Skip to content

Feat/registry and evault provisioning #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 20, 2025
Merged

Feat/registry and evault provisioning #106

merged 5 commits into from
Apr 20, 2025

Conversation

coodos
Copy link
Contributor

@coodos coodos commented Apr 20, 2025
edited by coderabbitai bot
Loading

Description of change

Issue Number

closes #102

Type of change

  • New (a change which implements a new feature)

How the change has been tested

Change checklist

  • I have ensured that the CI Checks pass locally
  • I have removed any unnecessary logic
  • My code is well documented
  • I have signed my commits
  • My code follows the pattern of the application
  • I have self reviewed my code

Summary by CodeRabbit

  • New Features

    • Introduced a new evault provisioning API with endpoints for health checks and tenant provisioning.
    • Added a production-ready Dockerfile for evault-core with a multi-stage build process.
    • Launched a Registry Service offering entropy generation (JWT), service discovery, and JWKS endpoint.
    • Added service discovery integration with Consul for resolving services by w3id.

  • Documentation

    • Added comprehensive README files for the evault-provisioner and Registry Service, including setup, usage, and troubleshooting instructions.

  • Bug Fixes

    • Corrected Dockerfile directive casing to prevent build errors.

  • Configuration

    • Updated TypeScript configurations and package metadata for new services.
    • Enhanced workspace package inclusion in pnpm configuration.

  • Enhancements

    • Improved evault-core server to support additional environment-based port detection and explicit network binding.
    • Added a start script to evault-core for running compiled output.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Apr 20, 2025
edited
Loading

Walkthrough

This update introduces a new "registry" service for ID dereferencing and entropy generation, implemented as a Fastify server with endpoints for entropy JWT issuance, public key retrieval, and service resolution via Consul based on a w3id. The change also adds a new "evault-provisioner" API for provisioning evault instances on Nomad, including job template generation and allocation tracking. Supporting configuration files, documentation, and build scripts are included for both services. Minor adjustments and fixes are made to Dockerfiles, TypeScript configurations, and runtime scripts for the evault-core service.

Changes

File(s) Change Summary
docker/Dockerfile.evault Fixes Dockerfile syntax by changing workdir to WORKDIR.
docker/Dockerfile.evault-prod Adds a new multi-stage Dockerfile for production builds of evault-core.
infrastructure/evault-core/package.json Adds a start script for running the compiled app.
infrastructure/evault-core/src/evault.ts Updates server binding logic to prioritize NOMAD_PORT_http, and binds to 0.0.0.0.
infrastructure/evault-core/tsconfig.json Changes TypeScript target to ES2021, module to CommonJS, and excludes test specs.
infrastructure/evault-provisioner/README.md Adds documentation for the evault-provisioner API and usage.
infrastructure/evault-provisioner/package.json Adds project metadata, scripts, and dependencies for evault-provisioner.
infrastructure/evault-provisioner/src/index.ts Implements Express API with /health and /provision endpoints for provisioning evault instances.
infrastructure/evault-provisioner/src/listeners/alloc.ts Adds function to subscribe to Nomad allocation events and emit readiness/errors.
infrastructure/evault-provisioner/src/templates/evault.nomad.ts Provides functions to generate random passwords and Nomad job specs for evault+Neo4j.
infrastructure/evault-provisioner/tsconfig.json Adds TypeScript configuration for evault-provisioner.
infrastructure/w3id/src/utils/rand.ts Reformats function indentation for consistency.
platforms/registry/README.md Adds documentation for the new registry service, endpoints, and usage.
platforms/registry/package.json Adds project metadata, scripts, and dependencies for the registry service.
platforms/registry/src/consul.ts Implements Consul-based service resolution by w3id.
platforms/registry/src/index.ts Implements Fastify server with /entropy, /.well-known/jwks.json, and /resolve endpoints.
platforms/registry/src/jwt.ts Handles JWT entropy generation and JWK management for the registry service.
platforms/registry/tsconfig.json Adds TypeScript configuration for the registry service.
pnpm-workspace.yaml Includes platforms/* in workspace packages and minor string formatting.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Registry
    participant Consul

    Client->>Registry: GET /resolve?w3id=<w3id>
    Registry->>Consul: Query service catalog for w3id
    Consul-->>Registry: Return service info or null
    Registry-->>Client: Return service endpoints or 404
Loading 
sequenceDiagram
    participant Client
    participant Registry

    Client->>Registry: GET /entropy
    Registry->>Registry: Generate entropy & sign JWT
    Registry-->>Client: Return JWT with entropy
Loading

Assessment against linked issues

Objective Addressed Explanation
Create a basic ID dereferencable registry (#102)

Possibly related PRs

  • Feat/evault core #100: Introduces the evault-core feature, which is closely related to the Dockerfile and runtime changes for evault-core in this PR.

Poem

In burrows deep where secrets hide,
A registry now stands with pride.
IDs resolved and entropy spun,
JWTs and services—oh what fun!
With Fastify swift and Consul near,
The w3id path is crystal clear.
🐇 Cheers to new features, let’s all hop in—
The registry’s ready, let’s begin!

✨ Finishing Touches
  • 📝 Generate Docstrings
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Apr 20, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 15

🔭 Outside diff range comments (1)
infrastructure/evault-core/package.json (1)

5-6: ⚠️ Potential issue

Update the main entrypoint to match compiled output
The main field currently points to "index.js", but your build emits dist/evault.js. Mismatched entrypoints can break production deploys.

-   "main": "index.js",
+   "main": "dist/evault.js",
🧹 Nitpick comments (23)
pnpm-workspace.yaml (1)

7-7: Quote style changed for dependency name

The change from single quotes to double quotes for @biomejs/biome is a minor stylistic change with no functional impact. Ensure this is consistent with your project's code style guidelines.

platforms/registry/tsconfig.json (1)

1-14: TypeScript configuration looks good for this service

The TypeScript configuration is appropriate for a Node.js service, with proper settings for compilation target, module system, and type checking. It correctly defines the source and output directories and excludes test files.

However, I noticed there's no trailing newline at the end of the file (line 14 ends with a space).

-} 
+}
+
platforms/registry/README.md (2)

12-12: Minor grammar suggestion

Consider using a hyphen when "1 hour" is used as a modifier.

-The entropy is valid for 1 hour
+The entropy is valid for 1-hour
🧰 Tools
🪛 LanguageTool

[grammar] ~12-~12: When ‘1-hour’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... using ES256 - The entropy is valid for 1 hour - Response format: { token: string } ...

(HOUR_HYPHEN)

37-54: Complete usage instructions

The installation, development, and production sections provide clear instructions using npm commands, making it easy for developers to get started with the service.

Consider adding information about how the service integrates with the broader system architecture and its dependencies (e.g., Consul).

platforms/registry/src/consul.ts (1)

20-26: Consider making endpoint paths configurable

The endpoint paths (/graphql, /voyager, etc.) are hardcoded, which could make the function less adaptable to changes in the API structure.

Consider extracting these into configuration or constants:

const DEFAULT_ENDPOINTS = {
  graphql: '/graphql',
  voyager: '/voyager',
  whois: '/whois',
  logs: '/logs',
  requestWatcherSignature: '/request-signature',
};

// Then in the function
return Object.entries(DEFAULT_ENDPOINTS).reduce((acc, [key, path]) => {
  acc[key] = `${address}${path}`;
  return acc;
}, {} as Record<keyof typeof DEFAULT_ENDPOINTS, string>);
platforms/registry/src/jwt.ts (3)

7-19: Helper function appears to be unused in production code

The generateInitialJWK function is marked as a helper for initial setup but isn't used elsewhere in the codebase.

Consider adding a clear comment indicating this is a utility function intended for initial setup or key rotation, and documenting how to use it (e.g., "Run this once with ts-node to generate a new key for your environment variables").

21-34: Improve key initialization error handling

The key initialization logic looks solid, but we could improve the error handling for invalid JWK parsing.

async function initializeKeys() {
  if (!privateKey) {
    const jwkString = process.env.REGISTRY_ENTROPY_KEY_JWK;
    if (!jwkString) {
      throw new Error(
        "REGISTRY_ENTROPY_KEY_JWK environment variable is required"
      );
    }

-    const jwk = JSON.parse(jwkString);
+    try {
+      const jwk = JSON.parse(jwkString);
+      privateKey = (await importJWK(jwk, "ES256")) as KeyLike;
+      publicKey = (await importJWK({ ...jwk, d: undefined }, "ES256")) as KeyLike;
+    } catch (error) {
+      throw new Error("Failed to parse or import JWK: " + (error as Error).message);
+    }
-    privateKey = (await importJWK(jwk, "ES256")) as KeyLike;
-    publicKey = (await importJWK({ ...jwk, d: undefined }, "ES256")) as KeyLike;
  }
}

47-57: JWT generation looks good, but consider adding an issuer claim

The JWT generation function is well implemented, but adding an issuer claim would improve security and traceability.

export async function generateEntropy(): Promise<string> {
  await initializeKeys();
  const entropy = generateRandomEntropy();
  const token = await new SignJWT({ entropy })
    .setProtectedHeader({ alg: "ES256", kid: "entropy-key-1" })
    .setIssuedAt()
+   .setIssuer("registry-service")
    .setExpirationTime("1h")
    .sign(privateKey);
  return token;
}
platforms/registry/src/index.ts (2)

1-7: Consider more robust environment variable handling

The environment configuration looks appropriate, but a more robust approach would handle missing environment variables at startup.

Consider adding a validation check for required environment variables at startup to fail fast with clear error messages.

11-20: Consider adding request validation

The entropy endpoint handles errors appropriately, but lacks input validation which is good practice even for simple endpoints.

Consider adding schema validation for the request using Fastify's built-in validation:

server.get("/entropy", {
  schema: {
    response: {
        type: 'object',
        properties: {
          token: { type: 'string' }
        }
      }
    }
  }
}, async (request, reply) => {
  // Existing handler code...
});
infrastructure/w3id/src/utils/rand.ts (1)

9-15: Apply formatter to fix code style
Prettier/Biome reported formatting differences in this block. Please run the project’s formatter (e.g., npm run format) to align indentation and satisfy the CI formatting checks.

🧰 Tools
🪛 GitHub Actions: Check Format

[error] 9-15: Formatter would have printed different content. Prettier/Biome formatting check failed. Run the formatter to fix code style issues.

infrastructure/evault-core/tsconfig.json (1)

23-25: Refine exclude glob for test specs
The pattern "*/**/*.spec.ts" might not catch all test files at arbitrary depths. Consider using a more general glob:

- "*/**/*.spec.ts"
+ "**/*.spec.ts"

This ensures all *.spec.ts files are excluded.

infrastructure/evault-core/package.json (1)

9-9: Verify dev script loader flags
The dev script uses node --watch --import tsx src/evault.ts. Confirm that your Node version supports the --import tsx loader specifier. Alternatively, you could simplify to:

"dev": "tsx --watch src/evault.ts"
infrastructure/evault-provisioner/package.json (1)

1-27: Well-structured package.json with appropriate dependencies

The package configuration properly defines the necessary scripts and dependencies for a TypeScript Node.js application. The type module setting aligns with modern JavaScript practices.

Consider using caret ranges for all dependencies to allow for patch and minor updates that include security fixes:

-        "axios": "^1.6.7",
+        "axios": "^1.6.7",
-        "dotenv": "^16.4.5",
+        "dotenv": "^16.4.5",

(Note: These are already using caret ranges, so no actual change needed. Keep this pattern for future dependencies.)

infrastructure/evault-provisioner/src/listeners/alloc.ts (2)

24-46: Implement stronger typing for API responses

The use of any for typing reduces code safety. Consider defining proper interfaces for the Nomad API responses.

+interface NomadAllocation {
+    ID: string;
+    ClientStatus: string;
+    NodeID: string;
+    Resources: {
+        Networks: Array<{
+            DynamicPorts: Array<{
+                Label: string;
+                Value: number;
+            }>
+        }>
+    }
+}

// Then when accessing data:
-const running = allocsRes.data.find((a: any) => a.ClientStatus === "running");
+const running = allocsRes.data.find((a: NomadAllocation) => a.ClientStatus === "running");

33-40: Use clearer error messages with more context

The error messages could be more informative by including the specific values that were checked.

-            const port = netInfo.DynamicPorts.find(
-                (p: any) => p.Label === "http",
-            )?.Value;
+            const httpPort = netInfo.DynamicPorts.find(
+                (p: any) => p.Label === "http",
+            );
+            const port = httpPort?.Value;

             if (!port || !nodeId) {
-                emitter.emit("error", new Error("Missing port or node info"));
+                emitter.emit("error", new Error(
+                    `Missing required allocation info: ${!port ? 'HTTP port not found' : ''} ${!nodeId ? 'Node ID not found' : ''} (Allocation ID: ${allocId})`
+                ));
                 return;
             }
infrastructure/evault-provisioner/src/index.ts (2)

35-36: Fix type definition to avoid empty object type.

The static analysis tool flags the use of {} as a type. This is discouraged as it means "any non-nullable value" rather than "empty object".

-        req: Request<{}, {}, ProvisionRequest>,
+        req: Request<Record<string, never>, Record<string, never>, ProvisionRequest>,
🧰 Tools
🪛 Biome (1.9.4)

[error] 35-35: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

[error] 35-35: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

62-68: Add cleanup for event listener.

The subscription to allocation events doesn't have a cleanup mechanism, which might lead to memory leaks if the request completes before events are received.

Consider adding a timeout or cleanup mechanism for the event subscription:

            const sub = subscribeToAlloc(evalId);
            sub.on("ready", async (allocId) => {
                console.log("Alloc is ready:", allocId);
+               // Optional: Clean up subscription after successful allocation
+               sub.removeAllListeners();
            });
            sub.on("error", (err) => {
                console.error("Alloc wait failed:", err);
+               // Optional: Clean up subscription after error
+               sub.removeAllListeners();
            });
+           
+           // Safety timeout to prevent memory leaks (adjust timeout as needed)
+           setTimeout(() => {
+               if (sub.listenerCount("ready") > 0 || sub.listenerCount("error") > 0) {
+                   console.log("Cleaning up stale allocation subscription");
+                   sub.removeAllListeners();
+               }
+           }, 60000);
infrastructure/evault-provisioner/README.md (3)

18-18: Use Markdown link syntax instead of bare URL.

For better rendering and to follow Markdown best practices, use link syntax instead of bare URLs.

-1. Install OrbStack: https://orbstack.dev/
+1. Install OrbStack: [https://orbstack.dev/](https://orbstack.dev/)
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

18-18: Bare URL used
null

(MD034, no-bare-urls)

90-92: Add language specifier to fenced code block.

For proper syntax highlighting, add a language specifier to the code block.

-```
+```http
GET /health
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

90-90: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

98-100: Add language specifier to fenced code block.

For proper syntax highlighting, add a language specifier to the code block.

-```
+```http
POST /provision
🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

98-98: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

infrastructure/evault-provisioner/src/templates/evault.nomad.ts (2)

56-58: Avoid hardcoding Neo4j version.

The Neo4j version is hardcoded, which can make updates more difficult and could lead to version discrepancies across environments.

                            Config: {
-                                image: "neo4j:5.15",
+                                image: "${NEO4J_IMAGE:-neo4j:5.15}",
                                ports: [],
                            },

This allows overriding the image via an environment variable while maintaining the default version. You'll need to add this to your README and pass it through from the provisioner when needed.

52-88: Consider adding persistent storage for Neo4j data.

The current Nomad job specification doesn't include any persistent storage configuration for Neo4j, which means all data will be lost if the container restarts.

For a production environment, consider adding a volume configuration to persist Neo4j data:

                        {
                            Name: "neo4j",
                            Driver: "docker",
                            Config: {
                                image: "neo4j:5.15",
                                ports: [],
+                               volumes: [
+                                   "local/data:/data",
+                                   "local/logs:/logs"
+                               ]
                            },

You'll also need to configure the Nomad job to create the necessary local volumes. This ensures data persistence across container restarts or job updates.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between abc2fb6 and cec8bfd.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (19)
  • docker/Dockerfile.evault (1 hunks)
  • docker/Dockerfile.evault-prod (1 hunks)
  • infrastructure/evault-core/package.json (1 hunks)
  • infrastructure/evault-core/src/evault.ts (1 hunks)
  • infrastructure/evault-core/tsconfig.json (1 hunks)
  • infrastructure/evault-provisioner/README.md (1 hunks)
  • infrastructure/evault-provisioner/package.json (1 hunks)
  • infrastructure/evault-provisioner/src/index.ts (1 hunks)
  • infrastructure/evault-provisioner/src/listeners/alloc.ts (1 hunks)
  • infrastructure/evault-provisioner/src/templates/evault.nomad.ts (1 hunks)
  • infrastructure/evault-provisioner/tsconfig.json (1 hunks)
  • infrastructure/w3id/src/utils/rand.ts (1 hunks)
  • platforms/registry/README.md (1 hunks)
  • platforms/registry/package.json (1 hunks)
  • platforms/registry/src/consul.ts (1 hunks)
  • platforms/registry/src/index.ts (1 hunks)
  • platforms/registry/src/jwt.ts (1 hunks)
  • platforms/registry/tsconfig.json (1 hunks)
  • pnpm-workspace.yaml (1 hunks)
🧰 Additional context used
🪛 GitHub Actions: Check Format
infrastructure/w3id/src/utils/rand.ts

[error] 9-15: Formatter would have printed different content. Prettier/Biome formatting check failed. Run the formatter to fix code style issues.

🪛 LanguageTool
platforms/registry/README.md

[grammar] ~12-~12: When ‘1-hour’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... using ES256 - The entropy is valid for 1 hour - Response format: { token: string } ...

(HOUR_HYPHEN)

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ... environment variables: - CONSUL_HOST: Consul server host (default: localhost)...

(UNLIKELY_OPENING_PUNCTUATION)

🪛 markdownlint-cli2 (0.17.2)
infrastructure/evault-provisioner/README.md

18-18: Bare URL used
null

(MD034, no-bare-urls)

90-90: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

98-98: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

143-143: Bare URL used
null

(MD034, no-bare-urls)

🪛 Biome (1.9.4)
infrastructure/evault-provisioner/src/index.ts

[error] 35-35: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

[error] 35-35: Don't use '{}' as a type.

Prefer explicitly define the object shape. '{}' means "any non-nullable value".

(lint/complexity/noBannedTypes)

🔇 Additional comments (16)
pnpm-workspace.yaml (1)

4-4: Workspace expanded to include platforms directory

This addition correctly extends the pnpm workspace configuration to include packages in the platforms/* directory, which is necessary for managing the new registry and evault provisioning services being introduced.

platforms/registry/README.md (2)

1-29: Clear documentation of service endpoints

The documentation clearly describes the registry service's purpose and its three main endpoints for entropy generation, JWK retrieval, and service discovery. It provides sufficient detail about expected inputs, outputs, and behaviors.

🧰 Tools
🪛 LanguageTool

[grammar] ~12-~12: When ‘1-hour’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... using ES256 - The entropy is valid for 1 hour - Response format: { token: string } ...

(HOUR_HYPHEN)

30-36: Comprehensive configuration documentation

The documentation clearly explains the available environment variables for configuration, including their default values, which helps users understand how to configure the service.

🧰 Tools
🪛 LanguageTool

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ... environment variables: - CONSUL_HOST: Consul server host (default: localhost)...

(UNLIKELY_OPENING_PUNCTUATION)

platforms/registry/src/consul.ts (2)

3-4: Environment variable configuration

Good use of environment variables with sensible defaults for configuration. This allows for flexibility in deployment environments.

17-28: Verify service response handling

The code assumes a specific structure for the Consul service response. Consider adding more robust checks:

    const services = response.data;
    if (services && services.length > 0) {
+      // Verify required fields exist
+      if (!services[0].ServiceAddress || !services[0].ServicePort) {
+        console.error('Service data is missing required fields:', services[0]);
+        return null;
+      }
      const address = `http://${services[0].ServiceAddress}:${services[0].ServicePort}`;

Also, consider using HTTPS instead of HTTP for service URLs if your services support it, especially for production environments.

platforms/registry/src/index.ts (3)

9-9: LGTM - Server initialization with logging is good practice

The Fastify server is properly initialized with logging enabled.

22-31: JWK endpoint looks correct

The JWK endpoint is properly implemented to expose the public key for JWT verification.

53-62: LGTM - Server startup handles errors appropriately

The server startup logic is well-implemented with proper error handling and process exit on failure.

infrastructure/evault-core/tsconfig.json (1)

3-4: Target & module settings look good
Updating the compilation target to ES2021 and module system to CommonJS aligns with the runtime environment for the compiled output.

docker/Dockerfile.evault (1)

22-22: Verify working directory path exists
You switch to /app/infrastructure/evault-core after copying from the deps stage. Ensure that the pruned output actually contains this nested path; otherwise, the subsequent CMD ["pnpm", "dev"] will fail.

infrastructure/evault-core/package.json (1)

10-10: Approve addition of start script
Adding "start": "node ./dist/evault.js" enables running the compiled service in production, aligning with the new multi-stage Dockerfile.

infrastructure/evault-provisioner/tsconfig.json (1)

1-17: Approve TypeScript configuration
The new tsconfig.json enforces strict type checking, generates source maps and declaration files, and correctly targets ES2020 with ESNext modules. The include/exclude patterns (src/**/*, node_modules, dist) are appropriate for this project.

infrastructure/evault-core/src/evault.ts (1)

35-39:

❓ Verification inconclusive

Great network binding update for containerized environments

The changes to listen on 0.0.0.0 instead of localhost and prioritizing NOMAD_PORT_http properly align the service for container orchestration with Nomad. The port number conversion is also a good practice.

When binding to all interfaces (0.0.0.0), ensure you have proper network policies or security groups in place to control access in production environments.

🏁 Script executed:

#!/bin/bash
# Check if there are any network security configurations in the repository
echo "Checking for network security configurations..."
rg -i "network|security|firewall|policy" --type md

Length of output: 1167

Great container-ready binding—please verify your network policies
The change to listen on 0.0.0.0 with Nomad’s NOMAD_PORT_http fallback ensures the service is reachable in container orchestration. Before merging, confirm that your production environment enforces the appropriate network controls:

  • Review the container networking setup in
    infrastructure/evault-provisioner/README.md (e.g. -bind=0.0.0.0, -network-interface=eth0, bridge network notes).
  • Ensure any required firewall rules, security groups or CNI policies are defined to restrict access to port 4000 (or your chosen port).
  • Verify that changes to infrastructure/eid-wallet/README.md or other security-related docs remain consistent with your deployment policies.

No code diffs required here; the snippet remains:

const port = process.env.NOMAD_PORT_http || process.env.PORT || 4000;
this.server.listen(Number(port), "0.0.0.0", () => {
  console.log(`GraphQL Server started on http://0.0.0.0:${port}`);
  console.log(`Voyager started on http://0.0.0.0:${port}`);
});
docker/Dockerfile.evault-prod (1)

1-15: Well-structured multi-stage build for deps

The first stage effectively uses caching and proper pruning strategy to minimize the image size.

infrastructure/evault-provisioner/src/index.ts (2)

39-41: Prioritize addressing the TODO comment for security.

The TODO comment indicates a security improvement is needed to verify both parts of the UUID. This is important for ensuring proper authentication and authorization.

Consider implementing this enhancement soon as it appears to be a security consideration. You may want to update your PR description to indicate this pending work.

1-7: 🛠️ Refactor suggestion

Missing TypeScript type for crypto module.

The code uses crypto.getRandomValues() in the templates module but there's no import for the crypto module here. While this works in browsers, in Node.js you typically need to import it.

Consider adding the crypto import if this is running in a Node.js environment:

import express, { Request, Response } from "express";
import axios, { AxiosError } from "axios";
import { generateNomadJob } from "./templates/evault.nomad.js";
import dotenv from "dotenv";
import { subscribeToAlloc } from "./listeners/alloc.js";
import { W3IDBuilder } from "w3id";
+import crypto from "crypto";

Likely an incorrect or invalid review comment.

platforms/registry/src/consul.ts
Comment on lines +6 to +33
export async function resolveService(w3id: string) {
try {
const response = await axios.get(
`http://${CONSUL_HOST}:${CONSUL_PORT}/v1/catalog/service/evault`,
{
params: {
filter: `ServiceMeta.whois=="${w3id}"`,
},
}
);

const services = response.data;
if (services && services.length > 0) {
const address = `http://${services[0].ServiceAddress}:${services[0].ServicePort}`;
return {
graphql: `${address}/graphql`,
voyager: `${address}/voyager`,
whois: `${address}/whois`,
logs: `${address}/logs`,
requestWatcherSignature: `${address}/request-signature`,
};
}
return null;
} catch (error) {
console.error("Error resolving service:", error);
throw error;
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Service resolution implementation

The resolveService function correctly implements service discovery via Consul, returning formatted service endpoints when a matching service is found.

However, there are several areas for improvement:

  1. The service name "evault" is hardcoded in the URL path, making this function less reusable:
-      `http://${CONSUL_HOST}:${CONSUL_PORT}/v1/catalog/service/evault`,
+      `http://${CONSUL_HOST}:${CONSUL_PORT}/v1/catalog/service/${process.env.SERVICE_NAME || "evault"}`,
  1. Consider more robust error handling with specific error types:
  } catch (error) {
    console.error("Error resolving service:", error);
-    throw error;
+    // Provide more context in the thrown error
+    throw new Error(`Failed to resolve service for w3id ${w3id}: ${error.message}`);
  }
  1. The function should validate inputs to prevent potential injection attacks:
export async function resolveService(w3id: string) {
+  if (!w3id || typeof w3id !== 'string') {
+    throw new Error('Invalid w3id parameter');
+  }
  try {
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
export async function resolveService(w3id: string) {
try {
const response = await axios.get(
`http://${CONSUL_HOST}:${CONSUL_PORT}/v1/catalog/service/evault`,
{
params: {
filter: `ServiceMeta.whois=="${w3id}"`,
},
}
);
const services = response.data;
if (services && services.length > 0) {
const address = `http://${services[0].ServiceAddress}:${services[0].ServicePort}`;
return {
graphql: `${address}/graphql`,
voyager: `${address}/voyager`,
whois: `${address}/whois`,
logs: `${address}/logs`,
requestWatcherSignature: `${address}/request-signature`,
};
}
return null;
} catch (error) {
console.error("Error resolving service:", error);
throw error;
}
}
export async function resolveService(w3id: string) {
if (!w3id || typeof w3id !== 'string') {
throw new Error('Invalid w3id parameter');
}
try {
const response = await axios.get(
`http://${CONSUL_HOST}:${CONSUL_PORT}/v1/catalog/service/${process.env.SERVICE_NAME || "evault"}`,
{
params: {
filter: `ServiceMeta.whois=="${w3id}"`,
},
}
);
const services = response.data;
if (services && services.length > 0) {
const address = `http://${services[0].ServiceAddress}:${services[0].ServicePort}`;
return {
graphql: `${address}/graphql`,
voyager: `${address}/voyager`,
whois: `${address}/whois`,
logs: `${address}/logs`,
requestWatcherSignature: `${address}/request-signature`,
};
}
return null;
} catch (error) {
console.error("Error resolving service:", error);
// Provide more context in the thrown error
throw new Error(`Failed to resolve service for w3id ${w3id}: ${error.message}`);
}
}

platforms/registry/package.json Outdated
Comment on lines +1 to +27
{
"name": "registry",
"version": "1.0.0",
"description": "Registry service for entropy and service discovery",
"main": "dist/index.js",
"scripts": {
"build": "tsc",
"start": "node dist/index.js",
"dev": "ts-node src/index.ts",
"test": "jest"
},
"dependencies": {
"@fastify/jwt": "^7.2.3",
"axios": "^1.6.7",
"dotenv": "^16.5.0",
"fastify": "^4.26.1",
"jose": "^5.2.2"
},
"devDependencies": {
"@types/jest": "^29.5.12",
"@types/node": "^20.11.19",
"jest": "^29.7.0",
"ts-jest": "^29.1.2",
"ts-node": "^10.9.2",
"typescript": "^5.3.3"
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

❓ Verification inconclusive

Package structure looks good, but test coverage may be incomplete

The package.json is well structured for a new registry service with appropriate dependencies and scripts. The use of Fastify, JWT libraries, and Consul integration aligns with the service's purpose.

While the test script is defined, I don't see test files in the review. Let's verify if tests exist:

🏁 Script executed:

#!/bin/bash
# Check if test files exist for the registry service
fd "\.test\.(ts|js)$" platforms/registry

Length of output: 42

🏁 Script executed:

#!/bin/bash
# Search for any test or spec files in the registry service directory
fd '\.(test|spec)\.(ts|js)$' platforms/registry

Length of output: 49

Add missing tests for the registry service

I ran searches for any .test.ts/js or .spec.ts/js files under platforms/registry and found none. To ensure your test script actually runs meaningful checks, please add Jest test files covering your service’s functionality (e.g., token validation, endpoint handlers, Consul integration).

• No test/spec files detected in platforms/registry.
• Create tests (e.g. platforms/registry/src/__tests__/index.test.ts) that exercise your core flows.
• Run npm test in CI to enforce coverage and catch regressions.

platforms/registry/src/jwt.ts Outdated
Comment on lines +1 to +6
import { importJWK, SignJWT, KeyLike, generateKeyPair, exportJWK } from "jose";

let privateKey: KeyLike;
let publicKey: KeyLike;
let jwk: any;

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve type safety for the JWK variable

The JWT module has appropriate imports but uses any for the JWK type, which could lead to type-related issues.

import { importJWK, SignJWT, KeyLike, generateKeyPair, exportJWK } from "jose";

let privateKey: KeyLike;
let publicKey: KeyLike;
-let jwk: any;
+// This variable doesn't appear to be used globally

Committable suggestion skipped: line range outside the PR's diff.

platforms/registry/src/jwt.ts Outdated
Comment on lines +36 to +45
// Generate 20 alphanumeric characters of entropy
function generateRandomEntropy(): string {
const chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
let result = "";
for (let i = 0; i < 20; i++) {
result += chars.charAt(Math.floor(Math.random() * chars.length));
}
return result;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider using a cryptographically secure random number generator

The entropy generation uses Math.random() which is not cryptographically secure. For a security-focused service, consider using the Node.js crypto module.

+import crypto from 'crypto';

// Generate 20 alphanumeric characters of entropy
function generateRandomEntropy(): string {
  const chars =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
  let result = "";
  for (let i = 0; i < 20; i++) {
-    result += chars.charAt(Math.floor(Math.random() * chars.length));
+    result += chars.charAt(crypto.randomInt(chars.length));
  }
  return result;
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Generate 20 alphanumeric characters of entropy
function generateRandomEntropy(): string {
const chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
let result = "";
for (let i = 0; i < 20; i++) {
result += chars.charAt(Math.floor(Math.random() * chars.length));
}
return result;
}
import crypto from 'crypto';
// Generate 20 alphanumeric characters of entropy
function generateRandomEntropy(): string {
const chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
let result = "";
for (let i = 0; i < 20; i++) {
result += chars.charAt(crypto.randomInt(chars.length));
}
return result;
}

platforms/registry/src/jwt.ts Outdated
Comment on lines +59 to +70
// Get the JWK for verification
export async function getJWK(): Promise<any> {
await initializeKeys();
const jwkString = process.env.REGISTRY_ENTROPY_KEY_JWK;
if (!jwkString) {
throw new Error(
"REGISTRY_ENTROPY_KEY_JWK environment variable is required"
);
}
const jwk = JSON.parse(jwkString);
return { keys: [{ ...jwk, d: undefined }] }; // Don't expose private key
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid redundant environment variable check

The getJWK function re-checks for the environment variable, but this is already checked in initializeKeys() which is called first.

export async function getJWK(): Promise<any> {
  await initializeKeys();
-  const jwkString = process.env.REGISTRY_ENTROPY_KEY_JWK;
-  if (!jwkString) {
-    throw new Error(
-      "REGISTRY_ENTROPY_KEY_JWK environment variable is required"
-    );
-  }
-  const jwk = JSON.parse(jwkString);
+  // initializeKeys already validates the environment variable
+  const jwk = JSON.parse(process.env.REGISTRY_ENTROPY_KEY_JWK!);
  return { keys: [{ ...jwk, d: undefined }] }; // Don't expose private key
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Get the JWK for verification
export async function getJWK(): Promise<any> {
await initializeKeys();
const jwkString = process.env.REGISTRY_ENTROPY_KEY_JWK;
if (!jwkString) {
throw new Error(
"REGISTRY_ENTROPY_KEY_JWK environment variable is required"
);
}
const jwk = JSON.parse(jwkString);
return { keys: [{ ...jwk, d: undefined }] }; // Don't expose private key
}
// Get the JWK for verification
export async function getJWK(): Promise<any> {
await initializeKeys();
// initializeKeys already validates the environment variable
const jwk = JSON.parse(process.env.REGISTRY_ENTROPY_KEY_JWK!);
return { keys: [{ ...jwk, d: undefined }] }; // Don't expose private key
}

infrastructure/evault-provisioner/src/index.ts Outdated
Comment on lines +56 to +59
const { data } = await axios.post(
"http://localhost:4646/v1/jobs",
jobJSON,
);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Use environment variables for Nomad server address.

The Nomad server URL is hardcoded, which limits flexibility and makes deployment across different environments more difficult.

+            const nomadAddr = process.env.NOMAD_ADDR || "http://localhost:4646";
             const { data } = await axios.post(
-                "http://localhost:4646/v1/jobs",
+                `${nomadAddr}/v1/jobs`,
                 jobJSON,
             );
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const { data } = await axios.post(
"http://localhost:4646/v1/jobs",
jobJSON,
);
const nomadAddr = process.env.NOMAD_ADDR || "http://localhost:4646";
const { data } = await axios.post(
`${nomadAddr}/v1/jobs`,
jobJSON,
);

infrastructure/evault-provisioner/README.md Outdated
Comment on lines +106 to +110
```json
{
"tenantId": "your-tenant-id"
}
```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Update API documentation to match code implementation.

The request body example shows tenantId but the actual implementation in the code uses w3id. This inconsistency could confuse API users.

{
-  "tenantId": "your-tenant-id"
+  "w3id": "your-w3id"
}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
```json
{
"tenantId": "your-tenant-id"
}
```

infrastructure/evault-provisioner/README.md Outdated
## Environment Variables

- `PORT` - Port to run the API on (default: 3000)
- `NOMAD_ADDR` - Nomad API address (default: http://localhost:4646)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Use Markdown link syntax and update for consistency with code.

Use link syntax for the URL and note that this environment variable isn't currently used in the code.

-NOMAD_ADDR` - Nomad API address (default: http://localhost:4646)
+NOMAD_ADDR` - Nomad API address (default: [http://localhost:4646](http://localhost:4646)) - *Note: Implementation pending*

This environment variable is documented but not yet implemented in the code. Make sure to update the code to use this variable as shown in a previous comment.

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 markdownlint-cli2 (0.17.2)

143-143: Bare URL used
null

(MD034, no-bare-urls)

infrastructure/evault-provisioner/src/templates/evault.nomad.ts Outdated
Comment on lines +1 to +15
export function generatePassword(length = 16): string {
const chars =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
let result = "";
const charsLength = chars.length;
const randomValues = new Uint32Array(length);

crypto.getRandomValues(randomValues);

for (let i = 0; i < length; i++) {
result += chars.charAt(randomValues[i] % charsLength);
}

return result;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add missing crypto import for Node.js environment.

The function uses crypto.getRandomValues() but doesn't import the crypto module, which is required in Node.js.

+import crypto from "crypto";
+
 export function generatePassword(length = 16): string {
     const chars =
         "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
     let result = "";
     const charsLength = chars.length;
     const randomValues = new Uint32Array(length);
 
     crypto.getRandomValues(randomValues);

Note: If running in Node.js, you'll need to use the crypto module differently as getRandomValues isn't available in the same way as in browsers. Consider this alternative implementation:

import crypto from "crypto";

export function generatePassword(length = 16): string {
    const chars =
        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    let result = "";
    const charsLength = chars.length;
    
    for (let i = 0; i < length; i++) {
        result += chars.charAt(crypto.randomInt(0, charsLength));
    }
    
    return result;
}

infrastructure/evault-provisioner/src/templates/evault.nomad.ts Outdated
Comment on lines +73 to +75
image: "merulauvo/evault:latest",
ports: ["http"],
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid using 'latest' tag for production deployments.

Using the 'latest' tag can lead to unexpected behavior if the image is updated, as it may introduce breaking changes without warning.

                            Config: {
-                                image: "merulauvo/evault:latest",
+                                image: "${EVAULT_IMAGE:-merulauvo/evault:1.0.0}",
                                ports: ["http"],
                            },

Consider using a specific version tag and making it configurable through an environment variable. You'll need to add this to your README and update your deployment scripts to pass this variable.

@coodos coodos merged commit 3c664a0 into main Apr 20, 2025
5 checks passed
@coodos coodos deleted the feat/registry-and-evault-provisioning branch April 20, 2025 20:34
@nsergey82 nsergey82 mentioned this pull request Apr 21, 2025
Open
@coderabbitai coderabbitai bot mentioned this pull request Jun 2, 2025
Merged
6 tasks
coodos added a commit that referenced this pull request Jul 7, 2025
@coodos
Feat/registry and evault provisioning (#106)
021b63d 
* feat: evault provisioning

* chore: fianlly fixed provisioner

* feat: add logic for metadata in consul

* feat: registry

* chore: format
coodos added a commit that referenced this pull request Jul 7, 2025
@coodos @sosweetham
@grv-saini-20 @Bekiboo @ananyayaya129 @nsergey82 @JulienAuvo @coderabbitai @Sahil2004
Feat/w3ds adapters (#250)
dfd92b5 
* initial commit

* chore: add w3id readme (#3)

* chore: add w3id readme

* chore: bold text

* chore: better formatting

* docs: add w3id details

* chore: format

* chore: add links

* fix: id spec considerations addressal (#8)

* fix: id spec considerations addressal

* fix: identity -> indentifier

* chore: expand on trust list based recovery

* chore: expand on AKA

---------

Co-authored-by: Merul Dhiman <[email protected]>

* Docs/eid wallet (#10)

* chore: add eid-wallet folder

* chore: add eid wallet docs

* feat: add (#9)

* feat(w3id): basic setup (#11)

* feat(w3id): basic setup

* fix(root): add infrastructure workspaces

* update: lock file

* feat(eidw): setup tauri (#40)

* Feat/setup daisyui (#46)

* feat: setup-daisyui

* fix: index file

* feat: colors added

* feat: Archivo font added

* fix: postcss added

* fix: +layout.svelte file added

* fix: packages

* fix: fully migrating to tailwind v4

* feat: add Archivo font

* feat: add danger colors

* feat: twmerge and clsx added

* feat: shadcn function added

---------

Co-authored-by: Bekiboo <[email protected]>
Co-authored-by: Julien <[email protected]>

* feat: add storybook (#45)

* feat: add storybook

* update: lockfile

* feat: created connection button (#48)

* created connection button

* added restprops to parent class

* added onClick btn and storybook

* fix: make font work in storybook (#54)

* Feat/header (#55)

* feat: add icons lib

* fix: make font work in storybook

* feat: Header

* feat: runtime global added, icon library created, icons added, type file added

* feat: header props added

* fix: remove icons and type file as we are using lib for icons

* fix: heading style

* fix: color and icons, git merge branch 51, 54

* fix: color

* fix: header-styling

* fix: classes

* chore: handlers added

* chore: handlers added

* fix: added heading

---------

Co-authored-by: Soham Jaiswal <[email protected]>

* Alternative w3id diagram (#52)

* Feat/cupertino pane (#49)

* feat: Drawer

* feat: Drawer and added a function for clickoutside in utils

* fix: classes

* fix: drawer button position

* fix: style and clickoutside

* fix: pane height

* fix: border-radius

* fix: drawer as bulletin

* fix: styling

* fix: component with inbuilt features

* fix: remove redundant code

* fix: remove redundant code

* fix: cancel button

* fix: css in storybook

* fix: position

* fix: height of pane

* fix: remove redundant code

* feat: add button action component (#47)

* feat: add button action component

* fix: add correct weights to Archivo fontt

* feat: add base button

* fix: set prop classes last

* feat: improve loading state

* chore: cleanup

* feat: add button action component

* fix: add correct weights to Archivo fontt

* feat: add base button

* fix: set prop classes last

* feat: improve loading state

* chore: cleanup

* chore: add documentation

* fix: configure Storybook

* chore: storybook gunk removal

* feat: enhance ButtonAction component with type prop and better error handling

---------

Co-authored-by: JulienAuvo <[email protected]>

* Feat/splash screen (#63)

* feat: SplashScreen

* fix: remove redundant code

* fix: as per given suggestion

* fix: font-size

* fix: logo

* feat: input-pin (#56)

* feat: input-pin

* fix: styling as per our design

* fix: added small variant

* fix: hide pin on select

* fix: gap between pins

* fix: color of focus state

* fix: removed legacy code and also fix some css to tailwind css

* fix: css

* fix: optional props

* feat: added color variants

* Feat/improve button component (#60)

* feat: add white variant

* feat: add small variant

* chore: update doc and story for button

* chore: rename cb into callback

* update: improve small size

* update: modify loading style

* fix: return getAbsolutePath function to storybook (#58)

Co-authored-by: Bekiboo <[email protected]>

* feat: add selector component (#59)

* feat: add selector component

* feat: improve selector + add flag-icon lib

* feat: improve selector + doc

* feat: add utility function to get language with country name

* feat: test page for language selectors

* chore: add Selector Story

* chore: clean test page

* fix: types

* fix: normalize custom tailwind colors (#71)

* feat: workflows (#64)

* feat: workflows

* fix: node version

* fix: use pnpm 10

* fix: check message

* Fix/codebase linting (#73)

* fix: Check Lint / lint

* fix: Check Lint / lint

* fix: Check Lint / lint

* fix: Check Lint / lint

* fix: Check Code / lint

* fix: Check Format / lint

* fix: Check Code / lint

* fix: Check Format / lint

* fix: Check Code / lint

* fix: Check Format / lint

* fix: Check Code / lint

* fix: Check Code / lint

* fix: Check Format / lint

* fix: unknown property warning

* fix: unknown property warning

* chore: improve args type

* settings nav button :) (#75)

* setting bav button all done :)

* lint fixski

* added component to index.ts

* Feat/#32 identity card fragment (#74)

* identity card

* identity card

* lint fixski

* lint fixski

* lint fixski

* fixed the font weight

* added component to index.ts

* changed span to buttton

* feat: add icon button component (#68)

* feat: add icon button component

* feat: finish up buttonIcon + stories

* fix: update with new color naming

* feat: polish button icon (and button action too)

* chore: format lint

* chore: sort imports

* chore: format, not sure why

* Feat/onboarding flow (#67)

* feat: onboarding-page

* fix: line height and added handlers

* fix: button variant

* fix: text-decoration

* fix: subtext

* fix: underline

* fix: padding and button spacing

* fix: according to design update

* feat: Drawer

* feat: verify-pae

* fix: verify-page styling

* feat: drawer for both confirm pin and add bio metrics added

* feat: modal added in fragments

* fix: icons and flow

* feat: Identifier Card

* fix: copy to clipboard

* feat: e-passport page

* fix: error state

* fix: colors

* fix: lint error

* fix: lint

* feat: Typography

* fix: typograpy

* fix: as per given suggestion

* fix: font-sizing

* fix: identity card implementation

* fix: spacing

* fix: padding

* fix: padding and spacing

* fix: splashscreen

* fix: error state

* fix: styling to avoid

* fix:typo

* Fix/remove daisyui (#82)

* refactoring: remove DaisyUI + refactor some tailwind classes and logic

* refactoring: remove DaisyUI + refactor some tailwind classes and logic

* feat: add Button.Nav (#77)

* feat: add Button.Nav

* chore: format

* chore: sort imports

* update: remove unused snippet and add missing props

* feat: stick to fragment definition

* update: documentation

* fix: stories

* chore: sort imports

* Feat/splashscreen animation (#81)

* feat: add animation to splashScreen

* feat: implement data loading logic with splash screen delay

* chore: sort import

* update: use ButtonIcon is IdentityCard (#78)

* update: use ButtonIcon is IdentityCard

* feat: refactor ButtonIcon to be used anywhere in the app

* chore: format indent

* chore: remove useless change

* feat: setup safe area (#80)

* feat: setup safe area

* chore: simplify implementation

* chore: format

* Feat/uuidv5 generation (#61)

* feat: setup uuidv5

* chore: add test for deterministic UUID

* feat: add Hero fragment (#88)

* feat: add Hero fragment

* chore: sort imports + add doc

* feat: add storage specification abstract class (#92)

* feat: add storage specification abstract class

* chore: format and ignore lint

* chore: change format checker on w3id

* feat: settings-flow (#86)

* feat: settings-flow

* feat: settings and language page

* feat
: history page

* feat: change pin page

* fix: height of selector

* fix: pin change page

* fix: size of input pin

* fix: spacing of pins

* feat: AppNav fragment

* fix: height of page

* fix: padding

* fix: remove redundant code

* feat: privacy page

* chore: add doc

* fix: error state

* feat: remove redundant code

* chore: used app nav component

---------

Co-authored-by: JulienAuvo <[email protected]>

* feat: AppNav fragment (#90)

* feat: AppNav fragment

* chore: add doc

* feat: Main page flow (#93)

* feat: create root page + layout

* feat: complete main page flow beta

* chore: fix ts block

* chore: sort imports

* feat: integrate-flows (#94)

* feat: intigrate-flows

* fix: spacing in e-passport page

* fix: page connectivity

* feat: app page transitions

* fix: z index

* fix: pages

* fix: view transition effect on splashscreen

* fix: drawer pill and cancel button removed

* fix: share button removed when onboarding

* fix: remove share and view button when on onboarding flow

* fix: remove view button

* fix: ci checks

* fix: transitions

* fix: transititon according to direction

* fix: lint error

* fix: loop holes

* Feat/w3id log generation (#98)

* chore: create basic log generation mechanism

* chore: add hashing utility function

* chore: rotation event

* feat: genesis entry

* feat: generalize hash function

* feat: append entry

* chore: basic tests

* chore: add tests for rotation

* feat: add malform throws

* chore: add the right errors

* chore: fix CI stuff

* chore: add missing file

* chore: fix event type enum

* chore: format

* feat: add proper error

* chore: format

* chore: remove eventtypes enum

* chore: add new error for bad options

* chore: add options tests

* feat: add codec tests

* fix: err handling && jsdoc

* fix: run format

* fix: remove unused import

* fix: improve default error messages

* fix: move redundant logic to function

* fix: run format

* fix: type shadow

* fix: useless conversion/cast

* fix: run format

---------

Co-authored-by: Soham Jaiswal <[email protected]>

* Feat/core id creation logic (#99)

* feat: create w3id builder

* fix: w3id builder

* feat: add global config var for w3id

* chore: add docs

* chore: change rand to crng

* chore: add ts type again

* chore: fix lint and format

* chore: add w3id tests github workflow

* Feat/evault core (#100)

* feat: migrate neo4j

* chore: envelope logic works

* chore: envelope logic works

* feat: parsed envelopes search

* feat: generics

* feat: protocol

* feat: jwt sigs in w3id

* chore: stuff works

* chore: tests for evault core

* chore: format

* chore: fix test

* Feat/docker compose and docs (#101)

* chore: stash dockerfile progress

* fix: getEnvelopesByOntology thing

* chore: fix tests

* Update infrastructure/evault-core/src/protocol/vault-access-guard.ts

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: remove unused import

* chore: remove package

* chore: fix pnpm lock

* chore: fix workflow

* chore: fix port in dockerfile

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Feat/registry and evault provisioning (#106)

* feat: evault provisioning

* chore: fianlly fixed provisioner

* feat: add logic for metadata in consul

* feat: registry

* chore: format

* Feat/watchers logs (#114)

* feat: alloc according to entropy and namespace

* chore: move exports

* chore: docs

* feat: `whois` endpoint

* feat: watcher endpoints

* chore: fix format and lint

* chore: fix tests

* feat: web3 adapter (#115)

* feat: tauri plugins setup (#97)

* feat: tauri plugins setup

* fix: add editorconfig

* fix: add missing biome json

* fix: run formatter

* feat: biometry homework

* feat: add pin set logic

* feat: add biometric enabling logic

* fix: sec controller qol

* feat: stub user controller

* fix: run format && lint

* fix: sort imports

* fix: import statement sort

* feat: user controller

* feat: pin flow

* feat: biometrics unavailable

* fix: pin input not working

* feat: make checks pass

* fix: scan works

* fix: actions

* feat: format on save

* fix: coderabbit suggestions

* chore: run format lint check

* fix: scan on decline too

* feat: documentation links (#117)

* feat: bad namespace test (#116)

* fix: layouts (#119)

* fix: layouts

* fix: Onboarding page scroll fixed

* fix: page layout and prevent from scroll in all devices

* fix: pages layout

* chore: try to fix emulator

* fix: units

* fix: safezones for ios

* fix: styling

---------

Co-authored-by: Soham Jaiswal <[email protected]>

* feat: setup-metagram (#121)

* feat: setup-metagram

* chore: tailwind css worked

* feat: fonts added

* feat: typography

* fix: removed stories and fixed setup for icons lib

* feat: icons and story file

* fix: type of args in story

* fix: lint errors

* feat: colors added

* feat: Button

* fix: format and lint

* fix: colors

* fix: spinner

* fix: code rebbit suggestions

* fix: code rebbit suggestions

* fix: paraglide removed

* fix: lock file

* feat: added user avatar. (#130)

* feat: Button (#129)

* feat: Button

* fix: colors of variants

* feat: Input (#131)

* feat: Input

* feat: styling added

* fix: styling

* fix: styling

* fix: added a new story

* fix: focus states

* fix: input states

* Feat/settings navigation button (#140)

* feat: settings-navigation-button

* fix: handler added

* chore: another variant added

* fix: as per given suggestion

* feat: BottomNav (#132)

* feat: BottomNav

* fix: icons

* feat: profile icons created

* feat: handler added

* feat: handler added

* fix: correct tags

* fix: as per given suggestion, bottomnav moved to fragments and also implemented on page

* fix: handler

* chore: routes added

* feat: app transitions added

* fix: direction of transition

* fix: transition css

* fix: directionable transition

* fix: used button instead of label, and used page from state

* feat: added post fragment. (#137)

* feat: FileInput (#150)

* feat: FileInput

* fix: added icon

* feat: cancel upload

* fix: remove redundant code

* fix: usage docs added and as per requirements
'

* fix: moved to framents

* feat: Toggle Switch (#143)

* feat: Toggle Switch

* feat: Toggle Switch

* fix: as per our design

* fix: as per our design

* feat: Label (#146)

* feat: Select (#148)

* feat: Select

* fix: as per our design

* fix: code format and as per svelte 5

* fix: font-size

* fix: font-size

* fix: icon

* feat: message-input (#144)

* feat: message-input

* fix: classes merge and a files as a prop

* feat: variant added

* feat: icon replaced

* fix: as per code rabbit suggestions

* fix: icon

* fix: input file button

* fix: as per suggestion

* fix: classes

* fix: no need of error and disabled classes

* fix: input

* feat: invalid inputs

* feat: add number input storybook

---------

Co-authored-by: Soham Jaiswal <[email protected]>

* feat:Drawer (#152)

* feat:Drawer

* feat: Drawer with clickoutside

* fix: settings

* Feat/metagram header (#133)

* feat: added metagram header primary linear gradient.

* feat: added flash icon.

* feat: added secondary state of header.

* feat: added secondary state of header with menu.

* chore: cleaned some code.

* docs: updated component docs.

---------

Co-authored-by: SoSweetHam <[email protected]>

* Feat/metagram message (#135)

* feat: added metagram message component.

* feat: added both states of message component.

* docs: added usage docs.

* chore: exposed component from ui.

* fix: component -> fragement

---------

Co-authored-by: SoSweetHam <[email protected]>

* feat: modal (#154)

* fix: styling of modal

* fix: modal props

* fix: conflicting styles

* fix: styles of drawer

* fix: hide scrollbar in drawer

* fix: padding

* fix: used native method for dismissing of drawer

* feat: Context-Menu (#156)

* feat: Context-Menu

* fix: name of component

* fix: as per suggestion

* fix: action menu position

* fix: class

* feat: responsive-setup (#157)

* feat: responsive-setup

* fix: background color

* fix: added font fmaily

* feat: responsive setup for mobile and desktop (#159)

* feat: responsive setup for mobile and desktop

* fix: width of sidebar and rightaside

* fix: responsive layout

* feat: SideBar

* fix: added some finishing touches to sidebar and button

* fix: prevent pages transition on desktop

* fix: icon center

* feat: settings page and icon added

* feat/layout-enhancement (#168)

* feat/infinite-scroll (#170)

* feat/infinite-scroll

* fix: aspect ratio of post

* fix: bottom nav background

* settings page (#169)

* settings page layout done

* settings page layout done

* formt fix

* format fix

* format fix

* routing for settings page fixed

* settings page buttons

* merge conflict

* settings page tertiary pages

* settings pages all done

* settings pages unnecessary page deleted

* requested changes done

* requested changes done

* Feat/comments pane (#171)

* feat/comments-pane

* fix: overflow and drawer swipe

* feat: Comment fragment

* fix: comments added

* fix: comment fragment

* feat: Comments reply

* fix: message input position

* fix: post type shifted to types file

* fix: one level deep only

* fix: drawer should only be render on mobile

* fix: comments on layout page

* fix: format

* feat: messages (#174)

* feat: messages

* feat: ChatMessae

* feat: messages by id

* fix: messages page

* fix: icon name

* fix: hide bottom nav for chat

* fix: header

* fix: message bubble

* fix: message bubble

* fix: message bubble

* fix: as per suggestion

* fix: messaging

* chore: change from nomad to k8s (#179)

* chore: change from nomad to k8s

* Update infrastructure/eid-wallet/src/routes/+layout.svelte

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* feat: uri extraction

* feat: regitry stuff

* feat: registry using local db

* 📝 Add docstrings to `feat/switch-to-k8s` (#181)

Docstrings generation was requested by @coodos.

* #179 (comment)

The following files were modified:

* `infrastructure/evault-provisioner/src/templates/evault.nomad.ts`

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* chore: format

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* fix: make scan qr page work again (#185)

* feat: Discover Page (#180)

* refactor/Post (#186)

* refactor/Post

* fix: format and lint

* fix: added dots for gallery

* fix: added dots for gallery

* fix: added dots for gallery

* fix: plural name

* feat: splash-screen (#187)

* Feat/evault provisioning via phone (#188)

* feat: eid wallet basic ui for verification

* chore: evault provisioning

* feat: working wallet with provisioning

* feat: restrict people on dupes

* 📝 Add docstrings to `feat/evault-provisioning-via-phone` (#189)

Docstrings generation was requested by @coodos.

* #188 (comment)

The following files were modified:

* `infrastructure/eid-wallet/src/lib/utils/capitalize.ts`
* `infrastructure/evault-provisioner/src/utils/hmac.ts`

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* feat: added uploaded post view component. (#182)

* feat: added uploaded post view component.

* fix: fixed the outline and color.

* fix: moved function to external definition.

* fix: fixed the restProps.

* profile page (#178)

* basic layout for profile page

* fixed alt text

* merge conflict

* profile page for other users implemented

* fix: profile pages and logics

* fixed all the pages of profile

* fixed all the pages of profile

* fix: format

---------

Co-authored-by: gourav <[email protected]>

* Feat/radio input (#176)

* feat: added a radio button custom

* docs: added name option in docs.

* chore: cleaned the unnecessary classes and variables for input type radio.

* fix: moved input radio to its own component.

* fix: keydown events added.

* feat: added settings tile component. (#184)

* feat: added settings tile component.

* chore: fixed the naming convention

* chore: renamed callback to onclick

* fix: fixed the use of restProps

* fix: fixed the unnecessary onclick expose.

* fix: fixed the join function params.

* Feat/textarea (#194)

* chore: removed redundant radio

* feat: added textarea.

* fix: tabindex

* fix: removed type inconsitency.

* Feat/mobile upload flow (#193)

* fix: header logic in secondary

* fix: fixed the text in header in post

* feat: trying some hack to get file image input.

* feat: added image input on clicking the post bottom nav

* chore: got rid of non-required code.

* feat: added the logic to get the images from user on clicking post tab.

* feat: added store.

* feat: added correct conversion of files.

* feat: added the correct display of image when uploading.

* feat: added settings tile to the post page and fixed the settingsTile component type of currentStatus

* feat: added hte correct header for the audience page.

* fix: fixed the page transition not happening to audience page.

* feat: added audience setting

* feat: added store to audience.

* chore: removed console log

* feat: added post button.

* feat: correct button placement

* fix: horizontal scroll

* fix: positioning of the post button.

* fix: protecting post route when no image is selected.

* fix: improved type saftey

* feat: added memory helper function

* feat: added memory cleanup.

* Feat/social media platforms (#195)

* chore: this part works now wooohooo

* chore: stash progress

* chore: stash progress

* chore: init message data models

* feat: different socials

* chore: blabsy ready for redesign

* Feat/social media platforms (#196)

* chore: this part works now wooohooo

* chore: stash progress

* chore: stash progress

* chore: init message data models

* feat: different socials

* chore: blabsy ready for redesign

* chore: add other socials

* Feat/blabsy add clone (#198)

* chore: clone twitter

* feat: custom auth with firebase using w3ds

* chore: add chat

* feat: chat works with sync

* feat: twittex

* feat: global schemas

* feat: blabsy adapter

* refactor: shift some text messages to work on blabsy (#199)

* chore: stash progress

* chore: stash adapters

* chore: stash working extractor

* feat: adapter working properly for translating to global with globalIDs

* feat: adapter toGlobal pristine

* chore: stash

* feat: adapter working

* chore: stash until global translation from pictique

* feat: bi-directional sync prestino

* feat: bidir adapters

* chore: login redir

* chore: swap out for sqlite3

* chore: swap out for sqlite3

* chore: server conf

* feat: messages one way

* feat: ready to deploy

* feat: ready to deploy

* chore: auth thing pictique

* chore: set adapter to node

* chore: fix auth token thingy

* chore: auth thing

* chore: fix auth token thingy

* chore: port for blabsy

* feat: provision stuff

* feat: provision

* feat: provision

* feat: provision

* chore: fix sync

* feat: temporary id thing

* chore: android

* chore: fix mapper sync

* chore: fallback

* feat: add error handling on stores

* feat: fix issue with posts

* chore: fix retry loop

* Fix/author details (#229)

* fix: author-details

* fix: owner-details

* fix: author avatar

* fix: auth user avatar

* fix: error handling

* fix: author image in bottom nav

---------

Co-authored-by: Merul Dhiman <[email protected]>

* Fix/change name (#228)

* fix: corrected the name to blabsy

* fix: extra shit comming.

* fix: fixed the alignment of the display in more to look more like current twitter.

* fix: avatars (#226)

* fix: avatars

* fix: avatar in follow request page

* fix: images uploaded shown in user profile

* fix: button size

* fix: avatar

---------

Co-authored-by: Merul Dhiman <[email protected]>

* chore: temp fix sync

* chore: stash progress

* Fix/post context menu (#231)

* fix: post-context-menu

* fix: user id with post

* fix: removed redundant code

* fix: images

* fix: profile data

* fix: profile data

* fix: image cover

* fix: logout

* Fix/wallet text (#234)

* changed text as per the request and fixed styling on pages with useless scroll

* added settings button in main page which went missing somehow

* fix: consistent padding

* chore: change tags

* feat: change icon

* feat: webhook dynamic registry

* feat: make camera permission work properlyh

* chore: removed all locking mechanism thing from platforms

* feat: synchronization works perfectly

* feat: fixed everything up

* feat: changes

* chore: stats fix

* chore: fix pictique visual issues

* chore: fix cosmetic name issue

* feat: fix sync issue

* chore: fix logical issue here

* chore: add qrcode ename

* feat: add packages (#235)

* feat: add packages

* feat: add sample funcs + docs

* fixed the filled color on like icon for liked post (#239)

* feat: fake passport name

* feat: double confirmation

* chore: fix pictique login issue

* fix: make no user case redir to login

* fix: issues with wallet

---------

Co-authored-by: Soham Jaiswal <[email protected]>
Co-authored-by: SoSweetHam <[email protected]>
Co-authored-by: Gourav Saini <[email protected]>
Co-authored-by: Bekiboo <[email protected]>
Co-authored-by: Julien <[email protected]>
Co-authored-by: Ananya Rana <[email protected]>
Co-authored-by: Sergey <[email protected]>
Co-authored-by: Julien Connault <[email protected]>
Co-authored-by: Ananya Rana <[email protected]>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Sahil Garg <[email protected]>
Co-authored-by: Sahil Garg <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[feature] Registry: Create basic ID dereferencable registry
1 participant
@coodos