Code Name: Talk it Out

Code Name: Talk it Out

to : Gunner built an end-to-end encrypted, secure chat solution that could be embedded anywhere.

Showcase & Media

Video Case Study

Post Mortem Discussion


Check out photos of this project

Architectural Diagrams

Check out architectural diagrams of this project


What was the problem to be solved?

This client was in an industry that involved recruiting employees from other firms.

It was a sensitive process, which required Gunner to sign an strict NDA to tackle the project.

Because of the sensitive nature of the communications, this client wanted to have a way that there would be no trace of the communication and would not require the other party to install an application.

"We're not usually in the business of poaching employees," Gunner Technology CEO, Cody Swann, said. "But it made since. Potential recruits didn't want any trace that they were being recruited or entertaining going elsewhere because they could be terminated and lose their clients. This app would allow our client to confidently tell their targets they were safe."


What was the proposed solution?

Gunner proposed a completely Serverless approach that would leverage web sockets and embeddable JavaScript to create an HTML5 and CSS3 interface anywhere it was embedded.

Neither party would be required to create an account, however, each link to the embedded JavaScript would require a secret URL, handle and password.

Additionally, the initiator of the conversation would choose a secret key which would be used to encrypt the conversation at REST and in transit.

The key would need to be communicated verbally and the other party would have to decrypt the text in the chat.

The messages would be sent - encrypted - over SSL sockets directly to the other recipient.


What challenges arose during the project?

Gunner had plenty of experience with web sockets but had never set up Serverless web sockets.

After some investigating, the team discovered it could be done using AWS AppSync and AWS Amplify even though that was not the originally intended purpose of the technology.


What was the technical approach to the project?

We used RxJS on the client side to stream the data via a GraphQL endpoint to an AWS Lambda function through Amazon API Gateway.

The request were authenticated with Amazon Cognito and streamed on the backend using GraphQL subscriptions.

AWS Amplify made managing this setup easy and replicable.

The Lambda function simply passed the message as is to the other client where the message was unencrypted using the shared code word.

The two endpoints didn't even need to be on remote servers.

A local HTML file that included the necessary scripts could be used as a client.

"It was quite clever," Swann said. "I wish I could take credit for it, but this was the brain child of the whole team. In the end, we had a system where messages where so Secure, even we couldn't decrypt them. Even if we were subpoenaed, we couldn't tell what was being sent between the two clients."


What was the project management approach to the project?

The team used an Agile Scrum approach to develop this app.

Beginning with a set of requirements, the team performed a one-week Research Sprint to create a comprehensive set of user stories and chores and assigned Effort Points to each.

These were all placed in the project backlog where the project manager added up the sum of all Effort Points and divided that number by the team's average sprint Velocity.

This allowed the team to create a projected timeline as each sprint is one-week long (total Effort Points divided by average Velocity equals number of weeks of development).

The team generally allotes half time for end-user testing and final deployment, so if a project requres two months of development, the team will estimate three months total for development, testing and launch.

Architectural Description

What platform was built for this project?

Gunner created a Serverless architectural infastructure on Amazon Web Services to host this application.

The team used the Serverless framework to manage the disparate parts, including AWS API Gateway, AWS Lambda, Amazon Cognito and more.

For deployments, the team used a continuous deployment, DevOps based-process that leveraged AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy and AWS CodePipeline in a Git-based workflow.

Jest was used in the deployment pipeline to run unit and integration tests against the code base and any failures would halt the deployment process.

The team used Yarn as the package manager and Webpack to bundle and transpile the ES6 JavaScript to ES5 JavaScript.


What did you learn from working on this project?

The team learned how to affordably implement web sockets without a server, which Gunner has applied to a number of other projects since then.


How did this project benefit the client?

Because of the NDA, Gunner is not allowed to give away specific usage statistics of the app, but the firm continues to use this product today.

Why Gunner?

Why was Gunner selected for this project?

The firm was attracted to Gunner's experience with HIPAA.

The team had also created a similar encryption scheme for another client, The Red Notebook.

Additionally, the team had enough time to build a prototype to demonstrate our proposed solution.

The Team

Who worked on this project?


What tools, techniques and methodologies were used on this project?

[object Object]

Adobe Photoshop

Photoshop is Adobe's photo editing, image creation and graphic design software.

[object Object]

AWS AppSync

AWS AppSync automatically updates the data in web and mobile applications in real time, and updates data for offline users as soon as they reconnect.

[object Object]

AWS Lambda

AWS Lambda lets you run code without provisioning or managing servers.


AWS Regions

A Region is a geographical area, which consists of two or more Availability Zones, which are synonymous for a Data Center.

[object Object]

AWS Shield

AWS Shield is Managed DDoS Protection for platforms and services built on AWS.

[object Object]


Babel is a compiler for writing next generation JavaScript

[object Object]


CSS3 is the latest evolution of the Cascading Style Sheets language and aims at extending CSS2.1

[object Object]


Fast, scalable, distributed revision control system

[object Object]


GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data.

[object Object]


HTML5 is the 5th major revision of the core language of the World Wide Web

[object Object]


JavaScript is the world's most widespread programming language, powering the Internet.

[object Object]


Jest is used by Facebook to test all JavaScript code including React applications.

[object Object]


Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications

[object Object]


Reactive Extensions for JavaScript

[object Object]

Serverless Framework

Build web, mobile and IoT applications with serverless architectures using AWS Lambda, Azure Functions, Google CloudFunctions & more

[object Object]


Webpack is a module bundler

[object Object]


Yarn is a package manager for JavaScript

Give us a try free for 30 days!

Don't take our word for it. New clients get to try our services free for 30 days.

We'll put together a team of analysts, developers and designers to partner with you and get to work.

To get started, just fill out the form below.

They show a passion for understanding our business objectives

They show a passion for understanding our business objectives

They get the job done on time and are quite adept at using open source technology, which saves us money. Gunner balances pragmatism and perfectionism, which is important to us. After using them for both short term and long term projects, we cannot give a higher recommendation

Sam Petteway - CEO

5348 Vegas Drive
Las Vegas, NV 89108
GSA: GS-35F-306GA | CAGE: 7Q6F5 | DUNS: 078818362
© 2020 Gunner Technology
Privacy Policy | Terms of Use