Capabilities

What we use, and why.

This is the actual stack across our portfolio — not a wish list. Every entry is in production on at least one Keltus project. Click the book icon on any row for a plain-English explanation of what it is and why it matters.

Frontend

Static-first, hand-crafted UI. We pick the framework that fits the product, not the trend.

Technology	What we use it for	On
Astro	Static-first site framework. Pages pre-built to HTML, zero JS unless we explicitly ship it.	SarahSite keltus.io
React	The dominant framework for interactive web apps. Always with TypeScript.	GoWeb Zavos DisApp Cabinet Builder
TypeScript	JavaScript with type-checking. Catches a class of bugs at compile time.	GoWeb Zavos DisApp SarahSite keltus.io
Tailwind CSS	Composable design tokens — build consistent UIs from a fixed palette.	GoWeb Zavos
Vite	Dev server + bundler. ~10× faster feedback loop than the previous generation.	GoWeb Zavos DisApp
Tiptap	Headless rich-text editor with server-side allow-list validation.	GoWeb
TanStack Query	Handles caching, refetching, and retries for server data.	GoWeb

Backend

High-throughput services in Go, with Node for tooling and PHP where the ecosystem fits.

Technology	What we use it for	On
Go	Google's language for high-traffic servers. Single-binary deploys, predictable performance.	SecureVote GoWeb NewsTosser Zavos DisApp SarahSite
Node.js + Express	JavaScript on the server. Useful when one language spans the stack.	Cabinet Builder
PHP 8	Modern PHP — fast, clean, and the right tool when editorial tooling already exists for it.	NewsTosser
Python	The universal glue language for scraping, scripts, and data extraction.	NewsTosser
Directus 11	Headless CMS where editors log in to manage content.	SarahSite keltus.io
chi (Go router)	Composable HTTP router for Go services. Nested groups, middleware, the good parts.	DisApp

Mobile

Native iOS and Android — not React Native compromises.

Technology	What we use it for	On
Swift + SwiftUI	Native iOS — smoother animations, real platform conventions, full API access.	Zavos
Kotlin + Jetpack Compose	Native Android with the modern declarative UI framework.	SecureVote Zavos DisApp NewsTosser
WebRTC	Peer-to-peer voice and video — Google Meet, Discord, Zoom all use it.	Zavos

Data & Search

Storage, search, and caching tuned to each workload.

Technology	What we use it for	On
MariaDB	Battle-tested relational database. Used by Wikipedia and Google.	SecureVote GoWeb NewsTosser Zavos Cabinet Builder SarahSite keltus.io
PostgreSQL	The other major relational DB — stronger for JSON, geo, and complex queries.	DisApp
Meilisearch	Typo-tolerant full-text search with sub-100ms responses.	GoWeb
Pagefind	Build-time search index that runs entirely in the visitor's browser.	SarahSite
Redis	In-memory cache and queue. Microsecond response, not millisecond.	GoWeb

Security & Crypto

Post-quantum-ready crypto, modern auth, defense-in-depth — built in, not bolted on.

Technology	What we use it for	On
CRYSTALS-Dilithium	NIST-standardized post-quantum signature scheme.	SecureVote
SPHINCS+	Post-quantum signature scheme as a backup to Dilithium — different math.	SecureVote
Signal Protocol	The crypto behind Signal, WhatsApp, and any genuinely E2E messenger.	GoWeb
X25519 ECDH	Modern elliptic-curve key exchange for per-device session keys.	DisApp
AES-256-GCM	Modern symmetric encryption with built-in tamper detection.	SecureVote DisApp
ECDSA P-256	Digital signatures for device identity, generated in hardware where possible.	DisApp
RSA Blind Signatures	RFC 9474 — sign something without seeing what you signed.	SecureVote GoWeb
Merkle Trees	Tamper-evident summaries of huge datasets. Bitcoin and Git use them.	SecureVote
WebAuthn / Passkeys	Phishing-resistant passwordless auth. The default on every new project.	GoWeb
Argon2id	Current OWASP-recommended password hashing. Memory-hard against GPU cracking.	GoWeb SecureVote DisApp
TOTP 2FA	The six-digit code in your Authenticator app. Backup factor for passkeys.	GoWeb
mTLS	Mutual TLS — both ends of the connection prove identity, not just the server.	SecureVote
Android Keystore + BouncyCastle	Hardware-isolated keys + the crypto library for algorithms Android does not ship.	SecureVote DisApp Zavos

AI / ML

Self-hosted models for sensitive data, cloud models when the workload justifies it, and custom personalities that know your business.

Technology	What we use it for	On
Ollama (self-hosted)	Open-source AI models running on your own GPU. Nothing leaves the box.	GoWeb NewsTosser Zavos
Anthropic Claude	Anthropic's hosted reasoning model. What we reach for when the workload justifies it.	NewsTosser
Custom AI personalities	A bot that knows your brand voice, your rules, and what it must not say.	NewsTosser
Corporate knowledge (RAG)	AI that answers questions about YOUR documents, not just general knowledge.	—
Pluggable LLM layer	Provider interface in code — swap Ollama → Claude → OpenAI without rewriting.	GoWeb NewsTosser
Tesseract OCR	Reads text from images and PDFs. Runs locally, no cloud call needed.	GoWeb

Infrastructure

Self-hosted, monitored, fast to deploy. No surprise vendor lock-in.

Technology	What we use it for	On
nginx	Web server in front of nearly every modern site. TLS, caching, reverse proxy.	SecureVote GoWeb NewsTosser Zavos DisApp SarahSite keltus.io
Let's Encrypt	Free, auto-renewing HTTPS certificates. The padlock in your browser.	SarahSite keltus.io
Cloudflare	Global edge cache + DDoS protection. Sits between visitors and origin.	NewsTosser
systemd	Linux's service supervisor. Starts services on boot, restarts on crash.	SecureVote GoWeb NewsTosser SarahSite keltus.io
sharp + WebP/AVIF	Image pipeline. Generates responsive variants in modern formats at build time.	SarahSite keltus.io
FFmpeg	The swiss-army knife of video and audio. Twitch and YouTube run on it.	GoWeb
GeoLite2 / MaxMind	Offline IP-to-location database. No external lookup needed.	SarahSite keltus.io
Brevo (transactional email)	Outbound email that actually reaches the inbox. Deliverability is the hard part.	SarahSite keltus.io