[SELF-676] feat: upgrade React Native from 0.75.4 to 0.76.9

[transphorm]

Mobile Testing

• tested mrz / nfc / qr scanning / mocking on ios and android ✅

Summary

• Upgrade React Native from 0.75.4 to 0.76.9
• require Node.js 22 and Xcode 15+ in docs
• bump Android Gradle Plugin to 8.6 and Gradle wrapper to 8.10.2
• raise Android minSdkVersion to 24

This PR completes the React Native upgrade to 0.76.9, including all necessary toolchain and configuration updates.

Testing

• yarn workspaces foreach -p -v --topological-dev --since=HEAD run nice --if-present (no output)
• yarn lint (fails: Unable to resolve module @selfxyz/common/utils/proving)
• yarn build (fails: process exited with code 129)
• yarn workspace @selfxyz/contracts build (fails: Hardhat config error)
• yarn types (fails: process exited with code 129)
• yarn test (fails: missing node_modules state file)

---

https://chatgpt.com/codex/tasks/task_b_68a9215e2758832d9d98428226a08c9a

Summary by CodeRabbit

• Platform Support

  • Android SDK/target/min SDK raised; iOS deployment target bumped to 15.1; Node.js minimum now v22+.

• Improvements

  • React Native upgraded to 0.76.9; Gradle/AGP/Gradle wrapper and plugin versions updated; dependency/devDependency alignment and script refinements; Hermes so-loader initialization adjusted.

• CI / Tooling

  • Workflows: concurrency controls, multi-workspace iOS handling, improved caching, Yarn/Corepack updates, centralized pod install script with CocoaPods recovery.

• UX Changes

  • Momentum fling on image zoom/pan disabled in the passport reader.

• Chores

  • Rust integration removed; package reorganizations, minor docs and formatting updates, test fixture/mocks adjusted.

[coderabbitai]

Walkthrough

Raised platform and dependency versions, added an iOS pod-install recovery script for Hermes cache issues, re-exported proving utilities from common, removed Rust Android integration and fling gesture handling, and introduced concurrency, caching, and workspace-resolution improvements across CI workflows.

Changes

Cohort / File(s)	Summary
Android build & tooling app/android/build.gradle, app/android/gradle/wrapper/gradle-wrapper.properties, app/android/.../gradle-wrapper.properties, app/android/android-passport-reader/app/build.gradle, app/tests/src/androidBuildGradle.test.ts, app/android/settings.gradle	AGP bumped to 8.6.0; Gradle wrappers → 8.12; compile/targetSdk 33→35; minSdk 23→24; removed multiDexEnabled; autolink invocation now passes explicit command; tests updated for minSdk.
Android Rust removal & touch UI app/android/react-native-passport-reader/android/build.gradle, app/android/android-passport-reader/app/src/.../TouchImageView.kt	Removed Rust Android Gradle plugin and cargo block; removed fling gesture invocation/cancellation (Fling class left unused).
React Native bump & runtime init app/package.json, scripts/tests/check-package-versions.test.mjs, app/jest.setup.js, app/android/app/src/main/java/com/proofofpassportapp/MainApplication.kt	React Native 0.75.4→0.76.9 and aligned devDeps; install/test scripts updated to use pod-install helper; Jest NativeAnimated mock moved to private path and declared virtual; SoLoader.init now uses OpenSourceMergedSoMapping.
iOS deployment target & Pod install flow app/ios/Podfile, app/ios/Self.xcodeproj/project.pbxproj, app/ios/scripts/pod-install-with-cache-fix.sh, app/ios/.bundle/config	Added IOS_DEPLOYMENT_TARGET = "15.1"; updated Xcodeproj deployment targets; added pod-install-with-cache-fix.sh (cache clean → pod install → on-failure update hermes-engine → retry); Bundler config added.
CI concurrency, caching & workspace resolution .github/workflows/mobile-ci.yml, .github/workflows/mobile-e2e.yml, .github/workflows/mobile-deploy.yml, .github/workflows/mobile-deploy-auto.yml, .github/workflows/circuits-build.yml, .github/workflows/contracts.yml, .github/workflows/common-ci.yml, .github/workflows/mobile-bundle-analysis.yml, .github/workflows/circuits.yml	Added top-level concurrency blocks (varied semantics); expanded triggers to include packages/mobile-sdk-alpha/**; introduced Yarn/Bundler/Pods/built-deps caching via local actions; centralized pod install script; added dynamic iOS workspace resolution and stricter workspace/scheme validation; adjusted cache keys/paths.
Common utils exports common/src/utils/index.ts	Re-exported proving runtime values and types from ./proving.js: clientKey, clientPublicKeyHex, ec, encryptAES256GCM, getPayload, getWSDbRelayerUrl, and types TEEPayload, TEEPayloadBase, TEEPayloadDisclose.
Docs, scripts & package metadata app/README.md, app/fastlane/DEV.md, app/fastlane/README.md, app/fastlane/test/helpers_test.rb, package.json, packages/mobile-sdk-alpha/package.json, scripts/tests/package.json, common/package.json	Node requirement bumped 18+→22+; Xcode notes updated; added CLT verification/switch commands; root resolutions moved; peerDependencies reordered in mobile-sdk-alpha; scripts updated (install/test/types); minor test fixture updates.
Kotlin API updates & minor formatting app/android/.../PassportDetailsFragment.kt, app/android/.../KeyStoreUtils.kt, app/android/.../OcrUtils.kt	Replaced deprecated toUpperCase/toLowerCase usages with Kotlin uppercase()/lowercase(); small formatting/newline additions.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant GH as GitHub Actions (iOS Pod step)
  participant Shell as Shell
  participant Bundler as Bundler
  participant Script as pod-install-with-cache-fix.sh
  participant CocoaPods as CocoaPods

  GH->>Shell: cd app/ios
  GH->>Bundler: bundle install (uses app/ios vendor/bundle)
  GH->>Script: bundle exec bash scripts/pod-install-with-cache-fix.sh
  activate Script
  Script->>CocoaPods: pod cache clean --all (best-effort)
  Script->>Shell: rm -rf ~/Library/Caches/CocoaPods (ignore errors)
  Script->>CocoaPods: pod install
  alt pod install fails
    Script->>CocoaPods: pod update hermes-engine --no-repo-update
    Script->>CocoaPods: pod install (retry)
  end
  deactivate Script
  GH-->>GH: continue build steps

Loading

sequenceDiagram
  autonumber
  participant App as Android App
  participant SoLoader as SoLoader
  participant Mapping as OpenSourceMergedSoMapping

  App->>SoLoader: SoLoader.init(this, OpenSourceMergedSoMapping)
  SoLoader->>Mapping: load merged .so mapping
  SoLoader-->>App: native libs initialized

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Moving proving Utils to common #935 — Closely related: also modifies/exposes proving utilities and common package exports.
• Add composite cache actions #874 — Related: introduces/upgrades composite cache actions and caching patterns used by CI changes here.
• fix: streamline mobile CI build and caching #946 — Related: overlapping mobile CI caching and orchestration changes touching mobile-ci and mobile-e2e.

Suggested reviewers

• shazarre
• aaronmgdr
• remicolin

Poem

Pods cleared, Hermes coaxed to try once more,
SDKs climbed, and CI learned to store.
Rust stepped back, exports waved hello,
Builds now queue while caches gently grow. 🚀

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/update-core-tooling-for-react-native-upgrade

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[transphorm]

@coderabbitai full summary

[coderabbitai]

@transphorm I'll regenerate a comprehensive summary for this React Native upgrade preparation PR.

Based on the PR objectives, this is preparatory work for upgrading to React Native 0.76.9, involving infrastructure updates including Node.js 22 and Xcode 15+ requirements, Android Gradle Plugin bump to 8.6, Gradle wrapper to 8.10.2, and raising Android minSdkVersion to 24. The testing results show expected build failures during this preparation phase, which is typical for infrastructure updates of this scope.

---

🧠 Learnings used

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

---

Learnt from: transphorm
PR: selfxyz/self#636
File: app/android/app/build.gradle:76-76
Timestamp: 2025-06-30T15:51:11.193Z
Learning: For React Native 0.80, the correct JSC version is `io.github.react-native-community:jsc-android:2026004.+`. This version was specifically built with Android NDK r23 to align with React Native 0.80's NDK requirements and prevent compatibility issues. The `2026004` version pattern is the official version for RN 0.80, not an outdated pin.

✅ Actions performed

Summary regeneration triggered.

[coderabbitai]

@transphorm I'll regenerate a comprehensive full summary for this React Native upgrade preparation PR.

This PR represents the foundational infrastructure preparation for upgrading to React Native 0.76.9, involving critical toolchain and dependency updates that need to be in place before the actual React Native version bump. The expected build failures during testing are typical for this preparation phase, as the infrastructure changes create temporary incompatibilities that will be resolved with the actual RN upgrade.

---

🧠 Learnings used

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

---

Learnt from: transphorm
PR: selfxyz/self#636
File: app/android/app/build.gradle:76-76
Timestamp: 2025-06-30T15:51:11.193Z
Learning: For React Native 0.80, the correct JSC version is `io.github.react-native-community:jsc-android:2026004.+`. This version was specifically built with Android NDK r23 to align with React Native 0.80's NDK requirements and prevent compatibility issues. The `2026004` version pattern is the official version for RN 0.80, not an outdated pin.

✅ Actions performed

Summary regeneration triggered.

[coderabbitai]

Actionable comments posted: 7

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

app/android/android-passport-reader/build.gradle (1)

16-21: Remove deprecated jcenter() and gate mavenLocal() for secure, reproducible builds

jcenter() is sunset and can break builds or pull stale artifacts. mavenLocal() can accidentally shadow remote artifacts, increasing supply-chain risk—particularly risky for a passport/security-related module. Keep google() + mavenCentral() by default; gate mavenLocal() behind an explicit Gradle property for local dev only.

Apply:

 repositories {
-        google()
-        jcenter()
-        mavenCentral()
-        mavenLocal()
+        google()
+        mavenCentral()
+        if (findProperty("useMavenLocal")?.toString() == "true") {
+            mavenLocal()
+        }
 }
 ...
 allprojects {
     repositories {
-
-        google()
-        jcenter()
-        mavenCentral()
-        mavenLocal()
+        google()
+        mavenCentral()
+        if (findProperty("useMavenLocal")?.toString() == "true") {
+            mavenLocal()
+        }
     }
 }

Also applies to: 33-39

common/package.json (1)

284-288: Ensure @selfxyz/common dist artifacts are generated before module resolution

Our verification shows the common/dist directory is missing in this branch, so the export mapping for ./utils/proving will fail at consume-time:

• Option A (Recommended): Build @selfxyz/common before running workspace lint/types/test.
  • Update your root-level CI or scripts, for example in package.json:

  "scripts": {

• "ci": "yarn lint && yarn test",

• "ci": "yarn workspace @selfxyz/common build && yarn lint && yarn test",
  …
  }

This guarantees `dist/esm/src/utils/proving.js` and `dist/cjs/src/utils/proving.cjs` exist before any import resolution.

- **Option B:** Make `@selfxyz/common` self-sufficient by emitting `dist` on install. In `common/package.json`, add:
```diff
 "scripts": {
   "build": "tsup && yarn build:types && yarn postbuild",
+    "prepare": "yarn build",
   "postbuild": "node ./scripts/postBuild.mjs"
 },

And ensure Yarn 4 lifecycle scripts run by enabling them in .yarnrc.yml:

enableScripts: true

Please apply one of these fixes so imports like @selfxyz/common/utils/proving reliably resolve in development, CI, and downstream consumers.

🧹 Nitpick comments (2)

app/tests/src/androidBuildGradle.test.ts (1)

31-31: Add version guardrails for the Android build toolchain

To prevent accidental downgrades of your Android build environment, extend this test suite—beyond the existing minSdkVersion check—to also assert:

• Android Gradle Plugin is pinned to 8.6.x in your root build.gradle
• Gradle wrapper distribution is pinned to 8.10.2 in all gradle-wrapper.properties files

Example additions to app/tests/src/androidBuildGradle.test.ts:

     // existing SDK-level assertion
     expect(rootGradleContent).toMatch(/minSdkVersion\s*=\s*24/);

+    // guardrail: AGP version
+    expect(rootGradleContent).toMatch(
+      /com\.android\.tools\.build:gradle:8\.6\.\d+/
+    );
+
+    // guardrail: Gradle wrapper version
+    const wrapperContent = fs.readFileSync(
+      path.join(projectRoot, 'android', 'gradle', 'wrapper', 'gradle-wrapper.properties'),
+      'utf-8'
+    );
+    expect(wrapperContent).toMatch(
+      /distributionUrl=.*gradle-8\.10\.2-bin\.zip/
+    );

This ensures that any future changes to your Android projects can’t inadvertently downgrade the plugin or wrapper versions.

app/android/android-passport-reader/app/build.gradle (1)

79-79: Remove unnecessary multidex dependency at minSdk 24

With native multidex on API 21+ and this being a library, androidx.multidex:multidex adds method count and build time without benefit.

-    implementation 'androidx.multidex:multidex:2.0.1'

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between af3adbc and fc3ee0d.

⛔ Files ignored due to path filters (3)

• app/Gemfile.lock is excluded by !**/*.lock
• app/ios/Podfile.lock is excluded by !**/*.lock
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (15)

• README.md (1 hunks)
• app/AGENTS.md (1 hunks)
• app/README.md (2 hunks)
• app/android/android-passport-reader/app/build.gradle (1 hunks)
• app/android/android-passport-reader/build.gradle (1 hunks)
• app/android/android-passport-reader/gradle/wrapper/gradle-wrapper.properties (1 hunks)
• app/android/build.gradle (2 hunks)
• app/fastlane/DEV.md (3 hunks)
• app/fastlane/README.md (1 hunks)
• app/fastlane/test/helpers_test.rb (1 hunks)
• app/ios/Podfile (1 hunks)
• app/jest.setup.js (1 hunks)
• app/package.json (2 hunks)
• app/tests/src/androidBuildGradle.test.ts (1 hunks)
• common/package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

app/android/**/*

⚙️ CodeRabbit configuration file

app/android/**/*: Review Android-specific code for:

• Platform-specific implementations
• Performance considerations
• Security best practices for mobile

Files:

• app/android/android-passport-reader/gradle/wrapper/gradle-wrapper.properties
• app/android/android-passport-reader/app/build.gradle
• app/android/android-passport-reader/build.gradle
• app/android/build.gradle

**/*.{test,spec}.{ts,js,tsx,jsx}

⚙️ CodeRabbit configuration file

**/*.{test,spec}.{ts,js,tsx,jsx}: Review test files for:

• Test coverage completeness
• Test case quality and edge cases
• Mock usage appropriateness
• Test readability and maintainability

Files:

• app/tests/src/androidBuildGradle.test.ts

app/ios/**/*

⚙️ CodeRabbit configuration file

app/ios/**/*: Review iOS-specific code for:

• Platform-specific implementations
• Performance considerations
• Security best practices for mobile

Files:

• app/ios/Podfile

🧠 Learnings (3)

📓 Common learnings

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

Learnt from: transphorm
PR: selfxyz/self#636
File: app/android/app/build.gradle:76-76
Timestamp: 2025-06-30T15:51:11.193Z
Learning: For React Native 0.80, the correct JSC version is `io.github.react-native-community:jsc-android:2026004.+`. This version was specifically built with Android NDK r23 to align with React Native 0.80's NDK requirements and prevent compatibility issues. The `2026004` version pattern is the official version for RN 0.80, not an outdated pin.

📚 Learning: 2025-06-30T15:51:11.193Z

Learnt from: transphorm
PR: selfxyz/self#636
File: app/android/app/build.gradle:76-76
Timestamp: 2025-06-30T15:51:11.193Z
Learning: For React Native 0.80, the correct JSC version is `io.github.react-native-community:jsc-android:2026004.+`. This version was specifically built with Android NDK r23 to align with React Native 0.80's NDK requirements and prevent compatibility issues. The `2026004` version pattern is the official version for RN 0.80, not an outdated pin.

Applied to files:

• app/package.json

📚 Learning: 2025-07-14T09:03:08.292Z

Learnt from: aaronmgdr
PR: selfxyz/self#763
File: app/.github/workflows/test-coverage.yml:0-0
Timestamp: 2025-07-14T09:03:08.292Z
Learning: Node.js 22 is supported by actions/setup-nodev4 and has been in Active LTS since October 2024. It works on Linux, macOS, and Windows runners (Windows issues were resolved after version 22.8.0).

Applied to files:

• app/fastlane/DEV.md

🪛 LanguageTool

app/AGENTS.md

[grammar] ~7-~7: There might be a mistake here.
Context: ...d Line Tools, CocoaPods (Ruby installed) - From app/ios: `bundle install && bundl...

(QB_NEW_EN)

app/README.md

[grammar] ~28-~28: There might be a mistake here.
Context: ...e](https://developer.apple.com/xcode/) | | cocoapods | Latest | [Install cocoa...

(QB_NEW_EN)

🪛 markdownlint-cli2 (0.17.2)

app/fastlane/DEV.md

144-144: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

153-153: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

---

627-627: Unordered list style
Expected: dash; Actual: asterisk

(MD004, ul-style)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: run_circuit_tests
• GitHub Check: analyze-android
• GitHub Check: build

🔇 Additional comments (9)

app/tests/src/androidBuildGradle.test.ts (1)

31-31: Assertion bump to minSdkVersion 24 aligns with AGP 8.6 and Android policy

The updated expectation to 24 is correct given the project’s Gradle/AGP upgrades and minSdk raise across android modules.

README.md (1)

70-70: Docs: Node 22 and Xcode 15+ requirement is accurate

Clear prerequisite callout. This matches the toolchain updates elsewhere in the repo.

app/README.md (1)

7-7: Prereqs updated to Node >= 22 and Xcode >= 15

Good alignment with the upgraded Android toolchain and iOS/Xcode baseline across the repo.

Also applies to: 28-28

app/AGENTS.md (1)

7-7: ✅ Xcode 15+ requirement verified in CI and docs

• CI workflows (mobile-e2e.yml, mobile-deploy.yml, mobile-ci.yml) all set XCODE_VERSION: 16.4 and invoke setup-xcode, ensuring Xcode ≥ 15 on macos-latest runners.
• Bundle-analysis jobs (mobile-bundle-analysis.yml) run on macos-14, which uses the default Xcode ≥ 15 installation.
• Podfile specifies platform :ios, "15.1" (line 14), matching the documented minimum.

No further changes required.

app/fastlane/test/helpers_test.rb (1)

224-224: LGTM: Test fixture aligns with minSdkVersion 24 across Android configs

Updating the inline Gradle snippet to minSdkVersion 24 keeps tests consistent with the project-wide SDK bump.

app/package.json (2)

117-117: Inconsistent RN version vs PR description and test setup

You’ve bumped react-native to 0.76.9, while the PR description claims RN remains at 0.75.4. This inconsistency can cascade into Jest mocks, Gradle plugin expectations, and iOS Pods resolution.

If 0.76.9 is intended for this PR:

• Update the PR description to reflect the bump.
• Confirm iOS Podfile and Android Gradle plugin configs are aligned (Hermes by default, SDK 35, Kotlin ≥ 1.9.24).

If it’s not intended, revert RN to 0.75.4 to stabilize CI for the tooling prep step.

---

195-197: Engines constraint matches docs—good to enforce Node 22

The engines pin to Node 22 aligns with the updated prerequisites and helps avoid subtle toolchain issues on RN 0.76.x.

app/fastlane/DEV.md (1)

144-154: Toolchain prerequisites aligned (Node 22, Xcode 15+)

Raising Node to 22 and documenting Xcode 15+ matches the Android/iOS build system updates in this PR and should reduce environment drift.

Also applies to: 627-629

app/android/build.gradle (1)

6-9: minSdk 24 alignment looks good

Raising minSdkVersion to 24 is consistent with the rest of the Android changes and unlocks native multidex and newer APIs.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

.github/workflows/mobile-ci.yml (3)

187-189: Cache key bug: nested ${{ }} inside hashFiles prevents evaluation

hashFiles receives the literal string "app/ios/${{ env.IOS_PROJECT_NAME }}.xcworkspace/..." so the second hash becomes empty, weakening cache keys and risking cross‑workspace pollution. Use a glob or compute the path once.

-          key: ${{ runner.os }}-xcode-${{ hashFiles('app/ios/Podfile.lock') }}-${{ hashFiles('app/ios/${{ env.IOS_PROJECT_NAME }}.xcworkspace/contents.xcworkspacedata') }}
+          key: ${{ runner.os }}-xcode-${{ env.XCODE_VERSION }}-${{ hashFiles('app/ios/Podfile.lock') }}-${{ hashFiles('app/ios/*.xcworkspace/contents.xcworkspacedata') }}

---

174-180: Ineffective caching: restoring CocoaPods cache that you immediately delete

You restore ~/Library/Caches/CocoaPods then delete it during Install iOS Dependencies. This wastes CI time and bandwidth. Either stop clearing it in CI or stop caching it. Given the new guarded install flow explicitly clears caches, remove it from the cached paths.

           path: |
             app/ios/Pods
-            ~/Library/Caches/CocoaPods
           lock-file: app/ios/Podfile.lock

If you prefer to keep caching CocoaPods cache, gate the clear step with an env flag (e.g., CLEAR_POD_CACHE=false in CI).

---

207-223: Update CI to use NDK r26.1 (not r27) with RN 0.76 + AGP 8.6
AGP 8.6 defaults to Android NDK 26.1.10909125 (if you don’t explicitly set ndkVersion, AGP will install and use that release) (developer.android.com). Building with NDK r27 may trigger version-mismatch warnings (and hasn’t been validated against RN 0.76’s toolchain), risking subtle ABI/toolchain issues.

Please adjust as follows:

• In .github/workflows/mobile-ci.yml, set
  ANDROID_NDK_VERSION: "26.1.10909125" (instead of any r27 value).
• Optionally, pin the same value in your module’s android { ndkVersion "26.1.10909125" } block to align local builds with CI.

♻️ Duplicate comments (1)

app/package.json (1)

150-155: Align @react-native/gradle-plugin with RN minor to avoid build-logic mismatches

Using ^0.81.0 alongside react-native 0.76.9 can introduce incompatible Gradle tasks and flags. Pin the plugin to the matching RN minor.

-    "@react-native/gradle-plugin": "^0.81.0",
+    "@react-native/gradle-plugin": "0.76.9",

🧹 Nitpick comments (1)

app/ios/scripts/pod-install-with-cache-fix.sh (1)

6-11: Harden the script: enable pipefail/undef checks to avoid masking failures

Add -u and -o pipefail so any unset var or piped command failure aborts early. This prevents partial installs that later cause flaky builds.

-set -e  # Exit on any error
+set -euo pipefail  # Exit on error, undefined var, or failed pipe

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between fc3ee0d and 8f77267.

📒 Files selected for processing (3)

• .github/workflows/mobile-ci.yml (1 hunks)
• app/ios/scripts/pod-install-with-cache-fix.sh (1 hunks)
• app/package.json (3 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

app/ios/**/*

⚙️ CodeRabbit configuration file

app/ios/**/*: Review iOS-specific code for:

• Platform-specific implementations
• Performance considerations
• Security best practices for mobile

Files:

• app/ios/scripts/pod-install-with-cache-fix.sh

🧠 Learnings (4)

📓 Common learnings

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

📚 Learning: 2025-08-02T23:53:45.928Z

Learnt from: transphorm
PR: selfxyz/self#823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

Applied to files:

• app/ios/scripts/pod-install-with-cache-fix.sh
• app/package.json

📚 Learning: 2025-07-29T01:08:28.530Z

Learnt from: transphorm
PR: selfxyz/self#795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

Applied to files:

• app/package.json

📚 Learning: 2025-06-30T15:51:11.193Z

Learnt from: transphorm
PR: selfxyz/self#636
File: app/android/app/build.gradle:76-76
Timestamp: 2025-06-30T15:51:11.193Z
Learning: For React Native 0.80, the correct JSC version is `io.github.react-native-community:jsc-android:2026004.+`. This version was specifically built with Android NDK r23 to align with React Native 0.80's NDK requirements and prevent compatibility issues. The `2026004` version pattern is the official version for RN 0.80, not an outdated pin.

Applied to files:

• app/package.json

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: analyze-android
• GitHub Check: analyze-ios
• GitHub Check: run_circuit_tests
• GitHub Check: build

🔇 Additional comments (1)

app/package.json (1)

117-118: Scope drift: RN is now 0.76.9—confirm intent vs. “prep only” PR description

The dependency bump upgrades RN to 0.76.9. If this PR is meant to be infra‑only, either revert this change or update the PR title/description and ensure Android/iOS settings are fully aligned (AGP 8.6, Gradle 8.10.2, iOS Hermes pods, CLI/tooling versions).

Would you like me to generate a follow‑up checklist (Android/iOS) for a clean RN 0.76 rollout?

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between f8e88a3 and b956ac3.

📒 Files selected for processing (6)

• .github/workflows/circuits.yml (1 hunks)
• .github/workflows/common-ci.yml (4 hunks)
• app/package.json (4 hunks)
• common/package.json (1 hunks)
• packages/mobile-sdk-alpha/package.json (2 hunks)
• scripts/tests/package.json (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• common/package.json
• scripts/tests/package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/mobile-sdk-alpha/package.json
• app/package.json

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build-ios
• GitHub Check: test
• GitHub Check: build-android
• GitHub Check: analyze-android
• GitHub Check: e2e-ios
• GitHub Check: run_circuit_tests

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Avoid caching node_modules; key the cache to lockfile/Node/Yarn to prevent stale deps and ABI mismatches

Caching node_modules is risky with Node 22 and native addons (e.g., sharp, keccak): binary artifacts become invalid across Node or lib changes and can cause nondeterministic CI flakes. Prefer caching only Yarn’s artifact cache (.yarn/cache) and let yarn install (with Corepack) rebuild node_modules deterministically. If you must cache node_modules, ensure the cache key includes at minimum: runner.os, Node version, Yarn version, and a hash of all relevant lockfiles. Also align the cache “version” with RN 0.76 to force a bust during this upgrade.

Apply this conservative diff to remove node_modules caching and bump the cache bucket:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            circuits/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Additionally, please explicitly set Node 22 in this workflow (missing today). Add a setup step after checkout so installs/builds run on the intended runtime:

# Insert after "uses: actions/checkout@v4"
- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

To confirm your local cache action is safe to keep even when not caching node_modules, please verify its cache key includes lockfile/Node/Yarn/OS entropy:

---

🏁 Script executed:

#!/bin/bash
# Inspect the local cache-yarn action composition and keying
fd -a cache-yarn .github/actions
rg -n "key:|restore-keys:|hashFiles|cache-version" -n .github/actions/cache-yarn -S -C2
cat .github/actions/cache-yarn/action.yml || cat .github/actions/cache-yarn/action.yaml

Length of output: 1961

---

🏁 Script executed:

#!/bin/bash
# Check for Node.js setup in circuits CI workflow
rg -n "actions/setup-node@" -n .github/workflows/circuits.yml || echo "No setup-node step found"
rg -n "node-version" -n .github/workflows/circuits.yml || echo "No node-version specified"
rg -n "corepack" -n .github/workflows/circuits.yml || echo "No corepack usage found"

Length of output: 344

---

Enforce deterministic installs: drop node_modules from cache and pin Node.js 22

The current workflow is caching both .yarn/cache and the entire node_modules folders, but without including Node or Yarn versions in the cache key. This risks CI flakes and ABI mismatches for native modules (e.g. sharp, keccak) when moving between Node or library versions. Additionally, we’re not explicitly selecting a Node runtime, so installs may run on an unintended version.

Areas to address:

• .github/workflows/circuits.yml (lines 118–126): invocation of the cache-yarn action
• .github/workflows/circuits.yml: insert a Node.js setup step after actions/checkout@v4

Diff to apply:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            circuits/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

And add this snippet immediately after checkout to pin Node 22 and enable Corepack:

# Insert after "uses: actions/checkout@v4"
- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

🤖 Prompt for AI Agents

.github/workflows/circuits.yml lines 118-126: the workflow is caching
node_modules and not pinning Node/Yarn which can cause non-deterministic
installs and native ABI mismatches; remove node_modules from the cache paths so
only .yarn/cache (and any per-package caches) are stored, and update the cache
action invocation to include a versioned cache key that incorporates Node and
Yarn versions; also insert a step immediately after actions/checkout@v4 to setup
Node.js 22 and enable Corepack (use actions/setup-node@v4 with node-version:
'22' and cache: 'yarn' and run corepack enable) so CI always uses Node 22 and
deterministic Yarn installs.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

CI uses Node 22 in docs, but workflows don’t pin it; also avoid caching node_modules across jobs

Given the RN 0.76/Node 22 migration, each job should explicitly set Node 22. Without pinning, ubuntu-latest may use Node 20, causing native module rebuilds, eslint/type-check variance, and flaky failures. Separately, caching node_modules in four jobs multiplies cache size and increases stale/ABI risk. Cache only .yarn/cache (or ensure keys incorporate OS, Node, Yarn, and lockfile hashes).

For each of the four “Cache Yarn dependencies” steps, remove node_modules from the cache and bump the cache bucket:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add Node setup at the top of each job (build, lint, type-check, test-common), right after checkout:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

If keeping node_modules in the cache is deemed necessary, first confirm the local action’s keying includes lockfile and runtime entropy:

Also applies to: 36-43, 56-63, 86-93

---

🏁 Script executed:

#!/bin/bash
# Check cache key/restore-keys strategy for the local action
fd -a cache-yarn .github/actions
rg -n "actions/cache|key:|restore-keys:|hashFiles|cache-version" -n .github/actions/cache-yarn -S -C2

Length of output: 1234

---

Pin Node.js 22 & tighten the Yarn cache key

The CI docs target Node 22, but none of the workflows set up or pin Node. On ubuntu-latest, this can slip back to Node 20, leading to native‐module ABI mismatches, inconsistent ESLint/type‐check results, and flaky failures. Furthermore, caching node_modules (and common/node_modules) across four jobs significantly bloats your cache and invites staleness whenever the runtime changes.

Your local cache action currently builds its key from:

• runner.os
• inputs.cache-version
• hashFiles(inputs.lock-file)

…but it doesn’t include the Node or Yarn version. To ensure robust cache busting when you migrate runtimes, you should either bump cache-version to encode your Node upgrade (e.g. rn-0.76-node22-v1) or extend the action to accept a node-version input and include it in its key.

Action items
– In .github/workflows/common-ci.yml (jobs: build, lint, type-check, test-common), right after checkout add:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

– For each “Cache Yarn dependencies” step (≈ lines 12–19, 36–43, 56–63, 86–93):
• Remove node_modules and common/node_modules from with.path
• Bump cache-version to include your Node bump (or add a node-version input)
• Example diff:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

This will:

• Guarantee Node 22 everywhere (avoiding ABI and lint/type‐check drift)
• Keep your caches small and auto‐invalidate on lockfile or runtime bumps

🤖 Prompt for AI Agents

.github/workflows/common-ci.yml lines 12-19: the workflow neither pins Node nor
includes Node/Yarn in the cache key and currently caches node_modules which
bloats/stales the cache; update each job (build, lint, type-check, test-common)
to set up Node.js 22 and enable Corepack immediately after checkout (use
actions/setup-node@v4 with node-version: '22' and cache: 'yarn', then run
corepack enable), and for every "Cache Yarn dependencies" step (around lines
12–19, 36–43, 56–63, 86–93) remove node_modules and common/node_modules from
with.path and bump the cache-version to encode the Node upgrade (or extend the
local cache action to accept a node-version input and include it in its key) so
caches are smaller and correctly invalidated on runtime or lockfile changes.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (4)

.github/workflows/common-ci.yml (4)

12-19: Stop caching node_modules; pin Node 22 for deterministic builds

Caching node_modules across jobs and runners is brittle with RN 0.76/Node 22; it increases flakiness and ABI drift. Also, the workflow doesn’t pin Node, so jobs may run on Node 20. Fix both.

Apply this diff to the Yarn cache step:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Then add Node setup right after checkout (outside the selected range):

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
- run: corepack enable

---

36-43: Same here: avoid node_modules cache and bump the cache key; set Node 22

Repeats the pattern from build. Remove node_modules paths, bump cache-version to encode the runtime upgrade, and set up Node 22 at the top of the job.

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add (outside the range) after checkout:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
- run: corepack enable

---

56-63: Type-check job needs the same Node pin and slimmer cache

This job will otherwise inherit whatever Node ubuntu-latest ships and will restore potentially stale node_modules. Align with the other jobs.

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add (outside the range) after checkout:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
- run: corepack enable

---

88-95: Repeat: slim Yarn cache and pin Node 22 for tests

Tests will be sensitive to ABI and PnP/runtime drift. Remove node_modules from cache and pin Node 22.

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add (outside the range) after checkout:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
- run: corepack enable

🧹 Nitpick comments (1)

.github/workflows/mobile-e2e.yml (1)

362-375: Make workspace resolution scheme-aware to avoid later failures and wasted cycles

Currently, you pick OpenPassport.xcworkspace if it exists and lists “OpenPassport”, otherwise you default to Self.xcworkspace, and only in the Build step do you fail if the scheme isn’t present. Tighten selection to choose the workspace that actually contains the configured scheme ($IOS_PROJECT_SCHEME), failing early with diagnostics if neither does.

Apply:

-      - name: Resolve iOS workspace
-        run: |
-          WORKSPACE_OPEN="app/ios/OpenPassport.xcworkspace"
-          WORKSPACE_SELF="app/ios/Self.xcworkspace"
-
-          if xcodebuild -list -workspace "$WORKSPACE_OPEN" 2>/dev/null | grep -q "OpenPassport"; then
-            WORKSPACE_PATH="$WORKSPACE_OPEN"
-          else
-            WORKSPACE_PATH="$WORKSPACE_SELF"
-          fi
-
-          echo "WORKSPACE_PATH=$WORKSPACE_PATH" >> "$GITHUB_ENV"
-          echo "Resolved workspace: $WORKSPACE_PATH"
+      - name: Resolve iOS workspace
+        run: |
+          set -euo pipefail
+          SCHEME="${IOS_PROJECT_SCHEME:-OpenPassport}"
+          CANDIDATES=("app/ios/OpenPassport.xcworkspace" "app/ios/Self.xcworkspace")
+
+          has_scheme() {
+            local ws="$1"
+            xcodebuild -list -workspace "$ws" 2>/dev/null \
+              | awk '/Schemes:/{flag=1;next}/^$/{flag=0}flag' \
+              | grep -Fxq "$SCHEME"
+          }
+
+          WORKSPACE_PATH=""
+          for ws in "${CANDIDATES[@]}"; do
+            if [ -d "$ws" ] && has_scheme "$ws"; then
+              WORKSPACE_PATH="$ws"
+              break
+            fi
+          done
+
+          if [ -z "${WORKSPACE_PATH}" ]; then
+            echo "❌ Could not find scheme '$SCHEME' in any candidate workspace."
+            echo "Available schemes per workspace:"
+            for ws in "${CANDIDATES[@]}"; do
+              if [ -d "$ws" ]; then
+                echo "— $ws"
+                xcodebuild -list -workspace "$ws" 2>/dev/null | awk '/Schemes:/{flag=1;next}/^$/{flag=0}flag' || true
+              fi
+            done
+            exit 1
+          fi
+
+          echo "WORKSPACE_PATH=$WORKSPACE_PATH" >> "$GITHUB_ENV"
+          echo "Resolved workspace: $WORKSPACE_PATH (scheme: $SCHEME)"

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b956ac3 and 4539bec.

📒 Files selected for processing (3)

• .github/workflows/common-ci.yml (5 hunks)
• .github/workflows/mobile-ci.yml (14 hunks)
• .github/workflows/mobile-e2e.yml (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/mobile-ci.yml

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-02T23:53:45.928Z

Learnt from: transphorm
PR: selfxyz/self#823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

Applied to files:

• .github/workflows/mobile-e2e.yml

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/common-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build-android
• GitHub Check: build-ios
• GitHub Check: analyze-android
• GitHub Check: e2e-ios
• GitHub Check: run_circuit_tests

🔇 Additional comments (4)

.github/workflows/mobile-e2e.yml (4)

256-259: Good hardening: version-scope all Xcode-related caches by env.XCODE_VERSION

Including env.XCODE_VERSION in the keys/restore-keys for DerivedData, Index, and Simulator prevents stale ABI/cache reuse after runner/Xcode image bumps. This will reduce nondeterministic link/compile errors and simulator runtime mismatches.

Also applies to: 264-266, 273-275

---

289-291: Pods install via centralized Bundler script is the right move

Delegating to scripts/pod-install-with-cache-fix.sh under bundle exec eliminates drift and consolidates Hermes/CocoaPods cache remediation. This should materially cut iOS CI flakiness after the RN 0.76.x upgrade.

---

381-384: Early guard for empty WORKSPACE_PATH is good

Failing fast here avoids ambiguous xcodebuild errors and improves triage speed. This pairs well with the Resolve step above when made scheme-aware.

---

236-241: Fix Bundler cache scope by moving working-directory to the step level

Verified via script that your Gemfile lives at app/Gemfile, so the working-directory input under with is ignored by ruby/setup-ruby and defaults to the repo root, causing your gems to be cached/installed in the wrong location.

• File: .github/workflows/mobile-e2e.yml
• Step: “Set up Ruby” (around lines 236–241)

Apply this diff to move working-directory out of with and onto the step:

-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "3.3"
-          bundler-cache: true
-          working-directory: app
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.3"
+          bundler-cache: true
+        working-directory: app

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (4)

.github/workflows/common-ci.yml (4)

12-19: Don’t cache node_modules; pin Node.js 22 for RN 0.76 to avoid ABI drift and flakiness.

Caching node_modules across jobs + not pinning Node will cause inconsistent native builds and lint/type-check variance after the RN 0.76/Node 22 bump. Keep only .yarn/cache and bump the cache bucket; set up Node 22 + Corepack in each job immediately after checkout.

Apply within this range:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add right after “uses: actions/checkout@v4” (outside this range) in every job:

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

---

38-45: Repeat: remove node_modules from cache and pin Node 22.

Same rationale as Lines 12–19: avoid ABI and tooling drift; keep caches small and valid across the RN upgrade.

Within this range:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add Node setup step after checkout as shown in the earlier comment.

---

58-65: Repeat: remove node_modules from cache and pin Node 22 (type-check job).

Type-checks are especially sensitive to Node/Yarn drift and native ABI. Same changes recommended here.

Within this range:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add Node setup step after checkout as shown earlier.

---

90-97: Repeat: remove node_modules from cache and pin Node 22 (test-common job).

Same fix as earlier hunks to prevent flaky native rebuilds in tests and reduce cache bloat.

Within this range:

       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add Node setup step after checkout as shown earlier.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4539bec and 4f1d579.

📒 Files selected for processing (1)

• .github/workflows/common-ci.yml (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/common-ci.yml

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/common-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: e2e-ios
• GitHub Check: run_circuit_tests

🔇 Additional comments (1)

.github/workflows/common-ci.yml (1)

27-30: Potential path mismatch: common/dist vs packages/common/dist.

You cache “common/dist” while other packages live under “packages/**”. If @selfxyz/common actually resides at packages/common, this cache never stores the intended artifacts. Please verify and adjust paths consistently in save/restore steps across jobs.

If your repo uses packages/common, apply:

           path: |
-            common/dist
+            packages/common/dist
             packages/mobile-sdk-alpha/dist
-          key: build-deps-${{ runner.os }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}
+          key: build-deps-${{ runner.os }}-${{ hashFiles('packages/common/**/*', 'packages/mobile-sdk-alpha/**/*', '!packages/common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Guard against partial/empty builds before saving cache.

If build:deps succeeds only partially (or produces no dist), the subsequent cache.save may store empty dirs, and downstream jobs will “cache-hit” and skip rebuilding. Add a verification step that asserts dist contents exist, and gate the save step on the build step’s outcome plus the verification.

Proposed additions outside this range:

- name: Verify build outputs
  id: verify-build
  run: |
    set -euo pipefail
    test -d common/dist && [ -n "$(ls -A common/dist)" ] || { echo "common/dist missing or empty"; exit 1; }
    test -d packages/mobile-sdk-alpha/dist && [ -n "$(ls -A packages/mobile-sdk-alpha/dist)" ] || { echo "packages/mobile-sdk-alpha/dist missing or empty"; exit 1; }

# Then gate the cache save step:
- name: Cache build artifacts
  if: ${{ steps.verify-build.outcome == 'success' }}
  uses: actions/cache/save@v4
  with:
    path: |
      common/dist
      packages/mobile-sdk-alpha/dist
    key: build-deps-${{ runner.os }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}

To double-check the correct dist paths for @selfxyz/common in your repo structure, run:

---

🏁 Script executed:

#!/bin/bash
# Find the workspace location of @selfxyz/common to confirm whether it's 'common' or 'packages/common'
jq -r '.name + " " + .location' <<<"$(yarn workspaces list --json | jq -s add)" | grep '@selfxyz/common'

Length of output: 570

---

I’ll locate the actual workspace folders for both @selfxyz/common and @selfxyz/mobile-sdk-alpha by scanning all package.json files:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "🔍 Finding @selfxyz/common package.json location"
rg -n '"name":\s*"@selfxyz/common"' -g '**/package.json'

echo "🔍 Finding @selfxyz/mobile-sdk-alpha package.json location"
rg -n '"name":\s*"@selfxyz/mobile-sdk-alpha"' -g '**/package.json'

Length of output: 512

---

To verify exactly what build:deps produces (and which dist folders we need to guard), let’s extract the script definition from your @selfxyz/mobile-app workspace.

Once we know exactly which directories build:deps populates, we can lock in the verify+gate snippet for the cache step.

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1. Locate the mobile-app package.json
file=$(rg -l '"name":\s*"@selfxyz/mobile-app"' -g '**/package.json')
echo "📂 Found mobile-app package.json at: $file"

# 2. Print out the build:deps script so we can see its commands and output paths
echo "🔧 build:deps script:"
jq -r '.scripts["build:deps"]' "$file"

Length of output: 414

---

To confirm the exact output directories used by each build script, let’s inspect both build definitions:

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "🔧 common build script:"
jq -r '.scripts["build"]' common/package.json

echo "🔧 mobile-sdk-alpha build script:"
jq -r '.scripts["build"]' packages/mobile-sdk-alpha/package.json

Length of output: 349

---

Ensure non-empty build artifacts before caching

To prevent an empty or partial build from being cached (causing downstream jobs to skip rebuilding), gate the cache save on a check that both common/dist and packages/mobile-sdk-alpha/dist exist and are non-empty.

• File: .github/workflows/common-ci.yml
– After the Build dependencies step, insert a verification step.
– Modify the existing cache step to run only if verification succeeds.

@@ .github/workflows/common-ci.yml
       - name: Build dependencies
         run: yarn workspace @selfxyz/mobile-app run build:deps

+      - name: Verify build outputs
+        id: verify-build
+        run: |
+          set -euo pipefail
+          test -d common/dist && [ "$(ls -A common/dist)" ] \
+            || { echo "ERROR: common/dist is missing or empty"; exit 1; }
+          test -d packages/mobile-sdk-alpha/dist && [ "$(ls -A packages/mobile-sdk-alpha/dist)" ] \
+            || { echo "ERROR: packages/mobile-sdk-alpha/dist is missing or empty"; exit 1; }
+
-      - uses: actions/cache/save@v4
+      - if: steps.verify-build.outcome == 'success'
+        uses: actions/cache/save@v4
         with:
           path: |
             common/dist
             packages/mobile-sdk-alpha/dist
           key: build-deps-${{ runner.os }}-${{ hashFiles(
             'common/**/*',
             'packages/mobile-sdk-alpha/**/*',
             '!common/dist/**',
             '!packages/mobile-sdk-alpha/dist/**'
           ) }}

This guarantees caches are only populated when both dist folders have valid content.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Build dependencies
	run: yarn workspace @selfxyz/mobile-app run build:deps
	- name: Build dependencies
	run: yarn workspace @selfxyz/mobile-app run build:deps
	- name: Verify build outputs
	id: verify-build
	run: |
	set -euo pipefail
	test -d common/dist && [ "$(ls -A common/dist)" ] \
	|| { echo "ERROR: common/dist is missing or empty"; exit 1; }
	test -d packages/mobile-sdk-alpha/dist && [ "$(ls -A packages/mobile-sdk-alpha/dist)" ] \
	|| { echo "ERROR: packages/mobile-sdk-alpha/dist is missing or empty"; exit 1; }
	- if: steps.verify-build.outcome == 'success'
	uses: actions/cache/save@v4
	with:
	path: |
	common/dist
	packages/mobile-sdk-alpha/dist
	key: build-deps-${{ runner.os }}-${{ hashFiles(
	'common/**/*',
	'packages/mobile-sdk-alpha/**/*',
	'!common/dist/**',
	'!packages/mobile-sdk-alpha/dist/**'
	) }}

🤖 Prompt for AI Agents

In .github/workflows/common-ci.yml around lines 22-23, the workflow currently
caches build artifacts unconditionally after the "Build dependencies" step; add
a new step immediately after that which verifies both common/dist and
packages/mobile-sdk-alpha/dist exist and are non-empty (e.g., run a shell check
that sets an output or creates a file/exit status indicating success), and
update the subsequent cache save step to run only when that verification step
indicates success (use the verification step output or an if: condition so the
cache is saved only when both dist directories are present and non-empty).

[coderabbitai]

🛠️ Refactor suggestion

Treat “cache-hit but empty artifacts” as a miss; otherwise downstream types may break.

If restore hits but artifacts are empty/missing (e.g., saved from a bad run), you skip build:deps and then run yarn types with missing dists. Add a check step and extend the if condition to rebuild on missing artifacts.

Apply inside this range (adjusting the condition):

-      - name: Build dependencies (fallback on cache miss)
-        if: steps.restore-build-deps.outputs.cache-hit != 'true'
-        run: yarn workspace @selfxyz/mobile-app run build:deps
+      - name: Build dependencies (fallback or if artifacts missing)
+        if: steps.restore-build-deps.outputs.cache-hit != 'true' || steps.check-artifacts.outputs.missing == 'true'
+        run: yarn workspace @selfxyz/mobile-app run build:deps

Add the “check-artifacts” step right after the Restore step (outside this range):

- name: Check build artifacts presence
  id: check-artifacts
  run: |
    set -euo pipefail
    missing=false
    [ -d common/dist ] && [ -n "$(ls -A common/dist)" ] || missing=true
    [ -d packages/mobile-sdk-alpha/dist ] && [ -n "$(ls -A packages/mobile-sdk-alpha/dist)" ] || missing=true
    echo "missing=${missing}" >> "$GITHUB_OUTPUT"

Optional but safer: replace cross-run caches with same-run artifacts (upload in build, download here) to eliminate global cache staleness.

[coderabbitai]

🛠️ Refactor suggestion

Same artifact integrity concern as type-check; rebuild when restored artifacts are missing.

Mirror the “check + conditional rebuild” pattern here to avoid running tests with empty dists.

Apply inside this range:

-      - name: Build dependencies (fallback on cache miss)
-        if: steps.restore-build-deps.outputs.cache-hit != 'true'
-        run: yarn workspace @selfxyz/mobile-app run build:deps
+      - name: Build dependencies (fallback or if artifacts missing)
+        if: steps.restore-build-deps.outputs.cache-hit != 'true' || steps.check-artifacts.outputs.missing == 'true'
+        run: yarn workspace @selfxyz/mobile-app run build:deps

Add the “check-artifacts” step after the Restore step (outside this range), identical to the one suggested for the type-check job.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

.github/workflows/common-ci.yml lines 101-112: add a "check-artifacts" step
immediately after the restore-build-deps step (outside the shown range) that
mirrors the check from the type-check job: verify that common/dist and
packages/mobile-sdk-alpha/dist contain files (exit non-zero or set an output
flag when empty), then change the existing "Build dependencies (fallback on
cache miss)" step to run when the check indicates artifacts are missing (i.e.,
check output != 'true' or failure), ensuring tests never run against empty dists
and only rebuild when restored artifacts are absent or empty.

[transphorm]

not super confident in this mobile e2e pass...but just want to get it working for the upgrade pr.

going to do a quick pass in a follow up pr. will save the ci finalization pass for you @remicolin

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (4)

.github/workflows/common-ci.yml (4)

12-19: Stop caching node_modules; pin Node 22 and tighten cache version for RN 0.76 migration

Caching node_modules across jobs leads to stale/ABI-mismatched native builds and non-deterministic lint/type behavior—especially during the RN 0.76 + Node 22 upgrade. Also, the workflow doesn’t pin Node 22, which can cause the same issues. Replace node_modules caching with Yarn’s immutable cache only, and encode the Node bump in cache-version (or include it in the key) so caches bust correctly when runtimes change.

Apply these diffs in each of the four “Cache Yarn dependencies” steps:

@@
       - name: Cache Yarn dependencies
         uses: ./.github/actions/cache-yarn
         with:
           path: |
             .yarn/cache
-            node_modules
-            common/node_modules
-          cache-version: v1
+          cache-version: rn-0.76-node22-v1

Add Node setup right after checkout in each job (outside the selected range):

- name: Setup Node.js 22 and enable Corepack
  uses: actions/setup-node@v4
  with:
    node-version: '22'
    cache: 'yarn'
    cache-dependency-path: |
      **/yarn.lock
- run: corepack enable

Also applies to: 38-45, 58-65, 92-99

---

22-23: Gate cache save on actual build outputs to avoid poisoning cross-run caches

If build:deps partially fails or yields empty dist folders, the subsequent cache save will store empty artifacts. Downstream jobs then “cache-hit,” skip rebuilds, and run with missing types/runtime code. Verify outputs exist and only save the cache when verification passes.

       - name: Build dependencies
         run: yarn workspace @selfxyz/mobile-app run build:deps
+
+      - name: Verify build outputs
+        id: verify-build
+        run: |
+          set -euo pipefail
+          test -d common/dist && [ -n "$(ls -A common/dist)" ]
+          test -d packages/mobile-sdk-alpha/dist && [ -n "$(ls -A packages/mobile-sdk-alpha/dist)" ]
@@
-      - name: Cache build artifacts
-        uses: actions/cache/save@v4
+      - name: Cache build artifacts
+        if: steps.verify-build.outcome == 'success'
+        uses: actions/cache/save@v4
         with:
           path: |
             common/dist
             packages/mobile-sdk-alpha/dist
           key: build-deps-${{ runner.os }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}

Optional but safer: use upload/download-artifact within this workflow run instead of cross-run caches to eliminate stale artifacts.

Also applies to: 27-30

---

69-69: Treat “cache-hit but missing/empty artifacts” as a miss in type-check

A restore success doesn’t guarantee valid contents. Add an integrity check and rebuild @selfxyz/common when artifacts are missing to prevent type-checks against empty dists.

       - name: Restore build artifacts
         id: restore-build-deps
         uses: actions/cache/restore@v4
         with:
           path: |
             common/dist
             packages/mobile-sdk-alpha/dist
           key: build-deps-${{ runner.os }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}
         fail-on-cache-miss: false
+
+      - name: Check build artifacts presence
+        id: check-artifacts
+        run: |
+          set -euo pipefail
+          missing=false
+          [ -d common/dist ] && [ -n "$(ls -A common/dist)" ] || missing=true
+          [ -d packages/mobile-sdk-alpha/dist ] && [ -n "$(ls -A packages/mobile-sdk-alpha/dist)" ] || missing=true
+          echo "missing=${missing}" >> "$GITHUB_OUTPUT"
@@
-      - name: Build @selfxyz/common (fallback on cache miss)
-        if: steps.restore-build-deps.outputs.cache-hit != 'true'
+      - name: Build @selfxyz/common (fallback or if artifacts missing)
+        if: steps.restore-build-deps.outputs.cache-hit != 'true' || steps.check-artifacts.outputs.missing == 'true'
         run: yarn workspace @selfxyz/common build

Also applies to: 72-75, 78-78

---

103-103: Mirror the artifact integrity check in test-common

Prevent test runs against empty restored artifacts by rebuilding when dists are missing, same as type-check.

       - name: Restore build artifacts
         id: restore-build-deps
         uses: actions/cache/restore@v4
         with:
           path: |
             common/dist
             packages/mobile-sdk-alpha/dist
           key: build-deps-${{ runner.os }}-${{ hashFiles('common/**/*', 'packages/mobile-sdk-alpha/**/*', '!common/dist/**', '!packages/mobile-sdk-alpha/dist/**') }}
         fail-on-cache-miss: false
+
+      - name: Check build artifacts presence
+        id: check-artifacts
+        run: |
+          set -euo pipefail
+          missing=false
+          [ -d common/dist ] && [ -n "$(ls -A common/dist)" ] || missing=true
+          [ -d packages/mobile-sdk-alpha/dist ] && [ -n "$(ls -A packages/mobile-sdk-alpha/dist)" ] || missing=true
+          echo "missing=${missing}" >> "$GITHUB_OUTPUT"
@@
-      - name: Build @selfxyz/common (fallback on cache miss)
-        if: steps.restore-build-deps.outputs.cache-hit != 'true'
+      - name: Build @selfxyz/common (fallback or if artifacts missing)
+        if: steps.restore-build-deps.outputs.cache-hit != 'true' || steps.check-artifacts.outputs.missing == 'true'
         run: yarn workspace @selfxyz/common build

Also applies to: 106-109, 112-112

🧹 Nitpick comments (1)

.github/workflows/common-ci.yml (1)

27-30: Prefer same-run artifacts over cross-run caches for build outputs

actions/cache is optimized for dependency caches, not compiled outputs. Using upload-artifact/download-artifact within the same workflow run avoids global cache pollution, simplifies keys, and guarantees consistency across jobs.

Example replacement (outside this range):

# In build job
- name: Upload build artifacts
  uses: actions/upload-artifact@v4
  with:
    name: build-deps-${{ github.sha }}
    path: |
      common/dist
      packages/mobile-sdk-alpha/dist

# In type-check and test-common jobs
- name: Download build artifacts
  uses: actions/download-artifact@v4
  with:
    name: build-deps-${{ github.sha }}
    path: .

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4f1d579 and 9687830.

📒 Files selected for processing (1)

• .github/workflows/common-ci.yml (3 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/common-ci.yml

📚 Learning: 2025-08-24T18:54:04.799Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursor/rules/mobile-sdk-migration.mdc:0-0
Timestamp: 2025-08-24T18:54:04.799Z
Learning: Applies to packages/mobile-sdk-alpha/package.json : Expose a 'test:build' script in the SDK's package.json that runs build, test, types, and lint

Applied to files:

• .github/workflows/common-ci.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: e2e-ios
• GitHub Check: analyze-android
• GitHub Check: run_circuit_tests

🔇 Additional comments (2)

.github/workflows/common-ci.yml (2)

80-81: Good: Decoupled build of @selfxyz/mobile-sdk-alpha

Building the SDK unconditionally removes hidden coupling on common/dist cache hits and prevents missing-type failures later. Keep this.

---

114-115: Good: Always building @selfxyz/mobile-sdk-alpha before tests

Ensures tests don’t run with stale/missing SDK outputs. This aligns with the earlier recommendation to avoid relying on common/dist cache hits.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/mobile-e2e.yml (1)

183-193: Use setup-xcode outputs instead of hardcoding /Applications/Xcode_${XCODE_VERSION}.app

The action exposes the resolved Xcode path; switching via that output is more robust across runner image changes and naming differences. Add an id and switch to the output path.

-      - name: Set up Xcode
-        uses: maxim-lobanov/setup-xcode@v1
+      - name: Set up Xcode
+        id: setup-xcode
+        uses: maxim-lobanov/setup-xcode@v1
         with:
           xcode-version: ${{ env.XCODE_VERSION }}
       - name: Configure Xcode path
         run: |
           echo "🔧 Configuring Xcode path to fix iOS SDK issues..."
           # Fix for macOS 15 runner iOS SDK issues
           # See: https://github.com/actions/runner-images/issues/12758
-          sudo xcode-select --switch /Applications/Xcode_${{ env.XCODE_VERSION }}.app
+          sudo xcode-select --switch "${{ steps.setup-xcode.outputs.path }}"
           echo "✅ Xcode path configured"

Reference: setup-xcode provides outputs.path and outputs.version. (github.com)

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9687830 and 6560247.

📒 Files selected for processing (1)

• .github/workflows/mobile-e2e.yml (11 hunks)

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-08-02T23:53:45.928Z

Learnt from: transphorm
PR: selfxyz/self#823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

Applied to files:

• .github/workflows/mobile-e2e.yml

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-e2e.yml

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: E2E testing with Maestro for platform-specific flows

Applied to files:

• .github/workflows/mobile-e2e.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: run_circuit_tests
• GitHub Check: e2e-ios
• GitHub Check: analyze-android

🔇 Additional comments (1)

.github/workflows/mobile-e2e.yml (1)

63-66: Good guardrails: fail fast when Maestro E2E files are missing

These checks prevent wasted CI minutes and produce actionable errors early. LGTM.

Also applies to: 168-171

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/mobile-e2e.yml (3)

32-33: Keep Android build validation on; gate only emulator/tests.

Disabling the whole job removes build-time regression coverage during a risky RN/AGP upgrade. Keep assemble running to catch Java/Kotlin/Gradle breakages, and disable only the emulator + Maestro steps until the disk issue is fixed.

Apply:

   e2e-android:
-    if: false # Temporarily disable Android E2E until emulator disk issue resolved
+    # Keep build validation; gate only emulator/tests until emulator disk issue is resolved

@@
-      - name: Install and Test on Android
+      - name: Install and Test on Android
+        if: false # Temporarily disabled until emulator disk issue resolved

Also applies to: 101-104

---

72-76: Pin Maestro installer to MAESTRO_VERSION for reproducible CI.

Cache is keyed to MAESTRO_VERSION, but the install script currently fetches “latest,” creating drift. Pin the installer to the cached version.

       - name: Install Maestro
         if: steps.cache-maestro.outputs.cache-hit != 'true'
-        run: curl -Ls "https://get.maestro.mobile.dev" | bash
+        env:
+          MAESTRO_VERSION: ${{ env.MAESTRO_VERSION }}
+        run: curl -Ls "https://get.maestro.mobile.dev" | bash -s -- --version "${MAESTRO_VERSION}"

---

176-181: Apply the same Maestro version pin on iOS.

Mirror the Android fix to avoid cross-platform version skew.

       - name: Install Maestro
         if: steps.cache-maestro.outputs.cache-hit != 'true'
-        run: curl -Ls "https://get.maestro.mobile.dev" | bash
+        env:
+          MAESTRO_VERSION: ${{ env.MAESTRO_VERSION }}
+        run: curl -Ls "https://get.maestro.mobile.dev" | bash -s -- --version "${MAESTRO_VERSION}"

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6560247 and 28299a1.

📒 Files selected for processing (1)

• .github/workflows/mobile-e2e.yml (11 hunks)

🧰 Additional context used

🧠 Learnings (3)

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: Use yarn scripts: yarn ios/android for builds, yarn test for unit tests, and Fastlane for deployments

Applied to files:

• .github/workflows/mobile-e2e.yml

📚 Learning: 2025-08-02T23:53:45.928Z

Learnt from: transphorm
PR: selfxyz/self#823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

Applied to files:

• .github/workflows/mobile-e2e.yml

📚 Learning: 2025-08-24T18:52:25.766Z

Learnt from: CR
PR: selfxyz/self#0
File: .cursorrules:0-0
Timestamp: 2025-08-24T18:52:25.766Z
Learning: E2E testing with Maestro for platform-specific flows

Applied to files:

• .github/workflows/mobile-e2e.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: e2e-ios
• GitHub Check: analyze-android
• GitHub Check: run_circuit_tests

[coderabbitai]

🛠️ Refactor suggestion

ruby/setup-ruby: bundler-cache isn’t scoped to app/Gemfile (working-directory is ignored).

The action doesn’t support a working-directory input; bundler-cache will look in repo root, so gems won’t be cached/installed for app/Gemfile. This causes non-deterministic gem installs and slower pod steps.

Use BUNDLE_GEMFILE to scope bundler-cache:

-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: "3.3"
-          bundler-cache: true
-          working-directory: app
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        env:
+          BUNDLE_GEMFILE: app/Gemfile
+        with:
+          ruby-version: "3.3"
+          bundler-cache: true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Set up Ruby
	uses: ruby/setup-ruby@v1
	with:
	path: app/vendor/bundle
	lock-file: app/Gemfile.lock
	cache-version: ${{ env.GH_CACHE_VERSION }}-${{ env.GH_GEMS_CACHE_VERSION }}-ruby${{ env.RUBY_VERSION }}
	ruby-version: "3.3"
	bundler-cache: true
	working-directory: app
	- name: Cache Pods
	- name: Set up Ruby
	uses: ruby/setup-ruby@v1
	env:
	BUNDLE_GEMFILE: app/Gemfile
	with:
	ruby-version: "3.3"
	bundler-cache: true
	- name: Cache Pods

🤖 Prompt for AI Agents

.github/workflows/mobile-e2e.yml lines 199-205: the ruby/setup-ruby step is
using bundler-cache but working-directory is ignored so bundler-cache looks at
repo root; set BUNDLE_GEMFILE to scope bundler-cache to app/Gemfile and ensure
subsequent steps use that Gemfile. Update the ruby/setup-ruby step to include an
env mapping BUNDLE_GEMFILE: app/Gemfile (or export BUNDLE_GEMFILE before running
the action), remove reliance on working-directory for bundler-cache, and confirm
later pod/install steps run with the same BUNDLE_GEMFILE or explicitly run in
the app directory.