Development Security
Technology that evolves with you, not against you.
The N platform is built on a stack of established, actively maintained technologies — no experimental frameworks, no single-maintainer packages, no dependencies that create vendor lock-in. Every component has years of production use and a large contributor base.
Modular Architecture
The platform comprises 20+ independent packages. Each package has its own versioning, test suite, and deployment cycle. A CMS update doesn't require rebuilding the ERP module. A security fix doesn't touch the event management layer.
This isn't a monolith split into folders — each module declares its own dependencies and can be installed, updated, or replaced independently through Composer. Customizations survive upgrades because they live in separate packages, not inside the core.
Core packages: authentication & tenancy, base models, API access, audit & versioning, content management, media management
Domain packages: forms, events, news, knowledge base, documents, tags, ERP, AI, webhooks
Testing & Code Quality
30+ test files across packages covering unit, feature, and integration scenarios
Security-specific tests: tenant isolation, policy enforcement, upload validation, authentication events
Automated code formatting enforced on every change (PSR-12 standard via Laravel Pint)
PHPUnit 11 with strict type checking
Minimal External Dependencies
The platform uses about 10 production dependencies beyond Laravel itself. Every one of them is a well-maintained, widely used package with a clear, single purpose. No experimental frameworks. No packages abandoned by their maintainers. No surprises.
Laravel Sanctum
First-party API authentication, maintained by the Laravel core team.
Laravel Reverb
First-party WebSocket server, maintained by the Laravel core team.
Maatwebsite Excel
Enterprise spreadsheet processing with encryption support for sensitive data exports.
Spatie Packages
The most trusted Laravel package ecosystem, used in production by thousands of applications worldwide.
Multi-Tenancy & Data Isolation
Every request is scoped to a company and site. Data isolation is enforced at the database level — not just in application logic.
Multiple websites or applications can run under one company, each with their own content, media, and configuration. Each tenant can operate on a dedicated database, with credentials encrypted at rest and decrypted only at connection time.
Tenant isolation applies consistently across HTTP requests, background jobs, CLI commands, and WebSocket connections. A queued job cannot accidentally access another tenant's data.
Authorization
Access control is policy-based, covering every model and operation — create, read, update, delete — enforced at the framework level. The admin interface automatically respects these policies: users only see what they are authorized to access.
Roles and permissions are built on Spatie Permission with 24-hour caching. Granting or revoking access takes effect without requiring a deployment.
Audit & Change Tracking
Every model change is automatically tracked — who made it, when, from which IP address, and what exactly changed, field by field, with old and new values. Login and logout events are recorded with IP and user agent.
Content supports draft and publish workflows with up to 10 stored versions per record. Any previous version can be restored with one click.
Audit logs are automatically pruned after 365 days (configurable). The audit trail is designed to support GDPR, SOC 2, and similar compliance frameworks.
Background Processing & Real-time Notifications
Long-running operations — bulk updates, imports, media processing — run as background jobs with automatic retry logic and structured logging. Users receive real-time notifications via WebSocket when operations complete. Failed jobs retry three times with exponential backoff.
Every job logs its full context — operation type, model, user, tenant — in structured JSON format, compatible with monitoring tools such as Grafana.
Knowledge Base
The platform comprises 20+ independent packages, each with its own versioning, test suite, and deployment cycle. A CMS update doesn't require rebuilding the ERP module. A security fix doesn't touch the event management layer. Customizations survive upgrades because they live in separate packages, not inside the core — so new features arrive without breaking existing functionality.
The platform runs on any Docker-compatible host: bare metal, VPS, AWS, Azure, GCP, or on-premise. No cloud vendor lock-in, no proprietary runtime fees. All production dependencies beyond Laravel are open-source with permissive licenses.
Every request is scoped to a company and site. Data isolation is enforced at the database level — not just in application logic. Each tenant can operate on a dedicated database, with credentials encrypted at rest and decrypted only at connection time. Isolation applies consistently across HTTP requests, background jobs, CLI commands, and WebSocket connections. A queued job cannot accidentally access another tenant's data.
The platform integrates with Sentry for error tracking, Grafana + Loki for log aggregation, Papertrail for cloud log management, Slack for real-time critical alerts, and any syslog-compatible monitoring solution. A dedicated /up health check endpoint integrates with load balancers and uptime monitoring services out of the box.