Z-Inspection is an ethical AI evaluation platform that enables systematic assessment of AI systems based on EU's 7 ethical principles. The platform supports role-based evaluations, questionnaire versioning, and comprehensive reporting.
Original Design: https://www.figma.com/design/rnE7QnlZqdW3femYLWfViy/Z-Inspection-Ethical-AI-Evaluation-Platform
- Quick Start
- Architecture
- Installation
- Configuration
- API Endpoints
- Data Model
- Email System
- Deployment
- Troubleshooting
- Node.js 20.x
- npm >= 9.0.0
- MongoDB Atlas account (or local MongoDB)
- Resend API account (for email)
# Install dependencies
cd backend
npm install
# Configure environment variables (create backend/.env)
MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/zinspection
RESEND_API_KEY=re_xxxxxxxxxxxxx
EMAIL_FROM=Z-Inspection <noreply@yourdomain.com>
# Start development server
npm startThe server will run on http://localhost:5000 (or PORT environment variable).
- Backend: Node.js + Express.js
- Database: MongoDB Atlas (Mongoose ODM)
- Email: Resend API
- AI Reports: Google Gemini API
- Deployment: Railway
backend/
├── models/ # MongoDB schemas
│ ├── User.js
│ ├── Project.js
│ ├── Question.js
│ ├── Questionnaire.js
│ ├── Response.js
│ └── ...
├── services/ # Business logic
│ ├── emailService.js
│ ├── evaluationService.js
│ ├── geminiService.js
│ └── ...
├── routes/ # API routes
│ ├── evaluationRoutes.js
│ └── reportRoutes.js
├── utils/ # Helper functions
│ ├── guideSelector.js
│ └── ...
├── assets/ # Static files
│ └── guides/ # PDF user guides
├── scripts/ # Migration and seed scripts
└── server.js # Main entry point
- admin - Platform administrator
- ethical-expert - Ethical evaluation expert
- medical-expert - Medical domain expert
- technical-expert - Technical evaluation expert
- legal-expert - Legal compliance expert
- education-expert - Education domain expert
- use-case-owner - Project owner
git clone <repository-url>
cd Z-Inspection-Ethical-AI-Evaluation-Platformcd backend
npm installCreate backend/.env file:
# MongoDB Connection
MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/zinspection?retryWrites=true&w=majority
# Email Configuration (Resend API)
RESEND_API_KEY=re_xxxxxxxxxxxxx
EMAIL_FROM=Z-Inspection <noreply@yourdomain.com>
WELCOME_ATTACHMENTS_ENABLED=true
# Optional
NODE_ENV=development
PORT=5000
GEMINI_API_KEY=your-gemini-api-key
SERVER_URL=http://localhost:5000
CLIENT_URL=http://localhost:3000- Create MongoDB Atlas account: https://www.mongodb.com/cloud/atlas
- Create cluster and database named
zinspection - Get connection string and add to
MONGO_URI - Whitelist IP
0.0.0.0/0(or Railway IPs for production)
- Create account: https://resend.com
- Verify your domain
- Create API key: Dashboard → API Keys → Create API Key
- Add to
RESEND_API_KEYenvironment variable
Place role-specific PDF guides in backend/assets/guides/:
admin-guide.pdf- Admin user guideexperts-guide.pdf- Expert roles guide (shared by all expert types)usecase-owner-guide.pdf- Use-case-owner guide
If PDFs are missing, welcome emails will be sent without attachments.
npm startCheck logs for:
🚀 Server running on port 5000
✅ MongoDB Atlas Bağlantısı Başarılı
📧 Email service: ✅ Configured
MONGO_URI- MongoDB connection stringRESEND_API_KEY- Resend API key for email sending
EMAIL_FROM- Email sender address (default:Z-Inspection <no-reply@resend.dev>)WELCOME_ATTACHMENTS_ENABLED- Enable PDF attachments in welcome emails (default:true)NODE_ENV- Environment mode (development|production)PORT- Server port (default:5000)GEMINI_API_KEY- Google Gemini API key for AI report generationSERVER_URL- Backend server URLCLIENT_URL- Frontend client URL
-
POST /api/auth/request-code- Request verification code{ "email": "user@example.com" } -
POST /api/auth/verify-code-and-register- Verify code and register{ "email": "user@example.com", "code": "123456", "name": "John Doe", "password": "password", "role": "admin" } -
POST /api/login- User login{ "email": "user@example.com", "password": "password" }
GET /api/projects- List projects (filtered by user role)POST /api/projects- Create new projectGET /api/projects/:id- Get project detailsPUT /api/projects/:id- Update projectDELETE /api/projects/:id- Delete project
POST /api/evaluations/assignments- Create expert assignmentPOST /api/evaluations/responses/draft- Save draft responsePOST /api/evaluations/responses/submit- Submit responseGET /api/evaluations/responses- Get responsesGET /api/evaluations/scores- Get aggregated scores
POST /api/projects/:projectId/reports/generate-pdf- Generate PDF reportGET /api/projects/:projectId/reports/latest- Get latest reportGET /api/reports/:id/file- Download report fileGET /api/reports/list-models- List available Gemini models
GET /api/health- Server health status
{
name: String,
email: String (unique),
password: String,
role: String, // admin, ethical-expert, medical-expert, etc.
isOnline: Boolean,
lastSeen: Date,
isVerified: Boolean
}{
title: String,
description: String,
status: String, // draft, active, completed
stage: String, // set-up, assess, resolve
progress: Number,
assignedUsers: [ObjectId],
createdByAdmin: ObjectId,
useCase: Object,
inspectionContext: Object
}{
key: String, // general-v1, ethical-expert-v1, etc.
title: String,
language: String, // en-tr
version: Number,
isActive: Boolean
}{
questionnaireKey: String,
code: String, // T1, E1, etc.
principle: String, // TRANSPARENCY, HUMAN AGENCY & OVERSIGHT, etc.
appliesToRoles: [String], // ['any'] or ['ethical-expert']
text: { en: String, tr: String },
answerType: String, // single_choice, multi_choice, open_text, numeric
options: [{
key: String,
label: { en: String, tr: String },
score: Number // 0-4
}],
order: Number
}{
projectId: ObjectId,
userId: ObjectId,
role: String,
questionnaireKey: String,
questionnaireVersion: Number,
answers: [{
questionCode: String,
answer: { choiceKey | text | numeric | multiChoiceKeys },
score: Number, // 0-4
scoreSuggested: Number, // For open_text
scoreFinal: Number,
reviewerId: ObjectId
}],
status: String // draft, submitted, locked
}{
projectId: ObjectId,
userId: ObjectId,
role: String,
questionnaires: [String], // ['general-v1', 'ethical-expert-v1']
status: String, // assigned, in-progress, completed
assignedAt: Date,
completedAt: Date
}- general-v1 - General questions (applies to all roles)
- ethical-expert-v1 - Ethical expert questions
- medical-expert-v1 - Medical expert questions
- technical-expert-v1 - Technical expert questions
- legal-expert-v1 - Legal expert questions
- education-expert-v1 - Education expert questions
- All experts see
general-v1questions - Role-specific questionnaires are only visible to their respective roles
- Example:
ethical-expertseesgeneral-v1+ethical-expert-v1
Sent when user requests registration code:
- Subject: "Your verification code for Z-Inspection Platform"
- Contains 6-digit code valid for 10 minutes
- Uses Resend API
Sent after successful registration:
- Subject: "Welcome to Z-Inspection Platform"
- Includes role-specific PDF guide attachment
- Role mapping:
admin→admin-guide.pdf- All expert roles →
experts-guide.pdf use-case-owner→usecase-owner-guide.pdf
Files:
backend/services/emailService.js- Email sending functionsbackend/utils/guideSelector.js- PDF selection helper
Functions:
sendVerificationEmail(to, code)- Send verification codesendWelcomeEmail(to, name, role)- Send welcome email with PDFsendEmail(to, subject, html, text)- Generic email sender
Logging:
[MAIL]prefix for verification emails[WELCOME]prefix for welcome emails
- Go to https://railway.app
- Login with GitHub
- Connect your repository
- New Service → GitHub Repo
- Select repository
- Set Root Directory:
backend - Railway will auto-detect and build
In Railway Dashboard → Variables:
MONGO_URI=mongodb+srv://username:password@cluster.mongodb.net/zinspection
NODE_ENV=production
RESEND_API_KEY=re_xxxxxxxxxxxxx
EMAIL_FROM=Z-Inspection <noreply@yourdomain.com>
WELCOME_ATTACHMENTS_ENABLED=true
GEMINI_API_KEY=your-gemini-api-key
SERVER_URL=https://your-backend.railway.app
CLIENT_URL=https://your-frontend.railway.app- Backend service → Settings → Networking
- Click Generate Domain
- Copy backend URL
Check logs for:
🚀 Server running on port 5000
✅ MongoDB Atlas Bağlantısı Başarılı
📧 Email service: ✅ Configured
Test health endpoint:
curl https://your-backend.railway.app/api/healthbackend/railway.json- Railway build settingsbackend/Procfile- Process start commandbackend/nixpacks.toml- Build configurationbackend/package.json- Dependencies
- Push code to GitHub
- Railway auto-deploys on push
- Monitor in Deployments tab
- Check Logs for errors
- Check
MONGO_URIis set correctly - Verify MongoDB connection (check IP whitelist)
- Check port availability
- Review logs:
Railway Dashboard → Logs
- Verify
MONGO_URIformat - Check MongoDB Atlas IP whitelist (
0.0.0.0/0for all IPs) - Verify username/password
- Check network connectivity
- Verify
RESEND_API_KEYis set - Check Resend API key is valid
- Verify domain is verified in Resend
- Check logs for
[MAIL]or[WELCOME]errors - Ensure
EMAIL_FROMmatches verified domain
- Verify PDF files exist in
backend/assets/guides/ - Check file names match exactly (case-sensitive):
admin-guide.pdfexperts-guide.pdfusecase-owner-guide.pdf
- Verify
WELCOME_ATTACHMENTS_ENABLEDis notfalse - Check logs for file read errors
- Check
package.jsondependencies - Verify Node.js version (20.x)
- Check
nixpacks.tomlconfiguration - Review build logs in Railway
- Verify CORS configuration
- Check authentication tokens
- Review request/response format
- Check server logs for errors
npm test # Acceptance criteria verification
npm run test:unit # Unit tests
npm run test:acceptance # Acceptance tests
npm run test:integration # Integration tests
npm run test:all # All testsnpm start- Start servernpm run migrate:usecasequestions- Run use case questions migration
- Models: MongoDB schemas (
backend/models/) - Services: Business logic (
backend/services/) - Routes: API endpoints (
backend/routes/) - Utils: Helper functions (
backend/utils/) - Scripts: Migration and seed scripts (
backend/scripts/)
ISC
For issues:
- Check Railway Dashboard → Logs
- Test
/api/healthendpoint - Verify environment variables
- Review MongoDB connection
- Check Resend API status