TrueShot Ledger
Prove original photo ownership to combat unauthorized reuse and forgery.
NFT provenance mint· onchain authorship
Section · Onchain
full primer →The primitive.
Photographers mint each photo authenticity as an ERC-721 token on Linea Sepolia pointing at an IPFS CID, so authorship and timestamp are provable from a single LineaScan link.
Why this primitiveNFT provenance mint creates immutable proof of original photo creation linked to IPFS.
Kernel
an ERC-721 contract on Linea Sepolia that mints a creator-owned token pointing at an IPFS CID, verified on LineaScan
Drives the UI as
a 'mint to claim authorship' button that returns the tokenId, owner address, and LineaScan link
Required keys.
LINEA_SEPOLIA_RPC_URL
Alchemy Linea Sepolia HTTPS endpoint. Create a free app → copy the HTTPS URL.
open ↗Add these in your Lovable project under Settings → Secrets before pasting the prompt below.
Appendix · Mega-prompt
The build prompt.
budget · 1 message
Paste into a fresh Lovable project. Make sure all five secrets above are set first. read the build strategy →
Build "TrueShot Ledger" in ONE Lovable message. Single-page demo.
CONCEPT
Prove original photo ownership to combat unauthorized reuse and forgery.
Discipline: Photography (photo authenticity).
Onchain primitive: NFT provenance mint. Why this primitive: NFT provenance mint creates immutable proof of original photo creation linked to IPFS.
5-CREDIT BUDGET (HARD LIMIT):
- ONE single-page app. No router, no Lovable Cloud, no database, no auth flows beyond Privy drop-in.
- ONE Solidity contract, <=80 lines, deployed to Linea Sepolia, verified on LineaScan.
- Privy is always the auth layer (Google login, embedded wallet). Users pay their own gas — Linea Sepolia gas is negligible (sub-cent), so no paymaster or sponsorship is needed.
- Pinata/IPFS only if the idea genuinely needs to store a file or metadata.
- At most ONE AI call per user action (use Lovable AI Gateway with LOVABLE_API_KEY if AI is part of the idea).
- Skip tests, skip CI, skip docs pages. Ship the demo, nothing else.
STACK
- React + Vite single page (the index route).
- SSR-safe Privy mount is mandatory. Never import @privy-io/react-auth at
module scope of a route file — it crashes SSR. Use
lazy(() => import('./privy-client-entry')) inside <ClientOnly> + <Suspense>,
and put <PrivyProvider> only inside privy-client-entry.tsx.
- PrivyProvider config MUST declare Linea Sepolia as the default AND only
supported chain — otherwise Privy defaults to Ethereum mainnet, refuses
switchChain(59141) silently, and sendTransaction hangs forever with the
button stuck on "Logging on chain…". Import lineaSepolia from viem/chains:
import { lineaSepolia } from 'viem/chains';
<PrivyProvider appId={import.meta.env.VITE_PRIVY_APP_ID}
config={{ loginMethods:['google','email'],
embeddedWallets:{ ethereum:{ createOnLogin:'users-without-wallets' } },
appearance:{ theme:'dark' },
defaultChain: lineaSepolia,
supportedChains: [lineaSepolia] }}>
- Read the embedded wallet from useWallets, not user.wallet:
const embedded = wallets.find(w => w.walletClientType === 'privy');
- Before every send, make sure the wallet is on Linea Sepolia:
if (embedded.chainId !== 'eip155:59141') await embedded.switchChain(59141);
- Send with chainId per-call. Users approve each tx and pay their own gas —
Linea Sepolia gas is negligible (sub-cent), so no sponsorship is needed:
await sendTransaction(
{ to, data, chainId: 59141 },
{ address: embedded.address }
);
- Do NOT pass `sponsor: true`, ZeroDev, SmartWalletsProvider, or a paymaster URL.
This app runs on Linea Sepolia; users pay the tiny gas themselves.
- src/lib/pinata.ts uploads via `fetch('https://api.pinata.cloud/pinning/pinFileToIPFS', { method:'POST', headers:{ Authorization: `Bearer ${import.meta.env.VITE_PINATA_JWT}` }, body: fd })`.
- Hardhat in /contracts (kept outside the Vite bundle). Install
`@nomicfoundation/hardhat-toolbox` AND `@nomicfoundation/hardhat-verify@latest`
(>=3.x — older versions still hit Etherscan v1 and fail with
"You are using a deprecated V1 endpoint, switch to Etherscan API V2").
- hardhat.config.cjs uses the Etherscan v2 shape with a customChains entry
for Linea Sepolia (LineaScan is on Etherscan Multichain — same API key):
require("@nomicfoundation/hardhat-toolbox");
require("@nomicfoundation/hardhat-verify");
module.exports = {
solidity: { version: "0.8.24", settings: { optimizer: { enabled: true, runs: 200 } } },
networks: { linea_sepolia: {
url: process.env.LINEA_SEPOLIA_RPC_URL, // Alchemy Linea Sepolia HTTPS URL, REQUIRED
accounts: [process.env.METAMASK_PRIVATE_KEY.startsWith("0x")
? process.env.METAMASK_PRIVATE_KEY : "0x" + process.env.METAMASK_PRIVATE_KEY],
chainId: 59141,
} },
etherscan: {
apiKey: { linea_sepolia: process.env.ETHERSCAN_API_KEY },
customChains: [{
network: "linea_sepolia",
chainId: 59141,
urls: {
apiURL: "https://api-sepolia.lineascan.build/api",
browserURL: "https://sepolia.lineascan.build",
},
}],
},
sourcify: { enabled: false },
};
- Deploy: `npx hardhat run scripts/deploy.cjs --network linea_sepolia`.
- Verify (run RIGHT AFTER deploy, no constructor args for these contracts):
`npx hardhat verify --network linea_sepolia <address>`
On success LineaScan returns "Successfully verified contract … on the block explorer"
and the source becomes readable at
`https://sepolia.lineascan.build/address/<address>#code`.
- Frontend reads: create a viem public client with the Alchemy URL —
`createPublicClient({ chain: lineaSepolia, transport: http(import.meta.env.VITE_LINEA_SEPOLIA_RPC_URL) })`
(import `lineaSepolia` from `viem/chains`). Expose the RPC to the client by
also setting VITE_LINEA_SEPOLIA_RPC_URL to the same value.
- Write the deployed address to `src/data/contract.json` so the UI links to
`https://sepolia.lineascan.build/address/<address>`.
CONTRACT (contracts/TrueShotLedger.sol):
```solidity
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
/// @title TrueShotLedger
/// @notice ERC-721 provenance for: Prove original photo ownership to combat unauthorized reuse and forgery.
/// @notice Built during the Creative AI & Quantum Hackathon organised by StreetKode Fam during Indian Krump Festival 14
contract TrueShotLedger is ERC721 {
uint256 public nextId;
mapping(uint256 => string) public cidOf;
constructor() ERC721("TrueShotLedger", "TRUESH") {}
/// @notice Built during the Creative AI & Quantum Hackathon organised by StreetKode Fam during Indian Krump Festival 14
function mint(string calldata cid) external returns (uint256 id) {
id = ++nextId; cidOf[id] = cid; _safeMint(msg.sender, id);
}
function tokenURI(uint256 id) public view override returns (string memory) {
return string(abi.encodePacked("ipfs://", cidOf[id]));
}
}
```
USER FLOW
1. Land on page -> 'Sign in with Google' (Privy) -> embedded wallet auto-provisioned.
2. After the user creates a photo authenticity artefact, pin the file to IPFS via Pinata, then call `mint(cid)` on the deployed contract through Privy (user approves the sub-cent gas). Show tokenId, IPFS preview (`https://gateway.pinata.cloud/ipfs/<cid>`), and LineaScan mint-tx link.
3. Footer renders: "Built during the Creative AI & Quantum Hackathon organised by StreetKode Fam during Indian Krump Festival 14"
REQUIRED SECRETS (Lovable -> Project Settings -> Secrets):
- METAMASK_PRIVATE_KEY Linea Sepolia deployer key. Fund it: https://www.hackquest.io/faucets/59141
- LINEA_SEPOLIA_RPC_URL Alchemy Linea Sepolia HTTPS endpoint (https://linea-sepolia.g.alchemy.com/v2/<key>). Create a free app at https://dashboard.alchemy.com/ -> copy the HTTPS URL. Public RPCs throttle under hackathon load — Alchemy is required.
- ETHERSCAN_API_KEY For `npx hardhat verify` — LineaScan is on Etherscan Multichain, so the same key works. Get: https://etherscan.io/myapikey
- PRIVY_APP_ID Google sign-in + embedded wallet. Docs: https://docs.privy.io/llms-full.txt
- PINATA_JWT IPFS uploads (only if app pins media). Docs: https://docs.pinata.cloud/llms-full.txt
CREDIT (must appear in UI footer AND as NatSpec on every deployed contract):
Built during the Creative AI & Quantum Hackathon organised by StreetKode Fam during Indian Krump Festival 14
Market sizing.
TAM
$2.4B
global photo software market
SAM
$500M
photo editing and verification tools
SOM
$50M
forensic authenticity services for professional photographers
Indicative figures for hackathon pitches — refine with your own research before raising.
Adjacent entries.
photo editing history
EditTrace Chain
Track complete edit histories on-chain for transparent creative workflows.
fine art printsProPrint Certify
Certify fine art photo prints with tamper-proof digital provenance.
event photographySnapEvent Auth
Validate event photo ownership instantly with blockchain timestamps.
photojournalismNewsFrame Provenance
Authenticate frontline news photos with immutable creator-owned tokens.