feat: update README

Author: imiskii

README.md

@@ -1,125 +1,114 @@
-# 🧱 TaskBoard
+# TaskBoard (A decentralized platform for CTF-style challenges using Ethereum, IPFS, and zkSNARKs.)
 
-Design and build a **decentralized task board and badge collector** for developers and learners. Tasks are challenges with predefined correct solutions, and successful solvers earn **on-chain badges** (NFTs or SBTs) that they can collect as verifiable proof of their skills.
+See a small [blog](https://lasmichal.com/projects/taskboard/taskboard.html) about this dApp.
+
+TaskBoard is a dApp for creating and solving CTF-like tasks using smart contracts, IPFS, and zero-knowledge proofs (ZKP).
+Users solve challenges by proving knowledge of a hidden secret without revealing it. Successful solvers are rewarded with task-specific tokens.
 
 To ensure trustless and scalable operation:
 
 * Solutions are verified automatically (no manual approval).
 * Tasks and descriptions are stored off-chain via IPFS.
 * Proof validation is handled using ZK circuits.
 * Submissions remain **private** to avoid copying.
+* Rewards issued as non-transferable ERC-1155 tokens.
 
----
-
-## Core Features
+## Tech stack
 
-### 1. **Task Creation**
+* Frontend – React
+* Backend – [Node.js](https://nodejs.org/en) ([Fastify](https://fastify.dev/)) + [Postgres](https://www.postgresql.org/)
+* Smart contracts – Solidity (ERC-1155, AccessControl)
+* Storage – IPFS (local - [Kubo IPFS](https://docs.ipfs.tech/install/command-line/)  / [Pinata](https://pinata.cloud/))
+* Proof system – snarkjs + Groth16
 
-* Any user can create a task
-* Task includes:
+## How it works
 
-  * Title, description, difficulty
-  * Required tags (e.g., Solidity, ZK, Rust)
-  * Solution validation mechanism (hash or ZK circuit hash)
-  * Reward badge config (SBT metadata)
-  * Deadline (optional)
-* Metadata is uploaded to IPFS
-* The contract stores minimal task data + IPFS CID
+1. Task creation – Creator commits a secret (Poseidon hash + salt) stored on IPFS.
+2. Solving – Solver submits a ZKP proving they know the secret.
+3. Verification – Smart contract checks the proof and mints a reward token.
 
 ---
 
-### 2. **Task Solving / Proof Submission**
-
-* Any dev can attempt the task
-* They submit a **proof** of solution
-* The contract verifies it:
+## Set up
 
-  * If correct → mints badge (NFT/SBT) to solver
-  * If wrong → rejected, optional retry delay
-* Optional: support encrypted solution uploads for future reference
+1. Compile the circuit and generate a trusted setup with `make circuit` (testing only).
+2. Export smart contract ABI with `make export-task-manager-abi`.
+3. Start the Postgres DB and use `make delete-db` and `make init-db`.
+  - Postgres has to have user `app` and created database called `task_board_db`.
+4. Start Anvil and deploy smart contracts with `make deploy-local` and add creator `add-creator-local`.
+  - The creator is Anvil's account (1) with address _0x70997970C51812dc3A010C7d01b50e0d17dc79C8_, add it to your wallet (e.g., MetaMask).
+5. Start Kubo IPFS `ipfs daemon`.
+6. Start the backend from `/backend` directory with `npm run dev`.
+7. Start the frontend from `/frontend` directory with `npm run dev`.
 
----
-
-### 3. **Badge Minting**
+## Environment files
 
-* Each task has a custom badge
-* Badges are:
+### Root `.env` (for smart contracts)
 
-  * Non-transferable (SBT)
-  * Include metadata about task
-  * Linked to IPFS data
-* Optional: user profile page with badge portfolio (off-chain frontend)
-
----
+```bash
+### ENV for local Anvil node
+PRIVATE_KEY_LOCAL=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
+PRIVATE_KEY_CREATOR=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
+PRIVATE_KEY_SOLVER=0x5de4111afa1a4b94908f83103eb1f1706367c2e68ca870fc3fb9a804cdab365a
 
-## Example Task Flow
+CREATOR_ADDR=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
 
-1. Alice creates a task:
+TASK_MANAGER_ADDR=0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9
+TASK_ACCESS_ADDR=0x5FbDB2315678afecb367f032d93F642f64180aa3
 
-   * **"Write a smart contract that verifies Merkle Proofs"**
-   * IPFS CID with metadata: `bafy...abc`
-   * Creator writes a ZK circuit
+TASK_ID_TO_DEACTIVATE=1
 
-2. Task posted on-chain with IPFS CID and hash
+### ENV for Sepolia deployment
 
-3. Bob solves it:
-
-   * Generates a ZK proof using the circuit
-   * Submits the proof to the smart contract
-   * If valid → badge minted
-
----
-
-## Proof Validation Logic Options
-
-Choose from these validation types (extendable):
-
----
-
-### Zero-Knowledge Proofs (Advanced)**
-
-* Creator writes a ZK circuit using **Circom**
-* Contract stores `circuitHash`
-* Solver:
-
-  * Builds the solution off-chain
-  * Generates a ZK proof using the circuit
-  * Submits the proof to the smart contract
-* Contract verifies proof → badge minted
-
-**Good for**:
-
-* Math challenges, logic puzzles, data constraints, Merkle inclusion
-
-**Requires**:
+PRIVATE_KEY=0xYOUR_PRIVATE_KEY # Wallet private key
+ETHERSCAN_API_KEY=YOUR_ETHERSCAN_KEY # Etherscan API key (for verification)
+SEPOLIA_RPC_URL=https://eth-sepolia.g.alchemy.com/v2/<YOUR_ALCHEMY_KEY> # RPC provider (Alchemy)
+```
 
-* ZK circuit storage (IPFS or registry)
+### Backend `.env`
+
+```bash
+SERVER_PORT=3000
+IPFS_STORAGE_MODE='local' # 'dev', 'local', or 'prod'
+IPFS_LOCAL_API_URL='http://127.0.0.1:5001' # if IPFS_STORAGE_MODE='local', then this is the API URL of the local IPFS node
+IPFS_LOCAL_GATEWAY_URL='http://127.0.0.1:8080' # if IPFS_STORAGE_MODE='local', then this is the gateway URL of the local IPFS node
+PINATA_API_KEY='<Pinata API key>' # if IPFS_STORAGE_MODE='prod', then this is the Pinata API key
+PINATA_JWT_TOKEN='<Pinata JWT token>' # if IPFS_STORAGE_MODE='prod', then this is the Pinata JWT token
+PINATA_GATEWAY_URL='blush-peculiar-quail-924.mypinata.cloud' # if IPFS_STORAGE_MODE='prod', then this is the Pinata gateway URL
+PINATA_TASKS_GROUP_ID='<Pinata tasks group ID>' # if IPFS_STORAGE_MODE='prod', then this is the Pinata tasks group ID
+PINATA_IMAGES_GROUP_ID='<Pinata images group ID>' # if IPFS_STORAGE_MODE='prod', then this is the Pinata images group ID
+
+LISTENER_MODE= 'local' # 'local' or 'prod'
+INFURA_API_KEY='<Infura API Key>' # if LISTENER_MODE='prod', then this is the Infura API Key
+CONTRACT_ADDRESS=0xCf7Ed3AccA5a467e9e704C703E8D87F634fB0Fc9 # TaskManager contract deployed address
+START_BLOCK=0 # Needed for fetching history of events. This has to be number of block inside which the TaskManager contract was deployed
+FINALITY_BLOCKS=5 # Number of blocks until events will be recorded into the database
+
+DATABASE_USER='app'
+DATABASE_PWD='app'
+DATABASE_HOST='localhost'
+DATABASE_NAME='task_board_db'
+DATABASE_PORT=5432
+```
 
 ---
 
-## Task Metadata (IPFS)
-
-Example task metadata JSON:
+## Token metadata and Task Data
 
 ```json
 {
-  "title": "Merkle Tree Challenge",
-  "description": "Build a Solidity contract that generates a Merkle root and verifies leaf inclusion using proof. Submit the root hash as the answer.",
-  "difficulty": "Medium",
-  "tags": ["Solidity", "Merkle", "Security"],
-  "validationType": "hash",
-  "solutionHash": "0xdeadbeef123...",
-  "testSuiteCID": "bafy...xyz",
-  "createdBy": "0x1234abcd...",
-  "createdAt": 1729849200
+  "name": "Stego Sleuth",
+  "description": "Proof of your ability to uncover secrets hidden in plain sight.",
+  "image": "ipfs://<cid>",
+  "task": {
+    "title": "Steganography in the Image",
+    "description": "A PNG file hides a message in its least significant bits. Extract it to find the secret number.",
+    "difficulty": "Easy",
+    "tags": ["stego", "forensics", "binary"],
+    "createdBy": "0x1234abcd...",
+    "createdAt": 1729849200,
+    "requirements": ["steganography tools", "hex editor"],
+    "resources": ["ipfs://<cid>"]
+  }
 }
-```
-
-You can upload this with:
-
-* [Web3.Storage](https://web3.storage)
-* [NFT.Storage](https://nft.storage)
-* [Pinata](https://pinata.cloud)
-
-Use returned CID in your smart contract.
-
+```