Technical Capabilities¶
This page provides a business-friendly overview of Carbon Connect's technical foundation. You do not need to be a developer to understand these capabilities -- they represent the reliability, speed, and quality that our customers experience.
Platform at a Glance¶
| Metric | Value | What It Means |
|---|---|---|
| API Endpoints | 60+ | A comprehensive, mature platform with full functionality across all features |
| Automated Tests | 533 passing | Extensive quality assurance -- every feature is verified automatically before release |
| Response Time | Under 200ms | The platform feels instant to users; no waiting for pages to load |
| Search Speed | Under 100ms | Grant search results appear before you finish typing |
| Matching Speed | Under 500ms | Personalized grant recommendations calculated in less than half a second |
| AI Generation | Under 3 seconds | A complete application draft section generated in the time it takes to blink twice |
Reliability and Uptime¶
Blue/Green Deployments¶
When we release updates, we use a technique called blue/green deployment. This means the new version of the platform runs alongside the existing version, and traffic is only switched over once the new version is confirmed healthy. If anything goes wrong, we switch back instantly.
Result: Zero downtime during updates. Users never experience interruptions.
Automated Health Checks¶
The platform continuously monitors its own health. If any component becomes unhealthy, automated systems detect the issue and either recover automatically or alert the engineering team within seconds.
Automated Backups¶
| Data Type | Backup Method | Recovery |
|---|---|---|
| Database | Automated daily snapshots + continuous archiving | Point-in-time recovery to any second |
| Documents | Version-controlled storage with redundancy | Instant retrieval of any version |
| Search indexes | Rebuilt automatically from source data | Full rebuild in minutes |
| Configuration | Infrastructure-as-code (every setting is version controlled) | Complete environment recreation |
Pre-Deployment Safety
Before every production deployment, the system automatically takes a database snapshot. If the deployment causes issues, we can restore to the exact pre-deployment state.
Security Architecture¶
Defense in Depth¶
The platform implements multiple layers of security, so that no single point of failure can compromise data:
| Layer | Protection |
|---|---|
| Network | Private cloud network (VPC) with public, private, and data subnets |
| Transport | All data encrypted in transit with TLS 1.2+ |
| Storage | All data encrypted at rest with AES-256 encryption |
| Application | JWT authentication, input validation, SQL injection prevention |
| Data isolation | Row-level security ensures tenants cannot see each other's data |
| Secrets | All credentials stored in AWS Secrets Manager, never in code |
Automated Security Scanning¶
Every code change passes through eight automated security checks before it can be deployed:
- Code quality analysis -- automated review for common vulnerabilities
- Static analysis (Bandit) -- Python-specific security checks
- Dependency vulnerability scanning -- checks all third-party libraries for known issues
- Secret detection -- prevents accidental credential commits (pre-commit + CI)
- Infrastructure security (tfsec) -- validates cloud configuration follows security best practices
- Container scanning (Trivy) -- checks deployment packages for vulnerabilities
- Test coverage gate -- minimum 70% of code must be covered by automated tests
- Build verification -- ensures the application builds correctly before deployment
Performance Architecture¶
How We Achieve Sub-200ms Response Times¶
| Technique | Benefit |
|---|---|
| Asynchronous processing | The server handles thousands of requests simultaneously without blocking |
| In-memory caching | Frequently accessed data (company profiles, common queries) is stored in fast memory |
| Optimized search engine | Meilisearch is purpose-built for instant full-text search, separate from the main database |
| Vector indexing | Specialized indexes (HNSW) enable similarity search across thousands of grants in milliseconds |
| Background processing | Heavy tasks (data pipeline updates, embedding generation) run in the background without affecting user experience |
Scalability¶
The platform is designed to handle growth without performance degradation:
| Component | Scaling Strategy |
|---|---|
| Web servers | Add more instances automatically as traffic increases |
| Background workers | Scale independently based on queue depth |
| Database | Read replicas for query scaling, connection pooling for efficiency |
| Search engine | Handles 100,000+ documents with consistent sub-100ms performance |
| File storage | Virtually unlimited capacity with automatic cost optimization |
Development Quality¶
Test Coverage¶
The platform's 533 automated tests cover every major feature area:
| Area | Tests | Coverage |
|---|---|---|
| Authentication and security | 14 tests | Login, registration, token management |
| Multi-tenant isolation | 6 tests | Cross-tenant access prevention |
| Company management | 13 tests | Profile CRUD operations |
| Grant search and filtering | 19 tests | Search, filters, pagination |
| Matching engine | 32 tests | Algorithm accuracy, performance, edge cases |
| Application assistant | 43 tests | AI generation, content filtering, templates |
| Data pipeline | 57 tests | Scraping, normalization, deduplication |
| Email notifications | 42 tests | Template rendering, delivery, scheduling |
| Background tasks | 89 tests | Celery workers, async processing, sync tasks |
| API endpoints | 66 tests | Dashboard, partner, reference, application APIs |
| Infrastructure services | 110 tests | Meilisearch, storage, secrets, task management |
| Other | 42 tests | Client libraries, worker tasks, utilities |
Continuous Integration¶
Every change to the codebase triggers an automated pipeline that:
- Runs all 533 tests
- Checks code formatting and style consistency
- Performs security scanning
- Validates infrastructure configuration
- Builds deployment packages
- Verifies the frontend compiles correctly
Only code that passes all of these checks can be merged and deployed.
Infrastructure¶
Cloud Architecture (AWS)¶
The platform runs on Amazon Web Services with a production-grade architecture:
| Service | Purpose | Reliability Feature |
|---|---|---|
| ECS Fargate | Runs the application without managing servers | Auto-scaling, health checks |
| RDS PostgreSQL | Primary database with vector search | Multi-AZ, automated backups, encryption |
| ElastiCache (Valkey) | Fast caching and message queuing | In-transit + at-rest encryption, failover |
| S3 | Document storage with intelligent tiering | 99.999999999% durability, versioning |
| CloudFront | Content delivery for global performance | Edge caching in 400+ locations |
| Secrets Manager | Credential storage and rotation | Encrypted, audited access |
| CloudWatch | Monitoring, logging, and alerting | Real-time visibility into all systems |
Infrastructure as Code¶
Every piece of infrastructure is defined in code (Terraform), meaning:
- Environments can be recreated from scratch in minutes
- Every configuration change is reviewed and version-controlled
- Development, staging, and production environments are guaranteed to be consistent
- Disaster recovery is a matter of running a script, not manual rebuilding