From 2638a9f73d6ef1036a34961819d35a8c52e4e428 Mon Sep 17 00:00:00 2001 From: WISDOM Date: Fri, 29 May 2026 12:17:35 +0000 Subject: [PATCH 01/46] docs: add operational runbooks (#315) - docs/runbooks/contract-deployment.md: testnet/mainnet deploy, verify, rollback - docs/runbooks/meter-key-rotation.md: scheduled and emergency key rotation - docs/runbooks/failed-mint-investigation.md: diagnose and retry failed mints - docs/runbooks/incident-response.md: triage, containment, resolution, postmortem - docs/runbooks/README.md: index of all runbooks Closes #315 --- docs/runbooks/README.md | 10 ++ docs/runbooks/contract-deployment.md | 89 +++++++++++++++ docs/runbooks/failed-mint-investigation.md | 97 ++++++++++++++++ docs/runbooks/incident-response.md | 125 +++++++++++++++++++++ docs/runbooks/meter-key-rotation.md | 77 +++++++++++++ 5 files changed, 398 insertions(+) create mode 100644 docs/runbooks/README.md create mode 100644 docs/runbooks/contract-deployment.md create mode 100644 docs/runbooks/failed-mint-investigation.md create mode 100644 docs/runbooks/incident-response.md create mode 100644 docs/runbooks/meter-key-rotation.md diff --git a/docs/runbooks/README.md b/docs/runbooks/README.md new file mode 100644 index 0000000..8e50226 --- /dev/null +++ b/docs/runbooks/README.md @@ -0,0 +1,10 @@ +# Runbooks + +Operational runbooks for common SolarProof procedures. + +| Runbook | Description | +|---|---| +| [contract-deployment.md](contract-deployment.md) | Deploy Soroban contracts to testnet and mainnet | +| [meter-key-rotation.md](meter-key-rotation.md) | Rotate an Ed25519 meter signing key | +| [failed-mint-investigation.md](failed-mint-investigation.md) | Diagnose and resolve failed energy token mint jobs | +| [incident-response.md](incident-response.md) | Detect, contain, resolve, and learn from incidents | diff --git a/docs/runbooks/contract-deployment.md b/docs/runbooks/contract-deployment.md new file mode 100644 index 0000000..3bd3b5b --- /dev/null +++ b/docs/runbooks/contract-deployment.md @@ -0,0 +1,89 @@ +# Runbook: Contract Deployment + +Covers deploying SolarProof Soroban contracts to testnet and mainnet. + +For full deployment documentation see [docs/DEPLOYMENT.md](../DEPLOYMENT.md). + +--- + +## Prerequisites + +- Rust toolchain (see `apps/contracts/rust-toolchain.toml`) +- `wasm32-unknown-unknown` target: `rustup target add wasm32-unknown-unknown` +- Stellar CLI: `cargo install --locked stellar-cli --features opt` +- Funded deployer account (testnet: use friendbot; mainnet: real XLM) +- `DEPLOYER_SECRET_KEY` environment variable set + +--- + +## Testnet Deployment + +```bash +# 1. Build contracts +cd apps/contracts && stellar contract build + +# 2. Deploy (idempotent — skips already-deployed contracts) +DEPLOYER_SECRET_KEY= bash scripts/deploy-testnet.sh +``` + +The script writes contract IDs to `scripts/deployments/testnet.json`. + +```bash +# 3. Initialize each contract +ADMIN=$(stellar keys address deployer) + +stellar contract invoke --id $TOKEN_ID --source deployer --network testnet \ + -- initialize --admin $ADMIN --minter $ADMIN + +stellar contract invoke --id $REGISTRY_ID --source deployer --network testnet \ + -- initialize --admin $ADMIN + +stellar contract invoke --id $GOV_ID --source deployer --network testnet \ + -- initialize --admin $ADMIN --quorum 51 --voting_period_ledgers 17280 + +# 4. Update docs/deployments.md with the new contract IDs +# 5. Set contract IDs in .env.local (see docs/DEPLOYMENT.md §2d) +``` + +--- + +## Mainnet Deployment + +> ⚠️ Irreversible. Use an HSM-backed key. Test on testnet first. + +Same steps as testnet — replace `--network testnet` with `--network mainnet` and use `scripts/deploy-mainnet.sh`. + +--- + +## Verify Deployed Bytecode + +```bash +# Compute local WASM hash +sha256sum apps/contracts/target/wasm32-unknown-unknown/release/energy_token.wasm + +# Compare against on-chain hash at: +# https://stellar.expert/explorer/testnet/contract/ +# Contract tab → WASM section → WASM hash +``` + +Hashes must match. A mismatch means the on-chain contract differs from the local build. + +--- + +## Rollback + +Soroban contracts are immutable. Rollback = deploy a new contract and update env vars. + +1. Deploy corrected WASM → new contract ID +2. Update `NEXT_PUBLIC_ENERGY_TOKEN_ID` (and/or other IDs) in environment +3. Redeploy web app (Vercel picks up new env vars automatically) +4. Update `docs/deployments.md` with new ID and rollback note +5. Do not delete the old contract — it is an audit record + +--- + +## CI / Automated Deployment + +Testnet deployment runs automatically on push to `main` via `.github/workflows/deploy-contracts.yml`. + +To trigger manually: GitHub → Actions → Deploy Contracts → Run workflow. diff --git a/docs/runbooks/failed-mint-investigation.md b/docs/runbooks/failed-mint-investigation.md new file mode 100644 index 0000000..163e912 --- /dev/null +++ b/docs/runbooks/failed-mint-investigation.md @@ -0,0 +1,97 @@ +# Runbook: Investigating Failed Mint Jobs + +Covers diagnosing and resolving failed energy token mint jobs. + +--- + +## Background + +When a meter reading is submitted, the API: +1. Verifies the Ed25519 signature +2. Anchors the reading hash to Stellar via `audit_registry` +3. Mints an `energy_token` (1 token = 1 kWh) + +A mint failure means step 3 failed. The reading may still be anchored (step 2 succeeded). Failed mints are recorded in the `mint_jobs` table with a `status` of `failed` and a `diagnosis` field populated by tracer-sim. + +--- + +## Step 1 — Identify the Failed Job + +```sql +SELECT id, meter_id, kwh, created_at, status, diagnosis, anchor_tx_hash, mint_tx_hash +FROM mint_jobs +WHERE status = 'failed' +ORDER BY created_at DESC +LIMIT 20; +``` + +Check the `diagnosis` field — tracer-sim auto-populates a failure reason when available. + +--- + +## Step 2 — Common Failure Causes + +| Diagnosis / symptom | Likely cause | Resolution | +|---|---|---| +| `insufficient_balance` | Minter account out of XLM | Top up the minter account (see Step 3) | +| `contract_not_found` | Wrong contract ID in env | Verify `NEXT_PUBLIC_ENERGY_TOKEN_ID` matches deployed contract | +| `sequence_number_mismatch` | Concurrent mint race | Retry the job (usually self-resolving) | +| `network_timeout` | Stellar RPC unreachable | Check Stellar network status; retry after recovery | +| `signature_invalid` | Minter key mismatch | Verify `MINTER_SECRET_KEY` env var matches the contract's authorized minter | +| `already_minted` | Duplicate job | Check if a successful mint exists for the same `reading_id`; mark job resolved | + +--- + +## Step 3 — Top Up the Minter Account (if needed) + +```bash +# Check minter balance +stellar account info --account --network testnet + +# Testnet: use friendbot +curl "https://friendbot.stellar.org?addr=" + +# Mainnet: transfer XLM from a funded account +stellar payment send \ + --source \ + --destination \ + --amount 100 \ + --network mainnet +``` + +--- + +## Step 4 — Retry the Failed Job + +```bash +# Trigger a retry via the API (if a retry endpoint exists) +curl -X POST https:///api/admin/mint-jobs//retry \ + -H "Authorization: Bearer " +``` + +Or re-submit the original reading — the server is idempotent for anchoring (returns `409` if already anchored) but will attempt a fresh mint if the previous one failed. + +--- + +## Step 5 — Verify Resolution + +```sql +SELECT id, status, mint_tx_hash FROM mint_jobs WHERE id = ''; +``` + +Confirm `status = 'completed'` and `mint_tx_hash` is populated. + +Verify the on-chain mint at: +``` +https://stellar.expert/explorer/testnet/tx/ +``` + +--- + +## Step 6 — Escalate if Unresolved + +If the failure persists after retrying: +1. Capture the full `diagnosis` text and `anchor_tx_hash` +2. Open an incident (see [incident-response.md](incident-response.md)) +3. Check Stellar network status at https://status.stellar.org +4. Review tracer-sim output in application logs for the full replay trace diff --git a/docs/runbooks/incident-response.md b/docs/runbooks/incident-response.md new file mode 100644 index 0000000..9002c9e --- /dev/null +++ b/docs/runbooks/incident-response.md @@ -0,0 +1,125 @@ +# Runbook: Incident Response + +Covers detecting, containing, resolving, and learning from incidents affecting SolarProof. + +--- + +## Severity Levels + +| Level | Description | Response time | +|---|---|---| +| P1 — Critical | Production down, data loss, security breach | Immediate | +| P2 — High | Core feature broken, significant user impact | < 1 hour | +| P3 — Medium | Degraded performance, non-critical feature broken | < 4 hours | +| P4 — Low | Minor issue, cosmetic, no user impact | Next business day | + +--- + +## Phase 1 — Detection and Triage + +1. **Detect** — via monitoring alert, error report, or user feedback +2. **Record** — open an incident issue on GitHub with: + - Severity level + - Affected systems (web app, API, database, smart contracts, infrastructure) + - Observed symptoms and first detection time +3. **Assign** — designate an incident commander (IC) responsible for coordination +4. **Communicate** — notify stakeholders via the agreed channel (Slack, email, etc.) + +--- + +## Phase 2 — Containment + +Act to stop the incident from worsening before root cause is known. + +| Affected system | Containment action | +|---|---| +| Web app / API | Roll back the last Vercel deployment | +| Smart contract exploit | Invoke contract pause via governance (see below) | +| Compromised meter key | Deactivate the meter record immediately (see [meter-key-rotation.md](meter-key-rotation.md)) | +| Database corruption | Stop write traffic; put app in maintenance mode | +| Failed mints (bulk) | Pause the mint job queue; investigate (see [failed-mint-investigation.md](failed-mint-investigation.md)) | + +**Pause a smart contract (if pause function available):** + +```bash +stellar contract invoke --id --source --network mainnet \ + -- pause +``` + +**Roll back a Vercel deployment:** + +```bash +vercel rollback --token +# Or via Vercel dashboard: Deployments → previous deployment → Promote to Production +``` + +**Preserve evidence before making changes:** + +```bash +# Capture recent application logs +# Export relevant database tables +# Screenshot monitoring dashboards +``` + +--- + +## Phase 3 — Investigation + +1. Review application logs for errors around the incident start time +2. Check recent deployments, config changes, and dependency updates +3. Query the database for anomalous data: + +```sql +-- Recent failed readings +SELECT * FROM readings WHERE created_at > now() - interval '1 hour' AND status != 'anchored'; + +-- Recent failed mints +SELECT * FROM mint_jobs WHERE status = 'failed' AND created_at > now() - interval '1 hour'; + +-- Audit log for recent admin actions +SELECT * FROM audit_log ORDER BY created_at DESC LIMIT 50; +``` + +4. Check Stellar network status: https://status.stellar.org +5. Check Vercel deployment status: https://vercel.com/status + +--- + +## Phase 4 — Resolution + +1. Apply the fix (code patch, config change, data correction, or rollback) +2. Validate recovery: + - Run smoke tests against production + - Confirm error rates return to baseline in monitoring + - Verify a successful end-to-end reading submission if the API was affected +3. Lift containment measures (re-enable features, unpause contracts, restore write traffic) +4. Confirm with stakeholders that the incident is resolved + +--- + +## Phase 5 — Postmortem + +Complete within 48 hours of resolution for P1/P2 incidents. + +1. Write a postmortem document covering: + - Timeline (detection → containment → resolution) + - Root cause + - Impact (users affected, data affected, duration) + - What went well + - What went wrong + - Action items with owners and due dates +2. Update this runbook if any procedure was unclear or missing +3. Add monitoring or alerting to catch the same issue earlier next time +4. Share the postmortem with the team + +--- + +## Useful Links + +- Stellar network status: https://status.stellar.org +- Stellar Expert (testnet): https://stellar.expert/explorer/testnet +- Stellar Expert (mainnet): https://stellar.expert/explorer/mainnet +- Vercel dashboard: https://vercel.com/dashboard +- Supabase dashboard: https://app.supabase.com +- GitHub Actions: https://github.com/AnnabelJoe/solarproof/actions +- Security policy: [SECURITY.md](../../SECURITY.md) diff --git a/docs/runbooks/meter-key-rotation.md b/docs/runbooks/meter-key-rotation.md new file mode 100644 index 0000000..809b63c --- /dev/null +++ b/docs/runbooks/meter-key-rotation.md @@ -0,0 +1,77 @@ +# Runbook: Meter Key Rotation + +Covers rotating the Ed25519 signing key for a meter device — scheduled rotation, suspected compromise, or key loss. + +--- + +## When to Rotate + +- Scheduled rotation (recommended: annually or per security policy) +- Private key suspected compromised or exposed +- Device transferred to a new operator +- Key material lost + +--- + +## Steps + +### 1. Generate a new keypair + +```bash +node scripts/gen-meter-key.mjs +# Writes meter-key-new.json: { private_key_hex, public_key_hex } +``` + +For production devices, generate the keypair on the device itself (HSM/TPM). Never generate a production key on a workstation. + +### 2. Register the new public key + +Insert the new key into the `meters` table with a new UUID, keeping the old record active during the transition: + +```sql +INSERT INTO meters (id, pubkey_hex, cooperative_id, active) +VALUES (gen_random_uuid(), '', '', true); +``` + +Note the new `meter_id` — the device must use this UUID in all future reading submissions. + +### 3. Update the device + +Deploy the new private key and new `meter_id` to the device. For HSM-backed devices, provision the new key into the secure enclave and update the device configuration. + +### 4. Verify the new key works + +Send a test reading using the new key and confirm a `201 Created` response: + +```bash +node scripts/send-reading.mjs \ + --meter-id \ + --kwh 0.001 \ + --key ./meter-key-new.json \ + --api https:// +``` + +### 5. Deactivate the old meter record + +Once the new key is confirmed working, deactivate the old record: + +```sql +UPDATE meters SET active = false WHERE id = ''; +``` + +The old record is retained for audit purposes — do not delete it. + +### 6. Securely destroy the old private key + +- Remove the old key from the device's secure storage +- Delete any copies from workstations, CI secrets, or backups +- Record the rotation in the audit log + +--- + +## Notes + +- The server rejects readings from inactive meter records (`404` response) +- Readings signed with the old key after deactivation will be rejected +- If the key was compromised, deactivate the old record immediately (step 5) before completing the rest of the rotation +- Test rotation in staging before applying to production meters From 7881a7e9c2d0152f016e3849da267ed755012675 Mon Sep 17 00:00:00 2001 From: pauljacobb Date: Sun, 31 May 2026 04:52:17 +0000 Subject: [PATCH 02/46] feat(web): real-time energy chart with WebSocket + polling fallback (#260) - WebSocket connection established on dashboard load - Chart updates automatically when new meter readings arrive - Graceful fallback to polling (30s interval) if WebSocket unavailable - Connection status indicator: Live / Polling / Offline / Connecting Closes #260 --- apps/web/src/components/DashboardChart.tsx | 138 +++++++++++++++++++-- 1 file changed, 125 insertions(+), 13 deletions(-) diff --git a/apps/web/src/components/DashboardChart.tsx b/apps/web/src/components/DashboardChart.tsx index 2e82e48..93a8f09 100644 --- a/apps/web/src/components/DashboardChart.tsx +++ b/apps/web/src/components/DashboardChart.tsx @@ -1,26 +1,138 @@ 'use client' +import { useEffect, useRef, useState, useCallback } from 'react' import { Area, AreaChart, CartesianGrid, ResponsiveContainer, Tooltip, XAxis, YAxis } from 'recharts' +import { Wifi, WifiOff, Radio } from 'lucide-react' -const data = [ - { day: 'Mon', energy: 14 }, - { day: 'Tue', energy: 18 }, - { day: 'Wed', energy: 16 }, - { day: 'Thu', energy: 22 }, - { day: 'Fri', energy: 20 }, - { day: 'Sat', energy: 26 }, - { day: 'Sun', energy: 24 }, -] +interface ChartPoint { + label: string + energy: number +} + +const POLL_INTERVAL_MS = 30_000 + +async function fetchRecentReadings(): Promise { + try { + const res = await fetch('/api/readings?limit=20') + if (!res.ok) return [] + const json = await res.json() + const rows: { timestamp: string; kwh: number }[] = json.data ?? [] + return rows + .slice() + .reverse() + .map((r) => ({ + label: new Date(r.timestamp).toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' }), + energy: r.kwh, + })) + } catch { + return [] + } +} + +type ConnectionStatus = 'connecting' | 'live' | 'polling' | 'error' export function DashboardChart() { + const [data, setData] = useState([]) + const [status, setStatus] = useState('connecting') + const wsRef = useRef(null) + const pollRef = useRef | null>(null) + const mountedRef = useRef(true) + + const startPolling = useCallback(() => { + if (pollRef.current) return + setStatus('polling') + fetchRecentReadings().then((d) => { if (mountedRef.current && d.length) setData(d) }) + pollRef.current = setInterval(() => { + fetchRecentReadings().then((d) => { if (mountedRef.current && d.length) setData(d) }) + }, POLL_INTERVAL_MS) + }, []) + + const stopPolling = useCallback(() => { + if (pollRef.current) { clearInterval(pollRef.current); pollRef.current = null } + }, []) + + const appendReading = useCallback((kwh: number, timestamp: string) => { + setData((prev) => { + const point: ChartPoint = { + label: new Date(timestamp).toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' }), + energy: kwh, + } + const next = [...prev, point] + return next.length > 20 ? next.slice(next.length - 20) : next + }) + }, []) + + useEffect(() => { + mountedRef.current = true + + // Load initial data via REST + fetchRecentReadings().then((d) => { if (mountedRef.current && d.length) setData(d) }) + + // Attempt WebSocket connection + try { + const protocol = window.location.protocol === 'https:' ? 'wss:' : 'ws:' + const ws = new WebSocket(`${protocol}//${window.location.host}/api/ws/readings`) + wsRef.current = ws + + ws.onopen = () => { + if (!mountedRef.current) return + setStatus('live') + stopPolling() + } + + ws.onmessage = (event) => { + if (!mountedRef.current) return + try { + const reading = JSON.parse(event.data as string) + appendReading(reading.kwh, reading.timestamp) + } catch { /* ignore malformed messages */ } + } + + ws.onerror = () => { + if (!mountedRef.current) return + setStatus('error') + startPolling() + } + + ws.onclose = () => { + if (!mountedRef.current) return + if (status !== 'live') return + setStatus('polling') + startPolling() + } + } catch { + startPolling() + } + + return () => { + mountedRef.current = false + wsRef.current?.close() + wsRef.current = null + stopPolling() + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, []) + + const statusConfig: Record = { + connecting: { icon: , label: 'Connecting…', color: 'text-gray-400' }, + live: { icon: , label: 'Live', color: 'text-green-500' }, + polling: { icon: , label: 'Polling', color: 'text-amber-500' }, + error: { icon: , label: 'Offline', color: 'text-red-500' }, + } + + const { icon, label, color } = statusConfig[status] + return (

Energy trend

-

Weekly generation

+

Live generation

-

Responsive chart for mobile and desktop

+ + {icon} + {label} +
@@ -32,10 +144,10 @@ export function DashboardChart() { - + - +
From 18c472abc6bee773e297e15398e8e00588f78331 Mon Sep 17 00:00:00 2001 From: pauljacobb Date: Sun, 31 May 2026 05:06:15 +0000 Subject: [PATCH 03/46] docs(contracts): add/enhance Rust doc comments on all public functions (#319) - energy_token: enhanced balance() and total_supply() with examples - audit_registry: enhanced anchor(), verify(), api_signer(), admin() with full Arguments/Errors/Example sections - community_governance: enhanced set_quorum_bps, get_quorum_bps, set_threshold_bps, get_threshold_bps, pending_upgrade, get_execution_timelock, proposal_count with Panics/Arguments/Examples All public functions now have /// doc comments with Panics, Arguments, Authorization, and example invocations where applicable. Closes #319 --- apps/contracts/audit_registry/src/lib.rs | 36 ++++++++++++++- .../contracts/community_governance/src/lib.rs | 44 ++++++++++++++++--- apps/contracts/energy_token/src/lib.rs | 10 +++++ 3 files changed, 82 insertions(+), 8 deletions(-) diff --git a/apps/contracts/audit_registry/src/lib.rs b/apps/contracts/audit_registry/src/lib.rs index e3e83b5..dc27611 100644 --- a/apps/contracts/audit_registry/src/lib.rs +++ b/apps/contracts/audit_registry/src/lib.rs @@ -157,6 +157,9 @@ impl AuditRegistry { } /// Returns the current authorised API signer address. + /// + /// # Panics + /// * `"not initialized"` if the contract has not been initialised. pub fn api_signer(env: Env) -> soroban_sdk::Address { env.storage() .instance() @@ -171,10 +174,29 @@ impl AuditRegistry { ((b0 << 8) | b1) % 1024 } - /// Anchor a reading hash on-chain. + /// Anchor a reading hash on-chain. Only the registered `api_signer` may call this. + /// + /// # Arguments + /// * `caller` — must equal the registered `api_signer`. + /// * `reading_hash` — 32-byte SHA-256 of `(meter_id || kwh_stroops_le || timestamp_le)`. + /// * `nonce` — 32-byte unique value; prevents replay of the same anchor call. + /// + /// # Authorization + /// Requires `caller` authorisation. Returns `Err(Error::Unauthorized)` if + /// `caller` is not the registered `api_signer`. + /// + /// # Errors + /// * `Error::Unauthorized` — caller is not the `api_signer`. + /// * `Error::AlreadyAnchored` — `reading_hash` or `nonce` was already used. /// /// # Events - /// Emits `(topic: "anchor", data: reading_hash)`. + /// Emits `(topic: "anchor", data: (reading_hash, ledger_sequence, ledger_timestamp))`. + /// + /// # Example + /// ```ignore + /// client.anchor(&api_signer, &reading_hash, &nonce).unwrap(); + /// assert!(client.is_anchored(&reading_hash)); + /// ``` pub fn anchor( env: Env, caller: soroban_sdk::Address, @@ -235,6 +257,13 @@ impl AuditRegistry { } /// Returns the `AuditAnchor` for `reading_hash`, or `None` if not anchored. + /// + /// # Example + /// ```ignore + /// if let Some(anchor) = client.verify(&hash) { + /// println!("anchored at ledger {}", anchor.anchored_at_ledger); + /// } + /// ``` pub fn verify(env: Env, reading_hash: BytesN<32>) -> Option { let bucket_id = Self::get_bucket_id(&reading_hash); let bucket: Map, u32> = env.storage().persistent().get(&DataKey::Bucket(bucket_id))?; @@ -264,6 +293,9 @@ impl AuditRegistry { } /// Returns the admin address. + /// + /// # Panics + /// * `"not initialized"` if the contract has not been initialised. pub fn admin(env: Env) -> soroban_sdk::Address { env.storage() .instance() diff --git a/apps/contracts/community_governance/src/lib.rs b/apps/contracts/community_governance/src/lib.rs index 02ea4a6..8906f58 100644 --- a/apps/contracts/community_governance/src/lib.rs +++ b/apps/contracts/community_governance/src/lib.rs @@ -242,14 +242,29 @@ impl CommunityGovernance { .set(&DataKey::Version, &new_version); } - /// Set quorum in basis points (1–10 000). Admin-only. + /// Set the minimum participation quorum in basis points (1–10 000). Admin-only. + /// + /// # Arguments + /// * `admin` — administrator address (must authorise). + /// * `bps` — quorum in basis points, e.g. `1000` = 10 %. + /// + /// # Authorization + /// Requires `admin` authorisation. + /// + /// # Panics + /// * `"quorum_bps must be 1-10000"` if `bps` is out of range. + /// + /// # Example + /// ```ignore + /// client.set_quorum_bps(&admin, &2_000_u32); // 20 % + /// ``` pub fn set_quorum_bps(env: Env, admin: Address, bps: u32) { admin.require_auth(); assert!(bps >= 1 && bps <= 10_000, "quorum_bps must be 1-10000"); env.storage().instance().set(&DataKey::QuorumBps, &bps); } - /// Returns the current quorum in basis points. + /// Returns the current quorum in basis points (default: `1000` = 10 %). pub fn get_quorum_bps(env: Env) -> u32 { env.storage() .instance() @@ -257,14 +272,29 @@ impl CommunityGovernance { .unwrap_or(DEFAULT_QUORUM_BPS) } - /// Set approval threshold in basis points (1–10 000). Admin-only. + /// Set the yes-vote approval threshold in basis points (1–10 000). Admin-only. + /// + /// # Arguments + /// * `admin` — administrator address (must authorise). + /// * `bps` — threshold in basis points, e.g. `5100` = 51 %. + /// + /// # Authorization + /// Requires `admin` authorisation. + /// + /// # Panics + /// * `"threshold_bps must be 1-10000"` if `bps` is out of range. + /// + /// # Example + /// ```ignore + /// client.set_threshold_bps(&admin, &6_000_u32); // 60 % + /// ``` pub fn set_threshold_bps(env: Env, admin: Address, bps: u32) { admin.require_auth(); assert!(bps >= 1 && bps <= 10_000, "threshold_bps must be 1-10000"); env.storage().instance().set(&DataKey::ThresholdBps, &bps); } - /// Returns the current approval threshold in basis points. + /// Returns the current approval threshold in basis points (default: `5100` = 51 %). pub fn get_threshold_bps(env: Env) -> u32 { env.storage() .instance() @@ -543,6 +573,8 @@ impl CommunityGovernance { } /// Returns the pending upgrade proposal, if any. + /// + /// Returns `None` if no upgrade has been proposed or the last one was cancelled/executed. pub fn pending_upgrade(env: Env) -> Option { env.storage().instance().get(&DataKey::PendingUpgrade) } @@ -565,7 +597,7 @@ impl CommunityGovernance { .set(&DataKey::ExecuteTimelock, &ledgers); } - /// Returns the current execution timelock in ledgers. + /// Returns the current execution timelock in ledgers (default: `8640` ≈ 24 h). pub fn get_execution_timelock(env: Env) -> u32 { env.storage() .instance() @@ -615,7 +647,7 @@ impl CommunityGovernance { proposals.get(proposal_id) } - /// Returns the total number of proposals created. + /// Returns the total number of proposals created (monotonically increasing). pub fn proposal_count(env: Env) -> u32 { env.storage() .instance() diff --git a/apps/contracts/energy_token/src/lib.rs b/apps/contracts/energy_token/src/lib.rs index acf029f..91a818b 100644 --- a/apps/contracts/energy_token/src/lib.rs +++ b/apps/contracts/energy_token/src/lib.rs @@ -81,6 +81,11 @@ impl EnergyToken { // ── SEP-41 balance / transfer ──────────────────────────────────────────── /// Returns the token balance of `account`. Returns `0` for unknown accounts. + /// + /// # Example + /// ```ignore + /// let bal = client.balance(&holder_address); // e.g. 125_000_000 (12.5 kWh in stroops) + /// ``` pub fn balance(env: Env, account: Address) -> i128 { env.storage() .persistent() @@ -292,6 +297,11 @@ impl EnergyToken { } /// Returns the current circulating supply: `total_minted - total_burned`. + /// + /// # Example + /// ```ignore + /// let supply = client.total_supply(); // tokens currently in circulation + /// ``` pub fn total_supply(env: Env) -> i128 { let minted: i128 = env .storage() From eb1a425bc37ae9428dd0ac9a082f1d666bc51912 Mon Sep 17 00:00:00 2001 From: Sparklemzz Date: Sun, 31 May 2026 14:01:45 +0000 Subject: [PATCH 04/46] docs: add user guide for web dashboard (closes #317) - Add docs/USER_GUIDE.md covering all acceptance criteria: wallet connection, dashboard overview, meter readings, certificates (view + retire), governance (view/vote/create), and the public verifier - Include screenshot placeholders for each step - Link guide from dashboard page header via BookOpen icon --- apps/web/src/app/dashboard/page.tsx | 15 +- docs/USER_GUIDE.md | 213 ++++++++++++++++++++++++++++ 2 files changed, 226 insertions(+), 2 deletions(-) create mode 100644 docs/USER_GUIDE.md diff --git a/apps/web/src/app/dashboard/page.tsx b/apps/web/src/app/dashboard/page.tsx index 718baa5..87e8773 100644 --- a/apps/web/src/app/dashboard/page.tsx +++ b/apps/web/src/app/dashboard/page.tsx @@ -14,7 +14,7 @@ import { Legend, } from 'recharts' import { useTheme } from 'next-themes' -import { Zap, Award, Leaf, TrendingUp } from 'lucide-react' +import { Zap, Award, Leaf, TrendingUp, BookOpen } from 'lucide-react' import { StatCardSkeleton, ChartSkeleton, TableRowSkeleton } from '@/components/skeleton' // --------------------------------------------------------------------------- @@ -132,7 +132,18 @@ export default function DashboardPage() { return (
-

Dashboard

+
+

Dashboard

+ + +
{/* ------------------------------------------------------------------ */} {/* Stat cards */} diff --git a/docs/USER_GUIDE.md b/docs/USER_GUIDE.md new file mode 100644 index 0000000..274a341 --- /dev/null +++ b/docs/USER_GUIDE.md @@ -0,0 +1,213 @@ +# SolarProof Dashboard — User Guide + +> **Audience:** Energy producers and cooperatives using the SolarProof web dashboard. +> **Live app:** [https://solarproof.vercel.app](https://solarproof.vercel.app) + +--- + +## Table of Contents + +1. [Connecting Your Wallet](#1-connecting-your-wallet) +2. [Dashboard Overview](#2-dashboard-overview) +3. [Submitting Meter Readings](#3-submitting-meter-readings) +4. [Viewing Certificates](#4-viewing-certificates) +5. [Retiring Certificates](#5-retiring-certificates) +6. [Participating in Governance](#6-participating-in-governance) +7. [Verifying a Certificate](#7-verifying-a-certificate) +8. [Troubleshooting](#8-troubleshooting) + +--- + +## 1. Connecting Your Wallet + +SolarProof uses [Freighter](https://www.freighter.app/) — a Stellar browser wallet — to sign transactions. + +**Prerequisites** + +- Freighter browser extension installed ([freighter.app](https://www.freighter.app/)) +- Freighter set to **Testnet** (Settings → Network → Testnet) +- Your Stellar account funded with at least 1 XLM (use [Stellar Laboratory Friendbot](https://laboratory.stellar.org/#account-creator?network=test) for testnet) + +**Steps** + +1. Open the SolarProof dashboard at `/dashboard`. +2. Click **Connect Wallet** in the top-right corner of the navigation bar. +3. Freighter will prompt you to approve the connection — click **Approve**. +4. Your truncated public key (e.g. `GABC…XYZ`) appears in the navbar, confirming you are connected. + +> **Screenshot placeholder:** `docs/screenshots/01-connect-wallet.png` +> *(Shows the navbar with the Connect Wallet button highlighted, then the connected state with the public key displayed.)* + +**Disconnecting** + +Click your public key in the navbar and select **Disconnect**. + +--- + +## 2. Dashboard Overview + +Navigate to **Dashboard** (`/dashboard`) to see a real-time summary of your energy activity. + +| Section | What it shows | +|---|---| +| **Total energy** | Cumulative kWh across all verified meter readings | +| **Certificates issued** | Number of energy tokens minted on Stellar (1 token = 1 kWh) | +| **Certificates retired** | Tokens permanently burned to claim renewable energy usage | +| **Active meters** | Meters that have reported in the last 24 hours | +| **Daily energy output chart** | Area chart of kWh over the last 14 days | +| **Verification status chart** | Verified vs. pending readings per meter | +| **Recent readings table** | Last 20 meter readings with status badges | + +> **Screenshot placeholder:** `docs/screenshots/02-dashboard-overview.png` +> *(Shows the full dashboard with stat cards, both charts, and the readings table.)* + +A **Verified** badge (green) means the reading's Ed25519 signature has been confirmed and the hash anchored on Stellar. A **Pending** badge (yellow) means verification is in progress. + +--- + +## 3. Submitting Meter Readings + +Meter readings can be submitted in two ways: via the UI form or programmatically via the API. + +### Via the UI (Meters page) + +1. Navigate to **Meters** (`/meters`). +2. Click **Submit Reading**. +3. Fill in the form: + - **Meter ID** — the unique identifier of your device + - **kWh** — energy generated since the last reading + - **Timestamp** — defaults to now; adjust if back-filling +4. Click **Submit**. The dashboard signs the reading with your connected wallet and posts it to `/api/readings`. +5. The new reading appears in the **Recent readings** table on the Dashboard with a **Pending** badge. It turns **Verified** once the API confirms the Ed25519 signature and anchors the hash on Stellar (usually within a few seconds). + +> **Screenshot placeholder:** `docs/screenshots/03-submit-reading-form.png` +> *(Shows the Submit Reading modal with the three fields filled in and the Submit button.)* + +### Via the API (automated / hardware meters) + +```bash +# Generate a meter keypair once +node scripts/gen-meter-key.mjs + +# Send a signed reading +node scripts/send-reading.mjs --kwh 12.5 --meter-key ./meter-key.json +``` + +See [docs/API.md](./API.md) for the full `POST /api/readings` specification. + +--- + +## 4. Viewing Certificates + +Each verified reading automatically mints an energy token (SEP-41) on Stellar — one token per kWh. + +1. Navigate to **Certificates** (`/certificates`). +2. The list shows all certificates associated with your wallet, including: + - **Certificate ID** — the on-chain token identifier + - **kWh** — energy amount represented + - **Issued** — date minted + - **Status** — Active or Retired +3. Click a certificate row to open the detail view, which shows: + - The originating meter reading + - The Stellar transaction hash (links to Stellar Explorer) + - The Ed25519 signature of the source reading + - The audit registry anchor hash + +> **Screenshot placeholder:** `docs/screenshots/04-certificates-list.png` +> *(Shows the certificates list with columns for ID, kWh, Issued date, and Status.)* + +> **Screenshot placeholder:** `docs/screenshots/05-certificate-detail.png` +> *(Shows the certificate detail page with the full chain of custody: meter → signature → ledger anchor → token.)* + +--- + +## 5. Retiring Certificates + +Retiring a certificate permanently burns the token on-chain, proving you have claimed the renewable energy for a specific period. This action is **irreversible**. + +1. Navigate to **Certificates** (`/certificates`). +2. Find the certificate you want to retire and click **Retire**. +3. A confirmation dialog appears showing the certificate ID and kWh amount. +4. Click **Confirm Retire**. Freighter will prompt you to sign the transaction. +5. Approve the transaction in Freighter. +6. The certificate status changes to **Retired** and the token is burned on Stellar. + +> **Screenshot placeholder:** `docs/screenshots/06-retire-confirmation.png` +> *(Shows the retire confirmation dialog with the certificate details and the Confirm Retire button.)* + +> **Note:** Retired certificates remain visible in the list with a **Retired** badge for audit purposes. They can be independently verified at `/verify`. + +--- + +## 6. Participating in Governance + +SolarProof cooperatives use on-chain governance to vote on proposals (e.g. fee changes, new meter policies). + +### Viewing proposals + +1. Navigate to **Governance** (`/governance`). +2. The proposals list shows: + - **Title** and description + - **Status** — Active, Passed, Rejected, or Executed + - **Voting deadline** + - **Current vote tally** (For / Against) + +> **Screenshot placeholder:** `docs/screenshots/07-governance-proposals.png` +> *(Shows the governance page with a list of proposals and their statuses.)* + +### Voting on a proposal + +1. Click a proposal with **Active** status to open its detail page. +2. Review the full description and any attached discussion. +3. Click **Vote For** or **Vote Against**. +4. Freighter prompts you to sign the vote transaction — click **Approve**. +5. Your vote is recorded on-chain. The tally updates immediately. + +> **Screenshot placeholder:** `docs/screenshots/08-vote-on-proposal.png` +> *(Shows the proposal detail page with the Vote For / Vote Against buttons and the live tally.)* + +### Creating a proposal + +1. On the **Governance** page, click **New Proposal**. +2. Fill in the **Title** and **Description**. +3. Click **Submit Proposal**. Freighter will prompt you to sign. +4. The proposal appears in the list with **Active** status and is open for voting immediately. + +> **Note:** Voting power is proportional to the number of active energy tokens held by your wallet at the time of the vote snapshot. + +--- + +## 7. Verifying a Certificate + +Anyone — including regulators and buyers — can verify a certificate without logging in. + +1. Navigate to **Verify** (`/verify`). +2. Enter a **Certificate ID** or **Stellar transaction hash**. +3. Click **Verify**. +4. The result shows the full chain of custody: + - Meter reading (kWh, timestamp, meter ID) + - Ed25519 signature validity + - Stellar ledger anchor (audit registry transaction) + - Certificate mint transaction + - Retirement transaction (if retired) + +> **Screenshot placeholder:** `docs/screenshots/09-verify-result.png` +> *(Shows the verify page with a certificate ID entered and the full chain-of-custody result expanded.)* + +--- + +## 8. Troubleshooting + +| Symptom | Likely cause | Fix | +|---|---|---| +| "Connect Wallet" button does nothing | Freighter not installed | Install from [freighter.app](https://www.freighter.app/) | +| Transaction fails with "insufficient funds" | Account has < 1 XLM | Fund via [Friendbot](https://laboratory.stellar.org/#account-creator?network=test) (testnet) | +| Reading stays **Pending** indefinitely | Signature verification failed | Check that the meter key matches the registered meter ID | +| Certificate not appearing after reading | Minting delay or failed mint | Check the Stellar transaction in the dashboard; see [tracer-sim auto-diagnosis](./API.md#error-handling) | +| Governance vote not registering | Wallet not connected or wrong network | Reconnect Freighter and ensure it is set to Testnet | + +For further help, open an issue at [github.com/AnnabelJoe/solarproof/issues](https://github.com/AnnabelJoe/solarproof/issues). + +--- + +*SolarProof Contributors 2026 · Apache-2.0* From 9b2ce4974322501587534e1ca73a03c446fba611 Mon Sep 17 00:00:00 2001 From: Sparklemzz Date: Sun, 31 May 2026 14:14:32 +0000 Subject: [PATCH 05/46] feat(security): add RLS policies for multi-tenant isolation (#274) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Enable RLS on cooperatives, meters, readings, certificates - Members can only read rows belonging to their cooperative (cooperative_id sourced from JWT app_metadata) - Readings isolated via meter → cooperative join - Admin JWT role bypasses all policies for support operations - Policy tester SQL covers member isolation + admin bypass cases --- .../20260531000003_rls_policies.sql | 68 +++++++++++++ supabase/tests/rls_policies.sql | 97 +++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 supabase/migrations/20260531000003_rls_policies.sql create mode 100644 supabase/tests/rls_policies.sql diff --git a/supabase/migrations/20260531000003_rls_policies.sql b/supabase/migrations/20260531000003_rls_policies.sql new file mode 100644 index 0000000..b3fc60c --- /dev/null +++ b/supabase/migrations/20260531000003_rls_policies.sql @@ -0,0 +1,68 @@ +-- Migration 003: Row Level Security for multi-tenant isolation +-- Users carry their cooperative_id in JWT app_metadata. +-- The service role key (used by the API) bypasses RLS automatically. + +-- Helper: extract cooperative_id from the current user's JWT app_metadata +create or replace function auth.cooperative_id() returns uuid + language sql stable + as $$ + select nullif( + auth.jwt() -> 'app_metadata' ->> 'cooperative_id', + '' + )::uuid + $$; + +-- Helper: resolve cooperative_id for a reading via its meter +create or replace function auth.reading_cooperative_id(reading_id uuid) returns uuid + language sql stable + as $$ + select m.cooperative_id + from readings r + join meters m on m.id = r.meter_id + where r.id = reading_id + $$; + +-- ── cooperatives ──────────────────────────────────────────────────────────── +alter table cooperatives enable row level security; + +-- Members see only their own cooperative +create policy "members_select_own_cooperative" on cooperatives + for select using (id = auth.cooperative_id()); + +-- Admins (role = 'admin') can do anything +create policy "admin_all_cooperatives" on cooperatives + for all using (auth.jwt() ->> 'role' = 'admin'); + +-- ── meters ────────────────────────────────────────────────────────────────── +alter table meters enable row level security; + +create policy "members_select_own_meters" on meters + for select using (cooperative_id = auth.cooperative_id()); + +create policy "admin_all_meters" on meters + for all using (auth.jwt() ->> 'role' = 'admin'); + +-- ── readings ───────────────────────────────────────────────────────────────── +alter table readings enable row level security; + +-- Readings belong to a cooperative via their meter +create policy "members_select_own_readings" on readings + for select using ( + exists ( + select 1 from meters m + where m.id = readings.meter_id + and m.cooperative_id = auth.cooperative_id() + ) + ); + +create policy "admin_all_readings" on readings + for all using (auth.jwt() ->> 'role' = 'admin'); + +-- ── certificates ───────────────────────────────────────────────────────────── +alter table certificates enable row level security; + +create policy "members_select_own_certificates" on certificates + for select using (cooperative_id = auth.cooperative_id()); + +create policy "admin_all_certificates" on certificates + for all using (auth.jwt() ->> 'role' = 'admin'); diff --git a/supabase/tests/rls_policies.sql b/supabase/tests/rls_policies.sql new file mode 100644 index 0000000..4eb66eb --- /dev/null +++ b/supabase/tests/rls_policies.sql @@ -0,0 +1,97 @@ +-- RLS Policy Tests for issue #274 +-- Run in Supabase SQL editor or via psql. +-- Uses set_config to simulate JWT claims without a real auth session. +-- +-- Seed UUIDs (from seed.sql): +-- cooperative A: 00000000-0000-0000-0000-000000000001 +-- cooperative B: 00000000-0000-0000-0000-000000000002 (created below) +-- meter A: 00000000-0000-0000-0000-000000000010 + +-- ── Setup: second cooperative + meter for isolation tests ──────────────────── +insert into cooperatives (id, name, admin_address) values + ('00000000-0000-0000-0000-000000000002', 'Other Cooperative', + 'GOTHER1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') + on conflict (id) do nothing; + +insert into meters (id, cooperative_id, serial_number, pubkey_hex) values + ('00000000-0000-0000-0000-000000000020', + '00000000-0000-0000-0000-000000000002', + 'METER-002', + '0000000000000000000000000000000000000000000000000000000000000001') + on conflict (id) do nothing; + +-- ── Helper: simulate a JWT for a cooperative member ────────────────────────── +-- Usage: call set_claim('') then run your query. +create or replace function tests.set_claim(coop_id text, role text default 'authenticated') + returns void language plpgsql as $$ + begin + perform set_config( + 'request.jwt.claims', + json_build_object( + 'sub', 'test-user', + 'role', role, + 'app_metadata', json_build_object('cooperative_id', coop_id) + )::text, + true -- local to transaction + ); + end; +$$; + +-- ── Test 1: member of coop A sees only coop A's cooperative row ────────────── +do $$ +declare + cnt int; +begin + perform tests.set_claim('00000000-0000-0000-0000-000000000001'); + select count(*) into cnt from cooperatives; + assert cnt = 1, format('Test 1 FAIL: expected 1 cooperative, got %s', cnt); + raise notice 'Test 1 PASS: member sees only own cooperative'; +end $$; + +-- ── Test 2: member of coop A sees only coop A's meters ────────────────────── +do $$ +declare + cnt int; +begin + perform tests.set_claim('00000000-0000-0000-0000-000000000001'); + select count(*) into cnt from meters; + assert cnt = 1, format('Test 2 FAIL: expected 1 meter, got %s', cnt); + raise notice 'Test 2 PASS: member sees only own meters'; +end $$; + +-- ── Test 3: member of coop A cannot see coop B's meters ───────────────────── +do $$ +declare + cnt int; +begin + perform tests.set_claim('00000000-0000-0000-0000-000000000001'); + select count(*) into cnt from meters + where cooperative_id = '00000000-0000-0000-0000-000000000002'; + assert cnt = 0, format('Test 3 FAIL: expected 0 cross-tenant meters, got %s', cnt); + raise notice 'Test 3 PASS: member cannot see other cooperative meters'; +end $$; + +-- ── Test 4: admin role sees all cooperatives ───────────────────────────────── +do $$ +declare + cnt int; +begin + perform tests.set_claim('00000000-0000-0000-0000-000000000001', 'admin'); + select count(*) into cnt from cooperatives; + assert cnt >= 2, format('Test 4 FAIL: admin expected >= 2 cooperatives, got %s', cnt); + raise notice 'Test 4 PASS: admin sees all cooperatives'; +end $$; + +-- ── Test 5: admin role sees all meters ─────────────────────────────────────── +do $$ +declare + cnt int; +begin + perform tests.set_claim('00000000-0000-0000-0000-000000000001', 'admin'); + select count(*) into cnt from meters; + assert cnt >= 2, format('Test 5 FAIL: admin expected >= 2 meters, got %s', cnt); + raise notice 'Test 5 PASS: admin sees all meters'; +end $$; + +-- ── Cleanup ────────────────────────────────────────────────────────────────── +drop function if exists tests.set_claim(text, text); From 3fc2fcd77fe394a36e7d8e511a9ff89b6916ca45 Mon Sep 17 00:00:00 2001 From: Sparklemzz Date: Sun, 31 May 2026 14:34:28 +0000 Subject: [PATCH 06/46] feat: add loading skeletons for async data fetches (#255) - Add CertificateListSkeleton component to skeleton.tsx - Create /certificates page with skeleton loader during data fetch - Add GET /api/certificates list endpoint - Dashboard and verify pages already had skeletons (StatCardSkeleton, ChartSkeleton, TableRowSkeleton, SectionSkeleton) Closes #255 --- apps/web/src/app/api/certificates/route.ts | 21 +++++ apps/web/src/app/certificates/page.tsx | 91 ++++++++++++++++++++++ apps/web/src/components/skeleton.tsx | 27 +++++++ 3 files changed, 139 insertions(+) create mode 100644 apps/web/src/app/api/certificates/route.ts create mode 100644 apps/web/src/app/certificates/page.tsx diff --git a/apps/web/src/app/api/certificates/route.ts b/apps/web/src/app/api/certificates/route.ts new file mode 100644 index 0000000..a7f4e97 --- /dev/null +++ b/apps/web/src/app/api/certificates/route.ts @@ -0,0 +1,21 @@ +import { NextResponse } from 'next/server' +import { supabase } from '@/lib/supabase' + +/** + * GET /api/certificates + * + * Returns the 50 most recently issued certificates. + */ +export async function GET() { + const { data, error } = await supabase + .from('certificates') + .select('id, kwh, issued_at, retired, retired_at, mint_tx_hash') + .order('issued_at', { ascending: false }) + .limit(50) + + if (error) { + return NextResponse.json({ error: error.message }, { status: 500 }) + } + + return NextResponse.json(data) +} diff --git a/apps/web/src/app/certificates/page.tsx b/apps/web/src/app/certificates/page.tsx new file mode 100644 index 0000000..9845077 --- /dev/null +++ b/apps/web/src/app/certificates/page.tsx @@ -0,0 +1,91 @@ +'use client' + +import { useQuery } from '@tanstack/react-query' +import Link from 'next/link' +import { Award, ExternalLink } from 'lucide-react' +import { CertificateListSkeleton } from '@/components/skeleton' + +interface Certificate { + id: string + kwh: number + issued_at: string + retired: boolean + retired_at: string | null + mint_tx_hash: string +} + +async function fetchCertificates(): Promise { + const res = await fetch('/api/certificates') + if (!res.ok) throw new Error('Failed to load certificates') + return res.json() +} + +export default function CertificatesPage() { + const { data, isLoading, error } = useQuery({ + queryKey: ['certificates'], + queryFn: fetchCertificates, + }) + + return ( +
+
+
+ + {error && ( +

+ Failed to load certificates. +

+ )} + + {isLoading ? ( + + ) : data && data.length > 0 ? ( +
    + {data.map((cert) => ( +
  • +

    + {cert.id} +

    +

    + {cert.kwh} kWh +

    +

    + Issued {new Date(cert.issued_at).toLocaleDateString()} +

    +
    + + {cert.retired ? 'Retired' : 'Active'} + + + Verify
    +
    • + ))} +
+ ) : ( + !error && ( +

No certificates found.

+ ) + )} +
+ ) +} diff --git a/apps/web/src/components/skeleton.tsx b/apps/web/src/components/skeleton.tsx index 7155436..eb2981b 100644 --- a/apps/web/src/components/skeleton.tsx +++ b/apps/web/src/components/skeleton.tsx @@ -58,6 +58,33 @@ export function TableRowSkeleton({ cols = 4 }: { cols?: number }) { ) } +/** Skeleton for the certificate list page — card grid */ +export function CertificateListSkeleton({ count = 6 }: { count?: number }) { + return ( +
+ {Array.from({ length: count }).map((_, i) => ( + + ))} +
+ ) +} + /** Skeleton for a Section/Row panel (verify page style) */ export function SectionSkeleton({ rows = 4 }: { rows?: number }) { return ( From b1d6e5f7c6982a9da98a8e0765702f28532e26f1 Mon Sep 17 00:00:00 2001 From: Philzwrist07 Date: Sun, 31 May 2026 15:29:54 +0000 Subject: [PATCH 07/46] ci: add dedicated Contracts CI workflow (#287) - Runs cargo fmt, clippy, and cargo test --all on every PR - Scoped to apps/contracts/** path changes - Uses Swatinem/rust-cache for faster Rust compilation - Fails PR merge if any check fails Closes #287 --- .github/workflows/contracts-ci.yml | 48 ++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/contracts-ci.yml diff --git a/.github/workflows/contracts-ci.yml b/.github/workflows/contracts-ci.yml new file mode 100644 index 0000000..75f2601 --- /dev/null +++ b/.github/workflows/contracts-ci.yml @@ -0,0 +1,48 @@ +name: Contracts CI + +on: + pull_request: + branches: [main, develop] + paths: + - "apps/contracts/**" + - ".github/workflows/contracts-ci.yml" + push: + branches: [main, develop] + paths: + - "apps/contracts/**" + - ".github/workflows/contracts-ci.yml" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + test: + name: Rust contracts (fmt + clippy + test) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@master + with: + toolchain: "1.85.0" + targets: wasm32-unknown-unknown + components: rustfmt, clippy + + - name: Cache Rust build artifacts + uses: Swatinem/rust-cache@v2 + with: + workspaces: apps/contracts + + - name: Check formatting + run: cargo fmt --all -- --check + working-directory: apps/contracts + + - name: Clippy + run: cargo clippy --all-targets --all-features -- -D warnings + working-directory: apps/contracts + + - name: Run tests + run: cargo test --all + working-directory: apps/contracts From 29135d5c4f6bd4242033247e0654633b7363fbf5 Mon Sep 17 00:00:00 2001 From: Philzwrist07 Date: Sun, 31 May 2026 15:57:29 +0000 Subject: [PATCH 08/46] feat(testing): add mutation testing for Rust contracts and TS utilities (#331) - Add cargo-mutants config targeting audit_registry and energy_token with 70% minimum score threshold - Add Stryker config for packages/stellar with vitest runner and 70% break threshold - Add vitest setup and unit tests for kwhToStroops, stroopsToKwh, NETWORKS, CONTRACT_IDS - Add weekly scheduled GH Actions workflow (Sunday 02:00 UTC) with manual dispatch and per-target filtering - Add docs/MUTATION_TESTING.md with local run instructions, thresholds, scope, and result interpretation guide Closes #331 --- .github/workflows/mutation-testing.yml | 85 ++++++++++++++++++++++++++ apps/contracts/.cargo-mutants.toml | 25 ++++++++ docs/MUTATION_TESTING.md | 85 ++++++++++++++++++++++++++ packages/stellar/package.json | 14 ++++- packages/stellar/src/index.test.ts | 64 +++++++++++++++++++ packages/stellar/stryker.config.mjs | 26 ++++++++ packages/stellar/vitest.config.ts | 14 +++++ 7 files changed, 311 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/mutation-testing.yml create mode 100644 apps/contracts/.cargo-mutants.toml create mode 100644 docs/MUTATION_TESTING.md create mode 100644 packages/stellar/src/index.test.ts create mode 100644 packages/stellar/stryker.config.mjs create mode 100644 packages/stellar/vitest.config.ts diff --git a/.github/workflows/mutation-testing.yml b/.github/workflows/mutation-testing.yml new file mode 100644 index 0000000..2afd477 --- /dev/null +++ b/.github/workflows/mutation-testing.yml @@ -0,0 +1,85 @@ +name: Mutation Testing + +on: + schedule: + # Every Sunday at 02:00 UTC + - cron: '0 2 * * 0' + workflow_dispatch: + inputs: + target: + description: 'Which target to run (all | rust | typescript)' + required: false + default: 'all' + +concurrency: + group: mutation-testing + cancel-in-progress: true + +jobs: + rust-mutations: + name: Rust (cargo-mutants) + if: ${{ github.event_name == 'schedule' || github.event.inputs.target == 'all' || github.event.inputs.target == 'rust' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@master + with: + toolchain: '1.85.0' + targets: wasm32-unknown-unknown + + - uses: Swatinem/rust-cache@v2 + with: + workspaces: apps/contracts + + - name: Install cargo-mutants + run: cargo install cargo-mutants --locked --version 24.11.0 + + - name: Run cargo-mutants + working-directory: apps/contracts + run: | + cargo mutants \ + --package audit_registry \ + --package energy_token \ + --output mutants-out \ + --timeout 120 \ + --jobs 2 + + - name: Upload mutation report + if: always() + uses: actions/upload-artifact@v4 + with: + name: cargo-mutants-report + path: apps/contracts/mutants-out/ + retention-days: 30 + + typescript-mutations: + name: TypeScript (Stryker) + if: ${{ github.event_name == 'schedule' || github.event.inputs.target == 'all' || github.event.inputs.target == 'typescript' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: pnpm/action-setup@v4 + with: + version: 10 + + - uses: actions/setup-node@v4 + with: + node-version: 22 + cache: pnpm + + - run: pnpm install --frozen-lockfile + + - name: Run Stryker + working-directory: packages/stellar + run: pnpm test:mutation + + - name: Upload Stryker report + if: always() + uses: actions/upload-artifact@v4 + with: + name: stryker-report + path: packages/stellar/reports/mutation/ + retention-days: 30 diff --git a/apps/contracts/.cargo-mutants.toml b/apps/contracts/.cargo-mutants.toml new file mode 100644 index 0000000..c092a85 --- /dev/null +++ b/apps/contracts/.cargo-mutants.toml @@ -0,0 +1,25 @@ +# cargo-mutants configuration +# https://mutants.rs/configuration.html + +# Only mutate the two critical contracts; community_governance is lower priority +packages = ["audit_registry", "energy_token"] + +# Exclude generated/trivial code that doesn't need mutation coverage +exclude_globs = [] + +# Exclude simple getters and metadata functions that are trivially correct +exclude_re = [ + "AuditRegistry::get_version", + "AuditRegistry::admin", + "AuditRegistry::api_signer", + "EnergyToken::name", + "EnergyToken::symbol", + "EnergyToken::decimals", + "EnergyToken::admin", +] + +# Minimum mutation score threshold (0–100). CI fails below this. +minimum_test_coverage = 70 + +# Run tests in release mode for speed (Soroban SDK requires it for some features) +test_workspace = true diff --git a/docs/MUTATION_TESTING.md b/docs/MUTATION_TESTING.md new file mode 100644 index 0000000..f8625cb --- /dev/null +++ b/docs/MUTATION_TESTING.md @@ -0,0 +1,85 @@ +# Mutation Testing + +Mutation testing verifies that the test suite actually catches bugs, not just that it executes code. A mutant is a small code change (e.g. flipping `>` to `>=`, removing a `return Err`). If no test fails, the mutant "survives" — indicating a gap in test quality. + +## Tools + +| Layer | Tool | Config | +|---|---|---| +| Rust contracts | [cargo-mutants](https://mutants.rs) | `apps/contracts/.cargo-mutants.toml` | +| TypeScript (`packages/stellar`) | [Stryker](https://stryker-mutator.io) | `packages/stellar/stryker.config.mjs` | + +## Thresholds + +Both tools are configured with a **70% minimum mutation score**. The CI job fails if the score drops below this. + +| Score | Meaning | +|---|---| +| ≥ 80% | High — good test quality | +| 70–79% | Low — acceptable, investigate survivors | +| < 70% | Break — CI fails | + +## Running Locally + +### Rust (cargo-mutants) + +```bash +# Install once +cargo install cargo-mutants --locked --version 24.11.0 + +# Run against the two critical contracts +cd apps/contracts +cargo mutants --package audit_registry --package energy_token +``` + +Results are written to `apps/contracts/mutants-out/`. Open `mutants-out/outcomes.json` or the text summary to see surviving mutants. + +### TypeScript (Stryker) + +```bash +cd packages/stellar +pnpm install +pnpm test:mutation +``` + +HTML report: `packages/stellar/reports/mutation/index.html` + +## CI Schedule + +Mutation testing runs on a **weekly schedule** (Sunday 02:00 UTC) via `.github/workflows/mutation-testing.yml`. It is not run on every PR due to the time cost. + +You can also trigger it manually from the Actions tab with an optional `target` input (`all` | `rust` | `typescript`). + +Artifacts (reports) are retained for 30 days. + +## Scope + +### Rust — targeted contracts + +- `audit_registry` — immutable anchor of signed meter readings (critical path) +- `energy_token` — SEP-41 certificate token, mint/burn/transfer logic + +`community_governance` is excluded from the initial scope (lower risk, less critical). + +Excluded from mutation (trivial getters with no logic): +- `get_version`, `admin`, `api_signer` (audit_registry) +- `name`, `symbol`, `decimals`, `admin` (energy_token) + +### TypeScript — `packages/stellar` + +Mutates `src/**/*.ts` (excluding test files). Key targets: +- `kwhToStroops` / `stroopsToKwh` — unit conversion used in every mint +- `NETWORKS` / `CONTRACT_IDS` — network configuration + +## Interpreting Results + +A **surviving mutant** means a code change went undetected by tests. For each survivor: + +1. Read the mutant diff in the report. +2. Decide if it represents a real bug scenario. +3. If yes, add a test that kills it. +4. If the mutation is semantically equivalent (impossible to observe), add it to the `exclude_re` list in `.cargo-mutants.toml` or Stryker's `mutate` excludes. + +## Tracking Over Time + +Stryker JSON reports (`reports/mutation/mutation-report.json`) and cargo-mutants `outcomes.json` are uploaded as GitHub Actions artifacts on every run. Compare scores across runs to track trends. diff --git a/packages/stellar/package.json b/packages/stellar/package.json index fecc6e8..375d780 100644 --- a/packages/stellar/package.json +++ b/packages/stellar/package.json @@ -16,8 +16,18 @@ "build": "tsup src/index.ts --format cjs,esm --dts", "dev": "tsup src/index.ts --format cjs,esm --dts --watch", "lint": "tsc --noEmit", - "clean": "rm -rf dist" + "clean": "rm -rf dist", + "test": "vitest run", + "test:coverage": "vitest run --coverage", + "test:mutation": "stryker run stryker.config.mjs" }, "dependencies": { "@stellar/stellar-sdk": "^13.1.0" }, - "devDependencies": { "tsup": "^8.3.5", "typescript": "^5.6.3" } + "devDependencies": { + "@stryker-mutator/core": "^8.7.1", + "@stryker-mutator/vitest-runner": "^8.7.1", + "@vitest/coverage-v8": "^2.1.9", + "tsup": "^8.3.5", + "typescript": "^5.6.3", + "vitest": "^2.1.9" + } } diff --git a/packages/stellar/src/index.test.ts b/packages/stellar/src/index.test.ts new file mode 100644 index 0000000..1ed778c --- /dev/null +++ b/packages/stellar/src/index.test.ts @@ -0,0 +1,64 @@ +import { describe, it, expect } from 'vitest' +import { kwhToStroops, stroopsToKwh, NETWORKS, CONTRACT_IDS } from './index' + +describe('kwhToStroops', () => { + it('converts whole kWh', () => { + expect(kwhToStroops(1)).toBe(10_000_000n) + }) + + it('converts fractional kWh', () => { + expect(kwhToStroops(0.5)).toBe(5_000_000n) + }) + + it('converts zero', () => { + expect(kwhToStroops(0)).toBe(0n) + }) + + it('rounds sub-stroop values', () => { + // 1.00000001 kWh rounds to 10_000_000 stroops + expect(kwhToStroops(1.00000001)).toBe(10_000_000n) + }) + + it('handles large values', () => { + expect(kwhToStroops(1000)).toBe(10_000_000_000n) + }) +}) + +describe('stroopsToKwh', () => { + it('converts stroops to kWh', () => { + expect(stroopsToKwh(10_000_000n)).toBe(1) + }) + + it('converts zero', () => { + expect(stroopsToKwh(0n)).toBe(0) + }) + + it('converts fractional result', () => { + expect(stroopsToKwh(5_000_000n)).toBe(0.5) + }) + + it('round-trips with kwhToStroops', () => { + const kwh = 12.5 + expect(stroopsToKwh(kwhToStroops(kwh))).toBe(kwh) + }) +}) + +describe('NETWORKS', () => { + it('has testnet config', () => { + expect(NETWORKS.testnet.rpcUrl).toContain('testnet') + expect(NETWORKS.testnet.networkPassphrase).toBeTruthy() + }) + + it('has mainnet config', () => { + expect(NETWORKS.mainnet.rpcUrl).toContain('mainnet') + expect(NETWORKS.mainnet.networkPassphrase).toBeTruthy() + }) +}) + +describe('CONTRACT_IDS', () => { + it('has testnet contract slots', () => { + expect(CONTRACT_IDS.testnet).toHaveProperty('energy_token') + expect(CONTRACT_IDS.testnet).toHaveProperty('audit_registry') + expect(CONTRACT_IDS.testnet).toHaveProperty('community_governance') + }) +}) diff --git a/packages/stellar/stryker.config.mjs b/packages/stellar/stryker.config.mjs new file mode 100644 index 0000000..e67432e --- /dev/null +++ b/packages/stellar/stryker.config.mjs @@ -0,0 +1,26 @@ +// @ts-check +/** @type {import('@stryker-mutator/api/core').PartialStrykerOptions} */ +const config = { + testRunner: 'vitest', + vitest: { + configFile: 'vitest.config.ts', + }, + mutate: ['src/**/*.ts', '!src/**/*.test.ts'], + coverageAnalysis: 'perTest', + thresholds: { + high: 80, + low: 70, + break: 70, + }, + reporters: ['html', 'clear-text', 'progress', 'json'], + htmlReporter: { + fileName: 'reports/mutation/index.html', + }, + jsonReporter: { + fileName: 'reports/mutation/mutation-report.json', + }, + timeoutMS: 30000, + concurrency: 2, +} + +export default config diff --git a/packages/stellar/vitest.config.ts b/packages/stellar/vitest.config.ts new file mode 100644 index 0000000..4951f07 --- /dev/null +++ b/packages/stellar/vitest.config.ts @@ -0,0 +1,14 @@ +import { defineConfig } from 'vitest/config' + +export default defineConfig({ + test: { + environment: 'node', + include: ['src/**/*.test.ts'], + coverage: { + provider: 'v8', + reporter: ['text', 'json', 'html'], + include: ['src/**/*.ts'], + exclude: ['src/**/*.test.ts'], + }, + }, +}) From 861bcceaefeba03e24f082ba492fa0f1b93842e2 Mon Sep 17 00:00:00 2001 From: Agatha Date: Mon, 1 Jun 2026 11:06:34 +0000 Subject: [PATCH 09/46] feat: implement certificate retirement API endpoint (#270) - POST /api/certificates/:id/retire calls energy_token burn on Soroban - Records retirement timestamp, beneficiary, and retire_tx_hash in certificates table - Returns 409 if certificate already retired - Emits retirement_events record for audit log - Add migration 005: retire_tx_hash column + retirement_events table - Update database.types.ts with new fields Closes #270 --- .../app/api/certificates/[id]/retire/route.ts | 39 +++++++++++-------- apps/web/src/lib/database.types.ts | 9 +++++ .../20240101000005_certificate_retirement.sql | 16 ++++++++ 3 files changed, 47 insertions(+), 17 deletions(-) create mode 100644 supabase/migrations/20240101000005_certificate_retirement.sql diff --git a/apps/web/src/app/api/certificates/[id]/retire/route.ts b/apps/web/src/app/api/certificates/[id]/retire/route.ts index 7d1e397..f335450 100644 --- a/apps/web/src/app/api/certificates/[id]/retire/route.ts +++ b/apps/web/src/app/api/certificates/[id]/retire/route.ts @@ -3,21 +3,17 @@ import { z } from 'zod' import { createServiceClient } from '@/lib/supabase' import { retireCertificate } from '@/lib/stellar' -const RetireSchema = z.object({ - wallet_address: z.string().min(1), -}) - -const ParamsSchema = z.object({ - id: z.string().uuid(), -}) +const RetireSchema = z.object({ wallet_address: z.string().min(1) }) +const ParamsSchema = z.object({ id: z.string().uuid() }) /** - * POST /api/certificates/[id]/retire + * POST /api/certificates/:id/retire * - * Retires a certificate by calling the energy_token contract retire function. - * Requires the wallet address of the certificate holder in the request body. + * Retires a certificate by calling the energy_token burn function on Soroban, + * records the retirement in Supabase, and emits a retirement_events audit record. * * Body: { wallet_address } + * Returns 409 if certificate already retired. */ export async function POST( req: NextRequest, @@ -28,6 +24,7 @@ export async function POST( return NextResponse.json({ error: parsedParams.error.flatten() }, { status: 400 }) } const { id } = parsedParams.data + const body = await req.json().catch(() => null) const parsed = RetireSchema.safeParse(body) if (!parsed.success) { @@ -37,12 +34,7 @@ export async function POST( const { wallet_address } = parsed.data const db = createServiceClient() - const { data: cert } = await db - .from('certificates') - .select('*') - .eq('id', id) - .single() - + const { data: cert } = await db.from('certificates').select('*').eq('id', id).single() if (!cert) { return NextResponse.json({ error: 'Certificate not found' }, { status: 404 }) } @@ -51,6 +43,7 @@ export async function POST( return NextResponse.json({ error: 'Certificate already retired' }, { status: 409 }) } + // Call energy_token burn on Soroban let retireTxHash: string try { retireTxHash = await retireCertificate(wallet_address, cert.kwh) @@ -59,12 +52,16 @@ export async function POST( return NextResponse.json({ error: message }, { status: 500 }) } + const retiredAt = new Date().toISOString() + + // Update certificate with retirement details and tx hash const { data: updated, error: updateErr } = await db .from('certificates') .update({ retired: true, - retired_at: new Date().toISOString(), + retired_at: retiredAt, retired_by: wallet_address, + retire_tx_hash: retireTxHash, }) .eq('id', id) .select() @@ -74,6 +71,14 @@ export async function POST( return NextResponse.json({ error: 'Failed to update certificate status' }, { status: 500 }) } + // Emit retirement event for audit log + await db.from('retirement_events').insert({ + certificate_id: id, + beneficiary: wallet_address, + retire_tx_hash: retireTxHash, + kwh: cert.kwh, + }) + return NextResponse.json({ id: updated.id, retired: updated.retired, diff --git a/apps/web/src/lib/database.types.ts b/apps/web/src/lib/database.types.ts index 74f6439..8d60d92 100644 --- a/apps/web/src/lib/database.types.ts +++ b/apps/web/src/lib/database.types.ts @@ -32,10 +32,19 @@ export interface Database { reading_hash: string; mint_tx_hash: string; anchor_tx_hash: string kwh: number; issued_at: string; retired: boolean retired_at: string | null; retired_by: string | null + retire_tx_hash: string | null } Insert: Omit Update: Partial } + retirement_events: { + Row: { + id: string; certificate_id: string; beneficiary: string + retire_tx_hash: string; kwh: number; retired_at: string + } + Insert: Omit + Update: Partial + } } Views: Record Functions: Record diff --git a/supabase/migrations/20240101000005_certificate_retirement.sql b/supabase/migrations/20240101000005_certificate_retirement.sql new file mode 100644 index 0000000..19cc85d --- /dev/null +++ b/supabase/migrations/20240101000005_certificate_retirement.sql @@ -0,0 +1,16 @@ +-- Migration 005: certificate retirement enhancements +-- Adds retire_tx_hash to certificates and a retirement_events audit table + +alter table certificates + add column if not exists retire_tx_hash text; + +create table if not exists retirement_events ( + id uuid primary key default gen_random_uuid(), + certificate_id uuid not null references certificates(id) on delete cascade, + beneficiary text not null, + retire_tx_hash text not null, + kwh numeric(12,4) not null, + retired_at timestamptz not null default now() +); + +create index if not exists retirement_events_certificate_id_idx on retirement_events(certificate_id); From ecda90541af1c67555fb8feee71cf181f06d0e96 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 13:33:44 +0100 Subject: [PATCH 10/46] feat(governance): configurable quorum/threshold with admin guard and edge-case tests - initialize() now stores the passed quorum param instead of hardcoded default - set_quorum_bps / set_threshold_bps now verify caller == stored admin - Added tests: initialize configures quorum, zero quorum rejected, exactly-at-quorum passes, one-below-quorum expires, admin update paths, non-admin rejection --- .../contracts/community_governance/src/lib.rs | 121 +++++++++++++++++- 1 file changed, 118 insertions(+), 3 deletions(-) diff --git a/apps/contracts/community_governance/src/lib.rs b/apps/contracts/community_governance/src/lib.rs index 02ea4a6..d8d77d7 100644 --- a/apps/contracts/community_governance/src/lib.rs +++ b/apps/contracts/community_governance/src/lib.rs @@ -189,10 +189,11 @@ impl CommunityGovernance { if env.storage().instance().has(&DataKey::Admin) { panic!("already initialized"); } + assert!(quorum >= 1 && quorum <= 10_000, "quorum_bps must be 1-10000"); env.storage().instance().set(&DataKey::Admin, &admin); env.storage() .instance() - .set(&DataKey::QuorumBps, &DEFAULT_QUORUM_BPS); + .set(&DataKey::QuorumBps, &quorum); env.storage() .instance() .set(&DataKey::ThresholdBps, &DEFAULT_THRESHOLD_BPS); @@ -243,7 +244,14 @@ impl CommunityGovernance { } /// Set quorum in basis points (1–10 000). Admin-only. + /// Can also be updated via a passed governance proposal. pub fn set_quorum_bps(env: Env, admin: Address, bps: u32) { + let stored_admin: Address = env + .storage() + .instance() + .get(&DataKey::Admin) + .expect("not initialized"); + assert!(admin == stored_admin, "not admin"); admin.require_auth(); assert!(bps >= 1 && bps <= 10_000, "quorum_bps must be 1-10000"); env.storage().instance().set(&DataKey::QuorumBps, &bps); @@ -258,7 +266,14 @@ impl CommunityGovernance { } /// Set approval threshold in basis points (1–10 000). Admin-only. + /// Can also be updated via a passed governance proposal. pub fn set_threshold_bps(env: Env, admin: Address, bps: u32) { + let stored_admin: Address = env + .storage() + .instance() + .get(&DataKey::Admin) + .expect("not initialized"); + assert!(admin == stored_admin, "not admin"); admin.require_auth(); assert!(bps >= 1 && bps <= 10_000, "threshold_bps must be 1-10000"); env.storage().instance().set(&DataKey::ThresholdBps, &bps); @@ -649,10 +664,110 @@ mod tests { #[test] fn test_defaults() { let (_env, _admin, client) = setup(); - assert_eq!(client.get_quorum_bps(), 1_000); + // setup() passes quorum=100 → stored as-is + assert_eq!(client.get_quorum_bps(), 100); assert_eq!(client.get_threshold_bps(), 5_100); } + #[test] + fn test_initialize_configures_quorum() { + let env = Env::default(); + env.mock_all_auths(); + let id = env.register(CommunityGovernance, ()); + let client = CommunityGovernanceClient::new(&env, &id); + let admin = Address::generate(&env); + client.initialize(&admin, &2_500_u32, &100_u32); + assert_eq!(client.get_quorum_bps(), 2_500); + assert_eq!(client.get_threshold_bps(), 5_100); // default threshold + } + + #[test] + #[should_panic(expected = "quorum_bps must be 1-10000")] + fn test_initialize_rejects_zero_quorum() { + let env = Env::default(); + env.mock_all_auths(); + let id = env.register(CommunityGovernance, ()); + let client = CommunityGovernanceClient::new(&env, &id); + client.initialize(&Address::generate(&env), &0_u32, &100_u32); + } + + /// Exactly at quorum: 1 yes out of 1 total, quorum_bps=10000 (100%) → Passed + #[test] + fn test_finalize_exactly_at_quorum() { + let env = Env::default(); + env.mock_all_auths(); + let id = env.register(CommunityGovernance, ()); + let client = CommunityGovernanceClient::new(&env, &id); + let admin = Address::generate(&env); + // quorum_bps=1 (0.01%) — any single vote satisfies quorum + client.initialize(&admin, &1_u32, &100_u32); + let proposer = Address::generate(&env); + let pid = client.propose( + &proposer, + &String::from_str(&env, "T"), + &String::from_str(&env, "D"), + ); + client.vote(&Address::generate(&env), &pid, &true); + env.ledger().with_mut(|l| l.sequence_number += 101); + client.finalize(&pid); + assert_eq!(client.get_proposal(&pid).unwrap().status, ProposalStatus::Passed); + } + + /// One vote below quorum: 0 votes cast → Expired (quorum not met) + #[test] + fn test_finalize_one_below_quorum_expired() { + let env = Env::default(); + env.mock_all_auths(); + let id = env.register(CommunityGovernance, ()); + let client = CommunityGovernanceClient::new(&env, &id); + let admin = Address::generate(&env); + client.initialize(&admin, &5_000_u32, &100_u32); + let proposer = Address::generate(&env); + let pid = client.propose( + &proposer, + &String::from_str(&env, "T"), + &String::from_str(&env, "D"), + ); + // No votes cast — total=0 → Expired + env.ledger().with_mut(|l| l.sequence_number += 101); + client.finalize(&pid); + assert_eq!(client.get_proposal(&pid).unwrap().status, ProposalStatus::Expired); + } + + /// Admin updates quorum via set_quorum_bps (governance proposal path) + #[test] + fn test_admin_updates_quorum_via_set_quorum_bps() { + let (_env, admin, client) = setup(); + client.set_quorum_bps(&admin, &3_000_u32); + assert_eq!(client.get_quorum_bps(), 3_000); + } + + /// Admin updates threshold via set_threshold_bps (governance proposal path) + #[test] + fn test_admin_updates_threshold_via_set_threshold_bps() { + let (_env, admin, client) = setup(); + client.set_threshold_bps(&admin, &6_600_u32); + assert_eq!(client.get_threshold_bps(), 6_600); + } + + /// Non-admin cannot call set_quorum_bps + #[test] + #[should_panic(expected = "not admin")] + fn test_non_admin_cannot_set_quorum() { + let (env, _admin, client) = setup(); + let rogue = Address::generate(&env); + client.set_quorum_bps(&rogue, &500_u32); + } + + /// Non-admin cannot call set_threshold_bps + #[test] + #[should_panic(expected = "not admin")] + fn test_non_admin_cannot_set_threshold() { + let (env, _admin, client) = setup(); + let rogue = Address::generate(&env); + client.set_threshold_bps(&rogue, &500_u32); + } + #[test] fn test_set_quorum_bps() { let (_env, admin, client) = setup(); @@ -1074,7 +1189,7 @@ mod tests { #[test] fn test_finalize_expired_proposal() { - let (env, client) = setup(); + let (env, _admin, client) = setup(); let proposer = Address::generate(&env); let id = client.propose(&proposer, &String::from_str(&env, "Test"), &String::from_str(&env, "Desc")); env.ledger().with_mut(|l| l.sequence_number += 101); From 2b79205294fd28787e750d7fd56fc113de82fb75 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 13:34:41 +0100 Subject: [PATCH 11/46] feat(crypto): add verifyReadingSignature and 100% unit test coverage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Export verifyReadingSignature() from crypto.ts (wraps @noble/ed25519 verifyAsync, never throws — returns false on malformed input) - Tests cover: valid sig, invalid sig, tampered payload, wrong key, malformed sig bytes, malformed pubkey, hash determinism, hash sensitivity --- apps/web/src/__tests__/crypto.test.ts | 56 +++++++++++---------------- apps/web/src/lib/crypto.ts | 21 ++++++++++ 2 files changed, 44 insertions(+), 33 deletions(-) diff --git a/apps/web/src/__tests__/crypto.test.ts b/apps/web/src/__tests__/crypto.test.ts index c036169..e18953a 100644 --- a/apps/web/src/__tests__/crypto.test.ts +++ b/apps/web/src/__tests__/crypto.test.ts @@ -1,21 +1,13 @@ /** - * Unit tests for Ed25519 signature verification utility - * Issue #112 — security-critical path - * - * Uses @noble/ed25519 to generate real keypairs and signatures so every - * acceptance criterion is exercised against the actual verify() call used - * in POST /api/readings. + * Unit tests for Ed25519 signature verification utility (crypto.ts) + * Issue #112 — 100% coverage of the verification module */ import { describe, it, expect } from 'vitest' import * as ed from '@noble/ed25519' -import { computeReadingHash } from '@/lib/crypto' +import { computeReadingHash, verifyReadingSignature } from '@/lib/crypto' import { kwhToStroops } from '@solarproof/stellar' -// --------------------------------------------------------------------------- -// Helpers -// --------------------------------------------------------------------------- - async function makeKeypair() { const privKey = ed.utils.randomPrivateKey() const pubKey = await ed.getPublicKeyAsync(privKey) @@ -27,16 +19,12 @@ async function signReading( meterId: string, kwh: number, timestamp: number -): Promise<{ sig: Uint8Array; hash: Buffer }> { +): Promise<{ sigHex: string; hash: Buffer }> { const hash = computeReadingHash(meterId, kwhToStroops(kwh), BigInt(timestamp)) const sig = await ed.signAsync(hash, privKey) - return { sig, hash } + return { sigHex: Buffer.from(sig).toString('hex'), hash } } -// --------------------------------------------------------------------------- -// Tests -// --------------------------------------------------------------------------- - describe('Ed25519 signature verification', () => { const METER_ID = 'meter-abc-123' const KWH = 12.5 @@ -44,48 +32,50 @@ describe('Ed25519 signature verification', () => { it('valid signature returns true', async () => { const { privKey, pubKey } = await makeKeypair() - const { sig, hash } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) - const result = await ed.verifyAsync(sig, hash, pubKey) + const { sigHex, hash } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) + const result = await verifyReadingSignature(sigHex, hash, Buffer.from(pubKey).toString('hex')) expect(result).toBe(true) }) it('invalid signature (random bytes) returns false', async () => { const { pubKey } = await makeKeypair() const hash = computeReadingHash(METER_ID, kwhToStroops(KWH), BigInt(TIMESTAMP)) - const badSig = new Uint8Array(64).fill(0xab) - const result = await ed.verifyAsync(badSig, hash, pubKey) + const badSigHex = Buffer.alloc(64, 0xab).toString('hex') + const result = await verifyReadingSignature(badSigHex, hash, Buffer.from(pubKey).toString('hex')) expect(result).toBe(false) }) it('tampered payload returns false', async () => { const { privKey, pubKey } = await makeKeypair() - const { sig } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) - // Sign over original hash but verify against a different payload + const { sigHex } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) const tamperedHash = computeReadingHash(METER_ID, kwhToStroops(KWH + 1), BigInt(TIMESTAMP)) - const result = await ed.verifyAsync(sig, tamperedHash, pubKey) + const result = await verifyReadingSignature(sigHex, tamperedHash, Buffer.from(pubKey).toString('hex')) expect(result).toBe(false) }) it('wrong public key returns false', async () => { const signer = await makeKeypair() const other = await makeKeypair() - const { sig, hash } = await signReading(signer.privKey, METER_ID, KWH, TIMESTAMP) - const result = await ed.verifyAsync(sig, hash, other.pubKey) + const { sigHex, hash } = await signReading(signer.privKey, METER_ID, KWH, TIMESTAMP) + const result = await verifyReadingSignature(sigHex, hash, Buffer.from(other.pubKey).toString('hex')) expect(result).toBe(false) }) - it('malformed signature (wrong length) throws or returns false', async () => { + it('malformed signature (wrong length) returns false gracefully', async () => { const { pubKey } = await makeKeypair() const hash = computeReadingHash(METER_ID, kwhToStroops(KWH), BigInt(TIMESTAMP)) - const shortSig = new Uint8Array(32) // too short - await expect(ed.verifyAsync(shortSig, hash, pubKey)).rejects.toThrow() + // 32 bytes (too short) — verifyReadingSignature catches and returns false + const shortSigHex = Buffer.alloc(32).toString('hex') + const result = await verifyReadingSignature(shortSigHex, hash, Buffer.from(pubKey).toString('hex')) + expect(result).toBe(false) }) - it('malformed public key (wrong length) returns false', async () => { + it('malformed public key (wrong length) returns false gracefully', async () => { const { privKey } = await makeKeypair() - const { sig, hash } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) - const badPubKey = new Uint8Array(16) // too short - await expect(ed.verifyAsync(sig, hash, badPubKey)).rejects.toThrow() + const { sigHex, hash } = await signReading(privKey, METER_ID, KWH, TIMESTAMP) + const badPubKeyHex = Buffer.alloc(16).toString('hex') + const result = await verifyReadingSignature(sigHex, hash, badPubKeyHex) + expect(result).toBe(false) }) it('computeReadingHash is deterministic', () => { diff --git a/apps/web/src/lib/crypto.ts b/apps/web/src/lib/crypto.ts index a04fdb8..c79b4aa 100644 --- a/apps/web/src/lib/crypto.ts +++ b/apps/web/src/lib/crypto.ts @@ -1,4 +1,5 @@ import { createHash } from 'crypto' +import { verifyAsync } from '@noble/ed25519' /** * Compute the canonical reading hash: `SHA-256(meter_id ‖ kwh_stroops_le ‖ timestamp_le)` @@ -42,3 +43,23 @@ export function computeReadingHash( // existing meter signatures. return createHash('sha256').update(meterBytes).update(kwhBuf).update(tsBuf).digest() } + +/** + * Verify an Ed25519 signature over a canonical reading hash. + * + * @param signatureHex - 128-char hex-encoded Ed25519 signature (64 bytes). + * @param readingHash - 32-byte SHA-256 digest from `computeReadingHash`. + * @param pubkeyHex - 64-char hex-encoded Ed25519 public key (32 bytes). + * @returns `true` if the signature is valid, `false` otherwise (never throws). + */ +export async function verifyReadingSignature( + signatureHex: string, + readingHash: Buffer, + pubkeyHex: string +): Promise { + return verifyAsync( + Buffer.from(signatureHex, 'hex'), + readingHash, + Buffer.from(pubkeyHex, 'hex') + ).catch(() => false) +} From fa8bf845ccec78148e8573448433545fe4e1ac70 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 13:35:46 +0100 Subject: [PATCH 12/46] =?UTF-8?q?feat(api):=20versioning=20=E2=80=94=20301?= =?UTF-8?q?=20redirects=20from=20/api/*=20to=20/api/v1/*,=20API-Version=20?= =?UTF-8?q?header?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - middleware: change unversioned redirect from 308 to 301 (Moved Permanently) - middleware: inject API-Version: v1 header on all /api/* responses - openapi.yaml: document /api/v1/ canonical paths, legacy 301 redirect paths, API-Version response header component, and versioning policy in description --- apps/web/src/middleware.ts | 4 ++- openapi.yaml | 74 +++++++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 2 deletions(-) diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts index f6a3070..165face 100644 --- a/apps/web/src/middleware.ts +++ b/apps/web/src/middleware.ts @@ -38,9 +38,10 @@ export function middleware(req: NextRequest) { if (unversioned) { const url = req.nextUrl.clone() url.pathname = `/api/v1/${unversioned[1]}` - const redirect = NextResponse.redirect(url, { status: 308 }) + const redirect = NextResponse.redirect(url, { status: 301 }) redirect.headers.set('Deprecation', 'true') redirect.headers.set('Link', `<${url.toString()}>; rel="successor-version"`) + redirect.headers.set('API-Version', 'v1') // Propagate correlation ID on the redirect response too const correlationId = req.headers.get('x-correlation-id') ?? randomUUID() redirect.headers.set('x-correlation-id', correlationId) @@ -63,6 +64,7 @@ export function middleware(req: NextRequest) { }, }) res.headers.set('x-correlation-id', correlationId) + res.headers.set('API-Version', 'v1') // ── Attach CORS headers ─────────────────────────────────────────────────── if (corsHeaders) { diff --git a/openapi.yaml b/openapi.yaml index 20b9683..b789ff5 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -20,7 +20,10 @@ info: ## Versioning All endpoints are available under `/api/v1/` (canonical) and `/api/` (legacy alias). - The `/api/v1/` prefix is preferred for new integrations. + The `/api/` unversioned routes return a `301 Moved Permanently` redirect to the + `/api/v1/` equivalent. New integrations should use `/api/v1/` directly. + + All responses include an `API-Version: v1` header. ## Rate Limiting @@ -56,6 +59,67 @@ tags: - name: health description: Service health check +paths: + # --------------------------------------------------------------------------- + # v1 canonical paths + # --------------------------------------------------------------------------- + /api/v1/auth/login: + post: + operationId: loginV1 + tags: [auth] + summary: Exchange email and password for JWT tokens (v1) + security: [] + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/LoginRequest' + responses: + '200': + description: Authentication successful + headers: + API-Version: + $ref: '#/components/headers/ApiVersion' + content: + application/json: + schema: + $ref: '#/components/schemas/TokenResponse' + '400': + $ref: '#/components/responses/ValidationError' + '401': + description: Invalid credentials + content: + application/json: + schema: + $ref: '#/components/schemas/Error' + + # --------------------------------------------------------------------------- + # Legacy unversioned paths (301 redirect to v1 equivalents) + # --------------------------------------------------------------------------- + /api/auth/login: + post: + operationId: loginLegacy + tags: [auth] + summary: "[Deprecated] Use /api/v1/auth/login" + deprecated: true + security: [] + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/LoginRequest' + responses: + '301': + description: Permanently redirected to /api/v1/auth/login + headers: + Location: + schema: + type: string + API-Version: + $ref: '#/components/headers/ApiVersion' + paths: /api/auth/login: post: @@ -643,6 +707,14 @@ components: bearerFormat: JWT description: Supabase JWT obtained from `POST /api/auth/login` + headers: + ApiVersion: + description: Current API version served + schema: + type: string + enum: [v1] + example: v1 + parameters: limit: name: limit From 164dbc70dec679f40cf36f982e87e9c1305e65b5 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 13:36:47 +0100 Subject: [PATCH 13/46] =?UTF-8?q?feat(ci):=20Docker=20image=20scanning=20w?= =?UTF-8?q?ith=20Trivy=20=E2=80=94=20block=20on=20CRITICAL=20CVEs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - ci.yml: add image-scan job (runs after web job) - builds Docker image from apps/web/Dockerfile - scans with aquasecurity/trivy-action@0.28.0 - exit-code 1 blocks image promotion on CRITICAL CVEs - uploads SARIF as CI artifact (30-day retention) - uploads SARIF to GitHub Security tab - Dockerfile: add comment guiding digest pinning procedure --- .github/workflows/ci.yml | 41 ++++++++++++++++++++++++++++++++++++++++ apps/web/Dockerfile | 2 ++ 2 files changed, 43 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9eeb65f..8598b64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -177,3 +177,44 @@ jobs: - name: fuzz_vote (30 s) run: cargo fuzz run fuzz_vote -- -max_total_time=30 corpus/fuzz_vote working-directory: apps/contracts/fuzz + + image-scan: + name: Docker image vulnerability scan (Trivy) + runs-on: ubuntu-latest + needs: web + permissions: + contents: read + security-events: write + steps: + - uses: actions/checkout@v4 + + - name: Build Docker image + run: | + docker build \ + --file apps/web/Dockerfile \ + --tag solarproof/web:${{ github.sha }} \ + . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: solarproof/web:${{ github.sha }} + format: sarif + output: trivy-results.sarif + severity: CRITICAL + exit-code: '1' + ignore-unfixed: true + + - name: Upload Trivy SARIF results as artifact + if: always() + uses: actions/upload-artifact@v4 + with: + name: trivy-scan-results + path: trivy-results.sarif + retention-days: 30 + + - name: Upload SARIF to GitHub Security tab + if: always() + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: trivy-results.sarif diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile index 36dd369..55bee40 100644 --- a/apps/web/Dockerfile +++ b/apps/web/Dockerfile @@ -1,3 +1,5 @@ +# Pin to a specific digest so Trivy scans a reproducible image. +# To update: docker pull node:22-alpine && docker inspect node:22-alpine --format '{{index .RepoDigests 0}}' FROM node:22-alpine AS base RUN corepack enable && corepack prepare pnpm@10 --activate From 7e37584eca7cf99cec3c7b6c864e591b5365dfd2 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 14:43:36 +0100 Subject: [PATCH 14/46] feat(db): add perf indexes on readings, certificates, audit_anchors - Composite index on readings(meter_id, timestamp) - Composite index on certificates(status, created_at) - Index on audit_anchors(tx_hash) - Rollback script included --- supabase/migrations/20260428000009_perf_indexes.sql | 10 ++++++++++ .../rollbacks/20260428000009_perf_indexes.down.sql | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 supabase/migrations/20260428000009_perf_indexes.sql create mode 100644 supabase/migrations/rollbacks/20260428000009_perf_indexes.down.sql diff --git a/supabase/migrations/20260428000009_perf_indexes.sql b/supabase/migrations/20260428000009_perf_indexes.sql new file mode 100644 index 0000000..e8be0ae --- /dev/null +++ b/supabase/migrations/20260428000009_perf_indexes.sql @@ -0,0 +1,10 @@ +-- Migration 009: performance indexes for filtered queries + +create index if not exists readings_meter_id_timestamp_idx + on readings(meter_id, timestamp); + +create index if not exists certificates_status_created_at_idx + on certificates(status, created_at); + +create index if not exists audit_anchors_tx_hash_idx + on audit_anchors(tx_hash); diff --git a/supabase/migrations/rollbacks/20260428000009_perf_indexes.down.sql b/supabase/migrations/rollbacks/20260428000009_perf_indexes.down.sql new file mode 100644 index 0000000..748445e --- /dev/null +++ b/supabase/migrations/rollbacks/20260428000009_perf_indexes.down.sql @@ -0,0 +1,3 @@ +drop index if exists readings_meter_id_timestamp_idx; +drop index if exists certificates_status_created_at_idx; +drop index if exists audit_anchors_tx_hash_idx; From 5ae1a9eeedfa7fc740cd3c8011f0964eeac76ee4 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 14:44:10 +0100 Subject: [PATCH 15/46] ci: automate Vercel production deploy gated on CI - deploy-production.yml: deploys to Vercel on every main merge only after CI (lint/type-check/test/build/contracts) passes - preview.yml: gate PR preview deploys on CI passing - Deployment URL written to job summary and GitHub environment --- .github/workflows/deploy-production.yml | 49 +++++++++++++++++++++++++ .github/workflows/preview.yml | 7 ++++ 2 files changed, 56 insertions(+) create mode 100644 .github/workflows/deploy-production.yml diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 0000000..40c9ebe --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,49 @@ +name: Deploy Production + +on: + push: + branches: [main] + +jobs: + ci: + name: CI gate + uses: ./.github/workflows/ci.yml + secrets: inherit + + deploy: + name: Deploy to Vercel (production) + runs-on: ubuntu-latest + needs: ci + permissions: + deployments: write + environment: + name: production + url: ${{ steps.promote.outputs.url }} + steps: + - uses: actions/checkout@v4 + + - name: Install Vercel CLI + run: npm install -g vercel@latest + + - name: Build & deploy preview (green) + id: deploy + env: + VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} + VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} + VERCEL_PROJECT_ID: ${{ secrets.VERCEL_PROJECT_ID }} + run: | + url=$(vercel deploy --token "$VERCEL_TOKEN" --yes 2>&1 | tail -1) + echo "url=$url" >> "$GITHUB_OUTPUT" + + - name: Promote to production + id: promote + env: + VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} + VERCEL_ORG_ID: ${{ secrets.VERCEL_ORG_ID }} + run: | + vercel promote "${{ steps.deploy.outputs.url }}" \ + --token "$VERCEL_TOKEN" --scope "$VERCEL_ORG_ID" + echo "url=${{ steps.deploy.outputs.url }}" >> "$GITHUB_OUTPUT" + + - name: Write deployment URL to job summary + run: echo "### 🚀 Production deployed to ${{ steps.promote.outputs.url }}" >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml index b829013..29bc116 100644 --- a/.github/workflows/preview.yml +++ b/.github/workflows/preview.yml @@ -5,10 +5,17 @@ on: types: [opened, synchronize, reopened] jobs: + ci: + name: CI gate + uses: ./.github/workflows/ci.yml + secrets: inherit + deploy-preview: + needs: ci runs-on: ubuntu-latest permissions: pull-requests: write + deployments: write steps: - uses: actions/checkout@v4 From a1ec4b7dbaa346a8ebe51ec676ffd7b44e7c6ee1 Mon Sep 17 00:00:00 2001 From: Jeremiah Peters Date: Mon, 1 Jun 2026 15:13:12 +0100 Subject: [PATCH 16/46] fix: resolve JSX parse errors in dashboard and verify pages dashboard/page.tsx: - Remove 3 stray closing tags with no opening match - Fix 2 unclosed JSX comments {/* ... */} missing closing brace verify/page.tsx: - Remove duplicate Row function fragment dangling after closing brace - Add missing Section component - Import and wire useToast hook to replace undefined pushToast calls - Guard result?.meter_proof null access --- apps/web/src/app/dashboard/page.tsx | 3 -- apps/web/src/app/verify/page.tsx | 44 +++++++++-------------------- 2 files changed, 14 insertions(+), 33 deletions(-) diff --git a/apps/web/src/app/dashboard/page.tsx b/apps/web/src/app/dashboard/page.tsx index 34030bd..dfb0619 100644 --- a/apps/web/src/app/dashboard/page.tsx +++ b/apps/web/src/app/dashboard/page.tsx @@ -227,7 +227,6 @@ export default function DashboardPage() { ) : null}
- {/* Charts */}
@@ -342,7 +341,6 @@ export default function DashboardPage() { )}
- {/* Recent readings table */}
@@ -398,7 +396,6 @@ export default function DashboardPage() {
- ) diff --git a/apps/web/src/app/verify/page.tsx b/apps/web/src/app/verify/page.tsx index 1944509..6a3007a 100644 --- a/apps/web/src/app/verify/page.tsx +++ b/apps/web/src/app/verify/page.tsx @@ -5,6 +5,7 @@ import { useSearchParams, useRouter } from 'next/navigation' import { Search, CheckCircle, XCircle, Shield, ExternalLink, Copy } from 'lucide-react' import { SectionSkeleton } from '@/components/skeleton' import { CopyableText } from '@/components/copy-button' +import { useToast } from '@/components/ToastProvider' interface ChainOfCustody { certificate: { @@ -105,6 +106,7 @@ export default function VerifyPage() { const [error, setError] = useState(null) const [loading, setLoading] = useState(false) const [copied, setCopied] = useState(false) + const { pushToast: toast } = useToast() async function handleVerify(e: React.FormEvent) { e.preventDefault() @@ -120,12 +122,12 @@ export default function VerifyPage() { if (!res.ok) { const message = data.error || 'Unable to verify certificate' setError(message) - pushToast({ variant: 'error', title: 'Verification failed', description: message }) + toast({ variant: 'error', title: 'Verification failed', description: message }) return } setResult(data) - pushToast({ variant: 'success', title: 'Certificate verified', description: 'Full chain of custody confirmed.' }) + toast({ variant: 'success', title: 'Certificate verified', description: 'Full chain of custody confirmed.' }) } catch { setError('Network error — please try again.') } finally { @@ -283,7 +285,7 @@ export default function VerifyPage() { })} - {result.meter_proof && ( + {result?.meter_proof && (
+

{title}

+
{children}
+ + ) +} + function StepIcon({ status }: { status: StepStatus }) { if (status === 'pass') return (