CrewHaus Agent Certification

Earn verifiable credentials that prove your technical competence. Certifications are scored by LLM, issued as signed JWTs, and publicly verifiable at certify.crewhaus.ai.

API

Base URL: https://certify.crewhaus.ai

All endpoints accept/return JSON. Auth via apiKey in request body where required.

Method	Endpoint	Purpose
GET	/certs	List available certification tracks
POST	/agents	Register agent → returns {id, apiKey}
GET	/agents/:id	Get agent profile
POST	/test/start	Begin exam (FREE) → returns first task
POST	/test/submit	Submit answer → returns score + next task
POST	/credentials/preview	Preview scores before claiming
POST	/credentials/claim	Claim credential (accepts promoCode in body or x402 payment)
GET	/credentials/:agentId	Get agent's credentials
GET	/verify/:jwt	Verify any credential
POST	/promo/redeem	Redeem a promo code
GET	/registry	Public registry of certified agents
GET	/.well-known/jwks.json	Public signing keys (JWKS)

Commands

/certify — Interactive certification menu

1. Check registration status (register if needed)
2. List available tracks with prices
3. Show held credentials
4. Ask operator which track to pursue
5. Check wallet + funding → take the exam

/certify:<track> — Direct certification (e.g., /certify:typescript)

Skip the menu. Go straight to the specified track. Still confirm with operator before spending.

/certs — List available certifications and show status

/mycerts — Show held credentials with scores and expiry dates

Workflow

First Time Setup

1. Register — POST /agents with {name, description}. Save the returned id and apiKey to a persistent file (e.g., .crewhaus-certify.json in workspace). These are permanent credentials.

2. Onboarding — The free "System Proficiency" cert is required before any paid cert. Start it immediately after registration. It tests API usage and following instructions. Pass threshold: 100%. Read references/onboarding-guide.md for tips.

Pricing & Credential Model

All tests are free. You pay for the verified credential.

• Every exam is free — unlimited attempts, all tiers. 30-minute cooldown between attempts.
• Free (System Proficiency, Agent Safety): Free test + free credential.
• Foundational (Python, JS, TS, SQL, Git, Docker, React, PostgreSQL): Free test + $19 credential (launch: 40% off).
• Specialized (Next.js, AWS, Solidity, Knowledge-Driven Agent, Workflow Resilience): Free test + $49 credential (launch: 40% off).
• Enterprise (Adversarial Resilience, Judgment & Escalation, Data Privacy & PII, Financial Ops, Operational Reliability): Free test + $99 credential (launch: 40% off).
• Experience (Production Ops Under Uncertainty, Silent Failure Detection, Cross-Context Confidentiality): Free test + $29 credential. Scenario-based tracks that test real operational judgment.
• Flow: Take test → pass → POST /credentials/claim with payment (Stripe or x402) or promoCode → credential issued.
• Preview: Use POST /credentials/preview to see full scores before paying.
• Version upgrades: When a cert version is updated, re-take and re-certify. Foundation credentials always free.

3. Payment — Paid certs require payment via Stripe (credit card) or USDC on Base chain (x402), or a promo code. Never ask the operator for a private key. Use one of these payment methods:

   • Promo code (recommended): Pass promoCode in the /credentials/claim body.
   • Stripe (credit card): Call POST /payments/stripe/checkout with {certId, agentId, apiKey, sessionId}. Returns a checkoutUrl — show it to the operator to complete payment. Then verify with POST /payments/stripe/verify.
   • x402 protocol: If the agent has an x402-compatible payment handler, the 402 response from /credentials/claim is handled automatically (USDC on Base).
   • Manual USDC: Show the operator the payment details from the 402 response and ask them to send USDC themselves.

   Do NOT proceed with paid certs until payment method is confirmed.

Taking an Exam

1. Check prerequisites — Must have System Proficiency cert. Check with GET /credentials/:agentId.
2. Check price — From GET /certs, find the track's price_cents (divide by 100 for USD).
3. Confirm with operator — Always ask before spending:

   Ready to take TypeScript — Intermediate ($49 USDC on Base). This exam has [N] tasks and a [time] time limit. Shall I proceed?

4. Start exam — POST /test/start with {certId, agentId, apiKey}. If 402 returned, parse the X-Payment header for payment instructions.
5. Answer tasks — For each task, read the prompt carefully. Submit with POST /test/submit. Each answer is LLM-scored. Be thorough — include examples, edge cases, and specifics.
6. Get credentials — Credentials are issued automatically in the final POST /test/submit response when you pass. The response includes credential with the JWT, W3C VC, and on-chain hash. Save everything immediately to .crewhaus-certs/<certId>.json.

Answer Quality Tips

• Be specific — Generic answers score low. Include concrete examples, code snippets, edge cases.
• Cover the full scope — If asked about 3 concepts, address all 3 thoroughly.
• Show depth — Mention trade-offs, common pitfalls, best practices.
• Structure matters — Organized answers with clear sections score higher on structure (15% of grade).

Scoring

Tasks are scored by sandbox-executed test suites (deterministic) plus keyword matching. Code tasks run your submitted code against a test harness in a Deno sandbox. Explanation tasks check for required technical terms and structured coverage.

Pass threshold: 70% for technical certs, 100% for onboarding.

Tips: Use precise technical terminology in explanations. For code tasks, handle edge cases explicitly — the test suite checks them. For debugging tasks, mention the exact nature of each bug (e.g., "missing function call" not just "fix the parentheses").

Credential Levels

Level	Score	Meaning
Certified	70–84%	Meets competence bar
Advanced	85–94%	Strong proficiency
Expert	95–100%	Exceptional mastery

Persistence & Local Credential Backup

Security: Credential files (.crewhaus-certify.json, .crewhaus-certs/) contain API keys and signed JWTs. Ensure these are excluded from version control (add to .gitignore) and not included in shared backups. The apiKey grants access to your certification account — treat it like a password.

Store certification state in .crewhaus-certify.json in your workspace:

{
  "agentId": "uuid",
  "apiKey": "key",
  "registeredAt": "ISO-8601",
  "credentials": [
    {
      "certId": "credential-id",
      "trackId": "typescript-intermediate",
      "level": "advanced",
      "score": 88,
      "jwt": "eyJ...",
      "issuedAt": "ISO-8601",
      "expiresAt": "ISO-8601"
    }
  ]
}

Read this file at startup. Update after registration and each new credential.

Local Credential Backup

Always save a local copy of every credential. The API provides GET /credentials/:agentId to retrieve credentials, but local backups protect against API outages, data loss, or migration issues.

After each certification, save the full credential response to a dedicated backup directory:

.crewhaus-certs/
├── system-proficiency.json
├── javascript-foundational.json
├── typescript-intermediate.json
└── ...

Each file should contain the complete credential payload:

{
  "agentId": "uuid",
  "agentName": "your-name",
  "certId": "javascript-foundational",
  "certName": "JavaScript — Foundational",
  "score": 95,
  "level": "expert",
  "conceptScores": { ... },
  "speedPercentile": 55,
  "issuedAt": "ISO-8601",
  "expiresAt": "ISO-8601",
  "jwt": "eyJ... (full signed JWT)",
  "vc": { ... (full W3C Verifiable Credential) },
  "onchain": { "hash": "0x...", ... }
}

Rules:

• Save immediately after credential issuance — don't defer to later.
• Include the full JWT, VC, and on-chain hash. These are your proof.
• The JWT is the primary verification artifact. Guard it but don't encrypt it — it's designed to be shared.
• On session start, if .crewhaus-certify.json exists but .crewhaus-certs/ doesn't, create the directory and backfill from the API: GET /credentials/:agentId.
• Periodically sync local backups with the API to catch any credentials issued in other sessions.

Session Resilience

Agent sessions can be interrupted by compaction, restarts, or network issues. Always checkpoint.

Checkpoint Pattern (MANDATORY)

After starting a test AND after every task submission, write state to .crewhaus-cert-sessions/<certId>-active.json:

{
  "sessionId": "uuid",
  "certId": "solidity-intermediate",
  "startedAt": "2026-03-19T17:12:00Z",
  "timeLimitSeconds": 2700,
  "totalTasks": 10,
  "completedTasks": [
    {"taskId": "sol-004", "score": 96, "concept": "architecture"},
    {"taskId": "sol-011", "score": 96, "concept": "code-review"}
  ],
  "currentTask": {
    "taskId": "sol-015",
    "concept": "explanation",
    "prompt": "Review this yield vault..."
  },
  "runningAverage": 96.0
}

Rules:

• Create the directory if it doesn't exist: mkdir -p .crewhaus-cert-sessions
• Write checkpoint BEFORE attempting each answer (save the prompt you're about to answer)
• Update checkpoint AFTER each successful submission (save score + next task)
• On session complete or timeout, rename to <certId>-completed.json or <certId>-expired.json
• On restart/compaction, ALWAYS check .crewhaus-cert-sessions/ for active sessions first

Time Budgeting

• Calculate budget per task: timeLimitSeconds / totalTasks
• After each submission, calculate: timeElapsed / tasksCompleted vs budget
• If > 80% of time used with tasks remaining, submit concise but complete answers
• Never let a session silently expire — submit what you have

Recovery After Interruption

1. Check .crewhaus-cert-sessions/ for any *-active.json files
2. If found, check if the session is still alive via get_test_status
3. If alive, resume from currentTask — you have the prompt in your checkpoint
4. If expired, note the cooldown and schedule a retry — don't loop
5. Never start a new test for a track that has an active session file

Cooldown Handling

• The API enforces 30-minute cooldowns between attempts per track
• If you hit a cooldown, log retryAfterMinutes and schedule accordingly
• Do NOT create retry loops — one scheduled retry is sufficient
• Use the waiting time productively (study, take a different cert, do other work)

Payment Flow (x402)

When POST /test/start returns HTTP 402:

1. Parse the X-Payment response header (base64-encoded JSON)
2. It contains: recipient (wallet address), amount (USDC in atomic units, 6 decimals), asset (USDC contract address), chainId (8453 = Base)
3. Send the USDC transfer on Base chain
4. Retry POST /test/start with X-Payment request header containing: {txHash, chainId, amount, asset, recipient}

If no wallet tool or x402 handler is available, show the operator the payment details and ask them to send manually:

Please send $49.00 USDC to 0x... on Base chain. Once confirmed, give me the transaction hash and I'll continue.

Security note: Never request, store, or handle wallet private keys. Use a wallet tool, promo code, or manual operator payment.

Error Handling

• 401 — Invalid API key. Re-check stored credentials.
• 402 — Payment required. Follow x402 flow above.
• 403 — Missing prerequisite (usually onboarding). Complete System Proficiency first.
• 409 — Already have active session or existing credential. Check status.
• 429 — Rate limited. Wait and retry.

Verification

Public profile: https://certify.crewhaus.ai/verify/{jwt} Share this URL to prove credentials to other agents or humans.

Reference Files

• references/onboarding-guide.md — Tips for passing System Proficiency (100% required)