SHREYAS_AGARWAL //
DOM: DATA_INFRASTRUCTURE
BACK_TO_PROJECTS
CASE_STUDY

State-Driven Document Stamping Engine

Deterministic engineering compliance engine converting fragile Autodesk markups into server-side burned cryptographic stamps with automated, field-scannable QR version tracking.

Node.jsTypeScriptFinite State Machines (FSM)PDF-LibAutodesk Cloud Webhooks
EVIDENCE_ENGINE
DEMO_RECORDING
SYSTEM_TOPOLOGY
SECTION_A
100% Immutable
DOCUMENT_COMPLIANCE_INTEGRITY
0% (RBAC Guarded)
UNAUTHORIZED_STAMP_USAGE
Instant via QR
ON-SITE_VERSION_VERIFICATION
~70%
REVIEW_CYCLE_ACCELERATION

Overhauled the insecure, manual Autodesk markup review cycle by designing an automated, server-side PDF manipulation engine. The platform listens for review approval states via webhooks, cryptographically flattens roles-verified stamp profiles directly into the drawing's binary layers to prevent tampering, and appends a dynamic verification QR code. This gives on-site field engineers instant security validation over blueprint recency, completely eliminating out-of-date documentation usage errors on active construction sites.

SECTION_B

Native cloud workflows treat drawing approvals as client-side vector markups. This introduces structural compliance risks: stamps can be accidentally edited or maliciously deleted by downstream vendors, stamp access cannot be gated by Roles, and printed field blueprints lack a dynamic mechanism to confirm if they represent the latest approved revision. The challenge lay in intercepting drawing approvals via webhooks, cryptographically flattening multi-party signatures permanently into the PDF binary, and embedding dynamic version-tracking metadata.

SECTION_C
NDA_COMPLIANT_PSEUDOCODE
// Server-Side Immutable FSM Drawing Stamper & Dynamic Version Controller
// NDA-compliant architectural abstraction

type StampState = "PENDING_REVIEWER" | "PENDING_AUTHORITY" | "STAMPED_APPROVED" | "REJECTED";

interface DrawingMetadata {
  documentId: string;
  version: number;
  isLatest: boolean;
  projectHub: "DLF" | "5DVDC";
}

class CryptographicStampingEngine {
  /**
   * Evaluates state machine transitions. 
   * Enforces strict RBAC to ensure unauthorized entities cannot execute high-clearance stamps.
   */
  public handleStampTransition(currentState: StampState, event: string, actorRole: string): StampState {
    const rbacMatrix: Record<StampState, { allowedRoles: string[]; nextState: StampState }> = {
      PENDING_REVIEWER: { allowedRoles: ["BIM_Coordinator", "VDC_Lead"], nextState: "PENDING_AUTHORITY" },
      PENDING_AUTHORITY: { allowedRoles: ["Project_Architect", "Consultant"], nextState: "STAMPED_APPROVED" },
      STAMPED_APPROVED: { allowedRoles: [], nextState: "STAMPED_APPROVED" },
      REJECTED: { allowedRoles: [], nextState: "REJECTED" }
    };

    const rules = rbacMatrix[currentState];
    if (!rules || !rules.allowedRoles.includes(actorRole)) {
      throw new Error(`Security Violation: Role ${actorRole} cannot transition state from ${currentState}`);
    }

    return event === "APPROVE" ? rules.nextState : "REJECTED";
  }

  /**
   * Modifies the underlying PDF binary. 
   * Burns the visual stamp asset permanently into the page layer to prevent downstream removal,
   * and appends a server-generated QR code linking to the live version verification registry.
   */
  public async burnImmutableStampAndQR(
    pdfBuffer: Buffer,
    actorName: string,
    metadata: DrawingMetadata
  ): Promise<Buffer> {
    // Abstraction using pdf-lib or native binary manipulation server-side
    const pdfDoc = await PDFDocument.load(pdfBuffer);
    const pages = pdfDoc.getPages();
    
    for (const page of pages) {
      const { width, height } = page.getSize();
      
      // 1. Burn permanent visual approval text directly onto the pixel coordinate map
      page.drawText(`OFFICIALLY APPROVED BY: ${actorName} | DATE: ${new Date().toISOString()}`, {
        x: 50,
        y: height - 50,
        size: 10,
        font: await pdfDoc.embedFont(StandardFonts.Helvetica_Bold),
        color: rgb(0, 0.5, 0.1) // Compliant structural green
      });

      // 2. Generate and embed dynamic verification QR code payload
      // On-site construction crews scan this token to check 'isLatest' dynamically on mobile
      const verificationUrl = `https://verification.etis.suite/verify/${metadata.documentId}?v=${metadata.version}`;
      const qrImageBuffer = await this.generateQRBuffer(verificationUrl);
      const embeddedQr = await pdfDoc.embedPng(qrImageBuffer);
      
      page.drawImage(embeddedQr, {
        x: width - 120,
        y: height - 120,
        width: 70,
        height: 70
      });
    }

    return await pdfDoc.save();
  }

  private async generateQRBuffer(url: string): Promise<Buffer> {
    // Concrete serverless QR generation abstraction returning raw buffer stream
    return Buffer.from([]); 
  }
}