fix: update w3c function

[RishabhS7]

Summary

update w3c function in trust vc library , function isDerived to check obfuscation

Summary by CodeRabbit

• Bug Fixes
  • Improved detection of derived and obfuscated documents/credentials, reducing misclassification in edge cases and enhancing reliability in validation flows.
• Chores
  • Updated a core W3C-related dependency to the latest alpha for improved compatibility and stability.

No UI changes. Users may notice more accurate handling of derived credentials during verification without additional steps.

[coderabbitai]

Walkthrough

Dependency bump for @trustvc/w3c in package.json and an asynchronous refactor of isObfuscated in src/utils/documents/index.ts to use isDerived for signed verifiable credentials.

Changes

Cohort / File(s)	Change Summary
Dependency update package.json	Bump @trustvc/w3c from ^1.3.0-alpha.9 to ^1.3.0-alpha.10.
Document utils async/derived check src/utils/documents/index.ts	Import isDerived; change isObfuscated to async returning Promise<boolean>; replace direct proof.type check with await isDerived(document) for signed verifiable credentials; OA v2/v3 handling unchanged.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant DocsUtil as isObfuscated()
  participant W3C as isDerived()

  Caller->>DocsUtil: isObfuscated(document)
  alt Wrapped OA v2/v3
    DocsUtil-->>Caller: boolean (sync logic)
  else Signed VC
    DocsUtil->>W3C: await isDerived(document)
    W3C-->>DocsUtil: Promise<boolean>
    DocsUtil-->>Caller: boolean
  end
  note over DocsUtil,W3C: Asynchronous path introduced for derived VC detection

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix: redacted document check #71 — Adjusts verifier to recognize BbsBlsSignatureProof2020, aligning with this PR’s derived-document detection.
• feat: update document builder to data model 2.0 #104 — Integrates derived-document workflow and bumps @trustvc/w3c, matching this PR’s dependency and async usage.

Suggested labels

released

Suggested reviewers

• rongquan1
• nghaninn

Poem

I twitch my ears at version ten,
A hop from nine—then back again.
Async breezes ruffle grass,
Derived truths quietly pass.
With gentle paws, I check and wait—
Promise kept, the docs translate.
Thump-thump—ship it, celebrate! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/update-w3c-function

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/utils/documents/index.ts (1)

121-121: Drop redundant await.

Returning the promise directly is sufficient here.

-    return await isDerived(document);
+    return isDerived(document);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8302c71 and 036ed27.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• package.json (1 hunks)
• src/utils/documents/index.ts (3 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/utils/documents/index.ts (1)

src/w3c/types.ts (1)

• SignedVerifiableCredential (4-4)

🔇 Additional comments (3)

package.json (1)

124-124: Confirm lockfile update and prerelease compatibility

• No lockfile changes detected—ensure the updated lockfile is committed and CI installs from it.
• Sibling @trustvc/w3c-* deps are at older alphas (context ^1.3.0-alpha.8, credential-status ^1.3.0-alpha.8, issuer ^1.3.0-alpha.6, vc ^1.3.0-alpha.9); either bump them to ^1.3.0-alpha.10 or manually verify cross-version compatibility.

src/utils/documents/index.ts (2)

15-15: Importing isDerived/isSignedDocument is appropriate for centralizing VC-derived checks.

---

109-112: Mark isObfuscated’s new async signature as a breaking change

• It’s publicly re-exported in src/utils/index.ts, so consumers now receive a Promise<boolean> instead of boolean.
• Update all internal and external call sites to await isObfuscated(...) or handle the returned Promise.
• Add migration notes or bump the major version to reflect this breaking change.

[tradetrustimda]

🎉 This PR is included in version 2.0.6 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀