What is the WorkProof ladder and why does it matter?

WorkProof is a four-step credit-verification ladder that turns IMDB-style filmography from self-claim into evidence. Step 1, self_declared, is added by the crew member. Step 2, peer_confirmed, is affirmed by a co-worker on that project. Step 3, production_verified, is attested by the production company. Step 4, payment_verified, is awarded only when a payout to that person on that project clears, with HMAC-SHA256 webhook signatures and a five-minute clock-skew window. The credit on a profile reflects the highest level actually reached. Step 4 is the dignity step, because being paid for work is the credible signal employers respect.

Is Kuhok actually live in production?

Yes. Kuhok is live at kuhok.net, built as 14 microservices behind a YARP gateway. New features ship through the same Wenme authentication and Darwan authorization layer used by other KaritKarma products. The audience is Bangladesh's film and television industry as the initial launch market, with the network model designed to extend internationally.

How does the Rating BD bridge work?

Kuhok integrates Rating BD as a bidirectional bridge for actor and crew reputation. Production credit data flows from Kuhok into Rating BD for industry-wide scoring, and Rating BD scores can flow back into Kuhok profile cards for context. The bridge respects the same per-route Darwan policies as the rest of the gateway, so a Rating BD pull from a casting director surface is authorised differently from a public profile view.

Which KaritKarma platform services does Kuhok integrate?

Three are verified in code, and we say which. Wenme handles OAuth sign-in through a dedicated identity-adapter service with invite, join-code, and claim-token onboarding paths. Darwan handles authorization through shared middleware that maps route prefixes to Darwan resources, wired into ten-plus services, with safety-admin actions gated by explicit permission checks. Rating BD is the bidirectional reputation bridge with its own gateway route. Email currently delivers through a Postal sender with BitsPath as the planned comms provider, asset storage is S3-compatible object storage behind a shared storage library, and QRID membership credentials are a planned ecosystem integration rather than shipped code.

Why is QRID called out as elite social clubs rather than QR codes?

QRID is a KaritKarma product for elite social and professional clubs that issue identity-bearing QR or NFC credentials to members. It is not a generic QR-code generator. In the Kuhok context, QRID-issued industry membership cards for on-set verification are a planned ecosystem integration; we label it planned because the integration code does not exist in the Kuhok repository yet, and this case study only states what is verified.

All Case Studies

Case Study / Kuhok

Kuhok
the dignity-first network for cast and crew.

Live at kuhok.net. 14 .NET microservices behind a YARP gateway with Darwan RBAC enforced per route. WorkProof turns credits from claim to evidence. Rating BD bridges reputation bidirectionally.

View Kuhok product Open kuhok.net

.NET microservices

kuhok.net

Live deployment

WorkProof levels

YARP

Gateway + Darwan RBAC

Live in production at kuhok.net. Initial launch market is Bangladesh film and television; architecture is built to extend internationally.

What is the Kuhok case study

A working professional network for film, with credits you can trust.

The Kuhok case study documents a live network at kuhok.net that gives cast and crew IMDB-style profiles with a four-step WorkProof credit ladder, an AI production assistant with 10 endpoints (script breakdown, feasibility, budgets, crew suggestions), multi-party contracts rendered with QuestPDF, real-time budget tracking over SignalR, project-scoped social groups, and built-in safety reporting.

The architecture is 14 .NET microservices behind a YARP gateway with Darwan RBAC per route, a Next.js 16 frontend, PostgreSQL with pgvector for semantic search, Redis 8, RabbitMQ 4.1, and S3-compatible object storage. Bangladesh film and television is the initial launch market; the network model is built to extend.

The Challenge

The film industry runs on word-of-mouth and screenshots.

Cast and crew assemble on WhatsApp threads. Credits are self-claimed and unverifiable. Casting is done through personal networks. Production scheduling lives in spreadsheets. There is no shared layer that turns the industry's actual work into a credential.

Unverifiable credits

Anyone can claim a credit. Production houses have no clean way to verify filmography. Trust runs on rumour.

Fragmented production workflows

Casting, scheduling, budgeting, and crew management happen across WhatsApp, spreadsheets, and phone calls.

Inefficient talent discovery

Finding the right cinematographer or sound engineer means asking around. No searchable database of verified professionals.

WorkProof ladder

From self-claim to payment-verified.

The four-step ladder turns credits into evidence. The credit on a profile reflects the highest level actually reached, and the last step requires a cleared payment with HMAC-signed webhook attestation.

self_declared

Crew member adds the credit. Visible but unverified.

peer_confirmed

A co-worker on that project affirms the credit. Trust starts to compound.

production_verified

The production company attests to the credit. Industry-credible by construction.

payment_verified

Awarded when a payout to that person on that project clears. HMAC-SHA256 signed webhook, five-minute clock-skew window.

Architecture

14 microservices, one YARP gateway, per-route Darwan RBAC.

Each service owns its data and communicates through RabbitMQ events. Authorization is enforced once, at the gateway, by route. No service has to re-implement the policy model.

01Gateway (YARP, 19 routes)

02Identity Adapter (Wenme)

03Profiles (WorkProof ladder)

04Projects (contracts, call sheets)

05Schedule (booking requests)

06Finance (wallets, payouts)

07Members (tiers, organizations)

08Search (pgvector, 768-dim)

09Social (groups, stories, articles)

10Media (presigned uploads)

11Safety (report workflow)

12AI (10 assistant endpoints)

13Billing

14Admin

YARP gateway, Darwan per route, event-driven inside

YARP terminates every inbound request and delegates the allow/deny decision to Darwan per route. Inside the perimeter, services react to RabbitMQ events. When a credit is verified, the Profile, Search, Notification, and Rating BD Bridge services each react independently. No direct service-to-service calls for asynchronous workflows.

Platform integration

3 ecosystem integrations, verified in code.

Kuhok inherits identity, authorization, and the reputation bridge from the ecosystem rather than rebuilding them. Email runs through a Postal sender today with BitsPath as the planned comms provider, and QRID membership credentials are on the roadmap; both are labelled planned, not shipped.

Wenme

Authentication

OAuth sign-in through a dedicated identity-adapter service, with invite tokens, join codes, and claim tokens as the onboarding paths.

Darwan (per route)

Authorization

Shared middleware maps route prefixes to Darwan resources across ten-plus services, and safety-admin actions are gated by explicit permission checks.

Rating BD

Reputation bridge

Bidirectional bridge for industry-wide scoring through a shared client library and a dedicated gateway route. Verified credit data feeds reputation; reputation context surfaces back to profile cards.

Kuhok vs the alternatives

Where credits actually come from.

Versus IMDB, a generic LinkedIn profile, or a producer's spreadsheet, here is what the WorkProof model does differently.

Capability	Kuhok	LinkedIn	Spreadsheet
Payment-verified credits (WorkProof)	4-step ladder
Production management built in			Partial
Per-route RBAC at the gateway
Built-in safety reporting workflow	4-state review	Generic report
Bidirectional reputation bridge	Rating BD
Live at a public URL	kuhok.net

What ships today

Live at kuhok.net.

14 microservices behind one gateway

Each owns its data and reacts to RabbitMQ events. YARP and Darwan terminate the gateway across 19 routes.

Four-step WorkProof ladder

self_declared, peer_confirmed, production_verified, payment_verified. Credit reflects the highest reached.

10 AI assistant endpoints

Script breakdown, feasibility, budgets, and crew suggestions over a 768-dimension semantic index, with dual LLM backends (hosted plus local Ollama), prompted for Bangladesh production realities.

Bidirectional Rating BD bridge

Credits feed industry reputation; reputation context surfaces back to profile cards.

Contracts with a six-state lifecycle

draft, pending_crew, pending_producer, signed, void, expired. Contracts and call sheets render to PDF with QuestPDF.

Per-route Darwan RBAC at the gateway

Route prefixes map to Darwan resources through shared middleware, enforced once at YARP instead of per service.

Frequently asked

Kuhok, asked plainly.

What is the Kuhok case study?: The Kuhok case study documents how a dignity-first network for cast and crew is shipped on the KaritKarma platform and went live at kuhok.net. The architecture is 14 .NET microservices behind a YARP gateway (19 routes) with Darwan RBAC enforced at the route level, a Next.js 16 frontend with 62 routes, PostgreSQL with pgvector for 768-dimension semantic search, Redis 8, RabbitMQ 4.1, S3-compatible object storage, and an AI production assistant with dual LLM backends (a hosted LLM client plus a local Ollama service).
What is the WorkProof ladder and why does it matter?: WorkProof is a four-step credit-verification ladder that turns IMDB-style filmography from self-claim into evidence. Step 1, self_declared, is added by the crew member. Step 2, peer_confirmed, is affirmed by a co-worker on that project. Step 3, production_verified, is attested by the production company. Step 4, payment_verified, is awarded only when a payout to that person on that project clears, with HMAC-SHA256 webhook signatures and a five-minute clock-skew window. The credit on a profile reflects the highest level actually reached. Step 4 is the dignity step, because being paid for work is the credible signal employers respect.
Is Kuhok actually live in production?: Yes. Kuhok is live at kuhok.net, built as 14 microservices behind a YARP gateway. New features ship through the same Wenme authentication and Darwan authorization layer used by other KaritKarma products. The audience is Bangladesh's film and television industry as the initial launch market, with the network model designed to extend internationally.
How does the Rating BD bridge work?: Kuhok integrates Rating BD as a bidirectional bridge for actor and crew reputation. Production credit data flows from Kuhok into Rating BD for industry-wide scoring, and Rating BD scores can flow back into Kuhok profile cards for context. The bridge respects the same per-route Darwan policies as the rest of the gateway, so a Rating BD pull from a casting director surface is authorised differently from a public profile view.
Which KaritKarma platform services does Kuhok integrate?: Three are verified in code, and we say which. Wenme handles OAuth sign-in through a dedicated identity-adapter service with invite, join-code, and claim-token onboarding paths. Darwan handles authorization through shared middleware that maps route prefixes to Darwan resources, wired into ten-plus services, with safety-admin actions gated by explicit permission checks. Rating BD is the bidirectional reputation bridge with its own gateway route. Email currently delivers through a Postal sender with BitsPath as the planned comms provider, asset storage is S3-compatible object storage behind a shared storage library, and QRID membership credentials are a planned ecosystem integration rather than shipped code.
Why is QRID called out as elite social clubs rather than QR codes?: QRID is a KaritKarma product for elite social and professional clubs that issue identity-bearing QR or NFC credentials to members. It is not a generic QR-code generator. In the Kuhok context, QRID-issued industry membership cards for on-set verification are a planned ecosystem integration; we label it planned because the integration code does not exist in the Kuhok repository yet, and this case study only states what is verified.

Explore Kuhok

A network for cast and crew that respects their work.

See how WorkProof turns credits into evidence and how 14 services behind a Darwan-policed gateway carry the load. Live at kuhok.net.