PiggyPulse is a security-informed SaaS platform for flexible personal budgeting.
It consists of a versioned backend API and a mobile-first web client, deployed independently and governed by explicit contract boundaries.
Production:
- App: https://piggy-pulse.com
- API: https://api.piggy-pulse.com
- Documentation: https://docs.piggy-pulse.com
- Storybook: https://piggypulse-storybook.pages.dev/
PiggyPulse is designed around three core principles:
- Security-first authentication
- Explicit domain modeling
- Clean separation of concerns
The system is composed of:
piggy-pulse-api— Rust backend servicepiggy-pulse-app— React frontend clientpiggy-pulse-ios- iOS apppiggy-pulse-docs— OpenAPI documentation (static)
Each component is deployed independently.
High-level structure:
Browser Client
↓
Versioned API (/v1)
↓
Domain Layer
↓
PostgreSQL
Key properties:
- HttpOnly cookie-based authentication
- CSRF protection
- Argon2 password hashing
- DTO separation between internal models and external contracts
- Stateless API design
- OpenAPI as a first-class artifact
- Dockerized deployment
Security is not treated as a feature but as a structural property of the system.
Authentication model:
- HttpOnly session cookies
- No tokens stored in localStorage
- Backend validation on every request
- Rate limiting on sensitive endpoints
- Optional 2FA support
- Token-based password recovery with expiration
Password hashing uses Argon2 with memory-hard parameters.
The author previously contributed to Lyra, a Password Hashing Competition candidate, during graduate research. That background informs the authentication design and selection of modern password hashing strategies.
Backend: https://github.com/leocalm/piggy-pulse-api
Frontend: https://github.com/leocalm/piggy-pulse-app
iOS: https://github.com/leocalm/piggy-pulse-ios
API documentation: https://github.com/leocalm/piggy-pulse-docs
- Containerized services
- CI-driven deployment
- Automatic migrations on startup
- Independent frontend and backend pipelines
- Separate documentation hosting
Deployment is reproducible via Docker.
- Versioned under
/v1 - Breaking changes require version bump
- OpenAPI contract reviewed before release
- No silent breaking changes
- Contract treated as public boundary
PiggyPulse is licensed under the GNU Affero General Public License v3.0 (AGPLv3).
You are free to use, modify, and self-host the software.
If you run a modified version as a network service, you must make the modified source code available under the same license.
See the LICENSE file for full details.