Release to Production v2.9.16 - 2026-04-12#1963
Merged
transphorm merged 25 commits intomainfrom Apr 13, 2026
Merged
Conversation
* test: ofac updating tests * feat: add registry deployment info * chore: add gitignore for generated files * feat: add kyc documents to upgrade scripts * docs: update upgrade script readme for kyc * feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia Add TEE-attested OFAC root updates via updateOfacRootsWithProof - Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e - Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates - New errors: InvalidRootsHash, InvalidRootsCount - New event: OfacRootsUpdatedWithProof * feat: add OFAC rolling root window to all 4 registries Add previousRoot storage variables to all identity registries so that checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification. - Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob) - KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob) - KYC updateOfacRootsWithProof also rotates previous roots - Added getPrev* getter functions on all registries - Storage appended at end of each storage contract (UUPS-safe) - 17 new tests covering all registries (window=1 acceptance/rejection) * feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions. New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3 Pending Safe multisig execution for proxy upgrade. * feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0). - Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry - Add initializeOfacProof() reinitializer for upgrade path - Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification - Rolling window behavior preserved: previous roots saved before overwrite - Admin functions for updating TEE infrastructure (SECURITY_ROLE gated) - Bumps all 3 registries to v1.3.0 * refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce * fix: address CodeRabbit review comments on OFAC proof upgrade - Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof() on Passport, Aadhaar, and IdCard registries to prevent front-running during the window between upgradeToAndCall and the separate initializer call - Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison instead of per-root matching — prevents accepting Frankenstein pairs like (new DOB root, old YOB root) that were never attested together - Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so upgrade:prepare works correctly for KYC - Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add view getters, fix initializeOfacProof guard, add upgrade scripts - Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar - Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE (DEFAULT_ADMIN_ROLE is never granted in governance setup) - Add Ignition upgrade scripts for KYC and Aadhaar registries - Comment out registry deploy in deployKycRegistry (verifier-only redeploy) - Update deployed_addresses.json with sepolia upgrade artifacts - Bump KYC to v1.2.1, Aadhaar to v1.3.1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: addresses and error selectors * style: format registry contracts and upgrade scripts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: formatting * fix: error selectors * fix: error selectors * fix: error selectors --------- Co-authored-by: Evi Nova <tranquil_flow@protonmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* add new screens * fixes * cover additional gap * add webview dev url env var * better menu * updates
…ding (#1917) * add mnemonic screen * add run ios command * update recovery link, hide social, fix showing words * bump packae * pr feedback * feedback
* security fix * more security fixes * fixes * pr feedback * Restore remote URL loading in native-shell-ios and native-shell-android Remove bundled-asset-only loading and SHA-256 integrity checks from both native shell packages. WebViews now load directly from the remote URL (default: https://self-app-alpha.vercel.app) over HTTPS, matching the pattern already implemented in kmp-sdk and self-sdk-swift. Also fixes ObjC selector mismatch in self-sdk-swift WebViewProviderImpl for configureRemoteLoading. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Restore remote URL loading in kmp-sdk and self-sdk-swift Remove bundled-asset-only loading from kmp-sdk AndroidWebViewHost and self-sdk-swift WebViewProviderImpl. Both now load directly from the remote URL (default: https://self-app-alpha.vercel.app) over HTTPS. Adds remoteWebAppBaseUrl to SelfSdkConfig and pipes it through IosWebViewHost via the new configureRemoteLoading protocol method. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * coderabbit comments * lint * coderabbit comments --------- Co-authored-by: seshanthS <seshanth@protonmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Fix: remove manual dsc to register chaining * Add delay before navigating to disclose
* fix version * Fix: webview displays over camera and statusbar * Fix: Update ProviderLaunchScreen layout * fixes * more fixes * add ios webview dev url capabilities * fix ios building * pr feedback --------- Co-authored-by: Justin Hernandez <justin.hernandez@self.xyz>
* fixes? * fix order * fix nokogiri build error * upgrade pkgs and lock * update podfile lock * fix resolutions * speed up installs * increase install speed * pr feedback * fix * only build for relevant webview paths * attempt to fix oom issue * actually fix * pr feedback * updaet package
* Update SDK distribution specifications and add remote publishing plan * fix(spec): align SD-06 plan with SD-04 conventions - Rename gpr.key to gpr.token for consistency with SD-04 - Move publish workflow from out-of-scope into scope - Add workflow section (Section 4) matching publish-android-sdk.yml pattern - Fix access model description (public repo, auth still required) - Add workflow to files-to-modify and definition-of-done --------- Co-authored-by: Javier Cortejoso <javier.cortejoso@gmail.com>
* Upgrade wave 1 mobile app dependencies * Pin react-native-webview to 13.16.0 (#1940) * revert svg upgrade
Release to Staging v2.9.16 - 2026-04-08
…lletConnect, Lottie, XState) (#1941) * Upgrade wave 2 mobile app dependencies * fix pipelines
* updates * upgrade packages * fixes
* first pass * clean up * format * pr feedback and format
* commit * remove stale * create hook to open support form in webview; pr feedback * tests * ignore mcp * test * fix pipelines
* rename kyc tee env var * fix header text and close button * format
* bug fix * fix pipelines * fix race condition * fixes * try again * fix maestro * update copy and abstract * fixes...i hope * fix ios pipeline? * pipeline fix * fix pipeline * fix e2e test * fix pipelines? * formatting
Release: staging v2.9.16 — recovery, navigation, security, cleanup
* save skill * bump version
Release to Staging v2.9.17 - 2026-04-09
Release to Staging v2.9.17 - 2026-04-10
* Standardize config param handling across Android & iOS - Add shared SdkConstants (loopback host, debug port, didit host, tour path, default URLs) - Add shared QueryParamsBuilder replacing duplicated platform-specific builders - Android: deserialize config/request via kotlinx.serialization instead of org.json - Android: add belt-and-suspenders debug guard (isDebugMode && isDebuggable) - Android: remove redundant EXTRA_DEBUG_MODE and EXTRA_DEV_SERVER_URL intent extras - iOS: replace local buildQueryParams/encodeParam with shared QueryParamsBuilder - All default URLs now reference SdkConstants instead of hardcoded strings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Import KMP SdkConstants in Swift WebViewProviderImpl - Replace hardcoded constants with SdkConstants.shared.* from KMP framework - Replace "/tunnel/tour/1" with SdkConstants.shared.BUNDLED_TOUR_PATH - Add SelfSdk as local package dependency in self-sdk-swift Package.swift Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Internalize CryptoProvider — remove from public SDK interface CryptoProvider is never called at runtime (WebView uses Web Crypto API directly). Make the interface, its Android implementation, and the registry field internal so consumers no longer need to provide or register a crypto implementation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix ci * fix: temporarily use constants from self-sdk-swift * lint * fix: improve license header handling in check-license-headers script * lint --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fix: output formatter for aadhaar and kyc * test: add KYC disclose test with non empty forbidden countries --------- Co-authored-by: seshanthS <seshanth@protonmail.com>
Release to Staging v2.9.17 - 2026-04-10
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎯 Production Release
Release Date: April 12, 2026
Commits ahead: 25
This automated PR promotes tested changes from
stagingtomainfor production deployment.What's Included
All changes that have been verified in the staging environment.
Note: This PR is directly from
staging, so new commits merged tostagingwill automatically appear here.Pre-Deployment Checklist
Deployment Notes
Merging this PR will trigger production deployment.
This PR was automatically created by the Release Calendar workflow on April 12, 2026