Tweek Core Services

  • Gateway - front facing endpoint serves web and api calls. Responsible for enforcing API Policies and forwarding requests to relevant microservices
  • API - Tweek core engine, calculate values and read/write to context
  • Editor - Client web app for editing Tweek keys, context, policies, etc…
  • Authoring - REST API for editing Tweek keys definition, policies.
  • Publishing - Git proxy, validates key/policies definition, create and upload keys/policies bundles to Minio and update Git upstream.

Tweek dependencies

  • Git - Storage for all keys data and policies
  • Context DB - Store all identities’ context and key overrides (can be Redis/Couchbase/Mongodb)
  • Minio/S3 - Object storage for policies/keys bundles
  • Nats - pub/sub for sending updates on bundle updates
  • OIDC provider/s - used to validate JWT tokens



  • All blue components are Tweek services

Typical update key flow

  1. User browse the editor (via gateway url)
  2. User select a key, update and save it
  3. Editor send update request to gateway
  4. Gateway validate request and forward to authoring
  5. Authoring update the relevant key files and push to publishing
  6. Publishing run partial validation (complication, circular dependencies, etc…)
  7. Publishing update the git upstream
  8. Publishing create a new bundle of all keys and upload to object storage (Minio/s3)
  9. Publishing send nats update
  10. Api get notified by nats update
  11. Api download the latest bundle
  12. Api can now calculate values based on the new key definition.

We think on update a key as typical “code update flow”. we start by updating the key (which is represented by manifest and rules files), push to git. Publishing does validation and deployment of the new “code” and serve as the “CI/CD” pipeline. After the code was validated and the bundle was uploaded, the api service fetch the latest version.