taktiko: a multi-tenant ERP platform we built and run

A back office for a small business is deceptively wide: accounting, payroll, leave, invoicing, bank reconciliation, and tax filing all have to agree on the same numbers. Kosovo adds its own constraints: ATK e-deklarimi, KKRF contributions, and bank salary files in a specific CSV format. Stitching that together from generic tools leaves gaps that show up as filing errors and manual rework. The platform problem is keeping one tenant fully isolated from another while every tenant gets the same correct engine underneath.

taktiko is multi-tenant from the ground up. A Clerk middleware proxy maps each customer subdomain to a tenant-internal route, and every backend call goes through a tenantQuery/tenantMutation layer that enforces tenant scope, checks permissions, and writes an audit row. Permissions are a single source of truth: 19 permissions across 8 roles, evaluated on the server, not trusted from the client. The tax engine computes Kosovo VAT and withholding and exports ATK and KKRF filings directly. Banking automation generates Kosovo CSV salary files and matches statement lines back to ledger entries. Gemini reads receipts into draft expenses, and a token-gated ICS feed exposes a tenant calendar without opening the data model. The stack is Next.js 16, React 19, and a typed Convex backend with crons, HTTP endpoints, and storage.