Technology

The technology behind deterministic compliance

Architecture, security, and compliance foundations that let Infranotes, Infra-UCE, and Modern Core Banking operate as a single, auditable financial infrastructure stack.

01

Architecture principles & stack

Design Principles

Security by Design

Threat modeling before code, strong cryptography, and zero-trust assumptions across services.

API-First

gRPC as the primary contract with REST via gateway, automatic documentation, and consistent versioning.

Determinism

Pure CEL expressions, no side effects, and test vectors to guarantee reproducible results.

Immutability

Hash chains, WORM storage, and signed attestations so histories cannot be silently rewritten.

Observability

OpenTelemetry, structured logs, and Prometheus metrics as first-class concerns.

Scalability

Kubernetes-native, horizontally scalable, and multi-tenant by design.

Technology Stack

Compliance Engine

Rust (memory-safe, zero-cost abstractions)

BaaS Backend

Go (performance, simplicity)

Database

PostgreSQL 17 (RLS, JSON support)

Object Storage

S3-compatible (MinIO/AWS)

Orchestration

Kubernetes (Helm charts)

Infrastructure as Code

Terraform, Pulumi

CI/CD

GitHub Actions, GitLab CI

Observability

OpenTelemetry, Prometheus, Grafana, Loki

API Gateway

gRPC + grpc-gateway

02

Security from Day 0

We do not add security after the fact. Every system InfraForge IO ships is designed with security from Day 0: architectures are threat-modeled before code is written, cryptography choices are explicit, and security controls are part of the core product, not bolt-ons.

Security Measures

Transport

TLS 1.3 only, mutual TLS for service-to-service calls.

Authentication

mTLS as primary, API keys as secondary, OIDC for UI flows.

Encryption at Rest

AES-256-GCM with per-tenant keys.

Signing

RSA-4096/SHA-256 for rulepacks and attestations.

Audit Logs

Hash-chained logs with WORM storage for tamper detection.

Input Validation

JSON Schema v2020-12 and CEL expression validation on inputs.

Memory Safety

Critical engines implemented in Rust with zero unsafe code.

Rate Limiting

Per-tenant token bucket rate limiting at the edge.

Secrets Management

Vault/KMS integration with local encrypted keystore.

Security Compliance

  • OWASP Top 10 (2025) guidance across services.
  • PCI DSS 4.0.1 §6 secure development practices.
  • ISO 27001:2022 controls (A.5.17, A.8.10) reflected in design.
  • Aligned with NIST CSF 2.0 for cybersecurity posture.
03

Compliance frameworks powered by Infra-UCE

Frameworks Supported Today

PCI DSS 4.0.1

Payment card security

Rules: ✅ Production

ISO 27001:2022

Information security

Rules: ✅ Production

GDPR

Data protection (EU)

Rules: ✅ Production

DORA

Operational resilience (EU financial)

Rules: 18✅ Production

PSD2 / PSD3

Payment services (EU)

Rules: ✅ Production

NIST CSF 2.0

Cybersecurity

Rules: 52✅ Production

HIPAA

Healthcare (US)

Rules: 33✅ Production

CIS Controls v8

Infrastructure

Rules: 46✅ Production

NDPR

Data protection (Nigeria)

Rules: 21✅ Production

In total, Infra-UCE covers 170+ rules with 510 validated test vectors across these frameworks.

On the Roadmap

  • POPIA (South Africa)
  • CCPA/CPRA (California)
  • Middle East data residency
  • SOC 2 Type II