Reza Salmanian

Command Palette

Search for a command to run...

All projectsEnterprise SaaS · AI

CBSai

AI-Powered Enterprise Business Operating System

CBSai replaces a patchwork of disconnected point solutions with one modular operating system, letting mid-market and enterprise operators run finance, people, and operations from a single source of truth — with an AI layer that reasons across all of it.

FinanceCRMHRPayrollInventoryVendor ManagementProjectsExecutive AI

Timeline

  1. Phase 1

    Discovery & architecture

    Defined tenancy model, RBAC design, and module boundaries

  2. Phase 2

    Core platform

    Built shared identity, tenancy, and workflow engine

  3. Phase 3

    Module rollout

    Shipped Finance, CRM, HR, Payroll, Inventory, Vendor Management, Projects

  4. Phase 4

    Executive AI

    Layered cross-module AI reasoning on top of the governed core

Executive Summary

CBSai is a multi-tenant enterprise operating system that consolidates the core back-office functions of a growing business — finance, sales, people, payroll, inventory, vendors, and project delivery — into one architecture, with an AI executive layer that can reason across modules instead of being confined to one.

Business Problem

Growing businesses typically run seven or eight disconnected SaaS tools to cover finance, CRM, HR, payroll, inventory, and vendor management. Each tool has its own data model, its own login, and its own reporting surface. Leadership ends up assembling a real picture of the business by hand, in spreadsheets, days after the numbers were current. The market need was a single operating system where every module shares one data and permission model, so business questions that span departments can actually be answered.

Project Goals

  • Give every module a shared data and identity model instead of bolting integrations onto separate products
  • Support many independent client organizations on one deployment without data leaking across tenants
  • Let an AI layer reason across modules (e.g. cash position + open sales pipeline + payroll run) rather than being scoped to a single app
  • Keep the system extensible so new modules can be added without re-architecting existing ones

Solution Overview

CBSai is built around a shared core (identity, tenancy, permissions, audit) with each business module — Finance, CRM, HR, Payroll, Inventory, Vendor Management, Projects — implemented as a bounded domain on top of that core. An Executive AI layer sits above all modules with read access governed by the same permission model as a human user, so it can answer cross-module questions without becoming a separate, ungoverned data path.

Architecture Decisions

  • Multi-tenant data isolation enforced at the data-access layer, not just in application code, so a bug in one module cannot leak another tenant's records
  • A single role-based access control (RBAC) model shared by every module, so permissions are defined once per tenant rather than per app
  • Modules communicate through well-defined internal contracts rather than reaching into each other's data directly, which keeps modules independently deployable
  • The AI layer is treated as a consumer of the same APIs and permission checks as the UI — it cannot see anything a given user role could not otherwise see
  • Cloud-native deployment with independent scaling per module so a heavy reporting workload in Finance doesn't degrade Payroll processing

Screenshots

Executive dashboard overview

Illustrative — not an actual screen

Cross-module reporting view

Illustrative — not an actual screen

Module navigation and tenant switcher

Illustrative — not an actual screen

Architecture Diagram

CBSai platform architecture

Shared core: identity, tenancy, RBAC, audit
Finance / CRM / HR / Payroll / Inventory / Vendor / Projects modules
Executive AI reasoning layer (permission-scoped)
Cloud-native deployment (GCP)

Technical Challenges

  • Designing a tenancy model that scales from a five-person company to a multi-entity enterprise without a migration
  • Keeping cross-module AI reasoning fast when the underlying data lives in several logically separate domains
  • Building an audit and compliance trail that covers financial and HR data to the standard each domain individually requires
  • Avoiding a monolith while still giving users the feeling of one coherent product, not eight apps stitched together

Engineering Decisions

  • Chose a modular monolith over microservices at launch — independent modules, shared deployment — to avoid distributed-systems overhead before the product-market fit was proven
  • Standardized on one workflow engine for approvals (payroll runs, purchase orders, deal stages) instead of each module inventing its own state machine
  • Invested early in a permissions and tenancy layer, treating it as core infrastructure rather than a per-feature concern

My Responsibilities

  • Owned the overall system architecture and the shared core (tenancy, RBAC, audit)
  • Designed the module boundary contracts so Finance, CRM, HR, Payroll, Inventory, and Vendor Management could evolve independently
  • Led the design of the Executive AI integration layer and its permission model
  • Directed cloud deployment, scaling, and security posture

Technology Stack

TypeScriptReactNext.jsNode.jsPostgreSQLGoogle Cloud PlatformCloud FunctionsOpenAI APICI/CD

Results

  • Consolidated seven-plus point tools into a single operating system for pilot customers
  • Cut the time to produce a cross-department leadership report from days to minutes
  • Established a tenancy and permissions foundation that let new modules ship without re-architecting existing ones

Lessons Learned

  • Getting tenancy and RBAC right before building feature modules paid for itself many times over as the module count grew
  • AI features are only trustworthy in an enterprise context if they inherit the same permission boundaries as everything else — that has to be designed in from day one, not retrofitted

Next project

Artemis

Continue