About the platform
One platform, deliberately modular.
Aster is a multi-tenant ERP built as a modular monolith: every operational module runs on one shared backbone of identity, entitlements, accounting, and audit — fast to evolve today, designed to extract into services later without a rewrite.
Architecture
One backbone. Many modules.
Modules don't bring their own login, their own permissions, or their own ledger. They plug into shared platform capabilities, so a tenant adopting a new module inherits the same security and financial discipline from day one.
Module boundaries mirror future service seams: services consume repository interfaces, cross-module work flows through explicit contracts, and async work runs through durable jobs and outbox semantics.
Today
Health-first, not health-only.
The deepest workflows today are health operations: outpatient encounters, pharmacy dispensing, and operational billing built for real front-desk and clinical throughput. Health proved the platform; it doesn't define its limits.
Alongside
ERP foundations included.
Accounting is the baseline module every tenant starts with. Inventory keeps an append-only stock ledger with cost-of-goods integration, and procurement settles into accounting through explicit contracts. Platform administration grants further modules per tenant as a commercial decision, not a configuration accident.
Security
Isolation you don't have to trust us on.
Tenancy, access, and auditability are enforced in the database and the platform layer — not by application code remembering to be careful.
Two access planes
Platform administration manages tenants, plans, and subscriptions. Tenant staff operate only tenant-scoped data. The separation is structural — platform access is never a shortcut into tenant business data.
Row-level security everywhere
Every tenant-scoped table carries its tenant, and Postgres enforces isolation below the application. A query that forgets a filter still cannot cross a tenant boundary.
Sessions built for revocation
Web sessions use HTTP-only cookies, stay bound to one tenant for their lifetime, and support immediate revocation for sensitive checks.
Permission gating on every route
Protected routes are gated by an explicit permission catalog — on the backend and reflected honestly in the interface. If an action is not permitted, it is not shown as available.
Audited support access
When support staff need to see a tenant workspace, they go through explicit, time-bound impersonation that is recorded end to end.
In development
The spatial edge.
Fleet tracking and operational mapping are being built as the platform's competitive edge: live vehicle telemetry, tenant-authored operational geography, corridors, and route-deviation evaluation — all under the same tenant, branch, and audit rules as every other module. It ships when it meets that bar, and the interface never claims more than the backend delivers.
Engineering posture
Built for extraction, not rewrite.
A modular monolith keeps delivery fast while the product finds its depth — one deployment, one database, one consistent operational story. Because boundaries are honest today, any module that needs to scale independently tomorrow can leave the monolith without taking the platform's guarantees with it.