Collaboard - Procurement Management Platform

A comprehensive full-stack procurement management platform built with modern technologies and AI integration. This platform streamlines the procurement process for organizations with AI-powered vendor evaluation, contract auditing, and intelligent analytics. The system ensures complete data isolation between different admin users and provides role-based access control.

Features

Core Functionality

• Procurement Request Management: Create, manage, and track RFPs/RFQs with complete data isolation per admin
• Vendor Management: Vendor profiles, performance tracking, and compliance monitoring
• Quote Management: Quote submission, comparison, and AI-powered evaluation
• AI-Powered Analysis: LangChain integration for automated vendor evaluation and contract auditing
• Contract Management: Contract upload, AI audit, risk assessment, and approval workflow
• Analytics Dashboard: Comprehensive insights and performance metrics
• Real-time Notifications: Live updates and status changes

Technical Features

• Modern UI: Clean, professional design with dark/light mode support
• Responsive Design: Mobile-first approach with smooth animations
• Data Isolation: Complete separation of data between different admin users
• Role-based Access Control: Admin, Procurement Manager, and Vendor roles with proper permissions
• Secure Authentication: JWT-based authentication with refresh tokens
• AI Integration: OpenAI/Gemini powered analysis with structured output
• Database Management: PostgreSQL with Drizzle ORM and proper migrations
• File Management: Secure file upload and storage with Backblaze B2

Tech Stack

Backend

• Runtime: Node.js with TypeScript
• Framework: Express.js with comprehensive middleware
• Database: PostgreSQL with Drizzle ORM and migrations
• Authentication: JWT with bcryptjs and refresh token rotation
• AI Integration: LangChain with OpenAI/Gemini for structured output
• Validation: Zod schemas for request/response validation
• Logging: Winston with structured logging
• Security: Helmet, CORS, Rate Limiting, Input sanitization
• File Storage: Backblaze B2 for secure file management
• Real-time: Server-Sent Events for live updates

Frontend

• Framework: Next.js 14 with TypeScript and App Router
• Styling: Tailwind CSS with shadcn/ui components
• State Management: Zustand for global state
• Charts: Recharts for analytics visualization
• Animations: Framer Motion for smooth interactions
• Forms: React Hook Form with Zod validation
• Theme: Next Themes with dark/light mode support
• Notifications: React Hot Toast for user feedback
• HTTP Client: Custom API service with error handling

Project Structure

collaboard/
├── backend/                 # Express.js backend
│   ├── src/
│   │   ├── agents/         # AI agents for evaluation and auditing
│   │   ├── controllers/    # Route controllers with data isolation
│   │   ├── db/            # Database schema and connection
│   │   ├── middleware/    # Express middleware (auth, error handling)
│   │   ├── routes/        # API routes with proper access control
│   │   ├── services/      # Business logic services
│   │   ├── types/         # TypeScript definitions
│   │   ├── utils/         # Utility functions
│   │   └── validation/    # Zod validation schemas
│   ├── drizzle/           # Database migrations
│   ├── logs/              # Application logs
│   └── temp/              # Temporary files (gitignored)
├── frontend/              # Next.js frontend
│   ├── src/
│   │   ├── app/           # Next.js app directory with routing
│   │   │   ├── auth/      # Authentication pages
│   │   │   ├── projects/  # Project management pages
│   │   │   ├── settings/  # User settings pages
│   │   │   └── vendor/    # Vendor-specific pages
│   │   ├── components/    # React components
│   │   │   ├── ui/        # Reusable UI components (shadcn/ui)
│   │   │   ├── layout/    # Layout components
│   │   │   ├── projects/  # Project-specific components
│   │   │   └── vendor/    # Vendor-specific components
│   │   ├── contexts/      # React contexts
│   │   ├── hooks/         # Custom React hooks
│   │   ├── lib/           # Utility functions and API client
│   │   ├── services/      # Frontend service layer
│   │   └── stores/        # Zustand state management
│   └── public/            # Static assets
├── .gitignore             # Git ignore rules for monorepo
├── PRD.md                 # Product Requirements Document
└── README.md              # This file

Getting Started

Prerequisites

• Node.js 18+
• PostgreSQL 13+
• npm or yarn
• Backblaze B2 account (for file storage)

Backend Setup

1. Navigate to the backend directory:

cd backend

2. Install dependencies:

npm install

3. Set up environment variables:

cp env.example .env
# Edit .env with your configuration

4. Set up the database:

# Generate migrations
npm run db:generate

# Run migrations
npm run db:migrate

# Or push schema directly (development)
npm run db:push

5. Start the development server:

npm run dev

The backend will be available at http://localhost:5000

Frontend Setup

1. Navigate to the frontend directory:

cd frontend

2. Install dependencies:

npm install

3. Start the development server:

npm run dev

The frontend will be available at http://localhost:3000

Environment Variables

Backend (.env)

# Database
DATABASE_URL=postgresql://username:password@localhost:5432/collaboard_db

# JWT Authentication
JWT_SECRET=your-super-secret-jwt-key
JWT_EXPIRES_IN=7d
JWT_REFRESH_SECRET=your-super-secret-refresh-key
JWT_REFRESH_EXPIRES_IN=30d

# Server Configuration
PORT=5000
NODE_ENV=development

# CORS Configuration
FRONTEND_URL=http://localhost:3000

# AI Services
OPENAI_API_KEY=your-openai-api-key
GEMINI_API_KEY=your-gemini-api-key

# File Storage (Backblaze B2)
BACKBLAZE_ACCESS_KEY=your-backblaze-access-key
BACKBLAZE_SECRET_KEY=your-backblaze-secret-key
BACKBLAZE_BUCKET_NAME=your-bucket-name

# Rate Limiting
RATE_LIMIT_WINDOW_MS=900000
RATE_LIMIT_MAX_REQUESTS=100

API Endpoints

Authentication

• POST /api/auth/register - Register new user
• POST /api/auth/login - Login user
• POST /api/auth/refresh - Refresh access token
• POST /api/auth/logout - Logout user
• GET /api/auth/profile - Get user profile
• PUT /api/auth/profile - Update user profile

Procurement Requests (with data isolation)

• POST /api/requests - Create procurement request
• GET /api/requests - Get requests (filtered by user role and data isolation)
• GET /api/requests/:id - Get single request (with access control)
• PUT /api/requests/:id - Update request
• DELETE /api/requests/:id - Delete request

Vendors

• POST /api/vendors - Create vendor profile
• GET /api/vendors - Get all vendors
• GET /api/vendors/:id - Get single vendor
• GET /api/vendors/:id/stats - Get vendor statistics
• PUT /api/vendors/:id - Update vendor profile
• PATCH /api/vendors/:id/block - Block/unblock vendor

Quotes (with data isolation)

• POST /api/quotes - Submit quote
• GET /api/quotes - Get quotes (filtered by user role and data isolation)
• GET /api/quotes/:id - Get single quote
• PUT /api/quotes/:id - Update quote
• PATCH /api/quotes/:id/withdraw - Withdraw quote

Contracts (with data isolation)

• POST /api/contracts - Upload contract
• GET /api/contracts - Get contracts (filtered by user role and data isolation)
• GET /api/contracts/:id - Get single contract
• PUT /api/contracts/:id - Update contract
• PATCH /api/contracts/:id/approve - Approve contract
• PATCH /api/contracts/:id/send-to-vendor - Send contract to vendor
• PATCH /api/contracts/:id/accept - Accept contract (vendor)

AI Services (with access control)

• POST /api/ai/evaluate-quotes - Run AI quote evaluation
• POST /api/ai/evaluate-quotes/stream - Stream AI evaluation results
• POST /api/ai/audit-contract - Run AI contract audit
• POST /api/ai/audit-contract/stream - Stream AI audit results
• GET /api/ai/evaluations/:requestId - Get evaluation history (with access control)
• GET /api/ai/audits/:contractId - Get audit history (with access control)

Analytics (with data isolation)

• GET /api/analytics/dashboard - Get dashboard statistics
• GET /api/analytics/vendors/performance - Get vendor performance
• GET /api/analytics/spend/category - Get category spend analysis
• GET /api/analytics/risk/analysis - Get risk analysis
• GET /api/analytics/insights - Get AI-generated insights

UI Components

The frontend includes a comprehensive set of reusable UI components built with shadcn/ui:

• Layout Components: Sidebar, Header, Theme Toggle, Navigation
• Dashboard Components: Stats cards, Charts, Data tables, Progress indicators
• Form Components: Inputs, Buttons, Selects, Date Pickers, File uploads
• Data Display: Tables with sorting/filtering, Badges, Progress bars, Charts
• Project Management: Quote management, Contract workflow, Status tracking
• Vendor Interface: Quote submission, Contract acceptance, Performance tracking

Security Features

• JWT token-based authentication with refresh token rotation
• Role-based access control (Admin, Procurement Manager, Vendor)
• Complete data isolation between different admin users
• Input validation with Zod schemas
• SQL injection prevention with Drizzle ORM
• XSS protection with Helmet
• CORS configuration
• Rate limiting and request throttling
• Password hashing with bcryptjs
• File upload security and validation

AI Integration

The platform integrates with LangChain for structured AI analysis:

• Quote Evaluation: AI-powered analysis of vendor quotes based on cost, delivery, compliance, and terms with detailed scoring
• Contract Auditing: Automated contract risk assessment with missing clause detection and legal compliance checking
• Streaming Results: Real-time streaming of AI analysis results for better user experience
• Structured Output: Consistent AI responses using Zod schemas for reliable data processing

Analytics & Reporting

• Real-time dashboard with key procurement metrics
• Vendor performance tracking and scoring
• Category-wise spend analysis and trends
• Risk trend analysis and alerts
• AI-powered insights and recommendations
• Export capabilities for reports (CSV/PDF)
• Data isolation ensuring users only see their own analytics

Deployment

Backend Deployment

1. Build the application: npm run build
2. Set up environment variables
3. Run database migrations: npm run db:migrate
4. Start the production server: npm start

Frontend Deployment

1. Build the application: npm run build
2. Start the production server: npm start

Docker Deployment

Both backend and frontend can be containerized using Docker for easy deployment.

Testing

Backend Testing

npm run test

Frontend Testing

npm run test

Development

Code Style

• ESLint for code linting
• Prettier for code formatting
• TypeScript for type safety
• Conventional commits for commit messages

Database Migrations

1. Make changes to schema in src/db/schema.ts
2. Generate migration: npm run db:generate
3. Apply migration: npm run db:migrate

Key Features Implemented

• Complete data isolation between admin users
• AI-powered quote evaluation with streaming results
• Contract management with approval workflow
• Real-time notifications and status updates
• Professional UI with dark/light mode support
• Comprehensive error handling and logging

Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

License

This project is licensed under the MIT License.

Support

For support and questions:

• Create an issue in the repository
• Check the documentation
• Review the API documentation

Future Enhancements

• Mobile application
• Advanced AI features and custom models
• Integration with ERP systems
• Multi-language support
• Advanced reporting and analytics
• Workflow automation and approvals
• API for third-party integrations
• Real-time collaboration features
• Advanced contract templates
• Vendor performance scoring system