Bump build: ios 133; android 72 and build fixes

[transphorm]

bump builds for temp testing

• ios 133
• android 72
• update lock files
• ios build fixes
  • add @tamagui/toast
• android build fixes
  • upgrade react native gesture handler to 2.24.0
  • migrate from deprecated fotoapparat source to maintained version

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This update introduces a major refactor and expansion of the identity verification smart contract system, focusing on modularity, extensibility, and improved data structures. It adds new libraries, updates interfaces, restructures storage and verification flows, and introduces comprehensive tests for both passports and EU ID cards. The changes also remove obsolete SDK test projects and related configuration, while updating build scripts and workspace settings.

Changes

Files / Groups	Change Summary
contracts/contracts/IdentityVerificationHubImplV2.sol, contracts/contracts/abstract/SelfVerificationRoot.sol, contracts/contracts/interfaces/IIdentityVerificationHubV2.sol, contracts/contracts/interfaces/ISelfVerificationRoot.sol, contracts/contracts/libraries/SelfStructs.sol, contracts/contracts/libraries/CustomVerifier.sol, contracts/contracts/libraries/GenericFormatter.sol	Major refactor of the identity verification hub and root contracts; new modular libraries and interfaces; updated data structures for verification configs and outputs; new extensible verification flow and callback system.
contracts/contracts/libraries/CircuitAttributeHandler.sol, contracts/contracts/libraries/CircuitAttributeHandlerV2.sol, contracts/contracts/libraries/IdCardAttributeHandler.sol	Error names standardized (e.g., INSUFFICIENT_CHARCODE_LEN → InsufficientCharcodeLen); OFAC check functions updated for type consistency; internal logic and comments clarified.
contracts/contracts/libraries/Formatter.sol	Refined forbidden country code extraction logic for packed data, handling byte alignment and order.
contracts/contracts/verifiers/disclose/Verifier_vc_and_disclose_id.sol	Added new zk-SNARK verifier contract for ID card disclosure.
contracts/contracts/verifiers/register_id/Verifier_register_id_sha256_sha256_sha256_rsa_65537_4096.sol	Formatting and style adjustments, no logic changes.
contracts/contracts/registry/IdentityRegistryIdCard.sol, contracts/contracts/registry/IdentityRegistryIdCardImplV1.sol	Proxy contract removed; unused imports cleaned up in implementation.
contracts/contracts/constants/CircuitConstantsV2.sol	Updated constant for passportNoSmtRootIndex for EU ID cards.
contracts/package.json, contracts/hardhat.config.ts, contracts/scripts/dev.sh, contracts/scripts/test.sh, contracts/scripts/README.md	Build scripts updated to use yarn; new dev/test scripts and documentation added; Solidity compiler config simplified.
contracts/ignition/modules/, contracts/scripts/set.ts	Minor formatting and style updates in deployment scripts.
circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom	Added range check for input length using Num2Bits; new imports.
circuits/circuits/utils/passport/disclose/disclose_id.circom, circuits/tests/disclose/vc_and_disclose_id.test.ts	Adjusted MRZ byte length from 88 to 90; tests and comments updated accordingly.
circuits/scripts/build/build_disclose_circuits.sh, circuits/scripts/build/common.sh	Added new circuit to build list; adjusted include paths; disabled zkey contribution step.
circuits/circuits/utils/crypto/bigInt/bigInt.circom, circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom	Whitespace and comment formatting only.
common/index.ts, common/package.json	Exported buildSMT; bumped package version.
contracts/test/unit/CustomVerifier.test.ts, contracts/test/unit/GenericFormatter.test.ts, contracts/test/utils/constants.ts, contracts/test/utils/deploymentV2.ts, contracts/test/utils/formatter.ts, contracts/test/utils/generateProof.ts, contracts/test/utils/types.ts, contracts/test/v2/discloseId.test.ts, contracts/test/v2/disclosePassport.test.ts, contracts/test/v2/hubOther.test.ts, contracts/test/v2/registerId.test.ts, contracts/test/v2/registerPassport.test.ts, contracts/contracts/tests/TestCustomVerifier.sol, contracts/contracts/tests/TestSelfVerificationRoot.sol, contracts/contracts/tests/testGenericFormatter.sol	New or updated tests for V2 verification and registration flows, including end-to-end and unit tests for both passport and ID card attestations; new test contracts and utilities.
contracts/test/integration/.test.ts, contracts/test/unit/.test.ts	Minor style, import, and formatting updates in existing tests.
sdk/tests/api-server/, sdk/tests/web-app/	Entire API server and web app test projects deleted, including configs, scripts, routes, and documentation.
package.json	Removed sdk/tests/* from workspaces.
app/, .github/, circuits/*	Minor updates: version bumps, dependency updates, gesture/UX tweaks, build workflow changes, and internal refactors.

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant Contract
  participant Registry
  participant Verifier
  participant CustomVerifierLib

  User->>Contract: verify(proofPayload, userContextData)
  Contract->>Contract: decode input, extract attestationId
  Contract->>Registry: fetch registry address for attestationId
  Contract->>Verifier: fetch verifier for attestationId/type
  Contract->>Contract: perform scope, root, date, Groth16 checks
  Contract->>CustomVerifierLib: customVerify(attestationId, config, proofOutput)
  CustomVerifierLib-->>Contract: GenericDiscloseOutputV2
  Contract->>User: emit VerificationCompleted(output, userData)

Loading

Possibly related PRs

• fix: vc_and_disclose_id test #640: Updates MRZ byte length from 88 to 90 in circuits and tests, directly affecting the same files and logic as this PR.
• feat: add getConfigId function in SelfVerificationRoot #650: Refactors verification config ID management in SelfVerificationRoot and IdentityVerificationHubImplV2, affecting verification input formats and configuration handling.

Suggested reviewers

• remicolin

Poem

A rabbit hopped through fields of code,
Refactoring smart contracts on its road.
With structs and verifiers, libraries anew,
It checked forbidden countries, and OFAC too.
Now passports and ID cards both verify with glee—
All thanks to this bunny's code harmony!
🐇✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

🔭 Outside diff range comments (1)

contracts/contracts/libraries/Formatter.sol (1)

158-213: Consider refactoring to improve readability and reduce duplication.

The function contains repetitive byte extraction and reversal logic across multiple conditional branches. This could be simplified for better maintainability.

Consider extracting helper functions:

 function extractForbiddenCountriesFromPacked(
     uint256[4] memory publicSignals
 ) internal pure returns (string[MAX_FORBIDDEN_COUNTRIES_LIST_LENGTH] memory forbiddenCountries) {
     for (uint256 i = 0; i < 4; i++) {
         if (publicSignals[i] >= SNARK_SCALAR_FIELD) {
             revert InvalidFieldElement();
         }
     }
+
+    function reverseBytes3(uint256 data) pure returns (uint24) {
+        return uint24(((data & 0xff) << 16) | ((data & 0xff00)) | ((data & 0xff0000) >> 16));
+    }

     for (uint256 j = 0; j < MAX_FORBIDDEN_COUNTRIES_LIST_LENGTH; j++) {
         uint256 byteIndex = (j * 3) % 93;
         uint256 index = j / 31;

         if (byteIndex + 2 < 31) {
             uint256 shift = byteIndex * 8;
             uint256 mask = 0xFFFFFF;
             uint256 packedData = (publicSignals[index * 3] >> shift) & mask;
-            uint256 reversedPackedData = ((packedData & 0xff) << 16) |
-                ((packedData & 0xff00)) |
-                ((packedData & 0xff0000) >> 16);
-            forbiddenCountries[j] = string(abi.encodePacked(uint24(reversedPackedData)));
+            forbiddenCountries[j] = string(abi.encodePacked(reverseBytes3(packedData)));

Additionally, consider adding documentation explaining the packed data format and why 93 bytes are used (3 × 31-byte segments).

🧹 Nitpick comments (14)

contracts/contracts/example/HappyBirthday.sol (1)

1-202: Consider removing or relocating disabled example contracts

The entire SelfHappyBirthday contract is now commented out. Instead of leaving a fully commented file in the codebase, it’s cleaner to either delete it or move it to a dedicated deprecated/ or examples/ directory. This will improve readability and reduce maintenance overhead.

contracts/contracts/libraries/SelfStructs.sol (2)

101-123: Consider consolidating identical verification config structs.

VerificationConfigV1 and VerificationConfigV2 have identical field definitions. If they're truly the same, consider using a single struct or add comments explaining the intended differences for future versioning.

-    struct VerificationConfigV1 {
-        bool olderThanEnabled;
-        uint256 olderThan;
-        bool forbiddenCountriesEnabled;
-        uint256[4] forbiddenCountriesListPacked;
-        bool[3] ofacEnabled;
-    }
-
-    struct VerificationConfigV2 {
-        bool olderThanEnabled;
-        uint256 olderThan;
-        bool forbiddenCountriesEnabled;
-        uint256[4] forbiddenCountriesListPacked;
-        bool[3] ofacEnabled;
-    }
+    struct VerificationConfig {
+        bool olderThanEnabled;
+        uint256 olderThan;
+        bool forbiddenCountriesEnabled;
+        uint256[4] forbiddenCountriesListPacked;
+        bool[3] ofacEnabled;
+    }
+    
+    // Type aliases for version compatibility
+    type VerificationConfigV1 is VerificationConfig;
+    type VerificationConfigV2 is VerificationConfig;

---

30-52: Consider consolidating similar output structs.

PassportOutput and EuIdOutput have identical field structures. Consider using a generic struct or adding comments explaining the differences to justify separate definitions.

-    struct PassportOutput {
-        uint256 attestationId;
-        bytes revealedDataPacked;
-        uint256 userIdentifier;
-        uint256 nullifier;
-        uint256[4] forbiddenCountriesListPacked;
-    }
-
-    struct EuIdOutput {
-        uint256 attestationId;
-        bytes revealedDataPacked;
-        uint256 userIdentifier;
-        uint256 nullifier;
-        uint256[4] forbiddenCountriesListPacked;
-    }
+    struct VerificationOutput {
+        uint256 attestationId;
+        bytes revealedDataPacked;
+        uint256 userIdentifier;
+        uint256 nullifier;
+        uint256[4] forbiddenCountriesListPacked;
+    }
+    
+    // Type aliases for specific verification types
+    type PassportOutput is VerificationOutput;
+    type EuIdOutput is VerificationOutput;

contracts/scripts/dev.sh (1)

72-78: Consider preserving cache selectively.

The clean command removes all cache and artifacts directories. Consider preserving some cache for faster subsequent builds, or provide an option for deep vs. shallow cleaning.

         "clean")
             print_status "Cleaning build artifacts..."
             npx hardhat clean
-            rm -rf cache/
+            rm -rf cache/solidity-files-cache.json
             rm -rf artifacts/
             rm -rf typechain-types/
             print_success "Build artifacts cleaned"

contracts/test/unit/GenericFormatter.test.ts (1)

126-164: Comprehensive generic disclose output testing.

The test validates encoding and decoding of generic disclose output structures with comprehensive field validation, ensuring proper data serialization.

Minor observation on line 151: The assertion compares genericDiscloseOutputV2.attestationId.toString() with itself, which will always pass. Consider comparing the decoded value instead:

-    expect(genericDiscloseOutputV2.attestationId.toString()).to.equal(genericDiscloseOutputV2.attestationId);
+    expect(genericDiscloseOutputLatest[0][0]).to.equal(genericDiscloseOutputV2.attestationId);

contracts/contracts/libraries/Formatter.sol (1)

157-157: Address the TODO comment before merging.

The TODO comment indicates that this function needs further review. Please either address the concern or create a tracking issue for it.

Would you like me to help review this function's logic or create an issue to track this TODO?

contracts/test/v2/discloseId.test.ts (1)

1-904: Exceptional end-to-end test coverage for ID card verification!

This test suite thoroughly covers all verification scenarios including edge cases for invalid proofs, configuration mismatches, date validation, OFAC checks, and more. The test organization and assertions are excellent.

Consider adding brief comments before complex test scenarios (e.g., the OFAC and forbidden countries tests) to explain the test setup and expected behavior for future maintainers.

contracts/test/v2/disclosePassport.test.ts (1)

133-135: Consider using ethers.ZeroHash for clarity

While the string comparison works, using ethers.ZeroHash would be more explicit and type-safe.

-    if (currentRoot.toString() === "0") {
+    if (currentRoot === ethers.ZeroHash) {

contracts/contracts/libraries/CustomVerifier.sol (1)

144-156: Consider documenting why ID cards skip document number OFAC checks.

The implementation correctly handles ID card verification, but it would be helpful to add a comment explaining why document number OFAC checks are not applicable to ID cards.

         if (verificationConfig.ofacEnabled[0] || verificationConfig.ofacEnabled[1]) {
             if (
                 !CircuitAttributeHandlerV2.compareOfac(
                     AttestationId.EU_ID_CARD,
                     idCardOutput.revealedDataPacked,
+                    // ID cards don't have document number OFAC checks
                     false,
                     verificationConfig.ofacEnabled[0],
                     verificationConfig.ofacEnabled[1]

Also applies to: 208-212

contracts/contracts/interfaces/IIdentityVerificationHubV2.sol (1)

92-113: Document array length requirements for batch operations.

The batch update functions should document that all input arrays must have equal lengths to prevent implementation errors.

     /**
      * @notice Batch updates register circuit verifiers.
+     * @dev All arrays must have the same length.
      * @param attestationIds An array of attestation identifiers.
      * @param typeIds An array of signature type identifiers.
      * @param verifierAddresses An array of new register circuit verifier addresses.
      */

contracts/contracts/IdentityVerificationHubImplV2.sol (4)

32-33: Remove or implement the bridge address TODO comment.

The comment suggests considering adding a bridge address for cross-chain support, but this is left unimplemented. Either remove this comment or create a tracking issue for implementing cross-chain functionality.

Would you like me to create an issue to track the implementation of cross-chain bridge functionality?

---

105-106: Consider making the LengthMismatch error more specific.

The error name is too generic. Consider renaming it to be more specific about what arrays have mismatched lengths, such as ArrayLengthMismatch or BatchUpdateLengthMismatch.

-    error LengthMismatch();
+    error BatchUpdateLengthMismatch();

---

215-229: Consider abstracting the attestation type handling to reduce code duplication.

Both registerCommitment and registerDscKeyCommitment have identical if-else patterns for handling different attestation types. This pattern is repeated throughout the contract.

Consider implementing a registry pattern or factory pattern to handle different attestation types more elegantly. For example:

interface IAttestationHandler {
    function registerCommitment(bytes32 attestationId, uint256 nullifier, uint256 commitment) external;
    function registerDscKeyCommitment(uint256 leaf) external;
}

mapping(bytes32 => IAttestationHandler) attestationHandlers;

This would eliminate the repeated if-else blocks and make adding new attestation types easier.

Also applies to: 244-255

---

281-293: Consider the API design for unimplemented cross-chain functionality.

The verify function accepts and processes destChainId but always reverts for cross-chain requests. This could be confusing for users.

Consider either:

1. Removing cross-chain parameters until the feature is implemented
2. Clearly documenting that cross-chain is not yet supported in the function documentation
3. Adding a feature flag to enable/disable cross-chain support

     /**
      * @notice Main verification function with new structured input format.
      * @dev Orchestrates the complete verification process including proof validation and result handling.
      * This function decodes the input, executes the verification flow, and handles the result based on destination chain.
+     * NOTE: Cross-chain verification is not yet supported and will revert if destChainId differs from the current chain.
      * @param baseVerificationInput The base verification input containing header and proof data.
      * @param userContextData The user context data containing config ID, destination chain ID, user identifier, and additional data.
      */

Also applies to: 564-570

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a9f6207 and e7a23ee.

⛔ Files ignored due to path filters (6)

• sdk/tests/api-server/bun.lockb is excluded by !**/bun.lockb
• sdk/tests/web-app/src/app/favicon.ico is excluded by !**/*.ico
• sdk/tests/web-app/src/app/fonts/GeistMonoVF.woff is excluded by !**/*.woff
• sdk/tests/web-app/src/app/fonts/GeistVF.woff is excluded by !**/*.woff
• sdk/tests/web-app/src/app/verified/skeleton.gif is excluded by !**/*.gif
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (107)

• .github/actions/mobile-setup/action.yml (1 hunks)
• .github/actions/yarn-install/action.yml (1 hunks)
• .github/workflows/artifacts.yml (2 hunks)
• .github/workflows/npm-publish.yml (4 hunks)
• app/android/app/build.gradle (1 hunks)
• app/android/react-native-passport-reader/android/build.gradle (1 hunks)
• app/index.js (1 hunks)
• app/ios/OpenPassport/Info.plist (1 hunks)
• app/ios/Self.xcodeproj/project.pbxproj (4 hunks)
• app/package.json (2 hunks)
• app/src/layouts/SimpleScrolledTitleLayout.tsx (2 hunks)
• app/src/screens/dev/MockDataScreen.tsx (2 hunks)
• app/src/screens/misc/LaunchScreen.tsx (2 hunks)
• app/src/screens/passport/NFCMethodSelectionScreen.tsx (5 hunks)
• app/src/screens/passport/PassportNFCScanScreen.tsx (6 hunks)
• app/src/screens/passport/PassportNFCTroubleScreen.tsx (4 hunks)
• app/src/screens/settings/SettingsScreen.tsx (2 hunks)
• app/src/types/react-native-passport-reader.d.ts (1 hunks)
• app/src/utils/nfcScanner.ts (1 hunks)
• app/src/utils/utils.ts (1 hunks)
• circuits/circuits/utils/crypto/bigInt/bigInt.circom (5 hunks)
• circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom (4 hunks)
• circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom (3 hunks)
• circuits/circuits/utils/passport/disclose/disclose_id.circom (3 hunks)
• circuits/scripts/build/build_disclose_circuits.sh (1 hunks)
• circuits/scripts/build/common.sh (2 hunks)
• circuits/tests/disclose/vc_and_disclose_id.test.ts (4 hunks)
• common/index.ts (2 hunks)
• common/package.json (1 hunks)
• contracts/contracts/IdentityVerificationHubImplV2.sol (10 hunks)
• contracts/contracts/abstract/SelfVerificationRoot.sol (2 hunks)
• contracts/contracts/constants/CircuitConstantsV2.sol (2 hunks)
• contracts/contracts/example/Airdrop.sol (1 hunks)
• contracts/contracts/example/HappyBirthday.sol (1 hunks)
• contracts/contracts/example/SelfPassportERC721.sol (1 hunks)
• contracts/contracts/interfaces/IIdentityVerificationHubV2.sol (3 hunks)
• contracts/contracts/interfaces/ISelfVerificationRoot.sol (2 hunks)
• contracts/contracts/libraries/CircuitAttributeHandler.sol (3 hunks)
• contracts/contracts/libraries/CircuitAttributeHandlerV2.sol (8 hunks)
• contracts/contracts/libraries/CustomVerifier.sol (1 hunks)
• contracts/contracts/libraries/Formatter.sol (2 hunks)
• contracts/contracts/libraries/GenericFormatter.sol (1 hunks)
• contracts/contracts/libraries/IdCardAttributeHandler.sol (3 hunks)
• contracts/contracts/libraries/SelfStructs.sol (1 hunks)
• contracts/contracts/registry/IdentityRegistryIdCard.sol (0 hunks)
• contracts/contracts/registry/IdentityRegistryIdCardImplV1.sol (0 hunks)
• contracts/contracts/tests/TestCustomVerifier.sol (1 hunks)
• contracts/contracts/tests/TestSelfVerificationRoot.sol (1 hunks)
• contracts/contracts/tests/testGenericFormatter.sol (1 hunks)
• contracts/contracts/verifiers/disclose/Verifier_vc_and_disclose_id.sol (1 hunks)
• contracts/contracts/verifiers/register_id/Verifier_register_id_sha256_sha256_sha256_rsa_65537_4096.sol (4 hunks)
• contracts/hardhat.config.ts (1 hunks)
• contracts/ignition/modules/hub/deployHub.ts (1 hunks)
• contracts/ignition/modules/verifiers/deployAllVerifiers.ts (3 hunks)
• contracts/package.json (2 hunks)
• contracts/scripts/README.md (1 hunks)
• contracts/scripts/dev.sh (1 hunks)
• contracts/scripts/setHubV2.ts (3 hunks)
• contracts/scripts/setRegistry.ts (2 hunks)
• contracts/scripts/setRegistryId.ts (3 hunks)
• contracts/scripts/test.sh (1 hunks)
• contracts/test/example/airdrop.test.ts (4 hunks)
• contracts/test/integration/commitmentRegistration.test.ts (3 hunks)
• contracts/test/integration/endToEnd.test.ts (3 hunks)
• contracts/test/integration/vcAndDisclose.test.ts (4 hunks)
• contracts/test/integration/verifyAll.test.ts (14 hunks)
• contracts/test/unit/CustomVerifier.test.ts (1 hunks)
• contracts/test/unit/GenericFormatter.test.ts (1 hunks)
• contracts/test/unit/IdentityRegistry.test.ts (1 hunks)
• contracts/test/unit/formatter.test.ts (1 hunks)
• contracts/test/utils/constants.ts (1 hunks)
• contracts/test/utils/deploymentV2.ts (1 hunks)
• contracts/test/utils/formatter.ts (1 hunks)
• contracts/test/utils/generateProof.ts (7 hunks)
• contracts/test/utils/pubkeys/serialized_csca_tree.json (0 hunks)
• contracts/test/utils/pubkeys/serialized_dsc_tree.json (0 hunks)
• contracts/test/utils/types.ts (2 hunks)
• contracts/test/v2/discloseId.test.ts (1 hunks)
• contracts/test/v2/disclosePassport.test.ts (1 hunks)
• contracts/test/v2/hubOther.test.ts (1 hunks)
• contracts/test/v2/registerId.test.ts (1 hunks)
• contracts/test/v2/registerPassport.test.ts (1 hunks)
• package.json (0 hunks)
• sdk/tests/api-server/.env.sample (0 hunks)
• sdk/tests/api-server/.gitignore (0 hunks)
• sdk/tests/api-server/README.md (0 hunks)
• sdk/tests/api-server/package.json (0 hunks)
• sdk/tests/api-server/src/app.routes.ts (0 hunks)
• sdk/tests/api-server/src/app.ts (0 hunks)
• sdk/tests/api-server/src/contracts/infrastructure/contracts.controller.ts (0 hunks)
• sdk/tests/api-server/tsconfig.json (0 hunks)
• sdk/tests/web-app/.env.sample (0 hunks)
• sdk/tests/web-app/.eslintrc.json (0 hunks)
• sdk/tests/web-app/.gitignore (0 hunks)
• sdk/tests/web-app/README.md (0 hunks)
• sdk/tests/web-app/next.config.mjs (0 hunks)
• sdk/tests/web-app/package.json (0 hunks)
• sdk/tests/web-app/postcss.config.mjs (0 hunks)
• sdk/tests/web-app/src/app/api/verify/route.ts (0 hunks)
• sdk/tests/web-app/src/app/disclose/logo.ts (0 hunks)
• sdk/tests/web-app/src/app/disclose/page.tsx (0 hunks)
• sdk/tests/web-app/src/app/globals.css (0 hunks)
• sdk/tests/web-app/src/app/layout.tsx (0 hunks)
• sdk/tests/web-app/src/app/page.tsx (0 hunks)
• sdk/tests/web-app/src/app/verified/page.module.css (0 hunks)
• sdk/tests/web-app/src/app/verified/page.tsx (0 hunks)
• sdk/tests/web-app/tailwind.config.ts (0 hunks)

⛔ Files not processed due to max files limit (1)

• sdk/tests/web-app/tsconfig.json

💤 Files with no reviewable changes (29)

• sdk/tests/web-app/.env.sample
• package.json
• sdk/tests/web-app/.eslintrc.json
• sdk/tests/web-app/next.config.mjs
• sdk/tests/api-server/.env.sample
• sdk/tests/api-server/tsconfig.json
• sdk/tests/api-server/README.md
• sdk/tests/web-app/src/app/disclose/logo.ts
• sdk/tests/web-app/README.md
• sdk/tests/web-app/tailwind.config.ts
• sdk/tests/web-app/postcss.config.mjs
• sdk/tests/web-app/src/app/globals.css
• contracts/contracts/registry/IdentityRegistryIdCard.sol
• sdk/tests/web-app/src/app/page.tsx
• sdk/tests/web-app/src/app/verified/page.tsx
• contracts/test/utils/pubkeys/serialized_csca_tree.json
• sdk/tests/api-server/src/app.ts
• sdk/tests/web-app/src/app/disclose/page.tsx
• sdk/tests/api-server/.gitignore
• sdk/tests/web-app/package.json
• contracts/test/utils/pubkeys/serialized_dsc_tree.json
• sdk/tests/api-server/src/app.routes.ts
• sdk/tests/web-app/src/app/layout.tsx
• sdk/tests/web-app/.gitignore
• sdk/tests/web-app/src/app/verified/page.module.css
• sdk/tests/api-server/package.json
• contracts/contracts/registry/IdentityRegistryIdCardImplV1.sol
• sdk/tests/api-server/src/contracts/infrastructure/contracts.controller.ts
• sdk/tests/web-app/src/app/api/verify/route.ts

🧰 Additional context used

🪛 Biome (1.9.4)

contracts/test/unit/CustomVerifier.test.ts

[error] 4-8: Do not export from a test file.

(lint/suspicious/noExportsInTest)

🔇 Additional comments (150)

contracts/contracts/example/Airdrop.sol (1)

1-330: Clarify the inconsistency between PR title and changes, and consider alternative approaches to deactivating this contract.

The PR title suggests this is related to "Android build 72 upgrade gesture package," but the actual change is commenting out an entire Solidity smart contract. This creates confusion about the PR's intent.

Additionally, commenting out an entire contract file is unusual. Consider these alternatives:

• Delete the file entirely if it's no longer needed
• Move to an archived directory if you want to preserve it for reference
• Add a README explaining why example contracts were deactivated

The current approach leaves dead code in the repository, which could confuse future developers.

Could you clarify:

1. Is this PR title correct, or should it reflect the contract deactivation changes?
2. Is commenting out the preferred approach over deletion for these example contracts?

Likely an incorrect or invalid review comment.

contracts/contracts/example/HappyBirthday.sol (1)

1-202: Verify no residual references

Commenting out the contract may lead to broken imports or references elsewhere. Please ensure no other contracts, tests, or scripts import or reference SelfHappyBirthday.

#!/bin/bash
# Search for any references to SelfHappyBirthday in the repository
rg "SelfHappyBirthday" -n

.github/workflows/npm-publish.yml (3)

6-6: Branch change from main to dev looks correct.

The change to trigger publishing on dev branch pushes aligns with the PR objectives and is properly implemented.

---

66-66: Command change from yarn to npm is consistent.

The switch from yarn npm publish to npm publish is applied consistently across all three publish jobs and should work correctly with the Node.js setup.

Also applies to: 94-94, 121-121

---

68-69: Let’s explicitly search your workflows directory (which is hidden by default in ripgrep) to catch both tokens:

#!/bin/bash
# Include hidden .github folder in the search
rg -n "NPM_AUTH_TOKEN" .github/workflows
rg -n "NODE_AUTH_TOKEN" .github/workflows

contracts/scripts/setRegistry.ts (2)

19-21: Good stylistic improvement.

Removing unnecessary quotes from object keys when they're valid identifiers improves code readability and follows JavaScript/TypeScript best practices.

---

33-36: Improved readability with multi-line path construction.

The reformatted path.join call with trailing commas enhances readability and makes it easier to add or modify path segments in the future.

contracts/test/example/airdrop.test.ts (2)

35-35: Consistent arrow function parameter formatting.

Adding parentheses around arrow function parameters in dynamic imports improves consistency with TypeScript style guidelines.

Also applies to: 290-290

---

77-83: Better formatting for contract deployment.

The reformatted contract deployment calls improve readability while maintaining the same functionality.

Also applies to: 352-352

contracts/contracts/libraries/SelfStructs.sol (1)

1-124: Well-structured library with comprehensive documentation.

The library provides a solid foundation for the identity verification system with clear, well-documented data structures. The NatSpec documentation is thorough and follows Solidity best practices.

app/ios/OpenPassport/Info.plist (1)

24-24: Version bump looks correct and coordinated.

The version increment from 2.5.3 to 2.5.4 aligns with the coordinated version updates across iOS, Android, and package.json mentioned in the AI summary.

common/package.json (1)

3-3: Bump package version
Version updated from 0.0.2 to 0.0.3 to align with downstream dependencies.

app/package.json (2)

3-3: Sync mobile app version
Version bumped to 2.5.4 to match Android and iOS builds.

---

96-96: Upgrade gesture handler dependency
Updated react-native-gesture-handler to ^2.25.0; ensure compatibility and test gesture interactions on both platforms.

app/android/app/build.gradle (1)

89-90: Update Android version code and name
VersionCode set to 72 and versionName to "2.5.4" to match mobile app release.

.github/actions/yarn-install/action.yml (1)

18-19: Pin Yarn to v4.6.0
Explicitly activating Yarn 4.6.0 for consistent CI installs.

contracts/test/utils/constants.ts (1)

4-4: Add EU_ID_CARD attestation identifier
Introduced EU_ID_CARD constant; verify it’s referenced in verification logic and tests.

Run this script to confirm usage:

#!/bin/bash
rg 'EU_ID_CARD' -n .

app/android/react-native-passport-reader/android/build.gradle (1)

37-38: Verify compatibility with jmrtd library version 0.8.1.

The version update from 0.7.42 to 0.8.1 represents a minor version bump that could potentially introduce breaking changes. Given the comment about "getting different errors" with various versions, please ensure thorough testing of passport reading functionality after this upgrade.

#!/bin/bash
# Description: Check for any breaking changes or security advisories for jmrtd library versions

# Check Maven Central for jmrtd 0.8.1 availability and changelog
curl -s "https://search.maven.org/solrsearch/select?q=g:org.jmrtd+AND+a:jmrtd+AND+v:0.8.1&rows=1&wt=json" | jq -r '.response.docs[0] // "Version not found"'

# Check for security advisories
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "org.jmrtd:jmrtd") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

common/index.ts (1)

25-25: LGTM! Clean addition to public API.

The buildSMT function import and export follow the established pattern in this file and will make this SMT utility accessible to external consumers as intended.

Also applies to: 65-65

circuits/circuits/utils/crypto/hasher/shaBytes/dynamic/sha1Bytes.circom (1)

31-31: LGTM! Good code hygiene with whitespace cleanup.

The whitespace cleanup improves code consistency without affecting circuit logic or functionality.

Also applies to: 69-69, 71-71, 89-89, 95-95, 118-118

app/index.js (1)

24-24: We need to broaden the search to all JS/TS files without relying on built-in type definitions. Let’s rerun ripgrep with glob patterns:

#!/bin/bash
echo "🔍 Searching for ToastProvider usage..."
rg -i "ToastProvider" -g '*.js' -g '*.jsx' -g '*.ts' -g '*.tsx' -A2 -B2 || echo "✔ No ToastProvider references found"

echo "🔍 Searching for useToast hook usage..."
rg -i "useToast" -g '*.js' -g '*.jsx' -g '*.ts' -g '*.tsx' -A2 -B2 || echo "✔ No useToast references found"

echo "🔍 Searching for toast( function calls..."
rg -i "toast\(" -g '*.js' -g '*.jsx' -g '*.ts' -g '*.tsx' -A2 -B2 || echo "✔ No toast() calls found"

echo "🔍 Searching for <Toast components..."
rg -i "<Toast" -g '*.js' -g '*.jsx' -g '*.ts' -g '*.tsx' -A2 -B2 || echo "✔ No <Toast components found"

contracts/ignition/modules/verifiers/deployAllVerifiers.ts (1)

10-10: LGTM! Good code style improvements.

The consistent use of parentheses in arrow function parameters and reformatted console.log statements enhance code readability and maintainability without affecting functionality.

Also applies to: 25-25, 67-72

contracts/ignition/modules/hub/deployHub.ts (1)

21-21: LGTM: Clean formatting improvement.

The consolidation of the initialize function arguments into a single line improves readability while maintaining identical functionality.

circuits/scripts/build/build_disclose_circuits.sh (1)

19-19: Verify the corresponding circuit implementation exists.

The addition of the ID card circuit configuration looks correct and consistent with the existing pattern. Ensure that the corresponding circuit files and verifier contracts are properly implemented.

#!/bin/bash
# Verify that the ID card circuit and related files exist
fd -t f "vc_and_disclose_id" --exec echo "Found: {}"

.github/actions/mobile-setup/action.yml (1)

55-55: LGTM: Good practice for build consistency.

Explicitly setting the Yarn version to 4.6.0 ensures consistent dependency management across CI environments and aligns with similar changes in other workflow files.

contracts/hardhat.config.ts (1)

4-4: LGTM: Minor formatting improvement.

Adding the trailing comma improves code consistency and makes future modifications easier.

app/src/screens/misc/LaunchScreen.tsx (2)

29-33: LGTM: Standardized developer mode gesture.

The change from a two-finger tap to a five-tap gesture standardizes the developer mode activation pattern across the app. The five-tap gesture may be more accessible for users who have difficulty with multi-finger gestures.

---

40-40: Gesture detector updated correctly.

The gesture detector properly references the renamed devModeTap gesture, maintaining the intended functionality.

app/src/screens/settings/SettingsScreen.tsx (2)

139-143: LGTM! Improved gesture accessibility and consistency.

The change from a two-finger tap to a five-tap gesture makes developer mode activation more accessible while maintaining security through repetitive action. This aligns well with the standardization effort across multiple screens mentioned in the summary.

---

200-200: LGTM! Gesture detector properly updated.

The GestureDetector correctly references the renamed gesture variable.

contracts/test/unit/IdentityRegistry.test.ts (1)

195-195: LGTM! Improved code style consistency.

Adding parentheses around the arrow function parameter aligns with common linting rules and improves code consistency.

circuits/circuits/utils/crypto/bigInt/bigInt.circom (1)

11-168: LGTM! Code formatting improvements.

The whitespace and formatting changes improve code readability and consistency without affecting the circuit logic or functionality. These align well with the broader code cleanup effort mentioned in the summary.

circuits/scripts/build/common.sh (2)

75-77: Verify the updated include paths work with current project structure.

The change from ./node_modules to ../node_modules suggests the build context has changed. Please ensure these paths are correct for the current directory structure and that all necessary libraries are found during compilation.

---

88-91: Let’s inspect the surrounding logic to confirm how and where ${CIRCUIT_NAME}_final.zkey is produced and used:

#!/bin/bash
echo "=== lines 80-130 ==="
sed -n '80,130p' circuits/scripts/build/common.sh
echo
echo "=== lines 140-180 ==="
sed -n '140,180p' circuits/scripts/build/common.sh

contracts/scripts/setHubV2.ts (3)

16-18: LGTM! Improved object key styling.

Removing quotes from object keys that are valid identifiers follows modern JavaScript/TypeScript best practices and improves code readability.

---

37-40: LGTM! Enhanced path construction readability.

The multi-line path.join() with trailing commas improves readability and makes future modifications easier to track in version control.

---

228-228: LGTM! Improved code formatting.

Proper indentation enhances code consistency and readability.

contracts/contracts/libraries/CircuitAttributeHandler.sol (1)

15-15: LGTM: Error naming standardization

The renaming from INSUFFICIENT_CHARCODE_LEN to InsufficientCharcodeLen follows Solidity naming conventions by using PascalCase for custom errors. This change is consistent across the error declaration, NatSpec documentation, and revert statement.

Also applies to: 182-182, 194-194

app/src/screens/dev/MockDataScreen.tsx (1)

263-264: LGTM: Simplified gesture for better UX

The change from a 2-finger triple tap to a single-finger 5-tap gesture makes the advanced mode activation more accessible and easier to execute. This aligns with the standardization effort mentioned across other screens in the app.

contracts/scripts/setRegistryId.ts (1)

19-21: LGTM: Code formatting improvements

The formatting changes improve code readability:

• Removing quotes from object keys follows modern JavaScript/TypeScript conventions
• Multi-line formatting for long expressions enhances readability
• No functional changes introduced

Also applies to: 33-36, 89-93

.github/workflows/artifacts.yml (2)

43-45: LGTM: Modern Yarn setup with corepack

Using corepack enable and setting a specific Yarn version (4.6.0) is the modern approach for managing package managers in Node.js environments. This ensures consistent dependency management across CI workflows.

---

63-64: LGTM: Formatting cleanup

Removing trailing spaces after && operators improves command syntax consistency.

contracts/contracts/libraries/IdCardAttributeHandler.sol (1)

16-16: LGTM: Consistent error naming standardization

The renaming from INSUFFICIENT_CHARCODE_LEN to InsufficientCharcodeLen matches the identical change in CircuitAttributeHandler.sol, ensuring consistency across the attribute handler libraries. This follows Solidity naming conventions for custom errors.

Also applies to: 180-180, 192-192

app/ios/Self.xcodeproj/project.pbxproj (1)

426-426: Version updates look correct, but verify the scope of changes.

The iOS version bumps are consistent (CURRENT_PROJECT_VERSION: 129→132, MARKETING_VERSION: 2.5.3→2.5.4), but the PR title mentions "bump android build 72". Please confirm whether this PR includes coordinated Android and iOS version updates.

Also applies to: 541-541, 564-564, 678-678

app/src/types/react-native-passport-reader.d.ts (2)

6-7: Verify native module implementations for new properties.

The new canNumber and useCan properties suggest CAN (Card Access Number) support, which aligns with enhanced passport scanning capabilities. Ensure these properties are properly implemented in the native iOS/Android modules.

---

13-13: Verify native module implementation for reset method.

The new reset() method suggests scanner state management functionality. Ensure this method is properly implemented in the native iOS/Android modules.

circuits/circuits/utils/passport/disclose/disclose_id.circom (2)

67-67: Good documentation update to reflect actual data layout.

The comment correction accurately describes the revealedData array structure: 90 bytes for MRZ data, 2 bytes for age verification, and 2 bytes for OFAC checks, totaling 94 bytes as declared.

---

45-47: Clean whitespace formatting improvements.

The whitespace adjustments improve code readability and consistency.

Also applies to: 71-71, 94-94

app/src/utils/utils.ts (1)

6-11: Excellent improvement to MRZ format detection.

The regex-based validation is much more robust than the previous simple length checks. The TD1 regex properly validates the complete 60-character ID card structure, and the TD3 regex validates passport format structure.

contracts/test/integration/commitmentRegistration.test.ts (3)

8-8: Good cleanup of import statement.

Removing the .js extension aligns with TypeScript best practices when proper module resolution is configured.

---

62-62: Consistent dynamic import syntax improvement.

The arrow function syntax with parentheses around the parameter improves consistency in the dynamic import statements.

Also applies to: 246-246

---

9-9: Verify the new file path exists.

The path change from a test-specific location to a common directory suggests repository restructuring. Ensure the file exists at ../../../common/pubkeys/serialized_dsc_tree.json.

#!/bin/bash
# Description: Verify the serialized_dsc_tree.json file exists at the new path
# Expected: File should exist and be accessible

find . -name "serialized_dsc_tree.json" -type f

contracts/contracts/constants/CircuitConstantsV2.sol (2)

64-64: LGTM! Comment accurately reflects the updated constant value.

The comment update aligns with the code change below, improving documentation clarity.

---

101-101: Verify that dependent code handles the sentinel value correctly.

The change from 0 to 99 for passportNoSmtRootIndex in EU ID cards makes logical sense since ID cards don't have passport numbers. Using 99 as a sentinel value is clearer than 0 which could be mistaken for a valid index.

However, ensure that all code consuming this constant properly handles the sentinel value 99 to avoid index out-of-bounds errors or incorrect processing.

#!/bin/bash
# Description: Search for usage of passportNoSmtRootIndex to verify proper handling of sentinel value 99

# Search for direct usage of the constant
rg -A 3 -B 3 "passportNoSmtRootIndex"

# Search for usage of the specific value 99 in circuit-related files
rg -A 3 -B 3 "\b99\b" --type=sol --type=ts

contracts/test/integration/verifyAll.test.ts (2)

44-44: LGTM! Consistent arrow function parameter formatting.

The parentheses around the arrow function parameter improve consistency with similar dynamic imports throughout the codebase.

---

181-181: LGTM! Improved type annotation formatting.

The consistent formatting of VcAndDiscloseHubProof type annotations enhances code readability without affecting functionality.

Also applies to: 202-202, 225-225, 248-248, 269-269, 307-307, 332-332, 353-353, 381-381, 405-405, 429-429, 482-482, 505-505

circuits/tests/disclose/vc_and_disclose_id.test.ts (4)

84-84: LGTM! Correctly removes passport number SMT for ID card circuits.

Using null for passportNo_smt is appropriate since ID cards don't have passport numbers, aligning with the circuit logic changes.

---

186-187: LGTM! Test assertions updated to match new data layout.

The assertion indices correctly shifted from 88-89 to 90-91, consistent with the MRZ data length increase from 88 to 90 bytes.

---

268-268: LGTM! Consistent removal of passport number SMT.

This change maintains consistency with the earlier modification, correctly using null for passport number SMT in ID card scenarios.

---

140-140: Verify the MRZ data length increase from 88 to 90 bytes.

The loop boundary change from 88 to 90 suggests the MRZ data structure for ID cards is 2 bytes longer than passports. This aligns with the AI summary mentioning updated circuit comments indicating 90 bytes for MRZ and 2 bytes for OFAC data.

Please confirm this change is intentional and matches the actual circuit specification.

#!/bin/bash
# Description: Verify the MRZ data length change in circuit files and related constants

# Search for MRZ length constants or references to 88/90 bytes
rg -A 3 -B 3 "\b(88|90)\b.*MRZ" 

# Check circuit files for MRZ data structure definitions
fd -e circom | xargs rg -A 5 -B 5 "MRZ.*90|90.*MRZ"

# Look for selector_dg1 array length definitions
rg -A 3 -B 3 "selector_dg1.*90|Array\(90\)"

contracts/test/integration/endToEnd.test.ts (3)

12-14: LGTM! Import path cleanup improves module resolution.

The removal of .js extensions and path adjustments align with TypeScript best practices and improve module resolution consistency across the test suite.

---

89-89: LGTM! Consistent dynamic import formatting.

The parentheses around the arrow function parameter maintain consistency with similar changes in other test files.

---

186-197: LGTM! Improved code formatting for deployment.

The single-line deployment call with direct arguments improves readability and maintains consistency with similar patterns in other test files.

app/src/utils/nfcScanner.ts (2)

37-37: LGTM! Reset call ensures clean scanning state.

Adding PassportReader.reset() at the beginning of the Android scan function helps ensure a clean state before scanning, which can improve reliability and consistency.

---

42-43: LGTM! CAN authentication support added for Android.

The addition of canNumber and useCan parameters brings Android scanning functionality to parity with iOS, enabling CAN (Card Access Number) authentication for enhanced NFC reading capabilities.

The fallback values ('' for canNumber and false for useCan) ensure backward compatibility when these parameters are not provided.

circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom (3)

6-7: LGTM - Imports added for new functionality.

The new imports are correctly added to support the range check functionality being introduced.

---

24-26: Excellent security improvement with range checking.

Adding explicit range validation for in_len_padded_bytes is a valuable security enhancement. The constraint ensures the input length fits within the expected bit-width derived from max_num_bytes * 8, preventing potential overflow or out-of-bounds issues in the hashing circuits.

The use of log2Ceil(max_num_bytes * 8) correctly converts the maximum byte count to the corresponding bit-width needed for the range check.

---

37-37: LGTM - Minor formatting improvement.

The whitespace formatting fix improves code consistency.

contracts/contracts/tests/TestCustomVerifier.sol (1)

1-16: LGTM - Well-structured test contract.

This test contract follows good practices:

1. Clean wrapper pattern - Exposes the library function for isolated testing
2. Correct imports - Imports both CustomVerifier and SelfStructs libraries
3. Appropriate visibility - Uses external pure which is correct for a stateless wrapper
4. Clear naming - Function name clearly indicates its testing purpose

The contract enables comprehensive unit testing of the CustomVerifier library without requiring the full verification hub infrastructure.

contracts/contracts/verifiers/register_id/Verifier_register_id_sha256_sha256_sha256_rsa_65537_4096.sol (3)

25-56: LGTM - Improved constant declaration formatting.

The alignment of assignment operators in constant declarations improves readability and maintains consistency throughout the file.

---

63-68: LGTM - Better function signature formatting.

The multi-line formatting of the verifyProof function signature improves readability, especially given the multiple complex parameter types.

---

76-76: LGTM - Assembly code cleanup.

The whitespace cleanup in the assembly block improves code organization without affecting the verification logic. All critical operations like field checks, pairing computations, and return values remain unchanged.

Also applies to: 111-111, 113-113, 115-115, 167-167, 169-169, 171-171, 178-181

contracts/test/integration/vcAndDisclose.test.ts (4)

13-13: LGTM: Import addition aligns with formatter updates.

The import of formatCountriesList, reverseBytes, reverseCountryBytes is consistent with the broader changes to the verification system and formatter utilities.

---

46-46: LGTM: Dynamic import syntax modernization.

The arrow function syntax for the dynamic import is cleaner and more consistent with modern JavaScript practices.

---

92-92: LGTM: Consistent with updated forbidden countries handling.

The use of getPackedForbiddenCountries function maintains consistency with the updated data handling patterns.

---

136-141: ```shell
#!/bin/bash

Search for all TS definitions and occurrences of forbiddenCountriesListPacked

rg -n "forbiddenCountriesListPacked" -g '*.ts' -C 5

Search for any Solidity declarations or usages of forbiddenCountriesListPacked in contracts

rg -n "forbiddenCountriesListPacked" -g 'contracts/**/*.sol' -C 5

</details>
<details>
<summary>app/src/screens/passport/PassportNFCTroubleScreen.tsx (5)</summary>

`3-3`: **LGTM: YStack import supports layout restructuring.**

The addition of YStack import is necessary for the new layout structure introduced later in the component.

---

`17-17`: **LGTM: Improved string consistency.**

Standardizing apostrophes to straight quotes improves text consistency across the application.



Also applies to: 25-25, 33-33, 37-37

---

`52-57`: **Excellent UX improvement: Simplified gesture for better accessibility.**

The change from a two-finger five-tap to a single-finger five-tap gesture significantly improves accessibility and reduces the complexity of triggering developer mode. This is a thoughtful enhancement that makes the feature more discoverable.

---

`63-65`: **Great addition: Secondary button provides user-friendly alternative.**

Adding the "Open NFC Options" secondary button gives users a clear, discoverable path to access NFC method selection without needing to know about the hidden gesture. This improves the overall user experience.

---

`66-79`: **Well-structured layout with focused gesture scope.**

The new YStack layout properly separates concerns by wrapping only the first caption with the gesture detector, while keeping the tips and concluding caption outside. This ensures the gesture is discoverable but doesn't interfere with normal scrolling behavior.

</details>
<details>
<summary>contracts/scripts/README.md (1)</summary>

`1-154`: **Excellent documentation: Comprehensive and well-structured developer guide.**

This README provides thorough documentation for the utility scripts with:

- Clear categorization of test and development commands
- Practical usage examples and workflows  
- Helpful troubleshooting section
- Good integration notes with package.json scripts

The documentation will significantly improve developer experience by making the scripts more discoverable and easier to use correctly.

</details>
<details>
<summary>contracts/test/utils/formatter.ts (1)</summary>

`91-110`: ```shell
#!/bin/bash
# Display the code around extractForbiddenCountriesFromPacked in the Solidity library
rg -n "function extractForbiddenCountriesFromPacked" -A 30 -B 5 contracts/contracts/libraries/Formatter.sol

app/src/screens/passport/NFCMethodSelectionScreen.tsx (5)

9-9: LGTM: Appropriate imports for new functionality.

The addition of BodyText and useUserStore imports supports the new MRZ editing functionality and state management requirements.

Also applies to: 13-13

---

47-47: Good platform expansion: CAN authentication now available on Android.

Extending CAN authentication support to Android improves the accessibility of this authentication method across platforms.

---

58-66: Valuable addition: Manual MRZ editing capability.

The new MRZ correction option provides a crucial fallback for users experiencing automatic scanning issues. Making it available on both platforms ensures consistent functionality.

---

84-87: LGTM: Proper state management integration.

The integration with the user store for passport data fields follows good React patterns and centralizes state management appropriately.

---

94-104: LGTM: Clean input handlers.

The input change handlers are straightforward and properly update the centralized state.

app/src/layouts/SimpleScrolledTitleLayout.tsx (3)

5-5: Good addition of SecondaryButton import.

The import is correctly added and will be used in the conditional rendering below.

---

14-16: Well-designed optional props interface.

The interface extension with optional secondaryButtonText and onSecondaryButtonPress props maintains backward compatibility while enabling new functionality.

---

37-41: Proper conditional rendering implementation.

The conditional rendering correctly checks for both props before rendering the SecondaryButton, and the positioning with mb="$2" provides appropriate spacing above the dismiss button.

contracts/contracts/tests/testGenericFormatter.sol (2)

1-3: Correct import statements.

The imports for GenericFormatter and SelfStructs are properly structured and necessary for the test functions.

---

4-34: Well-structured test wrapper functions.

Each test function properly wraps the corresponding GenericFormatter library function with:

• Consistent naming convention using "test" prefix
• Appropriate public pure visibility for testing
• Correct parameter types and return values
• Simple pass-through implementation

This follows good practices for exposing library functions for testing.

contracts/scripts/dev.sh (3)

1-6: Good bash script setup.

The shebang, error handling with set -e, and clear comments establish good practices for the development script.

---

8-30: Excellent color-coded output functions.

The color constants and print functions provide clear, user-friendly feedback with appropriate color coding for different message types.

---

119-127: Robust directory navigation logic.

The script correctly handles execution from both the contracts directory and contracts/scripts directory, with appropriate error handling when hardhat.config.ts is not found.

app/src/screens/passport/PassportNFCScanScreen.tsx (5)

6-11: Good import consolidation and additions.

The import statements are well-organized, and the addition of CircleHelp icon and UI components (Button, XStack) supports the new help functionality.

Also applies to: 23-23

---

80-93: Excellent consolidated error handling approach.

The openErrorModal callback provides a consistent user experience by showing an error modal with both dismiss and help options, improving user assistance.

---

310-324: Great UI improvement with help button integration.

The XStack layout with the help button provides easy access to troubleshooting while maintaining good visual balance. The CircleHelp icon is appropriately styled and accessible.

---

221-221: ```shell
#!/usr/bin/env bash

Locate and inspect PassportNFCScanScreen.tsx for detailed error-handling logic

file=$(fd PassportNFCScanScreen.tsx)
echo "Inspecting file: $file"

Show context around openErrorModal calls

rg -n "openErrorModal" "$file" -C 5

Show all catch blocks to see how errors are handled

rg -n "catch" "$file" -C 5

Look for any type checks or property checks on the error object

rg -n "instanceof" "$file" -C 5
rg -n "error.code" "$file" -C 5

---

`73-78`: ```shell
#!/bin/bash
# Search for all Gesture.Tap() usages across TS/TSX files
rg "Gesture\.Tap" -g '*.ts' -g '*.tsx' -A5 -B5

# Find any .numberOfTaps(5) occurrences
rg "numberOfTaps\(5\)" -g '*.ts' -g '*.tsx' -A5 -B5

# Look for any .numberOfTouches(2) in case some screens still use the old two-finger 5-tap
rg "numberOfTouches\(2\)" -g '*.ts' -g '*.tsx' -A5 -B5

contracts/contracts/libraries/GenericFormatter.sol (6)

1-4: Proper license and imports.

The SPDX license identifier, pragma version, and SelfStructs import are correctly specified.

---

6-9: Well-defined struct for generic verification.

The GenericVerificationStruct appropriately combines an attestation ID with verification configuration bytes, providing a clean interface for the library functions.

---

17-27: Correct V1 to V2 config conversion.

The fromV1Config function properly maps all fields from V1 to V2 configuration struct, maintaining data integrity during the conversion.

---

34-38: Safe bytes to struct decoding.

The verificationConfigFromBytes function uses abi.decode appropriately to convert bytes to V2 configuration struct.

---

45-50: Consistent formatting functions.

Both formatV1Config and formatV2Config functions follow a consistent pattern:

• V1 version converts to V2 then encodes
• V2 version directly encodes
• Both return properly encoded bytes

This ensures all configurations are stored in the latest format.

Also applies to: 57-61

---

68-72: Proper generic output formatting.

The toV2Struct function correctly encodes the GenericDiscloseOutputV2 struct to bytes using abi.encode.

contracts/scripts/test.sh (1)

1-186: Excellent bash script structure with comprehensive test coverage.

The script is well-implemented with proper error handling, colored output, comprehensive help documentation, and robust directory navigation. The categorization of tests (V2 individual/groups, legacy, utilities) provides clear organization for different testing scenarios.

Minor suggestions for enhanced robustness:

+# Validate required tools exist
+command -v npx >/dev/null 2>&1 || { print_error "npx is required but not installed. Aborting."; exit 1; }
+command -v hardhat >/dev/null 2>&1 || command -v npx hardhat >/dev/null 2>&1 || { print_error "Hardhat is required but not installed. Aborting."; exit 1; }

Consider adding validation for required dependencies before test execution.

contracts/test/utils/types.ts (4)

9-31: Well-structured type imports for V2 system.

The addition of V2 contract imports and ID card-specific verifiers properly extends the type system to support the new verification architecture.

---

43-51: Consistent environment-based type selection.

The conditional type aliases for ID card verifiers follow the same pattern as existing verifiers, maintaining consistency across the type system.

---

68-87: Comprehensive V2 deployment interface.

The DeployedActorsV2 interface thoroughly represents all components of the V2 system including hub implementations, registries, verifiers, and test contracts.

---

93-97: Proper type exports for new contracts.

The export of new contract types maintains consistency with the existing pattern and supports proper type checking throughout the codebase.

contracts/test/v2/hubOther.test.ts (5)

1-34: Excellent test suite setup with proper isolation.

The test setup uses deployment fixtures, snapshot isolation, and proper before/after hooks to ensure clean test execution.

---

35-73: Comprehensive batch update function testing.

The tests properly validate both error conditions (length mismatch) and success cases for batch update functions, ensuring the hub correctly handles array parameter validation.

---

75-88: Proper access control validation.

The access control tests verify that only owners can call restricted functions, which is critical for security.

---

90-138: Thorough view function testing with error cases.

The view function tests cover both success scenarios and proper error handling for invalid attestation IDs, ensuring robust error reporting.

---

140-185: Comprehensive Verification Config V2 testing.

The verification config tests validate setting, retrieval, existence checks, and event emissions, ensuring the new config management functionality works correctly.

contracts/test/unit/GenericFormatter.test.ts (4)

1-35: Thorough V1 to V2 config conversion testing.

The test properly validates that all fields are correctly converted from V1 to V2 configuration format, ensuring backward compatibility.

---

37-74: Comprehensive byte encoding/decoding validation.

The test verifies that config structures can be properly encoded to bytes and decoded back with all field values preserved.

---

76-99: Proper V1 config byte formatting test.

The test ensures V1 configs are correctly formatted to the latest byte representation, maintaining compatibility across versions.

---

101-124: Correct V2 config byte formatting validation.

The test confirms V2 configs are properly serialized to bytes with all field values preserved.

contracts/test/unit/CustomVerifier.test.ts (6)

10-26: Proper test contract deployment with library linking.

The deployment correctly links the CustomVerifier library to the test contract, enabling proper testing of the library functionality.

---

28-61: Comprehensive passport verification with all checks disabled.

The test properly validates the basic verification flow when all security checks are disabled, establishing a baseline for functionality.

---

62-106: Thorough OFAC validation testing.

The tests properly validate both OFAC check failures and successful OFAC result returns, ensuring the security mechanism works correctly.

---

108-193: Comprehensive age and country validation testing.

The tests cover forbidden countries checks and age validation scenarios, including both enabled/disabled states and valid/invalid conditions.

---

195-380: Thorough ID card verification testing.

The ID card verification tests mirror the passport tests with appropriate test data, ensuring both document types are properly validated.

---

381-411: Proper invalid attestation ID error handling.

The test correctly validates that invalid attestation IDs trigger the expected custom error, ensuring robust error handling.

contracts/test/v2/registerId.test.ts (1)

1-267: Excellent test coverage for ID registration flows!

The test suite provides comprehensive coverage for both DSC key commitment and identity commitment registration, including all relevant error scenarios. The use of snapshots for test isolation and the clear organization with describe blocks demonstrates good testing practices.

contracts/test/v2/registerPassport.test.ts (1)

1-269: Well-structured passport registration tests!

The test suite properly adapts the ID card registration tests for passport attestations, maintaining the same high standards of test coverage and organization.

contracts/contracts/verifiers/disclose/Verifier_vc_and_disclose_id.sol (1)

1-308: Standard auto-generated zk-SNARK verifier.

This snarkJS-generated verifier contract follows the expected pattern for Groth16 proof verification with appropriate gas optimizations.

contracts/contracts/interfaces/ISelfVerificationRoot.sol (1)

4-73: Well-structured interface with comprehensive documentation

The interface is properly designed with clear data structures and well-documented functions. The GenericDiscloseOutputV2 struct provides a comprehensive representation of verified identity data.

contracts/package.json (2)

18-53: Consistent migration to yarn commands

All scripts have been properly updated to use yarn hardhat instead of npx hardhat, ensuring consistency across the build system.

---

113-113: Package manager specification added

Good practice to explicitly specify the yarn version for consistent dependency management across environments.

contracts/contracts/tests/TestSelfVerificationRoot.sol (1)

8-89: Well-designed test contract implementation

The test contract provides excellent coverage for testing the verification lifecycle:

• Proper state tracking with verificationSuccessful, lastOutput, and lastUserData
• Event emission for verification completion
• Helper functions for state reset and scope modification
• Access control testing capability

This implementation will effectively support the comprehensive V2 verification flow tests.

contracts/test/utils/generateProof.ts (3)

90-139: LGTM! Well-structured ID card registration proof generation.

The function properly handles circuit selection based on the passport data type and follows the same pattern as the existing generateRegisterProof function.

---

303-408: LGTM! Comprehensive ID card disclosure proof generation.

The function correctly handles ID card-specific requirements including the 90-element selector and proper document type configuration.

---

420-428: Good enhancement for Solidity compatibility.

The conversion of hex strings to decimal strings ensures proper format when passing public signals to Solidity contracts.

contracts/contracts/libraries/CircuitAttributeHandlerV2.sol (3)

243-268: Excellent refactoring of compareOfac logic.

The use of boolean variables with descriptive names and clear default values improves code readability and maintainability.

---

323-325: Good backward compatibility handling.

The legacy function properly converts the boolean result to uint256, ensuring existing code continues to work.

---

199-232: ```shell
#!/bin/bash

Display the full GenericDiscloseOutputV2 struct to verify the ofac field type

sed -n '70,140p' contracts/contracts/libraries/SelfStructs.sol

</details>
<details>
<summary>contracts/contracts/libraries/CustomVerifier.sol (1)</summary>

`43-132`: **Well-implemented passport verification logic.**

The function properly validates all verification criteria and constructs a comprehensive output structure with proper error handling.

</details>
<details>
<summary>contracts/contracts/abstract/SelfVerificationRoot.sol (3)</summary>

`138-151`: **Proper security implementation for the callback function.**

The `onVerificationSuccess` function correctly validates that only the authorized hub contract can invoke it, preventing unauthorized callbacks.

---

`86-128`: **Well-structured proof verification with clear data format handling.**

The function properly validates input lengths and constructs the verification input according to the documented format. The use of assembly for attestationId extraction is efficient.

---

`153-166`: **Excellent extensibility pattern with the virtual hook.**

The `customVerificationHook` provides a clean extension point for derived contracts while maintaining separation of concerns.

</details>
<details>
<summary>contracts/contracts/interfaces/IIdentityVerificationHubV2.sol (1)</summary>

`115-181`: **Well-designed interface with comprehensive state query capabilities.**

The new view functions provide excellent visibility into the contract state with clear naming and proper documentation.

</details>
<details>
<summary>contracts/contracts/IdentityVerificationHubImplV2.sol (5)</summary>

`180-195`: **LGTM! Clean initialization implementation.**

The initialization function properly sets up the V2 hub with circuit version 2 and emits the appropriate event.

---

`747-749`: **Consider timezone implications in date validation.**

The `_getStartOfDayTimestamp` function assumes UTC timezone. Ensure this aligns with how dates are encoded in the proofs.

The current date validation allows a 2-day window (previous day to next day). Verify that this tolerance is intentional and documented, as it could allow proofs generated with future dates.


Also applies to: 810-814

---

`503-641`: **Well-structured modular design with good separation of concerns.**

The internal functions demonstrate excellent modularity with clear responsibilities:
- Proper use of `memory` and `calldata` for gas optimization  
- Clear separation between validation logic and output formatting
- Good error handling and input validation

The helper functions for decoding inputs and formatting outputs maintain consistency across different attestation types.



Also applies to: 837-1008

---

`36-37`: **Verify the ERC-7201 storage location constants are correctly calculated.**

The storage location constants should follow the ERC-7201 pattern exactly. Please verify these hardcoded values match the expected calculation.

```shell
#!/bin/bash
# Description: Verify ERC-7201 storage location constants are correctly calculated

# Create a Python script to verify the storage location calculations
cat << 'EOF' > verify_storage_locations.py
from web3 import Web3

def calculate_storage_location(namespace):
    # Calculate keccak256(namespace)
    namespace_hash = Web3.keccak(text=namespace)
    
    # Convert to int and subtract 1
    namespace_int = int.from_bytes(namespace_hash, 'big') - 1
    
    # Encode as bytes32
    encoded = Web3.keccak(namespace_int.to_bytes(32, 'big'))
    
    # Apply mask ~uint256(0xff) = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00
    mask = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00
    result = int.from_bytes(encoded, 'big') & mask
    
    return f"0x{result:064x}"

# Verify the first storage location
namespace1 = "self.storage.IdentityVerificationHub"
expected1 = "0x2ade7eace21710c689ddef374add52ace9783e33bac626e58e73a9d190173d00"
calculated1 = calculate_storage_location(namespace1)

print(f"Namespace: {namespace1}")
print(f"Expected:   {expected1}")
print(f"Calculated: {calculated1}")
print(f"Match: {expected1.lower() == calculated1.lower()}\n")

# Verify the second storage location
namespace2 = "self.storage.IdentityVerificationHubV2"
expected2 = "0xf9b5980dcec1a8b0609576a1f453bb2cad4732a0ea02bb89154d44b14a306c00"
calculated2 = calculate_storage_location(namespace2)

print(f"Namespace: {namespace2}")
print(f"Expected:   {expected2}")
print(f"Calculated: {calculated2}")
print(f"Match: {expected2.lower() == calculated2.lower()}")
EOF

# Install web3 if needed and run the verification
pip install web3 > /dev/null 2>&1
python verify_storage_locations.py

Also applies to: 40-41

---

1028-1030: ```shell
#!/bin/bash

Check for RIPEMD160 references in passport custom hashers

echo "=== Ripemd references in customHashers.circom ==="
rg -n "ripemd" -g "circuits/circuits/utils/passport/customHashers.circom"

echo -e "\n=== customHashers.circom (first 200 lines) ==="
sed -n '1,200p' circuits/circuits/utils/passport/customHashers.circom

</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

🛠️ Refactor suggestion

Consider simplifying the test formatting logic.

The test now uses complex formatting logic that concatenates every 3 consecutive elements from the TypeScript result. This approach has potential issues:

1. The logic assumes the array length is always divisible by 3
2. It's tightly coupled to the TypeScript implementation's output format
3. The formatting logic is hard to understand and maintain

Consider either:

• Moving this formatting logic into a helper function with clear documentation
• Adjusting the TypeScript implementation to return pre-formatted results
• Adding validation to ensure the array length is divisible by 3

-      let formattedTsResult = tsResult
-        .map((item: string, index: number) => {
-          if (index % 3 === 0) {
-            return item + tsResult[index + 1] + tsResult[index + 2];
-          }
-          return undefined;
-        })
-        .filter(Boolean);
+      // Helper function for clarity
+      function formatTsResult(result: string[]): string[] {
+        if (result.length % 3 !== 0) {
+          throw new Error('Array length must be divisible by 3');
+        }
+        const formatted: string[] = [];
+        for (let i = 0; i < result.length; i += 3) {
+          formatted.push(result[i] + result[i + 1] + result[i + 2]);
+        }
+        return formatted;
+      }
+      
+      let formattedTsResult = formatTsResult(tsResult);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	const input1 = "0x414754414154414149414f4741444e414d5341415a44424c41414c41474641";
	const input2 = "0x4542524c42425242444742524842534842455a415355415742414d52414752";
	const input3 = "0x4e41434d484b5650434e52424c4f424e5442554d424e45425a4c42554d424c";
	const input4 = "0x4853454d4559424d5a45575a5455564b4e445453454e4843564943";
	const contractResult = await testFormatter.testExtractForbiddenCountriesFromPacked([
	input1,
	input2,
	input3,
	input4,
	]);
	const tsResult: string[] = Formatter.extractForbiddenCountriesFromPacked([input1, input2, input3, input4], "id");
	let formattedTsResult = tsResult
	.map((item: string, index: number) => {
	if (index % 3 === 0) {
	return item + tsResult[index + 1] + tsResult[index + 2];
	}
	return undefined;
	})
	.filter(Boolean);
	expect(contractResult).to.deep.equal(formattedTsResult);
	const input1 = "0x414754414154414149414f4741444e414d5341415a44424c41414c41474641";
	const input2 = "0x4542524c42425242444742524842534842455a415355415742414d52414752";
	const input3 = "0x4e41434d484b5650434e52424c4f424e5442554d424e45425a4c42554d424c";
	const input4 = "0x4853454d4559424d5a45575a5455564b4e445453454e4843564943";
	const contractResult = await testFormatter.testExtractForbiddenCountriesFromPacked([
	input1,
	input2,
	input3,
	input4,
	]);
	const tsResult: string[] = Formatter.extractForbiddenCountriesFromPacked([input1, input2, input3, input4], "id");
	// Helper function for clarity
	function formatTsResult(result: string[]): string[] {
	if (result.length % 3 !== 0) {
	throw new Error('Array length must be divisible by 3');
	}
	const formatted: string[] = [];
	for (let i = 0; i < result.length; i += 3) {
	formatted.push(result[i] + result[i + 1] + result[i + 2]);
	}
	return formatted;
	}
	let formattedTsResult = formatTsResult(tsResult);
	expect(contractResult).to.deep.equal(formattedTsResult);

🤖 Prompt for AI Agents

In contracts/test/unit/formatter.test.ts around lines 153 to 172, the test
formatting logic concatenates every 3 consecutive elements from the TypeScript
result array, which is complex, assumes the array length is divisible by 3, and
is hard to maintain. Refactor this by extracting the formatting logic into a
well-documented helper function to improve clarity and reusability, or modify
the TypeScript implementation to return already formatted results. Additionally,
add validation to check that the array length is divisible by 3 before
processing to prevent potential runtime errors.

[coderabbitai]

🛠️ Refactor suggestion

Consider removing commented code or use proper deprecation.

The entire contract has been commented out, which suggests it's being deprecated. Consider these alternatives:

1. Remove the file entirely if it's no longer needed
2. Add deprecation documentation explaining why it was removed and what replaces it
3. Move to a separate deprecated folder if you need to keep it for reference

Keeping large amounts of commented code can:

• Confuse future developers about what's active
• Increase repository size unnecessarily
• Make code reviews more difficult

If this contract is replaced by the new verification system mentioned in the AI summary, consider adding a README or migration guide explaining the transition.

🤖 Prompt for AI Agents

In contracts/contracts/example/SelfPassportERC721.sol from lines 1 to 219, the
entire contract code is commented out, which can confuse developers and clutter
the repository. To fix this, either delete the file if it is no longer needed,
or move it to a dedicated deprecated folder with a clear README or migration
guide explaining why it was deprecated and what replaces it. Avoid keeping large
blocks of commented code in active directories.

[coderabbitai]

🛠️ Refactor suggestion

Add input validation for date fields.

The MRZ correction form lacks validation for the date fields. Consider adding:

1. Format validation: Ensure YYMMDD format is followed
2. Range validation: Verify realistic date ranges
3. Visual feedback: Show format hints or validation errors

<BodyText>Birth Date (YYMMDD)</BodyText>
<Input
  placeholder="YYMMDD"
  value={dateOfBirth}
  onChangeText={onDateOfBirthChange}
  keyboardType="numeric"
  maxLength={6}
+ autoCorrect={false}
+ autoCapitalize="none"
/>
+{dateOfBirth && !/^\d{6}$/.test(dateOfBirth) && (
+  <Description color="red">
+    Please enter date in YYMMDD format
+  </Description>
+)}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{method.key === 'mrzCorrection' &&
	selectedMethod === 'mrzCorrection' && (
	<YStack marginTop={12} gap={8}>
	<Input
	placeholder="Enter Passport/ID Number"
	value={passportNumber}
	onChangeText={onPassportNumberChange}
	/>
	<BodyText>Birth Date (YYMMDD)</BodyText>
	<Input
	placeholder="YYMMDD"
	value={dateOfBirth}
	onChangeText={onDateOfBirthChange}
	keyboardType="numeric"
	maxLength={6}
	/>
	<BodyText>Date of Expiry (YYMMDD)</BodyText>
	<Input
	placeholder="YYMMDD"
	value={dateOfExpiry}
	onChangeText={onDateOfExpiryChange}
	keyboardType="numeric"
	maxLength={6}
	/>
	</YStack>
	)}
	{method.key === 'mrzCorrection' &&
	selectedMethod === 'mrzCorrection' && (
	<YStack marginTop={12} gap={8}>
	<Input
	placeholder="Enter Passport/ID Number"
	value={passportNumber}
	onChangeText={onPassportNumberChange}
	/>
	<BodyText>Birth Date (YYMMDD)</BodyText>
	<Input
	placeholder="YYMMDD"
	value={dateOfBirth}
	onChangeText={onDateOfBirthChange}
	keyboardType="numeric"
	maxLength={6}
	autoCorrect={false}
	autoCapitalize="none"
	/>
	{dateOfBirth && !/^\d{6}$/.test(dateOfBirth) && (
	<Description color="red">
	Please enter date in YYMMDD format
	</Description>
	)}
	<BodyText>Date of Expiry (YYMMDD)</BodyText>
	<Input
	placeholder="YYMMDD"
	value={dateOfExpiry}
	onChangeText={onDateOfExpiryChange}
	keyboardType="numeric"
	maxLength={6}
	/>
	</YStack>
	)}

🤖 Prompt for AI Agents

In app/src/screens/passport/NFCMethodSelectionScreen.tsx between lines 163 and
190, the date input fields for birth date and date of expiry lack validation.
Add input validation to ensure the dates follow the YYMMDD format using regex or
date parsing, check that the dates fall within realistic ranges (e.g., valid
months and days, not future birth dates), and provide visual feedback such as
error messages or input border color changes when validation fails. Also
consider adding format hints near the inputs to guide users.

[coderabbitai]

🛠️ Refactor suggestion

Address static analysis warning about exports in test files.

The AttestationId constant is exported from a test file, which violates testing best practices.

Move the AttestationId constants to a shared constants file or make them internal to the test:

-export const AttestationId = {
+const AttestationId = {
   E_PASSPORT: "0x0000000000000000000000000000000000000000000000000000000000000001",
   EU_ID_CARD: "0x0000000000000000000000000000000000000000000000000000000000000002",
 } as const;

Alternatively, move these to a shared constants file if they need to be reused across multiple test files.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export const AttestationId = {
	E_PASSPORT: "0x0000000000000000000000000000000000000000000000000000000000000001",
	EU_ID_CARD: "0x0000000000000000000000000000000000000000000000000000000000000002",
	} as const;
	const AttestationId = {
	E_PASSPORT: "0x0000000000000000000000000000000000000000000000000000000000000001",
	EU_ID_CARD: "0x0000000000000000000000000000000000000000000000000000000000000002",
	} as const;

🧰 Tools

🪛 Biome (1.9.4)

[error] 4-8: Do not export from a test file.

(lint/suspicious/noExportsInTest)

🤖 Prompt for AI Agents

In contracts/test/unit/CustomVerifier.test.ts around lines 5 to 8, the
AttestationId constant is exported from a test file, which is against best
practices. To fix this, either move the AttestationId object to a shared
constants file if it needs to be reused across multiple test files, or make it
internal to this test file by removing the export keyword so it is not exposed
outside the test scope.

[coderabbitai]

⚠️ Potential issue

Fix inconsistent field assignment in return object

The registerId field is assigned a VerifierId constant instead of the register ID verifier contract, which is inconsistent with other verifier fields.

-    registerId: RegisterVerifierId.register_sha256_sha256_sha256_rsa_65537_4096,
+    registerId: registerIdVerifier,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	registerId: RegisterVerifierId.register_sha256_sha256_sha256_rsa_65537_4096,
	registerId: registerIdVerifier,

🤖 Prompt for AI Agents

In contracts/test/utils/deploymentV2.ts at line 229, the registerId field is
incorrectly assigned a VerifierId constant instead of the actual register ID
verifier contract. Replace the assignment with the correct register ID verifier
contract reference to maintain consistency with other verifier fields in the
return object.

[coderabbitai]

⚠️ Potential issue

Remove duplicate import statement.

CircuitAttributeHandlerV2 is imported twice (lines 3 and 6).

 import {CircuitAttributeHandlerV2} from "./CircuitAttributeHandlerV2.sol";
 import {AttestationId} from "../constants/AttestationId.sol";
 import {SelfStructs} from "./SelfStructs.sol";
-import {CircuitAttributeHandlerV2} from "./CircuitAttributeHandlerV2.sol";
 import {Formatter} from "./Formatter.sol";

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	import {CircuitAttributeHandlerV2} from "./CircuitAttributeHandlerV2.sol";
	import {AttestationId} from "../constants/AttestationId.sol";
	import {SelfStructs} from "./SelfStructs.sol";
	import {CircuitAttributeHandlerV2} from "./CircuitAttributeHandlerV2.sol";
	import {CircuitAttributeHandlerV2} from "./CircuitAttributeHandlerV2.sol";
	import {AttestationId} from "../constants/AttestationId.sol";
	import {SelfStructs} from "./SelfStructs.sol";
	import {Formatter} from "./Formatter.sol";

🤖 Prompt for AI Agents

In contracts/contracts/libraries/CustomVerifier.sol between lines 3 and 6, there
is a duplicate import of CircuitAttributeHandlerV2 on lines 3 and 6. Remove the
second import statement on line 6 to eliminate redundancy.

[coderabbitai]

⚠️ Potential issue

Use custom error instead of string revert for consistency.

The contract uses custom errors throughout but reverts with a string here, which is inconsistent with the standardized error handling approach.

-            revert("Registry not set for attestation ID");
+            revert InvalidAttestationId();

Or create a more specific error:

+    error RegistryNotSet(bytes32 attestationId);
     
     // In the function:
-            revert("Registry not set for attestation ID");
+            revert RegistryNotSet(attestationId);

🤖 Prompt for AI Agents

In contracts/contracts/IdentityVerificationHubImplV2.sol at line 781, replace
the string revert with a custom error to maintain consistency with the
contract's error handling style. Define a new custom error for "Registry not set
for attestation ID" if it does not exist, and use that error in the revert
statement instead of the string message.

[transphorm]

@coderabbtai review

[transphorm]

upgrade gesture handler to be compatible with our version of react native. older version was causing ios builds to break

[transphorm]

@seshanthS for rn gesture handler, it recommends we don't go past 2.24.0 since we are on 0.75.4 rn

[transphorm]

fix source so that fotoapparat can compile successfully.

build is currently broken on jitpack:
https://jitpack.io/#RedApparat/Fotoapparat

[transphorm]

optimize android build settings