NNO Docs

System Architecture

NNO platform service architecture, dependencies, and infrastructure overview.

System Architecture

NNO is a multi-tenant platform built on Cloudflare's developer infrastructure. This page provides a visual overview of how services connect.

Service Dependency Graph

The Gateway is the single entry point for all API traffic. It proxies requests to upstream services via Cloudflare Service Bindings (zero-latency, in-process calls).

graph TD
    Client[Client Apps / CLI] --> GW[Gateway]

    GW --> IAM[IAM Service]
    GW --> REG[Registry Service]
    GW --> BILL[Billing Service]
    GW --> PROV[Provisioning Service]
    GW --> SR[Stack Registry]
    GW --> CLI[CLI Service]

    REG --> PROV
    REG --> BILL
    REG --> IAM

    subgraph "Cloudflare D1 Databases"
        D1_IAM[(iam-db)]
        D1_REG[(registry-db)]
        D1_BILL[(billing-db)]
        D1_PROV[(provisioning-db)]
        D1_SR[(marketplace-db)]
    end

    IAM -.-> D1_IAM
    REG -.-> D1_REG
    BILL -.-> D1_BILL
    PROV -.-> D1_PROV
    SR -.-> D1_SR

    subgraph "Cloudflare KV"
        KV_STATUS[Platform Status KV]
        KV_TOKENS[CLI Token Cache KV]
    end

    GW -.-> KV_STATUS
    REG -.-> KV_STATUS
    CLI -.-> KV_TOKENS

    subgraph "Cloudflare Queues"
        Q_PROV[Provision Queue]
        Q_DLQ[Provision DLQ]
    end

    PROV -.-> Q_PROV
    PROV -.-> Q_DLQ

    subgraph "External Services"
        STRIPE[Stripe API]
        GITHUB[GitHub API]
        CF_API[Cloudflare API]
    end

    BILL --> STRIPE
    CLI --> GITHUB
    PROV --> CF_API

    style GW fill:#4f46e5,color:#fff
    style Client fill:#6b7280,color:#fff
    style STRIPE fill:#635bff,color:#fff
    style GITHUB fill:#24292e,color:#fff
    style CF_API fill:#f38020,color:#fff

Service Catalog

ServicePurposeDatabaseBindings
GatewayAPI proxy, rate limiting, CORSNone (stateless)All 6 services, KV
IAMAuthentication, roles, permissions, API keysD1 (iam-db)Analytics
RegistryPlatform catalog, stacks, resources, DNS recordsD1 (registry-db)Provisioning, Billing, IAM, KV
BillingStripe integration, subscriptions, usage meteringD1 (billing-db)None
ProvisioningCF resource lifecycle, Workers/Pages/D1 creationD1 (provisioning-db)Queues
Stack RegistryStack template definitions (versioned JSON)D1 (marketplace-db)None
CLI ServiceGitHub repo management, CF Pages deploysKV (token cache)None

Deployment Topology

All services deploy as Cloudflare Workers. The console app deploys as Cloudflare Pages.

graph LR
    subgraph "Cloudflare Edge Network"
        subgraph "Workers (Backend)"
            GW[gateway.svc.nno.app]
            IAM[iam.svc.nno.app]
            REG[registry.svc.nno.app]
            BILL[billing.svc.nno.app]
            PROV[provisioning.svc.nno.app]
            SR[stack-registry.svc.nno.app]
            CLI_SVC[cli.svc.nno.app]
        end

        subgraph "Pages (Frontend)"
            CONSOLE[console.app.nno.app]
            DOC[docs.app.nno.app]
        end

        subgraph "Storage"
            D1[(D1 Databases x5)]
            KV[(KV Namespaces x2)]
            R2[(R2 Buckets)]
            QUEUES[(Queues x2)]
        end
    end

    DNS[api.nno.app] --> GW
    CONSOLE --> GW
    DOC --> SR

    GW --> IAM & REG & BILL & PROV & SR & CLI_SVC
    IAM & REG & BILL & PROV & SR --> D1
    GW & REG --> KV
    PROV --> QUEUES

    style DNS fill:#f59e0b,color:#000
    style GW fill:#4f46e5,color:#fff
    style CONSOLE fill:#10b981,color:#fff
    style DOC fill:#10b981,color:#fff

API Routing

The Gateway maps incoming requests to upstream services by path prefix:

Gateway PathUpstream ServiceStrip Prefix
/api/v1/iam/*IAMYes → /api/auth/*, /api/nno/*
/api/v1/platforms/*RegistryYes → /api/v1/platforms/*
/api/v1/billing/*BillingYes → /*
/api/v1/provisioning/*ProvisioningYes → /api/v1/provision/*
/api/v1/stacks/*Stack RegistryYes → /api/v1/stacks/*
/api/v1/cli/*CLI ServiceYes → /api/v1/platforms/*
/api/v1/onboarding/*RegistryYes → /api/v1/onboarding/*

Environment Architecture

EnvironmentServicesFrontendDNS Pattern
Production*.svc.nno.app*.app.nno.app<name>.<type>.nno.app
Staging*.svc.stg.nno.app*.app.stg.nno.app<name>.<type>.stg.nno.app
Locallocalhost:8787+localhost:5174N/A

Each environment has fully isolated D1 databases, KV namespaces, and Queues. Service bindings point to environment-specific Worker names (e.g., nno-k3m9p2xw7q-gateway-stg).

Quick Start

Get up and running with NNO in 10 minutes.

NNO Core Development Guide

Documentation for NNO Core Development Guide

On this page

System ArchitectureService Dependency GraphService CatalogDeployment TopologyAPI RoutingEnvironment Architecture