oakallow runs on a Cloudflare + Vercel architecture:
- Cloudflare Workers handle authentication, API key verification, permission resolution, token minting, approvals, execution logging, and other core runtime logic.
- Cloudflare D1 is the shared relational data store for permission and runtime data, and Cloudflare KV is used for fast key lookups and auth caching.
- Vercel hosts the developer dashboard, documentation, and application routes for billing, teams, support, and management workflows.
Supporting services such as ScaleKit (identity), Stripe and Apple IAP (billing), and Resend (transactional email) plug into that core architecture.
Internal service communication uses signed headers with a 30-second drift window for timing-safe validation where applicable.