chore: update dev with staging 09/06/25

[transphorm]

Summary by CodeRabbit

• New Features

  • Added a Developer "View Private Key" screen and a non-dev Android "build_only" build flow plus a Play Store upload helper script.

• Improvements

  • APDU-level NFC logging and per-scan session diagnostics; enhanced NFC auth flow and 30s NFC scan timeout.
  • Deeplink handling improved to preserve back-stack and defer initial URL until splash completes.
  • CI/workflow triggers moved to run on pull requests targeting dev/staging/main.

• Documentation

  • Contributing note: PRs should target staging; added docs for the Android build_only command.

• Tests

  • Expanded deeplink/navigation tests and added TD1 MRZ parsing tests.

• Chores

  • Bumped iOS and Android build numbers and updated version metadata.

[coderabbitai]

Walkthrough

Updates CI/workflow triggers to PR-only (adds staging), shifts mobile deploy to staging-aligned checkouts/ADC auth and PR-based version bumps, adds Android APDU logging and session context, introduces deeplink queuing handled by Splash, adds DevPrivateKey dev screen, and increments platform build versions.

Changes

Cohort / File(s)	Summary
Staging policy & governance .coderabbit.yaml, README.md	Add staging to auto-review base branches; document PR-from-staging requirement in README.
CI trigger consolidation .github/workflows/* .../circuits-build.yml, .../circuits.yml, .../contracts.yml, .../mobile-ci.yml, .../mobile-e2e.yml, .../qrcode-sdk-ci.yml, .../web.yml	Remove push triggers; switch to pull_request triggers targeting dev, staging, and main; adjust branch/path filters and macOS runner sizing.
Mobile deploy pipeline .github/workflows/mobile-deploy.yml	Add id-token: write; checkout ref: staging with fetch-depth: 0; per-run cache keys use github.sha; build-deps stages; robust NDK/CMake install with retries; PR-driven version bumps; Play upload via ADC/WIF and new Python script; revised release/tag steps.
Fastlane deploy logic app/fastlane/Fastfile, app/fastlane/README.md	Add Android build_only lane and docs; conditional Play Store credential handling (local JSON vs CI ADC); skip-upload flows; iOS MARKETING_VERSION sync after bumps.
Play upload script app/scripts/upload_to_play_store.py	New script: authenticate via ADC/WIF, create Play edit, upload AAB, assign track, commit or hold for review; CLI flags --aab, --package-name, --track.
Android NFC APDU logging app/android/react-native-passport-reader/.../APDULogger.kt, .../RNPassportReaderModule.kt	Add APDULogger implementation with session context, analytics reporting; attach/detach listener; PACE/BAC flow improvements, richer error analytics, and logAnalyticsEvent exposure.
Deeplink queuing & navigation app/src/utils/deeplinks.ts, app/src/screens/system/SplashScreen.tsx, app/tests/utils/deeplinks.test.ts	Queue initial universal link until Splash sets the parent screen; getAndClearQueuedUrl/setDeeplinkParentScreen APIs; navigation reset used to preserve back stack; tests updated to expect reset.
Dev tools & navigation app/src/navigation/devTools.ts, app/src/navigation/index.tsx, app/src/screens/dev/DevPrivateKeyScreen.tsx, app/src/screens/dev/DevSettingsScreen.tsx, app/vite.config.ts, app/tests/src/navigation.test.ts	Add DevPrivateKey screen and route; import dev screens from devTools; vite chunk mapping updated; tests updated to include new screen.
NFC scan UX app/src/screens/document/DocumentNFCScanScreen.tsx	Add 30s timeout to NFC scan flow; on expiry cancel scan, log timeout error, show modal, and close NFC sheet.
Version bumps & metadata app/android/app/build.gradle, app/ios/Self.xcodeproj/project.pbxproj, app/version.json	Android versionCode increased (85→90); iOS CURRENT_PROJECT_VERSION bumped (149→169); app/version.json updated accordingly.
SDK tests packages/mobile-sdk-alpha/tests/processing/mrz.test.ts	Add TD1 MRZ parsing/validation tests (includes duplicate block).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant GH as GitHub Actions
  participant ADC as ADC/WIF
  participant Build as Builder
  participant Fastlane as Fastlane
  participant Py as upload_to_play_store.py
  participant Play as Google Play API

  Dev->>GH: Open PR (target: staging / dev / main)
  GH->>ADC: Request id-token / ADC (id-token: write)
  ADC-->>GH: Credentials
  GH->>Build: Checkout `staging` (fetch-depth:0), run Build Dependencies
  alt Android build_only
    GH->>Fastlane: fastlane android build_only
    Fastlane-->>GH: produce AAB
    GH->>Py: upload_to_play_store.py --aab
    Py->>ADC: obtain scoped credentials
    Py->>Play: create edit, upload bundle, update track, commit
    Play-->>Py: response (versionCode)
    Py-->>GH: result
  end
  GH->>GH: Open PRs for build/version bumps (if needed)

Loading

sequenceDiagram
  autonumber
  participant App as App
  participant DL as deeplinks.ts
  participant Splash as SplashScreen
  participant Nav as navigationRef

  App->>DL: setupUniversalLinkListenerInNavigation()
  DL->>DL: queuedInitialUrl = url (defer handling)
  Splash->>DL: setDeeplinkParentScreen(parent)
  Splash->>DL: getAndClearQueuedUrl()
  alt queued URL exists
    Splash->>DL: handleUrl(url)
    DL->>Nav: reset({ index:1, routes: [{name: parent}, {name: target}] })
  else
    Splash->>Nav: navigate(parent)
  end

Loading

sequenceDiagram
  autonumber
  participant RN as RNPassportReaderModule
  participant Service as PassportService
  participant Logger as APDULogger
  participant Analytics as Analytics

  RN->>Logger: setContext(session_id)
  RN->>Service: addAPDUListener(Logger)
  loop NFC flow
    Service-->>Logger: exchangedAPDU(event)
    Logger->>Analytics: log nfc_apdu_exchange
  end
  RN->>Logger: clearContext()

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• update workflow to use workload identity federation #933 — Overlaps mobile-deploy auth changes (id-token / WIF / Play upload); high code-level connection.
• Add thorough test cases for mobile app #752 — Modifies deeplink utilities and navigation handling; directly related to queued deeplink and reset behavior.
• Fix nfc configuration scanning issue #978 — Updates NFC/passport-reader analytics and scanning flow; relates to APDULogger and RN module changes.

Suggested labels

codex

Suggested reviewers

• remicolin
• aaronmgdr

Poem

Staging hums, the pipelines sing,
Hexed APDUs and deeplinks cling.
A private key hides, then reveals,
Version bumps and build-time deals.
Push-less checks, PRs set to roam —
Ships align, the repo’s home. 🚢✨

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d0a24cb and ee5419c.

📒 Files selected for processing (3)

• .github/workflows/mobile-ci.yml (2 hunks)
• README.md (1 hunks)
• app/version.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• app/version.json
• README.md
• .github/workflows/mobile-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: e2e-ios

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch justin/update-dev-with-staging-09-06-25

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[transphorm]

@remicolin migrated your changes over

[transphorm]

@seshanthS migrating this over to dev

[transphorm]

opening from staging makes sense 👍

[transphorm]

accidentally removed this screen in this pr - https://github.com/selfxyz/self/pull/994/files#diff-c2729da81fe0f51e63433d07376e4db00e1643cfefc5c7605cc775c158bf6e99

[coderabbitai]

Actionable comments posted: 21

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (7)

packages/mobile-sdk-alpha/tests/processing/mrz.test.ts (1)

7-8: Use package import path in tests (per repo guidelines)

Avoid relative src imports in package tests; import via the package to exercise the public API and prevent path coupling.

Proposed change (adjust if these are re-exported at the entrypoint):

-import { MrzParseError } from '../../src/errors';
-import { extractMRZInfo, formatDateToYYMMDD } from '../../src/processing/mrz';
+import { MrzParseError, extractMRZInfo, formatDateToYYMMDD } from '@selfxyz/mobile-sdk-alpha/processing/mrz';

Verify exports with:

#!/bin/bash
# Check source exports
rg -nP "export\s+(?:type\s+)?\{?[^}]*\b(extractMRZInfo|formatDateToYYMMDD|MrzParseError)\b" packages/mobile-sdk-alpha/src -C2

# Check package entrypoint re-exports
fd -a 'index.ts|main.ts|exports.ts' packages/mobile-sdk-alpha/src | xargs -I{} rg -n "export .*from .*mrz" {} -C2

.github/workflows/qrcode-sdk-ci.yml (1)

51-63: Replace direct actions/cache with shared cache-yarn.

Repo guideline: use composite caching actions; avoid actions/cache for dependency caches.

-      - name: Cache Yarn dependencies
-        id: yarn-cache
-        uses: actions/cache@v4
-        with:
-          path: |
-            .yarn/cache
-            node_modules
-            sdk/qrcode/node_modules
-            common/node_modules
-          key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
+      - name: Cache Yarn dependencies
+        uses: ./.github/actions/cache-yarn
+        with:
+          path: |
+            .yarn/cache
+            node_modules
+            sdk/qrcode/node_modules
+            common/node_modules
+          cache-version: ${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}

Repeat the same replacement in quality-checks, build-verification, and integration-test jobs.
Note: Using actions/cache for build artifacts (dist) is acceptable until a shared composite exists.

Also applies to: 109-121, 176-188, 236-248

.github/workflows/circuits-build.yml (1)

22-25: Stop calling actions/cache directly; use shared composites + versioned keys.

Repo guideline: use composite caching actions and stable cache-version keys. Replace direct cache calls for Circom with a repo composite (e.g., cache-dir) and include GH_CACHE_VERSION.

   permissions:
     contents: read
   env:
+    GH_CACHE_VERSION: v1
     CIRCOM_VERSION: "2.1.9"
     CIRCOM_SHA256: "e5575829252d763b7818049df9de2ef9304df834697de77fa63ce7babc23c967"

-      - name: Restore Circom binary
-        id: circom-cache
-        uses: actions/cache/restore@v4
-        with:
-          path: ~/.cache/circom
-          key: circom-v2.1.9
+      - name: Restore Circom binary
+        id: circom-cache
+        uses: ./.github/actions/cache-dir
+        with:
+          path: ~/.cache/circom
+          key: ${{ env.GH_CACHE_VERSION }}-circom-v2.1.9

-      - name: Save Circom cache
-        if: steps.circom-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with:
-          path: ~/.cache/circom
-          key: circom-v2.1.9
+      - name: Save Circom cache
+        if: steps.circom-cache.outputs.cache-hit != 'true'
+        uses: ./.github/actions/cache-dir
+        with:
+          path: ~/.cache/circom
+          key: ${{ env.GH_CACHE_VERSION }}-circom-v2.1.9

Also applies to: 44-50, 98-105

app/src/utils/deeplinks.ts (1)

102-114: Validate selfApp.sessionId before starting listener.

selfApp JSON is parsed and sessionId is used without applying the same allowlist as query params. A crafted selfApp can bypass sessionId regex and trigger unintended behavior. Validate and route to QRCodeTrouble on failure.

   if (selfAppStr) {
     try {
       const selfAppJson = JSON.parse(selfAppStr);
-      useSelfAppStore.getState().setSelfApp(selfAppJson);
-      useSelfAppStore.getState().startAppListener(selfAppJson.sessionId);
+      const sid = String(selfAppJson.sessionId ?? '');
+      if (!VALIDATION_PATTERNS.sessionId.test(sid)) {
+        if (typeof __DEV__ !== 'undefined' && __DEV__) {
+          console.error('selfApp.sessionId failed validation:', sid);
+        }
+        navigationRef.reset(
+          createDeeplinkNavigationState('QRCodeTrouble', correctParentScreen),
+        );
+        return;
+      }
+      useSelfAppStore.getState().setSelfApp(selfAppJson);
+      useSelfAppStore.getState().startAppListener(sid);
 
       // Reset navigation stack with correct parent -> ProveScreen
       navigationRef.reset(
         createDeeplinkNavigationState('ProveScreen', correctParentScreen),
       );

app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt (3)

603-617: Fix crash: dg2File is used before initialization (DG2 read is commented out).

DG2 reading is commented out earlier, but passive auth still computes dg2Hash from dg2File. This will throw UninitializedPropertyAccessException at runtime on first scan.

Apply one of the following minimal fixes.

Option A — re-enable DG2 read (recommended for full SOD verification):

@@
-                // eventMessageEmitter("Reading DG2.....")
-                // val dg2In = service.getInputStream(PassportService.EF_DG2)
-                // dg2File = DG2File(dg2In)
+                eventMessageEmitter(Messages.READING_DG2)
+                val dg2In = service.getInputStream(PassportService.EF_DG2)
+                dg2File = DG2File(dg2In)
+                logAnalyticsEvent("nfc_reading_dg2_completed")
+                eventMessageEmitter(Messages.READING_DG2_SUCCEEDED)

Option B — skip DG2 hashing when DG2 isn’t read (quickest unblock):

@@
-                val dg2Hash = digest.digest(dg2File.encoded)
+                // DG2 not read in this flow; avoid touching uninitialized dg2File
+                // val dg2Hash = digest.digest(dg2File.encoded)

---

208-213: Avoid getBoolean() throwing on missing keys; don’t use Elvis on a non-nullable.

ReadableMap.getBoolean throws if the key is absent/mistyped; the Elvis here won’t help. Compute flags with hasKey guards to avoid runtime exceptions and noisy error analytics.

-        logAnalyticsEvent("nfc_scan_started", mapOf(
-            "use_can" to (opts.getBoolean(PARAM_USE_CAN) ?: false),
-            "has_document_number" to (!opts.getString(PARAM_DOC_NUM).isNullOrEmpty()),
-            "has_can_number" to (!opts.getString(PARAM_CAN).isNullOrEmpty()),
-            "platform" to "android"
-        ))
+        val useCan = opts.hasKey(PARAM_USE_CAN) && opts.getBoolean(PARAM_USE_CAN)
+        val hasDocNum = opts.hasKey(PARAM_DOC_NUM) && !opts.getString(PARAM_DOC_NUM).isNullOrEmpty()
+        val hasCan = opts.hasKey(PARAM_CAN) && !opts.getString(PARAM_CAN).isNullOrEmpty()
+        logAnalyticsEvent("nfc_scan_started", mapOf(
+            "use_can" to useCan,
+            "has_document_number" to hasDocNum,
+            "has_can_number" to hasCan,
+            "platform" to "android"
+        ))

---

771-779: Align Android payload with JS parser (documentSigningCertificate, eContent/signature base64).

JS expects documentSigningCertificate to be a JSON string with a PEM field, and also relies on base64 forms of eContent/signature. Current payload overwrites documentSigningCertificate twice and may break parsers.

Patch to keep backward compatibility and add the expected fields:

@@
-            passport.putString("documentSigningCertificate", certificateBase64)
+            // Keep base64 under a distinct key
+            passport.putString("documentSigningCertificateBase64", certificateBase64)
@@
-            passport.putString("dataGroupHashes", gson.toJson(sodFile.dataGroupHashes))
-            passport.putString("eContent", gson.toJson(sodFile.eContent))
-            passport.putString("encryptedDigest", gson.toJson(sodFile.encryptedDigest))
+            passport.putString("dataGroupHashes", gson.toJson(sodFile.dataGroupHashes))
+            // Provide both JSON-array and base64 forms for cross‑platform parity
+            passport.putString("eContent", gson.toJson(sodFile.eContent))
+            passport.putString("eContentBase64", Base64.encodeToString(sodFile.eContent, Base64.NO_WRAP))
+            passport.putString("encryptedDigest", gson.toJson(sodFile.encryptedDigest))
+            passport.putString("signatureBase64", Base64.encodeToString(sodFile.encryptedDigest, Base64.NO_WRAP))
@@
-            val pemCert = "-----BEGIN CERTIFICATE-----\n" + Base64.encodeToString(docSigningCert.encoded, Base64.DEFAULT) + "-----END CERTIFICATE-----"
-            passport.putString("documentSigningCertificate", pemCert)
+            val pemCert = "-----BEGIN CERTIFICATE-----\n" + Base64.encodeToString(docSigningCert.encoded, Base64.DEFAULT) + "-----END CERTIFICATE-----"
+            passport.putString("documentSigningCertificate", JSONObject().put("PEM", pemCert).toString())
+
+            // Add alias matching existing TypeScript naming
+            passport.putString("encapsulatedContentDigestAlgorithm", sodFile.digestAlgorithm)

Run this quick check to validate the current JS expectations before merging:

#!/bin/bash
# Look for parsers expecting JSON{PEM} and specific field names
rg -nC2 -g 'app/**' -S \
  'JSON\.parse\(\s*parsed\?\.\s*documentSigningCertificate' \
  'encapsulatedContentDigestAlgorithm' \
  'eContentBase64' \
  'signatureBase64'

Also applies to: 803-812, 827-830

🧹 Nitpick comments (13)

packages/mobile-sdk-alpha/tests/processing/mrz.test.ts (1)

65-83: Deduplicate TD1 MRZ tests to reduce noise and runtime

This block repeats the same three TD1 cases already covered earlier (Lines 45-63). Keep a single canonical set.

Apply this diff to remove the duplicate block:

-  it('parses valid TD1 MRZ', () => {
-    const info = extractMRZInfo(sampleTD1);
-    expect(info.documentNumber).toBe('X4RTBPFW4');
-    expect(info.issuingCountry).toBe('FRA');
-    expect(info.dateOfBirth).toBe('900713');
-    expect(info.dateOfExpiry).toBe('300211');
-    expect(info.validation?.overall).toBe(true);
-  });
-
-  it('rejects invalid TD1 MRZ', () => {
-    const invalid = `FRAX4RTBPFW46`;
-    expect(() => extractMRZInfo(invalid)).toThrow();
-  });
-
-  it('Fails overall validation for invalid TD1 MRZ', () => {
-    const invalid = `IDFRAX4RTBPFW46`;
-    const info = extractMRZInfo(invalid);
-    expect(info.validation?.overall).toBe(false);
-  });

README.md (1)

89-90: Clarify source vs target branch policy.

State explicitly that the PR’s source branch must be staging (targets may be dev/main). Prevent confusion with the updated CI triggers.

Apply:

- > **Important:** Please open your pull request from the `staging` branch. Pull requests from other branches will be automatically closed.
+ > **Important:** Open pull requests with `staging` as the source branch. PRs opened from any other source branch will be automatically closed. Target branches may be `dev` or `main` per CI policy.

.github/workflows/web.yml (1)

18-26: Add shared Yarn cache to speed builds (and follow repo policy).

Use the composite cache-yarn action before install.

   - uses: actions/checkout@v4
+  - name: Cache Yarn
+    uses: ./.github/actions/cache-yarn
+    with:
+      path: |
+        .yarn/cache
+        node_modules
+        app/node_modules
+      cache-version: ${{ env.GH_CACHE_VERSION || 'v1' }}
   - name: Install Dependencies
     uses: ./.github/actions/yarn-install

.github/workflows/mobile-ci.yml (1)

241-258: Avoid direct actions/cache; extract Xcode caches to a shared composite.

Stay consistent with repo policy (use .github/actions composites). Suggest introducing cache-xcode and cache-xcode-index composites.

Example usage after adding composites:

-      - name: Cache Xcode build
-        uses: actions/cache@v4
+      - name: Cache Xcode build
+        uses: ./.github/actions/cache-xcode
         with:
           path: |
             app/ios/build
             ~/Library/Developer/Xcode/DerivedData
             ~/Library/Caches/com.apple.dt.Xcode
-          key: ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock', 'app/ios/OpenPassport.xcworkspace/contents.xcworkspacedata', 'app/ios/Self.xcworkspace/contents.xcworkspacedata') }}
-          restore-keys: |
-            ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}-
-            ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-
+          cache-version: ${{ env.GH_CACHE_VERSION }}-xcode-${{ env.XCODE_VERSION }}

Do the same for “Cache Xcode Index.”

.github/workflows/circuits.yml (1)

1-10: Optional: add concurrency to cancel superseded runs.

Matches other workflows; reduces queue waste on active PRs.

 on:
   pull_request:
     branches:
       - dev
       - staging
       - main
     paths:
       - "circuits/**"
+concurrency:
+  group: circuits-ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/mobile-e2e.yml (1)

66-71: Unify caching via composites for consistency and policy compliance.

Per repo policy, avoid direct actions/cache. Consider adding a generic cache-dir composite and using it for Maestro and DerivedData to standardize TTL, restore-keys, and logging.

-      - name: Cache Maestro
-        id: cache-maestro
-        uses: actions/cache@v4
+      - name: Cache Maestro
+        id: cache-maestro
+        uses: ./.github/actions/cache-dir
         with:
           path: ~/.maestro
           key: ${{ runner.os }}-maestro-${{ env.MAESTRO_VERSION }}

-      - name: Cache DerivedData
-        uses: actions/cache@v4
+      - name: Cache DerivedData
+        uses: ./.github/actions/cache-dir
         with:
           path: app/ios/build
           key: ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock', 'app/ios/OpenPassport.xcworkspace/contents.xcworkspacedata', 'app/ios/Self.xcworkspacedata') }}
           restore-keys: |
             ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}-
             ${{ runner.os }}-derived-data-${{ env.XCODE_VERSION }}-

Also applies to: 212-219

app/fastlane/Fastfile (1)

404-413: Prefer explicit tasks/flags in fastlane gradle invocation

Embedding multiple tasks and flags in a single task string is brittle.

-      gradle(
-        task: "clean bundleRelease --stacktrace --info",
+      gradle(
+        tasks: ["clean", "bundleRelease"],
+        flags: "--stacktrace --info",
         project_dir: "android/",
         properties: {
           "MYAPP_UPLOAD_STORE_FILE" => ENV["ANDROID_KEYSTORE_PATH"],
           "MYAPP_UPLOAD_STORE_PASSWORD" => ENV["ANDROID_KEYSTORE_PASSWORD"],
           "MYAPP_UPLOAD_KEY_ALIAS" => ENV["ANDROID_KEY_ALIAS"],
           "MYAPP_UPLOAD_KEY_PASSWORD" => ENV["ANDROID_KEY_PASSWORD"] == "EMPTY" ? "" : ENV["ANDROID_KEY_PASSWORD"],
         },
       )

app/tests/utils/deeplinks.test.ts (2)

31-57: Add coverage for new splash coordination APIs (parent screen + queuing).

The new flow introduces setDeeplinkParentScreen() and getAndClearQueuedUrl(), but tests don’t assert them. Add cases to:

• verify parent override (e.g., parent='Splash' -> [Splash, ProveScreen])
• verify initial URL is queued by setupUniversalLinkListenerInNavigation() and drained once via getAndClearQueuedUrl()

Here’s a minimal addition:

@@
 describe('deeplinks', () => {
   beforeEach(() => {
@@
   });

+  it('respects setDeeplinkParentScreen when navigating', () => {
+    const { setDeeplinkParentScreen, handleUrl } = require('@/utils/deeplinks');
+    setDeeplinkParentScreen('Splash');
+    handleUrl('scheme://open?sessionId=xyz');
+    const { navigationRef } = require('@/navigation');
+    expect(navigationRef.reset).toHaveBeenCalledWith({
+      index: 1,
+      routes: [{ name: 'Splash' }, { name: 'ProveScreen' }],
+    });
+  });
+
+  it('queues initial URL and clears it exactly once', async () => {
+    const {
+      setupUniversalLinkListenerInNavigation,
+      getAndClearQueuedUrl,
+    } = require('@/utils/deeplinks');
+    (Linking.getInitialURL as jest.Mock).mockResolvedValue('scheme://open?sessionId=abc');
+    setupUniversalLinkListenerInNavigation();
+    // allow the promise microtask to resolve
+    await Promise.resolve();
+    expect(getAndClearQueuedUrl()).toBe('scheme://open?sessionId=abc');
+    expect(getAndClearQueuedUrl()).toBeNull();
+  });

---

150-166: Exercise the web platform guard.

Add a test to assert that Platform.OS === 'web' does not trigger a QRCodeTrouble reset (current branch intentionally no-ops). This prevents regressions that would misroute web users.

@@
   describe('handleUrl', () => {
+    it('no-ops on web platform', () => {
+      jest.doMock('react-native', () => ({
+        Platform: { OS: 'web' },
+        Linking,
+      }));
+      jest.resetModules();
+      const { handleUrl } = require('@/utils/deeplinks');
+      const { navigationRef } = require('@/navigation');
+      handleUrl('scheme://open?foo=bar');
+      expect(navigationRef.reset).not.toHaveBeenCalled();
+    });

app/src/utils/deeplinks.ts (2)

126-130: Guard reset calls on navigator readiness or defer safely.

If handleUrl fires before the navigator is ready, reset may no-op or throw depending on integration. Add a readiness check with a fallback queue.

-  navigationRef.reset(
-    createDeeplinkNavigationState('ProveScreen', correctParentScreen),
-  );
+  if (navigationRef.isReady?.()) {
+    navigationRef.reset(
+      createDeeplinkNavigationState('ProveScreen', correctParentScreen),
+    );
+  } else {
+    queuedInitialUrl = uri;
+  }

Apply similarly to other reset sites (QRCodeTrouble, MockDataDeepLink).

Also applies to: 156-167, 175-177

---

43-73: Avoid double-decoding unless required.

query-string.parseUrl() decodes by default; decodeURIComponent again can surface “malformed URI” for edge inputs and adds cost. If you keep it for hardening, document the intent and gate it per key; otherwise, drop the extra decode to rely on parseUrl’s decoder.

Also applies to: 186-207

app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/APDULogger.kt (2)

14-27: Make sessionContext thread-safe and sanitize values.

APDU events may arrive off the UI thread while context is mutated elsewhere. Use a ConcurrentHashMap and restrict values to primitives/strings to avoid serialization surprises.

-    private val sessionContext = mutableMapOf<String, Any>()
+    private val sessionContext: java.util.concurrent.ConcurrentMap<String, Any> =
+        java.util.concurrent.ConcurrentHashMap()
@@
-    fun setContext(key: String, value: Any) {
-        sessionContext[key] = value
-    }
+    fun setContext(key: String, value: Any) {
+        when (value) {
+            is String, is Number, is Boolean -> sessionContext[key] = value
+            else -> sessionContext[key] = value.toString()
+        }
+    }

Also applies to: 39-63

---

49-51: Locale-stable hex formatting.

Use Locale.ROOT to avoid locale-specific uppercasing.

-            statusWordHex = "0x${response.sw.toString(16).uppercase().padStart(4, '0')}",
+            statusWordHex = "0x" + response.sw.toString(16).uppercase(java.util.Locale.ROOT).padStart(4, '0'),

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ec93ad5 and d0a24cb.

⛔ Files ignored due to path filters (1)

• app/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (30)

• .coderabbit.yaml (1 hunks)
• .github/workflows/circuits-build.yml (1 hunks)
• .github/workflows/circuits.yml (1 hunks)
• .github/workflows/contracts.yml (1 hunks)
• .github/workflows/mobile-ci.yml (1 hunks)
• .github/workflows/mobile-deploy.yml (20 hunks)
• .github/workflows/mobile-e2e.yml (1 hunks)
• .github/workflows/qrcode-sdk-ci.yml (1 hunks)
• .github/workflows/web.yml (1 hunks)
• README.md (1 hunks)
• app/android/app/build.gradle (1 hunks)
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/APDULogger.kt (1 hunks)
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt (16 hunks)
• app/fastlane/Fastfile (5 hunks)
• app/fastlane/README.md (1 hunks)
• app/ios/Self.xcodeproj/project.pbxproj (2 hunks)
• app/scripts/upload_to_play_store.py (1 hunks)
• app/src/navigation/devTools.ts (2 hunks)
• app/src/navigation/index.tsx (1 hunks)
• app/src/screens/dev/DevPrivateKeyScreen.tsx (1 hunks)
• app/src/screens/dev/DevSettingsScreen.tsx (2 hunks)
• app/src/screens/document/DocumentNFCScanScreen.tsx (1 hunks)
• app/src/screens/settings/ManageDocumentsScreen.tsx (1 hunks)
• app/src/screens/system/SplashScreen.tsx (4 hunks)
• app/src/utils/deeplinks.ts (5 hunks)
• app/tests/src/navigation.test.ts (1 hunks)
• app/tests/utils/deeplinks.test.ts (7 hunks)
• app/version.json (1 hunks)
• app/vite.config.ts (1 hunks)
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (9)

app/android/**/*

⚙️ CodeRabbit configuration file

app/android/**/*: Review Android-specific code for:

• Platform-specific implementations
• Performance considerations
• Security best practices for mobile

Files:

• app/android/app/build.gradle
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/APDULogger.kt
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)
Do not call actions/cache directly; rely on the shared composite caching actions
When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Files:

• .github/workflows/mobile-ci.yml
• .github/workflows/mobile-e2e.yml
• .github/workflows/qrcode-sdk-ci.yml
• .github/workflows/web.yml
• .github/workflows/circuits-build.yml
• .github/workflows/circuits.yml
• .github/workflows/contracts.yml
• .github/workflows/mobile-deploy.yml

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/technical-specification.mdc)

**/*.{ts,tsx}: Define IdentityCommitment with fields: commitment (Poseidon hash), nullifier (domain-separated), timestamp (UTC number), version (circuit version), documentType ('passport' | 'eu_id_card')
Define DSCKeyCommitment with fields: publicKeyHash (Poseidon hash), certificateChain (hashes), revocationStatus (boolean), issuer (country code)
Define VerificationConfig with fields: circuitVersion (semver), complianceRules array, timeWindow (seconds, 24h), clockDrift (±5 min), trustAnchors, revocationRoots, timeSource (NTP), nullifierScope (domain separation)

Files:

• app/src/navigation/index.tsx
• app/vite.config.ts
• app/tests/src/navigation.test.ts
• app/src/screens/settings/ManageDocumentsScreen.tsx
• app/src/screens/system/SplashScreen.tsx
• app/src/screens/dev/DevPrivateKeyScreen.tsx
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• app/src/navigation/devTools.ts
• app/src/utils/deeplinks.ts
• app/tests/utils/deeplinks.test.ts
• app/src/screens/dev/DevSettingsScreen.tsx
• app/src/screens/document/DocumentNFCScanScreen.tsx

app/src/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

app/src/**/*.{ts,tsx,js,jsx}: Review React Native TypeScript code for:

• Component architecture and reusability
• State management patterns
• Performance optimizations
• TypeScript type safety
• React hooks usage and dependencies
• Navigation patterns

Files:

• app/src/navigation/index.tsx
• app/src/screens/settings/ManageDocumentsScreen.tsx
• app/src/screens/system/SplashScreen.tsx
• app/src/screens/dev/DevPrivateKeyScreen.tsx
• app/src/navigation/devTools.ts
• app/src/utils/deeplinks.ts
• app/src/screens/dev/DevSettingsScreen.tsx
• app/src/screens/document/DocumentNFCScanScreen.tsx

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• app/tests/src/navigation.test.ts
• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• app/tests/utils/deeplinks.test.ts

app/ios/**/*

⚙️ CodeRabbit configuration file

app/ios/**/*: Review iOS-specific code for:

• Platform-specific implementations
• Performance considerations
• Security best practices for mobile

Files:

• app/ios/Self.xcodeproj/project.pbxproj

packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}}

📄 CodeRabbit inference engine (packages/mobile-sdk-alpha/AGENTS.md)

packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}}: Do NOT mock @selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('@selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)
Use actual imports from @selfxyz/mobile-sdk-alpha in tests
Write integration tests that exercise the real validation logic (not mocks)
Test isPassportDataValid() with realistic synthetic passport data (never real user data)
Verify extractMRZInfo() using published sample MRZ strings (e.g., ICAO examples)
Ensure parseNFCResponse() works with representative, synthetic NFC data
Never use real user PII in tests; use only synthetic, anonymized, or approved test vectors

Files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

packages/mobile-sdk-alpha/**/*.{ts,tsx}

📄 CodeRabbit inference engine (packages/mobile-sdk-alpha/AGENTS.md)

packages/mobile-sdk-alpha/**/*.{ts,tsx}: Use strict TypeScript type checking across the codebase
Follow ESLint TypeScript-specific rules
Avoid introducing circular dependencies

Files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}

⚙️ CodeRabbit configuration file

packages/mobile-sdk-alpha/**/*.{ts,tsx,js,jsx}: Review alpha mobile SDK code for:

• API consistency with core SDK
• Platform-neutral abstractions
• Performance considerations
• Clear experimental notes or TODOs

Files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

🧠 Learnings (28)

📓 Common learnings

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: App builds successfully on target platforms before PR

📚 Learning: 2025-07-29T01:08:28.530Z

Learnt from: transphorm
PR: selfxyz/self#795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

Applied to files:

• app/android/app/build.gradle

📚 Learning: 2025-08-23T02:02:02.556Z

Learnt from: transphorm
PR: selfxyz/self#942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

Applied to files:

• app/src/navigation/index.tsx
• app/vite.config.ts
• app/src/navigation/devTools.ts
• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Use react-navigation/native with createStaticNavigation for type-safe navigation

Applied to files:

• app/src/navigation/index.tsx

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/navigation/**/*.{ts,tsx} : Set platform-specific initial routes: web → Home, mobile → Splash

Applied to files:

• app/src/navigation/index.tsx
• app/vite.config.ts
• app/src/screens/system/SplashScreen.tsx
• app/src/utils/deeplinks.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens and components to improve performance

Applied to files:

• app/src/navigation/index.tsx
• app/vite.config.ts
• app/src/navigation/devTools.ts

📚 Learning: 2025-08-25T14:25:57.586Z

Learnt from: aaronmgdr
PR: selfxyz/self#951
File: app/src/providers/authProvider.web.tsx:17-18
Timestamp: 2025-08-25T14:25:57.586Z
Learning: The selfxyz/mobile-sdk-alpha/constants/analytics import path is properly configured with SDK exports, Metro aliases, and TypeScript resolution. Import changes from @/consts/analytics to this path are part of valid analytics migration, not TypeScript resolution issues.

Applied to files:

• app/src/navigation/index.tsx

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to src/**/screens/**/*.{ts,tsx} : Lazy load screens using React.lazy()

Applied to files:

• app/vite.config.ts
• app/src/navigation/devTools.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Organize screens by feature modules (passport, home, settings, etc.)

Applied to files:

• app/vite.config.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• app/fastlane/README.md
• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to native/android/**/*.{kt,kts} : Android NFC: implement RNPassportReaderModule in Kotlin

Applied to files:

• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/APDULogger.kt
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to native/ios/**/*.{swift} : iOS NFC: implement custom PassportReader as a Swift module

Applied to files:

• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/APDULogger.kt
• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Verify extractMRZInfo() using published sample MRZ strings (e.g., ICAO examples)

Applied to files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Test isPassportDataValid() with realistic synthetic passport data (never real user data)

Applied to files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts
• app/src/utils/deeplinks.ts
• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Ensure parseNFCResponse() works with representative, synthetic NFC data

Applied to files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to packages/mobile-sdk-alpha/src/processing/** : Place MRZ processing helpers in packages/mobile-sdk-alpha/src/processing/

Applied to files:

• packages/mobile-sdk-alpha/tests/processing/mrz.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Use actual imports from selfxyz/mobile-sdk-alpha in tests

Applied to files:

• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-24T18:54:04.809Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.809Z
Learning: Applies to app/jest.setup.js : Provide comprehensive Jest setup in app/jest.setup.js with required mocks

Applied to files:

• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Applies to jest.setup.js : Maintain comprehensive mocks in jest.setup.js for all native modules

Applied to files:

• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-29T15:31:15.924Z

Learnt from: CR
PR: selfxyz/self#0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-08-29T15:31:15.924Z
Learning: Applies to packages/mobile-sdk-alpha/{**/*.test.{ts,tsx},**/__tests__/**/*.{ts,tsx}} : Do NOT mock selfxyz/mobile-sdk-alpha in tests (avoid jest.mock('selfxyz/mobile-sdk-alpha') and replacing real functions with mocks)

Applied to files:

• app/tests/utils/deeplinks.test.ts

📚 Learning: 2025-08-24T18:55:07.940Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/technical-specification.mdc:0-0
Timestamp: 2025-08-24T18:55:07.940Z
Learning: Establish NFC secure channels using PACE/BAC

Applied to files:

• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Support MRZ-derived keys, CAN, PACE, and BAC fallback for NFC authentication

Applied to files:

• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

📚 Learning: 2025-08-24T18:52:25.796Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.796Z
Learning: Handle multiple BAC attempts with delays and degrade from PACE to BAC gracefully with real-time status updates and haptic feedback

Applied to files:

• app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify iOS build succeeds via yarn ios

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : When using cache actions, optionally pass cache-version (often with GH_CACHE_VERSION and tool version) for stable keys

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : In GitHub Actions workflows, use shared composite caching actions from .github/actions (cache-yarn, cache-bundler, cache-gradle, cache-pods)

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-08-29T15:30:12.210Z

Learnt from: CR
PR: selfxyz/self#0
File: app/AGENTS.md:0-0
Timestamp: 2025-08-29T15:30:12.210Z
Learning: Verify Android build succeeds via yarn android

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-08-29T15:29:47.727Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-08-29T15:29:47.727Z
Learning: Before committing, run repository checks (yarn nice, yarn lint, yarn build, contracts build, yarn types)

Applied to files:

• .github/workflows/mobile-deploy.yml

🧬 Code graph analysis (3)

packages/mobile-sdk-alpha/tests/processing/mrz.test.ts (2)

app/src/utils/utils.ts (1)

• extractMRZInfo (7-23)

app/src/utils/cameraScanner.ts (1)

• mrzInfo (35-56)

app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt (2)

app/ios/PassportReader.swift (1)

• iOS (32-364)

app/src/utils/nfcScanner.ts (4)

• response (116-185)
• response (187-262)
• setModalProofStep (49-79)
• setModalProofStep (81-114)

app/src/screens/document/DocumentNFCScanScreen.tsx (1)

app/src/utils/nfcScanner.ts (5)

• setModalProofStep (49-79)
• setModalProofStep (14-47)
• setModalProofStep (81-114)
• response (187-262)
• response (116-185)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: e2e-ios

🔇 Additional comments (47)

.github/workflows/web.yml (1)

4-8: Good shift to PR-based triggers across dev/staging/main.

.github/workflows/contracts.yml (2)

6-6: Staging added to PR branches looks right.

---

52-54: Contract tests are hard-disabled. What’s the re-enable plan?

if: false drops safety nets. Consider running but marking non-blocking, or gating via label.

-        # skip until they get fixed
-        if: false
-        run: yarn test
+        # Temporarily non-blocking while fixing tests
+        continue-on-error: true
+        run: yarn test

.github/workflows/qrcode-sdk-ci.yml (1)

13-16: Branch filter aligns with repo policy.

.github/workflows/mobile-ci.yml (1)

19-23: PR-based trigger set matches main/dev/staging policy.

.github/workflows/circuits.yml (1)

6-6: Staging branch inclusion LGTM.

.coderabbit.yaml (1)

18-18: Add staging to base_branches — correct and schema-compliant.

app/version.json (1)

7-8: Align Android build numbers across repo before releasing.

version.json has android.build = 96, but the PR summary notes app/android/app/build.gradle versionCode = 90. This mismatch can break Play uploads and CI gating. Please reconcile.

#!/bin/bash
# Compare versionCode in Gradle vs version.json
gradle_code=$(rg -nP 'versionCode\s+(\d+)' app/android/app/build.gradle | sed -E 's/.*versionCode\s+([0-9]+).*/\1/' | tail -1)
json_build=$(jq -r '.android.build' app/version.json)
echo "Gradle versionCode: $gradle_code"
echo "version.json build: $json_build"
test "$gradle_code" = "$json_build" || { echo "❌ Mismatch"; exit 1; }
echo "✅ Match"

.github/workflows/circuits-build.yml (2)

143-148: Ensure artifact upload path matches build output directory.

If circuits build emits into circuits/output, update the upload path accordingly to avoid uploading nothing.

-      - name: Upload Artifact
+      - name: Upload Artifact
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4
         with:
           name: circuits
-          path: output/
+          path: circuits/output/

---

121-142: ```shell
#!/bin/bash
set -e

echo "Locating build_cpp.sh"
build_script=$(find . -type f -name build_cpp.sh | head -n1)
if [ -z "$build_script" ]; then
echo "build_cpp.sh not found"
exit 1
fi
echo "Found build_cpp.sh at: $build_script"
echo "----- build_cpp.sh content (first 200 lines) -----"
head -n200 "$build_script"
echo "--------------------------------------------------"

echo "Searching for 'output' references in circuits/scripts"
grep -R "output" -n circuits/scripts || echo "No 'output' references found in circuits/scripts"

echo "Checking for composite cache action at .github/actions/cache-dir"
if [ -d ".github/actions/cache-dir" ]; then
echo "Found composite action directory: .github/actions/cache-dir"
echo "----- action.yml (first 50 lines) -----"
head -n50 .github/actions/cache-dir/action.yml
echo "----------------------------------------"
else
echo "Directory .github/actions/cache-dir not found"
fi

</blockquote></details>
<details>
<summary>app/fastlane/README.md (1)</summary><blockquote>

`83-90`: **Doc addition looks good and matches the new lane.**

The “android build_only” docs are clear and aligned with the workflow changes.

</blockquote></details>
<details>
<summary>app/ios/Self.xcodeproj/project.pbxproj (1)</summary><blockquote>

`426-426`: **Build number bump acknowledged. Ensure release tooling stays in sync.**

CURRENT_PROJECT_VERSION = 169 matches version.json (iOS). Verify any Fastlane bump actions don’t overwrite this unexpectedly during deploys.




Also applies to: 567-567

</blockquote></details>
<details>
<summary>app/fastlane/Fastfile (7)</summary><blockquote>

`123-126`: **iOS version sync after semver bump looks good**

Keeps MARKETING_VERSION consistent with package.json.

---

`304-314`: **New android build_only lane is a good separation of concerns**

Clean way to reuse build path without upload.

---

`357-357`: **Boolean parsing for skip_upload is fine**

Covers string/boolean inputs from CI.

---

`376-378`: **Local-only requirement for JSON key is correct**

Matches ADC/WIF use in CI.

---

`396-401`: **Local-only JSON key validation is appropriate**

Prevents unnecessary checks in CI.

---

`408-411`: **Verify Gradle picks up MYAPP_UPLOAD_* props (signing could fail otherwise)**

Ensure android/app/build.gradle reads these properties for signingConfigs. If not, release builds will be unsigned.

Run this to confirm gradle usage:

```shell
#!/bin/bash
# Look for MYAPP_UPLOAD_* usage in Gradle files
rg -nP -C2 '(MYAPP_UPLOAD_STORE_FILE|MYAPP_UPLOAD_STORE_PASSWORD|MYAPP_UPLOAD_KEY_ALIAS|MYAPP_UPLOAD_KEY_PASSWORD)' -- android

---

427-435: No changes needed for fastlane supply WIF credentials support
fastlane supply’s json_key_data option (via SUPPLY_JSON_KEY_DATA or the json_key_data parameter) works with both service-account JSON and external_account (Workload Identity Federation) credentials in versions including the 2024–2025 WIF support PRs. Ensure your CI is using a fastlane release that contains that change.

.github/workflows/mobile-deploy.yml (23)

33-33: id-token: write is necessary for WIF

Good addition for OIDC-based auth.

---

110-113: Checkout pinned to staging — confirm intent

This builds staging regardless of the triggering ref. If that’s intentional for deploys, OK. Otherwise consider checking out the event ref.

---

127-144: Branch/commit verification step adds a useful guardrail

Helps avoid accidental non-staging builds.

---

174-178: Primary Yarn cache key includes SHA with restore-keys fallback

Looks fine; expect lower primary-hit rate but acceptable with restores.

---

186-189: Bundler restore-keys are reasonable

Works across runs while isolating by Ruby version.

---

198-199: Pods cache-version includes SHA

Fine; aligns with your cache invalidation approach.

---

442-449: Pre-building iOS SDK deps is a good perf win

Reduces surprises during Fastlane build.

---

609-616: Staging checkout + WIF auth for Android looks consistent

Matches the staging-first flow and enables ADC.

---

618-623: Early JDK setup for keytool is good

Catches keystore issues faster.

---

625-628: Keystore decode step is fine

Writes into app path under a fixed location.

---

630-673: Android secret verification is thorough

Validates ADC, keystore, alias, and entry type — solid.

---

687-703: Branch/commit verification for Android is helpful

Prevents drift from staging.

---

713-717: Yarn cache keys on Android mirror iOS approach

Looks good.

---

734-735: Gradle composite cache usage is aligned with repo guidance

Good.

---

788-833: Robust NDK/CMake install with retries is great for flaky sdkmanager

Reduces CI noise.

---

835-838: Raising Gradle heap to 4G is reasonable

Helps native builds; scoped to CI.

---

839-844: Python deps for Play upload are fine

Consider pinning versions later for reproducibility.

---

845-852: Pre-building Android SDK deps mirrors iOS

Good parity.

---

853-881: Build AAB via Fastlane build_only matches Fastfile changes

Keeps upload concerns out of Fastlane in CI.

---

882-899: Upload to Play via WIF Python script is the right call

Avoids service-account keys in CI; path and track wiring look correct.

---

961-966: Staging checkout for version update job is consistent

Makes sense with the staging-first model.

---

1011-1024: PR to update version files after deployment is clean

Good separation to avoid races.

---

1039-1040: Staging checkout for tag creation is aligned with flow

No issues.

app/src/navigation/index.tsx (1)

19-19: Switch to devTools screens import is fine

Matches the repo’s intentional inclusion of dev tools in production for testing.

app/vite.config.ts (1)

176-176: LGTM: dev chunk points to devTools.ts

The manual chunk now targets the new dev navigation module. This matches the app’s nav import switch and the known requirement to ship devTools in prod. No action needed.

app/tests/src/navigation.test.ts (1)

19-19: LGTM: test updated for DevPrivateKey route

New screen is included and ordering remains correct with the pre-sort. Looks good.

app/src/screens/system/SplashScreen.tsx (1)

27-32: LGTM: queued deeplink bootstrap and parent screen selection

Setting the deeplink parent based on registration state and deferring URL handling until after init is a solid approach. Error path also resets parent to Launch.

Also applies to: 75-87, 90-90

app/android/react-native-passport-reader/android/src/main/java/io/tradle/nfc/RNPassportReaderModule.kt (1)

470-485: Post-auth SELECT handling and 0x6982 tolerance look good.

Deferring SELECT until after PACE/BAC and proceeding on 6982 reduces fragile flows across chip variants.

[coderabbitai]

🛠️ Refactor suggestion

Avoid opening PRs in test_mode

Currently still opens a bump PR when test_mode=true.

-      - name: Open PR for iOS build number bump
-        if: ${{ !env.ACT && success() }}
+      - name: Open PR for iOS build number bump
+        if: ${{ !env.ACT && success() && inputs.test_mode != true }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if: ${{ !env.ACT && success() }}
	uses: ./.github/actions/push-changes
	uses: peter-evans/create-pull-request@v6
	with:
	commit_message: "incrementing ios build number for version ${{ env.VERSION }}"
	commit_paths: "./app/version.json"
	title: "chore: bump iOS build for ${{ env.VERSION }}"
	body: "Automated bump of iOS build number by CI"
	commit-message: "chore: incrementing ios build number for version ${{ env.VERSION }} [github action]"
	branch: ci/bump-ios-build-${{ github.run_id }}
	base: staging
	add-paths: |
	app/version.json
	- name: Open PR for iOS build number bump
	if: ${{ !env.ACT && success() && inputs.test_mode != true }}
	uses: peter-evans/create-pull-request@v6
	with:
	title: "chore: bump iOS build for ${{ env.VERSION }}"
	body: "Automated bump of iOS build number by CI"
	commit-message: "chore: incrementing ios build number for version ${{ env.VERSION }} [github action]"
	branch: ci/bump-ios-build-${{ github.run_id }}
	base: staging
	add-paths: |
	app/version.json

🤖 Prompt for AI Agents

.github/workflows/mobile-deploy.yml lines 560-569: the create-pull-request step
still runs when test_mode=true; update its if condition to prevent PR creation
in test mode by adding a check for the TEST_MODE env var (e.g. change the if to
include && env.TEST_MODE != 'true' or the equivalent expression you use for
falsey test mode), so the step only runs when not ACT, success() and TEST_MODE
is not 'true'.

[coderabbitai]

🛠️ Refactor suggestion

Replace direct actions/cache for NDK with a composite action

Repo standard forbids calling actions/cache directly; add a ./.github/actions/cache-ndk composite for consistency.

I can draft the composite if you want.

[coderabbitai]

🛠️ Refactor suggestion

Avoid opening PRs in test_mode (Android)

Same gating issue as iOS.

-      - name: Open PR for Android build number bump
-        if: ${{ !env.ACT && success() }}
+      - name: Open PR for Android build number bump
+        if: ${{ !env.ACT && success() && inputs.test_mode != true }}

🤖 Prompt for AI Agents

.github/workflows/mobile-deploy.yml around lines 908 to 918: the step that opens
a PR for the Android build bump currently runs in test_mode; update the step
condition to also guard against test mode (same change applied to iOS) so the
action only runs when ACT is false, the job succeeded, and TEST_MODE is not
enabled—modify the if expression to include a check like TEST_MODE != 'true' (or
the repo's test-mode env var) so PRs are not opened during test runs.

[coderabbitai]

⚠️ Potential issue

Android versionCode likely out of sync with app/version.json.

AI summary indicates version.json Android build moved to 96, but Gradle uses 90. This can break Play uploads (non-monotonic versionCode).

Run to confirm and align:

#!/bin/bash
set -euo pipefail
echo "Gradle versionCode:"
rg -nP '^\s*versionCode\s+(\d+)' app/android/app/build.gradle

echo "version.json Android buildCode:"
jq '.android.buildCode' app/version.json

echo "If mismatched, update app/android/app/build.gradle versionCode to match version.json (or vice versa) and ensure monotonic increments."

🤖 Prompt for AI Agents

In app/android/app/build.gradle around lines 124 to 126, versionCode is set to
90 while app/version.json indicates android.buildCode has been moved to 96;
update the versionCode value in build.gradle to match the version.json (set
versionCode to 96) or reconcile the source of truth so they align, and ensure
the final value is a monotonic increment relative to previous Play Store
uploads.

[coderabbitai]

⚠️ Potential issue

Do not send raw APDU payloads to analytics (PII leakage, high risk).

command_hex/response_hex and “plain” fields can contain MRZ/DG1/DG2 and other sensitive data. Shipping these off-device violates least-privilege and may breach privacy/compliance. Log only safe metadata (timestamp, SW, lengths, wrapped flag, minimal header bytes), and gate any content logging behind an explicit debug-only flag with size caps and redaction.

@@ class APDULogger : APDUListener {
-    private fun logToAnalytics(entry: APDULogEntry) {
+    private var enableSensitiveApduLogging: Boolean = false
+    fun setSensitiveApduLoggingEnabled(enabled: Boolean) { enableSensitiveApduLogging = enabled }
+
+    private fun logToAnalytics(entry: APDULogEntry) {
         try {
-            val params = mutableMapOf<String, Any>().apply {
+            val params = mutableMapOf<String, Any>().apply {
                 put("timestamp", entry.timestamp)
-                put("command_hex", entry.commandHex)
-                put("response_hex", entry.responseHex)
                 put("status_word", entry.statusWord)
                 put("status_word_hex", entry.statusWordHex)
                 put("command_length", entry.commandLength)
                 put("response_length", entry.responseLength)
                 put("data_length", entry.dataLength)
                 put("is_wrapped", entry.isWrapped)
                 put("context", entry.context)
-
-                entry.plainCommandHex?.let { put("plain_command_hex", it) }
-                entry.plainResponseHex?.let { put("plain_response_hex", it) }
-                entry.plainCommandLength?.let { put("plain_command_length", it) }
-                entry.plainResponseLength?.let { put("plain_response_length", it) }
-                entry.plainDataLength?.let { put("plain_data_length", it) }
+                // Optional, debug-only: include minimal headers and cap size
+                if (enableSensitiveApduLogging) {
+                    put("command_header_hex", entry.commandHex.take(8)) // CLA+INS+P1+P2
+                    put("response_header_hex", entry.responseHex.take(2)) // SW1 (best-effort)
+                }
             }
             moduleReference?.logAnalyticsEvent("nfc_apdu_exchange", params)
         } catch (e: Exception) {
             Log.e("APDULogger", "Error logging to analytics", e)
         }
     }
@@
-data class APDULogEntry(
+data class APDULogEntry(
     val timestamp: Long,
-    val commandHex: String,
-    val responseHex: String,
+    val commandHex: String, // retained in-memory; not sent unless debug flag
+    val responseHex: String, // retained in-memory; not sent unless debug flag
     val statusWord: Int,
     val statusWordHex: String,
     val commandLength: Int,
     val responseLength: Int,
     val dataLength: Int,
     val isWrapped: Boolean,
-    val plainCommandHex: String?,
-    val plainResponseHex: String?,
-    val plainCommandLength: Int?,
-    val plainResponseLength: Int?,
-    val plainDataLength: Int?,
+    val plainCommandHex: String?, // never sent to analytics
+    val plainResponseHex: String?, // never sent to analytics
+    val plainCommandLength: Int?,
+    val plainResponseLength: Int?,
+    val plainDataLength: Int?,
     val context: Map<String, Any>
 )

Follow-up:

• Consider removing even in-memory “plain*” fields in release builds.
• Add per-INS allowlist if you ever need content in debug.

Also applies to: 98-114, 39-63

[coderabbitai]

🛠️ Refactor suggestion

Consolidate timeout logic and cancel the native NFC session on timeout

There are two separate 30s timers set back-to-back; the first is immediately cleared by the second, creating dead code and confusion. Also, on timeout we should cancel the native NFC tech request to free the chip and avoid dangling sessions.

Apply this diff to remove the first timer and add explicit cancellation in the remaining one:

@@
-      if (scanTimeoutRef.current) {
-        clearTimeout(scanTimeoutRef.current);
-        scanTimeoutRef.current = null;
-      }
-      scanTimeoutRef.current = setTimeout(() => {
-        scanCancelledRef.current = true;
-        trackEvent(PassportEvents.NFC_SCAN_FAILED, {
-          error: 'timeout',
-        });
-        openErrorModal('Scan timed out. Please try again.');
-        setIsNfcSheetIsOpen(false);
-      }, 30000);
@@
       // Mark NFC scanning as active to prevent analytics flush interference
       setNfcScanningActive(true);
@@
       if (scanTimeoutRef.current) {
         clearTimeout(scanTimeoutRef.current);
         scanTimeoutRef.current = null;
       }
       scanTimeoutRef.current = setTimeout(() => {
         scanCancelledRef.current = true;
-        setNfcScanningActive(false); // Clear scanning state on timeout
+        setNfcScanningActive(false); // Clear scanning state on timeout
+        // Best-effort cancel of the native NFC session
+        // (no-op if not active or unsupported on platform)
+        void (async () => {
+          try {
+            await NfcManager.cancelTechnologyRequest();
+          } catch {}
+        })();
         trackEvent(PassportEvents.NFC_SCAN_FAILED, {
           error: 'timeout',
         });
         trackNfcEvent(PassportEvents.NFC_SCAN_FAILED, {
           error: 'timeout',
         });
         openErrorModal('Scan timed out. Please try again.');
         setIsNfcSheetOpen(false);
       }, 30000);

Follow-up:

• Consider exposing a cancel API from your scan() util (Android/iOS) and invoking it here alongside NfcManager.cancelTechnologyRequest() so both native paths are cleanly aborted. I can wire this end-to-end if helpful.

Also applies to: 223-239

🤖 Prompt for AI Agents

In app/src/screens/document/DocumentNFCScanScreen.tsx around lines 207 to 218
(also applies to 223-239): remove the redundant/cleared 30s timer so only a
single timeout is set, and inside that remaining timeout callback call
NfcManager.cancelTechnologyRequest() to explicitly cancel the native NFC session
before marking scanCancelledRef.current, tracking the timeout event, opening the
error modal and closing the sheet; also wire in (or leave a TODO to call) the
scan() util's cancel API when available so both native Android/iOS scan paths
are aborted.

[coderabbitai]

🛠️ Refactor suggestion

Avoid exposing a dead “Generate Mock Document” button in production

The button now renders unconditionally, but handleGenerateMock early-returns in non-dev builds (Lines 285-290), resulting in a no-op tap in prod. This is a medium-severity UX/best-practice issue and could surface internal tooling to end users. Gate rendering consistently (dev-only or via a feature flag).

Apply this diff to hide the button outside dev (minimal fix):

-            <SecondaryButton onPress={handleGenerateMock}>
-              Generate Mock Document
-            </SecondaryButton>
+            {__DEV__ && (
+              <SecondaryButton onPress={handleGenerateMock}>
+                Generate Mock Document
+              </SecondaryButton>
+            )}

If you need it on staging, prefer a single showMockDocs boolean (feature flag or environment check) and use {showMockDocs && (...)} in both the render and handler to keep behavior consistent.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<SecondaryButton onPress={handleGenerateMock}>
	Generate Mock Document
	</SecondaryButton>
	{__DEV__ && (
	<SecondaryButton onPress={handleGenerateMock}>
	Generate Mock Document
	</SecondaryButton>
	)}

🤖 Prompt for AI Agents

In app/src/screens/settings/ManageDocumentsScreen.tsx around lines 319-321
(handler early-return logic lives around lines 285-290), the "Generate Mock
Document" button is rendered unconditionally while its handler is a no-op in
non-dev builds; hide the button outside dev or behind a feature flag to avoid
exposing a dead control. Add a single boolean (e.g. showMockDocs) determined by
__DEV__ or a feature flag/env check, use {showMockDocs && (<SecondaryButton
...>)} for rendering, and check the same boolean inside the handler before
running mock-generation logic so rendering and behavior stay consistent across
environments.

[coderabbitai]

🛠️ Refactor suggestion

Prevent duplicate deeplink handling and add resilience

Because navigation object identity can change, this effect could re-fire and process the same queued URL again. Clear the queuedDeepLink after handling and add a try/catch fallback.

@@
-  useEffect(() => {
-    if (isAnimationFinished) {
-      if (queuedDeepLink) {
-        requestAnimationFrame(() => {
-          handleUrl(queuedDeepLink);
-        });
-      } else if (nextScreen) {
-        requestAnimationFrame(() => {
-          navigation.navigate(nextScreen as never);
-        });
-      }
-    }
-  }, [isAnimationFinished, nextScreen, queuedDeepLink, navigation]);
+  useEffect(() => {
+    if (!isAnimationFinished) return;
+    if (queuedDeepLink) {
+      requestAnimationFrame(() => {
+        try {
+          void handleUrl(queuedDeepLink);
+        } catch (e) {
+          // On failure, fall back to nextScreen if available
+          if (nextScreen) {
+            navigation.navigate(nextScreen as never);
+          }
+        } finally {
+          // Ensure idempotence across re-renders
+          setQueuedDeepLink(null);
+        }
+      });
+      return;
+    }
+    if (nextScreen) {
+      requestAnimationFrame(() => {
+        navigation.navigate(nextScreen as never);
+      });
+    }
+  }, [isAnimationFinished, nextScreen, queuedDeepLink, navigation]);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	useEffect(() => {
	if (isAnimationFinished && nextScreen) {
	requestAnimationFrame(() => {
	navigation.navigate(nextScreen as never);
	});
	if (isAnimationFinished) {
	if (queuedDeepLink) {
	requestAnimationFrame(() => {
	handleUrl(queuedDeepLink);
	});
	} else if (nextScreen) {
	requestAnimationFrame(() => {
	navigation.navigate(nextScreen as never);
	});
	}
	}
	}, [isAnimationFinished, nextScreen, navigation]);
	}, [isAnimationFinished, nextScreen, queuedDeepLink, navigation]);
	useEffect(() => {
	if (!isAnimationFinished) return;
	if (queuedDeepLink) {
	requestAnimationFrame(() => {
	try {
	void handleUrl(queuedDeepLink);
	} catch (e) {
	// On failure, fall back to nextScreen if available
	if (nextScreen) {
	navigation.navigate(nextScreen as never);
	}
	} finally {
	// Ensure idempotence across re-renders
	setQueuedDeepLink(null);
	}
	});
	return;
	}
	if (nextScreen) {
	requestAnimationFrame(() => {
	navigation.navigate(nextScreen as never);
	});
	}
	}, [isAnimationFinished, nextScreen, queuedDeepLink, navigation]);

🤖 Prompt for AI Agents

In app/src/screens/system/SplashScreen.tsx around lines 104 to 116, the effect
handling queuedDeepLink may re-fire and process the same URL multiple times and
lacks resilience on failures; update the effect so that when handling a
queuedDeepLink you clear it immediately (e.g., setQueuedDeepLink(null) or
dispatch a clear action) before or right after scheduling handling to prevent
duplicate processing, and wrap the call to handleUrl (and navigation.navigate
fallback) in a try/catch so any errors are caught and logged/handled gracefully
(keep requestAnimationFrame usage). Ensure state update to clear the queued deep
link is included in the same branch that processes it.

[transphorm]

match the rest of the ci now that race condition bug has been fixed.

this also speeds up the tests and will use the same cache stores as other workflows

[transphorm]

restore missing functionality @nakaz

[transphorm]

@remicolin @seshanthS this pull request updates dev with missing staging artifacts.

the tl;dr of why these artifacts showed up

• feature changes that were merged to staging only
  • mobile ci
  • nfc apdu scanning
• files that were accidentally deleted
  • dev screen: show private key
• files that have been deleted on dev but still exist in staging
  • deleted passport screen, renamed to document