● Last verified Jul 9, 2026
The last thing I took out of voxmana.io before I was happy calling it done was a feature that worked perfectly.
The Mana Base Codex — the reference piece on the site — pulled its card art live from Scryfall, a third-party card database. It looked great, and it worked every single time I tested it. Which is exactly why I almost shipped it. A “static” page that quietly makes live calls to someone else’s servers isn’t static, and it isn’t fully mine: it works right up until the day that service is slow, rate-limits me, or renames a URL. So I pulled the live fetch and cached what I needed once, at build time.
That near-miss is the whole post. Static doesn’t delete risk. It moves it somewhere quieter.
Static isn’t safe — the risk just goes quiet
Going static removes a real category of failure. No server to crash at 2 a.m., no query timing out under load. That’s why it’s a great default for a side project, and it’s most of why voxmana.io is one. The mistake is hearing “no server” and deciding “no risk.”
What actually happens is the risk changes shape. It stops looking like a stack trace and starts looking like a page that renders perfectly while quietly doing the wrong thing. That’s the trap in one line: on a static site, the dangerous risks are the invisible ones. So the job was the same one I’ve had for years — make them visible before launch, not after someone else finds them for me.
| Looks fine | Actually |
|---|---|
| The Codex renders card art beautifully | It’s phoning a third party at runtime — fine until that third party isn’t |
| The site is live and reachable | It’s on a github.io launchpad; the real domain and its metadata are a half-wired seam |
| A list on the page matches the data | The generated view and the source of truth quietly drifted apart |
| It works in my local preview | Cold-load fonts, deep-links, and hover art behave differently on the deployed URL |
Every row looks shipped. Every row is a seam where “looks fine” and “is fine” quietly came apart.
The seams where a “static” side project bites
- The page that phones home. Anything fetched live at runtime — art, fonts, data — is a dependency you don’t control wearing a static costume. On the Codex that was Scryfall; I moved it to art cached once at authoring time and a local font subset, so the page owes nothing to anyone else’s uptime.
- The launchpad seam. voxmana.io runs on GitHub Pages while I finish the real thing — a deliberate MacGyver move: use what’s already there, ship, replace the weak part once you find it. The cost isn’t the launchpad; it’s forgetting the launchpad — leaving canonical URLs, sitemap, and social metadata pointing at a domain that isn’t fully the one serving the page yet. Fine to do. Not fine to lose track of.
- Data that drifts from the page. The thing on screen is generated; the truth lives in the source. Let those two fall out of sync and the page looks authoritative while it’s subtly wrong. Most of the QA discipline underneath voxmana.io exists to keep the displayed thing honest to its source.
- Client code that only fails in the field. Hover-card previews, hash deep-links, the mana-symbol font — all of it works in my editor’s preview and can still behave differently on the deployed page or a cold cache. Static pages still run code; the runtime is just the visitor’s browser, which I don’t get to control.
It wasn’t only the side project, either. On this blog, the subscribe form validates your email, flashes a friendly confirmation, and captures nothing — a front-end demo I hadn’t wired to a real service yet. It passes every glance and fails every person who trusts it. Same trap, different repo.
The decision I almost got wrong
Back to the Codex, because it’s the cleanest version of the lesson.
The live-Scryfall version had no bug in it. Every line worked exactly as written. There was no failing test to catch it, because nothing failed — the gap was between what the page looked like it was (self-contained, mine, done) and what it was actually wired to do (lean on a third party every time it loaded). That gap is invisible from the page. You only find it if you go looking on purpose, and the only reason I went looking is that I’ve been burned by the pattern enough times to distrust anything that works too cleanly on the happy path.
The failure with no error message is the one that ships. If something works perfectly on the happy path and you can’t say why it would ever fail, you haven’t found its failure mode yet — you’ve just not gone looking.
Pulling the fetch made the page slightly more work to build and a lot more honest about what it is. That’s usually the trade: the boring, self-contained version is the one you can actually stand behind.
Where this breaks
This is a map, not a checklist you run to zero.
- Several of these only fail on the real deployment — cold-load assets, cache behavior, the metadata seam. You can’t fully prove them from a local preview; you have to check the deployed URL. “Passes locally” is a weaker claim than it feels.
- It’s easy to over-correct, too — to treat a hobby page like it’s handling payments. Match the depth to the stakes. voxmana.io shows people information; that’s a different risk profile than a site taking their money, and the check should be scoped to match.
- Most of these hide because they’re boring. Nobody demos the sitemap or the caching. That’s exactly why they rot.
My rule of thumb
Before you call a static site done, make each invisible seam visible on the deployed URL: prove nothing phones a third party unless you meant it to, prove the metadata points at the site that’s really live, prove the page matches its source, and prove anything that looks like it submits actually submits. If you can’t see it, you don’t own it — you’re hoping.
That’s the same thread I keep pulling on every project, and it isn’t really about static sites. Take the thing that’s fuzzy, understand it, give it structure, and leave behind a system that’s a little harder to fool than the one you started with. A static site is just the version where the fuzziness is very good at hiding. If you want the other half of how voxmana.io actually gets built, it’s in How I Run AI Like a QA System; the QA principle underneath this one — owning quality by making risk visible — is in What Good QA Actually Owns.
If you can’t see it, you don’t own it — you’re hoping.
// take this with you
The Static Site Launch-Readiness Check — the invisible-seam list above turned into a print-friendly checklist you run against any static build before you point a domain at it.