Title Build a Production-Grade Petroleum Ordering, Logistics, and Embedded-Finance Platform (Web + Mobile) Overview We need a full, production-ready platform for Oil Marketing Companies (OMCs), station/reseller operators, and transporters. The system must support real-time pricing, order placement with price-locks, dispatch and GPS tracking, e-POD, payments (mobile money/bank), basic credit limits, POS integration, analytics, and strong security/compliance. Multi-country rollout starting with Kenya and DRC. Key Features (v1.0) - Identity & Access: OAuth2/OIDC, orgs (OMC/Reseller/Transporter/Admin), RBAC/ABAC, audit logs. - Pricing: Morning price lists by product/location, FX-aware, price-locks with TTL and fees. - Orders & Allocation: Spot/forward orders, anti-double-selling, depot/timeslot capacity control. - Logistics: Dispatch assignment, driver mobile app with background GPS and e-POD (photo/signature), live shipment tracking. - Payments: Adapters for mobile money (e.g., M-Pesa) and bank transfer, webhooks with retries, idempotency, escrow/split settlements. - Credit (v1): Configurable limits and utilization checks; simple underwriting workflow. - POS Integration: Initial integration with Pesapal (or confirm vendor) for pump sales/stock; daily reconciliation and variance reports. - Admin & Analytics: Admin console (users/orgs, prices), dashboards (orders, deliveries, fees), CSV exports, immutable audits. - Observability & Security: Centralized logs/metrics/traces, alerts, backups/DR, rate limiting, OWASP Top 10 hardening. Non-Functional Requirements - Availability: Target 99.9% for core APIs. - Performance: P95 < 300ms reads; < 1.2s order submission. - Security: TLS, encrypted secrets, RBAC/ABAC, audit trails; pen-test before go-live. - Compliance-ready: Data residency awareness, AML screening hooks, PII protection. Preferred Tech Stack - Web: React/Next.js, Tailwind - Mobile: React Native (Expo or bare for background location) - Backend: Node.js (NestJS) or Java (Spring Boot); Postgres, Redis - Messaging: Kafka or Redis Streams - Auth: Keycloak or Auth0 - Infra: Docker, Kubernetes (or ECS), Terraform on AWS/Azure/GCP - Notifications: SendGrid/Twilio/FCM - Payments: Modular adapters (M-Pesa, bank transfer, card) Deliverables - Source code in our GitHub, CI/CD pipelines, IaC, and three environments (Dev/Staging/Prod) - Web portals: Admin, OMC Ops, Station/Reseller, Transport Ops - Mobile apps: Driver (GPS + e-POD) and Reseller (orders/price board) - OpenAPI docs, ERD, architecture and sequence diagrams - Automated tests (unit/integration/E2E), runbooks, on-call playbooks - Security artifacts: threat model, pen-test report, remediation - Handover: training, documentation, credentials Milestones - M1: Architecture, repos, CI/CD, auth/orgs, core schemas (2–3 weeks) - M2: Pricing + orders + allocation with web UI (2–3 weeks) - M3: Dispatch + driver app (GPS/e-POD) + tracking dashboard (2–3 weeks) - M4: Payments (mobile money/bank), escrow/splits, notifications (2–3 weeks) - M5: POS integration + reconciliation + analytics dashboards (2–3 weeks) - M6: Hardening (security, performance, DR), pilot, and go-live (2 weeks) What To Include in Your Proposal - Relevant case studies (logistics, fintech, marketplaces, POS or payments integrations) - Team composition and availability over 12–16 weeks - Technical approach and timeline against milestones - Budget and commercial model (fixed price per milestone or T&M with gates) - Links to GitHub/portfolio and two references Initial Inputs We’ll Provide - Countries, corridors, and depot list; initial products/price list format - Chosen auth provider and payments rails priorities - POS vendor/sandbox credentials - Branding assets Notes - Must support intermittent connectivity for drivers (offline-tolerant) - Country segmentation (Kenya, DRC to start), corridor-based rules - Clear handover required with full documentation and admin access