YNM ERP — Enterprise Resource Planning System
Comprehensive Enterprise Resource Planning (ERP) system built with Next.js 16, React 19, TypeScript, and Supabase PostgreSQL. Manages complete manufacturing business lifecycle: Purchase Requisitions → RFQ & Quote Comparison → Purchase Orders → Gate Entry → GRN → Work Orders → Material Issue → Production → Sales Orders → Dispatch → Invoice.
Role
Full-stack Engineer
Team
Solo
Company/Organization
YNM Safety
The Problem
YNM Safety's manufacturing operations ran on fragmented manual workflows — Purchase Requisitions tracked on paper, no digital approval chain for...
Stock levels were managed in disconnected spreadsheets with no real-time updates, no reorder alerts, and no stock ledger showing transaction history...
Production material requirements needed manual BOM calculations — no system to automatically compute raw material needs from work orders, leading to...
No end-to-end audit trail connecting PR to PO to GRN to Work Order to Sales Order to Invoice — impossible to trace the complete business lifecycle for...
Multi-level approval workflows (PR → Admin approval → PO → Admin approval) had no digital mechanism, causing delays and lack of accountability.
8 different business roles (Admin, Planning, Purchase, Sales, Accounts, Security, Stores, Production) each needed different module access — no...
Quote comparison from multiple suppliers required manual spreadsheet work — no side-by-side comparison, no automatic best-price selection, no RFQ...
The Solution
Built a comprehensive ERP system with Next.js 16 App Router and Supabase PostgreSQL covering the complete manufacturing business lifecycle.
Complete Business Flow
Planning creates a Purchase Requisition (PR) with items, quantities, required dates, justification
Admin approves or rejects the PR with comments
Purchase creates an RFQ (Request for Quotation), sends to multiple suppliers, collects quote responses
Purchase runs Quote Comparison—side-by-side analysis of supplier quotes by price, delivery time, terms
Purchase generates a Purchase Order (PO) from the selected quote
Admin approves or rejects the PO
Security creates a Gate Entry when materials physically arrive at factory gate
Stores creates a Goods Receipt Note (GRN), verifies items against PO, accepts materials into inventory (updates stock ledger)
Planning creates a Work Order for production with BOM-based material requirements
Stores issues materials to production (deducts from stock ledger)
Production punches output (records completed units, updates finished goods stock)
Sales creates a Sales Order with customer, items, quantities, delivery date
Stores creates Dispatch against Sales Order (deducts finished goods from stock)
Accounts generates Invoice against Dispatch
Core Modules
Master Data Management
Items with 4 types: Raw Materials (procured, used in production), Semi-Finished (intermediate goods), Finished Goods (completed products), Trading...
Bill of Materials (BOM): hierarchical component structure defining what raw materials are needed to produce each finished/semi-finished item....
Suppliers: contact details, payment terms, lead times, history of RFQs and POs
Customers: contact details, payment terms, history of sales orders
Purchase Management
Purchase Requisitions (PR): item, quantity, required date, justification, requesting department. Status: Draft → Pending Approval → Approved/Rejected
Request for Quotation (RFQ): sent to multiple suppliers simultaneously. Track quote responses with price, delivery time, terms. Status: Draft → Sent...
Quote Comparison: side-by-side comparison table of all supplier responses, select best option, generate PO from selected quote
Purchase Orders (PO): generated from selected RFQ quote. Status: Draft → Pending Approval → Approved → Partially Received → Fully Received. Links...
Inventory Management
Gate Entry: security checkpoint when materials arrive. Records vehicle, supplier, driver details, expected items. Creates audit trail of physical...
Goods Receipt Note (GRN): stores team verifies items against PO and gate entry, records actual quantities received, condition assessment. Triggers...
Stock Levels: real-time inventory dashboard showing current stock for all items. Reorder alerts when stock falls below configured reorder point.
Stock Ledger: complete transaction history for each item — GRN receipts, material issues to production, production output, dispatches. Full audit trail...
Production Management
Work Orders: planned production quantity for a finished/semi-finished item. Automatically calculates material requirements from BOM (e.g., produce...
Material Issue: stores team issues exact material quantities to production floor against work order. Records which materials left inventory, updates...
Production Punching: production team records completed units as work progresses. Multiple punches per work order. Triggers finished goods stock...
Sales & Dispatch
Sales Orders: customer, items, quantities, prices, delivery date, payment terms. Status: Draft → Confirmed → Dispatched → Invoiced
Dispatch Management: create dispatch against sales order, record actual quantities dispatched, vehicle/driver details, delivery date. Triggers stock...
Invoice Generation: create invoice from dispatch with all line items, pricing, GST/tax calculations, payment terms, due date.
Administration
User Management: create users, assign roles (8 roles), reset passwords, activate/deactivate accounts
Approvals Dashboard: Admin sees all pending approvals (PRs, POs) in one place with approve/reject capability and comment history
Audit Log: comprehensive log of all critical operations — who did what, when, with before/after values. Covers all create/update/delete/approve/reject...
Executive Dashboard: KPI cards (active PRs, pending approvals, low stock alerts, today's dispatches, monthly revenue trend), charts using Recharts...
Role-Based Access Control (8 Roles)
Admin: Full access, approvals dashboard, audit log, user management, executive dashboard
Planning: Purchase Requisitions, Work Orders, Items, BOMs
Purchase: Items, Suppliers, RFQs, Purchase Orders, Stock (read)
Sales: Customers, Sales Orders
Accounts: Dispatches (read), Invoices
Security: Gate Entries
Stores: GRNs, Material Issue, Dispatch, Stock Management
Production: BOMs, Production Punches
Database Architecture (Supabase PostgreSQL)
15+ tables in supabase/migrations/: - `items` — Item master with type, UOM, reorder point - `suppliers`, `customers` — Partner master data - `boms`,...
Supabase seed.sql creates 8 test accounts with hashed passwords and pre-populated sample data for QA testing.
Security Architecture
Supabase Auth handles authentication (email + password, JWT tokens)
Row Level Security (RLS) policies on every table — database-level enforcement of role-based access
Soft delete with referential integrity checks — records are marked deleted, not removed, preserving audit trail
Audit logging for all critical operations
Deployment
Dockerfile for containerization
Makefile: `make build` (build Docker image), `make run` (run container)
cloudbuild.yaml for Google Cloud Build automated deployment pipeline
.env.local.example template for environment variables (NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY)
Testing
QA_TEST_GUIDE.md with comprehensive test scenarios: module-by-module test cases, end-to-end flow testing (complete PR → Invoice flow), edge cases...
Design Decisions
Chose Next.js 16 with App Router for SSR performance, unified API routes, and TypeScript support throughout frontend and backend code.
Used Supabase PostgreSQL for relational data with referential integrity — ERP workflows require strict foreign key relationships (PO references PR, GRN...
Implemented Row Level Security (RLS) at database level — security policies enforce role-based access even if application layer has bugs, providing...
Built 8 distinct roles instead of permission flags — each role represents a job function with fixed module access. Simpler to manage than fine-grained...
Used Supabase Auth for authentication — no custom auth implementation, secure JWT handling, built-in user management, integrates natively with RLS for...
Implemented BOM-driven material requirements calculation — automatic computation of raw material needs from work order quantities eliminates manual...
Added Quote Comparison module — side-by-side supplier quote analysis with automatic best-price highlighting reduces purchase decision time and ensures...
Used Supabase migrations (supabase/migrations/) for database versioning — reproducible schema across development, staging, and production environments,...
Included seeded test database (seed.sql) with 8 role accounts — enables immediate QA testing without manual data setup, all test credentials documented...
Implemented soft delete with referential integrity checks — preserve audit trail and historical data while preventing orphaned records. Hard delete...
Added comprehensive audit_logs table — captures who did what, when, with before/after values for all critical operations. Essential for manufacturing...
Tailwind CSS 4 for styling — utility-first approach enables rapid UI development, consistent design system, responsive layouts for different screen...
Docker + cloudbuild.yaml deployment — containerized for consistent environments, GCP Cloud Build for automated CI/CD pipeline from git push to...
Tradeoffs & Constraints
Chose Supabase over custom PostgreSQL — managed database with built-in Auth and RLS simplifies setup but introduces vendor dependency. Trade control...
8 fixed roles instead of fine-grained permission matrix — simpler to implement and understand, matches organizational structure, but less flexible if...
Next.js App Router SSR — better performance with server components, but more complex data fetching patterns compared to Pages Router. Learning curve...
Supabase RLS policies — powerful database-level security, but RLS policy debugging is complex. Policy errors silently return empty results, making...
Soft delete everywhere — preserves audit trail but increases query complexity (must filter is_deleted=false everywhere), increases database size over...
Supabase migrations for schema versioning — reproducible deployments, but requires running `supabase db push` on each environment. Team must coordinate...
Docker deployment — consistent environments, but cold start time for container initialization. Cloud Run auto-scaling has cold starts for infrequent...
QA_TEST_GUIDE.md for manual testing — comprehensive coverage, but no automated E2E tests (Playwright, Cypress). Manual testing is time-consuming for...
Would improve: Add automated E2E tests with Playwright covering the complete PR→Invoice flow, implement real-time notifications (Supabase Realtime)...
Outcome & Impact
Production ERP system managing complete manufacturing business lifecycle across 8 modules: Master Data (Items, BOM, Suppliers, Customers) → Purchase...
End-to-end traceability from Purchase Requisition to Invoice — every transaction linked with references: PR number → RFQ number → PO number → Gate...
8 role-based access levels with Supabase Auth and Row Level Security: Admin (full access, approvals, audit log, user management, executive KPI...
BOM-driven production planning: Bill of Materials defines component hierarchy for each finished/semi-finished item. Work orders automatically...
Quote Comparison module: side-by-side supplier quote analysis table with price, delivery time, and terms comparison. Highlights best price...
Multi-level digital approval workflows: PR status (Draft → Pending Approval → Approved/Rejected) with Admin approvals dashboard showing all pending...
Real-time stock management via stock_ledger table: every inventory transaction (GRN receipt, material issue, production output, dispatch) updates...
Comprehensive database schema with 15+ tables in Supabase migrations: items, suppliers, customers, boms, bom_items, purchase_requisitions, pr_items,...
Seeded test database with 8 role accounts (Admin/Admin@123, Planning/Planning@123, Purchase/Purchase@123, Sales/Sales@123, Accounts/Accounts@123,...
Security architecture: Supabase Auth for JWT-based authentication, RLS policies on every table for database-level role enforcement (security holds...
Executive Dashboard with KPI cards (active PRs, pending approvals, low stock alerts, today's dispatches, monthly revenue) and charts for management...
Docker containerization with Dockerfile (build and serve Next.js app), Makefile automation (make build, make run), cloudbuild.yaml for Google Cloud...
Comprehensive QA_TEST_GUIDE.md covering: module-by-module test cases for all 8 modules, complete end-to-end business flow testing (PR to Invoice),...
TypeScript throughout frontend and backend — type-safe database queries via Supabase TypeScript client, type-safe API routes, React component props...
ESLint configured (eslint.config.mjs) for code quality, PostCSS for Tailwind CSS 4 processing, TypeScript strict mode for maximum type safety.
Tech Stack
Frontend: Next.js 16 (App Router), React 19, TypeScript (strict mode)
Styling: Tailwind CSS 4 (utility-first, responsive design)
Database: Supabase PostgreSQL with migrations (supabase/migrations/)
Authentication: Supabase Auth (JWT-based, email + password)
Security: Row Level Security (RLS) policies, role-based access control (8 roles)
Deployment: Docker (Dockerfile + Makefile), Google Cloud Build (cloudbuild.yaml)
Code Quality: ESLint (eslint.config.mjs), TypeScript strict type checking
Testing: QA_TEST_GUIDE.md with module-by-module and end-to-end test scenarios