Services Overview
Olly is composed of 14 backend services sharing a PostgreSQL cluster, communicating over Kafka, and authenticating with Keycloak. Each service owns its own database schema and exposes a JWT-protected REST API.
Service Catalogue
| Service | Port | Database | Description |
|---|---|---|---|
| claims | 4001 | claims | Claims adjudication, prior auth, ClaimLine processing |
| eligibility | 4002 | eligibility | Member coverage lookups and accumulator tracking |
| enrollment | 4003 | enrollment | Quote/policy lifecycle, transactions, underwriting |
| billing | 4004 | billing | Invoices, payments, ledger, installment schedules |
| provider | 4005 | provider | Provider directory, credentialing, network status |
| notifications | 4006 | notifications | Multi-channel notification dispatch (email/SMS) |
| policy-admin | 4007 | policy_admin | Products, plan designs, rule sets, parties, accounts |
| triage | 4008 | triage | AI-powered medical triage sessions and DDx engine |
| care | 4009 | care | Care episodes, appointments, prescriptions, referrals |
| consent | 4010 | consent | Member consent records and right-to-erasure requests |
| document-service | 4011 | document_service | Document storage, template rendering, S3-backed delivery |
| group-scheme-service | 4012 | group_scheme | Employer group schemes and bulk enrollment |
| broker-api | 4013 | broker | Broker/agent portal — quotes, portfolio, commissions |
| member-portal-api | 4014 | — | Stateless BFF aggregating data for member portal and mobile app |
Common Patterns
Every service follows the same startup sequence and internal layout. See Architecture → Service Structure for full details.
Authentication: All externally accessible routes require a Keycloak Bearer token validated against the JWKS endpoint. Routes prefixed /internal/ bypass JWT and are protected at the APISIX gateway level.
Kafka / Outbox: Services publish domain events transactionally via an outbox table. A background poller reads undelivered rows, publishes to Kafka, then deletes them. This guarantees at-least-once delivery without distributed transactions.
Migrations: Each service runs Goose SQL migrations on startup against its dedicated database schema.
Observability: All services emit OpenTelemetry traces and structured JSON logs. Health endpoints at /healthz (liveness) and /readyz (readiness + DB ping) are standard.