feat: optional object datastore

[ankita-p17]

This is linked to the issue 1162 to support addition object storage in CREDEBL.

1. Created new storage service library which supports two providers
2. Implemented for minio and refactored for aws S3.

Other improvements -

1. Fixed lint issues in existing code - duplicate & unused common constants, unused imports.

Summary by CodeRabbit

• New Features
  • Added support for MinIO-based storage via a unified Storage Service.
  • Improved file uploads for CSV templates, bulk issuance, and organization logos.
• Bug Fixes
  • Fixed proof presentation retrieval when using threadId in URLs.
  • Improved consistency when reusing existing connection invitations.
  • Corrected base64 handling for organization logos.
• Chores
  • Migrated from AWS-specific storage to a provider-agnostic storage layer.
  • Updated branding and support details (Powered by text/URL, support email).
  • Refreshed environment variables for storage and configuration.

[sonarqubecloud]

Quality Gate passed

Issues
11 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[GHkrishna]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

Introduces a new storage abstraction (@credebl/storage) supporting MinIO and S3, replaces AwsService across apps, updates environment variables for storage and branding, removes libs/aws, adjusts several modules and services to use StorageService, changes connection invitation retrieval (first vs many), tweaks agent health endpoint, and refactors provisioning scripts.

Changes

Cohort / File(s)	Summary
Environment config .env.demo	Add MinIO and FILE_STORAGE_PROVIDER vars; rename buckets; remove SHORTENED_URL_DOMAIN; update POWERED_BY, POWERED_BY_URL, PUBLIC_PLATFORM_SUPPORT_EMAIL; enable VERIFIER_KEYCLOAK_MANAGEMENT_CLIENT_SECRET.
New Storage library libs/storage/package.json, libs/storage/src/index.ts, libs/storage/src/storage.module.ts, libs/storage/src/storage.service.ts, libs/storage/src/storage.service.spec.ts, libs/storage/src/storage.interface.ts, libs/storage/src/providers/minio.provider.ts, libs/storage/src/providers/s3.provider.ts, libs/storage/tsconfig*.json	Add pluggable storage module/service with S3 and MinIO providers, interfaces, tests, and build config; expose via index.
Remove AWS library libs/aws/src/aws.service.ts, libs/aws/src/aws.module.ts, libs/aws/src/index.ts	Remove AwsService, AwsModule, and re-exports.
Root config mapping package.json, tsconfig.json	Map @credebl/storage path/alias for TS and Jest.
API Gateway: switch to StorageService apps/api-gateway/src/issuance/issuance.controller.ts, .../issuance/issuance.module.ts, .../organization/organization.module.ts, .../user/user.controller.ts, .../user/user.module.ts, .../webhook/webhook.module.ts	Replace AwsService DI with StorageService and update upload calls; minor logging addition.
Issuance app apps/issuance/src/issuance.module.ts, apps/issuance/src/issuance.service.ts, apps/issuance/src/issuance.repository.ts	Swap AwsService→StorageService; update file get/upload logic; minor log formatting; repo message formatting only.
Organization app apps/organization/src/organization.module.ts, apps/organization/src/organization.service.ts	Replace AwsService with StorageService; rename upload method; use ORG_LOGO_BUCKET and CommonConstants.ENCODING; add logo constants; update call sites.
User app wiring cleanup apps/user/src/fido/fido.module.ts, apps/user/src/user.module.ts, apps/user/src/user.service.ts	Replace/remove AwsService providers and related DI; remove userDevicesRepository from constructor.
Utility app apps/utility/src/utilities.module.ts, apps/utility/src/utilities.service.ts	Import StorageModule; switch store/get/delete to StorageService; storeObject now returns URL string from storage provider.
Agent service apps/agent-service/src/agent-service.service.ts, apps/agent-service/src/repositories/agent-service.repository.ts	Update health endpoint constant; add type annotation for whereClause; add eslint-disable for transaction.
Connection service behavior apps/connection/src/connection.repository.ts, apps/connection/src/connection.service.ts	Change getInvitationDidByOrgId to return first (ordered) record instead of array; adjust service to use single legacyInvitationDid; minor formatting.
Agent provisioning apps/agent-provisioning/AFJ/scripts/fargate.sh, apps/agent-provisioning/src/agent-provisioning.service.ts	Major script overhaul: ALB/TG/security groups, dynamic ports, endpoints via ALB, task/service config changes, token extraction; service file string formatting only.
Cloud wallet apps/cloud-wallet/src/cloud-wallet.service.ts	Build URL with threadId as query param in template; formatting adjustments.
Ledger schema apps/ledger/src/schema/enum/schema.enum.ts, apps/ledger/src/schema/interfaces/schema-payload.interface.ts, apps/ledger/src/schema/repositories/schema.repository.ts	Formatting in enums/interfaces; remove unused import in repository.
Common constants libs/common/src/common.constant.ts	Remove PERMISSION_ROLE_MGMT; add ENCODING='base64'.
Validations (style) libs/validations/*	Whitespace/formatting fixes; add missing class brace in keyword.ts; no logic changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Client
  participant Module as Feature Module
  participant Service as StorageService
  participant Provider as Provider (S3/MinIO)
  note over Service,Provider: Provider selected via FILE_STORAGE_PROVIDER

  Client->>Module: Upload request (file/body)
  Module->>Service: uploadCsvFile / uploadFileToBucket
  Service->>Provider: uploadFile/storeObject
  Provider-->>Service: URL or ack
  Service-->>Module: URL/void
  Module-->>Client: Response

Loading

sequenceDiagram
  autonumber
  participant ConnSvc as ConnectionService
  participant Repo as ConnectionRepository
  Note over ConnSvc,Repo: Reuse connection flow

  ConnSvc->>Repo: getInvitationDidByOrgId(orgId)
  Repo-->>ConnSvc: first agent_invitations (ordered by createDateTime)
  alt IsReuseConnection
    ConnSvc->>ConnSvc: legacyInvitationDid = data.invitationDid
    ConnSvc-->>ConnSvc: Use legacyInvitationDid
  else New invitation
    ConnSvc->>ConnSvc: Proceed to create new invitation
  end

Loading

sequenceDiagram
  autonumber
  participant APIGW as API Gateway
  participant Agent as Agent Service
  Note over APIGW,Agent: Health check endpoint change

  APIGW->>Agent: GET /agent/get-endpoint (URL_AGENT_GET_ENDPOINT)
  Agent-->>APIGW: Health data

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Suggested labels

feature

Suggested reviewers

• RinkalBhojani
• GHkrishna

Poem

In burrows of bytes I stash and store,
MinIO moonlight, S3 at the door.
Buckets renamed, the streams now sing,
A carrot of keys on timestamped string. 🥕
Agents report, connections renew—
Thump-thump! New storage, sleek and true.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately captures the primary enhancement introduced by this PR, namely support for an optional object datastore feature. It is clear, concise, and directly related to the overall addition of a new storage service library with MinIO and AWS S3 providers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/optional-object-datastore

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

No docstrings were generated.

[coderabbitai]

Actionable comments posted: 13

🔭 Outside diff range comments (1)

libs/storage/src/storage.service.spec.ts (1)

1-19: 🛠️ Refactor suggestion

Test coverage is minimal and needs expansion.

While the basic test structure is correct, this test suite only verifies service instantiation. For a critical storage abstraction service, comprehensive tests should be added covering:

• File upload/download operations
• Provider switching between MinIO and S3
• Error handling scenarios
• Configuration validation
• Method parameter validation

Consider adding comprehensive test cases for the storage operations. Would you like me to help generate a more complete test suite for the StorageService?

🧹 Nitpick comments (9)

libs/validations/keyword.ts (1)

2-3: Avoid disabling the explicit-any lint rule
Rather than suppressing @typescript-eslint/no-explicit-any, define a more specific type for the context parameter and its return type to improve type safety.

Proposed diff:

-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  json(context): any {
+  json(context: unknown): Record<string, unknown> {
     return context || {};
   }

libs/validations/pattern.ts (1)

17-22: Refine regex validation error handling.

All exceptions from new RegExp(value) are caught here, which could mask unexpected errors. Consider narrowing the catch to only handle syntax errors for invalid patterns.

docker-compose.yml (1)

64-64: Indentation misalignment on - redis.
The - redis under issuance.depends_on is indented differently than the other list items, which may cause parsing issues.

Apply this diff to align indentation:

-      - redis
+        - redis

apps/api-gateway/src/issuance/issuance.controller.ts (1)

372-372: Add debug log in uploadCSVTemplate
A debug statement was added at the method entry. Consider if this should remain in production or be more descriptive.

libs/storage/src/storage.interface.ts (2)

1-7: Remove commented legacy code.

The commented-out interface definition should be removed to maintain code cleanliness and avoid confusion.

-// export interface IStorageProvider {
-//     uploadFile(buffer: Buffer, key: string, mimeType: string): Promise<string>;
-//     getFile(key: string): Promise<Buffer>;
-//     deleteFile(key: string): Promise<void>;
-//     // eslint-disable-next-line @typescript-eslint/no-explicit-any
-//     storeObject(key: string, body: any): Promise<string>;
-//   }
-

---

9-22: LGTM! Well-designed storage abstraction interface.

The interface design is excellent for a multi-provider storage system:

• Bucket parameter enables multi-tenant support
• Clear separation of concerns with dedicated methods
• Proper TypeScript typing with FileUploadOptions
• Consistent async/await pattern

Consider adding JSDoc documentation to describe the purpose and usage of each method for better developer experience.

libs/storage/src/storage.service.ts (1)

14-20: Remove redundant case clause.

The case 's3': is redundant since there's a default: clause that handles the same logic.

    switch (fileStorageProvider) {
      case 'minio':
        this.provider = new MinioProvider();
        break;
-      case 's3':
      default:
        this.provider = new S3Provider();
        break;
    }

🧰 Tools

🪛 Biome (1.9.4)

[error] 17-17: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

.env.demo (1)

63-67: MinIO configuration looks complete.

All necessary MinIO connection parameters are included. Consider adding validation for required MinIO environment variables in the application startup.

Would you like me to help create environment variable validation logic to ensure all required MinIO variables are present when FILE_STORAGE_PROVIDER=minio?

apps/organization/src/organization.service.ts (1)

1569-1570: Fix ESLint formatting issue

There's an ESLint error regarding linebreak before expression. Consider formatting the arrow function consistently:

-      const deleteUserRolesPromises = keycloakUserIds.map((keycloakUserId) =>
-        this.clientRegistrationService.deleteUserClientRoles(organizationDetails?.idpId, token, keycloakUserId)
+      const deleteUserRolesPromises = keycloakUserIds.map((keycloakUserId) => 
+        this.clientRegistrationService.deleteUserClientRoles(organizationDetails?.idpId, token, keycloakUserId)
       );

🧰 Tools

🪛 ESLint

[error] 1570-1570: Expected no linebreak before this expression.

(implicit-arrow-linebreak)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3696153 and 37ca3ce.

📒 Files selected for processing (52)

• .env.demo (3 hunks)
• apps/agent-service/src/agent-service.service.ts (7 hunks)
• apps/api-gateway/src/issuance/dtos/issuance.dto.ts (1 hunks)
• apps/api-gateway/src/issuance/issuance.controller.ts (4 hunks)
• apps/api-gateway/src/issuance/issuance.module.ts (2 hunks)
• apps/api-gateway/src/organization/organization.module.ts (2 hunks)
• apps/api-gateway/src/organization/organization.service.ts (2 hunks)
• apps/api-gateway/src/user/user.controller.ts (14 hunks)
• apps/api-gateway/src/user/user.module.ts (2 hunks)
• apps/api-gateway/src/webhook/webhook.module.ts (2 hunks)
• apps/connection/src/connection.repository.ts (2 hunks)
• apps/connection/src/connection.service.ts (7 hunks)
• apps/issuance/src/issuance.module.ts (2 hunks)
• apps/issuance/src/issuance.repository.ts (1 hunks)
• apps/issuance/src/issuance.service.ts (10 hunks)
• apps/ledger/src/schema/enum/schema.enum.ts (1 hunks)
• apps/ledger/src/schema/interfaces/schema-payload.interface.ts (1 hunks)
• apps/organization/src/organization.module.ts (2 hunks)
• apps/organization/src/organization.service.ts (44 hunks)
• apps/user/src/fido/fido.module.ts (3 hunks)
• apps/user/src/user.module.ts (1 hunks)
• apps/user/src/user.service.ts (30 hunks)
• apps/utility/src/utilities.module.ts (2 hunks)
• apps/utility/src/utilities.service.ts (1 hunks)
• apps/verification/src/verification.service.ts (7 hunks)
• docker-compose.yml (1 hunks)
• libs/aws/src/aws.service.ts (6 hunks)
• libs/common/src/common.constant.ts (9 hunks)
• libs/storage/package.json (1 hunks)
• libs/storage/src/index.ts (1 hunks)
• libs/storage/src/providers/minio.provider.ts (1 hunks)
• libs/storage/src/providers/s3.provider.ts (1 hunks)
• libs/storage/src/storage.interface.ts (1 hunks)
• libs/storage/src/storage.module.ts (1 hunks)
• libs/storage/src/storage.service.spec.ts (1 hunks)
• libs/storage/src/storage.service.ts (1 hunks)
• libs/storage/tsconfig.build.json (1 hunks)
• libs/storage/tsconfig.json (1 hunks)
• libs/validations/exclusiveMaximum.ts (1 hunks)
• libs/validations/exclusiveMinimum.ts (1 hunks)
• libs/validations/keyword.ts (1 hunks)
• libs/validations/maxItems.ts (1 hunks)
• libs/validations/maxLength.ts (1 hunks)
• libs/validations/maximum.ts (1 hunks)
• libs/validations/minItems.ts (1 hunks)
• libs/validations/minLength.ts (1 hunks)
• libs/validations/minimum.ts (1 hunks)
• libs/validations/multipleOf.ts (1 hunks)
• libs/validations/pattern.ts (1 hunks)
• libs/validations/stringKeyword.ts (1 hunks)
• package.json (1 hunks)
• tsconfig.json (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (17)

libs/validations/stringKeyword.ts (1)

libs/validations/keyword.ts (1)

• Keyword (1-6)

libs/validations/exclusiveMinimum.ts (3)

libs/validations/exclusiveMaximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minimum.ts (8)

libs/validations/exclusiveMaximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/exclusiveMinimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (2)

• value (10-12)
• value (14-20)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

libs/validations/multipleOf.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxItems.ts (3)

libs/validations/minItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (2)

• value (10-12)
• value (14-20)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (3)

libs/validations/exclusiveMaximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/exclusiveMinimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minItems.ts (3)

libs/validations/maxItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (2)

• value (10-12)
• value (14-20)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

apps/ledger/src/schema/interfaces/schema-payload.interface.ts (4)

apps/ledger/src/schema/interfaces/schema.interface.ts (1)

• IUserRequestInterface (5-18)

apps/connection/src/interfaces/connection.interfaces.ts (1)

• IUserRequestInterface (21-33)

apps/ledger/src/schema/schema.interface.ts (1)

• IAttributeValue (12-16)

apps/api-gateway/src/interfaces/ISchemaSearch.interface.ts (2)

• ISchemaSearchPayload (4-13)
• W3CSchemaPayload (16-20)

libs/validations/exclusiveMaximum.ts (3)

libs/validations/exclusiveMinimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/multipleOf.ts (8)

libs/validations/exclusiveMaximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/exclusiveMinimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (2)

• value (10-12)
• value (14-20)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/pattern.ts (8)

libs/validations/exclusiveMaximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/exclusiveMinimum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maximum.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (2)

• value (10-12)
• value (14-20)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

libs/validations/multipleOf.ts (2)

• value (11-13)
• value (15-21)

libs/validations/maxLength.ts (3)

libs/validations/maxItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minItems.ts (2)

• value (11-13)
• value (15-21)

libs/validations/minLength.ts (2)

• value (11-13)
• value (15-21)

apps/issuance/src/issuance.service.ts (1)

apps/issuance/interfaces/issuance.interfaces.ts (1)

• SchemaDetails (190-196)

libs/storage/src/providers/s3.provider.ts (1)

libs/storage/src/storage.interface.ts (2)

• IStorageProvider (14-22)
• FileUploadOptions (9-12)

apps/connection/src/connection.service.ts (1)

libs/common/src/response-messages/index.ts (1)

• ResponseMessages (1-492)

libs/storage/src/providers/minio.provider.ts (1)

libs/storage/src/storage.interface.ts (2)

• IStorageProvider (14-22)
• FileUploadOptions (9-12)

apps/connection/src/connection.repository.ts (3)

apps/connection/src/connection.service.ts (2)

• getConnectionRecords (101-110)
• deleteConnectionRecords (819-860)

apps/api-gateway/src/connection/connection.service.ts (1)

• deleteConnectionRecords (146-149)

apps/connection/src/connection.controller.ts (1)

• deleteConnectionRecords (100-103)

apps/organization/src/organization.service.ts (13)

apps/api-gateway/src/organization/organization.service.ts (1)

• Injectable (29-242)

apps/connection/src/connection.service.ts (1)

• Injectable (35-910)

libs/aws/src/aws.service.ts (1)

• Injectable (7-119)

apps/user/src/user.service.ts (2)

• Injectable (67-1199)
• invitations (821-844)

apps/organization/repositories/organization.repository.ts (3)

• Injectable (44-1194)
• getUser (427-439)
• deleteOrg (805-863)

libs/common/src/common.service.ts (1)

• Injectable (20-350)

libs/client-registration/src/client-registration.service.ts (1)

• Injectable (23-724)

apps/user/repositories/user.repository.ts (1)

• Injectable (30-818)

libs/user-org-roles/src/user-org-roles.service.ts (1)

• Injectable (6-78)

libs/org-roles/repositories/index.ts (1)

• Injectable (9-63)

libs/common/src/cast.helper.ts (1)

• toNumber (55-73)

apps/organization/interfaces/organization.interface.ts (2)

• ICreateConnectionUrl (31-41)
• IOrgRole (115-119)

libs/common/src/interfaces/interface.ts (1)

• IAccessTokenData (10-16)

🪛 Biome (1.9.4)

apps/api-gateway/src/issuance/dtos/issuance.dto.ts

[error] 18-18: Declarations inside of a import declaration may not have duplicates

a second declaration of IsUUID is not allowed

IsUUID is first declared here

(parse)

libs/storage/src/storage.service.ts

[error] 17-17: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

🪛 ESLint

apps/organization/src/organization.service.ts

[error] 1570-1570: Expected no linebreak before this expression.

(implicit-arrow-linebreak)

🔇 Additional comments (136)

libs/validations/minLength.ts (1)

4-4: Formatting cleanup only

Removed trailing whitespace in the private property declaration and getter return line. No functional changes introduced.

Also applies to: 12-12

libs/validations/multipleOf.ts (1)

4-4: Format alignment only
These edits remove trailing spaces and realign the getter/setter block to match the style of other NumberKeyword subclasses without impacting functionality.

Also applies to: 12-12, 17-20

libs/validations/minimum.ts (3)

4-4: Clean up trailing whitespace
Removed trailing spaces from the private _value declaration, aligning with lint rules and improving readability.

---

12-12: Trimmed trailing whitespace
Whitespace removed from the getter’s return statement; no behavioral change.

---

17-20: Removed superfluous trailing whitespace
Cleaned up formatting in the setter block (assignment and error throw); logic remains intact and consistent with sibling validation classes.

libs/validations/stringKeyword.ts (1)

3-3: No functional changes.

This is just a formatting adjustment (newline at end of file); no review required.

libs/validations/minItems.ts (3)

4-4: Clean up: remove trailing whitespace
The private field declaration now aligns with the rest of the codebase’s formatting.

---

11-13: Clean up: normalize getter formatting
The getter’s formatting adjustment is consistent with other validation classes and doesn’t affect behavior.

---

17-20: Clean up: normalize setter formatting
Whitespace removal around the setter’s assignment and error block matches the style of related validators without altering logic.

libs/validations/maxLength.ts (4)

4-4: Whitespace cleanup on private property declaration.

The removal of trailing spaces and consistent indentation aligns this declaration with other validation classes. No functional change.

---

11-11: Indentation adjustment in getter.

Aligns the getter’s body with the project’s formatting conventions. Behavior remains unchanged.

---

16-16: Indentation adjustment in setter assignment.

Improves readability by matching the conditional block style used elsewhere. No logic alteration.

---

18-18: Indentation adjustment in error throw statement.

Standardizes formatting of the throw line; error message remains the same.

libs/validations/exclusiveMinimum.ts (1)

4-4: Approve whitespace cleanup
Trailing whitespace has been removed from the private field declaration, getter return, and setter block. No functional logic was altered.

Also applies to: 12-12, 17-20

libs/validations/keyword.ts (1)

6-6: Class closure is correctly formatted
The closing brace for the Keyword class is properly aligned; no further formatting changes needed here.

libs/validations/maximum.ts (1)

4-4: No functional changes
These edits strictly remove trailing whitespace in the private field declaration, getter, setter assignment, and error throw lines. Logic and behavior remain identical to the other validation classes.

Also applies to: 12-12, 17-20

apps/ledger/src/schema/enum/schema.enum.ts (1)

2-8: Formatting adjustments approved.
Consistent 2-space indentation for enum members and cleanup of blank lines align with the project’s style guidelines. No functional changes.

Also applies to: 12-12

libs/validations/maxItems.ts (4)

4-4: Cleanup: remove trailing whitespace.
Whitespace after the _value declaration has been trimmed to align with the project’s formatting conventions. No functional change.

---

12-12: Cleanup: remove trailing whitespace.
Trailing spaces on the return this._value; line were removed, improving consistency and readability. No logic was altered.

---

17-17: Cleanup: remove trailing whitespace.
Whitespace after the assignment to _value has been cleared to maintain uniform formatting. No behavior change.

---

19-20: Cleanup: remove trailing whitespace.
Trailing spaces on the error throw statement and its closing brace have been removed for style consistency. No functional impact.

apps/ledger/src/schema/interfaces/schema-payload.interface.ts (15)

5-21: Stylistic update: Use semicolons for ISchema properties.
Converted trailing commas to semicolons on all properties in ISchema for consistent TypeScript interface formatting. No functional changes.

---

25-28: Stylistic update: Use semicolons for IAttributeValue properties.
Applied semicolons to each property in IAttributeValue to align with interface style guidelines. No behavior altered.

---

32-44: Stylistic update: Use semicolons for ISchemaPayload properties.
Replaced commas with semicolons across ISchemaPayload fields for consistent TypeScript styling. No changes to structure or types.

---

48-50: Stylistic update: Use semicolons for ISchemaSearchPayload properties.
Uniformly applied semicolons at the end of each property in ISchemaSearchPayload. Purely formatting.

---

54-63: Stylistic update: Use semicolons for ISchemaSearchCriteria properties.
Standardized punctuation by converting commas to semicolons in ISchemaSearchCriteria. No functional impact.

---

67-69: Stylistic update: Use semicolons for ISchemaCredDeffSearchInterface properties.
Added semicolons to interface properties for consistency. Behavior and naming unchanged.

---

73-74: Stylistic update: Use semicolons for ISchemaExist properties.
Ensured semicolon termination on each property of ISchemaExist. Formatting-only change.

---

78-82: Stylistic update: Use semicolons for SchemaPayload properties.
Converted property delimiters to semicolons for uniform interface styling. No logic adjustments.

---

85-88: Stylistic update: Format W3CSchemaAttributes interface consistently.
Added semicolons and adjusted braces spacing to match project conventions. Purely stylistic.

---

90-104: Stylistic update: Format ISchemaAttributesFormat interface consistently.
Uniform semicolon usage and spacing applied to ISchemaAttributesFormat properties. No behavior change.

---

106-109: Stylistic update: Use semicolons for W3CSchemaPayload properties.
Standardized semicolon termination on each field. Formatting-only.

---

112-114: Stylistic update: Use semicolons for W3CCreateSchema properties.
Adopted semicolons at line ends for W3CCreateSchema. No structural changes.

---

118-119: Stylistic update: Use semicolons for IdAttribute properties.
Added semicolons to properties in IdAttribute to follow interface style. Pure formatting.

---

123-133: Stylistic update: Use semicolons for ISaveSchema properties.
Replaced trailing commas with semicolons across ISaveSchema. No functional difference.

---

137-137: Stylistic update: Use semicolon for SaveSchemaPayload property.
Ensured the schemaDetails field ends with a semicolon. Formatting-only change.

libs/validations/pattern.ts (3)

4-4: Private field declaration is correct.

The private _value: string; aligns with other validation classes and ensures encapsulation.

---

11-13: Getter implementation is accurate.

The get value() accessor returns the validated _value as intended.

---

23-25: Type check for non-string input is consistent.

Throwing an error for non-string inputs matches the style and behavior of other validators in the library.

libs/validations/exclusiveMaximum.ts (3)

4-4: Cleaned up trailing whitespace; no functional change.

---

12-12: Removed trailing whitespace in getter; behavior unchanged.

---

17-20: Trimmed trailing whitespace in setter block; logic remains intact.

apps/user/src/user.service.ts (23)

36-42: New interface imports added and utilized.
The additional user-related interfaces (IUserInformation, IUsersProfile, IUserResetPassword, IUserDeletedActivity, UserKeycloakId, IEcosystemConfig, IUserForgotPassword) align with newly implemented methods.

---

80-80: Injected NATSClient alongside ClientProxy.
The new natsClient DI allows more concise NATS interactions in getOrgInvitations.

---

124-131: Updated call to sendEmailForVerification to include all required context parameters.
Ensures the method now receives email, verifyCode, redirectUrl, clientId, brandLogoUrl, and platformName.

---

180-187: Extended sendEmailForVerification signature.
Added brandLogoUrl and platformName parameters to support templating.

---

278-283: Introduced keycloakDetails initializer and unified token acquisition.
Pulled the management token retrieval outside of the passkey conditional for DRY.

---

294-303: Wrapped Keycloak user creation in try/catch in both branches.
Consistent error handling for createUser calls.

---

319-319: Unified updateUserDetails call after Keycloak registration.
Ensures the DB is updated regardless of flow (passkey vs. standard).

---

427-427: Consistent generateToken invocation in login fallback path.
Normalized the non-FIDO branch to mirror the FIDO logic.

---

437-448: Added nested try/catch inside refreshTokenDetails.
Decodes and validates the refresh token, throwing a BadRequestException on invalid input.

---

464-465: Updated JSDoc for forgotPassword.
Added @param and @returns annotations.

---

512-518: Extended sendEmailForResetPassword signature.
Supports new parameters brandLogoUrl, platformName, and endpoint.

---

570-572: Added expiration check for reset-password tokens.
Throws BadRequestException when token is missing or expired.

---

575-590: Encapsulated Keycloak reset/create logic in try/catch.
Ensures password reset flows handle both existing and new Keycloak users, updating the repository accordingly.

---

636-661: Refactored resetPassword to unify Keycloak and FIDO workflows.
Introduced error handling, token acquisition, and repository updates in a consolidated block.

---

680-719: Overhauled generateToken to support Keycloak and Supabase paths.
Distinct flows for keycloakUserId vs. Supabase authentication, including error mapping and response typing.

---

731-733: Applied dynamic ecosystem settings in getProfile.
Maps each setting key to a boolean based on stored values when ecosystem mode is enabled.

---

742-742: Added placeholder payload in _getEcosystemConfig.
Prepares for future expansions of the request payload.

---

863-864: Specified generic type for NATS send in getOrgInvitations.
Enhances type safety for the returned IUserInvitations.

---

834-836: Injected updated invitations list via updateOrgInvitations.
Transforms raw invitation data into enriched OrgInvitations objects.

---

913-919: Enforced maximum organization limit in acceptRejectInvitations.
Checks MAX_ORG_LIMIT from env and throws on excess.

---

928-934: Extracted _getTotalOrgCount helper.
Provides single-responsibility method for fetching organization count via NATS.

---

1044-1050: Initialized userVerificationDetails ahead of conditions.
Prepares the response object for the checkUserExist logic.

---

1064-1067: Defined default return for non-existent users.
Returns an object with isRegistrationCompleted=false and appropriate message.

libs/storage/tsconfig.json (1)

1-4: Added new tsconfig.json for @credebl/storage.
Extends the base config without modifications; ready for library compilation.

apps/api-gateway/src/webhook/webhook.module.ts (3)

8-8: Replaced AwsService import with generic StorageService.
Aligns with the new storage abstraction in @credebl/storage.

---

24-24: Updated providers array to include StorageService.
Removes AWS-specific provider in favor of generic storage.

---

26-26: Minor formatting change; no behavior impact.

libs/storage/src/index.ts (1)

1-2: Re-export barrel file is correct.
The module and service are properly re-exported to provide a single entry point for @credebl/storage.

apps/user/src/user.module.ts (1)

37-37: Imports array reformatted.
The imports have been split into separate lines for clarity and consistency with other modules.

Also applies to: 40-42, 45-45

apps/api-gateway/src/organization/organization.module.ts (2)

10-10: Switched to StorageService import.
Replacing the old AwsService import aligns with the new multi-provider storage abstraction.

---

27-27: Updated providers to include StorageService.
Ensure all constructors in controllers/services have been updated to inject StorageService instead of AwsService.

apps/api-gateway/src/user/user.module.ts (2)

9-9: Imported StorageService in place of AwsService.
This change correctly moves the module towards the new storage abstraction.

---

26-26: Registered StorageService as a provider.
Please verify that any existing references to AwsService in controllers or services have been fully replaced with StorageService.

apps/issuance/src/issuance.module.ts (2)

16-16: Import change looks correct for storage service migration.

The replacement of AwsService with StorageService from the new @credebl/storage package aligns with the PR's objective to introduce a unified storage abstraction.

---

61-61: Provider registration updated correctly for the new storage service.

The provider registration has been properly updated to use StorageService instead of AwsService, maintaining consistency with the import change.

apps/user/src/fido/fido.module.ts (3)

22-22: Import replacement is consistent with the storage migration.

The replacement of AwsService with StorageService from @credebl/storage is correctly implemented and aligns with the broader storage abstraction migration.

---

38-38: Minor formatting improvements enhance code readability.

The formatting adjustments to array brackets and class declaration spacing improve code consistency and readability.

Also applies to: 59-59, 61-61

---

41-41: Provider registration correctly updated for StorageService.

The provider array has been properly updated to include StorageService instead of AwsService, maintaining consistency with the import change.

libs/storage/tsconfig.build.json (1)

1-9: TypeScript build configuration follows best practices.

The configuration correctly:

• Extends the root TypeScript configuration
• Enables declaration file generation for library consumers
• Sets appropriate output directory structure
• Uses standard include/exclude patterns for library builds

This follows NestJS and TypeScript best practices for library package configuration.

apps/api-gateway/src/organization/organization.service.ts (1)

27-27: LGTM! Good improvement using constants over magic strings.

Replacing the hardcoded 'base64' string with CommonConstants.ENCODING improves maintainability and consistency across the codebase.

Also applies to: 239-239

libs/storage/src/storage.module.ts (1)

1-8: LGTM! Clean module implementation.

The StorageModule follows NestJS conventions properly, providing and exporting the StorageService for use across the application.

apps/organization/src/organization.module.ts (1)

21-21: LGTM! Proper migration to generic storage service.

The replacement of AwsService with StorageService aligns with the storage abstraction strategy and is correctly implemented in both import and provider registration.

Also applies to: 60-60

apps/issuance/src/issuance.repository.ts (1)

684-686: LGTM! Improved readability of error message construction.

The formatting change makes the template literal more readable while maintaining the same functionality.

tsconfig.json (1)

106-112: Add TypeScript path mappings for storage alias
The new @credebl/storage and @credebl/storage/* entries enable the compiler to resolve imports from the storage library correctly.

package.json (1)

190-192: Extend Jest moduleNameMapper for storage
Added a mapping for @credebl/storage so Jest can resolve the new storage library in tests.

apps/utility/src/utilities.module.ts (2)

10-10: Import StorageService directly
The StorageService is now pulled in from @credebl/storage to replace the former AwsService.

---

28-30: These lines adjust imported modules ordering/formatting without functional impact.

apps/api-gateway/src/issuance/issuance.controller.ts (4)

72-72: Import StorageService
Replaced AwsService import with StorageService to unify storage operations.

---

92-92: Inject StorageService in constructor
The new storageService is injected for use in upload methods.

---

378-378: Use StorageService.uploadCsvFile
Switched from AWS SDK to the unified storage abstraction for CSV uploads.

---

534-534: Use StorageService.uploadCsvFile in bulk issuance
Consistent refactor to use StorageService when handling file uploads in bulk issuance flows.

libs/storage/package.json (3)

9-13: Scripts for build lifecycle
The clean, compile, build, and test scripts correctly set up the library build process.

---

16-20: Dependencies declared properly
NestJS and AWS SDK dependencies are correctly specified for runtime.

---

22-24: Development dependencies are accurate
Dev dependencies support TypeScript compilation and file cleaning as expected.

apps/verification/src/verification.service.ts (2)

246-248: LGTM! Improved error logging formatting.

The multi-line formatting enhances readability while maintaining the same functionality.

---

810-815: LGTM! Better readability for complex URL construction.

The reformatted ternary operators across multiple lines significantly improve code readability, especially for complex conditional URL construction logic.

Also applies to: 824-827, 836-837, 846-849, 858-859, 868-871

apps/api-gateway/src/user/user.controller.ts (2)

50-50: LGTM! Successfully migrated to the new storage abstraction.

The migration from AwsService to StorageService aligns with the PR objectives to support multiple storage providers. The new @credebl/storage library provides a clean abstraction over different storage backends.

Also applies to: 64-65

---

311-319: LGTM! Improved error handling for UUID validation.

The explicit exceptionFactory provides clearer error messages for invalid UUID formats, enhancing the API's user experience.

apps/utility/src/utilities.service.ts (2)

4-4: LGTM! Successfully migrated to the new storage abstraction.

The migration to StorageService from @credebl/storage is consistent with the system-wide refactor to support multiple storage providers.

Also applies to: 12-12

---

51-61:

✅ Verification successful

Verify the simplified implementation aligns with the StorageService interface.

The implementation has been significantly simplified - now returning the string result directly instead of constructing a URL from an upload key. This suggests the new StorageService.storeObject() returns the final URL directly.

Please ensure this change is consistent with how other services use the storeObject method to avoid breaking existing functionality.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify StorageService.storeObject usage across the codebase
# Expected: All usages should expect a string return value

echo "=== Searching for StorageService.storeObject usage ==="
rg -A 3 -B 2 "storageService\.storeObject"

echo "=== Searching for storeObject method calls ==="
rg -A 3 -B 2 "\.storeObject\("

Length of output: 3206

---

Consistent URL return from StorageService.storeObject verified

I searched all usages of storeObject and confirmed:

• libs/storage/src/storage.service.ts returns a Promise<string> from the provider (the full URL).
• apps/utility/src/utilities.service.ts now correctly passes that URL through.
• Both controllers (apps/utility and apps/api-gateway) receive and return the URL string.

No mismatches found—this simplified implementation aligns with the existing interface and won’t break existing consumers.

apps/issuance/src/issuance.service.ts (3)

70-70: LGTM - Clean migration to StorageService.

The import and dependency injection changes properly migrate from AwsService to StorageService from the new storage abstraction layer.

Also applies to: 109-109

---

153-155: LGTM - Consistent method formatting.

The formatting improvements for getCredentialDefinitionDetails method calls enhance readability while maintaining the same functionality.

Also applies to: 335-337, 796-798

---

1337-1338:

✅ Verification successful

Verify the return value handling change.

The method call changed from awsService.getFile() to storageService.getFile() with different handling of the return value. Ensure that storageService.getFile() returns a Buffer that can be directly converted to string.

---

🏁 Script executed:

#!/bin/bash
# Verify that StorageService.getFile returns Buffer and the toString() call is correct
ast-grep --pattern $'async getFile($_): Promise<Buffer> {
  $$$
}'

Length of output: 67

---

🏁 Script executed:

#!/bin/bash
# Locate StorageService class definition in TypeScript files
rg -n 'class\s\+StorageService' -g '*.ts'

# Locate all getFile method definitions and usages with context
rg -n 'getFile' -g '*.ts' -A2

Length of output: 10393

---

Confirm Buffer return type of storageService.getFile

StorageService.getFile is defined to return a Promise<Buffer> (see libs/storage/src/storage.service.ts:54), so calling toString() on its result correctly yields a string. No changes required.

apps/connection/src/connection.repository.ts (3)

333-336: LGTM - Improved error message formatting.

The multiline string construction enhances readability while maintaining the same error message content.

Also applies to: 346-346

---

350-362: LGTM - Consistent Prisma query formatting.

The formatting changes improve readability while maintaining identical query logic and parameters.

Also applies to: 364-368, 370-370

---

378-393:

✅ Verification successful

Verify the behavioral change in getInvitationDidByOrgId.

The method signature and implementation changed significantly:

• Return type: Promise<agent_invitations[]> → Promise<agent_invitations>
• Query: findMany() → findFirst() with orderBy

This is a breaking change that affects all callers. Ensure this change is intentional and all consumers have been updated accordingly.

---

🏁 Script executed:

#!/bin/bash
# Search for all usages of getInvitationDidByOrgId to verify they handle the new return type
rg -A 5 "getInvitationDidByOrgId"

Length of output: 3633

---

No breaking change detected outside the Connection module

All callers of getInvitationDidByOrgId were scoped to their own repositories—only the Connection app’s repository was updated from findMany() → findFirst(), and its service signature was adjusted accordingly:

• Connection service now expects a single agent_invitations and uses .invitationDid directly.
• Verification and Issuance apps still use their own getInvitationDidByOrgId (returning arrays) and remain unaffected.

No further action needed.

libs/aws/src/aws.service.ts (4)

5-5: Good addition of CommonConstants import.

This supports the move away from hardcoded strings and improves maintainability.

---

34-40: Excellent refactoring to make the method more generic.

The method name change from uploadFileToS3Bucket to uploadFileToBucket and parameter name change from pathAWS to filePath makes this more provider-agnostic, aligning well with the new storage abstraction.

---

105-105: Good use of constants and updated environment variables.

The changes to use STORE_OBJECT_BUCKET environment variable and CommonConstants.ENCODING.toString() instead of hardcoded strings improve consistency and maintainability.

Also applies to: 108-108

---

65-65:

✅ Verification successful

Verify environment variable consistency across the codebase.

The environment variable changes from AWS_BUCKET to FILE_BUCKET support the new storage abstraction. Ensure all references to the old variable names have been updated consistently.

Also applies to: 79-79, 91-91

---

🏁 Script executed:

#!/bin/bash
# Description: Check for any remaining references to old AWS bucket environment variables
# Expected: No matches for old variable names

echo "Checking for old AWS bucket environment variables..."
rg -i "AWS_BUCKET(?!_)" --type ts --type js
rg -i "AWS_ORG_LOGO_BUCKET_NAME" --type ts --type js  
rg -i "AWS_S3_STOREOBJECT_BUCKET" --type ts --type js

Length of output: 496

---

Verify removal of legacy AWS bucket environment variables

The update replaces AWS_BUCKET with FILE_BUCKET in libs/aws/src/aws.service.ts (lines 65, 79, 91). We need to ensure no old variable names remain anywhere in the codebase.

Please re-run the following checks and confirm zero matches:

If any references to the above names are found, update them to use the new FILE_BUCKET abstraction.

---

🏁 Script executed:

#!/bin/bash
echo "Re-checking for old AWS bucket environment variables..."
rg -i --type ts --type js "AWS_BUCKET"
rg -i --type ts --type js "AWS_ORG_LOGO_BUCKET_NAME"
rg -i --type ts --type js "AWS_S3_STOREOBJECT_BUCKET"

Length of output: 266

---

No remaining references to legacy AWS bucket environment variables

All rg checks for AWS_BUCKET, AWS_ORG_LOGO_BUCKET_NAME, and AWS_S3_STOREOBJECT_BUCKET across .ts and .js files returned zero matches. The codebase consistently uses FILE_BUCKET.

.env.demo (2)

9-9: Good addition of storage provider configuration.

The FILE_STORAGE_PROVIDER=minio setting enables dynamic selection between storage providers in the new abstraction.

---

75-75: Excellent bucket name generalization.

The renaming from AWS-specific bucket names (AWS_BUCKET, AWS_ORG_LOGO_BUCKET_NAME, AWS_S3_STOREOBJECT_BUCKET) to generic names (FILE_BUCKET, ORG_LOGO_BUCKET, STORE_OBJECT_BUCKET) properly supports the multi-provider storage abstraction.

Also applies to: 83-83, 91-91

apps/connection/src/connection.service.ts (3)

24-28: Clean import statement formatting.

The multi-line import formatting improves readability.

---

678-680: Simplified invitation DID retrieval logic.

The change from fetching an array to directly fetching a single agent_invitations object and accessing its invitationDid property is more efficient and cleaner.

---

821-859: Improved code formatting and structure.

The reformatted deleteConnectionRecords method has better readability with consistent spacing and structure while maintaining the same functionality.

libs/storage/src/providers/minio.provider.ts (1)

27-36: Efficient stream-to-buffer conversion.

The implementation correctly handles the stream conversion to buffer using async iteration.

apps/organization/src/organization.service.ts (7)

31-42: LGTM: Import formatting improved

The multiline import formatting enhances readability without changing functionality.

---

47-47: LGTM: Storage service abstraction implemented correctly

The replacement of AWS-specific storage with the generic StorageService aligns with the PR objectives. The addition of image-related constants (IMG_EXT, ORG_LOGO_FOLDER, ORG_LOGO_PREFIX) and usage of CommonConstants follows best practices for maintainability.

Also applies to: 66-66, 69-71, 79-79, 85-85

---

481-498: LGTM: Storage upload method properly abstracted

The method successfully replaces AWS-specific upload with the generic storage service. Using CommonConstants.ENCODING instead of hardcoded 'base64' and the new image-related constants improves maintainability and consistency.

---

136-136: LGTM: Method calls updated consistently

The method calls are properly updated to use the new generic uploadFile() method name, maintaining consistency with the storage service abstraction.

Also applies to: 533-533

---

302-305: LGTM: Client registration method calls updated

The method calls to getManagementToken are properly updated to pass clientId and clientSecret as separate arguments, which aligns with the refactored client registration service API.

Also applies to: 371-374, 937-940

---

379-381: LGTM: Async/await patterns improved

The code shows better async/await patterns and improved Promise.all usage with array destructuring, enhancing readability and maintainability.

Also applies to: 411-415, 1374-1381

---

1542-1673: LGTM: Complex method refactoring improves reliability

The deleteOrganization and registerOrgsMapUsers methods show excellent improvements:

• Better error handling with Promise.allSettled
• Structured approach to parallel operations
• Improved logging and debugging information
• More maintainable code organization

These changes enhance the reliability and maintainability of critical organization management operations.

Also applies to: 1743-1841

🧰 Tools

🪛 ESLint

[error] 1570-1570: Expected no linebreak before this expression.

(implicit-arrow-linebreak)

libs/common/src/common.constant.ts (4)

35-36: LGTM: URL constants consolidated and clarified

The consolidation of wallet-related URL constants and addition of clarifying comments improves the maintainability of the constants file.

Also applies to: 120-120, 135-136

---

258-258: LGTM: ESLint disable comments appropriately added

The ESLint disable comments for duplicate enum values are properly added where the duplicates are semantically meaningful (e.g., different role types with the same numeric value).

Also applies to: 261-261, 265-265, 267-267, 273-273, 276-276, 281-281, 284-284, 298-298, 301-301, 313-313, 316-316

---

291-295: LGTM: New constants improve maintainability

The addition of platform admin constants, microservice names, cache configurations, and especially the ENCODING = 'base64' constant significantly improves code maintainability by replacing hardcoded values throughout the application.

Also applies to: 333-333, 336-347, 356-376, 377-381

---

440-440: LGTM: Export formatting consistency maintained

The export statement formatting for DISALLOWED_EMAIL_DOMAIN maintains consistency with other exports in the file.

apps/agent-service/src/agent-service.service.ts (7)

95-95: LGTM: Proper dependency injection.

The addition of NATSClient dependency follows the established pattern and aligns with the messaging infrastructure improvements.

---

820-836: LGTM: Improved validation flow.

The reordering of ledger validation logic improves the method flow by:

• Moving validation earlier in the process
• Properly handling the case where network is not provided
• Ensuring ledger existence before proceeding with tenant creation

This is a good refactoring that enhances code clarity and error handling.

---

673-754: Excellent refactoring with improved reliability and observability.

This refactoring significantly improves the deleteWallet method:

Improvements:

• Parallel execution with Promise.allSettled for better performance
• Comprehensive error handling for each async operation
• Prisma transactions ensure data consistency and rollback on failure
• Enhanced logging with detailed deletion tracking
• Schema archiving integration for proper cleanup

Code Quality:

• Proper handling of promise settlement states
• Atomic operations within transaction boundaries
• Clear separation of concerns with dedicated logging function

This is a robust implementation that handles edge cases and provides better reliability.

🧰 Tools

🪛 Biome (1.9.4)

[error] 685-685: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 720-720: The catch clause that only rethrows the original error is useless.

An unnecessary catch clause can be confusing.
Unsafe fix: Remove the try/catch clause.

(lint/complexity/noUselessCatch)

---

756-778: LGTM: Well-implemented schema archiving method.

The new _updateIsSchemaArchivedFlag method follows established patterns:

• Consistent NATS messaging pattern
• Proper error handling with HTTP exception mapping
• Clear method signature and return type
• Appropriate logging for debugging

This integrates well with the wallet deletion workflow.

---

931-931: LGTM: Consistent use of injected NATS client.

The change to use the injected natsClient instead of direct proxy access:

• Maintains consistency with the constructor dependency injection
• Improves testability and follows dependency inversion principles
• Preserves the existing method signature and error handling

This is a good refactoring that aligns with modern dependency injection patterns.

---

1959-1959: LGTM: Formatting change.

This is just a formatting adjustment with no functional impact.

---

319-319:

✅ Verification successful

Verify the new URL constant is correctly defined.

The change from deprecated URL_AGENT_STATUS to URL_AGENT_GET_ENDPOINT looks appropriate for agent health checks. Please ensure the new constant exists in CommonConstants and points to the correct endpoint.

Also applies to: 549-549

---

🏁 Script executed:

#!/bin/bash
# Description: Verify the new URL constant exists and check for the old deprecated constant.

# Check if the new constant exists
echo "Checking for URL_AGENT_GET_ENDPOINT in CommonConstants:"
rg "URL_AGENT_GET_ENDPOINT" --type ts

# Check if the old constant still exists (should be removed if deprecated)
echo -e "\nChecking for deprecated URL_AGENT_STATUS:"
rg "URL_AGENT_STATUS" --type ts

Length of output: 983

---

✅ URL constant verified and approved

• Confirmed URL_AGENT_GET_ENDPOINT is defined in libs/common/src/common.constant.ts.
• Verified URL_AGENT_STATUS has been removed from the codebase.
• All HTTP GET calls now correctly reference the new constant.

[coderabbitai]

⚠️ Potential issue

Incorrect entry points for published package
The main and types fields point to source (src/index) instead of compiled output. Update to "main": "dist/index.js" and "types": "dist/index.d.ts".

🤖 Prompt for AI Agents

In libs/storage/package.json at lines 3 to 4, the "main" and "types" fields
incorrectly point to source files under "src/index". Update these fields to
point to the compiled output files by setting "main" to "dist/index.js" and
"types" to "dist/index.d.ts" to ensure the published package references the
correct entry points.

[coderabbitai]

🛠️ Refactor suggestion

Add environment variable validation.

The constructor uses process.env.FILE_STORAGE_PROVIDER without validation, which could lead to unexpected behavior.

  constructor() {
    const fileStorageProvider = process.env.FILE_STORAGE_PROVIDER;
+    if (!fileStorageProvider) {
+      this.logger?.warn('FILE_STORAGE_PROVIDER not set, defaulting to S3');
+    }
+    
    switch (fileStorageProvider) {
      case 'minio':
        this.provider = new MinioProvider();
        break;
      default:
        this.provider = new S3Provider();
        break;
    }
  }

🧰 Tools

🪛 Biome (1.9.4)

[error] 17-17: Useless case clause.

because the default clause is present:

Unsafe fix: Remove the useless case.

(lint/complexity/noUselessSwitchCase)

🤖 Prompt for AI Agents

In libs/storage/src/storage.service.ts around lines 11 to 22, the constructor
uses process.env.FILE_STORAGE_PROVIDER without validating its value, which can
cause unexpected behavior. Add validation to check if FILE_STORAGE_PROVIDER is
set and if its value is one of the expected options ('minio' or 's3'). If the
value is invalid or missing, throw an error or set a default provider explicitly
to avoid silent failures.

[coderabbitai]

🛠️ Refactor suggestion

Avoid hardcoded MIME type.

The uploadFileToBucket method hardcodes 'image/png' as the MIME type, but the method accepts any file type based on the ext parameter.

  async uploadFileToBucket(
    fileBuffer: Buffer,
    ext: string,
    filename: string,
    bucketName: string,
    encoding: string,
    filePath = ''
  ): Promise<string> {
    const timestamp = Date.now();
    const key = `${filePath}/${encodeURIComponent(filename)}-${timestamp}.${ext}`;
+    const mimeType = this.getMimeTypeFromExtension(ext);
    try {
      return await this.provider.uploadFile(bucketName, key, fileBuffer, {
        encoding,
-        mimeType: 'image/png'
+        mimeType
      });
    } catch (error) {
      throw new HttpException(error, HttpStatus.SERVICE_UNAVAILABLE);
    }
  }
+
+  private getMimeTypeFromExtension(ext: string): string {
+    const mimeTypes = {
+      'png': 'image/png',
+      'jpg': 'image/jpeg',
+      'jpeg': 'image/jpeg',
+      'pdf': 'application/pdf',
+      'csv': 'text/csv'
+    };
+    return mimeTypes[ext.toLowerCase()] || 'application/octet-stream';
+  }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	mimeType: 'image/png'
	async uploadFileToBucket(
	fileBuffer: Buffer,
	ext: string,
	filename: string,
	bucketName: string,
	encoding: string,
	filePath = ''
	): Promise<string> {
	const timestamp = Date.now();
	const key = `${filePath}/${encodeURIComponent(filename)}-${timestamp}.${ext}`;
	const mimeType = this.getMimeTypeFromExtension(ext);
	try {
	return await this.provider.uploadFile(bucketName, key, fileBuffer, {
	encoding,
	mimeType
	});
	} catch (error) {
	throw new HttpException(error, HttpStatus.SERVICE_UNAVAILABLE);
	}
	}
	private getMimeTypeFromExtension(ext: string): string {
	const mimeTypes = {
	'png': 'image/png',
	'jpg': 'image/jpeg',
	'jpeg': 'image/jpeg',
	'pdf': 'application/pdf',
	'csv': 'text/csv'
	};
	return mimeTypes[ext.toLowerCase()] || 'application/octet-stream';
	}

🤖 Prompt for AI Agents

In libs/storage/src/storage.service.ts at line 37, the MIME type is hardcoded as
'image/png' in the uploadFileToBucket method, which does not accommodate
different file types. Modify the code to dynamically determine the MIME type
based on the file extension parameter `ext` passed to the method, ensuring the
correct MIME type is set for each file type uploaded.

[ajile-in]

@ankita-p17 you think the CodeRabbit reviews are useful?

[sonarqubecloud]

Quality Gate passed

Issues
5 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 10

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

apps/agent-provisioning/AFJ/scripts/fargate.sh (2)

10-10: Fix the typo in RANDOM_SEED assignment.

Line 10 assigns RANDOM_SEED=${5}a, which appends a literal 'a' to the fifth positional argument. This is almost certainly a typo.

Apply this diff to fix the assignment:

-RANDOM_SEED=${5}a
+RANDOM_SEED=${5}

---

100-109: Review the increment_port function logic.

The increment_port function increments the port by 1 only if it's less than or equal to lower_limit. Since lines 121 and 137 call this function with identical values for both parameters (e.g., increment_port "$last_used_admin_port" "$last_used_admin_port"), the condition [ "$port" -le "$lower_limit" ] will always be true initially, causing exactly one increment.

This may be intentional (always increment by 1), but the function name and implementation suggest a more complex intent that isn't being fulfilled. If the goal is simply to increment by 1, the function can be simplified.

Apply this diff if the intent is to always increment by 1:

-increment_port() {
-    local port="$1"
-    local lower_limit="$2"
-
-    while [ "$port" -le "$lower_limit" ]; do
-        port=$((port + 1))  # Increment the port using arithmetic expansion
-    done
-
-    echo "$port"
-}
+increment_port() {
+    local port="$1"
+    echo "$((port + 1))"
+}

And update the call sites to pass only one argument:

-last_used_admin_port=$(increment_port "$last_used_admin_port" "$last_used_admin_port")
+last_used_admin_port=$(increment_port "$last_used_admin_port")

-last_used_inbound_port=$(increment_port "$last_used_inbound_port" "$last_used_inbound_port")
+last_used_inbound_port=$(increment_port "$last_used_inbound_port")

🧹 Nitpick comments (3)

.env.demo (1)

9-9: Consider quoting the value for consistency.

While minio doesn't require quotes, adding them (FILE_STORAGE_PROVIDER="minio") improves consistency with other string values in the file and ensures compatibility with all .env parsers.

Apply this diff:

-FILE_STORAGE_PROVIDER=minio
+FILE_STORAGE_PROVIDER="minio"

apps/agent-provisioning/AFJ/scripts/fargate.sh (2)

394-395: Consider adjusting task resource allocation.

The container is allocated 256 CPU units and 512 MB memory (lines 394-395), but the task definition specifies 1024 CPU units and 2048 MB memory (lines 476-477). While this is valid (task resources must be >= container resources), the task has significant excess capacity that won't be utilized.

If only one container is running in the task, consider aligning the task resources with the container resources to optimize costs:

-  "cpu": "1024",
-  "memory": "2048"
+  "cpu": "256",
+  "memory": "512"

Or adjust the container resources to use the full task allocation if the agent needs more resources.

Also applies to: 476-477

---

657-658: Consider adding protocol prefix to endpoint URLs.

Lines 657-658 output the ALB DNS names without a protocol prefix (e.g., http://). This is inconsistent with line 366, which includes "http://$INBOUND_ALB_DNS".

For consistency and clarity, consider adding the protocol prefix:

 {
-    "CONTROLLER_ENDPOINT": "$ADMIN_ALB_DNS",
-    "AGENT_ENDPOINT": "$INBOUND_ALB_DNS"
+    "CONTROLLER_ENDPOINT": "http://$ADMIN_ALB_DNS",
+    "AGENT_ENDPOINT": "http://$INBOUND_ALB_DNS"
 }

This ensures downstream consumers don't need to guess the protocol.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8e67450 and e2eba6e.

📒 Files selected for processing (5)

• .env.demo (4 hunks)
• apps/agent-provisioning/AFJ/scripts/fargate.sh (14 hunks)
• apps/agent-service/src/agent-service.service.ts (2 hunks)
• apps/agent-service/src/repositories/agent-service.repository.ts (2 hunks)
• apps/ledger/src/schema/repositories/schema.repository.ts (0 hunks)

💤 Files with no reviewable changes (1)

• apps/ledger/src/schema/repositories/schema.repository.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/agent-service/src/agent-service.service.ts

🧰 Additional context used

🪛 dotenv-linter (3.3.0)

.env.demo

[warning] 12-12: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

---

[warning] 13-13: [QuoteCharacter] The value has quote characters (', ")

(QuoteCharacter)

---

[warning] 13-13: [UnorderedKey] The MOBILE_APP_DOWNLOAD_URL key should go before the MOBILE_APP_NAME key

(UnorderedKey)

---

[warning] 15-15: [UnorderedKey] The IOS_DOWNLOAD_LINK key should go before the MOBILE_APP key

(UnorderedKey)

---

[warning] 18-18: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

---

[warning] 19-19: [UnorderedKey] The PLATFORM_WEB_URL key should go before the POWERED_BY key

(UnorderedKey)

---

[warning] 50-50: [UnorderedKey] The PUBLIC_PLATFORM_SUPPORT_EMAIL key should go before the PUBLIC_PRODUCTION_API_URL key

(UnorderedKey)

---

[warning] 66-66: [UnorderedKey] The MINIO_ACCESS_KEY key should go before the MINIO_ENDPOINT key

(UnorderedKey)

---

[warning] 67-67: [UnorderedKey] The MINIO_SECRET_KEY key should go before the MINIO_USE_SSL key

(UnorderedKey)

---

[warning] 73-73: [UnorderedKey] The AWS_REGION key should go before the AWS_SECRET_KEY key

(UnorderedKey)

---

[warning] 80-80: [UnorderedKey] The AWS_PUBLIC_REGION key should go before the AWS_PUBLIC_SECRET_KEY key

(UnorderedKey)

---

[warning] 87-87: [SpaceCharacter] The line has spaces around equal sign

(SpaceCharacter)

---

[warning] 87-87: [TrailingWhitespace] Trailing whitespace detected

(TrailingWhitespace)

---

[warning] 87-87: [UnorderedKey] The AWS_S3_STOREOBJECT_REGION key should go before the AWS_S3_STOREOBJECT_SECRET_KEY key

(UnorderedKey)

🪛 Shellcheck (0.11.0)

apps/agent-provisioning/AFJ/scripts/fargate.sh

[warning] 586-586: This is interpreted as a command name ending with '.'. Double check syntax.

(SC2288)

🔇 Additional comments (7)

apps/agent-service/src/repositories/agent-service.repository.ts (2)

312-312: LGTM! Type annotation improves clarity.

The explicit type annotation correctly represents both possible shapes of the whereClause object (single string or array lookup), improving type safety.

---

528-529: Appropriate use of ESLint suppression.

The no-explicit-any suppression is justified here due to dynamic table access via prisma[table], where TypeScript cannot infer proper types. The suppression is correctly scoped to the specific line.

.env.demo (3)

62-68: LGTM - MinIO configuration block is well-structured.

The MinIO configuration includes all necessary connection parameters. The comment correctly notes that the same bucket names (FILE_BUCKET, ORG_LOGO_BUCKET, STORE_OBJECT_BUCKET) should be used for both MinIO and S3 configurations.

---

20-20: LGTM - Branding updates are correct.

The URL and email updates properly reflect the organizational rebranding from Blockster to Linux Foundation Projects and Sovio.

Also applies to: 50-50

---

74-74: All deprecated AWS bucket environment variable references have been removed. No instances of AWS_BUCKET, AWS_ORG_LOGO_BUCKET_NAME, or AWS_S3_STOREOBJECT_BUCKET remain across the codebase.

apps/agent-provisioning/AFJ/scripts/fargate.sh (2)

224-253: Verify that exposing the ALB to 0.0.0.0/0 aligns with security requirements.

Lines 224-228 and 240-244 authorize ingress from 0.0.0.0/0 on ports 443 and 80 for the ALB security group. This is typical for internet-facing load balancers, but ensure this aligns with your security and compliance requirements.

If the ALB should be restricted to specific IP ranges or behind a WAF, update these rules accordingly.

---

352-385: LGTM!

The agent config generation correctly uses the new ALB DNS names and AGENT_WEBSOCKET_PROTOCOL variable. The configuration structure is clear and well-formed.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

Add quotes around the value.

The value contains spaces and should be quoted to ensure reliable parsing across all .env implementations.

Apply this diff:

-POWERED_BY=CREDEBL a Series of LF Projects, LLC
+POWERED_BY="CREDEBL a Series of LF Projects, LLC"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	POWERED_BY=CREDEBL a Series of LF Projects, LLC
	POWERED_BY="CREDEBL a Series of LF Projects, LLC"

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 18-18: [ValueWithoutQuotes] This value needs to be surrounded in quotes

(ValueWithoutQuotes)

🤖 Prompt for AI Agents

.env.demo around line 18: the env value contains spaces and must be quoted for
reliable parsing; update the line so the value is wrapped in quotes (e.g.,
change POWERED_BY=CREDEBL a Series of LF Projects, LLC to POWERED_BY="CREDEBL a
Series of LF Projects, LLC") and save the file.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix trailing whitespace and consider renaming for consistency.

Line 87 has trailing whitespace after the equals sign, which should be removed. Additionally, consider renaming AWS_S3_STOREOBJECT_REGION to STORE_OBJECT_REGION to maintain consistency with the other provider-agnostic bucket variable renames.

Apply this diff to fix the whitespace:

-AWS_S3_STOREOBJECT_REGION= 
+AWS_S3_STOREOBJECT_REGION=

Or apply this diff to fix both issues:

-AWS_S3_STOREOBJECT_REGION= 
+STORE_OBJECT_REGION=

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	AWS_S3_STOREOBJECT_REGION=
	STORE_OBJECT_REGION=

🧰 Tools

🪛 dotenv-linter (3.3.0)

[warning] 87-87: [SpaceCharacter] The line has spaces around equal sign

(SpaceCharacter)

---

[warning] 87-87: [TrailingWhitespace] Trailing whitespace detected

(TrailingWhitespace)

---

[warning] 87-87: [UnorderedKey] The AWS_S3_STOREOBJECT_REGION key should go before the AWS_S3_STOREOBJECT_SECRET_KEY key

(UnorderedKey)

🤖 Prompt for AI Agents

In .env.demo around line 87, remove the trailing whitespace after the equals
sign on AWS_S3_STOREOBJECT_REGION= so the line reads a valid empty assignment;
additionally, if you want provider-agnostic naming consistency, rename the key
to STORE_OBJECT_REGION (update this line to STORE_OBJECT_REGION=) and then
search the codebase for any usages of AWS_S3_STOREOBJECT_REGION and replace them
with STORE_OBJECT_REGION to keep references consistent.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Echo statements reference undefined variables.

Lines 66-76 echo variables that haven't been assigned yet (SSL_CRTS, AGENT_URL, ALB_SECURITY_GROUP_ID, ADMIN_TG_ARN, INBOUND_TG_ARN, AGENT_INBOUND_URL). These will print empty values and may confuse debugging.

Either remove these echo statements or move them to after the variables are assigned (lines 151, 257, 274, etc.).

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around lines 66 to 76, the
echoed variables (SSL_CRTS, AGENT_URL, ALB_SECURITY_GROUP_ID, ADMIN_TG_ARN,
INBOUND_TG_ARN, AGENT_INBOUND_URL) are not yet assigned and will print empty
values; either remove these echo lines or relocate them to after the variables
are actually set (for example after their assignments around lines 151, 257, 274
respectively), ensuring each echo occurs immediately after the corresponding
assignment so logs show real values during debugging.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Review the inbound target group health check expecting 404.

Lines 339-348 configure the inbound target group health check to expect HttpCode=404 on path "/". This is unusual—health checks typically expect 2xx or 3xx responses. Using 404 as a healthy response suggests the inbound endpoint lacks a proper health endpoint.

Consider implementing a dedicated health endpoint (e.g., /health) that returns 200, or verify that this 404-based health check is intentional and documents the reasoning.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Define the AFJ_IMAGE_URL variable.

Line 393 references ${AFJ_IMAGE_URL}, but this variable is never defined in the script. This will result in an empty image field in the container definition, causing the ECS task to fail.

Either add AFJ_IMAGE_URL as a positional parameter or define it as an environment variable before use. For example:

+AFJ_IMAGE_URL=${31}

And update the echo statements section to include:

+echo "AFJ_IMAGE_URL: $AFJ_IMAGE_URL"

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around line 393, the script
references ${AFJ_IMAGE_URL} but never defines it, causing the container image
field to be empty; define AFJ_IMAGE_URL by either reading it as a positional
parameter (e.g., AFJ_IMAGE_URL="${1:-}" or new param position) or exporting it
from the environment before use, validate it is non-empty and exit with an error
if missing, and update the script's echo/logging section to include
AFJ_IMAGE_URL so the chosen image is visible in logs.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix the service file validation logic.

Lines 532-536 check if $SERVICE_FILE exists, but the SERVICE_FILE variable is never defined. The service JSON is written to service.json on line 529, but the validation references the wrong variable.

Apply this diff to fix the validation:

-if [ -f "$SERVICE_FILE" ]; then
-    echo "Service file created successfully: $SERVICE_FILE"
+if [ -f "service.json" ]; then
+    echo "Service file created successfully: service.json"
 else
-    echo "Failed to create service file: $SERVICE_FILE"
+    echo "Failed to create service file: service.json"
 fi

Alternatively, define SERVICE_FILE="service.json" before line 529 and use it consistently.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if [ -f "$SERVICE_FILE" ]; then
	echo "Service file created successfully: $SERVICE_FILE"
	else
	echo "Failed to create service file: service.json"
	echo "Failed to create service file: $SERVICE_FILE"
	fi
	if [ -f "service.json" ]; then
	echo "Service file created successfully: service.json"
	else
	echo "Failed to create service file: service.json"
	fi

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around lines 532-536 the
validation checks an undefined variable SERVICE_FILE; change the validation to
check the actual filename used to write the JSON (service.json) or define
SERVICE_FILE="service.json" before line 529 and use that variable consistently
for writing and checking the file existence, updating the echo messages
accordingly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix the echo statement to use the correct variable.

Line 561 echoes $AGENT_URL, but this variable is undefined. It should reference $AGENT_HEALTHCHECK_URL instead.

Apply this diff:

-echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_URL"
+echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_HEALTHCHECK_URL"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_URL"
	echo "--------AGENT_HEALTHCHECK_URL-----$AGENT_HEALTHCHECK_URL"

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around line 561, the echo
prints an undefined variable $AGENT_URL; change it to echo
$AGENT_HEALTHCHECK_URL so the healthcheck URL variable is referenced correctly
and will display the intended value.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove the invalid syntax line.

Line 586 contains a line of dots that serves no purpose and is flagged by shellcheck as invalid syntax. This will cause the script to fail.

Apply this diff to remove it:

-# to fetch log group of container 
-.............................................................
-log_group=/ecs/$TESKDEFINITION_FAMILY
+# to fetch log group of container
+log_group="/ecs/$TESKDEFINITION_FAMILY"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	.............................................................
	# to fetch log group of container
	log_group="/ecs/$TESKDEFINITION_FAMILY"

🧰 Tools

🪛 Shellcheck (0.11.0)

[warning] 586-586: This is interpreted as a command name ending with '.'. Double check syntax.

(SC2288)

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around line 586, there is an
invalid line consisting of only dots
(".............................................................") which
ShellCheck flags as syntax error; remove that line entirely from the script so
no stray characters remain and ensure surrounding lines retain proper spacing
and line endings.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Replace hardcoded region with AWS_PUBLIC_REGION variable.

Line 617 hardcodes the region as ap-southeast-1, which may not match the AWS_PUBLIC_REGION variable used throughout the script. This inconsistency could cause the log retrieval to fail if the resources are in a different region.

Apply this diff to use the correct region:

-    --region ap-southeast-1 \
+    --region "$AWS_PUBLIC_REGION" \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	--region ap-southeast-1 \
	--region "$AWS_PUBLIC_REGION" \

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around line 617, the aws CLI
call hardcodes "--region ap-southeast-1" instead of using the AWS_PUBLIC_REGION
variable; change the flag to use "${AWS_PUBLIC_REGION}" (or
"$AWS_PUBLIC_REGION") so the region follows the script-wide variable. Ensure the
variable is quoted and exported/defined earlier so the command uses the correct
region at runtime.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Echo statements reference undefined variables.

Lines 641-642 echo $AGENT_URL and $AGENT_INBOUND_URL, which are never defined in the script. These will print empty values.

Either remove these echo statements or replace them with the correct variables ($ADMIN_ALB_DNS and $INBOUND_ALB_DNS).

🤖 Prompt for AI Agents

In apps/agent-provisioning/AFJ/scripts/fargate.sh around lines 641 to 642, the
script echoes undefined variables $AGENT_URL and $AGENT_INBOUND_URL which will
print empty values; replace those echo lines to reference the correct variables
$ADMIN_ALB_DNS and $INBOUND_ALB_DNS (or remove the lines if not needed) so the
script outputs the intended ALB DNS values, and verify those variables are set
earlier in the script.

[ankita-p17]

Closing this PR as it has some unsigned commits from upstream which are resolved later. Created new PR for this implementation - #1484