MCFL - Mangal Credit & Fincorp Digital Lending Ecosystem
MCFL is a full-stack digital lending platform for Mangal Credit & Fincorp Ltd., an NBFC specializing in gold loans, business loans, and loans against property. The ecosystem comprises three integrated components: Public Website: Corporate portal with loan enquiry capture and live gold rate display Mobile Application: Role-specific interfaces for Customers, DSAs, and Employees Admin Panel: Centralized command center for loan origination, asset tracking, master data, and user governance
About the Project
The website implements hybrid rendering, serving immutable brand content from edge cache while hydrating dynamic loan components via API invocations. All sponsor logos, press releases, investor documents, and career postings are managed via backend CMS; upon publication, frontend automatically rehydrates components. The loan enquiry module POSTs borrower mobile number and product interest, instantiating a lead record and broadcasting to telecaller queues within sub-second latency. Dynamic gold rate widgets and loan carousels compose at runtime from API payloads.
The admin panel is a permission-controlled SPA implementing component-level authorization across six tiers: MASTER, USERMANAGEMENT, SETTING, TELECALLER, INQUIRY, TESTIMONIAL. Campaign and Lead Management instantiates campaign schemas with unique codes, vendor FKs, priority enum, and status flags. Leads traverse deterministic state machine from ACTIVITY to CONVERSION. DataTables implement server-side pagination, column filtering, global search, and CSV export. Cash Packet Movement provides physical asset tracking treating currency packets as digital entities with UUID, branch FKs, employee assignments, and movement taxonomy. Packets traverse INITIATED to CLOSED. State transitions commit immutable audit logs. Master Data Configuration provides CRUD interfaces for 20+ entities. Gold Rate Editor implements temporal versioning with effective dates. User and Role Management provides complete user lifecycle across Customer, DSA, Employee with six-tier permission hierarchy. CMS provides WYSIWYG editor with scheduled publishing and version rollback. Notification Engine provides rich notification composer with audience segmentation and scheduled delivery.
The mobile application is a single Flutter codebase with role-based view rendering at authentication boundary. Upon JWT validation, app resolves user_type and dynamically assembles navigation tree. Authentication uses mobile number OTP with biometric opt-in. Customer Portal displays live gold rates, renders JSON schema forms with conditional fields, and supports document upload with client-side compression. DSA Portal projects productivity cards, enables enquiry registration with commission tracking, and provides lead list with pull-to-refresh. Employee Portal presents verification task queues, enables geotagged photo capture, and supports cash packet QR scan with offline mode. Offline synchronization maintains local materialized views with background sync. QR Access Control provides zero-latency scanning with HMAC-SHA256 signed payloads and local lookup.
Key Features
Campaign and Lead Management
- Campaign instantiation with unique codes, vendor association, priority enumeration, and active status flags
- Deterministic round-robin lead assignment to telecaller queues with workload ceiling enforcement
- Six-phase state machine: ACTIVITY → MEETING → DISPOSITION → TASK → CONVERSION → DISBURSEMENT
- Server-side DataTables with column filtering, global search, sort dimensionality, and CSV/Excel export
- Batch operations for bulk assignment, bulk SMS dispatch, and bulk disposition updates
- Complete interaction timeline with ISO 8601 timestamps and actor attribution
Cash Packet Movement
- Physical currency packet digitization with UUID primary key and branch geometry foreign keys
- Dual workflow paths: Old Packet Reconciliation and New Packet Issuance
- Movement type taxonomy: DD Transfer, Vault Replenishment, Inter-Branch Allocation
- Employee lookup with debounced autocomplete against active directory
- Multipart document attachment for Request Letter PDF and Person Handling Image with MIME validation
- Five-state deterministic workflow: INITIATED → ASSIGNED → IN TRANSIT → RECEIVED → CLOSED
Master Data Configuration
- CRUD interfaces for 20+ entity classifications including Gold Rate, BANNER, PRODUCT, BRANCH, PROOF, DISPOSITION, COMMITTEE
- Temporal gold rate versioning with effective_from and effective_to timestamps
- Centralized dropdown editor for all selectable enumerations across mobile and web surfaces
- Entity version history with one-click rollback to prior revision states
User and Role Management
- Complete user lifecycle operations across CUSTOMER, DSA, and EMPLOYEE classifications
- Six-tier permission hierarchy: MASTER, USERMANAGEMENT, SETTING, TELECALLER, INQUIRY, TESTIMONIAL
- Component-level authorization directives—unauthorized users cannot observe restricted UI elements
- Bulk user import via CSV with header validation and row-level error reporting
- Audit viewer with login sequences, IP geo-resolution, and sensitive action forensic logs
Content Management System
- WYSIWYG editor with rich text formatting, image embedding, and media library integration
- Scheduled publishing with background cron invocations and visibility boolean mutation
- Version history stack with infinite draft/published duality and one-click rollback
- Media library with folder taxonomy and CDN cache invalidation
Notification Engine
- Rich notification composer with title, body, image URI, and deep-link URL schema
- Audience segmentation by user_type, branch foreign key, loan product tags, and recency filters
- Scheduled delivery with time-delayed task queues and cancellation capability
- Delivery analytics with aggregate open rates, conversion attribution, and platform success percentages
- In-app inbox with cursor-based pagination and read receipt acknowledgment
Public Website
- Hybrid rendering architecture with edge-cached immutable content and API-hydrated dynamic components
- Live gold rate widget with real-time carat-wise display and Redis cache fallback
- Anonymous loan enquiry capture with sub-second lead instantiation and telecaller queue assignment
- Stock price ticker with cross-origin BSE/NSE fetch and color-coded percentage delta formatting
- Headless CMS integration with automatic frontend rehydration upon backend publication
- Edge-cached heritage assets with sub-50ms time-to-first-byte
Mobile Application - Unified Architecture
- Single Flutter codebase with role-based navigation tree assembly at authentication boundary
- JWT authentication with OTP generation, SMS polling, refresh token rotation, and biometric secure enrollment
- Offline-first architecture with SQLite materialized views and write-ahead transaction log
- Background synchronization with exponential backoff and version vector conflict resolution
- Pull-to-refresh with delta fetch since last synchronization timestamp
Mobile Application - Customer Portal
- Live gold rate calculator with real-time rate projection and LTV coefficient multiplication
- JSON schema form engine with conditional field visibility and client-side validation
- Document upload with camera/gallery interface, client-side compression to sub-200KB, and S3 presigned URL transmission
- Offer listings view with product-specific interest rate concessions and fast-track approval vouchers
Mobile Application - DSA Portal
- Productivity dashboard with today's enquiry count, monthly conversion rate, and commission accrual
- Enquiry registration form with DSA commission identifier and source campaign foreign key
- Bulk enquiry import via CSV with header validation and row-level error reporting
- Lead list with disposition status badges and pull-to-refresh synchronization
Mobile Application - Employee Portal
- Verification task queues filtered by assigned employee identifier and status predicate
- Doorstep verification with geotagged photo capture and GPS coordinate EXIF embedding
- Cash packet assignment view with QR scan for receipt confirmation and delivery proof upload
- Offline operation mode with persistent write-ahead log and transactional replay upon connectivity
QR Access Control
- Zero-latency QR scanning infrastructure for high-throughput verification environments
- HMAC-SHA256 signed payloads with server-held secret precluding forgery and replay injection
- Local SQLite cache lookup for instantaneous attendee profile projection
- Dual execution paths: ENTER and RESTRICT with timestamped access event logging
Data Architecture
- PostgreSQL in third normal form with foreign key constraints across 40+ entity tables
- Redis caching for gold rate projections, branch lookups, and session tokens with pub/sub invalidation
- AWS S3 partitioned asset organization with CloudFront CDN delivery
- Signed URL secure access for private assets with 60-second expiration windows
- Immutable audit logging for all state-mutating operations with complete forensic dimensionality
System-Wide Features
- Unified REST API gateway serving website, mobile, and admin clients
- Referential integrity enforcement via database foreign key constraints
- Role-based access control at route, component, and action verb levels
- Rate limiting middleware for OTP and API requests
- Automated CI/CD pipelines with test suites and automated deployments
- Comprehensive monitoring and error tracking
