Skip to main content

ADR-001: React Native Bare Workflow

Status: Accepted Date: 2026-03-14

Context

Knight Shield requires direct access to native security APIs (iOS SecureEnclave, Android Keystore) for secure private key management. The choice between Expo (managed) and bare workflow directly impacts the ability to integrate native bridges.

Decision

Use React Native bare workflow (without Expo).

Rationale

  1. Direct SecureEnclave/Keystore access: Expo managed workflow does not allow custom native modules without ejecting. The security bridges (native-bridges/) need direct access to SecureEnclave (iOS) and Keystore (Android) to store private keys in secure hardware.

  2. Memory wiping: The implementation of memset_s (iOS) and Arrays.fill (Android) to clear cryptographic material from memory requires native code that Expo does not natively support.

  3. TLS certificate pinning: The relay server uses TLS 1.3 with custom certificate pinning, which requires native networking configuration.

  4. ZK performance: Future proving/verification optimizations may need native bindings (C/Rust via JNI/Swift).

Consequences

  • Positive: Full control over native modules, stronger security posture
  • Negative: More complex builds (Xcode + Android Studio), no Expo OTA updates
  • Mitigation: Use Turbo for build orchestration, document setup in runbooks