runbookify
← All plans
Facilities, Assets & IT Operations / Vendor & Service Contract Tracking

Vendor Onboarding & Compliance Intake

Build an internal tool that collects a new service vendor's full compliance packet - W-9/tax form, certificate of insurance, signed MSA, banking, safety acknowledgments - checks every document for completeness and expiry, and won't mark the vendor Approved-to-work until a manager signs off and the AP setup is exported.

IntermediateA weekendBuilds onNext.js (App Router) on VercelSupabase (Postgres, Storage, Auth + RLS)Resend (invites, reminders, approval notifications)
What you'll build

A login-protected vendor onboarding tool: invite a new vendor, let them securely upload their required documents, run automatic completeness and expiry/coverage checks, route the packet to a manager for a hard approval gate, mark the vendor Active/Approved-to-work, and export an approved-vendor record plus an AP setup CSV - with duplicate guards on tax ID and a complete audit trail.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (and a sender address you can use)
  • A required-document checklist by vendor type (a sheet or CSV)
  • A vendor contacts CSV/sheet (vendor name, tax ID, contact email)

The problem this kills

A new contractor is ready to start Monday. But are they actually cleared to work? Did they send back a signed W-9? Is their certificate of insurance current - and does it carry the coverage limits your policy requires, or does it expire in three weeks? Did anyone ever countersign the MSA? Is their banking info on file so AP can pay them? And is this the same vendor you already set up last year under a slightly different company name?

In most facilities and procurement teams, "vendor onboarding" is a folder of email attachments, a spreadsheet someone updates by hand, and a lot of hoping nothing slipped through. Insurance certificates expire silently. A vendor gets added to the approved list with a missing tax form. Two people set up the same vendor twice with two different vendor IDs. And when an auditor (or your insurer after an incident) asks "show me this vendor was compliant before they ever set foot on site," you're digging through inboxes.

This tool replaces the attachment pile with a clean, enforced intake process - and a record that proves every vendor was complete and compliant before they were ever approved to work.

What you'll build

A small internal web app, just for your team, that:

  • Lets you invite a new vendor by email, tied to a vendor type (e.g., on-site contractor, IT/SaaS vendor, professional services) that decides which documents they must provide.
  • Gives the vendor a secure page to upload their required documents - W-9/tax form, certificate of insurance (COI), signed MSA, banking details, safety acknowledgments - with no login headaches.
  • Runs completeness checks: is every required document for this vendor type present?
  • Runs expiry and coverage checks: flags an insurance certificate that's expired, expiring soon, or below your required coverage limits.
  • Dedupes on tax ID and vendor name so the same vendor can't be onboarded twice.
  • Routes the finished packet to a vendor/procurement manager to review and approve as Active / Approved-to-work - or send it back for fixes.
  • Marks the approved vendor Active and exports an approved-vendor record plus an AP setup CSV in the exact columns your ERP/AP system expects.
  • Keeps a complete audit trail of every invite, upload, check, reminder, approval, and rejection.

What's inside the Implementation Plan

The plan is a single markdown file you paste into Claude Code (a free AI coding agent). It walks the agent through building the whole tool, step by step, each step ending with a ready-to-paste prompt.

The most important part: the plan opens by interviewing you about your business. Before it writes a single line, the agent asks what vendor types you onboard, exactly which documents each type must provide, your insurance coverage minimums and expiry rules, the real field names and codes your ERP/AP system uses, your typical and peak onboarding volume, who approves vendors and on what authority, and your messiest edge cases (a vendor with multiple legal entities, a self-insured vendor, an expired COI on a vendor already working). It reads a short tailored spec back to you, you confirm it, and only then does it build - so you get a tool shaped to your procurement process, not a generic template you have to bend to fit.

Inside you'll find:

  • The discovery interview and how the agent turns your answers into the data model and the per-vendor-type checklist.
  • The full build: database, login, vendor-invite flow, secure document upload to Storage, the completeness + expiry + coverage check engine, duplicate guards, the manager review screen, and the email flow.
  • The hard human approval gate that stands between "documents uploaded" and "Approved-to-work."
  • Verification steps so you can prove it works, and the CSV-export fallback so it's fully usable even before you connect it to your ERP/AP system.

The governance it includes (this is the point)

This isn't a toy. The plan builds in the controls a procurement and finance team actually needs:

  • Login so only your team can see or touch anything.
  • Row-level security so people only ever see the vendors and packets that belong to your organization.
  • A complete audit trail - every invite, upload, completeness check, expiry flag, reminder, approval, and rejection is logged with who and when.
  • A hard human-in-the-loop gate - the AI collects, checks, and drafts, but a real manager must review and approve; no vendor is ever auto-approved to work.
  • Compliance enforced in code - a vendor with a missing document, an expired certificate, or below-limit coverage physically cannot reach "Approved-to-work."
  • Duplicate guards on tax ID and vendor name so the same vendor can't be set up twice.

Who it's for

Procurement teams, vendor managers, facilities managers, and AP/finance folks who keep onboarding service vendors out of an inbox and a spreadsheet - and who want a real, auditable intake tool without hiring a developer or buying a heavyweight vendor-management platform. You don't need to write code. You need your document checklist, your vendor contacts, and an afternoon-to-a-weekend.

You've got this - paste the first prompt and let the agent interview you.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.