Skip to content

Merge dev into staging; 09/25/25 #1131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 0 commits into from
Sep 29, 2025
Merged

Merge dev into staging; 09/25/25 #1131

merged 0 commits into from
Sep 29, 2025

Conversation

@transphorm
Copy link
Member

@transphorm transphorm commented Sep 26, 2025
edited by coderabbitai bot
Loading

ok it seems like we have some merge conflicts due to the previous squash merge commits. in order to get this branch up to speed, claude recommends the following

# 1. Switch to staging branch
git checkout staging

# 2. Reset staging to exactly match dev
git reset --hard dev

# 3. Force push (--force-with-lease is safer than --force)
git push --force-with-lease origin staging

Summary by CodeRabbit

  • New Features

    • Added an Android photo picker activity.

  • Refactor

    • Removed legacy NFC/passport reading UI and related passport verification components from the Android app.

  • Documentation

    • Added package management guidance (Yarn only); removed outdated NFC implementation links and app docs.

  • Chores

    • Upgraded Android toolchain (NDK bump, Java/Kotlin 17) and packaging; bumped app version to 2.6.8 (code 102).
    • CI/workflow improvements, fork-safe private-module handling, and updated ignore/secret-scan settings.
    • Updated app scripts and dependency set.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 26, 2025
edited
Loading

Walkthrough

Removes the legacy Android passport-reader module and its resources, deletes a technical-spec doc, updates app build settings (Java/Kotlin/NDK/version bumps), adds a composite action to clone a private android-passport-nfc-reader, and broad CI/workflow, ignore, and packaging changes across multiple GitHub Actions and repo configs.

Changes

Cohort / File(s) Summary
Legacy Android passport reader removal
app/android/android-passport-reader/**, app/android/android-passport-reader/app/**, app/android/android-passport-reader/build.gradle, app/android/android-passport-reader/settings.gradle, app/android/android-passport-reader/gradlew*		 Deletes the entire legacy passport-reader module: activities, fragments, models, ML/NFC/JMRTD utilities, image/certificate helpers, layouts, drawables, fonts, resources, tests, Gradle wrapper and build/config files.
Android app build config
app/android/app/build.gradle, app/android/app/src/main/AndroidManifest.xml, app/package.json, app/ios/OpenPassport/Info.plist, app/ios/Self.xcodeproj/...		 Bump app versionCode/versionName and iOS CFBundleShortVersionString; set Java/Kotlin toolchain/jvmTarget to 17; add cmake linker arg; adjust packagingOptions/jniLibs and resources excludes; add PhotoPickerActivity and GMS ModuleDependencies service; update package.json scripts and dependencies.
CI workflows & mobile actions
.github/workflows/mobile-ci.yml, .github/workflows/mobile-deploy.yml, .github/workflows/mobile-e2e.yml, .github/workflows/mobile-bundle-analysis.yml, .github/workflows/mobile-sdk-demo-ci.yml, .github/workflows/npm-publish.yml, .github/workflows/workspace-ci.yml		 Add job timeouts and NDK bumps; change macOS runners to macos-latest-large; split installs for forks vs main with secret handling; add clone step for private android-passport-nfc-reader; add workspace build/type-check/lint jobs; extend npm publish detection for contracts/qrcode-angular; adjust demo CI paths and topological build step.
New composite clone action
.github/actions/clone-android-passport-nfc-reader/action.yml		 New composite GitHub Action to conditionally clone private android-passport-nfc-reader using a PAT, handle existing directories (CI vs local), and scrub credentials by resetting remote URL.
Mobile setup composite action
.github/actions/mobile-setup/action.yml		 Simplifies install step to a single yarn command and adds Ruby bundler install with strict lockfile validation and surfaced errors for Gemfile.lock mismatches.
Repo ignore, leak & cursor rules
.gitignore, .gitleaks.toml, .gitguardian.yml, .cursorignore, .cursorrules, .yarnrc.yml`		 Ignore private android module dir, add gitleaks allowlists for mock certs, rename/reshape GitGuardian ignore/paths-ignore keys, refine cursor ignore rules with explicit exception for setup-private-modules.cjs, remove NFC block from .cursorrules, set yarn nmHoistingLimits: workspaces.
Docs & miscellaneous
.cursor/rules/technical-specification.mdc, README.md, AGENTS.md, app/AGENTS.md, app/README.md, AGENTS.md		 Delete the technical specification file and NFC doc links; remove NFC checklist items; add Yarn package management note and update NDK references in docs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor CI as GitHub Actions Runner
  participant Action as clone-android-passport-nfc-reader
  participant GH as Private Repo
  participant FS as Filesystem

  CI->>Action: invoke(workdir, selfxyz_internal_pat)
  alt no PAT provided
    Action-->>CI: skip cloning (fork / no PAT)
  else PAT provided
    Action->>FS: cd workdir
    Action->>FS: test -d android/android-passport-nfc-reader
    alt directory missing
      Action->>GH: git clone https://<PAT>@github.com/selfxyz/android-passport-nfc-reader.git
      GH-->>Action: repo contents
      Action->>FS: git remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git (scrub PAT)
      Action-->>CI: success
    else directory exists
      alt CI environment
        Action-->>CI: warn and list contents
      else local
        Action-->>CI: preserve existing directory
      end
    end
  end
Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

Suggested reviewers

  • aaronmgdr
  • remicolin

Poem

Old camera frames and NFC tales unwind,
A private clone sails in—credentials left behind.
CI grows broader, toolchains set to seventeen,
The repo sheds an old module, neat and clean.
New flows hum; version numbers green. 🎉

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly describes the primary operation of this pull request—merging the dev branch into staging—and does so in a clear, concise manner that directly reflects the main change without introducing unrelated details or vague terminology.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dev

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

  • Public repositories are always opted into early access features.
  • You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@gitguardian
Copy link

gitguardian bot commented Sep 26, 2025
edited
Loading

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
21022104 Triggered Generic Private Key 2df4dc4 common/src/mock_certificates/aadhaar/mockAadhaarCert.ts View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (3)
.github/workflows/workspace-ci.yml (2)

23-31: Consider parameterizing cache-version for easier invalidation.

The static cache-version: v1 works but could be enhanced using environment variables (e.g., ${{ env.GH_CACHE_VERSION }}) to allow easier cache invalidation across all workflows without editing multiple files.

As per coding guidelines.

16-101: Jobs rebuild independently - consider optimization.

All three active jobs (workspace-build, workspace-type-check, workspace-lint) independently run yarn build. While this ensures isolation, it triples build time. Consider using needs: [workspace-build] and uploading/downloading build artifacts if build time is significant.

app/android/app/build.gradle (1)

229-230: Remove unnecessary androidx.activity-ktx dependency.

The androidx.activity:activity:1.9.3 dependency is required for PhotoPickerActivity which uses registerForActivityResult and ActivityResultContracts. However, androidx.activity:activity-ktx:1.9.3 provides Kotlin extensions (like viewModels() delegate) that are not used in the codebase.

Consider removing the -ktx variant:

implementation "androidx.activity:activity:1.9.3"
-implementation "androidx.activity:activity-ktx:1.9.3"

This reduces dependency bloat without affecting functionality.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4cf5b5f and a826c71.

⛔ Files ignored due to path filters (26)
  • app/Gemfile.lock is excluded by !**/*.lock
  • app/android/android-passport-reader/app/libs/jj2000_imageutil.jar is excluded by !**/*.jar
  • app/android/android-passport-reader/app/src/main/res/font/roboto_bold.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/font/roboto_bold_italic.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/font/roboto_italic.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/font/roboto_medium.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/font/roboto_medium_italic.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/font/roboto_regular.ttf is excluded by !**/*.ttf
  • app/android/android-passport-reader/app/src/main/res/mipmap-hdpi/ic_launcher.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-hdpi/ic_launcher_round.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-mdpi/ic_launcher.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-mdpi/ic_launcher_round.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xhdpi/ic_launcher.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xhdpi/ic_launcher_round.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xxhdpi/ic_launcher.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xxhdpi/ic_launcher_round.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png is excluded by !**/*.png
  • app/android/android-passport-reader/app/src/main/res/mipmap-xxxhdpi/ic_launcher_round.png is excluded by !**/*.png
  • app/android/android-passport-reader/examples/passport_ireland.jpg is excluded by !**/*.jpg
  • app/android/android-passport-reader/gradle/wrapper/gradle-wrapper.jar is excluded by !**/*.jar
  • app/ios/Podfile.lock is excluded by !**/*.lock
  • app/src/images/512w.png is excluded by !**/*.png
  • app/src/images/blue_check.svg is excluded by !**/*.svg
  • app/src/images/icons/aadhaar.svg is excluded by !**/*.svg
  • app/src/images/warning.svg is excluded by !**/*.svg
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (107)
  • .cursor/rules/technical-specification.mdc (0 hunks)
  • .cursorignore (3 hunks)
  • .cursorrules (0 hunks)
  • .gitguardian.yml (2 hunks)
  • .github/actions/clone-android-passport-nfc-reader/action.yml (1 hunks)
  • .github/actions/mobile-setup/action.yml (1 hunks)
  • .github/workflows/mobile-bundle-analysis.yml (2 hunks)
  • .github/workflows/mobile-ci.yml (6 hunks)
  • .github/workflows/mobile-deploy.yml (4 hunks)
  • .github/workflows/mobile-e2e.yml (7 hunks)
  • .github/workflows/mobile-sdk-demo-ci.yml (2 hunks)
  • .github/workflows/npm-publish.yml (5 hunks)
  • .github/workflows/workspace-ci.yml (1 hunks)
  • .gitignore (1 hunks)
  • .gitleaks.toml (1 hunks)
  • .yarnrc.yml (1 hunks)
  • AGENTS.md (1 hunks)
  • README.md (0 hunks)
  • app/AGENTS.md (0 hunks)
  • app/README.md (3 hunks)
  • app/android/android-passport-reader/.gitignore (0 hunks)
  • app/android/android-passport-reader/README.md (0 hunks)
  • app/android/android-passport-reader/app/.gitignore (0 hunks)
  • app/android/android-passport-reader/app/build.gradle (0 hunks)
  • app/android/android-passport-reader/app/proguard-rules.pro (0 hunks)
  • app/android/android-passport-reader/app/src/androidTest/java/example/jllarraz/com/passportreader/ExampleInstrumentedTest.java (0 hunks)
  • app/android/android-passport-reader/app/src/main/AndroidManifest.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/assets/tessdata/eng.user-patterns (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/common/IntentData.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/common/PreferencesKeys.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/AdditionalDocumentDetails.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/AdditionalPersonDetails.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/Passport.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/PersonDetails.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/FrameMetadata.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/GraphicOverlay.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/OcrMrzDetectorProcessor.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/VisionImageProcessor.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/VisionProcessorBase.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/network/MasterListApi.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/network/MasterListService.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/CameraActivity.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/NfcActivity.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/SelectionActivity.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/CameraFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/CameraMLKitFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/NfcFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/PassportDetailsFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/PassportPhotoFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/SelectionFragment.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/validators/DateRule.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/validators/DocumentNumberRule.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/views/TouchImageView.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/EACCredentials.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/ImageUtil.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/KeyStoreUtils.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/MRZUtil.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/NFCDocumentTag.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/OcrUtils.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/PassportNFC.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/PassportNfcUtils.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/StringUtils.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/FeatureStatus.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/JMRTDSecurityProvider.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/MRTDTrustStore.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/VerificationStatus.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/CSCAMasterList.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/KeyStoreCertStoreParameters.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/KeyStoreCertStoreSpi.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/PKDCertStoreParameters.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/PKDMasterListCertStoreParameters.kt (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable-v24/ic_launcher_foreground.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_check_circle_outline.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_close_circle_outline.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_help_circle_outline.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_launcher_background.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_passport.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_person.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_border.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_left.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_right.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_text_color.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/font/bold.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/font/medium.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/font/regular.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/activity_camera.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/activity_nfc.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/activity_photo.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_camera_mrz.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_nfc.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_passport_details.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_photo.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_selection.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/values/colors.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/values/dimens.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/values/strings.xml (0 hunks)
  • app/android/android-passport-reader/app/src/main/res/values/styles.xml (0 hunks)
  • app/android/android-passport-reader/app/src/test/java/example/jllarraz/com/passportreader/ExampleUnitTest.java (0 hunks)
  • app/android/android-passport-reader/build.gradle (0 hunks)
  • app/android/android-passport-reader/gradle.properties (0 hunks)
  • app/android/android-passport-reader/gradlew (0 hunks)
  • app/android/android-passport-reader/gradlew.bat (0 hunks)
  • app/android/android-passport-reader/settings.gradle (0 hunks)
  • app/android/app/build.gradle (4 hunks)
  • app/android/app/src/main/AndroidManifest.xml (2 hunks)
⛔ Files not processed due to max files limit (67)
  • app/android/app/src/main/java/com/proofofpassportapp/PhotoPickerActivity.java
  • app/android/app/src/main/java/com/proofofpassportapp/QRCodeScannerModule.java
  • app/android/app/src/main/java/com/proofofpassportapp/QRCodeScannerPackage.java
  • app/android/app/src/main/java/com/proofofpassportapp/utils/QrCodeDetectorProcessor.kt
  • app/android/app/src/main/res/values/styles.xml
  • app/android/build.gradle
  • app/android/gradle/wrapper/gradle-wrapper.properties
  • app/android/react-native-passport-reader/android/build.gradle
  • app/android/settings.gradle
  • app/declarations.d.ts
  • app/docs/MOBILE_DEPLOYMENT.md
  • app/fastlane/README.md
  • app/ios/OpenPassport/Info.plist
  • app/ios/PhotoLibraryQRScannerViewController.swift
  • app/ios/Podfile
  • app/ios/QRScannerBridge.m
  • app/ios/QRScannerBridge.swift
  • app/ios/Self.xcodeproj/project.pbxproj
  • app/jest.config.cjs
  • app/jest.setup.js
  • app/metro.config.cjs
  • app/package.json
  • app/scripts/cleanup-private-modules.cjs
  • app/scripts/mobile-ci-build-android.sh
  • app/scripts/setup-private-modules.cjs
  • app/src/Sentry.ts
  • app/src/components/ButtonsContainer.tsx
  • app/src/components/NavBar/AadhaarNavBar.tsx
  • app/src/components/NavBar/HomeNavBar.tsx
  • app/src/components/NavBar/IdDetailsNavBar.tsx
  • app/src/components/buttons/AbstractButton.tsx
  • app/src/components/homeScreen/idCard.tsx
  • app/src/components/typography/Additional.tsx
  • app/src/components/typography/Description.tsx
  • app/src/hooks/useAesopRedesign.ts
  • app/src/hooks/useMockDataForm.ts
  • app/src/mocks/nfcScanner.ts
  • app/src/mocks/react-native-svg.ts
  • app/src/navigation/aesop.ts
  • app/src/navigation/home.ts
  • app/src/navigation/index.tsx
  • app/src/providers/passportDataProvider.tsx
  • app/src/providers/selfClientProvider.tsx
  • app/src/screens/aesop/DocumentOnboardingScreen.tsx
  • app/src/screens/dev/CreateMockScreen.tsx
  • app/src/screens/dev/DevSettingsScreen.tsx
  • app/src/screens/document/DocumentNFCScanScreen.tsx
  • app/src/screens/document/DocumentNFCScanScreen.web.tsx
  • app/src/screens/document/DocumentNFCTroubleScreen.tsx
  • app/src/screens/document/aadhaar/AadhaarUploadErrorScreen.tsx
  • app/src/screens/document/aadhaar/AadhaarUploadScreen.tsx
  • app/src/screens/document/aadhaar/AadhaarUploadedSuccessScreen.tsx
  • app/src/screens/home/HomeScreen.tsx
  • app/src/screens/home/IdDetailsScreen.tsx
  • app/src/screens/home/ProofHistoryDetailScreen.tsx
  • app/src/screens/home/ProofHistoryList.tsx
  • app/src/screens/home/ProofHistoryScreen.tsx
  • app/src/screens/prove/ConfirmBelongingScreen.tsx
  • app/src/screens/prove/ProofRequestStatusScreen.tsx
  • app/src/screens/prove/ProveScreen.tsx
  • app/src/screens/prove/QRCodeViewFinderScreen.tsx
  • app/src/screens/recovery/AccountRecoveryChoiceScreen.tsx
  • app/src/screens/recovery/AccountVerifiedSuccessScreen.tsx
  • app/src/screens/recovery/RecoverWithPhraseScreen.tsx
  • app/src/screens/settings/ManageDocumentsScreen.tsx
  • app/src/screens/settings/SettingsScreen.tsx
  • app/src/screens/system/LaunchScreen.tsx
💤 Files with no reviewable changes (89)
  • app/AGENTS.md
  • app/android/android-passport-reader/gradlew.bat
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/KeyStoreCertStoreSpi.kt
  • app/android/android-passport-reader/app/src/main/res/mipmap-anydpi-v26/ic_launcher.xml
  • app/android/android-passport-reader/README.md
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_launcher_background.xml
  • app/android/android-passport-reader/app/src/androidTest/java/example/jllarraz/com/passportreader/ExampleInstrumentedTest.java
  • app/android/android-passport-reader/app/src/main/res/font/bold.xml
  • .cursorrules
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_camera_mrz.xml
  • app/android/android-passport-reader/app/src/main/res/values/styles.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/EACCredentials.kt
  • app/android/android-passport-reader/gradle.properties
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/PKDMasterListCertStoreParameters.kt
  • app/android/android-passport-reader/app/src/main/res/font/regular.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/validators/DateRule.kt
  • app/android/android-passport-reader/app/src/test/java/example/jllarraz/com/passportreader/ExampleUnitTest.java
  • .cursor/rules/technical-specification.mdc
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/OcrMrzDetectorProcessor.kt
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_nfc.xml
  • app/android/android-passport-reader/app/build.gradle
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/views/TouchImageView.kt
  • app/android/android-passport-reader/app/src/main/res/font/medium.xml
  • README.md
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/CameraMLKitFragment.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/common/PreferencesKeys.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/NfcActivity.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/network/MasterListService.kt
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/KeyStoreCertStoreParameters.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/FrameMetadata.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/NFCDocumentTag.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/common/IntentData.kt
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_selection.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/AdditionalDocumentDetails.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/PassportDetailsFragment.kt
  • app/android/android-passport-reader/build.gradle
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/CameraFragment.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/PassportPhotoFragment.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/AdditionalPersonDetails.kt
  • app/android/android-passport-reader/app/src/main/res/drawable-v24/ic_launcher_foreground.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_passport.xml
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/JMRTDSecurityProvider.kt
  • app/android/android-passport-reader/app/.gitignore
  • app/android/android-passport-reader/.gitignore
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/MRZUtil.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/SelectionActivity.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/GraphicOverlay.kt
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_text_color.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/PassportNfcUtils.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/network/MasterListApi.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/VisionImageProcessor.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/OcrUtils.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/PersonDetails.kt
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_close_circle_outline.xml
  • app/android/android-passport-reader/app/src/main/res/values/colors.xml
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/MRTDTrustStore.kt
  • app/android/android-passport-reader/app/src/main/res/layout/activity_camera.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_help_circle_outline.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/data/Passport.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/KeyStoreUtils.kt
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_photo.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_left.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_person.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/ic_check_circle_outline.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/validators/DocumentNumberRule.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/PassportNFC.kt
  • app/android/android-passport-reader/settings.gradle
  • app/android/android-passport-reader/app/src/main/res/values/dimens.xml
  • app/android/android-passport-reader/app/src/main/res/layout/activity_photo.xml
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_right.xml
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/VerificationStatus.kt
  • app/android/android-passport-reader/app/src/main/res/drawable/toggle_background_border.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/StringUtils.kt
  • app/android/android-passport-reader/app/src/main/assets/tessdata/eng.user-patterns
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/utils/ImageUtil.kt
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/mlkit/VisionProcessorBase.kt
  • app/android/android-passport-reader/app/src/main/res/layout/fragment_passport_details.xml
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/PKDCertStoreParameters.kt
  • app/android/android-passport-reader/app/proguard-rules.pro
  • app/android/android-passport-reader/gradlew
  • app/android/android-passport-reader/app/src/main/res/layout/activity_nfc.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/SelectionFragment.kt
  • app/android/android-passport-reader/app/src/main/AndroidManifest.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/activities/CameraActivity.kt
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/cert/CSCAMasterList.kt
  • app/android/android-passport-reader/app/src/main/java/org/jmrtd/FeatureStatus.kt
  • app/android/android-passport-reader/app/src/main/res/values/strings.xml
  • app/android/android-passport-reader/app/src/main/res/mipmap-anydpi-v26/ic_launcher_round.xml
  • app/android/android-passport-reader/app/src/main/java/example/jllarraz/com/passportreader/ui/fragments/NfcFragment.kt
🧰 Additional context used
📓 Path-based instructions (2)
.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

  • .github/workflows/npm-publish.yml
  • .github/workflows/workspace-ci.yml
  • .github/workflows/mobile-ci.yml
  • .github/workflows/mobile-sdk-demo-ci.yml
  • .github/workflows/mobile-bundle-analysis.yml
  • .github/workflows/mobile-e2e.yml
  • .github/workflows/mobile-deploy.yml
app/android/**/*

⚙️ CodeRabbit configuration file

app/android/**/*: Review Android-specific code for:

  • Platform-specific implementations
  • Performance considerations
  • Security best practices for mobile

Files:

  • app/android/app/src/main/AndroidManifest.xml
  • app/android/app/build.gradle
🧠 Learnings (25)
📓 Common learnings 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/android/**/*.{kt,java} : Document complex native Android module changes in the PR
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before committing, run repository checks (yarn nice, yarn lint, yarn build, contracts build, yarn types)

Applied to files:

  • .github/workflows/npm-publish.yml
  • .github/workflows/mobile-sdk-demo-ci.yml
  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)

Applied to files:

  • .github/workflows/workspace-ci.yml
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn build succeeds for all workspaces

Applied to files:

  • .github/workflows/workspace-ci.yml
  • .github/workflows/mobile-sdk-demo-ci.yml
  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/**/*.{ios,android,web}.{ts,tsx,js,jsx} : Explain platform-specific code paths in the PR description (files with .ios, .android, or .web extensions)

Applied to files:

  • .cursorignore
  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/android/**/*.{kt,java} : Document complex native Android module changes in the PR

Applied to files:

  • app/README.md
  • .github/workflows/mobile-e2e.yml
  • app/android/app/src/main/AndroidManifest.xml
  • app/android/app/build.gradle
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: For Android development, use Android SDK/Emulator and JDK 17 with JAVA_HOME set

Applied to files:

  • app/README.md
📚 Learning: 2025-09-22T11:10:22.019Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Use Yarn workspaces for monorepo management.

Applied to files:

  • AGENTS.md
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Use nvm and Corepack to set up the Yarn v4 monorepo before any other commands (nvm use; corepack enable; corepack prepare yarnstable --activate; yarn install)

Applied to files:

  • AGENTS.md
  • .github/workflows/mobile-sdk-demo-ci.yml
📚 Learning: 2025-09-22T11:10:22.019Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Test, build, and deploy scripts (`yarn test`, `yarn ios`, `yarn test:e2e:ios`, Fastlane, etc.) must be used for automation.

Applied to files:

  • AGENTS.md
  • .github/workflows/mobile-sdk-demo-ci.yml
  • .github/workflows/mobile-e2e.yml
  • .gitignore
  • .github/actions/mobile-setup/action.yml
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Optionally use Watchman and run yarn install at repo root

Applied to files:

  • AGENTS.md
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/demo/** : Provide an in-SDK lightweight React Native demo under packages/mobile-sdk-alpha/demo/

Applied to files:

  • .github/workflows/mobile-sdk-demo-ci.yml
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/samples/** : Create sample applications under packages/mobile-sdk-alpha/samples/ (RN demo and web demo)

Applied to files:

  • .github/workflows/mobile-sdk-demo-ci.yml
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

  • .github/workflows/mobile-sdk-demo-ci.yml
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

  • .github/workflows/mobile-sdk-demo-ci.yml
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Run yarn nice, yarn types, and yarn test before commits and PRs

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn test passes in affected packages

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-09-22T11:10:22.019Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Applies to tests/e2e/**/* : E2E testing must use Maestro for platform-specific flows.

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Run unit tests and ensure they pass (yarn test) before PRs

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn types passes across the repository

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before PRs, ensure yarn nice passes in affected workspaces

Applied to files:

  • .github/workflows/mobile-e2e.yml
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Avoid introducing circular dependencies

Applied to files:

  • .gitignore
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

  • .gitignore
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Never use real user PII in tests; use only synthetic, anonymized, or approved test vectors

Applied to files:

  • .gitignore
📚 Learning: 2025-07-29T01:08:28.530Z 
Learnt from: transphorm
PR: selfxyz/self#795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

Applied to files:

  • app/android/app/build.gradle
🔇 Additional comments (48)
AGENTS.md (1)

3-9: LGTM! Documentation aligns with monorepo strategy.

The new Package Management section clearly documents the Yarn-only policy for this monorepo, which is consistent with the existing setup instructions and learnings. The guidance is straightforward and helps prevent common mistakes like mixing package managers.

.gitleaks.toml (1)

25-25: LGTM - Mock certificate allowlist additions are appropriate.

The new allowlist entries correctly exclude mock certificates and test ID document generators from secret scanning. Line 25 uses a flexible regex pattern to cover compiled output directories, while line 27 targets the specific generator file. Both align with the existing pattern for mock certificates (line 24) and are appropriate for development/test artifacts.

Also applies to: 27-27

.cursorignore (3)

133-133: LGTM - Path update aligns with module rename.

The tessdata assets path correctly reflects the transition from passport-reader to android-passport-nfc-reader.

200-200: LGTM - Examples path updated consistently.

The examples directory path correctly follows the module rename pattern.

278-279: LGTM - Intentional exception for private module setup.

The exception appropriately allows Cursor AI to access the private module setup script, which is necessary for understanding the build configuration with the new android-passport-nfc-reader module.

.github/workflows/npm-publish.yml (2)

11-12: LGTM: Path monitoring and version checks properly extended.

The additions for qrcode-angular and contracts packages follow the established pattern for existing packages. The version-difference checks correctly handle both file-level changes and semantic version field changes, with proper manual dispatch fallbacks.

Also applies to: 22-23, 35-36, 51-57

171-198: LGTM: Clean publish job implementation.

The publish-qrcode-angular job is properly structured with no redundant steps. It correctly uses the shared composite action for dependency installation and follows the established pattern from the other SDK package publish jobs.

.github/workflows/workspace-ci.yml (1)

103-172: Well-structured disabled jobs ready for future activation.

The disabled workspace-format-check and workspace-test jobs are complete and well-designed. The format check's git diff logic (lines 125-139) properly validates clean state before and after formatting. These can be enabled when ready by removing if: false.

.yarnrc.yml (1)

2-2: Configuration change is valid and follows Yarn 4 best practices.

The nmHoistingLimits: workspaces setting is appropriate for this Yarn 4.6.0 monorepo with 13+ workspaces. This prevents phantom dependencies by restricting hoisting to workspace boundaries—a recommended practice for projects with mobile SDK packages, smart contracts, and circuit code.

Given the pre-PR validation requirements (yarn build, yarn nice, yarn test should pass before PR submission), this change should already be validated across affected workspaces.

app/android/app/src/main/AndroidManifest.xml (3)

91-99: LGTM! Proper Google Play Services metadata configuration.

The ModuleDependencies service is correctly configured for photo picker module dependency declaration. The android:exported="false" and android:enabled="false" attributes are appropriate for a metadata-only service, and the tools:ignore="MissingClass" is expected for modular Google Play Services components.

86-89: PhotoPickerActivity implementation verified.

The activity class exists at app/android/app/src/main/java/com/proofofpassportapp/PhotoPickerActivity.java and properly extends AppCompatActivity. The manifest configuration is correct with android:exported="false" ensuring the activity remains internal to the app.

9-9: The NFC permission and tech filter must remain - they are actively used.

Verification shows the passport-reader module is NOT being removed. Multiple TypeScript files (passportReader.ts, nfcScanner.ts) actively import and use react-native-passport-reader for NFC passport scanning functionality. The nfc_tech_filter.xml resource exists and is required.

However, there is a critical issue in MainApplication.kt line 27 where RNSelfPassportReaderPackage() is commented out. This will cause runtime failures when JavaScript code attempts to access the native NFC module. Either uncomment the package registration or remove all passport-reader functionality from the TypeScript codebase.

Likely an incorrect or invalid review comment.

.gitguardian.yml (1)

11-13: Remove redundant exclusion pattern.

Line 12 is redundant—the wildcard pattern on line 11 (common/src/mock_certificates/**) already covers common/src/mock_certificates/aadhaar/mockAadhaarCert.ts.

Regarding line 13: Verification confirms genMockIdDoc.ts imports only mock test keys (clearly labeled AADHAAR_MOCK_PRIVATE_KEY_PEM) used for generating test identity documents. GitGuardian would flag these as false positives, so excluding this file is reasonable. However, verify that your security scanning strategy intentionally excludes mock generators (not just mock data).

   - "**/constants/mockCertificates.ts"
   - "common/src/mock_certificates/**"
-  - "common/src/mock_certificates/aadhaar/mockAadhaarCert.ts"
   - "common/src/utils/passports/genMockIdDoc.ts"
.gitignore (1)

13-23: LGTM! Ignore patterns are appropriate.

The additions correctly exclude build artifacts (.giga/tasks/*), npm lockfiles in a Yarn-based monorepo (package-lock.json), and the private Android module directory cloned at build time (app/android/android-passport-nfc-reader/).

.github/workflows/mobile-sdk-demo-ci.yml (3)

6-6: LGTM! Workspace path updated consistently.

The path change from packages/mobile-sdk-alpha/demo-app/** to packages/mobile-sdk-demo/** aligns with the workspace restructuring.

21-25: Good addition: topological dependency build.

The new step ensures that transitive workspace dependencies are built in the correct order before running tests. The -R (recursive) and -t (topological) flags are appropriate here.

28-31: LGTM! Workspace references updated consistently.

Both the test and build commands now correctly reference the renamed mobile-sdk-demo workspace.

.github/workflows/mobile-bundle-analysis.yml (2)

20-20: LGTM! Runner upgrade for better performance.

Switching to macos-latest-large from macos-14 should improve bundle analysis execution times, especially beneficial for resource-intensive analysis tasks.

83-83: LGTM! Consistent runner upgrade for iOS analysis.

Matching the Android job's runner upgrade ensures consistent performance improvements across both platforms.

.github/actions/mobile-setup/action.yml (3)

81-81: LGTM! Simplified mobile installation.

Replacing OS-conditional logic with a single yarn install-app:mobile-deploy command reduces complexity and improves maintainability.

83-102: Good addition: Ruby dependency installation with strict lock enforcement.

The new step properly enforces Gemfile.lock consistency and provides helpful error messages that mirror the JavaScript dependency handling. The error guidance (run bundle install locally, commit lock file) is clear and actionable.

1-102: The mobile-setup composite action correctly separates setup from caching

This composite action is designed to handle dependency installation, not caching. Workflows that call this action (e.g., mobile-deploy.yml lines 167-189, 228, 782) properly handle caching separately using the shared composite caching actions (cache-yarn, cache-bundler, cache-pods) before invoking mobile-setup. This separation of concerns is intentional and follows best practices—caching is the workflow's responsibility, while setup/installation is delegated to the composite action.

The coding guideline about using shared composite caching actions applies to workflows, not to setup actions like this one.

Likely an incorrect or invalid review comment.

.github/workflows/mobile-ci.yml (3)

7-7: NDK version updated consistently.

The bump from 27.0.11718014 to 27.0.12077973 aligns with the same change across all workflow files in this PR.

39-39: Timeout guardrails added.

60-minute timeouts on all jobs provide protection against hanging builds. This is a sensible defensive measure for CI stability.

Also applies to: 96-96, 198-198, 387-387

451-455: PAT handling is correct and secure.

The composite action gracefully handles missing PAT by exiting with code 0 when SELFXYZ_INTERNAL_REPO_PAT is unavailable (lines 21-25 of the action). This allows forked PRs to continue building without the private android-passport-nfc-reader module. The action only fails (exit 1) when a PAT is provided but the clone operation itself fails, which is the expected behavior.

Additional security note: The PAT is immediately scrubbed from the git remote URL after cloning (line 38 of the action).

.github/workflows/mobile-e2e.yml (11)

7-7: NDK version bump matches other workflows.

Consistent with mobile-ci.yml and mobile-deploy.yml.

30-36: Build-only mode clearly documented.

The job rename to android-build-test and inline comments explain that E2E is temporarily disabled with a clear path to re-enable. Timeout increase to 60 minutes is appropriate.

78-93: E2E steps preserved for future re-enablement.

The if: false guards on Maestro validation, cache, and installation steps maintain the logic while disabling execution. This is a clean approach to temporary disablement.

107-111: Dependency build may fail silently despite error handling.

The build step uses || { echo "❌ ..."; exit 1; } for error handling, which is correct. However, ensure that build failures are surfaced clearly in CI logs.

112-116: Clone action invoked with correct parameters.

The composite action is called with working_directory: app and the PAT secret. This matches the expected usage pattern.

123-147: APK verification comprehensively checks build artifacts.

The verification block checks APK existence, logs size, and conditionally verifies the private module integration when PAT is available. The logic correctly handles forked PRs by skipping private module checks.

149-177: Emulator and E2E testing disabled but preserved.

The if: false guard on the emulator runner step maintains the full E2E flow for easy re-enablement. The logic is sound.

180-180: iOS timeout increased to 60 minutes.

Consistent with Android job timeout adjustments.

222-229: iOS dependency installation also split for fork safety.

Mirrors the Android approach, ensuring secrets are isolated from forked PRs. Same consideration about --silent applies here.

294-297: iOS dependency build has proper error handling.

The || { echo "❌ ..."; exit 1; } pattern ensures failures are caught and surfaced.

69-76: </scratchpad]

Conditional dependency installation correctly protects secrets in forked PRs.

The security pattern is well-implemented: SELFXYZ_INTERNAL_REPO_PAT is only exposed to trusted contexts (internal PRs and protected branches), while forked PRs install dependencies without access to secrets.

The --silent flag is used consistently across all yarn install commands in your workflows, indicating this is an intentional project standard rather than an oversight.

.github/actions/clone-android-passport-nfc-reader/action.yml (3)

1-12: Composite action structure is correct.

The action defines appropriate inputs with sensible defaults and descriptions.

19-25: Missing PAT handled gracefully.

The early exit with exit 0 ensures forked PRs can proceed without the private module. The messaging is clear and user-friendly.

43-50: Existing directory handling is appropriate.

The logic differentiates between CI (unexpected) and local development (expected) when the directory already exists. The warnings and messages are clear.

.github/workflows/mobile-deploy.yml (4)

8-8: NDK version updated consistently.

All four workflow files now use 27.0.12077973.

226-244: Dependency installation split to protect secrets.

The iOS dependency installation is now split into two steps: one for internal PRs with secrets, one for forked PRs without. This prevents secret leakage to untrusted contexts.

857-862: Clone action invoked correctly for Android builds.

The step is properly guarded with if: inputs.platform != 'ios' and passes the correct parameters. The working_directory uses env.APP_PATH which resolves to ${{ github.workspace }}/app.

788-790: Environment variables properly consumed by nested installation scripts.

Verification confirms that PLATFORM is consumed by app/scripts/setup-private-modules.cjs (line 31) during the yarn install-app:mobile-deploy execution. The script uses it to conditionally skip Android module setup when deploying iOS builds. Both environment variables are correctly propagated through the mobile-setup action to the underlying installation processes.

app/android/app/build.gradle (5)

132-133: LGTM!

Version increments are appropriate for the staging merge. The versionCode bump from 98 to 102 and versionName from "2.6.5" to "2.6.7" align with expected release versioning.

139-139: LGTM! Good proactive compatibility measure.

The -Wl,-z,max-page-size=16384 linker argument ensures compatibility with Android 15's 16KB page size support. This is a forward-looking change that prevents potential runtime issues on newer devices while maintaining backward compatibility.

183-192: LGTM! Improved packaging configuration.

The restructured packagingOptions properly handles duplicate native libraries and aligns with modern Android packaging requirements:

  • jniLibs.pickFirsts for libc++_shared.so resolves conflicts when multiple dependencies bundle the same shared library
  • useLegacyPackaging = false enables 16KB page alignment, which works in tandem with the linker flag on line 139
  • Moving META-INF excludes to resources.excludes follows current AGP best practices

This configuration should prevent build-time conflicts from duplicate resources.

235-239: LGTM! Proper Java 17 toolchain configuration.

The java toolchain block ensures Gradle uses Java 17 consistently across all compilation tasks. This works correctly with the compileOptions and kotlinOptions settings to enforce Java 17 throughout the build process.

112-118: Java 17 migration is correct but mobile-sdk-alpha dependency requires immediate alignment.

The Java 17 configuration in this file is correct and required—React Native 0.76.9 mandates JDK 17. Your toolchain (AGP 8.11.2, Gradle 8.13, NDK 27) fully supports this.

Critical issue: The workspace dependency @selfxyz/mobile-sdk-alpha has mismatched Java versions:

  • compileOptions: Java 8 (lines 68-69 in packages/mobile-sdk-alpha/android/build.gradle)
  • kotlinOptions: Java 17 (line 75)

This creates a bytecode compatibility mismatch that will cause runtime crashes or build failures. Update packages/mobile-sdk-alpha/android/build.gradle to use Java 17 for compileOptions (uncomment lines 70-71, remove lines 68-69).

⛔ Skipped due to learnings 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/android/**/*.{kt,java} : Document complex native Android module changes in the PR

Learnt from: transphorm
PR: selfxyz/self#795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

.gitguardian.yml
# Ignore specific file patterns (newer format)
ignore:
# Ignore specific file patterns
paths-ignore:
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify compatibility with ggshield version.

The configuration uses paths-ignore as the section header. Ensure this aligns with the version of ggshield in use, as older versions may expect different key names.

🏁 Script executed:

#!/bin/bash
# Description: Check ggshield version and verify paths-ignore is supported

# Check if there's a requirements file or package definition that pins ggshield version
fd -t f 'requirements.*\.txt|Pipfile|pyproject\.toml' --exec grep -H 'ggshield'

# Check CI workflows for ggshield usage
fd -t f '\.ya?ml' .github/workflows --exec grep -H 'ggshield'

Length of output: 91

🌐 Web query:

ggshield v1.41.0 configuration paths-ignore

💡 Result:

In ggshield v1.41.0 (config v2) the old v1 key paths-ignore should be moved under the secret section as ignored-paths (i.e. secret.ignored-paths). Add a top-level "version: 2" and use:

version: 2
secret:
ignored-paths:
- '**/README.md'
- 'doc/*'
- 'LICENSE'

(See migration guidance and configuration docs.) [1][2]

Sources:
[1] ggshield configuration / migration instructions.
[2] GitGuardian ggshield configuration reference (secret.ignored-paths / ignored-paths).

🏁 Script executed:

#!/bin/bash
# Check the complete structure of .gitguardian.yml to assess configuration format
cat .gitguardian.yml

Length of output: 1278

Configuration format incompatible with ggshield v1.41.0.

The workflow uses ggshield v1.41.0, which requires config v2 format. The current file uses deprecated v1 syntax (paths-ignore and secrets-ignore at top level). This will cause the configuration to be ignored or fail.

Required changes:

  • Add version: 2 at the top
  • Move paths-ignoresecret.ignored-paths
  • Move secrets-ignoresecret.ignored-matches

Example v2 structure:

version: 2
secret:
  ignored-paths:
    - "**/mock_certificates/**/*.key"
    # ... rest of patterns
  ignored-matches:
    - name: "Generic Private Key"
    # ... rest of secret types
🤖 Prompt for AI Agents 
In .gitguardian.yml around line 5, the config uses deprecated v1 top-level keys
(`paths-ignore`/`secrets-ignore`) incompatible with ggshield v1.41.0; update the
file to v2 by adding `version: 2` at the top, remove the top-level
`paths-ignore` and `secrets-ignore` entries, and relocate their contents under a
`secret:` section as `ignored-paths:` (for former `paths-ignore` patterns) and
`ignored-matches:` (for former `secrets-ignore` entries, using name/match
objects), preserving existing patterns and match definitions.

.github/actions/clone-android-passport-nfc-reader/action.yml
Comment on lines 29 to 42
if [ ! -d "android/android-passport-nfc-reader" ]; then
echo "📦 Cloning android-passport-nfc-reader for build..."
cd android
# Clone using PAT (embed temporarily, then scrub)
if git clone --depth 1 --quiet "https://${{ inputs.selfxyz_internal_pat }}@github.com/selfxyz/android-passport-nfc-reader.git"; then
echo "✅ android-passport-nfc-reader cloned successfully"
# Immediately scrub the credential from remote URL for security
git -C android-passport-nfc-reader remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git || true
else
echo "❌ Failed to clone android-passport-nfc-reader"
echo "Please ensure a valid SELFXYZ internal PAT is provided to this action"
exit 1
fi
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

PAT credential scrubbing lacks verification.

The clone embeds the PAT in the URL (line 34), then immediately scrubs it via remote set-url (line 37). However, the scrub command uses || true, which silently ignores failures. If the scrub fails, the PAT remains in the git config within the cloned repository, potentially exposing it in logs or subsequent operations.

Apply this diff to ensure the scrub operation is verified:

           # Clone using PAT (embed temporarily, then scrub)
           if git clone --depth 1 --quiet "https://${{ inputs.selfxyz_internal_pat }}@github.com/selfxyz/android-passport-nfc-reader.git"; then
             echo "✅ android-passport-nfc-reader cloned successfully"
             # Immediately scrub the credential from remote URL for security
-            git -C android-passport-nfc-reader remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git || true
+            if ! git -C android-passport-nfc-reader remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git; then
+              echo "❌ Failed to scrub PAT from git remote - cleaning up for security"
+              rm -rf android-passport-nfc-reader
+              exit 1
+            fi
+            echo "✅ PAT scrubbed from git remote"
           else
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if [ ! -d "android/android-passport-nfc-reader" ]; then
echo "📦 Cloning android-passport-nfc-reader for build..."
cd android
# Clone using PAT (embed temporarily, then scrub)
if git clone --depth 1 --quiet "https://${{ inputs.selfxyz_internal_pat }}@github.com/selfxyz/android-passport-nfc-reader.git"; then
echo "✅ android-passport-nfc-reader cloned successfully"
# Immediately scrub the credential from remote URL for security
git -C android-passport-nfc-reader remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git || true
else
echo "❌ Failed to clone android-passport-nfc-reader"
echo "Please ensure a valid SELFXYZ internal PAT is provided to this action"
exit 1
fi
if [ ! -d "android/android-passport-nfc-reader" ]; then
echo "📦 Cloning android-passport-nfc-reader for build..."
cd android
# Clone using PAT (embed temporarily, then scrub)
if git clone --depth 1 --quiet "https://${{ inputs.selfxyz_internal_pat }}@github.com/selfxyz/android-passport-nfc-reader.git"; then
echo "✅ android-passport-nfc-reader cloned successfully"
# Immediately scrub the credential from remote URL for security
if ! git -C android-passport-nfc-reader remote set-url origin https://github.com/selfxyz/android-passport-nfc-reader.git; then
echo "❌ Failed to scrub PAT from git remote - cleaning up for security"
rm -rf android-passport-nfc-reader
exit 1
fi
echo "✅ PAT scrubbed from git remote"
else
echo "❌ Failed to clone android-passport-nfc-reader"
echo "Please ensure a valid SELFXYZ internal PAT is provided to this action"
exit 1
fi
🤖 Prompt for AI Agents 
.github/actions/clone-android-passport-nfc-reader/action.yml around lines 29 to
42: the scrub step currently uses `|| true` so failures are ignored; instead
remove the silent ignore and verify the remote URL after attempting to set it to
ensure the PAT was removed—call the git remote set-url and then retrieve the
remote URL (e.g., git -C android/android-passport-nfc-reader remote get-url
origin) and if the returned URL still contains an embedded credential or an '@'
with a username, log an error and exit non-zero so the workflow fails rather
than leaving secrets in the repo config.

.github/workflows/npm-publish.yml
Comment on lines 145 to 170
publish-contracts:
needs: detect-changes
if: needs.detect-changes.outputs.contracts_changed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- uses: actions/checkout@v4
- name: Install Dependencies
uses: ./.github/actions/yarn-install
- name: Build package
run: |
yarn workspace @selfxyz/contracts build
- name: Publish to npm
working-directory: contracts
run: |
yarn config set npmScopes.selfxyz.npmAuthToken ${{ secrets.NPM_TOKEN }}
yarn config set npmPublishAccess public
yarn npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Remove duplicate checkout action.

Line 156 contains a redundant actions/checkout@v4 step that occurs after the Node.js setup. The repository was already checked out at line 150, making this second checkout unnecessary and wasteful of CI resources.

Apply this diff to remove the duplicate:

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: .nvmrc
          registry-url: "https://registry.npmjs.org"
-      - uses: actions/checkout@v4
      - name: Install Dependencies
        uses: ./.github/actions/yarn-install

Note: The publish-common job has the same issue at line 128 that should also be addressed.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
publish-contracts:
needs: detect-changes
if: needs.detect-changes.outputs.contracts_changed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- uses: actions/checkout@v4
- name: Install Dependencies
uses: ./.github/actions/yarn-install
- name: Build package
run: |
yarn workspace @selfxyz/contracts build
- name: Publish to npm
working-directory: contracts
run: |
yarn config set npmScopes.selfxyz.npmAuthToken ${{ secrets.NPM_TOKEN }}
yarn config set npmPublishAccess public
yarn npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
publish-contracts:
needs: detect-changes
if: needs.detect-changes.outputs.contracts_changed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- name: Install Dependencies
uses: ./.github/actions/yarn-install
- name: Build package
run: |
yarn workspace @selfxyz/contracts build
- name: Publish to npm
working-directory: contracts
run: |
yarn config set npmScopes.selfxyz.npmAuthToken ${{ secrets.NPM_TOKEN }}
yarn config set npmPublishAccess public
yarn npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
🤖 Prompt for AI Agents 
.github/workflows/npm-publish.yml around lines 145-170: the job
"publish-contracts" contains a duplicate actions/checkout@v4 step (the second
checkout at ~line 156) which should be removed; delete that redundant checkout
step so the repository is checked out only once (the initial checkout at ~line
150) and verify subsequent steps still run in the expected workspace; also
remove the identical duplicate checkout in the "publish-common" job at ~line 128
to eliminate the same redundancy.

app/README.md
| Android Studio (Optional)\* | Latest | [Install Android Studio](https://developer.android.com/studio) |
| Android SDK | Latest | See instructions for Android below |
| Android NDK | 27.0.11718014 | See instructions for Android below |
| Android NDK | 27.0.12077973 | See instructions for Android below |
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify NDK version consistency across CI workflows.

The NDK version is updated consistently throughout this README. Ensure that CI workflows and build scripts also reference 27.0.12077973.

🏁 Script executed:

#!/bin/bash
# Description: Verify NDK version consistency across the repository

# Search for any references to the old NDK version
echo "=== Checking for old NDK version (27.0.11718014) ==="
rg -n "27\.0\.11718014" --type yaml --type md --type gradle

echo ""
echo "=== Checking for new NDK version (27.0.12077973) ==="
rg -n "27\.0\.12077973" --type yaml --type md --type gradle

Length of output: 1062

Critical: Inconsistent NDK version detected in mobile-sdk-demo package.

The NDK version update is incomplete. While most files reference 27.0.12077973, the following file still uses the old version:

  • packages/mobile-sdk-demo/android/build.gradle:7 references 27.0.11718014

Update this file to 27.0.12077973 to maintain consistency and prevent build issues across the workspace.

🤖 Prompt for AI Agents 
packages/mobile-sdk-demo/android/build.gradle around line 7: the Android NDK
version is inconsistent (currently 27.0.11718014) while the repo standard is
27.0.12077973; update the NDK version string to 27.0.12077973 on line 7 so it
matches the README and other files, save the file, and run a quick build or
gradle sync to confirm no further mismatches.

coderabbitai[bot]
coderabbitai bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
app/package.json (1)

101-101: Prefer caret ranges to allow automatic patch updates
Current pins (@sentry/[email protected], Tamagui packages @1.126.14) have no known critical vulnerabilities (only a low-severity GHSA-68c2-4mpx-qh95 for Sentry RN with Expo), but using ^7.0.1 and ^1.126.14 ensures you’ll receive future patch and security fixes automatically.
Applies to lines 101, 103–104, 107.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a826c71 and 675c00e.

📒 Files selected for processing (4)
  • app/android/app/build.gradle (4 hunks)
  • app/ios/OpenPassport/Info.plist (1 hunks)
  • app/ios/Self.xcodeproj/project.pbxproj (19 hunks)
  • app/package.json (10 hunks)
✅ Files skipped from review due to trivial changes (1)
  • app/ios/OpenPassport/Info.plist
🧰 Additional context used
📓 Path-based instructions (3)
app/package.json

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Files:

  • app/package.json
app/ios/**/*

⚙️ CodeRabbit configuration file

app/ios/**/*: Review iOS-specific code for:

  • Platform-specific implementations
  • Performance considerations
  • Security best practices for mobile

Files:

  • app/ios/Self.xcodeproj/project.pbxproj
app/android/**/*

⚙️ CodeRabbit configuration file

app/android/**/*: Review Android-specific code for:

  • Platform-specific implementations
  • Performance considerations
  • Security best practices for mobile

Files:

  • app/android/app/build.gradle
🧠 Learnings (14)
📓 Common learnings 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/android/**/*.{kt,java} : Document complex native Android module changes in the PR
📚 Learning: 2025-09-22T11:10:22.019Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Test, build, and deploy scripts (`yarn test`, `yarn ios`, `yarn test:e2e:ios`, Fastlane, etc.) must be used for automation.

Applied to files:

  • app/package.json
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

  • app/package.json
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/package.json : Ensure package exports are properly configured

Applied to files:

  • app/package.json
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Enable tree shaking for the SDK (e.g., ensure 'sideEffects' is correctly set in package.json and exports are ESM-friendly)

Applied to files:

  • app/package.json
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

  • app/package.json
📚 Learning: 2025-08-29T15:29:47.727Z 
Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Use nvm and Corepack to set up the Yarn v4 monorepo before any other commands (nvm use; corepack enable; corepack prepare yarnstable --activate; yarn install)

Applied to files:

  • app/package.json
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

  • app/package.json
📚 Learning: 2025-08-29T15:31:15.924Z 
Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Avoid introducing circular dependencies

Applied to files:

  • app/package.json
📚 Learning: 2025-08-24T18:54:04.809Z 
Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.config.cjs : Use Jest in the app with a React Native preset configured in app/jest.config.cjs

Applied to files:

  • app/package.json
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/ios/**/*.{m,mm,swift} : Document complex native iOS module changes in the PR

Applied to files:

  • app/ios/Self.xcodeproj/project.pbxproj
📚 Learning: 2025-08-02T23:53:45.928Z 
Learnt from: transphorm
PR: selfxyz/self#823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

Applied to files:

  • app/ios/Self.xcodeproj/project.pbxproj
📚 Learning: 2025-09-22T11:10:57.879Z 
Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-09-22T11:10:57.879Z
Learning: Applies to app/android/**/*.{kt,java} : Document complex native Android module changes in the PR

Applied to files:

  • app/android/app/build.gradle
📚 Learning: 2025-07-29T01:08:28.530Z 
Learnt from: transphorm
PR: selfxyz/self#795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

Applied to files:

  • app/android/app/build.gradle
🔇 Additional comments (11)
app/android/app/build.gradle (6)

132-133: LGTM! Version bumps are consistent with staging merge.

The version increments (versionCode 98→102, versionName 2.6.5→2.6.8) are appropriate for this staging merge.

139-139: Verify 16KB page size compatibility testing.

The -Wl,-z,max-page-size=16384 linker flag adds support for Android 15+ devices with 16KB page sizes. This is a critical change for modern Android compatibility.

Ensure the following:

  1. The app has been tested on devices/emulators with 16KB page sizes
  2. The native modules (:react-native-passport-reader, :passportreader) are compatible with this configuration
  3. APK size impact is acceptable

Consider documenting this Android 15 compatibility change in the PR.

Based on learnings.

183-192: LGTM! Packaging options properly configured for modern Android.

The restructured packagingOptions correctly implements:

  • Modern packaging (useLegacyPackaging = false) for 16KB page alignment
  • Conflict resolution for libc++_shared.so via pickFirsts
  • Proper resource exclusions in the resources block

This aligns well with the 16KB page size support added in the CMake arguments.

235-239: LGTM! Java toolchain correctly configured.

The Java toolchain configuration ensures consistent Java 17 usage across all Gradle tasks, complementing the compileOptions and kotlinOptions settings.

229-230: Keep explicit androidx.activity dependencies

PhotoPickerActivity uses androidx.activity.result APIs, so declaring androidx.activity:activity:1.9.3 and androidx.activity:activity-ktx:1.9.3 is necessary.

112-118: Please verify that your Android Gradle Plugin and Gradle versions support Java 17 and that class-file desugaring is enabled. Run:

#!/bin/bash
echo "=== Android Gradle Plugin version ==="
grep -R "com.android.tools.build:gradle" -n app/android/build.gradle*

echo -e "\n=== Gradle wrapper distribution version ==="
grep -R "distributionUrl" -n gradle/wrapper/gradle-wrapper.properties

echo -e "\n=== coreLibraryDesugaring setup ==="
grep -R "coreLibraryDesugaring" -n app/android

Ensure AGP ≥ 7.4, Gradle ≥ 7.5, and add coreLibraryDesugaring if missing to fully support Java 17.

app/package.json (5)

3-3: LGTM - Version bump is appropriate.

The version bump from 2.6.5 to 2.6.8 aligns with the dev-to-staging merge workflow.

54-54: LGTM - Useful clean start option.

The start:clean script provides a comprehensive cache-clearing workflow for troubleshooting Android build issues.

59-59: LGTM - Complies with coding guidelines.

The test:build script correctly builds dependencies, checks types, performs bundle analysis, and runs tests as required.

As per coding guidelines.

72-77: Punycode resolution is up-to-date and secure.

[email protected] is the latest published version as of September 29, 2025 and has no known vulnerabilities in major databases, so no update is required.

82-82: No known advisories for new cryptographic dependencies; verify pinned versions for patch updates

  • @openpassport/zk-kit-imt, @peculiar/x509, hash.js, js-sha1, js-sha256 have no reported NPM security vulnerabilities.
  • Pinned @sentry/[email protected] and Tamagui packages (@tamagui/animations-css, @tamagui/animations-react-native, @tamagui/[email protected]) won’t receive patch upgrades—consider switching to caret (^) ranges or auditing these versions regularly.

app/ios/Self.xcodeproj/project.pbxproj
165E76BD2B8DC4A00000FA90 /* MRZScannerModule.swift in Sources */ = {isa = PBXBuildFile; fileRef = 165E76BC2B8DC4A00000FA90 /* MRZScannerModule.swift */; };
165E76BF2B8DC53A0000FA90 /* MRZScannerModule.m in Sources */ = {isa = PBXBuildFile; fileRef = 165E76BE2B8DC53A0000FA90 /* MRZScannerModule.m */; };
165E76C32B8DC8370000FA90 /* ScannerHostingController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 165E76C22B8DC8370000FA90 /* ScannerHostingController.swift */; };
1668A53F2E70A55E0005A522 /* PhotoLibraryQRScannerViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 1668A53E2E70A55E0005A522 /* PhotoLibraryQRScannerViewController.swift */; };
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify new native module is documented and file exists.

A new iOS native module PhotoLibraryQRScannerViewController.swift is being added to the build graph. Based on learnings, complex native iOS module changes should be documented in the PR description.

Run the following script to verify the file exists and check for documentation:

Based on learnings.

Also applies to: 61-61, 107-107, 411-411

🏁 Script executed:

#!/bin/bash
# Verify PhotoLibraryQRScannerViewController.swift exists and check for PR documentation

# Check if the file exists
if [ -f "app/ios/OpenPassport/PhotoLibraryQRScannerViewController.swift" ]; then
    echo "✓ File exists at expected location"
    echo ""
    echo "File info:"
    ls -lh app/ios/OpenPassport/PhotoLibraryQRScannerViewController.swift
    echo ""
    echo "First 20 lines:"
    head -20 app/ios/OpenPassport/PhotoLibraryQRScannerViewController.swift
else
    echo "✗ File NOT found at app/ios/OpenPassport/PhotoLibraryQRScannerViewController.swift"
fi

echo ""
echo "Checking for related documentation..."
fd -t f "AGENTS.md|README.md|CHANGELOG.md" app/

Length of output: 223

🏁 Script executed:

#!/bin/bash
# Search for PhotoLibraryQRScannerViewController.swift in the repo
echo "Searching for file..."
rg -n "PhotoLibraryQRScannerViewController.swift" -g "*.swift" || true

Length of output: 218

🏁 Script executed:

#!/bin/bash
# Search AGENTS.md for module documentation
rg -n "PhotoLibraryQRScannerViewController" app/AGENTS.md || echo "No references found"

Length of output: 19

Document new native iOS module in AGENTS.md and PR description

A new native iOS view controller PhotoLibraryQRScannerViewController.swift (located at app/ios/PhotoLibraryQRScannerViewController.swift) has been added. Per project guidelines, complex native iOS module changes must be documented. Add an entry to app/AGENTS.md (outlining its purpose and integration) and update the PR description accordingly.

🤖 Prompt for AI Agents 
In app/ios/Self.xcodeproj/project.pbxproj around line 21, a new native iOS view
controller PhotoLibraryQRScannerViewController.swift was added but not
documented; update app/AGENTS.md with a new entry describing the module name,
file path (app/ios/PhotoLibraryQRScannerViewController.swift), purpose
(photo-library QR scanning UI), integration points (how it is
instantiated/registered with the app, any bridging to JS, expected
inputs/outputs), required permissions (photo library/camera usage descriptions),
build/linking steps (if any manual Xcode config is required), and usage
examples; then update the PR description to summarize the addition, reference
the AGENTS.md entry, and note any follow-up steps or migration/testing
instructions.

app/package.json
"analyze:tree-shaking": "node ./scripts/analyze-tree-shaking.cjs imports",
"analyze:tree-shaking:web": "yarn web:build && node ./scripts/analyze-tree-shaking.cjs web",
"android": "yarn build:deps && react-native run-android",
"android": "yarn build:deps && yarn setup:android-deps && react-native run-android",
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

🧩 Analysis chain

Document the private Android module integration and verify script existence.

Multiple scripts now reference private module setup/cleanup (setup-private-modules.cjs and cleanup-private-modules.cjs). Based on learnings, complex native Android module changes should be documented in the PR.

Additionally, verify that these scripts exist and handle errors gracefully (e.g., network failures when cloning private repos, missing credentials).

Based on learnings.

Run the following script to verify the referenced setup scripts exist:

Also applies to: 17-18, 34-34, 51-52

🏁 Script executed:

#!/bin/bash
# Description: Verify that the private module setup/cleanup scripts exist

fd -t f "setup-private-modules.cjs|cleanup-private-modules.cjs" app/scripts/

Length of output: 77

🏁 Script executed:

#!/bin/bash
# Verify presence of documentation for private Android modules integration

# Check for an AGENTS.md file
fd -t f AGENTS.md .

# Check for a docs directory
fd -t d docs

# Search repository for mentions of private modules or the setup scripts
rg -n "private module" -C2 .
rg -n "setup-private-modules" -C2 .
rg -n "cleanup-private-modules" -C2 .

Length of output: 4360

Document private Android module integration in project docs.

Add or update README.md/AGENTS.md to describe the new setup:android-deps and clean:android-deps scripts, including prerequisites (e.g. SELFXYZ_INTERNAL_REPO_PAT) and CI vs. forked-PR behavior.

🤖 Prompt for AI Agents 
In app/package.json around line 11, the new npm scripts setup:android-deps and
clean:android-deps are not documented; update the project docs (README.md or
AGENTS.md) to add a section describing these scripts, list prerequisites
(including SELFXYZ_INTERNAL_REPO_PAT and any environment vars or tools), explain
when to run them locally vs in CI, and note special behavior for forked PRs
(e.g., token availability and fallback steps). Include example usage commands,
expected side effects (what files/dirs they modify), and CI setup notes (how to
configure secrets and conditional execution).

app/package.json
"node-forge": "^1.3.1",
"pkijs": "^3.2.5",
"poseidon-lite": "^0.2.0",
"prop-types": "^15.8.1",
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Remove duplicate prop-types declaration.

prop-types is declared in both dependencies (line 126) and devDependencies (line 207). This redundancy can lead to confusion about the intended usage. Keep it in dependencies if it's required at runtime by third-party libraries, otherwise move it exclusively to devDependencies.

Also applies to: 207-207

🤖 Prompt for AI Agents 
In app/package.json around line 126 (and duplicate at line 207), remove the
duplicate prop-types entry in devDependencies and keep the single "prop-types":
"^15.8.1" in dependencies (or vice-versa if you intentionally want it only for
development); specifically delete the prop-types line at 207 from
devDependencies, save package.json, then run npm install / yarn install to
update the lockfile and ensure no duplicate declarations remain.

@transphorm transphorm merged commit 675c00e into staging Sep 29, 2025
7 checks passed
This was referenced Sep 30, 2025
Draft
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@aaronmgdr aaronmgdr Awaiting requested review from aaronmgdr

@remicolin remicolin Awaiting requested review from remicolin

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@transphorm