github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-01-06 21:34:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
self/.cursorrules
Justin Hernandez c11c9af143 chore: update monorepo artifacts (#1079) 
* remove unneeded artifacts, skip building circuits

* update md files
2025-09-16 16:33:31 -07:00

191 lines
6.8 KiB
Plaintext
Raw Permalink Blame History

# main-overview
## Development Guidelines
- Only modify code directly relevant to the specific request. Avoid changing unrelated functionality.
- Never replace code with placeholders like `# ... rest of the processing ...`. Always include complete code.
- Break problems into smaller steps. Think through each step separately before implementing.
- Always provide a complete PLAN with REASONING based on evidence from code and logs before making changes.
- Explain your OBSERVATIONS clearly, then provide REASONING to identify the exact issue. Add console logs when needed to gather more information.
- **NEVER log sensitive data** including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
- **ALWAYS redact/mask sensitive fields** in logs using consistent patterns (e.g., `***-***-1234` for passport numbers, `J*** D***` for names).
- **Use secure centralized logging** with access controls, encryption in transit/at rest, and audit trails for log access.
- **Debug-level secrets require tokenized environment flags** (e.g., `DEBUG_SECRETS_TOKEN=abc123`) with approval workflow and limited lifetime (max 24 hours).
- **Implement periodic log review and retention policies** with automated cleanup of sensitive data and compliance with data protection regulations.
# Identity Verification System Architecture
## Core Components
1. Identity Verification Hub
- Manages multi-step verification process for passports and EU ID cards
- Handles document attestation through zero-knowledge proofs
- Implements verification paths: E-PASSPORT and EU_ID_CARD
- File: contracts/contracts/IdentityVerificationHubImplV2.sol
2. Document Verification Processing
- Validates international travel documents using ICAO standards
- Processes Document Signer Certificate (DSC) verification
- Handles multiple cryptographic signature algorithms
- Location: noir/crates/dg1/src/dg1/dg1.nr
3. OFAC Compliance System
- Three-tier verification approach:
* Name-based sanctions screening
* Name + DOB verification
* Passport number validation
- Merkle tree-based sanctions list verification
- Files: noir/crates/dg1/src/ofac/*.nr
4. Identity Registry Management
- Maintains separate registries for passports and ID cards
- Handles DSC key commitment registration
- Implements nullifier tracking for duplicate prevention
- File: contracts/contracts/registry/IdentityRegistryImplV1.sol
## Core Workflows
1. Document Verification Flow
- Zero-knowledge proof generation for privacy
- Multi-stage attestation verification
- Cross-chain verification support
2. Compliance Verification
- OFAC screening integration
- Age verification without revealing DOB
- Country restriction validation
- Forbidden country checking
3. Attribute Disclosure Control
- Selective revelation of identity attributes
- Privacy-preserving age verification
- Granular document field disclosure
- Merkle-based attribute verification
## Business Rules
1. Document Validation
- Multiple proof types required (Register, DSC, VC)
- Time-based verification with day granularity
- Double-spend prevention through nullifiers
2. Compliance Requirements
- OFAC validation with multiple check levels
- Age threshold verification
- Country-based restrictions
- Document expiration validation
3. Privacy Controls
- Minimum necessary attribute disclosure
- Zero-knowledge proof requirements
- Selective attribute revelation
- Identity commitment privacy
$END$
# Self App Development Rules
## Project Overview
This is a React Native identity verification app with NFC passport reading, zero-knowledge proofs, and smart contracts. The app handles passport/ID verification, OFAC compliance, and privacy-preserving identity attestations.
## Development Patterns
### React Native Architecture
- Uses `@react-navigation/native` with `createStaticNavigation` for type-safe navigation
- Platform-specific handling: `Platform.OS === 'ios' ? 'iOS' : 'Android'`
- Native module initialization with `initializeNativeModules()` before any native operations
- Lazy loading for screens using `React.lazy()`
### Navigation Patterns
- Screens organized by feature modules (passport, home, settings, etc.)
- Custom modal system with `useModal` hook and callback registry
- Haptic feedback integration with `useHapticNavigation`
- Platform-specific initial routes: web uses 'Home', mobile uses 'Splash'
### State Management
- Zustand for global state management
- Custom hooks for complex state (`useModal`, `useHapticNavigation`)
- AsyncStorage for simple data, SQLite for complex data, Keychain for sensitive data
## Testing Conventions
### Jest Setup
- Comprehensive mocks in `jest.setup.js` for all native modules
- Module mapping: `@/` → `src/`, `@tests/` → `tests/src/`
- Mock patterns for Firebase, Keychain, NFC, Analytics, and third-party modules
### Testing Patterns
- Use `renderHook` for custom hook testing
- Mock console.error to avoid test output clutter
- Test error boundaries and recovery mechanisms
- E2E testing with Maestro for platform-specific flows
### Database Testing
- SQLite operations mocked with `executeSql` method
- Test utilities in `tests/__setup__/databaseMocks.ts`
- Mock database instance for testing
## Code Organization
### File Structure
- Feature-based organization in `src/`
- Shared utilities in `@/utils`
- Type definitions in `@/types`
- Platform-specific code in `native/` directories
- Tests mirror source structure in `tests/src/`
### Import Patterns
- Use `@/` alias for src imports
- Use `@tests/` alias for test imports
- Platform-specific imports with conditional rendering
## Build & Deployment
### Scripts
- `yarn ios` / `yarn android` for platform-specific builds
- `yarn test` for Jest testing
- `yarn test:e2e:ios` / `yarn test:e2e:android` for E2E
- Fastlane for deployment automation
### Dependencies
- Yarn workspaces for monorepo management
- Platform-specific native modules
- Tamagui for UI components
- React Navigation for routing
## Security & Privacy
### Data Protection
- Sensitive data not logged in production
- Secure storage with Keychain
- Proper cleanup of sensitive data
- Certificate validation for passport data
### Privacy Features
- Zero-knowledge proof generation
- Selective attribute revelation
- Privacy-preserving age verification
- Identity commitment privacy
## Common Patterns
### Error Handling
- Always use try-catch for async operations
- Graceful degradation when native modules fail
- User-friendly error messages
- Comprehensive error boundaries
### Performance
- Lazy load screens and components
- Bundle size optimization with tree shaking
- Memory leak prevention in native modules
- Proper cleanup in useEffect and component unmount
### Platform Differences
- Always check Platform.OS before platform-specific code
- Different implementations for iOS/Android when needed
- Platform-specific testing strategies
- Conditional rendering for platform differences
Reference in New Issue View Git Blame Copy Permalink