Skip to content

feat: status list update for bbs and v2.0#89

Merged
rongquan1 merged 5 commits into
alphafrom
feat/update-status-list-bbs2023
Oct 8, 2025
Merged

feat: status list update for bbs and v2.0#89
rongquan1 merged 5 commits into
alphafrom
feat/update-status-list-bbs2023

Conversation

@Moiz47
Copy link
Copy Markdown
Contributor

@Moiz47 Moiz47 commented Oct 1, 2025
edited by coderabbitai Bot
Loading

Summary

  • Added test case for BB2023 for creating VC with status list.
  • Validation for createCredentialStatusPayload to ensure Credential Status are created for datamodel v2.0 with newer crypto suite
  • Support existing 1.1 VC that are resolvable

Summary by CodeRabbit

  • New Features

    • Default credential status now uses the v2 Bitstring Status List with a modern cryptosuite.
    • Automatic validation blocks unsupported combinations and provides clearer error messages.
    • Backward compatibility retained for existing v1.1 credentials when their status list is resolvable.

  • Documentation

    • README updated to emphasize v2, with migration guidance, revised terminology, and examples for both v2 and legacy flows, including cryptosuite options.

  • Tests

    • Expanded coverage for v2 behavior, legacy compatibility, and error scenarios.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Oct 1, 2025
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The PR updates w3c-credential-status defaults and validation to prioritize v2.0 BitstringStatusList with ecdsa-sd-2023, adds guardrails for legacy v1.1 StatusList2021 with BbsBlsSignature2020, extends tests to cover new flows and errors, and revises README to document v2.0 emphasis with legacy compatibility.

Changes

Cohort / File(s) Summary
Documentation refresh (v2 focus, legacy guidance)
packages/w3c-credential-status/README.md		 Rewrites README to emphasize v2.0 BitstringStatusList, adds migration notes, updates examples/terminology, and documents dual support (v2.0 + legacy v1.1).
API defaults and validation hook
packages/w3c-credential-status/src/lib/index.ts		 Changes createCredentialStatusPayload defaults to BitstringStatusListCredential and ecdsa-sd-2023; invokes validateCredentialStatus(...) before building payload.
Validation utilities (type/cryptosuite rules)
packages/w3c-credential-status/src/lib/utils.ts		 Adds validateCredentialStatus enforcing: no BbsBlsSignature2020 with Bitstring v2; legacy StatusList2021 must use BbsBlsSignature2020 and resolvable id with VC v1 context; fetch-based checks and error messages.
Tests for v2, legacy, and BBS-2023
packages/w3c-credential-status/src/lib/index.test.ts		 Extends imports (Bbs2023 keys, VC_V1_URL, vitest). Adds positive v2 ECDSA-SD and BBS-2023 paths, legacy v1.1 StatusList2021 checks, and error cases for unsupported combinations and unresolved URLs; updates context/type assertions and ensures no issuanceDate for v2.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Caller
  participant CS as createCredentialStatusPayload
  participant VU as validateCredentialStatus
  participant Net as HTTP(S) Fetch

  Dev->>CS: call(options, type?, cryptoSuite?)
  note over CS: Defaults: BitstringStatusListCredential + ecdsa-sd-2023
  CS->>VU: validateCredentialStatus(options, type, cryptoSuite)

  alt type = BitstringStatusListCredential
    alt cryptoSuite = BbsBlsSignature2020
      VU-->>CS: throw Error("Not supported for v2")
      CS-->>Dev: Error
    else cryptoSuite = ecdsa-sd-2023 or bbs-2023
      VU-->>CS: OK
      CS-->>Dev: Build v2 payload (no issuanceDate)
    end
  else type = StatusList2021Credential
    alt cryptoSuite != BbsBlsSignature2020 or missing id
      VU-->>CS: throw Error("Require BbsBlsSignature2020 and resolvable id")
      CS-->>Dev: Error
    else valid id
      VU->>Net: GET options.id
      alt Resolved with VC v1 context
        Net-->>VU: 200 + VC (@context includes VC_V1_URL)
        VU-->>CS: OK
        CS-->>Dev: Build legacy v1.1 payload
      else Not resolved or wrong context
        Net-->>VU: 404 / wrong @context
        VU-->>CS: throw Error("Use modern cryptosuite for new VCs")
        CS-->>Dev: Error
      end
    end
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested labels

released on @alpha

Suggested reviewers

  • RishabhS7
  • nghaninn

Poem

A nib of nibble, I stamp the list—
From 2021 to Bitstrings kissed.
ECDSA hops, BBS thumps,
Legacy burrows, modern jumps.
URLs resolve, contexts align—
My paws approve this tidy design. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The description only provides a brief summary and does not follow the repository’s required template, omitting the “Changes” section detailing specific modifications, the “Issues” section linking related tickets, and the “Releases” section specifying channels and ETA, which makes it incomplete for reviewers. Please revise the pull request description to match the template by adding a detailed “Changes” section that enumerates the modifications, an “Issues” section with related issue references, and a “Releases” section specifying target channels and an ETA.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The title clearly describes the primary feature added by this changeset, namely updating the status list functionality for BBS cryptosuites and v2.0 support, and it uses concise, conventional commit phrasing without extraneous details.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@Moiz47 Moiz47 requested a review from rongquan1 October 6, 2025 06:01
@rongquan1
Copy link
Copy Markdown
Contributor

rongquan1 commented Oct 6, 2025

@coderabbitai review

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Oct 6, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai[bot]
coderabbitai Bot reviewed Oct 6, 2025
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (1)
packages/w3c-credential-status/src/lib/index.test.ts (1)

42-103: Restore spies between tests for isolation

Once you call vi.spyOn(utils, 'validateCredentialStatus'), that mock stays active for the remainder of the suite. Adding a simple afterEach(() => vi.restoreAllMocks()); inside this describe keeps later tests honest and prevents future regressions from accidentally sliding past the validation because a spy was left behind.

 describe('w3c-credential-status', () => {
   describe('createCredentialStatusVC', () => {
+    afterEach(() => {
+      vi.restoreAllMocks();
+    });
+
     it('Should throw error when trying to create new VC with BLS cryptosuite', async () => {
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d7bade6 and 2b579e2.

📒 Files selected for processing (4)
  • packages/w3c-credential-status/README.md (10 hunks)
  • packages/w3c-credential-status/src/lib/index.test.ts (5 hunks)
  • packages/w3c-credential-status/src/lib/index.ts (2 hunks)
  • packages/w3c-credential-status/src/lib/utils.ts (2 hunks)

Comment thread packages/w3c-credential-status/README.md
Comment on lines +172 to 219
const optionsV2 = {
id: hostingUrl,
credentialSubject: {
id: `${hostingUrl}#list`,
type: 'StatusList2021', // v1.1 credential subject type
type: 'BitstringStatusList', // v2.0 credential subject type
statusPurpose: purpose,
encodedList,
};
}

const credentialStatusVCV1 = await createCredentialStatusPayload(
optionsV1,
// Example with ECDSA-SD-2023
const credentialStatusVCV2_ECDSA = await createCredentialStatusPayload(
optionsV2,
keyPair,
'StatusList2021Credential', // v1.1 credential type
'BbsBlsSignature2020' // legacy cryptosuite
'BitstringStatusListCredential', // v2.0 credential type
'ecdsa-sd-2023' // modern cryptosuite
);

// Example for W3C VC Data Model v2.0 (modern)
const optionsV2 = {
// Example with BBS-2023
const credentialStatusVCV2_BBS = await createCredentialStatusPayload(
optionsV2,
keyPair,
'BitstringStatusListCredential', // v2.0 credential type
'bbs-2023' // modern cryptosuite
);

console.log('Credential Status VC (ECDSA):', credentialStatusVCV2_ECDSA);
console.log('Credential Status VC (BBS):', credentialStatusVCV2_BBS);


// Example for W3C VC Data Model v1.1 (legacy) - works with existing v1.1 where the hostingUrl is resolvable
const optionsV1 = {
id: hostingUrl,
credentialSubject: {
id: `${hostingUrl}#list`,
type: 'BitstringStatusList', // v2.0 credential subject type
type: 'StatusList2021', // v1.1 credential subject type
statusPurpose: purpose,
encodedList,
};
}

const credentialStatusVCV2 = await createCredentialStatusPayload(
optionsV2,
const credentialStatusVCV1 = await createCredentialStatusPayload(
optionsV1,
keyPair,
'BitstringStatusListCredential', // v2.0 credential type
'ecdsa-sd-2023' // modern cryptosuite
'StatusList2021Credential', // v1.1 credential type
'BbsBlsSignature2020' // legacy cryptosuite
);

console.log('Credential Status VC:', credentialStatusVCV2);

// Sign the credential status payload
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Fix TypeScript snippet syntax.

The README examples won’t compile as-is. The object literals terminate with }; instead of },, and the createCredentialStatusPayload call misses a comma between the credential type and crypto suite arguments. Readers copying this code will hit syntax errors immediately. Please patch the sample:

 const optionsV2 = {
     id: hostingUrl,
     credentialSubject: {
       id: `${hostingUrl}#list`,
       type: 'BitstringStatusList', // v2.0 credential subject type
       statusPurpose: purpose,
       encodedList,
-    };
-}
+    },
+};
 …
 const credentialStatusVCV2_BBS = await createCredentialStatusPayload(
   optionsV2, 
   keyPair, 
-  'BitstringStatusListCredential', // v2.0 credential type
-  'bbs-2023' // modern cryptosuite
+  'BitstringStatusListCredential', // v2.0 credential type,
+  'bbs-2023' // modern cryptosuite
 );
 …
 const optionsV1 = {
     id: hostingUrl,
     credentialSubject: {
       id: `${hostingUrl}#list`,
       type: 'StatusList2021', // v1.1 credential subject type
       statusPurpose: purpose,
       encodedList,
-    };
-}
+    },
+};
 …
 const credentialStatusPayload = await createCredentialStatusPayload(
   {
     id: hostingUrl,
     credentialSubject: {
       id: `${hostingUrl}#list`,
       type: 'BitstringStatusList',
       statusPurpose: purpose,
       encodedList,
     },
   },
   keypairData, // Your key pair data
-  'BitstringStatusListCredential'
+  'BitstringStatusListCredential',
   'ecdsa-sd-2023' // Use 'ecdsa-sd-2023' or 'bbs-2023'
 );

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In packages/w3c-credential-status/README.md around lines 172 to 219, the
TypeScript examples contain syntax errors: object literals end with "};" instead
of "}," and some createCredentialStatusPayload calls are missing commas between
the credential type and crypto-suite arguments. Fix by replacing the terminating
"};" on the optionsV2 and optionsV1 objects with "}," (so the surrounding code
remains valid), and add the missing comma between the third and fourth arguments
in each createCredentialStatusPayload call (e.g., between the credential type
string and the crypto-suite string) so the calls are valid comma-separated
argument lists.

Comment thread packages/w3c-credential-status/src/lib/utils.ts Outdated
Comment on lines +211 to +224
// if vc already exists with v1.1 context and StatusList2021Credential allow BbsBlsSignature2020
try {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const credential = (await fetchCredentialStatusVC(id)) as any;
if (!credential?.['@context']?.includes(VC_V1_URL)) {
throw new Error(
'Please use the recommended BitstringStatusListCredential with modern cryptosuite.',
);
}
} catch {
throw new Error(
'Credential Status VC not found. For creating new VCs, please use BitstringStatusListCredential with modern cryptosuite.',
);
}
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Oct 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Keep the modern-cryptosuite guidance reachable

Line 215 currently throws new Error('Please use the recommended BitstringStatusListCredential…'), but the surrounding try/catch immediately swallows it and replaces it with the generic “Credential Status VC not found…” message. Callers never see the targeted guidance when the VC resolves but lacks the v1 context, which defeats the purpose of that new check. Please separate the fetch failure handling from the context validation so the specific error can bubble up.

-    try {
-      const credential = (await fetchCredentialStatusVC(id)) as any;
-      if (!credential?.['@context']?.includes(VC_V1_URL)) {
-        throw new Error(
-          'Please use the recommended BitstringStatusListCredential with modern cryptosuite.',
-        );
-      }
-    } catch {
-      throw new Error(
-        'Credential Status VC not found. For creating new VCs, please use BitstringStatusListCredential with modern cryptosuite.',
-      );
-    }
+    let credential: any;
+    try {
+      credential = (await fetchCredentialStatusVC(id)) as any;
+    } catch {
+      throw new Error(
+        'Credential Status VC not found. For creating new VCs, please use BitstringStatusListCredential with modern cryptosuite.',
+      );
+    }
+
+    if (!credential?.['@context']?.includes(VC_V1_URL)) {
+      throw new Error(
+        'Please use the recommended BitstringStatusListCredential with modern cryptosuite.',
+      );
+    }
🤖 Prompt for AI Agents 
In packages/w3c-credential-status/src/lib/utils.ts around lines 211 to 224, the
try/catch wraps both fetching and context validation so the specific "Please use
the recommended BitstringStatusListCredential…" Error thrown when the VC lacks
the v1 context is swallowed and replaced by the generic fetch failure message;
separate concerns by catching only fetch errors (e.g., try { credential = await
fetchCredentialStatusVC(id) } catch (err) { throw new Error('Credential Status
VC not found...') } ) and perform the context check outside that catch so the
targeted Error for missing v1 context is allowed to propagate to callers.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Oct 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@rongquan1 rongquan1 merged commit c49bbfe into alpha Oct 8, 2025
12 checks passed
@rongquan1 rongquan1 deleted the feat/update-status-list-bbs2023 branch October 8, 2025 02:01
nghaninn pushed a commit that referenced this pull request Oct 8, 2025
@semantic-release-bot
chore(release): @trustvc/w3c-credential-status@1.3.0-alpha.13 [skip ci]
8cca257 
# [1.3.0-alpha.13](https://github.com/TrustVC/w3c/compare/@trustvc/w3c-credential-status@1.3.0-alpha.12...@trustvc/w3c-credential-status@1.3.0-alpha.13) (2025-10-08)

### Features

* status list update for bbs and v2.0 ([#89](#89)) ([c49bbfe](c49bbfe))
@tradetrustimda
Copy link
Copy Markdown

tradetrustimda commented Oct 8, 2025

🎉 This PR is included in version 1.3.0-alpha.13 🎉

The release is available on:

Your semantic-release bot 📦🚀

nghaninn pushed a commit that referenced this pull request Oct 8, 2025
@semantic-release-bot
chore(release): @trustvc/w3c-vc@1.3.0-alpha.16 [skip ci]
c8de122 
# [1.3.0-alpha.16](https://github.com/TrustVC/w3c/compare/@trustvc/w3c-vc@1.3.0-alpha.15...@trustvc/w3c-vc@1.3.0-alpha.16) (2025-10-08)

### Features

* status list update for bbs and v2.0 ([#89](#89)) ([c49bbfe](c49bbfe))
@tradetrustimda
Copy link
Copy Markdown

tradetrustimda commented Oct 8, 2025

🎉 This PR is included in version 1.3.0-alpha.16 🎉

The release is available on:

Your semantic-release bot 📦🚀

nghaninn pushed a commit that referenced this pull request Oct 8, 2025
@semantic-release-bot
chore(release): @trustvc/w3c@1.3.0-alpha.16 [skip ci]
42de1a2 
# [1.3.0-alpha.16](https://github.com/TrustVC/w3c/compare/@trustvc/w3c@1.3.0-alpha.15...@trustvc/w3c@1.3.0-alpha.16) (2025-10-08)

### Features

* status list update for bbs and v2.0 ([#89](#89)) ([c49bbfe](c49bbfe))
@tradetrustimda
Copy link
Copy Markdown

tradetrustimda commented Oct 8, 2025

🎉 This PR is included in version 1.3.0-alpha.16 🎉

The release is available on:

Your semantic-release bot 📦🚀

This was referenced Nov 10, 2025
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@rongquan1 rongquan1 rongquan1 approved these changes

Assignees

No one assigned

Labels

released on @alpha

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Moiz47 @rongquan1 @tradetrustimda @moiz-sgtradex