Colophon
Humans made this.
A colophon is the printer’s note at the back of a book: type, tools, who set it. We publish ours because it’s the fastest way to signal that something was made with intention, not generated.
Typography
Fraunces
Display · Headlines · Long-form body on public pages
A “wonky” optical-size variable serif designed by Undercase Type. We use it for all editorial headlines, the hero statement, and scan report summaries. Its italic is distinctive. Its numerals are old-style by default in flowing text. Google Fonts
DM Sans
Body · UI copy · Navigation
Humanist grotesque, slightly narrower tracking than Inter, with more character in its curved letters. Used for body copy, navigation labels, and all UI text where the serif would read as decorative. Google Fonts
JetBrains Mono
Monospace · Code · Data · Terminal · UI labels (Surface B)
Used for all data display: AIVSS scores, CWE codes, timestamps, hashes, rule IDs, and the entire Surface B (tool) interface. The ligatures are disabled. Google Fonts
Color
Surface A background. Warm, not clinical.
Surface A text. Not pure black — less harsh.
Surface B base. True black.
Surface B accent. Cockpit amber: attention without alarm.
Surface B critical severity.
Verified-safe state only. Not overused.
Grid and layout
Public pages (Surface A) use an 8-column grid with 32px gutters and a 1280px maximum width. The hero is intentionally asymmetric: 60/40, not 50/50. The editorial column measure is 60–70ch for body copy. Hairline rules are 1px at 12% ink opacity — never drop shadows on the light surface.
Tool pages (Surface B) use a dense 12-column grid with 24px gutters and a fine dotted background texture (24px pitch, 7% white dots) that reads as engineering graph paper. UI labels are set in monospace at 11–12px.
Tools
| Next.js 15 | Framework — App Router, RSC, streaming |
| TypeScript | Type safety, strict mode |
| Tailwind CSS v4 | Utility CSS, design tokens as CSS vars |
| shadcn/ui | Component primitives — retuned, not default |
| TanStack Query | Client-side data fetching and caching |
| next-auth (Auth.js) | OIDC, JWT strategy |
| Playwright | E2E test suite |
| Vercel | Deploy, preview, edge network |
| AWS | Backend hosting (EU region) |
Credits and advisors
Detection rules MCP-001 through MCP-005 were informed by research from OWASP LLM Top 10. Rules MCP-093 and MCP-094 (prompt injection via tool description) were originally identified during our April 2026 corpus scan; Issue 14 describes the pattern in detail.
The Fraunces typeface was designed by Phaedra Charles and Flavia Zimbardi. The AIVSS scoring methodology draws from CVSS v3.1 base score structure and EPSS probability modeling.
The Attestation Seal was designed as a deliberate counterpoint to AI-generated security theater — an artifact with enough visual weight and specificity that it can’t be faked without the data behind it.