fix(dashboard): prevent JSON.parse crashes in credentials

[dmrdvn]

🐛 Bug Fix

Problem

Credential components crashed when public_notes field contained:

• null or undefined values
• Malformed JSON strings

Affected components:

• Credential card list
• Credential details modal
• Delete credential dialog

Solution

• Added safeParse utility function in shared/index.ts
• Replaced all unsafe JSON.parse() calls
• Added JSDoc documentation
• Generic type support for type safety

Changes

• shared/index.ts - New safeParse utility
• credential-card.tsx - Import safeParse
• credential-details.tsx - Import safeParse with types
• delete-credential.tsx - Import safeParse with types

Testing

• TypeScript compilation passes
• No runtime crashes on invalid JSON
• Backward compatible (empty object fallback)

Summary by CodeRabbit

• Bug Fixes
  • Implemented robust error handling for credential metadata parsing to prevent application crashes from malformed or invalid data.
  • Enhanced stability across credential management features when handling missing or corrupted metadata information.
  • Credentials with invalid data will no longer cause application failures.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

@dmrdvn is attempting to deploy a commit to the idOS Engineering Team on Vercel.

A member of the Team first needs to authorize it.

[pkg-pr-new]

Open in StackBlitz

@idos-network/client

npm i https://pkg.pr.new/idos-network/idos-sdk-js/@idos-network/client@1275

@idos-network/consumer

npm i https://pkg.pr.new/idos-network/idos-sdk-js/@idos-network/consumer@1275

@idos-network/credentials

npm i https://pkg.pr.new/idos-network/idos-sdk-js/@idos-network/credentials@1275

@idos-network/issuer

npm i https://pkg.pr.new/idos-network/idos-sdk-js/@idos-network/issuer@1275

@idos-network/utils

npm i https://pkg.pr.new/idos-network/idos-sdk-js/@idos-network/utils@1275

commit: 46e9ab9

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
data-dashboard	Ready	Preview, Comment	Jan 6, 2026 2:51pm

[ditoglez]

Thanks @dmrdvn for your contribution!

[coderabbitai]

📝 Walkthrough

Walkthrough

A utility function safeParse is added to safely parse JSON strings with fallback to empty objects on errors. Three credential components are refactored to use this utility instead of direct JSON.parse(), improving error handling by preventing exceptions from invalid JSON while maintaining type safety.

Changes

Cohort / File(s)	Summary
Shared Utility apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts	New safeParse<T>() function added with try-catch wrapper around JSON.parse(). Defaults to empty object on null/undefined input or parse errors. Handles type-safe parsing with generic type support.
Component Refactoring apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-card.tsx, credential-details.tsx, delete-credential.tsx	Each component updated to replace direct JSON.parse(credential.public_notes) with typed safeParse() calls. Prevents runtime exceptions from invalid JSON. Type annotations specify expected parsed structure (e.g., { type?: string; issuer?: string }).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A carrot for each error caught with care,
Safe parsing guards credentials with flair,
No crashes when JSON stumbles and falls,
Our data stays safe behind sturdy walls! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: introducing a safeParse utility to prevent JSON.parse crashes when parsing credential public_notes across multiple dashboard components.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/delete-credential.tsx (1)

162-203: Provide display fallbacks when meta is empty.

When parsing fails, meta.type / meta.issuer are undefined, leading to blank dialog text. Add defaults to keep the message readable.

✅ Suggested tweak

-  const meta = safeParse<{ type?: string; issuer?: string }>(credential.public_notes);
+  const meta = safeParse<{ type?: string; issuer?: string }>(credential.public_notes);
+  const typeLabel = meta.type ?? "credential";
+  const issuerLabel = meta.issuer ?? "unknown";
@@
-                Deleting credential of type{" "}
+                Deleting credential of type{" "}
                 <Text as="span" color="green.200" fontWeight="semibold">
-                  {meta.type}
+                  {typeLabel}
                 </Text>{" "}
                 from issuer{" "}
                 <Text as="span" color="green.200" fontWeight="semibold">
-                  {meta.issuer}
+                  {issuerLabel}
                 </Text>

🤖 Fix all issues with AI agents

In `@apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts`:
- Around line 7-18: safeParse currently returns results like null or arrays when
JSON.parse succeeds but the value isn't a plain object (e.g., "null"), which
breaks callers expecting an object; after calling JSON.parse in safeParse, check
the parsed value (in function safeParse) and if it's not a non-null plain object
(typeof parsed === "object" && parsed !== null && !Array.isArray(parsed)),
return {} as T instead, preserving the existing try/catch fallback for parse
errors.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cb8ed87 and 46e9ab9.

📒 Files selected for processing (4)

• apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-card.tsx
• apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-details.tsx
• apps/idos-data-dashboard/src/routes/dashboard/credentials/components/delete-credential.tsx
• apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts

🧰 Additional context used

🧬 Code graph analysis (4)

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-card.tsx (1)

apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts (1)

• safeParse (13-19)

apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts (2)

apps/dashboard-for-dapps/src/routes/credentials.tsx (1)

• safeParse (56-62)

packages/issuer/src/services/credential.service.ts (1)

• T (115-120)

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/delete-credential.tsx (1)

apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts (1)

• safeParse (13-19)

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-details.tsx (1)

apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts (1)

• safeParse (13-19)

🔇 Additional comments (2)

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-details.tsx (1)

21-85: Good switch to safeParse for public_notes.

Prevents runtime crashes on malformed JSON while keeping typed access.

apps/idos-data-dashboard/src/routes/dashboard/credentials/components/credential-card.tsx (1)

5-21: Nice safety improvement by using safeParse.

Avoids crashes from malformed public_notes while keeping existing behavior.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Handle valid JSON that isn’t an object (e.g., "null").

Right now JSON.parse("null") yields null and won’t hit the catch, so safeParse can still return null and crash Object.entries(...) / property access at call sites. Add a post-parse shape check and fall back to {} when the parsed value isn’t a plain object.

🛠️ Suggested fix

 export const safeParse = <T = Record<string, unknown>>(json?: string | null): T => {
   try {
-    return JSON.parse(json ?? "{}") as T;
+    const parsed = JSON.parse(json ?? "{}");
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      return parsed as T;
+    }
   } catch (_e) {
-    return {} as T;
   }
+  return {} as T;
 };

🤖 Prompt for AI Agents

In `@apps/idos-data-dashboard/src/routes/dashboard/credentials/shared/index.ts`
around lines 7 - 18, safeParse currently returns results like null or arrays
when JSON.parse succeeds but the value isn't a plain object (e.g., "null"),
which breaks callers expecting an object; after calling JSON.parse in safeParse,
check the parsed value (in function safeParse) and if it's not a non-null plain
object (typeof parsed === "object" && parsed !== null &&
!Array.isArray(parsed)), return {} as T instead, preserving the existing
try/catch fallback for parse errors.