Skip to content
Malai Try the demo

Architecture

Architecture you can read end-to-end.

Four product apps, one typed API contract, one modular banking core, one cloud-native footprint described entirely as code. Nothing on this page is aspirational — every block is locked behind a decision in the project's DECISIONS.md and shipped in the codebase you can clone today.

Audience: platform architects and senior engineers evaluating Malai as a licensing or commissioning target.

System overview

Four shipping apps. One deferred surface.

Each app is independently buildable and individually licensable. They share a single typed API contract and one design system.

Malai system diagram Visitors and customers reach Malai through a CDN, which fronts both the static marketing website and the customer portal. The portal calls the banking core over HTTPS through a TLS-terminating ingress. The banking core reads and writes the managed relational database and appends to the immutable audit log. Every cloud resource is provisioned by malai-infra as code. The malai-mobile PWA is a v2 surface that will reuse the same banking core. malai-infra · cloud Visitor / Customer CDN edge + TLS 01 malai-website static · CDN-fronted 02 malai-webapp SPA · CDN-fronted Ingress TLS termination 03 malai-backend containerised banking core Database managed RDBMS · multi-AZ Audit log append-only · hash-chained 05 · malai-mobile PWA · v2 deferred
Malai system diagram, described in the ordered list below.

  1. malai-website

    Static marketing surface

    Pre-rendered HTML served from a CDN with object storage as the origin. Zero-JS by default. The page you are reading right now.

  2. malai-webapp

    Single-page customer portal

    Typed single-page app served from the same CDN. Calls the banking core over HTTPS using a typed API client generated from the shared contract.

  3. malai-backend

    Modular banking core

    JVM-based modular monolith with hard module fences. Runs as a containerised service behind a TLS-terminating ingress; writes to a managed relational database and the append-only audit log.

  4. malai-infra

    Infrastructure-as-code

    Per-environment Terraform footprint (dev, staging, prod) describing every cloud resource: network, container platform, managed database, secret store, CDN, and DNS. A fresh environment stands up in minutes.

  5. malai-mobile

    PWA — deferred to v2

    The mobile surface ships as a Progressive Web App reusing the malai-webapp bundle. Out of scope for v1; shown here for completeness.

Backend service boundaries

One container, three modules, hard walls.

Malai is a modular banking core today, split into independent containers in v2. The walls between auth, account-holder, and account are enforced at build time, so a cross-module import fails CI before it lands.

Data flow on a transfer

One outgoing payment, six steps.

The credibility moment. This is what a reviewer looks for: idempotency, double-entry, audit trail, real status codes.

  1. POST /transfers

    Webapp sends the request over HTTPS with an Idempotency-Key header and a short-lived bearer token. Retrying with the same key is safe — the second call returns the first call's result.

  2. Ingress → banking core

    The public edge terminates TLS, forwards into the private network, and lands on a banking-core task running inside the container platform.

  3. Auth filter validates the session

    Standards-based session middleware verifies the bearer-token signature against a managed key, loads the customer principal, and propagates the trace context.

  4. Account module writes ledger_entries

    Two rows inserted in one transaction: a debit on the source account, a credit on the destination. A database-level trigger refuses any transaction whose entries do not sum to zero.

  5. Audit log append

    The mutation is appended to an immutable audit table. Each row carries a hash of the previous row, so tampering breaks the chain visibly.

  6. 202 Accepted

    Banking core returns 202 with the transfer id. The webapp shows the optimistic confirmation; the typed data layer reconciles on the next poll.

Cloud topology

The network, drawn honestly.

Public, private, isolated. The shape every cloud review starts with.

Malai cloud topology A single private network with three subnet tiers. The public tier holds the TLS-terminating ingress and the egress gateway. The private tier holds the containerised banking core and the logs/metrics sink. The isolated tier holds the managed relational database (multi-AZ). DNS, the CDN, object storage, the container image registry, and the secret store with managed encryption keys sit outside the network as managed cloud services. DNS authoritative · TLS certs CDN edge · TLS Object storage website + webapp static Image registry container images Secret store + managed encryption keys Private network · 10.0.0.0/16 public subnets · 2 AZs Public edge TLS termination Egress gateway outbound only private subnets · 2 AZs Container platform malai-backend tasks Logs + metrics structured · traceable isolated subnets · 2 AZs · no egress Database managed RDBMS · multi-AZ · encrypted
Three isolated cloud accounts host this footprint — dev, staging, and prod — described end-to-end as Terraform. Remote state is encrypted, versioned, and lock-protected. Every resource carries the same environment, owner, and cost-centre tags. A fresh environment stands up from a clean cloud account in minutes.

What's deliberately not v1

The roadmap, written down.

We picked production-shaped over over-promising. These are the v2 candidates — each one is a separate decision under DECISIONS.md, not vapour.