Tech Stack
Purpose
Define the current technologies powering Bluu and the principles guiding future evolution. We’re AWS-first, event-driven, and multi-client (web + iOS + Android), with clear room to expand.
Core Principles
- Cloud-native on AWS (managed services first).
- DDD + modular services; replaceable components.
- Event-driven where it improves decoupling/perf.
- Open & extensible: pragmatic about adding new langs/frameworks.
🖥️ Frontend
| Platform |
Tech |
Notes |
| Web |
Next.js + React (TypeScript) |
SSR/SSG, app router, API routes for thin BFF if needed. |
| iOS |
Swift (UIKit/SwiftUI) |
Native UX, offline caching, secure keychain storage. |
| Android |
Kotlin (Jetpack Compose) |
Native UI, offline caching, Play Integrity where relevant. |
Shared: HTTP/JSON + WebSockets/SSE, design system, analytics hooks, feature flags.
Backend (Application & APIs)
| Layer |
Tech |
Notes |
| Domain Services |
Python (FastAPI) |
Implements bounded contexts (Ledger, Budgeting, Goals, Forecasting, Conversational Assistant). |
| Orchestration (BFF, optional) |
FastAPI / Node |
Web-specific aggregation; same-origin cookie sessions if used. |
| Async Tasks |
Celery / AWS Lambda |
ETL, ingestion, scheduled jobs, event handlers. |
| Public Edge |
AWS API Gateway / ALB |
JWT/IAM auth, throttling, request mapping. |
🧱 Data & Infrastructure (AWS-first)
| Component |
Primary Choice |
Alt / Notes |
| Relational DB |
Amazon RDS (PostgreSQL) |
Per-domain schemas; read replicas; pgcrypto. |
| Cache |
Amazon ElastiCache (Redis) |
Sessions, rate limits, hot queries, convo state. |
| Event Bus |
Amazon SNS + SQS/EventBridge |
Kafka (MSK) if streaming/ordering needed. |
| Object Storage |
Amazon S3 |
Documents, receipts, exports; lifecycle policies. |
| Secrets |
AWS Secrets Manager / SSM |
Rotation + per-service IAM. |
| Networking |
VPC, Private Subnets, SGs |
Private APIs; VPC endpoints; NACLs. |
| Compute |
ECS Fargate / Lambda |
EKS if k8s is justified later. |
| CDN |
CloudFront |
Signed URLs, origin custom headers. |
| Observability |
CloudWatch, X-Ray, Sentry, Grafana |
Structured logs, RED/SLA dashboards. |
| CI/CD |
GitHub Actions → AWS |
IaC with Terraform/CDK; blue/green or canary. |
| AuthN/Z |
Cognito / custom JWT |
OIDC with third-party IdPs. |
| KMS |
AWS KMS |
At-rest encryption (RDS, S3, EBS), envelope keys. |
🤖 Conversational Financial Assistant (Core Domain)
| Piece |
Tech |
Notes |
| LLM Gateway / Orchestrator |
Python (FastAPI) |
Tool calling to domain APIs, policy guardrails, PII redaction, consent checks. |
| Conversation Store |
Redis + S3 transcripts |
Short-term state + encrypted long-term audit. |
| Channels (adapters) |
WhatsApp Business Cloud API, ChatGPT Apps (Actions/OAuth) |
Inbound webhooks via API Gateway → Lambda; outbound via Notifications. |
| RAG (optional) |
S3 + OpenSearch |
Policies/FAQ retrieval; per-tenant isolation. |
Security (high level)
- Least-privilege IAM, service-to-service auth via IAM roles or mTLS (internal).
- JWT (short-lived) + refresh; HttpOnly cookies for web sessions if BFF.
- Row/tenant scoping at the domain layer; consent enforcement before data access.
- Encryption in transit (TLS 1.2+) and at rest (KMS).
- WAF + rate limiting, origin headers, bot controls at the edge.
Patterns & Messaging
- Async first where appropriate (importing statements, categorization, notifications).
- Idempotency keys for writes; outbox pattern for reliable events.
- Schema versioning (Avro/JSON Schema) if Kafka/MSK is adopted.
Ecosystem Expansion
We’re open to adopt:
- Langs: Go/Node/Rust for specialized services.
- Data: DynamoDB for hot KV, MSK/Kinesis for streams, Redshift for analytics.
- Mobile: React Native/Flutter if team constraints change.
- ML: SageMaker pipelines for training/hosting forecasting/classifiers.
- Multi-cloud: Azure/GCP where regulatory or latency needs arise.
🧭 Summary
| Layer |
Key Stack |
| Frontend |
Next.js/React (TS), Swift, Kotlin |
| Backend |
Python (FastAPI), Celery/Lambda, optional BFF |
| Infra |
AWS (ECS/Lambda, API GW, RDS, ElastiCache, S3, SNS/SQS/EventBridge, CloudFront) |
| Cross-cutting |
JWT/Cognito, KMS, CloudWatch/X-Ray/Sentry, GitHub Actions, Terraform/CDK |
| Conversational |
LLM Orchestrator (FastAPI), WhatsApp/ChatGPT adapters, Redis/S3, optional RAG |