From ff73323c84f360cc2f4561bd7f97d53405e77ae9 Mon Sep 17 00:00:00 2001
From: Rinkal Bhojani <rinkal.bhojani@ayanworks.com>
Date: Fri, 2 Jan 2026 20:01:25 +0530
Subject: [PATCH 1/2] fix: allowed any dcql query support, fixed nested
 attribute's disclosure frame

Signed-off-by: Rinkal Bhojani <rinkal.bhojani@ayanworks.com>
---
 .../dtos/oid4vc-verifier-presentation.dto.ts  |  8 +--
 .../helpers/credential-sessions.builder.ts    | 49 ++++++++++---------
 2 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/apps/api-gateway/src/oid4vc-verification/dtos/oid4vc-verifier-presentation.dto.ts b/apps/api-gateway/src/oid4vc-verification/dtos/oid4vc-verifier-presentation.dto.ts
index 6a8c2d776..1025a51b4 100644
--- a/apps/api-gateway/src/oid4vc-verification/dtos/oid4vc-verifier-presentation.dto.ts
+++ b/apps/api-gateway/src/oid4vc-verification/dtos/oid4vc-verifier-presentation.dto.ts
@@ -265,11 +265,11 @@ export class DcqlQueryDto {
 }
 
 export class DcqlDto {
-  @ApiProperty({ type: DcqlQueryDto })
+  //@ApiProperty({ type: DcqlQueryDto })
   @IsDefined()
-  @ValidateNested()
-  @Type(() => DcqlQueryDto)
-  query: DcqlQueryDto;
+  //@ValidateNested()
+  //@Type(() => DcqlQueryDto)
+  query: unknown;
 }
 
 /**
diff --git a/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts b/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
index b849355a9..f2476c317 100644
--- a/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
+++ b/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
@@ -95,10 +95,12 @@ export interface BuiltCredentialOfferBase {
 export type CredentialOfferPayload = BuiltCredentialOfferBase &
   (
     | {
-        preAuthorizedCodeFlowConfig: {
-          txCode: { description?: string; length: number; input_mode: 'numeric' | 'text' | 'alphanumeric' };
-          authorizationServerUrl: string;
-        };
+        preAuthorizedCodeFlowConfig:
+          | {
+              txCode: { description?: string; length: number; input_mode: 'numeric' | 'text' | 'alphanumeric' };
+              authorizationServerUrl: string;
+            }
+          | undefined;
         authorizationCodeFlowConfig?: never;
       }
     | {
@@ -225,31 +227,32 @@ export function validatePayloadAgainstTemplate(template: any, payload: any): { v
 
 function buildDisclosureFrameFromTemplate(attributes: CredentialAttribute[]): DisclosureFrame {
   const frame: DisclosureFrame = {};
-  const rootSd: string[] = [];
+  const sd: string[] = [];
 
   for (const attr of attributes) {
-    if (!attr.disclose) {
-      continue;
-    }
-
-    // Case 1: attribute has children → nested disclosure
-    if (attr.children && 0 < attr.children.length) {
-      const childSd = attr.children.filter((child) => child.disclose).map((child) => child.key);
-
-      if (0 < childSd.length) {
-        frame[attr.key] = {
-          _sd: childSd
-        };
+    const childFrame =
+      attr.children && 0 < attr.children.length ? buildDisclosureFrameFromTemplate(attr.children) : undefined;
+
+    const hasChildDisclosure =
+      childFrame && (childFrame._sd?.length || Object.keys(childFrame).some((k) => '_sd' !== k));
+
+    // Case 1: this attribute itself is disclosed
+    if (attr.disclose) {
+      // If it has children, children are handled separately
+      if (!attr.children || 0 === attr.children.length) {
+        sd.push(attr.key);
+        continue;
       }
-      continue;
     }
 
-    // Case 2: simple attribute → root SD
-    rootSd.push(attr.key);
+    // Case 2: attribute has disclosed children
+    if (hasChildDisclosure) {
+      frame[attr.key] = childFrame!;
+    }
   }
 
-  if (0 < rootSd.length) {
-    frame._sd = rootSd;
+  if (0 < sd.length) {
+    frame._sd = sd;
   }
 
   return frame;
@@ -491,7 +494,7 @@ export function buildCredentialOfferPayload(
     return {
       ...baseEnvelope,
       preAuthorizedCodeFlowConfig: {
-        txCode: DEFAULT_TXCODE,
+        txCode: DEFAULT_TXCODE, // Pass undefined to enable no auth implementation, TODO: Need to make it configuarble.
         authorizationServerUrl: overrideAuthorizationServerUrl
       }
     };

From 9d9fa29276047d8b3d15da6ed89d6742ed69d8c3 Mon Sep 17 00:00:00 2001
From: Rinkal Bhojani <rinkal.bhojani@ayanworks.com>
Date: Fri, 2 Jan 2026 20:17:57 +0530
Subject: [PATCH 2/2] fix: minor fix

Signed-off-by: Rinkal Bhojani <rinkal.bhojani@ayanworks.com>
---
 .../libs/helpers/credential-sessions.builder.ts        | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts b/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
index f2476c317..dac66df5e 100644
--- a/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
+++ b/apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts
@@ -95,12 +95,10 @@ export interface BuiltCredentialOfferBase {
 export type CredentialOfferPayload = BuiltCredentialOfferBase &
   (
     | {
-        preAuthorizedCodeFlowConfig:
-          | {
-              txCode: { description?: string; length: number; input_mode: 'numeric' | 'text' | 'alphanumeric' };
-              authorizationServerUrl: string;
-            }
-          | undefined;
+        preAuthorizedCodeFlowConfig: {
+          txCode: { description?: string; length: number; input_mode: 'numeric' | 'text' | 'alphanumeric' } | undefined;
+          authorizationServerUrl?: string;
+        };
         authorizationCodeFlowConfig?: never;
       }
     | {