Designing an AI-Powered Cannabis Compliance Marketplace
This project is about a regulated marketplace, not a generic ecommerce clone. The core engineering question was:
How do you let businesses list and sell cannabis products only after the platform verifies licenses, laboratory evidence, product eligibility, customer eligibility, and jurisdiction-specific rules?
That problem forced the product to combine domain research, compliance modeling, document intelligence, role-based dashboards, marketplace search, and production-grade backend architecture.
Chapter 1: Understanding The Cannabis Industry
Before designing screens or database tables, I treated the cannabis market as a supply-chain problem. Cannabis products move through a regulated lifecycle where each participant has a different legal role, and each product needs traceability from cultivation to consumer access.
The important insight was that the platform could not start with "products" alone. It needed to understand organizations, licenses, batches, lab reports, product categories, state availability, and approval status. That domain model became the foundation for the rest of the system.
Chapter 2: Business Roles And License Onboarding
In a normal marketplace, a seller can register and start listing products quickly. In cannabis, a business must prove that it is legally allowed to operate before it receives marketplace access.
- Cultivator
- Manufacturer
- Processor
- Distributor
- Wholesaler
- Retail dispensary
- Testing laboratory
Until a business was approved, it could not create listings, upload inventory, submit COAs, or participate in commerce. This gave the platform a clear gate between untrusted registration data and regulated marketplace activity.
Chapter 3: AI-Powered COA Intelligence
The hardest document workflow was the Certificate of Analysis. COAs are laboratory reports that validate product composition and safety. They often vary by lab, state, document quality, terminology, and file format.
Some reports are clean PDFs. Some are scanned images. Some use tables. Some use inconsistent column names. A manual form-only workflow would be slow and error-prone, so I designed an AI-assisted pipeline:
The extraction layer focused on structured fields such as:
- THC, CBD, CBG, CBN, CBC
- Terpene profile
- Moisture
- Batch number
- Harvest date
- Testing date
- Laboratory name
- Product type
- Cannabinoid profile
- Contaminants
- Heavy metals
- Residual solvents
- Pesticides
- Microbial results
AI reduced typing effort, but it did not replace accountability. The business still reviewed extracted values, and admins still had a final approval path for regulated marketplace publication.
Chapter 4: The AI Validation Layer
I did not design the platform to blindly trust model output. AI extraction was treated as a suggestion layer behind deterministic validation.
- Missing mandatory cannabinoid values
- Invalid percentages or impossible values
- Expired laboratory reports
- Unsupported laboratories
- Duplicate COAs
- Mismatched batch references
- Product type conflicts
- Incomplete contaminant test results
This hybrid approach made the AI useful without making it dangerous. The model handled messy document interpretation, while the rule engine handled repeatable compliance decisions.
Chapter 5: Product Approval Workflow
Products could not become visible immediately after upload. Each listing moved through a moderation workflow:
Every approval decision needed to be attributable. That meant storing status changes, reviewer identity, timestamps, rejection reasons, and document references. From a backend perspective, this moved the product model away from a single published boolean and toward a state machine.
Chapter 6: State Compliance Engine
The most important architectural decision was separating compliance rules from application code. Cannabis regulations vary by state and can change over time. Hardcoding these conditions across controllers, forms, and checkout logic would create risk every time a policy changed.
| Policy Area | Examples |
|---|---|
| Customer eligibility | Minimum age, adult-use availability, medical-use availability |
| Market access | Delivery availability, retail permissions, state availability |
| Product rules | Product type restrictions, purchase limits, required labels |
| Testing rules | Required testing categories, approved laboratories |
| Checkout rules | Packaging requirements, tax calculation inputs |
Customer eligibility
- Examples
- Minimum age, adult-use availability, medical-use availability
Market access
- Examples
- Delivery availability, retail permissions, state availability
Product rules
- Examples
- Product type restrictions, purchase limits, required labels
Testing rules
- Examples
- Required testing categories, approved laboratories
Checkout rules
- Examples
- Packaging requirements, tax calculation inputs
The compliance engine evaluated marketplace actions against these policies:
- Can this business list this product in this state?
- Is this lab accepted for the product category?
- Is the license active and associated with the right organization?
- Can this customer view or purchase the product?
- Does this cart exceed a purchase limit?
- Does the product require additional warning labels?
- Should checkout be blocked for this location?
That design made compliance a first-class platform capability instead of scattered conditional logic.
Chapter 7: Consumer Eligibility And Marketplace Flow
The platform could apply stricter rules depending on jurisdiction and product category. A user experience like this needs to feel simple, but the backend must keep evaluating eligibility throughout the session because browse, cart, and checkout are different risk points.
Chapter 8: Marketplace Search With Structured Metadata
A cannabis catalog is more useful when search is based on structured product intelligence instead of only keyword matching.
- Brand
- Strain
- Category
- THC percentage
- CBD percentage
- Terpenes
- Product type
- Laboratory
- State availability
- Effects
- Flavor
- Medical tags
- Compliance approval status
This makes discovery more precise for consumers and gives operators a better way to inspect inventory quality, state readiness, and product coverage.
Chapter 9: AI Beyond COA Parsing
Once AI is isolated behind service boundaries, it can support additional workflows without rewriting the platform.
- Product description drafting
- Plain-language lab report summaries
- Compliance warning summaries
- Duplicate product detection
- Metadata generation for search
- Intelligent product categorization
- Support response assistance
- Fraud indicators based on document anomalies
- Suggested tags, effects, and strain characteristics
The key engineering principle was containment: AI could enrich the workflow, but source-of-truth data, approvals, and compliance decisions remained governed by structured systems.
Chapter 10: Platform Architecture
Marketplace Domains
The architecture favored clear boundaries: marketplace actions called compliance services, document workflows called AI services, and admin dashboards operated on approval queues instead of bypassing domain logic.
Technology Decisions
| Technology | Why It Fit |
|---|---|
| Next.js | Server-rendered marketplace pages, dashboards, and SEO-friendly product surfaces |
| React | Interactive workflows for onboarding, admin review, COA inspection, and search |
| Node.js | API services, workflow orchestration, validation logic, and integrations |
| PostgreSQL | Relational modeling for organizations, licenses, products, COAs, rules, and audit history |
| Prisma | Type-safe database access and maintainable schema evolution |
| Claude AI | Structured extraction from inconsistent COA documents |
| OCR | Text extraction from scanned reports and image-heavy PDFs |
| Redis | Session, cache, queue, and short-lived workflow state support |
| AWS S3 | Secure storage for COAs, product media, and business documents |
| Cloudflare | CDN, edge protection, and faster asset delivery |
Next.js
- Why It Fit
- Server-rendered marketplace pages, dashboards, and SEO-friendly product surfaces
React
- Why It Fit
- Interactive workflows for onboarding, admin review, COA inspection, and search
Node.js
- Why It Fit
- API services, workflow orchestration, validation logic, and integrations
PostgreSQL
- Why It Fit
- Relational modeling for organizations, licenses, products, COAs, rules, and audit history
Prisma
- Why It Fit
- Type-safe database access and maintainable schema evolution
Claude AI
- Why It Fit
- Structured extraction from inconsistent COA documents
OCR
- Why It Fit
- Text extraction from scanned reports and image-heavy PDFs
Redis
- Why It Fit
- Session, cache, queue, and short-lived workflow state support
AWS S3
- Why It Fit
- Secure storage for COAs, product media, and business documents
Cloudflare
- Why It Fit
- CDN, edge protection, and faster asset delivery
Database Thinking
The database design needed to support traceability and workflow state, not just CRUD pages. Important entities included:
- Organization
- Business license
- User role
- Product
- Product batch
- COA document
- Extracted lab result
- State policy
- Compliance check
- Approval decision
- Audit log
This structure allowed the platform to answer operational questions such as "why was this product approved?", "which COA supported this listing?", "which license allowed this business action?", and "which policy blocked checkout?"
Engineering Depth
The implementation required depth across product, backend architecture, AI workflows, and regulated operations:
- Domain modeling for a complex regulated industry
- Full-stack architecture across onboarding, admin, marketplace, and consumer flows
- AI integration with validation, review, and fallback paths
- Secure document handling for sensitive business files
- Role-based permissions for businesses, admins, labs, and consumers
- State-machine thinking for product and business approvals
- PostgreSQL schema design for traceability
- Configurable compliance rules instead of fragile hardcoding
- Production-minded separation between AI suggestions and business truth
Final Reflection
The strength of this project is not that it has a marketplace UI. The strength is that the marketplace is built around real operational constraints.
It shows I can enter a regulated domain, learn the business deeply, convert that knowledge into software boundaries, and ship product architecture that balances user experience, compliance, automation, and maintainability.