[SELF-656] feat: add proving helpers

[transphorm]

Summary

• port register proof input helper to mobile sdk
• port disclose proof input helper and parameterize ofac/commitment trees
• add unit tests for registerInputs and discloseInputs

Testing

• yarn workspace @selfxyz/mobile-sdk-alpha nice
• yarn workspace @selfxyz/mobile-sdk-alpha build
• yarn workspace @selfxyz/mobile-sdk-alpha types
• yarn workspace @selfxyz/mobile-sdk-alpha test
• yarn lint
• yarn build

Used testing-first approach guidance from mobile sdk migration rule.

---

https://chatgpt.com/codex/tasks/task_b_68a2aa9434a4832d9aa108e4232bb0de

Summary by CodeRabbit

• New Features
  • New public helpers to build proving inputs for registration and selective disclosure (supports prod/staging endpoints); disclose flow now requires OFAC and commitment-tree data at runtime.
• Chores
  • Expanded public API surface and browser exports to include the new proving helpers and related types; no breaking renames.
• Tests
  • Added unit tests covering payloads, selector construction, and environment-specific behavior.

[coderabbitai]

Caution

Review failed

The head commit changed during the review from 65385fa to ca51711.

Walkthrough

Adds two proving helpers—discloseInputs and registerInputs—to mobile-sdk-alpha and re-exports their types; moves disclose/register input generation out of the app into the SDK, updates provingMachine to call the new SDK functions, and adds unit tests validating selectors, env handling, and returned payloads.

Changes

Cohort / File(s)	Summary
SDK exports packages/mobile-sdk-alpha/src/index.ts, packages/mobile-sdk-alpha/src/browser.ts	Export new proving helpers: discloseInputs, registerInputs and types DiscloseSelfApp, OfacTrees.
Proving helpers packages/mobile-sdk-alpha/src/proving/discloseInputs.ts, packages/mobile-sdk-alpha/src/proving/registerInputs.ts	New modules: discloseInputs builds ZK circuit inputs (DG1 selectors, OFAC SMTs, user identifier hash) and returns {inputs, circuitName, endpointType, endpoint}; registerInputs builds register inputs and returns the same metadata.
App proving wiring app/src/utils/proving/provingMachine.ts, app/src/utils/proving/provingInputs.ts	Replaces internal VC/disclose/register input builders with SDK calls; removes internal disclose/register generators and related SMT/poseidon logic; adds runtime preflight checks for OFAC trees and commitment_tree in disclose flow.
Tests updated/added packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts, packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts, app/tests/utils/proving/provingMachine.generatePayload.test.ts	New unit tests for SDK helpers, and test updates in app to mock and expect registerInputs/discloseInputs; validate selector bits, age/ofac flags, env-based endpointType, and payload shapes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor App
  participant SDK as mobile-sdk-alpha
  participant Utils as @selfxyz/common/utils
  App->>SDK: registerInputs(secret, passportData, dscTree, env)
  SDK->>Utils: generateCircuitInputsRegister(...)
  Utils-->>SDK: inputs
  SDK->>Utils: getCircuitNameFromPassportData(passportData,"register")
  Utils-->>SDK: circuitName
  SDK-->>App: { inputs, circuitName, endpointType(env), endpoint("https://self.xyz") }

Loading

sequenceDiagram
  autonumber
  actor App
  participant SDK as mobile-sdk-alpha
  participant Hash as hashing utilities
  participant Trees as SMT/LeanIMT/poseidon
  participant Utils as generateCircuitInputsVCandDisclose
  App->>SDK: discloseInputs(secret, passportData, disclosuresCtx, ofacTrees, commitmentTree, env)
  SDK->>Hash: calculateUserIdentifierHash(scope, chainID, userId, userDefinedData)
  Hash-->>SDK: userIdentifierHash
  SDK->>Trees: init OFAC SMTs and commitment IMT
  Trees-->>SDK: prepared trees
  SDK->>Utils: generateCircuitInputsVCandDisclose(...selectors, trees, userIdentifierHash...)
  Utils-->>SDK: inputs
  SDK-->>App: { inputs, circuitName(by document), endpointType(env), endpoint("https://self.xyz") }

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• fix euid #685 — Threads env ('prod' | 'stg') into proving input generation calls; directly related to env handling changes here.
• Add proving machine tests #749 — Modifies provingMachine tests and input-generation wiring; closely related to the test updates replacing internal generators with SDK calls.
• Chore: mobile sdk refinements #858 — Earlier changes to mobile-sdk-alpha exports and entry modules; related at the SDK export/API level.

Suggested reviewers

• seshanthS
• hackertron
• motemotech
• remicolin

Poem

New circuits hum with careful grace,
Selectors flip to find their place.
OFAC trees and hashes weave,
Endpoints set, the proofs believe.
Register, disclose — the SDK sings.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/port-tee-helper-functions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[giga-agent]

Giga Summary

• feat: add proving helpers
• Impact: Enhances mobile SDK with new proving helpers and unit tests.
• Changes:

• Ported register proof input helper to mobile SDK.
• Ported disclose proof input helper and parameterized OFAC/commitment trees.
• Added unit tests for registerInputs and discloseInputs.
  • Focus:
• Verify the correctness and effectiveness of the new proving helpers and unit tests.

Quality Assessment

• Strong test coverage and clean implementation.
• Hardcoded endpoint URL needs configuration.
• Recommend approval with minor config change.

Quality Score: 8/10 (Threshold: 7/10)

💬 Detailed comments have been added to specific code changes.

[giga-agent]

Detailed code review comments

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

packages/mobile-sdk-alpha/src/proving/registerInputs.ts (1)

7-9: Endpoint should be env-aware and centralized (hardcoded prod URL leaks into staging)

Endpoint is always 'https://self.xyz' while endpointType toggles between prod/stg. This is inconsistent and likely breaks staging flows (e.g., scope hashing and routing). Centralize endpoint selection and derive it from env.

Apply this diff to make the endpoint env-aware:

@@
-import type { PassportData } from '@selfxyz/common/types';
+import type { PassportData } from '@selfxyz/common/types';
+import { endpointForEnv } from '../config/endpoints';
@@
-  const endpointType = env === 'stg' ? 'staging_celo' : 'celo';
-  const endpoint = 'https://self.xyz';
+  const endpointType = env === 'stg' ? 'staging_celo' : 'celo';
+  const endpoint = endpointForEnv(env);
   return { inputs, circuitName, endpointType, endpoint };

And add a small helper (new file) to avoid duplication across helpers:

// packages/mobile-sdk-alpha/src/config/endpoints.ts
export const ENDPOINTS = {
  prod: 'https://self.xyz',
  stg: 'https://staging.self.xyz',
} as const;

export type Env = keyof typeof ENDPOINTS;

export function endpointForEnv(env: Env) {
  return ENDPOINTS[env];
}

// Optional, if you want to centralize this too:
export function endpointTypeForEnv(env: Env) {
  return env === 'stg' ? 'staging_celo' : 'celo';
}

If you want, I can open a follow-up PR to refactor both proving helpers to use the same config and add tests for the staging endpoint value.

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1)

45-46: Hardcoded prod URL; make endpoint env-aware and shared across helpers

Returning a prod URL for staging will generate the wrong scope hash and can break proofs or route requests to the wrong backend.

Apply this diff to align endpoint with env:

@@
-import { LeanIMT } from '@openpassport/zk-kit-lean-imt';
+import { LeanIMT } from '@openpassport/zk-kit-lean-imt';
 import { SMT } from '@openpassport/zk-kit-smt';
+import { endpointForEnv } from '../config/endpoints';
@@
-  const endpoint = 'https://self.xyz';
+  const endpoint = endpointForEnv(env);
   const scope_hash = hashEndpointWithScope(endpoint, scope);

Optionally, you can centralize endpointType calculation similarly (via endpointTypeForEnv) to avoid duplication.

🧹 Nitpick comments (2)

packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts (1)

23-26: Clarify test for future env-aware endpoint logic
Currently registerInputs always returns endpoint 'https://self.xyz'. Once you update it to be env-aware, strengthen this test by asserting the host too:

• In packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts under the “stg” case:

it('uses staging endpoint type when env is stg', () => {
  const result = registerInputs('secret', passportData, 'tree', 'stg');
  expect(result.endpointType).toBe('staging_celo');
+ // After making endpoint env-aware:
+ expect(result.endpoint).toBe('https://staging.self.xyz');
});

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1)

84-87: Consider centralizing endpointType mapping (optional)

Minor duplication with registerInputs; extracting a helper reduces drift risk if new envs are added.

Example:

-  const circuitName = passportData.documentCategory === 'passport' ? 'vc_and_disclose' : 'vc_and_disclose_id';
-  const endpointType = env === 'stg' ? 'staging_celo' : 'celo';
+  const circuitName = passportData.documentCategory === 'passport' ? 'vc_and_disclose' : 'vc_and_disclose_id';
+  const endpointType = env === 'stg' ? 'staging_celo' : 'celo'; // or endpointTypeForEnv(env)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 691e8b1 and 92e94b3.

📒 Files selected for processing (5)

• packages/mobile-sdk-alpha/src/index.ts (2 hunks)
• packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1 hunks)
• packages/mobile-sdk-alpha/src/proving/registerInputs.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit Configuration File

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts
• packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit Configuration File

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts
• packages/mobile-sdk-alpha/src/proving/registerInputs.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/proving/discloseInputs.ts
• packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts

🧬 Code Graph Analysis (3)

packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts (1)

packages/mobile-sdk-alpha/src/proving/registerInputs.ts (1)

• registerInputs (4-10)

packages/mobile-sdk-alpha/src/proving/registerInputs.ts (1)

packages/mobile-sdk-alpha/src/index.ts (1)

• registerInputs (64-64)

packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts (1)

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1)

• discloseInputs (35-88)

🔇 Additional comments (2)

packages/mobile-sdk-alpha/src/index.ts (1)

51-52: Public API surface LGTM

Exporting discloseInputs and registerInputs here is consistent with the SDK’s entry point and keeps the API discoverable.

Also applies to: 63-65

packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts (1)

39-59: Skip staging test: implement ‘stg’ env support first

It looks like discloseInputs doesn’t currently handle the 'stg' environment (there’s no case 'stg' branch), so adding a test for staging will fail. Before covering staging in tests, first implement the staging‐endpoint logic in packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (endpointType and host for 'stg'), then add this spec.

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 5

♻️ Duplicate comments (1)

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1)

61-63: Hardcoded endpoint should be configurable (repeat finding)

Endpoint is hardcoded to https://self.xyz. This was previously flagged; consider moving this to a shared config or accepting it via function options to support non-prod/staging environments and future endpoint changes.

I can help thread an optional parameter through the API and wire it in the app if you want to support custom endpoints in tests and staging.

🧹 Nitpick comments (4)

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (3)

72-83: Gate OFAC tree imports behind the ofac selector to avoid unnecessary work

You import and hydrate all OFAC SMTs regardless of disclosures.ofac. On lower-end devices, SMT import can be non-trivial. Consider short-circuiting these imports when ofac isn’t requested to reduce CPU/memory.

-  let passportNoAndNationalitySMT: SMT | null = null;
-  const nameAndDobSMT = new SMT(poseidon2, true);
-  const nameAndYobSMT = new SMT(poseidon2, true);
-  if (document === 'passport') {
-    passportNoAndNationalitySMT = new SMT(poseidon2, true);
-    if (ofacTrees.passportNoAndNationality) {
-      passportNoAndNationalitySMT.import(ofacTrees.passportNoAndNationality);
-    }
-  }
-  nameAndDobSMT.import(ofacTrees.nameAndDob);
-  nameAndYobSMT.import(ofacTrees.nameAndYob);
+  let passportNoAndNationalitySMT: SMT | null = null;
+  let nameAndDobSMT: SMT | null = null;
+  let nameAndYobSMT: SMT | null = null;
+  if (disclosures.ofac) {
+    nameAndDobSMT = new SMT(poseidon2, true);
+    nameAndYobSMT = new SMT(poseidon2, true);
+    if (document === 'passport') {
+      passportNoAndNationalitySMT = new SMT(poseidon2, true);
+      if (ofacTrees.passportNoAndNationality) {
+        passportNoAndNationalitySMT.import(ofacTrees.passportNoAndNationality);
+      }
+    }
+    nameAndDobSMT.import(ofacTrees.nameAndDob);
+    nameAndYobSMT.import(ofacTrees.nameAndYob);
+  }

Note: ensure generateCircuitInputsVCandDisclose tolerates nulls for these when ofac is off.

---

121-133: Validate attribute mapping existence to avoid runtime errors

If disclosures contains a key not present in attributeToPosition, this will throw. Add a guard to fail fast with a clear message.

-    if (reveal) {
-      const [start, end] = attributeToPosition[attribute as keyof typeof attributeToPosition];
+    if (reveal) {
+      const pos = attributeToPosition[attribute as keyof typeof attributeToPosition];
+      if (!pos) {
+        throw new Error(`Unknown passport attribute in disclosures: ${attribute}`);
+      }
+      const [start, end] = pos;
       selector_dg1.fill('1', start, end + 1);
     }

---

138-150: Same attribute existence validation for ID cards

Mirror the guard for attributeToPosition_ID to avoid undefined access.

-    if (reveal) {
-      const [start, end] = attributeToPosition_ID[attribute as keyof typeof attributeToPosition_ID];
+    if (reveal) {
+      const pos = attributeToPosition_ID[attribute as keyof typeof attributeToPosition_ID];
+      if (!pos) {
+        throw new Error(`Unknown ID card attribute in disclosures: ${attribute}`);
+      }
+      const [start, end] = pos;
       selector_dg1.fill('1', start, end + 1);
     }

app/src/utils/proving/provingMachine.ts (1)

991-997: Propagate null checks for dsc_tree before registerInputs

In register flow, protocolStore[document].dsc_tree is passed directly. If fetch_all fails to load DSC tree, this will throw deep in the SDK. Add a guard with a clear error to improve debuggability.

-          ({ inputs, circuitName, endpointType, endpoint } = registerInputs(
+          const dscTree = protocolStore[document].dsc_tree;
+          if (!dscTree) {
+            throw new Error('DSC tree not loaded');
+          }
+          ({ inputs, circuitName, endpointType, endpoint } = registerInputs(
             secret as string,
             passportData,
-            protocolStore[document].dsc_tree,
+            dscTree,
             env,
           ));

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 92e94b3 and d4dd15a.

📒 Files selected for processing (9)

• app/src/utils/proving/provingInputs.ts (1 hunks)
• app/src/utils/proving/provingMachine.ts (4 hunks)
• app/tests/utils/proving/provingMachine.generatePayload.test.ts (6 hunks)
• packages/mobile-sdk-alpha/src/browser.ts (1 hunks)
• packages/mobile-sdk-alpha/src/index.ts (3 hunks)
• packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1 hunks)
• packages/mobile-sdk-alpha/src/proving/registerInputs.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• packages/mobile-sdk-alpha/tests/proving/registerInputs.test.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/tests/proving/discloseInputs.test.ts
• packages/mobile-sdk-alpha/src/proving/registerInputs.ts

🧰 Additional context used

📓 Path-based instructions (3)

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit Configuration File

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/src/proving/discloseInputs.ts

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit Configuration File

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/utils/proving/provingInputs.ts
• app/src/utils/proving/provingMachine.ts

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit Configuration File

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• app/tests/utils/proving/provingMachine.generatePayload.test.ts

🧬 Code Graph Analysis (2)

app/tests/utils/proving/provingMachine.generatePayload.test.ts (1)

packages/mobile-sdk-alpha/src/browser.ts (2)

• registerInputs (58-58)
• discloseInputs (59-59)

packages/mobile-sdk-alpha/src/proving/discloseInputs.ts (1)

packages/mobile-sdk-alpha/src/index.ts (3)

• DiscloseSelfApp (36-36)
• OfacTrees (36-36)
• discloseInputs (53-53)

🪛 GitHub Check: lint

packages/mobile-sdk-alpha/src/browser.ts

[failure] 60-60:
Expected DiscloseSelfApp before discloseInputs

---

[failure] 59-59:
Expected discloseInputs before registerInputs

---

[failure] 58-58:
Expected registerInputs before webScannerShim

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios

🔇 Additional comments (1)

app/src/utils/proving/provingInputs.ts (1)

3-3: LGTM on narrowing the scope

Import-only change aligns with the module’s new DSC-only responsibility. No issues.

[transphorm]

rebased with #915 to unblock failing pipeline

[transphorm]

fix comment

[transphorm]

need to update paths based on new SelfClient structure. convert to draft for now

[transphorm]

closing due to new proposed work and architecture