Under the Hood
Technology & Security
How LOA is built, secured, observed, and scaled.
Architecture
Next.js 14 App Router miniapp (Vercel edge) → Express backend (Railway staging, Cloud Run production target Q3 2026) → PostgreSQL via Prisma → Redis cache → TON mainnet (Tact smart contracts).
AI Operations
Gemini 2.0-flash as primary inference (Google Generative AI SDK) with Claude hot-swap fallback. Migrating to Vertex AI in Q3 2026 alongside three new user-facing flows: AI quiz generation, anti-bot scoring, personalized daily missions.
Security
HMAC-SHA256 Telegram initData verification, JWT sessions, IP + behavior-aware rate limiting (smartRateLimit), timing-safe admin auth, secrets in Secret Manager, HSTS preload, strict CSP.
Observability
pino structured logging, PostHog product analytics, uptime checks, Cloud Monitoring dashboards for p99 latency, error rate, SQL connection pool, Redis hit rate. Target SLO: 99.9% uptime, p99 <200ms.
Compliance
Wyoming LLC structure; KVKK data protection framework (Turkey); MiCA readiness target Q4 2026 (EU); LOA token classified as utility (Jetton TEP-74), not a security.
Cloud Migration
Four-product Google Cloud stack targeted Q3 2026: BigQuery (analytics warehouse), GKE Autopilot (backend orchestration), Cloud SQL HA (primary Postgres), Vertex AI (7 GM agent endpoints). Six-week migration plan · same $1.8K/mo baseline.