PARAM

Problem

Universities issue transcripts and degrees as paper or static PDFs that are slow to verify and easy to forge. Registrars need configurable approval chains, curriculum versioning, SGPA/CGPA rules, and immutable audit trails. Students should never need crypto wallets; employers need sub-second verification with on-chain proof and optional deep-verify by document hash or NFT token ID.

Approach

PARAM is a monorepo with six deployment layers: browsers (admin, academic, faculty, student, public verifier); Vercel edge (Next.js 16 App Router, HMAC param_session middleware, /api/v1 rewrites to EC2); AWS EC2 docker-compose (Caddy TLS → Express 5 api + isolated param-worker for BullMQ/cron); Supabase Postgres 15 + Prisma (30+ models); Base Sepolia via ethers.js v6; Privy JWT auth, Razorpay verify-flow, SMTP, Sentry. Feature modules cover students, curriculum, results, approvals, degrees, credentials, issuance, verification, and audit. Faculty grades → academic review → admin mint → student share → verifier confirms.

At a glance

Tech decisions

• Separate api + param-worker containers

  Puppeteer, CSV ingest, blockchain mint, and five cron sweeps must never starve the HTTP Prisma pool - README mandates worker isolation.

• On-demand PDF at GET /credentials/:id/pdf

  No PDF object storage or background PDF queue - transcripts generated at download with DRAFT/APPROVED watermarks.

• Privy embedded wallets provisioned at login

  Zero student seed-phrase friction; institute-controlled minting wallet for issuance.

• Dual state machines (semester + degree)

  Results: DRAFT→REVIEWED→APPROVED→ISSUED; degrees: PENDING_ACADEMIC→PENDING_ADMIN→ISSUED only when credits ≥ required and no backlogs.

• Public verify without auth

  Time-limited ShareLink tokens, QR embedding, and JSON API for automated employer checks - Verifier role needs no account.

• Zod-validated Express modules + full audit export

  Every action logs actor, entity, metadata, and IP for registrar compliance; soft deletes on critical records.