From df639669710ffa21413a6b246f47bc1a3484255f Mon Sep 17 00:00:00 2001
From: S-Mubarak <misadiq3@gmail.com>
Date: Tue, 24 Mar 2026 10:35:00 +0100
Subject: [PATCH] feat: add admin dashboard and mobile app shell

---
 .../src/modules/reports/reports.controller.ts | 132 +++++++
 .../api/src/modules/reports/reports.routes.ts |  20 +
 .../src/modules/reports/reports.schemas.ts    |  42 +++
 apps/mobile/app/(app)/(tabs)/_layout.tsx      |  16 +
 apps/mobile/app/(app)/(tabs)/index.tsx        |  55 +++
 apps/mobile/app/(app)/(tabs)/reports.tsx      |  32 ++
 apps/mobile/app/(app)/(tabs)/settings.tsx     |  38 ++
 apps/mobile/app/(app)/_layout.tsx             |  11 +
 apps/mobile/app/(auth)/_layout.tsx            |  11 +
 apps/mobile/app/(auth)/login.tsx              |  53 +++
 apps/mobile/app/_layout.tsx                   |  13 +-
 apps/mobile/app/index.tsx                     |  58 +--
 apps/mobile/app/lib/api.ts                    |  19 +
 .../mobile/app/providers/session-provider.tsx |  32 ++
 .../app/_components/protected-app-shell.tsx   | 108 ++++++
 .../app/auth/_components/request-otp-form.tsx |  79 ++++
 .../app/auth/_components/verify-otp-form.tsx  | 134 +++++++
 apps/web/app/auth/request-otp/page.tsx        |  19 +
 apps/web/app/auth/verify-otp/page.tsx         |  19 +
 apps/web/app/dashboard/admin/page.tsx         |  20 +
 apps/web/app/dashboard/admin/queue.tsx        | 132 +++++++
 apps/web/app/dashboard/layout.tsx             |   7 +
 apps/web/app/dashboard/page.tsx               |  29 ++
 .../app/dashboard/reports/[reportId]/page.tsx |  26 ++
 .../reports/[reportId]/report-detail.tsx      | 138 +++++++
 apps/web/app/dashboard/reports/new/page.tsx   |  20 +
 .../reports/new/report-submission-form.tsx    | 152 ++++++++
 apps/web/app/dashboard/reports/page.tsx       |  20 +
 .../app/dashboard/reports/reports-list.tsx    | 151 ++++++++
 apps/web/app/globals.css                      | 344 ++++++++++++++++++
 apps/web/app/health/page.tsx                  |  81 +++++
 apps/web/app/layout.tsx                       |  18 +
 apps/web/app/lib/api.ts                       |   4 +
 apps/web/app/lib/auth-fetch.ts                |  64 ++++
 apps/web/app/lib/auth-storage.ts              |  80 ++++
 apps/web/app/page.tsx                         |  56 +++
 apps/web/eslint.config.mjs                    |  23 ++
 apps/web/next-env.d.ts                        |   6 +
 apps/web/next.config.ts                       |   7 +
 apps/web/package.json                         |  26 ++
 apps/web/tsconfig.json                        |  25 ++
 41 files changed, 2263 insertions(+), 57 deletions(-)
 create mode 100644 apps/mobile/app/(app)/(tabs)/_layout.tsx
 create mode 100644 apps/mobile/app/(app)/(tabs)/index.tsx
 create mode 100644 apps/mobile/app/(app)/(tabs)/reports.tsx
 create mode 100644 apps/mobile/app/(app)/(tabs)/settings.tsx
 create mode 100644 apps/mobile/app/(app)/_layout.tsx
 create mode 100644 apps/mobile/app/(auth)/_layout.tsx
 create mode 100644 apps/mobile/app/(auth)/login.tsx
 create mode 100644 apps/mobile/app/lib/api.ts
 create mode 100644 apps/mobile/app/providers/session-provider.tsx
 create mode 100644 apps/web/app/_components/protected-app-shell.tsx
 create mode 100644 apps/web/app/auth/_components/request-otp-form.tsx
 create mode 100644 apps/web/app/auth/_components/verify-otp-form.tsx
 create mode 100644 apps/web/app/auth/request-otp/page.tsx
 create mode 100644 apps/web/app/auth/verify-otp/page.tsx
 create mode 100644 apps/web/app/dashboard/admin/page.tsx
 create mode 100644 apps/web/app/dashboard/admin/queue.tsx
 create mode 100644 apps/web/app/dashboard/layout.tsx
 create mode 100644 apps/web/app/dashboard/page.tsx
 create mode 100644 apps/web/app/dashboard/reports/[reportId]/page.tsx
 create mode 100644 apps/web/app/dashboard/reports/[reportId]/report-detail.tsx
 create mode 100644 apps/web/app/dashboard/reports/new/page.tsx
 create mode 100644 apps/web/app/dashboard/reports/new/report-submission-form.tsx
 create mode 100644 apps/web/app/dashboard/reports/page.tsx
 create mode 100644 apps/web/app/dashboard/reports/reports-list.tsx
 create mode 100644 apps/web/app/globals.css
 create mode 100644 apps/web/app/health/page.tsx
 create mode 100644 apps/web/app/layout.tsx
 create mode 100644 apps/web/app/lib/api.ts
 create mode 100644 apps/web/app/lib/auth-fetch.ts
 create mode 100644 apps/web/app/lib/auth-storage.ts
 create mode 100644 apps/web/app/page.tsx
 create mode 100644 apps/web/eslint.config.mjs
 create mode 100644 apps/web/next-env.d.ts
 create mode 100644 apps/web/next.config.ts
 create mode 100644 apps/web/package.json
 create mode 100644 apps/web/tsconfig.json

diff --git a/apps/api/src/modules/reports/reports.controller.ts b/apps/api/src/modules/reports/reports.controller.ts
index 01984b6..2313b24 100644
--- a/apps/api/src/modules/reports/reports.controller.ts
+++ b/apps/api/src/modules/reports/reports.controller.ts
@@ -6,8 +6,11 @@ import { logger } from '../../core/logging/logger';
 import { MediaUploadModel } from '../media/media-upload.model';
 import { ReportModel } from './report.model';
 import { enqueueStellarAnchor } from './reports.anchor.queue';
+import { StatusUpdateModel } from './status-update.model';
 import {
   CreateReportDTO,
+  ReportDetailParamsDTO,
+  ReportListQueryDTO,
   ReportsMapQueryDTO,
   UpdateReportStatusDTO,
   VerifyReportDTO,
@@ -298,3 +301,132 @@ export const getMapReports = async (
     return next(error);
   }
 };
+
+export const getReportList = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  try {
+    const query = req.query as unknown as ReportListQueryDTO;
+    const filter: Record<string, unknown> = {};
+
+    if (query.status) {
+      filter.status = query.status;
+    }
+
+    if (query.category) {
+      filter.category = query.category;
+    }
+
+    if (query.mine && req.user?.id) {
+      filter.reporter_user_id = req.user.id;
+    }
+
+    const page = query.page;
+    const pageSize = query.pageSize;
+
+    const [reports, total] = await Promise.all([
+      ReportModel.find(filter)
+        .sort({ createdAt: -1 })
+        .skip((page - 1) * pageSize)
+        .limit(pageSize)
+        .lean()
+        .exec(),
+      ReportModel.countDocuments(filter),
+    ]);
+    const typedReports = reports as Array<{
+      _id: unknown;
+      title: string;
+      category: string;
+      status: string;
+      anchor_status: string;
+      integrity_flag: string;
+      location: { type: 'Point'; coordinates: [number, number] };
+      createdAt?: Date;
+    }>;
+
+    return res.status(200).json({
+      page,
+      pageSize,
+      total,
+      data: typedReports.map((report) => ({
+        id: String(report._id),
+        title: report.title,
+        category: report.category,
+        status: report.status,
+        anchor_status: report.anchor_status,
+        integrity_flag: report.integrity_flag,
+        created_at: report.createdAt ?? null,
+        location: report.location,
+      })),
+    });
+  } catch (error) {
+    return next(error);
+  }
+};
+
+export const getReportDetail = async (
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  try {
+    const { reportId } = req.params as unknown as ReportDetailParamsDTO;
+
+    const report = await ReportModel.findById(reportId).lean();
+    if (!report) {
+      throw new AppError('Report not found', 404, 'REPORT_NOT_FOUND');
+    }
+    const typedReport = report as typeof report & {
+      createdAt?: Date;
+      updatedAt?: Date;
+    };
+
+    const statusUpdates = await StatusUpdateModel.find({ reportId: report._id })
+      .sort({ createdAt: -1 })
+      .lean()
+      .exec();
+    const typedStatusUpdates = statusUpdates as Array<{
+      nextStatus: string;
+      note?: string | null;
+      createdAt?: Date;
+    }>;
+
+    return res.status(200).json({
+      id: String(report._id),
+      title: report.title,
+      description: report.description,
+      category: report.category,
+      status: report.status,
+      anchor_status: report.anchor_status,
+      anchor_attempts: report.anchor_attempts,
+      anchor_last_error: report.anchor_last_error,
+      integrity_flag: report.integrity_flag,
+      exif_verified: report.exif_verified,
+      exif_distance_meters: report.exif_distance_meters,
+      stellar_tx_hash: report.stellar_tx_hash,
+      snapshot_hash: report.snapshot_hash,
+      created_at: typedReport.createdAt ?? null,
+      updated_at: typedReport.updatedAt ?? null,
+      location: report.location,
+      media_urls: report.media_urls,
+      history: [
+        {
+          type: 'CREATED',
+          status: 'PENDING',
+          note: 'Report submitted',
+          createdAt: typedReport.createdAt ?? null,
+        },
+        ...typedStatusUpdates.map((update) => ({
+          type: 'STATUS_UPDATE',
+          status: update.nextStatus,
+          note: update.note ?? null,
+          createdAt: update.createdAt ?? null,
+        })),
+      ],
+    });
+  } catch (error) {
+    return next(error);
+  }
+};
diff --git a/apps/api/src/modules/reports/reports.routes.ts b/apps/api/src/modules/reports/reports.routes.ts
index c415e76..09366b5 100644
--- a/apps/api/src/modules/reports/reports.routes.ts
+++ b/apps/api/src/modules/reports/reports.routes.ts
@@ -1,6 +1,8 @@
 import { Router } from 'express';
 import {
   createReport,
+  getReportDetail,
+  getReportList,
   getMapReports,
   verifyReport,
   updateReportStatus,
@@ -11,6 +13,8 @@ import { validateRequest } from '../../core/validation/validate-request';
 import { stellarAnchoringRateLimiter } from '../../core/rate-limit/rate-limit.middleware';
 import {
   createReportBodySchema,
+  reportDetailParamsSchema,
+  reportListQuerySchema,
   reportsMapQuerySchema,
   updateReportStatusBodySchema,
   verifyReportBodySchema,
@@ -19,6 +23,22 @@ import {
 
 const router: Router = Router();
 
+router.get(
+  '/',
+  authenticateToken,
+  requireRole(['CITIZEN', 'AGENCY_ADMIN']),
+  validateRequest({ query: reportListQuerySchema }),
+  getReportList,
+);
+
+router.get(
+  '/:reportId',
+  authenticateToken,
+  requireRole(['CITIZEN', 'AGENCY_ADMIN']),
+  validateRequest({ params: reportDetailParamsSchema }),
+  getReportDetail,
+);
+
 router.get(
   '/map',
   authenticateToken,
diff --git a/apps/api/src/modules/reports/reports.schemas.ts b/apps/api/src/modules/reports/reports.schemas.ts
index 1c8dc56..ee3d1f4 100644
--- a/apps/api/src/modules/reports/reports.schemas.ts
+++ b/apps/api/src/modules/reports/reports.schemas.ts
@@ -123,8 +123,50 @@ const boundsQuerySchema = z
 
 export const reportsMapQuerySchema = z.union([radiusQuerySchema, boundsQuerySchema]);
 
+const optionalTrimmed = () =>
+  z
+    .string({
+      invalid_type_error: 'value must be a string',
+    })
+    .trim()
+    .optional()
+    .transform((value) => (value && value.length > 0 ? value : undefined));
+
+const positiveInt = (field: string, fallback: number) =>
+  z
+    .string({
+      invalid_type_error: `${field} must be a number`,
+    })
+    .trim()
+    .optional()
+    .transform((value) => {
+      if (!value) {
+        return fallback;
+      }
+
+      return Number(value);
+    })
+    .refine((value) => Number.isInteger(value) && value > 0, `${field} must be a positive integer`);
+
+export const reportListQuerySchema = z.object({
+  page: positiveInt('page', 1),
+  pageSize: positiveInt('pageSize', 20).refine((value) => value <= 100, 'pageSize must be <= 100'),
+  status: optionalTrimmed(),
+  category: optionalTrimmed(),
+  mine: z
+    .enum(['true', 'false'])
+    .optional()
+    .transform((value) => value === 'true'),
+});
+
+export const reportDetailParamsSchema = z.object({
+  reportId: trimmed('reportId'),
+});
+
 export type CreateReportDTO = z.infer<typeof createReportBodySchema>;
 export type VerifyReportDTO = z.infer<typeof verifyReportBodySchema>;
 export type UpdateReportStatusDTO = z.infer<typeof updateReportStatusBodySchema>;
 export type VerifyStatusDTO = z.infer<typeof verifyStatusBodySchema>;
 export type ReportsMapQueryDTO = z.infer<typeof reportsMapQuerySchema>;
+export type ReportListQueryDTO = z.infer<typeof reportListQuerySchema>;
+export type ReportDetailParamsDTO = z.infer<typeof reportDetailParamsSchema>;
diff --git a/apps/mobile/app/(app)/(tabs)/_layout.tsx b/apps/mobile/app/(app)/(tabs)/_layout.tsx
new file mode 100644
index 0000000..c83e927
--- /dev/null
+++ b/apps/mobile/app/(app)/(tabs)/_layout.tsx
@@ -0,0 +1,16 @@
+import { Tabs } from 'expo-router';
+
+export default function TabsLayout() {
+  return (
+    <Tabs
+      screenOptions={{
+        headerShown: false,
+        tabBarActiveTintColor: '#1f4d3f',
+      }}
+    >
+      <Tabs.Screen name="index" options={{ title: 'Home' }} />
+      <Tabs.Screen name="reports" options={{ title: 'Reports' }} />
+      <Tabs.Screen name="settings" options={{ title: 'Settings' }} />
+    </Tabs>
+  );
+}
diff --git a/apps/mobile/app/(app)/(tabs)/index.tsx b/apps/mobile/app/(app)/(tabs)/index.tsx
new file mode 100644
index 0000000..5bee0d9
--- /dev/null
+++ b/apps/mobile/app/(app)/(tabs)/index.tsx
@@ -0,0 +1,55 @@
+import { Link } from 'expo-router';
+import { StyleSheet, Text, View } from 'react-native';
+
+export default function HomeScreen() {
+  return (
+    <View style={styles.container}>
+      <Text style={styles.eyebrow}>Mobile Foundation</Text>
+      <Text style={styles.title}>Signed-in app shell.</Text>
+      <Text style={styles.copy}>
+        Tabs, routing, environment-aware API helpers, and session context are in place for
+        report and auth flows.
+      </Text>
+      <Link href="/(app)/(tabs)/reports" style={styles.secondaryButton}>
+        Open reports tab
+      </Link>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    justifyContent: 'center',
+    padding: 24,
+    backgroundColor: '#fffaf2',
+  },
+  eyebrow: {
+    textTransform: 'uppercase',
+    letterSpacing: 2,
+    color: '#2f5d50',
+    marginBottom: 12,
+    fontWeight: '700',
+  },
+  title: {
+    fontSize: 34,
+    fontWeight: '700',
+    color: '#112219',
+  },
+  copy: {
+    marginTop: 16,
+    color: '#405149',
+    lineHeight: 22,
+  },
+  secondaryButton: {
+    marginTop: 24,
+    borderColor: '#d9d0bf',
+    borderWidth: 1,
+    color: '#112219',
+    paddingHorizontal: 18,
+    paddingVertical: 14,
+    borderRadius: 999,
+    overflow: 'hidden',
+    fontWeight: '700',
+  },
+});
diff --git a/apps/mobile/app/(app)/(tabs)/reports.tsx b/apps/mobile/app/(app)/(tabs)/reports.tsx
new file mode 100644
index 0000000..8e7f013
--- /dev/null
+++ b/apps/mobile/app/(app)/(tabs)/reports.tsx
@@ -0,0 +1,32 @@
+import { StyleSheet, Text, View } from 'react-native';
+
+export default function ReportsPlaceholderScreen() {
+  return (
+    <View style={styles.container}>
+      <Text style={styles.title}>Reports tab placeholder</Text>
+      <Text style={styles.copy}>
+        This tab is reserved for mobile report submission and history screens in the next
+        issue batches.
+      </Text>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    justifyContent: 'center',
+    padding: 24,
+    backgroundColor: '#fff',
+  },
+  title: {
+    fontSize: 28,
+    fontWeight: '700',
+    color: '#112219',
+  },
+  copy: {
+    marginTop: 12,
+    color: '#51615a',
+    lineHeight: 22,
+  },
+});
diff --git a/apps/mobile/app/(app)/(tabs)/settings.tsx b/apps/mobile/app/(app)/(tabs)/settings.tsx
new file mode 100644
index 0000000..f116f1f
--- /dev/null
+++ b/apps/mobile/app/(app)/(tabs)/settings.tsx
@@ -0,0 +1,38 @@
+import { Link } from 'expo-router';
+import { StyleSheet, Text, View } from 'react-native';
+
+export default function SettingsPlaceholderScreen() {
+  return (
+    <View style={styles.container}>
+      <Text style={styles.title}>Settings placeholder</Text>
+      <Text style={styles.copy}>Session controls and profile settings will land here.</Text>
+      <Link href="/(auth)/login" style={styles.link}>
+        Return to auth shell
+      </Link>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    justifyContent: 'center',
+    padding: 24,
+    backgroundColor: '#fff',
+  },
+  title: {
+    fontSize: 28,
+    fontWeight: '700',
+    color: '#112219',
+  },
+  copy: {
+    marginTop: 12,
+    color: '#51615a',
+    lineHeight: 22,
+  },
+  link: {
+    marginTop: 20,
+    color: '#1f4d3f',
+    fontWeight: '700',
+  },
+});
diff --git a/apps/mobile/app/(app)/_layout.tsx b/apps/mobile/app/(app)/_layout.tsx
new file mode 100644
index 0000000..9ebb11e
--- /dev/null
+++ b/apps/mobile/app/(app)/_layout.tsx
@@ -0,0 +1,11 @@
+import { Stack } from 'expo-router';
+
+export default function AppLayout() {
+  return (
+    <Stack
+      screenOptions={{
+        headerShown: false,
+      }}
+    />
+  );
+}
diff --git a/apps/mobile/app/(auth)/_layout.tsx b/apps/mobile/app/(auth)/_layout.tsx
new file mode 100644
index 0000000..149c586
--- /dev/null
+++ b/apps/mobile/app/(auth)/_layout.tsx
@@ -0,0 +1,11 @@
+import { Stack } from 'expo-router';
+
+export default function AuthLayout() {
+  return (
+    <Stack
+      screenOptions={{
+        headerShown: false,
+      }}
+    />
+  );
+}
diff --git a/apps/mobile/app/(auth)/login.tsx b/apps/mobile/app/(auth)/login.tsx
new file mode 100644
index 0000000..8fc7753
--- /dev/null
+++ b/apps/mobile/app/(auth)/login.tsx
@@ -0,0 +1,53 @@
+import { Link } from 'expo-router';
+import { StyleSheet, Text, View } from 'react-native';
+
+export default function LoginScreen() {
+  return (
+    <View style={styles.container}>
+      <Text style={styles.eyebrow}>Sidewalk Mobile</Text>
+      <Text style={styles.title}>Auth shell ready.</Text>
+      <Text style={styles.copy}>
+        This route is the foundation for OTP login and session restore in the next issue batch.
+      </Text>
+      <Link href="/(app)/(tabs)" style={styles.primaryButton}>
+        Continue to app shell
+      </Link>
+    </View>
+  );
+}
+
+const styles = StyleSheet.create({
+  container: {
+    flex: 1,
+    justifyContent: 'center',
+    padding: 24,
+    backgroundColor: '#f4efe6',
+  },
+  eyebrow: {
+    textTransform: 'uppercase',
+    letterSpacing: 2,
+    color: '#2f5d50',
+    marginBottom: 12,
+    fontWeight: '700',
+  },
+  title: {
+    fontSize: 36,
+    fontWeight: '700',
+    color: '#112219',
+  },
+  copy: {
+    marginTop: 16,
+    color: '#405149',
+    lineHeight: 22,
+  },
+  primaryButton: {
+    marginTop: 28,
+    backgroundColor: '#1f4d3f',
+    color: '#f8fff8',
+    paddingHorizontal: 18,
+    paddingVertical: 14,
+    borderRadius: 999,
+    overflow: 'hidden',
+    fontWeight: '700',
+  },
+});
diff --git a/apps/mobile/app/_layout.tsx b/apps/mobile/app/_layout.tsx
index d2a8b0b..6bd59dd 100644
--- a/apps/mobile/app/_layout.tsx
+++ b/apps/mobile/app/_layout.tsx
@@ -1,5 +1,14 @@
-import { Stack } from "expo-router";
+import { Stack } from 'expo-router';
+import { SessionProvider } from './providers/session-provider';
 
 export default function RootLayout() {
-  return <Stack />;
+  return (
+    <SessionProvider>
+      <Stack
+        screenOptions={{
+          headerShown: false,
+        }}
+      />
+    </SessionProvider>
+  );
 }
diff --git a/apps/mobile/app/index.tsx b/apps/mobile/app/index.tsx
index 703397b..11805fd 100644
--- a/apps/mobile/app/index.tsx
+++ b/apps/mobile/app/index.tsx
@@ -1,57 +1,5 @@
-import { StatusBar } from 'expo-status-bar';
-import { useEffect, useState } from 'react';
-import { StyleSheet, Text, View, ActivityIndicator } from 'react-native';
+import { Redirect } from 'expo-router';
 
-export default function App() {
-  const [status, setStatus] = useState<string>('Checking...');
-  const [loading, setLoading] = useState(true);
-
-  const API_URL = 'http://localhost:5001/api/health';
-
-  useEffect(() => {
-    fetch(API_URL)
-      .then((res) => res.json())
-      .then((data) => {
-        setStatus(`API: ${data.status}\nStellar: ${data.stellar_connected}`);
-        setLoading(false);
-      })
-      .catch((err) => {
-        setStatus('Error connecting to API');
-        console.error(err);
-        setLoading(false);
-      });
-  }, []);
-
-  return (
-    <View style={styles.container}>
-      <Text style={styles.title}>Sidewalk 🌍</Text>
-
-      {loading ? (
-        <ActivityIndicator size="large" />
-      ) : (
-        <Text style={styles.status}>{status}</Text>
-      )}
-
-      <StatusBar style="auto" />
-    </View>
-  );
+export default function Index() {
+  return <Redirect href="/(auth)/login" />;
 }
-
-const styles = StyleSheet.create({
-  container: {
-    flex: 1,
-    backgroundColor: '#fff',
-    alignItems: 'center',
-    justifyContent: 'center',
-  },
-  title: {
-    fontSize: 24,
-    fontWeight: 'bold',
-    marginBottom: 20,
-  },
-  status: {
-    fontSize: 16,
-    textAlign: 'center',
-    color: '#333',
-  },
-});
diff --git a/apps/mobile/app/lib/api.ts b/apps/mobile/app/lib/api.ts
new file mode 100644
index 0000000..24f5158
--- /dev/null
+++ b/apps/mobile/app/lib/api.ts
@@ -0,0 +1,19 @@
+import Constants from 'expo-constants';
+
+const configuredUrl =
+  Constants.expoConfig?.extra?.apiBaseUrl ??
+  process.env.EXPO_PUBLIC_API_BASE_URL ??
+  'http://localhost:5001';
+
+export const apiBaseUrl = configuredUrl.replace(/\/+$/, '');
+
+export const apiFetch = async <T>(path: string, init?: RequestInit): Promise<T> => {
+  const response = await fetch(`${apiBaseUrl}${path}`, init);
+  const payload = (await response.json()) as T & { error?: { message?: string } };
+
+  if (!response.ok) {
+    throw new Error(payload.error?.message ?? 'Request failed');
+  }
+
+  return payload;
+};
diff --git a/apps/mobile/app/providers/session-provider.tsx b/apps/mobile/app/providers/session-provider.tsx
new file mode 100644
index 0000000..a1c417f
--- /dev/null
+++ b/apps/mobile/app/providers/session-provider.tsx
@@ -0,0 +1,32 @@
+'use client';
+
+import { createContext, ReactNode, useContext, useMemo, useState } from 'react';
+
+type SessionState = {
+  accessToken: string | null;
+  setAccessToken: (token: string | null) => void;
+};
+
+const SessionContext = createContext<SessionState | null>(null);
+
+export function SessionProvider({ children }: Readonly<{ children: ReactNode }>) {
+  const [accessToken, setAccessToken] = useState<string | null>(null);
+  const value = useMemo(
+    () => ({
+      accessToken,
+      setAccessToken,
+    }),
+    [accessToken],
+  );
+
+  return <SessionContext.Provider value={value}>{children}</SessionContext.Provider>;
+}
+
+export const useSession = () => {
+  const context = useContext(SessionContext);
+  if (!context) {
+    throw new Error('useSession must be used within SessionProvider');
+  }
+
+  return context;
+};
diff --git a/apps/web/app/_components/protected-app-shell.tsx b/apps/web/app/_components/protected-app-shell.tsx
new file mode 100644
index 0000000..991e327
--- /dev/null
+++ b/apps/web/app/_components/protected-app-shell.tsx
@@ -0,0 +1,108 @@
+'use client';
+
+import Link from 'next/link';
+import { useRouter } from 'next/navigation';
+import { ReactNode, useEffect, useState } from 'react';
+import { getApiBaseUrl } from '../lib/api';
+import {
+  clearSession,
+  getAccessToken,
+  getStoredRole,
+  persistSession,
+} from '../lib/auth-storage';
+
+export function ProtectedAppShell({ children }: Readonly<{ children: ReactNode }>) {
+  const router = useRouter();
+  const [isReady, setIsReady] = useState(false);
+  const [role, setRole] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+
+    const ensureSession = async () => {
+      const accessToken = getAccessToken();
+      if (accessToken) {
+        if (!cancelled) {
+          setRole(getStoredRole());
+          setIsReady(true);
+        }
+        return;
+      }
+
+      try {
+        const response = await fetch(`${getApiBaseUrl()}/api/auth/refresh`, {
+          method: 'POST',
+          credentials: 'include',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({
+            clientType: 'web',
+            deviceId: 'web-browser',
+          }),
+        });
+
+        const payload = (await response.json()) as { accessToken?: string; expiresIn?: string };
+        if (!response.ok || !payload.accessToken) {
+          throw new Error('refresh_failed');
+        }
+
+        persistSession({
+          accessToken: payload.accessToken,
+          expiresIn: payload.expiresIn ?? '15m',
+        });
+
+        if (!cancelled) {
+          setRole(getStoredRole());
+          setIsReady(true);
+        }
+      } catch {
+        clearSession();
+        router.replace('/auth/request-otp');
+      }
+    };
+
+    void ensureSession();
+
+    return () => {
+      cancelled = true;
+    };
+  }, [router]);
+
+  if (!isReady) {
+    return (
+      <main className="page-shell">
+        <section className="hero compact">
+          <p className="eyebrow">Session</p>
+          <h1>Restoring web session.</h1>
+          <p className="lede">Checking for a stored access token or refresh cookie.</p>
+        </section>
+      </main>
+    );
+  }
+
+  return (
+    <>
+      <header className="topbar">
+        <div>
+          <p className="eyebrow">Sidewalk Web</p>
+          <strong>Signed in{role ? ` as ${role.toLowerCase()}` : ''}</strong>
+        </div>
+        <nav className="topbar-links" aria-label="Authenticated navigation">
+          <Link href="/dashboard">Dashboard</Link>
+          <Link href="/dashboard/reports">Reports</Link>
+          <Link href="/dashboard/admin">Admin</Link>
+          <button
+            className="button button-secondary"
+            type="button"
+            onClick={() => {
+              clearSession();
+              router.replace('/auth/request-otp');
+            }}
+          >
+            Sign out
+          </button>
+        </nav>
+      </header>
+      {children}
+    </>
+  );
+}
diff --git a/apps/web/app/auth/_components/request-otp-form.tsx b/apps/web/app/auth/_components/request-otp-form.tsx
new file mode 100644
index 0000000..ef9ac59
--- /dev/null
+++ b/apps/web/app/auth/_components/request-otp-form.tsx
@@ -0,0 +1,79 @@
+'use client';
+
+import Link from 'next/link';
+import { FormEvent, useState } from 'react';
+import { getApiBaseUrl } from '../../lib/api';
+
+export function RequestOtpForm() {
+  const [email, setEmail] = useState('');
+  const [expiresInSeconds, setExpiresInSeconds] = useState<number | null>(null);
+  const [error, setError] = useState<string | null>(null);
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const handleSubmit = async (event: FormEvent<HTMLFormElement>) => {
+    event.preventDefault();
+    setIsSubmitting(true);
+    setError(null);
+    setExpiresInSeconds(null);
+
+    try {
+      const response = await fetch(`${getApiBaseUrl()}/api/auth/request-otp`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email }),
+      });
+
+      const payload = (await response.json()) as {
+        expiresInSeconds?: number;
+        error?: { message?: string };
+      };
+
+      if (!response.ok) {
+        throw new Error(payload.error?.message ?? 'Unable to request OTP');
+      }
+
+      setExpiresInSeconds(payload.expiresInSeconds ?? null);
+      if (typeof window !== 'undefined') {
+        window.localStorage.setItem('sidewalk:auth-email', email);
+      }
+    } catch (submitError) {
+      setError(submitError instanceof Error ? submitError.message : 'Unable to request OTP');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  return (
+    <section className="auth-card">
+      <form className="form-grid" onSubmit={handleSubmit}>
+        <label className="field">
+          <span>Email</span>
+          <input
+            autoComplete="email"
+            name="email"
+            type="email"
+            value={email}
+            onChange={(event) => setEmail(event.target.value)}
+            placeholder="citizen@example.com"
+            required
+          />
+        </label>
+
+        <button className="button button-primary" disabled={isSubmitting} type="submit">
+          {isSubmitting ? 'Sending…' : 'Request OTP'}
+        </button>
+      </form>
+
+      {expiresInSeconds ? (
+        <p className="status-note success">
+          OTP issued. It expires in about {Math.ceil(expiresInSeconds / 60)} minutes.
+        </p>
+      ) : null}
+      {error ? <p className="status-note error">{error}</p> : null}
+
+      <p className="helper-copy">
+        Already have a code? <Link href="/auth/verify-otp">Verify OTP</Link>
+      </p>
+    </section>
+  );
+}
diff --git a/apps/web/app/auth/_components/verify-otp-form.tsx b/apps/web/app/auth/_components/verify-otp-form.tsx
new file mode 100644
index 0000000..8ed4d87
--- /dev/null
+++ b/apps/web/app/auth/_components/verify-otp-form.tsx
@@ -0,0 +1,134 @@
+'use client';
+
+import Link from 'next/link';
+import { useRouter } from 'next/navigation';
+import { FormEvent, useEffect, useState } from 'react';
+import { persistSession } from '../../lib/auth-storage';
+import { getApiBaseUrl } from '../../lib/api';
+
+const defaultDeviceId = 'web-browser';
+
+export function VerifyOtpForm() {
+  const router = useRouter();
+  const [email, setEmail] = useState('');
+  const [code, setCode] = useState('');
+  const [district, setDistrict] = useState('');
+  const [role, setRole] = useState<'CITIZEN' | 'AGENCY_ADMIN'>('CITIZEN');
+  const [error, setError] = useState<string | null>(null);
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  useEffect(() => {
+    if (typeof window === 'undefined') {
+      return;
+    }
+
+    const storedEmail = window.localStorage.getItem('sidewalk:auth-email');
+    if (storedEmail) {
+      setEmail(storedEmail);
+    }
+  }, []);
+
+  const handleSubmit = async (event: FormEvent<HTMLFormElement>) => {
+    event.preventDefault();
+    setIsSubmitting(true);
+    setError(null);
+
+    try {
+      const response = await fetch(`${getApiBaseUrl()}/api/auth/verify-otp`, {
+        method: 'POST',
+        credentials: 'include',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          email,
+          code,
+          district: district || undefined,
+          role,
+          deviceId: defaultDeviceId,
+          clientType: 'web',
+        }),
+      });
+
+      const payload = (await response.json()) as {
+        accessToken?: string;
+        expiresIn?: string;
+        error?: { message?: string };
+      };
+
+      if (!response.ok || !payload.accessToken) {
+        throw new Error(payload.error?.message ?? 'Unable to verify OTP');
+      }
+
+      persistSession({
+        accessToken: payload.accessToken,
+        email,
+        expiresIn: payload.expiresIn ?? '15m',
+        role,
+      });
+
+      router.replace('/dashboard');
+    } catch (submitError) {
+      setError(submitError instanceof Error ? submitError.message : 'Unable to verify OTP');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  return (
+    <section className="auth-card">
+      <form className="form-grid" onSubmit={handleSubmit}>
+        <label className="field">
+          <span>Email</span>
+          <input
+            autoComplete="email"
+            name="email"
+            type="email"
+            value={email}
+            onChange={(event) => setEmail(event.target.value)}
+            placeholder="citizen@example.com"
+            required
+          />
+        </label>
+
+        <label className="field">
+          <span>OTP Code</span>
+          <input
+            inputMode="numeric"
+            name="code"
+            value={code}
+            onChange={(event) => setCode(event.target.value)}
+            placeholder="123456"
+            required
+          />
+        </label>
+
+        <label className="field">
+          <span>Role</span>
+          <select value={role} onChange={(event) => setRole(event.target.value as 'CITIZEN' | 'AGENCY_ADMIN')}>
+            <option value="CITIZEN">Citizen</option>
+            <option value="AGENCY_ADMIN">Agency admin</option>
+          </select>
+        </label>
+
+        <label className="field">
+          <span>District</span>
+          <input
+            name="district"
+            value={district}
+            onChange={(event) => setDistrict(event.target.value)}
+            placeholder="Ikeja"
+          />
+        </label>
+
+        <button className="button button-primary" disabled={isSubmitting} type="submit">
+          {isSubmitting ? 'Verifying…' : 'Verify OTP'}
+        </button>
+      </form>
+
+      {error ? <p className="status-note error">{error}</p> : null}
+
+      <p className="helper-copy">
+        Need a new code? <Link href="/auth/request-otp">Request OTP</Link>
+      </p>
+    </section>
+  );
+}
diff --git a/apps/web/app/auth/request-otp/page.tsx b/apps/web/app/auth/request-otp/page.tsx
new file mode 100644
index 0000000..9b60d1c
--- /dev/null
+++ b/apps/web/app/auth/request-otp/page.tsx
@@ -0,0 +1,19 @@
+import { RequestOtpForm } from '../_components/request-otp-form';
+
+export default function RequestOtpPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Web Auth</p>
+        <h1>Request a login code.</h1>
+        <p className="lede">
+          Start a passwordless session for citizen or agency dashboards using the existing
+          OTP endpoints in the API.
+        </p>
+      </section>
+      <section className="panel-stack">
+        <RequestOtpForm />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/auth/verify-otp/page.tsx b/apps/web/app/auth/verify-otp/page.tsx
new file mode 100644
index 0000000..df8aefa
--- /dev/null
+++ b/apps/web/app/auth/verify-otp/page.tsx
@@ -0,0 +1,19 @@
+import { VerifyOtpForm } from '../_components/verify-otp-form';
+
+export default function VerifyOtpPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Web Auth</p>
+        <h1>Verify your login code.</h1>
+        <p className="lede">
+          Complete OTP verification, store the session locally, and bootstrap protected
+          dashboard routes without relying on future auth work.
+        </p>
+      </section>
+      <section className="panel-stack">
+        <VerifyOtpForm />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/admin/page.tsx b/apps/web/app/dashboard/admin/page.tsx
new file mode 100644
index 0000000..8433aee
--- /dev/null
+++ b/apps/web/app/dashboard/admin/page.tsx
@@ -0,0 +1,20 @@
+import { AdminQueue } from './queue';
+
+export default function AdminDashboardPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Admin Queue</p>
+        <h1>Triage incoming reports.</h1>
+        <p className="lede">
+          Filter recent reports, review integrity state, and anchor a status update from a
+          single moderation screen.
+        </p>
+      </section>
+
+      <section className="panel-stack">
+        <AdminQueue />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/admin/queue.tsx b/apps/web/app/dashboard/admin/queue.tsx
new file mode 100644
index 0000000..ab2d76a
--- /dev/null
+++ b/apps/web/app/dashboard/admin/queue.tsx
@@ -0,0 +1,132 @@
+'use client';
+
+import { FormEvent, useEffect, useState } from 'react';
+import { authenticatedJsonFetch } from '../../lib/auth-fetch';
+
+type QueueReport = {
+  id: string;
+  title: string;
+  category: string;
+  status: string;
+  anchor_status: string;
+  integrity_flag: string;
+};
+
+type QueueResponse = {
+  data: QueueReport[];
+};
+
+const nextStatuses = ['ACKNOWLEDGED', 'RESOLVED', 'REJECTED', 'ESCALATED'];
+
+export function AdminQueue() {
+  const [reports, setReports] = useState<QueueReport[]>([]);
+  const [selectedReportId, setSelectedReportId] = useState<string>('');
+  const [status, setStatus] = useState('ACKNOWLEDGED');
+  const [stellarTxHash, setStellarTxHash] = useState('');
+  const [evidence, setEvidence] = useState('');
+  const [message, setMessage] = useState<string | null>(null);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+
+    const loadQueue = async () => {
+      try {
+        const payload = await authenticatedJsonFetch<QueueResponse>('/api/reports?page=1&pageSize=10');
+        if (!cancelled) {
+          setReports(payload.data);
+          setSelectedReportId(payload.data[0]?.id ?? '');
+        }
+      } catch (loadError) {
+        if (!cancelled) {
+          setError(loadError instanceof Error ? loadError.message : 'Unable to load moderation queue');
+        }
+      }
+    };
+
+    void loadQueue();
+
+    return () => {
+      cancelled = true;
+    };
+  }, []);
+
+  const handleSubmit = async (event: FormEvent<HTMLFormElement>) => {
+    event.preventDefault();
+    setError(null);
+    setMessage(null);
+
+    try {
+      await authenticatedJsonFetch('/api/reports/status', {
+        method: 'POST',
+        body: JSON.stringify({
+          originalTxHash: stellarTxHash,
+          status,
+          evidence: evidence || undefined,
+        }),
+      });
+      setMessage('Status update anchored successfully.');
+    } catch (submitError) {
+      setError(submitError instanceof Error ? submitError.message : 'Unable to submit status update');
+    }
+  };
+
+  return (
+    <>
+      <section className="surface-grid report-grid">
+        {reports.map((report) => (
+          <article className="surface-card" key={report.id}>
+            <p className="eyebrow">{report.category}</p>
+            <h2>{report.title}</h2>
+            <p className="helper-copy">
+              {report.status} · {report.anchor_status}
+            </p>
+            {report.integrity_flag !== 'NORMAL' ? (
+              <p className="status-note error">Integrity flag: {report.integrity_flag}</p>
+            ) : null}
+            <button
+              className="button button-secondary"
+              type="button"
+              onClick={() => setSelectedReportId(report.id)}
+            >
+              Moderate
+            </button>
+          </article>
+        ))}
+      </section>
+
+      <section className="auth-card">
+        <form className="form-grid" onSubmit={handleSubmit}>
+          <label className="field">
+            <span>Selected report</span>
+            <input value={selectedReportId} onChange={(event) => setSelectedReportId(event.target.value)} />
+          </label>
+          <label className="field">
+            <span>Original Stellar transaction hash</span>
+            <input value={stellarTxHash} onChange={(event) => setStellarTxHash(event.target.value)} required />
+          </label>
+          <label className="field">
+            <span>Next status</span>
+            <select value={status} onChange={(event) => setStatus(event.target.value)}>
+              {nextStatuses.map((value) => (
+                <option key={value} value={value}>
+                  {value}
+                </option>
+              ))}
+            </select>
+          </label>
+          <label className="field">
+            <span>Evidence note</span>
+            <textarea className="input-area" rows={4} value={evidence} onChange={(event) => setEvidence(event.target.value)} />
+          </label>
+          <button className="button button-primary" type="submit">
+            Anchor status update
+          </button>
+        </form>
+
+        {message ? <p className="status-note success">{message}</p> : null}
+        {error ? <p className="status-note error">{error}</p> : null}
+      </section>
+    </>
+  );
+}
diff --git a/apps/web/app/dashboard/layout.tsx b/apps/web/app/dashboard/layout.tsx
new file mode 100644
index 0000000..267e6fb
--- /dev/null
+++ b/apps/web/app/dashboard/layout.tsx
@@ -0,0 +1,7 @@
+import { ProtectedAppShell } from '../_components/protected-app-shell';
+
+export default function DashboardLayout({
+  children,
+}: Readonly<{ children: React.ReactNode }>) {
+  return <ProtectedAppShell>{children}</ProtectedAppShell>;
+}
diff --git a/apps/web/app/dashboard/page.tsx b/apps/web/app/dashboard/page.tsx
new file mode 100644
index 0000000..a4c7b2e
--- /dev/null
+++ b/apps/web/app/dashboard/page.tsx
@@ -0,0 +1,29 @@
+export default function DashboardPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Dashboard</p>
+        <h1>Authenticated workspace.</h1>
+        <p className="lede">
+          This protected shell confirms web sessions can be restored through the refresh
+          cookie flow before additional citizen or admin dashboards land.
+        </p>
+      </section>
+
+      <section className="surface-grid">
+        <article className="surface-card">
+          <h2>Session guard</h2>
+          <p>Protected routes redirect back to OTP login when no access token or refresh path exists.</p>
+        </article>
+        <article className="surface-card">
+          <h2>Reports</h2>
+          <p>Open the reports workspace to submit new reports or inspect the authenticated list and detail flows.</p>
+        </article>
+        <article className="surface-card">
+          <h2>Ready for expansion</h2>
+          <p>This route can host report queues and detail screens without changing the auth contract.</p>
+        </article>
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/[reportId]/page.tsx b/apps/web/app/dashboard/reports/[reportId]/page.tsx
new file mode 100644
index 0000000..04b4c05
--- /dev/null
+++ b/apps/web/app/dashboard/reports/[reportId]/page.tsx
@@ -0,0 +1,26 @@
+import { ReportDetail } from './report-detail';
+
+export default async function ReportDetailPage({
+  params,
+}: {
+  params: Promise<{ reportId: string }>;
+}) {
+  const { reportId } = await params;
+
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Report Detail</p>
+        <h1>Track report progress.</h1>
+        <p className="lede">
+          Review the report body, media references, anchor state, and the recorded status
+          timeline in one place.
+        </p>
+      </section>
+
+      <section className="panel-stack">
+        <ReportDetail reportId={reportId} />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/[reportId]/report-detail.tsx b/apps/web/app/dashboard/reports/[reportId]/report-detail.tsx
new file mode 100644
index 0000000..009cc94
--- /dev/null
+++ b/apps/web/app/dashboard/reports/[reportId]/report-detail.tsx
@@ -0,0 +1,138 @@
+'use client';
+
+import Link from 'next/link';
+import { useEffect, useState } from 'react';
+import { authenticatedJsonFetch } from '../../../lib/auth-fetch';
+
+type ReportDetailResponse = {
+  id: string;
+  title: string;
+  description: string;
+  category: string;
+  status: string;
+  anchor_status: string;
+  integrity_flag: string;
+  exif_verified: boolean;
+  exif_distance_meters: number | null;
+  stellar_tx_hash: string | null;
+  snapshot_hash: string | null;
+  media_urls: string[];
+  history: Array<{
+    type: string;
+    status: string;
+    note: string | null;
+    createdAt: string;
+  }>;
+};
+
+export function ReportDetail({ reportId }: Readonly<{ reportId: string }>) {
+  const [report, setReport] = useState<ReportDetailResponse | null>(null);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    let cancelled = false;
+
+    const loadReport = async () => {
+      try {
+        const payload = await authenticatedJsonFetch<ReportDetailResponse>(`/api/reports/${reportId}`);
+        if (!cancelled) {
+          setReport(payload);
+        }
+      } catch (loadError) {
+        if (!cancelled) {
+          setError(loadError instanceof Error ? loadError.message : 'Unable to load report');
+        }
+      }
+    };
+
+    void loadReport();
+
+    return () => {
+      cancelled = true;
+    };
+  }, [reportId]);
+
+  if (error) {
+    return <p className="status-note error">{error}</p>;
+  }
+
+  if (!report) {
+    return <p className="helper-copy">Loading report…</p>;
+  }
+
+  return (
+    <>
+      <section className="auth-card detail-grid">
+        <div>
+          <p className="eyebrow">{report.category}</p>
+          <h2>{report.title}</h2>
+          <p className="lede compact-copy">{report.description}</p>
+        </div>
+        <dl className="detail-list">
+          <div>
+            <dt>Status</dt>
+            <dd>{report.status}</dd>
+          </div>
+          <div>
+            <dt>Anchor</dt>
+            <dd>{report.anchor_status}</dd>
+          </div>
+          <div>
+            <dt>Integrity</dt>
+            <dd>{report.integrity_flag}</dd>
+          </div>
+          <div>
+            <dt>EXIF verified</dt>
+            <dd>{report.exif_verified ? 'Yes' : 'No'}</dd>
+          </div>
+        </dl>
+      </section>
+
+      <section className="surface-grid">
+        <article className="surface-card">
+          <h2>Media</h2>
+          {report.media_urls.length === 0 ? (
+            <p className="helper-copy">No media URLs attached to this report.</p>
+          ) : (
+            <ul className="link-list">
+              {report.media_urls.map((url) => (
+                <li key={url}>
+                  <a href={url} target="_blank" rel="noreferrer">
+                    {url}
+                  </a>
+                </li>
+              ))}
+            </ul>
+          )}
+        </article>
+
+        <article className="surface-card">
+          <h2>Anchor metadata</h2>
+          <p className="helper-copy">Snapshot hash: {report.snapshot_hash ?? 'Pending'}</p>
+          <p className="helper-copy">Stellar tx: {report.stellar_tx_hash ?? 'Queued'}</p>
+          <p className="helper-copy">
+            EXIF distance: {report.exif_distance_meters ?? 'Not available'}
+          </p>
+        </article>
+      </section>
+
+      <section className="auth-card">
+        <div className="section-heading">
+          <h2>History</h2>
+          <Link className="button button-secondary" href="/dashboard/reports">
+            Back to reports
+          </Link>
+        </div>
+        <ol className="timeline-list">
+          {report.history.map((entry) => (
+            <li key={`${entry.type}-${entry.createdAt}`}>
+              <strong>{entry.status}</strong>
+              <p>{entry.note ?? entry.type}</p>
+              <time>{new Date(entry.createdAt).toLocaleString()}</time>
+            </li>
+          ))}
+        </ol>
+      </section>
+    </>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/new/page.tsx b/apps/web/app/dashboard/reports/new/page.tsx
new file mode 100644
index 0000000..88852b9
--- /dev/null
+++ b/apps/web/app/dashboard/reports/new/page.tsx
@@ -0,0 +1,20 @@
+import { ReportSubmissionForm } from './report-submission-form';
+
+export default function NewReportPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Submit Report</p>
+        <h1>Create a new report.</h1>
+        <p className="lede">
+          Capture location, category, description, and optional media URLs in a single web
+          flow that works against the existing report creation endpoint.
+        </p>
+      </section>
+
+      <section className="panel-stack">
+        <ReportSubmissionForm />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/new/report-submission-form.tsx b/apps/web/app/dashboard/reports/new/report-submission-form.tsx
new file mode 100644
index 0000000..6dd9ffa
--- /dev/null
+++ b/apps/web/app/dashboard/reports/new/report-submission-form.tsx
@@ -0,0 +1,152 @@
+'use client';
+
+import { useRouter } from 'next/navigation';
+import { FormEvent, useState } from 'react';
+import { authenticatedJsonFetch } from '../../../lib/auth-fetch';
+
+const categoryOptions = [
+  'INFRASTRUCTURE',
+  'SANITATION',
+  'SAFETY',
+  'LIGHTING',
+  'TRANSPORT',
+  'DRAINAGE',
+  'UTILITIES',
+  'TRAFFIC',
+  'OTHER',
+] as const;
+
+type CreateReportResponse = {
+  report_id: string;
+};
+
+export function ReportSubmissionForm() {
+  const router = useRouter();
+  const [title, setTitle] = useState('');
+  const [description, setDescription] = useState('');
+  const [category, setCategory] = useState<(typeof categoryOptions)[number]>('INFRASTRUCTURE');
+  const [latitude, setLatitude] = useState('6.6018');
+  const [longitude, setLongitude] = useState('3.3515');
+  const [mediaUrls, setMediaUrls] = useState('');
+  const [error, setError] = useState<string | null>(null);
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const useBrowserLocation = () => {
+    if (typeof window === 'undefined' || !navigator.geolocation) {
+      setError('Browser geolocation is not available.');
+      return;
+    }
+
+    navigator.geolocation.getCurrentPosition(
+      (position) => {
+        setLatitude(String(position.coords.latitude));
+        setLongitude(String(position.coords.longitude));
+      },
+      () => {
+        setError('Unable to read current location. You can enter coordinates manually.');
+      },
+    );
+  };
+
+  const handleSubmit = async (event: FormEvent<HTMLFormElement>) => {
+    event.preventDefault();
+    setIsSubmitting(true);
+    setError(null);
+
+    try {
+      const payload = await authenticatedJsonFetch<CreateReportResponse>('/api/reports', {
+        method: 'POST',
+        body: JSON.stringify({
+          title,
+          description,
+          category,
+          media_urls: mediaUrls
+            .split('\n')
+            .map((value) => value.trim())
+            .filter(Boolean),
+          location: {
+            type: 'Point',
+            coordinates: [Number(longitude), Number(latitude)],
+          },
+        }),
+      });
+
+      router.replace(`/dashboard/reports/${payload.report_id}`);
+    } catch (submitError) {
+      setError(submitError instanceof Error ? submitError.message : 'Unable to submit report');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  return (
+    <section className="auth-card">
+      <form className="form-grid" onSubmit={handleSubmit}>
+        <label className="field">
+          <span>Title</span>
+          <input value={title} onChange={(event) => setTitle(event.target.value)} required />
+        </label>
+
+        <label className="field">
+          <span>Description</span>
+          <textarea
+            className="input-area"
+            rows={5}
+            value={description}
+            onChange={(event) => setDescription(event.target.value)}
+            required
+          />
+        </label>
+
+        <label className="field">
+          <span>Category</span>
+          <select
+            value={category}
+            onChange={(event) =>
+              setCategory(event.target.value as (typeof categoryOptions)[number])
+            }
+          >
+            {categoryOptions.map((option) => (
+              <option key={option} value={option}>
+                {option}
+              </option>
+            ))}
+          </select>
+        </label>
+
+        <div className="two-column-grid">
+          <label className="field">
+            <span>Latitude</span>
+            <input value={latitude} onChange={(event) => setLatitude(event.target.value)} required />
+          </label>
+
+          <label className="field">
+            <span>Longitude</span>
+            <input value={longitude} onChange={(event) => setLongitude(event.target.value)} required />
+          </label>
+        </div>
+
+        <button className="button button-secondary" type="button" onClick={useBrowserLocation}>
+          Use current browser location
+        </button>
+
+        <label className="field">
+          <span>Media URLs</span>
+          <textarea
+            className="input-area"
+            rows={4}
+            value={mediaUrls}
+            onChange={(event) => setMediaUrls(event.target.value)}
+            placeholder="One URL per line"
+          />
+        </label>
+
+        <button className="button button-primary" disabled={isSubmitting} type="submit">
+          {isSubmitting ? 'Submitting…' : 'Submit report'}
+        </button>
+      </form>
+
+      {error ? <p className="status-note error">{error}</p> : null}
+    </section>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/page.tsx b/apps/web/app/dashboard/reports/page.tsx
new file mode 100644
index 0000000..b4b460d
--- /dev/null
+++ b/apps/web/app/dashboard/reports/page.tsx
@@ -0,0 +1,20 @@
+import { ReportsList } from './reports-list';
+
+export default function ReportsPage() {
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Reports</p>
+        <h1>Browse submitted reports.</h1>
+        <p className="lede">
+          Review report summaries, filter by category or status, and open detail pages with
+          timelines and anchor state.
+        </p>
+      </section>
+
+      <section className="panel-stack">
+        <ReportsList />
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/dashboard/reports/reports-list.tsx b/apps/web/app/dashboard/reports/reports-list.tsx
new file mode 100644
index 0000000..c2c0b99
--- /dev/null
+++ b/apps/web/app/dashboard/reports/reports-list.tsx
@@ -0,0 +1,151 @@
+'use client';
+
+import Link from 'next/link';
+import { useEffect, useState } from 'react';
+import { authenticatedJsonFetch } from '../../lib/auth-fetch';
+
+type ReportSummary = {
+  id: string;
+  title: string;
+  category: string;
+  status: string;
+  anchor_status: string;
+  integrity_flag: string;
+  created_at: string;
+};
+
+type ReportListResponse = {
+  page: number;
+  pageSize: number;
+  total: number;
+  data: ReportSummary[];
+};
+
+const statusOptions = ['ALL', 'PENDING', 'ACKNOWLEDGED', 'RESOLVED', 'REJECTED', 'ESCALATED'];
+const categoryOptions = [
+  'ALL',
+  'INFRASTRUCTURE',
+  'SANITATION',
+  'SAFETY',
+  'LIGHTING',
+  'TRANSPORT',
+  'DRAINAGE',
+  'UTILITIES',
+  'TRAFFIC',
+  'OTHER',
+];
+
+export function ReportsList() {
+  const [status, setStatus] = useState('ALL');
+  const [category, setCategory] = useState('ALL');
+  const [reports, setReports] = useState<ReportSummary[]>([]);
+  const [error, setError] = useState<string | null>(null);
+  const [isLoading, setIsLoading] = useState(true);
+
+  useEffect(() => {
+    let cancelled = false;
+
+    const loadReports = async () => {
+      setIsLoading(true);
+      setError(null);
+
+      const params = new URLSearchParams({
+        page: '1',
+        pageSize: '12',
+      });
+
+      if (status !== 'ALL') {
+        params.set('status', status);
+      }
+
+      if (category !== 'ALL') {
+        params.set('category', category);
+      }
+
+      try {
+        const payload = await authenticatedJsonFetch<ReportListResponse>(
+          `/api/reports?${params.toString()}`,
+        );
+
+        if (!cancelled) {
+          setReports(payload.data);
+        }
+      } catch (loadError) {
+        if (!cancelled) {
+          setError(loadError instanceof Error ? loadError.message : 'Unable to load reports');
+          setReports([]);
+        }
+      } finally {
+        if (!cancelled) {
+          setIsLoading(false);
+        }
+      }
+    };
+
+    void loadReports();
+
+    return () => {
+      cancelled = true;
+    };
+  }, [category, status]);
+
+  return (
+    <>
+      <section className="auth-card filter-row">
+        <label className="field">
+          <span>Status</span>
+          <select value={status} onChange={(event) => setStatus(event.target.value)}>
+            {statusOptions.map((option) => (
+              <option key={option} value={option}>
+                {option}
+              </option>
+            ))}
+          </select>
+        </label>
+
+        <label className="field">
+          <span>Category</span>
+          <select value={category} onChange={(event) => setCategory(event.target.value)}>
+            {categoryOptions.map((option) => (
+              <option key={option} value={option}>
+                {option}
+              </option>
+            ))}
+          </select>
+        </label>
+
+        <Link className="button button-primary" href="/dashboard/reports/new">
+          Submit report
+        </Link>
+      </section>
+
+      {error ? <p className="status-note error">{error}</p> : null}
+      {isLoading ? <p className="helper-copy">Loading reports…</p> : null}
+
+      <section className="surface-grid report-grid">
+        {reports.map((report) => (
+          <article className="surface-card" key={report.id}>
+            <p className="eyebrow">{report.category}</p>
+            <h2>{report.title}</h2>
+            <p className="helper-copy">
+              {report.status} · {report.anchor_status}
+            </p>
+            <p className="helper-copy">
+              {new Date(report.created_at).toLocaleString()}
+            </p>
+            {report.integrity_flag !== 'NORMAL' ? (
+              <p className="status-note error">Integrity flag: {report.integrity_flag}</p>
+            ) : null}
+            <Link className="button button-secondary" href={`/dashboard/reports/${report.id}`}>
+              Open report
+            </Link>
+          </article>
+        ))}
+      </section>
+
+      {!isLoading && reports.length === 0 && !error ? (
+        <p className="helper-copy">No reports matched the current filters.</p>
+      ) : null}
+    </>
+  );
+}
diff --git a/apps/web/app/globals.css b/apps/web/app/globals.css
new file mode 100644
index 0000000..78b6340
--- /dev/null
+++ b/apps/web/app/globals.css
@@ -0,0 +1,344 @@
+:root {
+  color-scheme: light;
+  --background: #f3efe5;
+  --surface: rgba(255, 255, 255, 0.82);
+  --surface-strong: #ffffff;
+  --text: #162013;
+  --muted: #52614a;
+  --accent: #14532d;
+  --accent-strong: #0b3b1f;
+  --border: rgba(22, 32, 19, 0.12);
+  --shadow: 0 24px 80px rgba(20, 83, 45, 0.12);
+}
+
+* {
+  box-sizing: border-box;
+}
+
+html {
+  font-family: Georgia, "Times New Roman", serif;
+  background:
+    radial-gradient(circle at top, rgba(20, 83, 45, 0.14), transparent 35%),
+    linear-gradient(180deg, #f7f2e7 0%, var(--background) 100%);
+  min-height: 100%;
+}
+
+body {
+  margin: 0;
+  color: var(--text);
+  min-height: 100vh;
+}
+
+a {
+  color: inherit;
+  text-decoration: none;
+}
+
+.page-shell {
+  width: min(1120px, calc(100% - 2rem));
+  margin: 0 auto;
+  padding: 4rem 0 5rem;
+}
+
+.hero {
+  padding: 3rem;
+  border: 1px solid var(--border);
+  border-radius: 32px;
+  background: linear-gradient(145deg, rgba(255, 255, 255, 0.92), rgba(244, 239, 229, 0.86));
+  box-shadow: var(--shadow);
+}
+
+.hero.compact {
+  padding-bottom: 2rem;
+}
+
+.eyebrow {
+  margin: 0 0 1rem;
+  color: var(--accent);
+  font-size: 0.85rem;
+  font-weight: 700;
+  letter-spacing: 0.16em;
+  text-transform: uppercase;
+}
+
+.hero h1 {
+  margin: 0;
+  max-width: 12ch;
+  font-size: clamp(2.7rem, 7vw, 5.6rem);
+  line-height: 0.96;
+}
+
+.lede {
+  max-width: 46rem;
+  margin: 1.5rem 0 0;
+  font-size: 1.1rem;
+  line-height: 1.7;
+  color: var(--muted);
+}
+
+.actions {
+  display: flex;
+  gap: 1rem;
+  flex-wrap: wrap;
+  margin-top: 2rem;
+}
+
+.panel-stack {
+  display: grid;
+  gap: 1.5rem;
+  margin-top: 1.5rem;
+}
+
+.button {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  min-height: 3rem;
+  padding: 0.85rem 1.25rem;
+  border-radius: 999px;
+  border: 1px solid transparent;
+  font-size: 0.95rem;
+  font-weight: 700;
+}
+
+.button-primary {
+  background: var(--accent);
+  color: #f8fff9;
+}
+
+.button-primary:hover {
+  background: var(--accent-strong);
+}
+
+.button-secondary {
+  border-color: var(--border);
+  background: rgba(255, 255, 255, 0.75);
+}
+
+.surface-grid {
+  display: grid;
+  grid-template-columns: repeat(3, minmax(0, 1fr));
+  gap: 1rem;
+  margin-top: 1.5rem;
+}
+
+.surface-card,
+.health-card {
+  border: 1px solid var(--border);
+  border-radius: 24px;
+  background: var(--surface);
+  backdrop-filter: blur(10px);
+  box-shadow: var(--shadow);
+}
+
+.surface-card {
+  padding: 1.5rem;
+}
+
+.surface-card h2 {
+  margin: 0 0 0.6rem;
+  font-size: 1.4rem;
+}
+
+.surface-card p {
+  margin: 0;
+  color: var(--muted);
+  line-height: 1.6;
+}
+
+.health-card {
+  padding: 1.5rem 1.75rem;
+  margin-top: 1.5rem;
+}
+
+.auth-card {
+  border: 1px solid var(--border);
+  border-radius: 24px;
+  background: var(--surface);
+  backdrop-filter: blur(10px);
+  box-shadow: var(--shadow);
+  padding: 1.5rem;
+}
+
+.form-grid {
+  display: grid;
+  gap: 1rem;
+}
+
+.field {
+  display: grid;
+  gap: 0.45rem;
+  color: var(--muted);
+}
+
+.field span {
+  font-size: 0.9rem;
+  font-weight: 700;
+  color: var(--text);
+}
+
+.field input,
+.field select,
+.input-area {
+  min-height: 3rem;
+  border-radius: 14px;
+  border: 1px solid var(--border);
+  background: rgba(255, 255, 255, 0.92);
+  padding: 0.8rem 0.9rem;
+  color: var(--text);
+  font: inherit;
+}
+
+.helper-copy {
+  margin: 1rem 0 0;
+  color: var(--muted);
+}
+
+.helper-copy a {
+  color: var(--accent);
+  font-weight: 700;
+}
+
+.status-note {
+  margin: 1rem 0 0;
+  padding: 0.9rem 1rem;
+  border-radius: 16px;
+}
+
+.status-note.success {
+  background: rgba(20, 83, 45, 0.1);
+  color: var(--accent-strong);
+}
+
+.status-note.error {
+  background: rgba(127, 29, 29, 0.1);
+  color: #8a1c1c;
+}
+
+.topbar {
+  width: min(1120px, calc(100% - 2rem));
+  margin: 1.5rem auto 0;
+  padding: 1rem 1.25rem;
+  border: 1px solid var(--border);
+  border-radius: 24px;
+  background: rgba(255, 255, 255, 0.84);
+  box-shadow: var(--shadow);
+  display: flex;
+  justify-content: space-between;
+  gap: 1rem;
+  align-items: center;
+}
+
+.topbar-links {
+  display: flex;
+  gap: 0.75rem;
+  align-items: center;
+  flex-wrap: wrap;
+}
+
+.filter-row {
+  display: flex;
+  gap: 1rem;
+  align-items: flex-end;
+  flex-wrap: wrap;
+}
+
+.report-grid {
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+
+.two-column-grid {
+  display: grid;
+  gap: 1rem;
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+}
+
+.detail-grid {
+  display: grid;
+  gap: 1.5rem;
+  grid-template-columns: minmax(0, 2fr) minmax(260px, 1fr);
+}
+
+.detail-list {
+  display: grid;
+  gap: 1rem;
+  margin: 0;
+}
+
+.detail-list dt {
+  color: var(--accent);
+  font-size: 0.8rem;
+  font-weight: 700;
+  letter-spacing: 0.12em;
+  margin-bottom: 0.3rem;
+  text-transform: uppercase;
+}
+
+.detail-list dd {
+  margin: 0;
+  color: var(--muted);
+}
+
+.compact-copy {
+  max-width: none;
+}
+
+.section-heading {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  gap: 1rem;
+  flex-wrap: wrap;
+}
+
+.timeline-list,
+.link-list {
+  margin: 1rem 0 0;
+  padding-left: 1.25rem;
+  color: var(--muted);
+}
+
+.timeline-list li + li,
+.link-list li + li {
+  margin-top: 0.75rem;
+}
+
+.timeline-list p {
+  margin: 0.3rem 0;
+}
+
+.health-card dl {
+  margin: 0;
+  display: grid;
+  gap: 1rem;
+}
+
+.health-card dt {
+  font-size: 0.85rem;
+  text-transform: uppercase;
+  letter-spacing: 0.14em;
+  color: var(--accent);
+  margin-bottom: 0.35rem;
+}
+
+.health-card dd {
+  margin: 0;
+  color: var(--muted);
+  word-break: break-word;
+}
+
+@media (max-width: 900px) {
+  .surface-grid {
+    grid-template-columns: 1fr;
+  }
+
+  .hero {
+    padding: 2rem;
+  }
+
+  .two-column-grid,
+  .detail-grid,
+  .report-grid {
+    grid-template-columns: 1fr;
+  }
+}
diff --git a/apps/web/app/health/page.tsx b/apps/web/app/health/page.tsx
new file mode 100644
index 0000000..d5602dd
--- /dev/null
+++ b/apps/web/app/health/page.tsx
@@ -0,0 +1,81 @@
+export const dynamic = "force-dynamic";
+
+async function getHealthStatus() {
+  const baseUrl = process.env.NEXT_PUBLIC_API_URL ?? "http://localhost:5000";
+  const endpoint = `${baseUrl.replace(/\/$/, "")}/api/health`;
+
+  try {
+    const response = await fetch(endpoint, {
+      cache: "no-store",
+    });
+
+    if (!response.ok) {
+      return {
+        endpoint,
+        status: "degraded",
+        details: `Health endpoint returned ${response.status}`,
+      };
+    }
+
+    const payload = (await response.json()) as {
+      status?: string;
+      integrations?: Record<string, string>;
+      timestamp?: string;
+    };
+
+    return {
+      endpoint,
+      status: payload.status ?? "unknown",
+      details: payload.integrations
+        ? Object.entries(payload.integrations)
+            .map(([name, value]) => `${name}: ${value}`)
+            .join(", ")
+        : "No integration details returned",
+      timestamp: payload.timestamp ?? null,
+    };
+  } catch (error) {
+    return {
+      endpoint,
+      status: "offline",
+      details: error instanceof Error ? error.message : "Unknown health fetch error",
+    };
+  }
+}
+
+export default async function HealthPage() {
+  const health = await getHealthStatus();
+
+  return (
+    <main className="page-shell">
+      <section className="hero compact">
+        <p className="eyebrow">Workspace diagnostics</p>
+        <h1>Health status</h1>
+        <p className="lede">
+          This page is safe to ship before deeper platform features. It validates the
+          new web app and provides a simple API readiness check.
+        </p>
+      </section>
+
+      <section className="health-card">
+        <dl>
+          <div>
+            <dt>Endpoint</dt>
+            <dd>{health.endpoint}</dd>
+          </div>
+          <div>
+            <dt>Status</dt>
+            <dd>{health.status}</dd>
+          </div>
+          <div>
+            <dt>Details</dt>
+            <dd>{health.details}</dd>
+          </div>
+          <div>
+            <dt>Timestamp</dt>
+            <dd>{health.timestamp ?? "Unavailable"}</dd>
+          </div>
+        </dl>
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/layout.tsx b/apps/web/app/layout.tsx
new file mode 100644
index 0000000..4d2639f
--- /dev/null
+++ b/apps/web/app/layout.tsx
@@ -0,0 +1,18 @@
+import type { Metadata } from "next";
+import type { ReactNode } from "react";
+import "./globals.css";
+
+export const metadata: Metadata = {
+  title: "Sidewalk",
+  description: "Civic issue reporting and accountability platform",
+};
+
+export default function RootLayout({
+  children,
+}: Readonly<{ children: ReactNode }>) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  );
+}
diff --git a/apps/web/app/lib/api.ts b/apps/web/app/lib/api.ts
new file mode 100644
index 0000000..4594d6e
--- /dev/null
+++ b/apps/web/app/lib/api.ts
@@ -0,0 +1,4 @@
+const fallbackApiBaseUrl = 'http://localhost:4000';
+
+export const getApiBaseUrl = () =>
+  (process.env.NEXT_PUBLIC_API_BASE_URL ?? fallbackApiBaseUrl).replace(/\/+$/, '');
diff --git a/apps/web/app/lib/auth-fetch.ts b/apps/web/app/lib/auth-fetch.ts
new file mode 100644
index 0000000..5555afe
--- /dev/null
+++ b/apps/web/app/lib/auth-fetch.ts
@@ -0,0 +1,64 @@
+'use client';
+
+import { getApiBaseUrl } from './api';
+import { clearSession, getAccessToken, persistSession } from './auth-storage';
+
+const refreshAccessToken = async (): Promise<string | null> => {
+  const response = await fetch(`${getApiBaseUrl()}/api/auth/refresh`, {
+    method: 'POST',
+    credentials: 'include',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      clientType: 'web',
+      deviceId: 'web-browser',
+    }),
+  });
+
+  const payload = (await response.json()) as { accessToken?: string; expiresIn?: string };
+  if (!response.ok || !payload.accessToken) {
+    return null;
+  }
+
+  persistSession({
+    accessToken: payload.accessToken,
+    expiresIn: payload.expiresIn ?? '15m',
+  });
+
+  return payload.accessToken;
+};
+
+export const authenticatedJsonFetch = async <T>(
+  path: string,
+  init?: RequestInit,
+): Promise<T> => {
+  const execute = async (token: string | null) =>
+    fetch(`${getApiBaseUrl()}${path}`, {
+      ...init,
+      credentials: 'include',
+      headers: {
+        'Content-Type': 'application/json',
+        ...(token ? { Authorization: `Bearer ${token}` } : {}),
+        ...(init?.headers ?? {}),
+      },
+    });
+
+  let token = getAccessToken();
+  let response = await execute(token);
+
+  if (response.status === 401) {
+    token = await refreshAccessToken();
+    if (!token) {
+      clearSession();
+      throw new Error('Session expired. Sign in again.');
+    }
+
+    response = await execute(token);
+  }
+
+  const payload = (await response.json()) as T & { error?: { message?: string } };
+  if (!response.ok) {
+    throw new Error(payload.error?.message ?? 'Request failed');
+  }
+
+  return payload;
+};
diff --git a/apps/web/app/lib/auth-storage.ts b/apps/web/app/lib/auth-storage.ts
new file mode 100644
index 0000000..ea1f7eb
--- /dev/null
+++ b/apps/web/app/lib/auth-storage.ts
@@ -0,0 +1,80 @@
+'use client';
+
+const ACCESS_TOKEN_KEY = 'sidewalk:access-token';
+const ACCESS_TOKEN_EXPIRES_AT_KEY = 'sidewalk:access-token-expires-at';
+const ROLE_KEY = 'sidewalk:role';
+const EMAIL_KEY = 'sidewalk:auth-email';
+
+type PersistedSession = {
+  accessToken: string;
+  expiresIn: string;
+  email?: string;
+  role?: string;
+};
+
+const parseExpiry = (expiresIn: string): number => {
+  const trimmed = expiresIn.trim();
+  if (trimmed.endsWith('m')) {
+    return Number.parseInt(trimmed, 10) * 60 * 1000;
+  }
+
+  if (trimmed.endsWith('h')) {
+    return Number.parseInt(trimmed, 10) * 60 * 60 * 1000;
+  }
+
+  const numeric = Number.parseInt(trimmed, 10);
+  return Number.isFinite(numeric) ? numeric * 1000 : 15 * 60 * 1000;
+};
+
+export const persistSession = ({ accessToken, expiresIn, email, role }: PersistedSession) => {
+  if (typeof window === 'undefined') {
+    return;
+  }
+
+  window.localStorage.setItem(ACCESS_TOKEN_KEY, accessToken);
+  window.localStorage.setItem(
+    ACCESS_TOKEN_EXPIRES_AT_KEY,
+    String(Date.now() + parseExpiry(expiresIn)),
+  );
+
+  if (email) {
+    window.localStorage.setItem(EMAIL_KEY, email);
+  }
+
+  if (role) {
+    window.localStorage.setItem(ROLE_KEY, role);
+  }
+};
+
+export const getAccessToken = () => {
+  if (typeof window === 'undefined') {
+    return null;
+  }
+
+  const expiresAt = Number(window.localStorage.getItem(ACCESS_TOKEN_EXPIRES_AT_KEY) ?? '0');
+  if (expiresAt > Date.now()) {
+    return window.localStorage.getItem(ACCESS_TOKEN_KEY);
+  }
+
+  window.localStorage.removeItem(ACCESS_TOKEN_KEY);
+  window.localStorage.removeItem(ACCESS_TOKEN_EXPIRES_AT_KEY);
+  return null;
+};
+
+export const getStoredRole = () => {
+  if (typeof window === 'undefined') {
+    return null;
+  }
+
+  return window.localStorage.getItem(ROLE_KEY);
+};
+
+export const clearSession = () => {
+  if (typeof window === 'undefined') {
+    return;
+  }
+
+  window.localStorage.removeItem(ACCESS_TOKEN_KEY);
+  window.localStorage.removeItem(ACCESS_TOKEN_EXPIRES_AT_KEY);
+  window.localStorage.removeItem(ROLE_KEY);
+};
diff --git a/apps/web/app/page.tsx b/apps/web/app/page.tsx
new file mode 100644
index 0000000..20904b0
--- /dev/null
+++ b/apps/web/app/page.tsx
@@ -0,0 +1,56 @@
+import Link from "next/link";
+
+const surfaces = [
+  {
+    title: "API",
+    description: "Express backend with auth, reports, media, and worker-backed anchoring.",
+  },
+  {
+    title: "Web",
+    description: "New Next.js surface for diagnostics and future citizen and admin flows.",
+  },
+  {
+    title: "Mobile",
+    description: "Expo app for field reporting and citizen status tracking.",
+  },
+];
+
+export default function HomePage() {
+  return (
+    <main className="page-shell">
+      <section className="hero">
+        <p className="eyebrow">Sidewalk Monorepo</p>
+        <h1>Build civic reporting across API, web, mobile, and Stellar services.</h1>
+        <p className="lede">
+          This workspace now includes a standalone Next.js application so frontend,
+          backend, and mobile contributors can work in parallel without inventing local setup.
+        </p>
+        <div className="actions">
+          <Link className="button button-primary" href="/auth/request-otp">
+            Open auth flow
+          </Link>
+          <Link className="button button-primary" href="/health">
+            Open health page
+          </Link>
+          <a
+            className="button button-secondary"
+            href="https://github.com/MixMatch-Inc/Sidewalk"
+            target="_blank"
+            rel="noreferrer"
+          >
+            View repository
+          </a>
+        </div>
+      </section>
+
+      <section className="surface-grid" aria-label="Workspace surfaces">
+        {surfaces.map((surface) => (
+          <article className="surface-card" key={surface.title}>
+            <h2>{surface.title}</h2>
+            <p>{surface.description}</p>
+          </article>
+        ))}
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/eslint.config.mjs b/apps/web/eslint.config.mjs
new file mode 100644
index 0000000..9cac272
--- /dev/null
+++ b/apps/web/eslint.config.mjs
@@ -0,0 +1,23 @@
+import js from "@eslint/js";
+import tseslint from "typescript-eslint";
+
+export default tseslint.config(
+  {
+    ignores: [".next/**"],
+  },
+  js.configs.recommended,
+  ...tseslint.configs.recommended,
+  {
+    files: ["app/**/*.{ts,tsx}", "next.config.ts"],
+    languageOptions: {
+      parserOptions: {
+        ecmaFeatures: {
+          jsx: true,
+        },
+      },
+    },
+    rules: {
+      "no-undef": "off",
+    },
+  },
+);
diff --git a/apps/web/next-env.d.ts b/apps/web/next-env.d.ts
new file mode 100644
index 0000000..830fb59
--- /dev/null
+++ b/apps/web/next-env.d.ts
@@ -0,0 +1,6 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+/// <reference path="./.next/types/routes.d.ts" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
diff --git a/apps/web/next.config.ts b/apps/web/next.config.ts
new file mode 100644
index 0000000..2f6491c
--- /dev/null
+++ b/apps/web/next.config.ts
@@ -0,0 +1,7 @@
+import type { NextConfig } from "next";
+
+const nextConfig: NextConfig = {
+  reactStrictMode: true,
+};
+
+export default nextConfig;
diff --git a/apps/web/package.json b/apps/web/package.json
new file mode 100644
index 0000000..73db70d
--- /dev/null
+++ b/apps/web/package.json
@@ -0,0 +1,26 @@
+{
+  "name": "sidewalk-web",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "dev": "next dev",
+    "build": "next build",
+    "start": "next start",
+    "lint": "eslint app next.config.ts eslint.config.mjs",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "next": "^15.5.0",
+    "react": "19.1.0",
+    "react-dom": "19.1.0"
+  },
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.3.1",
+    "@types/node": "^22.10.7",
+    "@types/react": "^19.1.0",
+    "@types/react-dom": "^19.1.0",
+    "eslint": "^9.25.0",
+    "eslint-config-next": "^15.5.0",
+    "typescript": "^5.7.3"
+  }
+}
diff --git a/apps/web/tsconfig.json b/apps/web/tsconfig.json
new file mode 100644
index 0000000..f3a5b84
--- /dev/null
+++ b/apps/web/tsconfig.json
@@ -0,0 +1,25 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "target": "ES2017",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": false,
+    "skipLibCheck": true,
+    "strict": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "preserve",
+    "incremental": true,
+    "plugins": [
+      {
+        "name": "next"
+      }
+    ]
+  },
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+  "exclude": ["node_modules"]
+}