Olly Platform Architecture

Mobile-first, HIPAA-native health insurance platform — layered service overview

DNS / TLS Termination

Nginx Reverse Proxy

Wildcard: *.dev.hiolly.com
Certbot auto-renew • 17 virtual hosts
TLS termination for all traffic

Hetzner CX53

16 vCPU / 32 GB RAM
Helsinki • 135.181.39.23
VPC: 10.0.1.0/24 (4 servers)

↓ ↓ ↓

Frontend Applications

Member Portal

React + Vite SPA
member.dev.hiolly.com
Keycloak ROPC • 7 API modules
React Query hooks

Employer Portal

React + Vite SPA
employer.dev.hiolly.com
Keycloak PKCE + silent SSO
Routes via APISIX

Web Admin

Next.js + react-admin
admin.dev.hiolly.com
20 resource views
Direct service calls

Triage Chat

React SPA
triage.dev.hiolly.com
AI symptom assessment
Streaming responses

Mobile App

Expo + React Native
iOS + Android
Offline-capable (SQLite)
Biometric auth

Docs Site

VitePress static
docs.dev.hiolly.com
Engineering documentation

↓ ↓ ↓

Auth & API Gateway

Apache APISIX :9080

11 routes • prefix-strip proxying
Plugins: proxy-rewrite cors x-market
Config: etcd :2379

/policy-admin/* /enrollment/* /claims/* /billing/* /eligibility/* /notifications/* /provider/* /group-scheme/* /broker-api/* /member-portal/* /triage/*

Keycloak 25 :8093

auth.dev.hiolly.com
Realm: olly
Clients: web-member web-employer web-admin
OIDC / SAML • JWKS validation
Custom claims: org_locator, party_locator

↓ ↓ ↓

Go Microservices

Insurance Core

policy-admin :4007 Parties, accounts, products, market profiles

enrollment :4003 Quotes, policies, transactions

claims :4001 Claims, prior auth, adjudication

billing :4004 Charges, invoices, payments, EOB, ledger

eligibility :4002 Coverage checks, member eligibility

Member & Group

member-portal-api :4014 BFF — /me/* aggregation

group-scheme :4010 Schemes, bulk enrollment

broker-api :4011 Quotes, portfolio, commissions

consent :4012 Consent management

notifications :4006 Email, push, SMS, preferences

Provider & Care

provider :4005 Network, credentialing

care :4009 Care pathways

triage :4008 AI triage • LLM (Groq)

document-service :4013 Document generation

Shared: olly/domain olly/db olly/middleware olly/ruleengine Go workspace • chi router • GORM • Goose migrations • OTel instrumented

Kafka Event Bus enrollment-events claims.* billing.* eligibility.* provider.* care-events document-events Outbox pattern • KRaft • 7-day retention

↓ ↓ ↓

Infrastructure

PostgreSQL 16 :5432

1 schema per service
Goose migrations on startup
Also: Keycloak, Temporal, Mirth DBs

Kafka (Confluent) :9092

KRaft mode (no ZK)
kafka.dev.hiolly.com (UI)
Saga + outbox pattern

Valkey (Redis) :16379

Sessions, eligibility cache
Rate limits, idempotency
DLQ dedup set

Temporal :7233

temporal.dev.hiolly.com
Durable workflows
Credentialing, COBRA, dunning

OpenSearch :9200

opensearch.dev.hiolly.com
Provider directory
ICD-10/CPT lookup, audit logs

OpenBao :8200

bao.dev.hiolly.com
Vault-compatible secrets
Dynamic DB credentials

Mailpit :8025

mailpit.dev.hiolly.com
Dev email capture
SMTP on :1025

↓ ↓ ↓

Observability

OTel Collector :4317

gRPC + HTTP receivers
All Go services instrumented
Exports to Tempo + Prometheus

Gatus :8099

status.dev.hiolly.com
Health dashboard
Polls /healthz + /readyz

Grafana :3010

Dashboards
Sources: Prometheus, Loki, Tempo

Prometheus :9090

Metrics scraping from OTel

Tempo :3200

Distributed tracing

Loki :3100

Log aggregation

↓ ↓ ↓

External Integrations

Mirth Connect :8443

mirth.dev.hiolly.com
EDI/HL7: 837, 834, 835, 270/271
HL7 listener :8661

MCP Server :3100

mcp.dev.hiolly.com
Claude Code tooling
HTTP clients to all 14 services

Scalar API Docs :8098

api-docs.dev.hiolly.com
OpenAPI spec browser

LLM (Groq)

qwen/qwen3-32b
Used by triage service
AI symptom assessment

Clearinghouses

EDI claim submission
Via Mirth Connect
837/835 transactions