Backend: ehnc - Einvoice auth and generation logs

[kavya-shree-s]

Type of Change

• Bugfix
• New feature
• Enhancement
• Refactoring
• Dependency updates

Description

Additional Changes

• This PR modifies the database schema (database migration added)
• This PR modifies dhall configs/environment variables

Motivation and Context

How did you test it?

Checklist

• I formatted the code and addressed linter errors ./dev/format-all-files.sh
• I reviewed submitted code
• I added unit tests for my changes where possible
• I added a CHANGELOG entry if applicable

Summary by CodeRabbit

Release Notes

• Refactor
  • Enhanced logging for e-invoice authentication and generation operations to provide improved visibility into invoice processing workflows while maintaining existing functionality.

[coderabbitai]

Walkthrough

Two e-invoice interface functions refactored to emit logging before and after operations. authenticateEInvoice and generateEInvoice now execute within do-block workflows with MonadFlow m constraint, logging lifecycle events while maintaining existing dispatch semantics.

Changes

Cohort / File(s)	Summary
E-Invoice Interface Logging lib/mobility-core/src/Kernel/External/GSTEInvoice/Interface.hs	Added MonadFlow m constraint to authenticateEInvoice and generateEInvoice, wrapping dispatch logic with logInfo calls before and after backend invocations for enhanced observability.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit hops through logs so bright, 📝
Before and after, all feels right,
Each invoice now with wings of flow,
MonadFlow grants the insight glow! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Backend: ehnc - Einvoice auth and generation logs' accurately describes the main change: adding logging to e-invoice authentication and generation functions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch backend-ehnc-logs-einvoive

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/mobility-core/src/Kernel/External/GSTEInvoice/Interface.hs`:
- Around line 24-28: The current authenticateEInvoice function logs the entire
serviceConfig and resp (via show) which may leak credentials/tokens; change the
logging to avoid printing full structures by replacing show serviceConfig and
show resp with safe metadata (e.g., log only the config type/identifier and
non-sensitive flags) or call a redaction helper (e.g., renderRedactedConfig ::
CharteredInfoEInvoiceConfig -> Text and renderRedactedResp :: RespType -> Text)
before logging; keep the calls to CharteredInfo.authenticate(cfg) intact but
ensure any error/success logs only include redacted or high-level info (status,
service name, request id) not raw credentials or tokens.
- Around line 42-46: The generateEInvoice function currently logs the full
payload and resp (variables payload and resp) which may contain sensitive
invoice/customer tax and IRN/QR data; update the two logInfo calls in
generateEInvoice (and ensure any downstream CharteredInfo.generateInvoice return
shape is used) to redact or extract only non-sensitive identifiers/status (e.g.,
invoiceId or invoiceNumber, customerId masked, operation status, and a masked
IRN/QR showing only last 4 characters) and log those minimal fields instead of
show payload/show resp; do not remove logging entirely—emit safe, contextual
messages that avoid full payload/response serialization.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1bed3a29-4b43-4ff6-b5a8-c3e445191662

📥 Commits

Reviewing files that changed from the base of the PR and between f1a5009 and 6de85ac.

📒 Files selected for processing (1)

• lib/mobility-core/src/Kernel/External/GSTEInvoice/Interface.hs

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid logging full auth config and auth response.

show serviceConfig and show resp can persist credentials, GST identifiers, or auth tokens/session data in application logs. Prefer lifecycle logs with safe metadata only, or add explicit redacted renderers.

🔒 Proposed safe logging shape

 authenticateEInvoice serviceConfig = do
-  logInfo $ "GSTEInvoice.authenticateEInvoice: calling GSP with config=" <> show serviceConfig
+  logInfo "GSTEInvoice.authenticateEInvoice: calling GSP"
   resp <- case serviceConfig of
     CharteredInfoEInvoiceConfig cfg -> CharteredInfo.authenticate cfg
-  logInfo $ "GSTEInvoice.authenticateEInvoice: received response=" <> show resp
+  logInfo "GSTEInvoice.authenticateEInvoice: received response"
   pure resp

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	authenticateEInvoice serviceConfig = do
	logInfo $ "GSTEInvoice.authenticateEInvoice: calling GSP with config=" <> show serviceConfig
	resp <- case serviceConfig of
	CharteredInfoEInvoiceConfig cfg -> CharteredInfo.authenticate cfg
	logInfo $ "GSTEInvoice.authenticateEInvoice: received response=" <> show resp
	authenticateEInvoice serviceConfig = do
	logInfo "GSTEInvoice.authenticateEInvoice: calling GSP"
	resp <- case serviceConfig of
	CharteredInfoEInvoiceConfig cfg -> CharteredInfo.authenticate cfg
	logInfo "GSTEInvoice.authenticateEInvoice: received response"
	pure resp

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/mobility-core/src/Kernel/External/GSTEInvoice/Interface.hs` around lines
24 - 28, The current authenticateEInvoice function logs the entire serviceConfig
and resp (via show) which may leak credentials/tokens; change the logging to
avoid printing full structures by replacing show serviceConfig and show resp
with safe metadata (e.g., log only the config type/identifier and non-sensitive
flags) or call a redaction helper (e.g., renderRedactedConfig ::
CharteredInfoEInvoiceConfig -> Text and renderRedactedResp :: RespType -> Text)
before logging; keep the calls to CharteredInfo.authenticate(cfg) intact but
ensure any error/success logs only include redacted or high-level info (status,
service name, request id) not raw credentials or tokens.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Do not log full e-invoice payloads or generation responses.

payload and resp likely contain invoice/customer tax data and generated IRN/QR details. Logging them verbatim creates a privacy/compliance risk; log only non-sensitive identifiers/status, with redaction where needed.

🔒 Proposed safe logging shape

 generateEInvoice serviceConfig authToken payload = do
-  logInfo $ "GSTEInvoice.generateEInvoice: calling GSP with payload=" <> show payload
+  logInfo "GSTEInvoice.generateEInvoice: calling GSP"
   resp <- case serviceConfig of
     CharteredInfoEInvoiceConfig cfg -> CharteredInfo.generateInvoice cfg authToken payload
-  logInfo $ "GSTEInvoice.generateEInvoice: received response=" <> show resp
+  logInfo "GSTEInvoice.generateEInvoice: received response"
   pure resp

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	generateEInvoice serviceConfig authToken payload = do
	logInfo $ "GSTEInvoice.generateEInvoice: calling GSP with payload=" <> show payload
	resp <- case serviceConfig of
	CharteredInfoEInvoiceConfig cfg -> CharteredInfo.generateInvoice cfg authToken payload
	logInfo $ "GSTEInvoice.generateEInvoice: received response=" <> show resp
	generateEInvoice serviceConfig authToken payload = do
	logInfo "GSTEInvoice.generateEInvoice: calling GSP"
	resp <- case serviceConfig of
	CharteredInfoEInvoiceConfig cfg -> CharteredInfo.generateInvoice cfg authToken payload
	logInfo "GSTEInvoice.generateEInvoice: received response"
	pure resp

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/mobility-core/src/Kernel/External/GSTEInvoice/Interface.hs` around lines
42 - 46, The generateEInvoice function currently logs the full payload and resp
(variables payload and resp) which may contain sensitive invoice/customer tax
and IRN/QR data; update the two logInfo calls in generateEInvoice (and ensure
any downstream CharteredInfo.generateInvoice return shape is used) to redact or
extract only non-sensitive identifiers/status (e.g., invoiceId or invoiceNumber,
customerId masked, operation status, and a masked IRN/QR showing only last 4
characters) and log those minimal fields instead of show payload/show resp; do
not remove logging entirely—emit safe, contextual messages that avoid full
payload/response serialization.