Tomasz Karwatka

Posted on Jan 7

Open Mercato FAQ

#architecture #backend #opensource #productivity

Short intro: Open Mercato is the AI-Supportive Foundation for Enterprise Software

Open Mercato is an open-source foundation framework designed to accelerate the development of advanced CRM, ERP, and e-commerce platforms. It bridges the gap between rigid, "one-size-fits-all" SaaS solutions and the high cost/risk of building custom software from scratch.

Why it’s a Game-Changer:

Focus on Value, Not Infrastructure: We handle the "80% of repetitive code"- multi-tenancy, RBAC (Role-Based Access Control), billing, and audit logs - so your team can focus on the 20% that actually drives business value.
Compliant with the Open–Closed Principle (OCP) - open for extension, closed for modification, so you can build custom changes without forking or touching the core system.
AI-Native & Security-First: Engineered for the AI era, Open Mercato includes tenant-scoped encryption by default. Each client has their own encryption key, making it safe for Healthtech, Finance, and Enterprise deployments.
Modern Tech Stack: Built for developers by developers using Next.js, TypeScript, PostgreSQL, and MikroORM.

"Software Houses using Open Mercato stop selling 'dev hours' and start selling 'business transformation' with higher margins and zero technical debt."

Vision & Strategy

Does "fast" mean "low quality"? How do you avoid the "spaghetti code" often associated with AI generation?

The fear that speed equals poor quality is justified when talking about raw AI-generated snippets. However, Open Mercato is not a "code generator"; it is a foundation framework.

Guardrails: We provide a production-ready stack (Next.js, TypeScript, MikroORM) with built-in patterns for multi-tenancy and security.
Predictability: Instead of letting AI hallucinate an entire architecture, developers use Open Mercato’s structured modules, entities, and workflows. AI is used to accelerate the population of this proven structure, not to reinvent the wheel every time.

If AI can build software, why do I need Open Mercato? Why not just prompt a full app?

Prompting a full enterprise application from scratch often leads to a "dead end" where the lack of architectural consistency makes maintenance impossible.

The "Engine" Advantage: Open Mercato provides the "plumbing"—auth, multi-tenancy, RBAC, and encrypted data layers—which are notoriously difficult to prompt correctly and securely.
Focus on Value: We allow your team (or the AI) to focus 100% on unique business logic rather than rebuilding login screens and API wrappers for the thousandth time.

Is this just another "Boilerplate" or "Starter Kit"?

No. A boilerplate is a one-time copy-paste that becomes a maintenance nightmare as it diverges.

Open–Closed Principle (OCP) - open for extension, closed for modification, so you can build custom changes without forking or touching the core system
Seamless Updates: Because you aren't forking the code, you can update the Open Mercato base to the latest version while keeping your custom business logic intact.

Security & Enterprise Compliance

Is "Tenant-Scoped Encryption" just a marketing buzzword?

Actually, it is a sophisticated technical implementation rare in standard frameworks.

How it works: We use field-level encryption where each tenant (client) has their own unique encryption key. Even if the database is compromised, data from Client A cannot be decrypted with Client B’s key.
Performance: We use AES-GCM wrappers within the ORM lifecycle, ensuring that while data is encrypted at rest, CRUD operations remain fast.

Can this really pass a heavy Enterprise or Healthtech audit?

Yes. Open Mercato was designed specifically for high-stakes industries.

RBAC & Feature Flags: We offer feature-based Role-Based Access Control that can be scoped down to the individual user or organization level.
Auditability: Every entity and query is automatically isolated by tenant_id and organization_id, preventing cross-tenant data leaks by design.

Architecture

Why TypeScript and not a "classic" ERP language?

We chose a modern stack (Next.js App Router, TypeScript, zod, Awilix DI) to maximize developer productivity and AI compatibility.

Type Safety: TypeScript ensures that as you scale and customize, the system remains self-documenting and less prone to the runtime errors that plague large-scale ERPs.
Web-Native: Modern businesses demand real-time, responsive interfaces and "Headless" API capabilities, which the TypeScript ecosystem excels at.

How do you handle complex local accounting requirements?

Open Mercato is a foundation, not a finished ERP.

Module-Based: You can build or plug in for "Accounting" or "KSeF" module.
The Ecosystem: Our goal is for the community to contribute these specialized modules, which can then be shared or sold, similar to how specialized plugins work in other ecosystems but with enterprise-grade stability.

How to Prevent Technical Debt using Open Mercato

In traditional software development, when a developer needs to customize a framework for a client, they often fork the repository. This creates an immediate and permanent divergence:

Security Debt: You can no longer easily pull upstream security patches because your custom code has "mutated" the core.
Update Paralysis: Over time, the cost of merging the original framework's updates becomes so high that the project is "frozen" on an old, vulnerable version.
Vendor Lock-in: The client becomes a hostage to whoever wrote the custom modifications, as no one else can untangle the "spaghetti" of core vs. custom logic. Open Mercato solves this by treating the core framework and your custom business logic as two distinct, non-destructive layers.

Architectural Separation

Instead of modifying the source code of a core module, you create an Overlay.

Non-Destructive: You can overwrite any fragment of the system - from a single UI button to a complex backend validation logic -without touching the core files.
Auto-Discovery: The framework is designed to automatically detect these overrides at runtime, prioritizing your custom logic over the default "out-of-the-box" behavior.

Dependency Injection (DI) as a Power Tool

We use the Awilix DI container to manage how services are loaded.

Service Overriding: Every module has a di.ts file. If you need a different calculation for "Tax" than what the core ERP provides, you simply register your new service in the DI container.
Request-Scoped: The container is constructed per request, allowing for different logic to be injected based on the specific tenant or user context.

Modular "Lego" Structure

The system is divided into self-contained modules located in src/modules/.

Encapsulation: Each module contains its own APIs, database entities, and frontend pages.
No Global Schema: Database migrations are generated and applied per module, preventing a "monolithic" database that is impossible to change.

By using Feature-based RBAC and Feature Flags, you can roll out these "Overlays" to specific clients or users without affecting the rest of the system.

Safe Testing: You can enable a new custom module for a single organization to test it in production safely.
Clean Slate: If a custom experiment fails, you simply delete the overlay, and the system instantly reverts to its stable core behavior.

Business & Software Houses

Will this "kill" developer jobs?

On the contrary, it evolves them. The era of billing for "basic CRUD" is ending because AI makes it a commodity.

From "Hours" to "Solutions": Software Houses using Open Mercato stop selling "dev hours" and start selling "business transformation".
Higher Margins: By reducing the time spent on infrastructure (the 80% of code that is the same in every app), you can deliver projects faster with higher margins while focusing on the complex 20% that actually solves the client's problem.

What about "Vendor Lock-in"? What if I want to leave Open Mercato?

Open Mercato is Open Source (GitHub: open-mercato).

No "Black Box": You have full access to the source code.
Standard Tech: We use industry-standard tools like PostgreSQL, Redis, and MikroORM. Your data and your custom logic are yours to move if you ever decide to deviate from the framework.

Getting Started & Support

Who takes responsibility when something breaks?

When an agency builds on Open Mercato, they remain the "service provider" for their client.
However:

Community & Backing: The project is supported by Catch The Tornado, an organization focused on building global tech companies.
Testing: We maintain growing unit and integration test coverage to ensure that the core remains stable even as you extend it. = Vibrant, Fast-Growing Community: Connect with the team and other builders in our Discord community.