Module 8 — B2B Agency Portal
Partner self-service booking channel · Search · Book · Modify · Pay · Documents · Statements
Base ScopeWorkshop 2
Functional Requirements
M8-FR-001Real-time product search with availability, pricing, and departure filtering. Prices must reflect the authenticated agency's pricing tier (Gold/Silver/Standard) from M2 pricing engineMUST
M8-FR-002Booking creation flow: product selection, passenger data entry, service configuration, availability revalidation at submission, booking reference generationMUST
M8-FR-003Booking modification: hotel change, date change, service add/remove — with automatic repricing visible to agency before confirmationMUST
M8-FR-004Booking cancellation with automatic fee calculation displayed before submission. Credit note issued automatically to agency accountMUST
M8-FR-005Agency dashboard: account balance, credit limit usage, deposit status, all bookings list with status filter, payment historyMUST
M8-FR-006Document access: download all issued documents (confirmation, vouchers, invoices, credit notes) per booking from agency portalMUST
M8-FR-007Commission visibility: agency can see their commission rate per booking, pending commissions, and settled commissions statementMUST
M8-FR-008Sub-agent access management: agency admin can create sub-agents with configurable permissions within the agency's own access levelSHOULD
M8-FR-009Portal announcements / news feed: operator can push SPOs, stop-sales, contract updates, and general notices to agency portalMUST
M8-FR-010Messaging: agency can send messages linked to specific bookings. Centralized, auditable message history. AI-assisted classification of operational messagesSHOULD
M8-FR-011Payment: agency can apply balance from their account or initiate new payment via configured payment methods directly from the portalMUST
M8-FR-012Multilingual portal: UI and all content configurable per agency market. Arabic RTL and English LTR supported simultaneouslyMUST
Portal Is the Public Face of Workshop 1: M8 is a consumer of M1 (availability), M2 (pricing), M4 (bookings), M5 (payments), M12 (documents). Any bug in the backend modules will surface visibly here. Integration testing between M8 and all Workshop 1 modules is critical.
Pricing Tier Sync: The Gold/Silver/Standard tier system must be fully defined (see Workshop 1 open item) before M8 search results can be implemented correctly. The portal must display the right price for the authenticated agency on every product in real-time.
Module 9 — CRM (B2B & B2C)
Unified CRM for agencies (B2B) and end customers (B2C) · Profiles · Segmentation · GDPR
Base Scope
B2B Agency CRM Requirements
M9-FR-001Agency profiles: company details, contacts, tier classification, credit limit, commission structure, market segment, assigned account managerMUST
M9-FR-002Agency performance tracking: booking volume, total value, conversion rate, payment reliability score, revenue trend over timeMUST
M9-FR-003Agency segmentation: group agencies by market, tier, region, performance bracket for targeted communications and promotionsMUST
M9-FR-004Triggered communications: automated email/SMS on agency account events (new credit, statement ready, booking confirmation) — requires client-provided email/SMS credentialsSHOULD
B2C Customer CRM Requirements
M9-FR-005Customer profiles: personal data, booking history, preferences (cabin type, dietary, language), travel dates, total spendMUST
M9-FR-006Customer preferences and consent: opt-in/opt-out per communication channel, preference history, marketing consent timestampsMUST
M9-FR-007GDPR tooling: consent management, data export on request (right of access), data deletion on request (right to erasure), full audit log of consent eventsMUST
M9-FR-008Customer communication: triggered emails/SMS for booking lifecycle events. Template-based, multilingual, branding-consistentSHOULD
GDPR Compliance — Market Specifics: The client must clarify which markets they operate in. GDPR applies to EU customers. Are there non-EU markets with different data regulations (e.g., GCC data residency requirements)? The consent management model must cover all active markets from launch.
Email/SMS Credentials: Triggered communications (M9-FR-004, M9-FR-008) are conditional on the client providing API credentials for an email provider (SendGrid, Mailgun, etc.) and SMS gateway. Without these, the system can generate the notifications but cannot send them.
Module 10 — Tasks & Internal Control
Internal workflow engine · Task tracking · State machine · Escalations · Cross-module integration
Base Scope
Functional Requirements
M10-FR-001Manual task creation: title, description, assignee, priority (Critical/High/Normal/Low), due date, linked entity (booking/contract/agency)MUST
M10-FR-002Auto-created tasks from system events: payment due → Finance task; release date approaching → Ops task; booking modification → review task. Configurable per event typeMUST
M10-FR-003Workflow builder / state machine: configurable status flows per task type, required approval steps, role-based permissions per transitionMUST
M10-FR-004Escalation engine: auto-escalate overdue tasks to supervisor. Configurable escalation timing and escalation chain per task categoryMUST
M10-FR-005Task progress tracking: percentage complete, activity log, comments, file attachments per taskMUST
M10-FR-006Cross-module integration: tasks linked to bookings (M4), contracts (M1), payments (M5), and suppliers. Context visible within the task without switching modulesMUST
M10-FR-007Task reporting: open tasks per team, overdue tasks report, task completion rate, average resolution time per categoryMUST
M10-FR-008Notifications: in-app alerts and email notifications on task assignment, status change, approaching due date, and escalation triggersMUST
Auto-Task Mapping Is Critical: The power of M10 comes from automatic task creation triggered by events across all modules. Get the full list of events that should auto-create tasks during the workshop — this defines the workflow intelligence of the entire platform.
Module 11 — Mobile Applications (Tourist & Guide)
Flutter iOS & Android · Tourist App (itinerary, vouchers) · Guide App (check-in, operations)
Base Scope
CRITICAL: Mobile Architecture & Offline Capability
The scope states Flutter for mobile (iOS + Android). Module 11 requires QR vouchers that work offline (tourists may be in areas without connectivity) and QR-based check-in for guides. These offline requirements must be explicitly confirmed and scoped during Workshop 2 — they significantly affect development complexity beyond a standard online-only mobile app.
The scope states Flutter for mobile (iOS + Android). Module 11 requires QR vouchers that work offline (tourists may be in areas without connectivity) and QR-based check-in for guides. These offline requirements must be explicitly confirmed and scoped during Workshop 2 — they significantly affect development complexity beyond a standard online-only mobile app.
🧳 Tourist App Features
M11-FR-001Live trip itinerary: day-by-day schedule, times, locations, guide contactMUST
M11-FR-002Digital vouchers with QR codes: scannable offline-capable vouchers per serviceMUST
M11-FR-003Real-time trip updates: push notifications for schedule changes, alerts, announcementsMUST
M11-FR-004Destination information: local tips, maps, emergency contacts, FAQsSHOULD
M11-FR-005Support chat with operations team (if scoped in base spec)CONDITIONAL
🎧 Guide App Features
M11-FR-006Group passenger list with full manifest: names, cabin/room assignments, special needsMUST
M11-FR-007QR-based passenger check-in: scan vouchers to confirm boarding. Real-time sync to operations dashboardMUST
M11-FR-008HQ messaging: two-way communication with operations team. Messages linked to active tripMUST
M11-FR-009Expense reporting: guide can submit trip expenses for approval directly from appSHOULD
M11-FR-010Post-tour reporting: guide submits trip summary, issues log, feedback on completionSHOULD
Offline Capability: Tourist vouchers (M11-FR-002) must work offline — tourists at remote locations may not have data connectivity. QR codes must be cached locally on device after first load. This is a non-trivial technical requirement that increases Flutter development complexity and must be explicitly confirmed in scope.
Module 12 — Document Management & E-Signature
Central document repository · Versioning · Auto-generation · E-sign workflows · DocuSign/HelloSign
Base Scope
E-Sign: Conditional
Functional Requirements
M12-FR-001Central document storage: all platform documents stored in S3/MinIO with organized folder structure per booking, agency, contract, and document typeMUST
M12-FR-002Document versioning: every document update creates a new version. Previous versions retained and accessible. No document is ever permanently overwrittenMUST
M12-FR-003Template management: multilingual document templates configurable per document type, per company, per market. RTL and LTR layout supportMUST
M12-FR-004Auto-generation triggers: documents auto-generated on M4 status changes (Confirmation on CONFIRMED, Vouchers on PAID, Invoice on payment receipt)MUST
M12-FR-005E-signature workflow: send document for signing → recipient signs digitally → signed PDF returned and stored → audit trail records completion with timestamp and signer identitySHOULD
M12-FR-006DocuSign / HelloSign integration — conditional on client providing API credentials and agreeing to third-party subscription costsCONDITIONAL
M12-FR-007Document access control: RBAC determines who can view, download, delete, and share each document type. Agency can only access their own documentsMUST
M12-FR-008Audit trail: log every document access, download, share, and modification with user identity and timestampMUST
M12-FR-009Search and filter: find documents by booking ref, agency, date range, document type, status. Full-text search across document metadataMUST
E-Signature Decision Required Today: DocuSign and HelloSign integration is conditional on client credentials AND the client agreeing to ongoing subscription costs (DocuSign starts at ~$25+/month, enterprise plans significantly higher). This must be confirmed today. If not confirmed, M12 delivers document storage and auto-generation only — e-sign is added later via Change Request.
Non-Functional — Workshop 2 Specific
Additional NFRs for Today's Modules
Mobile Offline
QR Vouchers Must Work Offline
Tourist vouchers cached locally on device. Check-in scanning must function without active data connection
GDPR
Data Subject Rights
System must support data export on request (right of access) and data deletion on request (right to erasure) per GDPR-oriented tooling scope
Document Storage
Document Retention Policy
Retention period per document type to be confirmed with client — financial documents and contracts have different regulatory requirements
Mobile Performance
App Responsiveness
Performance targets for the Flutter apps to be defined during Workshop 2 based on target device range and network conditions
CRM Privacy
Data Minimization
Only collect and store customer data fields that have a defined business purpose. Consent required per communication channel
Portal Security
Session Management
Agency portal session timeout and JWT refresh token expiry to be defined per client security policy during Workshop 2