AI-powered expense intelligence platform. Upload your company's transaction data and policy documents, then query your spending in plain English, enforce policy automatically, and surface insights through clean visualizations — all in one dashboard.
- Dashboard Overview — KPI metric cards with month-over-month changes, spend breakdown donut chart, monthly trend line, top merchants, recent transactions with manual flag support
- Talk to Data — Multi-turn natural language chat interface. Ask about spend, vendors, trends, or policy violations and get answers with inline charts and breakdown tables
- Policy Engine — Automated compliance analysis across all transactions. Flags violations (meal limits, weekend spend, foreign transactions, alcohol, tickets, duplicate splits, etc.) with severity levels and evidence
- Pre-Approvals — Paginated approval queue with AI-generated approve/review/deny recommendations per transaction
- Expense Reports — Transactions clustered by location, tag, and date into expense reports with linked policy findings
- Knowledge Setup — Provision the AI assistant, upload policy PDFs and transaction datasets, manage indexed documents
| Layer | Technology |
|---|---|
| Framework | Next.js 16.2.2 (App Router, Turbopack) |
| Language | TypeScript 5 (strict mode) |
| Database | Supabase (PostgreSQL + RLS) |
| Auth | Supabase Auth (email/password) |
| AI | LLM assistant API (thread-based, RAG) |
| Styling | Tailwind CSS v4, shadcn/ui |
| Charts | Custom SVG (DonutChart, LineChart) |
| File Parsing | ExcelJS (XLSX), React Dropzone |
| Flow Builder | @xyflow/react (policy workflow graph) |
| Validation | Zod |
| Icons | Lucide React |
| Route | Description |
|---|---|
/auth/login |
Email/password login and signup |
/auth/callback |
OAuth / email confirmation handler |
| Route | Description |
|---|---|
/dashboard |
Overview — metrics, spend trends, top merchants |
/dashboard/chat |
Talk to Data — natural language query interface |
/dashboard/policy |
Policy Engine — compliance findings by severity |
/dashboard/approvals |
Pre-Approvals — transaction approval queue |
/dashboard/reports |
Expense Reports — clustered report review |
| Route | Description |
|---|---|
/onboarding |
Multi-step wizard — file upload + department setup |
POST /api/auth/bootstrap— Create organization and user profile on first sign-in
POST /api/chat— Natural language query; returns answer, threadId, visualization
GET /api/dashboard/overview— Metrics snapshot, top finding, top reportGET /api/dashboard/approvals?page=N— Paginated approvals with recommendationsGET /api/dashboard/policy?page=N— Paginated policy findingsGET /api/dashboard/reports?page=N— Paginated expense report clustersPOST /api/dashboard/policy— Execute custom policy workflowPATCH /api/dashboard/transactions/[id]/flag— Toggle manual flag on a transaction
POST /api/onboarding/import— Parse and import XLSX transaction file + optional policy PDFPOST /api/onboarding/complete— Finalize onboarding with department config
GET /api/backboard/provision— Check assistant provisioning statusPOST /api/backboard/provision— Provision new assistant for orgPOST /api/backboard/documents— Upload and index policy/transaction documents
id, org_id, dept_id, submitted_by
posting_date, transaction_date, transaction_code
merchant_name, merchant_city, merchant_state, merchant_country, merchant_postal
description, amount, debit_credit, mcc, conversion_rate, transaction_category
flagged (boolean)
policy_status ('approved' | 'needs-approval' | 'blocked')
policy_tags (text[])
policy_last_evaluated_at
created_at
id, name, onboarding_config (jsonb), created_at
onboarding_config tracks: onboardingComplete, transactionsImported, departmentsConfigured, policyUploaded, backboardAssistantId, backboardModelName, policyDocumentIds, transactionDocumentIds
id (→ auth.users), org_id, dept_id, email, full_name
role ('admin' | 'finance' | 'manager' | 'user')
created_at
id, org_id, name, is_active, created_at
bootstrap_organization(org_name, full_name)— Creates org + user atomically, returns org_id and role. Runs as SECURITY DEFINER.
supabase/migrations/
001_initial.sql — core transactions table + RLS
20260404143000_bootstrap_organization.sql — org bootstrap function
20260404173000_add_policy_status_to_transactions.sql
20260404180000_add_flagged_to_transactions.sql
8 built-in rules, each producing typed findings with severity:
| Rule | Severity | Logic |
|---|---|---|
| Manager Pre-approval | Medium | Amount > $50 |
| Receipt Required | Medium | Amount > $50, no receipt |
| Ticket / Fine | High | tickets tag present |
| Alcohol Purchase | High | alcohol tag + missing details |
| High-cost Travel | Medium | travel tag + amount > $1,000 |
| Duplicate Transaction | High | Same merchant + amount within 48 hours |
| Split Transaction | High | Merchant pair, $250–500 each, sum > $500 within 3 days |
| Manual Flag | Medium | User-flagged transactions |
Custom policy workflows can be designed in the Policy Engine using a node/edge graph builder. Supports a DSL with hasTag(), missing(), withinHours(), withinDays(), sum(), count(), and field comparisons.
Transactions are auto-tagged by merchant name and MCC code:
software · shipping · fuel · travel · lodging · meals · parking · fees · alcohol · tickets · other
- User uploads XLSX via onboarding wizard
- ExcelJS parses file with dynamic column header normalization
- Departments auto-detected and created in Supabase
- Transactions inserted in 500-row chunks
- Optional policy PDF uploaded to AI assistant and polled until indexed
- User query →
resolveQueryState()parses intent (focusTag, compareTag, period, mode) buildVisualization()generates deterministic analysis- If assistant is provisioned, sends query + analysis JSON + policy context to LLM
- LLM returns narrative answer; fallback to local narrative if unavailable
threadIdpersisted for multi-turn conversation continuity
Transactions grouped by location + tag + 4-day date buckets. Groups with ≥ 2 transactions or a single transaction > $250 become expense reports. Each report includes linked policy findings and an AI approval recommendation.
src/
app/
api/ # All API route handlers
dashboard/ # Dashboard pages
auth/ # Login / callback
onboarding/ # Onboarding wizard
components/
app/ # Feature components
ui/ # Base UI primitives (shadcn + custom)
lib/
data.ts # Transactions, snapshot, visualization
policy.ts # Policy engine (~1,238 lines)
policy-rules.ts # Rule definitions and DSL
dashboard.ts # Paginated payload builders
reports.ts # Expense report clustering
organization.ts # Org context, roles, onboarding config
backboard.ts # LLM assistant API integration
format.ts # Currency, number, date formatters
file-types.ts # MIME type detection helpers
supabase/ # Browser, server, and middleware clients
hooks/
use-file-upload.ts # Dropzone + upload state
use-json-query.ts # Fetch + cache with refetch
supabase/
migrations/ # SQL migration files
training/
model/ # Python ML anomaly detection models
# Supabase (public)
NEXT_PUBLIC_SUPABASE_URL=
NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=
# Backend secrets
NEXT_BACKBOARD_API_KEY=
NEXT_BACKBOARD_ASSISTANT_ID=
NEXT_BACKBOARD_MODEL_NAME=
NEXT_BACKBOARD_POLICY_DOCUMENT_ID=npm install
npm run devOpen http://localhost:3000.
Apply database migrations via the Supabase dashboard SQL editor or CLI before first use.