Atlas
guestPublic

The Citrate marketing site

source: citrate-landing/README.md, citrate-landing/src/app, citrate-landing/src/lib

The public website for the Citrate Network is the first place most people meet us. It explains what the network is, who it serves, and how to reach the team, and it holds none of your plaintext: anything you type into a form is encrypted before it is written down.

What it is

The marketing site is a plain website with one unusual property. It is built on Next.js 16 with the App Router, backed by Neon Postgres through Drizzle, and runs on Vercel. Nine pages, ported from the original design prototype, describe the network and the institutions it is built for. Three forms let you reach us.

The property worth knowing is that the site never keeps what you type in readable form. Every form submission is encrypted with AES-256-GCM before it reaches the database, so the stored columns are ciphertext and nothing else. The only plaintext use is a notification email so the team can write back. The site is a public front door for the network described in what Citrate is; it makes no claim of its own beyond that.

How to use it

You read the pages, and if you want to talk to us, you submit a form.

  1. Browse the nine pages: home, solutions, technology, host-compute, compliance, constitution, about, resources, and legal. Each is a server-rendered page under src/app/.
  2. Choose the form that fits. Contact is for general inquiries, host-compute is to apply to run hardware on the network, and verification-packet is to request our compliance and security documentation.
  3. Fill in the fields and submit. You receive a confirmation, and the team is notified by email and follows up.

There is no account to create and nothing to install. The site is read and submit.

Reference

The pages and the three form endpoints, each citing its path in citrate-landing.

PageRouteWhat it covers
Home/Hero, the network at a glance, the sectors and public doors
Solutions/solutionsWhat you can build and run on the network
Technology/technologyThe substrate, consensus, and on-premise model
Host-compute/host-computeRunning hardware on the public network
Compliance/complianceThe compliance posture by deployment context
Constitution/constitutionNetwork governance
About/aboutThe team and the mission
Resources/resourcesDocumentation and reading
Legal/legalTerms and policies
Form endpointMethodPurpose
/api/contactPOSTGeneral contact
/api/host-computePOSTApply to host compute
/api/verification-packetPOSTRequest the verification packet
/api/challengeGETIssues a short-lived, single-use submission token

Search and machine readers are served by a sitemap, a robots.txt written to welcome agents, JSON-LD for Organization and WebSite, and dynamic Open Graph images from /api/og.

Design rationale

A site that gathers inquiries from schools, hospitals, and contractors is gathering names and email addresses, which are exactly the records those institutions are careful with. So the site is built to hold none of it in the clear. Submissions are written as AES-256-GCM ciphertext through envelope encryption (src/lib/encryption.ts), and email is deduplicated with a keyed HMAC blind index, so even the lookup value is not your address in plaintext. Submissions pass an origin check, a hidden honeypot, a Cloudflare Turnstile challenge, a Postgres-backed sliding-window rate limit, and the single-use token from /api/challenge. The trade is that a form submission does a little more work before it lands; for the records involved, that is the right trade.

Access and canon

Public. A marketing site is public by definition, and this page carries no secrets, keys, or private endpoints. None live in the repository either: .env* files are ignored by git, only .env.example is committed, and the real values for the encryption key, database URL, and SMTP password live in Vercel project environment variables. The encryption is the load-bearing fact for a visitor: forms are stored as ciphertext only, and the single plaintext use is the team's reply.

Source and verification

  • Source repo: citrate-landing, README.md.
  • Audited against SHA: d4f4a64.
  • Key paths: src/lib/encryption.ts, src/lib/schemas.ts, src/app/api/contact/route.ts, src/app/api/host-compute/route.ts, src/app/api/verification-packet/route.ts, src/app/api/challenge/route.ts, src/app/ (nine pages).
  • Status: Implemented. The site is in production and actively maintained, with a strict Content Security Policy carrying a per-request nonce, HSTS, an OWASP ZAP baseline scan in CI, and Playwright tests across five viewports. The posture statements on the site are descriptive; they are not a third-party certification.