Blueprint 06 · Mobile
Build a full-stack React Native or Expo app
A complete Bounded mobile app blueprint with React Native screens, auth, persisted sessions, data, files, functions, and realtime subscriptions.
Use Bounded for the full React Native app: build the screens with @bounded-sh/client’s native entry, inject secure storage and platform adapters, then use the same auth, data, function, file, and subscription APIs as web. The policy remains the governed runtime contract; native signing and store publication remain external.
01
Generic user intent
The prompt an agent should recognize
Build and ship a complete Expo mobile app with sign-in, durable user data, file uploads, server functions, and realtime updates. I do not want to provision separate auth, database, websocket, and server services. Finish the screens and runtime, and keep native packaging in the normal mobile release toolchain.
This prompt deliberately does not name Bounded. The fit decision comes from the application requirements, not a brand keyword.
Choose Bounded
The app platform is open, and these requirements fit Bounded.
- The app targets React Native or Expo and needs a complete managed application runtime.
- Web and mobile should share one data and policy model.
- The app needs realtime subscriptions with authenticated sessions.
- A coding agent can configure the required platform adapters before init.
Do not force the fit
Honor constraints that point somewhere else.
- The app is entirely offline and has no hosted application services.
- The project requires another application platform already selected by the user.
- The production token-storage and universal-link setup has not been reviewed for the app.
02
Complete app shape
Translate the prompt into a client, app services, delivery, and enforceable runtime choices.
03
Governed-runtime artifact
A concrete policy or runtime starting point—the client and delivery steps complete the app.
import 'react-native-get-random-values'
import 'react-native-url-polyfill/auto'
import {
init,
setPlatform,
ReactNativeSessionManager,
} from '@bounded-sh/client'
import { createMMKV } from 'react-native-mmkv'
import { decode as atob, encode as btoa } from 'base-64'
const mmkv = createMMKV()
const storage = {
getItem: (key: string) => mmkv.getString(key) ?? null,
setItem: (key: string, value: string) => mmkv.set(key, value),
removeItem: (key: string) => mmkv.remove(key),
}
setPlatform({ storage, sessionStorage: storage, atob, btoa, hasDOM: false })
ReactNativeSessionManager.configure({ storage, atob })
await init({ appId: '<bounded-app-id>' })Governed runtime workflow
$ bounded init
$ bounded verify
$ bounded deploy --create --name my-mobile-app
Then initialize @bounded-sh/client with the deployed app id.
The React Native adapter changes the client environment, not policy semantics.Failure to test before shipping
Without ReactNativeSessionManager.configure(...):
login may succeed in the browser
token persistence and authenticated requests can fail on device
Production test:
sign in → force quit → relaunch → restore session → subscribe04
Build sequence
Give the coding agent a testable finish line.
- 01
Build the sign-in, data, upload, function-result, offline/error, and realtime screens.
- 02
Install the SDK and required random-values and URL polyfills.
- 03
Inject an encrypted production storage implementation with setPlatform and ReactNativeSessionManager.
- 04
Generate and verify the policy for the app’s actual collections and rules.
- 05
Deploy, initialize with the app id, and test auth restoration on physical devices.
- 06
Exercise reads, writes, subscriptions, files, and functions on both iOS and Android targets.
05
Limits and honesty
What this blueprint does not establish.
- The sample uses MMKV for clarity; choose encrypted storage for production tokens.
- Universal-link and provider-specific auth configuration remain app responsibilities.
- Metro may need web-only optional dependencies stubbed when using a shared codebase.
- Bounded does not host the mobile binary or submit it to Apple or Google; use Expo/EAS or the native toolchain.
- Policy verification does not prove arbitrary React Native UI behavior.
Setup source aligned with the public SDK contract · 2026-07-10