-
Notifications
You must be signed in to change notification settings - Fork 219
Expand file tree
/
Copy path.cursorrules
More file actions
190 lines (148 loc) · 7 KB
/
.cursorrules
File metadata and controls
190 lines (148 loc) · 7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
# main-overview
## Development Guidelines
- Only modify code directly relevant to the specific request. Avoid changing unrelated functionality.
- Never replace code with placeholders like `# ... rest of the processing ...`. Always include complete code.
- Break problems into smaller steps. Think through each step separately before implementing.
- Always provide a complete PLAN with REASONING based on evidence from code and logs before making changes.
- Explain your OBSERVATIONS clearly, then provide REASONING to identify the exact issue. Add console logs when needed to gather more information.
- **NEVER log sensitive data** including PII (names, DOB, passport numbers, addresses), credentials, tokens, API keys, private keys, or session identifiers.
- **ALWAYS redact/mask sensitive fields** in logs using consistent patterns (e.g., `***-***-1234` for passport numbers, `J*** D***` for names).
- **Use secure centralized logging** with access controls, encryption in transit/at rest, and audit trails for log access.
- **Debug-level secrets require tokenized environment flags** (e.g., `DEBUG_SECRETS_TOKEN=abc123`) with approval workflow and limited lifetime (max 24 hours).
- **Implement periodic log review and retention policies** with automated cleanup of sensitive data and compliance with data protection regulations.
# Identity Verification System Architecture
## Core Components
1. Identity Verification Hub
- Manages multi-step verification process for passports, EU ID cards, Aadhaar, and Selfrica ID cards
- Handles document attestation through zero-knowledge proofs
- Implements verification paths: E-PASSPORT, EU_ID_CARD, AADHAAR, and SELFRICA_ID_CARD
- File: contracts/contracts/IdentityVerificationHubImplV2.sol
2. Document Verification Processing
- Validates international travel documents using ICAO standards
- Processes Document Signer Certificate (DSC) verification
- Handles multiple cryptographic signature algorithms
- Location: noir/crates/dg1/src/dg1/dg1.nr
3. OFAC Compliance System
- Three-tier verification approach:
* Name-based sanctions screening
* Name + DOB verification
* Passport number validation
- Merkle tree-based sanctions list verification
- Files: noir/crates/dg1/src/ofac/*.nr
4. Identity Registry Management
- Maintains separate registries for passports, EU ID cards, Aadhaar, and Selfrica
- Handles DSC key commitment registration
- Implements nullifier tracking for duplicate prevention
- Files: contracts/contracts/registry/IdentityRegistryImplV1.sol, IdentityRegistryIdCardImplV1.sol, IdentityRegistryAadhaarImplV1.sol, IdentityRegistrySelfricaImplV1.sol
## Core Workflows
1. Document Verification Flow
- Zero-knowledge proof generation for privacy
- Multi-stage attestation verification
- Cross-chain verification support
2. Compliance Verification
- OFAC screening integration
- Age verification without revealing DOB
- Country restriction validation
- Forbidden country checking
3. Attribute Disclosure Control
- Selective revelation of identity attributes
- Privacy-preserving age verification
- Granular document field disclosure
- Merkle-based attribute verification
## Business Rules
1. Document Validation
- Multiple proof types required (Register, DSC, VC)
- Time-based verification with day granularity
- Double-spend prevention through nullifiers
2. Compliance Requirements
- OFAC validation with multiple check levels
- Age threshold verification
- Country-based restrictions
- Document expiration validation
3. Privacy Controls
- Minimum necessary attribute disclosure
- Zero-knowledge proof requirements
- Selective attribute revelation
- Identity commitment privacy
$END$
# Self App Development Rules
## Project Overview
This is a React Native identity verification app with NFC passport reading, zero-knowledge proofs, and smart contracts. The app handles passport/ID verification, OFAC compliance, and privacy-preserving identity attestations.
## Development Patterns
### React Native Architecture
- Uses `@react-navigation/native` with `createStaticNavigation` for type-safe navigation
- Platform-specific handling: `Platform.OS === 'ios' ? 'iOS' : 'Android'`
- Native module initialization with `initializeNativeModules()` before any native operations
- Lazy loading for screens using `React.lazy()`
### Navigation Patterns
- Screens organized by feature modules (passport, home, settings, etc.)
- Custom modal system with `useModal` hook and callback registry
- Haptic feedback integration with `useHapticNavigation`
- Platform-specific initial routes: web uses 'Home', mobile uses 'Splash'
### State Management
- Zustand for global state management
- Custom hooks for complex state (`useModal`, `useHapticNavigation`)
- AsyncStorage for simple data, SQLite for complex data, Keychain for sensitive data
## Testing Conventions
### Jest Setup
- Comprehensive mocks in `jest.setup.js` for all native modules
- Module mapping: `@/` → `src/`, `@tests/` → `tests/src/`
- Mock patterns for Firebase, Keychain, NFC, Analytics, and third-party modules
### Testing Patterns
- Use `renderHook` for custom hook testing
- Mock console.error to avoid test output clutter
- Test error boundaries and recovery mechanisms
- E2E testing with Maestro for platform-specific flows
### Database Testing
- SQLite operations mocked with `executeSql` method
- Test utilities in `tests/__setup__/databaseMocks.ts`
- Mock database instance for testing
## Code Organization
### File Structure
- Feature-based organization in `src/`
- Shared utilities in `@/utils`
- Type definitions in `@/types`
- Platform-specific code in `native/` directories
- Tests mirror source structure in `tests/src/`
### Import Patterns
- Use `@/` alias for src imports
- Use `@tests/` alias for test imports
- Platform-specific imports with conditional rendering
## Build & Deployment
### Scripts
- `yarn ios` / `yarn android` for platform-specific builds
- `yarn test` for Jest testing
- `yarn test:e2e:ios` / `yarn test:e2e:android` for E2E
- Fastlane for deployment automation
### Dependencies
- Yarn workspaces for monorepo management
- Platform-specific native modules
- Tamagui for UI components
- React Navigation for routing
## Security & Privacy
### Data Protection
- Sensitive data not logged in production
- Secure storage with Keychain
- Proper cleanup of sensitive data
- Certificate validation for passport data
### Privacy Features
- Zero-knowledge proof generation
- Selective attribute revelation
- Privacy-preserving age verification
- Identity commitment privacy
## Common Patterns
### Error Handling
- Always use try-catch for async operations
- Graceful degradation when native modules fail
- User-friendly error messages
- Comprehensive error boundaries
### Performance
- Lazy load screens and components
- Bundle size optimization with tree shaking
- Memory leak prevention in native modules
- Proper cleanup in useEffect and component unmount
### Platform Differences
- Always check Platform.OS before platform-specific code
- Different implementations for iOS/Android when needed
- Platform-specific testing strategies
- Conditional rendering for platform differences