Documentation of the automated client-to-server mechanisms utilized to enforce instructional delivery standards for California real estate continuing education.

1. Tracking Mechanics & Active Participation

Veritas Lessons does not utilize a passive browser timer or simple page-load check to verify attendance. To satisfy the active participation mandates for distance learning courses, the platform coordinates continuous client-side browser telemetry with server-side transaction tracking:

  • Visibility API Synchronization: The platform monitors the Page Visibility API. Credit toward instructional seat time is accumulated only when the browser tab status returns exactly document.visibilityState === 'visible'. If the participant minimizes the window, switches tabs, or opens another application that obscures the course interface, the tracking mechanism instantly halts.
  • Window Focus Tracking: The system hooks into browser focus and blur listeners (window.onfocus and window.onblur). If the user leaves the browser window active but clicks into a secondary monitor or application, tracking pauses until focus is explicitly restored to the instructional text.
  • Interactive Token Checkpoints: Instructional material is presented via dynamic lesson sections. To verify that a participant is reading the material rather than leaving an open browser unattended, the platform requires active engagement with the section's Socratic lesson tutor before advancement is unlocked. The tracking engine pauses if no keyboard or cursor input event is recorded within any 90-second window, resuming only when active interaction is re-verified.
2. Heartbeat Intervals & Idle Timeout Rules

Client telemetry is transmitted to the platform backend via an automated asynchronous channel executing on a strict schedule:

  • 10-Second Heartbeat Packets: While a lesson card is active, the client browser transmits encrypted heartbeat tokens to the server every 10 seconds. The server analyzes these packets to ensure they were generated during a period of uninterrupted visibility and focus. If the heartbeat is valid, the server increments the student's database log by 10 seconds of credited instructional time.
  • The 30-Second Idle Clock: If the client browser fails to detect any input events (clicks, scrolls, or keystrokes) or active dialogue exchanges with the lesson tutor for 30 consecutive seconds, the client enters an idle state. Heartbeat packet generation is suspended, and the server ceases crediting time. The idle clock is reset immediately when a fresh user input event or tutor response stream is detected.
  • The 50-Minute Continuous Study Check: To prevent mechanical automation or extended inactive sessions, the system enforces a hard limit of 50 minutes of continuous tracking. At the 50-minute mark, the platform forces a validation prompt requiring the student to acknowledge their active presence. If the prompt is ignored for more than 2 minutes, the active session token is invalidated, the user is safely logged out, and a re-authentication event is required to resume study.
3. Final Examination Authorization Gate

The final examination is programmatically locked behind a server-side gate. To request an examination token and unlock the testing interface, a participant must satisfy three independent compliance requirements:

  1. Active Instructional Time: The server-side transaction log must verify a minimum of 180 minutes of total credited instructional time, distributed across all six lessons. No credit is given for exam time toward this threshold.
  2. Regulatory Pacing Threshold (The 60-Hour Rule): In strict compliance with Commissioner's Regulation 3007.3, a minimum of 60 hours must have elapsed on the server's UTC clock since the exact timestamp of the student's initial registration and course payment. The system will hard-block exam access even if the 180-minute instructional time requirement is completed early.
  3. Identity Verification Gate: The participant must have completed the automated government-issued photo ID upload, and the server-side name-matching engine must return an active identity_verified = true status matching the DRE licensee record.

If any of these three independent parameters are unmet, the "Unlock Final Exam" button remains disabled, and the server API will reject any direct test-initiation requests with a 403 Forbidden response code, logging the unauthorized attempt to the audit trail.

4. Complete Audit Trail Logging & Data Portability

Every transaction, state change, and telemetry interval is permanently committed to an immutable database ledger, building an absolute auditable chain of custody. The system logs the following data structures in real time:

  • Authentication events: timestamp, event type (login, session refresh, logout), IP address, and browser user-agent string
  • SMS verification events: timestamp, purpose (registration / login / exam), and IP address for each one-time passcode verification
  • Cumulative credited instructional time, broken down by lesson and by section
  • Individual 10-second interval records, including the activity reason that caused the interval to be credited (input event, tutor interaction, or heartbeat following recent input)
  • Tab visibility and focus state transitions
  • Final examination attempt records, including the system state that authorized or denied the attempt and the IP address at exam start

These records are retained for the full three-year period required under BPC §10148 and are available to the Department upon request for any individual student or for course-level aggregate review.

Students may download their own complete engagement record at any time from their course home page. The download is a CSV file containing every credited time interval, every authentication event, every AI tutor exchange, and every quiz answer — one row per record, timestamped in UTC and labeled with the activity type that generated it. The file is suitable for personal record-keeping or for submission to a broker or auditor. This download satisfies the data portability rights provided to California consumers under CCPA/CPRA.