Reference Architecture

§ 01 / THE CORE COMMITMENT

Metadata-first is the architecture.

Most enterprise platforms describe themselves as "configurable." In practice, configuration covers superficial behavior (logos, color schemes, simple field visibility) while real changes require engineering work, vendor engagement, and release cycles.

Emeron platforms invert this. Every domain entity, every workflow, every form, every role, every permission, every report, every integration is defined in metadata. The runtime interprets that metadata to render UI, execute workflows, enforce permissions, generate reports, and route integrations. Adding a new permit type, a new fund classification, a new approval chain, a new regulator report is a metadata change — not a code change.

This architectural commitment is what makes the rest of the design possible: multi-jurisdiction deployment, configuration-not-customization, capability transfer, and meaningful exit options. Without it, the marketing claims would be marketing claims. With it, they are mechanical consequences of the architecture.

The architectural test: can you point at the line of code where "building permit" is defined? In most permitting systems, you can. In Emeron platforms, you cannot — because there is no such line. Building permit is a metadata record, configurable by your team, version-controlled like any other configuration.

§ 02 / FIVE-LAYER REFERENCE ARCHITECTURE

The substrate, layer by layer.

— L01
Channel Layer
Citizen and staff interfaces: web portal (React 18, server-rendered for accessibility and performance), mobile app (native iOS, native Android, with offline-first patterns for field operations), voice (IVR, conversational AI integration), kiosk (touch-optimized variant of the web portal), and direct API consumption. All channels share the same authentication, session, and workflow context.
— L02
Service Layer
The functional modules that compose into the platforms: Citizen Portal, Workflow Engine, Permit Management, Inspection Management, Document Store, Identity, Payment Gateway, GIS, Analytics, and so on. Each module is independently deployable as a logical service. Modules communicate through the event bus and the metadata core, not through direct point-to-point integration.
— L03
Metadata-First Core
The schema-driven runtime that interprets entity definitions, form definitions, workflow definitions, role definitions, rule expressions, report definitions, and integration definitions. The runtime is .NET 10. The metadata store is PostgreSQL 16 with a versioned schema. Metadata is portable: exportable as standard JSON/YAML and importable into a fresh deployment.
— L04
Integration & Event Layer
API gateway (REST and GraphQL exposed for every entity), event bus (asynchronous events published for every state change, consumed by integrating systems and other modules), and ESB adapters for major enterprise systems (SAP, Oracle, Microsoft, ServiceNow, Salesforce, and major legacy government systems). Open standards are the default: OpenAPI specs are first-class, GraphQL schemas are introspectable.
— L05
Sovereign Infrastructure Layer
Deployment topology: on-premises (your data center, your team), regional public cloud (Azure, AWS, GCP with appropriate residency configuration), private sovereign cloud (national or jurisdiction-specific sovereign cloud offerings), hybrid (citizen-facing in cloud, sensitive on-premises), and air-gapped (fully isolated for defense and intelligence). Customer-managed encryption keys supported across all topologies.

§ 03 / TECHNICAL POSTURE

The actual stack.

Runtime

.NET 10 (LTS). C# 13. Cross-platform: Linux, Windows. Container-native (OCI). Kubernetes-orchestrated in cloud deployments.

Database

PostgreSQL 16 as primary. MSSQL 2022 supported for customer environments where Microsoft is mandated. Read replicas for analytics. JSONB for flexible metadata fields.

Front-end

React 18 with TypeScript. Vite build pipeline. Server-side rendering for SEO and accessibility. Web Components for embedding in third-party portals.

Mobile

Native iOS (Swift), native Android (Kotlin). Offline-first for field apps (inspections, complaints). Push notifications via APNs / FCM.

Caching

Redis 7 for session, distributed cache, rate limiting. Application-level caching for metadata interpretation.

Search

OpenSearch / Elasticsearch for catalog search, citizen record search, audit-log search.

Event bus

Apache Kafka in production deployments. RabbitMQ available for smaller deployments. CloudEvents specification compliance.

Storage

Object storage (S3-compatible APIs) for documents. Encrypted at rest with customer-managed keys.

Observability

OpenTelemetry instrumentation throughout. Prometheus / Grafana for metrics. Loki for logs. Tempo for traces.

CI/CD

GitOps via ArgoCD. Tested deployment pipelines for each topology. Customer-controlled release cadence.

§ 04 / WHAT MAKES IT PORTABLE

Three commitments that protect your exit.

Every government IT contract should be evaluated on what happens at year seven. These three commitments are the architectural answer.

— 01

Metadata portability

Every metadata record is exportable as standard JSON / YAML. The schema is documented and stable across major versions. Your configuration is yours, in a form you can read.

— 02

Data extractability

The data schema is published. SQL-readable. Customer-accessible via direct DB connection in customer-controlled deployments. No proprietary file formats. No black-box stores.

— 03

Standards-only interfaces

REST OpenAPI. GraphQL with introspection. CloudEvents. SAML, OIDC, OAuth 2.0. No proprietary protocols on any external interface. Integrating systems can be rebuilt against open specs.

The reference architecture, in full.

Metadata-first is the architecture.

The substrate, layer by layer.

The actual stack.

Three commitments that protect your exit.

Metadata portability

Data extractability

Standards-only interfaces

The technical conversation your team needs.