@fingerprint79/react-native 0.0.1

package/dist/native.d.ts

@@ -0,0 +1,9 @@
+import type { MobileNativePayload } from './signals/mobile.js';
+/** True when the native module is actually linked. Drives a one-time
+ *  warning the FpProvider emits in dev mode if missing. */
+export declare function isNativeLinked(): boolean;
+/** Collect mobile signals from the linked native module. Returns an empty
+ *  object if the module isn't linked — the rest of the pipeline handles
+ *  the absence by simply not emitting `signals.mobile`. */
+export declare function collectNativeMobile(): Promise<MobileNativePayload>;
+//# sourceMappingURL=native.d.ts.map

package/dist/native.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"native.d.ts","sourceRoot":"","sources":["../src/native.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAU/D;2DAC2D;AAC3D,wBAAgB,cAAc,IAAI,OAAO,CAExC;AAED;;2DAE2D;AAC3D,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAWxE"}

package/dist/signals/hardware.d.ts

@@ -0,0 +1,11 @@
+import type { ClientSignals } from '@fp/shared-types';
+type HardwareBlock = NonNullable<ClientSignals['hardware']>;
+/**
+ * Maps RN runtime info into the wire schema's `hardware` block. Browser
+ * fields that don't exist on mobile (oscpu, devicePixelRatio's CSS
+ * meaning, colorGamut from media query, ...) stay absent — Zod treats
+ * every leaf as optional.
+ */
+export declare function collectHardware(): HardwareBlock;
+export {};
+//# sourceMappingURL=hardware.d.ts.map

package/dist/signals/hardware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hardware.d.ts","sourceRoot":"","sources":["../../src/signals/hardware.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,KAAK,aAAa,GAAG,WAAW,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC;AAE5D;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,aAAa,CAmB/C"}

package/dist/signals/index.d.ts

@@ -0,0 +1,3 @@
+import type { ClientSignals } from '@fp/shared-types';
+export declare function collectSignals(): Promise<ClientSignals>;
+//# sourceMappingURL=index.d.ts.map

package/dist/signals/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/signals/index.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGtD,wBAAsB,cAAc,IAAI,OAAO,CAAC,aAAa,CAAC,CAW7D"}

package/dist/signals/intl.d.ts

@@ -0,0 +1,5 @@
+import type { ClientSignals } from '@fp/shared-types';
+type IntlBlock = NonNullable<ClientSignals['intl']>;
+export declare function collectIntl(): IntlBlock;
+export {};
+//# sourceMappingURL=intl.d.ts.map

package/dist/signals/intl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"intl.d.ts","sourceRoot":"","sources":["../../src/signals/intl.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,KAAK,SAAS,GAAG,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;AAiBpD,wBAAgB,WAAW,IAAI,SAAS,CAUvC"}

package/dist/signals/mobile.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Shape of what the native bridge returns. Kept separate from the wire
+ * schema so the bridge can evolve without forcing a `@fp/shared-types`
+ * bump on every native change — anything new the native side starts
+ * sending is just ignored by Zod's `.strict()` until we plumb it
+ * through here.
+ *
+ * Field names mirror `ClientSignalsSchema.mobile` exactly so the only
+ * step the client does is `signals.mobile = { ...native }`.
+ */
+export interface MobileNativePayload {
+    os?: 'ios' | 'android';
+    osVersion?: string;
+    model?: string;
+    manufacturer?: string;
+    idfv?: string;
+    androidId?: string;
+    installId?: string;
+    totalMemoryMb?: number;
+    isTablet?: boolean;
+    bundleId?: string;
+    appVersion?: string;
+}
+//# sourceMappingURL=mobile.d.ts.map

package/dist/signals/mobile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mobile.d.ts","sourceRoot":"","sources":["../../src/signals/mobile.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,MAAM,WAAW,mBAAmB;IAClC,EAAE,CAAC,EAAE,KAAK,GAAG,SAAS,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/dist/signals/network.d.ts

@@ -0,0 +1,5 @@
+import type { ClientSignals } from '@fp/shared-types';
+type NetworkBlock = NonNullable<ClientSignals['network']>;
+export declare function collectNetwork(): Promise<NetworkBlock | undefined>;
+export {};
+//# sourceMappingURL=network.d.ts.map

package/dist/signals/network.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../src/signals/network.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEtD,KAAK,YAAY,GAAG,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;AA0B1D,wBAAsB,cAAc,IAAI,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC,CAmBxE"}

package/dist/signals/persistence.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Synchronous session-id accessor — returns whatever the SDK has in
+ * memory right now. On first SDK boot the restore path may not have
+ * finished yet, in which case we mint a new id immediately and overwrite
+ * with the persisted value if/when restore lands (we don't, because
+ * payloads have already gone out with the fresh id). Mirrors the
+ * trade-off FP Pro RN makes — the moment of app-cold-boot is the one
+ * weak spot in mobile session-id continuity.
+ */
+export declare function getOrCreateSessionId(): string;
+/**
+ * Best-effort hydrate from AsyncStorage. Call once at SDK boot; if it
+ * lands before the first `identify()` we use the persisted id, otherwise
+ * we keep the fresh one.
+ */
+export declare function restoreSessionId(): Promise<void>;
+//# sourceMappingURL=persistence.d.ts.map

package/dist/signals/persistence.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persistence.d.ts","sourceRoot":"","sources":["../../src/signals/persistence.ts"],"names":[],"mappings":"AAwCA;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAO7C;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC,CAahD"}

package/dist/types.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Public TypeScript surface — mirrors `apps/sdk-react/src/types.ts` so
+ * code that switches between web and RN sees the same option names.
+ *
+ * The mobile-specific bits (collected through the native bridge) are NOT
+ * exposed here — they're an implementation detail of the payload, never
+ * a knob the integrator turns. The schema lives in
+ * `@fp/shared-types/ingest.ts::ClientSignalsSchema.mobile`.
+ */
+export type FpEventType = 'pageview' | 'login' | 'signup' | 'action' | 'heartbeat';
+export interface FpConfig {
+    /** Origin where the platform's collector is reachable (e.g.
+     *  `https://yoursite.com/fpjs` proxied via a Cloudflare Worker). */
+    collectorUrl: string;
+    /** Tenant key from the dashboard's API Keys page. Forwarded as
+     *  `X-Project-Key` so the collector routes events to the right project. */
+    projectKey: string;
+    /** Pre-shared X25519 public key (base64) — skips the bootstrap /v1/pk
+     *  hop. Most consumers leave this undefined and let `ServerPublicKey\
+     *  Cache` resolve it on first identify(). */
+    serverPublicKeyB64?: string;
+    /** Override the SDK version reported in the payload. */
+    sdkVersion?: string;
+}
+export interface IdentifyOptions {
+    event?: FpEventType;
+    /** Opaque integrator-facing user id. Surfaces as «Linked ID» in the
+     *  dashboard's Identification table. */
+    userId?: string;
+    /** Block the HTTP response until scoring finishes (~50-150 ms) so the
+     *  result includes the real `visitorId` / `suspectScore`. Use for
+     *  click-driven flows. Defaults to `true`. */
+    sync?: boolean;
+}
+export interface IdentifyResult {
+    v?: string;
+    eventId?: string;
+    result?: 'ok' | 'retry' | 'reject';
+    visitorId?: string;
+    userId?: string;
+    suspectScore?: number;
+    external?: {
+        flags?: string[];
+        linkedVisitors?: string[];
+    };
+}
+export interface FpInstance {
+    identify: (opts?: IdentifyOptions) => Promise<IdentifyResult | null>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEnF,MAAM,WAAW,QAAQ;IACvB;wEACoE;IACpE,YAAY,EAAE,MAAM,CAAC;IACrB;+EAC2E;IAC3E,UAAU,EAAE,MAAM,CAAC;IACnB;;iDAE6C;IAC7C,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB;4CACwC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;kDAE8C;IAC9C,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,IAAI,GAAG,OAAO,GAAG,QAAQ,CAAC;IACnC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAE,eAAe,KAAK,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;CACtE"}

package/fingerprint79-react-native.podspec

@@ -0,0 +1,26 @@
+require 'json'
+
+# Podspec for @fingerprint79/react-native. Picked up by RN >=0.60 autolinking
+# via react-native.config.js — consumers don't edit this file.
+package = JSON.parse(File.read(File.join(__dir__, 'package.json')))
+
+Pod::Spec.new do |s|
+  s.name         = 'fingerprint79-react-native'
+  s.version      = package['version']
+  s.summary      = package['description']
+  s.license      = package['license']
+  s.homepage     = package['homepage']
+  s.authors      = { 'Fingerprint Platform contributors' => 'noreply@example.com' }
+  s.source       = { :git => package['repository']['url'], :tag => "v#{s.version}" }
+
+  # Mirrors FP Pro's minimum: iOS 12 (Swift 5.7+ is implied by Xcode 14).
+  s.platforms        = { :ios => '12.0' }
+  s.swift_versions   = ['5.7', '5.8', '5.9']
+
+  s.source_files     = 'ios/**/*.{h,m,mm,swift}'
+  s.requires_arc     = true
+
+  # RN core — every native module pulls this in. Autolinking ensures the
+  # consumer's React-Core pod resolves at the right version.
+  s.dependency 'React-Core'
+end

package/ios/FpRnModule.m

@@ -0,0 +1,16 @@
+// Obj-C bridge header — what RN_EXTERN_MODULE registers Swift classes as
+// when the host app is still using the old bridge (RN <0.74). Auto-loaded
+// by autolinking; the file's mere presence is all RN needs.
+#import <React/RCTBridgeModule.h>
+
+@interface RCT_EXTERN_MODULE(FpRnModule, NSObject)
+
+RCT_EXTERN_METHOD(collect:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+// `+requiresMainQueueSetup` is defined in Swift; declaring it here lets
+// RN's bridge see the override at registration time on old RN versions
+// that still introspect Obj-C method lists.
++ (BOOL)requiresMainQueueSetup;
+
+@end

package/ios/FpRnModule.swift

@@ -0,0 +1,134 @@
+// FpRnModule.swift
+//
+// Native bridge for @fingerprint79/react-native on iOS. Exposes one method
+// — `collect()` — that returns a dictionary the JS layer drops directly
+// into `IngestPayload.signals.mobile`. Everything we collect here is
+// either unreachable from JS (IDFV, Keychain UUID, sysctl model) or
+// expensive to fetch reliably from RN's JS bridge (hardware.machine,
+// physicalMemory).
+//
+// Identifier strategy mirrors what FingerprintJS Pro does:
+//   1. `idfv`  — UIDevice.identifierForVendor.  Vendor-scoped UUID,
+//                stable until the user deletes every app from us.
+//   2. `installId` — UUID we write to Keychain (kSecAttrAccessibleAfter\
+//                FirstUnlock). Survives app delete + reinstall when
+//                iCloud Keychain is enabled, which is the strongest
+//                Apple-sanctioned device-identifier we get without the
+//                AppTrackingTransparency prompt + IDFA.
+//
+// We do NOT touch IDFA / AppTrackingTransparency — that would force the
+// host app into an ATT prompt and require an Info.plist string. Visitor
+// continuity through Keychain is enough for the fraud-detection use case.
+
+import Foundation
+import UIKit
+
+@objc(FpRnModule)
+class FpRnModule: NSObject {
+
+  // MARK: - RN bridge plumbing
+
+  @objc static func requiresMainQueueSetup() -> Bool {
+    // Most of what we read is thread-safe (UIDevice / ProcessInfo / sysctl
+    // / Keychain). Returning false keeps us off the main thread and out
+    // of the RN startup critical path.
+    return false
+  }
+
+  @objc func methodQueue() -> DispatchQueue {
+    // Dedicated low-priority queue — `collect()` is called once per
+    // identify() so we don't need a thread per call.
+    return DispatchQueue(label: "com.fingerprint79.rn.collect", qos: .utility)
+  }
+
+  // MARK: - Public API
+
+  @objc(collect:reject:)
+  func collect(_ resolve: @escaping RCTPromiseResolveBlock,
+               reject:  @escaping RCTPromiseRejectBlock) {
+    let device = UIDevice.current
+    let info   = ProcessInfo.processInfo
+    let bundle = Bundle.main
+
+    // Memory in MiB. `physicalMemory` is bytes; integer-divide and clamp.
+    let memMib = Int(info.physicalMemory / (1024 * 1024))
+
+    let payload: [String: Any] = [
+      "os": "ios",
+      "osVersion":    device.systemVersion,
+      "model":        Self.hardwareModel(),
+      "manufacturer": "Apple",
+      "idfv":         device.identifierForVendor?.uuidString as Any,
+      "installId":    Self.keychainInstallId(),
+      "totalMemoryMb": memMib,
+      "isTablet":     device.userInterfaceIdiom == .pad,
+      "bundleId":     bundle.bundleIdentifier as Any,
+      "appVersion":
+        bundle.object(forInfoDictionaryKey: "CFBundleShortVersionString") as? String as Any,
+    ]
+    resolve(payload)
+  }
+
+  // MARK: - Helpers
+
+  /// `sysctlbyname("hw.machine")` returns the model identifier
+  /// (`"iPhone15,2"`, `"iPad14,1"`). Marketing names are NOT exposed by
+  /// iOS — translation to "iPhone 14 Pro" happens server-side from a lookup
+  /// table the scoring worker holds.
+  private static func hardwareModel() -> String {
+    var size = 0
+    sysctlbyname("hw.machine", nil, &size, nil, 0)
+    var buf = [CChar](repeating: 0, count: size)
+    sysctlbyname("hw.machine", &buf, &size, nil, 0)
+    return String(cString: buf)
+  }
+
+  // Service identifier for Keychain. Globally unique to us — never collides
+  // with the host app's own Keychain items. AccessibleAfterFirstUnlock so
+  // the value survives device reboot but stays protected before the user's
+  // first PIN entry.
+  private static let kcService = "com.fingerprint79.installId"
+  private static let kcAccount = "default"
+
+  /// Returns a stable installation UUID, generating + persisting on first
+  /// call. Failures (Keychain locked, simulator quirks) fall back to a
+  /// fresh UUID so the call site never sees `nil` — at worst we lose
+  /// cross-launch continuity.
+  private static func keychainInstallId() -> String {
+    if let existing = readKeychain() { return existing }
+    let fresh = UUID().uuidString
+    writeKeychain(value: fresh)
+    return fresh
+  }
+
+  private static func readKeychain() -> String? {
+    let query: [String: Any] = [
+      kSecClass as String:       kSecClassGenericPassword,
+      kSecAttrService as String: kcService,
+      kSecAttrAccount as String: kcAccount,
+      kSecReturnData as String:  true,
+      kSecMatchLimit as String:  kSecMatchLimitOne,
+    ]
+    var item: AnyObject?
+    let status = SecItemCopyMatching(query as CFDictionary, &item)
+    guard status == errSecSuccess,
+          let data = item as? Data,
+          let str  = String(data: data, encoding: .utf8) else { return nil }
+    return str
+  }
+
+  private static func writeKeychain(value: String) {
+    let data = value.data(using: .utf8)!
+    let attrs: [String: Any] = [
+      kSecClass as String:         kSecClassGenericPassword,
+      kSecAttrService as String:   kcService,
+      kSecAttrAccount as String:   kcAccount,
+      kSecValueData as String:     data,
+      kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlock,
+    ]
+    // Delete-then-add so SecItemAdd never trips on a stale duplicate (can
+    // happen after an OS upgrade migrated the keychain DB).
+    SecItemDelete(attrs as CFDictionary)
+    SecItemAdd(attrs as CFDictionary, nil)
+  }
+}

package/package.json

@@ -0,0 +1,91 @@
+{
+  "name": "@fingerprint79/react-native",
+  "version": "0.0.1",
+  "description": "React Native binding for the Fingerprint Platform — JS hooks + native iOS (Swift) and Android (Kotlin) bridges. Collects mobile signals (IDFV, Keychain UUID, hardware) and ships sealed payloads to your self-hosted collector.",
+  "license": "MIT",
+  "author": "Fingerprint Platform contributors",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "react-native": "./src/index.ts",
+  "source": "./src/index.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "react-native": "./src/index.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    },
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "dist",
+    "src",
+    "ios",
+    "android",
+    "react-native.config.js",
+    "fingerprint79-react-native.podspec",
+    "README.md",
+    "LICENSE"
+  ],
+  "sideEffects": false,
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/igorao79/fingerprint.git",
+    "directory": "apps/sdk-react-native"
+  },
+  "homepage": "https://github.com/igorao79/fingerprint/tree/main/apps/sdk-react-native#readme",
+  "bugs": {
+    "url": "https://github.com/igorao79/fingerprint/issues"
+  },
+  "keywords": [
+    "fingerprint",
+    "react-native",
+    "ios",
+    "android",
+    "device-fingerprint",
+    "mobile-fingerprint",
+    "visitor-id",
+    "anti-fraud",
+    "bot-detection",
+    "fp-rn"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "vite build && tsc -p tsconfig.build.json",
+    "typecheck": "tsc -b --noEmit",
+    "lint": "eslint src",
+    "test": "vitest run",
+    "clean": "rimraf dist .turbo *.tsbuildinfo",
+    "prepublishOnly": "pnpm build"
+  },
+  "peerDependencies": {
+    "react": ">=18 <20",
+    "react-native": ">=0.72",
+    "react-native-localize": ">=3",
+    "@react-native-community/netinfo": ">=11",
+    "@react-native-async-storage/async-storage": ">=1.21"
+  },
+  "peerDependenciesMeta": {
+    "react-native-localize": { "optional": true },
+    "@react-native-community/netinfo": { "optional": true },
+    "@react-native-async-storage/async-storage": { "optional": true }
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "@fp/crypto": "workspace:*",
+    "@fp/sdk-core": "workspace:*",
+    "@fp/shared-types": "workspace:*",
+    "@types/react": "^18.3.12",
+    "cbor-x": "^1.6.0",
+    "react": "^18.3.1",
+    "react-native": "^0.74.0",
+    "vite": "^5.4.11"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}

package/react-native.config.js

@@ -0,0 +1,18 @@
+// React Native autolinking manifest. RN >=0.60 reads this file in every
+// installed dependency and wires the iOS pod + Android gradle module into
+// the host app at `pod install` / `gradle assemble` time. Without this
+// file the consumer would have to edit Podfile + settings.gradle by hand.
+module.exports = {
+  dependency: {
+    platforms: {
+      ios: {
+        podspecPath: __dirname + '/fingerprint79-react-native.podspec',
+      },
+      android: {
+        sourceDir: __dirname + '/android',
+        packageImportPath: 'import com.fingerprint79.rn.FpRnPackage;',
+        packageInstance: 'new FpRnPackage()',
+      },
+    },
+  },
+};

package/src/client.ts

@@ -0,0 +1,89 @@
+// FpRnClient — RN counterpart of `FpSdk` in sdk-browser. Owns the
+// public-key cache, runs collectSignals on every identify(), seals the
+// CBOR-encoded payload with X25519+AES-GCM (same crypto as the browser
+// SDK — payloads from web and mobile are interchangeable at the
+// collector), and POSTs to /v1/ingest.
+
+import { encode as cborEncode } from 'cbor-x';
+
+import { ServerPublicKeyCache, sendIngest } from '@fp/sdk-core';
+import { seal } from '@fp/crypto';
+
+import { collectSignals } from './signals/index.js';
+import { getOrCreateSessionId, restoreSessionId } from './signals/persistence.js';
+
+import type { IngestPayload, IngestResponse } from '@fp/shared-types';
+import type { FpConfig, IdentifyOptions } from './types.js';
+
+// Vite's `define` inlines this at build time from package.json.
+declare const __SDK_VERSION__: string;
+const SDK_VERSION: string =
+  typeof __SDK_VERSION__ === 'string' ? __SDK_VERSION__ : '0.0.0-dev';
+
+export class FpRnClient {
+  private readonly pkCache: ServerPublicKeyCache;
+  private readonly config: FpConfig;
+
+  constructor(config: FpConfig) {
+    this.config = config;
+    this.pkCache = new ServerPublicKeyCache(config.collectorUrl);
+    // Kick off persistence restore non-blocking. Late lands are fine —
+    // the first identify() may use a fresh id, all subsequent ones
+    // get the persisted one once AsyncStorage answers.
+    void restoreSessionId();
+  }
+
+  /** Warm-up the public-key cache. FpProvider awaits this in useEffect
+   *  so the very first identify() call doesn't pay the /v1/pk hop and
+   *  so auth misconfig surfaces as ready=false up-front. */
+  async warmUp(): Promise<void> {
+    await this.pkCache.getWithAlias();
+  }
+
+  async identify(opts: IdentifyOptions = {}): Promise<IngestResponse | null> {
+    const signals = await collectSignals();
+    const sessionId = getOrCreateSessionId();
+    const event = opts.event ?? 'pageview';
+    const syncMode = opts.sync ?? true;
+
+    const payload: IngestPayload = {
+      sdkVersion: SDK_VERSION,
+      ts: Date.now(),
+      sessionId,
+      // Mobile apps have no URL but the wire schema requires a string —
+      // use the bundle id (if collected via native) as a stable
+      // "namespace" so dashboard filters don't choke on every event
+      // sharing the same placeholder. Fall back to a sentinel scheme.
+      pageUrl: bundleAsUrl(signals.mobile?.bundleId) ?? 'rn://app',
+      referrer: '',
+      event,
+      signals,
+    };
+    if (opts.userId !== undefined) {
+      payload.accountHint = { userId: opts.userId };
+    }
+    if (syncMode) payload.sync = true;
+
+    const { key: serverKey, aliasPath } = await this.pkCache.getWithAlias();
+    const plaintext = new Uint8Array(cborEncode(payload));
+    const { wire } = await seal(serverKey.key, plaintext);
+
+    return await sendIngest({
+      collectorUrl: this.config.collectorUrl,
+      wire,
+      serverKeyId: serverKey.id,
+      sdkVersion: SDK_VERSION,
+      preferBeacon: false,
+      ...(aliasPath ? { aliasPath } : {}),
+      projectKey: this.config.projectKey,
+    });
+  }
+}
+
+/** `pageUrl` is `.url()`-validated by Zod. Bundle ids like `com.acme.app`
+ *  aren't URLs, so wrap them as a custom scheme — keeps the dashboard
+ *  filterable per-app without false validation errors. */
+function bundleAsUrl(bundleId: string | undefined): string | undefined {
+  if (!bundleId) return undefined;
+  return `rn://${bundleId}`;
+}

package/src/context.tsx

@@ -0,0 +1,82 @@
+// FpProvider — RN mirror of `apps/sdk-react/src/context.tsx`. Unlike the
+// web version we never wait for a global to appear; the SDK is JS code
+// inside the same process, so we instantiate FpRnClient immediately and
+// fire a no-op /v1/pk warm-up to surface auth errors early.
+
+import { createContext, useContext, useEffect, useMemo, useState, type ReactNode } from 'react';
+
+import { FpRnClient } from './client.js';
+import { isNativeLinked } from './native.js';
+
+import type { FpConfig } from './types.js';
+
+interface FpProviderProps {
+  readonly config: FpConfig;
+  readonly children: ReactNode;
+}
+
+interface FpContextValue {
+  instance: FpRnClient | null;
+  ready: boolean;
+  error: Error | null;
+}
+
+const FpContext = createContext<FpContextValue>({
+  instance: null,
+  ready: false,
+  error: null,
+});
+
+export function FpProvider({ config, children }: FpProviderProps) {
+  // Stable instance for the provider's entire lifetime. Re-creating per
+  // render would discard the pk-fetcher's cache on every parent rerender.
+  const instance = useMemo(() => new FpRnClient(config), [config.collectorUrl, config.projectKey]);
+  const [state, setState] = useState<FpContextValue>({
+    instance: null,
+    ready: false,
+    error: null,
+  });
+
+  useEffect(() => {
+    let cancelled = false;
+    if (!isNativeLinked() && __DEV__) {
+      console.warn(
+        '[@fingerprint79/react-native] Native module not linked. ' +
+          'Mobile signals (idfv / installId / hardware) will be absent. ' +
+          'Did you run `pod install` (iOS) and rebuild (Android)?',
+      );
+    }
+    // Mark ready once the public-key fetch lands — that's the first
+    // request the SDK actually needs. Failures here surface as
+    // `ready: false, error: ...` so the UI can render a banner.
+    instance
+      .warmUp()
+      .then(() => {
+        if (cancelled) return;
+        setState({ instance, ready: true, error: null });
+      })
+      .catch((e: unknown) => {
+        if (cancelled) return;
+        setState({
+          instance: null,
+          ready: false,
+          error: e instanceof Error ? e : new Error(String(e)),
+        });
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [instance]);
+
+  return <FpContext.Provider value={state}>{children}</FpContext.Provider>;
+}
+
+/** Internal — every hook routes through this. */
+export function useFpContext(): FpContextValue {
+  return useContext(FpContext);
+}
+
+// Module-level shim for `__DEV__` so this file typechecks outside Metro
+// (which injects __DEV__ as a global). Library code is allowed to use
+// it directly per RN convention.
+declare const __DEV__: boolean;