CustomsManifest workflow
Each bonded parcel call generates a CustomsManifest. The agent submits it to the customs authority; SeaPillar tracks it through DRAFT, SUBMITTED, UNDER_REVIEW, APPROVED, and RELEASED states before delivery is unlocked.
SeaPillar builds the customs authority workflow directly into the parcel state machine. A BONDED parcel cannot reach the vessel until its CustomsManifest is RELEASED. The gate is automatic, auditable, and inspector-ready — covering MIO, bonded warehouse, and EU FAL obligations on every port call.
Every mechanism below is enforced by the state machine — not by a manual reminder or a policy document that someone might miss at 06:00 on a Friday morning.
Each bonded parcel call generates a CustomsManifest. The agent submits it to the customs authority; SeaPillar tracks it through DRAFT, SUBMITTED, UNDER_REVIEW, APPROVED, and RELEASED states before delivery is unlocked.
Parcels tagged BONDED follow the standard inbound lifecycle with one enforced gate: the STAGED-to-DELIVERED transition is blocked until the linked CustomsManifest reaches RELEASED status.
Every BONDED parcel carries a bondedDeadline. When the deadline passes without an active extension, the CLOSE transition is blocked. The system does not silently allow an expired bond to be closed.
Agents can record a deadline extension from the customs authority — including the authority reference number — against an active BONDED parcel. The extension is recorded in the audit trail and lifts the CLOSE block.
The agent enters the customs authority MIO reference manually against each CustomsManifest. The reference is preserved in the audit chain and appears on the generated GDN, giving the inspector a single authoritative document.
The Goods Delivery Note is generated from the immutable custody chain and carries a SHA-256 integrity hash. Any alteration after generation is detectable. Port-state inspectors can verify the document in under 60 seconds.
The CustomsManifest follows a strict state machine. Backward transitions are blocked. REJECTED returns to DRAFT for correction. RELEASED is the only state that unlocks delivery for linked BONDED parcels.
Agent creates manifest; parcels added
Submitted to customs authority
Authority is reviewing
Authority approved — awaiting release
Delivery unlocked for BONDED parcels
Delivery unlockedAll parcels delivered; manifest archived
REJECTED (from UNDER_REVIEW or APPROVED) returns to DRAFT for correction and resubmission.
A WMS optimises where things are stored and how efficiently they move. A custody system proves what happened and who was responsible. These are different design priorities with different outputs.
| Dimension | Warehouse Management System | Digital Parcel Custody |
|---|---|---|
| Primary purpose | Track inventory location and quantity for ongoing warehouse operations | Prove a specific parcel moved through a specific custody chain, attributable to specific people, at specific times |
| Who needs it | Warehouse managers optimising throughput and storage utilisation | Ship agents who are legally responsible for third-party cargo and must produce a defendable record of every handoff |
| Legal purpose | Operational efficiency — inventory accuracy, cycle counts, stock-level visibility | Liability documentation — proof of receipt, proof of condition, proof of delivery, proof of compliance |
| Custody attribution | Not a primary concern — stock moves between zones anonymously | Every state change is attributed to a named actor with timestamp and device identity. Non-repudiation is a design requirement. |
| Bonded and regulated goods | Typically handled as a separate compliance workflow, not integrated | Customs compliance gates are built into the state machine — a bonded parcel cannot be delivered until the manifest is released |
| Proof format | Stock reports, cycle count sheets, pick-and-pack records | Goods Delivery Note (GDN) with integrity hash, full audit export structured for P&I club submission |
Primary purpose
Track inventory location and quantity for ongoing warehouse operations
Prove a specific parcel moved through a specific custody chain, attributable to specific people, at specific times
Who needs it
Warehouse managers optimising throughput and storage utilisation
Ship agents who are legally responsible for third-party cargo and must produce a defendable record of every handoff
Legal purpose
Operational efficiency — inventory accuracy, cycle counts, stock-level visibility
Liability documentation — proof of receipt, proof of condition, proof of delivery, proof of compliance
Custody attribution
Not a primary concern — stock moves between zones anonymously
Every state change is attributed to a named actor with timestamp and device identity. Non-repudiation is a design requirement.
Bonded and regulated goods
Typically handled as a separate compliance workflow, not integrated
Customs compliance gates are built into the state machine — a bonded parcel cannot be delivered until the manifest is released
Proof format
Stock reports, cycle count sheets, pick-and-pack records
Goods Delivery Note (GDN) with integrity hash, full audit export structured for P&I club submission
Not every digital tool that tracks parcels qualifies as a custody system. These five properties are the difference between a record that satisfies an auditor and one that does not.
Every state change records who did it — not just a team or a role, but a specific named user with their organisational identity.
Receipt, custody transfers, and delivery times are locked into the record at the moment of action. They cannot be edited retroactively.
A parcel can only move through defined legal transitions. A parcel cannot jump from RECEIVED to DELIVERED without passing through IN_WAREHOUSE and STAGED. Bonded goods cannot be delivered without a released customs manifest.
The captain's confirmation is not a signature on paper that can be lost or disputed. It is a digital record with timestamp, identity, device fingerprint, and the exact parcel set that was confirmed.
The GDN is generated from the immutable custody chain and carries an integrity hash. Any alteration after generation is detectable. The document proves its own authenticity.
The agent has a paper GDN, possibly a photograph. The captain has a different recollection. The P&I club investigation takes 90 days and resolves on the better documentation — which is usually neither.
The audit export shows: every parcel received, every state change, the captain's digital confirmation with timestamp and IP address, and the GDN integrity hash. Resolution is a 10-minute document export.
No system stopped it. The compliance officer finds out when the authority audits. The fine is assessed against the agency. The agent cannot demonstrate what their process was.
The system enforced a hard gate. The parcel state cannot transition to DELIVERED while the customs manifest is in any state other than RELEASED. The gate is in the audit trail. Compliance is demonstrable.
The warehouse log says it was received. The consignee says it wasn't. The paper trail is ambiguous. The agency absorbs the cost or the relationship.
The receipt record shows: timestamp, operator identity, photo evidence at intake. The custody chain shows every subsequent state change. If the parcel was received, that is provable. If it was not, that is equally provable.
The status of 40 parcels lives in their head, their email, and a shared spreadsheet that nobody else has been maintaining. The handover is a phone call and a prayer.
Every parcel has a live status visible to every authorised user. The incoming agent opens SeaPillar and sees exactly what was received, what is in warehouse, what is staged, what is bonded, and what still needs customs clearance.
Designed for ship agents, not adapted from generic WMS software.
We identify where your current process leaves liability gaps — disputed deliveries, bonded compliance, chain-of-custody handovers — and show you exactly how the custody chain closes them.