Credentials
Your license is a first-class object
A license is not a string field on a user record. It has a state machine, a renewal cycle, an issuing board, a region, and an expiration that we have to honor at the moment of sealing — not a label we display on a profile page. We treat the credential as the asset it is, with its own lifecycle and its own gate.
Executive summary
Each credential is a row with a strict state machine: claimed → pending verification → verified → expired / suspended. The sealing gate checks current state at the moment of signing — an expired or suspended license fails before any cryptographic operation runs.
Verification flows through the issuing licensing board via direct integration with state boards' license-lookup endpoints — not just an upload-a-photo claim. Renewal tracking surfaces upcoming expirations so a lapsed license never produces a valid-looking seal in your name.
Our commitments
Five rules for the credential
The license is the asset, not the user record
Credentials have their own lifecycle, their own audit trail, their own state machine. A user can hold many; a credential can outlive a user record's mood.
Verification is board-sourced, not self-asserted
Verification flows through the issuing licensing board. We do not stop at 'user uploaded a JPEG.' The board is the canonical source.
The sealing gate checks current state, every seal
Expired, suspended, or not-yet-verified credentials fail the gate before the cryptographic operation runs. Backdated seals against expired licenses are not possible.
Renewal alerts are non-optional, not nag-style
Renewal reminders are scheduled at sensible intervals before expiration. Once expired, sealing is blocked — no grace period, no appeal.
Credential changes are first-class audit events
Every state transition (claim, verify, suspend, renew, expire) is a hash-chained audit event with actor, source, and reason.
Implementation — the lifecycle
The credential state machine
Implementation — board verification
How verification flows through the issuing board
The full picture
What is built, what is being built, and what we chose not to build
Live today
Per-credential lifecycle state machine
LiveStrict transitions; expired/suspended credentials fail the sealing gate.
Direct state-board verification
LiveEngineer credentials verify against issuing-board endpoints today; other professions use Manual, StateAPI, or Integration paths.
Renewal tracking with scheduled reminders
LiveNotifications before expiration; sealing blocks once expired.
Per-credential audit trail
LiveEvery state transition is a hash-chained audit event with actor, source, before/after.
Sealing-gate enforcement at every operation
LiveCurrent state checked at signing time, not just at credential entry.
Building now
Continuing-education (CE) hours tracking
Building nowPer-license CE requirement tracking with provider integration. We plan to gate renewal on CE evidence in CE-enforcement states.
Scoped to states with CE-enforcement boards.
Multi-discipline credential bundles
Building nowA single user holding PE, SE, and architecture credentials across states — bundled view, per-credential rules.
Customer-uploaded supporting documents
Building nowWallet-card image, board-issued certificate, CE transcripts attached to the credential record with the same encryption rules as everything else.
Roadmap
Cross-state reciprocity awareness
RoadmapSurface which states accept which other states' licenses for sealing under reciprocity agreements.
Specialty endorsements
RoadmapTrack sub-discipline endorsements (e.g. structural, transportation) within a parent PE license.
Continuing-education provider integrations
RoadmapPull CE attendance directly from approved providers instead of manual upload.
Considered & rejected
"Self-attested" credentials with no verification
Considered & rejectedA credential the issuing board has not confirmed is not a credential — it is a claim.
Why we rejected it: the seal carries legal weight specifically because the credential behind it is verified. A self-attested layer that produces real-looking seals would undermine the whole platform. We do not ship the appearance of verification.
Grace-period sealing on expired licenses
Considered & rejectedAn expired license cannot legally seal. A grace period is a tool for evading that fact.
Why we rejected it: regulatory bodies do not give engineers a "we forgot to renew" grace period. Neither do we. The renewal alerts give the engineer plenty of warning; once expired, sealing stops.
Cross-customer credential sharing
Considered & rejectedA credential is bound to the licensed individual, not the firm or organization.
Why we rejected it: every "let an admin assign credentials to subordinates" is a way for one person to seal in another person's name. The credential lives with the licensed individual; firms see it through the membership relationship, not by ownership.
Storing the original wallet card image and using it as the visual stamp
Considered & rejectedPhotographs of physical stamps look like photographs at any zoom. Vector renders look like ink.
Why we rejected it: a digital seal that is a low-res scan undermines the professionalism of the signed document. We render a vector stamp at seal time. The wallet card image is a verification artifact, not the visual asset.
Compliance mappings
Controls this surface satisfies
User Access Management
Per-credential lifecycle gates sealing access
Review of user access rights
Periodic re-verification against the issuing board
Identification of applicable legislation
Per-region license verification respects state-specific requirements
Active license required for sealing
Sealing gate enforces state-specific active-license requirements
Limiting access to authorized individuals
Sealing requires a current, verified credential
For compliance teams
Questions you do not need to call to ask
What happens when a license expires mid-project?
Which licensing boards do you verify against?
How often is verification re-checked?
Can an organization admin grant credentials to a member?
What if a board's verification system is down?
How is reciprocity handled?
A credential is the asset, not a label
See your credentials managed with the lifecycle they deserve.