github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-01-09 06:38:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: unify lightweight deps and workflow node version (#906)

Browse Source 
* chore: unify lightweight deps and workflow node version

* gigamind flow updates

* standardize workflows

* fix workflow

* improvements

* Gigamind tweaks (#911)

* save gigamind updates

* keep manual review on for now

* pr feedback

* fix pipeline

* make runner more dynamic

* fix regex

* fixes

* update simulator

* fixes

* fixes

* fix regex

* try again

* test

* revert back to dev settings

* mobile fixes

* fixes

* fix runtime

* just use latest

* pr feedback

* remove template

* Update .github/workflows/mobile-e2e.yml

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
This commit is contained in:
Justin Hernandez
2025-08-17 21:00:36 -07:00
committed by GitHub
parent 76f4980ef6
commit 691e8b1517
23 changed files with 938 additions and 417 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
.cursor/mcp.json Normal file
View File

@@ -0,0 +1,16 @@
{
"mcpServers": {
"giga": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://mcp.gigamind.dev/mcp"
]
}
},
"settings": {
"disableAutoPRAnalysis": true,
"manualReviewEnabled": true
}
}

153
.cursor/rules/compliance-verification.mdc
View File

@@ -1,7 +1,7 @@
---
description: Specification for analyzing compliance verification systems including OFAC checks, age verification, and forbidden country validation
description: Critical compliance verification requirements for OFAC checks, age verification, and forbidden country validation
version: 1.0.0
status: draft
status: active
owners:
- team: compliance-platform
- team: mobile-identity
@@ -12,107 +12,88 @@ importanceJustification: Direct implementation of critical regulatory compliance
contextUsageNote: If this file is used to add in-context notes, include a single italicized line stating what specific information was used from this file in sentence case.
---
# Compliance Verification System Specification
# Compliance Verification Requirements
## 1. Multi-Factor Compliance Verification
## 1. OFAC Compliance Checks
- OFAC (Office of Foreign Assets Control) checks across three dimensions:
* Passport number verification
* Name + Date of Birth verification
* Name + Year of Birth verification
- Age verification with "olderThan" checks and day-level granularity
- Forbidden countries validation using efficient packed lists
- Timestamp-based verification with 24-hour window validation
### Three-Tier Verification System
- **Passport Number Check**: Direct passport number validation against OFAC lists
- **Name + DOB Check**: Full name with exact date of birth verification
- **Name + Year Check**: Name with year of birth verification (defaults to Jan-01)
### Matching and Normalization Requirements
### Data Normalization Requirements
- **Names**: Case-folding, Unicode NFKC normalization, diacritics removal
- **Fuzzy Matching**: JaroWinkler algorithm with ≥0.92 threshold
- **Passport Numbers**: Whitespace/punctuation removal, country-specific format validation
- **Dates**: ISO 8601 format (YYYY-MM-DD) required
- **Names MUST be normalized** prior to matching (case-folding, Unicode NFKC, diacritics removal) and compared using a fuzzy algorithm with a documented threshold (e.g., JaroWinkler >= 0.92). Record the algorithm and threshold in circuit public inputs.
- **Date inputs MUST be ISO 8601** (YYYY-MM-DD). For year-of-birth checks, explicitly state whether defaulting to Jan-01 is permitted or whether circuits encode year-only comparisons.
- **Passport numbers MUST be normalized** for whitespace and punctuation and validated against country-specific formats where available.
### Privacy Protection
- **No Raw PII**: All PII committed via domain-separated hashes (Poseidon("ofac-v1" || value))
- **Per-Issuer Salt**: Unique salt per issuing country for additional privacy
- **On-Chain Privacy**: Only nullifiers/commitments published, no linkable identity data
### Time and Replay Control
## 2. Age Verification
- All time comparisons MUST use UTC. Define an allowed clock drift (e.g., ±5 minutes) and reject proofs outside the 24-hour window adjusted by drift.
- The timestamp MUST be bound into the proof signature/statement to prevent replay.
- For mobile clients, avoid trusting device wall-clock alone; obtain a trusted time anchor (e.g., server-signed time token or chain block timestamp) and include it in the proof.
### Implementation Requirements
- **Granularity**: Day-level precision for age verification
- **Format**: "olderThan" checks with ISO 8601 date inputs
- **Privacy**: Age verification without revealing actual date of birth
- **Zero-Knowledge**: Proof of age without disclosing DOB
### Privacy and PII Handling
### Circuit Implementation
- **Location**: `circuits/circuits/disclose/disclose.circom`
- **Input**: Date of birth (private), minimum age (public)
- **Output**: Boolean proof of age requirement satisfaction
- **Validation**: Day-level comparison with proper date arithmetic
- No raw PII (names, DoB, passport numbers) may leave the device. PII MUST be committed via domain-separated hashes (e.g., Poseidon("ofac-v1" || value) with per-issuer salt).
- All on-chain data MUST remain non-linkable to the underlying identity; only nullifiers/commitments are published.
## 3. Forbidden Country Validation
### Forbidden Countries "Packed List"
### Data Structure
- **Implementation**: Bloom filter with ≤1e-6 false positive rate
- **Distribution**: JWS/JWT protected with key rotation and KID
- **Update Cadence**: Weekly updates with 24-hour cache TTL
- **Versioning**: Filter seed versioning for updates
- Define the data structure (bitset vs Bloom filter). If Bloom filter is used, specify acceptable false positive rate (e.g., ≤ 1e-6) and version the filter seed.
- Distribution MUST be integrity-protected (JWS/JWT or Merkle root) with key rotation and a KID. Specify update cadence and cache TTL.
### Validation Process
- **Country Code**: ISO 3166-1 alpha-3 format validation
- **Zero-Knowledge**: Proof of non-inclusion without revealing country
- **Circuit Integration**: Integrated into disclosure proof circuit
- **Fallback**: Graceful degradation when filter unavailable
## 2. Document Validation Architecture
## 4. Time and Replay Control
- Enforces date validation within specific time windows
- Validates forbidden countries against predefined restricted lists
- Implements age requirements through date comparison
- Manages multiple verification circuits based on signature types
### Timestamp Requirements
- **Time Source**: UTC timestamps only
- **Clock Drift**: ±5 minutes tolerance allowed
- **Window**: 24-hour verification window with drift adjustment
- **Binding**: Timestamp bound into proof signature to prevent replay
### Circuit Catalog and Versioning
### Mobile Client Considerations
- **Trusted Time**: Server-signed time tokens or chain block timestamps
- **Device Clock**: Do not trust device wall-clock alone
- **Time Anchor**: Include trusted time anchor in proof generation
- **Validation**: Verify time anchor authenticity before proof generation
- Maintain a registry of circuit IDs, semantic versions, and public input schemas. Clients fetch the active set via a signed manifest.
- Define an upgrade policy (grace period, deprecation windows) and backward-compatibility expectations.
## 5. Implementation Constraints
### Mobile Proof Generation Constraints
### Performance Requirements
- **Proof Generation**: <60s on mid-tier mobile devices
- **Memory Usage**: <300MB peak memory
- **Network Calls**: Idempotent with exponential backoff
- **Offline Support**: Cached data with ETag/versioning
- Provide target proof generation limits for RN clients (e.g., <60s on mid-tier devices, <300MB peak memory).
- Define a fallback to a remote prover that never receives raw PII/witness; only receives commitments and obtains a zero-knowledge witness via on-device secure enclave or chunked witness encryption.
- Clearly separate on-device vs server responsibilities to minimize battery impact and avoid UI jank (background task, progress events).
### Error Handling
- **Graceful Degradation**: Fallback when external services unavailable
- **Error Codes**: Deterministic error codes without sensitive data
- **Retry Logic**: Exponential backoff with jitter
- **User Feedback**: Clear error messages without PII exposure
## 3. Verification Rules Engine
### Security Requirements
- **Cryptographic Standards**: Approved algorithms and key sizes
- **Key Management**: Proper rotation and secure storage
- **Randomness**: CSPRNG with entropy validation
- **Audit Trails**: Privacy-preserving audit logs
- Custom document verification workflow combining multiple proof types
- Parallel verification paths for different identity document types
- Sequential verification steps through commitment registration
- Integration with external compliance data sources
### External Data Source Integration
- Specify SLAs (latency, availability) and client-side retry/backoff policy. All calls MUST be idempotent and resumable.
- Implement signed data snapshots with ETag/versioning for offline-first behavior; cache with explicit TTLs and verify signatures before use.
- Do not transmit any raw PII to external providers; only use hashed/committed forms compatible with the circuits.
- Define deterministic error codes for user feedback and analytics without leaking sensitive data.
## 4. Identity Registry Management
- Maintains Merkle trees for identity commitments and DSC keys
- Implements OFAC compliance checks with multiple verification roots
- Manages nullifier tracking to prevent duplicate registrations
- Handles CSCA root verification for document signing authority
### Registry Parameters
- For each Merkle tree, define tree height, hash function (e.g., Poseidon params), and root rotation cadence. Publish active roots and deprecation windows on-chain.
- Specify chain IDs and contract addresses for each environment (dev/test/prod) and the required finality before roots are considered valid.
- Nullifiers MUST be domain-separated by purpose (e.g., "register", "kyc-check") to prevent unintended linkability across workflows.
- Define revocation list handling (CSCA/DSC CRLs), update cadence, and signature verification process. Cache with signed manifests and KID-based key rotation.
## 5. Implementation Guidelines
### Circuit Versioning Strategy
- Use semantic versioning (MAJOR.MINOR.PATCH) for all circuits
- MAJOR version changes require new circuit deployment and client migration
- MINOR version changes maintain backward compatibility
- PATCH version changes are bug fixes only
### Error Handling and Recovery
- Implement graceful degradation when external services are unavailable
- Provide clear error messages for users without exposing sensitive data
- Log non-identifying metadata for debugging and analytics
- Implement retry mechanisms with exponential backoff
### Security Considerations
- All cryptographic operations must use approved algorithms and key sizes
- Implement proper key management and rotation procedures
- Ensure secure random number generation for all cryptographic operations
- Regular security audits and penetration testing
This specification focuses on the critical compliance requirements with specific implementation details and constraints.
$END$

53
.cursor/rules/cryptographic-circuits.mdc
View File

@@ -1,53 +0,0 @@
---
description: Technical documentation of the zero-knowledge proof circuits, including register circuits, DSC proofs, and disclosure proofs with their validation mechanisms
version: 1.0.0
status: draft
owners:
- team: cryptography
- team: mobile-identity
lastUpdated: 2025-01-12
specId: cryptographic-circuits
importanceScore: 85
importanceJustification: Core cryptographic implementation specification for zero-knowledge proofs and circuit validation.
contextUsageNote: If this file is used to add in-context notes, include a single italicized line stating what specific information was used from this file in sentence case.
---
# Cryptographic Circuits Specification
## 1. Register Circuits
### Identity Commitment Generation
- Poseidon hash-based commitment scheme
- Domain separation for different commitment types
- Nullifier generation for duplicate prevention
### Circuit Parameters
- Field size and security parameters
- Hash function specifications
- Public input validation rules
## 2. DSC Proofs
### Document Signer Certificate Validation
- Certificate chain verification
- Signature algorithm support (RSA, ECDSA)
- Revocation list checking
### Proof Generation Constraints
- Memory and computation limits
- Deterministic randomness requirements
- Proof size optimization
## 3. Disclosure Proofs
### Selective Attribute Revelation
- Merkle-based attribute verification
- Privacy-preserving age verification
- Granular field disclosure
### Circuit Optimization
- Efficient hash function usage
- Minimal public input requirements
- Fast verification algorithms
$END$

65
.cursor/rules/data-models.mdc
View File

@@ -1,65 +0,0 @@
---
description: Documentation of core data structures including identity commitments, DSC key commitments, nullifier tracking, and verification configurations
version: 1.0.0
status: draft
owners:
- team: mobile-identity
- team: backend-api
lastUpdated: 2025-01-12
specId: data-models
importanceScore: 80
importanceJustification: Core data structure definitions that ensure consistency across the identity verification system.
contextUsageNote: If this file is used to add in-context notes, include a single italicized line stating what specific information was used from this file in sentence case.
---
# Data Models Specification
## 1. Identity Commitments
### Commitment Structure
- Poseidon hash of identity data
- Domain separation for different commitment types
- Timestamp and version information
### Commitment Types
- Passport identity commitments
- EU ID card commitments
- Cross-chain commitment linking
## 2. DSC Key Commitments
### Key Commitment Format
- Public key hash with domain separation
- Certificate chain validation data
- Revocation status tracking
### Key Management
- Key rotation procedures
- Backup and recovery mechanisms
- Security parameter specifications
## 3. Nullifier Tracking
### Nullifier Generation
- Domain-separated nullifier creation
- Duplicate prevention mechanisms
- Cross-chain nullifier validation
### Nullifier Storage
- Efficient storage and retrieval
- Privacy-preserving nullifier management
- Audit trail maintenance
## 4. Verification Configurations
### Configuration Parameters
- Circuit version specifications
- Verification threshold settings
- Compliance rule configurations
### Configuration Management
- Version control and updates
- Environment-specific configurations
- Security parameter management
$END$

61
.cursor/rules/identity-verification-flow.mdc
View File

@@ -1,61 +0,0 @@
---
description: Detailed documentation of the multi-step identity verification process, including passport and EU ID card verification paths, proof verification pipeline, and attestation workflows
version: 1.0.0
status: draft
owners:
- team: mobile-identity
- team: compliance-platform
lastUpdated: 2025-01-12
specId: identity-verification-flow
importanceScore: 90
importanceJustification: Core workflow specification for the identity verification process with multi-step attestation and proof generation.
contextUsageNote: If this file is used to add in-context notes, include a single italicized line stating what specific information was used from this file in sentence case.
---
# Identity Verification Flow Specification
## 1. Multi-Step Verification Process
### Passport Verification Path
- NFC chip data extraction and validation
- Document Signer Certificate (DSC) verification
- Zero-knowledge proof generation for privacy
- Multi-stage attestation verification
- Cross-chain verification support
### EU ID Card Verification Path
- Similar process to passport verification
- Additional EU-specific compliance checks
- Regional document format validation
## 2. Proof Verification Pipeline
### Register Circuit Verification
- Identity commitment generation and validation
- Nullifier creation to prevent duplicate registrations
- Merkle tree inclusion proofs for privacy
### DSC Proof Verification
- Document Signer Certificate validation
- Cryptographic signature verification
- Certificate chain validation
### Disclosure Proof Verification
- Selective attribute revelation
- Privacy-preserving age verification
- Granular document field disclosure
## 3. Attestation Workflows
### User Identifier Verification
- User identifier verification through double-hashing with domain separation:
H2 = Hash("IDH" || Hash("IDH" || userIdentifier))
- Attestation storage with nullifier tracking
- Support for cross-chain verification results
### Verification Result Management
- Secure storage of verification results
- Privacy-preserving result sharing
- Audit trail maintenance
$END$

161
.cursor/rules/technical-specification.mdc Normal file
View File

@@ -0,0 +1,161 @@
# Technical Specification: Identity Verification System
## 1. Zero-Knowledge Proof Circuits
### Register Circuit Implementation
- **Circuit Location**: `circuits/circuits/register/register.circom`
- **Purpose**: Generate identity commitments and nullifiers for passport/ID verification
- **Input Validation**:
- Passport number: normalized (whitespace/punctuation removed)
- Date of birth: ISO 8601 format (YYYY-MM-DD)
- Expiry date: ISO 8601 format (YYYY-MM-DD)
- Country code: ISO 3166-1 alpha-3 format
- **Output**: Poseidon hash commitment with domain separation `"register-v1"`
### DSC Proof Circuit
- **Circuit Location**: `circuits/circuits/dsc/dsc.circom`
- **Purpose**: Validate Document Signer Certificate authenticity
- **Validation Steps**:
- Certificate chain verification (CSCA → DSC)
- Signature algorithm support (RSA-2048, ECDSA-P256)
- Revocation list checking via Merkle inclusion
- **Memory Constraints**: <300MB peak memory usage
### Disclosure Proof Circuit
- **Circuit Location**: `circuits/circuits/disclose/vc_and_disclose.circom`
- **Purpose**: Selective attribute revelation with privacy preservation
- **Supported Disclosures**:
- Age verification: "olderThan" with day granularity
- Country verification: forbidden country checks
- Document type: passport vs EU ID card
- **Privacy**: No raw PII leaves device, only commitments
## 2. Data Models & Structures
### Identity Commitment Format
```typescript
interface IdentityCommitment {
commitment: string; // Poseidon hash
nullifier: string; // Domain-separated nullifier
timestamp: number; // UTC timestamp
version: string; // Circuit version
documentType: 'passport' | 'eu_id_card';
}
```
### DSC Key Commitment
```typescript
interface DSCKeyCommitment {
publicKeyHash: string; // Poseidon hash of public key
certificateChain: string[]; // Certificate chain hashes
revocationStatus: boolean; // Revocation list inclusion
issuer: string; // Issuing country code
}
```
### Verification Configuration
```typescript
interface VerificationConfig {
circuitVersion: string; // Semantic versioning
complianceRules: ComplianceRule[];
timeWindow: number; // 24-hour window in seconds
clockDrift: number; // ±5 minutes tolerance
trustAnchors: string[]; // Trusted certificate authority roots
revocationRoots: string[]; // Certificate revocation list roots
timeSource: string; // NTP server for time validation
nullifierScope: string; // Domain separation for nullifiers
}
```
## 3. Identity Verification Workflows
### Passport Verification Path
1. **NFC Data Extraction**: Read passport chip via NFC
2. **MRZ Validation**: Parse and validate Machine Readable Zone
3. **DSC Verification**: Validate Document Signer Certificate
4. **Register Proof**: Generate identity commitment
5. **Compliance Check**: OFAC screening via zero-knowledge proofs
6. **Attestation**: Create privacy-preserving attestation
### EU ID Card Verification Path
1. **Similar to passport** with EU-specific compliance checks
2. **Additional validation**: EU document format requirements
3. **Regional compliance**: EU-specific forbidden country lists
### Cross-Chain Verification
- **Commitment linking**: Link commitments across different chains
- **Nullifier tracking**: Prevent duplicate registrations across chains
- **Attestation portability**: Share attestations across ecosystems
## 4. Implementation Requirements
### Cryptographic Standards
- **Hash Function**: Poseidon (optimized for ZK circuits)
- **Field Size**: BN254 scalar field (254 bits)
- **Key Sizes**: RSA-2048 minimum, ECDSA-P256 preferred
- **Randomness**: CSPRNG with entropy validation
- **Signature Scheme**: EdDSA over BabyJubJub (zk-friendly)
- **MRZ Validation**: Check digits validation for data integrity
- **Authentication**: Passive/active authentication modes
- **NFC Security**: Secure channel establishment with PACE/BAC
### Performance Constraints
- **Proof Generation**: <60s on mid-tier mobile devices
- **Memory Usage**: <300MB peak memory
- **Bundle Size**: <2MB SDK bundle size
- **Startup Time**: <1s SDK initialization
### Security Requirements
- **PII Protection**: No raw PII in logs or network traffic
- **Key Management**: Secure key storage with rotation
- **Audit Trails**: Privacy-preserving audit logs
- **Input Validation**: Comprehensive input sanitization
- **OFAC Anchoring**: Signed list snapshots with freshness guarantees
- **Cross-Chain Privacy**: Domain-separated nullifiers prevent linkability
- **Hardware Security**: Hardware keystore requirements for mobile
- **TLS Pinning**: Certificate pinning for secure communications
- **Telemetry Minimization**: Minimal data collection and transmission
## 5. Error Handling & Recovery
### Circuit Errors
- **Invalid Input**: Clear error codes for malformed data
- **Proof Failure**: Graceful degradation with retry logic
- **Memory Limits**: Client-side only - no server-side proving fallback
- **Timeout Handling**: Configurable timeouts with progress events
### Network Errors
- **Retry Logic**: Exponential backoff with jitter
- **Offline Support**: Cached verification data
- **Graceful Degradation**: Fallback verification methods
- **Error Reporting**: Non-identifying error metadata
## 6. Testing Requirements
### Circuit Testing
- **Unit Tests**: Individual circuit component testing
- **Integration Tests**: End-to-end proof generation
- **Performance Tests**: Memory and timing validation
- **Security Tests**: Cryptographic validation
### SDK Testing
- **Cross-Platform**: iOS, Android, Web compatibility
- **Memory Profiling**: Memory leak detection
- **Bundle Analysis**: Tree-shaking validation
- **Integration Testing**: App integration validation
## 7. Deployment & Versioning
### Circuit Versioning
- **Semantic Versioning**: MAJOR.MINOR.PATCH
- **Backward Compatibility**: MINOR versions maintain compatibility
- **Migration Strategy**: Graceful migration with deprecation windows
- **Rollback Plan**: Emergency rollback procedures
### SDK Distribution
- **Package Management**: npm/yarn distribution
- **Version Compatibility**: Circuit version compatibility matrix
- **Documentation**: Comprehensive API documentation
- **Examples**: Integration examples and demos
This specification provides concrete implementation guidance for the identity verification system with specific technical requirements, performance constraints, and development patterns.

23
.giga/specifications.json
View File

@@ -1,27 +1,22 @@
[
{
"fileName": "main-overview.mdc",
"path": ".cursorrules",
"path": ".cursor/rules",
"description": "Complete system overview of the identity verification platform, covering the passport/ID verification workflow, zero-knowledge proof system, and compliance mechanisms"
},
{
"fileName": "identity-verification-flow.mdc",
"path": ".cursor/rules/identity-verification-flow.mdc",
"description": "Detailed documentation of the multi-step identity verification process, including passport and EU ID card verification paths, proof verification pipeline, and attestation workflows"
"fileName": "mobile-sdk-migration.mdc",
"path": ".cursor/rules",
"description": "Comprehensive migration strategy and testing-first approach for porting identity verification logic from app to mobile-sdk-alpha package with detailed checklist and validation workflow"
},
{
"fileName": "cryptographic-circuits.mdc",
"path": ".cursor/rules/cryptographic-circuits.mdc",
"description": "Technical documentation of the zero-knowledge proof circuits, including register circuits, DSC proofs, and disclosure proofs with their validation mechanisms"
},
{
"fileName": "data-models.mdc",
"path": ".cursor/rules/data-models.mdc",
"description": "Documentation of core data structures including identity commitments, DSC key commitments, nullifier tracking, and verification configurations"
"fileName": "technical-specification.mdc",
"path": ".cursor/rules",
"description": "Consolidated technical implementation specification for zero-knowledge proof circuits, data models, verification workflows, and implementation requirements with performance constraints"
},
{
"fileName": "compliance-verification.mdc",
"path": ".cursor/rules/compliance-verification.mdc",
"description": "Details of the compliance verification system including OFAC checks, age verification, forbidden country validation, and timestamp-based verifications"
"path": ".cursor/rules",
"description": "Critical compliance verification requirements for OFAC checks, age verification, and forbidden country validation with specific implementation details and constraints"
}
]

18
.github/workflows/contracts.yml vendored
View File

@@ -21,11 +21,23 @@ jobs:
environment: development
steps:
- uses: actions/checkout@v4
- name: Set Node.js 22.x
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Set Node.js
uses: actions/setup-node@v4
with:
node-version: 22
node-version: ${{ env.NODE_VERSION }}
- name: Install Dependencies
uses: ./.github/actions/yarn-install
- name: Prettier Check - Code Formatting

39
.github/workflows/mobile-bundle-analysis.yml vendored
View File

@@ -1,7 +1,6 @@
name: Mobile Bundle Analysis
env:
NODE_VERSION: 22
RUBY_VERSION: 3.2
JAVA_VERSION: 17
WORKSPACE: ${{ github.workspace }}
@@ -20,6 +19,23 @@ jobs:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache Node Modules
uses: actions/cache@v4
with:
@@ -27,9 +43,9 @@ jobs:
.yarn/cache
node_modules
app/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Cache Ruby Bundler
uses: actions/cache@v4
with:
@@ -64,6 +80,23 @@ jobs:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache Node Modules
uses: actions/cache@v4
with:

152
.github/workflows/mobile-ci.yml vendored
View File

@@ -1,7 +1,7 @@
name: Mobile CI
env:
# Build environment versions
NODE_VERSION: 22
# Node version is read from .nvmrc during workflow execution
RUBY_VERSION: 3.2
JAVA_VERSION: 17
# Path configuration
@@ -20,6 +20,23 @@ jobs:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache Node Modules
uses: actions/cache@v4
with:
@@ -27,9 +44,9 @@ jobs:
.yarn/cache
node_modules
app/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
- name: Build Dependencies
@@ -46,6 +63,23 @@ jobs:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Cache Node Modules
uses: actions/cache@v4
with:
@@ -53,9 +87,9 @@ jobs:
.yarn/cache
node_modules
app/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
@@ -69,12 +103,27 @@ jobs:
runs-on: macos-14
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: Set up Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
# some cocoapods won't compile with xcode 16.3
xcode-version: "16.2"
xcode-version: "16.4"
- uses: actions/checkout@v4
- name: Cache Node Modules
@@ -84,9 +133,9 @@ jobs:
.yarn/cache
node_modules
app/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Cache Ruby Bundler
uses: actions/cache@v4
with:
@@ -101,6 +150,25 @@ jobs:
key: ${{ runner.os }}-pods-${{ hashFiles('app/ios/Podfile.lock') }}
restore-keys: |
${{ runner.os }}-pods-
- name: Verify CocoaPods Cache
run: |
echo "Checking CocoaPods cache status..."
if [ -d "app/ios/Pods" ] && [ "$(ls -A app/ios/Pods)" ]; then
echo "✅ CocoaPods cache restored successfully"
ls -la app/ios/Pods/ | head -10
# Check if key files exist
if [ ! -f "app/ios/Podfile.lock" ]; then
echo "⚠️ Podfile.lock is missing - pods cache may be stale"
fi
# If Pods directory exists but is incomplete, clear only Pods; keep Podfile.lock
if [ ! -d "app/ios/Pods" ] || [ -z "$(ls -A app/ios/Pods 2>/dev/null)" ]; then
echo "⚠️ Pods directory incomplete - clearing Pods (preserving Podfile.lock)"
rm -rf app/ios/Pods
fi
else
echo "⚠️ CocoaPods cache is empty or missing - will install fresh"
fi
- name: Cache Gradle
uses: actions/cache@v4
with:
@@ -111,12 +179,60 @@ jobs:
restore-keys: |
${{ runner.os }}-gradle-
- name: Install Mobile Dependencies
uses: ./.github/actions/mobile-setup
with:
app_path: ${{ env.APP_PATH }}
node_version: ${{ env.NODE_VERSION }}
ruby_version: ${{ env.RUBY_VERSION }}
workspace: ${{ env.WORKSPACE }}
- name: Install And Build
run: yarn install-app
uses: ./.github/actions/yarn-install
- name: Build Dependencies
run: yarn build:deps
working-directory: ./app
- name: Install iOS Dependencies
run: |
echo "Installing iOS dependencies..."
cd app/ios
# Clean Pods directory if it's corrupted or empty
if [ ! -d "Pods" ] || [ -z "$(ls -A Pods 2>/dev/null)" ]; then
echo "Cleaning empty/corrupted Pods directory..."
rm -rf Pods Podfile.lock
fi
# Install pods
bundle exec pod install --silent || { echo "❌ Pod install failed"; exit 1; }
echo "✅ Pods installed successfully"
# Verify installation
if [ ! -d "Pods" ] || [ -z "$(ls -A Pods 2>/dev/null)" ]; then
echo "❌ Pods directory is still empty after installation"
exit 1
fi
echo "Pods directory contents:"
ls -la Pods/ | head -10
# Verify key files exist
if [ ! -f "Pods/Target Support Files/Pods-Self/Pods-Self.debug.xcconfig" ]; then
echo "❌ Key CocoaPods configuration file missing"
exit 1
fi
echo "✅ iOS dependencies installed successfully"
- name: Verify iOS Workspace
run: |
echo "Verifying iOS workspace setup..."
cd app/ios
if [ ! -f "OpenPassport.xcworkspace/contents.xcworkspacedata" ]; then
echo "❌ OpenPassport.xcworkspace is missing or corrupted"
exit 1
fi
if [ ! -d "Pods" ]; then
echo "❌ Pods directory is missing"
exit 1
fi
echo "✅ iOS workspace is properly configured"
- name: Build iOS
run: yarn ios
working-directory: ./app
- name: Build Android
run: yarn android
working-directory: ./app

58
.github/workflows/mobile-deploy.yml vendored
View File

@@ -2,7 +2,6 @@ name: Mobile Deploy
env:
# Build environment versions
NODE_VERSION: 22
RUBY_VERSION: 3.2
JAVA_VERSION: 17
ANDROID_API_LEVEL: 35
@@ -102,13 +101,25 @@ jobs:
echo "📦 Version bump: ${{ inputs.version_bump }}"
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Set up Xcode
if: inputs.platform != 'android'
uses: maxim-lobanov/setup-xcode@v1
# with:
# # some cocoapods won't compile with xcode 16.3
# xcode-version: "16.2"
with:
xcode-version: "16.4"
- name: Cache Yarn dependencies
id: yarn-cache
@@ -118,10 +129,10 @@ jobs:
.yarn/cache
node_modules
${{ env.APP_PATH }}/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-
- name: Cache Ruby gems
id: gems-cache
@@ -538,6 +549,19 @@ jobs:
- uses: actions/checkout@v4
if: inputs.platform != 'ios'
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Cache Yarn dependencies
id: yarn-cache
@@ -547,10 +571,10 @@ jobs:
.yarn/cache
node_modules
${{ env.APP_PATH }}/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ env.GH_CACHE_VERSION }}-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-${{ env.GH_YARN_CACHE_VERSION }}-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ env.GH_CACHE_VERSION }}-
- name: Cache Ruby gems
id: gems-cache
@@ -792,13 +816,25 @@ jobs:
inputs.test_mode != true &&
(needs.build-ios.result == 'success' || needs.build-android.result == 'success')
env:
NODE_VERSION: 22
APP_PATH: ${{ github.workspace }}/app
steps:
- uses: actions/checkout@v4
with:
token: ${{ github.token }}
fetch-depth: 0
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- uses: actions/setup-node@v4
with:

154
.github/workflows/mobile-e2e.yml vendored
View File

@@ -2,7 +2,6 @@ name: Mobile E2E
env:
# Build environment versions
NODE_VERSION: 22
JAVA_VERSION: 17
ANDROID_API_LEVEL: 33
ANDROID_NDK_VERSION: 27.0.11718014
@@ -42,6 +41,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
@@ -51,9 +63,9 @@ jobs:
uses: actions/cache@v4
with:
path: .yarn/cache
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- run: yarn install --immutable --silent
- name: Cache Maestro
id: cache-maestro
@@ -153,6 +165,19 @@ jobs:
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
@@ -162,9 +187,9 @@ jobs:
uses: actions/cache@v4
with:
path: .yarn/cache
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('**/yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- run: yarn install --immutable --silent
- name: Cache Maestro
id: cache-maestro
@@ -177,13 +202,17 @@ jobs:
run: curl -Ls "https://get.maestro.mobile.dev" | bash
- name: Add Maestro to path
run: echo "$HOME/.maestro/bin" >> "$GITHUB_PATH"
- name: Set up Xcode
uses: maxim-lobanov/setup-xcode@v1
with:
xcode-version: "16.4"
- name: Cache Node modules
uses: actions/cache@v4
with:
path: app/node_modules
key: ${{ runner.os }}-node${{ env.NODE_VERSION }}-${{ hashFiles('app/yarn.lock') }}
key: ${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-${{ hashFiles('app/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node${{ env.NODE_VERSION }}-
${{ runner.os }}-node-${{ env.NODE_VERSION_SANITIZED }}-
- name: Cache Ruby gems
uses: ./.github/actions/cache-bundler
with:
@@ -221,9 +250,37 @@ jobs:
path: |
~/Library/Developer/CoreSimulator/Devices
~/Library/Developer/Xcode/iOS DeviceSupport
key: ${{ runner.os }}-simulator-${{ hashFiles('app/ios/Podfile.lock') }}
key: ${{ runner.os }}-simulator-v1
restore-keys: |
${{ runner.os }}-simulator-
- name: Install iOS Runtime
run: |
echo "📱 Checking iOS Runtime availability..."
echo "Available iOS runtimes (JSON):"
xcrun simctl list -j runtimes || true
# Determine latest available iOS runtime identifier
if command -v jq >/dev/null 2>&1; then
RUNTIME_ID=$(
xcrun simctl list -j runtimes \
| jq -r '.runtimes[]
| select(.platform=="iOS" and .isAvailable==true)
| .identifier' \
| sort -V \
| tail -1
)
else
# Fallback: parse human output (less reliable)
RUNTIME_ID=$(
xcrun simctl list runtimes \
| awk '/iOS/ && /com.apple.CoreSimulator.SimRuntime.iOS-/ {print $NF}' \
| tail -1
)
fi
if [ -n "$RUNTIME_ID" ] && [[ "$RUNTIME_ID" == com.apple.CoreSimulator.SimRuntime.iOS-* ]]; then
echo "✅ Latest iOS runtime: $RUNTIME_ID"
else
echo "⚠️ Could not determine an iOS runtime identifier"
fi
- name: Build dependencies (outside main flow)
run: |
echo "Building dependencies..."
@@ -237,19 +294,73 @@ jobs:
- name: Setup iOS Simulator
run: |
echo "Setting up iOS Simulator..."
# First, check what simulators are actually available
echo "Available simulators:"
xcrun simctl list devices | grep "iPhone 15"
xcrun simctl list devices available || {
echo "❌ Failed to list available devices"
echo "Trying to list all devices:"
xcrun simctl list devices || {
echo "❌ Failed to list any devices"
exit 1
}
}
# Find iPhone SE (3rd generation) simulator
echo "Finding iPhone SE (3rd generation) simulator..."
AVAILABLE_SIMULATOR=$(xcrun simctl list devices available | grep "iPhone SE (3rd generation)" | head -1 | sed -E 's/.*\(([A-F0-9-]+)\).*/\1/')
if [ -z "$AVAILABLE_SIMULATOR" ]; then
echo "iPhone SE (3rd generation) not found, trying any iPhone SE..."
AVAILABLE_SIMULATOR=$(xcrun simctl list devices available | grep "iPhone SE" | head -1 | sed -E 's/.*\(([A-F0-9-]+)\).*/\1/')
fi
if [ -z "$AVAILABLE_SIMULATOR" ]; then
echo "No iPhone SE found, trying any iPhone..."
AVAILABLE_SIMULATOR=$(xcrun simctl list devices available | grep "iPhone" | head -1 | sed -E 's/.*\(([A-F0-9-]+)\).*/\1/')
fi
if [ -z "$AVAILABLE_SIMULATOR" ]; then
echo "❌ No available iPhone simulator found"
echo "Creating a new iPhone SE (3rd generation) simulator..."
# Create a new iPhone SE (3rd generation) simulator with the latest iOS version
xcrun simctl create "iPhone SE (3rd generation)" "iPhone SE (3rd generation)" "iOS17.5" || {
echo "❌ Failed to create iPhone SE (3rd generation) simulator"
echo "Trying to create any iPhone SE simulator..."
xcrun simctl create "iPhone SE" "iPhone SE" "iOS17.5" || {
echo "❌ Failed to create simulator"
exit 1
}
}
AVAILABLE_SIMULATOR=$(xcrun simctl list devices | grep "iPhone SE" | sed -E 's/.*\(([A-F0-9-]+)\).*/\1/')
fi
echo "Using simulator: $AVAILABLE_SIMULATOR"
# Get simulator name for display
SIMULATOR_NAME=$(xcrun simctl list devices | grep "$AVAILABLE_SIMULATOR" | sed -E 's/^[[:space:]]*([^(]+).*/\1/' | xargs)
echo "Simulator name: $SIMULATOR_NAME"
# Boot simulator and wait for it to be ready
xcrun simctl boot "iPhone 15" || true
xcrun simctl bootstatus "iPhone 15" -b
echo "Booting simulator..."
xcrun simctl boot "$AVAILABLE_SIMULATOR" || {
echo "❌ Failed to boot simulator"
exit 1
}
echo "Waiting for simulator to be ready..."
xcrun simctl bootstatus "$AVAILABLE_SIMULATOR" -b
# Wait for simulator to be fully ready
echo "Waiting for simulator to be ready..."
sleep 10
echo "Waiting for simulator to be fully ready..."
sleep 15
echo "Simulator status:"
xcrun simctl list devices | grep "iPhone 15"
xcrun simctl list devices | grep "$AVAILABLE_SIMULATOR"
# Store simulator ID for later use
echo "IOS_SIMULATOR_ID=$AVAILABLE_SIMULATOR" >> $GITHUB_ENV
echo "IOS_SIMULATOR_NAME=$SIMULATOR_NAME" >> $GITHUB_ENV
- name: Build iOS App
run: |
echo "Building iOS app..."
@@ -268,18 +379,22 @@ jobs:
[ -z "$IOS_BUNDLE_ID" ] && { echo "❌ Could not determine bundle ID from $APP_PATH/Info.plist"; exit 1; }
echo "✅ App Bundle ID: $IOS_BUNDLE_ID"
# Use the dynamic simulator ID
SIMULATOR_ID="${IOS_SIMULATOR_ID:-iPhone SE (3rd generation)}"
echo "Installing on simulator: $SIMULATOR_ID"
echo "Removing any existing app installation..."
xcrun simctl uninstall "iPhone 15" "$IOS_BUNDLE_ID" 2>/dev/null || true
xcrun simctl uninstall "$SIMULATOR_ID" "$IOS_BUNDLE_ID" 2>/dev/null || true
echo "Installing app..."
xcrun simctl install "iPhone 15" "$APP_PATH"
xcrun simctl install "$SIMULATOR_ID" "$APP_PATH"
if [ $? -ne 0 ]; then
echo "❌ iOS app installation failed"
exit 1
fi
echo "Verifying app installation..."
if xcrun simctl listapps "iPhone 15" | grep -q "$IOS_BUNDLE_ID"; then
if xcrun simctl get_app_container "$SIMULATOR_ID" "$IOS_BUNDLE_ID" app >/dev/null 2>&1; then
echo "✅ App successfully installed"
else
echo "❌ App installation verification failed"
@@ -287,13 +402,14 @@ jobs:
fi
echo "🚀 Testing app launch capability..."
xcrun simctl launch "iPhone 15" "$IOS_BUNDLE_ID" || {
xcrun simctl launch "$SIMULATOR_ID" "$IOS_BUNDLE_ID" || {
echo "⚠️ Direct app launch test failed - this might be expected."
}
echo "⏰ Checking simulator readiness..."
sleep 10
xcrun simctl listapps "iPhone 15" > /dev/null || sleep 5
# Probe container as readiness check instead of listapps
xcrun simctl get_app_container "$SIMULATOR_ID" "$IOS_BUNDLE_ID" app >/dev/null 2>&1 || sleep 5
echo "Running Maestro tests..."
echo "Starting test execution..."

8
.github/workflows/npm-publish.yml vendored
View File

@@ -48,11 +48,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- name: Install Dependencies
@@ -78,11 +77,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- name: Install Dependencies
@@ -111,7 +109,7 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "22"
node-version-file: .nvmrc
registry-url: "https://registry.npmjs.org"
- uses: actions/checkout@v4
- name: Install Dependencies

112
.github/workflows/qrcode-sdk-ci.yml vendored
View File

@@ -2,7 +2,7 @@ name: QRCode SDK CI
env:
# Build environment versions
NODE_VERSION: 22
# Node version is read from .nvmrc during workflow execution
# Cache versioning - increment these to bust caches when needed
GH_CACHE_VERSION: v1 # Global cache version
GH_YARN_CACHE_VERSION: v1 # Yarn-specific cache version
@@ -27,6 +27,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
@@ -45,9 +58,9 @@ jobs:
node_modules
sdk/qrcode/node_modules
common/node_modules
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
@@ -72,6 +85,19 @@ jobs:
needs: build
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
@@ -90,9 +116,9 @@ jobs:
node_modules
sdk/qrcode/node_modules
common/node_modules
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
@@ -126,6 +152,19 @@ jobs:
needs: build
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
@@ -144,9 +183,9 @@ jobs:
node_modules
sdk/qrcode/node_modules
common/node_modules
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
@@ -160,35 +199,12 @@ jobs:
key: qrcode-sdk-build-${{ env.GH_SDK_CACHE_VERSION }}-${{ github.sha }}
fail-on-cache-miss: true
- name: Verify build output
- name: Verify build artifacts
run: |
echo "Checking build output structure..."
echo "Verifying build artifacts..."
ls -la common/dist/
ls -la sdk/qrcode/dist/
echo "Checking ESM build..."
ls -la sdk/qrcode/dist/esm/
echo "Checking CJS build..."
ls -la sdk/qrcode/dist/cjs/
echo "Checking type definitions..."
if ! find sdk/qrcode/dist/esm -maxdepth 1 -name '*.d.ts' | grep -q .; then
echo "No .d.ts files found in dist/esm"; exit 1;
fi
find sdk/qrcode/dist/esm -maxdepth 1 -name '*.d.ts' -ls
- name: Test package exports
run: |
echo "Testing package exports..."
node -e "
const pkg = require('./sdk/qrcode/package.json');
console.log('Package exports:', JSON.stringify(pkg.exports, null, 2));
"
- name: Verify bundle size
run: yarn workspace @selfxyz/qrcode size-limit
- name: Log cache status
run: |
echo "Cache hit results:"
echo "- Yarn cache hit: ${{ steps.yarn-cache.outputs.cache-hit }}"
echo "✅ Build artifacts verified"
# Integration test job
integration-test:
@@ -196,6 +212,19 @@ jobs:
needs: build
steps:
- uses: actions/checkout@v4
- name: Read and sanitize Node.js version
shell: bash
run: |
if [ ! -f .nvmrc ] || [ -z "$(cat .nvmrc)" ]; then
echo "❌ .nvmrc is missing or empty"; exit 1;
fi
VERSION="$(tr -d '\r\n' < .nvmrc)"
VERSION="${VERSION#v}"
if ! [[ "$VERSION" =~ ^[0-9]+(\.[0-9]+){0,2}$ ]]; then
echo "Invalid .nvmrc content: '$VERSION'"; exit 1;
fi
echo "NODE_VERSION=$VERSION" >> "$GITHUB_ENV"
echo "NODE_VERSION_SANITIZED=${VERSION//\//-}" >> "$GITHUB_ENV"
- name: Use Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
@@ -214,9 +243,9 @@ jobs:
node_modules
sdk/qrcode/node_modules
common/node_modules
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-${{ hashFiles('yarn.lock') }}
key: ${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-${{ hashFiles('yarn.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node${{ env.NODE_VERSION }}-yarn-
${{ runner.os }}-${{ env.GH_YARN_CACHE_VERSION }}-node-${{ env.NODE_VERSION_SANITIZED }}-yarn-
- name: Install Dependencies
uses: ./.github/actions/yarn-install
@@ -237,14 +266,9 @@ jobs:
run: |
echo "Testing package import..."
node -e "
try {
const { SelfQRcode, SelfQRcodeWrapper, countries } = require('./sdk/qrcode/dist/cjs/index.cjs');
console.log('Package import successful');
console.log('Exported components:', Object.keys({ SelfQRcode, SelfQRcodeWrapper, countries }));
} catch (error) {
console.error('❌ Package import failed:', error.message);
process.exit(1);
}
const pkg = require('./sdk/qrcode/dist/cjs/index.cjs');
console.log('✅ Package imported successfully');
console.log('Package exports:', Object.keys(pkg));
"
- name: Log cache status

3
.gitignore vendored
View File

@@ -10,3 +10,6 @@ showcase
output/*
*.tsbuildinfo
.yarnrc.yml
# PR Action Items - prevent accidental commits
PR_*_ACTION_ITEMS.md

2
app/package.json
View File

@@ -138,7 +138,7 @@
"react-qr-barcode-scanner": "^2.1.7",
"socket.io-client": "^4.7.5",
"tamagui": "1.126.14",
"uuid": "^11.0.5",
"uuid": "^11.1.0",
"vite-plugin-svgr": "^4.3.0",
"xstate": "^5.19.2",
"zustand": "^4.5.2"

2
circuits/package.json
View File

@@ -100,7 +100,7 @@
"@yarnpkg/sdks": "^3.2.0",
"chai": "^4.4.1",
"mocha": "^10.7.3",
"prettier": "^3.3.3",
"prettier": "^3.5.3",
"ts-mocha": "^10.0.0",
"tsconfig-paths": "^4.2.0",
"tsup": "^8.5.0",

4
common/package.json
View File

@@ -358,7 +358,7 @@
"poseidon-lite": "^0.2.0",
"snarkjs": "^0.7.5",
"typescript-parser": "^2.6.1",
"uuid": "^11.0.5"
"uuid": "^11.1.0"
},
"devDependencies": {
"@types/js-sha1": "^0.6.3",
@@ -373,7 +373,7 @@
"eslint-plugin-simple-import-sort": "^12.1.1",
"eslint-plugin-sort-exports": "^0.9.1",
"mocha": "^10.7.3",
"prettier": "^3.3.3",
"prettier": "^3.5.3",
"ts-mocha": "^10.0.0",
"ts-node": "^10.9.2",
"tsup": "^8.5.0",

1
contracts/package.json
View File

@@ -117,6 +117,7 @@
"prettier": "3.5.3",
"prettier-plugin-solidity": "^2.0.0",
"solidity-coverage": "^0.8.14",
"tsup": "^8.5.0",
"typechain": "^8.3.2",
"typescript": "^5.9.2"
},

216
docs/templates/pr-action-items-template.md vendored Normal file
View File

@@ -0,0 +1,216 @@
# PR {{PR_NUMBER}} - Action Items Template
## PR Overview
**Title:** {{PR_TITLE}}
**Author:** {{AUTHOR}}
**Status:** {{STATUS}}
**Created:** {{DATE}}
**Branch:** {{BRANCH}}
## Summary
{{PR_SUMMARY}}
## Key Changes
- {{CHANGE_1}}
- {{CHANGE_2}}
- {{CHANGE_3}}
## Action Items
### 🔧 Critical Issues (High Priority)
*Security vulnerabilities, breaking changes, critical bugs*
#### 1. {{CRITICAL_ISSUE_TITLE}}
**Status:** 🔴 Critical Issues Identified
**Files:** {{FILE_PATHS}}
**Issues:**
- [ ] **Security Risk:** {{SECURITY_DESCRIPTION}}
- [ ] **Cache Key Problems:** {{CACHE_DESCRIPTION}}
- [ ] **Missing Validation:** {{VALIDATION_DESCRIPTION}}
**Required Actions:**
```bash
# Specific code examples for fixes
{{CODE_EXAMPLE}}
```
#### 2. {{SECOND_CRITICAL_ISSUE}}
**Status:** 🟡 Investigation Required
**Files:** {{FILE_PATHS}}
**Issue:** {{ISSUE_DESCRIPTION}}
**Actions:**
- [ ] {{ACTION_1}}
- [ ] {{ACTION_2}}
- [ ] {{ACTION_3}}
### 📦 Functional Issues (Medium Priority)
*Bugs, missing features, incorrect behavior*
#### 3. {{FUNCTIONAL_ISSUE_TITLE}}
**Status:** 🟡 Missing Dependencies
**Files:** {{FILE_PATHS}}
**Issue:** {{ISSUE_DESCRIPTION}}
**Actions:**
- [ ] {{ACTION_1}}
- [ ] {{ACTION_2}}
- [ ] {{ACTION_3}}
#### 4. {{WORKFLOW_ISSUE_TITLE}}
**Status:** 🟡 Workflow Optimization
**Files:** {{WORKFLOW_FILES}}
**Issue:** {{WORKFLOW_DESCRIPTION}}
**Actions:**
- [ ] {{WORKFLOW_ACTION_1}}
- [ ] {{WORKFLOW_ACTION_2}}
- [ ] {{WORKFLOW_ACTION_3}}
### 🧪 Testing & Validation (High Priority)
#### 5. Fix Failing Tests
**Status:** 🔴 Blocking Issues
**Files:** {{TEST_FILES}}
**Known Failures:**
- [ ] **{{TEST_TYPE}}:** {{FAILURE_DESCRIPTION}}
- [ ] **{{TEST_TYPE_2}}:** {{FAILURE_DESCRIPTION_2}}
**Actions:**
- [ ] Investigate {{ISSUE_TYPE}} configuration issues
- [ ] Check {{COMPATIBILITY}} compatibility
- [ ] Update test configurations if needed
- [ ] Verify test environment setup
#### 6. Comprehensive Test Suite
**Status:** 🟡 Verification Required
**Actions:**
- [ ] Run `yarn workspace @selfxyz/{{WORKSPACE_1}} test`
- [ ] Run `yarn workspace @selfxyz/{{WORKSPACE_2}} test`
- [ ] Run `yarn workspace @selfxyz/{{WORKSPACE_3}} test`
- [ ] Run `yarn types`
- [ ] Run `yarn build`
- [ ] Run `yarn lint`
- [ ] Run `yarn workspace @selfxyz/{{WORKSPACE_4}} build`
### 🔍 Code Review Tasks
#### 7. Review Security Changes
**Status:** 🟡 Review Required
**Actions:**
- [ ] Review all {{CHANGE_TYPE}} changes for security implications
- [ ] Verify {{CONSISTENCY}} is consistent across all {{SCOPE}}
- [ ] Check that {{CONFIGURATION}} is properly updated
- [ ] Ensure {{ACTIONS}} are properly configured
- [ ] Verify sanitization prevents injection attacks
- [ ] Confirm all workflows use consistent patterns
#### 8. Review Workflow Changes
**Status:** 🟡 Review Required
**Actions:**
- [ ] Review {{WORKFLOW_TYPE}} workflow changes
- [ ] Verify {{WORKFLOW_STEP}} is appropriately implemented
- [ ] Check that {{WORKFLOW_PROCESS}} is properly streamlined
- [ ] Ensure no functionality was lost in optimizations
### 🚀 Deployment Considerations
#### 9. Pre-deployment Checklist
**Status:** 🟡 Planning Required
**Actions:**
- [ ] Test CI/CD pipeline with new {{FEATURE}} handling
- [ ] Verify all workflows pass with {{CHANGES}} changes
- [ ] Test {{RESOLUTION}} resolution in all environments
- [ ] Validate build artifacts are consistent
- [ ] Test {{SPECIFIC_FEATURE}} functionality
- [ ] Verify {{WORKFLOW_TYPE}} workflows work correctly
## Risk Assessment
### High Risk
- **{{RISK_1}}:** {{RISK_1_DESCRIPTION}}
- **{{RISK_2}}:** {{RISK_2_DESCRIPTION}}
- **{{RISK_3}}:** {{RISK_3_DESCRIPTION}}
### Medium Risk
- **{{RISK_4}}:** {{RISK_4_DESCRIPTION}}
- **{{RISK_5}}:** {{RISK_5_DESCRIPTION}}
- **{{RISK_6}}:** {{RISK_6_DESCRIPTION}}
### Low Risk
- **{{RISK_7}}:** {{RISK_7_DESCRIPTION}}
- **{{RISK_8}}:** {{RISK_8_DESCRIPTION}}
## Success Criteria
- [ ] All CI workflows pass consistently
- [ ] No security vulnerabilities in {{FILES}}
- [ ] All tests pass across all workspaces
- [ ] {{DEPENDENCIES}} versions are properly aligned
- [ ] {{FEATURE}} handling is robust and secure
- [ ] {{CACHE}} keys prevent {{MISMATCH}} mismatches
- [ ] {{WORKFLOW_TYPE}} workflows are optimized and functional
- [ ] {{SPECIFIC_FEATURE}} works correctly in all environments
## Additional Considerations
### Edge Cases & Future Improvements
#### 10. Monitoring & Alerting
**Status:** 🟡 Future Enhancement
**Considerations:**
- [ ] Monitor for {{MONITORING_ITEM_1}}
- [ ] Set up alerts for {{ALERT_TYPE}} failures
- [ ] Track {{METRIC}} to ensure {{FEATURE}} is working
- [ ] Monitor for any security issues with {{SECURITY_FEATURE}}
#### 11. Documentation Updates
**Status:** 🟡 Future Enhancement
**Actions:**
- [ ] Update {{DOC_TYPE}} documentation to reflect new {{FEATURE}}
- [ ] Document the {{PROCESS}} process
- [ ] Update developer onboarding for {{REQUIREMENT}}
- [ ] Document {{STRATEGY}} strategy for future additions
#### 12. Rollback Plan
**Status:** 🟡 Planning Required
**Actions:**
- [ ] Document rollback procedure if {{CHANGE}} causes issues
- [ ] Identify which {{COMPONENTS}} can be quickly reverted
- [ ] Plan for emergency fixes if {{VALIDATION}} causes failures
- [ ] Prepare fallback strategy for critical deployments
## Notes
- **{{ANALYSIS_TOOL}} Analysis:** {{ANALYSIS_SUMMARY}}
- **Testing Status:** {{TESTING_STATUS}}
- **Security Concerns:** {{SECURITY_CONCERNS}}
- **Dependencies:** {{DEPENDENCY_ISSUES}}
- **Workflow Improvements:** {{WORKFLOW_IMPROVEMENTS}}
- **Cache Optimization:** {{CACHE_OPTIMIZATION}}
- **Comprehensive Coverage:** {{COVERAGE_SUMMARY}}
## Timeline Estimate
- **Critical Fixes:** {{TIMELINE_1}}
- **Testing & Validation:** {{TIMELINE_2}}
- **Code Review:** {{TIMELINE_3}}
- **Deployment:** {{TIMELINE_4}}
**Total Estimated Time:** {{TOTAL_TIMELINE}}
---
**Last Updated:** {{DATE}}

2
sdk/core/package.json
View File

@@ -67,7 +67,7 @@
"@types/node-forge": "^1.3.5",
"@types/snarkjs": "^0.7.8",
"axios": "^1.7.2",
"prettier": "^3.3.3",
"prettier": "^3.5.3",
"ts-loader": "^9.5.1",
"ts-node": "^10.9.2",
"tsup": "^8.5.0",

12
sdk/qrcode/package.json
View File

@@ -82,7 +82,7 @@
"qrcode.react": "^4.1.0",
"react-spinners": "^0.14.1",
"socket.io-client": "^4.8.1",
"uuid": "^10.0.0"
"uuid": "^11.1.0"
},
"devDependencies": {
"@size-limit/preset-big-lib": "^11.2.0",
@@ -101,9 +101,9 @@
"eslint-plugin-simple-import-sort": "^12.1.1",
"eslint-plugin-sort-exports": "^0.9.1",
"mocha": "^10.7.3",
"prettier": "^3.3.3",
"react": "^18.0.0",
"react-dom": "^18.0.0",
"prettier": "^3.5.3",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"size-limit": "^11.2.0",
"ts-loader": "^9.5.1",
"ts-mocha": "^10.0.0",
@@ -113,8 +113,8 @@
},
"peerDependencies": {
"lottie-react": "^2.4.0",
"react": "^18.0.0",
"react-dom": "^18.0.0"
"react": "^18.3.1",
"react-dom": "^18.3.1"
},
"engines": {
"node": ">=22 <23"

40
yarn.lock
View File

@@ -4915,7 +4915,7 @@ __metadata:
modpow: "npm:^1.0.0"
node-forge: "https://github.com/remicolin/forge"
poseidon-lite: "npm:^0.2.0"
prettier: "npm:^3.3.3"
prettier: "npm:^3.5.3"
snarkjs: "npm:^0.7.1"
ts-mocha: "npm:^10.0.0"
tsconfig-paths: "npm:^4.2.0"
@@ -4963,14 +4963,14 @@ __metadata:
path: "npm:^0.12.7"
pkijs: "npm:^3.2.4"
poseidon-lite: "npm:^0.2.0"
prettier: "npm:^3.3.3"
prettier: "npm:^3.5.3"
snarkjs: "npm:^0.7.5"
ts-mocha: "npm:^10.0.0"
ts-node: "npm:^10.9.2"
tsup: "npm:^8.5.0"
typescript: "npm:^5.9.2"
typescript-parser: "npm:^2.6.1"
uuid: "npm:^11.0.5"
uuid: "npm:^11.1.0"
languageName: unknown
linkType: soft
@@ -5022,6 +5022,7 @@ __metadata:
prettier-plugin-solidity: "npm:^2.0.0"
snarkjs: "npm:^0.7.4"
solidity-coverage: "npm:^0.8.14"
tsup: "npm:^8.5.0"
typechain: "npm:^8.3.2"
typescript: "npm:^5.9.2"
languageName: unknown
@@ -5048,7 +5049,7 @@ __metadata:
js-sha512: "npm:^0.9.0"
node-forge: "npm:^1.3.1"
poseidon-lite: "npm:^0.3.0"
prettier: "npm:^3.3.3"
prettier: "npm:^3.5.3"
snarkjs: "npm:^0.7.4"
ts-loader: "npm:^9.5.1"
ts-node: "npm:^10.9.2"
@@ -5177,7 +5178,7 @@ __metadata:
ts-morph: "npm:^22.0.0"
ts-node: "npm:^10.9.2"
typescript: "npm:^5.9.2"
uuid: "npm:^11.0.5"
uuid: "npm:^11.1.0"
vite: "npm:^7.0.0"
vite-plugin-svgr: "npm:^4.3.0"
xstate: "npm:^5.19.2"
@@ -5233,10 +5234,10 @@ __metadata:
mocha: "npm:^10.7.3"
node-forge: "npm:^1.3.1"
poseidon-lite: "npm:^0.3.0"
prettier: "npm:^3.3.3"
prettier: "npm:^3.5.3"
qrcode.react: "npm:^4.1.0"
react: "npm:^18.0.0"
react-dom: "npm:^18.0.0"
react: "npm:^18.3.1"
react-dom: "npm:^18.3.1"
react-spinners: "npm:^0.14.1"
size-limit: "npm:^11.2.0"
socket.io-client: "npm:^4.8.1"
@@ -5245,11 +5246,11 @@ __metadata:
ts-node: "npm:^10.9.2"
tsup: "npm:^8.5.0"
typescript: "npm:^5.9.2"
uuid: "npm:^10.0.0"
uuid: "npm:^11.1.0"
peerDependencies:
lottie-react: ^2.4.0
react: ^18.0.0
react-dom: ^18.0.0
react: ^18.3.1
react-dom: ^18.3.1
languageName: unknown
linkType: soft
@@ -21514,7 +21515,7 @@ __metadata:
languageName: node
linkType: hard
"prettier@npm:3.5.3, prettier@npm:^3.3.3, prettier@npm:^3.5.3":
"prettier@npm:3.5.3, prettier@npm:^3.5.3":
version: 3.5.3
resolution: "prettier@npm:3.5.3"
bin:
@@ -21918,7 +21919,7 @@ __metadata:
languageName: node
linkType: hard
"react-dom@npm:^18.0.0, react-dom@npm:^18.3.1":
"react-dom@npm:^18.3.1":
version: 18.3.1
resolution: "react-dom@npm:18.3.1"
dependencies:
@@ -22480,7 +22481,7 @@ __metadata:
languageName: node
linkType: hard
"react@npm:^18.0.0, react@npm:^18.3.1":
"react@npm:^18.3.1":
version: 18.3.1
resolution: "react@npm:18.3.1"
dependencies:
@@ -25902,16 +25903,7 @@ __metadata:
languageName: node
linkType: hard
"uuid@npm:^10.0.0":
version: 10.0.0
resolution: "uuid@npm:10.0.0"
bin:
uuid: dist/bin/uuid
checksum: 10c0/eab18c27fe4ab9fb9709a5d5f40119b45f2ec8314f8d4cf12ce27e4c6f4ffa4a6321dc7db6c515068fa373c075b49691ba969f0010bf37f44c37ca40cd6bf7fe
languageName: node
linkType: hard
"uuid@npm:^11.0.5, uuid@npm:^11.1.0":
"uuid@npm:^11.1.0":
version: 11.1.0
resolution: "uuid@npm:11.1.0"
bin: