AI-powered business management dashboard for small businesses — manage inventory, track sales, record expenses, and get intelligent insights.

InsightOS is a full-stack business analytics platform built for small business owners who want to move beyond spreadsheets. It combines inventory management, sales tracking, expense monitoring, and AI-driven insights into a single modern dashboard.
The AI assistant (powered by Groq) analyzes your real business data and provides actionable recommendations — from identifying your top-selling products to spotting expense trends.
Supported languages: English & Bengali
- Product CRUD with name, category, price, and stock tracking
- Low stock alerts with configurable thresholds
- Search and category-based filtering
- Paginated product listings + paginated low-stock endpoint
- Record sales with automatic total calculation
- Atomic stock management via MongoDB transactions
- Sales analytics: revenue, quantity, top products, daily trends
- Filter by date range and product
- Track expenses across 8 categories (rent, salary, utilities, marketing, supplies, transport, maintenance, other)
- Expense summaries with category breakdown and daily trends
- Filter by category and date range
- Chat with an AI that has access to your real business data
- Get insights on revenue, expenses, profit margins, and inventory
- Multi-turn conversation support with streaming responses
- Powered by Groq (fast inference via Llama 4 Scout)
- Optional Google Search grounding for real-time data
- Consolidated dashboard API endpoint (
GET /api/dashboard)
- Real-time revenue, expense, and profit metrics
- Revenue & expense trend charts
- Top products ranking & category breakdown
- Recent sales & expenses at a glance
- Low stock product alerts
- Avatar upload with automatic file cleanup
- Email verification flow
- Password reset (forgot/reset)
- Admin user listing endpoint
- Destructive action confirmation (
{ "confirm": true })
- JWT authentication with dual httpOnly cookies (access + refresh tokens)
- Role-based authorization (user/admin)
- Rate limiting (1000 req/hr general, 60 req/hr for AI)
- NoSQL injection sanitization
- Helmet security headers
- CSRF protection via
sameSite: strict cookies
- Password validation (uppercase, lowercase, number, special character)
- Dark mode / Light mode toggle
- English & Bengali language support
- Smooth animations (Framer Motion)
- Responsive design
- Fully accessible (ARIA labels, semantic HTML, keyboard navigation)
- Configurable currency formatting (
VITE_CURRENCY_CODE / VITE_CURRENCY_LOCALE)
| Technology |
Purpose |
| Node.js + Express 5 |
Server framework |
| MongoDB + Mongoose 9 |
Database & ODM |
| Groq AI |
Business insights |
| JWT + bcrypt |
Authentication & security |
| Zod 4 |
Request validation |
| Multer |
File uploads |
| Pino |
Logging |
| Nodemailer |
Email sending (verification, password reset) |
| Vitest |
Testing framework |
| Technology |
Purpose |
| React 19 |
UI library |
| Vite 8 |
Build tool |
| Tailwind CSS 4 |
Styling |
| TanStack React Query 5 |
Data fetching & caching |
| Zustand 5 |
State management |
| React Hook Form + Zod |
Forms & validation |
| Recharts |
Data visualization |
| Framer Motion |
Animations |
| Axios |
HTTP client (with cookie-based auth) |
| Vitest + jsdom |
Frontend testing |
- Node.js 20+ and pnpm (or npm)
- MongoDB instance (local or MongoDB Atlas)
- Groq API key (from Groq Console) — optional for AI features
git clone https://github.com/yourusername/InsightOS.git
cd InsightOS
Create a .env file in backend/:
PORT=5000
MONGODB_URI=mongodb+srv://<username>:<password>@cluster.mongodb.net/insightos
JWT_ACCESS_SECRET=your-access-secret-here
JWT_REFRESH_SECRET=your-refresh-secret-here
AI_PROVIDER=groq
AI_MODEL=llama-4-scout
GROQ_API_KEY=gsk_your-groq-api-key
AI_WEB_SEARCH=disabled
CORS_ORIGIN=http://localhost:5173
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your-email@gmail.com
SMTP_PASS=your-app-password
EMAIL_FROM=noreply@insightos.app
APP_URL=http://localhost:5173
NODE_ENV=development
Start the development server:
Backend runs at http://localhost:5000
Create a .env file in frontend/:
VITE_API_URL=http://localhost:5000
VITE_CURRENCY_CODE=USD
VITE_CURRENCY_LOCALE=en-US
Start the dev server:
Frontend runs at http://localhost:5173
Total: 76 tests across 8 test files
| Method |
Endpoint |
Auth |
Description |
| POST |
/api/auth/register |
— |
Register new account |
| POST |
/api/auth/login |
— |
Login |
| POST |
/api/auth/refresh |
— |
Refresh access token (cookie) |
| POST |
/api/auth/logout |
JWT |
Logout |
| GET |
/api/auth/me |
JWT |
Get current user |
| PATCH |
/api/auth/me |
JWT |
Update profile |
| POST |
/api/auth/me/avatar |
JWT |
Upload avatar |
| DELETE |
/api/auth/me/avatar |
JWT |
Delete avatar |
| POST |
/api/auth/send-verification |
JWT |
Send email verification link |
| GET |
/api/auth/verify-email?token=xxx |
— |
Verify email |
| POST |
/api/auth/forgot-password |
— |
Send password reset email |
| POST |
/api/auth/reset-password |
— |
Reset password with token |
| GET |
/api/auth/users |
Admin |
List all users |
| Method |
Endpoint |
Auth |
Description |
| GET |
/api/dashboard |
JWT |
Consolidated dashboard data |
| Method |
Endpoint |
Auth |
Description |
| POST |
/api/products |
JWT |
Create product |
| GET |
/api/products |
JWT |
List products (paginated, filterable) |
| GET |
/api/products/low-stock |
JWT |
Get low stock items (paginated) |
| GET |
/api/products/:id |
JWT |
Get product |
| PATCH |
/api/products/:id |
JWT |
Update product |
| DELETE |
/api/products/:id |
JWT |
Delete product |
| Method |
Endpoint |
Auth |
Description |
| POST |
/api/sales |
JWT |
Record sale (with stock decrement) |
| GET |
/api/sales |
JWT |
List sales (paginated, filterable) |
| GET |
/api/sales/analytics |
JWT |
Get sales analytics |
| GET |
/api/sales/:id |
JWT |
Get sale |
| Method |
Endpoint |
Auth |
Description |
| POST |
/api/expenses |
JWT |
Create expense |
| GET |
/api/expenses |
JWT |
List expenses (paginated, filterable) |
| GET |
/api/expenses/summary |
JWT |
Get expense summary |
| GET |
/api/expenses/:id |
JWT |
Get expense |
| PATCH |
/api/expenses/:id |
JWT |
Update expense |
| DELETE |
/api/expenses/:id |
JWT |
Delete expense |
| Method |
Endpoint |
Auth |
Rate Limit |
Description |
| POST |
/api/ai/chat |
JWT |
60/hr |
Send chat message |
| POST |
/api/ai/chat/stream |
JWT |
60/hr |
Streaming chat (SSE) |
| GET |
/api/ai/conversations |
JWT |
— |
List conversations |
| GET |
/api/ai/conversations/:id |
JWT |
— |
Get conversation with messages |
| DELETE |
/api/ai/conversations/:id |
JWT |
— |
Delete conversation |
| Method |
Endpoint |
Auth |
Description |
| DELETE |
/api/user/data |
JWT |
Clear all business data (requires { "confirm": true }) |
| DELETE |
/api/user/account |
JWT |
Delete account (requires { "confirm": true }) |
| Method |
Endpoint |
Auth |
Description |
| GET |
/health |
— |
Health check |
| GET |
/api-docs |
— |
Swagger API documentation |
| Field |
Type |
Details |
| name |
String |
Required, max 50 chars |
| email |
String |
Required, unique, lowercase |
| password |
String |
Hashed (bcrypt 12 rounds), select: false |
| role |
String |
user or admin |
| refreshToken |
String |
Stored for refresh flow |
| avatar |
String |
File path to uploaded avatar |
| isVerified |
Boolean |
Email verification status |
| verificationToken |
String |
Email verification token |
| verificationTokenExpires |
Date |
Verification token expiry |
| resetPasswordToken |
String |
Password reset token |
| resetPasswordExpires |
Date |
Reset token expiry |
| Field |
Type |
Details |
| userId |
ObjectId |
Ref: User (indexed) |
| name |
String |
Required, max 100 chars |
| category |
String |
Required |
| price |
Number |
Min 0 |
| stock |
Number |
Min 0, default 0 |
| lowStockThreshold |
Number |
Default 10 |
| Field |
Type |
Details |
| userId |
ObjectId |
Ref: User (indexed) |
| productId |
ObjectId |
Ref: Product |
| quantity |
Number |
Min 1 |
| unitPrice |
Number |
Product price at time of sale |
| totalAmount |
Number |
Auto-calculated |
| note |
String |
Max 200 chars |
| saleDate |
Date |
Indexed |
| Field |
Type |
Details |
| userId |
ObjectId |
Ref: User (indexed) |
| title |
String |
Required, max 100 chars |
| amount |
Number |
Min 0 |
| category |
String |
Enum: rent, salary, utilities, marketing, supplies, transport, maintenance, other |
| note |
String |
Max 200 chars |
| date |
Date |
Indexed |
| Field |
Type |
Details |
| userId |
ObjectId |
Ref: User (indexed) |
| title |
String |
Auto-generated from first message |
| messages |
Array |
Embedded: { role, content, timestamp } |
InsightOS/
├── backend/
│ ├── src/
│ │ ├── __tests__/ # Backend tests (4 files, 46 tests)
│ │ ├── config/ # Environment, DB, AI, Swagger config
│ │ ├── constants/ # Shared constants (expense categories)
│ │ ├── middleware/ # Auth, error handling, upload, validate
│ │ ├── modules/ # Feature modules
│ │ │ ├── ai/ # AI chat & conversations
│ │ │ ├── auth/ # Authentication & user management
│ │ │ ├── dashboard/ # Dashboard data aggregation
│ │ │ ├── expense/ # Expense tracking
│ │ │ ├── product/ # Product inventory
│ │ │ ├── sales/ # Sales recording & analytics
│ │ │ └── user/ # Account management
│ │ ├── routes/ # Central route registry
│ │ ├── services/ # Shared services (email, businessData)
│ │ └── utils/ # Error classes, tokens, logger
│ ├── uploads/avatars/ # User avatar storage
│ ├── vitest.config.js
│ └── package.json
│
├── frontend/
│ ├── src/
│ │ ├── __tests__/ # Frontend tests (4 files, 30 tests)
│ │ ├── api/ # Axios config & API modules
│ │ ├── components/ # Reusable UI components
│ │ │ ├── charts/ # Recharts visualizations
│ │ │ ├── layout/ # Sidebar, Topbar, AppLayout, Footer
│ │ │ └── ui/ # Button, Card, Modal, Table, Input...
│ │ ├── context/ # Language context (i18n)
│ │ ├── hooks/ # React Query hooks
│ │ ├── lib/ # Translations, motion variants
│ │ ├── pages/ # Route pages
│ │ ├── store/ # Zustand stores
│ │ └── utils/ # Helpers (cn, config, format)
│ ├── vite.config.js
│ └── package.json
│
├── plan.md # Improvement plan (Bengali)
├── পরিবর্তনের-সারসংক্ষেপ.md # Change summary (Bengali)
└── README.md
The backend follows a modular architecture with clean separation of concerns:
Controller → Service → Repository → Model
- Controller — Handles HTTP requests/responses
- Service — Business logic and orchestration
- Repository — Database queries and data access
- Model — Mongoose schema definitions
Each module (auth, product, sales, expense, ai, user, dashboard) is self-contained with its own controllers, services, repositories, models, and validation schemas. Cross-module dependencies are handled through shared services (services/businessData.service.js, services/email.service.js).
Login → JWT (15min) + Refresh Token (7d)
↓
Both stored as httpOnly cookies (sameSite: strict)
↓
API calls automatically send cookies → authenticateToken middleware reads cookie
↓
On 401 → axios interceptor calls /auth/refresh → new accessToken cookie set
| Variable |
Required |
Default |
Description |
MONGODB_URI |
Yes |
— |
MongoDB connection string |
JWT_ACCESS_SECRET |
Yes |
— |
Access token secret |
JWT_REFRESH_SECRET |
Yes |
— |
Refresh token secret |
GROQ_API_KEY |
No |
— |
Groq API key (for AI features) |
PORT |
No |
5000 |
Server port |
NODE_ENV |
No |
development |
Environment mode |
AI_PROVIDER |
No |
groq |
AI provider |
AI_MODEL |
No |
llama-4-scout |
AI model name |
AI_WEB_SEARCH |
No |
disabled |
Web search support (varies by provider) |
CORS_ORIGIN |
No |
http://localhost:5173 |
Frontend origin |
SMTP_HOST |
No |
smtp.gmail.com |
SMTP server |
SMTP_PORT |
No |
587 |
SMTP port |
SMTP_USER |
No |
— |
SMTP username |
SMTP_PASS |
No |
— |
SMTP password |
EMAIL_FROM |
No |
noreply@insightos.app |
Sender email |
APP_URL |
No |
http://localhost:5173 |
Frontend URL for email links |
| Variable |
Required |
Default |
Description |
VITE_API_URL |
No |
http://localhost:5000 |
Backend API URL |
VITE_CURRENCY_CODE |
No |
USD |
Currency code (e.g. USD, BDT, EUR) |
VITE_CURRENCY_LOCALE |
No |
en-US |
Locale for formatting (e.g. en-US, bn-BD) |
| Suite |
Files |
Tests |
Command |
| Backend (unit) |
4 |
46 |
cd backend && pnpm test |
| Frontend (unit) |
4 |
30 |
cd frontend && pnpm test |
| Total |
8 |
76 |
|
- Utility classes (ApiError, ApiResponse, asyncHandler)
- JWT token generation & verification
- Validation middleware (Zod body/query)
- All Zod schemas (auth, product, sale, expense)
- Zustand auth store state management
- Currency formatting (configurable locale)
- Date formatting & relative time
- Tailwind classname merging (cn utility)
This project is licensed under the MIT License.
Built with care for small business owners who deserve better tools.