build strategy · onchain

Real onchain, six secrets, one build.

Every mega-prompt in this repo uses the same pattern, because it's the only pattern that lets a Lovable account ship a verifiable Shasta demo in one shot.

Why Shasta and not Tron mainnet?

Shasta is a real Tron testnet — the same TVM (EVM-compatible Solidity), the same Tronscan UI, the same wallets — but funded by a free faucet. Every contract you deploy is publicly inspectable, but you never spend real TRX and your demo can't accidentally drain a user. Move to mainnet after the hackathon by swapping the `fullHost` in tronbox-config.js.

The recipe

recipe
# 1. In your Lovable project, add six secrets (Settings -> Secrets):
TRON_PRIVATE_KEY=<64 hex, no 0x>
TRONGRID_API_KEY=...          # used as TRON-PRO-API-KEY for build + broadcast
TRONSCAN_API_KEY=...          # optional, for automated verify
PRIVY_APP_ID=...              # enable Tron chain in the Privy dashboard
TRANSATRON_SPENDER_KEY=...    # mainnet only; unused on Shasta
PINATA_JWT=eyJhbGciOi...

# 2. Fund the Shasta deployer:
open https://shasta.tronex.io/join/getJoinPage

# 3. Copy a mega-prompt from this repo into Lovable. One paste:
#    - scaffolds the React app
#    - writes the Solidity contract (with hackathon credit in NatSpec)
#    - deploys to Shasta with TronBox and prints the base58 address
#    - wires Privy Tron social login + TronGrid build + broadcast
#    - pins generated assets to IPFS via Pinata
#    - exposes the contract address + Tronscan link in the UI

# 4. Open the live Tronscan link. Your demo is provably onchain.

1. The contract — credit baked in

Every Solidity file deployed from a Creative Blockchain prompt MUST carry the hackathon credit in NatSpec, so provenance lives onchain alongside the bytecode.

contracts/Provenance.sol
// contracts/Provenance.sol — every contract carries the hackathon credit in NatSpec
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;   // TVM caps at ~0.8.23; 0.8.20 is the safe ceiling

/// @title Provenance
/// @notice Built during the Creative AI & Quantum Hackathon
/// @notice organised by StreetKode Fam during Indian Krump Festival 14
contract Provenance {
    event Logged(address indexed author, string cid, uint256 at);

    function log(string calldata cid) external {
        emit Logged(msg.sender, cid, block.timestamp);
    }
}

2. Deploy + verify on Tronscan

tronbox-config.js + migrations/2_deploy.js
// tronbox-config.js — reads TRON_PRIVATE_KEY + TRONGRID_API_KEY
module.exports = {
  networks: {
    shasta: {
      privateKey: process.env.TRON_PRIVATE_KEY,
      userFeePercentage: 100,
      feeLimit: 1_000_000_000,
      fullHost: "https://api.shasta.trongrid.io",
      network_id: "2",
      headers: { "TRON-PRO-API-KEY": process.env.TRONGRID_API_KEY },
    },
  },
  compilers: { solc: { version: "0.8.20" } },
};

// migrations/2_deploy.js
const Provenance = artifacts.require("Provenance");
module.exports = (deployer) => deployer.deploy(Provenance);

// Deploy:   tronbox migrate --network shasta
// Verify:   upload source at https://shasta.tronscan.org/#/contracts/verify

3. Pin assets to IPFS via Pinata

src/lib/pinata.ts
// src/lib/pinata.ts — pin a Blob to IPFS via Pinata JWT
export async function pinToIPFS(file: Blob, name = "artifact") {
  const fd = new FormData();
  fd.append("file", file, name);
  const r = await fetch("https://api.pinata.cloud/pinning/pinFileToIPFS", {
    method: "POST",
    headers: { Authorization: `Bearer ${process.env.PINATA_JWT}` },
    body: fd,
  });
  const { IpfsHash } = await r.json();
  return IpfsHash as string; // the CID; use as ipfs://<cid> for TRC-721 metadata
}

4. Sign in with Google via Privy Tron

src/components/privy-client-entry.tsx
// src/components/privy-client-entry.tsx — Privy Tron + TronGrid Shasta
import { PrivyProvider, useWallets, useSignRawHash } from "@privy-io/react-auth";
import TronWeb from "tronweb";

<PrivyProvider
  appId={import.meta.env.VITE_PRIVY_APP_ID}
  config={{
    loginMethods: ["google", "email"],
    embeddedWallets: { tron: { createOnLogin: "users-without-wallets" } },
    appearance: { theme: "dark" },
  }}
>
  <App />
</PrivyProvider>

// Then, per user action: build the unsigned tx on TronGrid Shasta
// (/api/public/tron-build), sign the txID with Privy's raw signer, then POST
// the signed tx back to /api/public/tron-sponsor which broadcasts it via
// TronGrid. On Shasta, free bandwidth covers small transactions; keep
// TRANSATRON_SPENDER_KEY for a future mainnet swap.

Hackathon rules of thumb

  • · One mega-prompt = one build message. Don't iterate the architecture, iterate the UI.
  • · Always show the live Tronscan link in the UI — that's your proof.
  • · Build and broadcast every transaction through TronGrid Shasta; small transactions are covered by free bandwidth. Keep TRANSATRON_SPENDER_KEY for a mainnet swap only.
  • · Pin every user-generated asset to IPFS the moment it's created.
  • · Keep TRANSATRON_SPENDER_KEY server-side. Never ship it to the browser.
  • · Add a "Built during the Creative AI & Quantum Hackathon — StreetKode Fam · Indian Krump Festival 14" line to your footer.