Phase J1: Anonymous Scan¶
This phase turned the basic scan path into a realistic anonymous shopping journey. A person can use a GS1 Digital Link, remain pseudonymous, see a real product result, and report an unknown product.
Task 1.0: GS1 Digital Link SDK¶
Like you're 5¶
Product barcodes speak a special international language. We built a translator that understands that language and checks that product numbers are written correctly. We built the same translator for two different rooms and gave both the same exam.
Normal Explanation¶
PackyTrace now contains a standalone GS1 Digital Link SDK with Go and TypeScript implementations. It parses standard identifiers for products, lots, serial numbers, and expiry dates. It normalizes shorter GTINs into GTIN-14 and verifies their check digits, rejecting invalid identifiers instead of resolving the wrong product.
Both implementations run against one shared set of golden test vectors, ensuring they interpret the same link identically. The SDK contains no PackyTrace-specific domain logic, allowing it to become an independent open-source package later.
Technologies used: GS1 Digital Link is the barcode-link standard; a GTIN is a global product identifier; a check digit detects mistyped numbers; golden test vectors are shared examples with expected results.
Task 1.1: Barcode-Link Resolver¶
Like you're 5¶
When someone opens a product's special barcode link, a receptionist reads it, creates a scan receipt, remembers the anonymous visitor, and points their browser to the correct result page.
Normal Explanation¶
The passport service now accepts GS1 paths such as /01/{gtin}/10/{lot}. It parses
them with the SDK, creates a scan, sets a pseudonymous Visitor ID cookie, and responds
with an HTTP 302 redirect to the web result page.
The API gateway converts the trusted visitor cookie into the X-Visitor-Id header used
by backend services. This lets the redirected page retrieve the scan as its owner.
The catalog seed was also corrected to use valid GTIN check digits.
Technologies used: HTTP 302 redirects move the browser to another URL; cookies
remember browser state; HTTP headers carry trusted request metadata.
Task 1.2: Lot, Serial, and Expiry Data¶
Like you're 5¶
Two boxes can contain the same product but come from different batches, have different serial numbers, or expire on different days. We taught the scanner to keep those details too.
Normal Explanation¶
POST /api/v1/scans now accepts and validates GS1 lot, serial, and expiry information
using the same SDK as the barcode-link resolver. This prevents the API and resolver
from interpreting product identifiers differently.
Technologies used: GS1 Application Identifiers 10, 21, and 17 represent lot,
serial, and expiry; shared SDK validation keeps behavior consistent.
Task 1.3: Request a Missing Product¶
Like you're 5¶
If a product is not in the filing cabinet, the visitor can leave a note asking the shop to add it later.
Normal Explanation¶
The passport service now implements
POST /api/v1/products/{gtin}/requests. It stores requests for unknown products in the
product_requests table and returns HTTP 202 Accepted, meaning the request was
received but the product is not available yet.
Technologies used: an HTTP API receives the request; PostgreSQL stores it; 202
communicates deferred processing.
Task 1.4: Real Anonymous Result Page¶
Like you're 5¶
The website can now show the real product card it receives from the product room. If some information is missing, it says so honestly. If the product is unknown, it shows a button for asking PackyTrace to add it.
Normal Explanation¶
The product result page was connected to real backend data. It displays available product, journey, and eco information, uses degraded states instead of inventing missing facts, and offers a report action for unknown GTINs. The gateway's CORS configuration allows the separately hosted development web app to call the API.
Technologies used: SvelteKit renders the page; the API client and mappers translate backend JSON; CORS is the browser security configuration that permits the local web app origin to call the gateway.
Checkpoint J1¶
Like you're 5¶
We tested the whole anonymous journey while keeping the pretend demo available as a backup.
Normal Explanation¶
The complete anonymous path works from GS1 link to redirected real result page, including unknown-product reporting. At this checkpoint the mock UI remained available as the pitch-safe fallback.