Contact person: Dynamic Plugin-Based Web Platform (WHM-Style)

Phone:Show

Email:Show

Location: Dammam, Saudi Arabia

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Project

Dynamic WHM-style Plugin Platform + Advanced Forms Studio + Orchestration via Official APIs (Professional Architecture • Delivery via Our GitHub)

Objective

Build a dynamic web platform that manages plugins integrating with external systems via official APIs. The platform must auto-generate service forms from JSON Schemas (no per-form coding), include an Orchestrator to execute/schedule/track tasks, and provide a rich Admin Console with multi-tenant RBAC/ABAC. Deliver all code in our private GitHub repository.

MVP Scope

1. App Shell + SSO

React/TypeScript UI with a dynamic sidebar.

OIDC single sign-on (we provide the IdP; group→role mapping).

Secure IFrame embedding for plugin UIs (CSP/cookies configured).

2. Plugin SDK (v1) + Plugin Registry

Plugin manifest (id, name, icon, [login to view URL], [login to view URL], webhooks, capabilities).

Actions defined via JSON Schema (inputs/outputs).

Signed webhooks (HMAC + timestamp + idempotency).

Health endpoints (/health/ready, /health/live).

Registry to install/enable/disable plugins and auto-render navigation.

3. Forms Studio (v1)

Low-code form composer with standard sections: Targets, Options, Schedule, Verify, Post-Actions, Review.

Merge plugin FieldPacks and de-duplicate shared fields using a light UDM (e.g., device_ids, site, pkg).

Dynamic data sources (lookups), conditional visibility (show_if), validation (JSON Schema + Zod).

Execution Plan Preview (DAG of steps across plugins) before submit.

4. Orchestrator + Webhooks

API to create/run/schedule/cancel jobs.

Unified states: PENDING → RUNNING → SUCCEEDED | FAILED | PARTIAL.

Webhook intake with HMAC verification, idempotency, retry/backoff, DLQ.

Audit log and optional approvals.

5. Included Plugins (in this contract)

AWX Plugin: run Job/Workflow Templates (limit, extra_vars) + status webhooks.

NetBox Plugin: official API integration for asset CRUD/tagging; participates in Forms Studio/Orchestrator.

Kill Bill Billing Plugin: official API integration for customers/subscriptions/invoices; participates in Forms Studio/Orchestrator.

6. Security & Observability

Per-tenant secrets in Vault/KMS; basic RBAC in MVP.

Health/Readiness checks, metrics (OpenTelemetry/Prometheus), and logs.

> External systems must be integrated only via official APIs (no direct database writes).

Admin Console (Rich)

Tenants & Users: create/manage tenants; map IdP groups to roles; optional SCIM-ready endpoints.

Roles & Permissions: built-in roles (Owner/Admin/Operator/Viewer) + custom roles; RBAC with action-level scopes (plugin/action/form/section); resource scoping (tenant/site/device where applicable).

Policy Engine (ABAC-lite): simple attribute conditions (role/tags/time). If proposing OPA/CEL, include an architecture note.

Plugin Lifecycle: install/enable/disable per tenant; version pinning; compatibility checks.

Forms Governance: draft/approve/publish; versioning/rollback; visibility per role/tenant.

Secrets Management: UI to reference/rotate Vault secrets per tenant/plugin (no plaintext exposure).

System Settings: feature flags, quotas/limits per tenant, maintenance windows.
Audit & Compliance: searchable audit trail (who/what/when), export to CSV/JSON, basic reports.
Architecture Requirements (Mandatory)
Clear layered/modular design:
App Shell (UI)
Plugin Registry & SDK
Orchestrator (Jobs/Schedules/Webhooks)
AuthZ Service (RBAC/ABAC, policy evaluation)
External Integration Adapters (per plugin)
Data/Identity layer (UDM + RBAC + Vault)
Deliver architecture documentation:
C4 Model (Context/Container/Component)
Sequence diagrams for manifest→UI, action→webhook, forms composition, authZ checks

ERD for core data (tenants/plugins/roles/permissions/jobs/schedules/audit)

ADRs (Architecture Decision Records)

Principles: decoupled components; contract-first (OpenAPI/JSON Schema); SemVer.

Performance/scale: caching for lookups, queues for execution, rate limits per plugin, readiness/liveness.

Testability: component isolation, mocks for plugins, contract tests for Actions/Webhooks/Permissions.

Preferred Tech Stack (negotiable)

Frontend: React + TypeScript ([login to view URL] or Vite) + Tailwind + shadcn/ui + React Hook Form + Zod.

Backend (pick one):

FastAPI (Python) + Pydantic + PostgreSQL + Redis (Queue/Cache) + Celery/RQ, or

NestJS (TypeScript) + TypeORM + PostgreSQL + Redis + BullMQ.

Auth/Secrets: OIDC + Vault/KMS (per tenant).

Containerization/Deploy: Docker (required) + Kubernetes (Helm) or Docker Compose (initially).

Observability: OpenTelemetry + Prometheus/Grafana (+ Loki/ELK for logs).

If you propose alternatives, explain the rationale and maintenance impact.

We Provide

Light UDM (shared keys and external ID mapping).

Brand tokens (colors/fonts/icons).

Test OIDC client and staging domains.

Initial list of MVP services.

Deliverables

Source code (Frontend + Backend) with OpenAPI and config files.

Architecture pack: C4, Sequence diagrams, ERD, ADRs.

Plugin SDK v1 + working Plugin Registry.

Forms Studio v1 (create/edit/publish forms + plan preview).

Working AWX, NetBox, and Kill Bill plugins.

Admin Console with tenants/users; roles/permissions (RBAC + ABAC-lite); plugin lifecycle; forms governance; secrets UI; audit.

CI/CD (GitHub Actions preferred): lint/test/build/scan/release.

Infra as Code: Dockerfiles + Helm/Compose + example values.

Runbooks: deploy/upgrade/rollback + short user/admin guides.

Acceptance Criteria (Testable)

1. Installing a plugin via its manifest auto-renders its icon in the sidebar (no UI code changes).

2. Forms Studio merges fields from multiple plugins with UDM fields and auto-generates an Execution Plan.

3. Submitting a form triggers plugin actions; job state updates via signed HMAC webhooks (idempotent).

4. Admin Console: create a custom role, assign granular permissions (plugin/action/section), restrict a form to that role, and verify enforcement.

5. Multi-tenant isolation verified (Tenant-A cannot access Tenant-B data/jobs/forms).

6. Performance: create job ≤ 2s; cached lookups ≤ 1s.

7. Architecture docs and ADRs delivered and aligned with implementation.

Quality & Security

Coding standards: ESLint/Prettier (or Ruff/Black), Conventional Commits, SemVer.

Tests: unit/integration/contract; smoke tests before each release.

Security: SAST/dependency scan, SBOM, secrets scan, HMAC webhooks, rate limits, CSP/CSRF for embedding.

Releases: signed tags and a Version Matrix for plugin compatibility.


Delivery via Our GitHub (Mandatory)

All development inside our private GitHub repository (we invite your team).

Clear repo structure (README, /docs, /ops).

Branch protection, required PR reviews, mandatory CI checks, no secrets in commits.

Use GitHub Projects/Issues/Milestones for transparent tracking.


Annual Support & Maintenance (Brief • Separate Line Item)

Provide a yearly support & maintenance contract for at least 3 years as a separate line item (pricing per year). The contract must cover ongoing updates/upgrades, security patches, and compatibility upkeep for the platform and the included plugins (AWX, NetBox, Kill Bill). No detailed SLAs required at this stage.

Out of Scope (MVP)

Mobile apps.

Direct database access to external systems.

Deep UI modifications inside external systems (CSS-only branding later if needed).


Suggested Timeline (adjustable)

Weeks 1–2: App Shell + SSO + Registry + SDK v1 + initial architecture docs.

Weeks 3–4: Forms Studio v1 + Orchestrator (Jobs/Webhooks) + CI/CD.

Weeks 5–6: AWX, NetBox, Kill Bill plugins + Admin Console + hardening + docs/runbooks + handover.


Proposal Requirements

1. Team profile and similar projects (DevOps/Ansible or plugin platforms + FastAPI/NestJS).


2. Short architecture approach (diagram + flow: manifest→UI→action→webhook→authZ).


3. Execution plan with risks, testing strategy, Version Matrix, and rollback plan.


4. Budget:

Fixed price (or phased) for the MVP.
Annual support/maintenance pricing as a separate line item for 3 years (brief contract).
5. Delivery model and team roles (Backend, Frontend, DevOps, QA).

6. Assumptions and inputs required from us." (client-provided description)