merge dev to main

.coderabbit.yaml

@@ -0,0 +1,64 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+
+language: "en-US"
+tone_instructions: |
+  You are an expert code reviewer for a React Native/TypeScript mobile application with smart contract integration.
+  Focus on security, performance, and best practices. Be thorough but constructive in your feedback.
+
+reviews:
+  profile: "chill"
+  request_changes_workflow: false
+  high_level_summary: true
+  poem: true
+  review_status: true
+  auto_review:
+    enabled: true
+    drafts: false
+    base_branches: ["main", "dev"]
+  path_instructions:
+    - path: "app/src/**/*.{ts,tsx,js,jsx}"
+      instructions: |
+        Review React Native TypeScript code for:
+        - Component architecture and reusability
+        - State management patterns
+        - Performance optimizations
+        - TypeScript type safety
+        - React hooks usage and dependencies
+        - Navigation patterns
+    - path: "contracts/**/*.sol"
+      instructions: |
+        Review Solidity smart contracts for:
+        - Security vulnerabilities (reentrancy, overflow, etc.)
+        - Gas optimization opportunities
+        - Access control patterns
+        - Event emission for important state changes
+        - Code documentation and NatSpec comments
+    - path: "circuits/**/*.circom"
+      instructions: |
+        Review ZK circuit code for:
+        - Circuit correctness and completeness
+        - Constraint efficiency
+        - Input validation
+        - Security considerations for zero-knowledge proofs
+    - path: "**/*.{test,spec}.{ts,js,tsx,jsx}"
+      instructions: |
+        Review test files for:
+        - Test coverage completeness
+        - Test case quality and edge cases
+        - Mock usage appropriateness
+        - Test readability and maintainability
+    - path: "app/android/**/*"
+      instructions: |
+        Review Android-specific code for:
+        - Platform-specific implementations
+        - Performance considerations
+        - Security best practices for mobile
+    - path: "app/ios/**/*"
+      instructions: |
+        Review iOS-specific code for:
+        - Platform-specific implementations
+        - Performance considerations
+        - Security best practices for mobile
+
+chat:
+  auto_reply: true

.github/workflows/block-non-dev-to-main.yml

@@ -0,0 +1,16 @@
+name: Block non-dev PRs to main
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  check-source:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Block PRs not from dev
+        run: |
+          if [[ "${{ github.head_ref }}" != "dev" ]]; then
+            echo "You can only merge from dev to main."
+            exit 1
+          fi

.github/workflows/npm-publish.yml

@@ -3,11 +3,12 @@ name: Publish to npm
 on:
   push:
     branches:
-      - main
+      - dev
     paths:
       - 'sdk/core/package.json'
       - 'sdk/qrcode/package.json'
       - 'common/package.json'
+  workflow_dispatch:
 
 jobs:
   detect-changes:
@@ -46,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
+      
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
@@ -55,6 +56,10 @@ jobs:
 
       - name: Install Dependencies
         uses: ./.github/actions/yarn-install
+
+      - run: |
+          yarn config set npmScopes.selfxyz.npmAuthToken ${{ secrets.NPM_AUTH_TOKEN }}
+          yarn config set npmPublishAccess public
 
       - name: Build package
         run: |
@@ -66,6 +71,7 @@ jobs:
           yarn npm publish --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   publish-qrcode:
     needs: detect-changes
@@ -85,14 +91,15 @@ jobs:
 
       - name: Build package
         run: |
-          yarn workspace @sdk/qrcode build:deps
+          yarn workspace @selfxyz/qrcode build:deps
 
       - name: Publish to npm
         working-directory: sdk/qrcode
         run: |
           yarn npm publish --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   publish-common:
     needs: detect-changes
@@ -119,3 +126,4 @@ jobs:
           yarn npm publish --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

LICENSE

@@ -1,21 +1,4 @@
-MIT License
+This repository contains multiple packages, each with its own LICENSE file.
+Refer to the LICENSE file in each package directory for the terms that govern
+that package.
 
-Copyright (c) 2023 Proof of Passport
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

app/App.tsx

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 import 'react-native-get-random-values';
 
 import { Buffer } from 'buffer';

app/LICENSE

@@ -0,0 +1,35 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: Social Connect Labs, Inc.
+
+Licensed Work: The code in this folder and all folders nested within it, including all files and components unless explicitly stated otherwise.
+
+Additional Use Grant: Any use for development, testing, and deployment on networks approved by Social Connect Labs, Inc., including internal business operations and academic research.
+
+Change Date: 2029-06-11
+
+Change License: Apache License, Version 2.0
+
+================================================================
+
+Business Source License 1.1
+
+Copyright (C) 2025 Social Connect Labs, Inc.
+
+The contents of this repository are licensed under the Business Source License 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:
+
+https://spdx.org/licenses/BUSL-1.1.html
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+
+Change Date
+
+The Change Date is the later of four years from the date this repository was published or 2029-06-11.
+
+Change License
+
+On the Change Date, the contents of this repository will be made available under the terms of the Apache License, Version 2.0, as published by the Apache Software Foundation.
+
+See the License for the specific language governing permissions and limitations under the Business Source License.

app/android/android-passport-reader/app/build.gradle

@@ -74,7 +74,7 @@ dependencies {
     implementation 'commons-codec:commons-codec:1.13'
 
     //Camera
-    implementation "com.github.RedApparat:Fotoapparat:2.7.0"
+    implementation "com.github.fotoapparat:fotoapparat:2.7.0"
 
     implementation 'androidx.multidex:multidex:2.0.1'
 
@@ -98,5 +98,3 @@ dependencies {
     implementation 'com.squareup.retrofit2:converter-gson:2.9.0'
     implementation 'com.squareup.retrofit2:adapter-rxjava2:2.9.0'
 }
-
-

app/android/app/build.gradle

@@ -86,8 +86,8 @@ android {
         applicationId "com.proofofpassportapp"
         minSdkVersion rootProject.ext.minSdkVersion
         targetSdkVersion rootProject.ext.targetSdkVersion
-        versionCode 69
-        versionName "2.5.3"
+        versionCode 73
+        versionName "2.5.4"
         externalNativeBuild {
             cmake {
                 cppFlags += "-fexceptions -frtti -std=c++11"
@@ -160,7 +160,7 @@ dependencies {
     implementation 'com.google.android.gms:play-services-mlkit-text-recognition-common:19.1.0'
     implementation 'io.reactivex.rxjava2:rxandroid:2.1.1'
     implementation 'io.reactivex.rxjava2:rxjava:2.2.21'
-    implementation "com.github.RedApparat:Fotoapparat:2.7.0"
+    implementation "com.github.fotoapparat:fotoapparat:2.7.0"
 
     implementation "androidx.concurrent:concurrent-futures:1.1.0"
     implementation "com.google.guava:guava:31.1-android"

app/android/app/src/main/java/com/proofofpassportapp/BackupModule.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp
 
 import android.app.backup.BackupManager
@@ -22,4 +24,4 @@ class BackupModule(reactContext: ReactApplicationContext): ReactContextBaseJavaM
         // https://developer.android.com/identity/data/keyvaluebackup#RequestingRestore
         promise.resolve(null)
     }
-}
+}

app/android/app/src/main/java/com/proofofpassportapp/BackupPackage.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp
 
 import com.facebook.react.ReactPackage
@@ -16,4 +18,4 @@ class BackupPackage : ReactPackage {
         )
     }
 
-}
+}

app/android/app/src/main/java/com/proofofpassportapp/CameraActivityPackage.java

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp;
 
 import static com.google.android.gms.common.util.CollectionUtils.listOf;

app/android/app/src/main/java/com/proofofpassportapp/MainActivity.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp
 
 import android.content.Intent

app/android/app/src/main/java/com/proofofpassportapp/MainApplication.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp
 
 import android.app.Application

app/android/app/src/main/java/com/proofofpassportapp/QRCodeScannerModule.java

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp;
 
 import android.app.Activity;
@@ -90,4 +92,4 @@ public void onRequestPermissionsResult(int requestCode, String[] permissions, in
             }
         }
     }
-}
+}

app/android/app/src/main/java/com/proofofpassportapp/QRCodeScannerPackage.java

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp;
 
 import com.facebook.react.ReactPackage;

app/android/app/src/main/java/com/proofofpassportapp/ui/CameraMLKitFragment.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 /*
  * Copyright 2017 The Android Open Source Project
  *

app/android/app/src/main/java/com/proofofpassportapp/ui/PassportOCRViewManager.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp.ui
 
 import android.view.Choreographer

app/android/app/src/main/java/com/proofofpassportapp/ui/QRCodeScannerViewManager.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 package com.proofofpassportapp.ui
 
 import android.view.Choreographer

app/android/app/src/main/java/com/proofofpassportapp/ui/QrCodeScannerFragment.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 /*
  * Copyright 2017 The Android Open Source Project
  *

app/android/app/src/main/java/com/proofofpassportapp/utils/QrCodeDetectorProcessor.kt

@@ -1,3 +1,5 @@
+// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+
 // Copyright 2018 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");

app/android/build.gradle

@@ -36,22 +36,19 @@ allprojects {
     repositories {
         google()
         mavenCentral()
+        jcenter()
         maven {
             url("$rootDir/../../node_modules/react-native/android")
         }
         maven {
             url("$rootDir/../../node_modules/jsc-android/dist")
         }
         maven { url 'https://jitpack.io' }
-        jcenter()
-        maven {
-            url 'https://google.bintray.com/google-services'
-        }
     }
     configurations.configureEach {
         resolutionStrategy.dependencySubstitution {
             substitute(platform(module('com.gemalto.jp2:jp2-android'))) using module('com.github.Tgo1014:JP2ForAndroid:1.0.4')
-            substitute module('io.fotoapparat:fotoapparat') using module('com.github.RedApparat:Fotoapparat:2.7.0')
+            substitute module('io.fotoapparat:fotoapparat') using module('com.github.fotoapparat:fotoapparat:2.7.0')
         }
         resolutionStrategy.force 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
     }

app/android/gradle.properties

@@ -10,13 +10,13 @@
 # Specifies the JVM arguments used for the daemon process.
 # The setting is particularly useful for tweaking memory settings.
 # Default value: -Xmx512m -XX:MaxMetaspaceSize=256m
-org.gradle.jvmargs=-Xmx2048m -XX:MaxMetaspaceSize=512m
+org.gradle.jvmargs=-Xmx4096m -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 -XX:+UseParallelGC
 android.defaults.buildfeatures.buildconfig=true
 
 # When configured, Gradle will run in incubating parallel mode.
 # This option should only be used with decoupled projects. More details, visit
 # http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
-# org.gradle.parallel=true
+org.gradle.parallel=true
 
 # AndroidX package structure to make it clearer which packages are bundled with the
 # Android operating system, and which are packaged with your app's APK
@@ -44,3 +44,15 @@ newArchEnabled=false
 hermesEnabled=true
 
 android.jetifier.ignorelist=bcprov-jdk18on
+
+# Additional Gradle optimizations for better build performance
+org.gradle.caching=true
+org.gradle.configureondemand=true
+
+# Better dependency caching and offline support
+org.gradle.dependency.verification=off
+# Uncomment the next line when you want to work completely offline
+# org.gradle.offline=true
+
+# Suppress SDK version warnings for better build experience
+android.suppressUnsupportedCompileSdk=35