Certificate Generator & Verifier

The problem this kills

You run training. People finish a course or pass an exam, and now you owe them a certificate. So you open a slide template, retype someone's name, fiddle with the date, export a PDF, and email it. Multiply that by a cohort of forty and it eats an afternoon. Worse, three months later an employer or auditor emails you: "Someone handed us this certificate - is it real?" You dig through your sent folder, hope you can find it, and squint at whether the dates match.

And anyone with the PDF can change the name in a free editor and pass it off as their own. You have no way to prove which certificates you actually issued, and no clean way to say "that one was revoked."

This tool fixes all of that. Completions go in, you approve issuance, and out comes a professional, branded certificate with a unique code that anyone can check on a public page - real, expired, or revoked - without exposing anyone's private data.

What you'll build

A small, secure web app for your team:

• A login so only your training team can issue certificates.
• A place to record (or import) completions: who finished what, and when.
• An approval gate: you review each certificate - or a whole batch - before anything is generated or emailed.
• A generator that builds a branded PDF with the learner's name, course, issue date, expiry date, and a unique verification code plus a scannable QR.
• Automatic email delivery to the learner via Resend, with the PDF attached and a verify link.
• Secure storage of every issued certificate.
• A public verify page: paste a code or scan the QR, and it confirms "valid," "expired," or "revoked" - showing only name, course, date, and status.
• One-click revocation (with approval) that instantly flips the verify page to "revoked."
• A CSV export of every issued certificate for your records.

What's inside the Implementation Plan

The plan is a single file you paste into an AI coding agent (Claude Code). It does the building; you steer.

Crucially, it opens by interviewing you about your business - your courses, how completions reach you today, your naming and code conventions, how long certs stay valid, who is allowed to approve, and your messy edge cases (retakes, name changes, partial completions). It reflects a short tailored spec back to you and waits for your thumbs-up before writing a line of code. You get a tool shaped around how you actually run training - not a generic template you have to bend to fit.

From there it walks you step by step: set up the database, build the login, build the completion intake, build the approval gate, wire up the PDF generator and the verification code, connect Resend, build the public verify page and revocation, and finish with the CSV export. Every step ends with a ready-to-paste prompt.

The governance it includes (this is the point)

This is not a toy. The plan bakes in the controls a compliance team needs:

• Login so only your team can issue or revoke certificates.
• Row-level security so each organization only ever sees its own learners and certs.
• A complete audit trail: who recorded the completion, who approved issuance, who revoked - and exactly when.
• A hard human-in-the-loop approval gate: the tool drafts the certificate, a person reviews and approves, and only then is it generated and emailed.
• Duplicate guards: the same learner + course + completion date can't quietly produce two live certificates, while revocation history is kept.
• Unguessable verification codes and a public verify page that never leaks private data beyond name, course, date, and status.

Who it's for

Training providers, internal academies, L&D teams, and compliance functions who hand out certificates and keep fielding "is this one real?" questions. If you can write clear instructions and follow steps, you can build this - no coding background required.

You've got this. Open the plan, paste the first prompt, and let the agent interview you.