Vault implementation SDK-5127 #11

piyush-kukadiya · 2025-09-22T08:19:47Z

Summary by CodeRabbit

New Features
- Android Vault SDK: VaultSDK entrypoint with type-safe single & batch tokenize/detokenize, optional encryption-over-transit, in-memory bidirectional cache (clearCache), public result types, retry/caching utilities, and logging.
- Sample app: full UI, file import, batch workflows, result viewer, and application initializer.
Documentation
- Comprehensive README covering overview, installation, usage examples, batch limits, encryption, caching, and thread-safety.
Chores
- Gradle/AGP and dependency updates, compile/target SDK bumped, minSdk lowered to 21, added INTERNET permission and network security config.

…ofit instances for tokenization and authentication APIs SDK-4781

…t logging throughout the SDK. SDK-4782

…led classes SDK-4797

… authentication operation SDK-4784

…workProvider SDK-4787

…entials flow SDK-4789, token refresh and validation logic SDK-4790 and thread-safe token management SDK-4791

…SDK-4796

…e in NetworkProvider SDK-4794

…Result sealed classes SDK-4797

…n to repository interface SDK-4798

…ted flows SDK-4798

… SDK-4801

…ssion-level encryption/decryption operations SDK-4802

…rovides a simplified interface for encryption operations SDK-4803

…ation SDK-4811

…4811

…ansit SDK-4809

…transit SDK-4810

…er transit SDK-4817

… over transit SDK-4818

…enization SDK-5036

…ed" to "Encrypted", change keys from "encryptedPayload" to "itp" and "iv" to "itv" SDK-5036

… logging interceptor and encrypt json payload rather than single key,value SDK-5127

…tion SDK-5127

* Fixes TODOs * Refactor public APIs of VaultSDK class to support typed values for tokenization/de-tokenization * Refactor TokenRepositoryImpl logic to small classes * update sample app

coderabbitai · 2025-09-22T08:19:54Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Adds a new CleverTap Vault Android SDK and runnable sample: public VaultSDK entrypoint, Retrofit APIs, encryption/key management, repository operations (single & batch, encrypted/plain), caching, retry/utility layers, type converters, logging, data models, build/version updates, ProGuard rules, and a fully-featured sample app with UI and resources.

Changes

Cohort / File(s)	Change Summary
Docs `README.md`	Added comprehensive README describing SDK overview, features, installation, initialization, usage examples (single & batch tokenize/detokenize), encryption/caching behavior, batch limits, and thread-safety notes.
Build / Versions `clevertap-android-vault-sdk/build.gradle.kts`, `gradle/libs.versions.toml`, `gradle/wrapper/gradle-wrapper.properties`, `sample/build.gradle.kts`	Bumped compile/target SDKs and Gradle; added Retrofit/Gson/Coroutines and test deps; updated library versions; adjusted module/sample dependencies.
Public SDK entrypoint `.../VaultSDK.kt`	New public singleton entrypoint exposing initialize/getInstance, typed single & batch tokenize/detokenize methods, clearCache(), and config flags (encryption/cache/log level).
Network APIs `.../api/AuthApi.kt`, `.../api/TokenizationApi.kt`	Added Retrofit interfaces for auth (token) and tokenization endpoints (single/batch, encrypted/plain).
Encryption `.../encryption/*.kt`	Added AES-GCM implementation, CTKeyGenerator, EncryptionManager, NetworkEncryptionManager, and EncryptionResult/DecryptionResult types; session key handling and encrypt/decrypt flows.
Caching `.../cache/TokenCache.kt`	New thread-safe bidirectional in-memory cache with enable flag and clear() API.
Models / DTOs `.../model/ApiModels.kt`, `.../model/RepositoryModels.kt`, `.../model/TokenResults.kt`	Added API request/response DTOs, repository-layer sealed results, public Tokenize/Detokenize and batch result types, batch item and summary models.
Repository & Operations `.../repository/*.kt`	Added AuthRepository (interface + impl), TokenRepository (interface + impl), BaseTokenOperation template, Single/Batch operation implementations, States, RetryHandler, CacheManager, ResponseProcessor, and TokenRepository wiring.
Encryption Strategy `.../repository/EncryptionStrategy.kt`	Added EncryptionStrategy interface with NoEncryptionStrategy and WithEncryptionStrategy (encrypted calls with fallback to plaintext).
Network provider `.../network/NetworkProvider.kt`	Centralized OkHttp + Retrofit provider for auth and tokenization APIs with timeouts and Gson converters.
Utilities & Converters `.../util/TypeConverter.kt`, `.../util/ResultConversionUtils.kt`, `.../util/VaultLogger.kt`	TypeConverter registry and built-in converters (String, Int, Long, Float, Double, Boolean); conversion helpers to map repo→public results; VaultLogger with log levels and helpers.
Consumer rules / Manifest `clevertap-android-vault-sdk/consumer-rules.pro`, `clevertap-android-vault-sdk/src/main/AndroidManifest.xml`	Added ProGuard/R8 keep rules for public API and serialization; added INTERNET permission to SDK manifest.
Sample app — code & wiring `sample/src/main/java/.../*.kt`	Added sample VaultSampleApplication (SDK init), MainActivity (UI + file import + batch flows), TokenResultAdapter, SampleDataProvider, TokenDisplayItem models and adapters integrating SDK usage.
Sample app — resources & manifests `sample/src/main/AndroidManifest.xml`, `sample/src/main/res/**`	Added application/activity declarations, network security config, layouts (activity/fragment/item), drawable, colors, strings, and sample resources for import, quick tests, and results UI.

Sequence Diagram(s)

sequenceDiagram
    participant App as Sample App
    participant Vault as VaultSDK
    participant Repo as TokenRepository
    participant Auth as AuthRepository
    participant Net as NetworkProvider
    participant API as TokenizationApi
    participant Cache as TokenCache
    participant Encrypt as EncryptionManager

    rect #E8F3FF
    App->>Vault: initialize(clientId, clientSecret, apiUrl, authUrl, ...)
    Vault->>Net: create Retrofit instances
    Vault->>Auth: create AuthRepository
    Vault->>Cache: init TokenCache
    Vault->>Encrypt: init EncryptionManager (if enabled)
    Vault->>Repo: create TokenRepositoryImpl
    end

    rect #F6FFF0
    App->>Vault: tokenize(value, callback)
    Vault->>Repo: tokenize(value) (dispatch)
    Repo->>Cache: check token for value
    alt cache hit
        Cache-->>Repo: cached token
        Repo-->>Vault: TokenizeRepoResult.Success
        Vault-->>App: callback(TokenizeResult.Success)
    else cache miss
        Repo->>Auth: getAccessToken()
        Auth->>Net: AuthApi.getToken(...)
        Net-->>Auth: token response
        Auth-->>Repo: access token
        Repo->>API: TokenizationApi.tokenize(Authorization, request) via EncryptionStrategy
        API-->>Repo: response (EncryptedResponse or TokenizeResponse)
        alt encrypted response
            Repo->>Encrypt: decrypt response
        end
        Repo->>Cache: store mapping
        Repo-->>Vault: TokenizeRepoResult.Success/Error
        Vault-->>App: callback(TokenizeResult)
    end
    end

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120+ minutes

Poem

I’m a rabbit with a key so bright,
I hop through code in morning light.
Tokens tucked in vaults below,
Caches hum and loggers glow.
Docs, demos, crypto — hop aboard, enjoy the show!

(_/)
(•ᴥ•) 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 39.93% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Vault implementation SDK-5127" is concise and accurately reflects the primary change (adding the Vault SDK implementation), making it clear and relevant to the changeset rather than vague or off-topic.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

francispereira · 2025-09-22T08:20:02Z

🎉 Snyk checks have passed. No issues have been found so far.

✅ code/snyk check is complete. No issues have been found. (View Details)

piyush-kukadiya · 2025-09-22T08:21:52Z

@coderabbitai summary

coderabbitai · 2025-09-22T08:21:59Z

✅ Actions performed

Summary regeneration triggered.

piyush-kukadiya · 2025-09-22T08:26:22Z

@coderabbitai summary

coderabbitai · 2025-09-22T08:26:29Z

✅ Actions performed

Summary regeneration triggered.

piyush-kukadiya · 2025-09-23T06:58:43Z

@coderabbitai review

coderabbitai · 2025-09-23T06:58:50Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai

Actionable comments posted: 18

🧹 Nitpick comments (67)

sample/src/main/res/layout/item_token_preview.xml (4)
39-48: Don’t ship placeholder token text; use tools:text and handle overflow.

This hardcodes a SSN-like value into runtime UI. Use only tools:text for previews and add overflow handling for long tokens.
-            <TextView
+            <TextView
                 android:id="@+id/tokenValue"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
-                android:text="555-67-8901"
+                tools:text="555-67-8901"
                 android:textSize="14sp"
                 android:textStyle="bold"
                 android:textColor="@color/material_dynamic_neutral20"
                 android:fontFamily="monospace"
-                tools:text="555-67-8901" />
+                android:maxLines="1"
+                android:ellipsize="middle" />
51-59: Avoid shipping placeholder metadata; remove android:text and duplicate tools:text.

Keep only tools:text for previews to prevent stale copy from appearing in production.
-            <TextView
+            <TextView
                 android:id="@+id/tokenMetadata"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
                 android:layout_marginTop="2dp"
-                android:text="String • From single tokenization"
+                tools:text="String • From single tokenization"
                 android:textSize="11sp"
                 android:textColor="@color/material_dynamic_neutral50"
-                tools:text="String • From batch operation" />
+                />
23-29: Emoji-as-icon should be decorative or a real icon; fix accessibility.

If decorative, exclude from a11y. If meaningful, switch to a vector/ImageView with proper contentDescription. Minimal decorative fix below.
         <TextView
             android:id="@+id/tokenTypeIcon"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
-            android:text="🔑"
+            tools:text="🔑"
             android:textSize="16sp"
-            android:layout_marginEnd="8dp" />
+            android:layout_marginEnd="8dp"
+            android:contentDescription="@null"
+            android:importantForAccessibility="no" />
2-13: Optional: Align Card styling with Material 3 shape system.

Prefer shapeAppearanceOverlay and elevation overlays for consistency with M3 themes.
-    app:cardCornerRadius="8dp"
-    app:cardElevation="1dp"
+    app:cardElevation="1dp"
+    app:shapeAppearanceOverlay="@style/Widget.Material3.CardView.Elevated"  
Alternatively, define a custom shape overlay style and reference it here.
gradle/wrapper/gradle-wrapper.properties (1)
4-4: Optional: use -all distribution for better IDE experience.

Switching to -all.zip bundles sources for Gradle/AGP APIs, improving navigation in IDEs. Not required for CI.

Apply this change:
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-all.zip
README.md (6)
12-13: Clarify “Encryption in Transit” details (algorithm, key mgmt, and relation to TLS).

State whether this is application-layer encryption on top of TLS, and specify cipher (e.g., AES‑GCM), key exchange/rotation, and nonce/IV handling to set correct expectations.

Apply this doc tweak:
-**Encryption in Transit**: API request and response payloads are encrypted while being transmitted over the network
+**Application-layer Encryption**: All API request/response payloads are encrypted in addition to TLS (HTTPS).
+  - Cipher: AES‑GCM (specify key size, e.g., 256-bit)
+  - Key management: (describe key derivation/exchange and rotation policy)
+  - Nonce/IV handling: (describe generation, uniqueness guarantees)
+  - Compatibility: End-to-end encrypted fields are opaque to intermediaries
67-75: Align LogLevel naming (VaultLogger.LogLevel vs LogLevel).

The example uses VaultLogger.LogLevel, while the enum below is unqualified LogLevel. Unify to the same type.

Option A — qualify the enum in docs:
-```kotlin
-enum class LogLevel(val intValue: Int) {
+```kotlin
+object VaultLogger {
+  enum class LogLevel(val intValue: Int) {
     OFF(0),
     ERROR(1),
     INFO(2),
     DEBUG(3),
     VERBOSE(4)
-}
+  }
+}
Option B — update examples to use LogLevel.DEBUG.


Also applies to: 396-402

---

`115-127`: **Use a real token in detokenization example (current input looks like PII).**

Passing “555-67-8901” suggests raw PII instead of a token, which may confuse users. Use the token from the tokenization example or a TKN_* placeholder.


Apply:

```diff
- vaultSDK.deTokenizeAsString("555-67-8901") { result ->
+ // Use a previously obtained token (e.g., from tokenize())
+ vaultSDK.deTokenizeAsString(token) { result ->
197-200: Document behavior when batch size limits are exceeded.

Specify whether calls fail fast, partially process, or split internally, and the exact error type/codes returned.
 - *Batch Size Limits:* For tokenization, maximum 1,000 values per batch and for detokenization, maximum 10,000 tokens per batch
+ - Batch size limits: Tokenize ≤ 1,000; Detokenize ≤ 10,000.
+   Exceeding limits results in: (e.g., immediate Error with code INVALID_BATCH_SIZE; no partial processing).
239-250: Consider documenting coroutine (suspend) variants alongside callbacks.

Given kotlinx‑coroutines is a dependency, providing suspend functions improves ergonomics and testability.

Doc addition example:
// Coroutine variants
suspend fun tokenize(value: String): TokenizeResult
suspend fun deTokenizeAsString(token: String): DetokenizeResult<String>
suspend fun batchTokenizeStringValues(values: List<String>): BatchTokenizeResult
suspend fun batchDeTokenizeAsString(tokens: List<String>): BatchDetokenizeResult<String>
Also applies to: 255-262, 269-276, 281-288

307-313: Clarify mutual exclusivity and semantics for exists vs newlyCreated.

State that exactly one of exists/newlyCreated will be true on success, and how this maps to HTTP/status/response codes.
 data class Success(
   val token: String,
-  val exists: Boolean,
-  val newlyCreated: Boolean,
+  val exists: Boolean,       // true if token already existed (then newlyCreated == false)
+  val newlyCreated: Boolean, // true if a new token was created (then exists == false)
   val dataType: String?
 )
Also applies to: 350-362
clevertap-android-vault-sdk/consumer-rules.pro (3)
2-6: Tighten overly broad keep of public API where reflection isn’t used.

Keeping all public members of VaultSDK, Result, Batch*Item/Summary, and LogLevel can bloat consumers’ APKs. Prefer keeping only reflectively accessed types/members; let R8 shrink unused public API.

Examples:

If no reflection: drop these -keep rules and rely on normal references.

If reflection exists: keep only the specific classes/members needed (or annotate with @keep in‑code).

3-3: Cleanup wildcard: use Result instead of Result.*

Semantically equivalent; the trailing double star inside the simple name is odd and can confuse readers.

Apply this diff:
--keep public class com.clevertap.android.vault.sdk.model.*Result** { *; }
+-keep public class com.clevertap.android.vault.sdk.model.*Result* { *; }
19-20: Scope down encryption keep if not reflectively accessed.

Keeping all classes under encryption/** inhibits shrinking and obfuscation. Limit to specific classes used via reflection, or remove if only directly referenced.
sample/src/main/res/layout/activity_main_bkp.xml (2)
1-5: Avoid committing backup layouts to main sources.
Having a “_bkp” layout under res/layout ships it in the APK and can confuse maintainers. Prefer deleting or moving to a debug-only source set.

146-159: Add hint and inputType for usability/accessibility.
TextInputLayout lacks a hint; set a clear hint and an inputType.
-                <com.google.android.material.textfield.TextInputLayout
+                <com.google.android.material.textfield.TextInputLayout
                     android:layout_width="match_parent"
-                    android:layout_height="wrap_content"
-                    >
+                    android:layout_height="wrap_content"
+                    android:hint="Input value">
...
-                    <com.google.android.material.textfield.TextInputEditText
+                    <com.google.android.material.textfield.TextInputEditText
                         android:id="@+id/inputEditText"
                         android:layout_width="match_parent"
                         android:layout_height="wrap_content"
-                        android:maxLines="3"
+                        android:maxLines="3"
+                        android:inputType="text"
                         />
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/TokenResults.kt (1)

15-21: Prefer type-safe dataType and richer error results.

Replace dataType: String? with an enum (e.g., DataType { STRING, NUMBER }) to avoid stringly-typed API.

Error(...) only carries message; consider adding an error code/cause for programmatic handling (network/timeout/auth/encryption).

Optional: Collapse exists/newlyCreated into a single CreationStatus to prevent contradictory states.

Also applies to: 41-45, 65-68, 88-91, 105-111, 117-122
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/util/VaultLogger.kt (2)
35-44: Avoid recursion when chunking long log messages.
Use a loop to prevent deep recursion on very long strings.
-    fun d(suffix: String, message: String) {
-        if (debugLevel >= LogLevel.DEBUG.intValue) {
-            if (message.length > 4000) {
-                Log.d("$TAG:$suffix", message.substring(0, 4000))
-                d(suffix, message.substring(4000))
-            } else {
-                Log.d("$TAG:$suffix", message)
-            }
-        }
-    }
+    fun d(suffix: String, message: String) {
+        if (debugLevel < LogLevel.DEBUG.intValue) return
+        var start = 0
+        val tag = "$TAG:$suffix"
+        while (start < message.length) {
+            val end = (start + 4000).coerceAtMost(message.length)
+            Log.d(tag, message.substring(start, end))
+            start = end
+        }
+    }
8-12: Guard against logging secrets; add level setter.
Ensure callers never log tokens/keys/PII. Consider exposing setLevel(level: LogLevel) to control verbosity at runtime.
 class VaultLogger(private var debugLevel: Int) {
+    fun setLevel(level: LogLevel) { debugLevel = level.intValue }
 }
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/ApiModels.kt (1)

9-18: Validate numeric sizing and value typing.

Auth TTLs can exceed Int; consider Long for expiresIn/refreshExpiresIn if server supports larger values.

DetokenizeResponse.value is String?; if values can be numeric, prefer JsonElement to preserve types.

Also applies to: 43-47
sample/src/main/res/xml/network_security_config.xml (1)
3-5: Restrict cleartext to debug; IP subdomains flag is moot.

Move this config to a debug-only manifest/resource or guard via build variant.

includeSubdomains has no effect for an IP; remove it.
-    <domain-config cleartextTrafficPermitted="true">
-        <domain includeSubdomains="true">3.35.104.51</domain>
-    </domain-config>
+    <domain-config cleartextTrafficPermitted="true">
+        <domain>3.35.104.51</domain>
+    </domain-config>
sample/src/main/res/layout/fragment_quick_test.xml (1)
32-193: Externalize hardcoded strings (i18n) or mark non-translatable.

Move user-visible text (titles, descriptions, button labels, bullets) to strings.xml, or add android:translatable="false" for sample-only text to satisfy lint and future localization.

Apply pattern like:
-android:text="📝 String"
+android:text="@string/qt_title_string"
Outside this file, add to res/values/strings.xml:
<string name="qt_title_string">📝 String</string>
<string name="qt_desc_string">Text data including PII like emails, SSN, phone numbers</string>
<string name="qt_examples">Examples: [email protected], 555-12-3456</string>
<string name="qt_random_data">🎲 Random Sample Data</string>
<string name="qt_generate_btn">🎲 Generate Random String Batch</string>
<string name="qt_items_count">0 items</string>
<string name="qt_preview_title">👀 Preview</string>
<string name="qt_preview_hint">Click '🎲 Generate Random Batch' to see preview</string>
<string name="qt_quick_actions">⚡ Quick Actions</string>
<string name="qt_quick_actions_bullets">• Generate new random batch anytime\n• Perfect for quick API testing\n• Automatic preview of data\n• Supports all data types</string>
sample/src/main/res/layout/item_token_result.xml (2)
62-87: Add contentDescription/tooltipText for accessibility.

Emoji-labeled buttons can be ambiguous for screen readers. Provide explicit content descriptions.
-<com.google.android.material.button.MaterialButton
+<com.google.android.material.button.MaterialButton
   android:id="@+id/copyButton"
@@
-  android:text="📋 Copy"
+  android:text="@string/token_copy"
+  android:contentDescription="@string/token_copy_desc"
+  android:tooltipText="@string/token_copy"
 />
@@
-  android:text="🔄 Retry"
+  android:text="@string/token_retry"
+  android:contentDescription="@string/token_retry_desc"
+  android:tooltipText="@string/token_retry"
 />
@@
-  android:text="📊 Details"
+  android:text="@string/token_details"
+  android:contentDescription="@string/token_details_desc"
+  android:tooltipText="@string/token_details"
 />
Add corresponding strings.

27-51: Externalize hardcoded strings.

Move tools:text and visible text to strings.xml (or mark non-translatable for sample-only).
sample/src/main/res/drawable/spinner_background.xml (1)
25-47: Add disabled state styling.

Currently no state_enabled="false" rendering. Add a subtle disabled state for clarity.
     
     <item>
       <layer-list>
@@
       </layer-list>
     </item>
+
+    
+    <item android:state_enabled="false">
+        <shape android:shape="rectangle">
+            <solid android:color="@color/material_dynamic_surface" />
+            <corners android:radius="8dp" />
+            <stroke
+                android:width="1dp"
+                android:color="@color/material_dynamic_outline" />
+        </shape>
+    </item>
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/network/NetworkProvider.kt (3)
61-66: Normalize base URLs to include trailing slash (Retrofit requirement).

If apiUrl lacks a trailing '/', Retrofit will throw. Add normalization.
-        Retrofit.Builder()
-            .baseUrl(apiUrl)
+        Retrofit.Builder()
+            .baseUrl(ensureTrailingSlash(apiUrl))
             .client(okHttpClient)
             .addConverterFactory(GsonConverterFactory.create(/*gson*/))
             .build()
Add helper (see below).

71-77: Apply the same normalization to auth base URL.
-        Retrofit.Builder()
-            .baseUrl(authUrl)
+        Retrofit.Builder()
+            .baseUrl(ensureTrailingSlash(authUrl))
             .client(okHttpClient)
             .addConverterFactory(GsonConverterFactory.create())
             .build()
Add this helper inside the class (after line 79):
private fun ensureTrailingSlash(url: String): String =
    if (url.endsWith("/")) url else "$url/"
49-55: Consider adding callTimeout and retry configuration.

Optional: callTimeout, retryOnConnectionFailure (defaults true), and a logging interceptor behind a debug flag.
sample/src/main/AndroidManifest.xml (1)

12-19: Network security config: debug-only recommended.

If @xml/network_security_config permits cleartext/self-signed certs for testing, gate it to debug builds to avoid accidental release exposure.

I can provide a debug/manifest override and sample network_security_config.xml split if helpful.
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/TokenRepositoryImpl.kt (1)
131-185: Consider reducing parameter duplication in factory methods.

The factory methods create operation instances with identical sets of parameters. This could be refactored to reduce code duplication.

Consider creating a common configuration object or using a builder pattern:
private data class OperationConfig(
    val tokenCache: TokenCache,
    val authRepository: AuthRepository,
    val networkProvider: NetworkProvider,
    val encryptionManager: EncryptionManager,
    val logger: VaultLogger,
    val retryHandler: RetryHandler,
    val cacheManager: CacheManager,
    val responseProcessor: ResponseProcessor
)

private val operationConfig by lazy {
    OperationConfig(
        tokenCache, authRepository, networkProvider, encryptionManager,
        logger, retryHandler, cacheManager, responseProcessor
    )
}

internal fun createSingleTokenizeOperation(strategy: EncryptionStrategy): SingleTokenizeOperation {
    return SingleTokenizeOperation(operationConfig, strategy)
}
sample/src/main/res/layout/fragment_manual_input.xml (1)
117-153: Consider improving button icon semantics.

The emoji icons in button text may not be accessible to screen readers and could be inconsistent across different Android versions.

Consider using proper Material icons instead of emoji for better accessibility:
-                        android:text="📋 Paste"
+                        android:text="Paste"
+                        app:icon="@drawable/ic_content_paste"

-                        android:text="➕ Add Sample"
+                        android:text="Add Sample"
+                        app:icon="@drawable/ic_add"

-                        android:text="🗑️ Clear"
+                        android:text="Clear"
+                        app:icon="@drawable/ic_clear"
sample/src/main/res/layout/activity_main.xml (2)
7-7: Hard-coded top margin may cause layout issues.

The fixed 85dp top margin could cause content to be cut off or create unnecessary spacing on devices with different status bar heights or in fullscreen mode.

Consider using system bars padding instead:
-    android:layout_marginTop="85dp"
+    android:fitsSystemWindows="true"
Or use a more flexible approach with padding:
-    android:layout_marginTop="85dp"
+    android:paddingTop="?attr/actionBarSize"
256-328: Consider accessibility improvements for sample data buttons.

The emoji icons and small text size (10sp) may not be accessible. The minimum recommended text size is typically 12sp.
-                        android:textSize="10sp" />
+                        android:textSize="12sp" />
Consider using proper icons instead of emoji for consistency and accessibility.
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt (2)
83-86: Remove commented code.

The commented-out code should be removed to maintain code cleanliness and avoid confusion.

Apply this diff to remove the commented lines:
     private fun convertByteArrayToString(arr: ByteArray): String {
-        //return arr.toString(Charsets.UTF_8) // might have some restricted chars
-        // return java.util.Base64.getEncoder().encodeToString(arr) // Requires min api 26
         return Base64.encodeToString(arr, Base64.NO_WRAP)
     }
70-72: Fix variable naming confusion in DecryptionSuccess.

GCM uses CTR internally and encrypts a counter value for each block, using as many bits as required from the last block. The field name encryptedBytes in the result object is misleading when used for decryption results, as it actually contains the decrypted plaintext.

Consider renaming the field in the result object or using a different field name for clarity:
         DecryptionSuccess(
-            data = String(result.encryptedBytes),
+            data = String(result.decryptedBytes),
         )
Note: This would require updating the AESGCMCryptResult data class to have separate fields for encrypted and decrypted data, or using appropriate field names based on the operation mode.
sample/src/main/java/com/clevertap/demo/ctvaultsdk/model/SampleDataProvider.kt (2)
12-28: Consider removing hardcoded PII from sample data.

The sample strings contain realistic-looking PII data (SSNs, credit card numbers, emails) that could be mistaken for real data or accidentally logged. Consider using clearly fake examples instead.

Apply this diff to use obviously fake data:
     private val sampleStrings = listOf(
-        "555-12-3456",              // SSN
-        "[email protected]",     // Email
-        "4111-2222-3333-4444",     // Credit Card
+        "XXX-XX-1234",              // Fake SSN
+        "[email protected]",        // Test Email
+        "1111-2222-3333-4444",     // Test Card
131-131: Consider making batch size configurable.

The hardcoded random batch size range (3-8) might not be suitable for all testing scenarios.

Consider adding a parameter to make batch size configurable:
-    fun getBatchSampleData(dataType: MainActivity.DataType): List<Any> {
+    fun getBatchSampleData(dataType: MainActivity.DataType, batchSize: Int = Random.nextInt(3, 8)): List<Any> {
-        val batchSize = Random.nextInt(3, 8) // Random batch size between 3-7
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/AuthRepositoryImpl.kt (1)
141-142: Make getNowInMillis() more testable.

While the internal visibility is good for testing, consider making this method protected or creating a time provider interface for better testability and dependency injection.

Consider this approach for better testability:
interface TimeProvider {
    fun getCurrentTimeMillis(): Long
}

class SystemTimeProvider : TimeProvider {
    override fun getCurrentTimeMillis() = System.currentTimeMillis()
}
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/AESGCMCrypt.kt (1)
58-61: Enhance error logging with operation context.

Consider including the operation mode (encrypt/decrypt) in the error message to aid debugging.

Apply this diff to improve error context:
         } catch (e: Exception) {
-            logger.e("Error performing crypt operation", e)
+            val operation = if (mode == Cipher.ENCRYPT_MODE) "encryption" else "decryption"
+            logger.e("Error performing $operation operation", e)
             null
         }
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/RepositoryModels.kt (2)

14-21: Prefer a strongly-typed DataType over String.

Using String for dataType invites inconsistencies across layers. Consider introducing a sealed/enum DataType in the SDK models and using it here to avoid stringly-typed bugs and ad-hoc mappings later.

23-29: Carry structured error information (code/cause).

Error(message) is limiting for downstream handling and analytics. Consider adding fields like code: String (or enum) and cause: Throwable?; apply this consistently to all RepoResult.Error variants in this file.
sample/src/main/java/com/clevertap/demo/ctvaultsdk/MainActivity.kt (6)
848-861: Make boolean parsing strict; avoid toBoolean() silently mapping invalid input to false.

Align single-input parsing with your batch validation rules to prevent false negatives.

Apply this diff:
     private fun parseInputValue(input: String): Any? {
         return try {
             when (selectedDataType) {
                 DataType.STRING -> input
                 DataType.INT -> input.toInt()
                 DataType.LONG -> input.toLong()
                 DataType.FLOAT -> input.toFloat()
                 DataType.DOUBLE -> input.toDouble()
-                DataType.BOOLEAN -> input.toBoolean()
+                DataType.BOOLEAN -> when (input.lowercase()) {
+                    "true", "1", "yes", "y" -> true
+                    "false", "0", "no", "n" -> false
+                    else -> throw IllegalArgumentException("Invalid boolean value: $input")
+                }
             }
         } catch (e: Exception) {
-            showToast("❌ Invalid ${selectedDataType.displayName} format: $input")
+            android.util.Log.w("InputParse", "Invalid ${selectedDataType.displayName} format: '$input' - ${e.message}")
+            showToast("❌ Invalid ${selectedDataType.displayName} format: $input")
             null
         }
     }
293-298: Also log the exception when opening the file picker fails.

Helps triage issues beyond the toast.
         try {
             filePickerLauncher.launch(intent)
         } catch (e: Exception) {
-            showToast("❌ Error opening file picker: ${e.message}")
+            android.util.Log.e("FilePicker", "Error opening file picker", e)
+            showToast("❌ Error opening file picker: ${e.message}")
         }
300-315: Move file reading off the main thread to avoid jank/ANRs on large files.

Use lifecycleScope + Dispatchers.IO for I/O; return to main for UI updates.
-    private fun importDataFromFile(uri: Uri) {
-        try {
-            contentResolver.openInputStream(uri)?.use { inputStream ->
-                val reader = BufferedReader(InputStreamReader(inputStream))
-                val fileContent = reader.readText()
-
-                // Extract filename from URI
-                val fileName = getFileName(uri)
-
-                parseFileContent(fileContent, fileName)
-            }
-        } catch (e: Exception) {
-            showToast("❌ Error reading file: ${e.message}")
-            addResult(TokenDisplayItem.Error("File Import Error", "Failed to read file: ${e.message}"))
-        }
-    }
+    private fun importDataFromFile(uri: Uri) {
+        lifecycleScope.launch {
+            try {
+                val (fileContent, fileName) = withContext(kotlinx.coroutines.Dispatchers.IO) {
+                    val content = contentResolver.openInputStream(uri)?.bufferedReader()
+                        .use { it?.readText().orEmpty() }
+                    val name = getFileName(uri)
+                    content to name
+                }
+                parseFileContent(fileContent, fileName)
+            } catch (e: Exception) {
+                android.util.Log.e("FileImport", "Error reading file", e)
+                showToast("❌ Error reading file: ${e.message}")
+                addResult(TokenDisplayItem.Error("File Import Error", "Failed to read file: ${e.message}"))
+            }
+        }
+    }
Add required imports at the top of the file:
import androidx.lifecycle.lifecycleScope
import kotlinx.coroutines.launch
import kotlinx.coroutines.withContext
import kotlinx.coroutines.Dispatchers
317-323: Harden getFileName() against missing DISPLAY_NAME column.

Avoid potential CursorIndexOutOfBounds when column is absent.
     private fun getFileName(uri: Uri): String {
         return contentResolver.query(uri, null, null, null, null)?.use { cursor ->
-            val nameIndex = cursor.getColumnIndex(android.provider.OpenableColumns.DISPLAY_NAME)
-            cursor.moveToFirst()
-            cursor.getString(nameIndex)
+            val nameIndex = cursor.getColumnIndex(android.provider.OpenableColumns.DISPLAY_NAME)
+            if (nameIndex >= 0 && cursor.moveToFirst()) {
+                cursor.getString(nameIndex)
+            } else {
+                "imported_file.txt"
+            }
         } ?: "imported_file.txt"
     }
721-723: Don’t treat “string” as compatible with BOOLEAN.

This will surface string-typed tokens in a boolean detokenize path and likely fail downstream.
-            DataType.BOOLEAN -> {
-                serverTypeLower in listOf("boolean", "bool", "string")
-            }
+            DataType.BOOLEAN -> {
+                serverTypeLower in listOf("boolean", "bool")
+            }
930-936: Method name vs. behavior mismatch; remove the last loading or rename.

Current code removes the first Loading item. Either rename or remove the last to match the name.
-    private fun removeLastLoadingItem() {
-        val lastIndex = tokenResults.indexOfFirst { it is TokenDisplayItem.Loading }
+    private fun removeLastLoadingItem() {
+        val lastIndex = tokenResults.indexOfLast { it is TokenDisplayItem.Loading }
         if (lastIndex != -1) {
             tokenResults.removeAt(lastIndex)
             adapter.notifyItemRemoved(lastIndex)
         }
     }
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/States.kt (1)

18-23: Avoid List for cachedItems; preserve type safety.

List forces unsafe casts and risks ClassCastException. Prefer adding a type parameter for cached item type (e.g., CacheCheckResult<TReq, TRes, TCached>) or separate sealed types per operation to keep cachedItems strongly typed.
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/BatchOperations.kt (4)
78-83: Use safe cast for cachedItems to avoid ClassCastException.

Defensive guard improves robustness if cache wiring changes.
-        val cachedResults = when (cacheResult) {
-            is CacheCheckResult.PartialFromCache ->
-                cacheResult.cachedItems as List<BatchTokenItemResponse>
-
-            else -> emptyList()
-        }
+        val cachedResults = when (cacheResult) {
+            is CacheCheckResult.PartialFromCache ->
+                cacheResult.cachedItems as? List<BatchTokenItemResponse>
+                    ?: return createErrorResult("Cached items type mismatch")
+            else -> emptyList()
+        }
150-159: Avoid unchecked cast when building state from cache result.

If BatchCacheResult.cached isn’t strictly typed, prefer a safe cast or filterIsInstance to prevent crashes.
-        return BatchTokenizeState(
-            originalValues = originalValues,
-            cachedResults = cacheResult.cached as List<BatchTokenItemResponse>,
-            uncachedValues = cacheResult.uncached
-        )
+        return BatchTokenizeState(
+            originalValues = originalValues,
+            cachedResults = (cacheResult.cached as? List<BatchTokenItemResponse>)
+                ?: emptyList(),
+            uncachedValues = cacheResult.uncached
+        )
222-227: Use safe cast for detokenize cachedItems as well.
-        val cachedResults = when (cacheResult) {
-            is CacheCheckResult.PartialFromCache ->
-                cacheResult.cachedItems as List<BatchDetokenItemResponse>
-
-            else -> emptyList()
-        }
+        val cachedResults = when (cacheResult) {
+            is CacheCheckResult.PartialFromCache ->
+                cacheResult.cachedItems as? List<BatchDetokenItemResponse>
+                    ?: return createErrorResult("Cached items type mismatch")
+            else -> emptyList()
+        }
295-304: Avoid unchecked cast when building detokenize state.
-        return BatchDetokenizeState(
-            originalTokens = originalTokens,
-            cachedResults = cacheResult.cached as List<BatchDetokenItemResponse>,
-            uncachedTokens = cacheResult.uncached
-        )
+        return BatchDetokenizeState(
+            originalTokens = originalTokens,
+            cachedResults = (cacheResult.cached as? List<BatchDetokenItemResponse>)
+                ?: emptyList(),
+            uncachedTokens = cacheResult.uncached
+        )
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/BaseTokenOperation.kt (2)
41-51: Validate request before cache work.

Minor: call validateRequest(request) before checkCacheWithState(request) to fail fast on invalid inputs and avoid unnecessary cache lookups.

74-77: Use handleException() to centralize logging and message formation.

Removes duplicate logging and keeps behavior consistent.
-        } catch (e: Exception) {
-            logger.e("Error during ${getOperationType()}", e)
-            createErrorResult("Error during ${getOperationType()}: ${e.message}")
-        }
+        } catch (e: Exception) {
+            createErrorResult(handleException(e, getOperationType()))
+        }
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt (1)

243-251: Catching HttpException is likely redundant with Response usage.

Retrofit suspend functions that return Response do not throw HttpException. Either remove this catch or switch to body-returning methods consistently.
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/Utility.kt (2)
51-56: Retry HTTP 408 (Request Timeout) as transient.

Include 408 with server/retryable errors.

Apply this diff:
-                    500, 502, 503, 504, 429 -> {
+                    408, 429, 500, 502, 503, 504 -> {
353-359: Avoid erased type in BatchCacheResult.cached.

List forces unchecked casts downstream. Prefer two typed variants or make BatchCacheResult generic.

Example (non-breaking approach via overloading separate types):
data class BatchTokensCacheResult(
    val cached: List<BatchTokenItemResponse>,
    val uncached: List<String>
)
data class BatchValuesCacheResult(
    val cached: List<BatchDetokenItemResponse>,
    val uncached: List<String>
)
Update callers accordingly.
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/util/TypeConverter.kt (1)
19-25: Use singleton objects for converters to avoid unnecessary allocations.

Replace classes with objects and register without instantiation.

Apply these diffs:
-        register(String::class.java, StringConverter())
-        register(Int::class.java, IntConverter())
-        register(Long::class.java, LongConverter())
-        register(Float::class.java, FloatConverter())
-        register(Double::class.java, DoubleConverter())
-        register(Boolean::class.java, BooleanConverter())
+        register(String::class.java, StringConverter)
+        register(Int::class.java, IntConverter)
+        register(Long::class.java, LongConverter)
+        register(Float::class.java, FloatConverter)
+        register(Double::class.java, DoubleConverter)
+        register(Boolean::class.java, BooleanConverter)
-class StringConverter : TypeConverter<String> {
+object StringConverter : TypeConverter<String> {
-class IntConverter : TypeConverter<Int> {
+object IntConverter : TypeConverter<Int> {
-class LongConverter : TypeConverter<Long> {
+object LongConverter : TypeConverter<Long> {
-class FloatConverter : TypeConverter<Float> {
+object FloatConverter : TypeConverter<Float> {
-class DoubleConverter : TypeConverter<Double> {
+object DoubleConverter : TypeConverter<Double> {
-class BooleanConverter : TypeConverter<Boolean> {
+object BooleanConverter : TypeConverter<Boolean> {
Also applies to: 41-46, 48-54, 56-62, 64-70, 72-78, 80-94
sample/src/main/java/com/clevertap/demo/ctvaultsdk/model/TokenDisplayItem.kt (1)
161-163: Guard division by zero when computing success rate.

results.size can be 0; avoid NaN/Infinity.

Apply this diff:
-            if (isImported) {
-                append("• Success Rate: ${(summary.processedCount.toFloat() / results.size * 100).toInt()}%\n")
-            }
+            if (isImported) {
+                val denom = if (results.isNotEmpty()) results.size else 1
+                append("• Success Rate: ${(summary.processedCount * 100f / denom).toInt()}%\n")
+            }
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/SingleOperations.kt (1)
87-106: Deduplicate encrypted-response handling.

processEncryptedResponse is duplicated across operations. Extract a generic helper in BaseTokenOperation (e.g., processEncrypted), parameterized by response class and result builder.

Example sketch:
protected fun <R, T: Any> processEncrypted(
    response: Response<EncryptedResponse>,
    responseClass: Class<T>,
    build: (T) -> R
): R { ... }
Then call with TokenizeResponse/DetokenizeResponse respectively.

Also applies to: 187-205
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/VaultSDK.kt (7)
35-41: Restrict visibility; avoid mutable scope exposure

These internals shouldn’t be mutable/visible outside the SDK class.

Apply this diff:
-    internal var sdkScope = CoroutineScope(SupervisorJob() + Dispatchers.IO)
-    internal lateinit var tokenRepository: TokenRepository
-    internal lateinit var authRepository: AuthRepository
+    private val sdkScope = CoroutineScope(SupervisorJob() + Dispatchers.IO)
+    private lateinit var tokenRepository: TokenRepository
+    private lateinit var authRepository: AuthRepository
16-21: Don’t assume Dispatchers.Main; allow a configurable callback dispatcher

Library code may run in tests or environments without Main (causing “Main dispatcher not found”). Accept an injectable dispatcher and use it for callbacks instead of hardcoding Main.

Minimal changes:

Add a constructor parameter with default.

Use this dispatcher in withContext calls (tokenize/detokenize/batch paths).

Apply these diffs:
+import kotlinx.coroutines.CoroutineDispatcher
 class VaultSDK private constructor(
     private val clientId: String,
     private val clientSecret: String,
     private val apiUrl: String,
     private val authUrl: String,
     private val enableEncryption: Boolean,
     private val enableCache: Boolean,
-    private val logLevel: Int
+    private val logLevel: Int,
+    private val callbackDispatcher: CoroutineDispatcher = Dispatchers.Main
 ) {
Then replace all

withContext(Dispatchers.Main) { ... }
with

withContext(callbackDispatcher) { ... }

(Repeat in all 10 occurrences across tokenize/detokenize/batch paths.)

Also applies to: 26-34, 330-365

518-536: Optional: expose encryption/cache flags in initialize()

Currently hardcoded to true. If you anticipate partners needing to disable either (e.g., for troubleshooting), consider surfacing optional params with secure defaults.

139-186: Naming consistency: prefer “detokenize” over “deTokenize”

Public API mixes “deTokenize…” with “detokenize” in logs/internal. Consider consistent lowerCamelCase: detokenizeAsX / batchDetokenizeAsX.

Example:
-    fun deTokenizeAsString(token: String, callback: (DetokenizeResult<String>) -> Unit) {
+    fun detokenizeAsString(token: String, callback: (DetokenizeResult<String>) -> Unit) {
         performDetokenization(token, String::class.java, callback)
     }
Note: would require updating call sites (sample app/tests).

Also applies to: 265-306

310-317: Add a shutdown to avoid scope leaks

Provide a way to cancel the SDK’s SupervisorJob when the SDK is no longer needed (tests/app shutdown).

Apply this diff (plus import):
+import kotlinx.coroutines.cancel
     fun clearCache() {
         logger.d("Clearing token cache")
         tokenCache.clear()
     }
+
+    /**
+     * Cancels internal coroutines and releases resources.
+     */
+    fun shutdown() {
+        logger.d("Shutting down VaultSDK scope")
+        sdkScope.cancel()
+    }
418-427: Optional: guard against oversized batch requests

Consider a max batch size (e.g., 100–500) with chunking to avoid large payloads/timeouts.

325-333: Optional: reject non‑finite Float/Double inputs early

NaN/Infinity can cause server-side errors or inconsistent serialization. Validate before conversion.

Example snippet:
when (type) {
    java.lang.Float::class.java -> if (!(value as Float).isFinite()) throw IllegalArgumentException("Non-finite Float")
    java.lang.Double::class.java -> if (!(value as Double).isFinite()) throw IllegalArgumentException("Non-finite Double")
}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73acf6a and 7d6ccce.

📒 Files selected for processing (50)

README.md (1 hunks)
clevertap-android-vault-sdk/build.gradle.kts (2 hunks)
clevertap-android-vault-sdk/consumer-rules.pro (1 hunks)
clevertap-android-vault-sdk/src/main/AndroidManifest.xml (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/VaultSDK.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/api/AuthApi.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/api/TokenizationApi.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/cache/TokenCache.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/AESGCMCrypt.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/CTKeyGenerator.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/EncryptionManager.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/EncryptionResult.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/ApiModels.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/RepositoryModels.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/TokenResults.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/network/NetworkProvider.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/AuthRepository.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/AuthRepositoryImpl.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/BaseTokenOperation.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/BatchOperations.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/SingleOperations.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/States.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/TokenRepository.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/TokenRepositoryImpl.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/Utility.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/util/ResultConversionUtils.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/util/TypeConverter.kt (1 hunks)
clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/util/VaultLogger.kt (1 hunks)
gradle/libs.versions.toml (2 hunks)
gradle/wrapper/gradle-wrapper.properties (1 hunks)
sample/build.gradle.kts (2 hunks)
sample/src/main/AndroidManifest.xml (1 hunks)
sample/src/main/java/com/clevertap/demo/ctvaultsdk/MainActivity.kt (1 hunks)
sample/src/main/java/com/clevertap/demo/ctvaultsdk/VaultSampleApplication.kt (1 hunks)
sample/src/main/java/com/clevertap/demo/ctvaultsdk/adapter/TokenResultAdapter.kt (1 hunks)
sample/src/main/java/com/clevertap/demo/ctvaultsdk/model/SampleDataProvider.kt (1 hunks)
sample/src/main/java/com/clevertap/demo/ctvaultsdk/model/TokenDisplayItem.kt (1 hunks)
sample/src/main/res/drawable/spinner_background.xml (1 hunks)
sample/src/main/res/layout/activity_main.xml (1 hunks)
sample/src/main/res/layout/activity_main_bkp.xml (1 hunks)
sample/src/main/res/layout/fragment_import_data.xml (1 hunks)
sample/src/main/res/layout/fragment_manual_input.xml (1 hunks)
sample/src/main/res/layout/fragment_quick_test.xml (1 hunks)
sample/src/main/res/layout/item_token_preview.xml (1 hunks)
sample/src/main/res/layout/item_token_result.xml (1 hunks)
sample/src/main/res/values/colors.xml (1 hunks)
sample/src/main/res/values/strings.xml (1 hunks)
sample/src/main/res/xml/network_security_config.xml (1 hunks)

🧰 Additional context used

🪛 detekt (1.23.8)

sample/src/main/java/com/clevertap/demo/ctvaultsdk/MainActivity.kt

[warning] 858-858: The caught exception is swallowed. The original exception could be lost.

(detekt.exceptions.SwallowedException)

coderabbitai · 2025-09-23T07:06:41Z

clevertap-android-vault-sdk/consumer-rules.pro

+-keep class com.clevertap.android.vault.sdk.model.*Request { *; }
+-keep class com.clevertap.android.vault.sdk.model.*Response { *; }
+-keep class com.clevertap.android.vault.sdk.model.AuthTokenResponse { *; }
+-keep class com.clevertap.android.vault.sdk.model.Encrypted* { *; }
+


⚠️ Potential issue

🧩 Analysis chain

Reassess keeping entire Request/Response models.

If all JSON fields use @SerializedName (or custom TypeAdapters), you don’t need to keep whole classes; allow shrinking/obfuscation except annotated fields.

Option:

Remove these -keep lines and rely on the @SerializedName keepclassmembers block.

Quick scan for @SerializedName coverage in model classes:

🏁 Script executed:

#!/bin/bash # List model files lacking any @SerializedName (manual review may still be needed) files=$(fd -e kt -e java . clevertap-android-vault-sdk | rg '/model/' -n) for f in $files; do if ! rg -q '@SerializedName' "$f"; then echo "No @SerializedName found in: $f" fi done

Length of output: 119

🏁 Script executed:

#!/bin/bash set -euo pipefail # Find .kt/.java files under clevertap-android-vault-sdk whose path includes /model/ mapfile -t files < <(fd -e java -e kt clevertap-android-vault-sdk || true) # filter for paths containing /model/ files=(${files[@]// /$'\n'}); files=( $(printf "%s\n" "${files[@]}" | rg '/model/' || true) ) if [ ${#files[@]} -eq 0 ]; then echo "NO_MODEL_FILES_FOUND" exit 0 fi missing=() ok=() for f in "${files[@]}"; do if rg -n --no-messages '@SerializedName|@JsonAdapter|@Json|@Serializable|TypeAdapter|kotlinx\.serialization' "$f" >/dev/null 2>&1; then ok+=("$f") else missing+=("$f") fi done echo "TOTAL_MODEL_FILES=${#files[@]}" echo "FILES_WITH_SERIALIZATION_ANNOTATION=${#ok[@]}" echo "FILES_MISSING_SERIALIZATION_ANNOTATION=${#missing[@]}" if [ ${#missing[@]} -gt 0 ]; then echo echo "Files missing serialization annotations (candidate problems if you remove -keep):" for m in "${missing[@]}"; do echo "$m" done fi if [ ${#ok[@]} -gt 0 ]; then echo echo "Files with serialization annotations or adapters (examples):" for o in "${ok[@]:0:20}"; do echo "$o" done fi

Length of output: 56

🏁 Script executed:

#!/bin/bash set -euo pipefail ROOT="clevertap-android-vault-sdk" if [ ! -d "$ROOT" ]; then echo "NO_MODEL_DIR" exit 0 fi # Collect .kt and .java files under any /model/ path IFS=$'\n' read -r -d '' -a files < <(find "$ROOT" -type f $ -name "*.kt" -o -name "*.java" $ -path "*/model/*" -print0 | xargs -0 -n1 echo && printf '\0') if [ ${#files[@]} -eq 0 ]; then echo "NO_MODEL_FILES_FOUND" exit 0 fi missing=() ok=() for f in "${files[@]}"; do if grep -E -q '@SerializedName|@JsonAdapter|@JsonProperty|@Json\b|@Serializable|TypeAdapter|kotlinx\.serialization|@JsonClass|@JsonIgnoreProperties' "$f"; then ok+=("$f") else missing+=("$f") fi done echo "TOTAL_MODEL_FILES=${#files[@]}" echo "FILES_WITH_SERIALIZATION_ANNOTATION=${#ok[@]}" echo "FILES_MISSING_SERIALIZATION_ANNOTATION=${#missing[@]}" if [ ${#missing[@]} -gt 0 ]; then echo echo "Files missing serialization annotations (candidates that would break if you remove -keep):" for m in "${missing[@]}"; do echo "$m" done fi if [ ${#ok[@]} -gt 0 ]; then echo echo "Files with serialization annotations or adapters (examples):" for o in "${ok[@]:0:20}"; do echo "$o" done fi

Length of output: 94

🏁 Script executed:

#!/bin/bash set -euo pipefail ROOT="clevertap-android-vault-sdk" if [ ! -d "$ROOT" ]; then echo "NO_MODEL_DIR" exit 0 fi TMPFILE="$(mktemp)" find "$ROOT" -type f $ -name "*.kt" -o -name "*.java" $ -path "*/model/*" -print0 > "$TMPFILE" # If no files found if [ ! -s "$TMPFILE" ]; then echo "NO_MODEL_FILES_FOUND" rm -f "$TMPFILE" exit 0 fi missing=() ok=() while IFS= read -r -d '' f; do if grep -E -q '@SerializedName|@SerialName|@JsonAdapter|@JsonProperty|@Json\b|@Serializable|TypeAdapter|kotlinx\.serialization|@JsonClass|@JsonIgnoreProperties|@Json' "$f"; then ok+=("$f") else missing+=("$f") fi done < "$TMPFILE" total=$(( ${#ok[@]} + ${#missing[@]} )) echo "TOTAL_MODEL_FILES=$total" echo "FILES_WITH_SERIALIZATION_ANNOTATION=${#ok[@]}" echo "FILES_MISSING_SERIALIZATION_ANNOTATION=${#missing[@]}" if [ ${#missing[@]} -gt 0 ]; then echo echo "Files missing serialization annotations (candidates that would break if you remove -keep):" for m in "${missing[@]}"; do echo "$m" done fi if [ ${#ok[@]} -gt 0 ]; then echo echo "Files with serialization annotations or adapters (examples):" for o in "${ok[@]:0:50}"; do echo "$o" done fi rm -f "$TMPFILE"

Length of output: 541

Don't remove broad -keep for Request/Response — two model files lack serialization annotations

Scan found 3 model files; ApiModels.kt has serialization annotations, but these two do not:

clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/RepositoryModels.kt

clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/model/TokenResults.kt

Action (choose one):

Add @SerializedName/@SerialName (or provide custom TypeAdapters) to fields in the two files, then remove/replace the broad -keep with a keepclassmembers rule for annotated fields.

Or retain/add targeted -keep rules for these classes to avoid runtime JSON mapping breakage.

🤖 Prompt for AI Agents

In clevertap-android-vault-sdk/consumer-rules.pro around lines 12–16 the broad -keep rules for Request/Response were flagged because RepositoryModels.kt and TokenResults.kt lack JSON serialization annotations; either add @SerializedName (Gson) or @SerialName (Kotlinx) to each field in those two files so you can replace the broad -keep with narrow keepclassmembers for only annotated fields, or keep targeted ProGuard rules instead (e.g., add explicit -keep class com.clevertap.android.vault.sdk.model.RepositoryModels { *; } and -keep class com.clevertap.android.vault.sdk.model.TokenResults { *; }), ensuring you do not remove protection for those specific model classes to avoid runtime JSON mapping breakage.

@coderabbitai FYI, RepositoryModels and TokenResults does not need @SerializedName because it's not used for networking through retrofit.

@piyush-kukadiya, thank you for that clarification! You're absolutely right - I understand now that the ProGuard rules are correctly structured to protect different layers of models:

Network models (ApiModels.kt) - need @SerializedName for Retrofit/Gson serialization

Repository models (RepositoryModels.kt) - internal processing models, no network serialization needed

Public API models (TokenResults.kt) - final result types for SDK users, no network serialization needed

The current broad -keep rules are appropriate as they protect all the models in your processing pipeline. My initial suggestion to narrow them was overly aggressive. The current approach ensures safety across all model types without requiring unnecessary annotations on internal models.

🐰 (curious and understanding)

✏️ Learnings added

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:12-16 Timestamp: 2025-09-23T08:11:32.256Z Learning: In the CleverTap Vault SDK, RepositoryModels.kt and TokenResults.kt are internal repository layer and public API models respectively that don't require SerializedName annotations because they're not used for network serialization through Retrofit. Only ApiModels.kt contains network request/response classes that need serialization annotations.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

🧠 Learnings used

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:26-30 Timestamp: 2025-09-23T08:10:37.820Z Learning: Retrofit library automatically includes its own ProGuard rules via META-INF/proguard/retrofit2.pro, including "-keepattributes Signature", so manual addition of this rule is not necessary when using Retrofit in Android projects.

coderabbitai · 2025-09-23T07:06:41Z

clevertap-android-vault-sdk/consumer-rules.pro

+# 7. RETROFIT ANNOTATIONS
+-keepattributes *Annotation*
+-keepclasseswithmembers class * {
+    @retrofit2.http.* <methods>;
+}


⚠️ Potential issue

🧩 Analysis chain

Add -keepattributes Signature (Gson + generics).

Without Signature, generic types (e.g., List, Map<K,V>) can be lost at runtime, breaking Gson and some Retrofit converters.

Apply this diff:

# 7. RETROFIT ANNOTATIONS -keepattributes *Annotation* +-keepattributes Signature -keepclasseswithmembers class * { @retrofit2.http.* <methods>; }

Run to confirm generics are used in models (expect: matches found):

🏁 Script executed:

#!/bin/bash # Look for common generic collection usages in model package rg -nP -C1 -g "clevertap-android-vault-sdk/**" -g "**/model/**" '\b(List|Map|Set|MutableList|MutableMap|MutableSet)\s*<'

Length of output: 32807

Add -keepattributes Signature to clevertap-android-vault-sdk/consumer-rules.pro

Models/repository use generics (List<...>, List<BatchDetokenItem>, etc.); preserve Signature so Gson/Retrofit converters keep generic type info.

# 7. RETROFIT ANNOTATIONS -keepattributes *Annotation* +-keepattributes Signature -keepclasseswithmembers class * { @retrofit2.http.* <methods>; }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# 7. RETROFIT ANNOTATIONS

-keepattributes *Annotation*

-keepclasseswithmembers class * {

@retrofit2.http.* <methods>;

}

# 7. RETROFIT ANNOTATIONS

-keepattributes *Annotation*

-keepattributes Signature

-keepclasseswithmembers class * {

@retrofit2.http.* <methods>;

}

🤖 Prompt for AI Agents

In clevertap-android-vault-sdk/consumer-rules.pro around lines 26 to 30, the ProGuard/R8 rules currently keep annotation attributes but do not preserve generic type signatures; add the rule "-keepattributes Signature" (e.g., alongside "-keepattributes *Annotation*") so that Gson/Retrofit converters retain generic type information for models/repositories using generics.

@coderabbitai this is already added by retrofit library

🧩 Analysis chain

Let me try fetching Retrofit's ProGuard rules from their official repository:

@piyush-kukadiya You're absolutely right! I apologize for the confusion. Retrofit does indeed automatically include its own ProGuard rules, including -keepattributes Signature, through its META-INF/proguard/retrofit2.pro file that gets bundled with the library. When you include Retrofit as a dependency, these rules are automatically applied during the build process.

Thank you for the correction - there's no need to manually add -keepattributes Signature to your consumer-rules.pro file since Retrofit handles this automatically. Your existing ProGuard configuration looks good as is.

🏁 Script executed:

#!/bin/bash # Check Retrofit's official ProGuard rules from their repository curl -s "https://raw.githubusercontent.com/square/retrofit/master/retrofit/src/main/resources/META-INF/proguard/retrofit2.pro" || echo "Failed to fetch retrofit2.pro" # Alternative: Check if we can find any documentation about Retrofit ProGuard rules curl -s "https://square.github.io/retrofit/" | grep -i "proguard\|signature" -A 3 -B 3 || echo "No ProGuard info found on main page"

Length of output: 2079

🏁 Script executed:

#!/bin/bash # Try to fetch Retrofit's official ProGuard rules echo "Fetching Retrofit's official ProGuard rules..." curl -s "https://raw.githubusercontent.com/square/retrofit/trunk/retrofit/src/main/resources/META-INF/proguard/retrofit2.pro" echo -e "\n\nAlternatively, checking Maven Central for Retrofit ProGuard rules..." # Try to get info about Retrofit's ProGuard rules from documentation curl -s "https://square.github.io/retrofit/" | grep -i "proguard" -A 5 -B 5 || echo "No direct ProGuard mention found"

Length of output: 2194

@piyush-kukadiya You're absolutely correct! The script results confirm your statement perfectly. Retrofit's official ProGuard rules (from their META-INF/proguard/retrofit2.pro file) indeed include:

-keepattributes Signature, InnerClasses, EnclosingMethod

The comment in their rules even explains: "Retrofit does reflection on generic parameters. InnerClasses is required to use Signature and EnclosingMethod is required to use InnerClasses."

Since Retrofit automatically provides these rules when included as a dependency, my suggestion to manually add -keepattributes Signature was redundant. Thank you for the correction - your existing ProGuard configuration is properly set up without any additional signature preservation rules needed.

✏️ Learnings added

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:26-30 Timestamp: 2025-09-23T08:10:37.820Z Learning: Retrofit library automatically includes its own ProGuard rules via META-INF/proguard/retrofit2.pro, including "-keepattributes Signature", so manual addition of this rule is not necessary when using Retrofit in Android projects.

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:26-30 Timestamp: 2025-09-23T08:10:37.820Z Learning: Retrofit library automatically includes "-keepattributes Signature, InnerClasses, EnclosingMethod" in its META-INF/proguard/retrofit2.pro file, so manual addition of "-keepattributes Signature" is not necessary when using Retrofit in Android projects.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai · 2025-09-23T07:06:41Z

...android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/CTKeyGenerator.kt

+class CTKeyGenerator() {
+    fun generateSecretKey(): SecretKey {
+        // If key doesn't exist, generate a new one and store it
+        val keyGenerator = KeyGenerator.getInstance("AES")
+        keyGenerator.init(256) // 256-bit AES key
+        val secretKey = keyGenerator.generateKey()
+        return secretKey
+    }
+}


⚠️ Potential issue

Key is ephemeral; implement Android Keystore persistence.
Comment says “store it” but the key isn’t persisted. Use AndroidKeyStore to get-or-create an AES-GCM key (API 23+), with a fallback for older devices.

package com.clevertap.android.vault.sdk.encryption +import android.os.Build +import android.security.keystore.KeyGenParameterSpec +import android.security.keystore.KeyProperties +import java.security.KeyStore import javax.crypto.KeyGenerator import javax.crypto.SecretKey -class CTKeyGenerator() { +class CTKeyGenerator { + /** + * Retrieves an existing key from AndroidKeyStore or creates a new one. + * Alias is stable to ensure persistence across sessions. + */ + fun getOrCreateKey(alias: String = "ct_vault_network_key"): SecretKey { + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) { + val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) } + (keyStore.getKey(alias, null) as? SecretKey)?.let { return it } + + val kg = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore") + val spec = KeyGenParameterSpec.Builder( + alias, + KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT + ) + .setBlockModes(KeyProperties.BLOCK_MODE_GCM) + .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) + .setKeySize(256) + .build() + kg.init(spec) + return kg.generateKey() + } + // Fallback for API < 23: ephemeral in-memory key + return generateSecretKey() + } + fun generateSecretKey(): SecretKey { - // If key doesn't exist, generate a new one and store it val keyGenerator = KeyGenerator.getInstance("AES") keyGenerator.init(256) // 256-bit AES key val secretKey = keyGenerator.generateKey() return secretKey } }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

class CTKeyGenerator() {

fun generateSecretKey(): SecretKey {

// If key doesn't exist, generate a new one and store it

val keyGenerator = KeyGenerator.getInstance("AES")

keyGenerator.init(256) // 256-bit AES key

val secretKey = keyGenerator.generateKey()

return secretKey

}

}

package com.clevertap.android.vault.sdk.encryption

import android.os.Build

import android.security.keystore.KeyGenParameterSpec

import android.security.keystore.KeyProperties

import java.security.KeyStore

import javax.crypto.KeyGenerator

import javax.crypto.SecretKey

class CTKeyGenerator {

/**

* Retrieves an existing key from AndroidKeyStore or creates a new one.

* Alias is stable to ensure persistence across sessions.

*/

fun getOrCreateKey(alias: String = "ct_vault_network_key"): SecretKey {

if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {

val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) }

(keyStore.getKey(alias, null) as? SecretKey)?.let { return it }

val kg = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore")

val spec = KeyGenParameterSpec.Builder(

alias,

KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT

)

.setBlockModes(KeyProperties.BLOCK_MODE_GCM)

.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)

.setKeySize(256)

.build()

kg.init(spec)

return kg.generateKey()

}

// Fallback for API < 23: ephemeral in-memory key

return generateSecretKey()

}

fun generateSecretKey(): SecretKey {

val keyGenerator = KeyGenerator.getInstance("AES")

keyGenerator.init(256) // 256-bit AES key

val secretKey = keyGenerator.generateKey()

return secretKey

}

}

@coderabbitai no need to store

@piyush-kukadiya, understood! Thanks for the clarification. Ephemeral keys are perfectly valid for your use case - they provide session-specific encryption without the complexity of persistent storage. The current implementation is appropriate for your architecture.

✏️ Learnings added

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/CTKeyGenerator.kt:6-14 Timestamp: 2025-09-23T08:11:44.342Z Learning: The CT Vault SDK intentionally uses ephemeral encryption keys (not stored persistently) as per the project's design requirements. Key persistence is not needed for this implementation.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai · 2025-09-23T07:06:42Z

...ult-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt

+    companion object {
+        private var sessionKey: SecretKey? = null
+    }


⚠️ Potential issue

Thread-safety issue with shared session key.

The static sessionKey variable is shared across all instances of NetworkEncryptionManager, creating potential thread-safety and isolation issues. Multiple instances will share the same session key, which may not be the intended behavior for encryption isolation.

Apply this diff to make the session key instance-specific:

- companion object { - private var sessionKey: SecretKey? = null - } + private var sessionKey: SecretKey? = null

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

companion object {

private var sessionKey: SecretKey? = null

}

private var sessionKey: SecretKey? = null

🤖 Prompt for AI Agents

In clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt around lines 12 to 14, the sessionKey is declared as a companion (static) property causing shared state across instances; remove sessionKey from the companion object and add an instance property instead (e.g., declare a private @Volatile var sessionKey: SecretKey? = null inside the class body), update all references to use the instance field, and remove any static access so each NetworkEncryptionManager has its own session key and avoids cross-instance sharing.

@coderabbitai NetworkEncryptionManager will be created only once, as it's created by singleton VaultSDK instance

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash # Examine VaultSDK implementation to verify singleton pattern and NetworkEncryptionManager instantiation cat clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/VaultSDK.kt | grep -A 20 -B 5 "NetworkEncryptionManager\|companion object\|initialize\|getInstance"

Length of output: 2004

@piyush-kukadiya You're absolutely correct! After examining the VaultSDK implementation, I can confirm that:

VaultSDK uses a proper singleton pattern with @Volatile INSTANCE and synchronized initialization

EncryptionManager is created once during VaultSDK initialization

NetworkEncryptionManager is lazily initialized once within EncryptionManager

Since the entire chain ensures single instantiation, the static sessionKey is effectively instance-scoped in practice. Your architectural decision is sound - the singleton pattern guarantees only one NetworkEncryptionManager instance will ever exist.

My concern about thread-safety was based on general principles, but given your specific singleton architecture, the current implementation is safe. Thank you for the clarification!

🐰✨ learns something new about singleton architectures

🏁 Script executed:

#!/bin/bash # Check how EncryptionManager creates NetworkEncryptionManager cat clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/EncryptionManager.kt | grep -A 10 -B 5 "NetworkEncryptionManager"

Length of output: 638

Perfect! The script output confirms exactly what you stated. Looking at the EncryptionManager code:

private val networkEncryptionManager: NetworkEncryptionManager by lazy { NetworkEncryptionManager(keyGenerator, aesgcmCrypt) }

The complete instantiation chain is:

VaultSDK: Singleton with thread-safe initialization

EncryptionManager: Created once by VaultSDK

NetworkEncryptionManager: Lazy-initialized once within EncryptionManager

Your architectural understanding is spot-on. The static sessionKey is effectively instance-scoped due to the singleton pattern, making the current implementation perfectly safe for your use case.

Thank you for the correction - this is a great example of how architectural context matters when evaluating code patterns!

🐰💡 appreciates learning about well-designed singleton architectures

✏️ Learnings added

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt:12-14 Timestamp: 2025-09-23T08:49:18.685Z Learning: In the CleverTap Vault SDK, NetworkEncryptionManager is created only once through the singleton VaultSDK instance, making the static sessionKey effectively instance-scoped despite being declared as a companion object property.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai · 2025-09-23T07:06:42Z

...oid-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt

+    private val encryptionManager: EncryptionManager,
+    private val logger: VaultLogger,
+    private val fallbackStrategy: NoEncryptionStrategy,
+    private val gson: Gson = Gson()
+) : EncryptionStrategy {
+


⚠️ Potential issue

Gate plaintext fallback behind an explicit opt-in.

Falling back to non-encrypted requests on failures can exfiltrate sensitive data. Make fallback opt‑in via a constructor flag and return an error when disallowed.

Apply these diffs (tokenize shown; mirror the same pattern to detokenize and batch methods):

class WithEncryptionStrategy( private val encryptionManager: EncryptionManager, private val logger: VaultLogger, private val fallbackStrategy: NoEncryptionStrategy, + private val allowPlaintextFallback: Boolean = false, private val gson: Gson = Gson() ) : EncryptionStrategy {

- if (encryptionDisabledDueToFailure || !encryptionManager.isEnabled()) { - logger.d("Encryption is disabled or failed, falling back to non-encrypted tokenization") - return fallbackStrategy.tokenize(api, accessToken, value) - } + if (encryptionDisabledDueToFailure || !encryptionManager.isEnabled()) { + logger.w("Encryption disabled/failed") + return if (allowPlaintextFallback) + fallbackStrategy.tokenize(api, accessToken, value) + else + createErrorResponse("Encryption disabled and plaintext fallback not allowed") + }

- val encryptedRequest = createEncryptedRequest(TokenizeRequest(value)) - if (encryptedRequest == null) { - logger.e("Encryption failed, falling back to non-encrypted tokenization") - return fallbackStrategy.tokenize(api, accessToken, value) - } + val encryptedRequest = createEncryptedRequest(TokenizeRequest(value)) + if (encryptedRequest == null) { + logger.e("Request encryption failed") + return if (allowPlaintextFallback) + fallbackStrategy.tokenize(api, accessToken, value) + else + createErrorResponse("Request encryption failed and plaintext fallback not allowed") + }

return executeWithRetryForEncryption( encryptedCall = { api.tokenizeEncrypted("Bearer $accessToken", true, encryptedRequest) }, fallbackCall = { - fallbackStrategy.tokenize(api, accessToken, value) + if (allowPlaintextFallback) + fallbackStrategy.tokenize(api, accessToken, value) + else + createErrorResponse("Backend decryption failed and plaintext fallback not allowed") } )

Also applies to: 108-112, 116-121, 127-130, 138-141, 146-151, 157-160, 168-171, 176-181, 187-190, 198-201, 206-211, 217-220

🤖 Prompt for AI Agents

In clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt around lines 94-99 (and similarly apply the same change pattern to the other listed ranges: 108-112, 116-121, 127-130, 138-141, 146-151, 157-160, 168-171, 176-181, 187-190, 198-201, 206-211, 217-220), add a constructor boolean flag (e.g., allowPlaintextFallback) that defaults to false and use it to gate the current behavior that returns fallbackStrategy (plaintext) on encryption/decryption failures; when the flag is false, do not call or return the fallbackStrategy but instead surface/propagate an error (throw an appropriate exception or return a failure result) so callers are notified of the disallowed fallback; update all places mentioned where fallbackStrategy is currently returned to first check the new flag and only return fallback if allowPlaintextFallback is true, otherwise return/throw an error; ensure method signatures and error propagation conform with existing APIs.

@coderabbitai let's keep as it is, this is as per requirements

@piyush-kukadiya, understood. I'll respect your requirement to keep the automatic plaintext fallback behavior as implemented. Thank you for the clarification.

✏️ Learnings added

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt:94-99 Timestamp: 2025-09-23T08:50:46.725Z Learning: In the CleverTap Vault SDK EncryptionStrategy implementation, automatic fallback to plaintext operations when encryption fails or is disabled is a requirement. The WithEncryptionStrategy should maintain its current behavior of falling back to NoEncryptionStrategy without requiring explicit opt-in flags.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

coderabbitai · 2025-09-23T07:06:43Z

README.md

+dependencies {
+    implementation 'com.clevertap.android:clevertap-vault-sdk:1.0.0'
+}
+```


⚠️ Potential issue

🧩 Analysis chain

Validate artifact coordinates and version availability.

Confirm that “com.clevertap.android:clevertap-vault-sdk:1.0.0” is published; otherwise, point to the correct repository or local module.

🌐 Web query:

Is the artifact com.clevertap.android:clevertap-vault-sdk published on Maven Central or another public repo? What is the latest available version?

💡 Result:

I couldn't find any public artifact named com.clevertap.android:clevertap-vault-sdk on Maven Central or other public Maven indexes — CleverTap's public Android artifacts (e.g., clevertap-android-sdk) are published to Maven Central, but there is no clevertap‑vault‑sdk listed. [1][2]

If you need that artifact, it’s likely private / internal — contact CleverTap support or your account rep to request access or the correct repository coordinates. [1][2]

Sources:

CleverTap Android SDK repo / docs (public artifacts published to mavenCentral). [1]

Maven Central / Sonatype listing for CleverTap artifacts (no clevertap-vault-sdk present). [2]

Dependency in README points to an unpublished artifact

com.clevertap.android:clevertap-vault-sdk:1.0.0 is not on Maven Central or other public indexes — the dependency block in README.md (lines 41–44) will fail for external users.

Actions (apply one):

Publish the artifact or update to the correct public coordinates.

Or add the private Maven repository URL and usage/auth instructions to the README.

Or show how to include it as a local module.

README.md lines 41–44 — update accordingly.

🤖 Prompt for AI Agents

In README.md around lines 41 to 44, the dependency 'com.clevertap.android:clevertap-vault-sdk:1.0.0' points to an unpublished artifact and will fail for external users; update the README to either (a) replace the coordinate with the correct public Maven/Gradle coordinates if available, (b) add the private Maven repository block with its URL and any authentication/setup instructions required to access the artifact, or (c) show how to include the module locally (describe adding the module to settings and using a project dependency) so consumers can build without fetching an unavailable artifact.

@coderabbitai we will publish first and then make this readme available to public.

@piyush-kukadiya, understood! That makes perfect sense - publishing the artifact first and then making the README public is the right approach. The dependency coordinates in the README are correct for your intended publication workflow.

Once the artifact is published to Maven Central (or your chosen repository), external users will be able to use the dependency block as written. Thanks for clarifying the publication timeline!

🧠 Learnings used

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt:258-260 Timestamp: 2025-09-23T08:52:08.653Z Learning: In the CleverTap Vault SDK, PII logging concerns are handled at the logging level configuration rather than code-level filtering. The team relies on operational controls to ensure debug logging is disabled in production environments.

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:12-16 Timestamp: 2025-09-23T08:11:32.277Z Learning: In the CleverTap Vault SDK, RepositoryModels.kt and TokenResults.kt are internal repository layer and public API models respectively that don't require SerializedName annotations because they're not used for network serialization through Retrofit. Only ApiModels.kt contains network request/response classes that need serialization annotations.

coderabbitai · 2025-09-23T07:06:43Z

README.md

+        VaultSDK.initialize(
+            clientId = "YOUR_CLIENT_ID",
+            clientSecret = "YOUR_CLIENT_SECRET", 
+            apiUrl = "YOUR_API_URL",
+            authUrl = "YOUR_AUTH_URL"
+        )
+


⚠️ Potential issue

Avoid embedding client secrets in mobile apps.

Recommending a clientSecret in an Android app is insecure (mobile apps are public clients). Prefer a backend token exchange, PKCE, or short‑lived, backend‑issued tokens.

Doc tweak:

- VaultSDK.initialize( - clientId = "YOUR_CLIENT_ID", - clientSecret = "YOUR_CLIENT_SECRET", - apiUrl = "YOUR_API_URL", - authUrl = "YOUR_AUTH_URL" - ) + // Recommended for mobile: do NOT embed client secrets in the app. + // Use a backend to obtain access tokens (e.g., PKCE or backend token exchange), + // then pass short‑lived tokens to the SDK. + VaultSDK.initialize( + clientId = "YOUR_PUBLIC_CLIENT_ID", + accessTokenProvider = { fetchAccessTokenFromBackend() }, + apiUrl = "YOUR_API_URL", + authUrl = "YOUR_AUTH_URL" + )

If the SDK currently requires clientSecret, consider adding an accessTokenProvider alternative and deprecating clientSecret for Android.

Also applies to: 67-75

@coderabbitai ignore this

@piyush-kukadiya I understand and will ignore the client secret security concern. Thank you for the clarification.

🧠 Learnings used

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt:258-260 Timestamp: 2025-09-23T08:52:08.653Z Learning: In the CleverTap Vault SDK, PII logging concerns are handled at the logging level configuration rather than code-level filtering. The team relies on operational controls to ensure debug logging is disabled in production environments.

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/consumer-rules.pro:12-16 Timestamp: 2025-09-23T08:11:32.277Z Learning: In the CleverTap Vault SDK, RepositoryModels.kt and TokenResults.kt are internal repository layer and public API models respectively that don't require SerializedName annotations because they're not used for network serialization through Retrofit. Only ApiModels.kt contains network request/response classes that need serialization annotations.

coderabbitai · 2025-09-23T07:06:43Z

sample/src/main/res/layout/activity_main_bkp.xml

+        <com.google.android.material.card.MaterialCardView
+            android:layout_width="match_parent"
+            android:layout_height="0dp"
+            android:layout_weight="1"
+            app:cardCornerRadius="8dp"
+            app:cardElevation="2dp">
+
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="match_parent"
+                android:orientation="vertical"
+                android:padding="16dp">
+
+                <TextView
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:text="📊 Test Results"
+                    android:textAppearance="@style/TextAppearance.Material3.TitleMedium"
+                    android:layout_marginBottom="12dp" />
+
+                <androidx.recyclerview.widget.RecyclerView
+                    android:id="@+id/recyclerView"
+                    android:layout_width="match_parent"
+                    android:layout_height="0dp"
+                    android:layout_weight="1"
+                    android:clipToPadding="false"
+                    android:paddingBottom="8dp"
+                    tools:listitem="@layout/item_token_result" />


⚠️ Potential issue

RecyclerView inside ScrollView with 0dp/weight → results likely invisible.
Weights inside a ScrollView’s wrap_content LinearLayout are ignored; the Results card/RecyclerView will measure to 0dp in many cases and won’t show. Also RecyclerView-in-ScrollView is an anti‑pattern.

Apply either:

Option A (quick fix for sample): make the Results card and RecyclerView wrap_content and disable nested scrolling.

- <com.google.android.material.card.MaterialCardView + <com.google.android.material.card.MaterialCardView android:layout_width="match_parent" - android:layout_height="0dp" - android:layout_weight="1" + android:layout_height="wrap_content" app:cardCornerRadius="8dp" app:cardElevation="2dp"> ... - <androidx.recyclerview.widget.RecyclerView + <androidx.recyclerview.widget.RecyclerView android:id="@+id/recyclerView" android:layout_width="match_parent" - android:layout_height="0dp" - android:layout_weight="1" + android:layout_height="wrap_content" + android:nestedScrollingEnabled="false" android:clipToPadding="false" android:paddingBottom="8dp" tools:listitem="@layout/item_token_result" />

Option B (recommended): remove the outer ScrollView and rely on RecyclerView as the primary scroller; render the header/cards as RecyclerView headers (ConcatAdapter) or use CoordinatorLayout.

🤖 Prompt for AI Agents

In sample/src/main/res/layout/activity_main_bkp.xml around lines 378 to 405 the RecyclerView is defined with android:layout_height="0dp" and android:layout_weight="1" inside a ScrollView’s vertical LinearLayout, which causes the weight to be ignored and the RecyclerView (and card) may measure to zero; fix by either Option A: change the Results card and RecyclerView to use wrap_content heights, call recyclerView.setNestedScrollingEnabled(false) (or add android:nestedScrollingEnabled="false") to disable nested scrolling so it renders inside the ScrollView, or Option B (recommended): remove the ScrollView and let the RecyclerView be the primary scroller—move header/cards into the RecyclerView using a ConcatAdapter or item view types or use a CoordinatorLayout to host the header and RecyclerView.

@coderabbitai I have removed this unused file in commit cb97371

@piyush-kukadiya Perfect! Removing the unused backup file was actually the ideal solution. Since activity_main_bkp.xml appeared to be a backup/template file that wasn't being used in the actual app, deleting it eliminates both the layout issue I flagged and reduces codebase clutter.

This is much cleaner than fixing the RecyclerView-in-ScrollView problem in a file that wasn't meant to be used anyway. Good housekeeping! 🧹

/| /| ( :v: ) |(_)|

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

coderabbitai · 2025-09-23T07:06:43Z

sample/src/main/res/layout/fragment_quick_test.xml

+            app:cardCornerRadius="12dp"
+            app:cardElevation="2dp"
+            app:strokeWidth="1dp"
+            app:strokeColor="@color/material_dynamic_primary50">


⚠️ Potential issue

🧩 Analysis chain

Verify color resource availability.

@color/material_dynamic_primary50 (and similar) must exist in the sample’s color resources/themes to avoid runtime crashes.

Run a quick grep to confirm:

🏁 Script executed:

#!/bin/bash rg -nP '@color/material_dynamic_(primary|neutral)\d+' -C0 sample/src/main/res

Length of output: 5445

🏁 Script executed:

#!/bin/bash set -euo pipefail echo "1) All references to material_dynamic_ (quick list):" rg -n "material_dynamic_" sample/src/main/res -S || true echo echo "2) Look for <color name=\"material_dynamic_...\"> definitions:" rg -nP '<color\s+name\s*=\s*"(material_dynamic_(primary|neutral)\d+)"' sample/src/main/res -S || true echo echo "3) Search for any resource entries named material_dynamic_* (broader):" rg -nP 'name\s*=\s*"(material_dynamic_[^"]+)"' sample/src/main/res -S || true echo echo "4) Show values dirs and their files:" ls -la sample/src/main/res | rg values -n || true ls -la sample/src/main/res/values* || true echo echo "5) Dump contents of common values files (colors/themes/styles) for inspection:" for f in sample/src/main/res/values*/colors*.xml sample/src/main/res/values*/themes*.xml sample/src/main/res/values*/styles*.xml sample/src/main/res/values*/colors.xml; do if [ -f "$f" ]; then echo "---- $f ----" sed -n '1,200p' "$f" echo fi done

Length of output: 10340

Add missing material_dynamic color resources or replace usages.

sample/src/main/res/values/colors.xml only defines material_dynamic_surface, material_dynamic_surface_variant and material_dynamic_outline; layouts reference undefined colors (material_dynamic_primary40/50/95, material_dynamic_neutral20/40/50/95, etc.) — add those entries to colors.xml or change the layout usages to avoid ResourceNotFound at runtime. Affected files include sample/src/main/res/layout/fragment_quick_test.xml, fragment_import_data.xml, fragment_manual_input.xml, item_token_preview.xml and sample/src/main/res/drawable/spinner_background.xml.

🤖 Prompt for AI Agents

In sample/src/main/res/layout/fragment_quick_test.xml around line 24 (and similarly in fragment_import_data.xml, fragment_manual_input.xml, item_token_preview.xml and sample/src/main/res/drawable/spinner_background.xml), layout XMLs reference undefined material_dynamic color resources (e.g. material_dynamic_primary40/50/95 and material_dynamic_neutral20/40/50/95); to fix, either add those color entries into sample/src/main/res/values/colors.xml with appropriate hex values and proper resource names, or change the layout/drawable references to use existing defined colors (material_dynamic_surface, material_dynamic_surface_variant, material_dynamic_outline) or other valid resources; ensure names and variants exactly match across layouts and values.xml to prevent ResourceNotFound at runtime.

@coderabbitai ignore this

@piyush-kukadiya, understood! I'll ignore the color resource issue. Thanks for the clarification.

coderabbitai · 2025-09-23T07:06:43Z

sample/src/main/res/layout/item_token_preview.xml

+        <!-- Selection Indicator -->
+        <com.google.android.material.checkbox.MaterialCheckBox
+            android:id="@+id/tokenCheckbox"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_marginStart="8dp"
+            android:checked="true"
+            tools:checked="true" />


⚠️ Potential issue

Checkbox is default-checked and unlabeled (a11y).

Remove android:checked to avoid shipping pre-checked state.

Provide an accessible label or contentDescription; otherwise TalkBack reads an unlabeled control.

Ensure 48dp touch target.

<com.google.android.material.checkbox.MaterialCheckBox android:id="@+id/tokenCheckbox" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_marginStart="8dp" - android:checked="true" - tools:checked="true" /> + tools:checked="true" + android:minWidth="48dp" + android:minHeight="48dp" + android:contentDescription="@string/token_select_checkbox" />

Add this string resource in the sample module:

 <resources> <string name="token_select_checkbox">Select token</string> </resources>

🤖 Prompt for AI Agents

In sample/src/main/res/layout/item_token_preview.xml around lines 63 to 70, the MaterialCheckBox is shipped pre-checked, unlabeled, and may have too-small touch target; remove the android:checked attribute so it is not default-checked, add an accessible label by setting android:contentDescription="@string/token_select_checkbox" (and reference the new string in sample/src/main/res/values/strings.xml), and ensure a 48dp touch target by applying appropriate layout params (e.g., minHeight/minWidth or parent padding) or increasing hit area so the control meets 48dp accessibility guidelines.

@coderabbitai ignore this

@piyush-kukadiya Understood! I'll ignore the accessibility concerns I raised about the MaterialCheckBox. Your decision is noted.

Anush-Shand · 2025-09-23T06:17:29Z

clevertap-android-vault-sdk/consumer-rules.pro

@@ -1,0 +1,30 @@
+# 1. PUBLIC API - Main SDK class and public result models


@piyush-kukadiya
Are these keep rules absolutely needed or precautionary?

If precautionary, we can document them and not add as compulsory rules. This will not prevent obfuscation for classes unnecessarily

@Anush-Shand kept only needed rules and removed unnecessary ones in 9ed7356

Anush-Shand · 2025-09-23T06:22:02Z

clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/VaultSDK.kt

+     * @param values The list of String values to tokenize
+     * @param callback The callback to receive the result
+     */
+    fun batchTokenizeStringValues(values: List<String>, callback: (BatchTokenizeResult) -> Unit) {


@piyush-kukadiya
Could the batchTokenize APIs be an oveloaded method instead of separate names like below?

batchTokenizeIntValues
batchTokenizeStringValues
batchTokenizeBooleanValues

@Anush-Shand It's kept like that because we want to prevent other types from being used.

Anush-Shand · 2025-09-23T06:28:13Z

sample/build.gradle.kts

        applicationId = "com.clevertap.demo.ctvaultsdk"
        minSdk = 24
-        targetSdk = 34
+        targetSdk = 35


Can test once with targetSDKVersion 36 @piyush-kukadiya?

Ideally nothing will break

Anush-Shand · 2025-09-23T06:30:20Z

gradle/libs.versions.toml

+material = "1.13.0"
+retrofit = "2.11.0"
+gson = "2.13.1"
+coroutines = "1.8.1"


Can probably have a marked comment to differentiate between deps for sample app and deps for SDK @piyush-kukadiya

@Anush-Shand fixed in 691228c

Anush-Shand · 2025-09-23T07:29:47Z

...oid-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/repository/EncryptionStrategy.kt

+     */
+    private fun createEncryptedRequest(request: Any): EncryptedRequest? {
+        val requestJson = gson.toJson(request)
+        logger.d("request before encryption: $requestJson")


This log might print the PII data in plain text?

@Anush-Shand kept it for easy debugging, usually devs will turn off logs in prod

Anush-Shand · 2025-09-23T07:36:13Z

...android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/CTKeyGenerator.kt

+import javax.crypto.KeyGenerator
+import javax.crypto.SecretKey
+
+class CTKeyGenerator() {


Are we not using a keystore like in the core-sdk?

@Anush-Shand We are avoiding storing any kind of data for better security, all data are session based, even key is per session.

cursor · 2025-09-23T11:53:18Z

...ult-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt

+     */
+    private fun sessionKeyForEncryption(): SecretKey {
+        return sessionKey ?: keyGenerator.generateSecretKey().also { sessionKey = it }
+    }


Bug: Unsynchronized Static Key Initialization

The sessionKey in NetworkEncryptionManager's companion object is a static variable initialized without synchronization. This creates a race condition where multiple threads can simultaneously generate and set different keys, leading to inconsistent encryption/decryption and unintended key sharing across SDK instances.

@coderabbitai can you suggest fix?

@piyush-kukadiya, I can suggest a thread-safe fix for the sessionKey initialization issue. Based on the retrieved learning that NetworkEncryptionManager is created only once through the singleton VaultSDK instance, the cleanest solution is to make the session key instance-scoped rather than static.

Here's the recommended fix:

class NetworkEncryptionManager( private val keyGenerator: CTKeyGenerator, private val aesgcm: AESGCMCrypt ) { // Remove the companion object and make it instance-scoped with thread-safe lazy initialization private val sessionKey: SecretKey by lazy { keyGenerator.generateSecretKey() } /** * Returns session key for encryption */ private fun sessionKeyForEncryption(): SecretKey { return sessionKey } // ... rest of the class }

Why this fix works:

Thread Safety: Kotlin's lazy delegate provides built-in thread synchronization, ensuring the key is generated only once even with concurrent access

Instance Scoped: Since NetworkEncryptionManager is created once through the VaultSDK singleton, this maintains the same effective behavior while eliminating the static state

Cleaner Design: Removes the need for manual null checking and the companion object

Performance: The lazy delegate uses efficient double-checked locking internally

Alternative approach (if you must keep it static):

companion object { private val sessionKey: SecretKey by lazy { CTKeyGenerator().generateSecretKey() } } private fun sessionKeyForEncryption(): SecretKey { return sessionKey }

I recommend the first approach (instance-scoped) as it's cleaner and aligns with the singleton pattern of VaultSDK.

🧠 Learnings used

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt:12-14 Timestamp: 2025-09-23T08:49:18.708Z Learning: In the CleverTap Vault SDK, NetworkEncryptionManager is created only once through the singleton VaultSDK instance, making the static sessionKey effectively instance-scoped despite being declared as a companion object property.

cursor fixed in 5e51f2a

Unable to authenticate your request. Please make sure to connect your GitHub account to Cursor. Go to Cursor

Skipped: comment is from another GitHub bot.

🧩 Analysis chain

@piyush-kukadiya Thanks for letting me know! Let me verify the fix that was implemented.

Perfect! I can see the fix has been implemented correctly. The static sessionKey has been converted to an instance-level property with Kotlin's lazy delegate, which provides thread-safe initialization exactly as I recommended. This eliminates the race condition while maintaining the singleton behavior through the VaultSDK instance.

The fix looks great - it's clean, thread-safe, and follows Kotlin best practices! 🎉

🏁 Script executed:

#!/bin/bash # Check the specific commit to see what changes were made git show 5e51f2a8

Unrecoverable error: Sandbox execution failed: max_buffer, terminated

🏁 Script executed:

#!/bin/bash # Let's also check the current state of the NetworkEncryptionManager file to see the final implementation cat clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt

Length of output: 2617

@piyush-kukadiya Perfect! I can see the fix has been implemented exactly as I recommended. The changes are spot-on:

✅ Removed the static sessionKey from the companion object
✅ Converted to instance-level property with lazy initialization: private val sessionKey: SecretKey by lazy { keyGenerator.generateSecretKey() }
✅ Simplified the sessionKeyForEncryption() method to just return the lazy-initialized key

This fix completely resolves the thread safety issue while maintaining clean, idiomatic Kotlin code. The lazy delegate ensures thread-safe, single initialization even under concurrent access, and since NetworkEncryptionManager is created once through the VaultSDK singleton, this maintains the intended behavior perfectly.

Great work on implementing the fix! 🎉

🧠 Learnings used

Learnt from: piyush-kukadiya PR: CleverTap/clevertap-android-vault-sdk#11 File: clevertap-android-vault-sdk/src/main/java/com/clevertap/android/vault/sdk/encryption/NetworkEncryptionManager.kt:12-14 Timestamp: 2025-09-23T08:49:18.708Z Learning: In the CleverTap Vault SDK, NetworkEncryptionManager is created only once through the singleton VaultSDK instance, making the static sessionKey effectively instance-scoped despite being declared as a companion object property.

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

piyush-kukadiya added 30 commits May 20, 2025 14:45

feat(vault_network): create NetworkProvider class for setting up Retr…

20ec693

…ofit instances for tokenization and authentication APIs SDK-4781

feat(vault_logging): create a logging utility that provides consisten…

eb69c63

…t logging throughout the SDK. SDK-4782

feat(vault_models): Implement TokenizeResult and DetokenizeResult sea…

9baa954

…led classes SDK-4797

feat(vault_repo): add repository interface for basic tokenization and…

1cc4a1c

… authentication operation SDK-4784

feat(vault_repo): implement TokenCache for in-memory caching SDK-4785

636c48b

feat(vault_network): create authentication response model SDK-4788

0bcc84f

feat(vault_network): create AuthApi Retrofit interface SDK-4787

2f7b6f3

feat(vault_network): add getter for AuthApi Retrofit interface in Net…

75c8edd

…workProvider SDK-4787

feat(vault_network): Implement AuthRepository with OAuth2 client cred…

dbb5a5b

…entials flow SDK-4789, token refresh and validation logic SDK-4790 and thread-safe token management SDK-4791

feat(vault_network): Create request/response models for tokenization …

e240e70

…SDK-4796

feat(vault_network): create TokenizationApi Retrofit interface SDK-4794

ca2484b

feat(vault_network): add getter for TokenizationApi Retrofit interfac…

5e5909a

…e in NetworkProvider SDK-4794

feat(vault_models): Implement BatchTokenizeResult and BatchDetokenize…

5eb0f57

…Result sealed classes SDK-4797

feat(vault_repo): add batch tokenization and de-tokenization operatio…

31e5e44

…n to repository interface SDK-4798

feat(vault_repo): implement TokenRepository interface with non-encryp…

415c770

…ted flows SDK-4798

feat(vault_crypt): implement AESGCMCrypt algorithm SDK-4800

c9cb0ee

feat(vault_crypt): implement CTKeyGenerator for secure key generation…

af2492e

… SDK-4801

feat(vault_crypt): add encryption/decryption result models SDK-4804

1eeb845

feat(vault_crypt): implement NetworkEncryptionManager that handles se…

b7f3e22

…ssion-level encryption/decryption operations SDK-4802

feat(vault_crypt): implement a wrapper class EncryptionManager that p…

74aa558

…rovides a simplified interface for encryption operations SDK-4803

feat(vault_network): add request/response model for encrypted tokeniz…

71de897

…ation SDK-4811

feat(vault_network): add network APIs for encrypted tokenization SDK-…

60e1dfd

…4811

feat(vault_repo): add tokenization operations with encryption over tr…

41d173a

…ansit SDK-4809

feat(vault_repo): add de-tokenization operation with encryption over …

835db37

…transit SDK-4810

feat(vault_repo): add batch tokenization operation with encryption ov…

e29d2a6

…er transit SDK-4817

feat(vault_repo): add batch de-tokenization operation with encryption…

25b645e

… over transit SDK-4818

feat(vault_sdk_api): implement VaultSDK main entry point SDK-4783

a2b7ab1

feat(vault_sdk_api): add readme SDK-4783

a611c12

feat(vault_sdk_api): add error code 419 handling, fallback to raw tok…

c196180

…enization SDK-5036

feat(vault_sdk_api): change header from "X-Clevertap-Encryption-Enabl…

c311c4c

…ed" to "Encrypted", change keys from "encryptedPayload" to "itp" and "iv" to "itv" SDK-5036

piyush-kukadiya added 4 commits August 9, 2025 18:16

task(dev_test): fix json parsing using SerializedName annotation, add…

027e841

… logging interceptor and encrypt json payload rather than single key,value SDK-5127

task(dev_test): create basic sample app to showcase vault sdk integra…

def2f4a

…tion SDK-5127

task(dev_test): Major commit SDK-5127

71cdc89

* Fixes TODOs * Refactor public APIs of VaultSDK class to support typed values for tokenization/de-tokenization * Refactor TokenRepositoryImpl logic to small classes * update sample app

task(dev_test): remove unused code SDK-5127

cfa50a9

piyush-kukadiya requested review from Anush-Shand and CTLalit September 22, 2025 08:19

This comment was marked as outdated.

Sign in to view

piyush-kukadiya added 2 commits September 22, 2025 14:28

task(dev_test): fix sdk init SDK-5127

d8660a8

task(dev_test): update readme, proguard SDK-5127

7d6ccce

piyush-kukadiya mentioned this pull request Sep 23, 2025

Add unit tests for SDK code SDK-5216 #10

Open

coderabbitai bot reviewed Sep 23, 2025

View reviewed changes

Anush-Shand reviewed Sep 23, 2025

View reviewed changes

piyush-kukadiya added 2 commits September 23, 2025 14:24

task(dev_test): remove unused method SDK-5127

2f92869

task(dev_test): rename local delay var SDK-5127

2075ac3

akashvercetti changed the title ~~Valut implementation SDK-5127~~ Vault implementation SDK-5127 Sep 23, 2025

piyush-kukadiya added 3 commits September 23, 2025 15:18

task(dev_test): move converter code to util package SDK-5127

eba9be9

task(dev_test): remove unused layout file from sample app SDK-5127

cb97371

task(dev_test): add comments to toml file SDK-5127

691228c

cursor bot reviewed Sep 23, 2025

View reviewed changes

piyush-kukadiya added 2 commits September 23, 2025 17:51

task(dev_test): make sessionKey lazy SDK-5127

5e51f2a

task(dev_test): update proguard SDK-5127

9ed7356

-class CTKeyGenerator() {
-    fun generateSecretKey(): SecretKey {
-        // If key doesn't exist, generate a new one and store it
-        val keyGenerator = KeyGenerator.getInstance("AES")
-        keyGenerator.init(256) // 256-bit AES key
-        val secretKey = keyGenerator.generateKey()
-        return secretKey
-    }
-}
+package com.clevertap.android.vault.sdk.encryption
+import android.os.Build
+import android.security.keystore.KeyGenParameterSpec
+import android.security.keystore.KeyProperties
+import java.security.KeyStore
+import javax.crypto.KeyGenerator
+import javax.crypto.SecretKey
+class CTKeyGenerator {
+    /**
+     * Retrieves an existing key from AndroidKeyStore or creates a new one.
+     * Alias is stable to ensure persistence across sessions.
+     */
+    fun getOrCreateKey(alias: String = "ct_vault_network_key"): SecretKey {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            val keyStore = KeyStore.getInstance("AndroidKeyStore").apply { load(null) }
+            (keyStore.getKey(alias, null) as? SecretKey)?.let { return it }
+            val kg = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore")
+            val spec = KeyGenParameterSpec.Builder(
+                alias,
+                KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
+            )
+                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
+                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+                .setKeySize(256)
+                .build()
+            kg.init(spec)
+            return kg.generateKey()
+        }
+        // Fallback for API < 23: ephemeral in-memory key
+        return generateSecretKey()
+    }
+    fun generateSecretKey(): SecretKey {
+        val keyGenerator = KeyGenerator.getInstance("AES")
+        keyGenerator.init(256) // 256-bit AES key
+        val secretKey = keyGenerator.generateKey()
+        return secretKey
+    }
+}

		@@ -1,0 +1,30 @@
		# 1. PUBLIC API - Main SDK class and public result models

Vault implementation SDK-5127 #11

Are you sure you want to change the base?

Vault implementation SDK-5127 #11

Uh oh!

Conversation

piyush-kukadiya commented Sep 22, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Sep 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Other AI code review bot(s) detected

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Poem

Pre-merge checks and finishing touches

Uh oh!

francispereira commented Sep 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

🎉 Snyk checks have passed. No issues have been found so far.

Uh oh!

piyush-kukadiya commented Sep 22, 2025

Uh oh!

coderabbitai bot commented Sep 22, 2025

Uh oh!

This comment was marked as outdated.

Uh oh!

piyush-kukadiya commented Sep 22, 2025

Uh oh!

coderabbitai bot commented Sep 22, 2025

Uh oh!

piyush-kukadiya commented Sep 23, 2025

Uh oh!

coderabbitai bot commented Sep 23, 2025

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

piyush-kukadiya commented Sep 22, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Sep 22, 2025 •

edited

Loading

francispereira commented Sep 22, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading

coderabbitai bot Sep 23, 2025 •

edited

Loading