Conversation
- Added checkout view with order summary - Payment Render shows checkout UI then opens modal for payment form - Updated HomeScreen with new checkout flow - Added type declarations for YunoPaymentForm CHECKPOINT: This version works before attempting embedded form
- Added YunoApiService for creating customers and sessions via Yuno API - Added "+" buttons next to Customer Session and Checkout Session fields - Buttons auto-generate sessions using merchant keys from native JSON config - Support for secretKey (alias for privateKey) and accountCode (alias for accountId) - Reverted to modal payment form approach (embedded form causes crashes) - Removed hardcoded default API keys - requires JSON config with full merchant keys
- Card: rounded corners, subtitles, icons, softer shadows - Button: icons, sizes, ghost variant, colored shadows - Input: focus states, icons, hints, uppercase labels - PaymentActions: 2x2 grid layout with icons - StatusDisplay: semantic colors and status icons - OTTDisplay: improved token display and info grid - ConfigForm: generate buttons with lightning icon
- Add simulated e-commerce checkout screen with order summary - Display product item, price breakdown, and total - Embed YunoPaymentForm within checkout view - Add trust badges (SSL, PCI, Secure Payment) - Extract amount and currency from config JSON - Modern checkout UI with proper styling
- Add createPayment and getPaymentStatus methods to YunoApiService - Add PaymentData and PaymentResponse interfaces - Auto-create payment when OTT is received from SDK - Call continuePaymentRender to complete payment flow - Use refs to access current state in event listeners - Show payment result alerts (success/failed/cancelled)
…andling Demonstrates SDK enrollment render usage with automatic token handling. The app only listens for result events - no manual API calls required. ## API Service Updates - Add account_id to createCustomerSession payload (fixes session creation) - Add accountId field to CustomerSessionData interface - Ensures customer session creation works consistently with checkout session ## HomeScreen Updates - Add enrollment render state management - Implement handleStartEnrollmentRender with validation - Add automatic result event listener (no token handling needed) - Add embedded enrollment form UI with modern card design - Add enrollment form event handlers (ready, submit, error) - Add close handler for embedded enrollment view ## UI Components - Update EnrollmentActions with enrollment render button - Add enrollment render loading states - Add YunoEnrollmentForm component integration - Add trust badges and security indicators ## Configuration - Add yuno_config.json with staging credentials - Include merchantKeys (publicKey, secretKey, accountCode) - Configure for Colombia (CO) with Spanish language - Set amount and currency for testing ## Key Features - Automatic flow - SDK handles token internally - Only result event listener needed - No manual createEnrollment API call - Clean separation of concerns - Modern, user-friendly UI Follows payment render pattern for consistency. Demonstrates proper SDK usage with automatic token handling. Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
- Update Button component to show text left-aligned with chevron right - Remove emoji icons from payment and enrollment action buttons - Change from grid to vertical list layout for consistent button sizing - Update generate session buttons with white "+" icon - Align generate buttons with input fields All buttons now have consistent design across payment and enrollment sections. Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 6 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| 'Content-Type': 'application/json', | ||
| 'public-api-key': this.publicApiKey, | ||
| 'private-secret-key': this.privateSecretKey, | ||
| ...additionalHeaders, |
There was a problem hiding this comment.
Client app now exposes private API secret
High Severity
YunoApiService now sends private-secret-key from the mobile client, and yuno_config.json includes a raw secretKey. This exposes backend credentials to anyone with app access, enabling unauthorized API calls outside trusted infrastructure.
Additional Locations (1)
| "CODE_SIGN_IDENTITY[sdk=iphoneos*]" = "iPhone Distribution"; | ||
| CODE_SIGN_STYLE = Manual; | ||
| CODE_SIGN_IDENTITY = "Apple Development"; | ||
| CODE_SIGN_STYLE = Automatic; |
There was a problem hiding this comment.
Release build signs with development identity
High Severity
The Release configuration now uses CODE_SIGN_IDENTITY = "Apple Development" with automatic signing. This makes release artifacts development-signed, which breaks distribution workflows for TestFlight/App Store and can block production release delivery.
| label="Vaulted Token" | ||
| placeholder="Optional saved card token..." | ||
| hint="Use a previously saved payment method" | ||
| icon="🔐" |
There was a problem hiding this comment.
Localization replaced with hardcoded English labels
Medium Severity
Multiple UI strings now bypass useTranslation and are hardcoded in English, so localized copy no longer changes with app language. This regresses internationalized behavior in ConfigForm, PaymentActions, and EnrollmentActions.
Additional Locations (2)
| <View style={styles.content}> | ||
| <Text style={textStyleFinal}>{title}</Text> | ||
| <Text style={[styles.chevron, textStyleFinal]}>›</Text> | ||
| </View> |
There was a problem hiding this comment.
Button icon API no longer works
Low Severity
Button now accepts icon and iconPosition, but rendering ignores both and always shows a fixed chevron. Callers passing icon get incorrect output, and button content no longer matches the component API.
Additional Locations (1)
| Alert.alert('Error', error.message || 'Failed to start payment render flow'); | ||
| setIsPaymentRenderLoading(false); | ||
| } | ||
| }, [checkoutSession, countryCode, paymentMethodType, vaultedToken, t]); |
There was a problem hiding this comment.
Payment render can start without backend credentials
Medium Severity
handlePaymentRender starts the render flow without checking yunoApiService.isConfigured(). When tokenization finishes, handleCreatePaymentAndContinue exits early on missing keys and never calls continuePaymentRender, leaving the embedded checkout flow unable to complete.
Additional Locations (1)
| } | ||
|
|
||
| // Configure API service with merchant keys from JSON | ||
| console.log('🔍 Looking for merchant keys in config:', JSON.stringify(config.merchantKeys, null, 2)); |
There was a problem hiding this comment.
Sensitive merchant secrets are logged in plaintext
High Severity
The app logs config.merchantKeys directly, which includes the private secretKey, and also logs partial private key material in YunoApiService. These credentials can be exposed through device logs, CI logs, or crash reporting pipelines.
Additional Locations (1)
1 participant
Note
High Risk
Introduces a new client-side service that calls Yuno staging APIs using merchant secret keys loaded from a bundled JSON file, plus new render-flow event handling; mistakes here can leak credentials or create incorrect payments/enrollments.
Overview
Adds a full Payment Render and Enrollment Render example to
HomeScreen, including newYunoPaymentForm/YunoEnrollmentFormembedded checkout/enrollment screens, SDK event listeners (onPaymentRenderToken/onPaymentRenderResult,onEnrollmentRenderResult), and UI to display/continue/clear render tokens/results.Introduces
YunoApiServiceto create customers, checkout/customer sessions, and payments against Yuno staging APIs (with idempotency), wiresConfigFormto generate sessions, and expands the sampleyuno_config.jsonto include amount/currency and merchantKeys used to configure the service.Switches the example app to develop against a local
@yuno-payments/yuno-sdk-react-native(file:dependency + Metro watchFolders/blockList), adds local enum shims inYunoServiceto avoid bundler issues, updates iOS signing to automatic/team-based, and refreshes several UI components with new styling/variants and additional action buttons.Written by Cursor Bugbot for commit 45a2276. This will update automatically on new commits. Configure here.