# Kuira Android SDK > Android SDK for building Midnight zero-knowledge dApps. On-device ZK proving (no proof server), passkey-derived identity, embedded wallet, and a Compact contract runtime — added to a consumer project as one Gradle dependency. Published to Maven Central as `io.github.kuiralabs:*`. Kuira's cookbook is designed for both human and agent consumption. Every recipe URL below is a raw markdown file that can be fetched directly by an LLM-driven assistant (Claude Code, Cursor, Codex, etc.) to obtain the SDK API surface, idiomatic patterns, common pitfalls, and version pin needed to execute the integration in a developer's own project. For browsable documentation: . ## Docs - [Home / Install](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/index.md): SDK overview, install snippet, module list, alpha status, source-availability stance. - [Integration guide](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/integration.md): End-to-end integration reference (prereqs, PasskeyConfig, assetlinks.json, debug-cleartext, deploy + call skeleton, troubleshooting, known limitations). - [Security](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/security.md): Threat model — what Kuira protects against and what it explicitly does not. Vulnerability reporting + 90-day coordinated disclosure. GPG signature verification recipe. - [On-device proving](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/on-device-proving.md): How Kuira proves on the phone (native Rust `midnight-zkir`, not WASM) vs a remote proof server — the `ProvingMode.LOCAL`/`REMOTE` toggle. The proof system (PLONK + KZG over BLS12-381). The circuit-size parameter `k` (circuit = 2^k rows; +1 to k ≈ doubles proving time and memory); Kuira's wallet circuits are k=13 dust / k=14 zswap-output / k=15 zswap-spend. ~33MB proving keys, either downloaded once at first bootstrap or (recommended for production) bundled in the APK via `kuiraContract { bundleWalletKeys = true }`. Honest benchmark stance: Midnight publishes no proving wall-clock/memory figures — measure on-device; don't conflate the WASM sync-memory issue numbers with proving cost. ## Recipes - [Add Kuira to an Android project](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/add-kuira-to-an-android-project.md): Install the SDK, set the passkey rpId, wire the Hilt module, enable debug cleartext for localnet. Links forward to the full passkey-domain-binding recipe for production signing setup. - [Bind your app to a passkey domain](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/bind-your-app-to-a-passkey-domain.md): Development-only path — extract the debug SHA-256 from `./gradlew signingReport`, write a single-fingerprint assetlinks.json, host at /.well-known/assetlinks.json on the rpId domain, verify with curl + Forge on device. Troubleshoots RP_ID_MISMATCH / PRF authentication failed / silent biometric dismissal as a single root-cause cluster. Release-signing setup is out of scope (separate future recipe). - [Set up Sigil identity](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/set-up-sigil-identity.md): Bootstrap a passkey-derived sigil session (DID + wallet seed from one biometric), drop in the Compose panel, handle forge and restore flows. - [Hello Compact — write your first contract](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/hello-compact.md): The 6-line counter contract that ships with kuira-starter-android, walked through line by line. Toolchain pinning (compactc / language pragma / @midnight-ntwrk/compact-runtime — three versions move independently; the recipe's table is the current source of truth), compile via compactc, verify via `mn contract inspect`. For deeper Compact learning (witnesses, multi-party patterns, selective disclosure), points readers at the official Midnight contract examples at midnightntwrk/midnight-docs. - [Deploy and call a Compact contract](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/deploy-and-call-a-compact-contract.md): Sync compiled `.compact` artifacts into Android assets, build the contract handle with witnesses, deploy, and call a circuit. - [Run kuiraDoctor before each release](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/run-kuira-doctor.md): The `io.github.kuiralabs.contract` plugin's `kuiraDoctor` task runs four preflight checks at build time (assetlinks.json reachability + applicationId-in-targets match, minSdk floor of 30, debug-cleartext manifest for localnet builds, Compact runtime pin match) that catch the most common consumer misconfigurations before they surface as runtime crashes on user devices. Severities PASS / WARN / FAIL / SKIP; `kuiraContract.requireDoctorPass.set(true)` converts FAIL into a build failure for release / CI gating. Not wired to preBuild by default — invoke explicitly. - [Back up wallet data across devices](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/back-up-wallet-across-devices.md): Enable cross-device wallet backup — the SDK encrypts the dust checkpoint with a wallet-seed-derived key (AES-256-GCM, on-device) and rides it through Google Drive's hidden per-app `appDataFolder`, so a new device does a fast delta restore instead of a full genesis replay. The one consumer setup task is a Google Cloud OAuth client for the non-sensitive `drive.appdata` scope (Android client matching package name + signing SHA-1, Drive API enabled, account added as test user). Covers the `appDataFolder` invisibility (only visible via Drive Settings → Manage apps) and the same-Google-account caveat (different account → empty folder → graceful full-sync fallback, never a crash). Troubleshoots `UNREGISTERED_ON_API_CONSOLE`. - [Reveal & restore the recovery phrase](https://raw.githubusercontent.com/kuiralabs/kuira-sdk-android/main/docs/recipes/reveal-and-restore-the-recovery-phrase.md): Build a custom 24-word BIP-39 reveal + restore on the public `WalletRecovery` contract (inject `WalletRecovery`, or `MidnightSdkProvider.recovery`). The Sigil seed is `PRF(passkey)` but that output IS BIP-39 entropy, so every wallet has a canonical phrase that reconstructs it provider-free. The contract owns the crypto + biometric gating + entropy wiping and exposes NO UI policy — when you render the words you own the screen-level security: `FLAG_SECURE`, whether copy is offered + its auto-clear timing, re-auth cadence (`revealPhrase` always re-authenticates). `revealPhrase(activity)` → 24 words (catch `AuthenticationCancelledException`); `isValidPhrase(words)` for live BIP-39 validation; `restoreFromPhrase(activity, words)` onto a fresh vault (throws `RecoveryNotAllowedException` if a wallet exists, `InvalidRecoveryPhraseException` on bad checksum). The session auto-lock that scrubs a revealed phrase is host-tunable via `SessionLock.idleTimeoutMs` / `backgroundGraceMs`. The bundled wallet panel (gear → Settings → View recovery phrase) already ships this with safe defaults for consumers who don't want a custom UI. ## Optional - [Maven Central — io.github.kuiralabs](https://central.sonatype.com/namespace/io.github.kuiralabs): Every published artifact (AAR + sources jar + javadoc jar + POM + PGP signature). - [GitHub repository](https://github.com/kuiralabs/kuira-sdk-android): The public docs repository. SDK source itself is currently private; will open in a future alpha.