This document is the interactive follow-up to the Marassi technical proposal. It addresses the three items raised in your review:
Step-by-step operational flows for every module, with interactive flow diagrams and live simulators you can click through.
Written confirmation that the solution covers every item in scope — including chatbot, access control, handover, and advertisements.
Complete infrastructure specification on Microsoft Azure: services, VMs, OS, storage, and licenses.
How to use this document: click any workflow card to expand it. Each workflow includes a flow diagram and an interactive simulator. Try the simulators — they walk through each step as a real user would experience it. The Delivery Roadmap shows how each module maps to Phase 1, 2, 3, or 4 across the agreed 4-month timeline.
Each workflow below has three parts: a flow diagram showing the operational steps, an interactive simulator that walks through them, and notes on actors and exception paths.
Trigger: Resident identifies a maintenance issue (plumbing, AC, electrical, cleaning, pest control).
Trigger: Resident expects a visitor and pre-authorizes their gate entry.
Trigger: New resident scheduled to move in (or existing resident moving out).
Same five steps in reverse, with Step 5 replaced by deposit reconciliation: deductions itemized, balance refunded, resident e-signs final settlement.
Trigger: Monthly automated billing run on the 1st (or manual run by finance admin).
Trigger: Resident wants to book an amenity (pool, padel court, function hall, etc.).
Admin defines each facility's capacity, operating hours, fees, booking window, blackout dates, and max bookings per resident per week. Override blocks can be set for community events.
Trigger: Community admin needs to broadcast information (maintenance notice, event, urgent alert).
Trigger: Community partner or internal shop wants to promote an offer to residents.
Trigger: Resident has a question or needs help.
Quick replies for common topics (bills, requests, visitors), intent matching against a curated library, deep-linking to relevant app screens, and seamless handoff to a live agent during business hours.
Optional upgrade to LLM with Retrieval-Augmented Generation over the community knowledge base — free-form questions in English and Arabic. Not in the initial 4-phase scope.
Trigger: Any person or vehicle attempting to enter the community or a restricted area.
Tap NFC card or phone at the gate reader — gate opens automatically. Most practical method for everyday resident entry.
Pre-authorized QR scanned at gate; on successful validation the gate opens automatically. Host notified instantly.
ANPR (license plate) cameras grant automatic gate entry for registered plates — no action needed.
Pre-registered by admin with time-bound NFC card and work hours.
NFC tap at amenity entry; booking system integration for halls and courts.
Unannounced deliveries and exceptions handled by security with photo capture; entry only after resident approval.
Every entry and exit is logged with timestamp, identity, gate, and method (card/QR/ANPR/manual). Daily, weekly, and monthly reports are available to admin. Filterable search: "all entries by Unit 24 last week," "all unrecognized vehicles this month."
We hereby confirm in writing that the proposed solution fully covers every functional area in the agreed scope of work. The matrices below provide a module-by-module mapping. Explicit confirmation for the four items raised — chatbot, access control, handover, advertisements — is highlighted.
| Scope Item | Solution Coverage | Status |
|---|---|---|
| Home Dashboard | Personalized home with quick actions, counters, bottom tab navigation. | Phase 1 |
| Service Requests | Full lifecycle: submit with media, track status, in-app chat, rate. | Phase 3 |
| Facility Bookings | Calendar booking, rules engine, cancellation policy, optional payment. | Phase 3 |
| Visitor Access Control ✱ | QR via WhatsApp/SMS/email, real-time validation, revoke, history. | Phase 3 |
| Bills & Payments | Card, Apple/Google Pay, Benefit Pay; 3DS; PDF receipts; history. | Phase 4 |
| Announcements | Filterable feed, rich content, acknowledgment tracking. | Phase 2 |
| Surveys & Feedback | Multi-question, anonymous mode, live results, export. | Phase 4 |
| Community Info | Emergency contacts, directory, shops, rules. | Phase 2 |
| Advertisements ✱ | Sponsored offers, partner analytics, multiple revenue models. | Phase 4 |
| Profile & Settings | Household, vehicles, notification preferences per channel. | Phase 2 |
| Unit Handover ✱ | 5-step digital: documents → inspection → report → e-sign → keys. | Phase 4 |
| AI Assistant ✱ | Rule-based assistant with quick replies and live agent handoff. | Phase 4 |
| Arabic Localization | RTL layout, full Arabic translation. | Post-launch |
| Scope Item | Solution Coverage | Status |
|---|---|---|
| Service Provider App | Job queue, accept/decline, status updates, chat, schedule, performance. | Phase 3 |
| Security & Gate App ✱ | QR scanner, NFC tap, auto-open, visitor list, manual entry, incident reporting. | Phase 3 |
| Facility Manager App | Operations dashboard, assignment, handover scheduling, team view. | Phase 3 |
| Scope Item | Solution Coverage | Status |
|---|---|---|
| Dashboard | KPI cards, activity feed, alerts. | Phase 1 |
| Residents Management | CRUD, documents, status, bulk import, messaging. | Phase 2 |
| Units & Properties | Inventory, floorplans, occupancy, lease tracking. | Phase 2 |
| Handover Management ✱ | Schedule, approve, audit, deposit reconciliation. | Phase 4 |
| Service Requests | Queue, assignment, SLA tracking, performance. | Phase 3 |
| Facility Bookings | Calendar, conflicts, rules, revenue. | Phase 3 |
| Visitor Access ✱ | Live log, revoke, incident reports, audit trail. | Phase 3 |
| Billing & Invoices | Invoice runs, reconciliation, refunds, dunning. | Phase 4 |
| Announcements | Compose, target, schedule, analytics. | Phase 2 |
| Surveys | Create, monitor, export. | Phase 4 |
| Providers & Shops ✱ | Onboard partners, manage directory, manage offers. | Phase 4 |
| Analytics & Reports | Custom reports, CSV/PDF export, email digests. | Phase 4 |
| Item | Confirmation | |
|---|---|---|
| Chatbot | Fully in scope. Rule-based assistant with quick replies, intent matching, and live agent handoff — delivered in Phase 4. Workflow: § A.8. | |
| Access Control | Fully in scope. Resident access (ANPR, NFC tap with auto-open), visitor access (QR auto-open), vendor access (pre-registered), amenity access, incident management — delivered in Phase 3. Workflow: § A.9. | |
| Handover | Fully in scope. 5-step digital handover with e-signature, mirrored move-out, and deposit reconciliation — delivered in Phase 4. Workflow: § A.3. | |
| Advertisement | Fully in scope. Sponsored offers, internal promotions, redemption tracking, partner analytics, multiple revenue models — delivered in Phase 4. Workflow: § A.7. | |
A 4-month sequential plan. Each phase must complete before the next begins — no parallel work, no skipped foundations. Mobile app and web admin portal advance together within each phase.
Working infrastructure on Azure across dev, staging, and production. Both apps log in successfully.
Residents can use the app every day. Admins can manage residents and broadcast announcements.
Core operational workflows go live: services, visitors with auto-open gate, NFC tap, facility bookings.
Money, contracts, partners, polish. Hardening and go-live on App Store + Play Store.
Environment setup in Phase 1 is the most-skipped, most-regretted part of any project. We do it properly once so every later phase deploys cleanly.
You cannot bill before you can identify residents (Phase 2). You cannot take payment before the system can issue invoices (Phase 4). Dependencies dictate order.
At the end of each phase the client sees real working pieces — not a black box for 4 months followed by a single demo.
One month per phase is honest. Compressing it to "do everything in parallel" produces bugs that cost more time to fix than they saved.
| Week | Backend | Mobile App | Web Admin |
|---|---|---|---|
| Week 1 | API contracts + DB schema for the phase | UI design + navigation hookup | UI design + page routing |
| Week 2 | Endpoint implementation + tests | Screen build + state wiring | Page build + data tables |
| Week 3 | Integration with external services | API integration + offline handling | API integration + bulk actions |
| Week 4 | Bug fixes + performance | QA + polish + staging deploy | QA + polish + staging deploy |
End of every month: phase complete, deployed to staging, client review, sign-off, then next phase begins.
Complete Microsoft Azure infrastructure specification: services, virtual machines, operating systems, licenses, storage, and managed services. The architecture is cloud-agnostic; equivalent designs exist on AWS or other providers.
| Resource | SKU | Specs | Count | Purpose |
|---|---|---|---|---|
| App Service Plan (API) | Premium v3 (P1v3) | 2 vCPU, 8 GB RAM, Linux | 2 instances | Node.js API, auto-scale |
| App Service Plan (Workers) | Premium v3 (P1v3) | 2 vCPU, 8 GB RAM, Linux | 1 instance | BullMQ background workers |
| App Service (Admin SPA) | Standard S1 | Shared | 1 | React admin portal |
| Application Gateway | WAF_v2 | Zone-redundant | 1 | Regional load balancer + WAF |
| Azure Front Door | Standard | Global | 1 | Edge caching, global routing |
| Resource | SKU | Specs | Count | Purpose |
|---|---|---|---|---|
| Azure DB for PostgreSQL | GP D4ds_v5 | 4 vCore, 16 GB RAM, 256 GB SSD | 1 + 1 replica | Primary DB, HA enabled |
| Azure Cache for Redis | Standard C2 | 2.5 GB | 1 (replicated) | Sessions, queues, hot cache |
| Azure Blob Storage | Standard LRS, Hot | Pay-per-use | 3 containers | Photos, receipts, documents |
| Azure Blob Storage | Cool / Archive | Pay-per-use | 1 container | Long-term log archive |
| Resource | Tier | Purpose |
|---|---|---|
| Azure Key Vault | Standard | Secrets, certificates, encryption keys |
| Microsoft Entra ID | P1 | Admin SSO, MFA, Conditional Access |
| Azure WAF | Included with App Gateway | OWASP Core Rule Set |
| Azure DDoS Protection | Basic / Standard | DDoS mitigation |
| Defender for Cloud | Standard | Threat detection, posture management |
| Component | OS / Runtime | Notes |
|---|---|---|
| App Service (API + Workers) | Linux (Ubuntu 22.04 via PaaS) | Managed by Azure, no patching |
| PostgreSQL | Azure-managed Postgres 16 | Minor versions auto-applied |
| Redis | Azure-managed Redis 7.x | No OS access needed |
| Node.js | 20 LTS | On App Service Linux |
Azure follows consumption-based pricing — most services are pay-as-you-go with no upfront license fees. The architecture uses only Linux-based managed services, eliminating Windows Server CALs, SQL Server licensing, and OS license management overhead.
| License | Required For | Type |
|---|---|---|
| Azure subscription | All Azure resources | Pay-as-you-go or Enterprise Agreement |
| Microsoft Entra ID P1 | Staff SSO + MFA | Per user / month subscription |
| PostgreSQL engine | Database | Included in Azure pricing — no separate license |
| Linux OS | App Service, VMs | Included in Azure pricing |
| Windows Server / SQL Server | Not required for this architecture | — |
| SSL Certificates | Custom domains | App Service Managed Certs — free |
Azure data centers in UAE, Qatar, and South Africa, with explicit support for GCC data residency requirements.
Integrates with Microsoft 365, Dynamics, and Power BI if Marassi's back office uses Microsoft tools.
Azure DB for PostgreSQL is production-grade with excellent HA, backup, and PITR.
Enterprise Agreement and Reserved Capacity options are available for organizations seeking longer-term commitments.
ISO 27001, SOC 2, PCI-DSS, GDPR, HIPAA, and regional standards (UAE, Bahrain) all certified.
The same logical architecture replicates on AWS or other clouds if requirements change.