order
server-and-stack—server.jsentry, build stack, Next.js configurationenv-vars— every.env.examplefield, purpose, and security tiervercel-dnspod— Vercel project settings, domain binding, DNSPod recordscos-and-cdn— COS bucket layout, object key naming, version pointersfont-hosting— self-hosted Google Fonts fetching and uploadasset-pipeline—assets:prepare→build→publishpipelinerss-sitemap-robots— dynamically generated SEO filestelemetry— telemetry (off by default, opt-in via env)seo-and-security— site metadata, revalidate secret, TOTP, access cookie, remote image hostscontent-pipeline— external GitHub content repo structure
Content red lines
The following are forbidden in public docs:
- Any secret value from
.env.local - GitHub Token / PAT
- COS
SecretId/SecretKey/SessionToken - TOTP secrets (base32 literals)
- Private bucket paths, full API endpoint URLs
- Real high-value resource maps
- Unpublished friend information
- Vercel / DNSPod screenshots with sensitive fields
Write about "flows" and "field names" — never about "real keys" and "private paths".