Nous utilisons des cookies pour faire fonctionner CarphaCom, mémoriser vos préférences et mesurer les performances. Vous pouvez tout accepter, refuser les cookies non essentiels ou personnaliser votre choix.
Bientôt disponibleDéploiement en 1 clic sur Vultr MarketplaceM'avertir
CarphaCom
FR
Sign inStart free

Version 1.0 · stable-2026.04 · April 2026

CarphaCom Whitepaper

Sovereign Commerce, Robotics & AI on European Bare-Metal.

1. Executive Summary

CarphaCom is a sovereign, European-built commerce, robotics and AI platform that ships as a single, one-click Vultr Marketplace image. It combines a Next.js 15 storefront, a Medusa v2 backend, a Postgres 16 + Redis 7 data plane, and a built-in marketplace that federates licensed plugins, themes and storefront templates from a central hub (carphacom.com) into independent tenant instances.

Where typical SaaS platforms force merchants into shared databases, opaque billing, and US-centric data residency, CarphaCom flips the model: every tenant runs on its own bare-metal box, owns its own database, pays a one-time license per plugin, and stores all data within the EU under a GDPR-native default.

2. Vision & Mission

Vision — A future where every European merchant, robotics integrator and AI builder can own the full stack they sell on, without surrendering data, margin, or velocity to hyperscalers.

Mission — Ship the world's most trustworthy turnkey commerce-and-automation OS: production-ready in a single click, hardened by default, and extensible by a federated marketplace of vetted plugins.

3. The Problem

  1. Data sovereignty erosion. SaaS storefronts and AI agents send EU customer data to non-EU clouds, exposing merchants to GDPR, NIS2 and DORA risk.
  2. Margin extraction. Marketplaces and SaaS billing siphon 2.5%–15% of GMV plus per-seat fees, indefinitely.
  3. Vendor lock-in. Proprietary admin UIs, opaque schemas, and undocumented APIs make migration practically impossible.
  4. Robotics & AI silos. Commerce, robotics fleets and AI assistants are sold as disconnected products, forcing custom integration on every customer.

4. The CarphaCom Solution

CarphaCom delivers four tightly integrated layers as one image:

  • Storefront — Next.js 15 (App Router), i18n-aware, Tailwind + shadcn/ui, edge-cached, OWASP-hardened.
  • Backend — Medusa v2, Postgres 16, Redis 7, BullMQ workers, full event log.
  • Admin Panel — Independent Next.js admin at /app, built-in CMS, SEO, marketing automation, supplier sync.
  • Marketplace Federation — Tenant installed/ registry that pulls signed plugin/theme tarballs from carphacom.com and activates them transactionally in the database.

5. Architecture Overview

5.1 Three-tier separation

[ MAIN — carphacom.com ]
   ├─ License issuer (Stripe-billed)
   ├─ Plugin/theme registry (signed tarballs + SHA-256)
   └─ Federated feed (/store/marketplace/feed)

[ TENANT — beta.carphacom.com / customer-instance.tld ]
   ├─ pm2: carphacom-storefront (8000)
   ├─ pm2: carphacom-admin      (3001, basePath=/app)
   ├─ pm2: carphacom-backend    (9000, Medusa v2)
   ├─ Postgres 16 + Redis 7
   └─ /opt/carphacom/installed/ (plugin/theme working tree)

[ EDGE ]
   ├─ Nginx + Let's Encrypt (auto-SSL plugin)
   ├─ HSTS preload, CSP enforced, X-Frame-Options DENY
   └─ OCSP stapling, HTTP/2

5.2 Federated install flow

  1. Admin clicks "Install" on a marketplace card.
  2. Admin POST /app/api/marketplace/install with {marketplace_id, force}.
  3. Server resolves the canonical tarball URL from the MAIN feed, downloads via 3-candidate fallback chain, verifies SHA-256.
  4. Tar extracts to /opt/carphacom/installed/<slug>/.
  5. Database row inserted in cms_plugin or cms_theme (theme activation uses a 2-step UPDATE).
  6. Storefront ISR revalidation triggered.

6. Security & Compliance

  • Transport — TLS 1.3, HSTS max-age=63072000; includeSubDomains; preload, OCSP stapling.
  • Headers — Enforced Content-Security-Policy, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy: strict-origin-when-cross-origin, Permissions-Policy minimised.
  • Authentication — Built-in admin rate-limit (5/IP/5min → 15min lockout), Argon2id password hashing, opt-in TOTP 2FA.
  • OWASP — Automated pentest scan verified 0 Critical / 0 High / 0 Medium / 0 Low across 19 admin routes and 35 storefront routes.
  • Accessibility — axe-core scan verified 0 critical/serious WCAG violations across primary surfaces.
  • Data residency — All Vultr regions in scope are EU (Frankfurt, Amsterdam, Paris, Madrid, Warsaw, Stockholm).
  • GDPR — DSAR export endpoint, right-to-erasure cascade across orders, addresses, sessions.

7. Marketplace & Federation

CarphaCom's marketplace is a federation, not a walled garden. Plugin authors publish to carphacom.com; tenants pull artefacts and activate them locally. Each plugin manifest declares:

  • marketplace_id (e.g. @carphacom/stripe-payment)
  • version (semver)
  • type — payment, fulfillment, b2b-api, admin-extension, notification, tax, auth, analytics, storefront-widget, storefront-template, and more.
  • price_eur and one_time_payment flag
  • SHA-256 of the tarball

Tenants pay once per plugin per instance. There is no recurring marketplace tax. Updates are opt-in.

8. Plugin & Theme System

Themes are flat tar.gz archives extracted under installed/<slug>/. The storefront reads the active theme from cms_theme.is_active and resolves CSS overrides at request time. Plugin lifecycles support install, activate, deactivate, uninstall hooks executed in a Postgres transaction.

Theme activation uses a 2-step UPDATE (clear all is_active, then set one) to satisfy the partial unique index WHERE is_active = true.

9. Robotics & AI Layer

CarphaCom is designed to host commerce and the autonomous fleets that fulfil it. The Robot HAL and 130+ communication protocol stack live in the QubitPage AIOS — a #![no_std] Rust microkernel — and connect to CarphaCom over the Qavatar Protocol (port 7777, AES-256-GCM). Federated AI agents built on Microsoft Foundry plug into Medusa workflows for catalog enrichment, ticket triage, fraud signals and supplier price optimisation.

10. Deployment & One-Click Install

The Vultr Marketplace image bootstraps in under 8 minutes:

  1. Provision instance, attach EU region.
  2. Cloud-init installs Postgres 16, Redis 7, Node 20, pm2, nginx, certbot.
  3. Pulls the latest stable release from carphacom.com/releases/stable-2026.04.
  4. Runs DB migrations, seeds the demo catalog (optional).
  5. Issues Let's Encrypt cert via the bundled auto-ssl plugin.
  6. Returns admin credentials and the public URL.

11. Roadmap

  • 2026.05 — Multi-region active-active replication for marketplace metadata.
  • 2026.06 — In-admin wizard for white-label re-skinning under partner brands.
  • 2026.07 — Robotics fleet dashboard module (live telemetry, OTA flashing).
  • 2026.08 — On-prem Foundry agent runner inside tenant boxes.

12. Glossary

MAIN
The federation hub at carphacom.com.
BETA / Tenant
An independent CarphaCom instance.
Federation feed
GET /store/marketplace/feed endpoint listing all installable artefacts.
CcFooter / CcShell
The corporate v2 layout primitives (data-cms-corporate="v2").
Qavatar Protocol
AES-256-GCM control channel between AIOS nodes and CarphaCom tenants.
© 2026 Qubit Page SRL · CarphaCom is a registered trademark · EU-sovereign by design.