PTX Channel Manager - Project Overview & PDR


Project	PTX Channel Manager (ptx-cm)
Version	2.0.0
Status	Active - Post-Security Sprint
Last Updated	2026-02-20

1. Executive Summary

PTX Channel Manager is a unified OTA channel management platform that prevents overbookings by auto-syncing room availability across Booking.com, Agoda, Traveloka, and Expedia within 60 seconds. Built for 100+ properties across Vietnam, Indonesia, and Malaysia, with multi-country staff access control and encrypted OTA credential management.

Key Achievement: Reduced manual overbooking reconciliation by 95% with real-time alerts and automated inventory synchronization across 4 OTA platforms.

2. Problem Statement

Before PTX-CM

Manual Overbooking Risk: Properties had to manually track inventory across 4 separate OTA dashboards
Human Error: Staff entry errors caused 5-10% overbooking incidents monthly
Slow Sync: Changes took 2-4 hours to propagate across all channels
Limited Visibility: No real-time alert system for overbookings
Credential Management: OTA credentials stored in spreadsheets without encryption
Multi-Country Complexity: No built-in country-scoped access control

Solution

Unified dashboard with automated polling, real-time overbooking alerts, encrypted credential storage, and country-scoped staff access.

3. Target Users & Use Cases

Primary Users

Role	Use Case	Frequency
Property Manager	Monitor occupancy, view booking timeline, manage OTA connections	Daily
Reservations Staff	Check availability, confirm bookings, resolve overbooking alerts	Hourly
Finance Team	View revenue metrics, export booking data for accounting	Weekly
OTA Operator	Configure OTA accounts, test connections, manage room mappings	Weekly
Customer Service	Audit booking history, view guest info, handle complaints	Daily
Admin/Super Admin	Manage users, roles, permissions, global settings	Weekly

Core Workflows

Workflow 1: New OTA Connection

Manager navigates to OTA Accounts → Connect
Enters OTA credentials (securely encrypted)
Tests connection to verify authentication
Maps room types to OTA rate plans
Activates sync for property

Workflow 2: Booking Arrival

OTA sends new booking via API
System polls OTA extranet every 2-3 minutes
Pulls booking record → deduplicates by OTA booking ID
Recalculates availability per room type
If overbooking detected → Creates alert + notifies staff
Pushes updated availability to all connected OTAs

Workflow 3: Resolving Overbooking

Manager sees alert in dashboard
Opens booking detail → views booking timeline + status history
Transitions booking status via state machine (e.g., Confirmed → CheckedIn)
System automatically recalculates availability
Sends updated rates/availability to OTAs

4. Functional Requirements (Features)

Phase 1: Authentication & Authorization (COMPLETE)

JWT-based login with email/password
Refresh token rotation with database-backed revocation
Role-based access control with bitmask permissions
Country-scoped access (staff see only their country, managers can switch)
Encrypted password storage with bcrypt
Password reset workflow (forgot-password, reset token, change-password)
HttpOnly cookie storage for token security
Rate limiting on login (5/min) and refresh (10/min)

Phase 2: Property & Inventory Management (COMPLETE)

CRUD operations for properties with timezone/currency assignment
Room type definitions per property (name, total count, base rate)
Supplier/room-owner management with bank details
Supplier ↔ room allocation with per-supplier inventory rules
Property list with country filtering and pagination

Phase 3: OTA Integration (COMPLETE)

OTA account management with AES-256-GCM encrypted credentials
Multi-OTA support: Booking.com, Agoda, Traveloka, Expedia
OTA adapter factory pattern for pluggable implementations
OTA connection management (property ↔ OTA account links)
Room type ↔ OTA rate plan/room ID mapping
OTA discovery and auto-import of available properties
Connection testing with error reporting

Phase 4: Booking Sync & Management (COMPLETE)

Automated polling scheduler (150s interval per property)
Booking pull service with OTA adapter pattern
Booking deduplication by OTA booking ID
Real-time booking storage in PostgreSQL
Booking list with filters (date range, status, OTA source)
Booking detail view with complete audit timeline
Status transition dialog with role-gated workflows
Booking metadata display (guest name, room type, rate, etc.)

Phase 5: Availability & Alerts (COMPLETE)

Automatic availability calculation after each booking
Daily availability tracking per room type
Overbooking detection (booked ≥ total rooms)
Alert creation for critical conditions
Alert list with status tracking (new, resolved, snoozed)
Real-time notification to staff via email/dashboard
Alert detail with root cause analysis

Phase 6: Dashboard & Monitoring (COMPLETE)

KPI cards: Occupancy rate, revenue, avg daily rate, sync success
Sync status display: Queue size, job count, failure rate
Recent bookings table
Active alerts summary
System health indicator (postgres, redis, OTA connectivity)

Phase 7: Settings & Configuration (COMPLETE)

Global settings: Booking pull interval, notification toggles, buffer room count
User management: CRUD staff accounts, role assignment, country scoping
Role definitions with permission bitmask editor
Country reference data management
Booking status customization with color/icon assignment
Booking status transition state machine editor (visual workflow)
Notification preferences (email, LINE, Slack)

Phase 8: Audit & Compliance (COMPLETE)

Activity log tracking all HTTP requests (email, method, path, status)
Booking history timeline with state change events
User action audit trail
Data export: Bookings to CSV, properties to CSV
Compliance: GDPR-compliant data retention settings

5. Non-Functional Requirements

Performance Targets

Metric	Target	Status
Booking sync latency	<60 seconds (poll to OTA push)	Active
Dashboard load time	<2 seconds	Active
API response time (p95)	<500ms	Active
Database query time (p95)	<100ms	Active
Concurrent users	50+	Active
Booking throughput	1000 bookings/hour	Active

Scalability

Monorepo supports 100+ properties per instance
Multi-tenant ready (country-scoped isolation)
Redis-backed BullMQ for async scaling
PostgreSQL with indexes for fast queries
Stateless backend for horizontal scaling

Security Standards

JWT with 15m access token + 7d refresh token
AES-256-GCM encryption for OTA credentials
Bcrypt password hashing with salt rounds: 12
Country-scoped queries prevent data leakage
Rate limiting on sensitive endpoints
HTTPS/TLS for all traffic
HttpOnly cookies for token storage

Availability

Target: 99.5% uptime
Database backups: Daily + automated snapshots
Redis persistence: AOF enabled
Graceful degradation: Async jobs retry on failure
Health checks: Liveness probes on /health endpoint

Maintainability

TypeScript for type safety
NestJS architectural standards
Code documentation via JSDoc
Test coverage: 80% services, 60% controllers
Semantic versioning for releases
Changelog maintenance

6. Technical References

For detailed technical information, see:
System Architecture — Tech stack, design patterns, sync engine flow, auth flow, ER diagram
Database Design — Full schema with DDL, indexes, constraints, and ER diagram
Codebase Summary — Module map, directory structure, frontend routes

9. Development Roadmap

Completed (v2.0.0)

[x] JWT authentication with refresh tokens
[x] Role-based access control (6 preset roles)
[x] Country-scoped data isolation
[x] OTA adapter framework (4 adapters)
[x] Automated booking sync pipeline
[x] Availability calculation & overbooking alerts
[x] Dashboard KPI metrics
[x] Booking timeline & audit history
[x] User & role management
[x] Encrypted OTA credential storage
[x] Rate limiting & security hardening

In Progress / Planned

[ ] Rate Management Module - Configure dynamic rates per channel, seasonal rules, markup/discount logic
[ ] Webhook Support - Receive real-time booking events from OTA partners instead of polling
[ ] Mobile App - React Native companion for field staff notifications
[ ] Advanced Analytics - Revenue forecasting, occupancy trends, competitor rate analysis
[ ] 2FA Support - TOTP/SMS two-factor authentication for user accounts
[ ] Bulk Operations - Batch update room types, rates, availability across properties
[ ] API Keys - Enable external integrations (PMS, channel manager, revenue mgmt)
[ ] Airbnb/Vrbo Adapters - Extend to additional OTA platforms
[ ] Notification Channels - Slack, LINE, Telegram integrations beyond email
[ ] Multi-Language - Expand i18n beyond English/Vietnamese

10. Success Metrics

Business Metrics

Metric	Baseline	Target (6 months)	Current
Overbooking incidents	50/month	<5/month	Tracking
Manual sync time	4 hours/day	0 hours	95% reduced
Property coverage	0%	100% (100+ properties)	85%
Staff adoption	0%	90%	70%
System availability	N/A	99.5%	99.8%

Technical Metrics

Metric	Target	Status
Test coverage (services)	80%	In progress
Deployment frequency	Weekly	Active
Incident response time	<15 min	<10 min
Database backup frequency	Daily	Automated

11. Risk Assessment

Risk	Impact	Likelihood	Mitigation
OTA API changes break integration	High	Medium	Adapter versioning, backward compatibility tests
Credential exposure (AES-256 key leak)	Critical	Low	Rotate encryption key annually, audit logs
Database overload (high booking volume)	High	Low	Connection pooling, query optimization, read replicas
Staff misuse of country-scope bypass	Medium	Low	Role separation, activity logging, audit review
Redis failure (queue loss)	Medium	Low	AOF persistence, monitoring alerts

12. Constraints & Dependencies

External Dependencies

Booking.com API - Availability, rate stability critical for sync
Agoda Extranet - Parsing stability for web scraping fallback
PostgreSQL 16 - ACID guarantees required for booking consistency
Redis 7 - Queue persistence for async job tracking

Internal Dependencies

packages/database (Prisma schema) must be in sync with all services
packages/types (enums) shared across frontend and backend
OTA adapter implementations must conform to IOtaAdapter interface

Constraints

Max 150s polling interval (OTA API rate limits)
Encryption key must be ≥256 bits (AES-256)
JWT tokens must expire: access=15m, refresh=7d
Country scope limited to: VN, ID, MY (extensible)

13. Success Criteria & Acceptance

MVP Acceptance (v1.0.0 - COMPLETE)

[x] Users can login with email/password
[x] Properties can connect to OTA accounts securely
[x] Bookings auto-sync every 2-3 minutes
[x] Availability recalculates in real-time
[x] Overbooking alerts trigger when inventory exceeds capacity
[x] Staff see only their assigned country
[x] Managers can switch between countries

Production Readiness (v2.0.0 - COMPLETE)

[x] All endpoints secured behind JWT auth
[x] Country-scoped queries prevent data leakage
[x] OTA credentials encrypted with AES-256-GCM
[x] Rate limiting prevents brute-force attacks
[x] Activity logs audit all user actions
[x] 99.5% uptime in staging environment
[x] Database backups automated daily
[x] Security audit completed

Future Release Criteria

Rate management module with seasonal rules
Webhook support for real-time OTA events
Mobile app for on-the-go notifications
Advanced analytics dashboard

system-architecture.md - Architecture diagrams, module dependencies, auth flows
code-standards.md - Coding patterns, naming conventions, security guidelines
codebase-summary.md - Project structure, file counts, tech stack
API_SPEC.md - REST endpoint reference
DB_DESIGN.md - Database schema, ER diagram, indexes
UI_SPEC.md - Design system, component library, screen mockups
development-roadmap.md - Feature status, milestones, progress tracking

Last Updated: 2026-02-20 | Maintained By: Development Team

PTX Channel Manager - Project Overview & PDR ​

1. Executive Summary ​

2. Problem Statement ​

Before PTX-CM ​

Solution ​

3. Target Users & Use Cases ​

Primary Users ​

Core Workflows ​

4. Functional Requirements (Features) ​

Phase 1: Authentication & Authorization (COMPLETE) ​

Phase 2: Property & Inventory Management (COMPLETE) ​

Phase 3: OTA Integration (COMPLETE) ​

Phase 4: Booking Sync & Management (COMPLETE) ​

Phase 5: Availability & Alerts (COMPLETE) ​

Phase 6: Dashboard & Monitoring (COMPLETE) ​

Phase 7: Settings & Configuration (COMPLETE) ​

Phase 8: Audit & Compliance (COMPLETE) ​

5. Non-Functional Requirements ​

Performance Targets ​

Scalability ​

Security Standards ​

Availability ​

Maintainability ​

6. Technical References ​

9. Development Roadmap ​

Completed (v2.0.0) ​

In Progress / Planned ​

10. Success Metrics ​

Business Metrics ​

Technical Metrics ​

11. Risk Assessment ​

12. Constraints & Dependencies ​

External Dependencies ​

Internal Dependencies ​

Constraints ​

13. Success Criteria & Acceptance ​

MVP Acceptance (v1.0.0 - COMPLETE) ​

Production Readiness (v2.0.0 - COMPLETE) ​

Future Release Criteria ​

14. Related Documentation ​