Skip to content

gitdevelopers007/HashNexus

BranchesTags

Repository files navigation

HashNexus

Digital Document Verification & Trust Layer

HashNexus is our implementation of DigiSecure - Digital Document Verification & Trust Layer. It is a secure, scalable system for issuing, verifying, tracking, and trusting digital documents in a tamper-evident way.

Team Name

HashNexus

Problem Statement

PROBLEM STATEMENT - 2

Title: DigiSecure - Digital Document Verification & Trust Layer

The Goal

Build a secure, scalable system that allows institutions to:

  • issue tamper-proof digital documents
  • verify whether a document is authentic or modified
  • detect suspicious structural changes in uploaded files
  • maintain trust and auditability across the document lifecycle

Why This Matters

Institutions such as universities, banks, employers, and government offices increasingly share certificates, transcripts, compliance reports, and identity documents digitally. Traditional PDFs are easy to duplicate, edit, or forge. Verifiers often have no reliable way to know:

  • who issued the document
  • whether the file has been changed after issuance
  • whether the verification trail itself can be trusted
  • whether the issuing entity has a strong trust history

HashNexus addresses this by combining document hashing, verification logic, trust scoring, audit trails, and blockchain anchoring in one platform.

Our Solution

HashNexus provides a full digital document trust layer with these core capabilities:

  • secure document issuance with document hashing, signed QR payloads, and issuance metadata
  • instant verification of uploaded PDFs using structural checks
  • tamper detection with suspicious region highlighting
  • dynamic trust scoring for issuers and documents
  • immutable audit logs with hash-chain verification
  • blockchain notarization with graceful fallback for local demo mode
  • modular architecture designed around separate services and future expansion

The current implementation is optimized to work reliably as a local demo while preserving service boundaries that match a production-oriented architecture.

Key Features

1. Secure Document Issuance

  • accepts PDF uploads
  • computes a SHA-256 hash for each document
  • generates document IDs and signed QR payloads
  • produces a scannable QR code for later verification
  • stores issuance data for downstream validation and audit

2. Document Verification

  • verifies uploaded documents through backend analysis
  • checks for structural consistency in PDFs
  • reports verification status, verdict, confidence, and blockchain status
  • exposes verification results through the UI and API

3. Tamper Detection

  • detects suspicious PDF markers such as broken headers, incremental revisions, and metadata inconsistencies
  • highlights suspicious regions visually
  • returns layered tamper-analysis output for explainability

4. Trust Scoring

  • computes trust scores for issuers and documents
  • exposes trust components such as issuer credibility and verification consistency
  • keeps trust history for transparency

5. Immutable Audit Log

  • records issuance and verification events
  • supports audit log retrieval
  • verifies the integrity of the audit chain

6. Blockchain Anchoring

  • notarizes document hashes through a blockchain bridge
  • supports lookup of blockchain status by document hash
  • falls back to a local ledger when the bridge is unavailable

7. Reliable Local Demo Experience

  • single command startup with npm run dev
  • same-origin /api/* proxy to avoid frontend fetch failures
  • live service status in the UI
  • clearer failure messages when local services are offline

Tech Stack

Frontend

  • Node.js-served web UI
  • HTML, CSS, JavaScript
  • same-origin API proxy via apps/web/app.js

Backend

  • Fastify / Node.js
    • API gateway
    • blockchain bridge
  • Go
    • issuance service
    • verification engine
    • audit log service
    • DID resolver
  • Python
    • tamper detection
    • trust scoring engine

Data and Persistence

  • SQLite dev store for local persistence
  • Redis-ready nonce handling support in the gateway
  • schema files for verification and issuer data

Blockchain and ZKP Readiness

  • Solidity registry contract scaffold
  • Circom circuits for selective disclosure style proofs

Workflow

End-to-End Flow

  1. An institution uploads a PDF document in the Issue Document tab.
  2. The system hashes the document and generates issuance metadata.
  3. A signed QR payload and QR image are created.
  4. The document hash is notarized through the blockchain bridge or local fallback ledger.
  5. Issuance activity is stored and logged in the audit trail.
  6. A verifier uploads a PDF in the Verify Document tab.
  7. The system inspects PDF structure and determines whether the file appears authentic or modified.
  8. Tamper signals, trust score, and blockchain status are returned.
  9. The Tamper Detection tab visualizes suspicious regions.
  10. The Trust Scores tab shows issuer-level trust metrics.
  11. The Audit Log tab shows the event history and chain integrity.
  12. The Blockchain tab checks whether a document hash is anchored.

Local Demo Workflow

  1. Copy .env.example to .env if needed.
  2. Run npm run dev from the project root.
  3. Open http://127.0.0.1:4173.
  4. Use the header status chips to confirm:
    • web is online
    • API gateway is reachable
    • blockchain bridge or fallback mode is active

System Architecture

High-Level Architecture

Browser UI
   |
   | same-origin /api/*
   v
Web UI Server (Node.js)
   |
   | proxy
   v
API Gateway (Fastify)
   |-- document issuance logic
   |-- verification logic
   |-- tamper analysis endpoints
   |-- trust scoring endpoints
   |-- audit log endpoints
   |-- blockchain integration endpoints
   |
   |-- SQLite dev store
   |-- Redis-backed nonce support
   |-- blockchain bridge integration
   |-- local blockchain fallback ledger

Main Runtime Ports

  • 4173 - web UI
  • 3000 - API gateway
  • 50056 - blockchain bridge

Service Responsibilities

  • apps/web

    • serves the local UI
    • proxies /api/* to the backend
    • handles local status visibility and action gating

  • services/api-gateway

    • central backend facade
    • exposes issuance, verification, trust, audit, blockchain, DID, and stub ZKP routes
    • persists local demo data

  • services/blockchain-bridge

    • simulates blockchain notarization and record lookup

  • services/issuance-service

    • Go-based service scaffold for issuance workflows

  • services/verification-engine

    • Go-based service scaffold for verification logic

  • services/audit-log-service

    • audit-oriented service scaffold

  • services/did-resolver

    • DID resolution scaffold

  • services/tamper-detection

    • Python tamper detection scaffold

  • services/trust-scoring-engine

    • Python trust scoring scaffold

Project Structure

HashNexus/
├─ apps/
│  └─ web/                     # local web UI and same-origin API proxy
├─ services/
│  ├─ api-gateway/             # main Fastify backend
│  ├─ blockchain-bridge/       # blockchain notarization adapter
│  ├─ issuance-service/        # Go issuance service scaffold
│  ├─ verification-engine/     # Go verification service scaffold
│  ├─ audit-log-service/       # Go audit service scaffold
│  ├─ did-resolver/            # Go DID resolver scaffold
│  ├─ tamper-detection/        # Python tamper analysis scaffold
│  └─ trust-scoring-engine/    # Python trust engine scaffold
├─ packages/
│  └─ schemas/                 # shared JSON schemas
├─ infrastructure/
│  ├─ docker/                  # docker-compose setup
│  └─ migrations/              # SQL migration files
├─ contracts/                  # Solidity contract scaffold
├─ circuits/                   # Circom proof circuits
├─ data/                       # local dev-store location
├─ tests/                      # e2e, load, and attack notes
└─ scripts/                    # local startup scripts

Configuration

Environment File

The project includes .env.example with the local configuration used by the demo.

Important values include:

  • POSTGRES_URL
  • REDIS_URL
  • JWT_DEV_SECRET
  • DEV_MASTER_KEY
  • NONCE_TTL_S
  • BLOCKCHAIN_BRIDGE_URL
  • ISSUANCE_SERVICE_URL
  • VERIFICATION_ENGINE_URL
  • TRUST_SCORING_URL
  • TAMPER_DETECTION_URL
  • DID_RESOLVER_URL

Local Startup

Run:

npm run dev

This starts:

  • web UI at http://127.0.0.1:4173
  • API gateway at http://127.0.0.1:3000
  • blockchain bridge at http://127.0.0.1:50056

Local Storage

When full production infrastructure is not available, the API gateway uses a local SQLite-backed dev store:

  • file path: data/dev-store.sqlite

This local store supports:

  • issued document records
  • verification records
  • trust snapshots
  • audit log records
  • DID records

Notes on Reliability

  • the frontend uses same-origin /api/* calls instead of a hardcoded backend URL
  • if the blockchain bridge is unavailable, the gateway falls back to a local ledger
  • the UI shows gateway and blockchain status so failures are easier to diagnose

Future Scope

  • production-grade authentication and authorization
  • stronger digital signature verification
  • richer blockchain integration
  • real ZKP proof generation and verification
  • cloud deployment and horizontal scaling
  • institution onboarding and issuer management

Conclusion

HashNexus is a practical digital document trust layer built for secure issuance, verification, auditability, and trust computation. It demonstrates how tamper detection, blockchain anchoring, and transparent verification workflows can be combined into a unified system for modern institutions.

About

Digital Document Verification & Trust Layer

hash-nexus-neon.vercel.app

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages