External License & Credential Registry

The problem this kills

Somewhere right now, someone on your team is one expired card away from a problem. The forklift cert lapsed last month. The food-handler permit renews in two weeks and nobody knows. A driver's CDL expired and they're still scheduled for routes. You find out when an auditor, an inspector, or an incident finds out for you.

Most teams "track" external licenses in a spreadsheet that nobody updates, a folder of photographed cards, or somebody's memory. There's no difference between a license someone claims to hold and one you've actually verified. There's no reminder before expiry. And there's no automatic check that the people doing licensed work are actually licensed to do it.

This plan kills that gap. It builds you a real registry that knows what's verified, what's expiring, and who's working without a valid credential - and tells you before it becomes someone else's headline.

What you'll build

An internal web app, just for your team, where:

• Credentials get loaded - employee, license type, issuer, number, scope, issue and expiry dates, plus a photo of the card or certificate stored securely.
• Each credential starts as claimed and only becomes verified after a person confirms it's genuine (they saw the card or checked the issuer's registry) and approves it.
• Expiry dates are tracked, and renewal reminders go out automatically by email before things lapse.
• The roles that require a license are cross-checked against who actually holds a valid, verified one - so anyone licensed-on-paper-only gets flagged.
• Renewals are re-verified before the record updates, so a fresh photo and a new expiry date don't sneak in unchecked.
• The entire registry exports to a clean CSV for audits, reports, or your system of record.

What's inside the Implementation Plan

The plan is a single file you paste into an AI coding agent (Claude Code), and it builds the tool with you step by step - no coding experience needed.

It opens by interviewing you about your business - your license types, your issuers, how your employee IDs and license numbers are formatted, which roles require which credential, your typical and peak volumes, and your messy edge cases (provisional licenses, out-of-state reciprocity, grace periods). It reflects a short tailored spec back to you for a thumbs-up before it builds anything, so you get a registry shaped around how you actually work - not a generic template you have to fight.

From there it walks through: the database and security, the claimed-vs-verified workflow, the verifier approval gate, expiry tracking and email reminders, the licensed-role cross-check, the renewal re-verification flow, and the CSV export. Every build step ends with a ready-to-copy prompt.

The governance it includes (this is the point)

This isn't a toy. The plan builds in the controls that make a credential registry trustworthy:

• Login so only your team can use it.
• Row-level security so people only ever see their own organization's records.
• A complete audit trail - who loaded, verified, renewed, or changed each credential, and when.
• A human-in-the-loop approval gate - the tool drafts and stages, but a verifier must confirm a license is genuine before it counts as verified. The AI never marks something verified on its own.
• Duplicate guards so the same credential (employee + license type + license number) can't be entered twice.

Who it's for

Ops and safety managers and HR teams who have to ensure staff hold valid external licenses to legally do their jobs - and who'd rather find the lapse themselves, early, than have a regulator find it. If you can fill in a spreadsheet, you can build this.

You've got this - paste the first prompt and let's build it.