feat(MSDK-3794): Add Firebase mediation integration to React Native sample app

[asadraza-usercentrics]

User description

PR description

Summary

• Moves Usercentrics.configure() into App.tsx via useEffect with
  MEDIATION_TEST_ENABLED and SETTINGS_ID as the single control point for
  mediation mode and settings configuration
• Adds auto Usercentrics.status() check on HomeScreen mount — shows first
  layer immediately if consent is required, otherwise applies existing consents
• Integrates Firebase Analytics as a reference mediation partner on both platforms:
  • Android: google-services plugin, Firebase BOM 33.13.0, all collection
    flags disabled by default in AndroidManifest.xml
  • iOS: FirebaseAnalytics pod, FirebaseApp.configure() in AppDelegate,
    FIREBASE_ANALYTICS_COLLECTION_ENABLED = false in Info.plist,
    PrivacyInfo.xcprivacy updated with NSUserDefaults access reasons
• Updates bundle/application ID to com.usercentrics.sdk.mediation.test on
  both platforms
• Rewrites sample/README.md — replaces the default RN boilerplate with a
  full guide covering prerequisites, project structure, screen descriptions,
  run instructions, consent mediation setup, New Architecture toggle,
  scripts reference, and troubleshooting

Summary by CodeRabbit

• Documentation

  • Comprehensive README with platform-specific prerequisites, project structure, SDK initialization guidance, step-by-step setup instructions, consent flow walkthrough, and expanded troubleshooting.

• New Features

  • Firebase Analytics integration and mediation testing capability in the sample app.
  • Enhanced consent flow handling with automatic first-layer display and consent status checks.

• Chores

  • Android and iOS platform configuration updates; Firebase configuration files added to .gitignore.

---

CodeAnt-AI Description

Make Firebase consent mediation optional in the sample app

What Changed

• The sample app now ships with Firebase Analytics mediation set up as an optional local test path instead of a required integration
• Android and iOS are configured to keep Firebase collection off by default until consent is granted
• The home screen now checks consent on launch, shows the first consent layer when needed, and applies saved consents otherwise
• The sample app now uses a dedicated Firebase test bundle ID and includes the Firebase config file locations in the project
• The sample README was rewritten with setup, run, and mediation testing steps for the sample app

Impact

✅ Safer local Firebase testing
✅ Fewer accidental analytics collection events
✅ Faster consent flow on app launch

🔄 Retrigger CodeAnt AI Review

Details

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR equips the Usercentrics React Native SDK sample app with Firebase Analytics integration and consent mediation capabilities. Android and iOS build configurations add Google Services plugins and Firebase dependencies. The Usercentrics SDK is initialized with a mediation flag and debug logging. The Home screen checks consent status at mount time, displays consent layers, and handles responses. Comprehensive documentation covers platform-specific setup, mediation testing, and troubleshooting.

Changes

Firebase Integration and Consent Mediation

Layer / File(s)	Summary
Bundle Identifier Configuration sample/android/app/build.gradle.kts, sample/ios/sample.xcodeproj/project.pbxproj	Both Android and iOS targets update bundle identifier to com.usercentrics.sdk.mediation.test. Xcode project references and includes GoogleService-Info.plist in build resources.
Android Build Dependencies and Plugins sample/android/build.gradle.kts, sample/android/app/build.gradle.kts, sample/android/settings.gradle.kts, sample/android/app/src/main/AndroidManifest.xml	Google Services Gradle plugin added to root buildscript, Firebase BoM and Analytics library added to app dependencies, mavenLocal() added for dependency resolution, AndroidManifest metadata entries disable Firebase Analytics collection.
iOS Pods and Runtime Configuration sample/ios/Podfile, sample/ios/sample/AppDelegate.swift, sample/ios/sample/Info.plist, sample/ios/sample/PrivacyInfo.xcprivacy	FirebaseAnalytics pod added to sample target, AppDelegate imports FirebaseCore and calls FirebaseApp.configure() at app launch, Info.plist disables analytics collection, PrivacyInfo.xcprivacy declares additional API access reasons for UserDefaults and FileTimestamp.
Usercentrics SDK Initialization sample/src/App.tsx	SDK configure() call updated to include settingsId, loggerLevel: debug, and consentMediation flag driven by MEDIATION_TEST_ENABLED constant.
Consent Flow Integration sample/src/screens/Home.tsx	HomeScreen mounts with status check, conditionally shows first layer or applies existing consent, introduces handleUserResponse for logging and consent application, updates showFirstLayer() and showSecondLayer() to await layer display and route responses, rewrites A/B testing banner helpers with BannerSettings casting, adjusts button callbacks for consent interactions.
Documentation and Configuration sample/.gitignore, sample/README.md	.gitignore ignores Firebase config files (google-services.json, GoogleService-Info.plist). README fully replaced with comprehensive guide covering prerequisites, SDK initialization, platform-specific running instructions, screen guide, Firebase mediation setup with testing steps, New Architecture toggles, available npm scripts, and troubleshooting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Usercentrics/react-native-sdk#184: Both PRs modify the sample app's native project configuration (iOS Podfile/Info.plist/Xcode project and Android Gradle settings) to align the sample with SDK/release requirements (e.g., RN new-arch toggles, Podfile/Gradle changes, sample bundle IDs and Firebase setup).

Suggested labels

Review effort 2/5

Suggested reviewers

• uc-brunosilva
• islameldesoky95
• uc-brunosouza

Poem

🐰 Firebase flames ignite the night,
Consent flows gather, burning bright!
Mediation blooms in Android soil,
While iOS gently tends the toil—
A sample app now stands complete! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 28.57% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the primary change: adding Firebase mediation integration to the React Native sample app, which is reflected across all file modifications (Firebase dependencies, configuration, SDK setup).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/MSDK-3794-firebase-mediation-sample

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

Review Summary by Qodo

Add Firebase mediation integration and comprehensive documentation to React Native sample app

✨ Enhancement

Walkthroughs

Description

• Integrates Firebase Analytics as mediation partner on Android and iOS
• Moves SDK configuration to App.tsx with mediation mode toggle flag
• Adds automatic consent status check on HomeScreen mount
• Updates bundle ID to com.usercentrics.sdk.mediation.test
• Completely rewrites README with comprehensive setup and usage guide

Diagram

flowchart LR
  A["App.tsx<br/>SDK Config"] -->|"MEDIATION_TEST_ENABLED"| B["Firebase<br/>Integration"]
  A -->|"SETTINGS_ID"| C["Usercentrics<br/>Configuration"]
  D["HomeScreen"] -->|"useEffect"| E["Usercentrics.status()"]
  E -->|"shouldCollectConsent"| F["Show Banner"]
  E -->|"existing consents"| G["Apply Consent"]
  H["Android Setup<br/>google-services plugin"] --> B
  I["iOS Setup<br/>FirebaseApp.configure"] --> B
  B -->|"mediation"| J["Consent Propagation"]

Loading

File Changes

1. sample/android/app/build.gradle.kts Dependencies +6/-1

Add Firebase BOM and google-services plugin

sample/android/app/build.gradle.kts

---

2. sample/android/build.gradle.kts Dependencies +1/-0

Add google-services classpath dependency

sample/android/build.gradle.kts

---

3. sample/android/settings.gradle.kts ⚙️ Configuration changes +1/-0

Add mavenLocal repository for local dependencies

sample/android/settings.gradle.kts

---

View more (10)

4. sample/android/app/src/main/AndroidManifest.xml ⚙️ Configuration changes +6/-0

Disable Firebase analytics collection by default

sample/android/app/src/main/AndroidManifest.xml

---

5. sample/ios/sample/AppDelegate.swift ✨ Enhancement +2/-0

Import FirebaseCore and initialize Firebase

sample/ios/sample/AppDelegate.swift

---

6. sample/ios/Podfile Dependencies +2/-0

Add FirebaseAnalytics pod dependency

sample/ios/Podfile

---

7. sample/ios/sample.xcodeproj/project.pbxproj ⚙️ Configuration changes +6/-2

Add GoogleService-Info.plist build resource

sample/ios/sample.xcodeproj/project.pbxproj

---

8. sample/ios/sample/GoogleService-Info.plist ⚙️ Configuration changes +32/-0

Add Firebase configuration file for iOS

sample/ios/sample/GoogleService-Info.plist

---

9. sample/ios/sample/Info.plist ⚙️ Configuration changes +2/-0

Disable Firebase analytics collection flag

sample/ios/sample/Info.plist

---

10. sample/ios/sample/PrivacyInfo.xcprivacy ⚙️ Configuration changes +6/-4

Update privacy manifest with NSUserDefaults access

sample/ios/sample/PrivacyInfo.xcprivacy

---

11. sample/src/App.tsx ✨ Enhancement +25/-26

Add mediation test flag and SDK configuration

sample/src/App.tsx

---

12. sample/src/screens/Home.tsx ✨ Enhancement +66/-75

Add automatic status check and consent handling

sample/src/screens/Home.tsx

---

13. sample/README.md 📝 Documentation +297/-50

Replace boilerplate with comprehensive integration guide

sample/README.md

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (4) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Firebase plist committed ✓ Resolved 🐞 Bug ⛨ Security

Description

The PR adds and bundles GoogleService-Info.plist containing a Firebase API key and project
identifiers, while the README states Firebase config files are not committed. This leaks shared
Firebase project configuration and can lead to unintended reuse/abuse of that Firebase project from
a public repo.

Code

sample/ios/sample/GoogleService-Info.plist[R1-32]

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>API_KEY</key>
+	<string>AIzaSyCbVPJwkNblldnnC6drkANOFNBR0pc16vc</string>
+	<key>GCM_SENDER_ID</key>
+	<string>562107654987</string>
+	<key>PLIST_VERSION</key>
+	<string>1</string>
+	<key>BUNDLE_ID</key>
+	<string>com.usercentrics.sdk.mediation.test</string>
+	<key>PROJECT_ID</key>
+	<string>in-app-sdk</string>
+	<key>STORAGE_BUCKET</key>
+	<string>in-app-sdk.firebasestorage.app</string>
+	<key>IS_ADS_ENABLED</key>
+	<false></false>
+	<key>IS_ANALYTICS_ENABLED</key>
+	<false></false>
+	<key>IS_APPINVITE_ENABLED</key>
+	<true></true>
+	<key>IS_GCM_ENABLED</key>
+	<true></true>
+	<key>IS_SIGNIN_ENABLED</key>
+	<true></true>
+	<key>GOOGLE_APP_ID</key>
+	<string>1:562107654987:ios:582fcab0c3093857befece</string>
+	<key>DATABASE_URL</key>
+	<string>https://in-app-sdk.firebaseio.com</string>
+</dict>
+</plist>

Evidence

The added plist contains Firebase credentials/config values (API key, sender id, project id) and the
Xcode project includes it as a build resource; meanwhile the sample README explicitly claims these
config files are not committed.

sample/ios/sample/GoogleService-Info.plist[1-32]
sample/ios/sample.xcodeproj/project.pbxproj[9-16]
sample/ios/sample.xcodeproj/project.pbxproj[29-46]
sample/README.md[251-260]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`sample/ios/sample/GoogleService-Info.plist` is committed and bundled, and it contains real Firebase project configuration (API key / IDs). This contradicts the README (“not committed”) and is a security anti-pattern for a public sample.
### Issue Context
If CI needs a plist to build tests, don’t commit real project credentials. Prefer a placeholder/template file and require developers to supply their own, or inject via CI secrets/artifacts.
### Fix Focus Areas
- sample/ios/sample/GoogleService-Info.plist[1-32]
- sample/ios/sample.xcodeproj/project.pbxproj[9-16]
- sample/ios/sample.xcodeproj/project.pbxproj[29-46]
- sample/README.md[251-260]
### Suggested fix
- Remove `GoogleService-Info.plist` from git (and from Xcode “Resources”) and add it to an ignore list.
- Alternatively, keep a `GoogleService-Info.plist.example` with scrubbed/dummy values and update the build to copy/rename it locally.
- If the app must run without the plist, guard `FirebaseApp.configure()` (e.g., only call it if the plist exists and Firebase isn’t already configured).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Consent apply is no-op 🐞 Bug ≡ Correctness

Description

HomeScreen calls applyConsent(status.consents) on mount and after user interaction, but
applyConsent is an empty stub. As a result, existing consents and user decisions are never
applied/propagated from the Home screen flow.

Code

sample/src/screens/Home.tsx[R41-43]

+    function applyConsent(_consents?: UsercentricsServiceConsent[] | null) {
+        // https://docs.usercentrics.com/cmp_in_app_sdk/latest/apply_consent/apply-consent/#apply-consent-to-each-service
+    }

Evidence

applyConsent(...) is invoked from the startup status check and after banner responses, but the
function body is empty. The codebase already shows an example implementation pattern in
CustomUI.tsx (iterating/logging consents), demonstrating the intended behavior for
applying/handling consents.

sample/src/screens/Home.tsx[12-19]
sample/src/screens/Home.tsx[34-43]
sample/src/screens/CustomUI.tsx[297-302]
sample/README.md[156-160]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`HomeScreen.applyConsent(...)` is currently a no-op, but it’s called when `shouldCollectConsent` is false and after `showFirstLayer/showSecondLayer` responses. This means the Home screen flow never applies/handles the consents it retrieves.
### Issue Context
The sample already contains an `applyConsents(...)` implementation pattern in `CustomUI.tsx` (iterating consents and logging). The Home screen should do something equivalent (at minimum) and/or trigger partner updates if that’s the point of the mediation demo.
### Fix Focus Areas
- sample/src/screens/Home.tsx[12-19]
- sample/src/screens/Home.tsx[34-43]
- sample/src/screens/CustomUI.tsx[297-302]
### Suggested fix
- Implement `applyConsent` to process the provided `UsercentricsServiceConsent[]`:
- At minimum: iterate and log `templateId/status/type` (like `CustomUI.tsx`).
- If the sample intends to demonstrate partner enable/disable: route consent state to the relevant SDK(s) (or explicitly note that mediation handles it and remove the misleading calls/README text).
- Ensure `applyConsent(undefined/null)` is handled safely (early return).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Unhandled status rejection 🐞 Bug ☼ Reliability

Description

HomeScreen starts Usercentrics.status().then(...) on mount without a .catch(), and it calls
the async showFirstLayer() without awaiting or error handling. Since status()/showFirstLayer()
can reject when native isReady fails, this can produce unhandled promise rejections and a broken
launch flow.

Code

sample/src/screens/Home.tsx[R12-19]

+    React.useEffect(() => {
+        Usercentrics.status().then(status => {
+            if (status.shouldCollectConsent) {
+                showFirstLayer();
+            } else {
+                applyConsent(status.consents);
+            }
+        });

Evidence

The JS SDK’s status() maps directly to the native isReady() promise; the iOS native module
explicitly rejects on failure. The Home screen does not catch these failures, and it fires
showFirstLayer() without awaiting, so any thrown error becomes unhandled.

sample/src/screens/Home.tsx[12-19]
src/Usercentrics.tsx[34-46]
ios/RNUsercentricsModule.swift[61-70]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The Home screen’s startup effect doesn’t handle promise rejections from `Usercentrics.status()` and doesn’t await/catch `showFirstLayer()`. Failures can surface as unhandled promise rejections.
### Issue Context
`Usercentrics.status()` delegates to native `isReady()`, which can reject (e.g., initialization/config issues). `showFirstLayer()` awaits `isReady()` internally and can also throw.
### Fix Focus Areas
- sample/src/screens/Home.tsx[12-19]
- src/Usercentrics.tsx[34-46]
- ios/RNUsercentricsModule.swift[61-70]
### Suggested fix
- Convert the effect to an async IIFE with `try/catch` and await the async calls:
- `const run = async () => { try { const status = await Usercentrics.status(); ... await showFirstLayer(); } catch (e) { console.warn(...); } }`.
- Optionally add an `isMounted` flag in the effect cleanup to avoid acting after unmount.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

4. mavenLocal precedence 🐞 Bug ⛨ Security

Description

sample/android/settings.gradle.kts adds mavenLocal() before google()/mavenCentral(), which
can silently shadow real dependencies with locally published artifacts. This makes builds
non-reproducible and increases supply-chain risk on developer machines.

Code

sample/android/settings.gradle.kts[R18-21]

+        mavenLocal()
     google()
     mavenCentral()
     maven { url = uri("$rootDir/../node_modules/@react-native/gradle-plugin") }

Evidence

Gradle will consult mavenLocal() first given the repository ordering in the PR, so any locally
published group/artifact/version can override remote artifacts without any code change.

sample/android/settings.gradle.kts[15-23]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The sample’s Gradle settings now prefer `mavenLocal()` ahead of `google()` and `mavenCentral()`, which can cause dependency shadowing and non-reproducible builds.
### Issue Context
For sample apps (and especially CI), deterministic dependency resolution is typically preferred.
### Fix Focus Areas
- sample/android/settings.gradle.kts[15-23]
### Suggested fix
- Remove `mavenLocal()` entirely, or move it to the end of the repositories list.
- If it’s only needed for local development, gate it behind a Gradle property (e.g., `-PuseMavenLocal=true`).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

5. Mediation enabled by default 🐞 Bug ⚙ Maintainability

Description

MEDIATION_TEST_ENABLED is set to true even though the inline comment says to keep it false for
normal builds. This makes the sample default behavior inconsistent and can surprise users who run
the sample without intending to test mediation.

Code

sample/src/App.tsx[R7-9]

+// Set to true when testing consent mediation. Keep false for normal builds.
+const MEDIATION_TEST_ENABLED = true;
+const SETTINGS_ID = '3C9-yvno8-dEzy';

Evidence

The constant is hard-coded to true while the accompanying comment instructs the opposite, so the
code and documentation are out of sync at the primary control point for mediation mode.

sample/src/App.tsx[7-19]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`MEDIATION_TEST_ENABLED` is hard-coded to `true` but commented as something to keep `false` for normal builds, which is inconsistent and confusing.
### Issue Context
This is the “single control point” for mediation mode per the README.
### Fix Focus Areas
- sample/src/App.tsx[7-19]
### Suggested fix
- Set `MEDIATION_TEST_ENABLED` default to `false` and update README steps to instruct toggling it to `true` when testing mediation (or adjust the comment/README to match the intended default).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[pantoaibot]

PR Summary:

Adds Firebase consent-mediation to the React Native sample app: integrates Firebase Analytics as a mediation partner, wires native Firebase setup, enables consent mediation in the JS SDK, and updates docs and sample flows.

Key changes:

• Documentation
  • Rewrote sample/README.md to document Firebase mediation, init steps, running instructions, mediation testing, Firebase config locations, and new-architecture notes.
• Android (sample/android/)
  • Enabled Google Services plugin (com.google.gms.google-services) in app plugins and buildscript classpath.
  • Added Firebase BOM (33.13.0) and firebase-analytics dependency.
  • Added Firebase collection meta-data flags (all false) to AndroidManifest.xml.
  • Changed applicationId to com.usercentrics.sdk.mediation.test.
  • Added mavenLocal() to settings repositories.
• iOS (sample/ios/)
  • Added pod 'FirebaseAnalytics' to Podfile.
  • AppDelegate.swift imports FirebaseCore and calls FirebaseApp.configure().
  • Info.plist sets FIREBASE_ANALYTICS_COLLECTION_ENABLED = false.
  • PrivacyInfo.xcprivacy updated with UserDefaults/privacy reasons required by Firebase.
  • Xcode project updated to include GoogleService-Info.plist and bundle identifier changed to com.usercentrics.sdk.mediation.test.
  • Added sample/GoogleService-Info.plist (contains Firebase config for sample project).
• JavaScript / TypeScript (sample/src/)
  • App.tsx: initializes Usercentrics with settingsId, debug logger and consentMediation enabled (MEDIATION_TEST_ENABLED = true).
  • Home.tsx: refactored to use typed SDK imports, auto-check Usercentrics.status() on mount (show first layer or apply consents), unified response handling, added applyConsent stub, A/B testing examples cleaned up, UI button handlers simplified.
• Build & tooling
  • Gradle/Kotlin DSL changes require updated Gradle plugins and may need npx pod-install / Gradle sync.

Potential breaking / noteworthy items:

• Bundle ID / applicationId changed for both platforms (com.usercentrics.sdk.mediation.test) — existing installs will be treated as a different app; Firebase config must match the new bundle/application id.
• GoogleService-Info.plist was added to repo (contains API key) while README still notes config files are not committed — check intended handling of credentials.
• settings.gradle.kts now includes mavenLocal(); build environment may resolve different artifacts from local repo.
• Sample now enables consent mediation by default (MEDIATION_TEST_ENABLED = true) — toggle off in src/App.tsx for normal sample behavior.

Reviewed by Panto AI

[pantoaibot]

Reviewed up to commit:554c528c94b959340a0bb05229fbbb9dbdfde5cf

Reviewed by Panto AI

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[coderabbitai]

Actionable comments posted: 6

🧹 Nitpick comments (3)

sample/android/app/build.gradle.kts (1)

83-84: ⚡ Quick win

Firebase BOM 33.13.0 is several major releases behind the current 34.12.0.

The Firebase Android BoM has been updated to v34.1.0 (and subsequently to 34.12.0). As a sample app this is lower risk, but staying on 33.x means missing security patches and behavioural fixes in Analytics. Consider bumping to the latest BOM before publishing.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sample/android/app/build.gradle.kts` around lines 83 - 84, Update the
Firebase BoM version used in the Gradle dependencies: find the
implementation(platform("com.google.firebase:firebase-bom:33.13.0")) line and
replace the BOM version with the current release (e.g., 34.12.0) so the
implementation("com.google.firebase:firebase-analytics") dependency picks up the
latest matching Firebase artifact versions; ensure you run a build to verify
compatibility and adjust any downstream Firebase dependency versions if needed.

sample/android/build.gradle.kts (1)

10-10: ⚡ Quick win

Move google-services version to the Gradle version catalog for consistency.

The google-services plugin at 4.4.2 is two patch versions behind the current 4.4.4. More importantly, this dependency uses a hardcoded version string while the other Gradle plugins (lines 7–9) reference versions from the catalog. Add google-services = "4.4.4" to gradle/libs.versions.toml and update line 10 to use classpath(versions.google.services).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sample/android/build.gradle.kts` at line 10, Add a new entry in the Gradle
version catalog (gradle/libs.versions.toml) like google-services = "4.4.4" and
replace the hardcoded plugin declaration
classpath("com.google.gms:google-services:4.4.2") in build.gradle.kts with the
catalog reference using versions.google.services so the google‑services plugin
uses the centralized version; ensure you reference the exact key
"google-services" in the catalog and "versions.google.services" in the classpath
call.

sample/ios/Podfile (1)

27-27: ⚡ Quick win

Pin FirebaseAnalytics to a specific version for reproducible builds.

Without a version constraint, pod install can silently resolve to a new major/minor release that breaks the Firebase ↔ Usercentrics mediation integration. Consider locking to the version in use (or at least a compatible range).

♻️ Proposed fix

-  pod 'FirebaseAnalytics'
+  pod 'FirebaseAnalytics', '~> 11.0'   # pin to the major in use; update alongside Firebase BOM on Android

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sample/ios/Podfile` at line 27, Pin the FirebaseAnalytics pod to a specific
version or a constrained version range in the Podfile to ensure reproducible
builds and avoid breaking changes; locate the pod declaration "pod
'FirebaseAnalytics'" and replace it with a fixed version specifier or compatible
range (e.g., '= x.y.z' or '~> x.y') that matches the currently used Firebase
Analytics release.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@sample/android/settings.gradle.kts`:
- Line 18: The build currently calls mavenLocal() which can make CI builds
non-reproducible; remove that call from the settings.gradle.kts or wrap it in a
conditional that only enables local Maven resolution for developer machines
(e.g., check a Gradle project property or environment variable such as CI or a
custom property like useLocalMaven), add a short comment explaining why the
guard exists (only for local snapshot testing of react-native-usercentrics), and
ensure the unique symbol mavenLocal() is only executed when the guard permits so
CI and shared builds use only declared remote repositories.

In `@sample/ios/sample/GoogleService-Info.plist`:
- Around line 5-30: Replace all real Firebase values in GoogleService-Info.plist
(API_KEY, GCM_SENDER_ID, GOOGLE_APP_ID, DATABASE_URL, STORAGE_BUCKET, PROJECT_ID
and any other identifying entries) with descriptive placeholder strings (e.g.,
YOUR_FIREBASE_API_KEY, YOUR_GCM_SENDER_ID, YOUR_GOOGLE_APP_ID,
YOUR_DATABASE_URL, YOUR_STORAGE_BUCKET, YOUR_PROJECT_ID) and remove any live
project identifiers; then add concise setup instructions to sample/README.md
telling users to download their own GoogleService-Info.plist from the Firebase
Console and place it in the sample/ios/sample/ directory (or an equivalent path)
before running the sample.

In `@sample/README.md`:
- Around line 31-51: The fenced code block showing the project tree (the block
beginning with ``` and the "sample/" tree) is missing a language specifier;
update that opening fence to include a tag such as `text` or `plaintext` (e.g.,
change ``` to ```text) so markdownlint MD040 is satisfied and renderers get
syntax awareness for the tree block in README.md.

In `@sample/src/App.tsx`:
- Around line 7-9: The MEDIATION_TEST_ENABLED constant is set to true against
its comment and should be false for normal builds; change MEDIATION_TEST_ENABLED
to false. Replace the hardcoded live settings ID in SETTINGS_ID
('3C9-yvno8-dEzy') with a clear placeholder (e.g.,
'<YOUR_USERCENTRICS_SETTINGS_ID>') and update any README/setup docs to instruct
developers to provide their own ID and required Google service files when
enabling mediation mode. Ensure you only change the values of
MEDIATION_TEST_ENABLED and SETTINGS_ID in App.tsx.

In `@sample/src/screens/Home.tsx`:
- Around line 84-85: The onPress handlers call Usercentrics.status() and discard
its result and errors before calling navigation.navigate (see
Usercentrics.status and navigation.navigate inside the Button onPress
callbacks); either await and handle the result/error (e.g., wrap await
Usercentrics.status() in try/catch and only navigate on success or log/handle
failures) or remove the unnecessary await if you don't need a readiness barrier
— update both Button handlers (the async onPress functions) accordingly so
errors from Usercentrics.status() are not ignored.
- Around line 12-20: HomeScreen calls Usercentrics.status() before the SDK is
initialized in App (Usercentrics.configure()), causing race/unhandled-rejection
issues; hoist Usercentrics.configure() to module scope in App.tsx so it runs
synchronously before any components mount, and update the Home.tsx effect that
calls Usercentrics.status() to handle promise rejections (add a .catch() and
fail-safe branch) so errors from Usercentrics.status() cannot go unhandled.

---

Nitpick comments:
In `@sample/android/app/build.gradle.kts`:
- Around line 83-84: Update the Firebase BoM version used in the Gradle
dependencies: find the
implementation(platform("com.google.firebase:firebase-bom:33.13.0")) line and
replace the BOM version with the current release (e.g., 34.12.0) so the
implementation("com.google.firebase:firebase-analytics") dependency picks up the
latest matching Firebase artifact versions; ensure you run a build to verify
compatibility and adjust any downstream Firebase dependency versions if needed.

In `@sample/android/build.gradle.kts`:
- Line 10: Add a new entry in the Gradle version catalog
(gradle/libs.versions.toml) like google-services = "4.4.4" and replace the
hardcoded plugin declaration classpath("com.google.gms:google-services:4.4.2")
in build.gradle.kts with the catalog reference using versions.google.services so
the google‑services plugin uses the centralized version; ensure you reference
the exact key "google-services" in the catalog and "versions.google.services" in
the classpath call.

In `@sample/ios/Podfile`:
- Line 27: Pin the FirebaseAnalytics pod to a specific version or a constrained
version range in the Podfile to ensure reproducible builds and avoid breaking
changes; locate the pod declaration "pod 'FirebaseAnalytics'" and replace it
with a fixed version specifier or compatible range (e.g., '= x.y.z' or '~> x.y')
that matches the currently used Firebase Analytics release.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1180b34d-b563-4093-b52b-428095f65e69

📥 Commits

Reviewing files that changed from the base of the PR and between 97b5e8c and 554c528.

⛔ Files ignored due to path filters (1)

• sample/ios/Podfile.lock is excluded by !**/*.lock

📒 Files selected for processing (13)

• sample/README.md
• sample/android/app/build.gradle.kts
• sample/android/app/src/main/AndroidManifest.xml
• sample/android/build.gradle.kts
• sample/android/settings.gradle.kts
• sample/ios/Podfile
• sample/ios/sample.xcodeproj/project.pbxproj
• sample/ios/sample/AppDelegate.swift
• sample/ios/sample/GoogleService-Info.plist
• sample/ios/sample/Info.plist
• sample/ios/sample/PrivacyInfo.xcprivacy
• sample/src/App.tsx
• sample/src/screens/Home.tsx

[coderabbitai]

♻️ Duplicate comments (1)

sample/README.md (1)

31-31: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to the project-tree fenced block.

The code fence at Line 31 is missing a language specifier, which still triggers MD040.

Proposed fix

-```
+```text
 sample/
 ├── src/
 │   ├── App.tsx                          # SDK initialisation and navigation root

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@sample/README.md` at line 31, The README's project-tree fenced code block
(the triple-backtick block containing "sample/ ├── src/ ...") is missing a
language tag which triggers MD040; update that fenced block declaration (the
opening ``` line for the project-tree block) to include a language tag such as
"text" or "bash" so the block becomes ```text (or another appropriate tag) to
satisfy the linter and preserve formatting.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@sample/README.md`:
- Line 31: The README's project-tree fenced code block (the triple-backtick
block containing "sample/ ├── src/ ...") is missing a language tag which
triggers MD040; update that fenced block declaration (the opening ``` line for
the project-tree block) to include a language tag such as "text" or "bash" so
the block becomes ```text (or another appropriate tag) to satisfy the linter and
preserve formatting.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ae249197-be56-4747-b649-b7a19292f597

📥 Commits

Reviewing files that changed from the base of the PR and between 554c528 and c51e619.

📒 Files selected for processing (2)

• sample/.gitignore
• sample/README.md

✅ Files skipped from review due to trivial changes (1)

• sample/.gitignore

[codeant-ai]

CodeAnt AI is running the review.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[codeant-ai]

Sequence Diagram

This PR centralizes Usercentrics SDK configuration (with mediation enabled) and adds an automatic consent status check on the home screen, so user choices drive both the in-app consent UI and Firebase Analytics tracking.

sequenceDiagram
    participant User
    participant App
    participant UsercentricsSDK
    participant ConsentBanner
    participant FirebaseAnalytics

    App->>UsercentricsSDK: Configure with settingsId and consent mediation enabled
    App->>UsercentricsSDK: Get consent status on home screen mount
    UsercentricsSDK-->>App: Return consent status

    alt Consent required
        App->>ConsentBanner: Show first layer consent banner
        User->>ConsentBanner: Choose consent options
        ConsentBanner->>UsercentricsSDK: Submit user consent
    else Consent already stored
        App->>UsercentricsSDK: Apply existing consents
    end

    UsercentricsSDK->>FirebaseAnalytics: Update tracking according to consent

Loading

---

Generated by CodeAnt AI

[codeant-ai]

CodeAnt AI finished running the review.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn