Mining Mineral Chain of Custody (OECD / RMAP / ITSCI Audit-Ready)
by Grevlin Global Corp. https://grevlin.com$ 1520.21
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Inventory (stock) • Employees (hr) • Invoicing (account) |
| Community Apps Dependencies | Show |
| Lines of code | 5072 |
| Technical Name |
grev_od_mining_traceability |
| License | OPL-1 |
| Website | https://grevlin.com |
Mineral Chain of CustodyOECD 5-step due diligence, RMAP / ITSCI audit readiness, token-secured buyer portal, and one-click audit pack ZIP — the DRC cobalt compliance anchor for responsible sourcing.
|
|
ⓘ AUDIT-READY, NOT CERTIFIED. This module gives your operation everything required to be audit-ready for OECD due-diligence, RMAP, ITSCI, and downstream-buyer requests. It does NOT grant RMAP or ITSCI certification — certification is an independent third-party audit relationship. The module makes that audit dramatically faster and cheaper. |
|
|
|
Need Help?Contact us at odoo@grevlin.com or find us on X at @GrevlinGlobal ✓ 30 days free support included |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Inventory (stock) • Employees (hr) • Invoicing (account) |
| Community Apps Dependencies | Show |
| Lines of code | 5072 |
| Technical Name |
grev_od_mining_traceability |
| License | OPL-1 |
| Website | https://grevlin.com |
Mineral Chain of Custody
The Mineral Chain of Custody module tracks every tonne of mineral from extraction pit to final destination. It provides the complete OECD 5-step due diligence evidence pack that OECD-aligned smelters, EV battery manufacturers, and downstream buyers require.
!DANGER!
AUDIT-READY, NOT CERTIFIED.
This module gives your operation everything required to be audit-ready for OECD due-diligence, RMAP, ITSCI, and downstream-buyer requests. It does NOT grant RMAP or ITSCI certification — certification is an independent third-party audit relationship that you must engage separately. The module makes that audit dramatically faster and cheaper.
Note
Requires :doc:`../grev_od_mining_base/doc/index` and :doc:`../grev_od_mining_production/doc/index`.
Overview
Key Features
- Chain of Custody (CoC) records — one per stock.lot, auto-created for mining products
- Red-flag screening — CAHRA origin, transporter blacklist, buyer due diligence status
- Immutability after verification — lot, origin pit, quantity, grades locked once verified
- Shipment workflow — draft → loaded → in_transit → exported → delivered → settled
- 9-document checklist — per shipment with mandatory-for-export enforcement
- OECD 5-step coverage — configurable task checklist per step, coverage % per site
- Token-secured buyer portal — scoped read-only access with rate limiting
- Audit pack ZIP — 7-folder structure generated on demand
Configuration
Document Types
Nine document types are seeded (configurable):
- Extraction report (shift log PDF)
- Transport manifest
- Weighbridge ticket
- Assay certificate
- Export permit
- CoC declaration
- Bill of Lading
- Insurance certificate
- OECD risk assessment
Mark each type with Required for Export and/or Required for OECD flags.
Operator Name Redaction
At :menuselection:`Mining Traceability --> Configuration --> Settings`, enable Redact Operator Names to hide shift supervisor and crew names from public-facing PDFs (CoC declaration, portal shipment cards). This setting is on by default.
Usage
CoC Record Lifecycle
CoC records are automatically created when a stock.lot is created for a product with is_mining_product = True. The record starts in draft state.
Red-Flag Screening
Three automatic checks run on CoC creation and on-demand:
- Origin — DRC pits are flagged under_review by default (CAHRA classification). A compliance officer must add mitigation evidence and clear the flag manually.
- Transporter — if the linked transporter is on the blacklist, the CoC is red-flagged.
- Buyer — if the buyer's mining_due_diligence_status is not approved, the CoC cannot be verified.
Verifying a CoC Record
Important
Once a CoC is verified, the following fields become permanently immutable: lot_id, origin_pit_id, quantity_t, and all grade entries. This is enforced at the ORM level — no superuser bypass.
To verify:
- Resolve all red flags (origin cleared, transporter not blacklisted, buyer approved).
- Click :guilabel:`Verify` — state moves to verified.
Shipment Workflow
- Create a shipment and link verified CoC records.
- Upload and approve all 9 required documents in the :guilabel:`Document Checklist` tab.
- Click :guilabel:`Load` — validates all CoC records are in verified state.
- Click :guilabel:`In Transit` → :guilabel:`Export` (blocked until all mandatory docs approved).
- Click :guilabel:`Deliver` → :guilabel:`Settle` after payment confirmation.
Generating an Audit Pack
From the shipment form, click :guilabel:`Generate Audit Pack`. A ZIP file is created with:
shipment-SHP-YYYY-NNNNN/ ├── 00_summary.pdf ├── 01_extraction/ (shift log PDFs) ├── 02_assay/ (assay certificates per lot) ├── 03_transport/ (manifest, weighbridge, transporter licence) ├── 04_export/ (permit, customs, Bill of Lading) ├── 05_coc/ (CoC declaration, OECD diagram) └── 06_oecd/ (5-step coverage per step)
Note
For shipments with audit packs larger than 50 MB, generation runs asynchronously as a background job. A notification is sent when the ZIP is ready to download.
Buyer Portal
To grant a buyer read-only access to their shipments:
- Go to :menuselection:`Mining Traceability --> Portal --> Access Tokens`.
- Click :guilabel:`Create`.
- Select the buyer partner and the specific shipments they may view.
- Set validity dates.
- Share the portal URL: https://{your-domain}/coc/{token}
Portal Security
- Tokens are cryptographically random (43-char secrets.token_urlsafe(32)).
- Rate limited to 10 requests per minute per IP.
- Cross-buyer data leak is actively prevented: a buyer's token requesting another buyer's shipment ID returns HTTP 404.
- Expired tokens return HTTP 410 Gone; revoked tokens return HTTP 403 Forbidden.
Technical Details
OECD 5-Step Coverage
Five steps are seeded (Management Systems, Risk Identification, Risk Mitigation, Audit Readiness, Public Reporting). Each step has configurable tasks. Coverage % per site is computed as:
coverage_pct = (completed_required_tasks / total_required_tasks) × 100
Token Expiry Cron
A daily scheduled action flips portal tokens to expired state once their valid_to date has passed.
See also
- :doc:`../grev_od_mining_production/doc/index`
- :doc:`../grev_od_mining_base/doc/index`
- OECD Due Diligence Guidance
- Support: odoo@grevlin.com
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module