Hierarchical tenant trees with config inheritance, permission delegation, and three isolation strategies. Built for MSSP/MSP/client architectures. Add to any Node.js stack in minutes.
npm install @stratum-hq/lib One library. No vendor lock-in. Works with your existing stack.
Tree-structured tenants with PostgreSQL ltree. Advisory locks prevent race conditions. Up to 20 levels deep.
Values flow root to leaf. Children inherit, override, or are blocked by locked keys. Batch updates with partial success.
LOCKED, INHERITED, or DELEGATED modes. Cascade, soft, or permanent revocation. Full control over permission flow.
Shared RLS, schema-per-tenant, or database-per-tenant. Pick per tenant. Mix strategies in one deployment.
AES-256-GCM for sensitive values. Data export (Article 20) and hard purge (Article 17). Consent tracking built in.
Every mutation logged with actor identity. Optional OpenTelemetry tracing. Redis-backed rate limiting. Webhook events with DLQ.
Five lines to hierarchical multi-tenancy.
import { Pool } from "pg"; import { Stratum } from "@stratum-hq/lib"; const stratum = new Stratum({ pool: new Pool() }); // Create a hierarchy const root = await stratum.createTenant({ name: "AcmeSec", slug: "acmesec" }); const msp = await stratum.createTenant({ name: "NorthStar", parent_id: root.id }); // Config inherits automatically await stratum.setConfig(root.id, "max_users", { value: 1000, locked: false }); const config = await stratum.resolveConfig(msp.id); // → max_users: 1000, inherited: true, source: root
All published to npm under @stratum-hq/*
Stratum is open source, published on npm, and ready for production.