A full-stack procurement intake and approvals application with request management, configurable approval workflows, audit trail, and reporting dashboard.
procurement_platform/
├── backend/ Python + FastAPI + Strawberry GraphQL + SQLAlchemy
├── frontend/ React + TypeScript + Apollo Client + Recharts
├── e2e/ Playwright end-to-end tests
├── docker-compose.yml
└── .github/workflows/ci.yml
Backend stack: FastAPI, Strawberry GraphQL, SQLAlchemy (async), PostgreSQL, JWT auth, Alembic migrations
Frontend stack: React 18, TypeScript, Apollo Client, React Router, Recharts
- Docker & Docker Compose
- Python 3.12+
- Node.js 20+
bash setup.shThen start the services:
# Terminal 1 - Backend
cd backend && uvicorn app.main:app --reload --port 8000
# Terminal 2 - Frontend
cd frontend && npm run devdocker compose up --build| Password | Role | |
|---|---|---|
| admin@acme.com | admin123 | Admin |
| approver@acme.com | approver123 | Approver |
| approver2@acme.com | approver123 | Approver (VP) |
| requester@acme.com | requester123 | Requester |
- Create, edit, and submit purchase requests
- Track requests through their lifecycle (Draft → Submitted → Pending Approval → Approved/Rejected)
- Filter and search requests by status, category
- Rules-based approval routing with configurable policies
- Amount thresholds, category-based routing
- Multi-step approval chains
- Approver inbox with approve/reject actions and comments
- Auto-approve when no policies match
- Complete audit log for all state changes
- Per-request audit timeline
- Tracks who did what and when
- Cycle time per status step
- Requests by category (pie chart)
- Spend breakdown by category
- Approval bottleneck view (pending items per approver)
- Create, edit, and delete approval policies
- Configure rules (amount thresholds, category matching)
- Assign approvers and set priority
- JWT-based authentication
- Role-based access control (RBAC)
- Multi-tenant organization separation
- Protected API endpoints
Organization
├── User (role: admin | approver | requester)
├── ApprovalPolicy
│ └── PolicyRule (field, operator, value)
└── PurchaseRequest
├── ApprovalStep
│ └── ApprovalDecision
└── AuditLog
The API is available at /graphql with an interactive playground.
purchaseRequests- Paginated list with filterspurchaseRequest(id)- Single request with approval stepsapprovalInbox- Pending approvals for current userapprovalPolicies- All org policiesauditLogs- Paginated audit trailcycleTimeReport,categoryReport,bottleneckReport- Analytics
login- Authenticate and get JWT tokencreatePurchaseRequest/updatePurchaseRequest- CRUDsubmitRequest- Submit for approval (triggers routing)approveStep/rejectStep- Approve or rejectcreateApprovalPolicy/updateApprovalPolicy- Admin policy management
cd backend && python -m pytest tests/ -vcd frontend && npm testcd e2e && npm install && npx playwright install chromium
npx playwright testThe E2E test covers the full flow: login → create request → submit → approve → verify status and audit log.
GitHub Actions workflow (.github/workflows/ci.yml) runs:
- Backend tests (pytest)
- Frontend build and tests (vitest)
- End-to-end tests (Playwright) against a live Postgres instance
- Login - Authentication with demo credentials
- Request List - Filterable table of all purchase requests
- Create Request - Form to create and optionally submit a new request
- Request Detail - Full details, approval timeline, and audit trail
- Approver Inbox - Pending approvals with approve/reject actions
- Policy Editor - Admin-only CRUD for approval policies with rule builder
- Reports - Dashboard with cycle time, category breakdown, and bottleneck analysis