Dev

[remicolin]

Summary by CodeRabbit

• New Features

  • Added ID card (TD1) OCR alongside passports.
  • Enabled OAuth redirect handling on Android and configured Google Sign-In (Android client).
  • Introduced centralized env configuration and new providers for remote config, logging, and client setup.

• Improvements

  • Android UI updated to edge-to-edge theme; performance and build reliability enhancements; updated dependencies and NDK.
  • NFC scanning logs enriched for better diagnostics.

• Security

  • Added automated secret scans (GitGuardian, Gitleaks) and pre-commit checks.

• CI/CD

  • New mobile/web/SDK workflows, bundle analysis, E2E tests, and automated mobile deploys with versioning.

• Documentation

  • Expanded setup, deployment, tree-shaking guides, and migration specs.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Adds extensive CI/CD workflows, composite caching actions, Android/iOS build/config updates, Fastlane deployment refactor with new helpers and lanes, NFC analytics instrumentation, app bootstrap/provider changes, environment/config files, security scanning configs, editor/tooling rules, and comprehensive documentation/specs. Removes older workflows and updates licensing, Node version, and multiple build dependencies.

Changes

Cohort / File(s)	Summary
CI/CD Workflows .github/workflows/*	Adds/updates workflows: Mobile CI, Mobile Auto Deploy, Mobile Deploy (parameterized), Mobile E2E, Mobile Bundle Analysis, Common CI, Core SDK CI, Mobile SDK CI, QRCode SDK CI, Web CI, Circuits CI, Circuits Build, Contracts CI, NPM Publish (dev, .nvmrc), GitGuardian, Gitleaks, block non-dev→main. Removes App CI, artifacts, general-checks.
Composite Actions .github/actions/cache-*/action.yml, .github/actions/yarn-install/action.yml, .github/actions/mobile-setup/action.yml, .github/actions/get-version/action.yml	Adds cache actions for Yarn, Bundler, Gradle, Pods; tightens yarn-install (Node 22, version print); mobile-setup adds bundler config and strict installs; minor formatting in get-version.
Fastlane & Deploy Tooling app/fastlane/*, .github/workflows/mobile-deploy*.yml	Refactors Fastlane: new helpers (common/ios/android/slack/version_manager), new deploy_auto lanes (iOS/Android), test_mode, Slack uploads, version bump/sync, helper tests; updates DEV/README docs. Workflows orchestrate auto/manual deploys, version/tagging, cache/secrets validation.
Android App Build/Config app/android/**/build.gradle, .../gradle.properties, .../AndroidManifest.xml, .../google-services.json, .../styles.xml, .../link-assets-manifest.json	Bumps NDK to 27, dynamic Hermes path, dex options, signing fallbacks, packaging options, ABI filters gating, theme parent change, Gradle perf flags, add OAuth clients, add font asset, update Fotoapparat coords.
Android NFC & OCR Logic app/android/android-passport-reader/.../OcrUtils.kt, app/android/react-native-passport-reader/.../RNPassportReaderModule.kt	Adds ID-card (TD1) OCR branch and document number normalization; instruments NFC flow with detailed analytics events/constants and RN bridge emissions.
Android Native Modules Licensing/Minor app/android/app/src/main/java/com/proofofpassportapp/*	Adds BUSL SPDX headers across native files; BackupModule now triggers BackupManager.dataChanged; no API changes.
iOS Env app/ios/.xcode.env	Replaces simple PATH lookup with secure Node binary resolver supporting PATH, absolute paths, and NVM with validation; exports NODE_BINARY accordingly.
App Bootstrap/Config app/index.js, app/App.tsx, app/babel.config.cjs, app/env.ts, app/declarations.d.ts, app/firebase.json	Ensures crypto/Buffer polyfills early; restructures providers (RemoteConfig→Logger→SelfClient→Auth→Passport→DB→Notification); adds module-resolver alias @; new env.ts exports; type-only imports in declarations; enables Firebase messaging auto-init.
Lint/Format/Test Coverage app/.eslintrc.cjs, app/.codecov.yml, app/.github/workflows/test-coverage.yml, app/.prettier*, app/.gitignore, app/.yarnrc.yml	Overhauls ESLint (TS/React/import rules, resolver, overrides); adds Codecov config and CI; updates Prettier ignore/overrides; small yarnrc quote tweak; app ignore additions.
Docs & Specs AGENTS.md, app/AGENTS.md, app/docs/**/*, .cursor/rules/*.mdc, .cursorrules, .giga/specifications.json, README.md, app/README.md, app/docs/...examples/*	Adds system/technical/compliance specs, migration guides, deployment/tree-shaking docs, examples; updates READMEs (NDK 27, deployment, E2E, setup).
Repo Config & Security .nvmrc, .gitignore, LICENSE, app/LICENSE, .gitguardian.yml, .gitleaks.toml, .husky/*, .cursorignore, .cursorrules, .cursor/mcp.json, .vscode/settings.json, .coderabbit.yaml	Sets Node 22; adjusts ignores; replaces root LICENSE with per-package notice; adds BUSL at app/; enables GitGuardian/Gitleaks (config + Husky pre-commit); adds Cursor/VSCode/editor rules; adds MCP server; adds AI review config.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev
  participant PR as GitHub PR (main/dev)
  participant Auto as Workflow: mobile-deploy-auto
  participant Deploy as Reusable: mobile-deploy
  participant FL as Fastlane (iOS/Android)
  participant Stores as App Stores

  Dev->>PR: Merge PR (with labels)
  PR-->>Auto: closed event (merged)
  Auto->>Auto: Determine track, version_bump, platforms, should_deploy
  alt should_deploy == true
    Auto->>Deploy: workflow_call(platforms, track, version_bump, auto=true)
    par iOS
      Deploy->>FL: deploy_auto(track, version_bump, test_mode)
      FL->>Stores: Upload iOS build
    and Android
      Deploy->>FL: deploy_auto(track, version_bump, test_mode)
      FL->>Stores: Upload Android build
    end
    Deploy->>Deploy: Tag/version updates, release notes
  else skip
    Auto-->>Dev: Skip message ([skip-deploy]/no-deploy)
  end

Loading

sequenceDiagram
  autonumber
  actor User
  participant App as React Native App
  participant RN as RN Module (PassportReader)
  participant NFC as Android PassportService
  participant Log as Analytics/Bridge

  User->>App: Start NFC scan
  App->>RN: scan(opts)
  RN->>Log: nfc_scan_started
  RN->>NFC: Open card service
  NFC-->>RN: Ready/Errors
  RN->>Log: nfc_reading_started / failed
  RN->>NFC: PACE / BAC auth
  RN-->>Log: PACE/BAC started/succeeded/failed
  RN->>NFC: Read DG1/DG2/DG14/SOD
  RN-->>Log: reading_* events (+_succeeded)
  RN->>RN: Verify hashes, certs, signatures
  RN-->>Log: validation/signature/passive_auth events
  RN-->>App: Result or error
  RN-->>Log: nfc_scan_completed or nfc_scan_failed

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Feat/push to dev main #767 — Modifies the same mobile-deploy-auto workflow and related deploy orchestration.
• Feat/mobile deployment automation #759 — Changes the mobile deployment pipeline and Fastlane helpers in the same areas (deploy_auto, versioning).
• SEL-559: Update td1 regex #760 — Edits the same OcrUtils.kt to add TD1/ID parsing and normalization.

Suggested labels

codex

Suggested reviewers

• aaronmgdr
• transphorm

Poem

Pipelines hum, the robots sing,
Tags take flight on versioned wing.
Hermes paths adapt and glide,
NFC whispers logged with pride.
Docs now bloom, configs align—
Ship it sleek, on time, divine.
✨📦🚀

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.