Skip to main content
AMO CertVault is a production-grade certificate management system designed for aviation AMOs. It uses AI to extract, validate, and organise aircraft spares certificates — EASA Form 1, FAA 8130-3, COC, CRS, and more.

Introduction

AMO CertVault digitises the certificate management workflow for Aircraft Approved Maintenance Organisations. Upload a PDF certificate, and the AI engine automatically extracts part numbers, serial numbers, suppliers, dates, and certificate types — even from multi-item documents with dozens of line items, including kit/overhaul sub-components.
Why CertVault? Aviation AMOs handle hundreds of certificates monthly. Manual data entry is slow, error-prone, and non-auditable. CertVault automates extraction with 92%+ accuracy using Gemini AI, with a regex fallback ensuring zero data loss.
Built for:
  • Quality Managers reviewing incoming spares documentation
  • Store Personnel receiving and cataloguing parts
  • Auditors verifying compliance trails
  • Administrators managing user access and system configuration

Quick Start

1

Create Your Account

Navigate to /auth and create an account with your email and password. You will receive a Visitor role by default.
Use your company email — administrators can identify and approve your account faster.
2

Await Admin Approval

An administrator will review your account and assign an appropriate role (Quality Manager, Store Personnel, or Auditor). You will be redirected to a Pending Approval screen until activated.
Do not create multiple accounts — duplicate sign-ups will be flagged and may delay approval.
3

Upload Your First Certificate

Go to Upload Certificate from the sidebar. Drag and drop a PDF or use the Camera Scanner to capture a physical certificate directly from your device.
Supported formats: PDF (text-based or scanned). Maximum file size: 10MB per document.
4

Review AI Extraction

The system will automatically extract certificate data using Gemini AI. Review the extracted fields — part number, serial number, description, supplier, certificate type, and date. Edit any inaccuracies and save.
The confidence score (0–100%) indicates extraction reliability. Scores below 70% warrant manual verification.
5

Search and Manage

Use the Certificates page to search by part number, description, serial number, or supplier. Full-text search is powered by PostgreSQL tsvector with trigram fuzzy matching.

Features

AI-Powered Extraction

Gemini 2.5 Flash extracts structured data from PDFs using tool-calling. Supports EASA Form 1, FAA 8130-3, COC, CRS, and 37+ certificate type mappings. Regex fallback ensures zero data loss.

Multi-Item Certificates

Certificates with multiple line items are parsed into individual records — each with its own part number, serial number, quantity, and condition. Supports 100+ items per certificate.

Kit Sub-Item Extraction

Overhaul kits, gasket sets, and assembly items with sub-components are automatically detected. Sub-items use decimal line numbering (14.1, 14.2) to preserve parent-child relationships.

Role-Based Access (RBAC)

Five-tier RBAC: Admin, Quality Manager, Store Personnel, Auditor, and Visitor. Row-Level Security (RLS) enforced at the database level — no client-side bypasses possible.

Camera Scanning

Capture certificates directly from your device camera with real-time preview, crop overlay, and flash toggle. The image is uploaded and processed through the same AI extraction pipeline.

Batch Upload

Upload multiple PDFs simultaneously. Each file is processed independently with live progress tracking, error reporting, and searchable batch history.

Certificate Cart and Bulk Print

Add certificates to a cart from search results or the duplicates page. Bulk print PDFs or export selected certificates as CSV for external reporting and audits.

Duplicate Detection

Dedicated duplicate management page groups certificates by part number across the entire system. View, compare, delete, or add duplicates to cart with role-restricted actions.

AI Chat Assistant

Streaming AI chat assistant for aviation certificate questions. Renders responses with Markdown formatting — headers, tables, code blocks, bold/italic, and clickable links.

PDF Compression

Structural PDF compression using pdf-lib’s object stream optimisation. Anomaly detection automatically flags suspiciously high compression ratios (below 0.2).

Complete Audit Trail

Every create, update, and delete action is logged with user ID, certificate ID, timestamp, and action details in JSON format. Fully queryable and exportable.

Full-Text Search

PostgreSQL tsvector-based search across certificates and items. Trigram similarity matching handles typos and partial matches. Debounced input for responsive UX.

System Architecture

The application is a React SPA backed by Lovable Cloud, providing authentication, PostgreSQL database, file storage, and serverless edge functions — no separate backend to manage.

Certificate Processing

Extraction Pipeline

The extraction pipeline is fully automated — upload a PDF and the system handles file storage, AI extraction, type normalisation, duplicate checking, and database persistence without manual intervention.

Extraction Algorithm

The primary extraction path uses Gemini 2.5 Flash with structured tool-calling:
1. Download PDF from storage → base64 encode
2. Call Gemini 2.5 Flash with extraction tool schema
3. Parse tool_calls response → structured JSON
4. Normalize certificate_type against 37 pattern mappings
5. Normalize all dates to ISO 8601 format
6. Detect kit/overhaul items by keyword matching
7. Sort kit sub-items by decimal line_number (14.1, 14.2...)
8. Re-sequence to integer line numbers for storage
9. Validate part numbers with aviation regex patterns
10. Compute per-item confidence score (0.0 – 1.0)
The AI prompt explicitly instructs Gemini to extract unnumbered rows beneath kit/overhaul/set items as sub-components with decimal line numbers.

Kit Sub-Item Extraction

Kit certificates (overhaul kits, gasket sets, hardware assemblies) contain a parent item with multiple sub-components listed beneath it. CertVault automatically detects and preserves these relationships.
Detection Keywords: kit, set, overhaul, assembly, hardware kit, gasket set Example Extraction:
LinePart NumberDescriptionType
14SL12034-SCGASKET SET SINGLE CYLINDERKit Parent
15SL66732GASKETSub-component
16SL67193GASKETSub-component
17SL71481RING, OIL SEALSub-component
Visual Display:
  • Kit parent rows — teal gradient background with KIT badge pill
  • Sub-component rows — indented with teal connector line and junction dot
  • Hover highlights the entire kit group

Certificate Type Mapping

The system normalises dozens of input variations to standardised types:
Input Pattern(s)Normalised TypeCommon Sources
EASA Form 1, JAA Form 1, TCCA Form Oneeasa-form-1European / Canadian MROs
FAA 8130-3, FAA Form 8130-3, Airworthiness Approval8130-3FAA-certified facilities
Certificate of Conformity, COC, C of CcocManufacturers and distributors
Certificate of Release to Service, CRScrsMaintenance organisations
Test Report, Inspection Reporttest-reportTesting laboratories
Shipping Document, Packing SlipshippingLogistics and supply chain
CAAC Form, ANAC Form, DGCA, Serviceable TagotherOther national authorities
If a certificate type is not recognised, it defaults to other. You can manually update the type in the certificate detail view.

Cart and Bulk Operations

1

Add to Cart

From the Certificates page or Duplicates page, click the cart icon on any certificate item. The cart state persists via React Context across navigation.
You can add items from multiple certificates — the cart is not limited to a single document.
2

Review Cart

Navigate to the Cart page to see all selected items with part numbers, descriptions, and source certificate references. Remove unwanted items individually or clear the entire cart.
3

Bulk Print PDFs

Click Print All to open all selected certificate PDFs in new tabs for printing. Each PDF links to the original uploaded document in storage.
4

Export to CSV

Click Export CSV to download a spreadsheet containing part number, description, serial number, quantity, condition, and source certificate for each selected item.
The CSV export is compatible with Excel, Google Sheets, and most ERP/inventory systems.

Duplicate Management

The Duplicates page identifies certificates that share the same part number across different uploads, enabling quick review and cleanup.
Destructive Action: Deleting a duplicate removes the certificate item permanently from the database. This action is restricted to Admin and Quality Manager roles and is logged in the audit trail with full details.

Detection Algorithm

FUNCTION detectDuplicates():
    groups   <- GROUP certificate_items BY LOWER(part_number)
    duplicates <- FILTER groups WHERE COUNT > 1

    FOR EACH group IN duplicates:
        SORT items BY upload_date DESC
        DISPLAY with certificate metadata:
            - Part number, description, serial number
            - Source certificate ID and type
            - Upload date and uploader
            - Available actions (View, Cart, Delete)

    RETURN duplicates WITH search filtering
Duplicates are matched by part number only (case-insensitive). Different serial numbers with the same part number are flagged as duplicates — the same part from different batches should be reviewable together.

AI Chat Assistant

The AI Assistant provides streaming responses about aviation certificates and compliance, rendered with full Markdown formatting.
The chat uses the cert-ai-chat edge function connecting to Gemini AI via the Lovable AI Gateway. No API key configuration is required — it works out of the box.

Capabilities

Certificate Knowledge

FAA Form 8130-3 field explanations, EASA Form 1 block descriptions, certificate status types, traceability requirements.

Compliance Guidance

Regulatory requirements for parts documentation, release-to-service criteria, certificate validity periods.

System Help

OCR extraction process explanation, batch upload guidance, search tips, role-based access questions.

General Aviation

Part number formats, supplier identification, condition codes (NE, OH, SV, AR), quantity and unit conventions.

Response Formatting

The AI assistant renders responses with rich Markdown:
  • Headers (##, ###) with teal accent styling
  • Bold and italic text for emphasis
  • Inline code and fenced code blocks with monospace font
  • Tables with borders and header highlighting
  • Ordered and unordered lists with proper nesting
  • Clickable links to external references
Try these starter prompts: “What fields are on FAA Form 8130-3?”, “Explain certificate status types”, “How does OCR extraction work?”

User Roles and Permissions

Permission Matrix

PermissionAdminQuality ManagerStore PersonnelAuditorVisitor
View certificates
Upload certificates
Edit certificates
Delete certificates
Batch upload
Camera scanning
View audit logs
Manage users
Certificate cart
Duplicate management
AI Assistant
System settings
Principle of Least Privilege: Each role has only the minimum permissions required. The admin dashboard includes an interactive permissions matrix for visual reference. Actual enforcement is at the database level via RLS policies.

User Management Dashboard (Admin)

Stats Overview

Summary cards showing total users, active accounts, pending visitors, and role distribution with animated counters.

Interactive Permissions Matrix

Visual reference grid with toggle checkboxes showing what each role can do. Labeled as reference-only — actual enforcement is via RLS.

User Table

Avatar initials, coloured role badges, activation toggle switches, time-ago join dates, and role assignment dropdowns.

Role Summary Cards

Per-role cards with custom icons, colour coding, and permission count — quick overview of the access hierarchy.

Data Model

All tables use UUID primary keys, automatic timestamps, and Row-Level Security. The search_vector columns enable PostgreSQL full-text search with automatic updates via triggers.

API Reference

Edge Functions

Method: POST
Authentication: Bearer token (anon key)Extracts structured data from a PDF certificate using Gemini AI with regex fallback.Request Body
{
  "filePath": "userId/timestamp_filename.pdf"
}
Success Response (200)
{
  "certificate": {
    "part_number": "7A-2841-MFG",
    "description": "Turbine Blade Assembly",
    "serial_number": "SN-2024-8847",
    "certificate_type": "easa-form-1",
    "certificate_date": "2024-03-15",
    "supplier": "Rolls-Royce Aerospace",
    "items": [
      {
        "line_number": 1,
        "part_number": "7A-2841-MFG",
        "description": "Turbine Blade Assembly",
        "serial_number": "SN-2024-8847",
        "quantity": "1 EA",
        "condition": "NE",
        "confidence": 0.95
      }
    ]
  },
  "confidence": 0.92,
  "duplicates": [],
  "method": "ai"
}
Error Response (500)
{
  "error": "Extraction failed",
  "message": "PDF could not be parsed"
}
The method field indicates whether "ai" or "regex" was used. Regex extractions typically have lower confidence scores.
Method: POST
Authentication: Bearer token (anon key)Compresses a PDF certificate using structural optimisation with pdf-lib.Request Body
{
  "filePath": "userId/timestamp_filename.pdf"
}
Success Response (200)
{
  "compressed_url": "userId/compressed_filename.pdf",
  "original_size": 524288,
  "compressed_size": 312500,
  "ratio": 0.596,
  "flagged": false
}
A flagged: true response indicates the compression ratio is suspiciously high (below 0.2), meaning 80%+ size reduction. The original is always preserved.
Method: POST
Authentication: Bearer token (anon key)Streaming AI chat for aviation certificate questions using Server-Sent Events (SSE).Request Body
{
  "messages": [
    { "role": "user", "content": "What fields are on FAA Form 8130-3?" }
  ]
}
Response (SSE Stream)
data: {"choices":[{"delta":{"content":"FAA Form 8130-3 contains..."}}]}

data: {"choices":[{"delta":{"content":" the following blocks:\n\n"}}]}

data: [DONE]
The response follows the OpenAI-compatible delta streaming format. The frontend uses ReadableStream with chunk-by-chunk parsing for real-time display.

Application Routes

RoutePageAccess LevelDescription
/Landing / DashboardPublic / AuthenticatedMarketing page (unauthenticated) or interactive dashboard (authenticated)
/authLogin and Sign UpPublicEmail/password authentication with form validation
/pendingPending ApprovalVisitorDisplayed after sign-up while awaiting admin activation
/certificatesCertificate ListAuthenticatedSearchable, paginated list with status filters
/certificates/:idCertificate DetailAuthenticatedFull certificate view with items table and kit indicators
/uploadUpload CertificateUpload rolesSingle PDF upload with AI extraction preview
/batch-uploadBatch UploadUpload rolesMulti-file upload with progress tracking
/batch-historyBatch HistoryAuthenticatedHistorical batch upload records and item details
/scanCamera ScannerUpload rolesDevice camera capture with crop overlay
/cartCertificate CartAuthenticatedSelected items for bulk print / CSV export
/duplicatesDuplicate ManagementAuthenticatedPart-number-grouped duplicate review and cleanup
/ai-assistantAI ChatAuthenticatedStreaming AI assistant for certificate questions
/audit-logsAudit LogsAdmin / QM / AuditorPaginated audit trail with action filtering
/settingsUser SettingsAuthenticatedProfile and preference management
/admin/usersUser ManagementAdmin onlyUser activation, role assignment, permissions matrix
/privacy-policyPrivacy PolicyPublicData handling and privacy information

Tech Stack

Frontend

React 18 + TypeScript + Vite for fast builds. Tailwind CSS + shadcn/ui component library. Framer Motion for animations.

State Management

TanStack Query for server state with intelligent caching. React Context for client-side state (auth, cart).

Backend

Lovable Cloud — PostgreSQL, Authentication, File Storage, and Edge Functions. Zero-config serverless deployment.

AI and Processing

Gemini 2.5 Flash via Lovable AI Gateway. pdf-lib for compression. react-markdown + remark-gfm for rendering.
LayerTechnologyPurpose
FrameworkReact 18, TypeScriptComponent architecture, type safety
BuildVite 5Fast HMR, optimised production builds
StylingTailwind CSS 3, shadcn/uiUtility-first CSS, accessible components
RoutingReact Router v6Client-side routing with protected routes
Server StateTanStack Query v5Data fetching, caching, mutations
BackendLovable Cloud (PostgreSQL, Auth, Storage)Full-stack serverless platform
AIGemini 2.5 FlashCertificate extraction, chat assistant
PDFpdf-libStructural compression, byte parsing
ChartsRechartsDashboard visualisations
Markdownreact-markdown + remark-gfmAI chat response formatting
PWAvite-plugin-pwaOffline support, installability
SearchPostgreSQL tsvector + pg_trgmFull-text and fuzzy search

Progressive Web App (PWA)

AMO CertVault is a Progressive Web App — installable on mobile and desktop with offline caching and a native-like experience. Configuration:
  • Install Prompt: Automatic on supported browsers (Chrome, Edge, Safari)
  • Icons: 192×192 and 512×512 PNG (including maskable)
  • Apple Touch Icon: Configured for iOS home screen
  • Theme Colour: Teal (#1a9e8f)
  • Display: Standalone (no browser chrome)
  • Orientation: Portrait-primary
  • Service Worker: Auto-update strategy via Workbox
  • Viewport: width=device-width, initial-scale=1.0, viewport-fit=cover
On iOS, open the app in Safari, tap the Share button, and select Add to Home Screen to install CertVault as a native-like app.

SEO and Performance

Meta and Structured Data

OpenGraph tags, Twitter Cards, JSON-LD (SoftwareApplication + Organization), canonical URLs, comprehensive meta descriptions.

Image Optimisation

loading="lazy" on non-critical images, explicit width/height to prevent CLS, alt text on all images, role="img" with aria-label on SVGs.

Font Performance

Google Fonts preconnect and preload for JetBrains Mono. font-display: swap to prevent FOIT.

Core Web Vitals

Minimised CLS via explicit dimensions, optimised LCP via font preloading, efficient FID via code splitting.

Troubleshooting

Possible causes:
  • PDF is password-protected or image-only without embedded text
  • Document is not a recognised aviation certificate type
  • AI rate limits triggered fallback to regex extraction
Solutions:
  1. Verify the PDF opens normally in a PDF reader
  2. Check that it contains at least 2 aviation keywords (P/N, S/N, EASA, FAA, etc.)
  3. Try re-uploading — temporary rate limits resolve automatically
  4. For image-only PDFs, use the Camera Scanner which handles image processing
The method field in extraction results indicates whether AI or regex was used. Regex results warrant manual review.
By design, duplicates are matched by part number only (case-insensitive):
  • Different serial numbers with the same part number are flagged as duplicates
  • The same part from different certificates is flagged as a duplicate
  • This is intentional for inventory reconciliation
Use the Duplicates page to review groups and decide which entries to keep, delete, or export.
New accounts receive the Visitor role by default and are placed on a Pending Approval screen. To resolve:
  1. An Admin must navigate to User Management
  2. Locate the user in the table
  3. Change their role from visitor to an operational role
  4. Ensure the Active toggle is enabled
Users with the visitor role or is_active: false cannot access any protected routes. This is enforced by both frontend route guards and database RLS policies.
Compression ratios below 0.2 (80%+ size reduction) are flagged as potentially suspicious:
  • May indicate the PDF contains very little actual content
  • May indicate excessive metadata or duplicate objects
  • The original PDF is always preserved alongside the compressed version
Flagged compression is informational only — the certificate is still saved and accessible. Review flagged certificates to ensure content integrity.
Individual files in a batch can fail independently:
  • Invalid PDF: Corrupted or non-PDF files are rejected
  • Extraction failure: AI and regex both failed to extract meaningful data
  • Duplicate detected: A certificate with the same part number already exists (skipped, not error)
Check Batch History for detailed per-file status, error messages, and confidence scores.
Browser permissions required:
  1. Allow camera access when prompted
  2. Ensure HTTPS connection (camera API requires secure context)
  3. On iOS, use Safari — other browsers may not support the camera API
Camera scanning is not supported on desktop browsers without a webcam. Use the standard Upload page for desktop workflows.

Changelog

VersionDateHighlights
2.6March 2026Enhanced Mintlify documentation, SEO optimisation, deployment fixes
2.5March 2026Kit sub-item extraction, parent-child visual indicators, AI markdown rendering
2.4March 2026Certificate cart, duplicate management page, bulk print and CSV export
2.3March 2026AI chat assistant with streaming, batch upload history page
2.2March 2026Dashboard redesign with Recharts, user management permissions matrix
2.1March 2026Camera scanning, batch upload, PDF compression with anomaly detection
2.0March 2026Multi-item certificate support, full-text search with tsvector + pg_trgm
1.0February 2026Initial release — single-item extraction, RBAC, audit logging

Additional Resources

EASA Part 21

EASA Form 1 regulatory requirements and authorised release certificate specifications.

FAA Order 8130.21

FAA procedures for completion and use of FAA Form 8130-3, Airworthiness Approval Tag.

Source Code

Open-source repository with full codebase, CI/CD configuration, and contribution guidelines.
Built by Brian KN ·