A web-based platform for managing NIH-style peer review of grant applications. The system enables administrators to organize review cycles and assign reviewers, while reviewers evaluate applications using structured 1-9 criteria scoring — all asynchronously and with full reviewer anonymity.
Built for research institutions and funding agencies that need to coordinate multi-reviewer grant evaluations without requiring synchronous meetings.
The admin dashboard provides an at-a-glance overview of applications, reviewers, reviews, and study sections, along with recent activity.
Browse, search, and filter all applications with server-side pagination. Manage reviewer assignments and track review progress.
Detailed view of each application showing assigned reviewers, review statistics, individual review scores, and discussion threads.
Reviewers see their assigned applications organized by study section, with status badges and quick actions for submitting reviews, viewing peer reviews, and joining discussions.
Structured review form with NIH-style criteria sections (Significance, Investigator, Innovation, Approach, Environment), 1-9 scoring, and rich-text bullet-point editors for strengths and weaknesses.
Threaded discussion forum where reviewers communicate about applications while maintaining anonymity (identified as Reviewer A, B, C, etc.).
Filterable statistics dashboard showing application distribution by status, study section, and grant type.
- Structured Review Workflow - NIH-style criteria scoring (1-9 scale) with configurable review sections per grant type
- Reviewer Anonymity - Reviewers are identified as Reviewer A, B, C to each other; only admins see real identities
- Anonymous Discussions - Threaded per-application discussion forums that preserve reviewer anonymity
- Document Upload & Parsing - Upload DOCX review documents with automatic parsing into structured review data
- Study Section Management - Organize applications into study sections (program calls) with reviewer assignments
- Grant Type Templates - Configurable review criteria templates for different grant mechanisms
- Draft Auto-Save - Reviewers can save review drafts and return to complete them later
- Report Generation - Generate aggregated review reports with scores across all reviewers
- Reviewer Analytics - Track reviewer workload, completion rates, and scoring patterns
- Audit Logging - Comprehensive audit trail for all administrative actions
- Dark Mode - Full dark mode support across all pages
| Layer | Technology |
|---|---|
| Backend | PHP 8.2+, PDO |
| Database | MariaDB 11.4, InnoDB |
| Frontend | HTML5, CSS3, Vanilla JavaScript |
| Security | HTMLPurifier, bcrypt, CSRF tokens, CSP headers |
| Testing | PHPUnit 10.5, Vitest |
| Deployment | Docker, Docker Compose |
| CI/CD | GitHub Actions |
# 1. Clone and configure
git clone https://github.com/CTR-TRANSCEND/async-grant-review.git
cd async-grant-review
cp .env.example .env
# Edit .env with your database passwords
# 2. Start services
docker compose up -d
# 3. Access the system
open http://localhost:8080The default admin account is created during database initialization. Change the password on first login.
# 1. Install PHP dependencies
composer install
# 2. Configure environment
cp .env.example .env
# Edit .env: set DB_HOST, DB_USER, DB_PASS, DB_NAME
# 3. Create database and import schema
mysql -u root -p -e "CREATE DATABASE grant_review"
mysql -u root -p grant_review < database/schema.sql
# 4. Point Apache to the project directory
# Enable mod_rewrite and mod_headersAll configuration is via environment variables. See .env.example for the complete list.
Key variables:
| Variable | Description | Default |
|---|---|---|
DB_HOST |
Database hostname | localhost |
DB_NAME |
Database name | grant_review |
DB_USER |
Database username | — |
DB_PASS |
Database password | — |
APP_ENV |
Environment (production / development) |
production |
APP_PORT |
Application port (Docker) | 8080 |
SESSION_LIFETIME |
Session timeout in seconds | 3600 |
MARIADB_ROOT_PASSWORD |
Database root password (Docker only) | — |
admin/ Admin pages (dashboard, users, applications, reports, analytics)
reviewer/ Reviewer pages (dashboard, review form, discussions, all reviews)
includes/ PHP classes and helper functions (37 classes)
config/ Configuration, environment loading, database connection
database/ Schema definition and migration files (22 migrations)
assets/css/ Stylesheets (8 files)
assets/js/ JavaScript modules (10 files)
tests/ PHPUnit and Vitest test suites
docs/ User manual and screenshots
docker/ Docker configuration (php.ini)
composer install
cp phpunit.xml.dist phpunit.xml
# Edit phpunit.xml with your test database credentials
vendor/bin/phpunit # 336 tests, 886 assertionsnpm install
npx vitest run # 27 tests- User Manual - Complete guide for administrators and reviewers
- Site Structure - Technical system documentation
- Installation Checklist - Step-by-step deployment guide
- All user input sanitized via HTMLPurifier
- Prepared statements for all database queries (zero SQL injection surface)
- CSRF token validation on all POST endpoints
- Content Security Policy, X-Frame-Options, and HSTS headers
- bcrypt password hashing with progressive account lockout
- Role-based access control with IDOR protection on all endpoints
- MFA support with TOTP and backup codes
Proprietary - All rights reserved.