← Back to Work

Neon-native architecture with RLS as the authorization boundary

Night Owl

A Discord-native game-night orchestrator that finds what a friend group can play together, then gets them from 'let's play something' to launched.

Role
Sole engineer, designer, and operator
Year
2026
Status
In Development
  • React / Vite (pnpm monorepo)
  • Neon serverless Postgres + Data API
  • Postgres Row-Level Security (authz)
  • Clerk (JWT auth)
  • AWS Lambda + CDK
  • Discord bot (Ed25519-verified)
  • Steam / IGDB integrations

182 games

Steam library imported (end-to-end proof run)

2026-06-12 · First real import proving the pipeline; 164 net-new after de-duplication against the existing 40-game catalog, reaching 204

Challenge

Friend groups own games scattered across Steam, Xbox, and PlayStation, and coordinating a session is its own chore: find the overlap, vote, schedule, launch. Night Owl is the coordination layer, not another game or chat app. It was also a deliberate architecture experiment: the first project in the portfolio built Neon-native rather than on the standard EC2 and shared-database pattern, which forced a hard question about where authorization actually lives.

Process

Because Neon’s Data API serves the browser directly over HTTP, there is no server-side API tier to gate reads and writes for most tables. So Postgres Row-Level Security is the entire authorization boundary. That is a strong bet, and it was proven rather than assumed: a two-phase adversarial test suite first validated the policies at the mechanics level, then re-ran the whole model over the live Data API with genuine Clerk-signed JWTs, 11 of 11 assertions passing including deliberate forged-role-escalation attempts. The OAuth-token table is not merely policy-gated but physically ungranted, unreachable by the API role at all. Adversarial testing surfaced and closed two authorization edge cases before launch.

The Discord bot uses a two-surface trust split: untrusted public interactions hit a stateless, Ed25519-signature-verified Lambda, while the bot token lives only on a separate always-on daemon, shrinking the blast radius. Every auth, IAM, and RLS surface went through dual adversarial review before merge, with migrations dress-rehearsed on throwaway database branches.

Result

The web app is live at nightowl.gg and the Steam import pipeline is proven end-to-end against a real 182-game library. Session orchestration, voting, and the decision engine are built and code-reviewed but not yet deployed; the product is pre-launch with no customers. The pre-launch cost model projects a roughly 88 to 91 percent gross margin at target scale, a modeled figure, not a measured result. The lasting value here is the RLS-as-authorization pattern, proven adversarially and adopted as a workspace standard.