TrustVC · RishabhS7 · Apr 7, 2026 · Jan 27, 2026 · Jan 28, 2026 · Jan 29, 2026
diff --git a/.env.example b/.env.example
@@ -0,0 +1,26 @@
+VITE_SUPPORT_API_BASE_URL=
+
+# reCAPTCHA: site key (frontend).
+# Must match API secret key server-side.
+# In production, this must be set; do not allow verification bypass when missing.
+VITE_RECAPTCHA_SITE_KEY=
+
+# Optional: platform/environment for Jira (e.g. dev, staging, prod). Default: dev
+VITE_PLATFORM=dev
+
+VITE_NETWORK_TYPE=mainnet
+
+# Per-chain RPC overrides (key = chain ID)
+# Mainnet
+VITE_RPC_URL_1=
+VITE_RPC_URL_137=
+VITE_RPC_URL_50=
+VITE_RPC_URL_101010=
+VITE_RPC_URL_1338=
+
+# Testnet
+VITE_RPC_URL_11155111=
+VITE_RPC_URL_80002=
+VITE_RPC_URL_51=
+VITE_RPC_URL_20180427=
+VITE_RPC_URL_21002=
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -33,6 +33,9 @@ jobs:
 
       - name: Run tests with coverage
         run: npm run test:coverage
+        env:
+          VITE_RPC_URL_1: ${{ secrets.VITE_RPC_URL_1 }}
+          VITE_RPC_URL_101010: ${{ secrets.VITE_RPC_URL_101010 }}
 
   build:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/deploy-trustvc-website.yml b/.github/workflows/deploy-trustvc-website.yml
@@ -0,0 +1,115 @@
+name: Deploy TrustVC Website
+
+on:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to deploy (always deploys from main)'
+        required: true
+        default: 'main'
+        type: choice
+        options:
+          - main
+          - develop
+      environment:
+        description: 'Deployment environment'
+        required: true
+        default: 'development'
+        type: choice
+        options:
+          - development
+          - production
+
+permissions:
+  contents: read
+
+jobs:
+  build-and-deploy:
+    name: Build and deploy to CloudFront
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      # id-token: write  # enable when using OIDC for AWS (no long-lived keys)
+
+    env:
+      # Map environment input to S3 bucket and CloudFront distribution
+      AWS_REGION: ap-southeast-1
+      DEPLOY_ENV: ${{ github.event.inputs.environment }}
+
+      S3_BUCKET_DEVELOPMENT: ${{ secrets.TRUSTVC_WEB_S3_BUCKET_DEVELOPMENT }}
+      S3_BUCKET_PRODUCTION: ${{ secrets.TRUSTVC_WEB_S3_BUCKET_PRODUCTION }}
+
+      CF_DISTRIBUTION_DEVELOPMENT: ${{ secrets.TRUSTVC_WEB_CF_DISTRIBUTION_DEVELOPMENT }}
+      CF_DISTRIBUTION_PRODUCTION: ${{ secrets.TRUSTVC_WEB_CF_DISTRIBUTION_PRODUCTION }}
+
+      # Full .env content per environment (one line or multiline, as in your local .env)
+      ENV_FILE_DEVELOPMENT: ${{ secrets.TRUSTVC_WEB_ENV_DEVELOPMENT }}
+      ENV_FILE_PRODUCTION: ${{ secrets.TRUSTVC_WEB_ENV_PRODUCTION }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Use Node.js 20
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: package-lock.json
+
+      - name: Create .env for build
+        run: |
+          if [ "${DEPLOY_ENV}" = "production" ]; then
+            echo "${ENV_FILE_PRODUCTION}" > .env
+          else
+            echo "${ENV_FILE_DEVELOPMENT}" > .env
+          fi
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Lint
+        run: npm run lint
+
+      - name: Build
+        run: npm run build
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Determine target bucket and distribution
+        id: env-map
+        shell: bash
+        run: |
+          if [ "${DEPLOY_ENV}" = "production" ]; then
+            echo "s3_bucket=${S3_BUCKET_PRODUCTION}" >> "$GITHUB_OUTPUT"
+            echo "distribution_id=${CF_DISTRIBUTION_PRODUCTION}" >> "$GITHUB_OUTPUT"
+            echo "deploy_env_name=production" >> "$GITHUB_OUTPUT"
+          else
+            echo "s3_bucket=${S3_BUCKET_DEVELOPMENT}" >> "$GITHUB_OUTPUT"
+            echo "distribution_id=${CF_DISTRIBUTION_DEVELOPMENT}" >> "$GITHUB_OUTPUT"
+            echo "deploy_env_name=development" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Sync assets to S3
+        if: steps.env-map.outputs.s3_bucket != ''
+        run: |
+          BUCKET="${{ steps.env-map.outputs.s3_bucket }}"
+          # Long cache only for hashed assets (JS/CSS/fonts); never cache HTML at edge/browser for 1 year
+          aws s3 sync ./dist "s3://${BUCKET}" --delete --exclude "*.html" --cache-control "public, max-age=31536000"
+          # Short cache for HTML entry points so browsers always get fresh index.html (and new asset refs) after deploy
+          aws s3 sync ./dist "s3://${BUCKET}" --cache-control "public, max-age=0, must-revalidate" --exclude "*" --include "*.html"
+
+      - name: Invalidate CloudFront cache
+        if: steps.env-map.outputs.distribution_id != ''
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id "${{ steps.env-map.outputs.distribution_id }}" \
+            --paths "/*"
+
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -0,0 +1,6 @@
+#!/usr/bin/env sh
+set -e
+
+echo "🔍 Running pre-commit checks..."
+npm run lint
+npm run format:check
diff --git a/eslint b/eslint
diff --git a/eslint.config.js b/eslint.config.js
@@ -7,12 +7,15 @@ import prettier from 'eslint-config-prettier'
 import tseslint from 'typescript-eslint'
 
 export default [
-  { ignores: ['dist', 'coverage'] },
+  { ignores: ['dist', 'coverage', 'scripts/**/*'] },
   {
     files: ['**/*.{js,jsx,ts,tsx}'],
     languageOptions: {
       ecmaVersion: 2020,
-      globals: globals.browser,
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+      },
       parser: tseslint.parser,
       parserOptions: {
         ecmaVersion: 'latest',
@@ -25,6 +28,8 @@ export default [
             'tailwind.config.js',
             'vite.config.js',
             'src/test/setup.js',
+            'src/shims/dotenv-config.js',
+            'src/shims/node-fetch.js',
           ],
         },
       },
@@ -48,6 +53,14 @@ export default [
         'warn',
         { allowConstantExport: true },
       ],
+      '@typescript-eslint/no-unused-vars': [
+        'error',
+        {
+          argsIgnorePattern: '^_',
+          varsIgnorePattern: '^_',
+        },
+      ],
+      'no-unused-vars': 'off',
     },
   },
 ]
diff --git a/index.html b/index.html
@@ -2,7 +2,7 @@
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/trustvc.svg" />
+    <link rel="icon" type="image/svg+xml" href="/icons/trustvc-logo.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>TrustVC</title>
   </head>