New setup guide scp

[priyanka-TL]

Description

These recommendations are intended to promote code quality and team communication during software development. They cover a variety of topics, including ensuring that pull requests are submitted to the correct branch, documenting new methods, preserving consistency across many services, and avoiding typical blunders like accessing APIs or DB queries within loops. Sensitive data should not be uploaded, and changes to environment variables or database models should be executed consistently. Teams may work more effectively and develop higher-quality software by adhering to these standards.

Type of change

Please choose appropriate options.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Enhancement (additive changes to improve performance)
• This change requires a documentation update

Checklist

• It's critical to avoid making needless file modifications in contributions, such as adding new lines, console logs, or additional spaces, to guarantee cleaner and more efficient code. Furthermore, eliminating unnecessary imports from a file might enhance code readability and efficiency.
• Ensure that the pull request is assigned to the right base branch and that the development branch name contains the JIRA Task Id. Furthermore, each commit message should include the JIRA Task Id in the manner "ED-100: message".
• Only update packages if it is mentioned and authorized in the design document, and make sure that you have the required permissions.
• Avoid making API and database queries inside a loop as it can lead to performance issues and slow down the system.
• When calling another function inside a given function, add comments explaining the purpose and meaning of the passed arguments and expected return values.
• If adding a blank argument in a function, add a comment explaining the reason for the blank argument.
• Before submitting a pull request, do a self-review of your code to ensure there are no conflicts with the base branch and all comments have been addressed.
• Before merging a pull request, it's important to have other team members review it to catch any potential errors or issues
• To maintain code integrity, it's important to remove all related changes when removing code during a code review.
• If new constants, endpoints, or utility functions are introduced, it is important to check if they already exist in the service to avoid any duplication.
• Whenever a new environment variable is added to a service, it's important to ensure that the necessary changes are made to related files such as ".env.sample" and "envVariables.js" to maintain consistency and avoid errors. Additionally, the new environment variable should be added to the devops repository to ensure that it is properly documented and accessible to the team.
• When adding a new function to a service, it is important to document it with relevant information such as the name, parameters, and return value in a consistent format across all services. Additionally, if there are any changes to the API response, ensure that the documentation in the controllers is updated accordingly.
• Write a clear and concise commit message that describes the changes made.
• Maintain consistent function signature and code across all services when adding a function to multiple services. Implement changes to database models in all services that use the same model.
• Use only let and const. Do not use var.
• Make common functions for repetitive code blocks.
• Avoid uploading sensitive information such as secret tokens or passwords in pull requests to ensure data security.
• Maintain consistent indentation and spacing throughout the code.

Summary by CodeRabbit

• New Features

  • Added Self‑Creation Portal (SCP) integrated deployment with Docker and native options, new environment configs, service wiring, and setup scripts (including Citus distribution setup and sample-data installers).

• Documentation

  • Expanded multi‑OS setup guides (Ubuntu/macOS/Windows) and SCP walkthroughs; added usage notes for sample data and portal provisioning.

• Chores

  • Normalized Markdown and env formatting, whitespace, and minor formatting fixes across docs and config files.

[coderabbitai]

📝 Walkthrough

Walkthrough

Normalized top-level README formatting and added an integrated SCP section; introduced a new native SCP macOS README describing prerequisites, dependency installers, database/Citus setup, sample-data insertion, and service startup steps.

Changes

Documentation & SCP native README

Layer / File(s)	Summary
Top-level README normalization README.md	Reformatted supported OS list, Stand‑Alone and Integrated setup sections; added an expandable "WITH SELF CREATION PORTAL (SCP)" block and reorganized Postman/Related Documentation anchors.
Native SCP macOS README addition documentation/3.4.0/setup/native/scp/mac/README.md	New native SCP macOS guide with prerequisites, dependency scripts, DB creation, optional Citus enablement, sample data insertion, PM2 startup, portal access, and contributor/dependencies badges.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~30 minutes

Possibly related PRs

• ELEVATE-Project/project-service#737: Overlaps on env-variable changes (DEFAULT_ORGANISATION_CODE, PROGRAM_USER_MAPPING_TOPIC) and SCP env additions.
• ELEVATE-Project/project-service#658: Related README reorganization and Integrated Deployment documentation changes.
• ELEVATE-Project/project-service#681: Also updates Stand-Alone/Integrated setup documentation and link formatting.

Suggested reviewers

• VISHNUDAS-tunerlabs
• praveenKDass

"🐇
I hopped through README lines with care,
Tidied lists and anchors everywhere,
Wrote a mac guide for SCP's start,
Seeded sample data, played my part,
Now docs and scripts are snug and fair."

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is a generic template with all checklist items unchecked; it does not describe the actual changes made or why they were made.	Replace the template with a clear description of the specific changes—including new setup guides, environment files, Docker compose configs, and deployment scripts for the SCP (Self Creation Portal)—and explain the rationale for these additions.
Title check	❓ Inconclusive	The PR title 'New setup guide scp' is vague and does not clearly convey the scope or nature of the changes.	Clarify the title to be more specific, e.g., 'Add SCP setup documentation and configuration files' or 'Implement self-creation portal (SCP) setup guides and Docker/native deployment scripts'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 89.47% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch newSetupGuideSCP

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch newSetupGuideSCP

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 15

Note

Due to the large number of review comments, Critical severity comments were prioritized as inline comments.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

documentation/3.4.0/native/scripts/stand-alone/ubuntu/insert_sample_data.sh (1)

51-52: ⚠️ Potential issue | 🔴 Critical

Fix truncated organization_code values.

Lines 51 and 52 use 'default_cod' instead of 'default_code' for the organization_code column. This inconsistency with other inserts (lines 46-50, 17-20) will cause data integrity issues and potential foreign key constraint violations.

🔧 Proposed fix

-sudo -u postgres psql -p 5432 -d users -c "INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex, tenant_code,organization_code) VALUES (10, 'professional_role','Professional Role','ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, '{\"service\": \"entity-management-service\",\"endPoint\": \"v1/entities/find\"}', true, false, NULL,'default', 'default_cod');"
-sudo -u postgres psql -p 5432 -d users -c "INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex, tenant_code,organization_code) VALUES (11, 'professional_subroles','Professional Subroles', 'ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, '{\"service\": \"entity-management-service\",\"endPoint\": \"v1/entities/find\"}', true, false, NULL,'default', 'default_cod');"
+sudo -u postgres psql -p 5432 -d users -c "INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex, tenant_code,organization_code) VALUES (10, 'professional_role','Professional Role','ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, '{\"service\": \"entity-management-service\",\"endPoint\": \"v1/entities/find\"}', true, false, NULL,'default', 'default_code');"
+sudo -u postgres psql -p 5432 -d users -c "INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex, tenant_code,organization_code) VALUES (11, 'professional_subroles','Professional Subroles', 'ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, '{\"service\": \"entity-management-service\",\"endPoint\": \"v1/entities/find\"}', true, false, NULL,'default', 'default_code');"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/stand-alone/ubuntu/insert_sample_data.sh`
around lines 51 - 52, The two INSERT statements that add entity_types with id 10
and id 11 currently use the truncated organization_code value 'default_cod';
update those VALUES clauses in the INSERTs for ids 10 and 11 (the INSERT INTO
public.entity_types statements) to use the correct organization_code
'default_code' so they match the other inserts and avoid integrity/foreign-key
issues.

documentation/3.4.0/sample-data/mac-linux/user/sampleData.sql (1)

19-20: ⚠️ Potential issue | 🟡 Minor

Inconsistent INSERT statement for entity_types.

Line 20's INSERT is missing the tenant_code and organization_code columns that are present in Line 19. Both use id = 5, which will cause a primary key conflict. This appears to be a copy-paste error.

Proposed fix

-INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex) VALUES (5, 'district', 'District', 'ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, NULL, true, false, NULL);
+INSERT INTO public.entity_types (id, value, label, status, created_by, updated_by, allow_filtering, data_type, organization_id, parent_id, has_entities, allow_custom_entities, model_names, created_at, updated_at, deleted_at, meta, external_entity_type, required, regex, tenant_code, organization_code) VALUES (6, 'district', 'District', 'ACTIVE', 0, 0, true, 'STRING', 1, NULL, true, true, '{User}', '2024-04-18 08:12:19.394+00', '2024-04-18 08:12:19.394+00', NULL, NULL, true, false, NULL, 'default', 'default_code');

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/sample-data/mac-linux/user/sampleData.sql` around lines
19 - 20, The INSERT for table entity_types is inconsistent and duplicates id =
5; update the second INSERT (the one inserting 'district') to match the first
INSERT's column list by adding the tenant_code and organization_code values (or
remove those columns from the first to keep both consistent), and ensure the
primary key id is unique (change the second id to a new unused id rather than 5)
so there is no PK conflict; locate the INSERT statements referencing
entity_types and adjust the column set and values for the 'district' row
accordingly.

🟠 Major comments (29)

documentation/3.4.0/common-files/dockerized/project-with-survey/project_sampleData.js-1528-1608 (1)

1528-1608: ⚠️ Potential issue | 🟠 Major

Duplicate ObjectIds in projectTemplateTasksData will cause data integrity issues.

The following _id values are duplicated in this array:

• 68ee4bb4fb9bee08b93b6d7e (lines 939 and 1529)
• 68ee4bb4fb9bee08b93b6d82 (lines 976 and 1566)

When this sample data is inserted into MongoDB, duplicate _id values will either fail (if using insertMany with ordered:true) or silently overwrite data. Remove the duplicate entries at lines 1528-1608 or assign unique ObjectIds.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/dockerized/project-with-survey/project_sampleData.js`
around lines 1528 - 1608, projectTemplateTasksData contains duplicate _id values
(ObjectId('68ee4bb4fb9bee08b93b6d7e') and ObjectId('68ee4bb4fb9bee08b93b6d82'))
for the task objects ("Conduct the Activity with students" and "Conduct the
Activity Assessment"); update those duplicate _id fields to unique ObjectIds or
remove the duplicated objects so each entry in projectTemplateTasksData has a
unique _id, then verify no other entries reuse those same ObjectId strings.

documentation/3.4.0/native/envs/stand-alone/user_env-82-82 (1)

82-82: ⚠️ Potential issue | 🟠 Major

Add missing INTERFACE_SERVICE_URL to user_env

The ENTITY_MANAGEMENT_SERVICE_BASE_URL value (/entity-management/) is a path-only URL designed to be prepended with the interface service host. However, the user_env file is missing the INTERFACE_SERVICE_URL environment variable that must be provided for this to work. Compare to project_env:

project_env: INTERFACE_SERVICE_URL=http://localhost:3569
user_env: (missing)

Without INTERFACE_SERVICE_URL, any code in the user service attempting to call entity-management will fail with an undefined host.

Suggested fix

+INTERFACE_SERVICE_URL=http://localhost:3569
 ENTITY_MANAGEMENT_SERVICE_BASE_URL="/entity-management/"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/stand-alone/user_env` at line 82, The
user_env is missing the INTERFACE_SERVICE_URL variable required to build full
endpoints using ENTITY_MANAGEMENT_SERVICE_BASE_URL (which is just a path); add
an INTERFACE_SERVICE_URL entry (e.g.,
INTERFACE_SERVICE_URL=http://localhost:3569) to the user_env so code that
composes INTERFACE_SERVICE_URL + ENTITY_MANAGEMENT_SERVICE_BASE_URL produces a
valid host+path URL for service calls.

documentation/3.4.0/native/envs/scp/user_env-27-31 (1)

27-31: ⚠️ Potential issue | 🟠 Major

Encryption keys should be placeholder values in documentation.

These look like actual encryption keys/IVs. For documentation purposes, use obvious placeholders like <YOUR_ENCRYPTION_KEY> to avoid accidental use of shared secrets.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/user_env` around lines 27 - 31, Replace
the real-looking secrets in this doc: change IV and KEY values to clear
placeholders (e.g. IV=<YOUR_ENCRYPTION_IV> and KEY=<YOUR_ENCRYPTION_KEY>),
ensure KAFKA_TOPIC is shown as a placeholder (e.g. KAFKA_TOPIC=<YOUR_TOPIC>) and
remove the leading space in KAFKA_URL so it appears as
KAFKA_URL=<YOUR_KAFKA_URL:PORT> to avoid accidental use of real credentials;
update the lines referencing IV, KEY, KAFKA_TOPIC, and KAFKA_URL accordingly.

documentation/3.4.0/native/envs/scp/interface_env-23-23 (1)

23-23: ⚠️ Potential issue | 🟠 Major

Environment variable name contains hyphens which may cause shell issues.

SELF-CREATION-PORTAL_SERVICE_BASE_URL uses hyphens, which are invalid in POSIX shell variable names. If this file is sourced in a shell, it will cause errors. Use underscores instead.

🐛 Fix: Use underscores consistently

-SELF-CREATION-PORTAL_SERVICE_BASE_URL=http://localhost:6001
+SELF_CREATION_PORTAL_SERVICE_BASE_URL=http://localhost:6001

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/interface_env` at line 23, The
environment variable name SELF-CREATION-PORTAL_SERVICE_BASE_URL contains hyphens
which are invalid in POSIX shell variable names; rename it to use underscores
(e.g. SELF_CREATION_PORTAL_SERVICE_BASE_URL) and update the variable declaration
and every consumer that references SELF-CREATION-PORTAL_SERVICE_BASE_URL
(scripts, docs, CI, config loaders, and any code reading process.env or similar)
to use the new SELF_CREATION_PORTAL_SERVICE_BASE_URL symbol so sourcing the file
won’t break shells.

documentation/3.4.0/common-files/native/project-with-survey/project_sampleData.js-1528-1564 (1)

1528-1564: ⚠️ Potential issue | 🟠 Major

Duplicate _id values will cause MongoDB insertion failures.

The task at line 1529 uses _id: new ObjectId('68ee4bb4fb9bee08b93b6d7e'), which is already used by the task at line 939. Similarly, the task starting at line 1566 duplicates the _id from line 976. MongoDB will reject these with duplicate key errors.

Either remove these duplicate entries or assign unique ObjectIds.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/native/project-with-survey/project_sampleData.js`
around lines 1528 - 1564, The file contains duplicate MongoDB _id values (e.g.,
new ObjectId('68ee4bb4fb9bee08b93b6d7e') used more than once) which will cause
insertion failures; locate the objects in project_sampleData.js with duplicate
_id fields and either remove the duplicate records or replace each duplicated
new ObjectId(...) with a unique ObjectId value so every document's _id is
distinct (verify other entries for similar collisions and ensure all _id fields
are unique before running the import).

documentation/3.4.0/native/envs/scp/survey_project_creation_env-2-2 (1)

2-2: ⚠️ Potential issue | 🟠 Major

Don't ship real-looking secrets and prod storage defaults in a checked-in env file.

This file hard-codes ACCESS_TOKEN_SECRET, CLOUD_STORAGE_SECRET, and INTERNAL_ACCESS_TOKEN, and it points a development env at scp-uploads-prod. These should be placeholders/documented inputs, not committed runtime defaults.

Also applies to: 14-20, 48-48

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/survey_project_creation_env` at line 2,
Replace the hard-coded secrets and prod storage defaults with non-sensitive
placeholders and guidance: change ACCESS_TOKEN_SECRET, CLOUD_STORAGE_SECRET, and
INTERNAL_ACCESS_TOKEN to clearly labeled placeholder values (e.g.
<YOUR_..._HERE>) and remove or neutralize the production bucket default used for
the development environment (the reference to "scp-uploads-prod") so development
points to a safe local/test bucket or is left unset; also add a brief comment or
link to docs telling users to populate these from secure sources or a
.env.example for deployment.

documentation/3.4.0/native/envs/scp/survey_project_creation_env-47-47 (1)

47-47: ⚠️ Potential issue | 🟠 Major

The native env still uses Docker-only hostnames.

interface and mongodb resolve inside the compose network, not from a native host install. With this file, service calls will fail unless the user manually adds those aliases, while the same file already uses localhost for other services.

Also applies to: 68-68, 83-83, 89-89

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/survey_project_creation_env` at line 47,
Change Docker-only hostnames to localhost for native installs: replace the
service host values that use Docker container names (e.g.,
INTERFACE_SERVICE_HOST set to "http://interface:3569" and any Mongo/service URL
entries that reference "mongodb" or other container names) with localhost (and
the matching port) so native hosts can reach them without adding manual aliases;
update the variables such as INTERFACE_SERVICE_HOST and the Mongo connection
variable(s) that reference "mongodb" on lines noted (68, 83, 89) to use
localhost equivalents.

documentation/3.4.0/dockerized/envs/project_env-4-4 (1)

4-4: ⚠️ Potential issue | 🟠 Major

Remove the committed tokens/secrets from this env file.

INTERNAL_ACCESS_TOKEN, CLOUD_STORAGE_SECRET, ADMIN_ACCESS_TOKEN, and ADMIN_AUTH_TOKEN are all checked in as shared defaults. Even for docs, these should be placeholders pulled from the real environment.

Also applies to: 37-37, 40-41

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/envs/project_env` at line 4, Replace the
hard-coded secret values in the env file by removing the real tokens and using
placeholders or environment-expansion syntax for INTERNAL_ACCESS_TOKEN,
CLOUD_STORAGE_SECRET, ADMIN_ACCESS_TOKEN, and ADMIN_AUTH_TOKEN (e.g., set to
blank, "REPLACE_ME", or use ${INTERNAL_ACCESS_TOKEN}) so no real secrets are
committed; update the same pattern where those keys appear elsewhere (lines
noted in the review) and ensure the committed file contains only placeholders
and not actual tokens, then rotate any exposed credentials out-of-band.

documentation/3.4.0/native/scripts/scp/ubuntu/uninstall-dependencies.sh-80-91 (1)

80-91: ⚠️ Potential issue | 🟠 Major

Uninstalling this stack should not remove the machine's postgres user.

deluser --remove-home postgres affects the whole host, not just the SCP setup, and can break any other PostgreSQL instance or future package installs. Stop at package/data removal instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/uninstall-dependencies.sh`
around lines 80 - 91, The uninstall_citus_postgresql function currently removes
the system postgres user (deluser --remove-home postgres), which is unsafe;
remove that deluser invocation and any commands that irrevocably delete the
postgres account, and instead only stop services and remove packages/data (keep
pg_ctl stop, apt-get remove/purge/autoremove, and optionally replace pkill -u
postgres with a service-aware stop like systemctl stop postgresql or a targeted
stop for the citus instance). Ensure uninstall_citus_postgresql no longer
deletes the host postgres user and limits changes to packages and data only.

documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_data.sh-1-1 (1)

1-1: ⚠️ Potential issue | 🟠 Major

Fail on the first SQL error instead of partially seeding the DB.

Every statement runs in its own psql -c call and the script does not set set -e or ON_ERROR_STOP. A single duplicate/FK failure leaves a half-seeded database while the later setval and UPDATE statements still execute.

💡 Safer pattern

 #!/bin/bash
+set -euo pipefail

sudo -u postgres psql -v ON_ERROR_STOP=1 -p 5432 -d users <<'SQL'
BEGIN;
-- existing INSERT / UPDATE statements
COMMIT;
SQL

Also applies to: 5-71

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_data.sh` at line
1, The script currently runs many individual psql -c calls causing partial DB
seeding on the first SQL error; update insert_sample_data.sh to run all SQL
statements in a single psql invocation with ON_ERROR_STOP enabled and a
transaction: replace the multiple psql -c calls with a heredoc like sudo -u
postgres psql -v ON_ERROR_STOP=1 -d users <<'SQL' ... BEGIN; <all
INSERT/UPDATE/SETVAL statements> COMMIT; SQL (or, minimally, add set -e at the
top and pass -v ON_ERROR_STOP=1 to each psql invocation) so any failure aborts
the entire operation and prevents half-seeded state.

documentation/3.4.0/sample-data/scp/mac-linux/user/sampleData.sql-26-27 (1)

26-27: ⚠️ Potential issue | 🟠 Major

Use setval(...), not nextval(...) FROM ..., to resync sequences.

These statements advance the sequence once per existing row, so the final value depends on row count instead of MAX(id). users_credentials_id_seq also will not move at all when public.users_credentials is empty.

🔧 Suggested change

-SELECT nextval('users_id_seq'::regclass) FROM public.users;
-SELECT nextval('users_credentials_id_seq'::regclass) FROM public.users_credentials;
+SELECT setval('users_id_seq'::regclass, COALESCE((SELECT MAX(id) FROM public.users), 1));
+SELECT setval('users_credentials_id_seq'::regclass, COALESCE((SELECT MAX(id) FROM public.users_credentials), 1));

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/sample-data/scp/mac-linux/user/sampleData.sql` around
lines 26 - 27, The current SQL uses nextval('users_id_seq'::regclass) FROM
public.users and nextval('users_credentials_id_seq'::regclass) FROM
public.users_credentials which advances sequences per row; replace these with
setval calls that set each sequence to COALESCE(MAX(id), 0) for the
corresponding table to resync to the current highest id (e.g., use
setval('users_id_seq'::regclass, COALESCE((SELECT MAX(id) FROM public.users),
0), true) and similarly for users_credentials_id_seq), ensuring correct sequence
values even when a table is empty.

documentation/3.4.0/dockerized/envs/project_env-57-57 (1)

57-57: ⚠️ Potential issue | 🟠 Major

ORG_ID_HEADER_NAME is inconsistent with the other SCP env added in this PR.

This file uses Org-id, while documentation/3.4.0/native/envs/scp/survey_project_creation_env uses organization-id. If different services are deployed from these files, org-scoping headers will not line up.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/envs/project_env` at line 57, The
ORG_ID_HEADER_NAME environment value is inconsistent; update the
ORG_ID_HEADER_NAME entry so its value matches the other SCP env (use
"organization-id" in lowercase with a hyphen) to ensure org-scoping headers
align across services, and verify the same symbol ORG_ID_HEADER_NAME in other
env files uses the identical value.

documentation/3.4.0/native/scripts/scp/ubuntu/install-dependencies.sh-57-60 (1)

57-60: ⚠️ Potential issue | 🟠 Major

Kafka and Zookeeper will not survive a reboot.

The script creates systemd units and starts them, but it never enables them. Add systemctl enable for both services before returning.

🔧 Minimal fix

     sudo systemctl daemon-reload
+    sudo systemctl enable zookeeper
+    sudo systemctl enable kafka
     sudo systemctl start zookeeper
     sudo systemctl start kafka

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/install-dependencies.sh` around
lines 57 - 60, The script starts the systemd services but doesn't enable them to
start on reboot; update the section that currently runs "sudo systemctl start
zookeeper" and "sudo systemctl start kafka" to also run "sudo systemctl enable
zookeeper" and "sudo systemctl enable kafka" (place the enable calls before
returning/ending the function) so both services are persisted across reboots.

documentation/3.4.0/dockerized/scripts/scp/ubuntu/replace_volume_path.sh-4-4 (1)

4-4: ⚠️ Potential issue | 🟠 Major

Avoid CWD-dependent path rewriting in setup script.

Using pwd and a relative compose filename makes behavior dependent on caller location; this can rewrite the wrong path or fail to find the compose file.

🔧 Proposed fix

 #!/bin/bash
 
-# Define the path of your docker-compose file
-DOCKER_COMPOSE_FILE="docker-compose-project.yml"
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+DOCKER_COMPOSE_FILE="$SCRIPT_DIR/docker-compose-project.yml"
@@
-# Get the current directory path
-CURRENT_DIR=$(pwd)
+# Use script directory path for stable replacement target
+CURRENT_DIR="$SCRIPT_DIR"

Also applies to: 13-13, 20-20

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/scripts/scp/ubuntu/replace_volume_path.sh` at
line 4, The script uses pwd plus a relative DOCKER_COMPOSE_FILE which makes path
resolution CWD-dependent; update replace_volume_path.sh to compute the compose
file path relative to the script location (use the script directory via $0 or
${BASH_SOURCE[0]} and dirname) and set DOCKER_COMPOSE_FILE to that
absolute/anchored path instead of relying on pwd or a plain filename so all
rewrites target the intended compose file (update every reference to
DOCKER_COMPOSE_FILE in the script, e.g., where DOCKER_COMPOSE_FILE is used on
lines around the variable and at the rewrite logic).

documentation/3.4.0/native/envs/scp/entity_management_env-20-20 (1)

20-20: ⚠️ Potential issue | 🟠 Major

Use a native broker host for native setup.

Line 20 uses kafka:9092, which is typically a Docker service hostname. In this native env file, this should point to a host-reachable broker (commonly localhost:9092).

🌐 Proposed fix

-KAFKA_URL = kafka:9092
+KAFKA_URL=localhost:9092

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/entity_management_env` at line 20, The
KAFKA_URL value in the native env is using a Docker service hostname; update the
KAFKA_URL variable (KAFKA_URL) in the entity_management_env file to point to a
host-reachable broker such as localhost:9092 so the native setup connects to the
local broker instead of the Docker-only host.

documentation/3.4.0/setup/docker/project-with-survey/windows/README.md-225-233 (1)

225-233: ⚠️ Potential issue | 🟠 Major

Fix incorrect download target for insert_sample_data.bat.

Line 226 downloads a .sql file but saves it as .bat, then Line 232 executes it as a script. This will fail.

🛠️ Proposed fix

-    curl -L -o insert_sample_data.bat https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/stand-alone/windows/sampleData.sql
+    curl -L -o insert_sample_data.bat https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/project-with-survey/windows/insert_sample_data.bat

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/setup/docker/project-with-survey/windows/README.md`
around lines 225 - 233, The curl command currently fetches sampleData.sql but
saves it as insert_sample_data.bat and then tries to execute
insert_sample_data.bat; fix by ensuring the downloaded artifact and execution
match: either change the curl URL to the Windows batch script URL for
insert_sample_data.bat (so insert_sample_data.bat contains the proper commands)
or keep the URL to sampleData.sql and save it as sampleData.sql (e.g., -o
sampleData.sql) and update the execution step to run the SQL against Postgres
(e.g., use psql or a provided batch wrapper); update references to
insert_sample_data.bat and sampleData.sql in the README so the file name and
execution step are consistent.

documentation/3.4.0/native/scripts/scp/ubuntu/create-databases.sh-7-19 (1)

7-19: ⚠️ Potential issue | 🟠 Major

Make DB provisioning idempotent and fail-fast.

Lines 7–19 will fail on re-run (CREATE DATABASE ...), and the script can continue in a partial state. Add strict mode + conditional creation.

🛠️ Proposed fix

 #!/bin/bash
+set -euo pipefail
 
 # Run commands as the postgres user
 ...
-# Create the user database and assign privileges
-sudo -u postgres psql -p 5432 -c "CREATE DATABASE users;"
+sudo -u postgres psql -v ON_ERROR_STOP=1 -p 5432 <<'SQL'
+SELECT 'CREATE DATABASE users'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'users')\gexec
+SELECT 'CREATE DATABASE scp'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'scp')\gexec
+SELECT 'CREATE DATABASE notification'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'notification')\gexec
+SQL

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/create-databases.sh` around
lines 7 - 19, Enable strict shell fail-fast by adding "set -euo pipefail" at the
top of create-databases.sh and make each CREATE/GRANT idempotent by checking
pg_database first (e.g. run sudo -u postgres psql -tAc "SELECT 1 FROM
pg_database WHERE datname='users'" and only run sudo -u postgres psql -c "CREATE
DATABASE users;" if the query returns no rows); apply the same pattern for scp
and notification and only run the subsequent GRANT commands when the database
exists to avoid partial state on re-run.

documentation/3.4.0/native/envs/scp/entity_management_env-10-22 (1)

10-22: ⚠️ Potential issue | 🟠 Major

Deduplicate Kafka env keys to avoid silent overrides.

Line 10 is overridden by Line 18, and Line 19 is duplicated again at Line 21. Keep one declaration per key to prevent ambiguous runtime behavior.

🧹 Proposed fix

-KAFKA_HEALTH_CHECK_TOPIC=test
 ...
-KAFKA_COMMUNICATIONS_ON_OFF = ON
 ...
-KAFKA_COMMUNICATIONS_ON_OFF = ON
+KAFKA_HEALTH_CHECK_TOPIC=entity-health-check-topic-check
+KAFKA_COMMUNICATIONS_ON_OFF=ON

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/entity_management_env` around lines 10 -
22, The file contains duplicate Kafka environment keys causing silent overrides;
locate the duplicate declarations for KAFKA_HEALTH_CHECK_TOPIC and
KAFKA_COMMUNICATIONS_ON_OFF (and any other repeated KAFKA_* entries) and remove
the extras so each key is declared only once, keep the intended value for each
(e.g., the desired KAFKA_HEALTH_CHECK_TOPIC and KAFKA_COMMUNICATIONS_ON_OFF
value), and normalize spacing around '=' so entries use a single consistent
format (KEY=VALUE); update only the duplicate lines referenced
(KAFKA_HEALTH_CHECK_TOPIC and KAFKA_COMMUNICATIONS_ON_OFF) and ensure no other
KAFKA_* keys are duplicated.

README.md-59-59 (1)

59-59: ⚠️ Potential issue | 🟠 Major

Multiple placeholder links need to be updated before merge.

Several setup guide links contain placeholder text that will result in 404 errors:

• Line 59: link/to/standalone/native/windows/README
• Lines 86-87: link/to/samiksha/native/macos/README, link/to/samiksha/native/windows/README
• Line 117: link/to/scp/docker/windows/README
• Line 127: link/to/samiksha/native/ubuntu/README
• Lines 133, 139: link/to/samiksha/native/macos/README, link/to/samiksha/native/windows/README

These should either point to actual documentation or be removed/marked as "Coming Soon".

Also applies to: 86-87, 117-117, 127-127, 133-133, 139-139

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 59, README contains multiple placeholder links (e.g.,
"link/to/standalone/native/windows/README",
"link/to/samiksha/native/macos/README", "link/to/scp/docker/windows/README",
"link/to/samiksha/native/ubuntu/README") that will 404; replace each placeholder
string with the correct documentation URL or remove/replace the entry with a
"Coming Soon" note, ensuring the entries referenced in the diff (the
Windows/macOS/Ubuntu Docker/Samiksha links at the specified lines) are updated
consistently and that link text and targets both point to valid resources.

documentation/3.4.0/native/scripts/scp/ubuntu/project_entity_sample_data.sh-17-17 (1)

17-17: ⚠️ Potential issue | 🟠 Major

Hardcoded branch name will break after merge.

The BASE_URL references refs/heads/setupGuideSCP, which is the source branch. After this PR is merged to main, users following this setup guide will encounter 404 errors when downloading these files.

🐛 Proposed fix

-BASE_URL="https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/scp/ubuntu"
+BASE_URL="https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/native/scripts/scp/ubuntu"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/project_entity_sample_data.sh`
at line 17, The BASE_URL variable in project_entity_sample_data.sh is hardcoded
to the source branch refs/heads/setupGuideSCP which will 404 after merge; update
BASE_URL to point to a stable ref (for example replace refs/heads/setupGuideSCP
with main or with a released tag or commit SHA) so the raw.githubusercontent.com
URL remains valid after merging; ensure you update the BASE_URL assignment in
project_entity_sample_data.sh and any other scripts that reuse BASE_URL.

README.md-105-111 (1)

105-111: ⚠️ Potential issue | 🟠 Major

Links point to source branch instead of main.

These links reference the setupGuideSCP branch, which won't exist after merge. Update to use main branch.

🐛 Proposed fix

-Go to the detailed Ubuntu Docker setup guide: **<a href="https://github.com/ELEVATE-Project/project-service/blob/setupGuideSCP/documentation/3.4.0/setup/docker/scp/ubuntu/README.md" target="_blank">SETUP_SCP_DOCKER_UBUNTU.md</a>**
+Go to the detailed Ubuntu Docker setup guide: **<a href="https://github.com/ELEVATE-Project/project-service/blob/main/documentation/3.4.0/setup/docker/scp/ubuntu/README.md" target="_blank">SETUP_SCP_DOCKER_UBUNTU.md</a>**
...
-Go to the detailed macOS Docker setup guide: **<a href="https://github.com/ELEVATE-Project/project-service/blob/setupGuideSCP/documentation/3.4.0/setup/docker/scp/mac/README.md" target="_blank">SETUP_SCP_DOCKER_MACOS.md</a>**
+Go to the detailed macOS Docker setup guide: **<a href="https://github.com/ELEVATE-Project/project-service/blob/main/documentation/3.4.0/setup/docker/scp/mac/README.md" target="_blank">SETUP_SCP_DOCKER_MACOS.md</a>**

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 105 - 111, Update the two anchor hrefs that currently
point to the setupGuideSCP branch so they reference the main branch instead;
specifically edit the hrefs that link to SETUP_SCP_DOCKER_UBUNTU.md and
SETUP_SCP_DOCKER_MACOS.md (the <a href="...setupGuideSCP/..."> entries) and
replace "setupGuideSCP" with "main" so the links continue to work after merging.

documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_solutions.js-47-56 (1)

47-56: ⚠️ Potential issue | 🟠 Major

Race condition: Both main() calls execute in parallel.

The two main() calls are not awaited, so they run concurrently and may interleave MongoDB operations unpredictably. Use sequential execution with await or wrap in an async IIFE.

🐛 Proposed fix

-main({ dataToBeInserted: entityData })
-  .then(() => {
-    console.log('Entity data populated successfully.')
-  })
-  .catch(console.error)
-main({ dataToBeInserted: projectData })
-  .then(() => {
-    console.log('project data populated successfully.')
-  })
-  .catch(console.error)
+async function run() {
+  try {
+    await main({ dataToBeInserted: entityData });
+    console.log('Entity data populated successfully.');
+    await main({ dataToBeInserted: projectData });
+    console.log('Project data populated successfully.');
+  } catch (err) {
+    console.error(err);
+    process.exit(1);
+  } finally {
+    if (client) await client.close();
+  }
+}
+
+run();

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_solutions.js`
around lines 47 - 56, The two calls to main() (the calls passing entityData and
projectData) are invoked without awaiting, causing a race; change the script to
run them sequentially by awaiting the first main({ dataToBeInserted: entityData
}) completion before calling main({ dataToBeInserted: projectData }) — e.g.,
wrap the calls in an async IIFE or an async function and use await so main()
finishes for entityData before starting the projectData run, and preserve the
existing success/error logging by awaiting and then logging or catching errors
per call.

documentation/3.4.0/native/scripts/scp/ubuntu/project_sampleData.js-18-18 (1)

18-18: ⚠️ Potential issue | 🟠 Major

Typo in schema and throughout codebase: allowMultipleAssessemts should be allowMultipleAssessments.

This typo is defined in the schema itself (models/solutions.js:66) and propagated throughout the codebase—sample data files, helpers, controllers, and constants. Fixing this requires coordinated updates across the schema definition and all references (e.g., module/project/templates/helper.js, generics/helpers/solutionAndProjectTemplateUtils.js, controllers, and API validation constants).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/project_sampleData.js` at line
18, The schema field name allowMultipleAssessemts is misspelled and must be
renamed to allowMultipleAssessments in the schema definition and every
reference; update the model definition (the solutions schema), all sample data,
helper modules (e.g., solutionAndProjectTemplateUtils and
module/project/templates/helper), controllers, API validation constants, and any
tests or constants that reference allowMultipleAssessemts to use
allowMultipleAssessments instead, and run a project-wide search/replace to catch
remaining occurrences and adjust any serialization/deserialization or DB
mappings to preserve compatibility.

documentation/3.4.0/setup/docker/stand-alone/windows/README.md-242-247 (1)

242-247: ⚠️ Potential issue | 🟠 Major

URL references personal fork - update to official repository.

Proposed fix

         ```
         curl -L ^
-        -O https://raw.githubusercontent.com/MallanagoudaBiradar/project-service/refs/heads/windowsStandAlone/documentation/3.4.0/dockerized/scripts/stand-alone/windows/insert_project_data.bat
+        -O https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/stand-alone/windows/insert_project_data.bat
         ```

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/setup/docker/stand-alone/windows/README.md` around lines
242 - 247, The curl command in the README is pointing to a personal fork URL for
insert_project_data.bat; update the download URL used in the curl -O for
insert_project_data.bat to reference the official ELEVATE-Project repository and
the main branch (replace the
MallanagoudaBiradar/.../refs/heads/windowsStandAlone URL with
https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/stand-alone/windows/insert_project_data.bat)
so the script is fetched from the canonical repo.

documentation/3.4.0/setup/docker/stand-alone/windows/README.md-209-226 (1)

209-226: ⚠️ Potential issue | 🟠 Major

URLs reference a personal fork instead of the official repository.

Multiple URLs in this section point to MallanagoudaBiradar/project-service instead of ELEVATE-Project/project-service. This will break when the personal fork is removed or becomes stale.

Proposed fix

     ```
-    mkdir sample-data\user 2>nul & ^
-    curl -L "https://raw.githubusercontent.com/MallanagoudaBiradar/project-service/refs/heads/windowsStandAlone/documentation/3.4.0/dockerized/scripts/stand-alone/windows/sampleData.sql" -o sample-data\user\sampleData.sql
+    mkdir sample-data\user 2>nul & ^
+    curl -L "https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/stand-alone/windows/sampleData.sql" -o sample-data\user\sampleData.sql
     ```

 2. **Download The `insert_sample_data` Script File:**

     ```
-    curl -L -o insert_sample_data.bat https://raw.githubusercontent.com/MallanagoudaBiradar/project-service/refs/heads/windowsStandAlone/documentation/3.4.0/dockerized/scripts/stand-alone/windows/insert_sample_data.bat
+    curl -L -o insert_sample_data.bat https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/main/documentation/3.4.0/dockerized/scripts/stand-alone/windows/insert_sample_data.bat
     ```

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/setup/docker/stand-alone/windows/README.md` around lines
209 - 226, Replace the hardcoded GitHub URLs that point to the personal fork
with the official repository paths: update the curl target for sampleData.sql
(referenced in the README snippet that creates sample-data\user and downloads
sampleData.sql) and the curl command that downloads insert_sample_data.bat so
they use ELEVATE-Project/project-service (recommended branch main) instead of
MallanagoudaBiradar/project-service; ensure both URLs use the same branch and
correct path to documentation/3.4.0/dockerized/scripts/stand-alone/windows so
the files resolve reliably.

documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh-43-47 (1)

43-47: ⚠️ Potential issue | 🟠 Major

Add timeouts to all readiness loops.

These loops can run forever on misconfiguration or failed startup, causing stuck setup jobs.

⏱️ Suggested fix pattern

+wait_until() {
+  local timeout_secs="$1"; shift
+  local start=$SECONDS
+  until "$@"; do
+    if (( SECONDS - start >= timeout_secs )); then
+      return 1
+    fi
+    sleep 1
+  done
+}
 
 echo "Waiting for Docker container '$CONTAINER_NAME' to be up..."
-while ! docker inspect "$CONTAINER_NAME" &>/dev/null; do
-    echo "Waiting for container..."
-    sleep 1
-done
+wait_until 120 docker inspect "$CONTAINER_NAME" >/dev/null 2>&1 || {
+  echo "Error: container '$CONTAINER_NAME' did not become ready in time."
+  exit 1
+}

Also applies to: 52-55, 64-67, 97-100

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh` around
lines 43 - 47, The readiness loops (e.g., the loop using while ! docker inspect
"$CONTAINER_NAME" &>/dev/null and the similar loops later in the script) lack a
timeout and can hang forever; add a configurable TIMEOUT_SECONDS (and optional
SLEEP_INTERVAL) and track elapsed time inside each loop, breaking and logging a
clear error and exiting non‑zero if the timeout is exceeded; update every
readiness loop (the docker inspect loop and the other loops around
container/service readiness) to use this timeout pattern and return a non‑zero
exit code with a helpful message including $CONTAINER_NAME when the wait fails.

documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh-25-29 (1)

25-29: ⚠️ Potential issue | 🟠 Major

Use robust database URL parsing instead of awk splitting.

Current parsing is fragile and fails for valid connection strings with encoded/special characters, which can produce wrong host/user/password values.

🛠️ Suggested fix

-DB_USER=$(echo $DEV_DATABASE_URL | awk -F '[:`@/`]' '{print $4}')
-DB_PASSWORD=$(echo $DEV_DATABASE_URL | awk -F '[:`@/`]' '{print $5}')
-DB_HOST=$(echo $DEV_DATABASE_URL | awk -F '[:`@/`]' '{print $6}')
-DB_PORT=$(echo $DEV_DATABASE_URL | awk -F '[:`@/`]' '{split($7,a,"/"); print a[1]}')
-DB_NAME=$(echo $DEV_DATABASE_URL | awk -F '/' '{print $NF}')
+read -r DB_USER DB_PASSWORD DB_HOST DB_PORT DB_NAME < <(
+python - "$DEV_DATABASE_URL" <<'PY'
+import sys, urllib.parse as up
+u = up.urlparse(sys.argv[1])
+print(
+    up.unquote(u.username or ""),
+    up.unquote(u.password or ""),
+    u.hostname or "",
+    u.port or "",
+    (u.path or "").lstrip("/"),
+)
+PY
+)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh` around
lines 25 - 29, The current awk-based extraction of DB_USER, DB_PASSWORD,
DB_HOST, DB_PORT, and DB_NAME from DEV_DATABASE_URL is brittle; replace those
awk splits in citus_setup.sh with a robust URI parse (e.g., a small python
one-liner using urllib.parse.urlparse to extract username, password, hostname,
port and the DB name from path) and assign the outputs back into the same
variables (DB_USER, DB_PASSWORD, DB_HOST, DB_PORT, DB_NAME) so encoded/special
characters and edge cases are handled correctly by using urlparse.username,
.password, .hostname, .port and the path component (stripping leading slash).

documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh-85-86 (1)

85-86: ⚠️ Potential issue | 🟠 Major

Avoid local var=$(...) here; it can hide command failures.

If docker exec/psql fails, error handling is weakened and the script may keep retrying without surfacing root cause.

✅ Suggested fix

 check_table() {
     local table=$1
-    local exists=$(docker exec "$CONTAINER_NAME" bash -c "PGPASSWORD='$DB_PASSWORD' psql -h localhost -U $DB_USER -d $DB_NAME -p $DB_PORT -t -c \"SELECT EXISTS(SELECT 1 FROM pg_tables WHERE schemaname = 'public' AND tablename = '$table');\"")
+    local exists
+    exists=$(docker exec "$CONTAINER_NAME" bash -c "PGPASSWORD='$DB_PASSWORD' psql -h localhost -U $DB_USER -d $DB_NAME -p $DB_PORT -t -c \"SELECT EXISTS(SELECT 1 FROM pg_tables WHERE schemaname = 'public' AND tablename = '$table');\"") || return 1
     exists=$(echo "$exists" | tr -d '[:space:]')             # Trim whitespace

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh` around
lines 85 - 86, The command substitution assigning exists masks failures; change
the docker exec/psql call so its exit status is checked independently instead of
using local exists=$(...), e.g. run the docker exec command into a plain
variable, capture its exit code ($?) immediately, and if non-zero log/exit or
surface the error before trimming whitespace; reference the exists variable and
the docker exec "PGPASSWORD... psql ..." invocation to locate the lines to
update and add explicit error handling (or use set -o pipefail and check the
command's return) so failures are not hidden.

documentation/3.4.0/native/envs/scp/elevate_portal_env-9-9 (1)

9-9: ⚠️ Potential issue | 🟠 Major

Remove secrets from NEXT_PUBLIC_* environment variables.

NEXT_PUBLIC_* variables are inlined into the client-side JavaScript bundle at build time and become visible to anyone inspecting the browser or built files. JWT tokens and authentication secrets must remain server-side only.

Also applies to lines 16-17.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/envs/scp/elevate_portal_env` at line 9, The env
var NEXT_PUBLIC_AUTH contains a JWT secret exposed to the client; remove any
secrets from NEXT_PUBLIC_* variables (including the other instances mentioned)
and move them to server-only env vars (e.g., AUTH or SERVER_AUTH) that are not
prefixed with NEXT_PUBLIC_; update any code that currently reads
NEXT_PUBLIC_AUTH (search for NEXT_PUBLIC_AUTH usage) to instead read the new
server-side variable from server runtime/config and ensure tokens are
rotated/invalidated, and rebuild so the sensitive values are no longer in the
client bundle.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: aeb0faa2-0e9f-4efa-babc-443f87db6a95

📥 Commits

Reviewing files that changed from the base of the PR and between ed5d970 and 8aa8b6a.

📒 Files selected for processing (67)

• README.md
• documentation/3.4.0/common-files/dockerized/project-with-survey/entity_sampleData.js
• documentation/3.4.0/common-files/dockerized/project-with-survey/insert_sample_solutions.js
• documentation/3.4.0/common-files/dockerized/project-with-survey/project_sampleData.js
• documentation/3.4.0/common-files/dockerized/project-with-survey/survey_sampleData.js
• documentation/3.4.0/common-files/dockerized/stand-alone/insert_sample_solutions.js
• documentation/3.4.0/common-files/native/project-with-survey/entity_sampleData.js
• documentation/3.4.0/common-files/native/project-with-survey/insert_sample_solutions.js
• documentation/3.4.0/common-files/native/project-with-survey/project_sampleData.js
• documentation/3.4.0/common-files/native/project-with-survey/survey_sampleData.js
• documentation/3.4.0/distribution-columns/survey-project-creation/distributionColumns.sql
• documentation/3.4.0/dockerized/dockerFiles/scp/docker-compose-project.yml
• documentation/3.4.0/dockerized/envs/entity_management_env
• documentation/3.4.0/dockerized/envs/env.js
• documentation/3.4.0/dockerized/envs/interface_env
• documentation/3.4.0/dockerized/envs/notification_env
• documentation/3.4.0/dockerized/envs/project_env
• documentation/3.4.0/dockerized/envs/scp/interface_env
• documentation/3.4.0/dockerized/envs/scp/survey_project_creation_env
• documentation/3.4.0/dockerized/envs/user_env
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/docker-compose-down.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/docker-compose-up.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/import_forms_postgres.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/insert_sample_data.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/replace_volume_path.sh
• documentation/3.4.0/dockerized/scripts/scp/ubuntu/setup_project.sh
• documentation/3.4.0/dockerized/scripts/stand-alone/ubuntu/citus_setup.sh
• documentation/3.4.0/dockerized/scripts/stand-alone/ubuntu/setup_project.sh
• documentation/3.4.0/native/envs/scp/elevate_portal_env
• documentation/3.4.0/native/envs/scp/entity_management_env
• documentation/3.4.0/native/envs/scp/interface_env
• documentation/3.4.0/native/envs/scp/notification_env
• documentation/3.4.0/native/envs/scp/observation_portal_env
• documentation/3.4.0/native/envs/scp/observation_survey_projects_pwa_env
• documentation/3.4.0/native/envs/scp/project_env
• documentation/3.4.0/native/envs/scp/scheduler_env
• documentation/3.4.0/native/envs/scp/survey_project_creation_env
• documentation/3.4.0/native/envs/scp/user_env
• documentation/3.4.0/native/envs/stand-alone/user_env
• documentation/3.4.0/native/scripts/linux/import_forms.js
• documentation/3.4.0/native/scripts/scp/ubuntu/check-dependencies.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/configFile.json
• documentation/3.4.0/native/scripts/scp/ubuntu/configSCP.json
• documentation/3.4.0/native/scripts/scp/ubuntu/create-databases.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/entity-project-sample-data.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/entity_sampleData.js
• documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_data.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_solutions.js
• documentation/3.4.0/native/scripts/scp/ubuntu/install-dependencies.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/project_entity_sample_data.sh
• documentation/3.4.0/native/scripts/scp/ubuntu/project_sampleData.js
• documentation/3.4.0/native/scripts/scp/ubuntu/uninstall-dependencies.sh
• documentation/3.4.0/native/scripts/stand-alone/ubuntu/insert_sample_data.sh
• documentation/3.4.0/sample-data/mac-linux/user/sampleData.sql
• documentation/3.4.0/sample-data/scp/mac-linux/user/sampleData.sql
• documentation/3.4.0/setup/docker/project-with-survey/mac-os/README.md
• documentation/3.4.0/setup/docker/project-with-survey/ubuntu/README.md
• documentation/3.4.0/setup/docker/project-with-survey/windows/README.md
• documentation/3.4.0/setup/docker/scp/mac/README.md
• documentation/3.4.0/setup/docker/scp/ubuntu/README.md
• documentation/3.4.0/setup/docker/stand-alone/mac-os/README.md
• documentation/3.4.0/setup/docker/stand-alone/ubuntu/README.md
• documentation/3.4.0/setup/docker/stand-alone/windows/README.md
• documentation/3.4.0/setup/native/project-with-survey/ubuntu/README.md
• documentation/3.4.0/setup/native/scp/ubuntu/README.md
• documentation/3.4.0/setup/native/stand-alone/ubuntu/README.md

💤 Files with no reviewable changes (1)

• documentation/3.4.0/common-files/dockerized/stand-alone/insert_sample_solutions.js

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Sparse array created by double comma — will insert undefined element.

Line 442 contains a stray comma after the closing brace on line 441, creating a sparse array with an undefined element between the two program objects. This will cause unexpected behavior when iterating or inserting this data into MongoDB.

🐛 Proposed fix to remove the extra comma

 	},
-	,
 	{
 		_id: new ObjectId('691c1b06e71d83091cf9c336'),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/dockerized/project-with-survey/project_sampleData.js`
around lines 441 - 443, The array literal in project_sampleData.js has a stray
extra comma after a closing object brace (creating a sparse array with an
undefined element); remove the extra comma between the two program objects so
the array directly contains the next object (i.e., delete the lone comma that
follows the closing "}" of the preceding object) to avoid inserting undefined
values when iterating or writing to MongoDB.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Sparse array created by double comma — will insert undefined element.

Same issue as in programData: line 1481 contains an extra comma that creates a sparse array with an undefined element in projectTemplateTasksData.

🐛 Proposed fix to remove the extra comma

 	},
-	,
 	{
 		_id: new ObjectId('68ee4bb4fb9bee08b93b6d75'),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	},
	,
	{
	},
	{

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/dockerized/project-with-survey/project_sampleData.js`
around lines 1480 - 1482, projectTemplateTasksData contains a stray extra comma
producing a sparse array (an undefined element) similar to the issue in
programData; remove the extra comma between the object literals in
projectTemplateTasksData so the array entries are contiguous (i.e., delete the
duplicate comma so the sequence is "}, {", fixing the undefined element).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Syntax error: Double comma creates sparse array with undefined element.

Line 442 has a standalone comma after the closing brace, creating a sparse array. This will insert an undefined element between array items, causing issues during MongoDB insertion.

🐛 Fix: Remove the extraneous comma

 	},
-	,
 	{
 		_id: new ObjectId('691c1b06e71d83091cf9c336'),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	},
	,
	{
	},
	{

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/native/project-with-survey/project_sampleData.js`
around lines 441 - 443, The array literal in project_sampleData.js contains an
extraneous comma between two object entries (a stray comma after "}," producing
", , {" on the diff) which creates a sparse array element (undefined) that will
break MongoDB insertion; remove the redundant comma so the objects are adjacent
(i.e., replace "}, , {" with "}, {"), ensuring the array contains only object
entries.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Syntax error: Double comma creates sparse array with undefined element.

Same issue as in programData - line 1481 has a standalone comma creating a sparse array element. This will cause MongoDB insertion failures or unexpected behavior.

🐛 Fix: Remove the extraneous comma

 	},
-	,
 	{
 		_id: new ObjectId('68ee4bb4fb9bee08b93b6d75'),

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	},
	,
	{
	},
	{

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@documentation/3.4.0/common-files/native/project-with-survey/project_sampleData.js`
around lines 1480 - 1482, There is an extra comma creating a sparse array
element in the object array (you can find the pattern "}, , {" in the sample
data near the project/program data arrays, same issue as in programData); remove
the stray comma so objects are back-to-back (i.e., change the sequence with the
double comma to a single separator between objects) to avoid inserting an
undefined element into the array.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove password logging from setup output.

DB_PASSWORD is printed to logs, which can leak credentials via CI logs/shell history.

🔐 Suggested fix

 echo "Extracted Database Variables:"
 echo "DB_USER: $DB_USER"
-echo "DB_PASSWORD: $DB_PASSWORD"
+echo "DB_PASSWORD: [REDACTED]"
 echo "DB_HOST: $DB_HOST"
 echo "DB_PORT: $DB_PORT"
 echo "DB_NAME: $DB_NAME"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Log database variables
	echo "Extracted Database Variables:"
	echo "DB_USER: $DB_USER"
	echo "DB_PASSWORD: $DB_PASSWORD"
	echo "DB_HOST: $DB_HOST"
	echo "DB_PORT: $DB_PORT"
	echo "DB_NAME: $DB_NAME"
	# Log database variables
	echo "Extracted Database Variables:"
	echo "DB_USER: $DB_USER"
	echo "DB_PASSWORD: [REDACTED]"
	echo "DB_HOST: $DB_HOST"
	echo "DB_PORT: $DB_PORT"
	echo "DB_NAME: $DB_NAME"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/dockerized/scripts/scp/ubuntu/citus_setup.sh` around
lines 31 - 37, The script currently echoes sensitive credentials (DB_PASSWORD)
which can leak secrets; remove the echo that prints DB_PASSWORD (or replace it
with a masked placeholder) where database variables are logged—specifically
update the logging block that references DB_USER, DB_PASSWORD, DB_HOST, DB_PORT,
DB_NAME so it no longer outputs DB_PASSWORD (leave other non-secret fields or
show "DB_PASSWORD: [REDACTED]" instead).

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Race condition: fetchAndInsertData() may execute before MongoDB connection is established.

mongoose.connect() returns a promise that's handled with .then()/.catch(), but fetchAndInsertData() is called immediately at line 51 without waiting for the connection to be ready. This can cause the insert to fail intermittently.

Proposed fix: Await connection before executing

 const mongoose = require('mongoose')
 const axios = require('axios')
 
 // MongoDB URL and Collection
 const mongoURL = 'mongodb://localhost:27017/project'
 const collectionName = 'forms'
 
-// Connect to MongoDB
-mongoose
-	.connect(mongoURL, {
-		useNewUrlParser: true,
-		useUnifiedTopology: true,
-	})
-	.then(() => {
-		console.log('Connected to MongoDB')
-	})
-	.catch((err) => {
-		console.error('Failed to connect to MongoDB', err)
-	})
-
 // Define schema for forms collection (adjust fields based on JSON structure)
 const formSchema = new mongoose.Schema({}, { strict: false })
 const Form = mongoose.model(collectionName, formSchema)
 
 // Fetch JSON data from URL and insert into MongoDB
 async function fetchAndInsertData() {
 	try {
+		await mongoose.connect(mongoURL, {
+			useNewUrlParser: true,
+			useUnifiedTopology: true,
+		})
+		console.log('Connected to MongoDB')
+
 		const response = await axios.get(
 			'https://raw.githubusercontent.com/ELEVATE-Project/observation-survey-projects-pwa/refs/heads/release-2.0.0/forms.json'
 		)
 		const data = response.data
 
 		const modifiedData = data.map((form) => ({
 			...form,
 			organizationId: 1,
 			deleted: false,
 			version: 0,
 		}))
 
 		// Insert modified data into the forms collection
 		await Form.insertMany(modifiedData)
 		console.log('Data inserted successfully')
 	} catch (error) {
 		console.error('Error fetching or inserting data:', error)
+		process.exit(1)
 	} finally {
 		mongoose.connection.close()
 	}
 }
 
 // Execute the function
 fetchAndInsertData()

Also applies to: 50-51

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/linux/import_forms.js` around lines 9 -
19, fetchAndInsertData() may run before the MongoDB connection is ready because
mongoose.connect(...) is handled asynchronously; ensure the connection is
established before invoking fetchAndInsertData by awaiting
mongoose.connect(mongoURL, {...}) (or moving the call into the .then() callback
or an async IIFE that awaits mongoose.connect) so that the promise returned by
mongoose.connect resolves before calling fetchAndInsertData; update the code
paths referencing mongoose.connect and fetchAndInsertData accordingly to
guarantee the DB is connected first.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Do not hardcode the PostgreSQL superuser password.

Line 4 sets a weak, committed password ('postgres') for a privileged account. This is a high-risk security default.

🔐 Proposed fix

- sudo -u postgres psql -p 5432 -c "CREATE USER postgres WITH ENCRYPTED PASSWORD 'postgres';"
+ : "${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD before running this script}"
+ sudo -u postgres psql -v ON_ERROR_STOP=1 -p 5432 \
+   -c "ALTER USER postgres WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}';"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	sudo -u postgres psql -p 5432 -c "CREATE USER postgres WITH ENCRYPTED PASSWORD 'postgres';"
	: "${POSTGRES_PASSWORD:?Set POSTGRES_PASSWORD before running this script}"
	sudo -u postgres psql -v ON_ERROR_STOP=1 -p 5432 \
	-c "ALTER USER postgres WITH ENCRYPTED PASSWORD '${POSTGRES_PASSWORD}';"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/create-databases.sh` at line 4,
The script currently hardcodes the superuser password in the psql command (sudo
-u postgres psql -p 5432 -c "CREATE USER postgres WITH ENCRYPTED PASSWORD
'postgres';"); change this to avoid embedded secrets by reading the password
from a secure source (e.g., an environment variable like PG_SUPERUSER_PASS or by
prompting at runtime) and validate it's non-empty before running psql, or
alternatively create the superuser without a plaintext password and rely on
provisioning to set credentials securely; update the psql invocation to use the
variable (or omit the password clause) and add a check that aborts if the secret
is missing.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

The seed assumes role ids/titles that it never creates.

New user_roles are inserted without ids, but later inserts hard-code 8-13 in public.users and public.user_organization_roles. The script also renames role_permission_mapping to state_education_officer without creating or renaming that public.user_roles record here, so role references only work against one very specific preloaded dataset.

Also applies to: 11-19, 44-57, 69-70

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/native/scripts/scp/ubuntu/insert_sample_data.sh` around
lines 5 - 9, Seed inserts add user_roles without stable IDs but later SQL
hardcodes role IDs (8-13) and renames 'role_permission_mapping' to
'state_education_officer' without ensuring that role exists, causing mismatched
references; update the script to either insert user_roles with explicit id
values matching the hard-coded references or, better, change downstream INSERTs
into public.users and public.user_organization_roles to resolve role IDs
dynamically (e.g., SELECT id FROM public.user_roles WHERE title='...') and add
an explicit insert/rename for the 'state_education_officer' role so every
reference (titles like
'content_creator','reviewer','program_designer','program_manager','rollout_manager'
and the renamed 'state_education_officer') is created or resolved before being
used.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

district reuses the same entity_types.id as state.

Line 24 inserts id = 5 immediately after Line 23 already inserted id = 5, so this seed will stop on the second insert. If district is meant to sit under state, it needs its own id and likely parent_id = 5.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/sample-data/scp/mac-linux/user/sampleData.sql` around
lines 23 - 24, The second INSERT into the entity_types table reuses id = 5
(conflicting with the state row) and doesn't set parent_id; change the district
row to use a unique id (e.g., id = 6) and set parent_id = 5 so district is a
child of state; ensure the values list matches the column list (add
organization_code/tenant_code if required) so the INSERT columns and values
align with the first row's schema.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Typo in branch name will cause git clone to fail.

The branch name releaase-1.1.0 contains a typo (extra 'a'). This will cause the setup to fail when users attempt to clone the repository.

Proposed fix

-git clone -b releaase-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \
+git clone -b release-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@documentation/3.4.0/setup/native/scp/ubuntu/README.md` at line 98, The git
clone command in the README uses a misspelled branch name "releaase-1.1.0";
update the branch specifier in the git clone line (the argument to -b in the git
clone command) to the correct branch name "release-1.1.0" so users can
successfully clone the repository (look for the git clone -b releaase-1.1.0 ...
line and change releaase-1.1.0 to release-1.1.0).

[coderabbitai]

Actionable comments posted: 9

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@documentation/3.4.0/setup/native/scp/mac/README.md`:
- Line 354: The Postman section label contains a typo: change "Surevy Project
Creation Service" to "Survey Project Creation Service" in the README entry that
links to the Survey Project Creation Service (the text label before the URL
https://github.com/ELEVATE-Project/survey-project-creation-service/tree/release-1.0.0/src/api-doc).
- Around line 16-17: The markdown contains unmatched closing </details> tags
that break rendering; edit documentation/3.4.0/setup/native/scp/mac/README.md
and remove the extraneous </details> entries (the two consecutive closing tags
shown) so every </details> has a corresponding opening <details> (or re-add the
missing opening if that was intended) — look for the stray </details> near the
header block and delete them to restore valid markup.
- Line 278: Replace the unsafe "curl -s
https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js
| node" pattern with a download-then-execute workflow: fetch the pinned file
(use a commit SHA or release tag instead of a moving branch ref), save it to
disk, verify its integrity (checksum/signature), inspect if needed, then run it
with node; update the README entry to show these steps and the pinned URL
(referencing the original curl | node invocation) so users download, verify, and
then execute the local file rather than piping remote content directly into
node.
- Line 99: Fix the typo in the git clone branch name in the README command:
replace "releaase-1.1.0" with the correct branch name "release-1.1.0" in the
line containing the git clone command (the line starting with "git clone -b
releaase-1.1.0 ...") so the clone command succeeds.

In `@README.md`:
- Around line 86-87: Replace the placeholder links in README.md for the "Setup
guide for macOS" and "Setup guide for Windows" bullets (and the other
occurrences noted at lines 117 and 139) with the real target URLs or relative
paths to the actual native/macos/README and native/windows/README files; update
the link targets so they point to valid documentation pages in the repo or
published docs, ensuring the link text "Setup guide for macOS" and "Setup guide
for Windows" resolve to working URLs before merging.
- Line 165: Remove the duplicate top-level section heading "## 📖 Related
Documentation & Tools" so it only appears once in the README; locate both
occurrences of that exact heading text and delete the redundant one (ensure you
keep the instance that contains the relevant links/content and remove the empty
or duplicate header to stop duplicate TOC/navigation entries and markdownlint
MD024 warnings).
- Around line 205-209: Fix the malformed HTML anchor list items in README.md by
converting each broken mixed HTML list entry into a proper Markdown list link:
replace the incomplete/open <a> tags around the "Projects Service API
Collection" and "Samiksha Service API Collection" entries with fully-formed
Markdown entries (e.g., "- [Projects Service API
Collection](https://github.com/ELEVATE-Project/project-service/tree/main/api-doc)")
and do the same for the other affected block (the entries referenced at lines
220-224) so every bullet is a single, valid Markdown link; update the text for
exact string matches "Projects Service API Collection" and "Samiksha Service API
Collection" (and the other listed items) to ensure anchors are closed and render
correctly.
- Line 105: The README currently links to a feature-branch URL containing
"blob/setupGuideSCP" (e.g. the link text "SETUP_SCP_DOCKER_UBUNTU.md"); update
those links to point to a stable location by replacing the branch-specific path
with the main branch (use "blob/main/...") or use relative repository paths so
they remain valid when feature branches are removed; apply the same change for
the other similar links flagged in the review (lines referencing the setup guide
URLs).
- Around line 57-60: The two Stand-Alone "Native" links are incorrect: the
"Setup guide for macOS" currently points to the Docker macOS guide and the
"Setup guide for Windows" is a placeholder; update the link targets in README.md
so the "Setup guide for macOS" anchor (the line labeled "Setup guide for macOS")
uses the native/mac-os native setup URL (replace the Docker path with the
native/mac-os README for stand-alone) and replace the "Setup guide for Windows"
placeholder URL (the line labeled "Setup guide for Windows") with the correct
native/windows stand-alone README URL; ensure the anchor texts remain the same
and only the hrefs are corrected.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b6151bbf-27b8-4d68-a0be-6155e1d30f0c

📥 Commits

Reviewing files that changed from the base of the PR and between 8aa8b6a and 84e4b94.

📒 Files selected for processing (2)

• README.md
• documentation/3.4.0/setup/native/scp/mac/README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove unmatched closing </details> tags.

These tags have no opening pair and can break markdown/HTML rendering near the header block.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@documentation/3.4.0/setup/native/scp/mac/README.md` around lines 16 - 17, The
markdown contains unmatched closing </details> tags that break rendering; edit
documentation/3.4.0/setup/native/scp/mac/README.md and remove the extraneous
</details> entries (the two consecutive closing tags shown) so every </details>
has a corresponding opening <details> (or re-add the missing opening if that was
intended) — look for the stray </details> near the header block and delete them
to restore valid markup.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Fix branch typo in clone command (releaase-1.1.0).

This command will fail as written.

Suggested patch

- git clone -b releaase-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \
+ git clone -b release-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	git clone -b releaase-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \
	git clone -b release-1.1.0 https://github.com/ELEVATE-Project/elevate-portal && \

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@documentation/3.4.0/setup/native/scp/mac/README.md` at line 99, Fix the typo
in the git clone branch name in the README command: replace "releaase-1.1.0"
with the correct branch name "release-1.1.0" in the line containing the git
clone command (the line starting with "git clone -b releaase-1.1.0 ...") so the
clone command succeeds.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid executing remote scripts via curl | node.

Directly piping network content into node is a security risk and makes runs non-reproducible. Download, inspect, then execute a pinned file.

Suggested safer pattern

- curl -s https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js | node
+ curl -fsSL -o import_forms.js https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js
+ node import_forms.js

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	curl -s https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js | node
	curl -fsSL -o import_forms.js https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js
	node import_forms.js

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@documentation/3.4.0/setup/native/scp/mac/README.md` at line 278, Replace the
unsafe "curl -s
https://raw.githubusercontent.com/ELEVATE-Project/project-service/refs/heads/setupGuideSCP/documentation/3.4.0/native/scripts/linux/import_forms.js
| node" pattern with a download-then-execute workflow: fetch the pinned file
(use a commit SHA or release tag instead of a moving branch ref), save it to
disk, verify its integrity (checksum/signature), inspect if needed, then run it
with node; update the README entry to show these steps and the pinned URL
(referencing the original curl | node invocation) so users download, verify, and
then execute the local file rather than piping remote content directly into
node.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix spelling in Postman section label.

Surevy Project Creation Service → Survey Project Creation Service.

🧰 Tools

🪛 LanguageTool

[grammar] ~354-~354: Ensure spelling is correct
Context: ...roject-service/tree/main/api-doc) - [Surevy Project Creation Service](https://githu...

(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@documentation/3.4.0/setup/native/scp/mac/README.md` at line 354, The Postman
section label contains a typo: change "Surevy Project Creation Service" to
"Survey Project Creation Service" in the README entry that links to the Survey
Project Creation Service (the text label before the URL
https://github.com/ELEVATE-Project/survey-project-creation-service/tree/release-1.0.0/src/api-doc).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix incorrect Native setup links in Stand-Alone section.

Line 58 points to the Docker macOS guide (not Native), and Line 59 is a placeholder URL. These links currently misroute users.

Suggested patch

- -   [Setup guide for macOS](https://github.com/ELEVATE-Project/project-service/blob/main/documentation/3.4.0/setup/docker/stand-alone/mac-os/README.md)
- -   [Setup guide for Windows](link/to/standalone/native/windows/README)
+ -   [Setup guide for macOS](https://github.com/ELEVATE-Project/project-service/blob/main/documentation/3.4.0/setup/native/stand-alone/mac-os/README.md)
+ -   [Setup guide for Windows](https://github.com/ELEVATE-Project/project-service/blob/main/documentation/3.4.0/setup/native/stand-alone/windows/README.md)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 57 - 60, The two Stand-Alone "Native" links are
incorrect: the "Setup guide for macOS" currently points to the Docker macOS
guide and the "Setup guide for Windows" is a placeholder; update the link
targets in README.md so the "Setup guide for macOS" anchor (the line labeled
"Setup guide for macOS") uses the native/mac-os native setup URL (replace the
Docker path with the native/mac-os README for stand-alone) and replace the
"Setup guide for Windows" placeholder URL (the line labeled "Setup guide for
Windows") with the correct native/windows stand-alone README URL; ensure the
anchor texts remain the same and only the hrefs are corrected.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Replace placeholder links with real targets before merge.

These placeholder URLs are dead links in published documentation and block setup navigation.

Also applies to: 117-117, 139-139

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 86 - 87, Replace the placeholder links in README.md
for the "Setup guide for macOS" and "Setup guide for Windows" bullets (and the
other occurrences noted at lines 117 and 139) with the real target URLs or
relative paths to the actual native/macos/README and native/windows/README
files; update the link targets so they point to valid documentation pages in the
repo or published docs, ensuring the link text "Setup guide for macOS" and
"Setup guide for Windows" resolve to working URLs before merging.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Avoid linking root README to a feature branch.

These links target blob/setupGuideSCP/...; once that branch is deleted/renamed, docs break. Root README should point to stable main (or relative paths).

Also applies to: 111-111, 127-127, 133-133

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 105, The README currently links to a feature-branch URL
containing "blob/setupGuideSCP" (e.g. the link text
"SETUP_SCP_DOCKER_UBUNTU.md"); update those links to point to a stable location
by replacing the branch-specific path with the main branch (use "blob/main/...")
or use relative repository paths so they remain valid when feature branches are
removed; apply the same change for the other similar links flagged in the review
(lines referencing the setup guide URLs).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove duplicate top-level section heading.

## 📖 Related Documentation & Tools appears twice, causing duplicated TOC/navigation entries and markdownlint MD024 noise.

🧰 Tools

🪛 markdownlint-cli2 (0.22.1)

[warning] 165-165: Multiple headings with the same content

(MD024, no-duplicate-heading)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` at line 165, Remove the duplicate top-level section heading "## 📖
Related Documentation & Tools" so it only appears once in the README; locate
both occurrences of that exact heading text and delete the redundant one (ensure
you keep the instance that contains the relevant links/content and remove the
empty or duplicate header to stop duplicate TOC/navigation entries and
markdownlint MD024 warnings).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix malformed HTML list items in link sections.

The anchor/list markup is not properly closed per item, which can render incorrectly in GitHub markdown. Prefer pure markdown list links or fully closed <a> tags per bullet.

Suggested patch (markdown style)

- -   <a href="https://github.com/ELEVATE-Project/project-service/tree/main/api-doc" target="_blank">
-     Projects Service API Collection
- -   <a href="https://github.com/ELEVATE-Project/samiksha-service/tree/main/api-doc" target="_blank">
-       Samiksha Service API Collection
-     </a>
+ -   [Projects Service API Collection](https://github.com/ELEVATE-Project/project-service/tree/main/api-doc)
+ -   [Samiksha Service API Collection](https://github.com/ELEVATE-Project/samiksha-service/tree/main/api-doc)

- -   <a href="https://github.com/ELEVATE-Project/project-service/tree/main/Project-Service-implementation-Script" target="_blank">
-     solution-Upload-Portal-Service
- -   <a href="https://github.com/ELEVATE-Project/project-service/tree/main/Project-Service-implementation-Script" target="_blank">
-       solution-Upload-Portal
-     </a>
+ -   [solution-Upload-Portal-Service](https://github.com/ELEVATE-Project/project-service/tree/main/Project-Service-implementation-Script)
+ -   [solution-Upload-Portal](https://github.com/ELEVATE-Project/project-service/tree/main/Project-Service-implementation-Script)

Also applies to: 220-224

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 205 - 209, Fix the malformed HTML anchor list items
in README.md by converting each broken mixed HTML list entry into a proper
Markdown list link: replace the incomplete/open <a> tags around the "Projects
Service API Collection" and "Samiksha Service API Collection" entries with
fully-formed Markdown entries (e.g., "- [Projects Service API
Collection](https://github.com/ELEVATE-Project/project-service/tree/main/api-doc)")
and do the same for the other affected block (the entries referenced at lines
220-224) so every bullet is a single, valid Markdown link; update the text for
exact string matches "Projects Service API Collection" and "Samiksha Service API
Collection" (and the other listed items) to ensure anchors are closed and render
correctly.