chore: centralize license header checks

[transphorm]

Summary

• move license header check scripts to the repo root
• hook mobile-sdk-alpha into shared license header lint
• add license headers to mobile-sdk-alpha sources

Testing

• yarn workspace @selfxyz/mobile-sdk-alpha lint
• yarn workspace @selfxyz/mobile-sdk-alpha build
• yarn workspace @selfxyz/mobile-sdk-alpha test
• yarn workspace @selfxyz/mobile-app lint:headers
• yarn workspace @selfxyz/mobile-app test (fails: Cannot find module '@selfxyz/common/utils/proving')
• yarn workspace @selfxyz/contracts build (fails: Hardhat config accounts missing)

---

https://chatgpt.com/codex/tasks/task_b_68ac6c830ab0832d98775ac85996a45d

Summary by CodeRabbit

• New Features
  • None
• Style
  • Added SPDX license headers across source, scripts, and tests with no functional changes.
• Chores
  • Standardized lint workflow: root lint now runs header checks before package linting.
  • Simplified app-level lint scripts by removing separate header-check steps.
  • Improved header-check scripts to allow directory-scoped runs and clearer CLI usage.
• Tests
  • No test behavior changes; only header comments added.
• Documentation
  • Licensing metadata clarified via consistent file headers.

[coderabbitai]

Important

Review skipped

More than 25% of the files skipped due to max files limit. The review is being skipped to prevent a low-quality review.

193 files out of 300 files are above the max files limit of 100. Please upgrade to Pro plan to get higher limits.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This PR centralizes license-header linting at the repo root, updates header-check scripts to accept target directories, removes app-level header checks, and adds SPDX headers across packages/mobile-sdk-alpha (source, configs, scripts, and tests). No functional runtime changes to the SDK; only script orchestration and comment headers were added.

Changes

Cohort / File(s)	Summary
Root lint orchestration package.json, app/package.json	Root adds lint:headers and lint:headers:fix, and prefixes lint with header checks. App removes lint:headers* and simplifies lint/lint:fix to run ESLint only.
Header-check scripts scripts/check-duplicate-headers.cjs, scripts/check-license-headers.mjs	Both CLIs now accept a target directory (first non-flag arg). Path resolution updated to use provided dir or CWD; scanning is scoped accordingly. No changes to matching rules or header logic.
mobile-sdk-alpha: source files packages/mobile-sdk-alpha/src/**/* (adapters/, bridge/, browser.ts, client.ts, components//, config/, context.tsx, entry/index.tsx, errors//, hooks/, mrz/, nfc/, processing/, qr/, types/, validation/, index.ts)	Insert SPDX license headers at file tops. No code, types, or exports changed.
mobile-sdk-alpha: scripts/configs packages/mobile-sdk-alpha/scripts/*, packages/mobile-sdk-alpha/.eslintrc.cjs, packages/mobile-sdk-alpha/tsup.config.ts, packages/mobile-sdk-alpha/vitest.config.ts	Add SPDX license headers. No behavioral changes to configs or scripts.
mobile-sdk-alpha: tests packages/mobile-sdk-alpha/tests/**/*	Add SPDX license headers to all test files. No test logic changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant Yarn as yarn (root)
  participant Hdr as lint:headers
  participant Dups as check-duplicate-headers.cjs
  participant Lic as check-license-headers.mjs
  participant WS as workspaces foreach lint
  participant App as app workspace

  Dev->>Yarn: yarn lint
  Yarn->>Hdr: run lint:headers
  par app headers
    Hdr->>Dups: node .../check-duplicate-headers.cjs app
    Hdr->>Lic: node .../check-license-headers.mjs app --check
  and mobile-sdk-alpha headers
    Hdr->>Dups: node .../check-duplicate-headers.cjs packages/mobile-sdk-alpha
    Hdr->>Lic: node .../check-license-headers.mjs packages/mobile-sdk-alpha --check
  end
  Note right of Lic: Both scripts now accept<br/>target dir as first arg
  Hdr-->>Yarn: exit(0|1)
  Yarn->>WS: workspaces foreach run lint
  WS->>App: yarn lint
  Note right of App: Now runs "eslint ." only<br/>(no app-level header checks)

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Add additional missing BUSL license headers #871 — Similar repo-wide BUSL header additions and header-checking workflows; touches the same scripts and orchestration.
• feat: use SelfClient for MRZ parsing #930 — Modifies lint/header-check tooling in app and scripts; overlaps with this PR’s script and lint changes.
• Chore: mobile sdk refinements #858 — Adjusts repository license/header tooling and mobile-sdk-alpha packaging; intersects with added headers and lint scripts here.

Suggested reviewers

• aaronmgdr
• shazarre
• remicolin

Poem

Headers unfurl at dawn’s first light,
BUSL whispers, tidy and bright.
Lint now leads with a careful scan,
Root commands orchestrate the plan.
No code paths bend, no logic stirred—
Just polished scripts and licensed word.
CI smiles: ✅ assured.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/add-license-header-check-to-mobile-sdk-alpha

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 12

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (15)

packages/mobile-sdk-alpha/scripts/validate-exports.mjs (1)

8-19: Fix path handling for file URLs to avoid Windows/URL path breakage

Using dist.pathname with path.join mixes URL semantics and file paths. On Windows this can produce invalid paths (e.g., /C:\...), causing false negatives or crashes. Convert the URL to a filesystem path with fileURLToPath and use that consistently.

Apply this diff:

-import { readFile } from 'node:fs/promises';
-import { readdir } from 'node:fs/promises';
+import { readFile } from 'node:fs/promises';
+import { readdir } from 'node:fs/promises';
 import { join } from 'node:path';
+import { fileURLToPath } from 'node:url';
@@
-const dist = new URL('../dist/', import.meta.url);
-const files = await readdir(dist);
+const distUrl = new URL('../dist/', import.meta.url);
+const distPath = fileURLToPath(distUrl);
+const files = await readdir(distPath);
@@
-  const src = await readFile(join(dist.pathname, f), 'utf8');
+  const src = await readFile(join(distPath, f), 'utf8');

Also applies to: 14-15

packages/mobile-sdk-alpha/scripts/postBuild.mjs (1)

33-45: Expose TypeScript types in dist package.json to avoid consumer resolution issues

Consumers (TS projects, editors) may fail to resolve types when importing from the package root unless types is declared. Add a top‑level "types" entry pointing at the ESM d.ts to ensure stable DX across bundlers and Metro.

Apply this diff:

 const distPackageJson = {
   name: '@selfxyz/mobile-sdk-alpha',
   version: packageJson.version,
   type: 'module',
+  types: './esm/index.d.ts',
   exports: {
     '.': './esm/index.js',
     './browser': './esm/browser.js',
   },
 };

If you want stronger TS resolution for subpaths, we can also introduce typesVersions or exports with a types condition in a follow-up.

packages/mobile-sdk-alpha/src/processing/mrz.ts (4)

118-131: TD1 extraction assumes 2 lines and wrong field positions.

TD1 (3 lines x 30 chars) field offsets here are not aligned with ICAO 9303. Using two concatenated lines will yield incorrect document number, DOB, and expiry extraction.

Recommend either:

• Implement a standards-compliant TD1 parser using all three lines, or
• Temporarily drop TD1 support (explicitly reject) until implemented, to avoid returning misleading data.

I can provide a compliant TD1 extraction mapping and tests in a follow-up change.

---

53-61: TD3 format regex allows non-digit check digits.

The TD3 check digit is numeric, but the regex accepts [0-9ILDSOG], which tolerates OCR confusions at the format stage. This can increase false positives (inputs pass format but fail checks later), which is risky in security-sensitive flows.

A safer approach is to enforce a numeric check digit at format time and handle OCR normalization before parsing if needed.

-  const TD3_line_2_REGEX = /^([A-Z0-9<]{9})([0-9ILDSOG])([A-Z<]{3})/;
+  const TD3_line_2_REGEX = /^([A-Z0-9<]{9})(\d)([A-Z<]{3})/;

---

62-68: Ensure TD1 MRZ detection strictly requires three 30-character lines

The current validateTD1Format function in packages/mobile-sdk-alpha/src/processing/mrz.ts only concatenates two lines and even permits any line starting with “I”, which:

• Misclassifies malformed or truncated MRZs as TD1.
• Risks downstream parsing errors (e.g. wrong check-digit locations) with potential security/KYC implications.

Please refactor to enforce the ICAO-compliant TD1 format (3 lines of 30 characters each) and remove the permissive prefix check.

Key location:

• packages/mobile-sdk-alpha/src/processing/mrz.ts at validateTD1Format(lines: string[]): boolean (previously lines 62–68)

Suggested minimal hardening diff:

 function validateTD1Format(lines: string[]): boolean {
-  const concatenatedLines = lines[0] + lines[1];
-  const TD1_REGEX =
-    /^(?<documentType>[A-Z0-9<]{2})(?<issuingCountry>[A-Z<]{3})(?<documentNumber>[A-Z0-9<]{9})(?<checkDigitDocumentNumber>[0-9]{1})(?<optionalData1>[A-Z0-9<]{15})(?<dateOfBirth>[0-9]{6})(?<checkDigitDateOfBirth>[0-9]{1})(?<sex>[MF<]{1})(?<dateOfExpiry>[0-9]{6})(?<checkDigitDateOfExpiry>[0-9]{1})(?<nationality>[A-Z<]{3})(?<optionalData2>[A-Z0-9<]{7})/;
-  const isTD1 = TD1_REGEX.test(concatenatedLines) || lines[0].startsWith('I');
-  return isTD1;
+  // TD1 MRZ (ID-1 size) must be exactly 3 lines of 30 characters per ICAO 9303.
+  if (lines.length !== 3) return false;
+  if (!lines.every(line => line.length === 30)) return false;
+  // TODO: Add full regex-based validation and check-digit verification per spec
+  return true;
 }

Follow-up: update extraction and checksum logic to consume three lines and validate all check digits as per ICAO 9303 §5.10.3.4.

---

136-154: Implement TD1 Composite Check Digit Instead of Hardcoded True

The current implementation in packages/mobile-sdk-alpha/src/processing/mrz.ts (lines 136–154) only validates the document number, birth date, and expiry date check digits, then misleadingly sets compositeChecksum to true. According to ICAO 9303 (TD1 size), you must compute and verify a final composite check digit over specific fields—including filler characters—rather than hardcoding a pass. Failing to do so can allow malformed MRZs to appear valid.

Please update as follows:

• Location: validateTD1CheckDigits (packages/mobile-sdk-alpha/src/processing/mrz.ts:136–154)
• Remove the line

compositeChecksum: true, // TD1 doesn't have a composite check digit like TD3

• Compute the composite string per ICAO 9303 TD1 (positions 6–30 of line 1 and positions 1–7, 9–15, 19–29 of line 2, including ‘<’ fillers) and validate it:

const compositeData =
  concatenatedLines.slice(5, 30) +       // line1 positions 6–30
  concatenatedLines.slice(30, 37) +     // line2 positions 1–7
  concatenatedLines.slice(38, 44) +     // line2 positions 9–15
  concatenatedLines.slice(47, 56);      // line2 positions 19–29

const compositeCheckDigit = concatenatedLines.slice(56, 57);  // position 30 of line2

return {
  passportNumberChecksum: verifyCheckDigit(documentNumber, documentNumberCheckDigit),
  dateOfBirthChecksum: verifyCheckDigit(dateOfBirth, dobCheckDigit),
  dateOfExpiryChecksum: verifyCheckDigit(dateOfExpiry, expiryCheckDigit),
  compositeChecksum: verifyCheckDigit(compositeData, compositeCheckDigit),
};

• Refer to ICAO 9303 TD1 spec for exact character positions and include filler < values when building compositeData (sourceforge.net, github.com).

This change ensures full MRZ integrity checking and prevents clients from trusting an always-true composite flag.

packages/mobile-sdk-alpha/vitest.config.ts (1)

8-10: Use Node as the default test environment and scope JSDOM only to TSX tests

I scanned the packages/mobile-sdk-alpha/tests suite and confirmed that only the following TSX tests import DOM utilities (React Testing Library’s render/renderHook):

• entry.test.tsx
• provider.test.tsx

The other tests don’t interact with window/document or use DOM-based assertions. Switching the default environment to node will improve performance and avoid subtle drift, while jsdom is applied only where needed.

Please update your vitest.config.ts accordingly:

 export default defineConfig({
   test: {
     globals: true,
-    environment: 'jsdom',
+    environment: 'node',
+    // Only use JSDOM for TSX tests that render components
+    environmentMatchGlobs: [
+      ['**/*.test.tsx', 'jsdom'],
+    ],
     setupFiles: ['./tests/setup.ts'],
   },
 });

packages/mobile-sdk-alpha/src/client.ts (1)

109-117: Timeout emits error even if proof completes; no cancellation or cleanup

clock.sleep(...).then(() => emit('error', ...)) fires regardless of proof completion, and cancel is a no-op. This will spuriously emit an error after a successful proof or leak a pending timer. Add an abortable timeout and clear it on result() or cancel().

Apply this diff to make the timeout abortable and deterministic:

-    const timeoutMs = opts.timeoutMs ?? cfg.timeouts?.proofMs ?? defaultConfig.timeouts.proofMs;
-    void _adapters.clock.sleep(timeoutMs!, opts.signal).then(() => emit('error', new Error('timeout')));
-    return {
-      id: 'stub',
-      status: 'pending',
-      result: async () => ({ ok: false, reason: 'SELF_ERR_PROOF_STUB' }),
-      cancel: () => {},
-    };
+    const timeoutMs = opts.timeoutMs ?? cfg.timeouts?.proofMs ?? defaultConfig.timeouts.proofMs;
+    const abortController = new AbortController();
+    const timeoutId = setTimeout(() => {
+      // Only emit if not aborted by cancel/result completion
+      if (!abortController.signal.aborted) {
+        emit('error', new Error('timeout'));
+        abortController.abort();
+      }
+    }, timeoutMs!);
+
+    return {
+      id: 'stub',
+      status: 'pending',
+      result: async () => {
+        try {
+          return { ok: false, reason: 'SELF_ERR_PROOF_STUB' };
+        } finally {
+          clearTimeout(timeoutId);
+          abortController.abort();
+        }
+      },
+      cancel: () => {
+        clearTimeout(timeoutId);
+        abortController.abort();
+      },
+    };

packages/mobile-sdk-alpha/src/types/ui.ts (1)

13-20: Define missing commitment types & tighten documentType union

The TypeScript definitions for IdentityCommitment and DSCKeyCommitment were not found in the repo, yet our guidelines mandate their presence alongside VerificationConfig. Additionally, DocumentMetadata.documentType remains a plain string, weakening exhaustiveness and PII-safety checks. Please:

• Update packages/mobile-sdk-alpha/src/types/ui.ts:

     export interface DocumentMetadata {
       id: string;
  -    documentType: string;
  +    documentType: 'passport' | 'eu_id_card';
       documentCategory: DocumentCategory;
       encryptedBlobRef?: string; // opaque pointer; no plaintext PII
       mock: boolean;
       isRegistered?: boolean;
     }

• Add (or import) these interfaces in your TS codebase under src/types/ (or another shared types module):

  export interface IdentityCommitment {
    commitment: PoseidonHash;
    nullifier: DomainSeparatedNullifier;
    timestamp: number;         // UTC seconds
    version: number;           // circuit version
    documentType: 'passport' | 'eu_id_card';
  }
  
  export interface DSCKeyCommitment {
    keyCommitment: PoseidonHash;
    domain: string;            // domain separator
    timestamp: number;         // UTC seconds
    version: number;
  }

• You already have VerificationConfig defined in core/src/types/types.ts. Ensure it continues to align with your platform’s requirements.

These changes enforce stricter typing, guard against missing cases in downstream logic (e.g., NFC vs. EU ID flows), and satisfy our security and PII-handling guidelines.

packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts (1)

12-16: Native event bridge is a no-op — listeners are never attached or removed

addListener returns an unsubscribe that calls removeListener, but removeListener is empty. This can silently break event-driven features relying on native bridges and make debugging painful.

Two minimal options:

• Implement a basic in-memory registry to attach/detach handlers so feature work can proceed in alpha without platform code.
• If this is intended only for tests, gate it behind a compile-time flag and log a clear warning.

Example in-memory implementation:

+const registry = new Map<string, Set<EventHandler>>();
+
 export const addListener: NativeEventBridge['addListener'] = (moduleName, eventName, handler) => () =>
-  removeListener(moduleName, eventName, handler);
+  removeListener(moduleName, eventName, handler);
 
-export const removeListener: NativeEventBridge['removeListener'] = () => {};
+export const removeListener: NativeEventBridge['removeListener'] = (moduleName, eventName, handler) => {
+  const key = `${moduleName}:${eventName}`;
+  const set = registry.get(key);
+  if (set) {
+    set.delete(handler);
+    if (set.size === 0) registry.delete(key);
+  }
+};

And wherever native side emits, consult registry to invoke handlers (or wire to NativeEventEmitter in RN).

packages/mobile-sdk-alpha/src/config/defaults.ts (1)

5-10: Missing or incomplete type definitions for IdentityCommitment and DSCKeyCommitment; VerificationConfig fields don’t match spec

Our search shows that there is no exported IdentityCommitment or DSCKeyCommitment type in the SDK, and the existing VerificationConfig in sdk/core/src/types/types.ts only declares minimumAge and excludedCountries—far from the required fields. Without these types, downstream code will drift and break.

Please add or update these definitions (for example in sdk/core/src/types/types.ts or packages/mobile-sdk-alpha/src/types/public.ts):

• export interface IdentityCommitment

  • commitment: string (Poseidon hash)
  • nullifier: string (domain-separated)
  • timestamp: number (UTC seconds)
  • version: string (circuit semver)
  • documentType: 'passport' | 'eu_id_card'

• export interface DSCKeyCommitment

  • publicKeyHash: string (Poseidon hash)
  • certificateChain: string[] (hashes)
  • revocationStatus: boolean
  • issuer: string (3-letter country code)

• export type VerificationConfig

  • circuitVersion: string (semver)
  • complianceRules: string[]
  • timeWindow: number (seconds, max 86400)
  • clockDrift: number (±300 seconds)
  • trustAnchors: string[]
  • revocationRoots: string[]
  • timeSource: "NTP"
  • nullifierScope: string

After defining these, update the default config in packages/mobile-sdk-alpha/src/config/defaults.ts (or corresponding defaults file) to provide sane initial values, and add or extend tests to cover these shapes.

packages/mobile-sdk-alpha/scripts/report-exports.mjs (1)

13-18: Bug: .split('\s+as\s+') is a string split, not a regex; alias parsing will fail.
This will not split on whitespace/as and breaks when encountering re-exports with aliases.

Apply:

-    .map(s => s.split('\s+as\s+').pop())
+    .map(s => s.split(/\s+as\s+/).pop())

packages/mobile-sdk-alpha/tests/setup.ts (1)

32-47: Type error in TS setup: vi is used without import.
In a TS setup file, vi isn’t guaranteed to be globally typed; this can fail type-checking. Import it explicitly.

-/**
- * Vitest setup file for mobile-sdk-alpha tests
- * Reduces console noise during testing
- */
+/**
+ * Vitest setup file for mobile-sdk-alpha tests
+ * Reduces console noise during testing
+ */
+import { vi } from 'vitest';

packages/mobile-sdk-alpha/src/nfc/index.ts (2)

6-17: Expose NFC types and parsing functions at the package entrypoint

To maintain API parity and simplify imports for consumers, re-export the NFC module from the root of the package.

• File: packages/mobile-sdk-alpha/src/index.ts
  Add the following lines:

+ // NFC
+ export type { NFCScanOptions, DG1, DG2, ParsedNFCResponse } from './nfc';
+ export { parseNFCResponse } from './nfc';

---

1-26: Missing IdentityCommitment & DSCKeyCommitment TS types

We verified that a VerificationConfig type already exists in your TypeScript SDK (see sdk/core/src/types/types.ts), but neither IdentityCommitment nor DSCKeyCommitment are defined anywhere in the TS codebase. To align with our technical spec and ensure consistency:

• Define the missing types in your shared types module, matching the spec:
– IdentityCommitment: { commitment: bigint; nullifier: bigint; timestamp: number; version: string; documentType: 'passport' | 'eu_id_card'; }
– DSCKeyCommitment: { publicKeyHash: bigint; certificateChain: bigint[]; revocationStatus: boolean; issuer: string; }
• Re-export those new types (alongside the existing VerificationConfig) from your SDK entry point (e.g. packages/mobile-sdk-alpha/src/index.ts or your root index.ts) so consumers can import them uniformly.

Locations for reference:

• Existing VerificationConfig: sdk/core/src/types/types.ts
• NFC index file that currently re-exports only DG1/DG2/ParsedNFCResponse: packages/mobile-sdk-alpha/src/nfc/index.ts

Please add the two missing type definitions and update your exports to avoid any downstream confusion.

🧹 Nitpick comments (14)

packages/mobile-sdk-alpha/src/browser.ts (1)

1-2: Normalize SPDX headers across the repository

Our grep scan shows metadata is still appended on the same line as the SPDX identifier in hundreds of files (e.g. packages/mobile-sdk-alpha/src/browser.ts, scripts/check-license-headers.mjs, app/src/…)—which can break SPDX parsers, header-check tooling, and potentially violate max-len lint rules. To keep license headers both machine- and human-friendly, split the SPDX identifier from file metadata:

Suggested update (example for browser.ts):

- // SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+ // SPDX-License-Identifier: BUSL-1.1
+ // SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+ // License: BUSL-1.1 (see LICENSE); Apache-2.0 starting 2029-06-11

Next steps:

• Automate header normalization across all affected files (consider a simple codemod or shell script).
• Enhance scripts/check-license-headers.* to enforce “SPDX-License-Identifier” as a standalone line.
• Optionally add a lint rule or pre-commit hook to catch regressions early.

Thanks for tackling this cleanup—your license headers will be parser-perfect in no time!

packages/mobile-sdk-alpha/src/types/public.ts (1)

1-2: SPDX header should be machine-parseable and consistent across files

Place the SPDX identifier on a dedicated line and move copyright/change-license notes to subsequent lines to keep scanners happy and avoid ESLint max-len violations.

Apply this diff:

-// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+// SPDX-License-Identifier: BUSL-1.1
+// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+// License: BUSL-1.1 (see LICENSE); Apache-2.0 starting 2029-06-11

packages/mobile-sdk-alpha/tests/validation/document.test.ts (1)

1-2: Make test file headers SPDX-friendly; avoid semicolon-chaining after the identifier

Same rationale as source files: keep the SPDX identifier on a dedicated line for tool compatibility. Tests can be scanned/published too, so consistency matters.

Apply this diff:

-// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+// SPDX-License-Identifier: BUSL-1.1
+// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+// License: BUSL-1.1 (see LICENSE); Apache-2.0 starting 2029-06-11

packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx (2)

1-2: SPDX header formatting: put the identifier on its own line to satisfy scanners and linters

Avoid chaining additional clauses after the SPDX line.

Apply this diff:

-// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+// SPDX-License-Identifier: BUSL-1.1
+// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+// License: BUSL-1.1 (see LICENSE); Apache-2.0 starting 2029-06-11

---

48-55: Remove unused prop pass-through: setDocument is not consumed by OnboardingFlow

OnboardingFlow does not use setDocument. Passing it causes unnecessary prop changes and potential re-renders, and expands the surface area for no benefit.

Apply this diff here:

       <OnboardingFlow
         external={external}
-        setDocument={external.setDocument}
         PassportCamera={customScreens.PassportCamera}
         NFCScanner={customScreens.NFCScanner}
       />

And adjust OnboardingFlow’s props accordingly (see suggested diff in OnboardingFlow.tsx).

packages/mobile-sdk-alpha/src/components/flows/OnboardingFlow.tsx (2)

1-2: Standardize SPDX header formatting for tooling compatibility

Same change: keep SPDX identifier on a dedicated line and move other metadata to following lines.

Apply this diff:

-// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11
+// SPDX-License-Identifier: BUSL-1.1
+// SPDX-FileCopyrightText: 2025 Social Connect Labs, Inc.
+// License: BUSL-1.1 (see LICENSE); Apache-2.0 starting 2029-06-11

---

12-17: Prune unused prop and dependency: setDocument is declared and placed in deps but never used

This is dead API that can trigger avoidable rerenders (due to changing function identity) and complicates the surface without benefit. The registration flow uses client.registerDocument directly.

Apply this diff:

 interface OnboardingFlowProps {
   external: ExternalAdapter;
-  setDocument: (doc: DocumentData, documentId: string) => Promise<boolean>;
   PassportCamera?: ComponentType<PassportCameraProps>;
   NFCScanner?: ComponentType<ScreenProps>;
 }
 
-export const OnboardingFlow = ({ external, setDocument, PassportCamera, NFCScanner }: OnboardingFlowProps) => {
+export const OnboardingFlow = ({ external, PassportCamera, NFCScanner }: OnboardingFlowProps) => {
   const [mrzData, setMrzData] = useState<MRZInfo | null>(null);
   const client = useSelfClient();
 
   const handleMRZDetected = useCallback(
     async (mrzData: MRZInfo) => {
       try {
         const status = await client.registerDocument({
           scan: {
             mode: 'mrz',
             passportNumber: mrzData.passportNumber,
             dateOfBirth: mrzData.dateOfBirth,
             dateOfExpiry: mrzData.dateOfExpiry,
             issuingCountry: mrzData.issuingCountry,
           },
         });
 
         if (status.registered) {
           setMrzData(mrzData);
         } else {
           external.onOnboardingFailure(new Error('Registration failed'));
         }
       } catch (error) {
         external.onOnboardingFailure(error as Error);
       }
     },
-    [client, external, setDocument],
+    [client, external],
   );

Note: Remove the prop pass-through in SelfMobileSdk.tsx as well (see related comment there).

Also applies to: 19-20, 23-46

packages/mobile-sdk-alpha/src/qr/index.ts (1)

17-20: Public API currently always throws — consider gating as experimental or removing from stable exports.

Exposing a function that always throws risks runtime crashes in consuming apps. If this is intentionally not yet implemented, gate it behind an experimental/alpha entry point, or make it unmistakable at compile-time.

Option A (strong typing signal):

-export async function scanQRProof(_opts: QRProofOptions): Promise<ScanResult> {
+/** @alpha Not yet implemented; do not use in production. */
+export async function scanQRProof(_opts: QRProofOptions): Promise<never> {
   // Surface a consistent, typed error for unimplemented features
   throw notImplemented('scanQRProof');
}

Option B (packaging): export this from an experimental subpath (src/qr/experimental.ts) and omit it from the stable src/index.ts until implemented.

packages/mobile-sdk-alpha/scripts/report-exports.mjs (1)

6-13: Portability: prefer fileURLToPath over dist.pathname + path.join.
Mixing URL.pathname with path.join can misbehave on Windows (drive letters, leading slash). Convert the URL once and use the resulting path.

-import { join } from 'node:path';
+import { join } from 'node:path';
+import { fileURLToPath } from 'node:url';
 
-const dist = new URL('../dist/', import.meta.url);
-const files = await readdir(dist);
+const dist = new URL('../dist/', import.meta.url);
+const distPath = fileURLToPath(dist);
+const files = await readdir(distPath);
 const report = {};
 
 for (const f of files) {
   if (!f.endsWith('.js')) continue;
-  const src = await readFile(join(dist.pathname, f), 'utf8');
+  const src = await readFile(join(distPath, f), 'utf8');

packages/mobile-sdk-alpha/tests/setup.ts (1)

23-30: Optional: prefer globalThis over global for portability.
Keeps compatibility across Node, browsers, and RN JSI shims.

-if (typeof global !== 'undefined') {
-  (global as any).restoreConsole = () => {
+if (typeof globalThis !== 'undefined') {
+  (globalThis as any).restoreConsole = () => {
     console.warn = originalConsole.warn;
     console.error = originalConsole.error;
     console.log = originalConsole.log;
   };
 }

scripts/check-duplicate-headers.cjs (1)

42-47: Add heavier ignores to prevent slow scans in app workspaces.

Current ignore misses large trees like ios/Pods and android/build which can contain JS helpers. Tightening ignores improves runtime predictability in CI without losing coverage for source files.

Apply this diff:

-      .sync(pattern, {
-        cwd: targetDir,
-        ignore: ['node_modules/**', 'dist/**', 'build/**', '**/*.d.ts'],
-      })
+      .sync(pattern, {
+        cwd: targetDir,
+        ignore: [
+          'node_modules/**',
+          'dist/**',
+          'build/**',
+          '**/*.d.ts',
+          'ios/**',
+          'android/**',
+          '**/Pods/**',
+          'coverage/**',
+          '.next/**',
+          '.turbo/**',
+        ],
+      })

packages/mobile-sdk-alpha/src/nfc/index.ts (2)

1-1: Header string format: validate against centralized header-check regex.

The composite header “BUSL-1.1 …; Apache-2.0 from 2029-06-11” is fine semantically, but linters often match a strict regex. Confirm the root header-check script recognizes this single-line form and the “from YYYY-MM-DD” clause to avoid CI flakes.

If the linter expects a block banner, I can generate a repo-wide codemod to normalize headers.

---

23-26: Unimplemented API: consider stable error shape and guidance for integrators.

scanNFC throws notImplemented('scanNFC'). For partner apps, return a consistent, documented SdkError subclass (e.g., UnimplementedError) with an actionable message and optionally a docs URL to reduce support churn. This is especially important for a public SDK surface flagged as alpha.

-export async function scanNFC(_opts: NFCScanOptions): Promise<ScanResult> {
-  // Surface a consistent, typed error for unimplemented features
-  throw notImplemented('scanNFC');
-}
+export async function scanNFC(_opts: NFCScanOptions): Promise<ScanResult> {
+  // Keep a stable error code and a docs link for integrators
+  throw notImplemented('scanNFC', {
+    message: 'NFC scanning is not yet available in mobile-sdk-alpha.',
+    docs: 'https://docs.self.xyz/sdk/mobile/nfc#status',
+  });
+}

packages/mobile-sdk-alpha/src/errors/InitError.ts (1)

11-16: Centralize error codes to avoid drift and improve observability.

SELF_ERR_INIT is hardcoded here. Consider consolidating error codes in a shared enum or constants module used across the SDK so logs, metrics, and docs stay aligned.

-import { SdkError } from './SdkError';
+import { SdkError } from './SdkError';
+import { ErrorCode } from '../errors/codes';
@@
-    super(message, 'SELF_ERR_INIT', 'init', false, options);
+    super(message, ErrorCode.InitFailed, 'init', false, options);

Example (new file):

// packages/mobile-sdk-alpha/src/errors/codes.ts
export enum ErrorCode {
  InitFailed = 'SELF_ERR_INIT',
  // ...other codes
}

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d8bf5f9 and 189d64f.

📒 Files selected for processing (57)

• app/package.json (1 hunks)
• package.json (1 hunks)
• packages/mobile-sdk-alpha/.eslintrc.cjs (1 hunks)
• packages/mobile-sdk-alpha/scripts/postBuild.mjs (1 hunks)
• packages/mobile-sdk-alpha/scripts/report-exports.mjs (1 hunks)
• packages/mobile-sdk-alpha/scripts/shimConfigs.js (1 hunks)
• packages/mobile-sdk-alpha/scripts/validate-exports.mjs (1 hunks)
• packages/mobile-sdk-alpha/scripts/verify-conditions.mjs (1 hunks)
• packages/mobile-sdk-alpha/src/adapters/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts (1 hunks)
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.native.ts (1 hunks)
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts (1 hunks)
• packages/mobile-sdk-alpha/src/browser.ts (1 hunks)
• packages/mobile-sdk-alpha/src/client.ts (1 hunks)
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/components/flows/OnboardingFlow.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/components/screens/NFCScannerScreen.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/components/screens/PassportCameraScreen.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/components/screens/QRCodeScreen.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/config/defaults.ts (1 hunks)
• packages/mobile-sdk-alpha/src/config/merge.ts (1 hunks)
• packages/mobile-sdk-alpha/src/context.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/entry/index.tsx (1 hunks)
• packages/mobile-sdk-alpha/src/errors/InitError.ts (1 hunks)
• packages/mobile-sdk-alpha/src/errors/LivenessError.ts (1 hunks)
• packages/mobile-sdk-alpha/src/errors/MrzParseError.ts (1 hunks)
• packages/mobile-sdk-alpha/src/errors/NfcParseError.ts (1 hunks)
• packages/mobile-sdk-alpha/src/errors/SdkError.ts (1 hunks)
• packages/mobile-sdk-alpha/src/errors/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/hooks/useDocumentManager.ts (1 hunks)
• packages/mobile-sdk-alpha/src/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/mrz/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/nfc/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/processing/mrz.ts (1 hunks)
• packages/mobile-sdk-alpha/src/processing/nfc.ts (1 hunks)
• packages/mobile-sdk-alpha/src/qr/index.ts (1 hunks)
• packages/mobile-sdk-alpha/src/types/public.ts (1 hunks)
• packages/mobile-sdk-alpha/src/types/ui.ts (1 hunks)
• packages/mobile-sdk-alpha/src/validation/document.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx (1 hunks)
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/client.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/client.test.tsx (1 hunks)
• packages/mobile-sdk-alpha/tests/config.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/entry.test.tsx (1 hunks)
• packages/mobile-sdk-alpha/tests/errors.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/processing/nfc.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/provider.test.tsx (1 hunks)
• packages/mobile-sdk-alpha/tests/setup.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/validation/document.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/webShim.test.ts (1 hunks)
• packages/mobile-sdk-alpha/tsup.config.ts (1 hunks)
• packages/mobile-sdk-alpha/vitest.config.ts (1 hunks)
• scripts/check-duplicate-headers.cjs (2 hunks)
• scripts/check-license-headers.mjs (1 hunks)

🧰 Additional context used

📓 Path-based instructions (10)

packages/mobile-sdk-alpha/src/processing/**

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Place MRZ processing helpers in packages/mobile-sdk-alpha/src/processing/

Files:

• packages/mobile-sdk-alpha/src/processing/nfc.ts
• packages/mobile-sdk-alpha/src/processing/mrz.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• packages/mobile-sdk-alpha/src/processing/nfc.ts
• packages/mobile-sdk-alpha/src/components/screens/PassportCameraScreen.tsx
• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/processing/nfc.test.ts
• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/vitest.config.ts
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.native.ts
• packages/mobile-sdk-alpha/src/types/ui.ts
• packages/mobile-sdk-alpha/src/config/merge.ts
• packages/mobile-sdk-alpha/tests/errors.test.ts
• packages/mobile-sdk-alpha/src/errors/InitError.ts
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/src/hooks/useDocumentManager.ts
• packages/mobile-sdk-alpha/src/components/screens/NFCScannerScreen.tsx
• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/tsup.config.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/src/errors/LivenessError.ts
• packages/mobile-sdk-alpha/src/context.tsx
• packages/mobile-sdk-alpha/src/processing/mrz.ts
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/src/config/defaults.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/components/flows/OnboardingFlow.tsx
• packages/mobile-sdk-alpha/src/errors/SdkError.ts
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts
• packages/mobile-sdk-alpha/src/errors/MrzParseError.ts
• packages/mobile-sdk-alpha/src/nfc/index.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/src/qr/index.ts
• packages/mobile-sdk-alpha/tests/entry.test.tsx
• packages/mobile-sdk-alpha/src/components/screens/QRCodeScreen.tsx
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/src/errors/index.ts
• packages/mobile-sdk-alpha/tests/setup.ts
• packages/mobile-sdk-alpha/src/errors/NfcParseError.ts
• packages/mobile-sdk-alpha/src/validation/document.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts
• packages/mobile-sdk-alpha/tests/provider.test.tsx

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/src/processing/nfc.ts
• packages/mobile-sdk-alpha/src/components/screens/PassportCameraScreen.tsx
• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/processing/nfc.test.ts
• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/vitest.config.ts
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.native.ts
• packages/mobile-sdk-alpha/src/types/ui.ts
• packages/mobile-sdk-alpha/src/config/merge.ts
• packages/mobile-sdk-alpha/tests/errors.test.ts
• packages/mobile-sdk-alpha/src/errors/InitError.ts
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/src/hooks/useDocumentManager.ts
• packages/mobile-sdk-alpha/scripts/shimConfigs.js
• packages/mobile-sdk-alpha/src/components/screens/NFCScannerScreen.tsx
• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/tsup.config.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/src/errors/LivenessError.ts
• packages/mobile-sdk-alpha/src/context.tsx
• packages/mobile-sdk-alpha/src/processing/mrz.ts
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/src/config/defaults.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/components/flows/OnboardingFlow.tsx
• packages/mobile-sdk-alpha/src/errors/SdkError.ts
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts
• packages/mobile-sdk-alpha/src/errors/MrzParseError.ts
• packages/mobile-sdk-alpha/src/nfc/index.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/src/qr/index.ts
• packages/mobile-sdk-alpha/tests/entry.test.tsx
• packages/mobile-sdk-alpha/src/components/screens/QRCodeScreen.tsx
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/src/errors/index.ts
• packages/mobile-sdk-alpha/tests/setup.ts
• packages/mobile-sdk-alpha/src/errors/NfcParseError.ts
• packages/mobile-sdk-alpha/src/validation/document.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts
• packages/mobile-sdk-alpha/tests/provider.test.tsx

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• packages/mobile-sdk-alpha/tests/processing/nfc.test.ts
• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/tests/errors.test.ts
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/tests/entry.test.tsx
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/tests/provider.test.tsx

packages/mobile-sdk-alpha/vitest.config.ts

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Use Vitest in the SDK with a Node environment configured in packages/mobile-sdk-alpha/vitest.config.ts

Files:

• packages/mobile-sdk-alpha/vitest.config.ts

packages/mobile-sdk-alpha/src/index.ts

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Re-export new SDK modules via packages/mobile-sdk-alpha/src/index.ts

Files:

• packages/mobile-sdk-alpha/src/index.ts

packages/mobile-sdk-alpha/tests/setup.ts

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Provide Vitest setup file at packages/mobile-sdk-alpha/tests/setup.ts to suppress console noise

Files:

• packages/mobile-sdk-alpha/tests/setup.ts

packages/mobile-sdk-alpha/src/validation/**

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Place document validation logic in packages/mobile-sdk-alpha/src/validation/

Files:

• packages/mobile-sdk-alpha/src/validation/document.ts

package.json

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

Distribute the SDK via npm/yarn with proper package metadata

Files:

• package.json

app/package.json

📄 CodeRabbit inference engine (.cursor/rules/mobile-sdk-migration.mdc)

Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Files:

• app/package.json

🧠 Learnings (19)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/README.md : Document new/updated SDK modules and usage in packages/mobile-sdk-alpha/README.md

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/src/index.ts : Re-export new SDK modules via packages/mobile-sdk-alpha/src/index.ts

Applied to files:

• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/scripts/report-exports.mjs
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/vitest.config.ts
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.native.ts
• packages/mobile-sdk-alpha/src/types/ui.ts
• packages/mobile-sdk-alpha/src/config/merge.ts
• packages/mobile-sdk-alpha/tests/errors.test.ts
• packages/mobile-sdk-alpha/src/errors/InitError.ts
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/src/hooks/useDocumentManager.ts
• packages/mobile-sdk-alpha/scripts/shimConfigs.js
• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/tsup.config.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/scripts/validate-exports.mjs
• packages/mobile-sdk-alpha/src/context.tsx
• packages/mobile-sdk-alpha/src/processing/mrz.ts
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/src/config/defaults.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/components/flows/OnboardingFlow.tsx
• packages/mobile-sdk-alpha/src/errors/SdkError.ts
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts
• packages/mobile-sdk-alpha/.eslintrc.cjs
• packages/mobile-sdk-alpha/src/nfc/index.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/src/qr/index.ts
• packages/mobile-sdk-alpha/tests/entry.test.tsx
• packages/mobile-sdk-alpha/src/components/screens/QRCodeScreen.tsx
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/src/errors/index.ts
• packages/mobile-sdk-alpha/tests/setup.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts
• packages/mobile-sdk-alpha/tests/provider.test.tsx
• packages/mobile-sdk-alpha/scripts/postBuild.mjs

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/README.md : Document new/updated SDK modules and usage in packages/mobile-sdk-alpha/README.md

Applied to files:

• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/src/types/ui.ts
• packages/mobile-sdk-alpha/src/config/merge.ts
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx
• packages/mobile-sdk-alpha/src/hooks/useDocumentManager.ts
• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/src/context.tsx
• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/errors/SdkError.ts
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts
• packages/mobile-sdk-alpha/.eslintrc.cjs
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/scripts/verify-conditions.mjs
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/src/errors/index.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts
• package.json

📚 Learning: 2025-08-25T14:25:57.541Z

Learnt from: aaronmgdr
PR: selfxyz/self#951
File: app/src/providers/authProvider.web.tsx:17-18
Timestamp: 2025-08-25T14:25:57.541Z
Learning: The selfxyz/mobile-sdk-alpha/constants/analytics import path is properly configured with SDK exports, Metro aliases, and TypeScript resolution. Import changes from @/consts/analytics to this path are part of valid analytics migration, not TypeScript resolution issues.

Applied to files:

• packages/mobile-sdk-alpha/src/client.ts
• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/src/config/merge.ts
• packages/mobile-sdk-alpha/src/components/SelfMobileSdk.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/src/context.tsx
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts
• packages/mobile-sdk-alpha/.eslintrc.cjs
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/src/errors/index.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/tests/setup.ts : Provide Vitest setup file at packages/mobile-sdk-alpha/tests/setup.ts to suppress console noise

Applied to files:

• packages/mobile-sdk-alpha/src/types/public.ts
• packages/mobile-sdk-alpha/tests/processing/nfc.test.ts
• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/vitest.config.ts
• packages/mobile-sdk-alpha/tests/bridge/nativeEvents.test.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/tests/errors.test.ts
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/tsup.config.ts
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/src/browser.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/tests/entry.test.tsx
• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/tests/setup.ts
• packages/mobile-sdk-alpha/tests/provider.test.tsx

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Enable tree shaking for the SDK (e.g., ensure 'sideEffects' is correctly set in package.json and exports are ESM-friendly)

Applied to files:

• packages/mobile-sdk-alpha/src/adapters/web/shims.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/scripts/shimConfigs.js
• packages/mobile-sdk-alpha/src/entry/index.tsx
• packages/mobile-sdk-alpha/scripts/validate-exports.mjs
• packages/mobile-sdk-alpha/tests/webShim.test.ts
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/index.ts
• packages/mobile-sdk-alpha/.eslintrc.cjs
• package.json
• packages/mobile-sdk-alpha/scripts/postBuild.mjs

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/vitest.config.ts : Use Vitest in the SDK with a Node environment configured in packages/mobile-sdk-alpha/vitest.config.ts

Applied to files:

• packages/mobile-sdk-alpha/tests/config.test.ts
• packages/mobile-sdk-alpha/vitest.config.ts
• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/tests/SelfMobileSdk.test.tsx
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/tests/setup.ts

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• packages/mobile-sdk-alpha/tests/client.test.tsx
• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/tests/client.test.ts
• packages/mobile-sdk-alpha/tests/setup.ts
• package.json
• packages/mobile-sdk-alpha/scripts/postBuild.mjs
• app/package.json

📚 Learning: 2025-08-24T18:52:25.765Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.765Z
Learning: Applies to contracts/contracts/IdentityVerificationHubImplV2.sol : Identity Verification Hub: manage multi-step verification for passports and EU ID cards, handle document attestation via ZK proofs, and implement E-PASSPORT and EU_ID_CARD paths in IdentityVerificationHubImplV2.sol

Applied to files:

• packages/mobile-sdk-alpha/src/types/ui.ts

📚 Learning: 2025-08-24T18:55:07.911Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.911Z
Learning: Passport verification workflow: NFC data extraction → MRZ validation → DSC verification → Register proof → compliance via ZK → attestation

Applied to files:

• packages/mobile-sdk-alpha/src/types/ui.ts

📚 Learning: 2025-08-24T18:55:07.911Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.911Z
Learning: Applies to **/*.{ts,tsx} : Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')

Applied to files:

• packages/mobile-sdk-alpha/src/types/ui.ts

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/src/processing/** : Place MRZ processing helpers in packages/mobile-sdk-alpha/src/processing/

Applied to files:

• packages/mobile-sdk-alpha/src/mrz/index.ts
• packages/mobile-sdk-alpha/src/processing/mrz.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/demo/** : Provide an in-SDK lightweight React Native demo under packages/mobile-sdk-alpha/demo/

Applied to files:

• packages/mobile-sdk-alpha/src/entry/index.tsx

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/src/crypto/** : Place crypto adapters and utilities in packages/mobile-sdk-alpha/src/crypto/

Applied to files:

• packages/mobile-sdk-alpha/tests/utils/testHelpers.ts
• packages/mobile-sdk-alpha/src/adapters/index.ts

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/src/validation/** : Place document validation logic in packages/mobile-sdk-alpha/src/validation/

Applied to files:

• packages/mobile-sdk-alpha/tests/validation/document.test.ts
• packages/mobile-sdk-alpha/src/validation/document.ts

📚 Learning: 2025-08-24T18:52:25.765Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.765Z
Learning: Applies to tests/src/**/*.{test,spec}.{ts,tsx,js,jsx} : Mock console.error in tests to avoid noisy output

Applied to files:

• packages/mobile-sdk-alpha/tests/setup.ts

📚 Learning: 2025-08-24T18:55:07.911Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.911Z
Learning: Applies to package.json : Distribute the SDK via npm/yarn with proper package metadata

Applied to files:

• package.json

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• package.json
• app/package.json

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to app/package.json : Expose a 'test:build' script in the app's package.json that builds deps, types, performs bundle analysis, and runs tests

Applied to files:

• package.json
• app/package.json

🧬 Code graph analysis (7)

packages/mobile-sdk-alpha/src/mrz/index.ts (1)

app/src/utils/cameraScanner.ts (1)

• mrzInfo (35-56)

packages/mobile-sdk-alpha/src/bridge/nativeEvents.ts (1)

app/src/screens/MainScreen.tsx (1)

• handleNativeEvent (127-139)

packages/mobile-sdk-alpha/src/errors/MrzParseError.ts (1)

app/src/utils/cameraScanner.ts (1)

• mrzInfo (35-56)

packages/mobile-sdk-alpha/src/nfc/index.ts (1)

app/src/screens/MainScreen.tsx (1)

• Platform (106-115)

packages/mobile-sdk-alpha/src/components/screens/QRCodeScreen.tsx (1)

app/src/screens/AppScreen.tsx (1)

• useUserStore (16-106)

scripts/check-license-headers.mjs (1)

scripts/check-duplicate-headers.cjs (2)

• args (31-31)
• path (5-5)

scripts/check-duplicate-headers.cjs (1)

scripts/check-license-headers.mjs (3)

• args (81-81)
• files (20-20)
• files (86-86)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: e2e-ios

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Preserve license banner in built error classes.

As with the NFC module, ensure build settings keep the license header in emitted artifacts. Error classes are commonly imported in end-user apps; distributing them without the BUSL-1.1 banner can create compliance gaps.

Use the same script shared in the NFC file comment to confirm banner/legalComments configuration.

---

🏁 Script executed:

#!/bin/bash
set -e

echo "Finding tsconfig.json in mobile-sdk-alpha..."
fd tsconfig.json packages/mobile-sdk-alpha

echo -e "\nReading packages/mobile-sdk-alpha/tsconfig.json..."
cat packages/mobile-sdk-alpha/tsconfig.json

echo -e "\nShowing build script in packages/mobile-sdk-alpha/package.json..."
grep -R '"build"' -C2 packages/mobile-sdk-alpha/package.json || true

echo -e "\nSearching for Babel or Webpack config in mobile-sdk-alpha"
fd babel.config.js packages/mobile-sdk-alpha || true
fd webpack.config.js packages/mobile-sdk-alpha || true

Length of output: 1487

---

🏁 Script executed:

#!/bin/bash
set -e

echo "Searching for tsup.config.ts in repository..."
fd tsup.config.ts || true

echo -e "\nSearching for tsup usage in package.json scripts..."
grep -R "\"tsup\"" -n .

echo -e "\nSearching for legalComments in repo..."
grep -R "legalComments" -n .

echo -e "\nSearching for banner options in mobile-sdk-alpha..."
grep -R "banner" -n packages/mobile-sdk-alpha

echo -e "\nDisplaying postBuild.mjs if present..."
if [ -f packages/mobile-sdk-alpha/scripts/postBuild.mjs ]; then
  sed -n '1,200p' packages/mobile-sdk-alpha/scripts/postBuild.mjs
else
  echo "No postBuild.mjs found"
fi

Length of output: 823

---

🏁 Script executed:

#!/bin/bash
set -e

echo "Searching for banner in packages/mobile-sdk-alpha/tsup.config.ts..."
grep -R "banner" -n packages/mobile-sdk-alpha/tsup.config.ts || echo "no banner in tsup.config.ts"

echo "Searching for legalComments in packages/mobile-sdk-alpha/tsup.config.ts..."
grep -R "legalComments" -n packages/mobile-sdk-alpha/tsup.config.ts || echo "no legalComments in tsup.config.ts"

Length of output: 585

---

Ensure the BUSL-1.1 license header is preserved in mobile-sdk-alpha builds

The current packages/mobile-sdk-alpha/tsup.config.ts has no banner or esbuildOptions.legalComments setting, so esbuild will strip all comments (including license headers) by default (esbuild.github.io). Without explicit configuration, your built error-class modules will lack the required BUSL-1.1 banner, creating a compliance gap.

Please update packages/mobile-sdk-alpha/tsup.config.ts to include one of the following:

• Use a custom banner to inject the full license text:

import { defineConfig } from 'tsup'
import fs from 'fs'
const license = fs.readFileSync('./LICENSE.header', 'utf8')

export default defineConfig({
  /* existing options */
  banner: {
    js: license,    // injects the BUSL-1.1 header at the top of each .js output
  },
})

This leverages tsup’s built-in banner support (app.unpkg.com).

• Or leverage esbuild’s legal-comments feature to preserve only “legal comments” (comments starting with /*! or containing @license/@preserve):

import { defineConfig } from 'tsup'

export default defineConfig({
  /* existing options */
  esbuildOptions(options) {
    options.legalComments = 'inline'   // keeps all recognized license comments in-line
    return options
  },
})

This uses esbuild’s legalComments: 'inline' mode to retain license blocks (esbuild.github.io).

After making either change, run yarn build in packages/mobile-sdk-alpha and verify that the BUSL-1.1 header appears atop every emitted JS file.

🤖 Prompt for AI Agents

In packages/mobile-sdk-alpha/src/errors/InitError.ts around lines 1 to 2, the
BUSL-1.1 license header comment present in source will be stripped during
bundling because packages/mobile-sdk-alpha/tsup.config.ts lacks a banner or
esbuildOptions.legalComments setting; update tsup.config.ts to either add a
banner option that injects the full BUSL-1.1 header into emitted JS files or
configure esbuildOptions(options) to set options.legalComments = 'inline' so
license comments (/*! or @license) are preserved, then rebuild and verify the
BUSL header appears at the top of each output file.

[aaronmgdr]

@transphorm this seems like a good call out.

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[transphorm]

yeah will add

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure license header is preserved in distributed bundles (configure banner/legalComments).

Single-line SPDX at source is good, but bundlers often strip comments unless explicitly preserved. For legal/compliance, ensure tsup/esbuild is configured to retain a license banner in built artifacts (e.g., esbuild option legalComments: "eof" and a banner). Otherwise, published SDK builds may omit the BUSL-1.1 header, creating licensing risk for downstream consumers.

Run the following to verify the bundling config preserves license headers:

---

🏁 Script executed:

#!/bin/bash
# Verify that tsup/esbuild preserves license headers via banner/legalComments.
set -euo pipefail
# Find tsup configs in the repo
fd -a tsup.config.ts
echo "---- Inspecting potential banner/legalComments in tsup configs ----"
fd -a tsup.config.ts | while read -r f; do
  echo "File: $f"
  rg -n -C2 'banner|legalComments|esbuildOptions' "$f" || true
done

Length of output: 1338

---

Add explicit license‐preservation settings in the mobile‐sdk-alpha bundler config

Our inspection of all tsup.config.ts files shows no banner, legalComments, or esbuildOptions overrides today—so the SPDX header in src/nfc/index.ts won’t survive most bundling pipelines and could be dropped in published artifacts. To fix:

• In packages/mobile-sdk-alpha/tsup.config.ts, extend your defineConfig({…}) to include both a license banner and esbuild’s legalComments option. For example:

 import { defineConfig } from 'tsup'
 
 export default defineConfig({
-  entry: ['src/index.ts'],
+  entry: ['src/index.ts'],
   // …existing options…
+  // preserve license header in output bundles
+  esbuildOptions: (options) => {
+    // keep comments with SPDX in the final file
+    options.legalComments = 'eof'
+  },
+  banner: {
+    js: `// SPDX-License-Identifier: BUSL-1.1; Copyright (c) 2025 Social Connect Labs, Inc.; Licensed under BUSL-1.1 (see LICENSE); Apache-2.0 from 2029-06-11`
+  },
 })

This ensures downstream consumers always see the BUSL-1.1 header in distributed bundles rather than losing it to comment stripping.

[transphorm]

@aaronmgdr added this logic

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[aaronmgdr]

good to get this in. maybe we should checkout that suggestion about build step

[transphorm]

@coderabbitai summary

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.