fix: credential controller

[GHkrishna]

What:

• Fix credential flow for issuance of credential for issuer did based on:
  • Indy
    • Indicio demonet
    • Indicio testnet
    • Bcovrin testnet
  • No ledger
    • Did key
    • Did web
  • Polygon

Breaking changes

1. /accept-proposal body key change from credentialRecordId to credentialExchangeRecordId
2. /accept-credential body key change from credentialRecordId to credentialExchangeRecordId
3. /accept-offer body key change from credentialRecordId to credentialExchangeRecordId
4. /accept-request body key change from credentialRecordId to credentialExchangeRecordId

Summary by CodeRabbit

• New Features

  • Activated credential management endpoints for exchanging, proposing, and accepting credentials.
  • Added configurable endpoint support in agent configuration.

• Bug Fixes

  • Improved DID web key handling and type declarations.
  • Enhanced JSON-LD document processing and module resolution.

• Chores

  • Updated Hyperledger dependency versions.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b115614-f7d9-4ac6-b8bd-c1b7ba61189b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR activates the DIDComm credential exchange controller with full REST endpoint routing, updates Hyperledger library dependency versions with caret ranges, modifies DID key handling from seed-based to private-key-based imports, and patches TypeScript declarations and JSON-LD canonization settings to support ES module exports and safe-mode configuration changes.

Changes

Cohort / File(s)	Summary
Dependency Updates package.json	Updated @hyperledger/anoncreds-nodejs and @hyperledger/indy-vdr-nodejs from fixed versions to caret ranges (^0.3.4 and ^0.2.3 respectively).
Module & Patch Configuration patches/@credo-ts+core+0.6.2+001+fix...patch, patches/@digitalcredentials+jsonld-signatures+12.0.1.patch	Fixed TypeScript declaration export for DocumentLoaderResult, adjusted dynamic import paths to include .js extensions, and disabled safe-mode in JSON-LD canonization operations (safe: false).
Runtime Initialization src/cliAgent.ts	Added anoncreds-nodejs import initialization, extended getModules and getWithTenantModules to accept and wire endpoints parameter into DidCommModule configuration.
DID Key Handling src/controllers/did/DidController.ts	Changed private key import from seed-based (transformSeedToPrivateJwk) to private-key-based (transformPrivateKeyToPrivateJwk), reordered verification key arguments, and added explicit key-to-KMS mapping in agent.dids.import call.
Credential Exchange Endpoints src/controllers/didcomm/credentials/CredentialController.ts, src/routes/routes.ts	Fully activated CredentialController with 12 HTTP endpoints (GET/POST operations for credential proposal, offer, acceptance flows), integrated DIDComm-specific record types and modules, and registered corresponding routes under /didcomm/credentials with authentication and validation middleware.
Type Definition Updates src/controllers/types.ts	Renamed credentialRecordId to credentialExchangeRecordId across four credential option interfaces (AcceptCredentialProposalOptions, AcceptCredential, CredentialOfferOptions, AcceptCredentialRequestOptions).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Fix/issuer verifier session type issues #337: Modifies src/cliAgent.ts module wiring and getModules construction patterns, directly overlapping with endpoint parameter changes in this PR.
• fix: did, schema and cred-def controller #350: Updates src/cliAgent.ts and src/controllers/did/DidController.ts with related module/key handling adjustments, affecting the same critical initialization and key import paths.
• Fix/oid4vc verification flow changes #340: Makes overlapping changes to src/cliAgent.ts and DIDComm controller wiring, touching the same module configuration areas and controller registration logic.

Suggested labels

bug

Suggested reviewers

• shitrerohit
• RinkalBhojani

Poem

🐰 A bundle of credentials now flows so free,
Through DIDComm endpoints, wild and spree!
Keys transform from seeds to private gold,
While patches patch and routes behold,
The agent dances with endpoints bright! 🎉

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix: credential controller' is vague and overly broad, failing to convey the specific nature of the credential flow fixes across multiple DID types and the breaking API changes introduced.	Consider a more descriptive title such as 'fix: support credential issuance for multiple DID types and standardize endpoint parameters' to better reflect the scope of changes including DID method support expansion and the breaking parameter renames.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/credential-controller

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[GHkrishna]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 8

🧹 Nitpick comments (1)

src/controllers/did/DidController.ts (1)

535-536: Fix formatting: remove semicolons per project style.

ESLint/Prettier flags these lines. The project appears to use a no-semicolon style.

🧹 Proposed formatting fix

-    let key;
-    let publicJwk;
+    let key
+    let publicJwk

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/controllers/did/DidController.ts` around lines 535 - 536, Remove trailing
semicolons from the standalone variable declarations in DidController.ts:
replace the lines declaring let key; and let publicJwk; with the project style
(no-semicolon) equivalents (i.e., declare the variables without a trailing
semicolon) so they conform to ESLint/Prettier rules.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/cliAgent.ts`:
- Line 304: The Prettier errors are due to missing trailing commas on multiline
parameter/argument lists—fix by adding trailing commas where a multi-line
parameter or argument list is broken across lines: add a trailing comma after
the "endpoints: string[]" parameter in the function/type declaration containing
that symbol, and similarly add trailing commas to the multiline
call/array/object arguments at the locations around the other failing symbols
(the call sites near lines 452 and 467). After adding the commas, run your
formatter/linter (e.g., yarn lint or prettier --write) to ensure all multiline
params/args conform to Prettier rules.

In `@src/controllers/did/DidController.ts`:
- Around line 561-572: The code in DidController uses
transformPrivateKeyToPrivateJwk with didOptions.seed (treating seed as a raw
private key), creating a semantic mismatch with the existing DidCreate API; fix
by either (A) changing the call to transformSeedToPrivateJwk and pass
didOptions.seed so seed semantics remain consistent, or (B) rename the
API/variable from seed → privateKey and keep transformPrivateKeyToPrivateJwk;
update usages of didOptions.seed and any related tests or validations
accordingly (see transformPrivateKeyToPrivateJwk, transformSeedToPrivateJwk,
didOptions.seed, and any callers constructing DidCreate).

In `@src/controllers/didcomm/credentials/CredentialController.ts`:
- Around line 230-240: The response currently clears a provided invitation DID
(invitationDid) by returning an empty string (in the object returned from
CredentialController) which loses the actual DID; update the return so
invitationDid is returned when present (i.e., invitationDid:
outOfBandOption?.invitationDid ? invitationDid : invitationDid) or simply
invitationDid: invitationDid, and if you need to mark whether it was supplied vs
generated add a separate boolean property (e.g., invitationDidSupplied:
Boolean(outOfBandOption?.invitationDid)) alongside the existing fields
(references: CredentialController, outOfBandRecord, outOfBandOption,
invitationDid, offerOob).
- Around line 191-199: The code uses routing.endpoints[0] without checking that
routing.endpoints is present and non-empty (in the flow that calls
request.agent.modules.didcomm.mediationRecipient.getRouting and then
createPeerDidDocumentFromServices), which can produce an invalid peer DID
service or a broken invitationUrl; update the logic around the getRouting result
to validate that routing.endpoints is an array with at least one entry and if
not, fail fast (throw or return a clear error) before calling
createPeerDidDocumentFromServices or building the invitationUrl; apply the same
guard to the other occurrence that also indexes endpoints[0] (the second block
around lines 230–233) so both code paths require a configured public DIDComm
endpoint.
- Around line 214-215: Update the DTO type for
CreateOfferOobOptions.protocolVersion from string to the literal union type used
by the service (CredentialProtocolVersionType, e.g. 'v1' | 'v2') so the request
boundary enforces allowed values; then remove the cast in CredentialController
where you call request.agent.modules.didcomm.credentials.createOffer (the
outOfBandOption.protocolVersion cast to CredentialProtocolVersionType) so you
pass the typed DTO value directly and rely on TSOA/OpenAPI validation to reject
unsupported protocolVersion values.

In `@src/routes/routes.ts`:
- Around line 1835-1849: The generated schema allows an empty credentialFormats
object; update the upstream type used to generate
"DidCommCredentialFormatPayload_CredentialFormatType-Array.createProposal_" so
that at least one of the nested props (indy, jsonld, anoncreds) is required (or
add a validator that enforces "at least one of indy|jsonld|anoncreds present")
and then re-run tsoa to regenerate the file; ensure the change is applied to the
ProposeCredentialOptions credentialFormats definition and the equivalent models
noted (the other occurrences around the referenced ranges).
- Around line 1796-1807: The JsonCredential schema currently restricts the
"@context" property to either string[] or JsonObject; update the "@context"
definition in the JsonCredential schema so arrays may contain mixed strings and
objects (i.e., make the array element type a union of string and JsonObject,
matching other W3C credential schemas), then regenerate the DTOs; locate the
"JsonCredential" schema and replace the "@context" entry to allow an array whose
items are "string | JsonObject" (or a union subSchema) instead of only string
array or JsonObject.
- Around line 1929-1945: Change CreateOfferOobOptions.protocolVersion from plain
string to the ProtocolVersion enum so the OOB flow uses the same validated type
as ProposeCredentialOptions and CreateOfferOptions; update the type in the
CreateOfferOobOptions definition (where protocolVersion is declared) to
ProtocolVersion and remove the downstream type cast (the as
CredentialProtocolVersionType<[]>) in the controller so callers cannot pass
arbitrary values and compile-time validation is restored.

---

Nitpick comments:
In `@src/controllers/did/DidController.ts`:
- Around line 535-536: Remove trailing semicolons from the standalone variable
declarations in DidController.ts: replace the lines declaring let key; and let
publicJwk; with the project style (no-semicolon) equivalents (i.e., declare the
variables without a trailing semicolon) so they conform to ESLint/Prettier
rules.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a9effcc9-47da-4dfe-8dd9-f284d28437f2

📥 Commits

Reviewing files that changed from the base of the PR and between 741465f and 5e53c0a.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (9)

• package.json
• patches/@credo-ts+core+0.6.2+001+fix: change version string type-import esm-export interface.patch
• patches/@digitalcredentials+jsonld-signatures+12.0.1.patch
• src/cliAgent.ts
• src/controllers/did/DidController.ts
• src/controllers/didcomm/credentials/CredentialController.ts
• src/controllers/types.ts
• src/routes/routes.ts
• src/routes/swagger.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Require at least one credential format.

These payload models make every format branch optional, so { "credentialFormats": {} } satisfies the generated schema for proposeCredential, createOffer, and the OOB offer path. That request has no credential payload and will only fail deeper in the stack. Please enforce at least one of indy, jsonld, or anoncreds in the upstream type and regenerate.

Also applies to: 1905-1916, 1924-1927

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/routes.ts` around lines 1835 - 1849, The generated schema allows
an empty credentialFormats object; update the upstream type used to generate
"DidCommCredentialFormatPayload_CredentialFormatType-Array.createProposal_" so
that at least one of the nested props (indy, jsonld, anoncreds) is required (or
add a validator that enforces "at least one of indy|jsonld|anoncreds present")
and then re-run tsoa to regenerate the file; ensure the change is applied to the
ProposeCredentialOptions credentialFormats definition and the equivalent models
noted (the other occurrences around the referenced ranges).

[sairanjit]

LGTM

[sonarqubecloud]

Quality Gate failed

Failed conditions
5.6% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud