This document presents a comprehensive overview of the activities, methodologies, and key results associated with the Toolkit. Its purpose is to detail the architecture, components, and their relationships, as well as the installation, configuration, and implementation procedures for a results-based traceability and payment project using the existing toolkit, secure authentication mechanisms, blockchain traceability, and payments via tokens and stablecoins.
This diagram describes the four main components for running the PPR application and their relationships.
https://github.com/mongodb/mongo
docker run -d \
--name mongodb \
-p 27017:27017 \
-e MONGO_INITDB_ROOT_USERNAME=admin \
-e MONGO_INITDB_ROOT_PASSWORD=admin123 \
mongo:latesthttps://github.com/keycloak/keycloak
The application requires a properly configured Keycloak server for authentication. Below is the required setup.
- Create a new realm named
ppr-realm - Configure the realm settings:
- Enable user registration if needed
- Set session timeouts as required
Create a client for the backend API:
| Setting | Value |
|---|---|
| Client ID | ppr-api-client |
| Client Protocol | openid-connect |
| Access Type | confidential |
| Standard Flow Enabled | ON |
| Direct Access Grants | ON |
| Service Accounts | ON (if using machine-to-machine auth) |
Valid Redirect URIs
http://localhost:3000/*
https://your-production-domain.com/*
Create the following realm roles:
| Role | Description |
|---|---|
Sponsor |
Can create and fund projects |
Provider |
Can deliver services and upload evidence |
User |
Can view and participate in projects |
Verifier |
Can audit evidence and approve phases |
- Go to Realm Settings → Keys
- Click on the Public key button for the RSA key
- Copy the key and add it to your
.env:
KEYCLOAK_REALM_PUBLIC_KEY="<realm-pk>"KEYCLOAK_AUTH_SERVER_URL="https://your-keycloak.example.com"
KEYCLOAK_REALM="ppr-realm"
KEYCLOAK_CLIENT_ID="ppr-api-client"
KEYCLOAK_SECRET="<your-client-secret>"
KEYCLOAK_REALM_PUBLIC_KEY="<your-realm-public-key>"Note: The backend uses
nest-keycloak-connectfor JWT validation. All API endpoints (except/health) require a valid Bearer token.
https://github.com/LACNetNetworks/PPR/tree/main/ppr-backend
A robust NestJS backend API for the PPR platform, enabling project funding management, evidence tracking, and blockchain integration for transparency.
| Technology | Version | Purpose |
|---|---|---|
| NestJS | 11.x | Core framework |
| MongoDB | 8.x | Database (via Mongoose) |
| Keycloak | 26.x | Authentication & authorization |
| ethers.js | 6.x | Blockchain integration |
| Swagger | 11.x | API documentation |
| TypeScript | 5.x | Language |
The project follows Clean Architecture principles with three main layers:
src/
├── application/ # Use cases and DTOs (business logic)
├── domain/ # Entities, repositories interfaces, enums
├── infrastructure/ # External concerns (HTTP, DB, auth, integrations)
└── bootstrap/ # App initialization and configuration
| Module | Description |
|---|---|
projects |
Core project management |
phases |
Project phases/stages |
tasks |
Phase tasks |
contributions |
Funding contributions |
evidences |
Evidence files and blockchain anchoring |
users |
User management (sponsor, provider, user, verifier) |
organizations |
Organization management |
transactions |
Transaction audit trail |
audit-revisions |
Audit revision tracking |
| Integration | Purpose |
|---|---|
| POK API | External service integration |
| Blockchain (LNet) | Transaction anchoring and verification |
| File Storage (GCS) | Evidence file storage |
- Node.js 22.x (see Dockerfile)
- MongoDB instance (local or remote)
- Keycloak server configured with
ppr-realm - Access to LNet network (optional, for blockchain features)
- Access to ZKSync Network
- Access to any EVM System
npm installCopy .env.example to .env and configure:
# Server
NODE_ENV="development"
PORT="3000"
GLOBAL_PREFIX="ppr"
# MongoDB
MONGODB_URI="mongodb://user:pass@localhost:27017/ppr_db"
MONGODB_DB="ppr_db"
# Keycloak
KEYCLOAK_AUTH_SERVER_URL="https://your-keycloak.example.com"
KEYCLOAK_REALM="ppr-realm"
KEYCLOAK_CLIENT_ID="ppr-api-client"
KEYCLOAK_REALM_PUBLIC_KEY="<your-public-key>"
# External Services
FILE_STORE_API_URL="<file-storage-api-url>"
FILE_STORE_API_KEY="<your-api-key>"
# Blockchain (optional)
RPC_URL="<lacchain-rpc-url>"
PRIVATE_KEY="<blockchain-private-key>"
ADDRESS_CONTRACT="<smart-contract-address>"# Development (with hot reload)
npm run start:dev
# Production
npm run build
npm run start:prod- API Base URL:
http://localhost:3000/ppr - Swagger Docs:
http://localhost:3000/ppr/docs - Health Check:
http://localhost:3000/ppr/health
| Method | Endpoint | Description |
|---|---|---|
| GET | /projects |
List all projects |
| GET | /projects/:id |
Get project by ID |
| POST | /projects |
Create new project |
| PUT | /projects/:id |
Update project |
| GET | /projects/:projectId/phases |
List project phases |
| POST | /projects/:projectId/phases |
Add phase to project |
| GET | /projects/:projectId/members |
List project members |
| GET | /projects/:projectId/contributions |
List contributions |
| Method | Endpoint | Description |
|---|---|---|
| GET | /users |
List users |
| GET | /users/:id |
Get user by ID |
| POST | /users |
Create user |
| Method | Endpoint | Description |
|---|---|---|
| GET | /evidences |
List evidences |
| POST | /evidences |
Upload evidence |
Note: All endpoints require Bearer token authentication via Keycloak.
# Build image
docker build -t ppr-backend .
# Run container
docker run -p 3000:3000 --env-file .env ppr-backenddocker-compose up -d| Script | Description |
|---|---|
npm run start:dev |
Start with hot reload |
npm run start:debug |
Start with debugger |
npm run build |
Build for production |
npm run start:prod |
Run production build |
npm run lint |
Run ESLint |
npm run format |
Format with Prettier |
npm run test |
Run unit tests |
npm run test:e2e |
Run e2e tests |
npm run test:cov |
Run tests with coverage |
| Role | Description |
|---|---|
Sponsor |
Creates and funds projects |
Provider |
Delivers project services, uploads evidence |
User |
Benefits from projects |
Verifier |
Audits evidence and project progress |
https://github.com/LACNetNetworks/PPR/tree/main/ppr-frontend
A modern Next.js 15 frontend for the PPR platform, providing role-based dashboards for project funding management, evidence tracking, and contribution monitoring.
| Technology | Version | Purpose |
|---|---|---|
| Next.js | 15.x | React framework (App Router) |
| React | 19.x | UI library |
| TypeScript | 5.x | Type safety |
| Tailwind CSS | 4.x | Styling |
| Keycloak JS | 26.x | Authentication |
| Recharts | 3.x | Data visualization |
| Motion | 12.x | Animations |
| Headless UI | 2.x | Accessible UI primitives |
src/
├── app/ # Next.js App Router
│ ├── (app)/ # Protected routes
│ │ ├── sponsor/ # Sponsor dashboard
│ │ ├── provider/ # Provider dashboard
│ │ ├── user/ # User dashboard
│ │ └── verifier/ # Verifier dashboard
│ └── (auth)/ # Auth routes (login, register)
├── components/ # Reusable UI components
│ ├── grids/ # Grid layouts
│ ├── tables/ # Data tables
│ ├── dashboards/ # Dashboard components
│ ├── sidebars/ # Navigation sidebars
│ └── ... # Modals, forms, etc.
├── hooks/ # Custom React hooks
├── lib/ # Utilities and API services
└── types/ # TypeScript types
| Component | Description |
|---|---|
sidebar.tsx |
Role-based navigation sidebar |
projects-table.tsx |
Project listing and management |
contribution-modal.tsx |
Contribution entry |
evidence-detail-modal.tsx |
Evidence viewing |
audit-modal.tsx |
Verification workflows |
keycloak-provider.tsx |
Auth context provider |
| Role | Dashboard | Capabilities |
|---|---|---|
Sponsor |
/sponsor |
Create projects, manage funding, add collaborators |
Provider |
/provider |
Deliver services, upload evidence, track phases |
User |
/user |
View projects, track benefits |
Verifier |
/verifier |
Audit evidence, approve phases |
- Node.js 18.x or later
- npm 9.x or later
- Access to the PPR Backend API
- Keycloak server for authentication
npm installCreate .env.local:
NEXT_PUBLIC_API_URL=http://localhost:3000/ppr
NEXT_PUBLIC_KEYCLOAK_URL=https://your-keycloak.example.com
NEXT_PUBLIC_KEYCLOAK_REALM=ppr-realm
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID=ppr-frontendnpm run devThe app will be available at http://localhost:5173.
npm run build
npm run start| Variable | Description |
|---|---|
NEXT_PUBLIC_API_URL |
Backend API base URL |
NEXT_PUBLIC_KEYCLOAK_URL |
Keycloak server URL |
NEXT_PUBLIC_KEYCLOAK_REALM |
Keycloak realm name |
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID |
Keycloak client ID |
# Build image
docker build -t ppr-frontend .
# Run container
docker run -p 8080:8080 ppr-frontendThe production container runs on port
8080.
| Script | Description |
|---|---|
npm run dev |
Start dev server on port 5173 |
npm run build |
Build for production |
npm run start |
Start production server |
npm run lint |
Run ESLint |
The frontend connects to the backend using:
src/lib/api-client.ts— Axios-based HTTP client with authsrc/lib/api-services.ts— React hooks for API operations (client-side)src/lib/api-services-server.ts— Server-side API calls
import { useFetchProjects, useCreateProject } from '@/lib/api-services'
function ProjectsList() {
const fetchProjects = useFetchProjects()
const createProject = useCreateProject()
useEffect(() => {
fetchProjects().then(setProjects)
}, [])
const handleCreate = async (data) => {
await createProject(data)
}
}A custom Keycloak login theme is included in keycloak-login-theme/. Deploy to your Keycloak server's themes/ directory.
The frontend requires a Keycloak server for authentication. It uses keycloak-js and @react-keycloak/web for client-side authentication.
Use the same ppr-realm as the backend. Ensure the following are configured:
- Realm name:
ppr-realm - Login settings: Configure as needed (registration, password policies, etc.)
Create a public client for the frontend (separate from the backend client):
| Setting | Value |
|---|---|
| Client ID | ppr-frontend |
| Client Protocol | openid-connect |
| Access Type | public (no client secret) |
| Standard Flow Enabled | ON |
| Direct Access Grants | OFF |
| Implicit Flow Enabled | OFF |
Valid Redirect URIs
http://localhost:5173/*
https://your_domain.com/*
http://localhost:5173
https://yourdomain.com
| Role | Dashboard Route |
|---|---|
sponsor |
/sponsor |
provider |
/provider |
user |
/user |
verifier |
/verifier |
Users should be assigned one role that determines their dashboard access.
NEXT_PUBLIC_KEYCLOAK_URL="https://your-keycloak.example.com"
NEXT_PUBLIC_KEYCLOAK_REALM="ppr-realm"
NEXT_PUBLIC_KEYCLOAK_CLIENT_ID="ppr-frontend"- User navigates to the app
KeycloakProviderinitializes and checks for existing session- If not authenticated, user is redirected to Keycloak login
- After login, Keycloak redirects back with tokens
- Frontend stores tokens and includes them in API requests
To use the custom theme:
- Copy
keycloak-login-theme/to<KEYCLOAK_HOME>/themes/ppr-theme - In Keycloak Admin Console, go to Realm Settings → Themes
- Set Login Theme to
ppr-theme