* security fix
* more security fixes
* fixes
* pr feedback
* Restore remote URL loading in native-shell-ios and native-shell-android
Remove bundled-asset-only loading and SHA-256 integrity checks from both
native shell packages. WebViews now load directly from the remote URL
(default: https://self-app-alpha.vercel.app) over HTTPS, matching the
pattern already implemented in kmp-sdk and self-sdk-swift.
Also fixes ObjC selector mismatch in self-sdk-swift WebViewProviderImpl
for configureRemoteLoading.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Restore remote URL loading in kmp-sdk and self-sdk-swift
Remove bundled-asset-only loading from kmp-sdk AndroidWebViewHost and
self-sdk-swift WebViewProviderImpl. Both now load directly from the
remote URL (default: https://self-app-alpha.vercel.app) over HTTPS.
Adds remoteWebAppBaseUrl to SelfSdkConfig and pipes it through
IosWebViewHost via the new configureRemoteLoading protocol method.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* coderabbit comments
* lint
* coderabbit comments
---------
Co-authored-by: seshanthS <seshanth@protonmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Add remote webview integrity checks
* fixes
* feedback
* update tests; fix pipelines
* fix ci
* feat(webview): add subresource integrity (SRI) to build output
The SHA-256 remote integrity check only covers the entry HTML document.
Sub-resources (JS, CSS) loaded by that HTML were fetched without
integrity verification, allowing a compromised CDN to swap bundles.
Add a custom Vite plugin that injects SRI sha384 hashes into all
script and link tags in the built index.html. The browser natively
enforces these hashes, blocking any tampered sub-resources.
Includes tests verifying integrity attributes are present and that
hashes match the actual file contents on disk.
---------
Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* stitch tunnelflow screens
* save wip formatting
* add failure flow
* stub account recovery
* add tests
* add spec wv-17
* prep for review
* serialize
* fixes
* fix bug
* fix dev building
* fix: close Didit modal on completion, show KycPendingScreen while waiting (#1900)
- Close Didit SDK modal immediately when onComplete fires
- Show Euclid KycPendingScreen with animation while Socket.IO waits for TEE attestation
- Replaces generic spinner for the 'In Review' waiting state
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* navigate to disclose step on restore
* skip disclose confirmation screen
* Update Recovery flow
* Navigate to account recovery if TEE rejects it as already registered
* Navigate to disclose directly if the selected document is registered
* SELF-2348: Load webapp from url
* update sdk-test-app
* fix result from sdk
* fixes?
* fix build issue
* fix install pipeline
* carry pr feedback. fix formatting
---------
Co-authored-by: Justin Hernandez <justin.hernandez@self.xyz>
Co-authored-by: Nesopie <87437291+Nesopie@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: store KYC document in keychain after receiving TEE attestation
Build a KycData document from the attestation (signature, applicantInfo,
pubkey) and persist it via storePassportData → keychain-backed adapter.
This makes the document available for the proving machine.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: KYC document mock is always false
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* provingmachine flow with mock passport
* add yarn.lock
* Fix coderabbit comments
* lint
* update coderabbit comments
* coderabbit comments
* Merge branch 'dev' into feat/didit-keychain-storage
* fix: reorder KYC constants declarations and fix formatting
Constants were declared out of order causing "used before declaration"
TS errors. Reordered to match the 295-byte layout sequentially.
Also ran prettier on common package.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix proving phase handling and add delete catalog debug button
- TunnelProvingScreen: use `phase !== 'disclose'` to handle completion
for both passport (dsc→register→disclose) and kyc/aadhaar (register→disclose)
- KeychainDebugScreen: add Delete Catalog button to clear all documents
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* coderabbit comments
---------
Co-authored-by: ayman <aymanshaik1015@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace unused teeUrl with environment ("prod"/"staging") for endpoint selection. The webview never consumed teeUrl — the proving machine resolves TEE URLs internally from the circuit DNS mapping API based on environment.
Add version (default 1) for config protocol versioning. Add optional verification config fields: scope, disclosures, appName, appEndpoint, resultType — needed for the tunnel flow to render the proof request UI correctly. The webview already parsed these from URL params; the native shells just weren't sending them.
Update webview to parse environment and version from URL params with defensive defaults. Update both test apps to use the new config shape.
* feat: add iOS native shell package (NSL-02)
Plain Swift implementation of the WebView host with bridge handlers
for secure storage (Keychain), crypto (EC P-256), and lifecycle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add Android native shell package (NSL-01)
Plain Kotlin implementation of the WebView host with bridge handlers
for secure storage (EncryptedSharedPreferences), crypto (Android Keystore
EC P-256), and lifecycle.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: integrate Sumsub Web SDK into ProviderLaunchScreen (WV-05)
Rewrites ProviderLaunchScreen to launch Sumsub Web SDK, adds KYC
provider types, result normalization, and a ProviderResultScreen
for displaying verification outcomes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: update spec status for NSL-01, NSL-02, WV-05 to in-progress
All three items are code-complete but need integration testing
before marking done.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* docs: add build-pipeline workstream specs, update NSL-03 and BP-01 status
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add WebView bundle build pipeline (BP-01)
Build script copies webview-app dist into both native shell asset
directories. Gradle preBuild validation fails fast when bundle is
missing. Root package.json gets build:sdk-* scripts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add SDK test apps for Android and iOS (NSL-03)
Minimal test apps to exercise native shells end-to-end:
- Android: Jetpack Compose app using SelfSdk.launch() via composite build
- iOS: SwiftUI app using SelfSdk.createViewController() via local SPM dep
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* update lockfile
* fix: address CodeRabbit PR review findings for native shells
- Fix iOS double callback: add hasEmittedResult flag to LifecycleHandler
so dismiss() won't fire onCancelled after onResult already emitted
- Fix Android error result codes: use RESULT_FIRST_USER for failed
verifications instead of always RESULT_OK; add dedicated handler in
SelfSdk.handleResult
- Fix iOS production query params: append params to file URL via
URLComponents so WebView receives teeUrl/verificationId/userId
- Fix build:sdk-ios false-green: chain swift build after bundle script
- Add expectedRequestCode param to handleResult for flexibility
- Upgrade security-crypto 1.1.0-alpha06 → 1.1.0 stable
- Improve callback type safety: onSuccess takes raw JSON string,
onFailure takes SelfSdkException instead of generic Exception
- Add requireBiometric intent comments to both SecureStorageHandlers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: address remaining CodeRabbit PR review findings (round 2)
- iOS BridgeResponse: add requestId/success fields, rename result→data to match JS bridge contract
- iOS test app: fix callback deallocation with Coordinator pattern
- ProviderLaunchScreen: fail closed on missing verificationId, fix retry via retryCount state
- ProviderResultScreen: guard unknown status with fallback to error config
- build-webview-bundle.sh: validate index.html before deleting targets
- Package.swift: fix SPM resource path with target path/sources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
