ADR-0009: Gated Internet URLs as Browsing SSOT for Personal Knowledge
Context
Section titled “Context”Francois manages personal knowledge across multiple devices: M1Max (primary work), Pixel 9A (mobile thinking), and others. Traditional approaches to knowledge access create friction:
- Local files only — require cloning, manual sync, per-device setup
- Google Drive only — renders poorly on mobile, no static site rendering, version ambiguity
- Truly public sites — expose personal data and operational details
- Git clone + local editor — acceptable for editing, poor for casual browsing and thinking
When Francois closes the M1Max in the evening and reaches for the Pixel 9A with a framework idea, he needs immediate, frictionless access to reference material (CONTEXT.md, diagrams, cost analysis) without:
- Authentication per device
- Sync delays or version ambiguity
- Complex tooling or setup
- Risk of personal data leakage
Decision
Section titled “Decision”Use internet-published static sites (gated by Cloudflare Access + email OTP) as the primary browsing interface for personal knowledge. GitHub repos remain the SSOT for editing and version control. This model applies to:
docs.ducatillon.net— Architecture Wiki (private, Cloudflare Access)notes.ducatillon.net— Personal blog and research (public)strata.ducatillon.net— Finance app and analysis (public)- Any future personal knowledge site
Architecture
Section titled “Architecture”GitHub repo (SSOT for editing) ↓ (git push)GitHub Pages / Cloudflare Pages (auto-deploy on push) ↓ (rendered static HTML + CSS)Internet URL (https://docs.ducatillon.net) ↓ (Cloudflare Access middleware)Optional gating: Email OTP (for private sites) ↓Browser (M1Max, Pixel 9A, any device with browser) → Frictionless reading, thinking, idea captureEditing workflow (for substantive changes):
- Clone repo locally:
git clone <repo> - Edit
.mdor.astrofiles - Test locally:
npm run dev - Push:
git push - Auto-deploy to Pages/Cloudflare
- Changes live on internet URL within ~1-2 minutes
Browsing workflow (for reference and thinking):
- On any device: open
https://docs.ducatillon.net - Enter email for OTP (if gated; ~1 OTP session lasts hours)
- Read, browse, think, capture ideas
- No sync, no git, no setup — just think
Rationale
Section titled “Rationale”| Factor | Why This Matters |
|---|---|
| Device independence | M1Max → Pixel 9A → tablet. One brain, continuous thought. Internet URL is the switching point. |
| Frictionless access | No git clone, no local build, no “is this version current?” No per-device auth (OTP session lasts hours). |
| Thinking time | Late-night ideas, shower thoughts, commute insights — immediate access to framework reference. Iterative thinking without friction compounds into better decisions. |
| Version clarity | Published URL is always the current state. No “which branch am I on?” ambiguity. |
| Separation of concerns | Edit on laptop (local clone + tooling). Read/think on any device (browser URL). Different workflows for different contexts. |
| Gating privacy | Cloudflare Access + OTP respects the Personal Boundary — not public, not open to the world, but not dependent on any tool installation. |
| Scaling | Model works for all personal sites: notes, projects, analysis, framework. Future Hermes Agent can read the raw .md via GitHub MCP for automation. |
Consequences
Section titled “Consequences”✅ Benefits
Section titled “✅ Benefits”- Continuity of thought — closes device gap, enables idea capture across contexts
- Low operational tax — Cloudflare Pages free tier, rclone free, no extra services
- Reversibility — if OTP becomes friction, switch to truly public (just remove Access); if need local-only, clone the repo
- Hermes-friendly — Agent can read raw
.mdfrom GitHub simultaneously; no conflict
⚠ Trade-offs
Section titled “⚠ Trade-offs”- Edit friction on phone — mobile editing is harder than desktop. Mitigation: Pixel 9A has Markor (markdown editor) + GitHub mobile app; good enough for urgent fixes, but real edits happen on M1Max.
- Dependency on internet — offline access requires local clone. Mitigation: phone is rarely offline; important docs can be bookmarked or saved locally if needed.
- OTP session management — users must manage OTP sessions. Mitigation: OTP lasts ~12 hours per browser; acceptable for personal use.
Alternatives Rejected
Section titled “Alternatives Rejected”| Alternative | Why Rejected |
|---|---|
| Local files only (no internet URL) | Breaks device independence; late-night ideas require repo sync setup |
| Private GitHub repos with CLI | Requires git clone + terminal per device; too much friction for casual thinking |
| Google Drive ONLY | Doesn’t render as a readable website; no frictionless mobile experience |
| Truly public internet (no gating) | Exposes cost data, personal details, operational decisions; violates Personal Boundary |
| Obsidian vault + sync | Adds subscription cost, vendor dependency, sync complexity |
Implementation Status
Section titled “Implementation Status”IMPLEMENTED ✅
- docs.ducatillon.net (Architecture Wiki, private Cloudflare Access) — operational
- notes.ducatillon.net (blog, public) — operational
- strata.ducatillon.net (finance analysis, public) — operational
- Cloudflare Pages auto-deploy — configured
- Cloudflare Access + OTP — configured for private sites
Monitoring & Review
Section titled “Monitoring & Review”- Success metric: Francois captures 2+ framework ideas/month via mobile browsing
- OTP friction metric: If OTP logins > 5/week become annoying, reconsider (e.g., allowlist IP ranges)
- Next review: After 2 months of Hermes Agent operation (check if agent needs simultaneous GitHub raw access)
Related ADRs
Section titled “Related ADRs”- ADR-0001: Google Drive as SSOT over Syncthing — covers SSOT for documents
- ADR-0004: Google Drive Docs + GitHub Code — split between Drive and GitHub
- ADR-0006: Docs Site on Cloudflare Pages — static site deployment model
- ADR-0007: Plaintext Secrets + OS Hardening — security model for Agent Host