Infra Vendor Service · v0
Welcome
Select a document from the sidebar to read it.
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
Added
- None
Changed
- None
Fixed
- None
[Release 3 — Source-to-Pay] - 2026-06-06
Source-to-pay control read models plus vendor CSV bulk import. All read models
are read-only, tenant-scoped (tenant taken from the request context), and
deterministic (no persistence, no side effects); each is wrapped in a
{"success":true,"data":{...}} envelope and requires the reports:read
permission.
Added
- Per-vendor risk read model —
GET /api/v1/vendor-risks/{vendor_id}. A
deterministic 0–100 score (higher is safer) with a coarse band
(low/medium/high/unknown) and an explainable component breakdown
(payment, matching, ESG, and a one-way spend-anomaly signal). Returns 404 when
the vendor does not exist in the caller's tenant; cross-tenant access is hidden
as 404 (not 403). - Three-way-match facts read model —
GET /api/v1/matching-facts.
Tenant-wide match status distribution, exception rate, pending /
payment-ready / approval-required counts, and the open (unresolved)
discrepancy backlog by severity and type. - PO / requisition readiness read model —
GET /api/v1/procurement-readiness.
Tenant-wide requisition status distribution with approval/conversion backlog,
and purchase-order status distribution with approval/open/overdue counts. - AP / payment controls read model —
GET /api/v1/payment-controls.
Tenant-wide payment-request status breakdown with in-flight and failed
exposure, outstanding / overdue payable exposure, and top-vendor concentration
(top 10) by outstanding payable amount. - Vendor CSV import —
POST /api/v1/vendors/import/preview(read-only
validation, persists nothing) andPOST /api/v1/vendors/import/commit(atomic,
all-or-nothing insert). Both requirevendor:create. Rows are validated with
the same domain rules asPOST /api/v1/vendors; commit is idempotent on
vendor_code(existing codes are skipped) and rejects with 400 if any row is
invalid. - Import-batch ledger — committed imports are recorded in
import_batches
(migration000034) keyed by a SHA-256 content hash of the uploaded bytes,
with an optionalIdempotency-Key. A byte-identical re-upload replays the
recorded outcome (created=0,skipped=total_rows) without re-inserting;
ledger recording is best-effort and never fails an otherwise-durable import.
Changed
payment_requestsandinvoicesare now tenant-isolated (migration000033),
closing the gap left by000032for the accounts-payable / matching / payment
subsystem.
v0.2.0 - 2026-02-11
Added
- None
Changed
- None
Fixed
- None