Back to Case Studies
Regulated Marketplace

AI-Powered Cannabis Compliance Marketplace

A production-grade marketplace architecture for regulated cannabis commerce, license verification, COA intelligence, product approvals, and configurable state compliance workflows.

Role

Full-stack engineer and system designer

Scope

Production-grade architecture and implementation

Depth

14 min read

Problem

Cannabis marketplaces cannot behave like ordinary ecommerce. Every seller, product, lab report, customer action, and transaction must pass legal, operational, and audit checks before commerce can happen.

Solution

I designed the platform around verified organizations, role-based access, AI-assisted COA processing, approval workflows, and a central compliance engine that evaluates marketplace actions against configurable state rules.

Impact

The architecture connected domain research, AI document intelligence, backend modeling, compliance workflows, and full-stack product delivery into one maintainable platform direction.

Designing an AI-Powered Cannabis Compliance Marketplace

This project is about a regulated marketplace, not a generic ecommerce clone. The core engineering question was:

How do you let businesses list and sell cannabis products only after the platform verifies licenses, laboratory evidence, product eligibility, customer eligibility, and jurisdiction-specific rules?

That problem forced the product to combine domain research, compliance modeling, document intelligence, role-based dashboards, marketplace search, and production-grade backend architecture.

Chapter 1: Understanding The Cannabis Industry

Before designing screens or database tables, I treated the cannabis market as a supply-chain problem. Cannabis products move through a regulated lifecycle where each participant has a different legal role, and each product needs traceability from cultivation to consumer access.

Cultivator
Harvest
Drying and curing
Laboratory testing
Certificate of Analysis
Manufacturer or processor
Distributor or wholesaler
Retail dispensary
Consumer

The important insight was that the platform could not start with "products" alone. It needed to understand organizations, licenses, batches, lab reports, product categories, state availability, and approval status. That domain model became the foundation for the rest of the system.

Chapter 2: Business Roles And License Onboarding

In a normal marketplace, a seller can register and start listing products quickly. In cannabis, a business must prove that it is legally allowed to operate before it receives marketplace access.

  • Cultivator
  • Manufacturer
  • Processor
  • Distributor
  • Wholesaler
  • Retail dispensary
  • Testing laboratory
Business registration
Company profile
License upload
License metadata extraction
License validation
Admin review
Business approval
Marketplace access

Until a business was approved, it could not create listings, upload inventory, submit COAs, or participate in commerce. This gave the platform a clear gate between untrusted registration data and regulated marketplace activity.

Chapter 3: AI-Powered COA Intelligence

The hardest document workflow was the Certificate of Analysis. COAs are laboratory reports that validate product composition and safety. They often vary by lab, state, document quality, terminology, and file format.

Some reports are clean PDFs. Some are scanned images. Some use tables. Some use inconsistent column names. A manual form-only workflow would be slow and error-prone, so I designed an AI-assisted pipeline:

COA upload
File storage
OCR extraction
Claude AI structured parsing
Unit normalization
Confidence scoring
Rule validation
Auto-populated product form
Business review
Admin approval

The extraction layer focused on structured fields such as:

  • THC, CBD, CBG, CBN, CBC
  • Terpene profile
  • Moisture
  • Batch number
  • Harvest date
  • Testing date
  • Laboratory name
  • Product type
  • Cannabinoid profile
  • Contaminants
  • Heavy metals
  • Residual solvents
  • Pesticides
  • Microbial results

AI reduced typing effort, but it did not replace accountability. The business still reviewed extracted values, and admins still had a final approval path for regulated marketplace publication.

Chapter 4: The AI Validation Layer

I did not design the platform to blindly trust model output. AI extraction was treated as a suggestion layer behind deterministic validation.

  • Missing mandatory cannabinoid values
  • Invalid percentages or impossible values
  • Expired laboratory reports
  • Unsupported laboratories
  • Duplicate COAs
  • Mismatched batch references
  • Product type conflicts
  • Incomplete contaminant test results

This hybrid approach made the AI useful without making it dangerous. The model handled messy document interpretation, while the rule engine handled repeatable compliance decisions.

Chapter 5: Product Approval Workflow

Products could not become visible immediately after upload. Each listing moved through a moderation workflow:

Draft
Product details
Image upload
COA upload
AI processing
Compliance validation
Business confirmation
Admin review
Approved
Marketplace published

Every approval decision needed to be attributable. That meant storing status changes, reviewer identity, timestamps, rejection reasons, and document references. From a backend perspective, this moved the product model away from a single published boolean and toward a state machine.

Chapter 6: State Compliance Engine

The most important architectural decision was separating compliance rules from application code. Cannabis regulations vary by state and can change over time. Hardcoding these conditions across controllers, forms, and checkout logic would create risk every time a policy changed.

Customer eligibility

Examples
Minimum age, adult-use availability, medical-use availability

Market access

Examples
Delivery availability, retail permissions, state availability

Product rules

Examples
Product type restrictions, purchase limits, required labels

Testing rules

Examples
Required testing categories, approved laboratories

Checkout rules

Examples
Packaging requirements, tax calculation inputs

The compliance engine evaluated marketplace actions against these policies:

  • Can this business list this product in this state?
  • Is this lab accepted for the product category?
  • Is the license active and associated with the right organization?
  • Can this customer view or purchase the product?
  • Does this cart exceed a purchase limit?
  • Does the product require additional warning labels?
  • Should checkout be blocked for this location?

That design made compliance a first-class platform capability instead of scattered conditional logic.

Chapter 7: Consumer Eligibility And Marketplace Flow

Age confirmation
Location validation
Legal agreement
Product browsing
Cart checks
Checkout eligibility

The platform could apply stricter rules depending on jurisdiction and product category. A user experience like this needs to feel simple, but the backend must keep evaluating eligibility throughout the session because browse, cart, and checkout are different risk points.

Chapter 8: Marketplace Search With Structured Metadata

A cannabis catalog is more useful when search is based on structured product intelligence instead of only keyword matching.

  • Brand
  • Strain
  • Category
  • THC percentage
  • CBD percentage
  • Terpenes
  • Product type
  • Laboratory
  • State availability
  • Effects
  • Flavor
  • Medical tags
  • Compliance approval status

This makes discovery more precise for consumers and gives operators a better way to inspect inventory quality, state readiness, and product coverage.

Chapter 9: AI Beyond COA Parsing

Once AI is isolated behind service boundaries, it can support additional workflows without rewriting the platform.

  • Product description drafting
  • Plain-language lab report summaries
  • Compliance warning summaries
  • Duplicate product detection
  • Metadata generation for search
  • Intelligent product categorization
  • Support response assistance
  • Fraud indicators based on document anomalies
  • Suggested tags, effects, and strain characteristics

The key engineering principle was containment: AI could enrich the workflow, but source-of-truth data, approvals, and compliance decisions remained governed by structured systems.

Chapter 10: Platform Architecture

Marketplace Domains

Identity and access
Organizations
Licenses
Product operations
Inventory
COA documents
Approval states
Compliance
State policies
Eligibility checks
Audit logs
Marketplace
Search
Cart
Checkout validation
AI services
OCR
LLM extraction
Confidence scoring

The architecture favored clear boundaries: marketplace actions called compliance services, document workflows called AI services, and admin dashboards operated on approval queues instead of bypassing domain logic.

Technology Decisions

Next.js

Why It Fit
Server-rendered marketplace pages, dashboards, and SEO-friendly product surfaces

React

Why It Fit
Interactive workflows for onboarding, admin review, COA inspection, and search

Node.js

Why It Fit
API services, workflow orchestration, validation logic, and integrations

PostgreSQL

Why It Fit
Relational modeling for organizations, licenses, products, COAs, rules, and audit history

Prisma

Why It Fit
Type-safe database access and maintainable schema evolution

Claude AI

Why It Fit
Structured extraction from inconsistent COA documents

OCR

Why It Fit
Text extraction from scanned reports and image-heavy PDFs

Redis

Why It Fit
Session, cache, queue, and short-lived workflow state support

AWS S3

Why It Fit
Secure storage for COAs, product media, and business documents

Cloudflare

Why It Fit
CDN, edge protection, and faster asset delivery

Database Thinking

The database design needed to support traceability and workflow state, not just CRUD pages. Important entities included:

  • Organization
  • Business license
  • User role
  • Product
  • Product batch
  • COA document
  • Extracted lab result
  • State policy
  • Compliance check
  • Approval decision
  • Audit log

This structure allowed the platform to answer operational questions such as "why was this product approved?", "which COA supported this listing?", "which license allowed this business action?", and "which policy blocked checkout?"

Engineering Depth

The implementation required depth across product, backend architecture, AI workflows, and regulated operations:

  • Domain modeling for a complex regulated industry
  • Full-stack architecture across onboarding, admin, marketplace, and consumer flows
  • AI integration with validation, review, and fallback paths
  • Secure document handling for sensitive business files
  • Role-based permissions for businesses, admins, labs, and consumers
  • State-machine thinking for product and business approvals
  • PostgreSQL schema design for traceability
  • Configurable compliance rules instead of fragile hardcoding
  • Production-minded separation between AI suggestions and business truth

Final Reflection

The strength of this project is not that it has a marketplace UI. The strength is that the marketplace is built around real operational constraints.

It shows I can enter a regulated domain, learn the business deeply, convert that knowledge into software boundaries, and ship product architecture that balances user experience, compliance, automation, and maintainability.