fix: proof controller

[GHkrishna]

What

• fix proof controller types

Summary by CodeRabbit

• New Features

  • Activated authenticated DIDComm proof REST endpoints: list/get proofs, propose/request proofs, accept proposals/requests, accept presentations, and retrieve proof format form data.
  • Out-of-band proof request creation now returns DIDComm-style invitations.

• Enhancements

  • Proof APIs now use explicit DIDComm proof format typing and improved payload schemas.

• Documentation

  • OpenAPI docs updated with full DIDComm proof models and endpoints.

Breaking

• for body of endpoint '/:proofRecordId/accept-proposal', the key proofRecordId has been updated to proofExchangeRecordId
• The endpoint /:proofRecordId/accept-proposal is changed to /accept-proposal
  Note: This is because proofRecordId is not being used in the API. An equivalent key is instead accepted in body.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR reactivates and registers a DIDComm ProofController with TSOA decorators, migrates proof operations to request.agent.modules.didcomm.*, updates proof-related types (e.g., proofRecordId → proofExchangeRecordId), and adds nine authenticated /didcomm/proofs endpoints and OpenAPI schemas.

Changes

Cohort / File(s)	Summary
Proof Controller Reactivation src/controllers/didcomm/proofs/ProofController.ts	Re-enabled and exported the controller with TSOA/DI decorators; replaced module calls to use request.agent.modules.didcomm.*; updated record generic types to DIDComm variants; adjusted OOB invitation, DID creation, credential selection, and accept payload shapes.
Type Additions & Updates src/controllers/types.ts	Added strong-typed proof format tuple and switched several proofFormats properties to DidCommProofFormatPayload<ProofFormats,...>; added protocolVersion to proposal options; renamed proofRecordId → proofExchangeRecordId in accept proposal type.
Route Registration & OpenAPI src/routes/routes.ts, src/routes/swagger.json	Registered /didcomm/proofs controller and nine endpoints; extended TSOA route models and OpenAPI schemas with DIDComm proof exchange, payloads, format helpers, and presentation preview/non-revocation structures.

Sequence Diagram

sequenceDiagram
    autonumber
    participant Client as Client
    participant Controller as ProofController
    participant Module as DIDComm Module
    participant Agent as Agent

    Client->>Controller: POST /didcomm/proofs/request-proof
    Controller->>Module: requestProof(request, options)
    Module->>Agent: perform DIDComm proof flow / create exchange
    Agent-->>Module: returns DidCommProofExchangeRecord
    Module-->>Controller: returns exchange record
    Controller-->>Client: 200 Created (exchange record)

    Client->>Controller: POST /didcomm/proofs/{id}/accept-request
    Controller->>Module: selectCredentialsForRequest({proofExchangeRecordId})
    Module->>Agent: query credentials & accept request
    Agent-->>Module: updated exchange record
    Module-->>Controller: updated record
    Controller-->>Client: 200 Updated (accept confirmation)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix: credential controller #359: Parallel DIDComm controller migration — similar namespace updates to request.agent.modules.didcomm.* and exchange identifier renames.
• Fix/oid4vc verification flow changes #340: Related introduction of @credo-ts/didcomm types and switching usage to DIDComm module calls.

Suggested labels

bug

Suggested reviewers

• RinkalBhojani
• shitrerohit

Poem

🐰 I nudged the controller, gave it a hop,
DIDComm pathways hummed — I did not stop.
Nine endpoints sprouted, tidy and neat,
Proofs hop through tunnels, credentials meet.
🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'fix: proof controller' is vague and generic, using only a file name without describing what aspect of the proof controller was fixed or what the main changes accomplish.	Use a more descriptive title that indicates the primary change, such as 'reactivate and update ProofController to use DIDComm namespaces' or 'add DIDComm proof API with reactivated controller'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/verification-controller

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[GHkrishna]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[sairanjit]

LGTM

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/controllers/types.ts (1)

265-272: ⚠️ Potential issue | 🔴 Critical

Regenerate routes.ts to reflect the renamed property.

The property in AcceptProofProposal has been renamed from proofRecordId to proofExchangeRecordId (line 266), but the auto-generated src/routes/routes.ts still uses the old property name (line 2092). This mismatch will cause proofExchangeRecordId to be undefined at runtime when clients send requests validated against the stale schema.

Run the TSOA route generation command (e.g., npx tsoa routes) to synchronize the auto-generated routes with the updated interface.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/controllers/types.ts` around lines 265 - 272, The generated routes are
out of sync with the AcceptProofProposal interface: the property was renamed
from proofRecordId to proofExchangeRecordId but routes.ts still expects
proofRecordId, causing undefined values at runtime; regenerate the TSOA routes
so the schema matches the updated interface (run the TSOA route generation,
e.g., npx tsoa routes), verify routes.ts now references
AcceptProofProposal.proofExchangeRecordId instead of proofRecordId, and commit
the updated routes file.

🧹 Nitpick comments (1)

src/routes/routes.ts (1)

2076-2081: Prefer explicit proof format DTOs over any for request validation.

At Line 2080, Line 2093, Line 2107, and Line 2121, using dataType: "any" disables schema validation for core payloads and pushes failures deeper into controller/service logic.

♻️ Suggested schema hardening

- "proofFormats": {"dataType":"any","required":true},
+ "proofFormats": {"ref":"DidCommProofFormats","required":true},

Apply the same change pattern across all proof request DTOs, then regenerate routes from typed controller contracts.

Also applies to: 2089-2094, 2102-2108, 2117-2122

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/routes.ts` around lines 2076 - 2081, The schema uses dataType:
"any" for the proofFormats payload in the RequestProofProposalOptions (and the
other proof request DTOs noted), which disables validation; replace each
"proofFormats": {"dataType":"any","required":true} with a reference to a new
explicit DTO schema (e.g., "ProofFormats", "PresentationProofFormats" or
similar) that enumerates the allowed structure, create those schema definitions
in the same routes/schema block, update the referenced names in
RequestProofProposalOptions and the other DTOs (the other occurrences you
flagged) and then regenerate the routes from the typed controller contracts so
the updated schema is enforced at validation time.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/controllers/didcomm/proofs/ProofController.ts`:
- Around line 194-203: The response currently blanks out invitationDid when
createRequestOptions?.invitationDid is truthy, losing the actual DID; in
ProofController (around the return that builds
invitationUrl/invitation/outOfBandRecord) change the assignment for
invitationDid so it returns the real invitationDid value (the local variable
invitationDid or value from outOfBandRecord) instead of ''. Ensure the ternary
or conditional uses invitationDid when createRequestOptions?.invitationDid is
present so the response accurately reflects which DID was used to create the
invitation.
- Around line 221-239: The endpoint acceptRequest currently ignores the client's
filter flags; forward body.filterByPresentationPreview and
body.filterByNonRevocationRequirements into the call to
request.agent.modules.didcomm.proofs.selectCredentialsForRequest (the call that
builds requestedCredentials) so the selection honors those options, and ensure
the same symbols (proofExchangeRecordId, filterByPresentationPreview,
filterByNonRevocationRequirements) are passed in the options object;
alternatively remove those fields from the request body if you choose not to
support them.
- Around line 104-108: The acceptProposal endpoint declares a path param
'/:proofRecordId' but the acceptProposal method omits `@Path`('proofRecordId') and
never validates it, allowing mismatched IDs; fix by adding a
`@Path`('proofRecordId') proofRecordId: string parameter to the method (matching
how acceptRequest and acceptPresentation do it), verify it equals
acceptProposal.proofExchangeRecordId (throw 400 if mismatch), and pass the
validated proofRecordId or the acceptProposal payload to
request.agent.modules.didcomm.proofs.acceptProposal so the route and OpenAPI
spec are consistent.
- Around line 78-83: The controller currently forces protocolVersion: 'v1' when
calling request.agent.modules.didcomm.proofs.proposeProof in the proposeProof
method, which blocks v2-only proof formats; update the endpoint to either accept
protocolVersion from the RequestProofProposalOptions payload (add
protocolVersion to the RequestProofProposalOptions type and pass it through to
proposeProof) or validate that the incoming proofFormats are v1-compatible
before hardcoding 'v1' (e.g., check proofFormats contents in proposeProof and
throw/return a clear error if non-v1 formats like anonCreds/DIF are present);
reference proposeProof, RequestProofProposalOptions, protocolVersion, and
proofFormats when implementing the change so callers can choose v1/v2 or the
controller enforces v1-only formats.

In `@src/routes/routes.ts`:
- Around line 2089-2093: The AcceptProofProposal contract currently allows the
proofRecordId to come from both the URL path (:proofRecordId) and the request
body (AcceptProofProposal.proofRecordId), creating a mismatch risk; fix by
making the path param the single source of truth: remove proofRecordId from the
AcceptProofProposal body schema/DTO, update the controller method
signature/decorator for the accept-proposal handler to accept proofRecordId via
`@Path` (or equivalent) and keep proofFormats in the body, then regenerate the
TSOA routes so the generated routes.ts uses only the path parameter for
proofRecordId.

---

Outside diff comments:
In `@src/controllers/types.ts`:
- Around line 265-272: The generated routes are out of sync with the
AcceptProofProposal interface: the property was renamed from proofRecordId to
proofExchangeRecordId but routes.ts still expects proofRecordId, causing
undefined values at runtime; regenerate the TSOA routes so the schema matches
the updated interface (run the TSOA route generation, e.g., npx tsoa routes),
verify routes.ts now references AcceptProofProposal.proofExchangeRecordId
instead of proofRecordId, and commit the updated routes file.

---

Nitpick comments:
In `@src/routes/routes.ts`:
- Around line 2076-2081: The schema uses dataType: "any" for the proofFormats
payload in the RequestProofProposalOptions (and the other proof request DTOs
noted), which disables validation; replace each "proofFormats":
{"dataType":"any","required":true} with a reference to a new explicit DTO schema
(e.g., "ProofFormats", "PresentationProofFormats" or similar) that enumerates
the allowed structure, create those schema definitions in the same routes/schema
block, update the referenced names in RequestProofProposalOptions and the other
DTOs (the other occurrences you flagged) and then regenerate the routes from the
typed controller contracts so the updated schema is enforced at validation time.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b44f2ae-1823-45cc-8aa4-d1a828296d95

📥 Commits

Reviewing files that changed from the base of the PR and between 1e8a458 and 9ba744c.

📒 Files selected for processing (4)

• src/controllers/didcomm/proofs/ProofController.ts
• src/controllers/types.ts
• src/routes/routes.ts
• src/routes/swagger.json

[sonarqubecloud]

Quality Gate failed

Failed conditions
7.3% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

[GHkrishna]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.