Technology Stack
Organised by capability. April 2026. Source: Architecture repo (sp-architecture/architecture/tech-stack.html).
| Owner | Classification | Review Date | Status |
|---|---|---|---|
| Architecture Practice | Internal | April 2027 | Active |
Radar Status Key:
| Symbol | Status | Meaning |
|---|---|---|
| 🟣 | Evaluate | Assessing fit, not yet in production |
| 🔵 | Introduce | Deploying into production, building capability |
| 🟢 | Stable | Production, proven, default choice |
| 🔴 | Decommission | Replacing, do not start new work |
Application Platform¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Languages | Go | Primary | Primary language for all new core payment services. Static compilation, low memory footprint, excellent concurrency for high-throughput transaction processing. | 🟢 Stable |
| Languages | TypeScript | Web / SDKs | Standard language for all web front-ends, merchant-facing SDKs, and internal tooling UIs. | 🟢 Stable |
| Languages | Python | Settlement / Data | Designated language for data pipelines, analytics workloads, and machine-learning integrations. | 🟢 Stable |
| Languages | Rust | Security modules | Under assessment for security-critical modules: cryptographic signing, token validation, fraud-detection hot paths. | 🟣 Evaluate |
| Languages | Java / Spring Boot | Legacy, migrating | Existing payment services. No new services in Java. Migration to Go planned. | 🔴 Decommission |
| Web Framework | Astro | Static sites | Adopted for all new website builds. Island architecture delivers near-zero client-side JavaScript by default. | 🟢 Stable |
| Web Framework | Preact | Interactive UI | Lightweight interactive UI library used within Astro islands for client-side interactivity. | 🟢 Stable |
| Web Framework | FastAPI | Python APIs | High-performance Python API framework for data and analytics services. | 🟢 Stable |
| API Gateway | KrakenD | CTO | High-performance API gateway. Declarative configuration, request aggregation, no database dependency. Being trialled for the merchant-facing API layer. | 🔵 Introduce |
| API Gateway | Caddy Server | Per-service proxy | Modern reverse proxy with automatic HTTPS via ACME. Replaces nginx in front of internal services. | 🟢 Stable |
| Service Framework | Go Microservices | New services | All new services built in Go. Standardised service template with idempotency, structured logging, and OpenTelemetry. | 🟢 Stable |
| Service Framework | Spring Boot | Legacy services | Existing payment services (Pay-Ins, Pay-Outs, Merchant Portal). No new services in Java. | 🔴 Decommission |
| Serverless Compute | Cloudflare Workers | - | Serverless compute at the edge for latency-sensitive workloads. | 🔵 Introduce |
| SDK / Client Libraries | TypeScript, Python, Go, Java, C#, Rust | Merchant SDKs | Merchant-facing SDKs covering all major languages for integration with Simpaisa APIs. | 🟢 Stable |
Data and Storage¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Primary Database | AWS RDS MySQL | Migrating to per-service DBs | Existing transactional data. No new services should use MySQL as their primary data store. | 🔴 Decommission |
| Primary Database | SurrealDB | Target per-service | Multi-model database (document, graph, relational) under evaluation for new services. Flexible data model, built-in permissions, real-time capabilities. | 🟣 Evaluate |
| Cache | AWS ElastiCache Redis | Replacing with SurrealDB | Legacy cache layer. Being replaced by SurrealDB's in-memory capabilities as part of database consolidation. | 🔴 Decommission |
| Search | Meilisearch | Merchant search | Fast, typo-tolerant search engine under trial as a replacement for OpenSearch. Simpler to operate with excellent relevance out of the box. | 🟣 Evaluate |
| Search | Typesense | Search | Fast, typo-tolerant search engine. Evaluating alongside Meilisearch as a lightweight, developer-friendly search solution. | 🟣 Evaluate |
| Knowledge Graph | FalkorDB | Maerifa | Graph database powering Maerifa. Stores entities, relationships, and temporal knowledge. | 🔵 Introduce |
| Knowledge Graph | Graphiti | Temporal KG engine | Temporal knowledge graph engine for AI agents. Builds and queries evolving knowledge representations. | 🔵 Introduce |
| Object Storage | Cloudflare R2 | Primary (new workloads) | S3-compatible object storage with zero egress fees. Replacing AWS S3 progressively. | 🔵 Introduce |
| Object Storage | AWS S3 | Current, replacing | Current object storage. Being replaced by Cloudflare R2 for zero egress fees and edge-native access. | 🔴 Decommission |
| Edge Database | Cloudflare D1 | - | Serverless SQL database at the edge. Under evaluation for edge-local read workloads. | 🟣 Evaluate |
| Message Queue | NSQ | Target | Lightweight, distributed messaging platform. Operational simplicity (no ZooKeeper, no complex partition management). | 🟣 Evaluate |
| Message Queue | Kafka | Current, replacing | Currently used for event streaming. Operational complexity disproportionate to throughput requirements. Being replaced by NSQ. | 🔴 Decommission |
| Workflow Orchestration | Temporal | Target | Durable workflow engine for orchestrating long-running payment processes (settlement, reconciliation, dispute management). | 🟣 Evaluate |
Infrastructure¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Cloud Provider | AWS | Primary IaaS | Primary IaaS provider for compute and networking. Workloads progressively shifting to Cloudflare (edge) and SurrealDB (data). | 🟢 Stable |
| Cloud Provider | Cloudflare | Edge platform | Edge compute, CDN, DNS, object storage (R2), security (WAF, DDoS). Expanding footprint. | 🟢 Stable |
| Compute | AWS EC2 / ASG | Application servers | Primary compute for backend payment services. Auto Scaling Groups for capacity. | 🟢 Stable |
| Compute | Cloudflare Workers | Edge compute | Serverless compute at the edge for lightweight API logic, webhooks, and routing. | 🔵 Introduce |
| Compute | Unikraft | Unikernels | Linux-compatible unikernel framework. Sub-millisecond boot, minimal attack surface. Primary unikernel candidate for lightweight service deployments. | 🟣 Evaluate |
| Compute | NanoVMs Nanos | Unikernels | Go/C-focused unikernel running unmodified Linux ELF binaries via OPS toolchain. No code changes required for Go services. Evaluating alongside Unikraft. | 🟣 Evaluate |
| Networking | AWS VPC | Network isolation | Virtual Private Cloud providing network isolation for all services. | 🟢 Stable |
| Networking | AWS NAT Gateway | Outbound internet | Managed NAT for outbound internet access from private subnets. | 🟢 Stable |
| Networking | AWS ALB | Internal load balancing | Application Load Balancer for routing traffic to backend services. | 🟢 Stable |
| Networking | Cloudflare Load Balancing | Global LB | DNS-based global load balancing with health checks, failover, and geo-routing across regions and markets. | 🔵 Introduce |
| Networking | Cloudflare CDN | Content delivery | Global content delivery network. Standard for all public-facing assets and APIs. | 🟢 Stable |
| Networking | Cloudflare DNS | DNS management | Global DNS with strong presence in operating markets. Standard for all public-facing domains. | 🟢 Stable |
| Networking | Cloudflare WAF | Firewall | Web Application Firewall for threat mitigation and DDoS protection at the edge. | 🟢 Stable |
| Networking | Cloudflare DDoS Protection | DDoS | Always-on DDoS protection across all Cloudflare-proxied domains. | 🟢 Stable |
| Containers | Docker Engine | All services | Standard containerisation. Every service ships as a Docker image. | 🟢 Stable |
| Containers | AWS ECR | Registry | Managed container image registry. | 🟢 Stable |
| Container Orchestration | HashiCorp Nomad | Workload orchestration | Lightweight workload orchestrator. Simpler alternative to Kubernetes. Native Consul + Vault integration. | 🟣 Evaluate |
| Service Discovery | HashiCorp Consul | Service mesh + discovery | DNS/HTTP-based service discovery, health checking, and mTLS service mesh via Envoy sidecar. | 🟣 Evaluate |
| Secrets Management | HashiCorp Vault | Secrets, PKI, EaaS | Centralised secrets management, PKI, and encryption as a service. Replacing AWS Secrets Manager and Parameter Store. | 🔵 Introduce |
| Secrets Management | AWS Secrets Manager | Replacing with Vault | Current production secrets. Being replaced by Vault. | 🔴 Decommission |
| Secrets Management | AWS Parameter Store | Replacing with Vault | Current config store. Being replaced by Vault. | 🔴 Decommission |
| IaC | HashiCorp Terraform | Infra provisioning | Infrastructure as Code for provisioning AWS, Cloudflare, and other cloud resources declaratively. | 🟢 Stable |
| Email Delivery | Postal Server | Self-hosted email | Open-source mail delivery platform replacing AWS SES. DKIM, SPF, DMARC, webhook notifications. Full data sovereignty. | 🔵 Introduce |
| Email Delivery | AWS SES | Replacing with Postal | Current transactional email. Being replaced by self-hosted Postal. | 🔴 Decommission |
| Monitoring | AWS CloudWatch | Replacing with OTel + Grafana | Current monitoring. Being replaced by OpenTelemetry + Grafana stack. | 🔴 Decommission |
| Monitoring | AWS GuardDuty | Threat detection | Continuous security monitoring for AWS accounts and workloads. | 🟢 Stable |
Security¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Identity and Access | ControlPlane.com | Target IAM | Centralised identity and policy platform under assessment for service-to-service authentication, RBAC, and policy enforcement across markets. | 🟣 Evaluate |
| Identity and Access | AWS IAM | Infrastructure | Standard identity and access management for all AWS resources and services. | 🟢 Stable |
| Code Scanning | Snyk | Deps + SAST + containers | Dependency scanning, SAST, and container vulnerability analysis across all repositories. | 🟢 Stable |
| Code Scanning | SonarQube | Code quality | Static code analysis for code quality, maintainability, and security hotspot detection. | 🟢 Stable |
| Code Scanning | Semgrep SAST | SAST + custom rules | Lightweight static analysis with custom rule support. Fast, developer-friendly. Complements Snyk for payment-specific security patterns. | 🔵 Introduce |
| WAF / DDoS | Cloudflare WAF | Edge firewall | Edge-layer web application firewall providing DDoS protection and bot mitigation. | 🟢 Stable |
| WAF / DDoS | AWS WAF | AWS-native firewall | AWS-native web application firewall for ALB and API Gateway protection. | 🟢 Stable |
| Identity-Aware Access | Teleport | Infrastructure + app access | Identity-aware access to infrastructure, internal services, databases. Replaces SSH keys, VPN, and Cloudflare Access. Certificate-based, no static credentials. Full audit trail. | 🔵 Introduce |
| Device Management | Fleet MDM | Endpoint compliance | Mobile device management, osquery-based endpoint visibility, and compliance enforcement across all company devices. | 🔵 Introduce |
| Secrets and PKI | HashiCorp Vault | Secrets, PKI, EaaS | Centralised secrets management, PKI certificate authority, and encryption as a service for all environments. | 🔵 Introduce |
Observability and Operations¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Monitoring | AWS CloudWatch | Reducing as OTel grows | AWS-native monitoring. Will reduce scope as OpenTelemetry adoption increases. | 🟢 Stable |
| Monitoring | OpenTelemetry | All new services | Vendor-neutral observability instrumentation standard. All new services must emit traces, metrics, and logs via OpenTelemetry SDKs. | 🔵 Introduce |
| Monitoring | Grafana | Dashboards | Open-source analytics and visualisation platform for metrics, logs, and traces dashboards. | 🔵 Introduce |
| Log Aggregation | Grafana Loki | - | Horizontally-scalable log aggregation system designed to work with Grafana. Under evaluation to replace CloudWatch Logs. | 🟣 Evaluate |
| Distributed Tracing | Grafana Tempo | - | Distributed tracing backend compatible with OpenTelemetry. Under evaluation for end-to-end request tracing. | 🟣 Evaluate |
| Analytics | PostHog | Product analytics + flags | Product analytics platform for tracking user behaviour, feature-flag management, and session replay. Self-hostable for data-residency compliance. | 🔵 Introduce |
| Incident Management | Grafana OnCall | - | Open-source incident response and on-call management. Under evaluation for alerting and escalation workflows. | 🟣 Evaluate |
| Load Testing | Grafana k6 | - | Developer-centric load testing tool. Under evaluation for performance and reliability testing of payment APIs. | 🟣 Evaluate |
| API Documentation | Scalar | API docs portal | Modern API documentation portal generating interactive, developer-friendly reference pages from OpenAPI specifications. | 🔵 Introduce |
| API Documentation | GitBook | Current, replacing | Current documentation platform. Being replaced by Stoplight (design) + Scalar (portal). | 🔴 Decommission |
CI/CD and DevOps¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| CI/CD Pipeline | Jenkins | Evaluating replacement | Current CI/CD orchestrator. Plugin-based architecture and stateful controller model create operational fragility. No new pipeline investment should assume Jenkins long-term. | 🔴 Decommission |
| CI/CD Pipeline | Bitbucket Pipelines | Target CI/CD | Cloud-native CI/CD integrated with Bitbucket source control. Target replacement for Jenkins. | 🟢 Stable |
| Source Control | Bitbucket | All code repos | Simpaisa's source-control platform. All repositories, pull requests, and code-review workflows run through Bitbucket. | 🟢 Stable |
| Source Control | GitHub | Architecture repo | Used exclusively for the architecture repository (sp-architecture). | 🟢 Stable |
| API Linting | Stoplight Spectral | OpenAPI validation | OpenAPI linting and validation tool enforcing API design standards in CI pipelines. | 🟢 Stable |
| API Linting | Stoplight Studio | API design governance | API design and governance platform. Enforces style guides and linting rules at design time for API consistency. | 🔵 Introduce |
| Static Site Hosting | Cloudflare Pages | - | Edge-first static site hosting, replacing Surge.sh for preview and production deployments. | 🔵 Introduce |
| Feature Flags | PostHog Feature Flags | - | Feature flag management integrated with PostHog product analytics for controlled rollouts and experimentation. | 🔵 Introduce |
Collaboration and Productivity¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Communication | Slack | Real-time messaging | Primary real-time communication platform for all teams across markets. | 🟢 Stable |
| Communication | Google Workspace | Email, Calendar, Drive | Standard productivity suite for email, calendar, documents, and file storage. | 🟢 Stable |
| Communication | Google Meet | Video calls | Standard video conferencing for internal and external meetings. | 🟢 Stable |
| Documentation | Confluence | Internal wiki | Internal wiki for published standards, runbooks, and cross-team documentation. | 🟢 Stable |
| Documentation | Outline Wiki | Wiki replacement | Open-source wiki and knowledge base. Evaluating as possible Confluence replacement. Markdown-native, self-hostable, fast. | 🟣 Evaluate |
| Documentation | Git (Markdown) | Architecture source of truth | Markdown in Git is the source of truth for architecture decisions, standards, and technical documentation. | 🟢 Stable |
| Work Tracking | Jira | Replacing | Current issue and project tracking. Evaluating Linear and Plane as replacements. | 🔴 Decommission |
| Work Tracking | Linear | Work tracking | Modern issue tracker. Fast, keyboard-driven, built for engineering teams. Evaluating as Jira replacement. | 🟣 Evaluate |
| Work Tracking | Plane | Work tracking | Open-source project management. Self-hostable. Evaluating as Jira replacement alongside Linear. | 🟣 Evaluate |
| Work Tracking | Beads (bd CLI) | Architecture issues | Local-first issue tracker for architecture work, stored in Dolt databases within repositories. | 🟢 Stable |
| Knowledge Discovery | Maerifa | Knowledge Discovery | Temporal knowledge graph + chat interface for organisational knowledge discovery and AI-assisted decision support. | 🔵 Introduce |
AI and Machine Learning¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| LLM Providers | Anthropic (Claude) | Primary LLM | Standard AI assistant for code generation, architecture review, documentation, and developer productivity. | 🟢 Stable |
| LLM Providers | OpenAI | Embeddings | Used for text embeddings powering semantic search and knowledge graph construction. | 🟢 Stable |
| LLM Providers | MLX (local) | Apple Silicon inference | Local LLM inference on Apple Silicon for development, testing, and privacy-sensitive workloads. | 🔵 Introduce |
| AI Development | Claude Code | AI-assisted engineering | Anthropic's CLI for AI-assisted engineering, pair-programming, and automated analysis. | 🟢 Stable |
| AI Development | Codex CLI | Independent review | OpenAI's CLI for independent code review and alternative AI perspective. Under evaluation. | 🟣 Evaluate |
| Knowledge Graph | Graphiti | Temporal KG for agents | Temporal knowledge graph engine that builds and queries evolving knowledge representations for AI agents. | 🔵 Introduce |
| Knowledge Graph | FalkorDB | Graph database | High-performance graph database powering Maerifa knowledge storage and retrieval. | 🔵 Introduce |
Digital Assets (Planned)¶
| Sub-category | Tool / Technology | Owner / Role | Notes | Status |
|---|---|---|---|---|
| Blockchain | Solana | Primary chain | High-throughput blockchain under evaluation for stablecoin settlement and digital asset transactions. | 🟣 Evaluate |
| Blockchain | Ethereum | Phase B | Leading smart-contract platform under evaluation for Phase B multi-chain support. | 🟣 Evaluate |
| Blockchain | Hedera (HBAR) | Phase B | Enterprise-grade DLT under evaluation for Phase B. Hashgraph consensus provides high throughput with finality. | 🟣 Evaluate |
| Stablecoin Infrastructure | Bridge (Stripe) | Orchestration | Stripe's stablecoin orchestration platform under evaluation for fiat-to-crypto on/off ramps. | 🟣 Evaluate |
| Stablecoin Infrastructure | Fireblocks | Custody | Digital asset custody and treasury management platform under evaluation for secure key management. | 🟣 Evaluate |
| Stablecoin Infrastructure | Circle (USDC) | Stablecoin issuer | USDC issuer and infrastructure provider under evaluation for stablecoin minting and redemption. | 🟣 Evaluate |
| Stablecoin | USDC | Primary settlement | USD-backed stablecoin under evaluation as the primary settlement currency for cross-border transactions. | 🟣 Evaluate |
Payment Channels and Partners¶
| Sub-category | Channel / Partner | Market | Notes | Status |
|---|---|---|---|---|
| Mobile Wallets | Easypaisa | Pakistan | Telenor Microfinance Bank mobile wallet. Largest mobile money platform in Pakistan. | 🟢 Stable |
| Mobile Wallets | JazzCash | Pakistan | Jazz/Mobilink mobile wallet. Second-largest mobile money platform in Pakistan. | 🟢 Stable |
| Mobile Wallets | HBL Konnect | Pakistan | Habib Bank Limited branchless banking and mobile wallet service. | 🟢 Stable |
| Mobile Wallets | Alfa | Pakistan | Bank Alfalah mobile wallet service for domestic payments. | 🟢 Stable |
| Mobile Wallets | JSBL Zindagi | Pakistan | JS Bank branchless banking mobile wallet service. | 🟢 Stable |
| Carrier Billing | Telenor | Pakistan | Direct carrier billing integration for Telenor Pakistan subscribers. | 🟢 Stable |
| Carrier Billing | Zong | Pakistan | Direct carrier billing integration for Zong/CMPak subscribers. | 🟢 Stable |
| Carrier Billing | Ufone | Pakistan | Direct carrier billing integration for Ufone/PTCL subscribers. | 🟢 Stable |
| Bank Transfer | 1Link / RAAST | Pakistan | Pakistan's interbank payment switch (1Link) and instant payment system (RAAST) for real-time transfers. | 🟢 Stable |
| Bank Transfer | IBFT | Pakistan | Inter Bank Fund Transfer for domestic bank-to-bank transactions in Pakistan. | 🟢 Stable |
| Card Networks | Visa | Global | Global card network for debit and credit card payment processing. | 🟢 Stable |
| Card Networks | Mastercard | Global | Global card network for debit and credit card payment processing. | 🟢 Stable |
| Global Partners | dLocal | Global | Cross-border payment processing for emerging markets. | 🟢 Stable |
| Global Partners | Thunes | Global | Global payments network for cross-border money transfers. | 🟢 Stable |
| Global Partners | TerraPay | Global | Global payments infrastructure for real-time cross-border transactions. | 🟢 Stable |
Decommission Timeline¶
| Tool | Replacement | Target Date | Status |
|---|---|---|---|
| Next.js | Astro | Done | Complete |
| GitBook | Scalar | Q2 2026 | In progress |
| JSESSIONID | RSA-SHA256 signing | Q2 2026 | In progress |
| Jenkins | Bitbucket Pipelines | Q3 2026 | Planned |
| Kafka | NSQ | Q3 2026 | Planned |
| OpenSearch | Meilisearch | Q3 2026 | Planned |
| Spring Boot / Java | Go microservices | Q4 2026 | Planned |
| AWS RDS MySQL (shared) | SurrealDB (per-service) | Q4 2026 | Planned |
| AWS ElastiCache Redis | SurrealDB (in-memory) | Q4 2026 | Planned |
| AWS CloudWatch | OpenTelemetry + Grafana | Q3 2026 | Planned |
| AWS Secrets Manager | HashiCorp Vault | Q3 2026 | Planned |
| AWS Parameter Store | HashiCorp Vault | Q3 2026 | Planned |
| Jira | TBD (evaluating replacements) | TBD | Evaluating |