CredVault is a decentralized identity MVP for issuing, storing, sharing, and verifying credentials. It uses a Next.js app for the product experience, MongoDB for the demo data layer, Merkle proofs for credential integrity, and a Solidity contract for batch-root anchoring.
The project is built for a hackathon-style credential lifecycle:
- An issuer creates a credential.
- The credential is hashed and added to a Merkle tree.
- The batch Merkle root is anchored.
- A recipient claims and shares selected fields.
- A verifier checks proof, anchor, issuer trust, and revocation state.
- Role-based dashboards for issuer, recipient, and verifier.
- Wallet login with automatic role routing.
- Predefined credential schemas:
- University Degree
- Employee ID
- Event Ticket
- Professional Certification
- Age Verification
- Single and batch credential issuing.
- Merkle tree generation and proof verification.
- Selective disclosure through share links.
- Verification requests with private claim checks.
- Revocation state stored in MongoDB.
- Solidity contract for Merkle root anchoring.
- Responsive dark UI with shared dashboard shell.
This repository is honest MVP code, not a production identity network yet.
lib/blockchain.tscurrently uses a MongoDB-backed mock anchor flow and fake transaction hashes.lib/ipfs.tscurrently stores IPFS-like objects in MongoDB and returns fake CIDs.lib/zkp.tsperforms trusted server-side claim checks, not real zero-knowledge proofs.- Role access is based on configured wallet addresses in environment variables.
- The Solidity contract exists in
contracts/CredentialRegistry.sol, but the app routes are not fully wired to live contract writes yet.
These shortcuts make the demo easy to run locally while preserving the shape of the final architecture.
| Layer | Technology |
|---|---|
| App | Next.js, React, TypeScript |
| Styling | Tailwind CSS, custom UI components, lucide-react icons |
| API | Next.js route handlers |
| Database | MongoDB |
| Auth | Wallet login plus JWT session cookie |
| Crypto | Ed25519 signatures, Keccak hashing, Merkle proofs |
| Blockchain | Solidity, Hardhat, Polygon Amoy config |
app/
api/ Backend route handlers
(issuer)/issuer/ Issuer dashboard and workflows
(recipient)/wallet/ Recipient wallet and sharing
(verifier)/verifier/ Verifier dashboard and requests
login/ Wallet login page
verify/[token]/ Public share verification page
components/
shared/ App shell, sidebar, header, credential cards
ui/ Reusable UI primitives
contracts/
CredentialRegistry.sol
lib/
auth.ts JWT sessions and wallet helpers
blockchain.ts Mock chain integration layer
credentials.ts Credential creation and signing
db.ts MongoDB connection and collection helpers
ipfs.ts MongoDB-backed IPFS-like storage
merkle.ts Merkle tree and proof logic
schemas.ts Credential schema definitions
zkp.ts Demo private-claim checks
scripts/
setup-database.ts
seed-demo-data.ts
deploy-contract.ts
generate-keys.tsInstall dependencies:
npm installCreate .env.local from the example:
cp .env.example .env.localFill the required values:
MONGODB_URI=
MONGODB_DB_NAME=decentralized-identity
JWT_SECRET=
ISSUER_PRIVATE_KEY=
ISSUER_DID=did:web:localhost
ISSUER_WALLET_ADDRESS=
VERIFIER_WALLET_ADDRESS=
CREDENTIAL_REGISTRY_CONTRACT=
POLYGON_RPC_URL=https://rpc-amoy.polygon.technology
NEXT_PUBLIC_APP_URL=http://localhost:3000Create database indexes:
npm run setup:dbOptional demo seed:
npm run seed:demoStart the app:
npm run devOpen:
http://localhost:3000Compile:
npm run compile:contractsDeploy to Polygon Amoy:
npm run deploy:contractsThe current contract stores a packed record for each Merkle root:
- issuer address
- timestamp
- existence flag
Main functions:
anchorBatch(bytes32 merkleRoot)verify(bytes32 merkleRoot)exists(bytes32 merkleRoot)
- Connect the configured issuer wallet.
- Open
/issuer. - Issue a credential or upload a batch.
- The app validates schema data, builds credentials, creates Merkle proofs, signs credentials, and stores records in MongoDB.
- Connect any non-issuer and non-verifier wallet.
- Open
/wallet. - View available credentials, claim them, and create selective share links.
- Connect the configured verifier wallet.
- Open
/verifier. - Create verification requests or verify shared credential links.
Recommended production upgrades:
- Replace
lib/blockchain.tsmock logic with realviemcontract reads/writes. - Expand
CredentialRegistry.solwith trusted issuer registration. - Store full credential JSON on real IPFS or Pinata.
- Verify Ed25519 signatures during credential verification.
- Replace demo claim checks with real ZK circuits or rename them as server-assisted checks.
- Add Zod validation to every API route.
- Add tests for Merkle proofs, issuing, sharing, revocation, and authorization.
- Add rate limits and better audit logging for public verification endpoints.
npm run dev # Start Next.js
npm run build # Production build
npm run start # Start production server
npm run setup:db # Create MongoDB collections and indexes
npm run seed:demo # Seed demo data
npm run generate:keys # Generate issuer signing keys
npm run compile:contracts # Compile Solidity contract
npm run deploy:contracts # Deploy contract to Polygon AmoyThis project is a hackathon MVP. Add a license before publishing or reusing it publicly.