Skip to main content

BizOSaaS Master Platform Reference

Consolidated: April 2026
Replaces: PLATFORM_OVERVIEW.md, PORTAL_POLISH_PLAN.md, PRD.md, enterprise_security_plan.md, ROADMAP_PHASE_2.md

1. Executive Summary & Core Objectives

BizOSaaS is a multi-tenant, AI-native SaaS platform designed to empower businesses with advanced analytics, automated marketing, comprehensive CRM/CMS tools, and algorithmic trading capabilities.

Core Objectives:

  1. Multi-Tenancy & RBAC: Secure data isolation and resource management for multiple clients. Granular Role-Based Access Control (Super Admin, Platform Administrator, Tenant Client, Partner).
  2. AI-First Engine (Hybrid Automation): Utilizing CrewAI, LangGraph, and BullMQ to power a self-driving AI workforce orchestrating marketing, support, and sales.
  3. Data Flywheel: Continuous improvement of LLMs through interaction logging and automated fine-tuning.
  4. Subscription & Token Economics: AI usage is governed by a unified token economy and subscription tiers, capable of pausing workflows automatically when balances are depleted (with grace period controls for admins).

2. High-Level Architecture

  • Frontend Portals: Next.js (Admin Dashboard, Client Portal, Business Directory: directory.bizoholic.com, thrillring.com).
  • CMS & Unified Headless: Payload CMS v3 (Headless, replaces Wagtail). All content, media, and brand guidelines are managed here.
  • Design System ("Antigravity v2 - Air Edition"): High-contrast minimalist UI. Features dynamic whitelabeled theming (Light/Dark mode) localized per tenant.
  • Brain Gateway: FastAPI-based central orchestrator handling core AI logic and multi-agent routing.
  • Background Orchestration: BullMQ (Self-Hosted via Redis) manages job queues and autonomous agent loops.
  • Authentication: Better Auth with Next.js, supporting Multi-Factor Authentication (MFA/TOTP) and Social Logins.
  • Persistence: PostgreSQL (Neon with PostGIS/pgvector for RAG), Redis.

3. Security & Access Management (Enterprise Grade)

Goal: Zero Trust / SOC2 Type II Compliance.

  • Infisical (Self-Hosted): Centralized secret management. No hardcoded credentials.
  • Row Level Security (RLS): Enforced via PostgreSQL policies USING (tenant_id = current_setting('app.current_tenant')) ensuring strict tenant data isolation.
  • Authentication Policies:
    • Mandatory MFA for Super Admin and Partners.
    • Just-In-Time (JIT) access workflow for temporary support debugging.
  • Payment & Subscriptions: Stripe integration governs access. If a subscription lapses, tenant data is frozen but not deleted. Admins dictate "grace periods" covering AI token overdrafts.

4. The AI Workforce & Agent Catalog

The platform utilizes 31 Specialized AI Agents integrated via the Brain Gateway:

  • CRM / Growth Agents: Reactivation Agent, Social Proof Agent, Blogger/SEO Agent, Lead Scoring, Engagement, Enrichment, Pipeline.
  • E-Commerce & CMS Automation: Agents autonomously analyze keywords, write posts, manage product listings (Amazon/Shopify/WooCommerce), and generate media. Includes Reasoning Trace (visual proof of agent logic) and Revenue Attribution (financial attribution for autonomous actions).
  • Documentation Agent: Automatically maintains internal architecture documentation.
  • Financial Intelligence: Saathi CFO (Personal Finance) and QuantTrade (Algorithmic Trading & ROI Attribution).
  • Governance & Security: BizBot Sentinel for moderation and real-time threat scanning. Includes a Tenant Kill-Switch for emergency suspension.

5. Frontend & UI Standardization Requirements

All portals (Admin and Client) must strictly adhere to the following UI features to ensure total platform cohesion:

  1. Dynamic Preferences: Every page must load the getTenantPreferences() API for accurate localization (Currency, Date Format, Time Format). Hardcoded $ or symbols are strictly forbidden.
  2. Theme Visibility: Total strictness regarding Light vs. Dark mode. Tailwind classes must pair light and dark equivalents (e.g. text-slate-900 dark:text-white).
  3. Conversational HITL (OpenClaw): The primary mechanism for the Human-in-the-Loop workflow. Clients use the OpenClaw messenger widget (or mobile Telegram/Whatsapp integration) to approve or modify agent proposals via natural conversation.
  4. Mobile PWA Standards: The mobile web experience must include a static bottom navigation bar anchored by the "BizBot" conversational interface to mimic a native app experience.

6. Implementation Roadmap & Status

✅ Completed Milestones

  • Phases 0–19: Core architecture, Infisical migration, social logins, Vercel tracking removal, OpenClaw chat bridge, and algorithmic trading agents (Quanttrade).
  • Phases 20–28: EspoCRM Self-Hosted gateway, advanced onboarding flows, media asset generation, and foundational BullMQ queues.
  • Phase 4: Setup of the Autonomous AI Workforce Scheduler (marketing.worker.ts).
  • Phase 15 (Launch Security): Implementation of dynamic cross-subdomain authentication cookies, Argon2 secure encryption, TOTP MFA, and Phase 3 Security Sentinel upgrades (Redis sliding window brute-force/anomaly detection, gateway inspect sanitization filter, background SLA auditing quarantine, auto-remediation task loops).
  • GTM Automation (Phase 22): Completed programmatic container generation, automatic GA4 Configuration tag creation/provisioning, and zero-touch magic onboarding flow persistence in Payload CMS.
  • Infrastructure Security: Rollback to secure snap, disabling host Nginx rogue elements, Cloudflare proxy IP gating in UFW, and master Dokploy API credentials rotation.

🟡 Active Development (Phase 5: Consolidation & UX)

  • UI & Portal Polish: Fixing Admin layout links, standardizing the Tenant Table, and applying localization.
  • Agent Command Center: Constructing /admin/agents to monitor and orchestrate the workforce.
  • Unified Client Tasks: Building the Client Activity Feed with Reasoning Graph visualizations.
  • E-Commerce Completeness: Wiring complete Stripe checkouts and Payload CMS inline previews.

🚀 Future Roadmap (Phase 20+)

  • Phase 20: Advanced ROI Attribution: Linking agent tasks directly to CRM revenue and financial snapshots.
  • Phase 21: Autonomous Governance: Implementing the Emergency Kill-Switch and per-tenant worker suspension.