fix(mobile): push gating and personal-team hardening for Android PR#3643
fix(mobile): push gating and personal-team hardening for Android PR#3643bmdavis419 wants to merge 2 commits into
Conversation
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
ApprovabilityVerdict: Needs human review This PR gates push notification functionality based on build type, which is a significant behavioral change. Additionally, there's an unresolved review comment identifying that push tokens are still sent to relay even when preferences disable delivery, undermining the hardening goal. You can customize Macroscope's approvability policy. Learn more. |
1053338 to
2ae9365
Compare
- Validate T3CODE_IOS_PERSONAL_TEAM_BUNDLE_ID as a reverse-DNS identifier - Expose extra.iosPersonalTeamBuild so runtime capability gating works - Gate native APNs token acquisition on supportsAgentAwarenessPush() so Personal Team builds never call getDevicePushTokenAsync without the aps-environment entitlement - Document why appleSignIn gating on the Clerk plugin is load-bearing - Restore react-native-keyboard-controller 1.21.7 (main bumped it in #3545; 1.21.6 here was a stale pin) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
4c5185e to
7be02cf
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 7be02cf. Configure here.
| ...(input.pushToStartToken ? { pushToStartToken: input.pushToStartToken } : {}), | ||
| preferences: { | ||
| liveActivitiesEnabled, | ||
| notificationsEnabled: input.notificationsEnabled, |
There was a problem hiding this comment.
Personal Team tokens still sent
Medium Severity
For iOS Personal Team builds, makeRelayDeviceRegistrationRequest now forces preferences.notificationsEnabled and preferences.liveActivitiesEnabled off via supportsAgentAwarenessPush, but it still spreads pushToken and pushToStartToken from the caller when present. Relay can receive push tokens while preferences claim delivery is disabled, undermining the Personal Team hardening this PR adds elsewhere.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 7be02cf. Configure here.


PR into #3579 carrying the fixes from #3575 that its snapshot of that branch missed (it absorbed an older version of
fix/mobile-device-builds-and-android-ui).What's included
Push registration gating for Personal Team builds (cherry-picked from #3575's
2e5b83f4c):agent-awareness/capabilities.tswithsupportsAgentAwarenessPush(), driven byextra.iosPersonalTeamBuildliveActivitiesEnabled/notificationsEnabledoff when push is unsupported (+ test)Hardening on top:
nativePushTokenRegistrationnow also checkssupportsAgentAwarenessPush(), so Personal Team builds never callgetDevicePushTokenAsync()without theaps-environmententitlement (previously only the payload was gated — a build with previously-granted permission would still attempt token acquisition and could stall waiting ondidRegisterForRemoteNotifications)T3CODE_IOS_PERSONAL_TEAM_BUNDLE_IDvalidated as a reverse-DNS identifier instead of just non-emptyextra.iosPersonalTeamBuildexposed in the Expo config (required for the runtime gating above)appleSignIn: !isIosPersonalTeamBuildgate on the Clerk plugin is load-bearing (the.cjsentitlements plugin runs before plugins earlier in the array, so it can't strip Clerk's entitlement)react-native-keyboard-controller1.21.7 — main bumped it in [codex] Upgrade Legend List chat scrolling #3545; the 1.21.6 pin here is a stale carryover that would silently downgrade it at mergeVerification
tsc --noEmitpassesSupersedes #3575, which is now closed.
🤖 Generated with Claude Code
Note
Gate push notifications and disable push-related UI in personal team Android builds
supportsAgentAwarenessPush()incapabilities.tsas a single source of truth: returnsfalsewheniosPersonalTeamBuildis set in Expo config extras.nativePushTokenRegistrationinremoteRegistration.tsshort-circuits early on unsupported builds, skipping permission queries and reportingnotificationsEnabled=falsewithpushToken=null.registrationPayload.tsforcesliveActivitiesEnabledandnotificationsEnabledtofalsewhen push is unavailable, regardless of input values.SettingsRouteScreen.tsxare disabled and shown as off in personal team builds.app.config.tsnow requiresT3CODE_IOS_PERSONAL_TEAM_BUNDLE_IDto match a reverse-DNS pattern (e.g.com.example.t3code) whenT3CODE_IOS_PERSONAL_TEAM=1.📊 Macroscope summarized 7be02cf. 5 files reviewed, 0 issues evaluated, 0 issues filtered, 0 comments posted
🗂️ Filtered Issues
No issues evaluated.
Note
Medium Risk
Changes the push registration and relay preference path for Personal Team builds; incorrect gating could affect non–Personal Team users, but scope is narrow and covered by tests.
Overview
Personal Team iOS builds no longer attempt APNs registration or advertise push/live-activity features to relay. A new
supportsAgentAwarenessPush()helper readsextra.iosPersonalTeamBuildfrom Expo config; relay payloads forceliveActivitiesEnabledandnotificationsEnabledoff,nativePushTokenRegistrationskips permission/token calls (avoiding stalls withoutaps-environment), and settings switches for Device Notifications and Live Activity Updates are disabled and shown off.Build config:
T3CODE_IOS_PERSONAL_TEAM_BUNDLE_IDmust match a reverse-DNS pattern when Personal Team mode is on;iosPersonalTeamBuildis exposed onextra. A comment documents why Clerk’sappleSignInmust stay gated for Personal Team.react-native-keyboard-controlleris restored to 1.21.7 (lockfile sync).Reviewed by Cursor Bugbot for commit 7be02cf. Bugbot is set up for automated code reviews on this repo. Configure here.