Contact person: Business Client

Phone:Show

Email:Show

Location: Secaucus, Kenya

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Title
Build a Production-Grade Petroleum Ordering, Logistics, and Embedded-Finance Platform (Web + Mobile)

Overview
We need a full, production-ready platform for Oil Marketing Companies (OMCs), station/reseller operators, and transporters. The system must support real-time pricing, order placement with price-locks, dispatch and GPS tracking, e-POD, payments (mobile money/bank), basic credit limits, POS integration, analytics, and strong security/compliance. Multi-country rollout starting with Kenya and DRC.

Key Features (v1.0)
- Identity & Access: OAuth2/OIDC, orgs (OMC/Reseller/Transporter/Admin), RBAC/ABAC, audit logs.
- Pricing: Morning price lists by product/location, FX-aware, price-locks with TTL and fees.
- Orders & Allocation: Spot/forward orders, anti-double-selling, depot/timeslot capacity control.
- Logistics: Dispatch assignment, driver mobile app with background GPS and e-POD (photo/signature), live shipment tracking.
- Payments: Adapters for mobile money (e.g., M-Pesa) and bank transfer, webhooks with retries, idempotency, escrow/split settlements.
- Credit (v1): Configurable limits and utilization checks; simple underwriting workflow.
- POS Integration: Initial integration with Pesapal (or confirm vendor) for pump sales/stock; daily reconciliation and variance reports.
- Admin & Analytics: Admin console (users/orgs, prices), dashboards (orders, deliveries, fees), CSV exports, immutable audits.
- Observability & Security: Centralized logs/metrics/traces, alerts, backups/DR, rate limiting, OWASP Top 10 hardening.

Non-Functional Requirements
- Availability: Target 99.9% for core APIs.
- Performance: P95 < 300ms reads; < 1.2s order submission.
- Security: TLS, encrypted secrets, RBAC/ABAC, audit trails; pen-test before go-live.
- Compliance-ready: Data residency awareness, AML screening hooks, PII protection.

Preferred Tech Stack
- Web: React/[login to view URL], Tailwind
- Mobile: React Native (Expo or bare for background location)
- Backend: Node.js (NestJS) or Java (Spring Boot); Postgres, Redis
- Messaging: Kafka or Redis Streams
- Auth: Keycloak or Auth0
- Infra: Docker, Kubernetes (or ECS), Terraform on AWS/Azure/GCP
- Notifications: SendGrid/Twilio/FCM
- Payments: Modular adapters (M-Pesa, bank transfer, card)

Deliverables
- Source code in our GitHub, CI/CD pipelines, IaC, and three environments (Dev/Staging/Prod)
- Web portals: Admin, OMC Ops, Station/Reseller, Transport Ops
- Mobile apps: Driver (GPS + e-POD) and Reseller (orders/price board)
- OpenAPI docs, ERD, architecture and sequence diagrams
- Automated tests (unit/integration/E2E), runbooks, on-call playbooks
- Security artifacts: threat model, pen-test report, remediation
- Handover: training, documentation, credentials

Milestones
- M1: Architecture, repos, CI/CD, auth/orgs, core schemas (2–3 weeks)
- M2: Pricing + orders + allocation with web UI (2–3 weeks)
- M3: Dispatch + driver app (GPS/e-POD) + tracking dashboard (2–3 weeks)
- M4: Payments (mobile money/bank), escrow/splits, notifications (2–3 weeks)
- M5: POS integration + reconciliation + analytics dashboards (2–3 weeks)
- M6: Hardening (security, performance, DR), pilot, and go-live (2 weeks)

What To Include in Your Proposal
- Relevant case studies (logistics, fintech, marketplaces, POS or payments integrations)
- Team composition and availability over 12–16 weeks
- Technical approach and timeline against milestones
- Budget and commercial model (fixed price per milestone or T&M with gates)
- Links to GitHub/portfolio and two references

Initial Inputs We’ll Provide
- Countries, corridors, and depot list; initial products/price list format
- Chosen auth provider and payments rails priorities
- POS vendor/sandbox credentials
- Branding assets

Notes
- Must support intermittent connectivity for drivers (offline-tolerant)
- Country segmentation (Kenya, DRC to start), corridor-based rules
- Clear handover required with full documentation and admin access" (client-provided description)