Quick Start
What you need
Section titled “What you need”- Bun (v1.0+) because Node.js is fine but Bun is faster
- Git (obviously)
- A text editor (VSCode, probably)
- 10 minutes and some terminal patience
Step 1: Clone and install things
Section titled “Step 1: Clone and install things”The usual ceremony:
git clone <repository-url>cd proof-of-spendbun install
# Widget has its own deps because monorepos are still terriblecd proof-of-spend-widgetbun installcd ..Step 2: Database setup
Section titled “Step 2: Database setup”SQLite because Postgres is overkill for local dev:
bun run drizzle-kit generatebun run drizzle-kit migrateIf this fails, congratulations, you found a bug. File an issue.
Step 3: Environment variables
Section titled “Step 3: Environment variables”Create .env in the root. Generate actual secrets for production, but for local testing:
PORT=3000NODE_ENV=developmentDATABASE_URL=./data/proof-of-spend.dbJWT_ACCESS_SECRET=make-this-long-and-random-in-productionJWT_REFRESH_SECRET=seriously-dont-use-this-in-productionStep 4: Start the OAuth server
Section titled “Step 4: Start the OAuth server”bun run devOAuth server runs at http://localhost:3000. If you see errors, read them. They’re usually helpful.
Step 5: Register an OAuth client
Section titled “Step 5: Register an OAuth client”Your widget needs credentials to talk to the OAuth server:
curl -X POST http://localhost:3000/oauth/register \ -H "Content-Type: application/json" \ -d '{ "name": "Local Dev Widget", "redirectUris": ["http://localhost:3001/callback"], "grantTypes": ["authorization_code", "refresh_token"] }'This returns client_id and client_secret. Write them down or scroll up in your terminal later.
Step 6: Start the widget
Section titled “Step 6: Start the widget”New terminal because the server is blocking the first one:
cd proof-of-spend-widgetbun run devWidget runs at http://localhost:3001. Open it in a browser.
Step 7: Actually test it
Section titled “Step 7: Actually test it”- Go to
http://localhost:3001 - Click a provider button (OpenAI, Anthropic, whatever)
- OAuth flow happens (you’ll need real API credentials for this part)
- Get an annotation task
- Paste an API response
- Watch it verify
If it works, you’re done. If it doesn’t, check the console. Error messages are there for a reason.
What’s next?
Section titled “What’s next?”Backend Setup has the details I skipped here.
Widget Integration if you want to embed this in your own app.
OAuth API Reference if you’re the “read the spec” type.
Run the tests (you should)
Section titled “Run the tests (you should)”# Backend OAuth testsbun test tests/integration/oauth-flow.test.tsbun test tests/integration/oauth-admin.test.ts
# Widget testscd proof-of-spend-widgetbun test200+ tests, >85% coverage. If they don’t pass, something’s broken (probably your environment, but maybe the code).