Coeus, a Policy-Based Data Platform
High-performance HTTP API providing secure MongoDB data access with JWT authentication, policy-based authorization, and rate limiting - serving thousands of requests per second at near-instant latency.

API performance dashboard showing request throughput and latency
Project Resources
Architected and developed Coeus, a high-performance HTTP API providing secure, policy-based access to MongoDB data with comprehensive authentication and authorization. Named after the Greek Titan of intellect, Coeus delivers insightful answers through data.
Built with TypeScript and Fastify for maximum performance, the platform features JWT-based authentication, granular policy authorization, advanced rate limiting, and comprehensive MongoDB operations. Supports complex aggregation pipelines, full-text search, index management, and real-time data manipulation with enterprise-grade security and monitoring.
Designed as a multi-tenant data service supporting diverse use cases from analytics dashboards to content management systems, with sophisticated user isolation and flexible permission models. The platform processes over 100,000 widget requests daily for the WCASG accessibility platform and powers multiple production applications.
Architecture & Performance
High-Performance Core
Fastify Framework - Ultra-fast web framework optimized for speed
- ~750 req/sec sustained throughput per pod for data retrieval; auto-scalable
- Comprehensive performance benchmarking with Autocannon load testing
- Memory-efficient request processing with minimal overhead
TypeScript Infrastructure - Type-safe development with comprehensive testing
- 100% test coverage across all modules and services
- Node-Tap testing framework with watch mode and debugging support
- ESLint, Prettier, and Husky for code quality enforcement
- GitLab CI/CD with automated testing and deployment pipelines
Security & Authentication
JWT Authentication System - Stateless authentication with policy validation
- In-memory user hashmap cache for real-time JWT validation without database calls
- Automatic token invalidation and user status verification
- Cross-origin security validation with Bearer token authentication
Policy-Based Authorization - Granular permission control system
- JSON Schema-based policy validation with
service:method
action patterns - Resource-level permissions with database.collection targeting
- Constraint-based access control (IP restrictions, hostname validation, rate limits)
- Wildcard support for administrative privileges and bulk permissions
MongoDB Integration
Comprehensive Data Operations - Full MongoDB API coverage
- Aggregation pipelines with multi-stage data processing and analysis
- CRUD operations (find, insert, update, delete) with advanced filtering
- Index management (create, drop, list) for query optimization
- Full-text search capabilities with MongoDB text indexes
- Configurable document limits with pagination support
- Editable timeout enforcement for all database operations
Technical Features
Rate Limiting & Monitoring
Multi-Level Rate Limiting - Comprehensive request throttling
- Global rate limits: 60 requests per second per user/IP, by default
- Policy-based overrides: Custom rate limits per user and resource
- Constraint enforcement: IP address and hostname restrictions
Performance Monitoring - Real-time metrics and alerting
- AWS CloudWatch integration with Pino structured logging
- Comprehensive error handling with detailed HTTP status codes
- Request tracking and analytics for usage pattern analysis
- Automated performance benchmarking with load testing suite
Advanced Security Model
Multi-Tenant Isolation - Complete data separation
- Organization-based data isolation with SRN (Solarix Resource Name) conventions, a custom resource naming scheme I developed, based on the AWS Resource Name (ARN) standard
- Protected database for administrative operations
- User verification with email confirmation and admin activation workflow
- Secure password hashing and storage with bcrypt
Flexible Policy Engine - Dynamic permission management
- Version-controlled policy statements with semantic versioning
- Case-insensitive property handling with normalized execution
- Allow/deny statement evaluation with explicit permission requirements
- Administrative policy templates for full-access scenarios
Development & Deployment
Cloud-Native Architecture - Production-ready deployment
- Docker containerization with multi-environment support
- GitLab CI/CD with automated testing, building, and deployment
- AWS integration with CloudWatch logging and monitoring
- Environment-specific configuration management
Developer Experience - Streamlined development workflow
- Hot-reload development with TypeScript compilation watching
- Comprehensive API documentation with request/response examples
- Test-driven development with Node-Tap and extensive mocking
- Code quality enforcement with automated linting and formatting
The Coeus platform demonstrates exceptional technical execution, combining high-performance architecture with enterprise-grade security to deliver a robust, scalable data API solution serving multiple production applications and thousands of users.
Project Details
Client
Timeline
4 months
Role
Principal Software Engineer & Technical Lead
Technologies & Skills
© 2025 Gabe Wyatt. All rights reserved.