Skip to main content

Product/Solution/Code Quality Certification System

1. Overview

Quality Certification transforms fragmented quality signals across your entire product build into a single, authoritative certificate that proves your solution meets professional standards. The system aggregates evidence from design reviews, code analysis, and security checks, then benchmarks your work against hundreds of completed projects. This gives you a professional quality report you can share with investors, clients, or technical partners - backed by peer rankings, ISO 25010 compliance mappings, and a tamper-proof audit trail.

2. Step-by-Step Guide

Requesting a Quality Certificate
  1. Navigate to your project - From your Dashboard, open the job you want certified. Only admins can request certification.
  2. Trigger certification - The system runs automatically after implementation delivery, or admins can manually request certification via the API: POST /api/v1/quality-certification/certify for async processing or POST /api/v1/quality-certification/certify/sync for immediate results.
  3. Monitor progress - Check certification status at GET /api/v1/quality-certification/status/:jobId. The system reports progress percentage (0-100) while processing.
  4. Review the certificate - When complete, fetch results at GET /api/v1/quality-certification/latest. You receive both a JSON certificate with scores and a professional markdown report.
  5. Examine your scores - The certificate breaks down 8 quality dimensions: Functional Completeness, Reliability, Security Resilience, Maintainability, Performance Efficiency, Usability, Portability, and Code Quality. Each dimension scores 0-100.
  6. Check peer rankings - See how your project compares to all completed jobs platform-wide. If 20+ projects exist, you get an overall percentile ranking. If 10+ projects share your ICP category, you also get cohort-specific ranking.
  7. Download the report - The markdown report includes executive summary, dimension breakdowns, ISO 25010 mappings, peer comparisons, adversarial evaluation findings, calibration proof, and complete audit trail. Share this with stakeholders.
Understanding Your Certificate
  1. Review dimension mappings - Each dimension maps directly to ISO/IEC 25010:2023 quality characteristics, letting independent auditors verify the assessment methodology.
  2. Check calibration status - The certificate shows whether the scoring system passed internal calibration. PASSED means all quality guardrails are working correctly.
  3. Verify audit trail - Every step in the certification process is hash-chained. Anyone can verify no tampering occurred by checking that each entry’s hash links correctly to the previous entry.

3. Common Questions

How does peer ranking work? Your overall score is compared against all completed jobs on the platform using Wilson score intervals for statistical confidence. If fewer than 20 jobs exist total, the system reports “Insufficient peer data” instead of a percentile. For cohort-specific ranking (your ICP category only), at least 10 jobs in that category are required. Rankings appear in your certificate as percentiles (e.g., 73rd percentile means you scored better than 73% of comparable projects). What happens if I skip adversarial evaluation? You can request certification with skipAdversarial: true to run only static analysis and peer assessment. This completes in under 10 seconds instead of 60 seconds. However, the adversarial AI evaluation (Red Team/Blue Team/Auditor pattern) specifically hunts for quality gaps that static analysis misses. Skip it only when speed matters more than depth - for example, during iterative development before final delivery. What is calibration and why does it matter? Before scoring your project, the system runs 10 calibration canaries through the same rubric. These are known-bad configurations designed to fail - like missing all design documents or having 50+ lint errors. If any canary incorrectly passes, the certificate is flagged CALIBRATION_FAILED and you should not trust the scores. This prevents the system from rubber-stamping low-quality work due to scoring drift or bugs. Can clients verify my certificate independently? Yes. The certificate includes ISO 25010 mappings for every dimension, methodology disclosure listing all frameworks and anti-bias controls, and a hash-chained audit trail. Any technical auditor can verify (1) which quality standards were applied, (2) that the process matches industry frameworks, and (3) that no entries were modified after certification. The markdown report is specifically formatted for external review. What if I disagree with my scores? The system applies the evidence-or-zero rule - any dimension without specific evidence scores 0 points and receives a penalty. If scores seem low, check whether all artifacts exist: Business Requirements Specification (BRS), Functional Requirements Specification (FRS), Functional System Design (FSD), Technical System Design (TSD), and Specification certificates must be present and approved. Code quality checks (lint, security scans, test coverage) must also pass. Missing evidence is the most common cause of low scores.

4. Troubleshooting

Certificate shows “Insufficient peer data” for percentile ranking The platform needs at least 20 completed jobs total for overall percentile ranking, or 10+ jobs in your specific ICP category for cohort ranking. Early in the platform’s lifecycle, peer statistics may not be available. You can still use the absolute dimension scores (0-100) and ISO 25010 mappings. Check GET /api/v1/quality-certification/peer-stats to see current score distributions - this helps you understand your scores even without percentile ranking. Calibration status shows FAILED One or more calibration canaries incorrectly passed the quality threshold. This indicates a scoring system malfunction. Do not share the certificate with external parties. Contact platform support immediately - this requires admin investigation into the scoring rubric or evidence collection system. A failed calibration means the certificate cannot be trusted. Certification takes longer than 60 seconds Synchronous certification (/certify/sync) should complete within 60 seconds. If it times out, the issue is likely adversarial AI evaluation taking too long due to high platform load. Switch to async certification (POST /api/v1/quality-certification/certify) which returns a job ID immediately, then poll status with GET /api/v1/quality-certification/status/:jobId. Async certification handles heavy processing in the background without blocking your session. Non-admin user gets 403 Forbidden Only platform admins can request quality certification. If you’re a project founder or team member, ask your assigned admin (typically your Sherpa or account manager) to run certification for you. This restriction prevents premature or unauthorized certification requests before proper reviews are complete. Security Certification (Feature 062) - Runs specialized security scans and generates a security-focused certificate separate from overall quality. Security Certification feeds its findings into the Quality Certification system under the Security Resilience dimension. If you’re delivering to security-conscious clients, run both certifications. Planning Review & Approval - Before certification makes sense, your Business Requirements Specification, Functional Requirements Specification, and design documents need Sherpa approval. Quality Certification aggregates evidence from these planning artifacts. Complete the planning review cycle first to ensure your certificate has sufficient evidence to score well. Data Room Document Management - Your quality certificate and markdown report can be saved directly to your project’s Data Room for investor or client access. Use POST /api/v1/brief-quality-assessment/quality-assessments/:assessmentId/save-to-data-room after certification completes. This centralizes all quality documentation in one secure, organized location.