Release to Production v2.9.16 - 2026-03-29#1879
Merged
transphorm merged 28 commits intomainfrom Mar 31, 2026
Merged
Conversation
* feat: add iOS native shell package (NSL-02) Plain Swift implementation of the WebView host with bridge handlers for secure storage (Keychain), crypto (EC P-256), and lifecycle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add Android native shell package (NSL-01) Plain Kotlin implementation of the WebView host with bridge handlers for secure storage (EncryptedSharedPreferences), crypto (Android Keystore EC P-256), and lifecycle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: integrate Sumsub Web SDK into ProviderLaunchScreen (WV-05) Rewrites ProviderLaunchScreen to launch Sumsub Web SDK, adds KYC provider types, result normalization, and a ProviderResultScreen for displaying verification outcomes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: update spec status for NSL-01, NSL-02, WV-05 to in-progress All three items are code-complete but need integration testing before marking done. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: add build-pipeline workstream specs, update NSL-03 and BP-01 status Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add WebView bundle build pipeline (BP-01) Build script copies webview-app dist into both native shell asset directories. Gradle preBuild validation fails fast when bundle is missing. Root package.json gets build:sdk-* scripts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add SDK test apps for Android and iOS (NSL-03) Minimal test apps to exercise native shells end-to-end: - Android: Jetpack Compose app using SelfSdk.launch() via composite build - iOS: SwiftUI app using SelfSdk.createViewController() via local SPM dep Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * update lockfile * fix: address CodeRabbit PR review findings for native shells - Fix iOS double callback: add hasEmittedResult flag to LifecycleHandler so dismiss() won't fire onCancelled after onResult already emitted - Fix Android error result codes: use RESULT_FIRST_USER for failed verifications instead of always RESULT_OK; add dedicated handler in SelfSdk.handleResult - Fix iOS production query params: append params to file URL via URLComponents so WebView receives teeUrl/verificationId/userId - Fix build:sdk-ios false-green: chain swift build after bundle script - Add expectedRequestCode param to handleResult for flexibility - Upgrade security-crypto 1.1.0-alpha06 → 1.1.0 stable - Improve callback type safety: onSuccess takes raw JSON string, onFailure takes SelfSdkException instead of generic Exception - Add requireBiometric intent comments to both SecureStorageHandlers Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: address remaining CodeRabbit PR review findings (round 2) - iOS BridgeResponse: add requestId/success fields, rename result→data to match JS bridge contract - iOS test app: fix callback deallocation with Coordinator pattern - ProviderLaunchScreen: fail closed on missing verificationId, fix retry via retryCount state - ProviderResultScreen: guard unknown status with fallback to error config - build-webview-bundle.sh: validate index.html before deleting targets - Package.swift: fix SPM resource path with target path/sources Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
…1857) When CDN bundle loading lands, runtime checksum verification (SHA-256 manifest, fail-closed on mismatch) becomes a security boundary. This adds the backlog item and context so it's picked up at the right time. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* add skill * updates
…ls (#1858) * feat(webview-app): add Euclid 3.0 settings sub-screens Add SecurityScreen, NotificationPreferencesScreen, and DevModeScreen wrappers that import Euclid 3.0 components and wire them with React Router navigation and bridge adapters. Update SettingsScreen menu items to navigate to real routes instead of /coming-soon. Requires @selfxyz/euclid-web to be published with the new screen exports (SecurityScreen, NotificationPreferencesScreen, DevModeScreen) before type-check will pass. See docs/superpowers/plans/ for full context. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add settings integration plan and handover Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: use euclid 1.2.0 * PoC tunnel flow * updates * update skills --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Leszek Stachowski <leszek.stachowski@self.xyz>
…1861) WV-07 covers SelfClient assembly: exporting useProvingStore from the browser entry point, mapping bridge adapters to SDK interfaces, creating a keychain-backed DocumentsAdapter via the existing secureStorage bridge, and wiring a real SelfClient in the webview-app provider. WV-08 covers the tunnel proving flow: replacing the mock 3-second timer with real provingMachine integration (register → disclose), storing Sumsub KYC results as KycData documents in native keychain, and driving UI from proving state transitions. Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* update skills * fixes and formatting
* commit * fix pipelines
* Extract Reusable App Adapter Factories for SelfClient Assembly * update coderabbit comments * lint
* save wip specs * update * updates * address feedback
* chore: swap @sumsub/react-native-mobilesdk-module for @didit-protocol/sdk-react-native Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: rename SUMSUB_TEE_URL to DIDIT_TEE_URL Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: rename PendingKycVerification.userId to sessionId Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add Didit integration module, remove Sumsub integration Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add useDiditWebSocket hook, remove useSumsubWebSocket Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add useDiditLauncher hook, remove useSumsubLauncher Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: rename userId to sessionId in pendingKycStore, bump persist version Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: rename sumsub error injection triggers to didit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: rename KycSuccess route param userId to sessionId Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: update KycSuccessScreen to use useDiditWebSocket and sessionId Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: update all consumer files from Sumsub to Didit Updates usePendingKycRecovery, selfClientProvider, 5 fallback screens, LogoConfirmationScreen, HomeScreen, KYCVerifiedScreen, and KycIdCard. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: update jest mocks and config for Didit SDK Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * build: swap Sumsub native deps for Didit in Podfile and build.gradle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * refactor: remove hardcoded sumsub namespace from nullifier generation Read namespace from id_type field instead of hardcoding 'sumsub'. The didit-tee encodes id_type as [namespace_len][namespace][doc_type], so the namespace is already in the signed data. Also fix deserializeApplicantInfo to parse the namespaced encoding and extract just the document type for display. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: lint and formatting issues from Didit migration Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add register_kyc support to build_r1cs_wasm.sh and build_cpp.sh Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: use circuits/node_modules paths in build_r1cs_wasm.sh Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: emit ack_success after receiving KYC data to trigger session deletion The didit-tee now expects the client to ack receipt of signed data, which triggers DELETE of the session from Didit's API for data cleanup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: use raw bytes for KYC commitment/nullifier instead of deserialize+reserialize The deserialize→reserialize path strips the namespace prefix from id_type, producing different bytes than the TEE signed. Work on the raw base64-decoded bytes directly to match the circuit inputs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: lint * Revert "fix: lint" This reverts commit d3dde14. * fix: lint --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fixed openssl issue - Fixed duplicate NFCPassportReader - missing struct issue
…1869) * wip * update spec * formatting * update specs * update specs * finalize
…#1870) * add webview formatting * updates * fixes
* fix: keychain to webview communication * lint * update coderabbit comments * lint
…ider handoff (#1872) * save current registration state * save wip * update insets * wip * updates * commit * update flows * updates * fix animation
Release to Staging v2.9.16 - 2026-03-27
* Add registration prompt screens (SELF-2452) Add 4 registration prompt screen wrappers: SocialSignOnMethodPickerScreen, SocialSignOnPickerScreen, ConflictDetectedScreen, and PushNotificationPromptScreen. Register routes at /onboarding/backup, /onboarding/signin, /onboarding/conflict, and /onboarding/notifications. Add Lottie animation assets and Vite middleware plugin for static file serving. Navigation targets use /coming-soon placeholders pending WV-09 registration core merge. * updates --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* Add proof overlays, history, and post-proof screens (SELF-2421) Add 10 proof-related screen wrappers: ProofRequestReceiptScreen, ProofHistoryScreen, SimpleDialogueScreen, DialogueWithCtaScreen, ProofGenerationDialogueScreen, ProofGenerationSuccessScreen, ProofSuccessBackupScreen, NovaSplashScreen, KycPendingScreen, and KycVerificationSuccessScreen. Include Lottie animation JSON files and dialogue background image in public/ for proper rendering. Add Vite middleware plugin to serve static JSON/HTML files without SPA fallback rewriting. * save wip dev menu * save dialogue screen updates * finalize screens * add test * improvments * update --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* feat(webview-app): add IDDataScreen and ManageDocumentsScreen (SELF-2422) Screen migration for WV-14. Adds 2 euclid screen wrappers with mock data for the UI mocking pass. - IDDataScreen at /id-data with ExposedIDCard, identification details, document data - ManageDocumentsScreen at /manage-documents with document list and manage dialogue - Wire Settings > Manage Documents to /manage-documents instead of /coming-soon - Add preview.html for phone-frame screen verification during development * update * rename --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
transphorm
had a problem deploying
to
development
GitHub Actions
Failure
* Add recovery and backup screens (SELF-2423) Add 5 recovery/backup screen wrappers around euclid components: BackupMethodPickerScreen, RecoveryPhraseScreen, LaunchRecoveryScreen, SecretPhraseInputScreen, and RecoverySuccessScreen. Wire SecurityScreen actions to the new routes instead of /coming-soon. Register all routes in App.tsx. * Add background image to LaunchRecoveryScreen and animation assets (SELF-2423) Add dialogue-background.jpg and Lottie animation JSON files to public/ for proper screen rendering. Pass backgroundImage prop to LaunchRecoveryScreen for visual consistency with other dialogue screens. * add test * link up * fixes * revert fix. we need to fix in euclid * update euclic * dev menu dx, add password * fix launch recovery screen * fix recovery success screen * fix recovery phrase tests * updates * fixes * fixes --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>
* Clean up WV-16 settings screens Fix mock document generation in DevModeScreen — generate button now calls mockDocumentStore.addDocument() with the selected country and document type instead of navigating home without storing anything. Fix duplicate description on Manage Documents menu item — was incorrectly showing "Recovery phrase, passport data" (copy-paste from Security item), now shows "Your registered passports and IDs". Add haptic feedback to all settings menu item press handlers. Add Settings root and Tunnel routes to the DevRouteMenu. Add navigation and interaction tests for all four settings screens. * Update WV-16 status in webview SPEC.md Mark WV-16 as Done and document what was delivered vs deferred. Settings persistence (notification toggles, backup-enabled state) is explicitly deferred pending a storage design decision — it does not block UI completeness.
* feat: replace Sumsub with Didit JS SDK in webview-app - Add @didit-protocol/sdk-web, remove @sumsub/websdk - Create diditProvider.ts with session creation + SDK launch - Update ProviderLaunchScreen to use Didit embedded mode - Delete sumsubProvider.ts and sumsub-websdk.d.ts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add Socket.IO attestation flow to webview KYC After Didit JS SDK completes, connect Socket.IO to the TEE, subscribe by sessionId, and wait for signed KYC data (attestation). Emit ack_success for session cleanup. Attach attestation to the provider result before navigating to the result screen. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: update TEE URL to kyc.self.xyz, update SDK test app README for Didit Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: only route KYC (Other IDs) to Didit provider, others to Coming Soon Passport, ID card, and Aadhaar require NFC/MRZ scanning which isn't available in the WebView. Only "Other IDs" goes through the Didit JS SDK flow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: Didit SDK full-width rendering and KYC routing - Wire onNotListedPress to launch Didit for "View other supported IDs" - Remove verificationId gate from ProviderLaunchScreen - Switch to modal mode with CSS overrides for full-screen on mobile - Force .shadow-card to 100% width/height in WebView context Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add camera permissions and file upload to Android WebView Add WebChromeClient to AndroidWebViewHost: - onPermissionRequest: auto-grants camera for Didit SDK - onShowFileChooser: opens system file picker for document upload - SelfVerificationActivity handles file chooser result callback Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: gitignore Gradle build artifacts for native-shell-android Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add runtime camera permission and CAMERA manifest declaration - Add CAMERA permission to sdk-test-app AndroidManifest.xml - Request runtime camera permission in onPermissionRequest before granting - Handle permission result in SelfVerificationActivity - Store pending PermissionRequest for async grant/deny after user response Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix ios camera * fix: address CodeRabbit review findings - Replace ngrok URL with kyc.self.xyz in Android and iOS test apps - Fix file chooser hang when context is not an Activity - Move NSCameraUsageDescription to project.yml (survives xcodegen regen) - Delete manual Info.plist that would be overwritten Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: replace ngrok URL with kyc.self.xyz in diditProvider and diditAttestation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: explicitly disable Didit SDK debug logging Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: webview lint * fix: validate origin and handle audio permission in WebView permission grants - Deny permission requests from untrusted origins - Deny instead of grant when context is not an Activity - Handle RECORD_AUDIO alongside CAMERA for liveness checks - Add RECORD_AUDIO to AndroidManifest.xml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: seshanthS <seshanth@protonmail.com>
…ds (#1884) Replace unused teeUrl with environment ("prod"/"staging") for endpoint selection. The webview never consumed teeUrl — the proving machine resolves TEE URLs internally from the circuit DNS mapping API based on environment. Add version (default 1) for config protocol versioning. Add optional verification config fields: scope, disclosures, appName, appEndpoint, resultType — needed for the tunnel flow to render the proof request UI correctly. The webview already parsed these from URL params; the native shells just weren't sending them. Update webview to parse environment and version from URL params with defensive defaults. Update both test apps to use the new config shape.
* fix: use raw bytes for KYC register circuit inputs instead of deserialize+reserialize The deserialize→reserialize path strips the namespace prefix from id_type, producing different bytes than what the TEE signed. This causes EdDSA signature verification to fail in the circuit. Use raw base64-decoded bytes directly, matching the TEE's signed data. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: use raw bytes for KYC register circuit inputs in common and new-common The deserialize→reserialize path strips the namespace prefix from id_type (\x05didit), producing different bytes than what the TEE signed. This causes EdDSA signature verification to fail in the register_kyc circuit. Use raw base64-decoded bytes directly in both common/ and new-common/. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* add vercel config * update config * fix * make monorepo private for vercel * set node version * fix install * test * fix vercel webapp deploys * fix build command * better skip * prettier * format * fix deploy
Release to Staging v2.9.16 - 2026-03-30
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎯 Production Release
Release Date: March 29, 2026
Commits ahead: 17
This automated PR promotes tested changes from
stagingtomainfor production deployment.What's Included
All changes that have been verified in the staging environment.
Note: This PR is directly from
staging, so new commits merged tostagingwill automatically appear here.Pre-Deployment Checklist
Deployment Notes
Merging this PR will trigger production deployment.
This PR was automatically created by the Release Calendar workflow on March 29, 2026