Sprint Week: From Local Dev to Production Infrastructure

Building DPP Kit in Public - Week of Feb 13-23, 2026

Yesterday DPP Kit was a collection of working services on my laptop. Today, it's about to be live infrastructure ready for beta customers. Here's how we got there.

The Sprint Goal

Get DPP Kit from "it works on my machine" to "here's your production credential endpoint" - the unglamorous but critical work that separates a demo from a product people can actually use.

Day 1: Backend Services Integration

Shipped: Verified credential issuance pipeline end-to-end

The fun part about UNTP compliance is that you can't just issue credentials - they need to be cryptographically verifiable, properly formatted according to W3C standards, and conform to UNTP schemas. Three backend services handle this:

• vckit: Verifiable credential generation and signing

• idr: Identity and DID (Decentralized Identifier) resolution

• storage: Credential persistence and retrieval

Spent the day wiring these together and running integration tests. The goal: ensure that when someone creates a Digital Product Passport through our UI, the backend produces a legitimate UNTP Tier 2 conformant credential, not just a JSON blob that looks right.

Why this matters: Most UNTP implementations fail at conformance validation. We're baking it into the architecture from day one.

Day 2: Multi-Tenant Cryptography & Frontend Workflow

Shipped: Per-organization key management, end-to-end credential creation flow

Started the day with a deceptively simple question: when Organization A issues a credential, how do we prove they issued it, not Organization B or us?

The answer is cryptographic signatures - each credential gets signed with the issuer's private key. Anyone can verify it using the public key. Standard stuff for verifiable credentials.

The complexity: in a multi-tenant SaaS platform, every organization needs their own cryptographic keypair, securely generated and stored, with their DID properly resolved to their public key. When a practitioner managing 5 clients issues credentials, each one needs to be signed with the correct client's keys.

Spent the morning building the key generation workflow:

1. New organization signs up → automatically generate ED25519 keypair

2. Store private key encrypted in our secure vault

3. Publish public key at their did:web endpoint

4. Wire signing process to pull correct keys based on active organization context

Tested by switching between two test organizations and verifying each credential resolves to the correct issuer DID. It works - proper cryptographic separation between tenants.

Built the UI for the core workflow in the afternoon: create credential → edit fields → preview/edit JSON → issue. Added a JSON editor for power users who want direct schema access (practitioners love this for debugging).

Testing revealed the beautiful moment when a user clicks "Issue Credential" and gets back a cryptographically signed, UNTP-conformant verifiable credential with a resolvable DID pointing to their organization, not ours.

Why this matters: This is what makes DPP Kit real infrastructure for UNTP practitioners. They can manage credentials for multiple clients, each with proper cryptographic proof of issuance. The gap between "I understand UNTP conceptually" and "I just issued my first production credential" should be measured in minutes, not months.

Day 3: Feature Discipline & Stripe Integration

Shipped: Beta scope lockdown, payment infrastructure, pre-deployment code review

This was the "hard decisions" day. DPP Kit's roadmap has features for multi-credential batch issuance, template management, API key generation, webhook integration - all important, none critical for beta.

Disabled everything not essential for the initial launch. If it's not required to issue your first 10 credentials, it waits. This is how you ship.

Also integrated Stripe for subscription management across three tiers (Pilot, Pilot-Pro, Production). The pricing structure needed to support early adopter incentives and clean upgrade paths.

Code review before deployment caught several edge cases around credential validation and storage fallbacks.

Why this matters: Startups die from feature bloat, not feature scarcity. Beta is about proving the core value prop works.

Day 4: Production Infrastructure (Today)

Shipped: Digital Ocean deployment, S3 storage, managed PostgreSQL

Moved from localhost to real infrastructure:

• Dedicated VPS for application hosting

• Three S3 buckets (credentials, identity documents, evidence of claims)

• Managed PostgreSQL instance for tenant data

• SSL certificates and domain configuration

Spent the afternoon running deployment tests and verifying the entire credential issuance flow works in production environment. Database migrations, environment variable management, service health checks - the unglamorous work that determines whether your product actually runs when customers show up.

Why this matters: A local demo impresses in meetings. Production infrastructure earns money.

What's Next: Days 5-14

Days 5-6: UNTP Tier 2 conformance testing integration. We validate credentials automatically, but want to integrate the official UNTP test suite to give customers audit-ready conformance reports.

Days 7-14: AI-assisted credential creation. Right now users fill out forms manually. Next sprint: "Upload your product spec sheet, get a credential draft" using Claude to extract structured data from documents. This is the feature that turns DPP Kit from "faster credential issuance" to "actually usable by non-technical teams."

The Meta-Lesson

Building UNTP infrastructure is technically complex, but the hard part isn't the cryptography or the W3C specs - it's making it simple enough that a compliance officer at a mid-sized manufacturer can issue their first Digital Product Passport without reading 200 pages of documentation.

Every day this week was about reducing that friction: better validation feedback, clearer error messages, obvious next steps, automatic conformance checking.

The goal of DPP Kit isn't to replace the important work that UNTP practitioners are doing around standards, policy, and governance. It's to handle the technical infrastructure as a commodity service - the credential issuance, cryptographic signing, conformance validation, and did:web identity management - so practitioners can focus on what actually matters: helping organizations understand UNTP requirements, designing governance frameworks, and implementing supply chain transparency programs.

There's deep, valuable work happening in the UNTP ecosystem around how industries should structure their data, which certifications matter, how to build trust across supply chains. That work shouldn't be bottlenecked by needing to also build cryptographic credential infrastructure from scratch.

This week we proved the technical foundation works. Now the UNTP community can build on it.

Follow the build: Next week I'll share the Tier 2 conformance testing results and show the AI credential creation in action.

Trying DPP Kit? Beta signups open at dppkit.io - Pilot tier is $40/month, early adopters on Pilot-Pro get upgraded to Production features when we launch in July.