remove lazy loading

[transphorm]

Remove lazy loading to fix mobile deploy workflow

Summary by CodeRabbit

• New Features

  • Web: Added BlurView and SvgXml platform wrappers; SVG XML is sanitized before rendering.

• Refactor

  • Navigation screens now load eagerly (replaced lazy imports) and Suspense-based loader removed.

• Build

  • Web build uses workspace script; added web alias for BlurView; Jest transforms @sentry; ESLint TS resolver extensions; Node pin updated to 22.12.0; dompurify added; enabled yarn global cache.

• Tests

  • Updated expected navigation list; removed flaky web preview build test.

• Chores

  • Added cache-built-deps action and improved CI caching/verification.

[coderabbitai]

Walkthrough

Removed the lazy-loading helper and React.lazy usage across navigation modules, deleted Suspense fallback, added platform SvgXml and Blur web mocks/wrappers, updated many import paths to new @selfxyz/common public subpaths, introduced a composite CI caching action and workflow changes, adjusted tooling/configs and dependencies (Vite, Jest, ESLint, package.json, .nvmrc).

Changes

Cohort / File(s)	Summary
Navigation: eager imports & Suspense removal app/src/navigation/aesop.ts, app/src/navigation/devTools.ts, app/src/navigation/document.ts, app/src/navigation/home.ts, app/src/navigation/index.tsx, app/src/navigation/lazyWithPreload.ts, app/src/navigation/prove.ts, app/src/navigation/recovery.ts, app/src/navigation/recovery.web.ts, app/src/navigation/settings.ts, app/src/navigation/settings.web.ts, app/src/navigation/system.tsx	Replaced React.lazy-based dynamic imports with static imports for screen components, removed the lazyWithPreload helper and Suspense fallback. Navigation maps preserved; screen values are now direct component imports (type shape changed).
SVG wrapper & RN web mocks app/src/components/homeScreen/idCard.tsx, app/src/components/homeScreen/SvgXmlWrapper.tsx, app/src/components/homeScreen/SvgXmlWrapper.native.tsx, app/src/components/homeScreen/SvgXmlWrapper.web.tsx, app/src/mocks/react-native-svg.ts, app/src/mocks/react-native-community-blur.ts, app/vite.config.ts	Added platform-specific SvgXml wrapper (native + web), added web mocks for react-native-svg and @react-native-community/blur, wired Vite alias for blur mock, and updated idCard to use the wrapper and new public @selfxyz/common import paths. Web SvgXml sanitizes SVG via DOMPurify.
Type-only import path updates app/src/screens/home/HomeScreen.tsx, app/src/screens/home/IdDetailsScreen.tsx	Moved type imports (PassportData, DocumentCatalog) to @selfxyz/common public subpaths; no runtime changes.
Tests app/tests/src/navigation.test.ts, app/tests/web-build-render.test.ts	Unit test expected navigation keys updated (added IdDetails); removed a web build/render integration test file.
Tooling, CI, configs & deps .github/workflows/mobile-ci.yml, .github/actions/cache-built-deps/action.yml, .github/workflows/web.yml, app/jest.config.cjs, app/.eslintrc.cjs, app/package.json, .nvmrc, .yarnrc.yml	Added composite cache-built-deps GitHub Action and switched mobile CI to use it with validation/debug steps; web workflow uses workspace build script; added @sentry to Jest transform allowlist; extended ESLint TS resolver extensions; added dompurify/@types; enabled Yarn global cache; bumped Node pin to 22.12.0.
Android cleanup app/android/app/src/main/java/.../MainActivity.kt, app/android/app/src/main/java/.../MainApplication.kt	Removed unused/unused-imported Self Passport Reader package/imports; no runtime behavior change.
RN config refactor packages/mobile-sdk-alpha/react-native.config.cjs	Refactored exported config shape (dependencies → dependency) and removed top-level project property; platform sections preserved.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant App
  participant Navigation
  participant Suspense as Suspense (old)
  participant Lazy as LazyScreen
  Note over App,Suspense: Old flow (lazy + Suspense)
  User->>App: Open app
  App->>Suspense: Render Navigation inside Suspense
  Navigation->>Lazy: First visit → dynamic import()
  Lazy-->>Navigation: Async module resolved
  Suspense-->>User: Show fallback UI until ready
  Navigation-->>User: Render loaded screen

Loading

sequenceDiagram
  autonumber
  actor User
  participant App
  participant Navigation
  participant Screen as StaticScreen
  Note over App,Screen: New flow (eager imports)
  User->>App: Open app
  App->>Navigation: Render directly (no Suspense)
  Navigation->>Screen: Use already-imported component
  Screen-->>User: Immediate render

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Chore: Fix web building and loading #814 — Similar migration replacing React.lazy dynamic imports with static imports across navigation modules.
• SELF-702: Refactor navigation structure and dev utilities #994 — Overlapping edits to navigation lazy helper and navigation screen imports; touches same helper/files.
• Start of Web App #689 — Related web platform work (SvgXml/blur mocks, Vite alias, web-specific navigation changes).

Suggested labels

codex

Suggested reviewers

• remicolin

Quiet the suspense, screens load at dawn,
SVGs scrubbed safe, and blurs gently drawn.
CI caches hum, imports tidy and lean —
A cleaner app wakes, calm and evergreen. 🎉

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title succinctly captures the primary change by indicating the removal of lazy loading and is both concise and directly relevant to the bulk of the refactoring in the PR.
Description Check	✅ Passed	The description clearly states that lazy loading is removed to fix the mobile deployment workflow, which aligns with the primary modifications made in the PR.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch justin/remove-lazy-loading-fix-build-deps

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

app/src/navigation/aesop.ts (1)

9-9: Avoid eager-evaluating Aesop screen when redesign is off

Static import always evaluates the module at startup, even if shouldShowAesopRedesign() returns false. This can hurt cold start on low-end devices. Defer evaluation by requiring the screen only when the redesign is enabled.

Apply this diff to gate evaluation without re-introducing React.lazy:

-import DocumentOnboardingScreen from '@/screens/aesop/DocumentOnboardingScreen';
+// Defer evaluation to runtime when the redesign is enabled

And update the screen reference:

-    screen: DocumentOnboardingScreen,
+    screen: require('@/screens/aesop/DocumentOnboardingScreen').default,

If you prefer to keep imports at top-level, please at least verify cold-start/TTI did not regress.

Also applies to: 12-26

app/src/navigation/document.ts (1)

7-13: Heavy document/NFC flows now evaluated at startup

Camera/NFC screens tend to pull large deps. Static imports will evaluate these on app launch, which can regress cold start and memory. Prefer deferring evaluation with inline require where defined in the screens map (no Suspense needed).

Apply this diff to defer evaluation:

- import DocumentCameraScreen from '@/screens/document/DocumentCameraScreen';
- import DocumentCameraTroubleScreen from '@/screens/document/DocumentCameraTroubleScreen';
- import DocumentNFCMethodSelectionScreen from '@/screens/document/DocumentNFCMethodSelectionScreen';
- import DocumentNFCScanScreen from '@/screens/document/DocumentNFCScanScreen';
- import DocumentNFCTroubleScreen from '@/screens/document/DocumentNFCTroubleScreen';
- import DocumentOnboardingScreen from '@/screens/document/DocumentOnboardingScreen';
- import UnsupportedDocumentScreen from '@/screens/document/UnsupportedDocumentScreen';
+ // Defer screen module evaluation to when they are actually used

Then update screen refs (outside this hunk), e.g.:

- screen: DocumentCameraScreen,
+ screen: require('@/screens/document/DocumentCameraScreen').default,

Repeat for each document screen.

Please measure cold start on a low-end Android device before/after this PR.

app/src/navigation/prove.ts (1)

7-11: Avoid cold-start regression: heavy screens now eagerly imported (esp. impactful on Web).

ProveScreen (socket.io, proof stack) and QR scanner screens likely pull in heavy deps. Eager imports increase initial JS parse/TTI, particularly for Web where you previously benefitted from chunking. Consider Web-only code-splitting that doesn’t require Suspense (e.g., @loadable/component), keeping Native as static.

Example patch (Web-only splitting for the heaviest screens):

 import type { NativeStackNavigationOptions } from '@react-navigation/native-stack';
+import { Platform } from 'react-native';
+import loadable from '@loadable/component';

-import ProveScreen from '@/screens/prove/ProveScreen';
-import QRCodeTroubleScreen from '@/screens/prove/QRCodeTroubleScreen';
-import QRCodeViewFinderScreen from '@/screens/prove/QRCodeViewFinderScreen';
+const ProveScreen =
+  Platform.OS === 'web'
+    ? loadable(() => import('@/screens/prove/ProveScreen'))
+    : require('@/screens/prove/ProveScreen').default;
+const QRCodeTroubleScreen =
+  Platform.OS === 'web'
+    ? loadable(() => import('@/screens/prove/QRCodeTroubleScreen'))
+    : require('@/screens/prove/QRCodeTroubleScreen').default;
+const QRCodeViewFinderScreen =
+  Platform.OS === 'web'
+    ? loadable(() => import('@/screens/prove/QRCodeViewFinderScreen'))
+    : require('@/screens/prove/QRCodeViewFinderScreen').default;

app/src/navigation/recovery.web.ts (1)

7-7: Keep Web bundle lean: reintroduce code-splitting without Suspense.

This screen is rarely hit; static import inflates initial Web bundle. Use @loadable/component here to preserve chunking while keeping Native static elsewhere.

-import DocumentDataNotFound from '@/screens/recovery/DocumentDataNotFoundScreen';
+import loadable from '@loadable/component';
+const DocumentDataNotFound = loadable(
+  () => import('@/screens/recovery/DocumentDataNotFoundScreen')
+);

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ff678b3 and f9746e8.

📒 Files selected for processing (12)

• app/src/navigation/aesop.ts (1 hunks)
• app/src/navigation/devTools.ts (1 hunks)
• app/src/navigation/document.ts (1 hunks)
• app/src/navigation/home.ts (1 hunks)
• app/src/navigation/index.tsx (2 hunks)
• app/src/navigation/lazyWithPreload.ts (0 hunks)
• app/src/navigation/prove.ts (1 hunks)
• app/src/navigation/recovery.ts (1 hunks)
• app/src/navigation/recovery.web.ts (1 hunks)
• app/src/navigation/settings.ts (1 hunks)
• app/src/navigation/settings.web.ts (1 hunks)
• app/src/navigation/system.tsx (1 hunks)

💤 Files with no reviewable changes (1)

• app/src/navigation/lazyWithPreload.ts

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/navigation/aesop.ts
• app/src/navigation/index.tsx
• app/src/navigation/document.ts
• app/src/navigation/settings.web.ts
• app/src/navigation/prove.ts
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx
• app/src/navigation/settings.ts
• app/src/navigation/recovery.ts
• app/src/navigation/recovery.web.ts

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/navigation/aesop.ts
• app/src/navigation/index.tsx
• app/src/navigation/document.ts
• app/src/navigation/settings.web.ts
• app/src/navigation/prove.ts
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx
• app/src/navigation/settings.ts
• app/src/navigation/recovery.ts
• app/src/navigation/recovery.web.ts

🧠 Learnings (9)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Applied to files:

• app/src/navigation/aesop.ts
• app/src/navigation/document.ts
• app/src/navigation/settings.web.ts
• app/src/navigation/prove.ts
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx
• app/src/navigation/settings.ts
• app/src/navigation/recovery.ts
• app/src/navigation/recovery.web.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Applied to files:

• app/src/navigation/aesop.ts
• app/src/navigation/index.tsx
• app/src/navigation/document.ts
• app/src/navigation/settings.web.ts
• app/src/navigation/prove.ts
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx
• app/src/navigation/settings.ts
• app/src/navigation/recovery.ts
• app/src/navigation/recovery.web.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Applied to files:

• app/src/navigation/aesop.ts
• app/src/navigation/index.tsx
• app/src/navigation/document.ts
• app/src/navigation/settings.web.ts
• app/src/navigation/prove.ts
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx
• app/src/navigation/settings.ts
• app/src/navigation/recovery.ts
• app/src/navigation/recovery.web.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Set platform-specific initial routes: web → Home, mobile → Splash

Applied to files:

• app/src/navigation/index.tsx
• app/src/navigation/home.ts
• app/src/navigation/devTools.ts
• app/src/navigation/system.tsx

📚 Learning: 2025-08-26T14:49:11.190Z

Learnt from: shazarre
PR: selfxyz/self#936
File: app/src/screens/passport/PassportNFCScanScreen.tsx:28-31
Timestamp: 2025-08-26T14:49:11.190Z
Learning: The main App.tsx file is located at app/App.tsx (not in app/src), and it properly wraps the entire app with SelfClientProvider at the top of the provider hierarchy, enabling useSelfClient() hook usage throughout all navigation screens.

Applied to files:

• app/src/navigation/index.tsx

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Document complex native module changes for AI review

Applied to files:

• app/src/navigation/document.ts

📚 Learning: 2025-08-23T02:02:02.556Z

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

Applied to files:

• app/src/navigation/devTools.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• app/src/navigation/devTools.ts

🧬 Code graph analysis (1)

app/src/navigation/prove.ts (1)

app/src/screens/ProveScreen.tsx (3)

• generatingProof (21-247)
• key (200-209)
• result (83-108)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: build-ios
• GitHub Check: e2e-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android

🔇 Additional comments (8)

app/src/navigation/settings.web.ts (1)

7-9: Web bundle size/TTI risk after removing dynamic imports

Static imports will pull these screens into the main web chunk, potentially regressing TTI. If the removal of lazy loading was to address build issues, please validate that web performance remains acceptable (LCP/TTI) and consider route-level code splitting at the bundler layer if needed.

app/src/navigation/devTools.ts (1)

7-12: Restrict production access to dev tools screens
Ensure all devTools routes are gated by __DEV__ or a feature flag to prevent production access:

• Wrap the imports and devScreens export in app/src/navigation/devTools.ts in an if (__DEV__) or equivalent guard.
• Remove or guard the deep link entry for MockDataDeepLink in app/src/utils/deeplinks.ts (line 158).
• Guard calls to navigation.navigate('CreateMock') in ManageDocumentsScreen.tsx (line 289) and DevSettingsScreen.tsx (lines 302, 351).

⛔ Skipped due to learnings

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Organize screens by feature modules (passport, home, settings, etc.)

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.setup.js : Provide comprehensive Jest setup in app/jest.setup.js with required mocks

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to jest.setup.js : Maintain comprehensive mocks in jest.setup.js for all native modules

app/src/navigation/settings.ts (1)

7-11: Eager-loading settings stack—confirm no heavy module side effects

Bringing all settings screens into the startup path can increase eval time if any of these modules do expensive work at import time (I/O, crypto, large JSON). Ensure these screens perform initialization inside effects/handlers, not at module top-level.

app/src/navigation/index.tsx (1)

5-6: All lazy/Suspense usage removed — Verified no React.lazy, <Suspense>, or lazyWithPreload references remain in the codebase; no further action needed.

app/src/navigation/system.tsx (1)

9-13: LGTM on eager system screens

System screens are lightweight and safe to eager-load; header usage with SystemBars remains correct.

app/src/navigation/home.ts (1)

8-11: Home stack static imports look fine

Core home views are frequently visited; eager-loading is reasonable here.

app/src/navigation/prove.ts (1)

1-12: Confirm no lazy/Suspense remains
No occurrences of React.lazy , lazy() , or found in app/src.

app/src/navigation/recovery.ts (1)

7-12: LGTM for Native.

Static imports on Native are acceptable since Metro doesn’t provide meaningful runtime code-splitting; navigation config remains consistent.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f9746e8 and 2687031.

📒 Files selected for processing (1)

• app/jest.config.cjs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

app/jest.config.cjs

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

app/jest.config.cjs: Use Jest in the app with a React Native preset configured in app/jest.config.cjs
Configure moduleNameMapper in app/jest.config.cjs to map '@/'' to 'src/' and '@tests/' to 'tests/src/'

Files:

• app/jest.config.cjs

🧠 Learnings (6)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.config.cjs : Configure moduleNameMapper in app/jest.config.cjs to map '@/'' to 'src/' and 'tests/' to 'tests/src/'

Applied to files:

• app/jest.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.config.cjs : Use Jest in the app with a React Native preset configured in app/jest.config.cjs

Applied to files:

• app/jest.config.cjs

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to tests/src/**/*.{ts,tsx,js,jsx} : Use tests/ alias for test imports

Applied to files:

• app/jest.config.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• app/jest.config.cjs

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to jest.setup.js : Maintain comprehensive mocks in jest.setup.js for all native modules

Applied to files:

• app/jest.config.cjs

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-android
• GitHub Check: test
• GitHub Check: build-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (1)

app/jest.config.cjs (1)

6-7: Jest preset and path aliases look correct

react-native preset is set, and '@/…' plus '@tests/…' mappings match our guidelines. No action needed.

Also applies to: 16-19

[remicolin]

update the base to dev

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2687031 and fe50017.

📒 Files selected for processing (10)

• .github/workflows/web.yml (1 hunks)
• app/src/components/homeScreen/SvgXmlWrapper.tsx (1 hunks)
• app/src/components/homeScreen/idCard.tsx (1 hunks)
• app/src/mocks/react-native-community-blur.ts (1 hunks)
• app/src/mocks/react-native-svg.ts (1 hunks)
• app/src/navigation/home.ts (1 hunks)
• app/src/navigation/index.tsx (2 hunks)
• app/src/screens/home/HomeScreen.tsx (1 hunks)
• app/src/screens/home/IdDetailsScreen.tsx (1 hunks)
• app/vite.config.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• app/src/navigation/index.tsx
• app/src/navigation/home.ts

🧰 Additional context used

📓 Path-based instructions (3)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/web.yml

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/components/homeScreen/SvgXmlWrapper.tsx
• app/vite.config.ts
• app/src/screens/home/IdDetailsScreen.tsx
• app/src/screens/home/HomeScreen.tsx
• app/src/mocks/react-native-community-blur.ts
• app/src/mocks/react-native-svg.ts
• app/src/components/homeScreen/idCard.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/components/homeScreen/SvgXmlWrapper.tsx
• app/src/screens/home/IdDetailsScreen.tsx
• app/src/screens/home/HomeScreen.tsx
• app/src/mocks/react-native-community-blur.ts
• app/src/mocks/react-native-svg.ts
• app/src/components/homeScreen/idCard.tsx

🧠 Learnings (18)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify Web build succeeds via yarn web

Applied to files:

• .github/workflows/web.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn build succeeds for all workspaces

Applied to files:

• .github/workflows/web.yml

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/web.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/web.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• app/vite.config.ts
• app/src/mocks/react-native-svg.ts

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.config.cjs : Configure moduleNameMapper in app/jest.config.cjs to map '@/'' to 'src/' and 'tests/' to 'tests/src/'

Applied to files:

• app/vite.config.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to tests/src/**/*.{ts,tsx,js,jsx} : Use tests/ alias for test imports

Applied to files:

• app/vite.config.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/*.{ts,tsx,js,jsx} : Use @/ alias for src imports

Applied to files:

• app/vite.config.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• app/vite.config.ts
• app/src/screens/home/HomeScreen.tsx
• app/src/components/homeScreen/idCard.tsx

📚 Learning: 2025-08-25T14:25:57.586Z

Learnt from: aaronmgdr
PR: selfxyz/self#951
File: app/src/providers/authProvider.web.tsx:17-18
Timestamp: 2025-08-25T14:25:57.586Z
Learning: The selfxyz/mobile-sdk-alpha/constants/analytics import path is properly configured with SDK exports, Metro aliases, and TypeScript resolution. Import changes from @/consts/analytics to this path are part of valid analytics migration, not TypeScript resolution issues.

Applied to files:

• app/src/screens/home/IdDetailsScreen.tsx
• app/src/screens/home/HomeScreen.tsx
• app/src/components/homeScreen/idCard.tsx

📚 Learning: 2025-08-26T14:49:11.190Z

Learnt from: shazarre
PR: selfxyz/self#936
File: app/src/screens/passport/PassportNFCScanScreen.tsx:28-31
Timestamp: 2025-08-26T14:49:11.190Z
Learning: The main App.tsx file is located at app/App.tsx (not in app/src), and it properly wraps the entire app with SelfClientProvider at the top of the provider hierarchy, enabling useSelfClient() hook usage throughout all navigation screens.

Applied to files:

• app/src/screens/home/HomeScreen.tsx

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Document complex native module changes for AI review

Applied to files:

• app/src/screens/home/HomeScreen.tsx

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Test isPassportDataValid() with realistic synthetic passport data (never real user data)

Applied to files:

• app/src/screens/home/HomeScreen.tsx
• app/src/components/homeScreen/idCard.tsx

📚 Learning: 2025-08-26T14:49:11.190Z

Learnt from: shazarre
PR: selfxyz/self#936
File: app/src/screens/passport/PassportNFCScanScreen.tsx:28-31
Timestamp: 2025-08-26T14:49:11.190Z
Learning: SelfClientProvider is wrapped in app/App.tsx, providing context for useSelfClient() hook usage throughout the React Native app navigation stacks.

Applied to files:

• app/src/screens/home/HomeScreen.tsx

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Applied to files:

• app/src/screens/home/HomeScreen.tsx

📚 Learning: 2025-08-23T02:02:02.556Z

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

Applied to files:

• app/src/screens/home/HomeScreen.tsx

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Verify extractMRZInfo() using published sample MRZ strings (e.g., ICAO examples)

Applied to files:

• app/src/components/homeScreen/idCard.tsx

🧬 Code graph analysis (1)

app/src/components/homeScreen/SvgXmlWrapper.tsx (1)

app/src/mocks/react-native-svg.ts (1)

• SvgXml (45-65)

🪛 ast-grep (0.38.6)

app/src/components/homeScreen/SvgXmlWrapper.tsx

[warning] 27-27: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

🪛 Biome (2.1.2)

app/src/mocks/react-native-svg.ts

[error] 13-14: This variable is used before its declaration.

The variable is declared here:

(lint/correctness/noInvalidUseBeforeDeclaration)

---

[error] 22-23: This variable is used before its declaration.

The variable is declared here:

(lint/correctness/noInvalidUseBeforeDeclaration)

🪛 GitHub Actions: Common CI

app/src/mocks/react-native-svg.ts

[error] 14-14: Command 'yarn types' failed. TS2448: Block-scoped variable 'SvgXml' used before its declaration.

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (5)

.github/workflows/web.yml (1)

25-25: Verified web:build script and Vite root configuration
No changes needed.

app/src/screens/home/IdDetailsScreen.tsx (1)

13-13: Import path change looks correct.

Switching DocumentCatalog to @selfxyz/common/utils/types aligns with the public API and should avoid deep import fragility. No runtime impact.

app/vite.config.ts (1)

37-40: Align Jest/TS path mapping for the blur alias.

Vite alias resolves builds, but tests/type-checkers may still resolve @react-native-community/blur to the native module. Add equivalent mappings in app/jest.config.cjs (moduleNameMapper) and, if needed, tsconfig.web.json paths to prevent test/type drift.

app/src/screens/home/HomeScreen.tsx (1)

15-16: Public API imports look good.

Type-only import path updates reduce reliance on deep ESM paths; no runtime changes.

app/src/components/homeScreen/idCard.tsx (1)

18-19: Confirm SVG XML sources remain static-only.

This screen uses a hardcoded logoSvg, which is safe. Please ensure any future SvgXml usages in this component (and elsewhere) only render trusted, static XML. If dynamic/user-provided SVG becomes necessary, adopt the sanitized web wrapper as recommended.

Also applies to: 195-200

[coderabbitai]

🛠️ Refactor suggestion

⚠️ Potential issue

XSS risk: dangerouslySetInnerHTML with untrusted SVG.

Rendering raw XML with dangerouslySetInnerHTML is exploitable if any xml originates outside of trusted, static strings. Mitigate by sanitizing on web and isolating web/native via platform files to keep mobile builds clean.

Recommended approach:

• Split into platform files to safely import a sanitizer only on web.
• Sanitize with DOMPurify on web.

Add these files:

SvgXmlWrapper.web.tsx

// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
// SPDX-License-Identifier: BUSL-1.1
import React, { createElement, forwardRef } from 'react';
import DOMPurify from 'dompurify';

type Props = {
  xml: string;
  width?: number;
  height?: number;
  style?: React.CSSProperties;
} & React.HTMLAttributes<HTMLDivElement>;

export const SvgXml = forwardRef<HTMLDivElement, Props>(({ xml, width, height, style, ...props }, ref) => {
  const safe = DOMPurify.sanitize(xml, { USE_PROFILES: { svg: true, svgFilters: true } });
  return createElement('div', {
    ref,
    style: { width: width || 'auto', height: height || 'auto', display: 'inline-block', ...style },
    dangerouslySetInnerHTML: { __html: safe },
    ...props,
  });
});
SvgXml.displayName = 'SvgXml';
export default SvgXml;

SvgXmlWrapper.native.tsx

// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
// SPDX-License-Identifier: BUSL-1.1
import React, { forwardRef } from 'react';
// eslint-disable-next-line @typescript-eslint/no-require-imports
const { SvgXml: RNSvgXml } = require('react-native-svg');

type Props = {
  xml: string;
  width?: number;
  height?: number;
  style?: unknown;
};

export const SvgXml = forwardRef<any, Props>((p, ref) => <RNSvgXml ref={ref} {...p} />);
SvgXml.displayName = 'SvgXml';
export default SvgXml;

Also add dompurify to web workspace devDeps and map @/components/homeScreen/SvgXmlWrapper imports to these platform files automatically.

Happy to open a PR commit adding the files and dependency.

🧰 Tools

🪛 ast-grep (0.38.6)

[warning] 27-27: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

🤖 Prompt for AI Agents

In app/src/components/homeScreen/SvgXmlWrapper.tsx around lines 20-31 the code
uses dangerouslySetInnerHTML with raw xml (XSS risk). Replace this single
platform file with two platform-specific files: SvgXmlWrapper.web.tsx — import
DOMPurify, sanitize the xml (use profiles for svg/svgFilters) and render with
dangerouslySetInnerHTML using the sanitized string; SvgXmlWrapper.native.tsx —
re-export/forward to react-native-svg's SvgXml (no DOMPurify) to keep mobile
bundle clean. Add dompurify to the web workspace devDeps and ensure module
resolution maps imports of "@/components/homeScreen/SvgXmlWrapper" to the
platform files so existing imports remain unchanged.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/mobile-ci.yml (1)

231-236: Bundler cache path mismatch; gems won’t be restored.

Cache points to app/ios/vendor/bundle but Bundler installs to app/vendor/bundle. Fix to ensure cache hits.

Apply:

-      - name: Cache Ruby gems
-        uses: ./.github/actions/cache-bundler
-        with:
-          path: app/ios/vendor/bundle
+      - name: Cache Ruby gems
+        uses: ./.github/actions/cache-bundler
+        with:
+          path: app/vendor/bundle
           lock-file: app/Gemfile.lock
           cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_GEMS_CACHE_VERSION }}-ruby${{ env.RUBY_VERSION }}

No change needed to:

bundle config set --local path 'vendor/bundle'

which resolves to app/vendor/bundle.

Also applies to: 287-291

🧹 Nitpick comments (2)

.github/workflows/mobile-ci.yml (2)

74-81: Replace direct actions/cache calls with internal composite actions for policy compliance.

House rule is to use .github/actions caching composites. Please wrap built-deps, Xcode, and NDK caches in composites (e.g., cache-built-deps, cache-xcode, cache-ndk) and reference those instead of actions/cache directly.

I can draft minimal composite actions for built-deps, Xcode build/index, and NDK to drop in under .github/actions/.

Also applies to: 88-94, 142-149, 155-162, 245-255, 256-262, 415-419

---

105-105: Run tests on Ubuntu runners to cut cost/queue time.

Jest/unit tests don’t need macOS; switching to ubuntu-latest usually halves cost and speeds up CI.

-  test:
-    runs-on: macos-latest-large
+  test:
+    runs-on: ubuntu-latest

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe50017 and 1f5097e.

📒 Files selected for processing (3)

• .github/workflows/mobile-ci.yml (1 hunks)
• app/src/mocks/react-native-svg.ts (1 hunks)
• app/tests/src/navigation.test.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• app/src/mocks/react-native-svg.ts

🧰 Additional context used

📓 Path-based instructions (3)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/mobile-ci.yml

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/tests/src/navigation.test.ts

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• app/tests/src/navigation.test.ts

🧠 Learnings (12)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: After review changes, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify iOS build succeeds via yarn ios

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Verify package conditions are valid (e.g., exports conditions)

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Ensure package exports are properly configured

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Run the app with yarn ios during development as needed

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Avoid introducing circular dependencies

Applied to files:

• .github/workflows/mobile-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build-android
• GitHub Check: test
• GitHub Check: build-ios
• GitHub Check: e2e-ios
• GitHub Check: analyze-android

🔇 Additional comments (1)

app/tests/src/navigation.test.ts (1)

31-31: Addition of IdDetails to expected routes looks correct.

Alphabetical order is preserved and matches the new static import. No further changes needed.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/mobile-ci.yml (1)

204-215: Prefer a single, repo-standard test:build entrypoint to reduce bespoke checks.

We already validate/repair artifacts earlier; invoking the central script (build+types+tests) keeps CI intent consistent and future-proof with repo guidance.

Apply:

-      - name: Test
-        run: |
-          # Final verification from app directory perspective
-          echo "Final verification before running tests (from app directory)..."
-          if [ ! -f "../packages/mobile-sdk-alpha/dist/cjs/index.cjs" ] || [ ! -f "../common/dist/cjs/index.cjs" ]; then
-            echo "❌ Dependencies still not found from app directory"
-            ls -la ../packages/mobile-sdk-alpha/dist/ || echo "mobile-sdk-alpha dist not found"
-            ls -la ../common/dist/ || echo "common dist not found"
-            exit 1
-          fi
-          echo "✅ All dependencies verified, running tests..."
-          yarn test
+      - name: Test
+        run: yarn workspace @selfxyz/mobile-app run test:build
         working-directory: ./app

🧹 Nitpick comments (2)

.github/workflows/mobile-ci.yml (2)

141-148: Align cache usage with repo policy: wrap actions/cache into a composite for built-deps.

Workflows should avoid calling actions/cache directly; prefer shared composite actions from .github/actions. Yarn/Bundler/Gradle/Pods already follow this; do the same for built-deps to standardize keys, logging, and restore/save behavior across jobs.

Follow-up:

• Add .github/actions/cache-built-deps (restore/save) that accepts path + key inputs and emits cache-hit.
• Replace direct actions/cache restore/save in all jobs with that composite. This reduces drift and simplifies future key/version changes.

Also applies to: 174-181, 312-333, 471-492

---

105-106: Run tests on ubuntu-latest to reduce cost/queue time.

The test job doesn’t require Xcode; using macOS here is expensive and often slower. Move tests to Ubuntu; keep iOS build on macOS.

-  test:
-    runs-on: macos-latest-large
+  test:
+    runs-on: ubuntu-latest

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1f5097e and 1a31669.

📒 Files selected for processing (1)

• .github/workflows/mobile-ci.yml (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/mobile-ci.yml

🧠 Learnings (9)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: After review changes, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify iOS build succeeds via yarn ios

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Run the app with yarn ios during development as needed

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Verify package conditions are valid (e.g., exports conditions)

Applied to files:

• .github/workflows/mobile-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (3)

.github/workflows/mobile-ci.yml (3)

149-159: Diagnostics step is solid and non-fatal.

The cache debug step gives quick signal on cache-hit status and artifacts without failing the job. Good guardrails for the built-deps cache.

---

165-173: Good defensive verification after cache miss build.

Verifying key artifacts prevents silent “green but broken” runs and speeds up failure discovery. Nice.

---

181-202: Resilient fallback guards against partial/empty caches.

Forcing a rebuild only when artifacts are missing keeps the job stable without paying the rebuild cost on cache hits. Sensible trade-off.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/tests/web-build-render.test.ts (1)

13-33: Avoid overriding the global Error constructor in tests

Replacing global.Error can break instanceof checks for native/Node errors, skew stack handling, and leak across Jest environments. Prefer local serialization helpers or, if absolutely needed, add a non-invasive Error.prototype.toJSON instead of swapping the constructor.

-// Comprehensive error serialization safety
-const originalError = global.Error;
-global.Error = class SafeError extends originalError {
-  constructor(...args: any[]) {
-    super(...args);
-    // Ensure no circular references are added to error objects
-    Object.defineProperty(this, 'error', {
-      value: undefined,
-      writable: false,
-      enumerable: false,
-    });
-  }
-
-  toJSON() {
-    return {
-      name: this.name,
-      message: this.message,
-      stack: this.stack,
-    };
-  }
-};
+// Keep native Error; avoid global overrides to prevent cross-test flakiness.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1a31669 and 5e4132c.

📒 Files selected for processing (1)

• app/tests/web-build-render.test.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/tests/web-build-render.test.ts

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• app/tests/web-build-render.test.ts

🧠 Learnings (2)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to tests/src/**/*.{test,spec}.{ts,tsx,js,jsx} : Mock console.error in tests to avoid noisy output

Applied to files:

• app/tests/web-build-render.test.ts

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: e2e-ios

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

.github/workflows/mobile-ci.yml (2)

181-202: Remove the Force Build Dependencies step; it reintroduces build duplication and nondeterminism.

This duplicates the earlier cache-miss build, adds minutes to CI, and can mask real cache/graph issues. Prefer a single source of truth for build+types+tests via the app’s centralized script and rely on the cache-built-deps composite above.

Apply:

-      - name: Force Build Dependencies If Missing
-        run: |
-          # Force build if required files don't exist, regardless of cache status
-          if [ ! -f "packages/mobile-sdk-alpha/dist/cjs/index.cjs" ] || [ ! -f "common/dist/cjs/index.cjs" ]; then
-            echo "❌ Required dependency files missing, forcing rebuild..."
-            echo "Missing files:"
-            [ ! -f "packages/mobile-sdk-alpha/dist/cjs/index.cjs" ] && echo "  - packages/mobile-sdk-alpha/dist/cjs/index.cjs"
-            [ ! -f "common/dist/cjs/index.cjs" ] && echo "  - common/dist/cjs/index.cjs"
-            yarn workspace @selfxyz/mobile-app run build:deps
-            # Verify build completed successfully
-            if [ ! -f "packages/mobile-sdk-alpha/dist/cjs/index.cjs" ] || [ ! -f "common/dist/cjs/index.cjs" ]; then
-              echo "❌ Forced build failed - required files still missing"
-              ls -la packages/mobile-sdk-alpha/ || echo "packages/mobile-sdk-alpha not found"
-              ls -la packages/mobile-sdk-alpha/dist/ || echo "mobile-sdk-alpha dist not found"
-              ls -la common/ || echo "common not found"
-              ls -la common/dist/ || echo "common dist not found"
-              exit 1
-            fi
-            echo "✅ Forced build completed successfully"
-          else
-            echo "✅ All required dependency files exist"
-          fi

---

204-216: Use the centralized test:build script; avoid bespoke Jest/Node invocations here.

Reverting to hand-rolled test commands bypasses type checks/bundle analysis the repo expects and risks Node test runner incompatibility. Call the app’s test:build script instead and let it orchestrate everything (build presence, types, tests). This matches prior guidance.

-      - name: Test
-        run: |
-          # Final verification from app directory perspective
-          echo "Final verification before running tests (from app directory)..."
-          if [ ! -f "../packages/mobile-sdk-alpha/dist/cjs/index.cjs" ] || [ ! -f "../common/dist/cjs/index.cjs" ]; then
-            echo "❌ Dependencies still not found from app directory"
-            ls -la ../packages/mobile-sdk-alpha/dist/ || echo "mobile-sdk-alpha dist not found"
-            ls -la ../common/dist/ || echo "common dist not found"
-            exit 1
-          fi
-          echo "✅ All dependencies verified, running tests..."
-          # Run jest through yarn to avoid the build:deps step since CI already built dependencies
-          yarn jest --passWithNoTests && node --test scripts/tests/*.cjs
+      - name: Test
+        run: yarn workspace @selfxyz/mobile-app run test:build
         working-directory: ./app

Verify Node version supports the Node test runner if you insist on keeping node --test:

#!/bin/bash
set -euo pipefail
echo "Node from .nvmrc:" "$(cat .nvmrc)"
node -v
node -e "require('node:test'); console.log('node:test available')"

If this fails, stick to the centralized yarn script which abstracts runner differences.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e4132c and 3b755fa.

📒 Files selected for processing (1)

• .github/workflows/mobile-ci.yml (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/mobile-ci.yml

🧠 Learnings (10)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: After review changes, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: After addressing review feedback, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Run yarn nice, yarn types, and yarn test before commits and PRs

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify iOS build succeeds via yarn ios

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Run the app with yarn ios during development as needed

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• .github/workflows/mobile-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (1)

.github/workflows/mobile-ci.yml (1)

165-173: LGTM on post-build verification.

The explicit checks help fail fast when builds silently no-op. Keep.

[coderabbitai]

🛠️ Refactor suggestion

Replace direct cache usage with a composite cache-built-deps action (aligns with repo policy).

This block is fine for diagnostics, but the surrounding restore/save steps use actions/cache directly, which violates our workflow guideline to use shared composite caching actions from .github/actions. Please introduce a ./.github/actions/cache-built-deps composite that wraps restore/save for common/dist and packages/mobile-sdk-alpha/dist and exposes cache-hit, then consume it here and in all jobs (build-deps, test, build-ios, build-android). Do the same for Xcode caches via a cache-xcode composite to remove raw actions/cache calls.

Example composite (new file):

# .github/actions/cache-built-deps/action.yml
name: cache-built-deps
description: Cache built JS artifacts (common + mobile-sdk-alpha)
inputs:
  cache-version:
    required: true
outputs:
  cache-hit:
    value: ${{ steps.restore.outputs.cache-hit }}
runs:
  using: composite
  steps:
    - id: restore
      uses: actions/cache/restore@v4
      with:
        path: |
          common/dist
          packages/mobile-sdk-alpha/dist
        key: built-deps-${{ inputs.cache-version }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}
        fail-on-cache-miss: false
    - if: steps.restore.outputs.cache-hit != 'true'
      uses: actions/cache/save@v4
      with:
        path: |
          common/dist
          packages/mobile-sdk-alpha/dist
        key: built-deps-${{ inputs.cache-version }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}

Then replace all “Restore/Save Built Dependencies” pairs with a single:

- name: Cache Built Dependencies
  id: built-deps
  uses: ./.github/actions/cache-built-deps
  with:
    cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.NODE_VERSION_SANITIZED }}

🤖 Prompt for AI Agents

.github/workflows/mobile-ci.yml lines 149-159: current workflow uses
actions/cache directly for built JS artifacts; per repo policy, replace direct
restore/save steps with a reusable composite. Create
.github/actions/cache-built-deps (composite) that wraps actions/cache
restore/save for paths common/dist and packages/mobile-sdk-alpha/dist, accepts a
cache-version input, exposes outputs.cache-hit from the restore step, and uses
the same hashFiles key shown in the comment; create a similar
.github/actions/cache-xcode composite for Xcode caches. Then update all jobs
(build-deps, test, build-ios, build-android) to remove raw actions/cache steps
and instead call the composite via a single step with id (e.g., built-deps) and
the cache-version input set to ${{ env.GH_CACHE_VERSION }}-${{
env.NODE_VERSION_SANITIZED }}, and consume outputs.cache-hit where needed.
Ensure the composite saves only when restore reports a miss and preserve the
exact key/hash logic used today.

[coderabbitai]

Actionable comments posted: 5

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/mobile-ci.yml (2)

269-286: Replace direct Xcode caches with a shared composite (policy compliance + reuse).

Workflows should not call actions/cache directly. Introduce .github/actions/cache-xcode (restore+save; exposes cache-hit) and consume it here. Also lets you conditionally run expensive Xcode steps off cache-hit if desired.

Apply this change:

-      - name: Cache Xcode build
-        uses: actions/cache@v4
-        with:
-          path: |
-            app/ios/build
-            ~/Library/Developer/Xcode/DerivedData
-            ~/Library/Caches/com.apple.dt.Xcode
-          key: ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock', 'app/ios/OpenPassport.xcworkspace/contents.xcworkspacedata', 'app/ios/Self.xcworkspace/contents.xcworkspacedata') }}
-          restore-keys: |
-            ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}-
-            ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-
+      - name: Cache Xcode build
+        id: xcode-build-cache
+        uses: ./.github/actions/cache-xcode
+        with:
+          cache-version: ${{ env.GH_CACHE_VERSION }}-xcode${{ env.XCODE_VERSION }}
+          paths: |
+            app/ios/build
+            ~/Library/Developer/Xcode/DerivedData
+            ~/Library/Caches/com.apple.dt.Xcode
+          key-suffix: ${{ hashFiles('app/ios/Podfile.lock', 'app/ios/OpenPassport.xcworkspace/contents.xcworkspacedata', 'app/ios/Self.xcworkspace/contents.xcworkspacedata') }}

New composite (add file .github/actions/cache-xcode/action.yml):

name: cache-xcode
description: Cache Xcode build artifacts
inputs:
  cache-version:
    required: true
  paths:
    required: true
  key-suffix:
    required: true
outputs:
  cache-hit:
    value: ${{ steps.restore.outputs.cache-hit }}
runs:
  using: composite
  steps:
    - id: restore
      uses: actions/cache/restore@v4
      with:
        path: ${{ inputs.paths }}
        key: xcode-${{ inputs.cache-version }}-${{ inputs.key-suffix }}
        fail-on-cache-miss: false
    - if: steps.restore.outputs.cache-hit != 'true'
      uses: actions/cache/save@v4
      with:
        path: ${{ inputs.paths }}
        key: xcode-${{ inputs.cache-version }}-${{ inputs.key-suffix }}

---

280-286: Apply the same composite to the Xcode index cache.

Consolidate under cache-xcode for consistency and to access cache-hit in downstream steps.

-      - name: Cache Xcode Index
-        uses: actions/cache@v4
-        with:
-          path: app/ios/build/Index.noindex
-          key: ${{ runner.os }}-xcode-index-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-xcode-index-${{ env.XCODE_VERSION }}-
+      - name: Cache Xcode Index
+        id: xcode-index-cache
+        uses: ./.github/actions/cache-xcode
+        with:
+          cache-version: ${{ env.GH_CACHE_VERSION }}-xcode${{ env.XCODE_VERSION }}
+          paths: app/ios/build/Index.noindex
+          key-suffix: ${{ hashFiles('app/ios/Podfile.lock') }}

🧹 Nitpick comments (3)

.github/workflows/mobile-ci.yml (2)

129-144: Debug step is fine; keep it temporary.

The extra introspection is useful while stabilizing the new cache flow. Please plan to remove once flakes are resolved to keep CI lean.

---

93-94: Runner choice: consider ubuntu for the test job to cut macOS costs/queue times.

If no iOS or mac-specific tooling is required in “test”, switching to ubuntu-latest typically saves minutes per run.

-  test:
-    runs-on: macos-latest-large
+  test:
+    runs-on: ubuntu-latest

app/.eslintrc.cjs (1)

41-52: ESLint TS resolver extensions LGTM.

This unblocks platform-specific resolution (.web/.native/.ios/.android) and prevents false “unresolved” errors after removing lazy loading.

Given lazy loading removal, please watch initial bundle size and TTI on low-end devices. Consider prefetching critical screens and keeping non-critical ones split if startup regresses.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0530864 and 8a64eda.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (8)

• .github/actions/cache-built-deps/action.yml (1 hunks)
• .github/workflows/mobile-ci.yml (4 hunks)
• app/.eslintrc.cjs (1 hunks)
• app/package.json (2 hunks)
• app/src/components/homeScreen/SvgXmlWrapper.native.tsx (1 hunks)
• app/src/components/homeScreen/SvgXmlWrapper.ts (1 hunks)
• app/src/components/homeScreen/SvgXmlWrapper.web.tsx (1 hunks)
• app/src/mocks/react-native-community-blur.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

app/package.json

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Files:

• app/package.json

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/components/homeScreen/SvgXmlWrapper.ts
• app/src/components/homeScreen/SvgXmlWrapper.web.tsx
• app/src/components/homeScreen/SvgXmlWrapper.native.tsx
• app/src/mocks/react-native-community-blur.ts

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/components/homeScreen/SvgXmlWrapper.ts
• app/src/components/homeScreen/SvgXmlWrapper.web.tsx
• app/src/components/homeScreen/SvgXmlWrapper.native.tsx
• app/src/mocks/react-native-community-blur.ts

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/mobile-ci.yml

🧠 Learnings (17)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Follow ESLint TypeScript-specific rules

Applied to files:

• app/.eslintrc.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Use strict TypeScript type checking across the codebase

Applied to files:

• app/.eslintrc.cjs

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/*.{ios.ts,ios.tsx,android.ts,android.tsx} : Use platform-specific files (.ios.tsx/.android.tsx etc.) for differing implementations

Applied to files:

• app/.eslintrc.cjs
• app/src/components/homeScreen/SvgXmlWrapper.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/types/**/*.{ts,tsx} : Place type definitions in @/types

Applied to files:

• app/.eslintrc.cjs

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)

Applied to files:

• .github/actions/cache-built-deps/action.yml
• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Applied to files:

• .github/actions/cache-built-deps/action.yml
• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: After review changes, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: After addressing review feedback, re-run yarn nice, yarn test, yarn types

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Run yarn nice, yarn types, and yarn test before commits and PRs

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Do not call actions/cache directly; rely on the shared composite caching actions

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify iOS build succeeds via yarn ios

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before committing, run repository checks (yarn nice, yarn lint, yarn build, contracts build, yarn types)

Applied to files:

• .github/workflows/mobile-ci.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn build succeeds for all workspaces

Applied to files:

• .github/workflows/mobile-ci.yml

🧬 Code graph analysis (2)

app/src/components/homeScreen/SvgXmlWrapper.web.tsx (1)

app/src/components/homeScreen/SvgXmlWrapper.native.tsx (1)

• SvgXml (16-18)

app/src/components/homeScreen/SvgXmlWrapper.native.tsx (1)

app/src/components/homeScreen/SvgXmlWrapper.web.tsx (1)

• SvgXml (15-34)

🪛 GitHub Check: build-deps

app/src/components/homeScreen/SvgXmlWrapper.ts

[failure] 14-14:
A require() style import is forbidden

---

[failure] 10-10:
A require() style import is forbidden

app/src/components/homeScreen/SvgXmlWrapper.web.tsx

[warning] 5-5:
Using exported name 'DOMPurify' as identifier for default import

🪛 GitHub Actions: Mobile CI

app/src/components/homeScreen/SvgXmlWrapper.ts

[error] 10-10: ESLint: '@typescript-eslint/no-require-imports' - A 'require()' style import is forbidden.

🪛 ast-grep (0.38.6)

app/src/components/homeScreen/SvgXmlWrapper.web.tsx

[warning] 29-29: Usage of dangerouslySetInnerHTML detected. This bypasses React's built-in XSS protection. Always sanitize HTML content using libraries like DOMPurify before injecting it into the DOM to prevent XSS attacks.
Context: dangerouslySetInnerHTML
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
- https://cwe.mitre.org/data/definitions/79.html

(react-unsafe-html-injection)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: e2e-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android

🔇 Additional comments (4)

.github/actions/cache-built-deps/action.yml (1)

1-31: Composite cache for built artifacts looks solid.

• Correct use of restore/save split with a strict key and dist exclusions.
• Clear API (cache-version input, cache-hit output) for workflow consumers.

No blockers.

.github/workflows/mobile-ci.yml (2)

72-79: Good adoption of the cache-built-deps composite.

You replaced raw cache steps with the shared composite and wired cache-version correctly. This aligns with repo policy and reduces duplication.

---

180-192: Remove unnecessary Node version guard. .nvmrc pins Node to 22.x and CI’s setup-node steps load it, so Node ≥ 20 is guaranteed and node --test is safe.

app/src/mocks/react-native-community-blur.ts (1)

14-33: Web BlurView mock looks good and fixes pointerEvents propagation.

Props are filtered and pointerEvents applied via CSS, avoiding click-blocking overlays on web.

[coderabbitai]

🛠️ Refactor suggestion

NDK cache should use a composite and gate installation on cache-hit.

Direct actions/cache calls violate policy and always running sdkmanager wastes minutes. Wrap NDK caching in a composite that exposes cache-hit, then install only on miss.

-      - name: Cache NDK
-        uses: actions/cache@v4
-        with:
-          path: ${{ env.ANDROID_HOME }}/ndk/${{ env.ANDROID_NDK_VERSION }}
-          key: ${{ runner.os }}-ndk-${{ env.ANDROID_NDK_VERSION }}
-      - name: Install NDK
-        run: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"
+      - name: Cache NDK
+        id: ndk-cache
+        uses: ./.github/actions/cache-ndk
+        with:
+          cache-version: ${{ env.GH_CACHE_VERSION }}-ndk${{ env.ANDROID_NDK_VERSION }}
+          ndk-path: ${{ env.ANDROID_HOME }}/ndk/${{ env.ANDROID_NDK_VERSION }}
+      - name: Install NDK (cache miss)
+        if: steps.ndk-cache.outputs.cache-hit != 'true'
+        run: sdkmanager "ndk;${{ env.ANDROID_NDK_VERSION }}"

New composite (add file .github/actions/cache-ndk/action.yml):

name: cache-ndk
description: Cache Android NDK
inputs:
  cache-version:
    required: true
  ndk-path:
    required: true
outputs:
  cache-hit:
    value: ${{ steps.restore.outputs.cache-hit }}
runs:
  using: composite
  steps:
    - id: restore
      uses: actions/cache/restore@v4
      with:
        path: ${{ inputs.ndk-path }}
        key: ndk-${{ inputs.cache-version }}
        fail-on-cache-miss: false
    - if: steps.restore.outputs.cache-hit != 'true'
      uses: actions/cache/save@v4
      with:
        path: ${{ inputs.ndk-path }}
        key: ndk-${{ inputs.cache-version }}

[coderabbitai]

⚠️ Potential issue

Move dompurify to dependencies (runtime), keep @types in devDeps.

The web SvgXml wrapper imports dompurify at runtime. Having it in devDependencies risks missing module errors in production web builds and CI. @types/dompurify can stay in devDependencies.

Apply:

--- a/app/package.json
+++ b/app/package.json
@@
   "dependencies": {
@@
+    "dompurify": "^3.2.6",
@@
   },
   "devDependencies": {
@@
-    "dompurify": "^3.2.6",
@@
   }

Also applies to: 174-174

🤖 Prompt for AI Agents

In app/package.json around lines 160 and 174, dompurify is currently listed
under devDependencies while @types/dompurify should remain in devDependencies;
move the runtime dependency "dompurify" from devDependencies to dependencies
(keeping "@types/dompurify" in devDependencies) so the module is available in
production and CI builds, updating the package.json accordingly and ensuring
version string is preserved.

[coderabbitai]

⚠️ Potential issue

Dynamic require violates lint and is unnecessary; rely on platform file resolution.

Metro/Vite can pick SvgXmlWrapper.native.tsx / SvgXmlWrapper.web.tsx automatically. This file introduces forbidden require() and breaks CI.

Recommended:

• Delete this file and import from '@/components/homeScreen/SvgXmlWrapper' everywhere; bundlers will resolve to the platform variant.
• If you must keep it temporarily, disable the rule locally to unblock CI (not preferred):

@@
-// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
 // SPDX-License-Identifier: BUSL-1.1
 // NOTE: Converts to Apache-2.0 on 2029-06-11 per LICENSE.
 
+/* eslint-disable @typescript-eslint/no-require-imports */

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Platform-specific dynamic import
	if (Platform.OS === 'web') {
	// Web platform - use DOMPurify sanitized version
	const webModule = require('@/components/homeScreen/SvgXmlWrapper.web');
	module.exports = webModule;
	} else {
	// Native platforms - use react-native-svg directly
	const nativeModule = require('@/components/homeScreen/SvgXmlWrapper.native');
	module.exports = nativeModule;
	}
	// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
	// SPDX-License-Identifier: BUSL-1.1
	// NOTE: Converts to Apache-2.0 on 2029-06-11 per LICENSE.
	/* eslint-disable @typescript-eslint/no-require-imports */
	// Platform-specific dynamic import
	if (Platform.OS === 'web') {
	// Web platform - use DOMPurify sanitized version
	const webModule = require('@/components/homeScreen/SvgXmlWrapper.web');
	module.exports = webModule;
	} else {
	// Native platforms - use react-native-svg directly
	const nativeModule = require('@/components/homeScreen/SvgXmlWrapper.native');
	module.exports = nativeModule;
	}

🧰 Tools

🪛 GitHub Check: build-deps

[failure] 14-14:
A require() style import is forbidden

---

[failure] 10-10:
A require() style import is forbidden

🪛 GitHub Actions: Mobile CI

[error] 10-10: ESLint: '@typescript-eslint/no-require-imports' - A 'require()' style import is forbidden.

🤖 Prompt for AI Agents

In app/src/components/homeScreen/SvgXmlWrapper.ts around lines 7 to 16, this
platform-switching file uses dynamic require() which violates lint rules and is
unnecessary because the bundler resolves SvgXmlWrapper.web/native automatically;
remove this file and update all imports to import from
'@/components/homeScreen/SvgXmlWrapper' (no extension) so Metro/Vite will pick
the correct platform file, then run lint/CI to confirm fixes; if you cannot
remove it immediately, as a short-lived fallback add a top-of-file
eslint-disable for the specific rule and a TODO to delete it once all imports
are updated (preferred: delete).

[coderabbitai]

⚠️ Potential issue

Guard DOMPurify factory for SSR/test environments and avoid re-instantiation.

DOMPurify(window) will throw if window is undefined (SSR, some tests). Add a guard and memoize the instance per mount.

Apply:

-import DOMPurify from 'dompurify';
-import React, { createElement, forwardRef } from 'react';
+import createDOMPurify from 'dompurify';
+import React, { createElement, forwardRef, useMemo } from 'react';
@@
-export const SvgXml = forwardRef<HTMLDivElement, Props>(
-  ({ xml, width, height, style, ...props }, ref) => {
-    // Initialize DOMPurify for web browser environment
-    const purify = DOMPurify(window);
-    const safe = purify.sanitize(xml, {
+export const SvgXml = forwardRef<HTMLDivElement, Props>(
+  ({ xml, width, height, style, ...props }, ref) => {
+    const purify = useMemo(
+      () => (typeof window !== 'undefined' ? createDOMPurify(window) : null),
+      [],
+    );
+    const safe = purify?.sanitize(xml, {
       USE_PROFILES: { svg: true, svgFilters: true },
-    });
+    }) ?? '';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const SvgXml = forwardRef<HTMLDivElement, Props>(
	({ xml, width, height, style, ...props }, ref) => {
	// Initialize DOMPurify for web browser environment
	const purify = DOMPurify(window);
	const safe = purify.sanitize(xml, {
	USE_PROFILES: { svg: true, svgFilters: true },
	});
	// Before:
	-import DOMPurify from 'dompurify';
	import createDOMPurify from 'dompurify';
	import React, { createElement, forwardRef, useMemo } from 'react';
	export const SvgXml = forwardRef<HTMLDivElement, Props>(
	- ({ xml, width, height, style, ...props }, ref) => {
	- // Initialize DOMPurify for web browser environment
	- const purify = DOMPurify(window);
	({ xml, width, height, style, ...props }, ref) => {
	// Guard for SSR/test and memoize to avoid re-instantiation
	const purify = useMemo(
	() => (typeof window !== 'undefined' ? createDOMPurify(window) : null),
	[],
	);
	const safe = purify?.sanitize(xml, {
	USE_PROFILES: { svg: true, svgFilters: true },
	}) ?? '';
	// …rest of rendering logic…
	}
	);

🤖 Prompt for AI Agents

In app/src/components/homeScreen/SvgXmlWrapper.web.tsx around lines 15 to 21,
calling DOMPurify(window) unguarded will throw in SSR/tests where window is
undefined and currently re-instantiates on every render; fix by checking for
typeof window !== "undefined" before calling DOMPurify and creating a single
memoized instance (use useMemo or useRef to create it once per mount), and fall
back to a no-op sanitizer when DOMPurify or window is unavailable; then use that
memoized sanitizer to call sanitize(xml, { USE_PROFILES: { svg: true,
svgFilters: true } }).

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa1ed33 and da1c094.

📒 Files selected for processing (1)

• app/src/components/homeScreen/SvgXmlWrapper.native.tsx (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/components/homeScreen/SvgXmlWrapper.native.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/components/homeScreen/SvgXmlWrapper.native.tsx

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

🧬 Code graph analysis (1)

app/src/components/homeScreen/SvgXmlWrapper.native.tsx (1)

app/src/components/homeScreen/SvgXmlWrapper.web.tsx (1)

• SvgXml (15-34)

🪛 GitHub Check: build-deps

app/src/components/homeScreen/SvgXmlWrapper.native.tsx

[warning] 16-16:
Unexpected any. Specify a different type

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: e2e-ios

[coderabbitai]

🛠️ Refactor suggestion

Fix ref forwarding and remove the any generic.

The wrapper declares forwardRef but drops the ref and uses any, which will break ref consumers and fail lint (“Unexpected any”). Forward the ref to RNSvgXml and type it.

Preferred patch:

-import React, { forwardRef } from 'react';
+import React, { forwardRef } from 'react';
+import type { ElementRef } from 'react';
@@
-export const SvgXml = forwardRef<any, Props>((p, _ref) => <RNSvgXml {...p} />);
+export const SvgXml = forwardRef<ElementRef<typeof RNSvgXml>, Props>(
+  (props, ref) => <RNSvgXml ref={ref} {...props} />
+);

If react-native-svg’s SvgXml doesn’t support refs in your version, drop forwardRef entirely to avoid confusion:

-import React, { forwardRef } from 'react';
+import React from 'react';
@@
-export const SvgXml = forwardRef<any, Props>((p, _ref) => <RNSvgXml {...p} />);
+export const SvgXml = (props: Props) => <RNSvgXml {...props} />;

To double-check impact, scan for ref usage on this component:

#!/bin/bash
# Find call sites that pass a ref to SvgXml wrapper
rg -nP --type=tsx -C2 '<SvgXml[^>]*\bref=' app

Also applies to: 16-18

🤖 Prompt for AI Agents

In app/src/components/homeScreen/SvgXmlWrapper.native.tsx lines 5-8 (also apply
same change at 16-18): the component declares forwardRef but drops the ref and
uses the `any` generic; update the wrapper to forward the ref through to
RNSvgXml and remove `any` by typing the ref properly (e.g. use React.Ref or
React.ComponentRef with typeof RNSvgXml and appropriate props types) so
consumers receive a correctly typed ref; if your version of react-native-svg
doesn’t expose refs for SvgXml, remove forwardRef entirely to avoid lying about
support.

[coderabbitai]

🛠️ Refactor suggestion

Allow string dimensions to prevent layout breakage.

react-native-svg and RN styles accept number | string (e.g., '100%'). Restricting to number risks runtime issues where percentages are expected.

 type Props = {
   xml: string;
-  width?: number;
-  height?: number;
+  width?: number | string;
+  height?: number | string;
   style?: StyleProp<ViewStyle>;
 };

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	type Props = {
	xml: string;
	width?: number;
	height?: number;
	style?: StyleProp<ViewStyle>;
	};
	type Props = {
	xml: string;
	width?: number | string;
	height?: number | string;
	style?: StyleProp<ViewStyle>;
	};

🤖 Prompt for AI Agents

In app/src/components/homeScreen/SvgXmlWrapper.native.tsx around lines 9 to 14,
the Props type currently restricts width and height to number which breaks cases
where percentages (e.g., '100%') are used; update the Props to allow number |
string for width and height, and ensure any places that pass these props to
react-native-svg or View style accept string values (cast or forward the values
unchanged) so percentage dimensions work without runtime errors.

[transphorm]

@seshanthS cursor said this was blocking building when using the workspace vs file flow

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.yarnrc.yml (1)

2-2: Avoid “zero-installs” ambiguity; align repo and docs with global cache strategy.

If .yarn/cache was previously committed (zero-installs), global cache changes that model. Remove stale cached artifacts from the repo, update .gitignore, and adjust contributor/docs so local/CI installs rely on the global cache consistently.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f3fee6f and 6180c10.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (5)

• .yarnrc.yml (1 hunks)
• app/android/app/src/main/java/com/proofofpassportapp/MainActivity.kt (0 hunks)
• app/android/app/src/main/java/com/proofofpassportapp/MainApplication.kt (0 hunks)
• app/package.json (2 hunks)
• packages/mobile-sdk-alpha/react-native.config.cjs (1 hunks)

💤 Files with no reviewable changes (2)

• app/android/app/src/main/java/com/proofofpassportapp/MainApplication.kt
• app/android/app/src/main/java/com/proofofpassportapp/MainActivity.kt

🚧 Files skipped from review as they are similar to previous changes (1)

• app/package.json

🧰 Additional context used

🧠 Learnings (13)

📓 Common learnings

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Ensure package exports are properly configured

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Enable tree shaking for the SDK (e.g., ensure 'sideEffects' is correctly set in package.json and exports are ESM-friendly)

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Avoid introducing circular dependencies

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/src/index.ts : Re-export new SDK modules via packages/mobile-sdk-alpha/src/index.ts

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-25T14:25:57.586Z

Learnt from: aaronmgdr
PR: selfxyz/self#951
File: app/src/providers/authProvider.web.tsx:17-18
Timestamp: 2025-08-25T14:25:57.586Z
Learning: The selfxyz/mobile-sdk-alpha/constants/analytics import path is properly configured with SDK exports, Metro aliases, and TypeScript resolution. Import changes from @/consts/analytics to this path are part of valid analytics migration, not TypeScript resolution issues.

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/demo/** : Provide an in-SDK lightweight React Native demo under packages/mobile-sdk-alpha/demo/

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Update the app to consume the mobile-sdk-alpha package and replace local modules with SDK imports

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/README.md : Document new/updated SDK modules and usage in packages/mobile-sdk-alpha/README.md

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Verify package conditions are valid (e.g., exports conditions)

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

📚 Learning: 2025-08-24T18:55:07.940Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Applies to package.json : Distribute the SDK via npm/yarn with proper package metadata

Applied to files:

• packages/mobile-sdk-alpha/react-native.config.cjs

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-android
• GitHub Check: test
• GitHub Check: build-ios
• GitHub Check: e2e-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android

🔇 Additional comments (4)

.yarnrc.yml (1)

2-2: Good call for faster installs; ensure CI actually caches Yarn’s global cache.

With enableGlobalCache: true + nodeLinker: node-modules, installs can be much faster, but only if the global cache path is restored between CI runs. Please confirm your workflows set and cache YARN_CACHE_FOLDER (or Yarn’s default global cache directory) per job/runner to avoid redownloads and cross-runner contamination.

Example GitHub Actions snippet:

env:
  YARN_CACHE_FOLDER: .yarn/_global-cache

steps:
  - uses: actions/checkout@v4
  - uses: actions/cache@v4
    with:
      path: .yarn/_global-cache
      key: yarn-global-${{ runner.os }}-${{ hashFiles('**/yarn.lock') }}
      restore-keys: |
        yarn-global-${{ runner.os }}-
  - run: corepack enable && yarn -v && yarn install --immutable

packages/mobile-sdk-alpha/react-native.config.cjs (3)

9-11: iOS configuration paths are valid. Verified existence of packages/mobile-sdk-alpha/mobile-sdk-alpha.podspec and packages/mobile-sdk-alpha/ios.

---

13-16: Confirm correct Android package path Verified that com.selfxyz.selfSDK matches the package declaration in RNSelfPassportReaderPackage.kt and the AndroidManifest.xml is present; no update needed.

---

6-20: Manual Verification Required: Confirm SDK Autolinking Post-Migration

Open app/rnconfig.json (via npx react-native config) and ensure there’s an entry for "mobile-sdk-alpha" under dependencies with non-null values for:

• platforms.ios.podspecPath
• platforms.android.packageImportPath

If the SDK isn’t listed or those fields are empty, either revert to the previous dependencies shape or upgrade the React Native CLI (e.g. add "@react-native-community/cli": "latest" to your app’s devDependencies).