HOLIXORASeven products. One authentication system. One permission model. One database abstraction layer. Zero duplicated code.
That is the promise of Holixora Core, the shared library that sits underneath every product we build. It is also the piece of the architecture that most determines whether a multi-product suite holds together or falls apart over time.
The Problem With Building Products in Isolation
Every software team that builds more than one product eventually faces the same problem: should authentication, user management, and shared utilities be duplicated across products, or centralized somewhere?
Duplication is faster to start. Each product team owns its own code, makes its own decisions, moves independently. But duplication compounds. Security fixes have to be applied in five places. User management logic drifts as teams make different decisions. Integrating products becomes an engineering project because the data models are incompatible.
Centralisation is harder to start. You need to design an abstraction that works for products that do not fully exist yet. You need to commit to interfaces before you have seen the full range of requirements. But centralisation compounds in the other direction: every new product benefits from everything that came before.
Holixora Core is our centralisation bet.
What Holixora Core Provides
Authentication
A unified JWT-based authentication system. Tokens are issued by Core, validated by Core, and revoked through Core. Every product in the stack uses the same token format, the same expiry policy, and the same refresh flow.
This means a user with access to multiple Holixora products does not need multiple accounts. It also means the security posture is consistent: if we improve token handling in Core, every product benefits immediately.
RBAC (Role-Based Access Control)
Role definitions and permission checks live in Core. Each product defines its roles (Mercora has Administrator, Manager, Cashier; Hanoman has Administrator, Manager, Front Desk) and maps them to permission sets. The enforcement happens in Core middleware, applied consistently across every API endpoint.
This is the layer that makes product integration safe. When an operator uses both Mercora and Hanoman, the roles are defined in the same system, enforced by the same logic, and auditable from the same interface.
Database Abstraction
Core provides base model classes, session management, and migration utilities that all products inherit. This enforces consistency in how tables are structured, how relationships are defined, and how migrations are applied.
The benefit is that a developer working on any Holixora product already knows the database patterns. There is no product-specific ORM configuration to learn. The SQLAlchemy async patterns are established once.
Cross-Module Event Routing
When an HRD payroll run generates salary disbursements, those should appear as journal entries in the Accounting module. When a credit account reaches its limit, the AR aging report should reflect that. These cross-module flows are handled through Core's event routing layer.
Products emit events to Core. Core routes them to subscribed modules. Products do not call each other directly, which means the integration graph stays flat. Adding a new product does not require modifying existing products. It requires registering the new product's subscriptions with Core.
Why This Architecture Matters for Clients
For a business operator, Holixora Core is invisible. They never interact with it directly. But they feel it everywhere.
Single sign-on across all products. User management in one place. Consistent permission models that enforce the right access without requiring manual configuration in each product. Reports that can pull from multiple products because the underlying data models are compatible.
The alternative, a collection of best-of-breed products from different vendors that require integrations, connectors, and a dedicated admin to manage, costs more and delivers less coherence.
The Trade-Off
Building against a shared core trades flexibility for consistency. A product built on Holixora Core cannot use a different authentication mechanism or a different database ORM. The scaffold is fixed.
For our use case, that is the right trade-off. We are building a suite of products for a specific market, not a general-purpose platform. Consistency in the foundation is an asset, not a constraint.
The products built on Core today are Mercora POS, Hanoman HMS, HRD, Accounting, Credit System, Orbit, and Archily Studio. Each one is different in domain. All of them are the same in infrastructure. That uniformity is the compounding advantage that lets us ship a new product in 72 hours instead of 72 days.
The Holixora Core architecture is available for custom enterprise deployments that need a multi-module system with unified authentication and data integration. Get in touch to discuss your requirements.