Balady+ Mini-Apps Platform
2025
Container-based mini-apps with a JS Bridge runtime, a 9-stage CI/CD pipeline, and a two-tier identity model (Mobile OTP / Nafath SSO) with per-app encryption keys carried in the SSO token.
The problem
The Balady+ Super App needs to host third-party mini-applications safely. Letting external teams ship code inside a government super-app is a sharp edge: one bad mini-app can leak citizen identity, exfiltrate data, or take the host down.
The architecture
A container-based mini-app runtime with a JS Bridge exposing only permission-gated native APIs. Each mini-app is sandboxed at the container boundary; the bridge mediates every native capability the mini-app can call (camera, location, payment, identity).
The 9-stage CI/CD pipeline every mini-app passes through:
- Image pull
- Security scan (Trivy + Clair + ClamAV)
- Compliance check
- Automated test
- Manual review
- Approval gate
- Registry push
- Kubernetes deploy
- Post-deploy validation
A bug in any stage halts promotion automatically. Manual review is a hard gate, not a rubber-stamp.
Identity
Two-tier identity model: Mobile OTP for basic services, Nafath SSO for sensitive ones (anything touching identity, payments, or licence state). Each mini-app receives a per-app encryption key carried in the SSO token, so the backend can decrypt payloads bound to that mini-app’s session without ever holding plaintext.
Outcome
A controlled extensibility surface for the Super App. Third-party teams can ship — but only through the gate, never around it.