feat: health check

[coodos]

Description of change

Type of change

• Breaking (any change that would cause existing functionality to not work as expected)
• New (a change which implements a new feature)
• Update (a change which updates existing functionality)
• Fix (a change which fixes an issue)
• Docs (changes to the documentation)
• Chore (refactoring, build scripts or anything else that isn't user-facing)

How the change has been tested

Change checklist

• I have ensured that the CI Checks pass locally
• I have removed any unnecessary logic
• My code is well documented
• I have signed my commits
• My code follows the pattern of the application
• I have self reviewed my code

Summary by CodeRabbit

• New Features

  • eVault deletion detection: non-dismissible modal with guidance and option to delete local data and reset to onboarding.
  • eVault health checks integrated into login flows; pending deep links are preserved and handled after auth.

• Improvements

  • Drawer gains dismissible toggle affecting backdrop and close/draggable behavior.
  • Registration PIN flow clarified via a dedicated onboarding PIN API.

• Bug Fixes

  • Safer biometrics availability handling to avoid startup errors.

• Chores

  • Updated Tauri-related dependencies, added Argon2 packages, bumped Android version code.

[coderabbitai]

Warning

Rate limit exceeded

@coodos has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 10 minutes and 22 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 128029d and c4671a6.

📒 Files selected for processing (5)

• infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (2 hunks)
• infrastructure/eid-wallet/src/lib/global/controllers/security.ts (10 hunks)
• infrastructure/eid-wallet/src/lib/global/state.ts (1 hunks)
• infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte (3 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (6 hunks)

Walkthrough

Adds Argon2 browser packages and bumps multiple Tauri JS/Rust dependencies; introduces VaultController.checkHealth with timeouts and 404-as-deleted semantics; exposes SecurityController.setOnboardingPin; makes Drawer dismissibility configurable; integrates eVault health checks into login to show a non-dismissible deletion modal and a nukeWallet flow; increments Android versionCode.

Changes

Cohort / File(s)	Summary
Dependency updates infrastructure/eid-wallet/package.json, infrastructure/eid-wallet/src-tauri/Cargo.toml	Bumps several @tauri-apps/* packages and @tauri-apps/cli; adds argon2-browser and @types/argon2-browser; updates Rust tauri plugins (tauri-plugin-store, tauri-plugin-biometric).
Config update infrastructure/eid-wallet/src-tauri/tauri.conf.json	Reformats app.security.capabilities array and increments Android bundle.versionCode from 10 → 12.
Vault controller infrastructure/eid-wallet/src/lib/global/controllers/evault.ts	Adds VaultController.checkHealth(w3id) returning { healthy, deleted?, uri?, error? } with a 3s health-check timeout; treats registry 404 as deleted; sets resolveEndpoint axios timeout to 5s.
Security controller infrastructure/eid-wallet/src/lib/global/controllers/security.ts	Adds async setOnboardingPin(pin, confirmPin) which validates equality and delegates to internal PIN setter.
Drawer component infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte	Adds dismissible?: boolean prop (default true) and conditions pane/backdrop/close/draggable behavior on it to support non-dismissible modals.
Login flow integration infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte	Runs eVault health checks after PIN and biometric login; opens a non-dismissible Drawer when vault is deleted; adds nukeWallet to clear local/global state and redirect to onboarding; handles pending deep-link navigation.
Register flow infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte	Wraps biometric availability check in try/catch; replaces updatePin usage with setOnboardingPin.
Minor/formatting platforms/eReputation/client/src/pages/references-page.tsx, platforms/blabsy/src/components/chat/chat-window.tsx, platforms/pictique/src/routes/.../+page.svelte, infrastructure/eid-wallet/src/lib/global/state.ts	Trailing newline/additional type assertion; minor formatting/indentation and type cast changes with no behavioral changes.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant LoginPage as Login Page
    participant Vault as VaultController
    participant Registry as Registry
    participant Modal as Deletion Modal
    participant Global as Global State

    User->>LoginPage: Enter PIN or use biometric
    LoginPage->>Vault: checkHealth(w3id) (3s timeout)
    Vault->>Registry: resolve(w3id) (axios 5s timeout)
    Registry-->>Vault: response (success / 404 / error)

    alt 404 (deleted)
        Vault-->>LoginPage: { healthy: false, deleted: true }
        LoginPage->>Modal: Open non-dismissible Drawer
        User->>Modal: Click "Delete Local Data"
        LoginPage->>Global: nukeWallet (clear local + global state)
        LoginPage->>LoginPage: Redirect to onboarding
    else unhealthy (other error)
        Vault-->>LoginPage: { healthy: false, error: "..." }
        LoginPage->>LoginPage: Log error, continue to app
    else healthy
        Vault-->>LoginPage: { healthy: true, uri: "..." }
        LoginPage->>LoginPage: Navigate to app
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Review focus:
  • VaultController.checkHealth — timeouts, 404-as-deleted handling, returned object shape.
  • setOnboardingPin — validation and delegation to internal setter.
  • Login flow — where health checks run, non-dismissible Drawer wiring, nukeWallet side effects (state clearing and navigation).
  • Dependency bumps — verify compatibility/build implications.

Possibly related PRs

• Fix/wallet restoration not syncing to graphql due to messy state #432 — touches evault.ts; related to health/clear checks and vault handling.
• Feat/evoting reveal vote data #324 — modifies Drawer.svelte dismiss/click-outside behavior; directly related to dismissible changes.
• fix: deeplink issue #337 — deep-link handling overlaps with login deep-link persistence/navigation added here.

Suggested reviewers

• sosweetham
• grv-saini-20

Poem

🐇 I hopped through deps and nibbled a byte,
Argon2 warmed in the soft Tauri night.
If the vault has vanished, the Drawer holds tight,
Press "Delete Local Data" and hop to the light. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description follows the template structure but fails to complete critical sections: Issue Number is missing, Type of change is not selected, How the change has been tested is empty, and all checklist items are unchecked.	Complete the description by selecting a change type (likely 'New' for the health check feature), specifying the issue number, detailing testing methodology, and confirming checklist items are actually met before merging.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: health check' directly reflects the main change—adding a health check feature to the eVault system, as evidenced by the new checkHealth method and related vault deletion handling.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1)

79-98: Extract duplicated health check logic.

The health check logic after successful login is duplicated identically in both the PIN verification path (lines 79-98) and the biometric authentication path (lines 145-164). This violates the DRY principle and makes maintenance harder.

Extract the health check into a shared function:

+async function performHealthCheck() {
+    try {
+        const vault = await globalState?.vaultController.vault;
+        if (vault?.ename) {
+            const healthCheck = await globalState.vaultController.checkHealth(vault.ename);
+            if (!healthCheck.healthy) {
+                console.warn("eVault health check failed:", healthCheck.error);
+                
+                // If eVault was deleted (404), show modal
+                if (healthCheck.deleted) {
+                    isDeletedVaultModalOpen = true;
+                    return false; // Prevent navigation
+                }
+                // For other errors, continue to app - non-blocking
+            }
+        }
+    } catch (error) {
+        console.error("Error during eVault health check:", error);
+        // Continue to app even if health check fails - non-blocking
+    }
+    return true; // Allow navigation
+}

Then use it in both locations:

             if (!check) {
                 isError = true;
                 return;
             }

-            // Check eVault health after successful login
-            try {
-                const vault = await globalState?.vaultController.vault;
-                if (vault?.ename) {
-                    const healthCheck = await globalState.vaultController.checkHealth(vault.ename);
-                    if (!healthCheck.healthy) {
-                        console.warn("eVault health check failed:", healthCheck.error);
-                        
-                        // If eVault was deleted (404), show modal
-                        if (healthCheck.deleted) {
-                            isDeletedVaultModalOpen = true;
-                            return; // Don't continue to app
-                        }
-                        // For other errors, continue to app - non-blocking
-                    }
-                }
-            } catch (error) {
-                console.error("Error during eVault health check:", error);
-                // Continue to app even if health check fails - non-blocking
-            }
+            const shouldContinue = await performHealthCheck();
+            if (!shouldContinue) return;

And similarly in the biometric path.

Also applies to: 145-164

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8216692 and d2248e3.

⛔ Files ignored due to path filters (8)

• infrastructure/eid-wallet/src-tauri/Cargo.lock is excluded by !**/*.lock
• infrastructure/eid-wallet/src-tauri/gen/android/.idea/gradle.xml is excluded by !**/gen/**
• infrastructure/eid-wallet/src-tauri/gen/android/.idea/kotlinc.xml is excluded by !**/gen/**
• infrastructure/eid-wallet/src-tauri/gen/android/app/arm64/release/app-arm64-release.aab is excluded by !**/gen/**
• infrastructure/eid-wallet/src-tauri/gen/android/app/src/main/AndroidManifest.xml is excluded by !**/gen/**
• infrastructure/eid-wallet/src-tauri/gen/android/build.gradle.kts is excluded by !**/gen/**
• infrastructure/eid-wallet/src-tauri/gen/android/buildSrc/build.gradle.kts is excluded by !**/gen/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (7)

• infrastructure/eid-wallet/package.json (2 hunks)
• infrastructure/eid-wallet/src-tauri/Cargo.toml (2 hunks)
• infrastructure/eid-wallet/src-tauri/tauri.conf.json (1 hunks)
• infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (2 hunks)
• infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte (3 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (6 hunks)
• platforms/eReputation/client/src/pages/references-page.tsx (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte

🧬 Code graph analysis (1)

infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (1)

platforms/pictique/src/env.d.ts (1)

• PUBLIC_REGISTRY_URL (7-7)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (12)

platforms/eReputation/client/src/pages/references-page.tsx (1)

459-459: LGTM!

Trailing newline added for consistent file formatting.

infrastructure/eid-wallet/src-tauri/tauri.conf.json (2)

21-21: LGTM!

Formatting consolidation of the capabilities array maintains the same content.

---

29-29: Verify the Android versionCode skip from 10 to 12.

The versionCode jumped from 10 to 12, skipping 11. While not necessarily problematic, Android versionCodes typically increment sequentially. Ensure this skip is intentional and won't cause issues with app distribution or updates.

infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte (2)

12-12: LGTM!

The new dismissible prop with a default of true maintains backward compatibility while enabling non-dismissible drawer behavior when needed.

Also applies to: 22-22

---

38-53: LGTM!

The drawer UI appropriately adjusts based on dismissibility: stronger backdrop, no bottom-close gesture, no draggable handle, and backdrop taps are blocked when non-dismissible.

infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (2)

130-165: LGTM!

The checkHealth method provides a clean health check API with appropriate timeout (3s), handles the deleted state (404) correctly, and returns structured error information for different failure scenarios.

---

181-183: LGTM!

Adding a 5-second timeout to the resolve endpoint call improves resilience against slow or unresponsive registry services.

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (3)

36-37: LGTM!

Context accessors retrieved for global state management in the vault reset flow.

---

39-46: LGTM!

The nukeWallet function properly resets the global state, closes the modal, and navigates to onboarding.

---

248-278: LGTM!

The non-dismissible modal with clear deletion guidance provides appropriate UX for the critical state where the vault has been deleted from the registry.

infrastructure/eid-wallet/src-tauri/Cargo.toml (1)

27-27: Verification passed: both Tauri plugin versions are valid and secure.

Both tauri-plugin-store 2.4.1 and tauri-plugin-biometric 2.3.2 exist on crates.io and have no known security vulnerabilities.

infrastructure/eid-wallet/package.json (1)

28-34: Now I need to check if the eid-wallet project has a Vite configuration with the insecure pattern:

Remove security advisory verification—not applicable to this package version update.

The flagged advisory documents a commonly used misconfiguration in Tauri documentation's insecure Vite example configuration, not a vulnerability in Tauri code itself. The issue occurs only with the deprecated pattern envPrefix: ['VITE_', 'TAURI_'] in vite.config.ts. The correct configuration uses envPrefix: ['VITE_'] with desired TAURI variables manually added.

The advisory notes that values are automatically bundled into debug builds, but production builds are not embedded as Vite statically replaces these values, reducing the amount of affected applications to a very small amount. Critically, the root cause is not in Tauri itself, so the issue is not fixed by updating Tauri.

The version @tauri-apps/cli@2.9.4 is beyond any affected version ranges. This advisory documents a configuration best practice, not a version-specific issue. If eid-wallet has the insecure Vite pattern, that's a separate configuration concern for vite.config.ts, independent of the @tauri-apps/cli version.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d6ee27 and b20834e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• infrastructure/eid-wallet/package.json (2 hunks)
• infrastructure/eid-wallet/src/lib/global/controllers/security.ts (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• infrastructure/eid-wallet/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (1)

infrastructure/eid-wallet/src/lib/global/controllers/security.ts (1)

48-49: Consider security implications of moving hashing to the frontend.

Moving PIN hashing from the Rust backend to the JavaScript frontend reduces the security posture since frontend code is easier to inspect, debug, and potentially extract data from memory. While this may be acceptable for local app authentication (vs. network credentials), ensure this aligns with your security requirements and threat model.

Also applies to: 94-95, 129-133

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 268e468 and 1d3e4ad.

📒 Files selected for processing (2)

• infrastructure/eid-wallet/src/lib/global/controllers/security.ts (10 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/lib/global/controllers/security.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: build
• GitHub Check: lint
• GitHub Check: lint

🔇 Additional comments (3)

infrastructure/eid-wallet/src/lib/global/controllers/security.ts (1)

5-5: LGTM!

Author tag updates across methods are correctly updated to reflect the new organization domain.

Also applies to: 32-32, 54-54, 69-69, 79-79, 96-96, 160-160, 176-176, 201-201, 221-221

infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2)

77-83: LGTM!

The try/catch wrapper around checkStatus() provides graceful error handling. Setting isBiometricsAvailable to false on failure ensures the UI remains functional even if biometric detection fails, which is appropriate defensive programming.

---

99-99: LGTM!

Using setOnboardingPin instead of updatePin is semantically clearer for the onboarding flow and correctly reflects the intent of this page. The error handling (lines 101-104) appropriately catches and logs any failures.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add guard to prevent PIN overwrites outside onboarding.

The setOnboardingPin method is public and doesn't verify that no PIN currently exists. This creates a security risk: if called after onboarding, it would overwrite the existing PIN without requiring the old PIN, bypassing the protection in updatePin (lines 124-135).

Apply this diff to add a guard:

 async setOnboardingPin(pin: string, confirmPin: string) {
+    const existingPin = await this.#getPin();
+    if (existingPin) {
+        throw new Error("PIN already set. Use updatePin to change it.");
+    }
     if (pin !== confirmPin) {
         throw new Error("Pins are not the same!");
     }
     return await this.#setPin(pin);
 }

Alternatively, if routing guards already prevent access to the register page after onboarding, document this assumption clearly in the method's JSDoc to prevent misuse.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

in infrastructure/eid-wallet/src/lib/global/controllers/security.ts around lines
138 to 157, the public setOnboardingPin currently overwrites any existing PIN;
add a guard that first checks whether a PIN already exists (via the controller's
PIN storage accessor or existing internal getter) and if one exists throw an
error (e.g., "Onboarding PIN cannot overwrite existing PIN") so setOnboardingPin
only sets when no PIN is present; alternatively, if the app routing guarantees
this method is only called during onboarding, add a clear JSDoc note stating
that precondition instead of changing behavior.

[coodos]

nack, you know there reasons why we had to implement it this way because an amazing OS named android decided that it might be a fun idea to keep stale files around, so this causes some phones to have an error with onboarding because android, being the amazing OS it is just messes everything up.

[coderabbitai]

@coodos, thanks for the explanation! I understand now—this is a deliberate workaround for Android's storage cleanup issues where stale files can persist and cause onboarding errors. The ability to overwrite is necessary to handle those edge cases.

If it's not already captured in the code, you might consider adding a brief comment explaining this Android-specific behavior near the method to help future maintainers understand why the guard isn't present. But I'll leave that to your discretion.

---

✏️ Learnings added

Learnt from: coodos
Repo: MetaState-Prototype-Project/prototype PR: 437
File: infrastructure/eid-wallet/src/lib/global/controllers/security.ts:138-157
Timestamp: 2025-11-14T17:54:47.711Z
Learning: The `setOnboardingPin` method in `infrastructure/eid-wallet/src/lib/global/controllers/security.ts` is intentionally designed to allow overwriting existing PINs without checking if a PIN already exists. This is a workaround for Android keeping stale files around during app reinstallation or onboarding, which causes errors on some devices. Do not suggest adding guards to prevent PIN overwrites in this method.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/lib/global/controllers/security.ts:86-93
Timestamp: 2025-04-24T06:00:34.296Z
Learning: Rate limiting for PIN verification is not part of the design requirements for the SecurityController in the eid-wallet application, and should not be suggested as an enhancement.

---

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1)

36-50: Consolidate duplicate getContext calls.

The getContext("globalState") call appears twice: once at line 36 and again at line 50 inside onMount. Consider consolidating these to avoid redundant context lookups.

Apply this diff to consolidate:

-const getGlobalState = getContext<() => GlobalState>("globalState");
 const setGlobalState =
     getContext<(value: GlobalState) => void>("setGlobalState");
 
 // ... nukeWallet function ...

 onMount(async () => {
-    globalState = getContext<() => GlobalState>("globalState")();
+    globalState = getGlobalState();

infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (2)

149-155: Consider edge case: what if response.data exists but uri is explicitly null or empty string?

Line 149 checks if (response.data?.uri), which will return false for empty strings or other falsy values. While this is likely intentional, it means an empty URI from the registry would be treated as unhealthy rather than invalid.

If the registry could return { uri: "" } or { uri: null }, you might want more explicit validation.

-            if (response.data?.uri) {
+            if (response.data?.uri && typeof response.data.uri === 'string' && response.data.uri.length > 0) {
                 console.log(`✅ eVault is healthy, URI: ${response.data.uri}`);
                 return { healthy: true, uri: response.data.uri };
             } else {
                 console.warn(`⚠️ Registry responded but no URI found`);
-                return { healthy: false, error: "No URI in registry response" };
+                return { 
+                    healthy: false, 
+                    error: response.data?.uri === null 
+                        ? "Registry returned null URI" 
+                        : "No URI in registry response" 
+                };
             }

---

130-174: Timeout difference is intentional; optional refactor to extract constants recommended.

The 3-second timeout for checkHealth versus 5-second for resolveEndpoint is intentional and follows a consistent pattern across the codebase: health checks use shorter timeouts to fail fast for diagnostics, while regular registry operations use 5 seconds. Other registry operations in the codebase (GraphQL server, maintenance banner) also use 5-second timeouts, confirming this is a deliberate strategy.

Extracting these timeout values as named constants (as suggested in the diff) would improve maintainability without changing behavior.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d3e4ad and 733eca4.

📒 Files selected for processing (5)

• infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (2 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (6 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte (2 hunks)
• platforms/blabsy/src/components/chat/chat-window.tsx (1 hunks)
• platforms/pictique/src/routes/(protected)/messages/[id]/+page.svelte (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• platforms/pictique/src/routes/(protected)/messages/[id]/+page.svelte
• platforms/blabsy/src/components/chat/chat-window.tsx

🚧 Files skipped from review as they are similar to previous changes (1)

• infrastructure/eid-wallet/src/routes/(auth)/register/+page.svelte

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte

🧬 Code graph analysis (1)

infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (1)

platforms/pictique/src/env.d.ts (1)

• PUBLIC_REGISTRY_URL (7-7)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (2)

40-47: Early return in nukeWallet is safe.

The early return at line 41 correctly guards against undefined globalState. This prevents potential runtime errors during wallet reset.

---

261-291: Non-dismissible modal correctly enforces critical user action.

The non-dismissible Drawer (dismissible={false}) appropriately forces the user to acknowledge and act on the deleted eVault state. This prevents users from being stuck in an inconsistent state where the backend vault is deleted but local data remains.

infrastructure/eid-wallet/src/lib/global/controllers/evault.ts (1)

134-174: Health check implementation looks solid.

The checkHealth method correctly:

• Implements a reasonable timeout for fast failure
• Distinguishes between 404 (deleted) and other errors
• Returns a well-structured response object
• Uses appropriate logging with emoji indicators for easy scanning
• Treats health checks as non-blocking for non-404 errors (as consumed by the login flow)

[sosweetham]

Dear Future Developer, Archaeologist, or Poor Soul Reading This,

Let me tell you a bedtime story about ANDROID — that majestic, chaos-powered
dumpster-phoenix of an operating system that has ONE JOB during reinstall:
“Hey buddy, maybe delete the user data since the app was YEETED off the device?”

But no. No no no. Android, in its infinite cosmic wisdom, decided:
"lol nah, imma keep ALL your app files forever like a clingy ex
who still has your hoodie and your Netflix password."

You uninstall the app? Android: “Cute. I’ll pretend I didn’t see that.”
You reinstall the app? Android: “Surprise!! I saved ALL your crap because
boundaries are for iOS losers.”

And so, fast-forward to 2025 where I'm here implementing setOnboardingPin,
and CodeRabbit — bless its algorithmic heart — pops in like:

“hAve YoU tRiEd NoT oVeRwRiTiNg ThE eXiStInG pIn??”

Yes, rabbit. Yes. I HAD a whole system for that. I built updatePin
specifically for that. I even wrote it like a responsible adult:
- check existing hash
- verify old pin
- reject mismatches
- throw errors responsibly (unlike Android, who throws existential crises)

BUT THEN ANDROID, THE DIGITAL POSSUM LIVING IN MY WALLS,
DOESN’T DELETE THE PIN FILE WHEN THE APP IS REINSTALLED.

Meaning:
→ onboarding pin is “already set”
→ user has never even SEEN the app before
→ updatePin is like “HEY where’s the old pin???”
→ user: “????”
→ me: “??????”
→ Android: “teehee :)”

So yeah, CodeRabbit, my dude, my chrome-plated Peter Cottontail,
your suggestion is lovely in a world where the OS behaves like
something other than a drunken house gremlin. But here?
Here it just re-creates the exact nightmare I already solved before
Android woke up and chose violence.

tl;dr — This method stays as-is because the OS is a feral raccoon,
and I already wrote the adult-supervision logic elsewhere.

P.S. — Dear Android:
Uninstall should mean uninstall.
Not “emotional attachment mode activated.”

P.P.S. — I’m tired.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (1)

80-105: Extract duplicated health check logic into a reusable helper.

The eVault health check logic at lines 80-105 (PIN flow) and lines 157-181 (biometric flow) is nearly identical. Extracting this into a helper function would reduce maintenance burden and prevent inconsistencies.

Also applies to: 157-181

🧹 Nitpick comments (2)

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (2)

102-105: Consider user feedback for non-blocking health check failures.

When the health check fails with a non-404 error, the code silently continues to the app. Users have no indication their eVault might be unhealthy until they attempt to use it. Consider displaying a non-intrusive warning (toast or banner) to inform users of the health check failure.

Also applies to: 178-181

---

269-301: Consider adding a support contact option in the deletion modal.

The non-dismissible modal forces users to delete their local data with no alternative. Users might want to contact support before taking this irreversible action, especially if the vault deletion was unexpected or might be recoverable.

Consider adding a "Contact Support" button or help text:

 <Drawer bind:isPaneOpen={isDeletedVaultModalOpen} dismissible={false}>
     <div class="text-center">
         <h4 class="mt-[2.3svh] mb-[0.5svh] text-red-600">
             🗑️ eVault Has Been Deleted
         </h4>
         <p class="text-black-700 mb-4">
             Your eVault has been deleted from the registry and is no longer
             accessible.
         </p>
+        <div class="bg-blue-50 border border-blue-200 rounded-md p-4 mb-4">
+            <p class="text-blue-800">
+                <strong>Need help?</strong> Contact support at support@example.com
+                before deleting your data.
+            </p>
+        </div>
         <div class="bg-red-50 border border-red-200 rounded-md p-4 mb-6">
             <p class="text-red-800 font-medium">
                 To continue using the app, you need to delete your local account
                 data and start fresh.
             </p>
         </div>
         <!-- ... rest of modal ... -->
     </div>
 </Drawer>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 733eca4 and 128029d.

📒 Files selected for processing (3)

• infrastructure/eid-wallet/src/lib/global/state.ts (1 hunks)
• infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte (1 hunks)
• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-11-14T17:54:47.711Z

Learnt from: coodos
Repo: MetaState-Prototype-Project/prototype PR: 437
File: infrastructure/eid-wallet/src/lib/global/controllers/security.ts:138-157
Timestamp: 2025-11-14T17:54:47.711Z
Learning: The `setOnboardingPin` method in `infrastructure/eid-wallet/src/lib/global/controllers/security.ts` is intentionally designed to allow overwriting existing PINs without checking if a PIN already exists. This is a workaround for Android keeping stale files around during app reinstallation or onboarding, which causes errors on some devices. Do not suggest adding guards to prevent PIN overwrites in this method.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte

📚 Learning: 2025-04-24T05:54:12.858Z

Learnt from: sosweetham
Repo: MetaState-Prototype-Project/prototype PR: 97
File: infrastructure/eid-wallet/src/routes/+page.svelte:31-35
Timestamp: 2025-04-24T05:54:12.858Z
Learning: The "Clear PIN" button on the root page of the eID wallet application is intended for debugging purposes only, not for production use, so it doesn't require confirmation dialogs or detailed user guidance.

Applied to files:

• infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (3)

infrastructure/eid-wallet/src/lib/ui/Drawer/Drawer.svelte (1)

8-48: LGTM! Dismissible prop is well-integrated.

The new dismissible prop is properly typed, defaults to true for backward compatibility, and logically controls the pane's behavior (backdrop opacity, bottom-close, and draggable handle). The higher backdrop opacity (0.8) for non-dismissible modals effectively emphasizes their importance.

infrastructure/eid-wallet/src/routes/(auth)/login/+page.svelte (2)

14-38: LGTM! State and context setup is clean.

The state declarations, biometric authentication options, and global state context retrieval are properly structured and appropriate for the login flow.

---

40-47: LGTM! Wallet reset logic is sound.

The nukeWallet function correctly resets the global state, updates the context, closes the modal, and navigates to onboarding in the proper sequence.