Introduction
It is eight in the morning and a labour inspector is standing at the site fence. They are not asking about the Gantt chart or the budget. They want to know who is inside right now, and whether every one of those people is carrying valid mandatory documentation. They ask for today's access log and, almost in the same breath, point at a worker fitting a frame and ask whether his safety training is still in date. At that moment the site manager has two options: open a spreadsheet someone filled in last week and pray that a certificate did not lapse on Tuesday, or pull up a living roster where every name carries its compliance status stuck to it.
That is precisely the difference between having access control and having a sign-in sheet. Coordinating the activities of multiple companies on one site is not optional paperwork: the developer and the principal contractor are answerable for every subcontracted firm and every worker setting foot on site with valid documents. When that control lives in emails and loose PDFs, the inspector's question has no fast answer, and the liability lands on whoever could not say who came in or on what papers.
This article describes how Tabiquo turns that scattered folder into a digital gatekeeper: a roster of workers whose compliance status is derived from their real documents, a presence register that knows who is inside at any instant, and a control at the gate that flags or blocks the people who should not pass before they pass.
The real problem: control without a roster is not control
Who is on site right now
The simplest question is usually the hardest to answer. How many people are inside the site at this moment? If there is an accident, do we know who to evacuate? If a worker shows up that nobody recognises, are they from the plumbing crew or did they wander in?
In Tabiquo every project carries a roster of site workers (the SiteWorker model): name, trade, tax ID, badge or credential code, photo, and a link either to the subcontractor company or to a user on your own team. It is not a static list. Each worker carries their own status and, thanks to the entry-and-exit register, we always know whether they are inside or out. The endpoint that feeds the gatekeeper's mobile app (present) returns exactly that: the snapshot of who is on site this instant, ordered by entry time. That is the answer an inspector expects in thirty seconds, not thirty minutes.
Documents expire, and nobody warns you
The second problem is quieter. A safety-training certificate is issued with a validity date. The medical-fitness assessment expires. The worker ID card expires. And the moment someone copies those dates by hand into a sheet, that sheet starts lying the day after it is written.
Here is the design decision we care most about: in Tabiquo a document's validity is never stored by hand. Each worker document is a typed slot (SiteWorkerDocument) that wraps a real file, and the expiry date lives on that file (File.expires_at) as the single source of truth. The status — valid, expiring, expired or missing — is computed live every time it is read. There is no way for the roster to say "current" while the PDF says otherwise, because the roster reads the PDF.
The digital gatekeeper: flag and block at the gate
Compliance computed, not noted down
A worker is fit to enter when three conditions hold at once, and the system checks all three on every check-in. First, that they are not manually blocked. Second, that every required document is in an acceptable state. Third — and this is the one many people forget — that the company they belong to is itself in order.
The required documents are configured per project. By default Tabiquo demands three: safety training, medical fitness, and an ID card. But each team can adjust that set through a project setting (site_access.required_documents), because a small refit and a civil-works site with heavy plant do not ask for the same papers. If the site requires four documents and a worker has only three valid slots, they do not comply. Full stop.
Each slot's status distinguishes four situations. Valid: there is a file and it is not expiring soon. Expiring: still valid, but inside the 7-day warning window — it still lets the worker through, but it is already flashing amber. Expired: the file's date has passed. Missing: the slot exists because the document is mandatory, but nobody has uploaded anything. Only "valid" and "expiring" permit access; expired and missing do not.
The company layer: the DURC and its equivalent
For external crews there is one more layer. It is not enough for the worker to have his papers: the subcontractor firm must be up to date. In Italy this takes the form of the DURC (the single contributions-compliance certificate); in Spain the practical equivalent is the firm's standing with social security and the tax authority inside the inter-company coordination framework. Tabiquo records on the company record (Entity) whether its standing is valid and when it lapses, and every worker's compliance check folds that in: if the subcontractor's DURC expired on Monday, all of their workers stop being fit on Monday, even if their individual certificates are perfect. A worker on your own team does not carry that company requirement, because the liability is already yours.
Flag or block, with a trail
When the gatekeeper checks a worker in from the mobile app, here is what happens. If they are already recorded as inside, the system rejects it (you cannot check in twice without checking out). If they do not comply, the entry is blocked with a clear message and a signal that an explicit override is required. The gatekeeper cannot let them through "by accident": they have to actively decide to bypass the block.
And if they do, it leaves a trail. Every presence record stores whether the person was compliant at the exact moment of entry (was_compliant). When a non-compliant worker is admitted by override, the system automatically raises a critical "unauthorized worker on site" alert to the team, naming the worker, the project and the record's identifier. This is not a punishment: it is proof that the decision was taken knowingly and that someone accountable was informed. The day you have to explain why a given person came in, that trail is worth more than any verbal account.
Gates, visitors and exits
A large site does not have a single entrance. Tabiquo lets you define several named gates (SiteGate), so each entry and exit records which one was used. That separates the pedestrian access from the lorry gate, and lets an incident report pin down where something happened.
Visitors get their own lane. A client's technician, a sales rep, the architect from the supervising team: they are not on the worker roster, but they enter. They are logged as a visitor with name, company, reason and document, and they appear in the same presence register as the workers. To an inspector, "who is inside" includes the visitors too, and the register does not hide them.
How the roster gets filled without it being a chore
The public link for the subcontractor
The classic mistake is for the site manager to end up chasing every crew foreman for PDFs over WhatsApp, then uploading them one by one. Tabiquo flips this around: from the admin panel you generate a public link for a specific subcontractor firm (SiteAccessLink), valid for 30 days, and send it to the foreman.
That foreman opens the link with no account and nothing to install, and registers their own crew: they add each worker with their details and upload each mandatory document along with its expiry date. The page shows exactly which documents the site requires, in the language of the team that manages it, and lets them chain worker after worker without navigating away. The work of entering the data is done by the person who has the data, before the crew turns up at the fence. The day they arrive, they are already on the roster and already carry a computed compliance status.
Always-fresh status, hands off
When a document is uploaded or removed, the system recomputes the worker's status automatically: approved if they comply, pending if something is missing. The site manager does not have to manually "approve" anything routine; they only step in for the exceptional case, such as blocking someone by hand for a disciplinary reason — in which case that manual block overrides the documents. And during bulk intake through the public link, the sync runs once at the end rather than recalculating on every upload.
Make the warning arrive before the problem
Documents about to expire
Blocking someone at the gate is the last resort, not the goal. The goal is for the certificate to be renewed before it expires. So Tabiquo runs a daily job (alerts:worker-document-expiry) that walks the roster's documents reading the file's real expiry — not a copy — and raises an alert to the site manager when a document is expired or inside the 7-day window. The alert names the worker, the document and its status. That way the foreman has a week to renew the training instead of discovering the problem with the worker already standing at the gate at eight in the morning.
The report that prints and gets handed over
When the inspector wants something on paper, or the client wants a record of the day, the admin panel downloads a PDF access report: who is inside at that moment, and the full roster with the status of each worker's documents. It is the same data the gatekeeper sees in the app, but sealed into a document that gets handed over and filed.
Who is allowed to be the gatekeeper
All of this is protected by permissions. The gatekeeper endpoints require the site_access.manage permission within the project, on top of a check that the user has access to that project at all. Not just anyone records entries: only the person tasked with access control. And the app distinguishes between team members and clients, so the developer can consult without being able to operate the gate.
Conclusion
Controlling access to a site is not about a turnstile and a sign-in sheet. It is about answering, at any moment and without hesitation, two questions: who is inside, and were they entitled to enter. Inter-company coordination in Spain and site safety in Italy start from that same demand, and what makes them unmanageable is not the law but the fact that the data lives scattered across emails, WhatsApp photos and sheets that expire in silence.
The piece that changes everything is to stop copying dates by hand. When each document's validity is read from the real file, the compliance status never lies; when that status is checked at the gate, the gatekeeper flags and blocks before the problem rather than after it; and when each decision leaves a trail, the liability is documented. The roster fills itself through a link the subcontractor completes, the alerts warn a week ahead, and the inspector gets a report in thirty seconds. It is not automatic legal certification — no software is — but it is the difference between having control and merely looking like you do.
Tabiquo brings the worker roster, the presence register, the gatekeeper with compliance blocking, and the expiry alerts together in one place, wired to the mobile app used by whoever is standing at the fence. If you run construction sites and you want to truly know who is on the deck and on what papers, we invite you to try it and feel how much it suddenly weighs to be able to answer the inspector without opening a single folder.