A multi-tenant, event-driven HR platform. An employee is simply the next lifecycle state of a candidate — so onboarding, compliance, compensation, documents, and approvals all live in one auditable system of record.
Every write is transactional, historized, and emits a domain event. Nothing is ever hard-deleted.
Shared-schema isolation with tenantId on every collection, index, event, and cache key. Cross-tenant reads are architecturally impossible.
Roles, permission bindings, and scoped grants (self, reports, department, tenant) enforced server-side on every endpoint.
Versioned templates → definitions → executions with approver resolution, delegation, quorum, and SLA escalation.
Visa & certification expiry sweepers fire T-90/60/30/7 alerts. I-9 tracking, retention policies, and GDPR erasure.
SSN and other PII sealed with AES-256-GCM at rest. Segregated read permissions and a fully audited reveal path.
Role-tailored dashboards and a catalog of reports with PII masking and watermarked CSV exports.
Transactional outbox → Kafka fan-out to audit, activity timeline, notifications, projections, and signed webhooks.
Every master collection has a paired history collection. Effective-dated reads let you time-travel to any point.
Same identity, org, auth, and event contracts as the recruiting platform — a future merge is integration, not migration.
The same personId flows from the ATS through every stage — a merge, not a migration.
ATS owns acquisition · EMS owns everything after Hire
Jump straight into the dashboard, browse the employee directory, or read the live OpenAPI reference.