fix: ereputation signing session logic and cosmetic changes

[coodos]

Description of change

fix the bug with eReputation signing modal having issues

Issue Number

Type of change

• Fix (a change which fixes an issue)

How the change has been tested

Change checklist

• I have ensured that the CI Checks pass locally
• I have removed any unnecessary logic
• My code is well documented
• I have signed my commits
• My code follows the pattern of the application
• I have self reviewed my code

Summary by CodeRabbit

• New Features

  • Added display of ename field in group search results and target selection modals.
  • Enhanced search result rendering to show user-specific identifiers and category types with improved text truncation.

• Improvements

  • Optimized layout for long names in modals to prevent text overflow.
  • Enhanced AI scoring model to better consider user wishlists and profile-relevant data.

• Chores

  • Refactored internal session management for improved performance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The PR extends eReputation API response schemas to include ename fields for groups and targets, updates AI prompt instructions for calculation logic, refactors session storage to module-level singleton in ReferenceSigningSessionService with security violation handling and logging, and improves UI modal component rendering to display and truncate ename appropriately.

Changes

Cohort / File(s)	Summary
Backend API Response Shape platforms/eReputation-api/src/controllers/GroupController.ts	Added ename property to serialized group objects in searchGroups response payload
Calculation Service platforms/eReputation-api/src/services/CalculationService.ts	Extended buildPrompt text to instruct AI model to consider user wishlist and focus on profile-type-specific values only
Reference Signing Session Storage & Security platforms/eReputation-api/src/services/ReferenceSigningSessionService.ts	Refactored to use module-level singleton sessionStorage replacing per-instance storage; changed env var from PUBLIC_EREPUTATION_BASE_URL to VITE_EREPUTATION_BASE_URL; added security-violation path with diagnostic logging and signature/user-key validation; updated session lifecycle across createSession, getSession, expiration cleanup, and processSignedPayload
Modal UI Component Updates platforms/eReputation/client/src/components/modals/other-calculation-modal.tsx, platforms/eReputation/client/src/components/modals/reference-modal.tsx	Updated search result and selected target rendering to display ename with '@' prefix for user targets (or 'no ename' fallback), capitalized type for non-user targets, and improved layout with flex containers and text truncation to prevent overflow

Sequence Diagram

sequenceDiagram
    participant Client
    participant ReferenceSigningSessionService
    participant sessionStorage as Module-Level Storage

    Client->>ReferenceSigningSessionService: createSession(userId, payload)
    ReferenceSigningSessionService->>sessionStorage: sessions.set(sessionId, session)

    Client->>ReferenceSigningSessionService: processSignedPayload(sessionId, signature, publicKey)
    ReferenceSigningSessionService->>sessionStorage: sessions.get(sessionId)
    
    rect rgb(255, 240, 245)
        Note over ReferenceSigningSessionService: Signature & User-Key Validation
        alt Validation Success
            ReferenceSigningSessionService->>sessionStorage: update session.status = "completed"
            ReferenceSigningSessionService->>Client: ✓ Completion confirmed
        else Security Violation
            ReferenceSigningSessionService->>sessionStorage: emit security_violation event
            ReferenceSigningSessionService->>Client: ✗ Security violation detected
            Note over Client: Log diagnostic info (storage size, keys)
        end
    end

    Client->>ReferenceSigningSessionService: getSession(sessionId)
    ReferenceSigningSessionService->>sessionStorage: sessions.get(sessionId)
    ReferenceSigningSessionService->>Client: return session

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• ReferenceSigningSessionService.ts: Significant architectural change from instance-level to module-level singleton storage pattern; security-violation handling and validation logic require careful examination
• Environment variable migration: Change from PUBLIC_EREPUTATION_BASE_URL to VITE_EREPUTATION_BASE_URL affects initialization and requires verification across deployment contexts
• Security-critical path: Signature and user-key alignment validation with security-violation event emission needs scrutiny
• Multi-file heterogeneity: Changes span backend services, API controllers, and UI components with distinct reasoning required per cohort

Possibly related PRs

• feat: charter signature verification error display #317: Adds SSE emit and client-side handling for security_violation events alongside server-side security_violation detection in signing sessions
• chore: signing bug #315: Implements matching security check for publicKey against user ename with security-violation path on mismatch
• chore: force signing modal #456: Modifies reference-modal.tsx target/selected-target rendering (overlaps main PR's ename and truncation updates to same component)

Suggested labels

evault-refactor

Suggested reviewers

• ananyayaya129
• sosweetham
• xPathin

Poem

🐰✨ A singleton springs forth, secure and spry,
Sessions shared across the digital sky,
Enames now flutter where targets reside,
With truncated grace and @ as our guide,
The vault's promise encoded in every reply! 🔐

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	⚠️ Warning	The PR description is largely incomplete. While it identifies the change type as 'Fix', it lacks critical details: no issue number, no testing methodology, vague problem statement, and missing explanations for the multiple technical changes across files.	Add issue number, explain the specific bug being fixed, describe how changes were tested, and detail the purpose of each file modification (GroupController ename field, CalculationService prompt, ReferenceSigningSessionService storage refactor, UI truncation updates).

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: ereputation signing session logic and cosmetic changes' clearly describes the main changes: fixing signing session logic and making UI cosmetic updates.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/ereputation-signing-session-not-found

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

platforms/eReputation-api/src/services/CalculationService.ts (1)

158-158: Consider improving prompt clarity and grammar.

The prompt instruction is lengthy and has minor grammar issues. The phrase "which mentions" should be "that mention" (plural agreement), and the compound sentence could be broken up for better clarity.

Consider this refactor:

-You are analyzing the reputation of "${targetName}" based on the following user values and references. Remember that the user may also supply a wishlist, only focus on the part of the wishlist and values which mentions what the user values in a person, group, or platform, depending on what type of profile it is that you are evaluating, do not care about anything else in the wishlist.
+You are analyzing the reputation of "${targetName}" based on the following user values and references. 
+
+If a wishlist is provided, only focus on the parts that describe what the user values in the profile type being evaluated (person, group, or platform). Ignore other wishlist content.

platforms/eReputation/client/src/components/modals/reference-modal.tsx (1)

519-530: Consider extracting duplicated target rendering logic.

The target result rendering logic (lines 519-530) is nearly identical to the same logic in platforms/eReputation/client/src/components/modals/other-calculation-modal.tsx (lines 477-486). This duplication creates maintenance overhead.

Consider extracting this into a shared component like <TargetResultItem> that both modals can use:

// components/ui/target-result-item.tsx
interface TargetResultItemProps {
  result: any;
  targetType: string;
  onClick: () => void;
}

export function TargetResultItem({ result, targetType, onClick }: TargetResultItemProps) {
  return (
    <button onClick={onClick} className="w-full text-left px-4 py-3 hover:bg-fig-10 transition-colors border-b border-fig/10 last:border-b-0 first:rounded-t-2xl last:rounded-b-2xl">
      <div className="flex items-center gap-3">
        <div className="w-8 h-8 bg-fig/10 rounded-lg flex items-center justify-center">
          {/* icon logic */}
        </div>
        <div className="flex-1 min-w-0">
          <div className="font-bold text-fig truncate">
            {result.name || result.ename || result.handle || 'Unknown'}
          </div>
          <div className="text-xs text-fig/70">
            {targetType === 'user' ? (
              result.ename ? (result.ename.startsWith('@') ? result.ename : `@${result.ename}`) : 'no ename'
            ) : (
              <span className="capitalize">{result.type || result.category || targetType}</span>
            )}
          </div>
        </div>
      </div>
    </button>
  );
}

platforms/eReputation-api/src/services/ReferenceSigningSessionService.ts (2)

41-42: Module-level singleton storage fixes session lookup but has architectural limitations.

This change likely addresses the core bug mentioned in the PR title. By using a module-level singleton instead of per-instance storage, sessions are now shared across all ReferenceSigningSessionService instances, preventing "session not found" errors when different instances handle creation vs. lookup.

However, this approach has limitations:

• Sessions are lost on server restart
• Not suitable for multi-process/distributed deployments
• Sessions exist only in memory of a single Node.js process

For production deployments:

• Consider using Redis or another distributed cache for session storage
• Add session persistence to handle server restarts gracefully
• Implement session cleanup to prevent memory leaks from expired sessions

---

109-110: Diagnostic logging helps debugging but consider log levels.

The added logging at lines 109-110 and 115 helps diagnose the "session not found" issue. However, logging all session IDs (line 110) could be verbose in production with many active sessions.

Consider using debug-level logging or limiting the output:

-        console.log(`Current session storage size: ${sessionStorage.size}`);
-        console.log(`Session IDs in storage:`, Array.from(sessionStorage.keys()));
+        console.log(`Current session storage size: ${sessionStorage.size}`);
+        if (sessionStorage.size < 20) {
+            console.log(`Session IDs in storage:`, Array.from(sessionStorage.keys()));
+        }

Also applies to: 115-115

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f8b9b1f and 72c270a.

📒 Files selected for processing (5)

• platforms/eReputation-api/src/controllers/GroupController.ts (1 hunks)
• platforms/eReputation-api/src/services/CalculationService.ts (1 hunks)
• platforms/eReputation-api/src/services/ReferenceSigningSessionService.ts (6 hunks)
• platforms/eReputation/client/src/components/modals/other-calculation-modal.tsx (1 hunks)
• platforms/eReputation/client/src/components/modals/reference-modal.tsx (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (5)

platforms/eReputation/client/src/components/modals/other-calculation-modal.tsx (1)

477-486: LGTM! Improved layout with proper truncation and ename handling.

The updated rendering logic properly handles long names with truncation and conditionally displays ename for user targets with appropriate fallbacks. The layout improvements using flex-1 min-w-0 ensure text truncation works correctly in flexbox containers.

platforms/eReputation/client/src/components/modals/reference-modal.tsx (1)

547-553: LGTM! Proper truncation handling for selected target display.

The layout updates correctly prevent the icon from shrinking (flex-shrink-0) while allowing the text to truncate properly with flex-1 min-w-0 and the truncate class. This ensures long target names don't break the layout.

platforms/eReputation-api/src/services/ReferenceSigningSessionService.ts (2)

76-77: LGTM! Consistent usage of module-level sessionStorage.

All references to session storage have been consistently updated to use the module-level sessionStorage Map instead of instance-level storage. The logging at line 77 helps with debugging session state.

Also applies to: 81-81, 84-84, 92-92, 101-101, 153-153, 192-192

---

142-164: LGTM! Proper security violation handling with graceful error response.

The security check correctly validates that the signing public key matches the user's ename who created the session. The implementation:

• Strips @ prefixes for comparison (lines 139-140)
• Updates session status to security_violation (lines 152-153)
• Returns an error result instead of throwing, enabling graceful client-side handling
• Logs detailed diagnostic information (lines 143-149)

The client-side SSE handler in reference-modal.tsx (lines 187-194) properly handles this security_violation status, showing an appropriate user message.

platforms/eReputation-api/src/controllers/GroupController.ts (1)

32-32: ename field is properly defined and nullable in Group entity.

The verification confirms that the Group entity in platforms/eReputation-api/src/database/entities/Group.ts (line 61-62) includes the ename field with @Column({ nullable: true}), allowing it to be null in the database. The response mapping correctly includes this field, and since it's properly marked as nullable, passing it to the client as-is is appropriate.