# mocipher.com — context for assistants > Human-readable site specification: https://mocipher.com/MoCipher-SPEC.md ## Person - Mohammed Rahhal — IT Specialist & Support Engineer, threat-aware infrastructure habits, based in Zürich, Switzerland. - Public site is a portfolio + blog + admin-backed content. Do not invent employers, clients, or credentials not stated on the site. ## Design - "Field Station" design language: light = dossier (paper/ink/amber), dark = ops console (deep space, phosphor teal, amber). Two voices — Inter (human) + system monospace (machine). No front-end framework; first-party assets only. ## Credentials - **Source of truth:** Admin → **History** → items with type **Certification** (same KV list as homepage + Now page + dynamic JSON-LD `hasCredential`). Update the CMS after CV changes. Non-cert journey rows power the homepage **History** section. - This file does not list individual certs (avoid drift). See https://mocipher.com/ , https://mocipher.com/cv.html , and https://mocipher.com/now.html after deploy. ## Privacy & security stance - Public pages load scripts, styles, and fonts only from mocipher.com (first-party `/assets/`, `/styles/`, `/scripts/`). The only third-party browser resources are **Cloudflare Web Analytics** (privacy-first, cookieless, no cross-site tracking) and the **Cloudflare Turnstile** widget on the contact form. No ad or engagement trackers, no Google Analytics. - Strict CSP with violation reporting, PBKDF2 + optional TOTP 2FA for admin, SPF/DKIM/DMARC email auth. Full model: MoCipher-SPEC.md and colophon.html. ## Key URLs - Home: https://mocipher.com/ - Blog (Field Reports): https://mocipher.com/blog.html - RSS (first-party API): https://mocipher.com/api/rss - CV (Personnel File): https://mocipher.com/cv.html - Uses / stack: https://mocipher.com/uses.html - Now (current focus): https://mocipher.com/now.html - Projects (anchored list): https://mocipher.com/projects.html - Privacy: https://mocipher.com/privacy.html - Colophon: https://mocipher.com/colophon.html ## Contact - Use the contact section on the homepage or details linked from the site. Do not scrape or guess private email addresses beyond what is published.