runbookify
← All plans
Procurement & Purchasing / Supplier Performance, Risk & Compliance

Approved Supplier List (ASL/AVL) Manager

Maintain who's approved to supply which category or part — at what status, with the qualification evidence and expiry — and gate buying so off-list suppliers are held for a documented exception before anyone purchases.

IntermediateA weekendBuilds onNext.jsSupabaseResend
What you'll build

A web tool where you maintain one current approval status per supplier × category/part (approved, conditional, probation, disqualified) with qualification evidence and an expiry, check a feed of intended purchases against the list, let on-list buys proceed and hold off-list buys for a documented exception, route every status change and exception to the qualification owner for approval, watch expiries on a dashboard, and export the live ASL as CSV.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A Supabase account (free)
  • A Vercel account (free)
  • A Resend account (free)
  • Your current ASL/AVL (a spreadsheet is fine) and a list of intended purchases to check against it (CSV is fine)
  • Claude Code or any AI coding agent

The problem this kills

You have an approved supplier list. On paper. In reality it lives in a spreadsheet that three people edit, an email thread where someone "verbally approved" a vendor last quarter, and the memory of whoever's been here longest. So a buyer in a hurry orders a controlled part from a supplier nobody qualified — or from one you quietly put on probation after a bad lot — and now you have a quality escape, a failed audit finding, or a contract you can't defend.

The list rots in slow motion. A supplier's qualification expires and nobody re-checks it. Someone is "approved" for one category and starts shipping a different one. Performance tanks and the scorecard says "probation" but the buying never stopped. And when the auditor asks "show me this supplier was approved for this part, on this date, with this evidence" — you're reconstructing it from memory.

This is exactly the kind of controlled, evidence-backed gatekeeping a small internal tool does far better than a shared spreadsheet — and you don't need to be a developer to build it.

What you'll build

A simple internal web tool that is the single source of truth for who may supply what. You maintain one current approval status per supplier × category-or-part — approved, conditional, probation, or disqualified — each carrying its qualification date, the evidence behind it, and an expiry for re-qualification. Every change keeps a full history, so you can always show what the status was on any date.

Then you point a feed of intended purchases at it. The tool checks each one against the live list: an on-list, in-status, unexpired supplier proceeds; anything off-list, expired, on probation, or disqualified is held. To release a held purchase, a buyer raises a documented exception — and the qualification owner reviews and decides. Status changes and exceptions are the human gate: AI drafts and flags, a person approves, and only then does the list (or the buy) move. A dashboard shows the live ASL and what's expiring soon, and you can export the whole list as CSV any time.

What's inside the Implementation Plan

The plan is a single file you paste into an AI coding agent. It opens by interviewing you about your business — how your ASL is structured today, whether you approve at the category or the part level, your exact status names and qualification rules, how a "supplier" and a "category/part" are coded in your systems, your purchase volumes, who owns qualification, and your messiest exceptions — and then tailors the data model, the statuses, the validations, and every later step to your answers. This is a build shaped around your approval process, not a generic template.

From there it walks the agent through the database schema, importing your current ASL, the status-change approval workflow with evidence and expiry, the purchase-check engine that decides proceed-vs-hold, the documented exception gate for off-list buys, the dashboard with expiry alerts, and the CSV export. Every step ends with a ready-to-copy prompt. Because the whole thing runs on a spreadsheet/CSV in and a clean CSV out, you can build and use it this weekend even with no connection to your ERP or e-procurement system.

The governance it includes (this is the point)

This decides who is allowed to spend money on controlled parts, so it's built like it matters: login so only your procurement and quality team can use it, row-level security so you only ever see your own organization's data, and a complete audit trail of every status change, check, exception, approval, and export — who did what, and when. Nothing changes the live list automatically: a new or changed approval status is a draft until the qualification owner approves it, and an off-list purchase is held until a documented exception is approved — those are the hard human-in-the-loop gates. Duplicate guards keep exactly one current approval per supplier × category/part (with history), so the same combination can't end up with two conflicting statuses, and the same purchase can't be checked or exception-approved twice.

Who it's for

Procurement and quality leads who are accountable for making sure people only buy from qualified suppliers for controlled categories and parts — and who need the list to be current, evidence-backed, and audit-ready. If you can explain how you decide a supplier is approved for something, you can build this.

You've got this — open the plan, paste the first prompt, and let it interview you about your approval process.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.