NFA Stamp Manager — InfiniteEcho

Overview

Keeping stamp records organized

NFA Stamp Manager is built around a simple need: keep sensitive stamp records organized, searchable, and easier to audit without turning document storage into a scavenger hunt. The current evidence points to a web workflow with a stamp list, per-record documents, and explicit PDF access logging.

The system gives each user a private vault for NFA tax stamp records and approved PDF documents. Users can add stamps manually or upload approved ATF paperwork so the app can assist with common fields such as item type, model, serial number, transferor, approval date, and status. The dashboard summarizes active, pending, inactive, expired, and suspended records. The stamp manager supports searching, filtering, pagination, PDF viewing, edits, soft deletion, and recovery of records.

The mobile wallet view turns active records into quick-access compliance passes. Each pass can show key item details and generate a secure QR verification flow for that individual stamp. Admins can manage users, roles, active/deactivated accounts, and organization-level stamp records while regular users are limited to their own records.

What was built

Observed components

Local evidence is limited, so the claims below are cautious and based on confirmed traces only. Fields marked (likely) are intended but not yet confirmed from source files.

Confirmed Components

Backing Database nfa_app
Web Record Interface /nfa/v3dev/stamps.php
Access Control & Logging Explicit logging of PDF document views

Likely / Intended Elements

Record Metadata Fields Item, owner/trust, submitted/approved dates, status, notes
User & Role Management Administrative oversight and segmented regular user access
QR Code Verification Flow Dynamic short-lived verification pass URLs
Document Soft Deletion Lifecycle controls, soft delete recovery, and database cleanup

Architecture

Data flow and access boundaries

The system is designed around controlled access to sensitive records. Owners and admins authenticate into the vault, documents are stored behind access checks, and outside verifiers only receive short-lived access to the specific stamp being verified. The diagram below shows the primary data flow without implementation internals.

flowchart TD owner["NFA Owner
Private Device"] --> login["Authenticated Vault
Dashboard, Wallet, Profile"] admin["Admin User
User and Record Oversight"] --> login login --> records["Stamp Records
Item Details, Status, Ownership"] login --> docs["Protected PDF Storage
Approved Tax Stamp Documents"] login --> audit["Audit and Lifecycle Controls
Edits, Deactivation,
Recovery, Cleanup"] records --> wallet["Mobile Wallet Passes
Per-Item Compliance View"] docs --> wallet wallet --> qr["Temporary QR Verification
Single Selected Stamp"] qr --> verifier["Verifier's Device
Range Officer, Dealer, Agent,
Compliance Contact"] verifier --> certificate["Limited Verification Certificate
Relevant Details and
Approved PDF Access"] certificate -.->|Expires automatically| expired["Expired Link
Access Rejected"] classDef private fill:#2f8cff1a,stroke:#2f8cff66,color:#f2f7ff,stroke-width:1.5px classDef protected fill:#2dd4bf1a,stroke:#2dd4bf66,color:#f2f7ff,stroke-width:1.5px classDef temporary fill:#f59e0b1a,stroke:#f59e0b80,color:#f2f7ff,stroke-width:1.5px classDef external fill:#9fb2c814,stroke:#9fb2c840,color:#9fb2c8,stroke-width:1.5px class owner,admin,login private class records,docs,audit,wallet protected class qr,certificate,expired temporary class verifier external

Node colors indicate access boundary: blue = authenticated users, green = protected internal resources, orange = temporary external links, gray = external verifier devices.

Verification

QR-based verification workflow

When documentation needs to be verified, the owner opens the wallet, selects the relevant item, and generates a temporary QR code. The verifying party scans the code using their own device, which opens a limited verification page for the selected stamp.

Scanned link, not shared device

The owner keeps their phone. The verifier uses their own device to view the limited verification page. The QR code encodes a scoped link — not the device itself.

Single stamp scope

Each generated code is tied to a specific stamp record. The verification page shows only the details relevant to that item, not the full record set.

Automatic expiration

Generated verification links expire after a configurable time window. Expired links are rejected at the access layer. This limits the usefulness of captured or forwarded codes.

Access logging

Verification events — generation, access, expiration — are logged. The owner can see when and how many times a verification link was used.

Security

Security and privacy controls

NFA paperwork contains identities, regulated item details, serial numbers, dates, transferor information, and official documents. The system treats access control, data separation, and document handling as core requirements rather than afterthoughts.

Account protection

The system uses authenticated accounts with hashed passwords, role-based access, account activation controls, and enforced password changes for default or temporary credentials. Login attempts are rate-limited to slow repeated guessing. Sessions expire after inactivity, and session identifiers are refreshed during authentication-sensitive events to reduce session fixation risk.

Scoped user access

Regular users can only manage their own stamp records. Admins can manage broader records and user accounts where appropriate. This separation applies to families, trusts, clubs, or organizations where several people need access but should not all have the same authority. Active and deactivated users are handled separately — deactivation does not immediately destroy historical context, which preserves administrative traceability when access must be removed.

Form and request protection

Sensitive form actions include request validation to protect routine account, stamp, and profile changes against forged browser submissions. User input is validated and displayed safely. Database operations use parameterized queries, keeping user-supplied values separate from database instructions.

Protected document handling

Approved tax stamp PDFs are validated on upload, limited to accepted document types, checked for file content, and stored using non-guessable names. PDFs are served through controlled access checks rather than public directory links. Document access is verified against the current user's permission level, administrative role, or a valid temporary verification grant. Unauthorized access attempts are denied and logged.

Time-limited verification

QR verification codes are intentionally temporary, tied to the selected stamp, and not meant as permanent public URLs. Expired links are rejected at the access layer. This reduces the impact of old screenshots, forwarded links, or codes left visible after the interaction.

Auditability and recovery

Important administrative and record-management actions are logged. Stamp records support soft deletion and recovery to avoid accidental loss while still allowing cleanup of old deleted data. The lifecycle is designed so that a mistaken deletion does not immediately destroy a critical record, but stale deleted data has a cleanup path rather than persisting indefinitely.

Browser-level hardening

The application sends security-focused browser headers to reduce common risks such as clickjacking, unintended content interpretation, overly broad referrer leakage, and unauthorized framing. Production deployments should use HTTPS and properly configured server-level file protections.

Why it exists

The problem it solves

NFA paperwork matters at moments when fumbling for it is most stressful. Paper copies can be lost, damaged, forgotten, or mixed into old folders. Screenshots and cloud folders lack access control, audit discipline, and a clean way to show only the stamp that needs to be shown.

Sensitive documents need a more deliberate system than loose folders scattered across machines. A stamp list and detail workflow makes records easier to maintain and find. PDF access logging helps answer "who viewed what and when" inside the app. The project is private-first, not a public-facing application.

The core problem is not just storing files; it is managing verified presentation of regulated records under stress, while maintaining a strict audit trail of who has accessed them and when.

Features

What the tool provides

Secure NFA tax stamp vault

Mobile-friendly progressive web app experience

Dashboard summaries for active, pending, inactive, expired, and suspended records

Searchable and filterable stamp management

Supported NFA item categories: suppressors, SBRs, SBSs, machine guns, destructive devices

Approved PDF upload and assisted data extraction

Protected PDF viewing with access checks

Mobile wallet-style compliance passes

QR-based temporary verification for individual stamps

Public verification certificate for scanned QR links

Admin user management

Standard user self-service profile and password management

Role-based access controls

Deactivated user handling

Soft delete, restore, and permanent cleanup flows

Audit logging for key actions

Installable app-style mobile experience

Screenshots

Reserved for future capture

All screenshots require a redaction pass before public display. Captions describe what each frame will contain once cleared.

Screenshot slot 01 Stamp list view — Reserved for the primary stamp table or card list. Redact names, serials, trust names, and control numbers.

Screenshot slot 02 Stamp detail view — Reserved for one stamp record with identifying fields blurred.

Screenshot slot 03 PDF access flow — Reserved for document access UI or a redacted PDF viewer.

Screenshot slot 04 Audit trail — Reserved for PDF access log or record activity history.

Screenshot slot 05 Edit workflow — Reserved for create/edit record fields once safe to capture.

Lessons

What stuck

Private tools still deserve polished information architecture — the same care in structure and navigation applies, even when there's only one user.

Auditability matters most when documents are sensitive — logging and traceability aren't features, they're the foundation of trust in the system.

Screenshot capture must include a redaction pass — every image needs names, serials, trust names, and control numbers removed before it goes public.

Deployment

Production notes

The system is built as a web application with a mobile app-like experience. It can be deployed for personal, family, organizational, or hosted commercial use depending on requirements.

For production deployments:

Use HTTPS

Strong administrator credentials

Restricted server file access

Regular backups with tested restore procedures

Operational monitoring

The system should be treated as sensitive compliance infrastructure, not a casual hobby database.

Current status

What's next

The public project page documents the workflow and intent, but final screenshots and exact field descriptions should wait for a safe redaction pass.

NFA Stamp Manager is a recordkeeping and document presentation tool. It is not legal advice, does not determine whether an item is lawful, and does not replace the user's responsibility to comply with all applicable federal, state, and local laws. Users should consult qualified counsel for legal questions about possession, transport, transfer, trusts, documentation obligations, or interactions with law enforcement.