Petrus CROMS: Client and Compliance Operations for a Dual-Entity Firm

Overview

Petrus is an accounting and administration firm in Kenya operating two legal entities: Petrus Services Limited for tax, audit, payroll, and bookkeeping, and Petrus Administration Limited for immigration, NTSA, lands, company registry, eTIMS, and county permits. Before CROMS, the firm ran its entire client book across six spreadsheets split between the two entities. Monthly VAT, PAYE, and permit deadlines were tracked by memory. Staff reassignments broke when people left. Peter had no single place to see what was late. We shipped Petrus CROMS in 12 weeks on Laravel 12 and Filament 5, backed by PostgreSQL 16 on Cloud Run in GCP africa-south1. The platform holds 139 companies, 63 people, 28 staff, 259 staff-to-client assignments, and 55 seeded services across 8 service functions. It auto-generates monthly tasks from assignments, enforces a Pending -> InProgress -> ReadyForReview -> Completed approval chain, and runs a polymorphic comment and mention system that emails watchers through Resend. Every endpoint has a policy. Every feature ships behind four verification gates: 1320 Pest tests, 127 feature-wiring checks in a custom verify:module1 Artisan command, Pint plus PHPStan across 189 files, and 25 Playwright E2E flows. Module 1 passed an 84-scenario dark factory run (happy path, chaos, edge cases, load, permissions, and month-end compliance) at 100 percent before going live.

Key Features

• Dual-entity data model for Petrus Services Limited and Petrus Administration Limited without Filament multi-tenancy overhead
• Auto-generated monthly compliance tasks from staff assignments, with a partial unique index preventing double-booking and a four-state approval chain
• Polymorphic comment and mention system across tasks, ad-hoc requests, field edit requests, KRA assessments, and company notes, with watcher auto-follow and idempotent Resend email delivery
• Role-based access for super_admin, manager, accountant, and tech_admin enforced by 19 policies, with accountant isolation proven in a permissions dark factory run
• Field Edit Request workflow so accountants can request changes to protected fields without bypassing review
• Work permit and immigration tracking with expiry alerts for PAL clients, plus tax compliance certificate tracking for PSL clients
• Fuzzy company and person search powered by PostgreSQL pg_trgm with GIN indexes
• Custom verify:module1 Artisan command running 127 feature-wiring checks so unregistered widgets, missing policies, and broken relation managers fail CI before merge
• Four-gate release process: 1320 Pest tests, verify:module1, Pint plus PHPStan level 3, and 25 Playwright E2E flows