QARDL — AIEP Proof of Identity
QARDL is the first product to use AIEP as a proof-of-identity layer.
It is a professional identity verification platform for UK tradespeople, contractors, and regulated professionals. Every identity claim — a CSCS card, a Gas Safe registration, a legal society number — is committed as a GENOME evidence artefact, chain-linked, divergence-checked, and optionally attested under the AIEP governance protocol.
The result: a cryptographically verifiable professional identity card that can be shared, scanned, or machine-queried. Its integrity is not an administrative claim. It is a structural property of how the system works.
The problem QARDL solves
Professional credentials in the UK trades and construction sector are widely abused. CSCS cards are forged. Gas Safe numbers are impersonated. Insurance certificates are doctored. Verification is manual, slow, and often never done before contractors step on site.
Downstream, the consequences are severe: unqualified workers on live electrical systems, uninsured contractors causing disputes that take years to resolve, professional bodies unable to enforce membership requirements.
QARDL makes credential fraud structurally harder by anchoring identity to cryptographic evidence rather than a paper card or a phone call.
What QARDL delivers
| Credential type | Verification mechanism |
|---|---|
| Companies House registration | Live API lookup → P37 divergence check |
| RICS / CIOB / ICE / RIBA membership | Document upload → P46 attestation |
| Gas Safe / NICEIC / CSCS number | Document upload → P41 artefact |
| Law Society membership | Document upload → P41 artefact |
| Email / phone | OTP verification |
Each verified field contributes to a governance level (P89):
| Level | What it means |
|---|---|
unverified | Identity created, no credentials verified |
document_submitted | At least one credential document submitted |
verified | Primary identity claim independently confirmed (e.g. Companies House) |
aiep_attested | AIEP node attestation issued — highest trust tier |
The governance logic is deterministic. The system computes the earned level from the set of verified fields. It cannot be manually overridden.
The evidence architecture
Every QARDL claim produces a GENOME artefact:
artefact_hash = sha256(lpConcat(
canonical_utf8(artefact_id),
canonical_utf8(schema_id),
canonical_utf8(canonical_json(payload))
))
Each artefact is appended to the entity’s chain ledger (P80):
chain_hash = sha256(lpConcat(artefact_hash, prev_chain_hash))
The chain starts with a "GENESIS" sentinel and grows with every mutation. The full chain is deterministically replayable from the ledger (P83) — any third party can verify that the chain has not been altered.
Divergence detection (P37)
Every time a professional queries a third-party authority — such as Companies House — QARDL compares the new source data against the stored evidence. If the hashes differ, a divergence proof is recorded:
divergence_proof_hash = sha256(lpConcat(hash_a, hash_b))
Source A and source B are both preserved. The divergence is not hidden. It is committed to the record.
Attestation (P46)
Once a profile reaches verified level, an AIEP node can issue an attestation record — a time-bounded, signed commitment that the profile met the evidence standard at the time of attestation:
attestation_hash = sha256(lpConcat(
entity_id, profile_artefact_hash, node_id, attested_at
))
Attestations expire. An expired attestation is not a valid attestation. There is no ambiguity.
Mirror publication (P134)
Verified profiles are published as canonical mirror artefacts — machine-readable JSON documents at a deterministic URL:
/.well-known/aiep/mirror/{qic}
Any relying party — a contractor management system, a site access gate, a procurement platform — can query the mirror directly and verify the hash chain independently.
QARDL Identity Cards (QIC)
Each entity receives a QARDL Identity Code:
QARDL-{TYPE}-{6hex}-{check}
Examples:
QARDL-USR-3a8f1c-7 (individual tradesperson)
QARDL-ORG-b72d04-3 (company)
QARDL-AGT-c91f22-9 (AI agent identity — P118)
The 6-character hex prefix is derived from the GENOME hash of the entity’s identity record. The check digit is Luhn mod-10 over the hex digits. The QIC is stable, short enough to print on a physical card, and independently verifiable.
Architecture
QARDL is built on the same CF-edge stack as Forecast:
- Runtime: Cloudflare Workers + Hono 4.4 (edge-first API)
- Database: Cloudflare D1 (10 migrations, full relational model)
- Storage: Cloudflare R2 (credential documents)
- Sessions: Cloudflare KV (OTP hashes, 10-min TTL)
- Frontend: React 18.3 + Vite 5.2 (Cloudflare Pages)
- Auth: OTP email → HMAC-SHA256 JWT (24h, no refresh). No secrets in client bundle.
- GENOME substrate:
@qardl/genome— SHA-256/hex-lower, NFC, lexicographic keys,lpConcat(length-prefixed 8-byte BE) - Monorepo: pnpm workspaces —
@qardl/genome,@qardl/identity,@qardl/ledger,@qardl/verification,@qardl/mirror
All GENOME primitives implement the invariants from GENOME_LOCKFILE.json. They run identically in Cloudflare Workers, browsers, and Node test environments.
AIEP protocol coverage
| Spec | Mechanism | Where |
|---|---|---|
| P37 | Divergence proof on every re-verification | @qardl/verification, /verification/companies-house |
| P39 | Canonical schema pinning — artefact hash binds to schema_hash | @qardl/genome/schema-registry, all buildArtefact calls |
| P41 | Canonical artefact on every mutation | @qardl/genome, all write handlers |
| P46 | Time-bounded attestation records | @qardl/verification, /verification/attest |
| P80 | Chain ledger (append + get) | @qardl/ledger, all write handlers |
| P83 | Deterministic replay audit | @qardl/ledger, /genome/audit/:qic |
| P89 | Governance levels (4-tier, computed) | @qardl/identity, all level assignments |
| P118 | Agent-type entity identity (AGT QIC) | @qardl/identity, /auth/register |
| P134 | Mirror artefact generation | @qardl/mirror, /genome/mirror/:qic |
| P142 | Mirror network index | /.well-known/aiep/mirror/ index |
| P144 | Sovereign node manifest | /.well-known/aiep/manifest |
| P147 | Evidence freshness decay — expired verifications excluded from level | @qardl/verification/freshness, computeEarnedLevelFromStatuses |
Forecast integration
QARDL and Forecast are integrated: a Forecast tenant can link its contractor and consultant records to QARDL QICs. The qardl_identity_links table records the link, and the /api/v1/qardl/sync endpoint re-fetches the current verification level on demand.
The pattern is replicable across any AIEP vertical: any platform that manages people can query QARDL for a live, chain-verified identity signal without re-implementing verification from scratch.
Status
QARDL is under active development as an AIEP reference identity product.
- Source:
repos/private/qardl(private — publication gated on patent filing) - Stack: Cloudflare Workers · D1 · R2 · KV · React 18
- GENOME substrate: ✓ Active (
@qardl/genome) - Chain ledger: ✓ Active (P80 + P83)
- Divergence detection: ✓ Active (P37)
- Attestation: ✓ Active (P46)
- Mirror generation: ✓ Active (P134)
- CI/CD: ✓ GitHub Actions (typecheck → test → build → GENOME integrity → deploy)
QARDL and AIEP
QARDL demonstrates the AIEP thesis at the identity layer: that building professional verification on a governed evidence substrate makes trust a structural property of the system, not a manual process that depends on a phone call.
The QIC is a machine-readable, cryptographically bound identity handle. The chain is deterministically replayable. The divergence record is permanent. The attestation expires on a known date.
There is no ambiguity about what was claimed, when, and with what evidence. That is the AIEP guarantee.
Forecast covered the contract layer. QARDL covers the identity layer. Together they form the first two verticals of the AIEP application stack.