UBLGenie
An invoice processing application owned by the Back-to-code alliance. Handles invoice intake via email webhooks, PDF/XML document analysis via Azure Cognitive Services, UBL format conversion, and Logic4 ERP integration.
Tech Stack
- Backend: Laravel 12, PHP 8.4
- Frontend: Vue 3, TypeScript, UnoCSS
- Database: MySQL (multi-tenant via branches)
- Hosting: Fly.io
- Default branch:
development
Compliance
UBLGenie operates under ISO 27001 certification and AVG (Dutch GDPR) — the highest compliance burden of any territory. Patterns established in Kendo (audit logging, soft deletes, data classification) serve as blueprints, but AVG adds data subject rights (access, rectification, erasure, portability) and lawful basis tracking that go beyond ISO 27001 alone.
Architecture Overview
UBLGenie follows the standard Action pattern — final readonly action classes with a single execute() method, DTOs for type safety, and Form Requests for validation. The pipeline is:
Controller → FormRequest → DTO → Action → ModelInvoice processing runs through a service layer (ProcessService) that orchestrates document analysis, UBL conversion, and downstream ERP posting. Actions handle each lifecycle state transition (successful / failed / awaiting-approval / reposted) with hash-chained audit entries.
Multi-tenancy uses the branch concept — one database, scoped data per branch. Each tenant gets its own approvers, credentials, and invoice queue.
Key Decisions
| Decision | Status | Impact |
|---|---|---|
| Audit Logging | Accepted | Hash-chained per-entity audit tables across user/auth/branch/credential/invoice |
| Cascade Deletion | Accepted | Explicit deletion, no database cascading |
| Action Class Architecture | Accepted | final readonly Actions with single execute() |
| FormRequest → DTO Flow | Accepted | Type-safe pipeline enforced by arch tests |
| Config Attribute Injection | Accepted | #[Config] attribute for all config access |
| Explicit Model Hydration | Accepted | No $fillable/$guarded; explicit property assignment in Actions |
| Input/Result DTO Split | Accepted | Input/ and Result/ namespaces split by Action-boundary role |
External Integrations
- Azure Cognitive Services — PDF/XML document analysis for invoice data extraction
- Logic4 ERP — downstream posting of approved invoices
- Email webhooks — invoice intake via inbound mail
Every external HTTP call carries an explicit ->timeout() per Doctrine Principle #8.
Collaboration
The Commander has admin access; other collaborators are allies within the Back-to-code alliance. Tactical decisions require negotiation-grade documentation.