feat(MSDK-3095): Added cursor AI rules

[uc-christiansousa]

User description

Created multiple cursor rules for them to be used as a first basis

Summary by CodeRabbit

• Documentation
  • Added comprehensive developer guidance covering project architecture, native module conventions (iOS/Android), React Native integration patterns, TypeScript conventions, testing strategies, CI/CD and security guidelines.
• Chores
  • Added repository ignore/indexing rules and a Ruby version pin for the sample app.

---

CodeAnt-AI Description

Add cursor AI rules, repository ignores, and CI/native contribution guidance

What Changed

• Added a set of human-readable cursor rule files documenting React Native, TypeScript, iOS, and Android native module conventions and testing/CI expectations so contributors see required practices in one place
• Added .cursorignore and .cursorindexingignore to prevent indexing of node_modules, build outputs, generated native code, locks, and secret files to reduce noisy IDE/automation results and accidental commits
• Added security and Snyk compliance guidance and explicit CI job conventions for GitHub Actions, plus a sample Ruby version for consistent CocoaPods behavior in CI/local macOS development

Impact

✅ Clearer native contribution guidelines
✅ Fewer accidental commits of build artifacts and secrets
✅ Fewer CI surprises from mismatched local setups

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[qodo-code-review]

Review Summary by Qodo

Add Cursor AI rules and configuration for project guidance

✨ Enhancement

Walkthroughs

Description

• Added comprehensive Cursor AI rules for project guidance
• Created platform-specific rules for Android, iOS, and React Native
• Established CI/CD, testing, and security best practices documentation
• Added Cursor ignore configuration files for optimal indexing

Diagram

flowchart LR
  A["Cursor Rules"] --> B["Project Overview"]
  A --> C["Platform Rules"]
  C --> D["Android Native"]
  C --> E["iOS Native"]
  C --> F["React Native"]
  A --> G["Development Guides"]
  G --> H["TypeScript Conventions"]
  G --> I["Testing"]
  G --> J["CI/CD & Security"]
  A --> K["Cursor Config"]
  K --> L[".cursorignore"]
  K --> M[".cursorindexingignore"]

Loading

File Changes

1. .cursor/rules/project-overview.mdc 📝 Documentation +31/-0

Project architecture and key conventions overview

.cursor/rules/project-overview.mdc

---

2. .cursor/rules/android-native.mdc 📝 Documentation +27/-0

Android native module structure and build conventions

.cursor/rules/android-native.mdc

---

3. .cursor/rules/ios-native.mdc 📝 Documentation +28/-0

iOS native module structure and build conventions

.cursor/rules/ios-native.mdc

---

View more (8)

4. .cursor/rules/react-native.mdc 📝 Documentation +30/-0

React Native SDK and sample app patterns

.cursor/rules/react-native.mdc

---

5. .cursor/rules/typescript-conventions.mdc 📝 Documentation +36/-0

TypeScript style and export requirements

.cursor/rules/typescript-conventions.mdc

---

6. .cursor/rules/testing.mdc 📝 Documentation +33/-0

Testing conventions across JavaScript, iOS, Android

.cursor/rules/testing.mdc

---

7. .cursor/rules/ci-github-actions.mdc 📝 Documentation +34/-0

GitHub Actions CI/CD workflow and job specifications

.cursor/rules/ci-github-actions.mdc

---

8. .cursor/rules/security-snyk.mdc 📝 Documentation +57/-0

Security best practices and Snyk compliance rules

.cursor/rules/security-snyk.mdc

---

9. .cursorignore ⚙️ Configuration changes +113/-0

Cursor ignore patterns for dependencies and artifacts

.cursorignore

---

10. .cursorindexingignore ⚙️ Configuration changes +48/-0

Cursor indexing ignore patterns for large files

.cursorindexingignore

---

11. sample/.ruby-version ⚙️ Configuration changes +1/-0

Ruby version specification for sample app

sample/.ruby-version

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Android minSdk wrong ☑ 🐞 Bug ✓ Correctness

Description

The new Android Cursor rule claims Min SDK 26, but the actual Android library module is configured
with minSdk 24 (and legacy gradle uses 21). This mismatch can mislead contributors/AI into using
APIs unavailable on supported devices or proposing unnecessary minSdk bumps.

Code

.cursor/rules/android-native.mdc[24]

+- Min SDK: 26 (Android 8.0).

Evidence

The Cursor rule states Min SDK 26, while the Android module’s build config sets minSdk to 24 (and
legacy config to 21), so the rule is factually incorrect relative to the repo configuration.

.cursor/rules/android-native.mdc[22-27]
android/build.gradle.kts[21-29]
android/build-legacy.gradle[42-46]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The Cursor rule `.cursor/rules/android-native.mdc` documents an Android Min SDK of 26, but the repository’s Android library module currently uses `minSdk = 24`. This mismatch can cause AI-assisted changes (or contributors following the rule) to use APIs not available on supported devices or propose unnecessary breaking minSdk increases.
## Issue Context
Source of truth is the Gradle configuration in `android/build.gradle.kts`.
## Fix Focus Areas
- .cursor/rules/android-native.mdc[22-27]
- android/build.gradle.kts[21-29]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. iOS target wrong ☑ 🐞 Bug ✓ Correctness

Description

The new iOS Cursor rule claims a minimum iOS deployment target of 16.0, but the podspec and Xcode
project are configured for iOS 11.0. This can lead to AI/contributor changes using iOS APIs
unavailable on supported OS versions.

Code

.cursor/rules/ios-native.mdc[26]

+- Minimum iOS deployment target: 16.0.

Evidence

The Cursor rule’s stated minimum iOS version (16.0) contradicts the podspec and the native Xcode
project deployment target (11.0), making the rule incorrect for this repo.

.cursor/rules/ios-native.mdc[24-28]
react-native-usercentrics.podspec[11-14]
ios/RNUsercentricsModule.xcodeproj/project.pbxproj[275-286]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The Cursor rule `.cursor/rules/ios-native.mdc` states the minimum iOS deployment target is 16.0, but the repo’s podspec and Xcode project are configured for iOS 11.0. This mismatch can mislead AI-assisted edits to use APIs unavailable on supported targets.
## Issue Context
Source of truth is `react-native-usercentrics.podspec` (`s.platform = :ios, "11.0"`).
## Fix Focus Areas
- .cursor/rules/ios-native.mdc[24-28]
- react-native-usercentrics.podspec[11-14]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Gradle files not indexed ☑ 🐞 Bug ⛯ Reliability

Description

.cursorindexingignore excludes android/build.gradle.kts, android/settings.gradle.kts, and
android/gradle.properties as “Android generated”, but these are hand-maintained build
configuration. Excluding them reduces Cursor’s context for correct Android build/dependency/minSdk
changes and can reinforce wrong assumptions.

Code

.cursorindexingignore[R46-48]

+android/build.gradle.kts
+android/settings.gradle.kts
+android/gradle.properties

Evidence

The ignore list explicitly excludes core Android Gradle configuration files, and those files contain
real (non-generated) settings like Kotlin plugin version, repositories, and AndroidX
flags—indicating they should likely remain indexable for accurate assistance.

.cursorindexingignore[45-48]
android/settings.gradle.kts[1-10]
android/gradle.properties[1-5]
android/build.gradle.kts[21-29]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`.cursorindexingignore` excludes core Android Gradle config files (`android/build.gradle.kts`, `android/settings.gradle.kts`, `android/gradle.properties`) under the label “Android generated”, but they contain hand-maintained configuration. Excluding them reduces Cursor’s ability to understand the Android build setup (minSdk, Kotlin plugin, repositories, AndroidX flags), increasing the likelihood of incorrect suggestions/edits.
## Issue Context
These files are part of the source-of-truth build configuration and are referenced when changing Android dependencies, minSdk/targetSdk, Kotlin plugin versions, and build behavior.
## Fix Focus Areas
- .cursorindexingignore[45-48]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6f22f555-b833-4704-b868-4e6bdd9bb594

📥 Commits

Reviewing files that changed from the base of the PR and between 01567a0 and 2e621a9.

📒 Files selected for processing (6)

• .cursor/rules/android-native.mdc
• .cursor/rules/ci-github-actions.mdc
• .cursor/rules/ios-native.mdc
• .cursor/rules/security-snyk.mdc
• .cursor/rules/testing.mdc
• .cursorindexingignore

✅ Files skipped from review due to trivial changes (1)

• .cursor/rules/android-native.mdc

🚧 Files skipped from review as they are similar to previous changes (5)

• .cursor/rules/testing.mdc
• .cursor/rules/ci-github-actions.mdc
• .cursorindexingignore
• .cursor/rules/ios-native.mdc
• .cursor/rules/security-snyk.mdc

---

📝 Walkthrough

Walkthrough

Adds a set of new Cursor rule and repo configuration files documenting native (Android/iOS), React Native, TypeScript, testing, CI, and security conventions, plus ignore/indexing patterns and a Ruby version pin for the sample app.

Changes

Cohort / File(s)	Summary
Android Native Docs ​.cursor/rules/android-native.mdc	New doc describing Android native module conventions: Kotlin/Java layout, autogenerated JNI under src/main/jni/ (via scripts/generate-codegen-jni.js), coding/build targets (min SDK 24, Java 17, Gradle 8.13), and test guidance.
iOS Native Docs ​.cursor/rules/ios-native.mdc	New doc describing iOS native module conventions: Swift + ObjC++ bridge layout, bridging headers/codegen header, podspec location, minimum iOS target (11.0+), and test placement.
React Native & TypeScript Conventions ​.cursor/rules/react-native.mdc, ​.cursor/rules/typescript-conventions.mdc	New docs for RN bridge patterns, sample app integration, component/navigation patterns, TypeScript strict-mode rules, export enforcement (src/index.tsx), codegen notes, and JNI/codegen regeneration guidance.
Project & Cross-Platform Guidance ​.cursor/rules/project-overview.mdc, ​.cursor/rules/testing.mdc, ​.cursor/rules/security-snyk.mdc, ​.cursor/rules/ci-github-actions.mdc	New docs covering project architecture, testing strategies (Jest, XCTest, JUnit+MockK), Snyk/security policies, and GitHub Actions CI workflows (test-rn, test-ios, test-android, release).
Cursor Config / Indexing ​.cursorignore, ​.cursorindexingignore	New ignore/indexing rules listing patterns for dependencies, build outputs, generated files (codegen/JNI), lockfiles, IDE artifacts, legacy samples, and other files to exclude from Cursor tooling.
Sample App Config sample/.ruby-version	Adds Ruby version pin 3.2.0 for the sample app environment.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through docs with cheer,
New rules and paths now crystal clear,
JNI, Swift, and TypeScript lines—
Ignore files tucked in tidy shrines,
Sample Ruby pinned, the hop is near.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'feat(MSDK-3095): Added cursor AI rules' accurately describes the main change: adding cursor AI convention files covering project structure, TypeScript, native modules, testing, CI, and security guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/MSDK-3095/create-cursor-ai-rules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pantoaibot]

PR Summary:

Adds sample/.ruby-version specifying Ruby 3.2.0; no cursor AI rules or other code changes included.

• Added file: sample/.ruby-version with content "3.2.0"
• No structural, functional, logic, dependency, or performance changes in the diff
• No breaking changes
• Note: PR title mentions "cursor AI rules" but those changes are not present in this diff.

Reviewed by Panto AI

[pantoaibot]

[NITPICK] Remove the leading whitespace so the file contains the Ruby version token exactly (e.g. "3.2.0"). Many Ruby version managers (rbenv, chruby, asdf) expect the file to contain the version string without surrounding spaces.

3.2.0

[pantoaibot]

Reviewed up to commit:01567a06cef9181c86bc191a938b7190794992f7

Additional Suggestion

Others

- Confirm this Ruby version is compatible with the sample project's native tooling (CocoaPods, fastlane, bundler) and with CI images. If you rely on a Gemfile/Gemfile.lock, ensure the Ruby version here matches any Ruby version specified there or document how contributors should select the Ruby version (rbenv/chruby/asdf). Consider adding the same .ruby-version at the repository root if CI and other parts of the repo need the same Ruby runtime.

Reviewed by Panto AI

[codeant-ai]

Suggestion: The documented minimum iOS deployment target (16.0) conflicts with the actual podspec configuration, which declares iOS 11.0; this mismatch can mislead tools and developers (including Cursor itself) into using APIs that only exist on iOS 16+, causing runtime crashes or build failures for consumers targeting iOS 11–15. [logic error]

Severity Level: Major ⚠️

- ⚠️ Cursor rules misstate supported iOS version for native modules.
- ⚠️ Developers may introduce iOS16-only APIs into iOS11 projects.

Suggested change

	- Minimum iOS deployment target: 16.0.
	- Minimum iOS deployment target: 11.0.

Steps of Reproduction ✅

1. Open the podspec at `react-native-usercentrics.podspec:13` (in
`/workspace/react-native-sdk/react-native-usercentrics.podspec`) and observe `s.platform =
:ios, "11.0"`, which declares the library's minimum iOS version as 11.0.

2. Open the Cursor rules file at `.cursor/rules/ios-native.mdc:26` and observe the
documentation line `- Minimum iOS deployment target: 16.0.` indicating a minimum iOS
version of 16.0 for the same native module.

3. Compare these two configuration sources and note the direct contradiction: tooling and
developers reading `.cursor/rules/ios-native.mdc` will believe the minimum supported iOS
version is 16.0, while the actual build configuration via CocoaPods allows iOS 11.0.

4. In a real development workflow, a developer or AI assistant (Cursor) relying on
`.cursor/rules/ios-native.mdc` to guide native code changes for `ios/**/*.swift` and
`ios/**/*.mm` files can reasonably assume iOS 16.0 APIs are safe to use, even though
consumers building against the podspec's iOS 11.0 target would encounter compile-time or
runtime issues when those newer APIs are used on older devices.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/ios-native.mdc
**Line:** 26:26
**Comment:**
	*Logic Error: The documented minimum iOS deployment target (16.0) conflicts with the actual podspec configuration, which declares iOS 11.0; this mismatch can mislead tools and developers (including Cursor itself) into using APIs that only exist on iOS 16+, causing runtime crashes or build failures for consumers targeting iOS 11–15.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Allowed keystore The rule explicitly allows debug.keystore (!debug.keystore). Verify that allowing this file in indexing is intended, since keystore files can contain sensitive keys. Sensitive files This ignore list includes environment and credential patterns (.env, google-services.json, *.jks, *.keystore) — confirm these are intentionally excluded from the cursor index and that no alternate filenames (e.g., google-services-.json) will be missed or accidentally indexed. Codegen script path The rule states JNI/C++ files are generated by scripts/generate-codegen-jni.js. Ensure the script path and name are correct and available in the repository (or clarify the location) so contributors don't look in the wrong place. Default Branch The workflow description explicitly references master as the branch for PRs. Many repositories use main (or another branch). Confirm the repository's default branch and align documentation and workflow triggers to avoid confusion and incorrect CI triggers. Platform Mismatch The "test-android" job is documented as running on macOS 14. Android native tests typically run on Linux runners (Ubuntu). Verify the actual runner used in workflows and ensure documentation correctly reflects the OS and any hardware/emulator constraints.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

.cursorindexingignore (1)

35-37: Narrow indexing exclusions for core build/tooling files.

scripts/ and Android Gradle config files are core project inputs, not generated artifacts. Ignoring them can reduce rule quality and produce weaker AI suggestions around build/test workflows.

Suggested diff

 # === Script files (utility, not core logic) ===
-scripts/
-sample/scripts/
+# Keep scripts indexable (used by CI/conventions)
+# scripts/
+# sample/scripts/

 # === Android generated ===
-android/build.gradle.kts
-android/settings.gradle.kts
-android/gradle.properties
+# Keep root Android Gradle config indexable
+# android/build.gradle.kts
+# android/settings.gradle.kts
+# android/gradle.properties

Also applies to: 46-48

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.cursorindexingignore around lines 35 - 37, The .cursorindexingignore
currently excludes broad directories "scripts/" and "sample/scripts/" which
hides core build/tooling files; update the ignore rules to narrow the scope (for
example replace "scripts/" and "sample/scripts/" with more specific
generated-artifact patterns such as "scripts/generated/" or
"sample/scripts/generated/" or explicit filenames that are truly generated) or
remove those lines entirely so Android Gradle config and other build scripts
remain indexed; search for the exact strings "scripts/" and "sample/scripts/" in
the .cursorindexingignore and apply the narrower patterns or deletion.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.cursor/rules/ci-github-actions.mdc:
- Line 31: The guidance text currently conflates major-version tags with
immutable pins; update the wording around the `@v1`, `@v2`, `@v4` examples to
state that these are mutable tags (they can be moved by maintainers) and
therefore are not equivalent to commit SHA pins, and explicitly recommend using
full commit SHAs for security-critical actions while noting that major-version
tags are acceptable for convenience/non-critical uses; reference the
`@v1/@v2/@v4` tokens and recommend “use full commit SHA (immutable) for
security-sensitive actions” as the replacement phrasing.

In @.cursor/rules/security-snyk.mdc:
- Line 13: Update the guidance text that currently states "Prefer `^` ranges in
`package.json` to allow patch updates" to correctly describe semver: explain
that `^` allows minor and patch updates within the same major version (e.g.,
`^1.2.3` => >=1.2.3 <2.0.0) and that `~` allows patch-only updates within the
same minor version (e.g., `~1.2.3` => >=1.2.3 <1.3.0`), replacing the incorrect
sentence referencing the `^` operator; ensure the revised line mentions both `^`
and `~` operators and their respective update scopes.

In @.cursor/rules/testing.mdc:
- Around line 24-27: The documentation lists unit and instrumented tests but
only provides the unit test command; add an explicit instrumented-test command
for clarity by appending the connected Android instrumentation command (e.g.,
./gradlew :react-native-usercentrics:connectedAndroidTest) alongside the
existing unit test command (./gradlew :react-native-usercentrics:test), and
optionally mention assembleAndroidTest or installDebug and connectedAndroidTest
for CI/use cases so readers can run instrumented tests reliably.

In @.cursor/rules/typescript-conventions.mdc:
- Around line 28-30: The documentation incorrectly states that the TurboModule
spec uses codegenNativeComponent; update the sentence that currently lists both
TurboModuleRegistry and codegenNativeComponent to remove codegenNativeComponent
so it only references TurboModuleRegistry (keep reference to the TurboModule
spec file NativeUsercentricsModule.ts for context).

---

Nitpick comments:
In @.cursorindexingignore:
- Around line 35-37: The .cursorindexingignore currently excludes broad
directories "scripts/" and "sample/scripts/" which hides core build/tooling
files; update the ignore rules to narrow the scope (for example replace
"scripts/" and "sample/scripts/" with more specific generated-artifact patterns
such as "scripts/generated/" or "sample/scripts/generated/" or explicit
filenames that are truly generated) or remove those lines entirely so Android
Gradle config and other build scripts remain indexed; search for the exact
strings "scripts/" and "sample/scripts/" in the .cursorindexingignore and apply
the narrower patterns or deletion.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fe03af4 and 01567a0.

⛔ Files ignored due to path filters (1)

• sample/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (11)

• .cursor/rules/android-native.mdc
• .cursor/rules/ci-github-actions.mdc
• .cursor/rules/ios-native.mdc
• .cursor/rules/project-overview.mdc
• .cursor/rules/react-native.mdc
• .cursor/rules/security-snyk.mdc
• .cursor/rules/testing.mdc
• .cursor/rules/typescript-conventions.mdc
• .cursorignore
• .cursorindexingignore
• sample/.ruby-version

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .cursor/rules/typescript-conventions.mdc | head -40

Repository: Usercentrics/react-native-sdk

Length of output: 1530

---

🏁 Script executed:

rg -n 'TurboModuleRegistry|codegenNativeComponent|codegenNativeCommands' --type-list | head -5

Repository: Usercentrics/react-native-sdk

Length of output: 462

---

🏁 Script executed:

fd -e ts -e tsx | xargs rg -l 'TurboModuleRegistry|codegenNativeComponent' | head -10

Repository: Usercentrics/react-native-sdk

Length of output: 137

---

🌐 Web query:

React Native TurboModule codegenNativeComponent API difference official documentation

💡 Result:

• What they are for

  • TurboModules are for exposing imperative native APIs to JS (functions/constants) as a native module (e.g., storage, sensors). (reactnative.dev)
  • codegenNativeComponent is for exposing native UI views to JS as a Fabric native component (props + events mapped to a native ViewManager/component view). (reactnative.dev)

• JS “spec” shape / API surface

  • TurboModule spec: you define an interface that extends TurboModule and you typically export it via TurboModuleRegistry.getEnforcing<Spec>(...). (reactnative.dev)
  • Native component spec: you define a props interface (usually extending ViewProps), and export codegenNativeComponent<Props>('NativeName') (often cast to HostComponent<Props>). (reactnative.dev)

• Codegen detection conventions (important “difference” people hit)

  • TurboModule spec files must be prefixed with Native (example: NativeLocalStorage.ts). (reactnative.dev)
  • Fabric native component spec files must be suffixed with NativeComponent (example: WebViewNativeComponent.ts). (reactnative.dev)

• Codegen configuration difference

  • In codegenConfig, you generally set type: "modules" for TurboModules and type: "components" for Fabric components (or "all" for both). (reactnative.dev)

Citations:

• 1: https://reactnative.dev/docs/turbo-native-modules-introduction?utm_source=openai
• 2: https://reactnative.dev/docs/0.76/fabric-native-components-introduction?utm_source=openai
• 3: https://reactnative.dev/docs/turbo-native-modules-introduction?utm_source=openai
• 4: https://reactnative.dev/docs/0.76/fabric-native-components-introduction?utm_source=openai
• 5: https://reactnative.dev/docs/0.76/the-new-architecture/using-codegen?utm_source=openai
• 6: https://reactnative.dev/docs/0.76/the-new-architecture/using-codegen?utm_source=openai
• 7: https://reactnative.dev/docs/0.82/the-new-architecture/using-codegen?utm_source=openai

---

🏁 Script executed:

cat -n src/fabric/NativeUsercentricsModule.ts

Repository: Usercentrics/react-native-sdk

Length of output: 2195

---

🏁 Script executed:

cat -n package.json | grep -A 20 'codegenConfig'

Repository: Usercentrics/react-native-sdk

Length of output: 329

---

Line 29 incorrectly lists codegenNativeComponent as part of TurboModule setup.

codegenNativeComponent is a Fabric Native Component API for UI views. The actual implementation uses only TurboModuleRegistry. Remove codegenNativeComponent from this line to prevent misleading developers on correct TurboModule patterns.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.cursor/rules/typescript-conventions.mdc around lines 28 - 30, The
documentation incorrectly states that the TurboModule spec uses
codegenNativeComponent; update the sentence that currently lists both
TurboModuleRegistry and codegenNativeComponent to remove codegenNativeComponent
so it only references TurboModuleRegistry (keep reference to the TurboModule
spec file NativeUsercentricsModule.ts for context).

[islameldesoky95]

our min sdk is 24 or 21 in legace, I guess we need to modify this

[islameldesoky95]

same here, our deployment target is on iOS 11

[codeant-ai]

CodeAnt AI is running Incremental review

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[codeant-ai]

Sequence Diagram

This PR introduces repository level Cursor rule files and indexing ignore lists so contributor assistance follows project conventions while avoiding noisy or sensitive files. It also pins the sample Ruby version to keep CocoaPods setup consistent across local development and CI.

sequenceDiagram
    participant Contributor
    participant CursorIDE
    participant RuleFiles
    participant Indexer
    participant CI

    Contributor->>CursorIDE: Open repository
    CursorIDE->>RuleFiles: Load project and platform conventions
    RuleFiles-->>CursorIDE: Return coding guidance
    CursorIDE->>Indexer: Apply indexing ignore configuration
    Indexer-->>CursorIDE: Exclude generated and sensitive files
    Contributor->>CI: Create pull request
    CI->>CI: Use pinned Ruby version for iOS setup

Loading

---

Generated by CodeAnt AI

[codeant-ai]

Suggestion: The rule describes JNI/C++ conventions, but its globs only match Kotlin/Java/Gradle files, so edits in android/src/main/jni/** will not receive this rule. Expand the glob to include C/C++ JNI files so the documented constraints are actually enforced where they matter. [logic error]

Severity Level: Major ⚠️

- ⚠️ JNI edits miss documented "do not hand-edit" guidance.
- ⚠️ Android-native conventions apply inconsistently across native source types.
- ⚠️ Cursor assistance may suggest changes violating JNI workflow.

Suggested change

	globs: "android/**/*.kt,android/**/*.kts,android/**/*.java"
	globs: "android/**/*.kt,android/**/*.kts,android/**/*.java,android/src/main/jni/**/*.cpp,android/src/main/jni/**/*.c,android/src/main/jni/**/*.cc,android/src/main/jni/**/*.cxx,android/src/main/jni/**/*.h,android/src/main/jni/**/*.hpp"

Steps of Reproduction ✅

1. Open `.cursor/rules/android-native.mdc` and confirm the rule scope at line 3 only
includes `android/**/*.kt,android/**/*.kts,android/**/*.java`.

2. In the same rule file, confirm JNI-specific constraints are documented at lines 12 and
20 (`src/main/jni/` structure and "do not hand-edit" guidance).

3. Open an actual JNI file that exists in this repo,
`android/src/main/jni/RNUsercentricsModule.cpp` (lines 1–18), which is outside the
configured glob extensions.

4. Observe that this Android-native rule does not match/apply to that `.cpp` file, so
JNI-specific guidance from `.cursor/rules/android-native.mdc` is not surfaced when editing
JNI sources.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/android-native.mdc
**Line:** 3:3
**Comment:**
	*Logic Error: The rule describes JNI/C++ conventions, but its `globs` only match Kotlin/Java/Gradle files, so edits in `android/src/main/jni/**` will not receive this rule. Expand the glob to include C/C++ JNI files so the documented constraints are actually enforced where they matter.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

Suggestion: The documented Android CI command does not match the real workflow, so contributors following this rule will run the wrong task and miss the actual coverage/reporting pipeline behavior used in CI. [logic error]

Severity Level: Major ⚠️

- ⚠️ Android contributor guidance mismatches real CI execution.
- ⚠️ Local validation misses Kover coverage-report generation.
- ⚠️ Debugging CI failures becomes slower and confusing.

Suggested change

	- Java 17, Gradle 8.13, `./gradlew :react-native-usercentrics:test`.
	- Java 17, Gradle 8.13, `./gradlew :react-native-usercentrics:koverXmlReport :react-native-usercentrics:koverHtmlReport`.

Steps of Reproduction ✅

1. Open contributor rule `.cursor/rules/ci-github-actions.mdc:24-27`; it instructs Android
CI command `./gradlew :react-native-usercentrics:test`.

2. Trace real CI path in `.github/workflows/ci.yml:131-163`; `test-android` executes
`./gradlew :react-native-usercentrics:koverXmlReport
:react-native-usercentrics:koverHtmlReport`.

3. Note downstream dependency at `.github/workflows/ci.yml:165-170`; artifact upload
expects Kover output directory `android/build/reports/kover/`.

4. A contributor following the rule command locally will run a different Gradle target
than CI, so local validation diverges from actual CI behavior.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/ci-github-actions.mdc
**Line:** 26:26
**Comment:**
	*Logic Error: The documented Android CI command does not match the real workflow, so contributors following this rule will run the wrong task and miss the actual coverage/reporting pipeline behavior used in CI.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

Suggestion: This line states that Snyk scanning runs in CI, but there is no Snyk step in the current workflows, which creates a false security assumption and can allow vulnerabilities to slip through unnoticed. [security]

Severity Level: Critical 🚨

- ❌ Security guidance asserts non-existent CI vulnerability gate.
- ⚠️ Contributors may skip adding actual Snyk workflow step.
- ⚠️ Vulnerable dependencies can pass CI unchecked.

Suggested change

	- Snyk scanning runs in the pipeline — ensure no new critical/high vulnerabilities are introduced.
	- Snyk scanning is not currently configured in the existing GitHub workflows; add and enforce a Snyk CI step before relying on this check.

Steps of Reproduction ✅

1. Read `.cursor/rules/ci-github-actions.mdc:33`; it states Snyk scanning already runs in
pipeline.

2. Verify actual workflows list from `.github/workflows/` contains only `ci.yml` and
`release.yml`.

3. Inspect `.github/workflows/ci.yml:1-170` and `.github/workflows/release.yml:1-23`;
there is no `snyk` command/action/step.

4. Security assumption in the rule is therefore false for current CI, so contributors may
believe vulnerability gating exists when it does not.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/ci-github-actions.mdc
**Line:** 33:33
**Comment:**
	*Security: This line states that Snyk scanning runs in CI, but there is no Snyk step in the current workflows, which creates a false security assumption and can allow vulnerabilities to slip through unnoticed.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

Suggestion: The Bundler command is documented without the required working directory, but this repository's Gemfile is under sample/, not the repo root. Running bundle exec pod install from the wrong location will fail, so the rule should explicitly scope the command to sample/ios. [possible bug]

Severity Level: Major ⚠️

- ⚠️ iOS setup docs can fail for contributors.
- ⚠️ CocoaPods install flow becomes inconsistent with CI.
- ⚠️ Native development onboarding slows due to command errors.

Suggested change

	- CocoaPods managed via Bundler (`bundle exec pod install`).
	- CocoaPods managed via Bundler from `sample/ios/` (`cd sample/ios && bundle exec pod install`).

Steps of Reproduction ✅

1. Open `.cursor/rules/ios-native.mdc:27`; it documents `bundle exec pod install` without
a working directory.

2. Verify repository Ruby setup: only `sample/Gemfile` exists
(`/workspace/react-native-sdk/sample/Gemfile:1`), no root Gemfile.

3. From repo root (`/workspace/react-native-sdk`), run the documented command exactly;
Bundler resolves Gemfile from current/parent path and cannot use project gems.

4. Confirm intended path from CI: `.github/workflows/ci.yml:84-94` runs `bundle install`
in `./sample` and `bundle exec pod install` in `./sample/ios`, showing the command is
directory-scoped in real usage.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/ios-native.mdc
**Line:** 27:27
**Comment:**
	*Possible Bug: The Bundler command is documented without the required working directory, but this repository's `Gemfile` is under `sample/`, not the repo root. Running `bundle exec pod install` from the wrong location will fail, so the rule should explicitly scope the command to `sample/ios`.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

Suggestion: The iOS test command is incomplete and will fail if copied as-is because xcodebuild test requires at least a scheme and destination. Align this line with the actual CI invocation by including -workspace, -scheme, and simulator destination arguments so contributors can run tests successfully. [logic error]

Severity Level: Major ⚠️

- ⚠️ Cursor rule conflicts with CI iOS test invocation.
- ⚠️ Contributors may hit failing local iOS test runs.
- ❌ iOS test setup requires manual command troubleshooting.

Suggested change

	- Run via `xcodebuild test` against `sample.xcworkspace`.
	- Run via `xcodebuild -workspace sample.xcworkspace -scheme sample -destination 'platform=iOS Simulator,OS=latest,name=iPhone 16 Pro' test`.

Steps of Reproduction ✅

1. Open `.cursor/rules/testing.mdc:20`; copy the documented iOS command `xcodebuild test`.

2. From `sample/ios` (CI uses this working directory at `.github/workflows/ci.yml:101`),
execute that copied command.

3. Compare with the real CI invocation at `.github/workflows/ci.yml:104-111`, which
explicitly passes `-workspace sample.xcworkspace`, `-scheme "sample"`, and simulator
`-destination`.

4. Because the rule omits those targeting flags, contributors/Cursor-generated
instructions can run with missing context and commonly fail or run unintended targets,
unlike CI's deterministic command.

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** .cursor/rules/testing.mdc
**Line:** 20:20
**Comment:**
	*Logic Error: The iOS test command is incomplete and will fail if copied as-is because `xcodebuild test` requires at least a scheme and destination. Align this line with the actual CI invocation by including `-workspace`, `-scheme`, and simulator destination arguments so contributors can run tests successfully.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.

👍 | 👎

[codeant-ai]

CodeAnt AI Incremental review completed.

[uc-brunosilva]

tests are broken