fix: didit ios native modules

[seshanthS]

Summary

• Fixed openssl issue
• Fixed duplicate NFCPassportReader
• missing struct issue

Test plan

1. IOS builds compile
2. App doesn't crash on NFCScan
3. kyc flow works

---

Native Consolidation Checklist

• CONTRACTS.md reviewed - no unintended contract changes
• Layer 1 bridge contract tests pass (cd app && yarn jest:run / yarn workspace @selfxyz/rn-sdk-test-app test)
• Layer 3 builds pass (app iOS, RN test app iOS, RN test app Android)
• Layer 4 manual smoke test signed off (if consolidation PR)
• No new native business logic added (logic belongs in TypeScript)

Summary by CodeRabbit

Release Notes

• Dependencies

  • Updated Didit SDK to version 3.2.7
  • Added OpenSSL security library support

• Bug Fixes

  • Fixed Xcode 26 compatibility issue with the build process

• Improvements

  • Enhanced NFC passport reading functionality for better reliability

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request migrates iOS NFC passport reading functionality from NFCPassportReader to SelfNFCPassportReader across multiple source files, updates CocoaPods dependencies accordingly, introduces local pod specifications for DiditSDK and OpenSSL-Universal, adds a post-install build script to patch a framework header for Xcode 26 compatibility, and bumps the React Native SDK dependency version.

Changes

Cohort / File(s)	Summary
NFC Passport Reader Migration app/ios/PassportReader.swift, app/ios/PassportReaderCore.swift, app/ios/SelfAnalytics.swift	Replaced NFCPassportReader import and reader type references with SelfNFCPassportReader across initialization, configuration, and function signatures; maintains existing method behavior and React Native bridge contracts.
CocoaPods Configuration app/ios/Podfile	Migrated pod dependency from NFCPassportReader to SelfNFCPassportReader, switched DiditSDK source from remote URL to local podspec path, added OpenSSL-Universal dependency, removed IdensicMobileSDK entries, updated bitcode-stripping logic, and introduced post-install build script that patches fmt/base.h to disable FMT_USE_CONSTEVAL for Xcode 26 compatibility.
Local Pod Specifications app/ios/local-pods/DiditSDK/DiditSDK.podspec, app/ios/local-pods/OpenSSL-Universal/OpenSSL-Universal.podspec	Added new local podspec for DiditSDK (v3.2.6) with vendored xcframework and system framework dependencies, and stub podspec for OpenSSL-Universal that routes framework search paths to DiditSDK to prevent conflicts.
Dependency Update app/package.json	Bumped @didit-protocol/sdk-react-native from ^3.2.6 to ^3.2.7.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• Chore fix ios nfc scanning and compiling #979: Overlapping migrations in PassportReader.swift and SelfAnalytics.swift switching from NFCPassportReader to SelfNFCPassportReader with analytics bridge additions.
• Phase 0 Native Consolidation: Baseline Contracts, Bridge Tests #1822: Related NFC/PassportReader bridge test targets that depend on the PassportReaderCore.scanPassport signature and reader type being updated in this PR.
• SELF-501: Integrate Loki and Sentry logging #791: Parallel iOS passport-reader code modifications affecting the same files and NFC reader implementation selection logic.

Suggested labels

codex

Suggested reviewers

• remicolin
• transphorm

Poem

🔐 From passports old to readers new,
SelfNFC steps in, tried and true,
OpenSSL patched for Xcode's way,
Local pods lead, no more delay! 📱✨

🚥 Pre-merge checks | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and vague. It lacks detailed explanation of changes, testing methodology, and QA steps required by the template; checklist items are unchecked, leaving validation status unclear.	Provide detailed descriptions of the OpenSSL fix and NFC reader migration, explain how testing was performed, add specific QA reproduction steps, and check/address the Native Consolidation Checklist items.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'fix: didit ios native modules' is vague and generic, not clearly conveying the specific changes (NFC reader migration, OpenSSL configuration, DiditSDK setup).	Consider a more specific title like 'fix: migrate to SelfNFCPassportReader and add DiditSDK integration' to better reflect the main changes.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/didit-ios-nativemodules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/ios/Podfile (1)

172-184: ⚠️ Potential issue | 🟠 Major

Remove E2E_TESTING guard from OpenSSL bitcode stripping to prevent build failures in E2E testing.

OpenSSL-Universal is installed unconditionally (line 117) and DiditSDK depends on it regardless of build configuration. However, the bitcode stripping at line 173 only runs when E2E_TESTING is not set, causing iOS build failures when E2E runs. Unlike SelfNFCPassportReader (conditionally included), OpenSSL cannot be guarded by the same condition.

Suggested fix

-    # Only strip OpenSSL bitcode if SelfNFCPassportReader is included (not in e2e testing)
-    unless ENV["E2E_TESTING"] == "1"
-      framework_paths = [
-        "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL",
-        "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/OpenSSL",
-        "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL",
-        "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/OpenSSL",
-      ]
-
-      framework_paths.each do |framework_relative_path|
-        strip_bitcode_from_framework(bitcode_strip_path, framework_relative_path)
-      end
-    end
+    framework_paths = [
+      "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64/OpenSSL.framework/OpenSSL",
+      "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-maccatalyst/OpenSSL.framework/OpenSSL",
+      "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/ios-arm64_x86_64-simulator/OpenSSL.framework/OpenSSL",
+      "Pods/OpenSSL-Universal/Frameworks/OpenSSL.xcframework/macos-arm64_x86_64/OpenSSL.framework/OpenSSL",
+    ]
+
+    framework_paths.each do |framework_relative_path|
+      next unless File.exist?(File.join(Dir.pwd, framework_relative_path))
+      strip_bitcode_from_framework(bitcode_strip_path, framework_relative_path)
+    end

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/ios/Podfile` around lines 172 - 184, Remove the conditional guard around
the OpenSSL bitcode stripping so it always runs during pod install even when
ENV["E2E_TESTING"] == "1"; specifically, eliminate the surrounding "unless
ENV[\"E2E_TESTING\"] == \"1\"" block and keep the framework_paths array and the
loop that calls strip_bitcode_from_framework(bitcode_strip_path,
framework_relative_path) intact in the Podfile so OpenSSL bitcode is stripped
unconditionally.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@app/ios/Podfile`:
- Around line 91-95: The Podfile currently sets nfc_repo_url to a non-existent
placeholder when !is_selfxyz_repo which breaks pod install; update the
nfc_repo_url assignment in the Podfile (search for is_selfxyz_repo and
nfc_repo_url) to either point to a real public NFCPassportReader git URL or read
from an explicit override environment variable (e.g. ENV["NFC_REPO_URL"]) and
fall back to the public repo; if neither a valid public URL nor
ENV["NFC_REPO_URL"] is present, raise a clear error explaining the required env
var so external forks/CI do not silently fail during pod install.

---

Outside diff comments:
In `@app/ios/Podfile`:
- Around line 172-184: Remove the conditional guard around the OpenSSL bitcode
stripping so it always runs during pod install even when ENV["E2E_TESTING"] ==
"1"; specifically, eliminate the surrounding "unless ENV[\"E2E_TESTING\"] ==
\"1\"" block and keep the framework_paths array and the loop that calls
strip_bitcode_from_framework(bitcode_strip_path, framework_relative_path) intact
in the Podfile so OpenSSL bitcode is stripped unconditionally.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8e9d7271-bbec-4d36-b55e-57c07fc54dc7

📥 Commits

Reviewing files that changed from the base of the PR and between 07352a5 and ebdbb55.

⛔ Files ignored due to path filters (2)

• app/ios/Podfile.lock is excluded by !**/*.lock
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (7)

• app/ios/PassportReader.swift
• app/ios/PassportReaderCore.swift
• app/ios/Podfile
• app/ios/SelfAnalytics.swift
• app/ios/local-pods/DiditSDK/DiditSDK.podspec
• app/ios/local-pods/OpenSSL-Universal/OpenSSL-Universal.podspec
• app/package.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
sed -n '91,95p' app/ios/Podfile
printf '\nChecking the configured external-fork repository...\n'
git ls-remote https://github.com/PLACEHOLDER/NFCPassportReader.git HEAD

Repository: selfxyz/self

Length of output: 543

---

External-fork repo URL is broken and blocks pod install for any non-selfxyz CI run.

Line 94 points to https://github.com/PLACEHOLDER/NFCPassportReader.git, which does not exist. Any external fork or CI environment without the internal selfxyz repo will fail at pod install before the iOS build even starts.

Replace the placeholder with a real public repository URL or require an explicit environment variable override:

Suggested fix

-      # External fork - use public SelfNFCPassportReader repository (placeholder)
-      # TODO: Replace with actual public SelfNFCPassportReader repository URL
-      nfc_repo_url = "https://github.com/PLACEHOLDER/NFCPassportReader.git"
+      nfc_repo_url = ENV["SELF_NFC_PASSPORT_READER_GIT_URL"]
+      raise "Set SELF_NFC_PASSPORT_READER_GIT_URL to a reachable SelfNFCPassportReader repository" if nfc_repo_url.to_s.empty?

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if !is_selfxyz_repo
	# External fork - use public NFCPassportReader repository (placeholder)
	# TODO: Replace with actual public NFCPassportReader repository URL
	# External fork - use public SelfNFCPassportReader repository (placeholder)
	# TODO: Replace with actual public SelfNFCPassportReader repository URL
	nfc_repo_url = "https://github.com/PLACEHOLDER/NFCPassportReader.git"
	elsif ENV["GITHUB_ACTIONS"] == "true"
	if !is_selfxyz_repo
	nfc_repo_url = ENV["SELF_NFC_PASSPORT_READER_GIT_URL"]
	raise "Set SELF_NFC_PASSPORT_READER_GIT_URL to a reachable SelfNFCPassportReader repository" if nfc_repo_url.to_s.empty?
	elsif ENV["GITHUB_ACTIONS"] == "true"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/ios/Podfile` around lines 91 - 95, The Podfile currently sets
nfc_repo_url to a non-existent placeholder when !is_selfxyz_repo which breaks
pod install; update the nfc_repo_url assignment in the Podfile (search for
is_selfxyz_repo and nfc_repo_url) to either point to a real public
NFCPassportReader git URL or read from an explicit override environment variable
(e.g. ENV["NFC_REPO_URL"]) and fall back to the public repo; if neither a valid
public URL nor ENV["NFC_REPO_URL"] is present, raise a clear error explaining
the required env var so external forks/CI do not silently fail during pod
install.

[seshanthS]

Placeholder will be replaced by the CI

[coderabbitai]

@seshanthS, understood — if the CI pipeline substitutes the actual URL into the placeholder before pod install runs, the build concern for CI is addressed. Just worth noting that contributors on external forks who try to run pod install locally (outside CI) would still hit the broken URL. A quick note in the README or CONTRIBUTING.md documenting the required environment variable or local setup step would help them avoid confusion.

Acknowledged the design decision either way. Thanks for clarifying!

---

🧠 Learnings used

Learnt from: transphorm
Repo: selfxyz/self PR: 1446
File: .github/workflows/mobile-bundle-analysis.yml:117-117
Timestamp: 2025-11-22T23:16:26.719Z
Learning: In the selfxyz/self repository, for mobile workflows (bundle analysis, deployment, CI/CD):
- Both iOS and Android builds now cache Ruby gems at the unified path `app/vendor/bundle`
- The previous separate paths (app/ios/vendor/bundle for iOS) have been deprecated in favor of this unified approach

---

Learnt from: transphorm
Repo: selfxyz/self PR: 942
File: app/vite.config.ts:170-0
Timestamp: 2025-08-23T02:02:02.556Z
Learning: In the selfxyz/self React Native app, devTools from '@/navigation/devTools' are intentionally shipped to production builds for testing purposes, not excluded as is typical in most applications.

---

Learnt from: transphorm
Repo: selfxyz/self PR: 1548
File: app/package.json:157-157
Timestamp: 2026-01-06T01:48:39.691Z
Learning: In the selfxyz/self repository, Fabric/New Architecture is explicitly disabled (newArchEnabled=false in app/android/gradle.properties), so dependencies that lack Fabric compatibility are acceptable.

---

Learnt from: transphorm
Repo: selfxyz/self PR: 823
File: app/ios/Self.xcodeproj/project.pbxproj:320-332
Timestamp: 2025-08-02T23:53:45.928Z
Learning: When reviewing autogenerated scripts in Xcode project files (like React Native Firebase's embedded shell scripts), avoid suggesting edits since these are regenerated during pod install and cannot be manually modified by users.

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-23T20:57:39.003Z
Learning: Applies to packages/mobile-sdk-alpha/src/!(adapters/react-native)/**/*.{ts,tsx} : Do not import `react-native` in `packages/mobile-sdk-alpha/src/` outside of `src/adapters/react-native/`; keep SDK core platform-agnostic

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2026-03-23T20:58:32.442Z
Learning: For iOS development: Ensure Xcode scheme is set to 'OpenPassport'

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2026-03-23T20:58:32.442Z
Learning: Verify platform-specific code paths are tested (iOS/Android/Web) before PR submission

---

Learnt from: transphorm
Repo: selfxyz/self PR: 795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-03-23T20:58:10.546Z
Learning: Flag security-sensitive changes for special review in PR description

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-23T20:57:39.003Z
Learning: Every change to `mobile-sdk-alpha` must be backwards-compatible with the existing Self Wallet app

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2026-03-23T20:58:32.442Z
Learning: Verify native modules work correctly if native code was modified in PR

---

Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2026-03-23T20:58:32.442Z
Learning: Complex native module changes must be documented in PR description