About

ezypayr standardises the flow invoice → validate → post → (pay) → reconcile at the invoice object. We prioritise protocols over platforms, perform validation at the edge, and emit signed PSP-1 receipts for a tamper-evident audit trail. Comprehensive docs are available: Protocol + Developer Implementation Guide, draft OpenAPI v1, fixtures/goldens, and sample receipts. Goal Build a demo-grade MVP that ingests/scans a signed invoice, runs deterministic validations (AU-GST + UBL/PEPPOL), posts exactly once into a ledger (Xero first), and returns signed receipts. Target p95 scan→post ≤ 1.8 s, ≥ 99.5% success, ≤ 1% exceptions on fixtures. Scope (Modules) Encoder/Decoder: Canonical JSON; payload hashing (SHA-256/base64url); Ed25519 signing/verification. Edge Validator: Execute AU-GST + UBL/PEPPOL rulepacks; output rationales (codes, levels, citations, suggestions). 3D Barcode Path: QR/Data Matrix encode/decode with compression, segmentation and error correction; desktop + CLI. Ledger Adapter (Xero v1): Deterministic Idempotency-Key (invoice hash ∥ mapping fingerprint), post, handle 409/echo-hash, webhook reconciliation. Receipts (PSP-1): Emit invoice.validate and ledger.post receipts with versions, timestamps and chain fields. CLI + Minimal UI: “Scan → Validate → Post” happy path; exception view surfacing rationale codes; structured logs/metrics. Deliverables Private repo with source; CI executing fixtures/goldens. Working CLI and minimal web UI. Signed PSP-1 receipts verifiable with provided verifier. OpenAPI-aligned endpoints/webhooks (or proof against spec). Short deployment notes (.env, scripts) and mapping notes for Xero. Weekly written updates (async only). Acceptance Criteria Performance: p95 scan→post ≤ 1.8 s; validator p95 ≤ 750 ms. Reliability: ≥ 99.5% pass on “valid” fixtures; ≤ 1% exceptions; duplicate suppression ≤ 0.1%. Determinism: identical rationale digests across runs; stable receipts. Security/Integrity: TLS, Ed25519, JWKS key discovery; webhook JWS/HMAC verification. Idempotency: exactly-once semantics per spec; correct 409 handling. Documentation: README per module; test commands. Tech Preferences (justify alternatives if differing) Backend: TypeScript/Node (Fastify/Express) or Go (Gin/Fiber). Crypto: libsodium/tweetnacl (Ed25519). Barcode: production-grade QR/Data Matrix library with M/N EC. Storage: metadata only (hashes, receipts, mappings); no raw invoice payloads. Xero: official SDK + sandbox with idempotency. We Provide Protocol + Guide, OpenAPI v1 + Postman, fixture corpus with golden receipts, Acceptance Pack example, sample rulepacks (AU-GST, UBL/PEPPOL). Milestones (indicative 4–5 weeks) M1: Encoder/Decoder + receipt skeletons. M2: Validator + rationales. M3: 3D barcode + CLI. M4: Xero adapter + idempotency + webhooks. M5: Hardening (perf, logging, Acceptance Pack) & handover. Non-Functional Deterministic builds (pinned deps, SBOM preferred); structured, PII-minimal logging (invoice_hash, receipt_id, correlation_id); unit + conformance tests; webhook signature tests; adapter fault injection; accessible UI basics. Proposal Template (what to send back) Work plan & timeline per module (hours/cost, earliest start). Relevant experience (crypto/receipts, barcodes, accounting/PSP integrations) with 1–2 links. Libraries & licences to be used. Assumptions & dependencies (what you need from us, when). Top 3 risks + mitigations. Fixed price or capped T&M with milestone payments. Example of deterministic testing you’ve shipped (fixtures/goldens, CI). Comms & Ways of Working Asynchronous only (platform thread). Small PRs; CI green before merge. We may run independent security/conformance checks before final payment.