box: hard crash (Go SIGSEGV nil-deref) re-setting-up the current blox — initFula tears down the shared fula client while Blox.screen reads race it

[ehsan6sha]

Summary

Hard crash (native SIGABRT) when re-setting-up the blox that is already added and currently selected. Root cause is a Go nil-pointer dereference in the shared react-native-fula native client, caused by a concurrency race between the InitialSetup flow and the still-mounted Blox/MainTabs screen.

Repro

1. App already set up with a blox (lands on MainTabs).
2. Home → Connect to WiFi → re-setup the currently-selected blox.
3. On the Set Authorizer screen → app hard-crashes.

Root cause (from logcat)

ReactNativeJS: Error listActivePlugins: ... all dials failed     # a c.bl.* read in flight
ReactNative:   Previous Fula client shutdown successfully.        # initFula's Shutdown ran
ReactNative:   Creating a new Fula instance / Fula initialized    # initFula's newClient ran
E Go:  panic: runtime error: invalid memory address or nil pointer dereference
E Go:  [signal SIGSEGV: segmentation violation code=0x1 addr=0xb8 ...]
F libc: Fatal signal 6 (SIGABRT) ... land.fx.blox

One shared native libp2p client ("fula"). InitialSetup and MainTabs are sibling routes, so navigating to setup leaves MainTabs/Blox.screen mounted and still polling (getBloxSpace → BloxFreeSpace, getFolderSize → GetFolderSize, checkBloxConnection, listActivePlugins). SetBloxAuthorizer.generateAppPeerId calls Helper.initFula on mount (logout + Shutdown + newClient), and the in-flight reads nil-deref the torn-down client.

Fix (this PR — box mitigation)

generateAppPeerId only needs the app's own peerId, which is deterministic from the DID keypair and already persisted as appPeerId. The subsequent auth exchange runs over BLE/HTTP (exchangeConfig / blePeerExchange), independent of the fula client. So reuse the stored appPeerId and skip initFula — extracted into the pure helper resolveAppPeerId(storedAppPeerId, initFn). In the repro path appPeerId is always present → no teardown → no race → no crash. Branch: fix/box-resetup-current-blox-crash.

⚠️ Mitigation, not a full fix

• A JS guard cannot cancel a native read already across the bridge, so this closes the reported repro but is not race-correct for every path (e.g. setting up a brand-new blox from Home while the current blox is live still calls initFula).
• The durable fix is in go-fula (mobile: gate all c.bl.* blockchain methods through beginOp to prevent nil-deref SIGSEGV racing Shutdown (#241 follow-up) go-fula#242, branch fix/242-gate-blockchain-methods): gate all c.bl.* methods through beginOp so Shutdown drains them and post-shutdown calls return ErrClientClosed instead of nil-dereferencing.

Keep open until go-fula#242 ships, the rebuilt aar is bundled, and the crash is verified gone on-device. A complementary broad mitigation (suspend Blox/MainTabs polling while an InitialSetup route is focused) is also planned.

Known limitation

resolveAppPeerId reuses the stored appPeerId whenever truthy. logout/reset/setWalletId(_, clearSigniture=true) clear it with the credentials, but setSigniture/setPassword do not — so an identity change via those setters without a full logout could reuse a stale id. Close that gap when the durable fix lands (clear appPeerId on credential change, or store + match an identity fingerprint).

[ehsan6sha]

Mitigation pushed: branch fix/box-resetup-current-blox-crash (commit 3195439). Adds utils/appPeerId.ts resolveAppPeerId(stored, initFn) — reuses the deterministic stored appPeerId and skips initFula in the repro path; unit-tested 3/3. Durable native fix: functionland/go-fula#242 (branch fix/242-gate-blockchain-methods). Keep open until #242's rebuilt aar is bundled and the crash is verified gone on-device.