Trust State Register
Institutional trust surface for VitalCV credential verification
Doctrine v1.0 · pilot · did:web:vitalcv.com
Proof Tier Vocabulary
T1 · Self-Asserted
Clinician-provided, not verified
T2 · Inferred
Derived from verified data
T3 · Source Checked
Checked against authoritative source
T4 · Issuer Signed
Cryptographically signed by issuer
State Vocabulary
ANONYMOUS PREVIEWExploratory, unowned — no lineage attribution
OWNED SNAPSHOTAttributed, replay-visible — full lineage chain
SIGNED INSTITUTIONAL ARTIFACTCryptographic plane — issuer-signed, T4 capable
ANONYMOUS PREVIEW
Anonymous Preview
Exploratory view — no ownership attribution, no lineage, no replay. All slots are unbound.
OBJECT
NPPES Identity
OWNERSHIP
─ ─ ─
CHECKED_AT
─ ─ ─
CHANNEL
CMS NPPES Registry
REPLAY
─ ─ ─
RUN_ID
──────
T1 · Self-Asserted
OBJECT
OIG Exclusions
OWNERSHIP
─ ─ ─
CHECKED_AT
─ ─ ─
CHANNEL
OIG LEIE
REPLAY
─ ─ ─
RUN_ID
──────
T1 · Self-Asserted
OBJECT
State License
OWNERSHIP
─ ─ ─
CHECKED_AT
─ ─ ─
CHANNEL
State Board
REPLAY
─ ─ ─
RUN_ID
──────
T1 · Self-Asserted
OWNED SNAPSHOT
Owned Snapshot
Attributed to vcv-system. Lineage is visible; replay is tracked. Source checks applied.
OBJECT
NPPES Identity
OWNERSHIP
vcv-system
CHECKED_AT
2026-05-25 18:00:09 UTC
CHANNEL
CMS NPPES Registry
REPLAY
─ ─ ─
RUN_ID
0299f879
T3 · Source Checked
OBJECT
OIG Exclusions
OWNERSHIP
vcv-system
CHECKED_AT
─ ─ ─
CHANNEL
OIG LEIE
REPLAY
─ ─ ─
RUN_ID
0299f879
T1 · Self-Asserted
OBJECT
✓ No Adverse Findings
OWNERSHIP
vcv-system
CHECKED_AT
2026-05-25 18:00:09 UTC
CHANNEL
OIG LEIE
REPLAY
─ ─ ─
RUN_ID
0299f879
T3 · Source Checked
REPLAY CONTINUITYfirst run — no prior lineage
SIGNED INSTITUTIONAL ARTIFACT
Signed Institutional Artifact
Cryptographic plane. Issuer-signed, T4 capable, replay survivable. Full lineage chain.
OBJECT
NPPES Identity
OWNERSHIP
vcv-es256-prod-1
CHECKED_AT
2026-05-25 18:00:09 UTC
CHANNEL
CMS NPPES Registry
REPLAY
Continuity confirmed
RUN_ID
0299f879
T4 · Issuer Signed
OBJECT
Receipt Issued
OWNERSHIP
did:web:vitalcv.com
CHECKED_AT
2026-05-25 18:00:09 UTC
CHANNEL
VitalCV Issuer
REPLAY
Replay survivable
RUN_ID
0299f879
T4 · Issuer Signed
OBJECT
✓ No Adverse Findings
OWNERSHIP
vcv-es256-prod-1
CHECKED_AT
2026-05-25 18:00:09 UTC
CHANNEL
OIG LEIE
REPLAY
─ ─ ─
RUN_ID
0299f879
T3 · Source Checked
REPLAY CONTINUITYfirst run — no prior lineage
Issuer Continuity
Issuer
did:web:vitalcv.comKey Fingerprint
vcv-es256-prod-1verify →
EC P-256 · ES256 · ActiveLast Rotation
N/A
Verify issuer →
/.well-known/did.json · did:web:vitalcv.com
machine-readable: /.well-known/trust-register
Trust Doctrine
Anonymous readsPUBLIC
Anonymous writesREJECTED — 401
Authenticated writesATTRIBUTABLE — actor_id required
Replay lineageCOHERENT — Prisma upsert, dedupeKey
Verifier continuityPUBLIC — no auth required
Signed issuanceATTRIBUTABLE — azp + vcv.actor_id in JWT
Degraded-state semanticsEXPLICIT — dashed borders, no opacity
Infrastructure Continuity
Replay survivabilityConfirmed — Prisma upsert deduplication
Receipt continuityActive
Verifier Guarantees
✓You can verify any VitalCV receipt without contacting VitalCV.
✓Public key published at /.well-known/jwks.json.
✓DID document at /.well-known/did.json.
✓No API key required for verification.
Live Operational Status
Independently verifiable. No auth required.
Machine-Readable Endpoints
| Endpoint | Description | Auth |
|---|---|---|
| /.well-known/jwks.json | Public signing keys | None |
| /.well-known/did.json | W3C DID document | None |
| /.well-known/openid-credential-issuer | OID4VCI metadata | None |
| /.well-known/trust.json | Trust manifest | None |
| /.well-known/trust-register | Machine-readable doctrine | None |
| /trust/graph | Verifier-readable trust graph | None |
| /trust/schema | Trust graph schema reference | None |
| /trust/doctrine | Replay contract doctrine | None |
| /api/receipts/verify | Verify a receipt JWT | None |