Good fit when
- Your workflows need meaningful customization.
- A technical team can own the application and operations.
- Source access, modularity and TypeScript delivery matter.
- You can fund discovery, migration, testing and maintenance.

Open source. MIT licensed.
A modular, open source CRM and ERP foundation for teams building their own business applications.
Scroll. The market is opening.
Open Mercato is an open source, modular CRM and ERP framework for teams building self-hosted business applications in TypeScript. It provides shipped foundations for customers, catalog, sales, workflows, access control, search and integrations. Configuration, custom modules, data migration, infrastructure and ongoing operations remain part of each implementation.
Framework foundation, not turnkey SaaS. Core is MIT licensed; enterprise software, implementation, hosting and support have separate scope.
Evidence: architecture and module boundaries · Core license
The market
Modules can live in framework packages or an application's src/modules/<id> folder. An app explicitly enables them in src/modules.ts; generators then discover supported convention files such as pages, API routes, entities, events, and translations. Capability and prerequisites vary by module.
Sources: module inventory and dependencies · module registration and generation

module: customers
People, companies, addresses, deals, and activities, with custom-field extension points.
module: sales
Quotes, orders, fulfillment, billing documents, and payments built on catalog and customer modules.
module: catalog
Products, variants, attributes, price kinds, and pricing foundations used by sales.
module: data_engine
Module-owned entities, migrations, scoped queries, custom fields, and guarded write paths.
module: workflows
State machines, transitions, activities, user tasks, events, and long-running process instances.
module: integrations
Provider registration, credentials, data-sync, events, and webhooks. Connector behavior remains provider-specific.
module: ai_assistant
An optional package with agent tool allowlists, permission checks, and policies for mutation tools.
module: auth
Sessions and role-based access control (RBAC), scoped by user, tenant, and organization.
Code assistants generate code. They do not decide where it goes, how it is layered, or whether it stays consistent across a team. Open Mercato keeps project guidance, specifications, selected skills, and validation commands in the repository so a team can give assistants the same written constraints. Human review and relevant tests remain required.

request: change a sales return flow
1 read repository task guidance
2 inspect the relevant specification
3 change code and tests in scope
4 run the configured validation gates
5 submit evidence for human reviewThis sequence shows the intended process, not a guaranteed command, result, or unattended delivery claim. Official documentation · repository guidance inspected for this claim
Open Mercato Core is released under the MIT license and developed in a public repository. The license permits use, modification, distribution, sublicensing, and sale under its conditions. Enterprise software, implementation, hosting, support, and third-party services have separate scope.
Quick start
npx create-mercato-app scaffolds a standalone source project and asks for a starter module set in interactive mode.
After configuring the environment and required services, yarn setup installs dependencies, migrates and initializes the app, then starts development.
Available modules and services depend on the selected template, environment, edition, and configuration.
terminal
$ npx create-mercato-app my-appThe scaffold is a starting point. Database, secrets, services, migration, security, and operations still need deliberate setup. Full guide in the official docs · exact scaffold instructions reviewed
Buyer utility
Use four delivery states. Available means a shipped primitive exists. Configurable means policy, data or setup is required. Custom means application or module development. Integration-required means an external system or provider remains part of the outcome.
| Capability | State | Boundary |
|---|---|---|
| Customers and companies | available | The entities provide a CRM foundation, not a preconfigured sales process. |
| Contacts and addresses | available | Data quality and consent processes remain implementation responsibilities. |
| Deals and pipelines | configurable | A shipped pipeline model does not define the organization sales method. |
| Sales quotes | available | Legal and tax correctness depends on project configuration and integrations. |
| Sales orders | available | Order entities do not provide inventory reservation or manufacturing. |
| Sales document actions and lifecycle | configurable | The project must validate the lifecycle against its business controls. |
| Products and variants | available | This is product master data, not a warehouse or manufacturing module. |
| Price kinds and attributes | configurable | Project rules must define pricing calculations and publication behavior. |
| B2B catalog, cart and ordering storefront | custom | The shipped portal is an extension shell; it does not include a complete B2B storefront. |
| Tenant-specific workflows | configurable | Workflow infrastructure does not supply organization-specific process design. |
| Business-rule automation | configurable | Rules require project review to avoid unsafe or conflicting side effects. |
| Customer portal authentication and extension shell | available | Order, invoice and service self-service pages are not implied by the shell. |
The preview is a classification aid. A row should be treated as verified only when its exact behavior, edition, prerequisites, and limitation are supported by row-specific primary evidence.
Review the draft capability matrix (available for evidence review, not launch-approved or indexable).
Core is MIT licensed. Enterprise scope, implementation, hosting, integration, support and operations remain separate.
The repository supports standalone applications and self-hosting. A production architecture, security model, backups and monitoring still need project decisions.
No. The framework includes APIs, events, webhooks and data-sync infrastructure. Named connector availability must be verified separately.
The implementation must name owners for code, infrastructure, data, security, updates, recovery and user support.
Reviewed 14 July 2026 against both public source code and official documentation. Product facts are separated from editorial interpretation and implementation recommendations. Where documentation drifts from code, current code is the stronger product-behavior source.
Primary references: public architecture documentation, module dependency documentation, pinned Core license, and public releases.
This practical guide is not official product documentation, a quote, audit, certification or guarantee. Corrections should include a public source and date.