Every service that powers LinkSilo is listed below with its current operational state. Pre-launch, the markers reflect deployment-environment health under the same operational discipline that will govern public-launch traffic; from public launch onward, this page becomes the primary surface for incidents, scheduled maintenance, and recovery updates.
Last reviewed 2026-05-18
The capabilities below each map to one or two backing services in our open-source monorepo. The internal codename of each backing service is named in mono after the description; the service-to-capability mapping is documented in the repository's architecture docs and the open-source codebase.
Signup, login, password reset, recovery-phrase flow, multi-factor authentication, and the OIDC discovery endpoints that power dashboard access.
Tier subscriptions, credit-ledger top-ups, auto-top-up flow, encrypted invoice ledger, tip-jar flow, and the webhook surfaces that bind Stripe events to ledger state.
The SvelteKit application a creator signs into: page editor, link manager, theme picker, analytics view, billing view, and the marketing surface you are currently reading.
Page CRUD, custom-domain verification, sealed-box contact-form ingest, and tip-payment ingest. The creator-side and visitor-side write paths both terminate here.
The visitor-facing renderer that serves a creator's public page from ciphertext stored in the database. Read-only PostgreSQL role; cannot write to user data even under compromise.
Beacon receipt and k-anonymized aggregation. The ingress process has no database access at all; it coarsens the beacon at the process boundary and forwards to the aggregator over an internal channel.
The application services above run on a small set of foundational components. The two LinkSilo-owned components are listed with status markers; external dependencies are listed in a separate claim-list further down, with pointers to their respective vendor-side status surfaces.
PostgreSQL with role-separated access: each application service connects under a distinct role with minimum privileges. The renderer's role is read-only; the analytics ingress has no database access at all.
Caddy terminating TLS via rustls, no OpenSSL anywhere in the dependency graph. TLS 1.3 with hybrid post-quantum key exchange enabled on the production edge once the certificate-authority pipeline supports it.
During pre-launch, this page is the eventual primary surface for operational state but is not yet load-bearing — the marketing site has no public traffic to be affected. From public launch onward, /status becomes the live incident-tracking surface; pre-launch, operational notes flow through the channels below.