Sami Aktaş

Ledger № 18 · July 5, 2026

TR

The full ledger

Build Journal

18 entries, grouped by venture — every line a real date, a real progress note.

09

samiaktas.com

9 entries

The site is bilingual now: the English version is live

samiaktas.com/en is open — the entire site in English: homepage, journal archive and venture pages. A TR/EN button sits top right; there is deliberately no auto-redirect (Google's advice: hreflang + user choice). All 15 journal entries, my About story and the whole UI were hand-translated; even dates format per language. Zero code duplication: the same files render both languages. AI engines and Google can now cite this ledger for English queries too.

i18n · hreflang · SEO · Astro

Code diet: ~8 MB of dead weight gone, structure now modular

We cleared the leftovers of the old single-file site (nearly 8 MB of dead files); the original went into the archive. Header, footer and journal-entry blocks that were copy-pasted across three pages became single components — changing a view now means editing one file. Cyrillic/Greek/Vietnamese font subsets a Turkish site never uses were dropped too (39 definitions down to 16). The look stayed pixel-identical.

Refactor · Modular Architecture · Performance

Real expenses and technology tags

The ledger's 'zero expenses' didn't reflect reality — we opened an overhead class called 'Workflow & Tools' and recorded the Claude Pro subscription (17 USD ≈ ₺796). Transparency now shows the real number; the class doesn't count as a venture and gets its own itemized section. Every journal entry also got tags for that day's technologies and security work — visitors see at a glance what each job was built with.

Transparency · Overhead · Tagging

Journal archive and venture pages

As the build journal grew, we restructured it: the homepage now shows only the last 5 entries and the full ledger lives at /gunluk. Every venture got its own journal page — Payda and samiaktas.com read separately, and any new venture gets its page automatically. Entries now run newest to oldest, every page introduces itself to search engines with its own title and schema, and the sitemap updates itself.

Astro · SEO · Schema.org

The site publishes itself + a triple expert audit

Today we built a pipeline that automatically rebuilds and publishes the site on every edit (build → deploy → instantly notify search engines). Then came three separate expert audits — design, SEO/GEO and security: accessibility/contrast fixes, richer structured data, and the database write rule locked to my account only. Note: this entire site was built with a single Claude Pro subscription, together with AI.

CI/Automation · Security · SEO · Accessibility

Rebuilt the site with zero-JavaScript Astro

For the fastest visibility on AI and Google, we moved the site to a fully static, zero-JavaScript Astro build. The result: ~34 KB, sub-half-second loads, and every piece of content embedded so bots read it instantly. We simplified the design too: a text-first opening and a single large photo in About.

Astro · Tailwind CSS · Zero-JS

Identity, login and the UI settled

We wrote the About text (Adana; starting my software entrepreneurship with this site), secured the admin login with Firebase and reworked the UI. We also found and fixed a missing DNS record on the e-mail side; [email protected] works now.

Firebase Auth · DNS · Security

Search-engine and AI visibility package

We introduced the site to Google, Bing and Yandex; set up the sitemap, robots.txt, llms.txt, Schema.org markup and IndexNow. AI crawlers like GPTBot/ClaudeBot got read access. Cloudflare added speed, security (SSL, WAF) and a caching layer.

SEO · Schema.org · Cloudflare · WAF/SSL

The site is finally live

We moved the broken portfolio site to Firebase Hosting and got it online. Split the single 7 MB file into pieces and made it persistent with Firestore; the page no longer resets on every refresh. Step by step, with AI, without knowing how to code.

Firebase Hosting · Firestore · JavaScript

09

Payda

9 entries

Big pre-launch sweep: 10 gaps, 10 fixes

Today I combed through Payda as if launching tomorrow: period filters, CSV export, full reverse entries when deleting a sale, KVKK (Turkish data-protection) pages, an account panel, a PWA manifest and more — found 10 gaps and closed all 10 the same day. The security pass also caught and fixed CSV formula injection and a double-delete race; test suite 68/68 green. Still one Claude session, still build in public.

KVKK/GDPR · PWA · CSV Export · Security Audit

Mini-CRM, a task system and recurring-expense automation

Payda got a real mini-CRM today: search a number and you see whether that person is a customer, what they bought and WHO entered the sale, line by line — with customer notes. Alongside it came a real task system (managers assign, workers complete from 'My Tasks'), a scheduled function that posts fixed monthly expenses automatically, and a profit-share bug fix. Test suite 84/84 green, all in a single Claude session.

Mini-CRM · Task System · Scheduled Functions

Payment approvals + backend split into modules

Today I added partial or one-shot payouts for partners paying workers/bankers; if there's a second partner, changes go to them for approval (four-eyes). Then I split the 800-line single-file backend into modules — lib/core + handlers/ (project, transaction, member, finance, tasks, sharing, scheduled) — behavior identical, all 104 tests still green. Removed the dead code too. Still one Claude session.

Cloud Functions · Modular Architecture · Tests

Customer records (mini-CRM) and modular permissions

Sales can now optionally include a customer number and product; search a number and you see who bought what and from which account. Customer data counts as personal data (PII), so only members with that permission can see it. Authorization is now fully modular: the role defines the screen, and every capability can be toggled one by one (a banker can do banking only — or ads too, if allowed). All 61 integration tests passed; backend and UI went live.

Cloud Functions · Firestore Rules · Security (PII) · Integration Tests

Three in one: design, security, SEO

Today I set three expert agents on Payda at once: the designer built an accessible, mobile-friendly design system with OKLCH tokens; the security expert tightened percentage fields and amount limits in an OWASP audit; the SEO agent added hreflang, a favicon and WebSite schema. In between, customer records (mini-CRM) and the fully modular permission system also went live — 61 security tests still green. All in one Claude session; I only steered.

Design System · OWASP Audit · SEO

Bot protection with reCAPTCHA

We added reCAPTCHA to Payda's sign-in and sign-up flows to protect against automated/bot abuse.

reCAPTCHA · Security

Role permissions and project management

We defined who can see and touch what: worker, partner and banker roles. Fixed the project create/delete flow with safe confirmations and applied the debugging and security-audit plan phase by phase.

Firebase · Roles/Permissions · Security

Bank-grade security and data isolation

We made sign-in, e-mail verification and password reset work, and wired every feature to a real backend. Most importantly, we built the architecture role-isolated — an employee cannot see or change anyone else's data — close to banking standards, with all writes server-side.

Firestore Rules · Firebase Auth · Security

The Payda journey begins

We set up Payda — a project management and accounting platform — on Firebase: database, authentication and hosting. Built the entire data layer from scratch.

Firebase · Firestore · Firebase Auth