Technical Overview

How ERPStudio connects to your Oracle environment, where it runs, and how security is enforced at every layer.

Architecture

Edge Application

The web application runs on globally distributed edge infrastructure. Server-side rendering ensures fast initial loads. Real-time communication uses WebSocket connections to stateful execution servers.

Global edge network
Server-side rendering
WebSocket streaming

AI Agent Runtime

Each agent session runs as an isolated stateful process with persistent storage. No execution timeout limits. Sessions hibernate when idle and resume instantly on reconnection. Conversations persist across restarts.

Durable stateful execution
No timeout limits
Hibernation & auto-resume

MCP Execution Servers

Oracle API calls execute through isolated MCP (Model Context Protocol) servers — one per environment. Credentials are fetched from your vault at runtime. Each server runs independently with no shared state.

Per-environment isolation
Runtime credential fetch
MCP standard protocol

AI & Knowledge Base

Oracle Knowledge Base

The AI agent has access to a specialized retrieval-augmented generation (RAG) service indexing over 272,000 Oracle documents. Every API call is preceded by a knowledge lookup to ensure correctness.

219K+

Table schemas

30K+

REST API docs

20K+

BIP data models

2K+

Developer guides

Guardrails & Control

The agent operates within configurable guardrails that adapt to the environment and user role.

DevelopmentAuto-execute, 1K record limit
Test / UATAsk before writes, 5K record limit
ProductionApproval required, dry-run first, 10K limit
Viewer / RequesterRead-only, no execution

Security & Compliance

Credential Architecture

  • Credentials stored in OCI Vault (AES-256 encryption at rest)
  • Fetched at runtime via signed API request
  • Held in memory only during execution
  • Never logged, persisted to disk, or transmitted
  • Per-environment isolation (no shared credentials)
  • API key rotation without downtime

Audit & Compliance

  • Immutable audit log for every action
  • User access review with role history
  • Separation of duties enforcement
  • Production approval gates with audit trail
  • Compliance export for SOX and ISAE 3402
  • Agent conversation history retention

Infrastructure Certifications

ERPStudio runs on infrastructure certified to the following international security and privacy standards. These certifications cover the compute, network, and storage layers that ERPStudio operates on.

SOC 2 Type II

Security, Confidentiality, Availability

ISO 27001

Information Security Management

ISO 27701

Privacy Information Management

ISO 27018

Protection of PII in Public Cloud

GDPR

EU General Data Protection Regulation

PCI DSS 3.2.1

Payment Card Industry Standard

HIPAA

Health Information Privacy (US)

FedRAMP

US Federal Risk Authorization

Oracle Connectivity

Supported Protocols

REST API

Full CRUD on all Oracle Fusion Cloud resources (v11.13.18.05+)

SOAP Web Services

BI Publisher CatalogService, ReportService, and custom SOAP endpoints

BI Publisher

Report execution, catalog browsing, data model management, burst delivery

Enterprise Scheduler

Job submission, status tracking, and monitoring via ESS REST API

FBDI

File-Based Data Import template generation, validation, and submission

Supported Modules

General LedgerAccounts PayableAccounts ReceivableCash ManagementFixed AssetsProcurementProjectsGrantsRevenue ManagementSupply ChainInventoryOrder ManagementManufacturingHCMPayrollExpensesTaxIntercompany

Data Handling

Data in Transit

All connections use TLS 1.3. Oracle API calls are made from MCP servers directly to your Oracle instance over HTTPS. No intermediate proxies or data lakes.

Data at Rest

Ticket metadata and audit logs are stored in encrypted databases. File attachments use encrypted object storage with presigned access URLs. Oracle data is not cached or replicated.

AI Model Usage

Your Oracle data is processed by the AI model during execution but is not used for training. Conversations are retained for session continuity and audit purposes. Data retention is configurable.