| Tool | What we use it for | Access |
|---|
| GitHub | Source, CI, issues | Google Workspace SSO + FIDO2 for admins |
| GitHub Actions | CI/CD for every repo | Built into GitHub |
| gh CLI | Scripted GitHub access | gh auth login |
| Tool | Purpose | Access |
|---|
| Google Cloud (Cloud Run, Cloud SQL, Secret Manager, Artifact Registry) | Core server hosting | Google Workspace SSO → IAM |
| Cloudflare (DNS, Pages, Access, Tunnel, Zero Trust) | Edge, static hosting, access gating | Email + TOTP |
| Terraform | IaC for GCP + Cloudflare | State in GCS, applied via GH Actions |
| Docker Desktop / OrbStack | Local container runtime | Personal install |
| Tool | Purpose |
|---|
| Grafana Cloud | Metrics + dashboards |
| Prometheus (hosted) | Metric scrape (via Grafana Cloud agent) |
| Cloud Logging (GCP) | Application logs |
| PagerDuty | Alert routing, on-call schedule |
| Sentry | Frontend error tracking |
| PostHog | Product analytics, frontend feature flags |
| Tool | Purpose |
|---|
| 1Password | Human secret vault, shared team vaults |
1Password CLI (op) | Load secrets into local dev env |
| Google Workspace | Email + SSO IdP + Drive |
| Google Secret Manager | Runtime secrets for Cloud Run |
| Tool | Purpose |
|---|
| Linear | Engineering issues, project tracking |
| Slack | Async comms |
| Google Docs | Decision docs, customer-facing proposals |
| Notion | Not used — consolidating on Google Drive + this site |
| Tool | Purpose |
|---|
| Stripe | Billing, subscription management |
| HubSpot | CRM, deal pipeline |
| Calendly | External scheduling |
| DocuSign | Contract signatures |
| Tool | Purpose |
|---|
| Claude Code / Cursor | AI coding assistants (governed through TapPass itself — yes, we eat our own cooking) |
| VS Code | Editor (alongside Cursor) |
| Cloud SQL Proxy | Local connection to staging/prod DB replica |
cloudflared | CLI for tunnels |
wrangler | CLI for Cloudflare Pages |
uv | Python package manager (replaces pip/poetry) |
ruff | Python formatter + linter |
mypy | Python type checker |
Worth noting what we deliberately avoid — saves repeated “should we use X?” conversations:
- Jira — Linear is cleaner. Jira is Atlassian; we use Jira as a provider integration for customers, but not ourselves.
- Notion — Drifted across too many sources of truth. Consolidating here (for internal docs) + Google Drive (for shared editing).
- Confluence — Same reason.
- Jenkins / CircleCI — GH Actions covers us.
- Datadog / New Relic — Grafana Cloud + Sentry is enough; can revisit at scale.
- AWS / Azure as primary cloud — GCP is our core infra. We support AWS/Azure as customer integrations, but our own workloads live on GCP.
- MongoDB — Postgres is the right choice for us. No document store.
- Redis as a primary cache — Postgres + in-process caches are sufficient at current traffic.
- GraphQL — REST. FastAPI + Pydantic is enough.
If you’re new and missing access to something: Slack @jens in #eng or DM. Don’t spend half a morning stuck.
Most access is self-service via Google SSO once your @tappass.ai account is active; the above table flags when that isn’t enough.
