github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-02-19 02:24:25 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8b87ba36ab5089ffcf1d4385a71086ba64024b72
self/.cursorrules
Nesopie e77247f372 Feat/kyc (#1623) 
* feat: selfrica circuit and tests

* chore: remove unused code

* feat: test for ofac,date and olderthan

* fix: public signal constant

* feat: add contract tests

* feat: helper function to gen TEE input

* feat: gen circuit inputs with signature

* feat: seralized base64

* fix: DateIsLessFullYear componenet

* feat: register circuit for selfrica

* feat: selfrica disclose circuit and test

* fix: common module error

* feat: add more test and fix constant

* fix: commitment calculation

* feat: selfrica contracts

* test: selfrica register using unified circuit

* feat: register persona and selfrica circuit

* feat: selfrica circuit and tests

* chore: remove unused code

* feat: test for ofac,date and olderthan

* fix: public signal constant

* feat: add contract tests

* feat: helper function to gen TEE input

* feat: gen circuit inputs with signature

* feat: seralized base64

* fix: DateIsLessFullYear componenet

* feat: register circuit for selfrica

* feat: selfrica disclose circuit and test

* fix: common module error

* feat: add more test and fix constant

* fix: commitment calculation

* feat: selfrica contracts

* test: selfrica register using unified circuit

* feat: register persona and selfrica circuit

* refactor: contract size reduction for IdentityVerificationHubImplV2

export function logic to external libs, reduce compiler runs to 200, update deploy scripts to link new libs

* feat: disclose circuit for persona

* feat: update  persona ofac trees

* feat; register circuit for selfper

* feat: disclose test for selfper

* chore: refactor

* chore : remove unused circuits

* chore: rename selfper to kyc

* chore: update comments

* feat: constrain s to be 251 bit

* feat: add range check on majority ASCII and comments

* feat: range check on neg_r_inv

* chore: remove is pk zero constrain

* merge dev

* feat: add registerPubkey function to Selfrica with GCPJWT Verification

* test: add testing for GCPJWT verification on Selfrica

* fix: script that calls register_selfrica circuits (ptau:14 -> ptau:15)

* fix: get remaining Selfrica tests working with proper import paths

* refactor: store pubkeys as string

also add some comment code for registerPubkey function

* refactor: remove registerPubkeyCommitment function

some tests now skipped as awaiting changes to how pubkeys are stored (string instead of uint256)

* feat: use hex decoding for the pubkey commitment

* test: adjust tests for pubkey being string again

* fix: remove old references to registerPubkey

* docs: add full natspec for IdentityRegistrySelfricaImplV1

* docs: update files in rest of the repo for Selfrica attestation type

* test: fix broken tests

* fix: builds and move to kyc from selfrica

* fix: constrain r_inv, Rx, s, T

* feat: eddsa

* feat: add onlyTEE check to registerPubkeyCommitment

onlyOwner is able to change onlyTEE

* refactor: update gcpRootCAPubkeyHash to be changeable by owner

* feat: add events for update functions

* style: move functions to be near other similar functions

* fix: kyc happy flow

* fix: all contract tests passing

| fix: timestamp conversion with Date(), migrate to V2 for endToEnd test, scope formatting, fix register aadhaar issue by using block.timestamp instead of Date.now(), fix changed getter function name, enable MockGCPJWTVerifier with updated file paths, add missing LeanIMT import, fix user identifier format

* audit: bind key offset-value offset and ensure image_digest only occurs once in the payload

* fix: constrain bracket

* chore: update comment

* audit: hardcode attestation id

* audit: make sure R and pubkey are on the curve

* audit: ensure pubkey is within bounds

* fix: all contract tests passing

* feat: change max length to 99 from 74

* audit: don't check sha256 padding

* audit: check the last window as well

* audit: single occurance for eat_nonce and image_digest

* audit: check if the certs are expired

* audit: add the timestamp check to the contract

* audit: make sure the person is less than 255 years of age

* audit fixes

* chore: yarn.lock

* fix: build fixes

* fix: aadhaar timestamp

* lint

* fix: types

* format

---------

Co-authored-by: vishal <vishalkoolkarni0045@gmail.com>
Co-authored-by: Evi Nova <tranquil_flow@protonmail.com>
2026-01-19 15:54:37 +05:30

191 lines
7.0 KiB
Plaintext
Raw Blame History

# main-overview
## Development Guidelines
- Only modify code directly relevant to the specific request. Avoid changing unrelated functionality.
- Never replace code with placeholders like `# ... rest of the processing ...`. Always include complete code.
- Break problems into smaller steps. Think through each step separately before implementing.
- Always provide a complete PLAN with REASONING based on evidence from code and logs before making changes.
- Explain your OBSERVATIONS clearly, then provide REASONING to identify the exact issue. Add console logs when needed to gather more information.
- **NEVER log sensitive data** including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
- **ALWAYS redact/mask sensitive fields** in logs using consistent patterns (e.g., `***-***-1234` for passport numbers, `J*** D***` for names).
- **Use secure centralized logging** with access controls, encryption in transit/at rest, and audit trails for log access.
- **Debug-level secrets require tokenized environment flags** (e.g., `DEBUG_SECRETS_TOKEN=abc123`) with approval workflow and limited lifetime (max 24 hours).
- **Implement periodic log review and retention policies** with automated cleanup of sensitive data and compliance with data protection regulations.
# Identity Verification System Architecture
## Core Components
1. Identity Verification Hub
- Manages multi-step verification process for passports, EU ID cards, Aadhaar, and Selfrica ID cards
- Handles document attestation through zero-knowledge proofs
- Implements verification paths: E-PASSPORT, EU_ID_CARD, AADHAAR, and SELFRICA_ID_CARD
- File: contracts/contracts/IdentityVerificationHubImplV2.sol
2. Document Verification Processing
- Validates international travel documents using ICAO standards
- Processes Document Signer Certificate (DSC) verification
- Handles multiple cryptographic signature algorithms
- Location: noir/crates/dg1/src/dg1/dg1.nr
3. OFAC Compliance System
- Three-tier verification approach:
* Name-based sanctions screening
* Name + DOB verification
* Passport number validation
- Merkle tree-based sanctions list verification
- Files: noir/crates/dg1/src/ofac/*.nr
4. Identity Registry Management
- Maintains separate registries for passports, EU ID cards, Aadhaar, and Selfrica
- Handles DSC key commitment registration
- Implements nullifier tracking for duplicate prevention
- Files: contracts/contracts/registry/IdentityRegistryImplV1.sol, IdentityRegistryIdCardImplV1.sol, IdentityRegistryAadhaarImplV1.sol, IdentityRegistrySelfricaImplV1.sol
## Core Workflows
1. Document Verification Flow
- Zero-knowledge proof generation for privacy
- Multi-stage attestation verification
- Cross-chain verification support
2. Compliance Verification
- OFAC screening integration
- Age verification without revealing DOB
- Country restriction validation
- Forbidden country checking
3. Attribute Disclosure Control
- Selective revelation of identity attributes
- Privacy-preserving age verification
- Granular document field disclosure
- Merkle-based attribute verification
## Business Rules
1. Document Validation
- Multiple proof types required (Register, DSC, VC)
- Time-based verification with day granularity
- Double-spend prevention through nullifiers
2. Compliance Requirements
- OFAC validation with multiple check levels
- Age threshold verification
- Country-based restrictions
- Document expiration validation
3. Privacy Controls
- Minimum necessary attribute disclosure
- Zero-knowledge proof requirements
- Selective attribute revelation
- Identity commitment privacy
$END$
# Self App Development Rules
## Project Overview
This is a React Native identity verification app with NFC passport reading, zero-knowledge proofs, and smart contracts. The app handles passport/ID verification, OFAC compliance, and privacy-preserving identity attestations.
## Development Patterns
### React Native Architecture
- Uses `@react-navigation/native` with `createStaticNavigation` for type-safe navigation
- Platform-specific handling: `Platform.OS === 'ios' ? 'iOS' : 'Android'`
- Native module initialization with `initializeNativeModules()` before any native operations
- Lazy loading for screens using `React.lazy()`
### Navigation Patterns
- Screens organized by feature modules (passport, home, settings, etc.)
- Custom modal system with `useModal` hook and callback registry
- Haptic feedback integration with `useHapticNavigation`
- Platform-specific initial routes: web uses 'Home', mobile uses 'Splash'
### State Management
- Zustand for global state management
- Custom hooks for complex state (`useModal`, `useHapticNavigation`)
- AsyncStorage for simple data, SQLite for complex data, Keychain for sensitive data
## Testing Conventions
### Jest Setup
- Comprehensive mocks in `jest.setup.js` for all native modules
- Module mapping: `@/` → `src/`, `@tests/` → `tests/src/`
- Mock patterns for Firebase, Keychain, NFC, Analytics, and third-party modules
### Testing Patterns
- Use `renderHook` for custom hook testing
- Mock console.error to avoid test output clutter
- Test error boundaries and recovery mechanisms
- E2E testing with Maestro for platform-specific flows
### Database Testing
- SQLite operations mocked with `executeSql` method
- Test utilities in `tests/__setup__/databaseMocks.ts`
- Mock database instance for testing
## Code Organization
### File Structure
- Feature-based organization in `src/`
- Shared utilities in `@/utils`
- Type definitions in `@/types`
- Platform-specific code in `native/` directories
- Tests mirror source structure in `tests/src/`
### Import Patterns
- Use `@/` alias for src imports
- Use `@tests/` alias for test imports
- Platform-specific imports with conditional rendering
## Build & Deployment
### Scripts
- `yarn ios` / `yarn android` for platform-specific builds
- `yarn test` for Jest testing
- `yarn test:e2e:ios` / `yarn test:e2e:android` for E2E
- Fastlane for deployment automation
### Dependencies
- Yarn workspaces for monorepo management
- Platform-specific native modules
- Tamagui for UI components
- React Navigation for routing
## Security & Privacy
### Data Protection
- Sensitive data not logged in production
- Secure storage with Keychain
- Proper cleanup of sensitive data
- Certificate validation for passport data
### Privacy Features
- Zero-knowledge proof generation
- Selective attribute revelation
- Privacy-preserving age verification
- Identity commitment privacy
## Common Patterns
### Error Handling
- Always use try-catch for async operations
- Graceful degradation when native modules fail
- User-friendly error messages
- Comprehensive error boundaries
### Performance
- Lazy load screens and components
- Bundle size optimization with tree shaking
- Memory leak prevention in native modules
- Proper cleanup in useEffect and component unmount
### Platform Differences
- Always check Platform.OS before platform-specific code
- Different implementations for iOS/Android when needed
- Platform-specific testing strategies
- Conditional rendering for platform differences
Reference in New Issue View Git Blame Copy Permalink