move fcm token storage

[aaronmgdr]

move fcm token from proving store to setting store for better separation of concerns.

having fcm token in the proving machine felt a bit out of place. its not core to proving in any way. moving it out means we dont need to expose it to the sdk. this is good because sdk users can setup notifications how they wish.

---

Note

Removes notification adapter from SDK, adds a PROVING_BEGIN_GENERATION event, moves FCM token to Settings store, and handles device token registration in the app via a listener.

• SDK (mobile-sdk-alpha):
  • API Changes: Remove notification adapter and registerNotificationsToken from SelfClient; drop from Adapters/REQUIRED_ADAPTERS.
  • Events: Add SdkEvents.PROVING_BEGIN_GENERATION with payload (uuid, isMock, context).
  • Proving: Emit PROVING_BEGIN_GENERATION at start; remove fcmToken/setFcmToken from proving state.
• App:
  • Settings Store: Add fcmToken and setFcmToken to useSettingStore (persisted).
  • ConfirmBelongingScreen: Store FCM via useSettingStore instead of proving store.
  • SelfClientProvider: Add listener for PROVING_BEGIN_GENERATION to register device token using stored fcmToken; remove SDK-level notification adapter usage.
• Demo & Tests:
  • Update demo provider and tests to reflect removal of notification adapter and new event-driven flow.
• Misc:
  • Minor comment fix in SelfBackendVerifier.

^{Written by Cursor Bugbot for commit e5522cc. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

• New Features

  • Device token registration now occurs automatically when proof generation begins, with explicit success/error tracking and analytics.

• Refactor

  • FCM token persisted in Settings and token management decoupled from proving flows via an explicit start-generation signal.

• Breaking Changes

  • Notification adapter and related public APIs were removed from the SDK surface; callers must no longer rely on notification registration methods.

• Tests

  • Test fixtures and mocks updated to remove notification adapter and related mocks.

[coderabbitai]

Walkthrough

Moves FCM token persistence from the proving machine to a persisted settings store, emits a new PROVING_BEGIN_GENERATION event from the proving machine, and adds a provider listener that conditionally registers the device token via a dynamically imported notification service. Updates UI to store token in settings.

Changes

Cohort / File(s)	Summary
Provider listener & runtime registration app/src/providers/selfClientProvider.tsx	Adds PROVING_BEGIN_GENERATION listener; reads fcmToken from useSettingStore; dynamically imports notificationService and calls registerDeviceToken(uuid, fcmToken, isMock) when token present; logs analytics and proof events on success/failure.
UI: FCM token storage app/src/screens/prove/ConfirmBelongingScreen.tsx	Switches FCM token persistence to useSettingStore; replaces setFcmToken(token, selfClient) with setFcmToken(token); updates selector usage.
Persisted settings store app/src/stores/settingStore.ts	Adds persisted `fcmToken: string
Proving machine: event-driven refactor packages/mobile-sdk-alpha/src/proving/provingMachine.ts	Removes fcmToken and setFcmToken from ProvingState; startProving no longer reads token and now emits PROVING_BEGIN_GENERATION (uuid, isMock, context) to signal external registration.
SDK events typing packages/mobile-sdk-alpha/src/types/events.ts	Adds PROVING_BEGIN_GENERATION to SdkEvents and SDKEventMap with payload { uuid: string, isMock: boolean, context: ProofContext }.
Public API surface cleanup packages/mobile-sdk-alpha/src/types/public.ts, packages/mobile-sdk-alpha/src/client.ts	Removes NotificationAdapter from types, removes notification from Adapters, and deletes registerNotificationsToken / related SelfClient exposure.
Tests and test helpers updated app/tests/..., packages/mobile-sdk-alpha/tests/..., packages/mobile-sdk-alpha/tests/utils/testHelpers.ts, app/tests/utils/selfClientProvider.ts	Remove notification adapter/mocks and related expectations from test helpers and tests (deleted mock notification.registerDeviceToken and fixture usage).
Demo provider packages/mobile-sdk-demo/src/providers/SelfClientProvider.tsx	Removed no-op notification.registerDeviceToken adapter entry from demo provider adapters.
Minor formatting sdk/core/src/SelfBackendVerifier.ts	Non-functional comment/indent formatting change.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor User
  participant ConfirmBelongingScreen
  participant SettingStore
  participant ProvingMachine
  participant SelfClientProvider
  participant NotificationService

  User->>ConfirmBelongingScreen: confirm device
  ConfirmBelongingScreen->>ConfirmBelongingScreen: obtain FCM token
  ConfirmBelongingScreen->>SettingStore: setFcmToken(token)
  Note right of SettingStore #D3F9D8: persisted fcmToken

  User->>ProvingMachine: start proving
  ProvingMachine-->>SelfClientProvider: emit PROVING_BEGIN_GENERATION {uuid,isMock,context}
  alt fcmToken exists in SettingStore
    SelfClientProvider->>SelfClientProvider: dynamic import notificationService
    SelfClientProvider->>NotificationService: registerDeviceToken(uuid, fcmToken, isMock)
    NotificationService-->>SelfClientProvider: success / error
    SelfClientProvider->>SelfClientProvider: log analytics & proof events
  else no token present
    SelfClientProvider->>SelfClientProvider: skip registration
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Revert "Mobile SDK: move provingMachine from the app" #1084 — Modifies proving flow and notification handling; touches notification adapter removal and provingMachine event changes.
• SELF-678: Redo "Mobile SDK: move provingMachine from the app (#1052)" (#1084)" #1114 — Also adjusts device-token registration flow and SelfClient/provider/types related to notifications.
• Remove navigationRef from provingMachine #1011 — Refactors provingMachine event emissions and moves responsibilities out of the machine (navigation/registration).

Suggested labels

codex

Suggested reviewers

• transphorm
• Nesopie

Poem

A token moved to settings, tidy and small,
An event rings out when generation calls.
The provider listens, registers with care,
Logs the success or the error there.
Tiny shifts, clearer flow — the app stands tall.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “move fcm token storage” succinctly captures the primary refactor of relocating the FCM token handling from the proving store to the persisted app settings, clearly reflecting the pull request’s main objective.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aaronmgdr/fcm-refactor

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

app/src/providers/selfClientProvider.tsx (2)

167-167: Consider logging when token is missing.

The code silently skips token registration if fcmToken is null/empty. Consider adding a debug-level log to help troubleshoot cases where notifications aren't working because the token wasn't stored.

     if (fcmToken) {
+    } else {
+      logProofEvent('debug', 'Skipping device token registration - no token available', context);
+    }

---

162-189: Replace console.error in the PROVING_BEGIN_GENERATION listener with your centralized logging utility. The notification service’s registerDeviceToken only logs trimmed tokens (first/last 5 chars) and does not expose full FCM tokens or UUIDs, so you can safely remove the raw console.error to prevent unstructured stack traces in production.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6468ee9 and 4854d6f.

📒 Files selected for processing (5)

• app/src/providers/selfClientProvider.tsx (2 hunks)
• app/src/screens/prove/ConfirmBelongingScreen.tsx (3 hunks)
• app/src/stores/settingStore.ts (2 hunks)
• packages/mobile-sdk-alpha/src/proving/provingMachine.ts (2 hunks)
• packages/mobile-sdk-alpha/src/types/events.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

packages/mobile-sdk-alpha/**/*.{ts,tsx}

📄 CodeRabbit inference engine (packages/mobile-sdk-alpha/AGENTS.md)

packages/mobile-sdk-alpha/**/*.{ts,tsx}: Use strict TypeScript type checking across the codebase
Follow ESLint TypeScript-specific rules
Avoid introducing circular dependencies

Files:

• packages/mobile-sdk-alpha/src/types/events.ts
• packages/mobile-sdk-alpha/src/proving/provingMachine.ts

**/*.{js,ts,tsx,jsx,sol,nr}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{js,ts,tsx,jsx,sol,nr}: NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
ALWAYS redact/mask sensitive fields in logs using consistent patterns (e.g., ***-***-1234 for passport numbers, J*** D*** for names).

Files:

• packages/mobile-sdk-alpha/src/types/events.ts
• app/src/stores/settingStore.ts
• packages/mobile-sdk-alpha/src/proving/provingMachine.ts
• app/src/providers/selfClientProvider.tsx
• app/src/screens/prove/ConfirmBelongingScreen.tsx

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/src/types/events.ts
• packages/mobile-sdk-alpha/src/proving/provingMachine.ts

app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (app/AGENTS.md)

Type checking must pass before PRs (yarn types)

Files:

• app/src/stores/settingStore.ts
• app/src/providers/selfClientProvider.tsx
• app/src/screens/prove/ConfirmBelongingScreen.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/stores/settingStore.ts
• app/src/providers/selfClientProvider.tsx
• app/src/screens/prove/ConfirmBelongingScreen.tsx

packages/mobile-sdk-alpha/src/proving/**

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Place proof input generation in packages/mobile-sdk-alpha/src/proving/

Files:

• packages/mobile-sdk-alpha/src/proving/provingMachine.ts

🧬 Code graph analysis (3)

packages/mobile-sdk-alpha/src/types/events.ts (1)

packages/mobile-sdk-alpha/src/proving/internal/logging.ts (1)

• ProofContext (16-19)

app/src/providers/selfClientProvider.tsx (3)

app/src/stores/settingStore.ts (1)

• useSettingStore (37-95)

app/src/Sentry.ts (1)

• logProofEvent (260-265)

app/src/Sentry.web.ts (1)

• logProofEvent (263-268)

app/src/screens/prove/ConfirmBelongingScreen.tsx (1)

app/src/stores/settingStore.ts (1)

• useSettingStore (37-95)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Cursor Bugbot
• GitHub Check: android-build-test
• GitHub Check: e2e-ios
• GitHub Check: analyze-android
• GitHub Check: analyze-ios
• GitHub Check: build-deps
• GitHub Check: Cursor Bugbot

🔇 Additional comments (10)

packages/mobile-sdk-alpha/src/types/events.ts (2)

72-78: LGTM: Well-documented event addition.

The new PROVING_BEGIN_GENERATION event is clearly documented with appropriate guidance on its recommended usage. The naming convention aligns with existing SDK events.

---

108-112: Verified ProofContext safe
ProofContext extends BaseContext, which only includes sessionId, optional userId, platform, and stage; plus circuitType and currentState. No PII, credentials, or sensitive fields are exposed.

app/src/stores/settingStore.ts (2)

74-75: LGTM: Clean token state management.

The fcmToken initialization and setter implementation follow the existing pattern in the store. Nullable type is appropriate for optional FCM token.

---

23-24: Fix typo and ensure FCM token persistence hygiene.

• Change the comment in app/src/stores/settingStore.ts:35 from “sensative” to “sensitive.”
• Confirm that storing fcmToken in plain AsyncStorage aligns with your security requirements (e.g., encryption) and implement clearing it (e.g. setFcmToken(null)) on logout or app reset.

app/src/screens/prove/ConfirmBelongingScreen.tsx (3)

45-45: LGTM: Clean migration to settings store.

The switch from useProvingStore to useSettingStore for FCM token management correctly reflects the separation of concerns. The token is now stored in settings rather than proving state.

---

78-78: LGTM: Simplified token setter signature.

The setFcmToken(token) call correctly uses the new simplified signature that no longer requires the selfClient parameter. This is cleaner since the settings store doesn't need SDK client context.

---

67-102: Verify notification failure doesn't break proving flow.

The onOkPress flow stores the FCM token before starting the proving process. If getFCMToken() throws an exception, the token won't be stored, but setUserConfirmed will still be called (lines 84-87), allowing the proving flow to continue.

Confirm this is intentional behavior - that users can proceed with identity verification even if notification registration fails. This seems reasonable, but worth documenting if not already clear.

packages/mobile-sdk-alpha/src/proving/provingMachine.ts (3)

1197-1197: LGTM: FCM token removed from proving state.

The fcmToken has been correctly removed from the proving state destructuring, aligning with the refactor to move token management to the settings store.

---

1219-1224: LGTM: Event emission correctly placed.

The PROVING_BEGIN_GENERATION event is emitted at the right time - after validation of prerequisites but before the try block that generates and sends the payload. This ensures:

1. Listeners can register the FCM token before TEE processing begins
2. Event fires with validated uuid and passportData
3. The context provides proper logging information

The event is fire-and-forget (not awaited), which is appropriate since token registration is a side effect that shouldn't block proof generation.

---

1222-1222: Validate mock flag assignment and fallback
Ensure passportData.mock is explicitly set to true in all test and staging flows and that passportData?.mock ?? false correctly defaults to production when the flag is absent.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

app/src/providers/selfClientProvider.tsx (1)

99-107: Consider refactoring to reuse the notification adapter.

The notification adapter defined at lines 99-107 already performs the same dynamic import and call to registerFirebaseDeviceToken. The new listener code (lines 172-174) duplicates this logic.

Consider calling the adapter's registerDeviceToken method instead:

-            const { registerDeviceToken: registerFirebaseDeviceToken } =
-              await import('@/utils/notifications/notificationService');
-            await registerFirebaseDeviceToken(uuid, fcmToken, isMock);
+            await adapters.notification.registerDeviceToken(uuid, fcmToken, isMock);

However, note that adapters is defined in the outer scope and this listener is created in a useMemo, so you'd need to ensure proper dependency tracking or pass adapters into the listener factory. The current approach with separate imports is acceptable if you prefer to keep concerns separated.

Also applies to: 172-174

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4854d6f and 77b85dc.

📒 Files selected for processing (2)

• app/src/providers/selfClientProvider.tsx (2 hunks)
• sdk/core/src/SelfBackendVerifier.ts (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• sdk/core/src/SelfBackendVerifier.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{js,ts,tsx,jsx,sol,nr}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{js,ts,tsx,jsx,sol,nr}: NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
ALWAYS redact/mask sensitive fields in logs using consistent patterns (e.g., ***-***-1234 for passport numbers, J*** D*** for names).

Files:

• app/src/providers/selfClientProvider.tsx

app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (app/AGENTS.md)

Type checking must pass before PRs (yarn types)

Files:

• app/src/providers/selfClientProvider.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/providers/selfClientProvider.tsx

🧬 Code graph analysis (1)

app/src/providers/selfClientProvider.tsx (2)

app/src/stores/settingStore.ts (1)

• useSettingStore (37-95)

app/src/Sentry.ts (1)

• logProofEvent (260-265)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: Cursor Bugbot
• GitHub Check: build-deps
• GitHub Check: e2e-ios
• GitHub Check: android-build-test
• GitHub Check: analyze-android
• GitHub Check: analyze-ios
• GitHub Check: Cursor Bugbot

🔇 Additional comments (2)

app/src/providers/selfClientProvider.tsx (2)

23-23: LGTM - Import addition is appropriate.

The useSettingStore import is correctly added to support accessing the persisted FCM token.

---

164-189: No sensitive data exposed in ProofContext.

ProofContext contains only sessionId, optional userId (non-PII identifier), platform, stage, circuitType, and currentState—none of which are sensitive credentials or PII. Logging this context is safe.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Potential sensitive data exposure in error logging.

The console.error statement logs the raw error object, which could potentially contain sensitive information such as tokens, API responses, or PII depending on what the registerFirebaseDeviceToken function might throw.

Consider sanitizing the error before logging:

-            console.error('Error registering device token:', error);
+            console.error('Error registering device token');

The error details are already captured in the analytics event and logProofEvent call, so the console.error can be simplified to avoid potential data leakage.

As per coding guidelines: Never log sensitive data including credentials, tokens, API keys, or private keys.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	console.error('Error registering device token:', error);
	console.error('Error registering device token');

🤖 Prompt for AI Agents

In app/src/providers/selfClientProvider.tsx around line 182, the console.error
currently logs the raw error object which may contain sensitive data; replace it
with a non-sensitive message (e.g., a generic "Failed to register device token")
or log only a sanitized error identifier/code, and remove any token/PII from the
output; ensure analytics/logProofEvent still capture full details privately,
while the console log avoids printing sensitive fields.

[aaronmgdr]

not a problem

[coderabbitai]

@aaronmgdr Understood, I'll leave the logging as-is. Thanks for clarifying!

---

🧠 Learnings used

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Applies to **/*.{js,ts,tsx,jsx,sol,nr} : NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.

[shazarre]

nice one!

[cursor]

Bug: FCM Token Registration Race Conditions

The FCM token registration, now an async PROVING_BEGIN_GENERATION event listener, is prone to two race conditions. The proving flow doesn't await its completion, and the fcmToken can be null if the settings store hasn't rehydrated. This may cause users to miss push notifications for proof status updates.

Additional Locations (1)

• packages/mobile-sdk-alpha/src/proving/provingMachine.ts#L1218-L1224

 

[aaronmgdr]

the proving flow doesnt need the notification for completion

[aaronmgdr]

the token will be there.... trust me

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

app/src/providers/selfClientProvider.tsx (1)

153-180: Improve error handling, token freshness, and idempotency in PROVING_BEGIN_GENERATION listener.

• Wrap the dynamic import('@/utils/notifications/notificationService') in its own try/catch so import-specific failures can be logged separately from registration errors.
• Fetch the current FCM token at runtime (e.g. via await getFCMToken()) instead of using the potentially stale value from the settings store.
• Debounce or dedupe concurrent registerDeviceToken calls (or confirm the backend gracefully handles duplicates) to avoid race-condition spikes.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 77b85dc and e5522cc.

📒 Files selected for processing (9)

• app/src/providers/selfClientProvider.tsx (2 hunks)
• app/tests/src/utils/proving/validateDocument.test.ts (0 hunks)
• app/tests/utils/selfClientProvider.ts (0 hunks)
• packages/mobile-sdk-alpha/src/client.ts (1 hunks)
• packages/mobile-sdk-alpha/src/types/public.ts (0 hunks)
• packages/mobile-sdk-alpha/tests/client.test.ts (8 hunks)
• packages/mobile-sdk-alpha/tests/documents/utils.test.ts (0 hunks)
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts (0 hunks)
• packages/mobile-sdk-demo/src/providers/SelfClientProvider.tsx (0 hunks)

💤 Files with no reviewable changes (6)

• app/tests/src/utils/proving/validateDocument.test.ts
• packages/mobile-sdk-demo/src/providers/SelfClientProvider.tsx
• app/tests/utils/selfClientProvider.ts
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/tests/documents/utils.test.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts

🧰 Additional context used

📓 Path-based instructions (7)

**/*.{js,ts,tsx,jsx,sol,nr}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{js,ts,tsx,jsx,sol,nr}: NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
ALWAYS redact/mask sensitive fields in logs using consistent patterns (e.g., ***-***-1234 for passport numbers, J*** D*** for names).

Files:

• app/src/providers/selfClientProvider.tsx
• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/tests/client.test.ts

app/**/*.{ts,tsx}

📄 CodeRabbit inference engine (app/AGENTS.md)

Type checking must pass before PRs (yarn types)

Files:

• app/src/providers/selfClientProvider.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/providers/selfClientProvider.tsx

packages/mobile-sdk-alpha/**/*.{ts,tsx}

📄 CodeRabbit inference engine (packages/mobile-sdk-alpha/AGENTS.md)

packages/mobile-sdk-alpha/**/*.{ts,tsx}: Use strict TypeScript type checking across the codebase
Follow ESLint TypeScript-specific rules
Avoid introducing circular dependencies

Files:

• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/tests/client.test.ts

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/tests/client.test.ts

packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}}

📄 CodeRabbit inference engine (packages/mobile-sdk-alpha/AGENTS.md)

packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}}: Do NOT mock @selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('@selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)
Use actual imports from @selfxyz/mobile-sdk-alpha in tests
Write integration tests that exercise the real validation logic (not mocks)
Test isPassportDataValid() with realistic synthetic passport data (never real user data)
Verify extractMRZInfo() using published sample MRZ strings (e.g., ICAO examples)
Ensure parseNFCResponse() works with representative, synthetic NFC data
Never use real user PII in tests; use only synthetic, anonymized, or approved test vectors

Files:

• packages/mobile-sdk-alpha/tests/client.test.ts

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• packages/mobile-sdk-alpha/tests/client.test.ts

🧠 Learnings (5)

📚 Learning: 2025-09-22T11:10:22.019Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-09-22T11:10:22.019Z
Learning: Applies to **/*.{js,ts,tsx,jsx,sol,nr} : NEVER log sensitive data including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.

Applied to files:

• app/src/providers/selfClientProvider.tsx

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• packages/mobile-sdk-alpha/tests/client.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• packages/mobile-sdk-alpha/tests/client.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Never use real user PII in tests; use only synthetic, anonymized, or approved test vectors

Applied to files:

• packages/mobile-sdk-alpha/tests/client.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Verify extractMRZInfo() using published sample MRZ strings (e.g., ICAO examples)

Applied to files:

• packages/mobile-sdk-alpha/tests/client.test.ts

🧬 Code graph analysis (1)

app/src/providers/selfClientProvider.tsx (3)

app/src/stores/settingStore.ts (1)

• useSettingStore (37-95)

app/src/Sentry.ts (1)

• logProofEvent (260-265)

app/src/Sentry.web.ts (1)

• logProofEvent (263-268)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-deps
• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (4)

packages/mobile-sdk-alpha/src/client.ts (1)

43-43: LGTM: Notification adapter correctly removed from required adapters.

The removal of 'notification' from REQUIRED_ADAPTERS is consistent with the PR's goal of moving FCM token management out of the SDK layer and into the app's settings store.

app/src/providers/selfClientProvider.tsx (1)

23-23: LGTM: Settings store import aligns with token storage refactor.

The import of useSettingStore correctly supports the new flow where fcmToken is persisted in the app's settings store rather than the SDK's proving store.

packages/mobile-sdk-alpha/tests/client.test.ts (2)

9-9: LGTM: Import updated to remove NotificationAdapter.

The removal of NotificationAdapter from the import statement correctly reflects the API surface change where notification handling has been removed from the SDK.

---

52-174: LGTM: Test fixtures updated to remove notification adapter.

All test cases have been correctly updated to remove the notification adapter from the adapters object. The tests continue to validate required adapters (scanner, network, crypto, documents, auth) and cover the core SDK functionality without notification dependencies.