Everything You Need. Nothing You Don't.

Per-panel damage findings with type (dent, scratch, crack, paint chip, missing, misalignment, rust) and severity (none, light, medium, severe). Opt-in per policy via damageMode — existing parking and POD policies are unaffected.

• 11 damage types, 4 severity grades
• Bounding boxes for every finding
• Confidence and panel coverage area per finding
• Cloud VLM today, on-device on the roadmap

Damage findings transform automatically into industry-standard grading frameworks. AIAG codes for North American finished-vehicle logistics, K1–K5 for European leasing. Pure server-side transform, no extra API calls.

• AIAG body code coverage (LFD-DT-2, etc.)
• K1 (no damage) through K5 (structural)
• Auto-computed from damage_findings
• Configurable thresholds per customer

Turn damage findings into dollar repair estimates via Mitchell Cloud Estimating API. Aggressive server-side caching, fail-soft if Mitchell times out. GT Motive (EU) on roadmap.

• Mitchell parts + labor database
• Per-customer + per-region pricing
• Cached `verify_ai_repair_catalog_cache`
• Verification still returns if vendor is down

Pair a check-out verification with a check-in verification and the engine surfaces only new damage attributable to the rental. IoU>0.3 matching with panel-not-visible exclusion to suppress false positives from differing angles.

• Diff buckets: new, worsened, improved, unchanged
• Vehicle pairing by inspection_session_id or VIN
• Repair-cost estimate on the delta
• Designed for rental + leasing dispute defense

Send a renter, claimant, or driver a single signed URL. They open it in mobile Safari or Chrome, are walked through each required shot, and sign on completion — no app install. Token-authenticated, HMAC-signed, DB-hashed for revocation.

• Zero-install end-user capture
• Per-customer branding (logo, colors, footer)
• EN / ES / FR / DE locales out of the box
• Resend, expire, revoke from API or dashboard

Branded PDFs with annotated damage overlays, vehicle block (VIN / plate / timestamp), and signature panel. Cached to private Supabase storage; signed URL on demand. Renders the damage section automatically when damageMode is on.

• Server-side @react-pdf/renderer
• sharp-composited damage bbox overlays
• Severity-colored annotations
• Inline preview + download link

Read VIN and plate from a single photo. ISO-3779 checksum validation, then NHTSA vPIC decode to make / model / year / trim — cached indefinitely. Privacy guardrail: we never look up plates against owner databases.

• Gemini structured-output extraction
• ISO-3779 VIN checksum
• Free NHTSA vPIC decode + cache
• No plate-owner lookups, ever

Scope verifications to specific sites (yards, dealer lots, depots). Org owners and admins see everything; site managers and viewers only see their assigned sites. Site resolution from metadata.site_external_id or X-Verify-Site-Id.

• Org owner / admin / site manager / site viewer roles
• Nullable site_id — flat orgs keep working
• Per-site KPI dashboards
• Audit-logged role changes

Low-confidence and non-compliant verifications open an exception automatically. Assign to a teammate, add notes, mark resolved or dismissed. Every state transition is audit-logged.

• DB trigger auto-opens on confidence<0.85
• Idempotent: UNIQUE on verification_id
• Status flow: open → assigned → resolved / dismissed
• Filterable by site, status, assignee

Append-only log of every state-mutating action across the dashboard and API: API key rotations, member changes, policy edits, integration deliveries, exception transitions. Built for the SOC 2 Type II audit that's currently in progress.

• Action / resource / actor / IP / user_agent captured
• Searchable, filterable viewer
• Service-role inserts only
• Customer members read-only via RLS

Push verification events into claims platforms. Adapter registry pattern with retry queue (1m / 5m / 30m / terminal). Guidewire ClaimCenter adapter stub shipped; Duck Creek and Mitchell on roadmap.

• verify_ai_integrations + verify_ai_integration_deliveries
• Credentials in Supabase Vault
• Customizable field mappings
• Same retry pattern as outbound webhooks

Signed-URL CSV or JSON exports of verifications, exceptions, or audit log for downstream BI. 50,000-row cap per request; respects site-scoping. v2: direct connectors via Fivetran / Stitch.

• 3 scopes: verifications, exceptions, audit_log
• since / until date filters
• Signed URL with 1-hour TTL
• Roadmap: NDJSON + scheduled exports

Conversational photo capture over Twilio WhatsApp Business API. State-machine guides the user through each shot (greeting → consent → instructions → captures → review → submitted). Critical for markets where WhatsApp is the default channel.

• HMAC-SHA1 signature verification
• Twilio media download + processing
• 24h idle → abandoned
• Consent + opt-out keyword handling

Extract bill-of-lading fields from a photo: BOL number, PRO, weight, freight class, addresses, pieces. Powers chargeback-defense automation. Gemini structured-output with Zod-validated response.

• BOL number + PRO extraction
• Weight, freight class, pieces
• Ship-from + ship-to addresses
• Confidence score per extraction

Auto-draft dispute letters for Walmart OTIF, Amazon Vendor, Target, Kroger deductions. 10 prebuilt templates seeded; customer-specific templates take precedence. Dispute drafter joins verification → shipment → template.

• 10 seeded templates (Walmart 22/24/25/90/MABD, Amazon 5/8/11, Target, Kroger)
• Mustache-style placeholders
• Customer overrides for retailer-specific language
• SupplyPike outcome webhook (preview)

Adapter stubs ship with the documented config shape for McLeod LoadMaster (REST/IFS) and SupplyPike (Bearer + HMAC inbound webhook). Wire them to your tenant credentials when ready. Cargowise + MyEZclaim on roadmap.

• Stubbed runtime — throws until configured
• Documented IntegrationAdapter interface
• Per-tenant config in verify_ai_integrations
• Same retry framework as Cluster 3

Ship different models per asset type, region, customer, or app version. Production / canary / shadow tiers with sticky bucketing via SHA-256 hash of customer_id + device_id. Roll out canaries to 10% of traffic, monitor, promote.

• Targeting JSON: asset_types, regions, app_version, customer_ids
• Canary weights with sticky hashing
• Shadow tier: served only to drift evaluator
• ETag-cached SDK download

Population Stability Index over feature + result distributions, computed hourly against a reference snapshot taken at promotion. Sentry alert on PSI > 0.25. Cleanup of recent_inferences runs in the same cron tick.

• Hourly /api/cron/ml-drift
• Reference snapshot at model promotion
• <0.1 stable / 0.1–0.25 minor / >0.25 alert
• 7-day TTL on recent_inferences

Per-frame verification endpoint for fixed drive-through cameras. QR-pair flow mints a long-lived stream_token (bcrypt-hashed in DB) from a short-lived one-time code. Sync verification result returned in <800ms.

• X-Stream-Token header auth
• 10-minute pairing-code TTL, single-use
• Per-stream policy_id binding
• Multi-camera correlation on roadmap

Train your own RT-DETRv2-derived detector on a custom policy. Datasets in verify_ai_ml_samples (COCO JSONB), training via the ml/ Python pipeline, bundle registration via register_bundle.py. Lineage tracked at the bundle level (git_sha, training_dataset_id, gold_eval_results).

• RT-DETRv2-S base architecture
• CoreML + TFLite + ONNX multi-format export
• Per-bundle lineage tracked
• Most customers don't need this — start with shared models