Infrastructure & Trust
A project site about proof-bound local AI has to be proof-bound itself. The infrastructure layer is not cosmetic: if the domain does not resolve, redirects are broken, certificates fail, or machine-readable files are missing, the site cannot carry technical authority.
Launch-gate infrastructure matrix
| Layer | Required state | Why it matters |
|---|---|---|
| A / AAAA | Root and www resolve to active IPv4 and, where available, IPv6 routes. | Basic reachability and crawler access. |
| HTTPS | Valid TLS certificate, forced HTTPS, no mixed-content assets. | Trust, browser security, and agent fetch reliability. |
| HSTS | Enable after HTTPS is stable; use a cautious ramp before preload. | Prevents protocol downgrade once configured correctly. |
| CAA | Restrict certificate issuance to the intended certificate authority. | Limits unauthorized certificate issuance. |
| DNSSEC | Publish DS/DNSKEY where registrar and DNS host support it. | Improves DNS integrity for a technical brand. |
| SPF / DKIM / DMARC | Publish strict mail authentication for any sending domain. | Reduces spoofing risk for the maintainer and project. |
| robots.txt | Allow public crawl, publish sitemap, do not block project docs. | Prevents accidental invisibility. |
| llms.txt | Root file exists and links to core project pages and docs. | Gives agents a curated map instead of forcing blind scraping. |
| /docs and /.uai | Static public routes are reachable from the root package. | Preserves durable memory and source report access. |
| Markdown negotiation | Accept: text/markdown can return Markdown for project pages. | Reduces token waste while preserving the same semantic content. |
Headers emitted by the site
The site now sends conservative front-end headers when plain PHP serves public pages:
X-Content-Type-Options: nosniffReferrer-Policy: strict-origin-when-cross-originPermissions-Policyrestricting camera, microphone, geolocation, payment, USB, and serial access by defaultStrict-Transport-Securityonly when the request is already HTTPS
These do not replace server configuration. They provide a baseline while the deployment host should still own TLS, redirects, HTTP/2 or HTTP/3, compression, caching, and WAF behavior.
Host-neutral verification commands
dig Runtime.MiRust.com A +short
dig Runtime.MiRust.com AAAA +short
dig Runtime.MiRust.com CAA +short
dig Runtime.MiRust.com TXT +short
curl -I https://Runtime.MiRust.com/
curl -I https://Runtime.MiRust.com/llms.txt
curl -H "Accept: text/markdown" https://Runtime.MiRust.com/architecture/
curl https://Runtime.MiRust.com/.uai/index.uai
curl https://Runtime.MiRust.com/docs/index.md
curl https://Runtime.MiRust.com/.well-known/security.txt
What the plain PHP package controls
- Theme-rendered pages and semantic HTML.
- Dynamic
llms.txt,llms-full.txt, sitemap XML, Markdown alternates, and robots output. - Root package static
/docs,/.uai, and/.well-known/security.txtfiles. - Public contact path for maintainer follow-up.
- No external front-end dependencies or CDN assets.
What deployment controls
- Registrar status and domain lock.
- Authoritative DNS provider and DNSSEC.
- TLS certificate lifecycle.
- HTTP to HTTPS redirect.
- Server compression and object/page cache.
- WAF and bot policy.
- Email authentication records.