* Add recovery and backup screens (SELF-2423)
Add 5 recovery/backup screen wrappers around euclid components: BackupMethodPickerScreen, RecoveryPhraseScreen, LaunchRecoveryScreen, SecretPhraseInputScreen, and RecoverySuccessScreen. Wire SecurityScreen actions to the new routes instead of /coming-soon. Register all routes in App.tsx.
* Add background image to LaunchRecoveryScreen and animation assets (SELF-2423)
Add dialogue-background.jpg and Lottie animation JSON files to public/ for proper screen rendering. Pass backgroundImage prop to LaunchRecoveryScreen for visual consistency with other dialogue screens.
* add test
* link up
* fixes
* revert fix. we need to fix in euclid
* update euclic
* dev menu dx, add password
* fix launch recovery screen
* fix recovery success screen
* fix recovery phrase tests
* updates
* fixes
* fixes
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* feat(webview-app): add IDDataScreen and ManageDocumentsScreen (SELF-2422)
Screen migration for WV-14. Adds 2 euclid screen wrappers with mock data for the UI mocking pass.
- IDDataScreen at /id-data with ExposedIDCard, identification details, document data
- ManageDocumentsScreen at /manage-documents with document list and manage dialogue
- Wire Settings > Manage Documents to /manage-documents instead of /coming-soon
- Add preview.html for phone-frame screen verification during development
* update
* rename
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* chore: swap @sumsub/react-native-mobilesdk-module for @didit-protocol/sdk-react-native
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: rename SUMSUB_TEE_URL to DIDIT_TEE_URL
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename PendingKycVerification.userId to sessionId
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add Didit integration module, remove Sumsub integration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add useDiditWebSocket hook, remove useSumsubWebSocket
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add useDiditLauncher hook, remove useSumsubLauncher
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename userId to sessionId in pendingKycStore, bump persist version
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename sumsub error injection triggers to didit
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: rename KycSuccess route param userId to sessionId
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: update KycSuccessScreen to use useDiditWebSocket and sessionId
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: update all consumer files from Sumsub to Didit
Updates usePendingKycRecovery, selfClientProvider, 5 fallback screens,
LogoConfirmationScreen, HomeScreen, KYCVerifiedScreen, and KycIdCard.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: update jest mocks and config for Didit SDK
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* build: swap Sumsub native deps for Didit in Podfile and build.gradle
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: remove hardcoded sumsub namespace from nullifier generation
Read namespace from id_type field instead of hardcoding 'sumsub'.
The didit-tee encodes id_type as [namespace_len][namespace][doc_type],
so the namespace is already in the signed data.
Also fix deserializeApplicantInfo to parse the namespaced encoding
and extract just the document type for display.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: lint and formatting issues from Didit migration
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: add register_kyc support to build_r1cs_wasm.sh and build_cpp.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: use circuits/node_modules paths in build_r1cs_wasm.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: emit ack_success after receiving KYC data to trigger session deletion
The didit-tee now expects the client to ack receipt of signed data,
which triggers DELETE of the session from Didit's API for data cleanup.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: use raw bytes for KYC commitment/nullifier instead of deserialize+reserialize
The deserialize→reserialize path strips the namespace prefix from
id_type, producing different bytes than the TEE signed. Work on the
raw base64-decoded bytes directly to match the circuit inputs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: lint
* Revert "fix: lint"
This reverts commit d3dde1460b.
* fix: lint
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
WV-07 covers SelfClient assembly: exporting useProvingStore from the
browser entry point, mapping bridge adapters to SDK interfaces, creating
a keychain-backed DocumentsAdapter via the existing secureStorage bridge,
and wiring a real SelfClient in the webview-app provider.
WV-08 covers the tunnel proving flow: replacing the mock 3-second timer
with real provingMachine integration (register → disclose), storing
Sumsub KYC results as KycData documents in native keychain, and driving
UI from proving state transitions.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat(webview-app): add Euclid 3.0 settings sub-screens
Add SecurityScreen, NotificationPreferencesScreen, and DevModeScreen
wrappers that import Euclid 3.0 components and wire them with React
Router navigation and bridge adapters. Update SettingsScreen menu items
to navigate to real routes instead of /coming-soon.
Requires @selfxyz/euclid-web to be published with the new screen exports
(SecurityScreen, NotificationPreferencesScreen, DevModeScreen) before
type-check will pass. See docs/superpowers/plans/ for full context.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* docs: add settings integration plan and handover
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: use euclid 1.2.0
* PoC tunnel flow
* updates
* update skills
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Leszek Stachowski <leszek.stachowski@self.xyz>
When CDN bundle loading lands, runtime checksum verification (SHA-256
manifest, fail-closed on mismatch) becomes a security boundary. This
adds the backlog item and context so it's picked up at the right time.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add iOS native shell package (NSL-02)
Plain Swift implementation of the WebView host with bridge handlers
for secure storage (Keychain), crypto (EC P-256), and lifecycle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Android native shell package (NSL-01)
Plain Kotlin implementation of the WebView host with bridge handlers
for secure storage (EncryptedSharedPreferences), crypto (Android Keystore
EC P-256), and lifecycle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: integrate Sumsub Web SDK into ProviderLaunchScreen (WV-05)
Rewrites ProviderLaunchScreen to launch Sumsub Web SDK, adds KYC
provider types, result normalization, and a ProviderResultScreen
for displaying verification outcomes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: update spec status for NSL-01, NSL-02, WV-05 to in-progress
All three items are code-complete but need integration testing
before marking done.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add build-pipeline workstream specs, update NSL-03 and BP-01 status
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add WebView bundle build pipeline (BP-01)
Build script copies webview-app dist into both native shell asset
directories. Gradle preBuild validation fails fast when bundle is
missing. Root package.json gets build:sdk-* scripts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add SDK test apps for Android and iOS (NSL-03)
Minimal test apps to exercise native shells end-to-end:
- Android: Jetpack Compose app using SelfSdk.launch() via composite build
- iOS: SwiftUI app using SelfSdk.createViewController() via local SPM dep
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* update lockfile
* fix: address CodeRabbit PR review findings for native shells
- Fix iOS double callback: add hasEmittedResult flag to LifecycleHandler
so dismiss() won't fire onCancelled after onResult already emitted
- Fix Android error result codes: use RESULT_FIRST_USER for failed
verifications instead of always RESULT_OK; add dedicated handler in
SelfSdk.handleResult
- Fix iOS production query params: append params to file URL via
URLComponents so WebView receives teeUrl/verificationId/userId
- Fix build:sdk-ios false-green: chain swift build after bundle script
- Add expectedRequestCode param to handleResult for flexibility
- Upgrade security-crypto 1.1.0-alpha06 → 1.1.0 stable
- Improve callback type safety: onSuccess takes raw JSON string,
onFailure takes SelfSdkException instead of generic Exception
- Add requireBiometric intent comments to both SecureStorageHandlers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address remaining CodeRabbit PR review findings (round 2)
- iOS BridgeResponse: add requestId/success fields, rename result→data to match JS bridge contract
- iOS test app: fix callback deallocation with Coordinator pattern
- ProviderLaunchScreen: fail closed on missing verificationId, fix retry via retryCount state
- ProviderResultScreen: guard unknown status with fallback to error config
- build-webview-bundle.sh: validate index.html before deleting targets
- Package.swift: fix SPM resource path with target path/sources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Versions 1.0.20 and 1.0.21 were published manually (not via CI), which bypassed the yarn pack step that resolves workspace:^ protocols. The published packages contain raw workspace:^ dependencies, making them uninstallable for external consumers. This version bump triggers a clean CI publish that correctly resolves @selfxyz/sdk-common to ^1.0.0.
