* Fix recovery phrase screen wonkiness (SELF-2649)
- Swap paste XStack to Pressable with hitSlop to fix multiple-tap issue
- Add error state + user-facing messages for all failure modes
- Dismiss keyboard on Continue press
- Clear error on new input
* Format RecoverWithPhraseScreen with Prettier
* Clear error state at start of restoreAccount
---------
Co-authored-by: Agent PM <agent-pm@self.xyz>
* enable logs
* improve NFC observability logging and add session-scoped log grouping
* Enhance logging by adding session ID to lokiTransport for improved traceability
Adds a `pr_number` input to `mobile-deploy.yml`. When set, the Android
pipeline uploads the AAB to Play Store Internal App Sharing (unique
download URL per upload) instead of promoting to the internal track, and
posts a Slack message to `SLACK_WEBHOOK_QA_BUILDS` with the install link
and PR metadata. The version-bump PR job is skipped and iOS is always
skipped in this mode.
Enables an agent flow: open PR to `dev` → `gh workflow run` → reviewer
taps Slack link to QA on device → merge.
- `upload_to_play_store.py`: new `--mode=ias` branch using
`internalappsharingartifacts.uploadbundle`; exports `download_url` to
`$GITHUB_OUTPUT`.
- `mobile-deploy.yml`: new `workflow_dispatch` input `pr_number`;
concurrency keyed per-PR so parallel previews don't queue; branch
between IAS and track upload; Slack notify step on success.
* fix: patch Podfile for WalletConnect Pay removal and Haptic feedback framework addition
Removed the YttriumWrapper dependency from the react-native-compat podspec as it is not used in the Self app, preventing build failures. Additionally, patched the react-native-haptic-feedback podspec to include the AudioToolbox framework, ensuring proper functionality of haptic feedback features.
* Update app/ios/Podfile
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
* Update app/ios/Podfile
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
---------
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
The "View ID Data" button was broken for didit KYC documents because
KycIdCard ignored the hidden prop. This adds a revealed view showing
name, DOB, nationality, document number, gender, and dates.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: output formatter for aadhaar and kyc
* test: add KYC disclose test with non empty forbidden countries
---------
Co-authored-by: seshanthS <seshanth@protonmail.com>
* Standardize config param handling across Android & iOS
- Add shared SdkConstants (loopback host, debug port, didit host, tour path, default URLs)
- Add shared QueryParamsBuilder replacing duplicated platform-specific builders
- Android: deserialize config/request via kotlinx.serialization instead of org.json
- Android: add belt-and-suspenders debug guard (isDebugMode && isDebuggable)
- Android: remove redundant EXTRA_DEBUG_MODE and EXTRA_DEV_SERVER_URL intent extras
- iOS: replace local buildQueryParams/encodeParam with shared QueryParamsBuilder
- All default URLs now reference SdkConstants instead of hardcoded strings
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Import KMP SdkConstants in Swift WebViewProviderImpl
- Replace hardcoded constants with SdkConstants.shared.* from KMP framework
- Replace "/tunnel/tour/1" with SdkConstants.shared.BUNDLED_TOUR_PATH
- Add SelfSdk as local package dependency in self-sdk-swift Package.swift
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Internalize CryptoProvider — remove from public SDK interface
CryptoProvider is never called at runtime (WebView uses Web Crypto API
directly). Make the interface, its Android implementation, and the
registry field internal so consumers no longer need to provide or
register a crypto implementation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix ci
* fix: temporarily use constants from self-sdk-swift
* lint
* fix: improve license header handling in check-license-headers script
* lint
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Update SDK distribution specifications and add remote publishing plan
* fix(spec): align SD-06 plan with SD-04 conventions
- Rename gpr.key to gpr.token for consistency with SD-04
- Move publish workflow from out-of-scope into scope
- Add workflow section (Section 4) matching publish-android-sdk.yml pattern
- Fix access model description (public repo, auth still required)
- Add workflow to files-to-modify and definition-of-done
---------
Co-authored-by: Javier Cortejoso <javier.cortejoso@gmail.com>
* security fix
* more security fixes
* fixes
* pr feedback
* Restore remote URL loading in native-shell-ios and native-shell-android
Remove bundled-asset-only loading and SHA-256 integrity checks from both
native shell packages. WebViews now load directly from the remote URL
(default: https://self-app-alpha.vercel.app) over HTTPS, matching the
pattern already implemented in kmp-sdk and self-sdk-swift.
Also fixes ObjC selector mismatch in self-sdk-swift WebViewProviderImpl
for configureRemoteLoading.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Restore remote URL loading in kmp-sdk and self-sdk-swift
Remove bundled-asset-only loading from kmp-sdk AndroidWebViewHost and
self-sdk-swift WebViewProviderImpl. Both now load directly from the
remote URL (default: https://self-app-alpha.vercel.app) over HTTPS.
Adds remoteWebAppBaseUrl to SelfSdkConfig and pipes it through
IosWebViewHost via the new configureRemoteLoading protocol method.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* coderabbit comments
* lint
* coderabbit comments
---------
Co-authored-by: seshanthS <seshanth@protonmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* test: ofac updating tests
* feat: add registry deployment info
* chore: add gitignore for generated files
* feat: add kyc documents to upgrade scripts
* docs: update upgrade script readme for kyc
* feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia
Add TEE-attested OFAC root updates via updateOfacRootsWithProof
- Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e
- Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates
- New errors: InvalidRootsHash, InvalidRootsCount
- New event: OfacRootsUpdatedWithProof
* feat: add OFAC rolling root window to all 4 registries
Add previousRoot storage variables to all identity registries so that
checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification.
- Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob)
- KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob)
- KYC updateOfacRootsWithProof also rotates previous roots
- Added getPrev* getter functions on all registries
- Storage appended at end of each storage contract (UUPS-safe)
- 17 new tests covering all registries (window=1 acceptance/rejection)
* feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia
Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions.
New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd
Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3
Pending Safe multisig execution for proxy upgrade.
* feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries
Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0).
- Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry
- Add initializeOfacProof() reinitializer for upgrade path
- Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification
- Rolling window behavior preserved: previous roots saved before overwrite
- Admin functions for updating TEE infrastructure (SECURITY_ROLE gated)
- Bumps all 3 registries to v1.3.0
* refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce
* fix: address CodeRabbit review comments on OFAC proof upgrade
- Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof()
on Passport, Aadhaar, and IdCard registries to prevent front-running during
the window between upgradeToAndCall and the separate initializer call
- Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison
instead of per-root matching — prevents accepting Frankenstein pairs like
(new DOB root, old YOB root) that were never attested together
- Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so
upgrade:prepare works correctly for KYC
- Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add view getters, fix initializeOfacProof guard, add upgrade scripts
- Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar
- Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE
(DEFAULT_ADMIN_ROLE is never granted in governance setup)
- Add Ignition upgrade scripts for KYC and Aadhaar registries
- Comment out registry deploy in deployKycRegistry (verifier-only redeploy)
- Update deployed_addresses.json with sepolia upgrade artifacts
- Bump KYC to v1.2.1, Aadhaar to v1.3.1
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: addresses and error selectors
* style: format registry contracts and upgrade scripts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: formatting
* fix: error selectors
* fix: error selectors
* fix: error selectors
---------
Co-authored-by: Evi Nova <tranquil_flow@protonmail.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
These files were part of PR #1911 (custom Solidity error decoding) which
is not yet merged. They were accidentally included in the #1905 squash
merge. The missing error-selector-map.json dependency breaks workspace
CI (build, lint, type-check) across all branches.
* Add remote webview integrity checks
* fixes
* feedback
* update tests; fix pipelines
* fix ci
* feat(webview): add subresource integrity (SRI) to build output
The SHA-256 remote integrity check only covers the entry HTML document.
Sub-resources (JS, CSS) loaded by that HTML were fetched without
integrity verification, allowing a compromised CDN to swap bundles.
Add a custom Vite plugin that injects SRI sha384 hashes into all
script and link tags in the built index.html. The browser natively
enforces these hashes, blocking any tampered sub-resources.
Includes tests verifying integrity attributes are present and that
hashes match the actual file contents on disk.
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* Fix recovery rollback handling
* Restore registration state on rollback
* Restore selected document on rollback
* fix(webview): clear both keys on partial rollback to prevent mnemonic/secret mismatch
When restoreSnapshotBestEffort partially fails (e.g. mnemonic rollback fails but secret rollback succeeds), the stored mnemonic and private key can end up mismatched — deriving from the stored mnemonic produces a different key than what's stored. This is silent data corruption that could lock users out of recovery.
Fix: when any rollback write fails, clear both keys so ensureSecret can regenerate a consistent pair from scratch. A missing pair is recoverable; a mismatched pair is not.
Adds a test in restoreSecretFromMnemonic that proves the mismatch scenario and verifies both keys are cleared.
* feat(new-common): add humanizeContractError utility with tests
* fix: prettier formatting in secretManager test
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* KR-01: Scope KMP Android to 3-domain parity with provider delegation
Move SecureStorageProvider, CryptoProvider, and CryptoBridgeHandler to
commonMain so both platforms share the same contract. Add default Android
providers (EncryptedSharedPreferencesProvider, AndroidKeystoreCryptoProvider)
that consumers can replace via SdkProviderRegistry.
- Rewrite Android SecureStorageBridgeHandler to delegate to provider and
fix get() response shape to return { value: string | null }
- Register only 3 handlers (secureStorage, crypto, lifecycle) in Activity
- Add WebChromeClient with permission and file upload handling
- Add query param support to WebView URL loading
- Add bridge protocol version validation to MessageRouter
- Remove NFC/camera/biometric dependencies from build.gradle.kts
- Remove out-of-scope permissions from AndroidManifest.xml
- Create IosProviderRegistry for iOS-specific provider fields
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* KR-02: Scope KMP iOS to 3-domain parity with query param support
Move SecureStorageBridgeHandler to commonMain (fixes iOS get() response
shape to return { value: string | null } matching the bridge adapter).
Both Android and iOS now share the same handler via commonMain.
- Register only 3 handlers on iOS (secureStorage, crypto, lifecycle)
- Add queryParams parameter to WebViewProvider interface
- Update IosWebViewHost to forward query params from VerificationRequest
- Update WebViewProviderImpl.swift to append query params to URL
- Relax isConfigured check to only require secureStorage + crypto + webView
- Remove unused handler imports from SelfSdk.ios.kt
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* KR-03: Simplify test app to 3-domain smoke harness
Gut the MRZ/NFC-first flow from the test app and replace with a focused
3-domain smoke test screen that validates secureStorage (set/get/remove
round-trip), crypto (generateKey/getPublicKey/sign/deleteKey), and
lifecycle (validated via SDK launch flow).
- Add DomainSmokeScreen with pass/fail output per domain
- Remove MRZ/NFC navigation routes and expect/actual screen declarations
- Remove NFC/CAMERA permissions from Android manifest
- Remove camera dependency from build.gradle.kts
- Scope iOS test app to register only required providers (secureStorage,
crypto, webView)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix issues - test app
* coderabbit comments
* fix ci
* klint
* coderabbit review comments
* Enhance permission handling in AndroidWebViewHost
* fix registry
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Justin Hernandez <justin.hernandez@self.xyz>
