Belgian Go Association
June 2026
The AI (Claude, developed by Anthropic) served as anaccelerated development tool, not a decision-maker. Each feature was:
Specified by Yannick Kuy (specifications, architectural choices, design decisions)
Generated by Claude under direct supervision
Reviewed and validated by Yannick before each commit
Tested manually (and for the ELO system, via 47 automated tests)
The AI does not deploy anything autonomously. Every line of code in production has been approved by a human. The code produced is standard TypeScript, readable by any web developer, with no dependency on Claude for future maintenance.
Git (GitHub): complete history of every change with date, description and author
Each commit is accompanied by a message explaining why the change was made
The code is hosted on a private GitHub repository — accessible to any developer appointed at a later date
MeasurementDetailsPasswordsHashed with bcrypt (factor 12) — never stored in plain textFailed attemptsAutomatic lockout after 5 failed attempts, unlock after 15 minutesSessionsServer-signed JWT, automatic expiryResetLink via email, valid for 1 hour onlyComplexity requirementsMinimum 8 characters, must include at least one uppercase letter and one number
Sensitive data (email, phone number, address, date of birth) stored in Supabase (PostgreSQL on AWS eu-central-1, in Europe)
Vercel (web server) never stores data — it executes the code and passes requests to Supabase
Transit: HTTPS enforced on all pages, data is never transmitted in plain text
Secret keys stored exclusively in Vercel environment variables — never in the source code, never in Git
Every action on the server checks the role of the logged-in user. A PRESIDENT can only act on members of their club. A MEMBER can only edit their own profile. It is impossible to elevate one’s own rights.
Deletion request accessible from each member’s profile
Complete anonymisation: the name becomes “Anonymous Player-xxx”, the email is replaced by a random address, all personal data is deleted
Sports history (matches, results) is retained — obligation of sporting integrity
Privacy policy page available on the website (/privacy)
No two-factor authentication (2FA) — deemed disproportionate for a Go federation, but implementable if required
No external security audit — recommended prior to general public release
Any full-stack web developer familiar with:
Next.js (React) — the world’s most popular framework for web applications, used by thousands of businesses
PostgreSQL — standard relational database
TypeScript — statically typed JavaScript
The code contains no exotic or proprietary technologies. A competent developer can take it over within a few days of reading through it.
npm dependencies (libraries) may receive security patches. The procedure is:
npm audit # identify vulnerabilitiesnpm update # update minor dependenciesRecommended: check monthly, especially for NextAuth (authentication) and Prisma (DB access).
The office can make changes without touching the code:
✅ News, events, website pages
✅ Navigation menu (sidebar)
✅ Photos of clubs and tournaments
✅ Membership fees, members’ voting rights
✅ Tournament results
Requires a developer:
New features
Database schema changes
Infrastructure changes
Database migrations are versioned in the code (prisma/migrations/). Every schema change is tracked and reproducible. It is possible to revert to any version.
Supabase performs automatic daily backups (7-day point-in-time recovery on the free plan). In the event of a serious issue, data can be restored to any state from the last 7 days.
Risk | Probability | Impact | Mitigation |
|---|---|---|---|
Failure | Low (99.9% availability observed) | Temporary | No action required for this volume |
Price change | Medium (free plan, no SLA) | Low to medium | Migration to another host possible in < 1 day |
Service shutdown | Very low | High | The code can be deployed on Netlify, Railway, or a VPS within a few hours |
Legal grey area: Vercel’s Hobby plan is strictly reserved for non-commercial projects. A non-profit organisation collecting membership fees is in a legal grey area. Vercel does not actively check, but upgrading to the Pro plan ($20/month) would eliminate this theoretical risk.
Risk | Probability | Impact | Mitigation |
|---|---|---|---|
Outage | Very low (AWS eu-central-1) | Temporary | No action required |
Free quota exceeded (500 MB) | Low | Low | Currently < 50 MB; upgrade to Pro plan ($25/month) if necessary |
Service closure | Very low | High | Standard PostgreSQL export possible to any other DB host |
Next.js is developed by Vercel and used by companies such as TikTok, Twitch, and hundreds of thousands of projects. The risk of it being discontinued is virtually zero. Major updates (every ~18 months) require a migration, which is usually well documented.
The code does not depend on Claude to function or be maintained. Claude was a development tool, like an IDE or a linter. A human developer can take over the project without ever using AI.
That said, using an AI assistant for future modifications is perfectly feasible — it is now common practice in the industry, including in critical contexts.
Short term (< 1 month): the site runs on its own, no intervention required for day-to-day operation.
Medium term: any Next.js developer can take over the project. Commits are commented and critical functions (ELO, anonymisation, contributions) are documented. The rest of the code is sparsely commented — a technical report describing the overall architecture is planned to fill this gap.
Transfer of responsibility requires:
Access to the GitHub repository (invitation to be sent within < 5 minutes)
Access to the Vercel dashboard (invitation via email)
Access to the Supabase project (invitation via email)
Environment variables (.env file sent securely)
| Service | Current cost | Free allowance | Cost if exceeded |
|---|---|---|---|
| Vercel | €0/year | 100 GB bandwidth/month | ~$20/month (Pro) |
| Supabase | €0/year | 500 MB DB, 1 GB storage | ~$25/month (Pro) |
| Resend (emails) | €0/year | 3,000 emails/month | ~$20/month |
| TOTAL | €0/year | - | ~$65/month max |
For a federation of ~500 members, the free limits will not be reached for the next 2–3 years. The most likely scenario for exceeding these limits is Supabase storage if there are a large number of photo uploads from clubs/tournaments.
The current architecture on Vercel uses serverless functions: the server ‘wakes up’ with every request after a few minutes of inactivity, causing a latency of 500ms to 2 seconds on the first visit. This behaviour is inherent to the serverless model and cannot be corrected without changing hosting providers.
For a smooth user experience (< 100ms on all pages), a migration to a persistent server is an option:
OptionPriceLatencyMigration effortVercel (current)€0/year500ms–2s (cold start)—Railway~$5/month100–200ms (no cold start)1–2 daysRender~$7/month100–200ms (without cold start)1–2 days
Supabase remains unchanged in both cases — only the site’s hosting provider changes. The migration can be reversed at any time.
Entrust maintenance to the current developer (Yannick Kuy) via an annual maintenance agreement. As the project’s author, he knows the entire codebase and can respond quickly to any bugs or changes. A modest monthly fee (to be negotiated) ensures the project’s continuity without having to rely on an external contractor who would first need to familiarise themselves with the code. This is the most effective and least costly solution for the federation.
Document access: who has the Vercel, Supabase, GitHub, Resend credentials — and establish a handover procedure in the event of a change, regardless of who is responsible for maintenance.
Carry out a security audit (free OWASP ZAP tool) before opening to the general public.
Decide on hosting: stay with Vercel (free, ~1s cold start) or migrate to Railway (~$5/month, smooth navigation). See section 5.
Set an annual budget covering infrastructure + maintenance:
Scenario | Infrastructure | Maintenance | Estimated total |
|---|---|---|---|
Minimum (Free Vercel) | €0 | to be negotiated | as agreed |
Comfortable (Railway + Supabase Pro) | ~$40/month | negotiable | by agreement |
Document drafted in June 2026 — gobel-site