A React and Nx based web application with codebase for Global Trusted Data Commons portal.
It's built using the shared libraries of StatGPT portals frontend.
- β¨ Main Features
- π Architecture Overview
- π Quick Start
- π» Development
- π¨ Build
- π§ͺ Test
- π§βπ» Environment Variables
- π€ Contributing
- π Security
- π License
- π Related Projects
- Chat interface & history: based on DIAL Api
- Real-time Messaging: Stream responses from LLM models using Server-Sent Events
- Effortless SDMX data exploration: powered by the SDMX API
- Advanced view: filtering across datasets
- Charting: view data in chart format
- Sharing: share conversations via link or QR-code
- Authentication Support: NextAuth.js integration for secure user authentication (optional)
This project uses:
- Next.js with App Router for the frontend framework
- Nx Monorepo for project organization and tooling
- TypeScript for type safety
- Tailwind CSS for styling
- DIAL API for LLM backend integration
- React for building UI components
- NextAuth.js for authentication (optional)
- Node.js >= 24.14.0
- npm >= 11.11.0
npm install
npm run start- Node.js >= 24.14.0
- npm >= 11.11.0
- DIAL API access (for backend integration)
-
Clone the repository
git clone https://github.com/epam/statgpt-global-trusted-data-commons.git cd statgpt-global-trusted-data-commons -
Install Dependencies
npm install
-
Set up env variables
Copy the example file and fill in your values:
cp .env.local.example .env.local
Both
.envand.env.localare supported. See.env.local.examplefor all available variables. -
Start Development Environment
npm run start
Once the server is up and running, open
http://localhost:4200in your browser to view the Global Trusted Data Commons application.
npm run buildAfter running the command, you will see a dist folder created in your project directory with the optimized output.
To run the unit tests suite for your application, execute the following command:
npm run testGlobal Trusted Data Commons uses environment variables for configuration. All environment variables that can be used to configure settings and behavior of the application are included in the .env file.
Selected variables were predefined for the development purposes in the
.env.developmentfile.
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
DIAL_API_URL |
Yes | AI DIAL Core API Url. Refer to AI DIAL Core. |
URL | |
DIAL_API_KEY |
No | AI DIAL Core API Key. Used as a fallback only when no auth provider is configured. If an auth provider is configured, requests authenticate via JWT and this key is ignored. Refer to AI DIAL Core to learn how to set up AI DIAL Core and define API keys. |
Any string | |
DIAL_API_VERSION |
No | AI DIAL API Version | Any string | 2024-02-01 |
DEFAULT_MODEL |
No | A model that will be used for the new conversation. Reference or ID of the agent. |
Any string | First available model from AI DIAL Core config listing |
SDMX_API_URL |
No | SDMX+ api url. If not set, SDMX requests will be proxied through DIAL_API_URL. |
URL | |
SDMX_AUTH_KEY |
No | API key for authenticating requests to SDMX_API_URL. |
Any string | |
CONSTRAINS_SDMX_API_URL |
No | SDMX+ Constrains api url | URL | |
SDMX_PROXY_URL |
No | SDMX 3.0 constraints proxy url | URL | |
LOG_LEVEL |
No | Server-side log level. | trace | debug | info | warn | error | fatal |
info |
NEXT_PUBLIC_DEBUG |
No | Enables verbose client-side logging in the browser console. | true | false |
false |
The table below lists boolean environment variables that enable or disable specific application features.
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
CROSS_DATASET_MODE |
No | Enables cross-dataset mode, which allows view, filtering & configure grid view across multiple datasets | true, false |
false |
There env variables controls CSP
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
ALLOWED_FRAME_ANCESTORS |
No | Where app can be inserted as iframe | Any valid url list | 'none' |
General auth variables:
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
AUTH_SECRET |
Yes | Auth.js secret used to encrypt and verify sessions. Generate with openssl rand -base64 32, for example. |
Any string | |
AUTH_URL |
Optional for local development. Required when auth is enabled in deployed environments. |
Public application URL used for Auth.js URL resolution and secure cookie configuration. | Absolute URL | |
AUTH_TRUST_HOST |
Required behind a trusted reverse proxy or ingress. | Allows Auth.js to trust Host / X-Forwarded-* headers. Set to true for Kubernetes ingress / reverse proxy deployments that provide trusted forwarded headers. |
true | false |
false |
The table below presents a list of environment variables you can use to configure a specific IDP provider.
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
AUTH_AUTH0_AUDIENCE |
No | Auth0 Audience | Any string | |
AUTH_AUTH0_CLIENT_ID |
No | Auth0 Client ID | Any string | |
AUTH_AUTH0_HOST |
No | Auth0 Host | Any string | |
AUTH_AUTH0_NAME |
No | Auth0 Name | Any string | |
AUTH_AUTH0_SECRET |
No | Auth0 Secret | Any string | |
AUTH_AUTH0_SCOPE |
No | Auth0 Scope | Any string | openid email profile offline_access |
AUTH_AUTH0_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_AUTH0_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_AZURE_B2C_ISSUER |
No | Azure AD B2C Issuer, used to create well-known as ${issuer}/.well-known/openid-configuration or pass tenantId and primaryUserFlow instead of issuer to be used as https://${tenantId}.b2clogin.com/${tenantId}.onmicrosoft.com/${primaryUserFlow}/v2.0 |
Any string | |
AUTH_AZURE_B2C_TENANT_ID |
No | Azure AD B2C Tenant ID. A globally unique identifier (GUID) representing your Azure AD B2C tenant. Used to identify and authenticate the tenant for the client application. | Any string | |
AUTH_AZURE_B2C_CLIENT_ID |
No | Azure AD B2C Client ID. The unique identifier for the client application registered in Azure AD B2C. Used to authenticate the client application when accessing B2C resources. | Any string | |
AUTH_AZURE_B2C_CLIENT_SECRET |
No | Azure AD B2C Client Secret. A confidential string that authenticates and authorizes the client application to access Azure AD B2C resources. Serves as a password for the client application. | Any string | |
AUTH_AZURE_B2C_USER_FLOW |
No | Azure AD B2C User Flow. The name of the user flow (policy) configured in Azure AD B2C for authentication (e.g., B2C_1_signupsignin). |
Any string | |
AUTH_AZURE_B2C_NAME |
No | Azure AD B2C Name. A display name for the Azure AD B2C provider configuration. | Any string | |
AUTH_AZURE_B2C_SCOPE |
No | Azure AD B2C Scope. Specifies the permissions and resources the client application requests when authenticating with Azure AD B2C. | Any string | openid profile email offline_access |
AUTH_AZURE_B2C_AUD |
No | Azure AD B2C Audience. The expected audience claim value in the issued tokens. | Any string | |
AUTH_AZURE_B2C_ADMIN_ROLE_NAMES |
No | Defines the administrator role names for Azure AD B2C. Values must be separated by a comma. | Any string. Values must be separated by a comma. | |
AUTH_AZURE_B2C_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token for Azure AD B2C. Refer to DIAL_ROLES_FIELD for details. |
Any string. Value can be dot-separated. | |
AUTH_AZURE_AD_CLIENT_ID |
No | A unique identifier for the client application registered in Azure Active Directory (AD). It is used to authenticate the client application when accessing Azure AD resources. | Any string | |
AUTH_AZURE_AD_NAME |
No | A name of the Azure AD tenant. It is used to specify the specific Azure AD instance to authenticate against. | Any string | |
AUTH_AZURE_AD_SECRET |
No | Also known as the client secret or application secret, this parameter is a confidential string that authenticates and authorizes the client application to access Azure AD resources. It serves as a password for the client application. | Any string | |
AUTH_AZURE_AD_TENANT_ID |
No | Tenant ID refers to a globally unique identifier (GUID) that represents a specific Azure AD tenant. It is used to identify and authenticate the Azure AD tenant that the client application belongs to. | Any string | |
AUTH_AZURE_AD_SCOPE |
No | This parameter specifies the level of access and permissions that the client application requests when making a request to Azure AD resources. It defines the resources and actions that the application can access on behalf of a user or itself. | Any string | openid profile user.Read email offline_access |
AUTH_AZURE_AD_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_AZURE_AD_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_GITLAB_CLIENT_ID |
No | GitLab Client ID | Any string | |
AUTH_GITLAB_HOST |
No | GitLab Host | Any string | |
AUTH_GITLAB_NAME |
No | GitLab Name | Any string | |
AUTH_GITLAB_SECRET |
No | GitLab Secret | Any string | |
AUTH_GITLAB_SCOPE |
No | GitLab Scope | Any string | read_user |
AUTH_GITLAB_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_GITLAB_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_GOOGLE_CLIENT_ID |
No | Google Client ID | Any string | |
AUTH_GOOGLE_NAME |
No | Google Name | Any string | |
AUTH_GOOGLE_SECRET |
No | Google Secret | Any string | |
AUTH_GOOGLE_SCOPE |
No | Google Scope | Any string | openid email profile offline_access |
AUTH_KEYCLOAK_CLIENT_ID |
No | Keycloak Client ID | Any string | |
AUTH_KEYCLOAK_HOST |
No | Keycloak Host | Any string | |
AUTH_KEYCLOAK_NAME |
No | Keycloak Name | Any string | |
AUTH_KEYCLOAK_SECRET |
No | Keycloak Secret | Any string | |
AUTH_KEYCLOAK_SCOPE |
No | Keycloak Scope | Any string | openid email profile offline_access |
AUTH_KEYCLOAK_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_KEYCLOAK_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_PING_ID_CLIENT_ID |
No | PingID Client ID | Any string | |
AUTH_PING_ID_HOST |
No | PingID Host | Any string | |
AUTH_PING_ID_NAME |
No | PingID Name | Any string | |
AUTH_PING_ID_SECRET |
No | PingID Secret | Any string | |
AUTH_PING_ID_SCOPE |
No | PingID Scope | Any string | offline_access |
AUTH_PING_ID_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_PING_ID_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_COGNITO_CLIENT_ID |
No | Cognito Client ID | Any string | |
AUTH_COGNITO_HOST |
No | Cognito Host | Any string | |
AUTH_COGNITO_NAME |
No | Cognito Name | Any string | |
AUTH_COGNITO_SECRET |
No | Cognito Secret | Any string | |
AUTH_COGNITO_SCOPE |
No | Cognito Scope | Any string | openid email profile |
AUTH_COGNITO_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_COGNITO_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
AUTH_OKTA_CLIENT_ID |
No | Okta Client ID | Any string | |
AUTH_OKTA_CLIENT_SECRET |
No | Okta Client Secret | Any string | |
AUTH_OKTA_ISSUER |
No | Okta domain issuer | Any string | |
AUTH_OKTA_SCOPE |
No | Okta Scope | Any string | openid email profile |
AUTH_OKTA_ADMIN_ROLE_NAMES |
No | Defines the administrator names | Any string. Values must be separated by a comma. | |
AUTH_OKTA_DIAL_ROLES_FIELD |
No | Defines the path of the roles field in JWT token | refer to DIAL_ROLES_FIELD for details |
|
FEDERATED_LOGOUT_PROVIDERS |
No | Comma-separated list of authentication provider IDs (e.g., keycloak, azure-ad) that require federated logout when the user signs out. |
The table below lists environment variables that control configurable content displayed within the application (e.g., footer disclaimers, support links).
| Variable | Required | Description | Available Values | Default values |
|---|---|---|---|---|
CLIENT_CONTACT_SUPPORT_URL |
No | URL of the contact support page displayed to users within the application. | URL | |
INFO_BANNER_MESSAGE |
No | Markdown message displayed in the informational banner below the footer (e.g., maintenance notice or system alert). If not set, the banner is hidden. Supports inline links: mailto: links render as external anchors; a [link text](#popup) link opens the modal configured via INFO_BANNER_MODAL_TITLE / INFO_BANNER_MODAL_CONTENT. |
Markdown string | |
INFO_BANNER_MODAL_TITLE |
No | Heading of the modal dialog. Requires INFO_BANNER_MESSAGE containing a [text](#popup) link. |
Any string | |
INFO_BANNER_MODAL_CONTENT |
No | Body of the modal dialog, rendered as Markdown. Supports headings (##, ###), paragraphs, bold/italic, lists, tables, and other GFM features. Requires INFO_BANNER_MESSAGE containing a [text](#popup) link. |
Markdown string | |
CONTENT_MANAGEMENT_POLICY_URL |
No | URL of the page describing the content management policy. Displayed in a warning message when a user's prompt triggers the content filtering policy. | URL |
We welcome contributions! Please see our Contributing Guide for details on:
- Code style guidelines
- Testing requirements
- Pull request process
If you discover a security vulnerability, please refer to our Security Policy.
MIT - see the LICENSE file for details.
- StatGPT Frontend - Frontend codebase for StatGPT portals.
- StatGPT Backend- StatGPT backend, which implements APIs and main logic of the StatGPT application.
- AI-DIAL - Entrypoint for all AI Dial projects
Made by EPAM Systems