chore: update ref documents

[RishabhS7]

Summary

Update all documents with redirection to ref website

Releases

Jira Tiket

Summary by CodeRabbit

• New Features
  • Added postcode and country subdivision fields to certificate of origin samples (exporter, importer, manufacturer).
• Bug Fixes
  • Normalized export country code from “In” to “IN”.
• Documentation
  • Updated sample party details (exporter/importer/consignee/notify) and transport info.
  • Reformatted embedded renderer entries for readability.
• Chores
  • Refreshed all sample OA documents with new dataset values, attachments/logos, and token IDs.
  • Updated QR code links to redirect via ref.tradetrust.io.
  • Regenerated cryptographic proofs/signatures and timestamps across samples.

[coderabbitai]

Walkthrough

This PR refreshes numerous public JSON fixtures, replacing identifiers, parties, addresses, items, transport details, QR/link URIs, and cryptographic proofs. Some VC datasets add address fields and normalized country codes. No source code changes; schemas remain consistent across OA and VC variants.

Changes

Cohort / File(s)	Summary
OA: Certificate of Origin fixtures public/static/OA/certificate-of-origin-default.json, ...-expired.json, ...-redacted.json, ...-revoked.json	Data-wide reseed across issuer, network/template, supply chain consignment, attachments, links (redirect to ref), and OA signatures/proofs; structure unchanged.
OA: Electronic Promissory Notes public/static/OA/electronic-promissory-note-operative.json, ...-inoperative.json	Rewritten issuer/network/template and document fields (drawer/drawee, financials), updated links and OA signatures; structure unchanged.
OA: Invoices public/static/OA/invoice-default.json, ...-expired.json, ...-redacted.json, ...-revoked.json	Replaced billFrom/billTo/items and invoice meta; updated network/template, links, and OA signatures; expired variant adjusts expiration field placement.
OA: Warehouse Receipts public/static/OA/warehouse-receipt-operative.json, ...-inoperative.json	Updated issuer/network/template, receipt details, goods, logo/SPL, links, and OA signatures; no schema changes.
VC: Bill of Lading public/static/bill-of-lading-operative.json, ...-inoperative.json	Updated consignee/notify names, qrCode URIs (redirect to ref), ids/tokenIds, timestamps, and proofs; duplicated sections updated consistently.
VC: Certificate of Origin public/static/certificate-of-origin-default.json, ...-expired.json, ...-redacted.json, ...-revoked.json	Normalized codes/names, transport text updates, new address fields (exporter/importer/manufacturer), qrCode URIs, ids, and proofs; schema additions noted.
VC: Electronic Promissory Note public/static/electronic-promissory-note-operative.json, ...-inoperative.json	Formatting cleanups; removed some email fields; updated jurisdiction/dates; qrCode URIs, tokenIds, ids, and proofs refreshed.
VC: Invoice public/static/invoice-default.json, ...-expired.json, ...-redacted.json, ...-revoked.json	BillFrom/To updates; qrCode URIs (redirect to ref); ids/proofs refreshed; one addition of billToCompanyPhoneNumber; issuer/issuance dates mostly unchanged.
VC: Warehouse Receipt public/static/warehouse-receipt-operative.json, ...-inoperative.json	qrCode URIs switched to encoded actions with ref redirect; tokenIds/ids/proofs updated; other credential fields unchanged.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

In burrows deep I flip each GUID string,
New hashes hum—a merkle-rooted ring.
QR trails hop to ref with sprightly cheer,
Consignments, notes, and invoices appear.
Carrots signed, proofs recalculated bright—
Ship it! Thump-thump—another data night. 🥕

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/update-ref-documents

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for tradetrust-gallery ready!

Name	Link
🔨 Latest commit	ca1395d
🔍 Latest deploy log	https://app.netlify.com/projects/tradetrust-gallery/deploys/689955c097ae1200081b4bdc
😎 Deploy Preview	https://deploy-preview-16--tradetrust-gallery.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Actionable comments posted: 6

🔭 Outside diff range comments (1)

public/static/certificate-of-origin-revoked.json (1)

75-75: sequenceNumber should not be negative

tradeLineItems.sequenceNumber is -4. Sequence/order numbers are expected to be non-negative integers. This may break consumers that sort/validate.

Consider updating to a positive ordinal:

-            "sequenceNumber": -4
+            "sequenceNumber": 1

If negative was intentional for a specific test case, add a comment in the fixture README noting the rationale and downstream compatibility.

🧹 Nitpick comments (6)

public/static/warehouse-receipt-operative.json (1)

63-63: Static analysis false positive: tokenId is not a secret

Gitleaks flagged tokenId as a “Generic API Key”. This is a public on-chain identifier, not a credential. Suggest adding an allowlist rule (e.g., in .gitleaks.toml) scoping out JSON paths matching credentialStatus.tokenId under public/static.

public/static/electronic-promissory-note-inoperative.json (1)

48-48: Static analysis false positive: tokenId

This is a public identifier, not a secret. Consider allowlisting as noted in warehouse-receipt comment.

public/static/bill-of-lading-operative.json (1)

85-85: Static analysis false positive: tokenId

Public on-chain identifier; safe to commit. Suggest adding a Gitleaks ignore rule scoped to these fixture paths/keys.

public/static/warehouse-receipt-inoperative.json (1)

62-64: Gitleaks “generic-api-key” is a false positive here

tokenRegistry (an Ethereum address) and tokenId (a public hash-like identifier) are expected public values in fixtures. They are not credentials or secrets.

You can silence these with an ignore rule. Example gitleaks config snippet:

+rules:
+  - id: allow-eth-addresses-in-fixtures
+    description: Allow Ethereum addresses/hashes in static fixtures
+    regex: '(0x[a-fA-F0-9]{40}|[a-f0-9]{64})'
+    path:
+      - 'public/static/.*\.json'
+    entropy:
+      enabled: false

Alternatively, add these files to .gitleaksignore.

public/static/OA/electronic-promissory-note-operative.json (1)

52-52: Embedded logo is large; consider deduplication if repo size is a concern.

If multiple fixtures embed the same base64 image, consider referencing a shared static asset to reduce repo weight. Optional.

public/static/OA/warehouse-receipt-operative.json (1)

32-33: Logo and SPL reseeded.

Looks fine. As an optional optimization, consider centralizing the base64 logo to reduce duplication across fixtures.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68c4417 and ca1395d.

📒 Files selected for processing (26)

• public/static/OA/certificate-of-origin-default.json (1 hunks)
• public/static/OA/certificate-of-origin-expired.json (1 hunks)
• public/static/OA/certificate-of-origin-redacted.json (1 hunks)
• public/static/OA/certificate-of-origin-revoked.json (1 hunks)
• public/static/OA/electronic-promissory-note-inoperative.json (1 hunks)
• public/static/OA/electronic-promissory-note-operative.json (1 hunks)
• public/static/OA/invoice-default.json (1 hunks)
• public/static/OA/invoice-expired.json (1 hunks)
• public/static/OA/invoice-redacted.json (1 hunks)
• public/static/OA/invoice-revoked.json (1 hunks)
• public/static/OA/warehouse-receipt-inoperative.json (1 hunks)
• public/static/OA/warehouse-receipt-operative.json (1 hunks)
• public/static/bill-of-lading-inoperative.json (2 hunks)
• public/static/bill-of-lading-operative.json (2 hunks)
• public/static/certificate-of-origin-default.json (5 hunks)
• public/static/certificate-of-origin-expired.json (5 hunks)
• public/static/certificate-of-origin-redacted.json (1 hunks)
• public/static/certificate-of-origin-revoked.json (5 hunks)
• public/static/electronic-promissory-note-inoperative.json (1 hunks)
• public/static/electronic-promissory-note-operative.json (2 hunks)
• public/static/invoice-default.json (2 hunks)
• public/static/invoice-expired.json (2 hunks)
• public/static/invoice-redacted.json (2 hunks)
• public/static/invoice-revoked.json (2 hunks)
• public/static/warehouse-receipt-inoperative.json (1 hunks)
• public/static/warehouse-receipt-operative.json (1 hunks)

🧰 Additional context used

🪛 Gitleaks (8.27.2)

public/static/warehouse-receipt-inoperative.json

62-62: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

63-63: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

public/static/warehouse-receipt-operative.json

62-62: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

63-63: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🔇 Additional comments (73)

public/static/invoice-default.json (4)

10-14: Render method formatting only

Converted to multi-line; semantics unchanged. No issues.

---

18-18: Sanitized identities look good

Updated sender/receiver fields and example email; aligns with redirection objective. No functional concerns.

Also applies to: 24-26

---

61-61: ID and proof rotated

IDs/timestamps/signature updated. Ensure the VC verifies against did:web:trustvc.github.io:did:1#keys-1.

Also applies to: 64-66

---

57-57: QR payloads verified across all JSON manifests

All qrCode.uri and links.self.href payloads now correctly point to actions.tradetrust.io with a redirect of https://ref.tradetrust.io/, and each payload.uri matches its own gallery.tradetrust.io/static/... URL:

• Public-static VC JSON files: payloads pass as-is.
• OA JSON files prepend an <id>:string: prefix before the encoded URL; stripping that prefix confirms each encoded URL also passes validation.

No changes to the payloads are required. Everything is consistent across the repo.

public/static/invoice-expired.json (3)

18-18: Identity field refresh

Sender/receiver updates and example email look correct; no schema deviations.

Also applies to: 24-26

---

57-57: QR redirect switched to ref — verify payload

Same verification as invoice-default applies.

---

62-62: ID/proof rotated with expiry retained

Expiration unchanged; proof material updated. Confirm signature validation passes.

Also applies to: 65-67

public/static/warehouse-receipt-operative.json (2)

57-57: QR redirect migrated to ref

Encoded Actions URL looks consistent. Verify payload (see repo-wide script in invoice-default comment).

---

67-67: ID/proof refresh

New VC id and BBS signature timestamp/value are expected with re-issuance. No issues spotted.

Also applies to: 70-72

public/static/invoice-revoked.json (3)

28-28: Identity updates and example email

Changes are consistent and reduce PII risk. LGTM.

Also applies to: 34-35

---

67-67: QR redirect updated

Payload should decode to this document’s URL with redirect to ref.tradetrust.io; verify via the provided script.

---

71-71: ID/proof rotated; revocation list context unchanged

Ensure the StatusList2021 entry referenced still marks this VC as revoked at index "2".

Also applies to: 74-76

public/static/invoice-redacted.json (3)

10-10: VC id and QR refresh

Top-level id rotated; QR now redirects to ref. Verify QR payload integrity (repo-wide script).

Also applies to: 15-15

---

19-19: Template/subject identifiers updated

Renderer @id and subject id adjustments are consistent with redaction. No issues.

Also applies to: 26-26

---

37-41: BBS proof re-generated

created/nonce/proofValue updated; verificationMethod unchanged. Recommend re-running verifier to ensure zero-knowledge proof validates.

public/static/electronic-promissory-note-inoperative.json (4)

11-15: Render method formatting

Multi-line formatting only; no functional change.

---

26-26: Business-date consistency check

• draweeJurisdiction updated (OK).
• signerTimeStamp: 2025-06-10
• dueDate: 2025-06-19
• commitmentDate: 2025-12-10

Commitment after the due date may be unintended. Please confirm the intended semantics and adjust if needed.

Also applies to: 34-34, 37-37

---

42-42: QR redirect migrated to ref

Same payload verification as others applies.

---

51-52: ID/issuance/proof rotated

Expected with re-issuance; no schema concerns.

Also applies to: 55-57

public/static/bill-of-lading-operative.json (3)

24-26: Consignee/notify party updates

Company name changes align with the data refresh. No issues.

---

79-79: QR redirect updated

Confirm payload fields via repo-wide verification script.

---

89-89: ID/proof updated

Rotated id/timestamps/signature; verificationMethod unchanged. Looks good.

Also applies to: 92-94

public/static/OA/invoice-redacted.json (8)

6-14: Issuer and identityProof updated

DID values updated; ensure they remain consistent with verificationMethod in proof section.

---

18-22: Bill-from/bill-to refresh

Data reseeded; schema retained. No issues.

Also applies to: 24-28

---

31-41: Line items updated

Descriptions/amounts adjusted; totals elsewhere reflect the changes. LGTM.

---

44-47: Template/network metadata updated

Renderer type/name/url and FREE network chainId "101010" preserved. No concerns.

Also applies to: 49-51

---

52-59: Document ids/totals and self link refreshed — verify Actions payload

links.self.href now points to encoded Actions URL with ref redirect. Validate via repo-wide script.

Also applies to: 62-62

---

68-68: Merkle proof sanity

targetHash equals merkleRoot; expected for single-leaf proofs. OK.

Also applies to: 71-71

---

75-75: OpenAttestation signature rotated

created/signature updated; verificationMethod unchanged. Recommend re-validating OA proof.

Also applies to: 79-79

---

83-89: Privacy obfuscation expanded

More obfuscatedData entries added. Confirm these correspond to the intended redacted fields.

public/static/OA/invoice-revoked.json (3)

69-69: Redirect updated to ref.tradetrust.io — OK

The URL-encoded self.href correctly points to actions.tradetrust.io with redirect to ref.tradetrust.io and chainId=101010. OA schema/shape remains intact.

---

75-78: OA proof refreshed — single-leaf Merkle proof looks consistent

targetHash equals merkleRoot, which is expected for single-document proofs. No issues spotted.

---

69-69: Audit JSON fixtures for redirect and chainId consistency

Please run the following updated audit script (no look-around regex) to ensure:

• All encoded redirect URLs point to ref.tradetrust.io
• All encoded chainId values equal 101010
• All plain‐text redirect keys point to https://ref.tradetrust.io/

#!/bin/bash
set -euo pipefail

# 1. Encoded redirects
if rg -n 'redirect%22%3A%22' -g 'public/static/**/*.json' | grep -v 'https%3A%2F%2Fref.tradetrust.io'; then
  echo "✗ Found encoded redirects not pointing to ref.tradetrust.io"
  exit 1
fi

# 2. Encoded chainId values
if rg -n 'chainId%22%3A%22' -g 'public/static/**/*.json' | grep -v '101010'; then
  echo "✗ Found encoded chainIds not equal to 101010"
  exit 1
fi

# 3. Plain‐text redirects
if rg -n '"redirect"' -g 'public/static/**/*.json' | grep -v 'https://ref.tradetrust.io/'; then
  echo "✗ Found plain redirects not pointing to https://ref.tradetrust.io/"
  exit 1
fi

echo "✔ All redirects and chainIds are correctly set"

Apply this check across all fixtures—especially in public/static/OA/invoice-revoked.json (lines 56–58 and 69).

public/static/electronic-promissory-note-operative.json (3)

10-16: Renderer format normalized — OK

renderMethod converted to array with EMBEDDED_RENDERER and generic template URL. No semantic change; looks good.

---

41-43: QR payload redirect migrated — OK

The URL-encoded QR code now redirects to ref.tradetrust.io with chainId=101010.

---

52-59: IDs/proof updated coherently

id, credentialStatus.tokenId, proof.created, and proofValue updated in tandem. No inconsistencies observed.

public/static/warehouse-receipt-inoperative.json (1)

57-58: QR payload redirect migrated — OK

The URL-encoded QR code now redirects to ref.tradetrust.io with chainId=101010.

public/static/certificate-of-origin-redacted.json (2)

13-16: QR payload redirect migrated — OK

The TrustVC QR now uses actions.tradetrust.io with redirect to ref.tradetrust.io; chainId=101010.

---

42-47: BBS selective disclosure proof refreshed — OK

created/nonce/proofValue updated consistently for BbsBlsSignatureProof2020. No schema issues spotted.

public/static/OA/electronic-promissory-note-inoperative.json (2)

29-31: Self link redirect migrated — OK

URL-encoded self.href uses actions.tradetrust.io with redirect to ref.tradetrust.io and chainId=101010.

---

58-61: OA Merkle proof updated — OK

targetHash == merkleRoot indicates a single-leaf proof. Looks consistent.

public/static/certificate-of-origin-revoked.json (2)

98-99: QR payload redirect migrated — OK

Encoded URI now redirects to ref.tradetrust.io with chainId=101010. CredentialStatus via StatusList2021 retained for revoked semantics.

---

101-109: Proof block refreshed — OK

issuanceDate/id updated; BBS signature created/proofValue updated accordingly. No schema issues observed.

public/static/OA/invoice-default.json (2)

68-69: Self link redirect migrated — OK

URL-encoded self.href targets ref.tradetrust.io; chainId=101010. Good.

---

74-77: OA proof updated — OK

targetHash/merkleRoot updated coherently for the reseeded data. No anomalies spotted.

public/static/OA/invoice-expired.json (3)

66-66: expirationDate present at data-level — sanity check

Expiration is provided under data.expirationDate with the usual encoded value. Assuming your renderer expects this field here, looks good.

If you want, I can scan templates to ensure they reference data.expirationDate (not an older location). Say the word and I’ll add a quick check.

---

69-71: Self link redirect migrated — OK

URL-encoded href uses actions.tradetrust.io with redirect to ref.tradetrust.io; chainId=101010.

---

75-78: OA proof updated — OK

Merkle fields refreshed consistently with the reseeded invoice. No issues found.

public/static/bill-of-lading-inoperative.json (2)

79-80: Redirect update looks correct

The QR/action URI now percent-encodes a redirect to ref.tradetrust.io with chainId 101010. Matches the PR intent.

---

85-96: Proof and identifiers rotated together — good; please verify end-to-end validation

tokenId, id, and proof.created/proofValue were updated in sync. Advise running your VC verification flow to confirm the new signature and DID resolve correctly against the same issuer method.

public/static/OA/warehouse-receipt-inoperative.json (2)

29-30: links.self.href now redirects via actions to ref.tradetrust.io

The encoded URL and chainId 101010 look consistent with other fixtures.

---

71-75: OA signature refresh tracked to new content

targetHash and merkleRoot align, and OpenAttestationSignature2018.created/signature updated. This is consistent with the reseeded payload.

Also applies to: 79-83

public/static/certificate-of-origin-expired.json (2)

89-90: Redirect update looks correct

The top-level QR/action URI includes redirect to ref.tradetrust.io and correct chainId.

---

65-67: Negative sequenceNumber — confirm intent

sequenceNumber is set to -4. If this is intentional to test validation paths, fine; otherwise consider a positive sequence and let ordering be explicit elsewhere.

public/static/OA/certificate-of-origin-revoked.json (2)

149-151: links.self.href redirect updated

Encoded actions URL with redirect to ref.tradetrust.io is present and consistent with the PR’s goal.

---

155-166: OA signature/merkle updates align with content changes

targetHash/merkleRoot and signature metadata updated. Looks coherent.

public/static/OA/certificate-of-origin-redacted.json (2)

120-121: links.self.href redirect is correct

The encoded actions link points to ref.tradetrust.io as intended.

---

126-137: Signature and privacy blocks refreshed appropriately

OA signature (targetHash/merkleRoot/created/signature) and privacy.obfuscatedData are updated consistently with the new payload.

Also applies to: 140-159

public/static/certificate-of-origin-default.json (3)

17-24: Country code normalization looks good

exportCountryCode corrected to "IN" and exporter/importer country data added. This aligns with ISO 3166-1 alpha-2 uppercase usage.

---

84-85: Redirect update looks correct

actions.tradetrust.io with redirect to ref.tradetrust.io encoded; chainId 101010 present.

---

61-62: Negative sequenceNumber — confirm if this is intentional test data

sequenceNumber is -4. If that’s by design to test UI/validation, keep it; otherwise consider a positive integer to avoid confusion.

public/static/OA/certificate-of-origin-expired.json (2)

149-150: links.self.href redirect looks correct

Encoded redirect points to ref.tradetrust.io as intended, with chainId 101010.

---

154-166: OA proof updated coherently with payload changes

targetHash/merkleRoot/created/signature updates look consistent.

public/static/OA/certificate-of-origin-default.json (2)

148-149: Redirect to ref.tradetrust.io confirmed

The actions link and chainId are correct.

---

154-165: OA signature/merkle refresh matches content reset

targetHash/merkleRoot and signature block are updated appropriately.

public/static/OA/electronic-promissory-note-operative.json (4)

6-15: Issuer, network, and template blocks look consistent with OA v2 expectations.

DID-based identityProof and tokenRegistry are present; network FREE/101010 matches gallery conventions. One note: values follow the uuid:string:value pattern. Please confirm your renderer/parsers consistently extract the value segment after the last colon for all displayed fields.

Would you like me to add a quick unit/fixture check to ensure the renderer trims uuid:string: prefixes across all fields?

Also applies to: 19-26

---

32-55: Content reseed is consistent; double-check display formatting for money and dates.

• amount uses a thousands separator ("50,000.00") and is a string; ensure template logic doesn’t attempt numeric math on it.
• Dates are plain ISO-like strings; confirm localized formatting where needed.

Do you want a smoke test that renders this doc via the generic template to catch any formatting regressions?

---

58-61: Signature and OA proof updated — structure looks valid.

• SHA3MerkleProof present, targetHash equals merkleRoot.
• OpenAttestationSignature2018 includes created, verificationMethod, signature.

Also applies to: 65-69

---

29-31: All OA fixtures validated and no stale links found

• Every links.self.href now correctly encodes redirect=https://ref.tradetrust.io/
• signature.targetHash equals signature.merkleRoot in all JSON files
• All network.chainId values are "101010"

LGTM.

public/static/OA/warehouse-receipt-operative.json (4)

6-15: Issuer, network, and template updates are coherent.

DID identityProof and tokenRegistry present; FREE/101010 network matches other fixtures. Values include uuid:string:value prefixes — ensure renderers parse the value segment consistently.

If helpful, I can add a small validator to scan all OA fixtures for fields using the prefixed format and assert template parsing coverage.

Also applies to: 19-26

---

29-31: Self link ref redirect confirmed.

Actions URL payload now redirects to ref.tradetrust.io as intended. Cross-repo check script provided in the promissory note comment covers this file too.

---

35-44: Warehouse receipt content reseeded; values remain plausible.

• Numeric weights are strings (consistent with prior templates).
• “pieces” set to "/" as a placeholder — confirm renderer handles this gracefully.
• Terms and conditions are large; display should truncate/collapse as needed.

Would you like a quick visual regression pass to confirm these render cleanly in the generic template?

Also applies to: 47-61, 63-68

---

72-75: Updated cryptographic proof is internally consistent.

• targetHash equals merkleRoot; empty proof array acceptable for single-leaf.
• OpenAttestationSignature2018 proof updated with new timestamp and signature.

Also applies to: 79-82

[coderabbitai]

⚠️ Potential issue

Expiration precedes issuance — likely inconsistent for an “expired” fixture

expirationDate is 2024-12-03 while issuanceDate is 2025-06-06. Typically, expiration should be ≥ issuance; otherwise the credential appears invalidly configured rather than naturally expired.

Proposed fix (pick one):

• Move expirationDate to a date after issuance (still in the past now for “expired” behavior).
• Or, if you want it to be expired by “now” but not before issuance, set issuanceDate earlier than expirationDate.

🤖 Prompt for AI Agents

In public/static/certificate-of-origin-expired.json around lines 86 to 93 the
expirationDate (2024-12-03T12:19:52Z) is earlier than the issuanceDate
(2025-06-06T09:05:43.517Z), which makes the fixture invalid; fix by choosing
one: either set expirationDate to a timestamp after issuanceDate but still in
the past (to preserve “expired” behavior), or move issuanceDate to an earlier
timestamp before the existing expirationDate so the credential was issued before
it expired; update only the date string(s) accordingly and keep ISO 8601 Z
format.

[coderabbitai]

🛠️ Refactor suggestion

Use uppercase ISO country codes consistently

countryCode appears as "In" and "in" in several places. Normalize to “IN” (and similar for other countries) to avoid validation edge cases.

- "countryCode": "...:string:In"
+ "countryCode": "...:string:IN"
- "countryCode": "...:string:in"
+ "countryCode": "...:string:IN"

Also applies to: 72-73

🤖 Prompt for AI Agents

In public/static/OA/certificate-of-origin-default.json around line 41 (and also
lines 72-73), the countryCode values are mixed-case ("In"/"in"); update these
entries to use uppercase ISO alpha-2 codes (e.g., "IN") consistently. Locate
each countryCode field at the specified lines and replace the value with its
uppercase equivalent, and search the file for any other countryCode occurrences
to normalize them to uppercase to avoid validation edge cases.

[coderabbitai]

🛠️ Refactor suggestion

Normalize countryCode casing to ISO uppercase

Found "In" and "in" in multiple countryCode fields. Recommend “IN” consistently to match standard two-letter uppercase codes and your non-OA fixtures.

- "countryCode": "...:string:In"
+ "countryCode": "...:string:IN"
- "countryCode": "...:string:in"
+ "countryCode": "...:string:IN"

Also applies to: 72-73

🤖 Prompt for AI Agents

In public/static/OA/certificate-of-origin-expired.json around line 41 (and also
lines 72-73), several countryCode fields use inconsistent casing ("In" and
"in"); normalize these to the ISO two-letter uppercase form "IN". Edit the JSON
entries at those lines to replace any "In" or "in" countryCode values with "IN",
ensure no other entries use lowercase/mixed-case for countryCode, and validate
the JSON after changes.

[coderabbitai]

⚠️ Potential issue

Expiration precedes issueDateTime — likely inconsistent

The document’s expirationDate (2024-12-03) is earlier than issueDateTime (2025-06-18) within the OA data. Consider ensuring expiration ≥ issueDateTime to represent a natural “expired” state rather than an impossible timeline.

Suggested fix: set issueDateTime earlier than expirationDate or move expirationDate to a past date that is still after issueDateTime.

Also applies to: 132-134

[coderabbitai]

🛠️ Refactor suggestion

Standardize ISO countryCode casing

Observed "In" and "in" in countryCode values. Recommend using uppercase (“IN”) consistently across the document for predictable validation and downstream processing.

- "countryCode": "...:string:In"
+ "countryCode": "...:string:IN"
- "countryCode": "...:string:in"
+ "countryCode": "...:string:IN"

Also applies to: 68-69

🤖 Prompt for AI Agents

In public/static/OA/certificate-of-origin-redacted.json around lines 40-41 (and
also lines 68-69), the countryCode values use inconsistent casing ("In" / "in");
normalize all countryCode values to the ISO uppercase form "IN" across the
document (replace "In" and "in" entries with "IN") and scan the file for any
other countryCode occurrences to ensure consistent uppercase usage.

[coderabbitai]

🛠️ Refactor suggestion

Normalize ISO country codes to uppercase

Found mixed casing for countryCode: "In" and "in". Recommend standardizing to uppercase (“IN”, “GB”, etc.) to avoid downstream validation issues and keep consistency with non-OA fixtures.

- "countryCode": "...:string:In"
+ "countryCode": "...:string:IN"
- "countryCode": "...:string:in"
+ "countryCode": "...:string:IN"

Also applies to: 73-74

🤖 Prompt for AI Agents

In public/static/OA/certificate-of-origin-revoked.json around line 41 (and also
lines 73-74) the countryCode values use mixed casing ("In"/"in"); update these
ISO country codes to uppercase (e.g., "IN", "GB") to normalize formatting across
fixtures. Find the countryCode fields at the specified lines and replace the
lowercase/mixed-case values with their uppercase ISO equivalents, ensuring any
surrounding type annotations or string concatenations remain unchanged.