Maru Systems · Greenwich · CT · System online

Custom operating systemsfor businesses that refuse to be a tab in someone else's app.

End-to-end TypeScript on Postgres. Custom CRM, POS, inventory, shipping, AI agents · one schema, one auth, one ledger. We host it for you, or hand you the deploy keys to self-host. Either way, the code is yours.

Begin a BuildRead the Code →
14d
kickoff → first sale
100%
bespoke · no templates
audit-logged
lib/db/policies/sale.sqlSQL · RLS
-- Row-Level Security · sales advisors see only their own commissions
-- Owners see all. Engineer sees all. Database is the second wall.
CREATE POLICY sale_select_own ON invoices
  FOR SELECT USING (
    auth.uid() = associate_id
    OR EXISTS (
      SELECT 1 FROM profiles WHERE id = auth.uid()
        AND (role IN ('owner', 'engineer')
          OR master_access = TRUE)
    )
  );

▸ Real policy · shipped · live in production right now.

Trusted by operators across

  • Luxury jewelry maison
  • Hospitality group
  • Specialty service trade

Production posture

Real measurements, not vibes.

98

Lighthouse · perf

Production · mobile · cold

<200ms

P50 · server action

Server action · cold

100%

Uptime · since launch

Vercel + Supabase HA

0

any · in TypeScript

Zod at every boundary

Deploy cadence

Daily

Migration strategy

Zero-downtime

Backup window

PITR · 7 days

Auth posture

RLS-first · audit-logged

Code · what actually ships

Four patterns from production. Pulled from a live engagement.

Anonymized, lightly trimmed, otherwise unedited. End-to-end TypeScript, real Postgres, AI as a layer. If you're evaluating us as an engineering buyer, this is the kind of code you'll inherit at handover.

01 · Role-gated tool dispatch

lib/ai/concierge-tools.tsTypeScript
// Every tool runs the role gate before the query. RLS is the second wall.
export async function queryTeamPayroll(
  ctx: ToolCtx, input: { preset: RangePreset },
) {
  if (!canSeePayroll(ctx)) {
    return { error: "Permission denied" };
  }
  const supabase = await createClient();
  const { from, to } = resolveRange(input.preset);
  const { data } = await supabase
    .from("staff_shifts")
    .select("user_id, hours_worked, hourly_rate, paid")
    .gte("scheduled_start", from.toISOString())
    .lte("scheduled_start", to.toISOString());
  return { payroll: aggregate(data) };
}

02 · MCP tool registration

lib/ai/concierge.tsTypeScript
// 25 tools · all role-aware · all logged. The agent asks; the DB decides.
export const TOOLS: Anthropic.Tool[] = [
  {
    name: "schedule_appointment",
    description:
      "Book a consultation. Confirms the slot is open and notifies staff.",
    input_schema: {
      type: "object",
      required: ["customer_id", "scheduled_at", "type"],
      properties: {
        customer_id:  { type: "string", format: "uuid" },
        scheduled_at: { type: "string", format: "date-time" },
        type:         { type: "string", enum: ["viewing", "fitting", "repair_pickup"] },
      },
    },
  },
  // + 24 more, each gated by ctx.role and ctx.master_access
];

03 · AI vision · structured output

lib/ai/receiving.tsTypeScript
// Vendor PDF or photo → clean inventory rows in 30 seconds.
// Forced tool_choice gives us validated, schema-typed output.
const result = await client.messages.create({
  model: "claude-sonnet-4-6",
  system: RECEIVING_PROMPT,
  messages: [{
    role: "user",
    content: [
      { type: "image", source: { type: "base64", media_type: "image/jpeg", data } },
      { type: "text", text: "Extract inventory rows. Confidence per field." },
    ],
  }],
  tools: [EXTRACT_INVENTORY_TOOL],
  tool_choice: { type: "tool", name: "extract_inventory_rows" },
});
const rows = validateRows(extractToolUse(result, "extract_inventory_rows"));

04 · Server action · validated, audited, atomic

app/inventory/actions.tsTypeScript
// Quick price edit · master-tier only · audit-logged before/after.
export async function changeProductPriceAction(sku: string, fd: FormData) {
  const me = await requireUser();
  if (!canManage(me.role) && !me.master_access) forbidden();

  const input = PriceChangeSchema.parse(Object.fromEntries(fd));
  const { oldCost, oldRetail } = await readProduct(sku);

  await supabase.from("products").update({
    cost: input.new_cost ?? oldCost,
    retail_price: input.new_retail ?? oldRetail,
  }).eq("sku", sku);

  await supabase.from("inventory_log").insert({
    action: "priced", actor_id: me.id,
    metadata: { reason: input.reason, previous_cost: oldCost, new_cost: input.new_cost },
  });
  await notifyMasters({ type: "system", title: `Price changed · ${sku}` });
}

The tool gate, the structured output, the audit log, the notification fan-out · all of it lives behind a single Zod schema and a single Postgres transaction. No middleware tangle, no microservice fan-out, no tooling we won't hand you the keys to.

One spine

Most teams cobble together five tools. We ship one.

Most operations sit on a tower of stitched-together SaaS · CRM here, POS there, ShipStation alongside, payroll somewhere else, accounting in a different tab. Three sources of truth, no single ledger anyone trusts. We don't ship that.

Request path · production

live

Stripe · SquareAnthropic · OpenAIResend · TwilioFedEx · UPS · USPSClientbrowser · POS · phoneEdgeVercel · CloudflareAppNext.js · server actionsAuth + RLSSupabase · row-levelPostgressingle source of truthAudit log · every action · every actor · every timestamp

One request path. One database. One audit log. Every external integration is a spoke off the app · never a sync between two sources of truth. AI agents read across the whole spine in one conversation.

12 modules · all foreign-keyed to the same customer record

01

CRM

Customer profiles · purchase history · AI-synthesized clienteling · segmentation

02

Checkout · POS

In-store · pay-by-link · multi-payment · receipt-photo OCR for terminal validation

03

Inventory

Barcoded SKUs · consignment-aware · multi-location · vendor consoles

04

Shipping

FedEx · UPS · USPS · DHL · label printing · tracking · returns · address books

05

Appointments

Booking · waitlist · staff calendars · auto-confirmations · reminders

06

Repairs · service

Intake · vendor handoff · estimates · customer comms · pickup

07

Email · SMS

Resend · Postmark · Twilio · transactional + drip + campaigns

08

Payroll

Shifts · clock-in · time-off · cash + check ledgers · per-employee rates

09

Payables

Consignor balances · vendor invoices · approvals · reconciliation

10

Accounting

QuickBooks · Xero sync · sales tax · P&L · margin breakdowns

11

Auth · RBAC

Row-level security · audit logs · per-user memory · master-tier gates

12

AI agents

Reads across the whole spine · drafts · books · ships · reports · in your voice

Same database · same auth · same audit log

No syncing. No webhooks between products you bought.

When everything lives on one schema, AI agents stop being toys. The concierge knows the customer, the open repair, the outstanding shipment, and the next appointment in one conversation · because they're all foreign-keyed to the same customer record. Handover is clean. One repo. One database. One deploy. You walk away owning a real platform.

Capabilities

Three lines of work,
braided together.

Each engagement starts with what hurts most · then we extend outward. By the time we're done, the three look like one system that nobody else has.

01

Operations

Custom CRM, POS, inventory, shipping, repairs, payables, accounting · the full operational stack on one Postgres. Brand-matched receipts, ticket printing, document automation, the whole apparatus.

  • ·Custom CRM · customer profiles, purchase history, AI-synthesized clienteling
  • ·Custom POS · pay-by-link, terminal validation, multi-payment splits
  • ·Inventory · barcoded SKUs, consignment-aware, multi-location
  • ·Shipping · FedEx · UPS · USPS · DHL · labels, tracking, returns
  • ·AI receiving · vendor docs to clean rows in 30 seconds
  • ·PDF automation · invoices, warranties, quotes, contracts
02

Intelligence

AI agents that know your customers, your inventory, your data · and only yours. Agentic workflows that act across your stack: read the inbox, draft the reply, update the CRM, ship the proposal, log the call. Branded voice. Persistent memory. Role-aware.

  • ·Custom concierge · trained on your data, in your voice
  • ·Customer profile synthesis · who hasn't visited, who's worth a call
  • ·Action agents · email · calendar · CRM · accounting · all wired
  • ·Proposal & quote generation, custom Excel & PDF exports
03

Web

Storefronts, dashboards, marketing sites, internal portals · whatever the brand needs to show the world. Quiet typography, real performance, a checkout that feels like the rest of you.

  • ·Brand systems · type, palette, ornament, voice
  • ·Storefront + appointments + Stripe / Square / Adyen
  • ·Internal admin consoles · role-based access, audit trails
  • ·Resend / DNS / OG / SEO · the quiet plumbing done right

Stack · what ships, every time

The engineering surface, declared.

Not a buzzword cloud · the actual languages, runtimes, databases, models, and providers that hit production on every engagement. End-to-end TypeScript, Postgres under everything, AI as a layer not a headline.

Languages

  • TypeScript · end to end
  • Python · for AI / data
  • SQL · daily

Frontend

  • Next.js 16 · App Router
  • React 19
  • Tailwind v4
  • shadcn/ui
  • Framer Motion

Backend

  • Node · Bun
  • Hono · server actions
  • Edge functions · Fluid Compute
  • Zod · runtime contracts

Databases

  • Postgres · everywhere
  • Supabase · Auth + RLS + Storage
  • Redis · Upstash
  • pgvector · embeddings

AI · agentic

  • Anthropic · Claude Opus / Sonnet
  • OpenAI · GPT · o-series
  • Gemini · Mistral · DeepSeek
  • Vercel AI SDK v6
  • MCP servers · custom
  • Composio · 250+ apps for agents
  • Tool use · agent loops · structured output

Cloud · infra

  • Vercel · production
  • Cloudflare · DNS · Workers · R2
  • Docker · GitHub Actions

Auth · security

  • Supabase Auth · Clerk
  • OAuth 2 · OIDC · JWT
  • Row-Level Security · audit logs
  • BotID · rate limiting

Payments · finance

  • Stripe · pay-by-link · split tender
  • Chase merchant terminal validation
  • QuickBooks · Xero
  • Plaid · Mercury

Comms · workflow

  • Resend · transactional mail
  • Twilio · SMS · voice
  • ElevenLabs · voice synthesis
  • Slack · Linear · Notion · HubSpot

Shipping

  • FedEx · UPS · USPS · DHL
  • Shippo · EasyPost
  • Label printing · ZPL · 4×6
  • Tracking webhooks · returns

Documents

  • @react-pdf/renderer
  • ExcelJS · csv-stringify
  • bwip-js · Code-128 barcodes
  • Anthropic vision · OCR pipelines

Observability

  • Sentry · errors + replay
  • Vercel Analytics
  • OpenTelemetry
  • PostHog

Build · ship

  • Turbopack · esbuild
  • Branch-per-feature · GitOps
  • Production deploys · weekly cadence
  • End-to-end TypeScript · zero `any`

Extended · brought in when the engagement calls for it

  • Rust · Go (when latency / systems work calls for it)
  • ClickHouse · DuckDB (analytics workloads)
  • AWS Lambda · ECS · S3 · GCP · Fly.io (when the client is already there)
  • Three.js · WebGL (custom 3D / data viz)
  • Square · Adyen · Authorize.Net (alternate payment rails)

We don't stack adjectives. If a tech is on the primary list, we've shipped it to a real client running real money through it. If it's on the extended list, we've put it through its paces and we'll bring it in when it's the right tool.

Beyond a single vertical

Any business that runs on a counter, a calendar, or a workflow.

The architecture we ship doesn't care what industry sits on top of it. It cares about how your team books, sells, fulfills, invoices, and follows up · and how all of that talks to the rest of the tools you already pay for. Below is a partial map of verticals we've scoped or shipped for · the underlying spine generalizes further.

A custom slate-grey countertop ops console designed and built by Maru Systems
Concept · custom slate countertop console with edge-lit chassis · tailored hardware in development with select clients.

Custom on the inside. Connected on the outside.

The system runs deep, but it doesn't live alone. Whatever your team is already opening daily · we wire it. The software disappears into the operation instead of fighting it.

  • ·Luxury retailMaisons, jewelers, ateliers
  • ·Hospitality & diningPrivate clubs, restaurants, by-appointment
  • ·Wellness & beautySpas, salons, aesthetics, med-spa
  • ·Real estate & propertyBrokerages, leasing offices, building ops
  • ·Professional servicesLaw, accounting, consulting, agencies
  • ·Healthcare-adjacentConcierge medicine, clinics, dental, vet
  • ·Specialty e-commerceDTC brands, marketplaces, B2B portals
  • ·Service tradesCustom, repair, installation, on-site

Integrations

Wired into every major app.

Direct API integrations, webhooks, MCP servers, and unified connector layers (Composio, Pipedream, n8n) when speed matters more than reinventing the adapter.

Payments

  • Stripe
  • Square
  • Adyen
  • Chase merchant
  • Authorize.Net

Cloud & data

  • Supabase
  • Postgres
  • Vercel
  • Cloudflare
  • AWS
  • GCP

AI

  • Anthropic
  • OpenAI
  • Gemini
  • Mistral
  • DeepSeek
  • Atlas Cloud

Mail & comms

  • Resend
  • Postmark
  • Twilio
  • ElevenLabs
  • Slack
  • Discord

CRM & sales

  • Salesforce
  • HubSpot
  • Pipedrive
  • Attio
  • Folk
  • Copper

Productivity

  • Notion
  • Linear
  • Asana
  • Monday
  • ClickUp
  • Airtable

Workspace

  • Google Workspace
  • Microsoft 365
  • Dropbox
  • Box

Hospitality / commerce

  • Toast
  • Resy
  • Tock
  • OpenTable
  • Shopify
  • WooCommerce

Shipping & fulfillment

  • FedEx
  • UPS
  • USPS
  • DHL
  • Shippo
  • EasyPost

Accounting & finance

  • QuickBooks
  • Xero
  • NetSuite
  • Plaid
  • Mercury

Composio

· agent fabric

250+ apps available to your AI agents from day one.

When we build agents on your data, we wire them straight into Composio · so your concierge can read Gmail, draft a Slack message, update a Salesforce contact, file a Linear issue, ship a HubSpot sequence, log time in QuickBooks, post to Notion, book on Calendly, and pull a Stripe receipt · in the same conversation. No glue code per app. Hundreds of integrations, governed and audit-logged, ready the day we hand the keys over.

If your stack isn't in the catalog yet, we ship the connector. Custom adapters · OAuth flows · webhook plumbing · all in scope.

Method

Architect · ship to prod · hand over the keys.

We build like engineers, not consultants. Real database from day one, weekly production deploys, full handover at the end. You own everything when we're done.

  1. I.Architect

    A real schema before a single pixel.

    One in-store walk-through, one diligence pass on whatever you run today, then a working spec · tables, migrations, RLS, integrations, the AI surface. We don't ship slides. The first artifact is the database.

  2. II.Ship to prod

    Two-week sprints. Friday deploys.

    Production from day one · your domain, your Supabase, your Vercel. Every Friday a real shipment your team can use Monday. By the end of week two, the spine rings a real sale. Then we extend · agents, integrations, custom PDFs, the rest.

  3. III.Hand over the keys

    Your repo. Your data. Your call.

    Owner access to the GitHub repo, the domain, the Supabase project, the Vercel project, and the documentation. 90-day support window. After that · keep us on a quiet retainer, take it in-house, or self-host. The architecture is open standards either way.

Hosting

Hosted by us, or yours to self-host.

The choice is yours · and you can switch directions any time. Either way, the code, the schema, and the data are owned by you from day one.

Hosted

~1 day to switch

We run your infrastructure.

On our Vercel team, our Supabase organization, our deploy pipeline. You get the URL, the dashboard, and a month-to-month support window. We monitor, we patch, we ship features. You focus on the business.

  • Subdomain on marusystems.dev or your own domain
  • Continuous deploys · weekly cadence
  • Monitoring · uptime · alert routing
  • AI cost pass-through at provider rates
  • 90-day handover window included anytime

Self-hosted

~30 minutes to switch

We hand over the keys.

Your GitHub org. Your Vercel project. Your Supabase or AWS RDS. Your domain. Full repo, schema, env vars, and runbook. Take it in-house, hire a developer, run it yourself · we'll still answer questions.

  • GitHub repo · MIT-style internal license
  • Schema + migrations + seed data
  • CLAUDE.md and README for any future engineer
  • Optional retainer for ongoing changes
  • Re-deploy anywhere Postgres + Node run

Migration between hosted and self-hosted is one DNS flip and a database export · we've done it before, we'll do it for you. The architecture is portable on purpose.

Recent ships · current build

What's on the bench right now.

Names withheld out of habit. Every system listed below is shaped, scoped, and shipped end to end · no subcontracting, no white-label.

Operations as architecture · the system is the building, the interface is the door.

Luxury jewelry maison

Greenwich, CT

Shipped

End-to-end operations console · custom POS · consignment-aware inventory · in-house AI concierge · brand-matched PDF pipeline.

  • ·14 custom modules
  • ·25 AI concierge tools
  • ·8-digit SKU + Code-128 ticket print
  • ·Pay-by-link · Chase terminal validation
  • ·Persistent customer memory · role-aware

≤14 days · kickoff to first sale

Hospitality group

Northeast US

In design

Reservations + clienteling layered over the existing Toast / Resy spine · concierge AI trained on guest history.

  • ·Toast · Resy · OpenTable connectors
  • ·Per-guest preference vectors
  • ·Pre-shift briefing agent

Diligence · Q2 2026

Specialty service trade

Tri-state

In build

Quote-to-invoice pipeline with field-team scheduling · Twilio SMS + DocuSign + QuickBooks sync.

  • ·Estimate engine · margin guards
  • ·Field scheduler · route optimization
  • ·Webhook bridge · QuickBooks · DocuSign

Pilot · Spring 2026

Engineering notes

How we actually do it.

Short writing on the patterns and decisions behind what we ship · for the engineers and operators who care about the seams under the polish.

  1. Engineering note · 001

    Why the database is the first artifact, not the design.

    The temptation, on a tight engagement, is to start with screens. Don't. The first artifact we ship is a Postgres schema · tables, foreign keys, RLS policies, generated types. It survives every redesign. The UI redraws itself around a clean spine.

    Long-form: On RLS-from-day-one, generated TypeScript, and why the cost of a redesign is a paragraph of CSS instead of a migration.

  2. Engineering note · 002

    AI receiving · 45 minutes of typing → 30 seconds of vision.

    We feed the vendor's invoice photo to Claude vision with a tight system prompt and a structured output schema. What used to be a half-hour of squinting at a paper invoice and re-typing fields into a spreadsheet now resolves into clean inventory rows on the screen, ready for review.

    Long-form: On structured output schemas, vision prompts that stay calibrated across different vendor formats, and why the human still reviews the last 5%.

  3. Engineering note · 003

    Concierge architecture · 25 tools, persistent memory, role gates.

    An AI agent with read access to every table is a liability. We build the concierge as a tool-use loop where each tool has its own role gate and its own RLS handle. The model can ask for the answer; the database decides what it sees.

    Long-form: On role-aware tool dispatch, persistent per-user memory tables, and the difference between an agent and a chatbot.

Long-form versions land at marusystems.dev/notesas they're finished. We write less than we ship.

For the engineering buyer

What you're probably going to ask.

The questions a CTO, a founder-engineer, or a careful operator would lead with. Answered without hand-waving.

Will I own the code?
Yes · from day one. Your GitHub repo, your domain, your Supabase project, your Vercel project. We hand you owner access at the end. No leasing, no white-label, no walled garden.
Where does my data live?
In a database you control · Supabase, AWS RDS, or your call. Row-Level Security on every table, audit logs on every privileged action. We don't proxy your data through us.
Can I rip the system out and self-host later?
Yes. The whole stack is open standards · Postgres, Next.js, standard Vercel deploys. You can move it to your own infrastructure in a weekend. We document the schema, the env vars, and the deploy steps · so any future engineer can pick up where we left off.
What happens after handover?
90 days of included support · bug fixes, small changes, AI-cost pass-through, monitoring. After that · keep us on a quiet retainer, hire someone in-house, or run it yourself. The code is yours either way.
Do I need a developer on staff?
No. The system is operator-friendly by design · most clients run it without a developer in the loop. Every engagement ships with a CLAUDE.md, a README, and a schema diagram so any future engineer can onboard in an hour.
What if a model goes down?
The system runs without it. AI is a layer · sales, inventory, repairs, payables all keep working if every model is offline. You can also bring your own keys (Anthropic, OpenAI, Gemini) and pay providers direct.
How do you handle data migrations from what we have today?
We import what exists · CSVs, spreadsheets, vendor invoices, even hand-written ledgers via AI vision · then build the schema around how your team actually works. We don't make your business fit a template.
How long is a typical engagement?
Four to twelve weeks for the spine. Then we're either done, or we're moving into a quiet retainer for new features and integrations. We don't run open-ended SOWs.

Statement

Most agencies sell templates dressed in your colors. We build production systems.

Every system is shaped to the way your people work, in your voice, on your brand · receipts, inventory tags, AI agents, internal admin. Built for one operator and shipped to it alone. No white-label. No retainer-and-pray. No subcontracted engineering.

We use AI generously, but never as the headline. The product is still a real ops system, real checkout, real workflows · wired into every tool your team already opens daily. The intelligence is invisible until you ask. Then it gives you the answer, the export, the email, the next move.

Begin

Tell us what
you're trying
to build.

We take on a small number of clients each year. If your business deserves a real system · custom, integrated, owned by you · write to us. We'll come see how you actually work.

Greenwich, CT

By appointment only

We reply within one business day.