DemozPay System Documentation
⚠️ Partially outdated — 2026-05-23. Folder references in this document predate the May 2026 restructure. App names (
business,client,bnpl-partner,fi,admin,docs) are now<audience>-web(employer-web,employee-web,merchant-web,fi-web,admin-web,docs-web) per ADR-004. Carved-out Go services moved fromapps/toservices/. Library locations moved fromlibs/topackages/.⚠️ Positioning superseded. The "employee benefits management" / HR-suite framing below predates the current product identity. DemozPay is payroll-powered financial infrastructure — payroll is the trust layer that enables financial products, not an HR/benefits platform — and an orchestrator, not a custodian of funds (ADR-014). Treat
docs/architecture/SYSTEM_OVERVIEW.mdand theREADMEas authoritative for positioning.Authoritative current layout:
PROJECT_STRUCTURE.md. Decisions:docs/adr/.
📋 Table of Contents
- System Overview
- Architecture
- Applications
- Database Schema
- API Endpoints
- Authentication & Authorization
- Deployment
🎯 System Overview
DemozPay is salary-linked financial infrastructure for the Ethiopian market: payroll is the trust layer that powers financial products (EWA, lending, BNPL, Equb, savings) delivered through licensed partner banks. DemozPay orchestrates the rails and never holds customer funds (ADR-014). (Historic note: an earlier draft framed this as "employee benefits management" — that HR-suite framing is superseded; see the banner above.) The system serves multiple stakeholders through dedicated portals:
- Businesses: Manage payroll, employees, and financial services
- Employees: Access wages, loans, BNPL, and savings (Equb)
- Financial Institutions: Manage loan products and repayments
- BNPL Partners: Track transactions and settlements
- Platform Administrators: Oversee the entire ecosystem
Key Features
- 💰 Payroll Management: Multi-level approval workflow, tax calculations, pension deductions
- 🏦 Early Wage Access (EWA): Employees can access earned wages before payday
- 🛍️ Buy Now Pay Later (BNPL): Salary-backed installment purchases
- 💳 Employee Loans: Personal and emergency loans with payroll deduction
- 🤝 Equb System: Traditional Ethiopian savings circles (Rotating Savings and Credit Associations)
- 📊 Financial Analytics: Comprehensive reporting and insights
- 🔐 Bank-Grade Security: KYC verification, 2FA, audit logging
🏗️ Architecture
Technology Stack
Frontend:
- Framework: Next.js 16 (App Router)
- UI Library: React 19
- Styling: Tailwind CSS + Radix UI
- State Management: React Context API
- Form Handling: React Hook Form + Zod validation
Backend:
- Framework: NestJS 11
- ORM: Prisma 5
- Database: PostgreSQL
- Authentication: JWT + Passport
- API Style: RESTful
Infrastructure:
- Monorepo: Nx 22.1.1
- Package Manager: pnpm
- Testing: Jest (unit) + Playwright (E2E)
- CI/CD: GitHub Actions
- Containerization: Docker + Docker Compose
System Architecture Diagram
┌─────────────────────────────────────────────────────────────────┐
│ Client Layer │
├──────────┬──────────┬──────────┬──────────┬──────────────────────┤
│ Admin │ Business │ Client │ FI │ BNPL Partner │
│ Portal │ Portal │ Portal │ Portal │ Portal │
│ (4200) │ (4201) │ (4202) │ (4203) │ (4204) │
└──────────┴──────────┴──────────┴──────────┴──────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ API Gateway Layer │
│ NestJS Server (3000) │
├─────────────────────────────────────────────────────────────────┤
│ Auth │ Business │ Employee │ Payroll │ Loans │ BNPL │ Equb │
└─────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ Data Layer │
│ PostgreSQL Database │
│ (Prisma ORM) │
└─────────────────────────────────────────────────────────────────┘
📱 Applications
🔧 Admin Portal
Purpose: Platform administration and oversight of all system operations
Port: 4200
Target Users: Super Admins, Platform Administrators, Support Staff
Features
1. Dashboard
- Overview: System-wide metrics and KPIs
- Metrics:
- Total businesses onboarded
- Active employees across platform
- Total transaction volume
- Active loans and BNPL purchases
- Equb participation rates
- Expected Endpoints:
GET /api/admin/dashboard/metricsGET /api/admin/dashboard/recent-activities
2. Business Management
- List View: All registered businesses with filters
- Detail View: Complete business profile and operations
- Actions: Approve/suspend/activate businesses
- KYC Verification: Review and approve business documents
- Expected Endpoints:
GET /api/admin/businesses- List all businessesGET /api/admin/businesses/:id- Get business detailsPOST /api/admin/businesses- Create new businessPATCH /api/admin/businesses/:id- Update businessPATCH /api/admin/businesses/:id/status- Change statusPOST /api/admin/businesses/:id/verify-kyc- Verify KYC
3. User Management
- User Types: Super Admin, Admin, Support, Viewer, Company Admin, BNPL Partner Admin, FI Partner Admin
- Features:
- Create/edit/deactivate users
- Role-based access control (RBAC)
- Password reset
- Activity monitoring
- Expected Endpoints:
GET /api/admin/users- List all usersGET /api/admin/users/:id- Get user detailsPOST /api/admin/users- Create userPATCH /api/admin/users/:id- Update userDELETE /api/admin/users/:id- Deactivate userPOST /api/admin/users/:id/reset-password- Reset password
4. Payroll Monitoring
- Overview: Monitor all payroll processing across businesses
- Features:
- View payroll status (Draft, Pending Approval, Approved, Paid)
- Track approval workflows
- Monitor deductions (EWA, BNPL, Loans, Equb)
- Generate platform-wide payroll reports
- Expected Endpoints:
GET /api/admin/payrolls- List all payrollsGET /api/admin/payrolls/:id- Get payroll detailsGET /api/admin/payrolls/statistics- Payroll statistics
5. Loan Management
- Business Loans: Working capital, salary advance, expansion, equipment
- Employee Loans: Personal, emergency, education, medical, salary top-up
- Features:
- Review loan applications
- Approve/reject loans
- Monitor repayment schedules
- Track defaults
- Expected Endpoints:
GET /api/admin/loans/business- List business loansGET /api/admin/loans/employee- List employee loansGET /api/admin/loans/:id- Get loan detailsPATCH /api/admin/loans/:id/approve- Approve loanPATCH /api/admin/loans/:id/reject- Reject loan
6. Early Wage Access (EWA) Oversight
- Features:
- Monitor EWA requests across platform
- Track disbursement and repayment
- Set platform-wide EWA limits
- Analyze EWA usage patterns
- Expected Endpoints:
GET /api/admin/ewa/requests- List all EWA requestsGET /api/admin/ewa/statistics- EWA statisticsPATCH /api/admin/ewa/limits- Update platform limits
7. BNPL Management
- Features:
- Monitor BNPL transactions
- Manage BNPL partners
- Track merchant relationships
- Settlement management
- Expected Endpoints:
GET /api/admin/bnpl/transactions- List transactionsGET /api/admin/bnpl/partners- List BNPL partnersPOST /api/admin/bnpl/partners- Add partnerGET /api/admin/bnpl/settlements- Settlement batches
8. Equb Management
- Types: Corporate Equb, Private Equb
- Features:
- Monitor all equb circles
- Track contributions and payouts
- Resolve disputes
- Audit equb transactions
- Expected Endpoints:
GET /api/admin/equbs- List all equbsGET /api/admin/equbs/:id- Get equb detailsGET /api/admin/equbs/:id/rounds- Get equb roundsGET /api/admin/equbs/:id/participants- Get participantsGET /api/admin/equbs/:id/audit-logs- Get audit logs
9. Financial Institution Management
- Features:
- Onboard MFIs and banks
- Manage loan products
- Track settlements
- Monitor repayments
- Expected Endpoints:
GET /api/admin/financial-institutions- List FIsPOST /api/admin/financial-institutions- Add FIPATCH /api/admin/financial-institutions/:id- Update FIGET /api/admin/financial-institutions/:id/loans- FI loans
10. Compliance & Reporting
- Features:
- KYC verification tracking
- Regulatory compliance reports
- Transaction monitoring
- Audit trail
- Expected Endpoints:
GET /api/admin/compliance/kyc-pending- Pending KYCGET /api/admin/compliance/reports- Generate reportsGET /api/admin/audit-logs- System audit logs
11. Remittance Oversight
- Features:
- Monitor cross-border remittances
- Track settlement batches
- Reconciliation management
- Expected Endpoints:
GET /api/admin/remittances- List remittancesGET /api/admin/remittances/:id- Remittance details
12. Demo Requests
- Features:
- Manage demo requests from potential clients
- Schedule demos
- Track conversion pipeline
- Expected Endpoints:
GET /api/admin/demo-requests- List demo requestsPATCH /api/admin/demo-requests/:id- Update status
🏢 Business Portal
Purpose: Business/employer management of payroll, employees, and financial services
Port: 4201
Target Users: Business Owners, HR Managers, Finance Managers, Department Heads
Features
1. Dashboard
- Overview: Business-specific metrics
- Metrics:
- Total employees
- Current month payroll status
- Pending approvals
- Active loans and EWA requests
- Equb participation
- Expected Endpoints:
GET /api/business/dashboard/metricsGET /api/business/dashboard/recent-activities
2. Employee Management
- List View: All employees with filters (department, status)
- Detail View: Complete employee profile
- Features:
- Add/edit/terminate employees
- Department management
- Document management (ID, contracts)
- Absence tracking
- KYC verification
- Expected Endpoints:
GET /api/business/employees- List employeesGET /api/business/employees/:id- Employee detailsPOST /api/business/employees- Add employeePATCH /api/business/employees/:id- Update employeeDELETE /api/business/employees/:id- Terminate employeeGET /api/business/departments- List departmentsPOST /api/business/departments- Create departmentPOST /api/business/employees/:id/documents- Upload documentPOST /api/business/employees/:id/absences- Log absence
3. Payroll Management
- Payroll Cycle: Monthly processing with multi-level approval
- Features:
- Create payroll (clean draft or clone previous)
- Import variable components (overtime, bonuses)
- Calculate deductions (tax, pension, loans, EWA, BNPL, equb)
- Multi-level approval workflow (HR → Finance → CEO)
- Generate payslips
- Submit to Ministry of Revenue (MoR)
- Payroll history and reports
- Expected Endpoints:
GET /api/business/payrolls- List payrollsGET /api/business/payrolls/:id- Payroll detailsPOST /api/business/payrolls- Create payrollPOST /api/business/payrolls/:id/clone- Clone previousPOST /api/business/payrolls/:id/import-variables- Import dataPATCH /api/business/payrolls/:id/calculate- CalculatePOST /api/business/payrolls/:id/approve- ApprovePOST /api/business/payrolls/:id/submit-mor- Submit to MoRGET /api/business/payrolls/:id/payslips- Generate payslips
4. Financial Services Management
4.1 Early Wage Access (EWA)
- Features:
- Review EWA requests
- Approve/reject requests
- Track disbursements
- Monitor repayment through payroll
- Expected Endpoints:
GET /api/business/ewa/requests- List EWA requestsGET /api/business/ewa/requests/:id- Request detailsPATCH /api/business/ewa/requests/:id/approve- ApprovePATCH /api/business/ewa/requests/:id/reject- Reject
4.2 Employee Loans
- Features:
- Review loan applications
- HR approval workflow
- Track loan repayments
- Monitor defaults
- Expected Endpoints:
GET /api/business/loans/employee- List employee loansGET /api/business/loans/employee/:id- Loan detailsPATCH /api/business/loans/employee/:id/hr-approve- HR approval
4.3 Payroll Loans
- Features:
- Apply for business loans
- Track loan status
- Monitor repayments
- Expected Endpoints:
GET /api/business/loans/payroll- List payroll loansPOST /api/business/loans/payroll- Apply for loanGET /api/business/loans/payroll/:id- Loan details
4.4 Buy Now Pay Later (BNPL)
- Features:
- Monitor employee BNPL purchases
- Track installment deductions
- View merchant transactions
- Expected Endpoints:
GET /api/business/bnpl/purchases- List BNPL purchasesGET /api/business/bnpl/purchases/:id- Purchase details
5. Corporate Equb Management
- Features:
- Create corporate equb circles
- Manage participants
- Track contributions
- Monitor payout schedules
- View equb history
- Expected Endpoints:
GET /api/business/equbs- List corporate equbsPOST /api/business/equbs- Create equbGET /api/business/equbs/:id- Equb detailsPOST /api/business/equbs/:id/members- Add memberGET /api/business/equbs/:id/rounds- View rounds
6. Reports & Analytics
- Features:
- Payroll reports
- Employee demographics
- Financial services utilization
- Tax and pension reports
- Custom report generation
- Expected Endpoints:
GET /api/business/reports/payroll- Payroll reportsGET /api/business/reports/employees- Employee reportsGET /api/business/reports/financial-services- Financial reportsGET /api/business/reports/tax- Tax reports
7. PAYE Tax Reporting
- Features:
- Generate PAYE tax reports
- Submit to tax authority
- Track tax payments
- Expected Endpoints:
GET /api/business/tax/paye- PAYE reportsPOST /api/business/tax/paye/submit- Submit report
8. Utility Bill Payments
- Features:
- Pay utility bills (water, electricity, internet)
- Track payment history
- Manage multiple accounts
- Expected Endpoints:
GET /api/business/bills- List billsPOST /api/business/bills/pay- Pay billGET /api/business/bills/history- Payment history
9. User Management
- Features:
- Manage business users (HR, Finance, Managers)
- Role-based permissions
- Activity tracking
- Expected Endpoints:
GET /api/business/users- List business usersPOST /api/business/users- Add userPATCH /api/business/users/:id- Update user
10. Settings
- Features:
- Business profile management
- Payroll configuration
- Telebirr integration settings
- Financial limits configuration
- Notification preferences
- Expected Endpoints:
GET /api/business/settings- Get settingsPATCH /api/business/settings- Update settingsPATCH /api/business/settings/payroll-config- Payroll configPATCH /api/business/settings/telebirr- Telebirr config
👤 Client Portal (Employee App)
Purpose: Employee self-service for financial management and benefits
Port: 4202
Target Users: Employees
Features
1. Home Dashboard
- Overview: Personal financial snapshot
- Widgets:
- Upcoming pay amount and date
- Quick actions (EWA, BNPL, Loans, Equb)
- Budget planner
- Recent activities
- Expected Endpoints:
GET /api/employee/dashboard- Dashboard dataGET /api/employee/upcoming-pay- Next paycheck info
2. Finance Hub
- Tabs: EWA, BNPL, Loans
2.1 Early Wage Access (EWA)
- Features:
- Check available EWA amount
- Request early wage access
- View EWA history
- Track repayment status
- Expected Endpoints:
GET /api/employee/ewa/available- Available amountPOST /api/employee/ewa/request- Request EWAGET /api/employee/ewa/history- EWA history
2.2 Buy Now Pay Later (BNPL)
- Features:
- Browse BNPL-enabled merchants
- Make BNPL purchases
- View active installments
- Track payment schedule
- Expected Endpoints:
GET /api/employee/bnpl/merchants- List merchantsPOST /api/employee/bnpl/purchase- Make purchaseGET /api/employee/bnpl/purchases- My purchasesGET /api/employee/bnpl/purchases/:id- Purchase details
2.3 Loans
- Features:
- Apply for personal loans
- View loan eligibility
- Track loan status
- View repayment schedule
- Expected Endpoints:
GET /api/employee/loans/eligibility- Check eligibilityPOST /api/employee/loans/apply- Apply for loanGET /api/employee/loans- My loansGET /api/employee/loans/:id- Loan detailsGET /api/employee/loans/:id/schedule- Repayment schedule
3. Equb (Savings Circles)
- Types: Corporate Equb, Private Equb
- Features:
- Browse available equbs
- Join equb circles
- Create private equbs
- Track contributions
- View payout schedule
- Monitor equb rounds
- Expected Endpoints:
GET /api/employee/equbs- List available equbsGET /api/employee/equbs/my- My equbsPOST /api/employee/equbs/join- Join equbPOST /api/employee/equbs/create- Create private equbGET /api/employee/equbs/:id- Equb detailsGET /api/employee/equbs/:id/rounds- View roundsPOST /api/employee/equbs/:id/invite- Invite members
4. Payslip
- Features:
- View current and historical payslips
- Download payslips (PDF)
- Salary breakdown (earnings, deductions)
- Year-to-date summary
- Expected Endpoints:
GET /api/employee/payslips- List payslipsGET /api/employee/payslips/:id- Payslip detailsGET /api/employee/payslips/:id/download- Download PDFGET /api/employee/payslips/ytd- Year-to-date summary
5. Profile
- Features:
- View personal information
- Employment details
- Contact information
- Bank account details
- Document uploads
- Expected Endpoints:
GET /api/employee/profile- Get profilePATCH /api/employee/profile- Update profilePOST /api/employee/profile/documents- Upload documentPATCH /api/employee/profile/bank-account- Update bank info
6. Budget Planner
- Features:
- Track income and expenses
- Set savings goals
- Expense categorization
- Budget insights
- Expected Endpoints:
GET /api/employee/budget/summary- Budget summaryPOST /api/employee/budget/expenses- Add expenseGET /api/employee/budget/expenses- List expensesPOST /api/employee/budget/goals- Create savings goalGET /api/employee/budget/goals- List goals
7. Settings
- Features:
- Language selection (Amharic, English)
- Theme selection (Light, Dark, Midnight)
- Notification preferences
- Security settings (2FA, password change)
- Expected Endpoints:
GET /api/employee/settings- Get settingsPATCH /api/employee/settings- Update settingsPOST /api/employee/settings/2fa/enable- Enable 2FAPOST /api/employee/settings/password- Change password
8. Onboarding
- Features:
- Welcome flow for new employees
- Profile setup
- Bank account linking
- Feature introduction
- Expected Endpoints:
GET /api/employee/onboarding/status- Onboarding statusPOST /api/employee/onboarding/complete- Complete step
9. Help & Support
- Features:
- FAQ section
- Contact support
- Feature tutorials
- Expected Endpoints:
GET /api/employee/help/faq- Get FAQsPOST /api/employee/help/contact- Contact support
🏦 Financial Institution Portal
Purpose: Loan management for banks and microfinance institutions
Port: 4203
Target Users: MFI Administrators, Loan Officers
Features
1. Dashboard
- Overview: Loan portfolio metrics
- Metrics:
- Total active loans
- Loan disbursement volume
- Repayment rate
- Default rate
- Pending applications
- Expected Endpoints:
GET /api/fi/dashboard/metrics- Dashboard metricsGET /api/fi/dashboard/recent-activities- Recent activities
2. Loan Requests
- Types: Business Loans, Employee Loans
- Features:
- Review loan applications
- Credit assessment
- Approve/reject loans
- Set loan terms (amount, interest rate, tenure)
- Document verification
- Expected Endpoints:
GET /api/fi/loan-requests- List loan requestsGET /api/fi/loan-requests/:id- Request detailsPATCH /api/fi/loan-requests/:id/approve- Approve loanPATCH /api/fi/loan-requests/:id/reject- Reject loanPOST /api/fi/loan-requests/:id/disburse- Disburse loan
3. Active Loans
- Features:
- View all active loans
- Monitor repayment status
- Track overdue payments
- Loan performance analytics
- Expected Endpoints:
GET /api/fi/loans/active- List active loansGET /api/fi/loans/:id- Loan detailsGET /api/fi/loans/:id/payments- Payment historyGET /api/fi/loans/overdue- Overdue loans
4. Repayments & Remittance
- Features:
- Track loan repayments
- Settlement reconciliation
- Generate remittance reports
- Payment collection tracking
- Expected Endpoints:
GET /api/fi/repayments- List repaymentsGET /api/fi/repayments/:id- Repayment detailsGET /api/fi/settlements- Settlement batchesPOST /api/fi/settlements/:id/reconcile- Reconcile settlement
5. Settings
- Features:
- FI profile management
- Loan product configuration
- Interest rate settings
- Settlement account details
- Expected Endpoints:
GET /api/fi/settings- Get settingsPATCH /api/fi/settings- Update settingsGET /api/fi/settings/loan-products- Loan productsPOST /api/fi/settings/loan-products- Add loan product
🛍️ BNPL Partner Portal
Purpose: Transaction management for Buy Now Pay Later partners
Port: 4204
Target Users: BNPL Partner Administrators, Merchant Managers
Features
1. Dashboard
- Overview: BNPL transaction metrics
- Metrics:
- Total transactions
- Transaction volume
- Active installment plans
- Settlement pending
- Default rate
- Expected Endpoints:
GET /api/bnpl/dashboard/metrics- Dashboard metricsGET /api/bnpl/dashboard/recent-transactions- Recent transactions
2. BNPL Transactions
- Features:
- View all BNPL purchases
- Transaction details
- Customer information
- Installment tracking
- Transaction status monitoring
- Expected Endpoints:
GET /api/bnpl/transactions- List transactionsGET /api/bnpl/transactions/:id- Transaction detailsGET /api/bnpl/transactions/:id/installments- Installment schedule
3. Exposure & Risk Management
- Features:
- Credit exposure analysis
- Default risk assessment
- Customer credit limits
- Risk alerts
- Expected Endpoints:
GET /api/bnpl/risk/exposure- Exposure analysisGET /api/bnpl/risk/defaults- Default trackingGET /api/bnpl/risk/alerts- Risk alerts
4. Repayments & Remittance
- Features:
- Track installment payments
- Settlement reconciliation
- Payment collection status
- Generate settlement reports
- Expected Endpoints:
GET /api/bnpl/repayments- List repaymentsGET /api/bnpl/settlements- Settlement batchesGET /api/bnpl/settlements/:id- Settlement detailsPOST /api/bnpl/settlements/:id/reconcile- Reconcile
5. Settings
- Features:
- Partner profile management
- Merchant management
- Product catalog
- Settlement account configuration
- Expected Endpoints:
GET /api/bnpl/settings- Get settingsPATCH /api/bnpl/settings- Update settingsGET /api/bnpl/merchants- List merchantsPOST /api/bnpl/merchants- Add merchant
🔌 Server API
Purpose: Backend API serving all portals
Port: 3000
Framework: NestJS 11
Current Modules
1. Authentication Module (/auth)
- Features:
- User registration
- Login (JWT-based)
- Password reset
- Token refresh
- 2FA support
- Endpoints:
POST /auth/register- Register new userPOST /auth/login- LoginPOST /auth/logout- LogoutPOST /auth/refresh- Refresh tokenPOST /auth/forgot-password- Request password resetPOST /auth/reset-password- Reset passwordPOST /auth/2fa/enable- Enable 2FAPOST /auth/2fa/verify- Verify 2FA code
2. Business Module (/business)
- Features:
- Business CRUD operations
- Business profile management
- KYC verification
- Endpoints:
GET /business- List businessesGET /business/:id- Get businessPOST /business- Create businessPATCH /business/:id- Update businessDELETE /business/:id- Delete business
3. Employee Module (/employee)
- Features:
- Employee CRUD operations
- Employee profile management
- Document management
- Endpoints:
GET /employee- List employeesGET /employee/:id- Get employeePOST /employee- Create employeePATCH /employee/:id- Update employeeDELETE /employee/:id- Delete employee
Expected Additional Modules
4. Payroll Module (/payroll)
- Payroll processing
- Approval workflows
- Payslip generation
- Tax calculations
5. Loan Module (/loans)
- Loan application processing
- Loan approval workflows
- Repayment tracking
6. EWA Module (/ewa)
- EWA request processing
- Disbursement management
- Repayment tracking
7. BNPL Module (/bnpl)
- BNPL transaction processing
- Installment management
- Merchant management
8. Equb Module (/equb)
- Equb creation and management
- Contribution tracking
- Payout processing
9. Wallet Module (/wallet)
- Wallet management
- Transaction processing
- Withdrawal requests
10. Settlement Module (/settlement)
- Settlement batch processing
- Reconciliation
- Payment distribution
🗄️ Database Schema
Core Entities
1. User & Authentication
- User: Core user entity with authentication
- Role: Granular role-based access control
- AdminProfile: Admin-specific profile data
2. Business & Organization
- Business: Company/organization entity
- Department: Organizational departments
- Employee: Employee records with KYC
3. Payroll System
- Payroll: Payroll batch processing
- PayrollEntry: Individual employee payroll entries
4. Financial Services
Loans:
- BusinessLoan: Loans for businesses
- EmployeeLoan: Loans for employees
- LoanPayment: Loan repayment tracking
Early Wage Access:
- EarlyWageAccess: EWA requests and disbursements
BNPL:
- BNPLPurchase: BNPL transactions
- BNPLPayment: Installment payments
- BNPLPartner: BNPL partner entities
- Merchant: Merchant entities
5. Equb System
- Equb: Equb circle entity
- EqubMember: Equb membership
- EqubPayout: Payout tracking
6. Financial Infrastructure
- FinancialInstitution: Banks and MFIs
- LedgerAccount: Chart of accounts
- Transaction: Financial transactions
- JournalEntry: Double-entry bookkeeping
7. Wallet System
- Wallet: Employee wallet
- WalletTransaction: Wallet transactions
- WithdrawalRequest: Withdrawal requests
8. Settlement & Reconciliation
- SettlementBatch: Settlement batches
- SettlementRecord: Individual settlement records
9. Utilities
- BillPayment: Utility bill payments
- Expense: Personal expense tracking
- SavingGoal: Savings goals
10. Audit & Compliance
- AuditLog: System audit trail
- EmployeeAbsence: Absence tracking
Key Relationships
Business
├── Employees (1:N)
├── Payrolls (1:N)
├── Departments (1:N)
├── BusinessLoans (1:N)
├── Equbs (1:N)
└── LedgerAccounts (1:N)
Employee
├── User (1:1)
├── Wallet (1:1)
├── PayrollEntries (1:N)
├── EmployeeLoans (1:N)
├── EarlyWageAccess (1:N)
├── BNPLPurchases (1:N)
├── EqubMemberships (1:N)
└── Expenses (1:N)
Payroll
├── Business (N:1)
└── PayrollEntries (1:N)
Equb
├── Business (N:1) [optional]
├── EqubMembers (1:N)
└── EqubPayouts (1:N)
🔐 Authentication & Authorization
Authentication Flow
-
User Registration
- User provides email, password, name
- Password hashed with bcrypt
- User record created
- Verification email sent (optional)
-
Login
- User provides email and password
- Credentials validated
- JWT access token generated (15min expiry)
- JWT refresh token generated (7 days expiry)
- Tokens returned to client
-
Token Refresh
- Client sends refresh token
- New access token generated
- New refresh token generated (optional)
-
2FA (Optional)
- User enables 2FA in settings
- TOTP secret generated
- QR code provided for authenticator app
- Backup codes generated
- 2FA required on subsequent logins
Authorization (RBAC)
Role Hierarchy
Platform Roles:
- Super Admin: Full system access
- Admin: Platform administration
- Support: Customer support access
- Viewer: Read-only access
Business Roles:
- Business Owner: Full business access
- HR Manager: Employee and payroll management
- Finance Manager: Financial operations
- Department Head: Department-specific access
- Employee: Self-service access
Partner Roles:
- FI Admin: Financial institution operations
- BNPL Partner Admin: BNPL operations
Permission Model
Permissions are defined per module and action:
{
module: "Payroll",
actions: ["view", "create", "edit", "approve", "delete"]
}
Example Role Configuration:
{
"name": "HR Manager",
"scope": "BUSINESS",
"permissions": [
{ "module": "Employee", "actions": ["view", "create", "edit"] },
{ "module": "Payroll", "actions": ["view", "create", "edit"] },
{ "module": "EWA", "actions": ["view", "approve", "reject"] }
]
}
Security Features
-
Password Security
- Minimum 8 characters
- Bcrypt hashing (10 rounds)
- Password history (prevent reuse)
-
JWT Security
- Short-lived access tokens (15min)
- Refresh token rotation
- Token blacklisting on logout
-
2FA Support
- TOTP-based (Google Authenticator, Authy)
- Backup codes for recovery
- Optional per user
-
KYC Verification
- ID document upload (front/back)
- Selfie verification
- Manual review workflow
- Bank-grade verification
-
Audit Logging
- All sensitive operations logged
- User actions tracked
- IP address and user agent captured
- Immutable audit trail
🚀 Deployment
Development Environment
# Install dependencies
pnpm install
# Start database
pnpm docker:up
# Run migrations
pnpm prisma:migrate
pnpm prisma:generate
# Start all applications
pnpm dev
# Or start individually
pnpm dev:api # Backend API (port 3000)
pnpm dev:admin # Admin portal (port 4200)
pnpm dev:business # Business portal (port 4201)
pnpm dev:client # Client portal (port 4202)
pnpm dev:fi # FI portal (port 4203)
pnpm dev:bnpl-partner # BNPL portal (port 4204)
I'll analyze each application in the system thoroughly and create a comprehensive README. Let me start by examining the structure and features of each app.
Production Build
# Build all applications
pnpm build
# Or build individually
pnpm build:api
pnpm build:admin
pnpm build:business
pnpm build:client
pnpm build:fi
pnpm build:bnpl-partner
Docker Deployment
API:
# Build Docker image
docker build -f apps/api/Dockerfile -t demozpay-api .
# Run container
docker run -p 3000:3000 \
-e DATABASE_URL="postgresql://..." \
-e JWT_SECRET="..." \
demozpay-api
Frontend Apps: Each Next.js app can be deployed to:
- Vercel (recommended)
- Netlify
- AWS Amplify
- Self-hosted Node.js server
Environment Variables
Server (.env):
DATABASE_URL="postgresql://user:password@localhost:5432/demozpay"
JWT_SECRET="your-secret-key"
JWT_EXPIRES_IN="15m"
REFRESH_TOKEN_SECRET="your-refresh-secret"
REFRESH_TOKEN_EXPIRES_IN="7d"
PORT=3000
Frontend (.env.local):
NEXT_PUBLIC_API_URL="http://localhost:3000"
NEXT_PUBLIC_APP_NAME="DemozPay"
📊 API Endpoint Summary
Admin Portal Endpoints
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Dashboard | GET | /api/admin/dashboard/metrics | Dashboard metrics |
| Businesses | GET | /api/admin/businesses | List businesses |
| Businesses | GET | /api/admin/businesses/:id | Get business details |
| Businesses | POST | /api/admin/businesses | Create business |
| Businesses | PATCH | /api/admin/businesses/:id | Update business |
| Businesses | PATCH | /api/admin/businesses/:id/status | Change status |
| Users | GET | /api/admin/users | List users |
| Users | POST | /api/admin/users | Create user |
| Users | PATCH | /api/admin/users/:id | Update user |
| Payroll | GET | /api/admin/payrolls | List all payrolls |
| Loans | GET | /api/admin/loans/business | Business loans |
| Loans | GET | /api/admin/loans/employee | Employee loans |
| EWA | GET | /api/admin/ewa/requests | EWA requests |
| BNPL | GET | /api/admin/bnpl/transactions | BNPL transactions |
| Equb | GET | /api/admin/equbs | List equbs |
| FI | GET | /api/admin/financial-institutions | List FIs |
Business Portal Endpoints
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Dashboard | GET | /api/business/dashboard/metrics | Dashboard metrics |
| Employees | GET | /api/business/employees | List employees |
| Employees | POST | /api/business/employees | Add employee |
| Employees | PATCH | /api/business/employees/:id | Update employee |
| Departments | GET | /api/business/departments | List departments |
| Payroll | GET | /api/business/payrolls | List payrolls |
| Payroll | POST | /api/business/payrolls | Create payroll |
| Payroll | POST | /api/business/payrolls/:id/approve | Approve payroll |
| EWA | GET | /api/business/ewa/requests | EWA requests |
| EWA | PATCH | /api/business/ewa/requests/:id/approve | Approve EWA |
| Loans | GET | /api/business/loans/employee | Employee loans |
| BNPL | GET | /api/business/bnpl/purchases | BNPL purchases |
| Equb | GET | /api/business/equbs | Corporate equbs |
| Equb | POST | /api/business/equbs | Create equb |
Client Portal Endpoints
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Dashboard | GET | /api/employee/dashboard | Dashboard data |
| EWA | GET | /api/employee/ewa/available | Available EWA |
| EWA | POST | /api/employee/ewa/request | Request EWA |
| BNPL | GET | /api/employee/bnpl/merchants | List merchants |
| BNPL | POST | /api/employee/bnpl/purchase | Make purchase |
| Loans | GET | /api/employee/loans/eligibility | Check eligibility |
| Loans | POST | /api/employee/loans/apply | Apply for loan |
| Equb | GET | /api/employee/equbs | Available equbs |
| Equb | POST | /api/employee/equbs/join | Join equb |
| Equb | POST | /api/employee/equbs/create | Create private equb |
| Payslip | GET | /api/employee/payslips | List payslips |
| Profile | GET | /api/employee/profile | Get profile |
| Budget | GET | /api/employee/budget/summary | Budget summary |
FI Portal Endpoints
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Dashboard | GET | /api/fi/dashboard/metrics | Dashboard metrics |
| Loans | GET | /api/fi/loan-requests | Loan requests |
| Loans | PATCH | /api/fi/loan-requests/:id/approve | Approve loan |
| Loans | GET | /api/fi/loans/active | Active loans |
| Repayments | GET | /api/fi/repayments | List repayments |
| Settlements | GET | /api/fi/settlements | Settlement batches |
BNPL Portal Endpoints
| Module | Method | Endpoint | Description |
|---|---|---|---|
| Dashboard | GET | /api/bnpl/dashboard/metrics | Dashboard metrics |
| Transactions | GET | /api/bnpl/transactions | List transactions |
| Risk | GET | /api/bnpl/risk/exposure | Exposure analysis |
| Repayments | GET | /api/bnpl/repayments | List repayments |
| Settlements | GET | /api/bnpl/settlements | Settlement batches |
🔄 Key Business Flows
1. Payroll Processing Flow
1. HR creates payroll (clean draft or clone previous)
2. HR imports variable components (overtime, bonuses)
3. System calculates:
- Gross pay (base salary + allowances + overtime + bonus)
- Deductions (tax, pension, loans, EWA, BNPL, equb)
- Net pay
4. HR reviews and submits for approval
5. Finance Manager approves
6. CEO approves (if required)
7. Payroll status: APPROVED
8. System generates payslips
9. Business initiates payment
10. System marks payroll as PAID
11. Optional: Submit to Ministry of Revenue
2. Early Wage Access (EWA) Flow
1. Employee checks available EWA amount
2. Employee requests EWA (amount, purpose)
3. System validates:
- Employee eligibility
- Available earned wages
- Maximum EWA limit
4. HR/Manager reviews request
5. HR approves/rejects
6. If approved, system disburses to employee
7. Amount deducted from next payroll
8. EWA marked as DEDUCTED
3. BNPL Purchase Flow
1. Employee browses BNPL merchants
2. Employee selects product and installment plan
3. System checks:
- Employee eligibility
- Credit limit
- Salary sufficiency
4. Employee confirms purchase
5. System creates BNPL record
6. Merchant receives payment
7. Installments deducted from monthly payroll
8. System tracks payment status
9. Upon completion, BNPL marked as COMPLETED
4. Loan Application Flow
1. Employee applies for loan (amount, purpose, term)
2. HR reviews and approves (employee loans)
3. Application sent to Financial Institution
4. FI reviews credit assessment
5. FI approves/rejects with terms
6. If approved, loan disbursed
7. Monthly repayments deducted from payroll
8. System tracks repayment schedule
9. Upon full repayment, loan marked as PAID_OFF
5. Equb Creation & Management Flow
1. Organizer creates equb (name, contribution, frequency, members)
2. System validates equb parameters
3. Organizer invites members (corporate) or members join (private)
4. Admin approves equb (if required)
5. Equb starts on specified date
6. Each round:
- Members contribute (auto-deducted from payroll)
- Winner selected (random/sequential/bidding)
- Payout executed
- Round marked as completed
7. After all rounds, equb marked as COMPLETED
💡 Key Features Explained
Equb System (Ethiopian Savings Circles)
What is Equb? Equb is a traditional Ethiopian rotating savings and credit association (ROSCA). Members contribute a fixed amount regularly, and each round, one member receives the total pool.
Types:
- Corporate Equb: Organized by businesses for employees
- Private Equb: Created by individuals for friends/family
How it works:
- 10 members contribute ETB 1,000 monthly
- Total pool: ETB 10,000
- Month 1: Member A receives ETB 10,000
- Month 2: Member B receives ETB 10,000
- Continues until all members receive payout
Selection Methods:
- Random: Winner selected randomly
- Sequential: Pre-determined order
- Bidding: Members bid for early payout
Early Wage Access (EWA)
What is EWA? Employees can access a portion of their earned wages before the regular payday.
How it works:
- Employee has earned ETB 15,000 (15 days worked)
- Employee can request up to 50% (ETB 7,500)
- Amount disbursed immediately
- Deducted from next paycheck
Benefits:
- Financial flexibility for emergencies
- No interest charges
- Instant disbursement
- Automatic payroll deduction
Buy Now Pay Later (BNPL)
What is BNPL? Salary-backed installment purchases from partner merchants.
How it works:
- Employee purchases ETB 10,000 laptop
- Chooses 5-month installment plan
- Pays ETB 2,000 monthly from salary
- No interest (or low interest)
- Merchant receives full payment upfront
Benefits:
- Access to goods without upfront payment
- Automatic salary deduction
- Credit building
- No traditional credit check
Multi-Level Payroll Approval
Approval Workflow:
- HR Approval: Verify employee data, attendance
- Finance Approval: Verify calculations, budget
- CEO Approval: Final authorization (optional)
Status Progression:
DRAFT → PENDING_HR_APPROVAL → PENDING_FINANCE_APPROVAL
→ PENDING_CEO_APPROVAL → APPROVED → PAID
Double-Entry Bookkeeping
Ledger System: Every financial transaction creates balanced journal entries.
Example - Payroll Payment:
Debit: Payroll Expense ETB 100,000
Credit: Cash ETB 100,000
Example - Loan Disbursement:
Debit: Loans Receivable ETB 50,000
Credit: Cash ETB 50,000
🧪 Testing
Unit Tests
# Run all unit tests
pnpm test
# Run tests for specific project
npx nx test api
npx nx test admin
# Run with coverage
pnpm test:coverage
# Watch mode
pnpm test:watch
E2E Tests
# Run all E2E tests
pnpm e2e
# Run E2E for specific app
pnpm e2e:admin
pnpm e2e:business
pnpm e2e:client
Test Structure
apps/
├── api/ NestJS modular monolith
│ └── src/ app/ · _infra/ · identity/ · workforce/ · products/ · compliance/ · money/ · payroll/
├── admin-web/ (+ admin-web-e2e/)
├── employer-web/ (+ employer-web-e2e/)
├── employee-web/ (+ employee-web-e2e/)
├── fi-web/ (+ fi-web-e2e/)
├── merchant-web/ (+ merchant-web-e2e/)
└── docs-web/
📚 Additional Resources
Documentation
Project-Specific Docs
README.md- Quick start guideNX_WORKSPACE_EXPLAINED.md- Nx workspace explanationFIGMA_DESIGN_SPECS.md- Design specificationsapps/docs/- Docusaurus documentation site
Development Commands
# Dependency graph
pnpm graph
# Affected commands (only changed projects)
pnpm affected:build
pnpm affected:test
pnpm affected:lint
# Database management
pnpm prisma:studio # Open Prisma Studio
pnpm prisma:migrate # Run migrations
pnpm prisma:generate # Generate Prisma Client
pnpm prisma:seed # Seed database
# Code quality
pnpm lint # Lint all projects
pnpm lint:fix # Fix linting issues
pnpm format # Format with Prettier
🎨 UI/UX Features
Theme System
Available Themes:
- Light: Default theme with blue accents
- Dark: Dark mode with blue accents
- Midnight: Dark mode with midnight blue accents
Theme Variables:
--bg-primary: Background color
--text-primary: Primary text color
--button-primary: Primary button color
--border-primary: Border color
Implementation:
- CSS custom properties
- Theme context provider
- Persistent theme selection
- Smooth transitions
Multi-Language Support
Supported Languages:
- English
- Amharic (አማርኛ)
Implementation:
- Language selector in settings
- Persistent language preference
- RTL support (if needed)
Responsive Design
Breakpoints:
- Mobile: < 768px
- Tablet: 768px - 1024px
- Desktop: > 1024px
Mobile-First Approach:
- Touch-friendly interfaces
- Optimized for small screens
- Progressive enhancement
🔒 Security Best Practices
Data Protection
-
Encryption at Rest
- Database encryption
- File encryption for documents
-
Encryption in Transit
- HTTPS/TLS for all communications
- Secure WebSocket connections
-
Sensitive Data Handling
- PII encryption
- Secure password storage (bcrypt)
- Token encryption
Access Control
-
Principle of Least Privilege
- Users have minimum required permissions
- Role-based access control
-
Session Management
- Short-lived access tokens
- Secure refresh token rotation
- Session timeout
-
API Security
- Rate limiting
- Request validation
- CORS configuration
Compliance
-
Data Privacy
- GDPR-compliant (if applicable)
- Data retention policies
- Right to deletion
-
Audit Trail
- All sensitive operations logged
- Immutable audit logs
- Regular audit reviews
-
KYC/AML
- Identity verification
- Document verification
- Risk assessment
📈 Scalability Considerations
Database Optimization
-
Indexing Strategy
- Primary keys on all tables
- Foreign key indexes
- Composite indexes for common queries
- Full-text search indexes
-
Query Optimization
- Efficient joins
- Pagination for large datasets
- Caching frequently accessed data
-
Connection Pooling
- Prisma connection pooling
- Optimal pool size configuration
Caching Strategy
-
Application-Level Caching
- Redis for session storage
- Cache frequently accessed data
- Cache invalidation strategy
-
CDN for Static Assets
- Images, CSS, JavaScript
- Global distribution
Horizontal Scaling
-
Stateless API Design
- No server-side session storage
- JWT-based authentication
- Load balancer ready
-
Database Replication
- Read replicas for queries
- Write to primary database
- Automatic failover
-
Microservices (Future)
- Service decomposition
- Independent scaling
- Service mesh
🚨 Monitoring & Observability
Application Monitoring
-
Logging
- Structured logging (JSON)
- Log levels (ERROR, WARN, INFO, DEBUG)
- Centralized log aggregation
-
Metrics
- Request rate
- Response time
- Error rate
- Database query performance
-
Alerting
- Error rate thresholds
- Performance degradation
- System health checks
Business Metrics
-
Transaction Monitoring
- Payroll processing time
- EWA disbursement rate
- Loan approval rate
- BNPL transaction volume
-
User Analytics
- Active users
- Feature adoption
- User engagement
🔮 Future Enhancements
Planned Features
-
Mobile Applications
- Native iOS app
- Native Android app
- React Native implementation
-
Advanced Analytics
- Predictive analytics
- Financial insights
- Spending patterns
-
Integration Ecosystem
- Accounting software (QuickBooks, Xero)
- Payment gateways (Stripe, PayPal)
- Banking APIs
- Government systems (tax, pension)
-
AI/ML Features
- Credit scoring
- Fraud detection
- Spending recommendations
- Chatbot support
-
Additional Financial Products
- Insurance products
- Investment options
- Pension management
- Remittance services
-
Enhanced Equb Features
- Equb marketplace
- Equb insurance
- Flexible contribution schedules
- Equb analytics
👥 Team & Roles
Development Team Structure
Backend Team:
- NestJS developers
- Database administrators
- DevOps engineers
Frontend Team:
- Next.js/React developers
- UI/UX designers
- Mobile developers (future)
Product Team:
- Product managers
- Business analysts
- QA engineers
Operations Team:
- System administrators
- Support engineers
- Compliance officers
📞 Support & Contact
Technical Support
- Email: support@demozpay.com
- Documentation: https://docs.demozpay.com
- Issue Tracker: GitHub Issues
Business Inquiries
- Sales: sales@demozpay.com
- Partnerships: partnerships@demozpay.com
- General: info@demozpay.com
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- Ethiopian fintech ecosystem
- Open source community
- Nx team for the amazing monorepo tool
- All contributors and supporters
Last Updated: February 2026
Version: 1.0.0
Maintained by: DemozPay Development Team