feat: add Bun support by sujitaw · Pull Request #1531 · credebl/platform

sujitaw · 2025-12-04T07:07:27Z

What

added changes to use bun alternative to pnpm

Summary by CodeRabbit

Chores
- Updated Node.js engine requirement to version 24 or higher.
- Migrated build and runtime infrastructure to Bun for improved performance.
- Reorganized workspace structure with dependency catalog for enhanced maintainability.

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai · 2025-12-04T07:07:50Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR migrates the entire project from Node.js with npm/pnpm to Bun as the runtime and package manager. Updates affect package.json scripts, Node engine requirement, Docker build images and commands, and includes minor refactoring of the logger service's OpenTelemetry attributes handling and DTO formatting.

Changes

Bun Runtime Migration

Layer / File(s)	Summary
Package Configuration `package.json`	Node engine updated to >=24; start and prisma:generate scripts converted to use Bun directly; `@types/bun` dependency added; workspace configuration with NestJS catalog introduced.
Docker Build Images `Dockerfiles/Dockerfile.*`	All 14 Dockerfiles (agent-provisioning, agent-service, api-gateway, cloud-wallet, connection, geolocation, issuance, ledger, notification, organization, user, utility, verification, webhook) switched from node:24-alpine3.21 to oven/bun:1.3-alpine for both build and final stages.
Dependency Management `Dockerfiles/Dockerfile.*`	All Dockerfiles updated to copy bun.lock, use bun install instead of pnpm/npm install, and maintain pnpm-workspace.yaml for monorepo structure.
Build and Runtime Commands `Dockerfiles/Dockerfile.*`	All Dockerfiles replaced npx/pnpm commands with Bun equivalents: bunx for Prisma operations, bun --bun for build and dist execution; final CMD entries updated to run via Bun runtime.

Logger Service OpenTelemetry Refactoring

Layer / File(s)	Summary
Error Attribute Handling `libs/logger/src/logger.service.ts`	Error handling logic simplified to check if data.error is an Error instance and set exception type/message/stacktrace, or fallback to string conversion; removed multi-branch handling and intermediate errorValue variable.
Attribute Type Definition `libs/logger/src/logger.service.ts`	Attributes now explicitly typed as Attributes from `@opentelemetry/api`; includes microservice name and additional props serialized to JSON when present.

DTO Transform Decorator Formatting

Layer / File(s)	Summary
Code Style `apps/api-gateway/src/ecosystem/dtos/delete-ecosystem-users.ts`	Transform decorator for orgIds reformatted from multi-line to single-line format with explicit parameter and parenthesized ternary expression.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

credebl/platform#1551: Modifies the same delete-ecosystem-users.ts DTO file with Transform decorator changes.
credebl/platform#1418: Updates libs/logger/src/logger.service.ts with OpenTelemetry attribute integration.
credebl/platform#1545: Adds the delete-ecosystem-users.ts DTO that is being reformatted in this PR.

Suggested labels

infrastructure, dependencies, migration

Suggested reviewers

shitrerohit
GHkrishna

Poem

🐰 Hop along with Bun so fast,
Say goodbye to Node, a thing of the past!
Alpine containers run lean and bright,
Scripts zoom faster through day and night,
Dockerfiles gleam with Bun's magic touch.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add Bun support' clearly and concisely describes the main objective of the pull request—adding Bun as a runtime alternative to pnpm across the codebase.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch feat/replace_pnpm_with_bun

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

Generate code and open pull requests
Plan features and break down work
Investigate incidents and troubleshoot customer tickets together
Automate recurring tasks and respond to alerts with triggers
Summarize progress and report instantly

Built for teams:

Shared memory across your entire org—no repeating context
Per-thread sandboxes to safely plan and execute work
Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (1)

package.json (1)

213-242: Verify monorepo workspace catalog compatibility and completeness.

The workspaces and catalog structure is well-designed, but confirm:

Bun correctly resolves catalog: entries (pnpm has native support; Bun's behavior may differ)

All 17 cataloged packages are actually used across apps/* and libs/* (redundant entries waste cognitive load and maintenance)

The ^ version ranges align with your stability/velocity trade-offs

Consider verifying this works end-to-end with Bun in CI/CD before merging.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5137cc8 and 5e6a2c3.

⛔ Files ignored due to path filters (1)

bun.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

package.json (4 hunks)

🔇 Additional comments (1)

package.json (1)

12-12: Scripts using prisma and nest directly are compatible with npm, pnpm, and Bun.

Both prisma (^5.1.1) and @nestjs/cli (^11.0.10) are installed as dependencies and will be available in node_modules/.bin. Package managers automatically link these CLIs, so the removal of npx is not a breaking change—the scripts work identically with npm, pnpm, and Bun. This is a minor optimization rather than a compatibility issue.

If this is a Bun migration, consider updating packageManager on line 209 from pnpm to Bun for clarity. Also review the @types/bun version on line 161—using "latest" instead of a pinned version introduces non-deterministic builds.

Likely an incorrect or invalid review comment.

coderabbitai · 2025-12-04T07:11:13Z

@@ -207,6 +208,37 @@
  },
  "packageManager": "pnpm@9.15.3+sha512.1f79bc245a66eb0b07c5d4d83131240774642caaa86ef7d0434ab47c0d16f66b04e21e0c086eb61e62c77efc4d7f7ec071afad3796af64892fae66509173893a",


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Check the package.json file around line 209 to see the packageManager field cat -n package.json | sed -n '200,220p'

Repository: credebl/platform

Length of output: 1030

🏁 Script executed:

# Look for any Bun-related changes or configuration in the repository fd -t f "bun\|tsconfig\|package.json" | head -20 rg -i "bun" --type json package.json

Repository: credebl/platform

Length of output: 86

🏁 Script executed:

# Check git log or status for changes to packageManager field git diff HEAD package.json | grep -A 5 -B 5 "packageManager" || echo "No packageManager changes in diff" git log --oneline -n 20

Repository: credebl/platform

Length of output: 120

🏁 Script executed:

# Check the scripts section in package.json to understand which package manager is being used cat -n package.json | sed -n '1,60p'

Repository: credebl/platform

Length of output: 2955

🏁 Script executed:

# Look for any CI/CD configuration that might indicate package manager usage fd -t f "\\.github\|Dockerfile\|\.circleci\|\.gitlab-ci" | head -20

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Check what Bun-related changes were made in this PR rg -i "bun" package.json -A 2 -B 2

Repository: credebl/platform

Length of output: 170

Clarify the package manager policy—packageManager field still specifies pnpm despite Bun additions.

The PR adds @types/bun as a devDependency, but line 209 still declares pnpm@9.15.3 as the package manager. The scripts in package.json remain pnpm/npm-compatible with no Bun-specific tooling.

Clarify whether:

Bun is being added as a gradual migration (pnpm remains the declared manager for now)

Bun is intended as an alternative/optional tool alongside pnpm

This is preparatory work, with packageManager to be updated in a follow-up PR

If the intent is to transition to Bun as the primary manager, update line 209 accordingly.

🤖 Prompt for AI Agents

In package.json around line 209, the packageManager field still pins pnpm@9.15.3 even though @types/bun was added; clarify the intended policy by either (A) leaving packageManager as pnpm and adding a short comment in the PR description that Bun is being added only for types/optional use or gradual migration, (B) explicitly state Bun is an alternative/optional tool in the PR, or (C) if Bun should become the primary manager, update the packageManager value to bun@<version> (or bun@latest) in this file and adjust any lockfiles/scripts accordingly; implement the chosen option and update the PR description to make the intent explicit.

@coderabbitai i would like to keep both and use both

@sujitaw, thank you for the clarification! Using both package managers is absolutely feasible. Since the packageManager field specifies pnpm, it will remain the default manager enforced by tools like Corepack, while Bun can be used as an alternative runtime and package manager.

To ensure smooth collaboration across your team, I recommend:

Document the usage policy in your README or CONTRIBUTING guide:

When to use pnpm (e.g., for CI/CD, standard development workflows)

When to use Bun (e.g., for faster local development, specific scripts)

Consider adding Bun-specific scripts if needed, such as:

"start:bun": "bun run start", "dev:bun": "bun --watch ..."

Maintain both lock files if your team uses both managers to avoid conflicts

This dual-manager approach gives your team flexibility while maintaining pnpm as the standard.

✏️ Learnings added

Learnt from: sujitaw Repo: credebl/platform PR: 1531 File: package.json:209-209 Timestamp: 2025-12-04T07:15:05.237Z Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai · 2025-12-04T07:11:13Z

  "packageManager": "pnpm@9.15.3+sha512.1f79bc245a66eb0b07c5d4d83131240774642caaa86ef7d0434ab47c0d16f66b04e21e0c086eb61e62c77efc4d7f7ec071afad3796af64892fae66509173893a",
  "engines": {
-    "node": ">=18"
+    "node": ">=24"


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, confirm the current package.json Node requirement cat -n package.json | grep -A 2 -B 2 '"node"'

Repository: credebl/platform

Length of output: 478

🏁 Script executed:

# Check git history for this specific change git log -p --all -- package.json | grep -A 5 -B 5 '"node"' | head -50

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Search for Node 24-specific APIs or features in the codebase rg "node.*24|Node.*24|version.*24" -i

Repository: credebl/platform

Length of output: 33655

🏁 Script executed:

# Check CHANGELOG or migration guides fd -e md -e txt | xargs grep -l "node\|Node\|migration" 2>/dev/null | head -10

Repository: credebl/platform

Length of output: 92

🏁 Script executed:

# Look for comments about Node version requirements rg "node.*version|requires.*node|minimum.*node" -i -A 2

Repository: credebl/platform

Length of output: 50372

🏁 Script executed:

# Check CHANGELOG for Node version context find . -iname "CHANGELOG*" -o -iname "HISTORY*" | head -5

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Search CHANGELOG for Node/version references fd -e md -e MD | xargs grep -i "node.*24\|v24\|version.*require" 2>/dev/null | head -20

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Check if there's documentation about the upgrade fd -i -e md README | xargs grep -i "node\|upgrade\|migration" 2>/dev/null | head -15

Repository: credebl/platform

Length of output: 217

🏁 Script executed:

# Look for any CI/deployment configs that might reference Node 24 fd -name ".github" -o -name ".gitlab-ci*" -o -name "Jenkinsfile" -o -name ".travis.yml" | xargs grep -l "node\|24" 2>/dev/null

Repository: credebl/platform

Length of output: 292

🏁 Script executed:

# Try the CI config search with corrected syntax find . -path "*/.github" -o -path "*/.gitlab-ci.yml" -o -path "*/Jenkinsfile" -o -path "*/.travis.yml" 2>/dev/null | xargs grep -h "node\|24" 2>/dev/null | head -20

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Search for any docs about dependencies or requirements fd -type f -name "*.md" | xargs grep -l "dependency\|require" 2>/dev/null | head -10

Repository: credebl/platform

Length of output: 230

Document the rationale for Node >=24 requirement in CHANGELOG or migration guide.

Bumping from Node >=18 to >=24 is a major breaking change (+6 major versions) with no documented justification. No Node 24-specific features or dependencies are evident in the codebase. Add a CHANGELOG entry explaining the requirement and provide migration guidance for users currently on Node 18–23.

🤖 Prompt for AI Agents

In package.json at line 211, the Node engine requirement was bumped to ">=24" without explanation; add a CHANGELOG entry (or a dedicated migration guide) documenting the rationale and migration steps: state why Node 24 is required (language/runtime features, V8 behavior, dependency minimums, security fixes, or performance improvements), list any package or native dependency that mandates v24 and the exact features used, provide step-by-step migration guidance for users on Node 18–23 (how to upgrade Node, test matrix, recommended pins/workarounds, and CI changes), include expected timelines or deprecation notices and sample commands to verify the app on Node 24, and reference tests or CI badges proving compatibility; commit the new CHANGELOG/migration markdown and link it from README or upgrade notes.

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

Dockerfiles/Dockerfile.agent-provisioning (2)
13-15: Remove unused pnpm installation.

Both build and prod stages install pnpm globally via npm (lines 13 and 52), but the Dockerfile exclusively uses Bun commands (bun i, bun --bun run, bunx). This adds unnecessary bloat and build time.
🔎 Apply this diff to remove the unused pnpm installation:

In the build stage (around line 13):
     && apk --no-cache add \
         openssh-client \
         aws-cli \
         docker \
         docker-compose \
         jq \
-    && npm install -g pnpm --ignore-scripts \
-    && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
     && rm -rf /var/cache/apk/*
In the prod stage (around line 52):
     && apk --no-cache add \
         openssh-client \
         aws-cli \
         docker \
         docker-compose \
         jq \
-    && npm install -g pnpm --ignore-scripts \
-    && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
     && rm -rf /var/cache/apk/*
Also applies to: 52-54

34-34: Use bunx instead of npx for consistency.

Line 34 uses npx prisma generate, but the runtime command at line 83 uses bunx prisma. Since this Dockerfile now uses the Bun base image, all Prisma commands should consistently use bunx for alignment.
🔎 Apply this diff:
-RUN cd libs/prisma-service && npx prisma generate
+RUN cd libs/prisma-service && bunx prisma generate

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 89b5d55 and fc884d2.

📒 Files selected for processing (1)

Dockerfiles/Dockerfile.agent-provisioning (4 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

🔇 Additional comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)

27-27: Verify alignment with the team's package manager strategy.

This Dockerfile completely replaces pnpm with Bun for all operations. However, based on the learning from your previous feedback, the team prefers to support both pnpm and Bun simultaneously, with pnpm as the primary package manager.

Is this Docker image intended to be Bun-only, or should it maintain compatibility with the dual-package-manager approach used elsewhere in the project?

Based on learnings, the team prefers supporting both package managers. Please confirm if this Docker image should follow the same pattern or if a Bun-only approach is acceptable for containerized deployments.

Also applies to: 38-38, 83-83

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)

42-42: Note: Bun version already flagged in past review.

The past review comment already identified that oven/bun:1.1-alpine is outdated and should be updated to the latest stable version (1.3 or 1.3.4).

🧹 Nitpick comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)
13-14: Remove unused pnpm installation.

These lines install pnpm globally, but the Dockerfile exclusively uses Bun for all package management operations (line 28), Prisma commands (lines 35, 84), and build/runtime (lines 39, 84). Installing pnpm adds unnecessary bloat to the image.

Based on learnings, the team prefers to support both pnpm and Bun simultaneously with pnpm as the primary package manager. If this is still the goal, consider retaining pnpm commands or providing a build-arg to switch between managers. Otherwise, remove lines 13-14.

Also applies to: 53-54
🔎 Remove unused pnpm installation
-    && npm install -g pnpm --ignore-scripts \
-    && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
     && rm -rf /var/cache/apk/*
Apply the same change at lines 53-54 in the prod stage.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fc884d2 and c3a662c.

📒 Files selected for processing (1)

Dockerfiles/Dockerfile.agent-provisioning (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

📚 Learning: 2025-12-04T07:15:05.253Z

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Applied to files:

Dockerfiles/Dockerfile.agent-provisioning

🔇 Additional comments (5)

Dockerfiles/Dockerfile.agent-provisioning (5)
21-23: LGTM - maintaining both package manager artifacts.

Copying both bun.lock and pnpm-workspace.yaml preserves the ability to support both package managers, aligning with the team's preference for dual support.

28-28: Consider retaining pnpm as the primary installation method.

The learning indicates the team prefers supporting both pnpm and Bun simultaneously, with pnpm as the primary package manager. This line completely replaces pnpm with Bun rather than adding Bun as an alternative option.

If the intent is to fully migrate to Bun for this Dockerfile, this is fine. However, if dual support is desired, consider using a build argument to conditionally choose the package manager:
ARG PKG_MANAGER=pnpm
RUN if [ "$PKG_MANAGER" = "bun" ]; then bun i --ignore-scripts; else pnpm i --ignore-scripts; fi
35-35: LGTM - appropriate Prisma tooling for Bun.

Using bunx prisma generate is the correct approach when using Bun as the runtime. The change aligns with the Bun migration.

39-39: LGTM - correct Bun build command.

The bun --bun run build command appropriately uses Bun's runtime for the build process. The --bun flag ensures Bun's JavaScript engine is used rather than Node.js.

84-84: LGTM - correct Bun runtime commands.

The CMD appropriately uses bunx for Prisma CLI operations and bun --bun to run the application with Bun's JavaScript engine. This is the correct approach for a Bun-based runtime environment.

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)
70-72: Avoid overly permissive chmod 777 permissions.

Using chmod 777 makes these directories world-writable, which is a security risk in containerized environments. Consider using more restrictive permissions like 755 (owner write, others read/execute) or configuring proper user ownership.
🔎 Suggested fix:
-RUN chmod 777 /app/agent-provisioning/AFJ/endpoints
-RUN chmod 777 /app/agent-provisioning/AFJ/agent-config
-RUN chmod 777 /app/agent-provisioning/AFJ/token
+RUN chmod 755 /app/agent-provisioning/AFJ/endpoints
+RUN chmod 755 /app/agent-provisioning/AFJ/agent-config
+RUN chmod 755 /app/agent-provisioning/AFJ/token
If write access is needed by a non-root user, consider using chown to assign ownership instead.

♻️ Duplicate comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)

2-2: Bun version is outdated.

This was already flagged in a previous review. The base image oven/bun:1.1-alpine is outdated; consider updating to oven/bun:1.3-alpine for security updates and bug fixes.

🧹 Nitpick comments (2)

Dockerfiles/Dockerfile.agent-provisioning (2)
78-78: Consider removing redundant prisma generate from CMD.

bunx prisma generate is already executed during the build stage (line 32). Running it again at container startup adds unnecessary latency. Unless there's a specific reason for regeneration at runtime (e.g., dynamic schema), consider removing it.
🔎 Suggested simplification:
-CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]
+CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]
Please verify if prisma generate is intentionally run at startup due to the COPY libs/ ./libs/ (line 75) potentially overwriting the generated Prisma client from the build stage. If so, consider copying only the necessary lib files excluding node_modules/.prisma.

53-56: Consider consolidating RUN commands to reduce image layers.

Multiple RUN mkdir and RUN chmod commands can be consolidated into single commands to reduce Docker image layers.
🔎 Example consolidation:
-RUN mkdir -p ./agent-provisioning/AFJ/endpoints
-RUN mkdir -p ./agent-provisioning/AFJ/agent-config
-RUN mkdir -p ./agent-provisioning/AFJ/port-file
-RUN mkdir -p ./agent-provisioning/AFJ/token
+RUN mkdir -p ./agent-provisioning/AFJ/endpoints \
+             ./agent-provisioning/AFJ/agent-config \
+             ./agent-provisioning/AFJ/port-file \
+             ./agent-provisioning/AFJ/token
Similarly for the chmod commands on lines 66-72.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c3a662c and 79fd9ce.

📒 Files selected for processing (1)

Dockerfiles/Dockerfile.agent-provisioning (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

🔇 Additional comments (2)

Dockerfiles/Dockerfile.agent-provisioning (2)

17-25: LGTM!

The lock file handling and dependency installation are correctly updated for Bun. Retaining pnpm-workspace.yaml aligns with the team's preference to support both package managers. Based on learnings, the team wants to maintain compatibility with both pnpm and Bun.

30-36: LGTM!

Prisma client generation using bunx and the build command with bun --bun are correctly implemented. Deferring prisma migrate deploy to runtime (in CMD) is the correct pattern for database migrations.

coderabbitai · 2025-12-18T11:01:41Z

 RUN apk update && apk upgrade
 RUN apk add --no-cache openssl
-RUN set -eux \
-    && apk --no-cache add \
-        openssh-client \
-        aws-cli \
-        docker \
-        docker-compose \
-        jq \
-    && npm install -g pnpm --ignore-scripts \
-    && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
-    && rm -rf /var/cache/apk/*
+RUN apk update && apk upgrade && apk add --no-cache \
+    openssl \
+    openssh-client \
+    aws-cli \
+    docker \
+    docker-compose \
+    jq


🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands.

Lines 4-5 are redundant since lines 6-12 perform another apk update && apk upgrade and also install openssl. This creates unnecessary image layers and duplicates the openssl installation.

🔎 Apply this diff to consolidate:

# Stage 1: Build the application FROM oven/bun:1.1-alpine AS build -# Install OpenSSL -RUN apk update && apk upgrade -RUN apk add --no-cache openssl +# Install required packages RUN apk update && apk upgrade && apk add --no-cache \ openssl \ openssh-client \ aws-cli \ docker \ docker-compose \ jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-provisioning around lines 4 to 12, the first two RUN lines are redundant because the subsequent RUN repeats apk update && apk upgrade and installs openssl again; remove the initial two RUN lines and consolidate into the single RUN that performs apk update && apk upgrade && apk add --no-cache with the full package list (openssl, openssh-client, aws-cli, docker, docker-compose, jq) to eliminate duplicate layers and duplicate openssl installation.

coderabbitai · 2025-12-18T11:01:41Z

 RUN apk update && apk upgrade
 RUN apk add --no-cache openssl
-RUN set -eux \
-    && apk --no-cache add \
-        openssh-client \
-        aws-cli \
-        docker \
-        docker-compose \
-        jq \
-    && npm install -g pnpm --ignore-scripts \
-    && export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
-    && rm -rf /var/cache/apk/*
+RUN apk update && apk upgrade && apk add --no-cache \
+    openssl \
+    openssh-client \
+    aws-cli \
+    docker \
+    docker-compose \
+    jq


🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands in prod stage.

Same issue as the build stage: lines 41-42 are redundant since lines 43-49 perform another apk update && apk upgrade and also install openssl.

🔎 Apply this diff to consolidate:

# Stage 2: Create the final image FROM oven/bun:1.1-alpine AS prod -# Install OpenSSL -RUN apk update && apk upgrade -RUN apk add --no-cache openssl +# Install required packages RUN apk update && apk upgrade && apk add --no-cache \ openssl \ openssh-client \ aws-cli \ docker \ docker-compose \ jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-provisioning around lines 41 to 49, the Dockerfile runs redundant APK commands: lines 41-42 perform "apk update && apk upgrade" and install openssl, but lines 43-49 repeat "apk update && apk upgrade" and reinstall openssl along with other packages. Remove the duplicate RUN lines (41-42) and keep a single consolidated RUN that performs update/upgrade and installs the full set of packages (openssl, openssh-client, aws-cli, docker, docker-compose, jq) to avoid extra layers and duplication.

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (3)

Dockerfiles/Dockerfile.agent-provisioning (3)

2-2: Update Bun base image to latest stable version.

The base image oven/bun:1.1-alpine is outdated. Latest stable is Bun v1.3.4+.

Also applies to: 39-39

4-12: Remove redundant apk commands.

Lines 4-5 duplicate the apk update/upgrade and openssl installation performed in lines 6-12.

41-49: Remove redundant apk commands in prod stage.

Lines 41-42 duplicate the apk update/upgrade and openssl installation performed in lines 43-49.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 79fd9ce and 34de9a1.

⛔ Files ignored due to path filters (1)

bun.lock is excluded by !**/*.lock

📒 Files selected for processing (1)

Dockerfiles/Dockerfile.agent-provisioning (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

🔇 Additional comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)

32-32: Node.js is required in the Docker image for Prisma client generation.

Node.js must be installed in the environment where you're running bunx prisma commands. The current Dockerfile uses bunx prisma generate on line 32, which is correct, but ensure Node.js is available in the oven/bun base image or explicitly installed.

coderabbitai · 2025-12-18T11:18:51Z


 # Build the user service
-RUN pnpm run build agent-provisioning
+RUN bun --bun run build agent-provisioning


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Check packageManager configuration echo "=== Package Manager Configuration ===" head -20 package.json | grep -A2 '"packageManager"' echo "" # Check build-related scripts in package.json echo "=== Build Scripts ===" grep -A30 '"scripts"' package.json | grep -i build echo "" # Look for Dockerfile and related build context echo "=== Checking Dockerfile structure ===" head -50 Dockerfiles/Dockerfile.agent-provisioning echo "" # Search for agent-provisioning build configuration echo "=== Looking for agent-provisioning build config ===" find . -path ./node_modules -prune -o -name "tsconfig.json" -o -name "nx.json" -o -name "project.json" 2>/dev/null | head -20 echo "" # Check if there are any build or monorepo configuration files ls -la | grep -E 'nx\.json|turbo\.json|lerna\.json|pnpm-workspace|workspace' 2>/dev/null echo "" # Search for Node-specific APIs in agent-provisioning echo "=== Searching for Node.js-specific patterns ===" rg 'process\.(binding|_rawDebug|_tickCallback|env|argv|versions\[|_eval)|require\.extensions|module\._compile|Buffer\.|stream\.|crypto\.|fs\.|path\.|url\.' apps/agent-provisioning --type ts --type js -c 2>/dev/null | head -20

Repository: credebl/platform

Length of output: 1948

🏁 Script executed:

#!/bin/bash # Get more details about the Node-specific API usage echo "=== Checking actual imports in agent-provisioning ===" head -20 apps/agent-provisioning/src/agent-provisioning.service.ts head -20 apps/agent-provisioning/src/main.ts head -20 apps/agent-provisioning/src/agent-provisioning.module.ts echo "" # Check the actual build script definition echo "=== Complete package.json scripts section ===" sed -n '/"scripts"/,/^[[:space:]]*}/p' package.json | grep -E '(build|test)' | head -30 echo "" # Check if there's a nest config or build config for agent-provisioning echo "=== NestJS configuration files ===" find apps/agent-provisioning -maxdepth 2 -name "*.json" -o -name "*.config.*" 2>/dev/null | head -20 echo "" # Check package.json for agent-provisioning workspace echo "=== Package.json structure ===" grep -n '"name"' package.json | head -5 echo "" # Check if there's a workspace for agent-provisioning cat pnpm-workspace.yaml

Repository: credebl/platform

Length of output: 4147

🏁 Script executed:

#!/bin/bash # Check if there's a specific build script for agent-provisioning in its own package.json echo "=== Checking agent-provisioning package.json if exists ===" if [ -f "apps/agent-provisioning/package.json" ]; then cat apps/agent-provisioning/package.json | grep -A50 '"scripts"' | head -60 else echo "No separate package.json in agent-provisioning" fi echo "" # Check the complete tsconfig for agent-provisioning echo "=== agent-provisioning tsconfig ===" cat apps/agent-provisioning/tsconfig.app.json echo "" # Verify what "build agent-provisioning" command refers to in root package.json echo "=== Root package.json complete content (around build scripts) ===" sed -n '1,100p' package.json | grep -A2 '"build"' echo "" # Check if there are any Bun-specific configurations echo "=== Checking for bunfig.toml or bun config ===" ls -la bunfig.toml bun.config.* 2>/dev/null || echo "No bun config files found" echo "" # Check if the Dockerfile.agent-provisioning is the only one or if there's a pattern echo "=== Checking all Dockerfiles ===" ls -la Dockerfiles/

Repository: credebl/platform

Length of output: 2038

🏁 Script executed:

#!/bin/bash # Check if "build agent-provisioning" is a NestJS CLI command or if it's supposed to be "nest build agent-provisioning" echo "=== Checking NestJS nest-cli.json for project config ===" if [ -f "nest-cli.json" ]; then cat nest-cli.json else echo "No nest-cli.json found" fi echo "" # Check all Dockerfiles to see how other services handle build echo "=== Comparing build commands across Dockerfiles ===" grep -h "RUN.*run build\|RUN.*run nest build" Dockerfiles/* 2>/dev/null || echo "No matching build commands found in other Dockerfiles" echo "" # Check if there's a workspace or projects configuration echo "=== Checking tsconfig root ===" cat tsconfig.json | head -50 echo "" # Verify the exact bun command syntax - does "bun --bun run build agent-provisioning" work? echo "=== Checking Bun documentation reference in comments ===" head -100 Dockerfiles/Dockerfile.agent-provisioning | grep -i "bun\|run\|build"

Repository: credebl/platform

Length of output: 11697

Remove --bun flag from build command to ensure Node.js API compatibility.

The --bun flag forces Bun's native runtime, bypassing Node.js compatibility. The agent-provisioning service uses Node.js-specific APIs (fs, child_process, process.env) and should use Bun's compatibility mode instead. Additionally, this is the only service in the repository using --bun—all others use pnpm run build (the primary package manager per the team's configuration). Change to RUN bun run build agent-provisioning to maintain consistency and compatibility.

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-provisioning around line 36, the build uses "RUN bun --bun run build agent-provisioning" which forces Bun's native runtime and breaks Node.js API compatibility; replace the command with "RUN bun run build agent-provisioning" (or align with other services using "pnpm run build agent-provisioning" if preferred) so the build runs in Bun's Node-compatibility mode and matches repository conventions.

coderabbitai · 2025-12-18T11:18:51Z


 # Set the command to run the microservice
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-provisioning/main.js"]
+CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]


⚠️ Potential issue | 🟠 Major

Consider running migrations separately and verify --bun flag necessity.

Two concerns with the startup command:

Running migrations at container startup risks: Multiple replicas starting simultaneously can cause migration race conditions. Container startup failures occur if migrations fail. Consider running migrations in a separate init container or CI/CD step.

The --bun flag bypasses Node.js compatibility: This may cause runtime issues if the application or its dependencies use Node.js-specific APIs. Test without the flag first unless you've confirmed all dependencies are Bun-compatible.

🔎 Consider this safer approach:

-CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"] +# Run migrations separately (e.g., in CI/CD or init container) +# Generate Prisma client at build time (already done in build stage) +CMD ["bun", "dist/apps/agent-provisioning/main.js"]

If you must run migrations at startup, add error handling:

-CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"] +CMD ["sh", "-c", "set -e && cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun dist/apps/agent-provisioning/main.js"]

Based on learnings, the team wants to support both pnpm and Bun. Verify that the complete removal of pnpm from this Dockerfile aligns with that goal, or if this service specifically requires Bun-only deployment.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-provisioning around line 78, the CMD runs migrations at container startup and forces Bun via the --bun flag; move DB migrations out of the main container start sequence (run them in an init container, pre-deploy job, or CI/CD step) to avoid migration races and startup failures, and make the runtime command use the appropriate runner based on an environment variable or build-time ARG (supporting pnpm/node or bun) — remove hardcoded --bun unless you’ve verified full Bun compatibility, and add a short fallback path or env check that selects pnpm/node when required.

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai

Actionable comments posted: 1

♻️ Duplicate comments (4)

Dockerfiles/Dockerfile.agent-provisioning (4)
4-12: Remove redundant apk commands.

Lines 4-5 duplicate the apk update && apk upgrade and openssl installation performed in lines 6-12, creating unnecessary image layers.
🔎 Consolidate into a single RUN command
 # Stage 1: Build the application
 FROM oven/bun:1.3-alpine AS build
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq
36-36: Remove --bun flag to ensure Node.js API compatibility.

The --bun flag forces Bun's native runtime, which may break Node.js-specific APIs used in the agent-provisioning service. Use bun run build agent-provisioning instead to run in Bun's Node-compatibility mode.
🔎 Remove the flag
-RUN bun --bun run build agent-provisioning
+RUN bun run build agent-provisioning
41-49: Remove redundant apk commands in prod stage.

Same issue as the build stage: lines 41-42 duplicate the apk update && apk upgrade and openssl installation in lines 43-49.
🔎 Consolidate into a single RUN command
 # Stage 2: Create the final image
 FROM oven/bun:1.3-alpine AS prod
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq
78-78: Consider running migrations separately and remove --bun flag.

Two concerns:

Running migrations at container startup risks race conditions with multiple replicas and causes startup failures if migrations fail

The --bun flag bypasses Node.js compatibility and may cause runtime issues
🔎 Safer approach
-CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]
+# Run migrations separately (e.g., in CI/CD or init container)
+CMD ["bun", "dist/apps/agent-provisioning/main.js"]
Based on learnings, verify that removing pnpm from this Dockerfile aligns with the team's goal to support both package managers.

🧹 Nitpick comments (1)

Dockerfiles/Dockerfile.agent-provisioning (1)

2-2: Update Bun base image to explicitly use the latest patch version.

The base image uses oven/bun:1.3-alpine, which pulls the latest 1.3.x patch. To ensure clarity and maintainability, consider explicitly specifying oven/bun:1.3.5-alpine to match the current stable release.

Also applies to: 39-39

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 34de9a1 and a696931.

📒 Files selected for processing (2)

Dockerfiles/Dockerfile.agent-provisioning (2 hunks)
libs/logger/src/logger.service.ts (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

📚 Learning: 2025-12-04T07:15:05.253Z

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Applied to files:

Dockerfiles/Dockerfile.agent-provisioning

🔇 Additional comments (5)

Dockerfiles/Dockerfile.agent-provisioning (1)

25-25: Verify alignment with dual package manager support strategy.

Based on learnings, the team prefers to support both pnpm and Bun simultaneously, with pnpm as the primary package manager. This Dockerfile now uses only bun install, completely removing pnpm support for this service. Confirm whether:

This service specifically requires Bun-only deployment, or

A build-time argument should allow choosing between pnpm and Bun

libs/logger/src/logger.service.ts (4)

9-9: Good addition of explicit type import.

The type-only import for Attributes from @opentelemetry/api improves type safety for the OpenTelemetry integration.

99-101: Clean serialization of props to OTEL attributes.

The simplified approach of serializing data.props with JSON.stringify and storing it in attributes.props is appropriate for preserving structured data in OpenTelemetry.

Note that JSON.stringify will silently drop functions, undefined values, and may fail on circular references. Ensure calling code doesn't pass such values in props.

77-84: No changes needed to the attributes construction.

The review comment incorrectly assumes that spreading the data object was previously used to propagate arbitrary fields to OTEL attributes. However, LogData is a strictly-typed interface with exactly seven defined fields (organization, context, app, sourceClass, correlationId, error, props), not an open object supporting arbitrary properties.

All relevant fields are already properly handled:

Standard fields (app, organization, context, sourceClass, correlationId) are explicitly mapped to attributes

The error field is processed separately with special handling for exception details

Custom properties are supported through the props field, which is explicitly stringified and included in attributes (lines 99-101)

The microservice field is correctly added from this.microserviceName

This is not a breaking change; the code intentionally constructs a well-defined attributes object with all the necessary telemetry data.

Likely an incorrect or invalid review comment.

86-97: Improved error handling with OpenTelemetry semantic conventions.

The error handling logic correctly implements OTEL semantic conventions using standard attribute names: exception.type, exception.message, and exception.stacktrace. The instanceof check properly distinguishes Error objects from other error types, and the String() fallback safely handles non-Error values. The conditional stacktrace inclusion only when present follows best practices.

The specification recommends fully-qualified class names for exception.type, though JavaScript exposes only the constructor name via error.name—this is the standard approach in JavaScript/TypeScript environments.

coderabbitai · 2025-12-19T06:53:37Z

 # Generate Prisma client
 # RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
-RUN cd libs/prisma-service && npx prisma generate
+RUN cd libs/prisma-service && bunx prisma generate


⚠️ Potential issue | 🔴 Critical

Verify Node.js availability in the Dockerfile build environment.

Prisma works out of the box with Bun, and Node.js must be installed in the environment where you're running bunx prisma commands. While bunx prisma generate is the official approach, Docker builds with Bun have reported compatibility issues. Ensure your build image includes Node.js, or consider pre-generating the Prisma client locally and shipping it with the image. If using a Bun-only base image (e.g., oven/bun), Node.js installation may be necessary for bunx prisma generate to succeed.

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-provisioning around line 32, the RUN command calls "bunx prisma generate" but the build image may not have Node.js available (Bun-only bases can fail), so either ensure Node.js is installed in the image before this step (install Node runtime + npm/node binaries or use a base image that includes Node), or avoid running prisma generation in the container by pre-generating the Prisma client locally and copying the generated client into the image (or switch the build stage to a Node-based stage to run prisma generate). Make the change by adding a step to install Node.js (or changing the base stage) before RUN cd libs/prisma-service && bunx prisma generate, or remove that RUN and COPY the pre-generated client into the image.

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

Dockerfiles/Dockerfile.webhook (1)
9-11: CRITICAL: Missing bun.lock copy.

Unlike all other Dockerfiles in this PR, this file does not copy bun.lock to the build context. Without the lockfile, bun install at line 16 will not use locked dependency versions, leading to non-deterministic builds and potential inconsistencies across environments.
🔎 Proposed fix
 COPY package.json ./
+COPY bun.lock ./
 COPY pnpm-workspace.yaml ./
Dockerfiles/Dockerfile.agent-service (1)
37-42: Remove npm and pnpm installation from the Bun-based final stage.

The final stage uses the oven/bun:1.3-alpine base image and exclusively runs Bun commands (bunx, bun --bun) in the CMD on line 57. Installing npm and pnpm here is inconsistent with the Bun migration, increases image size unnecessarily, and creates confusion about the runtime package manager.
🔎 Proposed fix
 # Install OpenSSL
 RUN apk add --no-cache openssl
-RUN npm install -g pnpm --ignore-scripts \
-    && apk update \
-    && apk add openssh-client \
-    && apk add aws-cli \
-    && apk add docker \
-    && apk add docker-compose 
+RUN apk update && apk upgrade && apk add --no-cache \
+    openssl \
+    openssh-client \
+    aws-cli \
+    docker \
+    docker-compose
Based on learnings, if the intent is to support both pnpm and Bun simultaneously, please clarify the use case. However, since the runtime exclusively uses Bun commands, npm/pnpm installation appears unnecessary.

🧹 Nitpick comments (10)

Dockerfiles/Dockerfile.user (3)
18-18: Add --frozen-lockfile for reproducible builds.

In CI/Docker contexts, use bun install --frozen-lockfile to ensure the lockfile is respected exactly and fail if updates are needed, preventing unexpected dependency changes.
Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
13-13: Stale file copy: pnpm-workspace.yaml is unused in Bun workflow.

Since this Dockerfile uses Bun exclusively, pnpm-workspace.yaml is not needed here. Bun reads workspace configuration from package.json. Consider removing this line to reduce image layer size and avoid confusion.

Based on learnings, the team supports both pnpm and Bun, but within this Bun-specific Dockerfile, the file serves no purpose.

2-2: The current image tag oven/bun:1.3-alpine already provides a reasonable balance between stability and security. While patch-level pinning (e.g., 1.3.0-alpine) ensures exact reproducibility, it prevents automatic security updates. Industry best practices recommend major.minor pinning to receive patch updates automatically while maintaining build consistency.

Also applies to: 29-29
Dockerfiles/Dockerfile.ledger (2)
2-2: Minor: Inconsistent casing in as keyword.

Dockerfile best practice uses uppercase AS for build stage aliases. This file uses lowercase as build while other Dockerfiles in this PR use AS build.
Proposed fix
-FROM oven/bun:1.3-alpine as build
+FROM oven/bun:1.3-alpine AS build
17-17: Add --frozen-lockfile for reproducible builds.

Same as other Dockerfiles - use bun install --frozen-lockfile for CI/Docker reproducibility.
Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
Dockerfiles/Dockerfile.verification (1)
16-16: Add --frozen-lockfile for reproducible builds.
Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
Dockerfiles/Dockerfile.connection (2)
2-2: Minor: Inconsistent casing in as keyword.

Use uppercase AS for consistency with other Dockerfiles in this PR.
Proposed fix
-FROM oven/bun:1.3-alpine as build
+FROM oven/bun:1.3-alpine AS build
17-17: Add --frozen-lockfile for reproducible builds.
Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
Dockerfiles/Dockerfile.utility (1)
18-18: Add --frozen-lockfile for reproducible builds.
Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
Dockerfiles/Dockerfile.issuance (1)

46-46: Reconsider running database migrations on container startup.

Running prisma migrate deploy in the container CMD is an operational anti-pattern. If multiple container instances start simultaneously (e.g., during scaling or deployment), they may race to apply migrations, leading to conflicts, failed startups, or inconsistent database state.

Consider running migrations as a separate deployment step (e.g., init container, pre-deployment job, or manual step) before starting application containers.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a696931 and dcae694.

📒 Files selected for processing (13)

Dockerfiles/Dockerfile.agent-service (2 hunks)
Dockerfiles/Dockerfile.api-gateway (2 hunks)
Dockerfiles/Dockerfile.cloud-wallet (2 hunks)
Dockerfiles/Dockerfile.connection (2 hunks)
Dockerfiles/Dockerfile.geolocation (2 hunks)
Dockerfiles/Dockerfile.issuance (2 hunks)
Dockerfiles/Dockerfile.ledger (2 hunks)
Dockerfiles/Dockerfile.notification (2 hunks)
Dockerfiles/Dockerfile.organization (2 hunks)
Dockerfiles/Dockerfile.user (2 hunks)
Dockerfiles/Dockerfile.utility (2 hunks)
Dockerfiles/Dockerfile.verification (2 hunks)
Dockerfiles/Dockerfile.webhook (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

📚 Learning: 2025-12-04T07:15:05.253Z

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Applied to files:

Dockerfiles/Dockerfile.geolocation
Dockerfiles/Dockerfile.ledger
Dockerfiles/Dockerfile.connection
Dockerfiles/Dockerfile.notification
Dockerfiles/Dockerfile.verification
Dockerfiles/Dockerfile.organization
Dockerfiles/Dockerfile.issuance

🔇 Additional comments (8)

Dockerfiles/Dockerfile.user (1)

45-45: Verify: Running Prisma migrations at container startup may cause issues in production.

Running bunx prisma migrate deploy at container startup can lead to:

Race conditions when multiple replicas start simultaneously

Extended startup times and potential health check failures

Difficult rollback scenarios if migrations fail

Consider running migrations as a separate init container or deployment step instead.

Dockerfiles/Dockerfile.api-gateway (1)

2-2: LGTM! Bun migration applied consistently.

The Dockerfile correctly migrates to Bun-based workflow with proper lockfile handling, dependency installation, and build commands. The structure matches the migration pattern applied across other services.

Also applies to: 10-10, 17-17, 22-22, 25-25, 28-28, 44-44

Dockerfiles/Dockerfile.notification (1)

2-2: LGTM! Consistent Bun migration.

The notification service Dockerfile correctly implements the Bun-based build and runtime workflow.

Also applies to: 10-10, 15-15, 20-20, 23-23, 26-26, 42-42

Dockerfiles/Dockerfile.organization (1)

2-2: LGTM! Consistent Bun migration.

The organization service Dockerfile properly implements the Bun-based workflow with all necessary artifacts copied.

Also applies to: 10-10, 16-16, 21-21, 24-24, 27-27, 43-43

Dockerfiles/Dockerfile.cloud-wallet (1)

2-2: LGTM! Consistent Bun migration.

The cloud-wallet service Dockerfile correctly implements the Bun-based build and runtime workflow.

Also applies to: 11-11, 17-17, 22-22, 25-25, 28-28, 46-46

Dockerfiles/Dockerfile.geolocation (1)

2-2: LGTM! Consistent Bun migration.

The geo-location service Dockerfile correctly implements the Bun-based workflow with proper lockfile handling and build commands.

Also applies to: 10-10, 17-17, 22-22, 24-25, 28-28, 47-47

Dockerfiles/Dockerfile.agent-service (2)

23-23: LGTM! Bun commands are correctly implemented.

The migration from pnpm/npm to Bun is properly executed:

bun install replaces pnpm install

bunx replaces npx for Prisma commands

bun --bun run build and runtime commands use the Bun runtime

Also applies to: 28-28, 31-31, 57-57

17-17: bun.lock file confirmed to exist in repository root.

The bun.lock file is present at the repository root (395K, last modified Dec 19 07:38), so the Docker COPY bun.lock ./ instruction will execute successfully.

coderabbitai · 2025-12-19T07:41:43Z

@@ -1,37 +1,37 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
+FROM oven/bun:1.3-alpine AS build


⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

find . -name "Dockerfile.agent-service" -type f

Repository: credebl/platform

Length of output: 98

Consolidate Bun version and remove pnpm from final stage.

Bun 1.3 is current (latest 1.3.5), but address two critical issues:

Pin Bun version to 1.3.5-alpine in both stages (lines 2, 33) instead of unpinned 1.3-alpine for reproducible builds

Remove pnpm installation from final stage (lines 36-41): The application runs with Bun (see CMD), not pnpm. Installing pnpm contradicts the Bun migration and unnecessarily increases image size

Consolidate redundant openssl in build stage: Lines 4 and 5-9 both install openssl—merge into a single apk add command

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.agent-service around lines 2 to 41, pin both FROM lines to oven/bun:1.3.5-alpine (replace unpinned 1.3-alpine at line 2 and the second stage at line 33) to ensure reproducible builds; remove the pnpm installation commands in the final stage (lines ~36-41) since the container runs with Bun and pnpm is unnecessary and inflates image size; and consolidate duplicate openssl APK installs in the build stage by merging the separate apk add calls (lines ~4 and ~5-9) into a single apk add that installs all required packages including openssl.

coderabbitai · 2025-12-19T07:41:43Z

@@ -1,31 +1,31 @@
 # Stage 1: Build the application
-FROM node:18-alpine as build
+FROM oven/bun:1.3-alpine as build


🛠️ Refactor suggestion | 🟠 Major

Use a specific Bun patch version instead of floating 1.3 tag.

The latest Bun version is v1.3.5, while the Dockerfile uses the generic 1.3 tag. Using a floating minor version tag means the image will auto-update to new patch releases within the 1.3.x series without explicit updates.

For production, pin to a specific patch version (e.g., oven/bun:1.3.5-alpine) for reproducible builds and deliberate version upgrades. Version 1.3.0 had a TLS regression that was resolved in 1.3.2, and 1.3.5 addressed a security issue where default trusted dependencies list could be spoofed.

Also applies to: 28-28

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.issuance around line 2 (and also at line 28), the FROM uses a floating minor tag "oven/bun:1.3-alpine" which allows automatic patch upgrades; change it to a pinned patch tag (for example "oven/bun:1.3.5-alpine") to ensure reproducible builds and explicit upgrades. Update both occurrences to the chosen specific patch version, rebuild and verify the image works with that pinned Bun release.

coderabbitai · 2025-12-19T07:41:43Z

 # Build the user service
-RUN pnpm run build utility
+RUN bun --bun run build utility


⚠️ Potential issue | 🟡 Minor

Stale comment: references "user service" instead of "utility".

The comment says "Build the user service" but the command builds the utility service.

Proposed fix

-# Build the user service +# Build the utility service RUN bun --bun run build utility

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# Build the user service

RUN pnpm run build utility

RUN bun --bun run build utility

# Build the utility service

RUN bun --bun run build utility

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.utility around lines 25 to 26, the inline comment mistakenly says "Build the user service" though the RUN command builds the utility; update the comment to accurately reflect the action (for example "Build the utility service" or "Build the utility"), keeping style consistent with other Dockerfile comments.

coderabbitai · 2025-12-19T07:41:44Z

 # Build the user service
-RUN npm run build verification
+RUN bun --bun run build verification


⚠️ Potential issue | 🟡 Minor

Stale comment: references "user service" instead of "verification".

The comment says "Build the user service" but the command builds the verification service.

Proposed fix

-# Build the user service +# Build the verification service RUN bun --bun run build verification

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# Build the user service

RUN npm run build verification

RUN bun --bun run build verification

# Build the verification service

RUN bun --bun run build verification

🤖 Prompt for AI Agents

In Dockerfiles/Dockerfile.verification around lines 23 to 24, the inline comment "Build the user service" is stale and misleading because the RUN command builds the verification service; update the comment to accurately describe the step (e.g., "Build the verification service") or remove it if redundant so the comment matches the command.

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai

Actionable comments posted: 0

♻️ Duplicate comments (2)

Dockerfiles/Dockerfile.agent-service (2)

2-10: [Duplicate] Pin Bun version and remove redundant OpenSSL installation.

Previous review comments on this file already flagged:

The Bun base image should be pinned to a specific version (e.g., oven/bun:1.3.5-alpine) for reproducible builds

OpenSSL is installed twice (line 4 standalone, then again on line 6 in the consolidated apk add)

Please address these concerns from the prior review.

34-42: [Duplicate] Same issues apply to final stage.

The final stage has the same issues flagged in previous reviews: unpinned Bun version (line 34) and duplicate OpenSSL installation (lines 36 and 38).

🧹 Nitpick comments (2)

Dockerfiles/Dockerfile.agent-service (2)
23-23: Use --frozen-lockfile for reproducible builds.

In CI/CD and Docker builds, using --frozen-lockfile ensures that bun.lock is respected exactly and the build fails if the lockfile is out of sync with package.json. This prevents unexpected dependency updates during builds.
🔎 Proposed fix
-RUN bun install
+RUN bun install --frozen-lockfile
57-57: Consider separating database migrations from container startup.

Running prisma migrate deploy at container startup can cause issues in production:

Race conditions: Multiple replicas starting simultaneously may conflict on schema changes

Deployment coupling: Failed migrations block the container from running

Rollback complexity: If migration fails mid-deploy, containers may be in an inconsistent state

A more robust pattern is to run migrations as a separate job (e.g., Kubernetes Job, CI/CD step) before deploying new containers.

If this is intentional for your use case (e.g., single-instance deployments or development environments), consider adding a comment to document the reasoning.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dcae694 and 7f15b01.

📒 Files selected for processing (1)

Dockerfiles/Dockerfile.agent-service (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai

Actionable comments posted: 2

♻️ Duplicate comments (1)

package.json (1)
211-211: Verify Node 24 availability and document the rationale for this requirement.

The Node engine requirement was bumped to >=24, which is a major breaking change. However:

Node 24 may not be released yet or widely available (current LTS versions are 18.x, 20.x, 22.x)

No Node 24-specific features are evident in the codebase

Bun has its own runtime and doesn't strictly require Node 24

No migration documentation was provided despite previous review feedback

This was flagged in a previous review but remains unaddressed.
#!/bin/bash
# Check if Node 24 is available and stable
echo "Checking Node.js release schedule..."
curl -s https://nodejs.org/dist/index.json | jq -r '.[] | select(.version | startswith("v24")) | .version' | head -5 || echo "No Node 24 releases found"

echo -e "\n\nChecking current Node LTS versions..."
curl -s https://nodejs.org/dist/index.json | jq -r '[.[] | select(.lts != false)] | .[0:3] | .[] | "\(.version) (LTS: \(.lts))"'

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3fc3c78 and dfa8b5e.

📒 Files selected for processing (1)

package.json

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

📚 Learning: 2025-12-04T07:15:05.253Z

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

Applied to files:

package.json

🔇 Additional comments (2)

package.json (2)

22-22: LGTM! Explicit schema path improves clarity.

Removing npx and using the direct prisma command works with both pnpm and Bun's bin resolution. The explicit --schema flag eliminates ambiguity.

213-242: Workspace configuration is properly set up.

The monorepo structure with private: true and the workspaces configuration with catalog feature is correctly implemented:

✓ Both apps/ (17 packages) and libs/ (16 packages) directories exist with valid package.json files

✓ Dependencies properly reference catalog entries (e.g., "@nestjs/common": "catalog:", "@nestjs/axios": "catalog:", etc.)

✓ pnpm 9.15.3 fully supports the catalog feature (introduced in pnpm 7.27.0)

This provides centralized dependency management for version consistency across the monorepo. The configuration aligns with team preferences to support both pnpm and Bun.

coderabbitai · 2025-12-31T10:19:49Z

    "build:all": "rimraf dist && nest build api-gateway && nest build platform-service && nest build agent-service && nest build connection",
    "format": "prettier --write \"apps/**/*.ts\" \"libs/**/*.ts\"",
-    "start": "npx prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma & nest start",
+    "start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma & nest start",


⚠️ Potential issue | 🟠 Major

Replace background operator & with sequential operator && to ensure migrations complete before starting.

The start script uses & to run Prisma migration in the background while starting Nest. If the migration fails, Nest will start anyway with a stale schema, potentially causing runtime errors or data corruption.

🔎 Proposed fix

- "start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma & nest start", + "start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma && nest start",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma & nest start",

"start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma && nest start",

🤖 Prompt for AI Agents

In package.json around line 12, the "start" script uses the background operator `&` causing Prisma migrations to run concurrently with Nest startup; change it to the sequential operator `&&` so migrations run to completion (and fail fast if they error) before starting the Nest server. Update the script to run `prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma` and on success run `nest start`, ensuring proper exit codes propagate on migration failure.

coderabbitai · 2025-12-31T10:19:49Z

+    "typescript": "^5.1.6",
+    "@types/bun": "1.3.3"


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

latest @types/bun version 2024 2025 Bun runtime compatibility

💡 Result:

Latest @types/bun (as of Dec 31, 2025): v1.2.21. [1]

Notes on compatibility:

@types/bun is a small wrapper that references bun-types (the actual runtime type definitions). Use the bun-types version that matches your Bun runtime for best accuracy; @types/bun simply re-exports those types. [1][2]

Bun runtime releases (e.g., Bun v1.2.5 on Mar 11, 2025) introduce API changes; prefer bun/bun-types versions published around the same date as your Bun binary to avoid mismatches. [3]

Commands:

Install the published wrapper: npm i --save-dev @types/bun. [1]

Or install bun-types directly (match Bun): npm i --save-dev bun-types@. [2]

Sources:
[1] @types/bun npm package (latest versions).
[2] bun-types npm package (runtime types used by @types/bun).
[3] Bun release notes (example: Bun v1.2.5, Mar 11, 2025).

🏁 Script executed:

# Search for Bun runtime version specification in package.json or other config files rg -i "\"bun\"|\"@bun|bun-version" --type json --type yaml --type toml | head -20

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Check package.json for any Bun-related dependencies or scripts cat -n package.json | grep -A 5 -B 5 "@types/bun"

Repository: credebl/platform

Length of output: 394

🌐 Web query:

@types/bun 1.3.3 npm package version exists

💡 Result:

Yes — @types/bun version 1.3.3 exists (published Nov 21, 2025). [1][2]

Sources:
[1] Yarn package page showing versions (includes 1.3.3 — Nov 21, 2025).
[2] Snyk / package metadata listing 1.3.3 as a published version.

🏁 Script executed:

# Search entire repo for Bun runtime/binary version specification find . -type f $ -name "package.json" -o -name "bunfig.toml" -o -name ".bun-version" -o -name "bun.lock" $ -exec cat -n {} + 2>/dev/null | head -50

Repository: credebl/platform

Length of output: 1635

🏁 Script executed:

# Search for any Bun version references in config, dockerfile, or scripts rg "bun.*version|1\.[0-9]\.[0-9]" --type json --type yaml --type toml --type dockerfile -i | head -30

Repository: credebl/platform

Length of output: 94

🏁 Script executed:

# Search for bunfig.toml specifically find . -name "bunfig.toml" -o -name ".bunrc*" 2>/dev/null

Repository: credebl/platform

Length of output: 42

🏁 Script executed:

# Search for any Bun binary/runtime version references in entire repo rg "bun" --type json --type toml --type yaml -i | grep -i "version\|engine\|runtime" | head -20

Repository: credebl/platform

Length of output: 42

🌐 Web query:

@types/bun 1.3.3 pre-release beta latest stable version 1.2.21

💡 Result:

There are conflicting published versions across registries right now.

npmjs shows @types/bun v1.2.21 as the package version. [1]

Yarn/npm registry metadata and Bun docs/outdated examples show newer @types/bun releases (v1.3.3 published Nov 21, 2025 and later v1.3.4/1.3.5). [2][3]

If you want to install a specific version, pin it explicitly:

npm: npm install --save-dev @types/[email protected]

bun: bun add -D @types/[email protected]

Check the registry you use (npmjs, yarn, or bun) to confirm which version is actually published there before upgrading. Sources: [1] npm package page for @types/bun, [2] Bun blog/outdated docs showing 1.3.3, [3] Yarn package metadata showing 1.3.5.

Sources:
[1] https://www.npmjs.com/package/%40types/bun
[2] https://bun.com/blog/bun-v1.3.3 and https://bun.sh/docs/pm/cli/outdated
[3] https://classic.yarnpkg.com/en/package/%40types/bun

Pin the Bun runtime version in package.json to ensure type definitions match the actual runtime.

@types/bun@1.3.3 is pinned but lacks a corresponding Bun runtime version specification. @types/bun is a wrapper for bun-types, which must match your Bun runtime version for correct type definitions. Additionally, version 1.3.3 shows as the latest on Yarn/Bun registries but npmjs reports 1.2.21 as stable—consider using 1.2.21 or explicitly verify which registry your package manager uses. Add a pinned Bun runtime version (e.g., in engines or as a dependency) and ensure @types/bun aligns with it.

🤖 Prompt for AI Agents

In package.json around lines 160-161, the project pins @types/bun to 1.3.3 but does not pin the Bun runtime, causing potential type/runtime mismatches; add a pinned Bun runtime version and align @types/bun to that runtime (for example set engines.bun to ">=1.2.21 <1.3.0" or a specific "1.2.21" and change @types/bun to the matching registry/stable version), or add bun as a dependency/optionalDependency at the exact version you intend to run so the type package and runtime are consistent; ensure the chosen @types/bun version matches the registry your package manager uses (npm vs yarn/bun) and update package.json accordingly.

Signed-off-by: shitrerohit <rohit.shitre@ayanworks.com>

sonarqubecloud · 2026-01-15T13:19:41Z

Quality Gate failed

Failed conditions
14 Security Hotspots

See analysis details on SonarQube Cloud

coderabbitai

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/agent-service/src/agent-service.service.ts (1)
188-196: Inconsistency between provisionWallet and createTenant guard logic.

The provisionWallet method guards against both WALLET_CREATED and DID_CREATED statuses (lines 188-191), preventing re-provisioning when either exists. However, createTenant at line 733 only checks for WALLET_CREATED. Since the agent lifecycle progresses from WALLET_CREATED to DID_CREATED, the createTenant method should apply the same guard logic to prevent operations when DID_CREATED status is present.

Update createTenant to check for both statuses:
Suggested fix
if (
  AgentSpinUpStatus.WALLET_CREATED === getOrgAgent?.agentSpinUpStatus ||
  AgentSpinUpStatus.DID_CREATED === getOrgAgent?.agentSpinUpStatus
) {

🤖 Fix all issues with AI agents

In `@apps/verification/src/verification.service.ts`:
- Around line 785-787: The certificate extraction uses a hardcoded
verifiableCredential[0] causing every loop iteration to get the first
credential's certificate; change it to reuse the already-defined
verifiableCredentials array and index into it (e.g.,
verifiableCredentials[index]?.prettyVc?.certificate) so each input descriptor
uses its corresponding credential's certificate, or if a single shared
certificate was intended, move the current assignment outside the forEach;
update the assignment that sets certificate to reference verifiableCredentials
rather than repeating the long optional-chaining path.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dfa8b5e and 6cb498a.

📒 Files selected for processing (2)

apps/agent-service/src/agent-service.service.ts
apps/verification/src/verification.service.ts

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: sujitaw
Repo: credebl/platform PR: 1531
File: package.json:209-209
Timestamp: 2025-12-04T07:15:05.253Z
Learning: In the credebl/platform repository, the team prefers to support both pnpm and Bun package managers simultaneously, with pnpm as the primary package manager (specified in the packageManager field) and Bun as an alternative option.

🧬 Code graph analysis (1)

apps/verification/src/verification.service.ts (3)

apps/agent-service/src/agent-service.service.ts (1)

getProofPresentationById (1516-1524)

apps/api-gateway/src/verification/verification.service.ts (1)

getProofPresentationById (47-54)

apps/api-gateway/src/verification/verification.controller.ts (1)

getProofPresentationById (113-143)

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

coderabbitai · 2026-01-15T13:22:53Z

+          certificate =
+            getProofPresentationById?.presentation?.presentationExchange?.verifiableCredential[0]?.prettyVc
+              ?.certificate;


⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's look at the file to understand the context around lines 785-787 head -n 820 apps/verification/src/verification.service.ts | tail -n 70

Repository: credebl/platform

Length of output: 3354

🏁 Script executed:

# Check if similar patterns exist in Indy format grep -n "verifiableCredential\[" apps/verification/src/verification.service.ts # Also search for any comments explaining this behavior grep -B5 -A5 "certificate.*verifiableCredential\[0\]" apps/verification/src/verification.service.ts

Repository: credebl/platform

Length of output: 171

🏁 Script executed:

# Check the Indy format handling to see if it uses certificate differently grep -A 50 "if (getProofPresentationById?.request?.indy)" apps/verification/src/verification.service.ts | head -60 # Search for test files find . -name "*.spec.ts" -o -name "*.test.ts" | grep -i verification | head -20

Repository: credebl/platform

Length of output: 2556

🏁 Script executed:

# Search for where prettyVc is used or defined rg "prettyVc" apps/verification/src/ # Check if there are any related type definitions find . -name "*.ts" -path "*/verification/*" | xargs rg -l "prettyVc\|IProofPresentationDetails" | head -10

Repository: credebl/platform

Length of output: 213

🏁 Script executed:

# Search for IProofPresentationDetails interface rg "interface IProofPresentationDetails\|type IProofPresentationDetails" -A 10 apps/verification/ # Check for any DTO or model definitions find apps/verification -name "*.ts" | xargs grep -l "IProofPresentationDetails" | head -5

Repository: credebl/platform

Length of output: 154

🏁 Script executed:

# Check the interface definition in the controller grep -B 5 -A 10 "IProofPresentationDetails" apps/verification/src/verification.controller.ts | head -30 # Also look for it in interfaces/types directory find apps/verification -name "*.ts" | xargs grep -l "IProofPresentationDetails" # Check for type definitions rg "type IProofPresentationDetails|interface IProofPresentationDetails" -A 15

Repository: credebl/platform

Length of output: 2579

🏁 Script executed:

# Let's understand the data structure better by looking for where presentation is constructed rg "presentationExchange" apps/verification/src/ -B 3 -A 3 | head -50 # Also check if there are any comments or documentation about verifiableCredential structure grep -r "verifiableCredential" apps/verification/src/ -B 2 -A 2

Repository: credebl/platform

Length of output: 7275

🏁 Script executed:

# Let's search for patterns where [0] is used in repository for email extraction grep -n "verifiableCredential\[0\]" apps/verification/src/repositories/verification.repository.ts -B 5 -A 5 # Check if there are any tests for getVerifiedProofdetails find . -path "*/verification/*" -name "*.spec.ts" -o -path "*/verification/*" -name "*.test.ts" | xargs grep -l "getVerifiedProofdetails" 2>/dev/null # Search for references to presentationExchange in tests find . -name "*.spec.ts" | xargs grep -l "presentationExchange" 2>/dev/null | head -5

Repository: credebl/platform

Length of output: 609

🏁 Script executed:

# Let's look at the full context of the repository code to understand the pattern better sed -n '190,210p' apps/verification/src/repositories/verification.repository.ts # Check if there are any architectural documentation or comments explaining presentationExchange structure find . -name "*.md" -path "*/verification/*" | xargs grep -i "presentationExchange\|presentation.*exchange" 2>/dev/null | head -10

Repository: credebl/platform

Length of output: 936

🏁 Script executed:

# Let's look at more context around the loop to understand better sed -n '775,810p' apps/verification/src/verification.service.ts # Check if there's any documentation about Presentation Exchange format find . -type f -name "*.ts" -o -name "*.md" | xargs grep -i "presentation.exchange\|presentationExchange" | grep -i "doc\|comment\|TODO\|FIXME" | head -10

Repository: credebl/platform

Length of output: 1987

Hardcoded index [0] causes certificate extraction inconsistency in the forEach loop.

The verifiableCredentials array is accessed differently depending on the field:

Credential subject uses the loop's index: verifiableCredentials[index]?.credentialSubject (line 782)

Certificate always uses [0]: verifiableCredential[0]?.prettyVc?.certificate (line 786)

Since the certificateTemplate is included in each extracted data entry alongside the indexed credential subject, all loop iterations receive the same certificate from the first credential. If a presentation contains multiple credentials with different certificates, this will cause incorrect associations.

Additionally, the already-defined verifiableCredentials variable should be reused instead of repeating the full optional-chaining path.

Suggested fix

- certificate = - getProofPresentationById?.presentation?.presentationExchange?.verifiableCredential[0]?.prettyVc - ?.certificate; + certificate = verifiableCredentials[index]?.prettyVc?.certificate;

Clarify whether each input descriptor should use its corresponding credential's certificate or if a single shared certificate from the first credential is intentional. If the latter, move this assignment outside the loop.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

certificate =

getProofPresentationById?.presentation?.presentationExchange?.verifiableCredential[0]?.prettyVc

?.certificate;

certificate = verifiableCredentials[index]?.prettyVc?.certificate;

🤖 Prompt for AI Agents

In `@apps/verification/src/verification.service.ts` around lines 785 - 787, The certificate extraction uses a hardcoded verifiableCredential[0] causing every loop iteration to get the first credential's certificate; change it to reuse the already-defined verifiableCredentials array and index into it (e.g., verifiableCredentials[index]?.prettyVc?.certificate) so each input descriptor uses its corresponding credential's certificate, or if a single shared certificate was intended, move the current assignment outside the forEach; update the assignment that sets certificate to reference verifiableCredentials rather than repeating the long optional-chaining path.

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

sonarqubecloud · 2026-05-06T05:44:45Z

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud

coderabbitai

Actionable comments posted: 14

🧹 Nitpick comments (1)

Dockerfiles/Dockerfile.geolocation (1)
35-44: 💤 Low value

Remove dead pnpm/npm comments left over from the migration.

Lines like # RUN npm install -g pnpm, #COPY --from=build /app/package.json ./, and #RUN npm i --only=production are stale artifacts from the pre-Bun setup and add noise. Cleaning them up across the migrated Dockerfiles will keep the runtime stage easy to scan.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.geolocation` around lines 35 - 44, Remove the stale
commented package-manager commands left from the pre-Bun migration: delete the
commented lines "# RUN npm install -g pnpm", "#COPY --from=build
/app/package.json ./", and "#RUN npm i --only=production" (and any identical
commented pnpm/npm artifacts) so the runtime Dockerfile stage (WORKDIR /app,
COPY --from=build ... dist/apps/geo-location/, libs/, node_modules) is clean and
easy to read; apply the same cleanup to other migrated Dockerfiles that contain
the same commented pnpm/npm lines.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfiles/Dockerfile.api-gateway`:
- Around line 9-18: Remove the now-redundant COPY pnpm-workspace.yaml ./ line
and pin installs to the lockfile by changing the install command from RUN bun
install to RUN bun install --frozen-lockfile; specifically, delete the COPY
pnpm-workspace.yaml ./ entry and update the RUN bun install invocation so the
build uses the lockfile consistently.
- Line 2: Update the Dockerfile FROM line to use an uppercase stage alias:
change the build stage alias from the lowercase "as build" to use "AS build" so
the stage identifier (build) is defined with the canonical uppercase AS token in
the FROM instruction.
- Line 44: The Docker CMD currently launches the NestJS API gateway with Bun
("bun --bun dist/apps/api-gateway/main.js"), which is unsupported; update the
Docker CMD so the runtime uses Node (e.g., replace "bun --bun
dist/apps/api-gateway/main.js" with "node dist/apps/api-gateway/main.js") and
keep Bun only for build/install steps (the earlier bunx prisma commands are
fine), or if you intentionally want Bun, run a comprehensive end-to-end test
matrix (HTTP, WebSocket, `@nestjs/microservices` NATS transport,
`@nestjs/platform-socket.io`, `@nestjs/bull`, Postgres persistence) before shipping
and document that decision.

In `@Dockerfiles/Dockerfile.cloud-wallet`:
- Around line 9-17: The Dockerfile currently copies pnpm-workspace.yaml
unnecessarily and runs "bun install" without locking; remove the "COPY
pnpm-workspace.yaml ./" step and change the "RUN bun install" invocation to use
the frozen lock option (i.e., run bun install --frozen-lockfile) so image builds
are reproducible; keep the existing ENV PUPPETEER_SKIP_DOWNLOAD setting and
ensure bun.lock and package.json remain copied as shown.

In `@Dockerfiles/Dockerfile.connection`:
- Line 2: Replace the lowercase stage alias keyword in the Docker FROM line:
change "FROM oven/bun:1.3-alpine as build" to use uppercase "AS" so it reads
"FROM oven/bun:1.3-alpine AS build"; update the stage alias usage (the "build"
stage reference) consistently if referenced elsewhere in the same Dockerfile to
match the uppercase convention.
- Around line 9-18: Remove the line that copies pnpm-workspace.yaml (do not copy
pnpm-workspace.yaml into the image) and modify the dependency install invocation
so the RUN bun install command uses the --frozen-lockfile flag to prevent
lockfile regeneration; locate the COPY pnpm-workspace.yaml statement and the RUN
bun install statement in the Dockerfile (near the PUPPETEER_SKIP_DOWNLOAD ENV)
and update accordingly.

In `@Dockerfiles/Dockerfile.geolocation`:
- Line 2: Change the build stage alias to use uppercase AS: locate the
Dockerfile line that reads "FROM oven/bun:1.3-alpine as build" and update the
stage declaration to "AS build" so the FROM instruction uses the canonical
uppercase alias keyword (i.e., replace the lowercase "as" with "AS").
- Around line 9-18: Remove the obsolete workspace copy and pin installs to the
lockfile: delete the COPY pnpm-workspace.yaml ./ line and update the RUN bun
install invocation (the RUN bun install statement) to use the frozen-lockfile
flag (e.g., RUN bun install --frozen-lockfile) so installs are locked to
bun.lock; keep ENV PUPPETEER_SKIP_DOWNLOAD as-is.

In `@Dockerfiles/Dockerfile.organization`:
- Line 2: The Dockerfile uses a lowercase stage alias "as build" in the FROM
instruction; change the FROM line to use uppercase AS (i.e., update the FROM
instruction that declares the "build" stage to use "AS build") so the stage
alias follows Dockerfile conventions and avoids linter/style complaints.
- Around line 9-17: The Dockerfile currently copies pnpm-workspace.yaml and runs
"RUN bun install" without locking, which can lead to non-reproducible installs;
remove the "COPY pnpm-workspace.yaml ./" line and change the install invocation
to use a frozen lockfile (run bun install with the --frozen-lockfile flag) so
builds are deterministic while leaving ENV PUPPETEER_SKIP_DOWNLOAD=true in
place; locate the COPY pnpm-workspace.yaml and the RUN bun install lines to make
these changes.

In `@Dockerfiles/Dockerfile.utility`:
- Around line 40-44: The runtime CMD still runs "bunx prisma generate" after
switching to USER nextjs, which will fail due to node_modules ownership; remove
the redundant "bunx prisma generate" invocation from the CMD so it only runs
migrations at startup (keep "bunx prisma migrate deploy" if needed) and rely on
the build-stage prisma client generation already performed; update the CMD line
that currently contains "bunx prisma migrate deploy && bunx prisma generate &&
... " to exclude "bunx prisma generate" (apply the same change across the other
Bun-based Dockerfiles: utility, agent-service, api-gateway, cloud-wallet,
connection, geolocation, issuance, ledger, notification, organization, user,
verification, webhook).

In `@Dockerfiles/Dockerfile.webhook`:
- Around line 32-35: The Dockerfile copies node_modules from the build stage
into the final image and runs the app with bun --bun dist/apps/webhook/main.js;
you must verify native addons in node_modules are ABI-compatible with the
runtime base and that Puppeteer binaries are available if required. To fix,
either ensure both stages use the identical oven/bun:1.3-alpine base (confirm
this in the Dockerfile), or rebuild native modules in the final stage (npm
rebuild / bun install --force) before running the app; additionally verify
PUPPETEER_SKIP_DOWNLOAD usage and, if set, ensure the final image includes
required browser binaries or set PUPPETEER_DOWNLOAD to fetch them at runtime.
Finally add a startup check that attempts to require key native modules (e.g.,
bcrypt, puppeteer, node-qpdf2) and log failures so any ABI mismatch or missing
Puppeteer binary is caught early.
- Around line 8-12: The Dockerfile.webhook currently copies pnpm-lock.yaml but
runs RUN bun install, causing non-reproducible installs; replace the copied pnpm
lockfile with Bun's lockfile (e.g., bun.lockb or bun.lock) in the COPY
instruction and change the install command to use a frozen lock (RUN bun install
--frozen-lockfile) so Bun uses the exact locked graph; update/remove
pnpm-workspace.yaml copy if it is irrelevant to Bun and ensure the COPY and RUN
lines referencing pnpm-lock.yaml and RUN bun install are the ones you modify.

In `@package.json`:
- Around line 215-245: The package.json contains a workspaces.catalog block that
duplicates/contradicts pnpm-workspace.yaml and causes inconsistent behavior
between pnpm and Bun; either remove the entire "catalog" object from
package.json (leaving "workspaces": { "packages": ["apps/*","libs/*"] } and
using pnpm-workspace.yaml as the single source of truth) or, if you intend to
support a dual-manager setup, add documentation and make the use of the catalog:
protocol consistent across all workspace packages (ensure libs/* and apps/*
dependencies use the same catalog references) so both managers resolve the same
catalogs.

---

Nitpick comments:
In `@Dockerfiles/Dockerfile.geolocation`:
- Around line 35-44: Remove the stale commented package-manager commands left
from the pre-Bun migration: delete the commented lines "# RUN npm install -g
pnpm", "#COPY --from=build /app/package.json ./", and "#RUN npm i
--only=production" (and any identical commented pnpm/npm artifacts) so the
runtime Dockerfile stage (WORKDIR /app, COPY --from=build ...
dist/apps/geo-location/, libs/, node_modules) is clean and easy to read; apply
the same cleanup to other migrated Dockerfiles that contain the same commented
pnpm/npm lines.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

Push a commit to this branch (recommended)
Create a new PR with the fixes

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 96cfafa3-ca51-4132-af94-30f54be83b62

📥 Commits

Reviewing files that changed from the base of the PR and between 6cb498a and 29780a0.

📒 Files selected for processing (15)

Dockerfiles/Dockerfile.agent-service
Dockerfiles/Dockerfile.api-gateway
Dockerfiles/Dockerfile.cloud-wallet
Dockerfiles/Dockerfile.connection
Dockerfiles/Dockerfile.geolocation
Dockerfiles/Dockerfile.issuance
Dockerfiles/Dockerfile.ledger
Dockerfiles/Dockerfile.notification
Dockerfiles/Dockerfile.organization
Dockerfiles/Dockerfile.user
Dockerfiles/Dockerfile.utility
Dockerfiles/Dockerfile.verification
Dockerfiles/Dockerfile.webhook
apps/api-gateway/src/ecosystem/dtos/delete-ecosystem-users.ts
package.json

coderabbitai · 2026-05-06T05:51:13Z

@@ -1,26 +1,44 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM oven/bun:1.3-alpine as build


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use uppercase AS for the build stage alias.

-FROM oven/bun:1.3-alpine as build +FROM oven/bun:1.3-alpine AS build

🧰 Tools

🪛 GitHub Check: SonarCloud Code Analysis

[warning] 2-2: Replace "as" with upper case format "AS".

See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S41X2zOM1zCwg-l&open=AZ370S41X2zOM1zCwg-l&pullRequest=1531

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.api-gateway` at line 2, Update the Dockerfile FROM line to use an uppercase stage alias: change the build stage alias from the lowercase "as build" to use "AS build" so the stage identifier (build) is defined with the canonical uppercase AS token in the FROM instruction.

coderabbitai · 2026-05-06T05:51:13Z

+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY bun.lock ./
+COPY pnpm-workspace.yaml ./
+# COPY package-lock.json ./
+
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-RUN pnpm i --frozen-lockfile --ignore-scripts
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN bun install


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop pnpm-workspace.yaml.

Consistent with the other Dockerfiles: pin install to the lockfile and remove the now-redundant pnpm workspace file (workspaces moved to root package.json).

🔧 Proposed fix

COPY package.json ./ COPY bun.lock ./ -COPY pnpm-workspace.yaml ./ -# COPY package-lock.json ./ ENV PUPPETEER_SKIP_DOWNLOAD=true -RUN bun install +RUN bun install --frozen-lockfile

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# Copy package.json and package-lock.json

COPY package.json ./

COPY bun.lock ./

COPY pnpm-workspace.yaml ./

# COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install

# Copy package.json and package-lock.json

COPY package.json ./

COPY bun.lock ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install --frozen-lockfile

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.api-gateway` around lines 9 - 18, Remove the now-redundant COPY pnpm-workspace.yaml ./ line and pin installs to the lockfile by changing the install command from RUN bun install to RUN bun install --frozen-lockfile; specifically, delete the COPY pnpm-workspace.yaml ./ entry and update the RUN bun install invocation so the build uses the lockfile consistently.

coderabbitai · 2026-05-06T05:51:14Z

-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/api-gateway/main.js"]
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/api-gateway/main.js"]


⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

Is NestJS officially supported on the Bun runtime in 2025, including @nestjs/microservicesNATS transport,@nestjs/platform-socket.io, and @nestjs/bull? Any known incompatibilities?

💡 Result:

No, NestJS is not officially supported on the Bun runtime in 2025 or as of 2026-05-06. NestJS maintainers have explicitly stated they focus on Node.js and will not tweak the framework specifically for Bun, though it may work due to Bun's Node.js compatibility claims [1]. Bun maintainers confirm NestJS "works in Bun" for core functionality but advise filing issues for specific library incompatibilities [2]. For the specified packages: - @nestjs/microservices NATS transport: Potential issues with NATS client connections on Bun, including flaky or failed connects reported in open issues [3]. No official compatibility confirmation. - @nestjs/platform-socket.io: Socket.IO requires a Bun-specific engine (@socket.io/bun-engine) for optimal performance with Bun's native HTTP server; standard Node polyfill may cause disconnections [4][5][6]. - @nestjs/bull: No direct incompatibilities found; uses BullMQ which is Node-compatible, but untested specifically on Bun [7][8]. Known incompatibilities include build issues with optional requires (e.g., microservices/websockets) during bundling [9][10], reflector/DI resolution problems [11], dev mode flakiness [12], and runtime differences in crypto/TLS affecting related libs [13][3]. Community reports successful production use with workarounds, but expect testing and potential fixes [14][15]. Official NestJS docs specify Node.js [16][17].

Citations:

1: Will Bunjs be supported in the future? nestjs/nest#15133

2: Support NestJS oven-sh/bun#1641

3: Nats.io Connection Error oven-sh/bun#3170

4: https://socket.io/blog/bun-engine/

5: Full Support for Bun socketio/socket.io#5359

6: Client getting disconnected when running socketio with bun socketio/socket.io#5356

7: Support BullMQ v5.0.0 nestjs/bull#1945

8: fix(deps): update dependency @nestjs/bull to v11.0.4 nestjs/nest#15762

9: Bun could not build NestJS projects oven-sh/bun#14611

10: Unable to build NestJS based project oven-sh/bun#4803

11: [Nest.js Reflector] Bun resolve dependencies problem oven-sh/bun#9838

12: NestJS start:dev not working when using Bun runtime nestjs/nest#16660

13: https://dev.to/whoffagents/bun-12-in-production-what-actually-broke-when-we-migrated-from-node-6nh

14: https://pas7.com.ua/blog/en/nestjs-bun-performance-2026

15: https://www.reddit.com/r/bun/comments/1oyiw6s/is_nestjs_fully_compatible_with_bun/

16: https://docs.nestjs.com/microservices/nats

17: https://github.com/nestjs/nest/blob/master/packages/platform-socket.io/Readme.md

Switch to Node runtime or comprehensively test Bun support before shipping.

Using bun --bun to run NestJS is not recommended: NestJS is not officially supported on Bun as of 2026, and its maintainers will not optimize for it. Known incompatibilities include:

@nestjs/microservices NATS transport: Flaky or failed connections reported on Bun; no official compatibility.

@nestjs/platform-socket.io: Requires Bun-specific @socket.io/bun-engine for stability; standard Node polyfill may cause disconnections.

@nestjs/bull: Untested on Bun.

If Bun runtime is intentional, verify the API gateway end-to-end (HTTP + WebSocket, microservice NATS transport, Bull jobs, persistence with PostgreSQL). Otherwise, use node dist/apps/api-gateway/main.js and keep Bun only for build and install steps.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.api-gateway` at line 44, The Docker CMD currently launches the NestJS API gateway with Bun ("bun --bun dist/apps/api-gateway/main.js"), which is unsupported; update the Docker CMD so the runtime uses Node (e.g., replace "bun --bun dist/apps/api-gateway/main.js" with "node dist/apps/api-gateway/main.js") and keep Bun only for build/install steps (the earlier bunx prisma commands are fine), or if you intentionally want Bun, run a comprehensive end-to-end test matrix (HTTP, WebSocket, `@nestjs/microservices` NATS transport, `@nestjs/platform-socket.io`, `@nestjs/bull`, Postgres persistence) before shipping and document that decision.

coderabbitai · 2026-05-06T05:51:14Z

+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY bun.lock ./
+COPY pnpm-workspace.yaml ./
+
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-RUN pnpm i --frozen-lockfile --ignore-scripts
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN bun install


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop the obsolete pnpm-workspace.yaml copy.

Same concerns as Dockerfile.connection: bun install should run with --frozen-lockfile for reproducible images, and pnpm-workspace.yaml is redundant now that the root package.json declares "workspaces".

🔧 Proposed fix

# Copy package.json and package-lock.json COPY package.json ./ COPY bun.lock ./ -COPY pnpm-workspace.yaml ./ ENV PUPPETEER_SKIP_DOWNLOAD=true # Install dependencies while ignoring scripts (including Puppeteer's installation) -RUN bun install +RUN bun install --frozen-lockfile

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.cloud-wallet` around lines 9 - 17, The Dockerfile currently copies pnpm-workspace.yaml unnecessarily and runs "bun install" without locking; remove the "COPY pnpm-workspace.yaml ./" step and change the "RUN bun install" invocation to use the frozen lock option (i.e., run bun install --frozen-lockfile) so image builds are reproducible; keep the existing ENV PUPPETEER_SKIP_DOWNLOAD setting and ensure bun.lock and package.json remain copied as shown.

coderabbitai · 2026-05-06T05:51:14Z

@@ -1,26 +1,47 @@
 # Stage 1: Build the application
-FROM node:24-alpine3.21 AS build
+FROM oven/bun:1.3-alpine as build


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use uppercase AS for the build stage alias.

SonarCloud flagged this; per Dockerfile best practices and consistency with Dockerfile.webhook / Dockerfile.cloud-wallet in this same PR, use uppercase.

-FROM oven/bun:1.3-alpine as build +FROM oven/bun:1.3-alpine AS build

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

FROM oven/bun:1.3-alpine as build

FROM oven/bun:1.3-alpine AS build

🧰 Tools

🪛 GitHub Check: SonarCloud Code Analysis

[warning] 2-2: Replace "as" with upper case format "AS".

See more on https://sonarcloud.io/project/issues?id=credebl_platform&issues=AZ370S72X2zOM1zCwg-p&open=AZ370S72X2zOM1zCwg-p&pullRequest=1531

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.connection` at line 2, Replace the lowercase stage alias keyword in the Docker FROM line: change "FROM oven/bun:1.3-alpine as build" to use uppercase "AS" so it reads "FROM oven/bun:1.3-alpine AS build"; update the stage alias usage (the "build" stage reference) consistently if referenced elsewhere in the same Dockerfile to match the uppercase convention.

coderabbitai · 2026-05-06T05:51:14Z

+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY bun.lock ./
+COPY pnpm-workspace.yaml ./
+
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-RUN pnpm i --frozen-lockfile --ignore-scripts
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN bun install


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop pnpm-workspace.yaml.

Same concern as the other Dockerfiles in this PR.

🔧 Proposed fix

COPY package.json ./ COPY bun.lock ./ -COPY pnpm-workspace.yaml ./ ENV PUPPETEER_SKIP_DOWNLOAD=true -RUN bun install +RUN bun install --frozen-lockfile

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# Copy package.json and package-lock.json

COPY package.json ./

COPY bun.lock ./

COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install

# Copy package.json and package-lock.json

COPY package.json ./

COPY bun.lock ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install --frozen-lockfile

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.organization` around lines 9 - 17, The Dockerfile currently copies pnpm-workspace.yaml and runs "RUN bun install" without locking, which can lead to non-reproducible installs; remove the "COPY pnpm-workspace.yaml ./" line and change the install invocation to use a frozen lockfile (run bun install with the --frozen-lockfile flag) so builds are deterministic while leaving ENV PUPPETEER_SKIP_DOWNLOAD=true in place; locate the COPY pnpm-workspace.yaml and the RUN bun install lines to make these changes.

coderabbitai · 2026-05-06T05:51:14Z

+COPY --from=build /app/node_modules  ./node_modules
 USER nextjs
-CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/utility/main.js"]
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/utility/main.js"]


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash set -euo pipefail echo "== Dockerfile startup sequence ==" sed -n '40,44p' Dockerfiles/Dockerfile.utility echo echo "== Prisma generator output config ==" fd -a 'schema.prisma' . | while read -r f; do echo "--- $f ---" rg -n -A6 -B2 '^\s*generator\s+client\b|^\s*output\s*=' "$f" done

Repository: credebl/platform

Length of output: 605

🏁 Script executed:

# Check for Line 23 and surrounding build stage context sed -n '1,50p' Dockerfiles/Dockerfile.utility | cat -n # Search for other Bun-related Dockerfiles mentioned in the PR echo "=== Sibling Bun Dockerfiles ===" fd -e 'Dockerfile*' Dockerfiles/ | grep -i bun || echo "(none found with 'bun' in name)" # Also check all Dockerfiles in the directory fd 'Dockerfile.*' Dockerfiles/ --type f

Repository: credebl/platform

Length of output: 2820

🏁 Script executed:

# Check for prisma generate in build stage of Dockerfile.utility echo "=== Full Dockerfile.utility content (first 70 lines) ===" head -70 Dockerfiles/Dockerfile.utility | cat -n echo echo "=== Search for prisma generate in Dockerfile.utility ===" rg -n 'prisma\s+generate|prisma generate' Dockerfiles/Dockerfile.utility

Repository: credebl/platform

Length of output: 2138

🏁 Script executed:

# Check all Dockerfiles for the same prisma generate pattern after USER switch echo "=== Checking all Dockerfiles for prisma generate in CMD after USER ===" for df in Dockerfiles/Dockerfile*; do echo "--- $df ---" rg -n -B5 -A5 'USER.*nextjs|USER.*bun|bun.*next' "$df" | head -20 done

Repository: credebl/platform

Length of output: 8408

Remove redundant prisma generate from runtime CMD—it runs in the build stage and will fail with permission errors after USER nextjs.

Line 23 already generates Prisma client during the build stage. Line 40 copies node_modules as root-owned files, Line 41 drops to non-root user, and Line 44 attempts to regenerate. Since the default Prisma generator output is node_modules/.prisma/client, this will fail at container startup with EACCES permission denied. The simplest fix is to remove the redundant bunx prisma generate from the CMD.

This pattern affects all 13 Bun-based microservices in the Dockerfiles directory (utility, agent-service, api-gateway, cloud-wallet, connection, geolocation, issuance, ledger, notification, organization, user, verification, webhook).

Proposed fix

COPY --from=build /app/node_modules ./node_modules USER nextjs # Set the command to run the microservice -CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/utility/main.js"] +CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && cd ../.. && bun --bun dist/apps/utility/main.js"]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

COPY --from=build /app/node_modules ./node_modules

USER nextjs

CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && cd ../.. && node dist/apps/utility/main.js"]

\ No newline at end of file

# Set the command to run the microservice

CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/utility/main.js"]

COPY --from=build /app/node_modules ./node_modules

USER nextjs

# Set the command to run the microservice

CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && cd ../.. && bun --bun dist/apps/utility/main.js"]

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.utility` around lines 40 - 44, The runtime CMD still runs "bunx prisma generate" after switching to USER nextjs, which will fail due to node_modules ownership; remove the redundant "bunx prisma generate" invocation from the CMD so it only runs migrations at startup (keep "bunx prisma migrate deploy" if needed) and rely on the build-stage prisma client generation already performed; update the CMD line that currently contains "bunx prisma migrate deploy && bunx prisma generate && ... " to exclude "bunx prisma generate" (apply the same change across the other Bun-based Dockerfiles: utility, agent-service, api-gateway, cloud-wallet, connection, geolocation, issuance, ledger, notification, organization, user, verification, webhook).

coderabbitai · 2026-05-06T05:51:14Z

 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 ENV PUPPETEER_SKIP_DOWNLOAD=true
-RUN pnpm i --frozen-lockfile --ignore-scripts
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN bun install


⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Confirm whether bun.lock and/or pnpm-lock.yaml exist at repo root fd -HI -t f -d 2 '^(bun\.lock|pnpm-lock\.yaml|pnpm-workspace\.yaml)$'

Repository: credebl/platform

Length of output: 104

🏁 Script executed:

# Find all Dockerfiles in the repository fd -t f -name 'Dockerfile*'

Repository: credebl/platform

Length of output: 291

🏁 Script executed:

# Check the content of Dockerfile.webhook around lines 8-12 cat -n Dockerfiles/Dockerfile.webhook | sed -n '1,20p'

Repository: credebl/platform

Length of output: 851

🏁 Script executed:

# Check other Dockerfiles mentioned in the review (connection, cloud-wallet, geolocation, api-gateway, organization) for file in connection cloud-wallet geolocation api-gateway organization; do echo "=== Dockerfile.$file ===" cat -n "Dockerfiles/Dockerfile.$file" 2>/dev/null | sed -n '1,20p' || echo "Not found" done

Repository: credebl/platform

Length of output: 3531

Inconsistent lockfile usage: copying pnpm-lock.yaml instead of bun.lock.

Unlike the other Dockerfiles in this PR (connection, cloud-wallet, geolocation, api-gateway, organization), this file still copies pnpm-lock.yaml while running bun install. Bun won't use a pnpm lockfile for resolution, so the build won't be reproducible from the locked dependency graph. Also, bun install without --frozen-lockfile may silently update the lockfile in CI.

🔧 Proposed fix

-COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./ +COPY package.json bun.lock ./ +COPY pnpm-workspace.yaml ./ ENV PUPPETEER_SKIP_DOWNLOAD=true # Install dependencies while ignoring scripts (including Puppeteer's installation) -RUN bun install +RUN bun install --frozen-lockfile

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

RUN pnpm i --frozen-lockfile --ignore-scripts

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install

COPY package.json bun.lock ./

COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)

RUN bun install --frozen-lockfile

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.webhook` around lines 8 - 12, The Dockerfile.webhook currently copies pnpm-lock.yaml but runs RUN bun install, causing non-reproducible installs; replace the copied pnpm lockfile with Bun's lockfile (e.g., bun.lockb or bun.lock) in the COPY instruction and change the install command to use a frozen lock (RUN bun install --frozen-lockfile) so Bun uses the exact locked graph; update/remove pnpm-workspace.yaml copy if it is irrelevant to Bun and ensure the COPY and RUN lines referencing pnpm-lock.yaml and RUN bun install are the ones you modify.

coderabbitai · 2026-05-06T05:51:14Z

 COPY --from=build /app/dist/apps/webhook/ ./dist/apps/webhook/
 COPY --from=build /app/libs/ ./libs/
-COPY --from=build /app/node_modules ./node_modules
+#COPY --from=build /app/package.json ./  
+COPY --from=build /app/node_modules  ./node_modules


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Verify node_modules produced by bun install is portable to the runtime image.

The final stage copies node_modules from the build stage and runs the app via bun --bun dist/apps/webhook/main.js. Native modules (e.g., bcrypt, puppeteer deps, node-qpdf2) compiled in the build stage must be ABI-compatible with the runtime base. Since both stages use oven/bun:1.3-alpine this should work, but please confirm any native addons load correctly at runtime (in particular with PUPPETEER_SKIP_DOWNLOAD=true set during install — Puppeteer browser binaries won't be present in the final image).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Dockerfiles/Dockerfile.webhook` around lines 32 - 35, The Dockerfile copies node_modules from the build stage into the final image and runs the app with bun --bun dist/apps/webhook/main.js; you must verify native addons in node_modules are ABI-compatible with the runtime base and that Puppeteer binaries are available if required. To fix, either ensure both stages use the identical oven/bun:1.3-alpine base (confirm this in the Dockerfile), or rebuild native modules in the final stage (npm rebuild / bun install --force) before running the app; additionally verify PUPPETEER_SKIP_DOWNLOAD usage and, if set, ensure the final image includes required browser binaries or set PUPPETEER_DOWNLOAD to fetch them at runtime. Finally add a startup check that attempts to require key native modules (e.g., bcrypt, puppeteer, node-qpdf2) and log failures so any ABI mismatch or missing Puppeteer binary is caught early.

coderabbitai · 2026-05-06T05:51:15Z

+  "private": true,
+  "workspaces": {
+    "packages": [
+      "apps/*",
+      "libs/*"
+    ],
+    "catalog": {
+      "@nestjs/common": "^11.1.6",
+      "@nestjs/core": "^11.1.6",
+      "@nestjs/platform-express": "^11.1.6",
+      "@nestjs/axios": "^4.0.1",
+      "@nestjs/bull": "^11.0.3",
+      "@nestjs/cache-manager": "^3.0.1",
+      "@nestjs/config": "^4.0.2",
+      "@nestjs/jwt": "^11.0.0",
+      "@nestjs/microservices": "^11.1.6",
+      "@nestjs/passport": "^11.0.5",
+      "@nestjs/platform-socket.io": "^11.1.6",
+      "@nestjs/schedule": "^6.0.1",
+      "@nestjs/swagger": "^11.2.0",
+      "@nestjs/typeorm": "^11.0.0",
+      "@nestjs/websockets": "^11.1.6",
+      "nestjs-cls": "^6.0.1",
+      "@nestjs/cli": "^11.0.10",
+      "@nestjs/schematics": "^11.0.7",
+      "@nestjs/testing": "^11.1.6",
+      "nestjs-rate-limiter": "^3.1.0",
+      "nestjs-supabase-auth": "^1.0.9",
+      "nestjs-typeorm-paginate": "^4.0.4"
+    }
  }


⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Does Bun 1.3 support the package.json "workspaces" object form with a "catalog" field, and how does it interact with pnpm-workspace.yaml when both are present?

💡 Result:

Yes, Bun 1.3 supports the package.json "workspaces" object form with a "catalog" field. Official Bun documentation shows examples where "catalog" (or "catalogs") is defined inside the "workspaces" object in the root package.json, allowing workspace packages to reference versions using the "catalog:" protocol.[1][2][3] When both package.json "workspaces" (with catalog) and pnpm-workspace.yaml are present, Bun prioritizes its native package.json workspaces configuration. Bun's official docs exclusively document support for "workspaces" in package.json and do not mention reading catalogs or workspaces from pnpm-workspace.yaml.[4][5] While Bun supports parsing pnpm-workspace.yaml for lockfile migration during bun install (added in v1.2.23 and available in 1.3), it automatically migrates by updating package.json to include "workspaces" globs and generates bun.lockb, effectively converting to Bun's format rather than using pnpm-workspace.yaml ongoing.[6][7] pnpm's catalogs are defined in pnpm-workspace.yaml, but Bun's catalog feature is distinct and package.json-based; no sources indicate Bun reads pnpm catalogs from yaml.[8] If both files exist without migration, package.json takes precedence for workspace discovery and catalogs.[9]

Citations:

1: https://bun.sh/docs/pm/catalogs

2: https://bun.com/docs/pm/catalogs

3: https://bun.sh/blog/bun-v1.3

4: https://bun.sh/docs/install/workspaces

5: https://bun.sh/docs/pm/workspaces

6: Bun Workspaces: support for pnpm-workspace.yaml oven-sh/bun#11874

7: https://bun.com/blog/bun-v1.2.23

8: https://pnpm.io/catalogs

9: https://stevekinney.com/courses/enterprise-ui/workspace-package-managers

🌐 Web query:

Does pnpm support "workspaces" object form with "catalog" field in package.json, or does pnpm only read from pnpm-workspace.yaml?

💡 Result:

pnpm supports catalogs (including the default catalog via a top-level catalog key) only when they’re defined in pnpm-workspace.yaml, not via an object-form workspaces field in package.json. Evidence: pnpm’s “Catalogs” feature explicitly states that catalogs are defined in pnpm-workspace.yaml, and it provides examples where catalog: / catalogs: live at the top level of that YAML. The catalog: protocol is then referenced from package.json dependency fields (e.g., in dependencies, devDependencies, etc.). [1] Additionally, the pnpm-workspace.yaml reference confirms that catalogs are defined in pnpm-workspace.yaml. [2] So if you put something like an object-form workspace/catolog config under package.json (instead of pnpm-workspace.yaml), pnpm will not read it as catalogs. Separately (different from your question but often confused): pnpm workspaces themselves require pnpm-workspace.yaml in the workspace root; the documentation says “A workspace must have a pnpm-workspace.yaml file in its root.” [3]

Citations:

1: https://pnpm.io/catalogs

2: https://pnpm.io/next/pnpm-workspace_yaml

3: https://pnpm.io/next/workspaces

🏁 Script executed:

# Check if pnpm-workspace.yaml exists in the repository if [ -f "pnpm-workspace.yaml" ]; then echo "=== pnpm-workspace.yaml found ===" cat pnpm-workspace.yaml else echo "pnpm-workspace.yaml not found" fi # Check if .npmrc or other pnpm config exists if [ -f ".npmrc" ]; then echo -e "\n=== .npmrc found ===" cat .npmrc fi # Check if there are any Dockerfiles mentioned in the review find . -name "Dockerfile*" -type f | head -5

Repository: credebl/platform

Length of output: 998

🏁 Script executed:

# Check if Dockerfiles reference or copy pnpm-workspace.yaml grep -r "pnpm-workspace" ./Dockerfiles/ 2>/dev/null || echo "No direct references found" # Also check for general workspace config references grep -r "workspace" ./Dockerfiles/ 2>/dev/null | head -10 # Check a sample app package.json to see if it uses catalog: references if [ -d "apps" ]; then echo "=== Sample app package.json files ===" find apps -maxdepth 2 -name "package.json" | head -2 | xargs -I {} sh -c 'echo "File: {}"; grep -A5 -B5 "catalog:" {} | head -15' fi

Repository: credebl/platform

Length of output: 2115

🏁 Script executed:

# Get a better view of sample app package.json files find apps -maxdepth 2 -name "package.json" -type f | head -3 | while read f; do echo "=== $f ===" cat "$f" echo "" done

Repository: credebl/platform

Length of output: 255

🏁 Script executed:

# Search for catalog: protocol usage in all app and libs package.json files echo "=== Searching for 'catalog:' references in apps/ ===" grep -r "catalog:" apps/ 2>/dev/null || echo "No catalog: found in apps/" echo "" echo "=== Searching for 'catalog:' references in libs/ ===" grep -r "catalog:" libs/ 2>/dev/null || echo "No catalog: found in libs/" echo "" echo "=== Check how many app/lib package.json files exist ===" find apps libs -maxdepth 2 -name "package.json" -type f | wc -l

Repository: credebl/platform

Length of output: 855

Remove the catalog field from package.json's workspaces object or clarify the dual-manager setup.

pnpm reads catalogs exclusively from pnpm-workspace.yaml and ignores the catalog field in package.json. Bun 1.3 supports package.json catalogs but reads from there instead of the YAML file. This creates two problems:

The catalog entries in lines 215-245 are unused by pnpm (the primary manager); pnpm only respects catalogs in pnpm-workspace.yaml, which duplicates all the same entries. This is dead code and a maintenance burden.

Inconsistent adoption: only libs/* package.json files use the catalog: protocol in dependencies; apps/* do not. If the catalog feature is intentional for the dual-manager setup, it should be used consistently across all workspace packages or documented why it's selective.

Recommended action: Either remove the redundant catalog field from package.json (keeping only pnpm-workspace.yaml as the source of truth) or document which file is authoritative for each package manager and ensure all workspace packages consistently use catalog: references if relying on this feature.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@package.json` around lines 215 - 245, The package.json contains a workspaces.catalog block that duplicates/contradicts pnpm-workspace.yaml and causes inconsistent behavior between pnpm and Bun; either remove the entire "catalog" object from package.json (leaving "workspaces": { "packages": ["apps/*","libs/*"] } and using pnpm-workspace.yaml as the single source of truth) or, if you intend to support a dual-manager setup, add documentation and make the use of the catalog: protocol consistent across all workspace packages (ensure libs/* and apps/* dependencies use the same catalog references) so both managers resolve the same catalogs.

sujitaw added 2 commits December 4, 2025 12:01

feat/update package for bun

29e4b04

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

feat/add bun files

5e6a2c3

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

sujitaw requested review from GHkrishna, RinkalBhojani, sairanjit and shitrerohit December 4, 2025 07:07

sujitaw self-assigned this Dec 4, 2025

coderabbitai Bot reviewed Dec 4, 2025

View reviewed changes

sujitaw and others added 2 commits December 4, 2025 13:11

feat/resolve code rabbit comments

89b5d55

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

feat: implement bun

fc884d2

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 18, 2025

View reviewed changes

Comment thread Dockerfiles/Dockerfile.agent-provisioning Outdated

feat: implement bun - update docker agent-provisioning

c3a662c

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 18, 2025

View reviewed changes

KambleSahil3 added 3 commits December 18, 2025 16:26

feat: implement bun - update docker agent-provisioning

764a872

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

feat: implement bun - update docker agent-provisioning

79fd9ce

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

feat: implement bun - update docker agent-provisioning

3f50e23

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 18, 2025

View reviewed changes

feat: implement bun - update docker agent-provisioning

34de9a1

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 18, 2025

View reviewed changes

ajile-in changed the title ~~feat: add Bun support to project~~ feat: add Bun support Dec 18, 2025

fix/type errors for bun buld in docker

a696931

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai Bot reviewed Dec 19, 2025

View reviewed changes

feat: update dockerfiles to use bun instead of pnpm

dcae694

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 19, 2025

View reviewed changes

feat: update dockerfiles to use bun instead of pnpm

7f15b01

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

coderabbitai Bot reviewed Dec 19, 2025

View reviewed changes

KambleSahil3 and others added 2 commits December 19, 2025 15:16

fix: agent-service dockerfile to run bun

3fc3c78

Signed-off-by: sahil.kamble@ayanworks.com <sahil.kamble@ayanworks.com>

merge of main

dfa8b5e

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai Bot reviewed Dec 31, 2025

View reviewed changes

fix:fixing minor issues

6cb498a

Signed-off-by: shitrerohit <rohit.shitre@ayanworks.com>

coderabbitai Bot reviewed Jan 15, 2026

View reviewed changes

merge of main branch

29780a0

Signed-off-by: sujitaw <sujit.sutar@ayanworks.com>

coderabbitai Bot reviewed May 6, 2026

View reviewed changes

		@@ -207,6 +208,37 @@
		},
		"packageManager": "pnpm@9.15.3+sha512.1f79bc245a66eb0b07c5d4d83131240774642caaa86ef7d0434ab47c0d16f66b04e21e0c086eb61e62c77efc4d7f7ec071afad3796af64892fae66509173893a",

	"start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma & nest start",
	"start": "prisma migrate deploy --schema=./libs/prisma-service/prisma/schema.prisma && nest start",

	FROM oven/bun:1.3-alpine as build
	FROM oven/bun:1.3-alpine AS build

Conversation

sujitaw commented Dec 4, 2025 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What

Summary by CodeRabbit

Uh oh!

coderabbitai Bot commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Reviews paused

Walkthrough

Changes

Estimated code review effort

Possibly related PRs

Suggested labels

Suggested reviewers

Poem

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

sujitaw Dec 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 4, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 18, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

sujitaw commented Dec 4, 2025 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented Dec 4, 2025 •

edited

Loading

coderabbitai Bot Dec 4, 2025 •

edited

Loading