fix(ios): prompt simulator biometric auth before keychain fetch and probe security on main thread

- Invoke simulator biometric prompt (when needed) before calling SecItemCopyMatching so simulator flows mirror device auth and cancellation maps to a consistent RuntimeError.
- Add performSimulatorBiometricPromptIfNeeded helper that evaluates LAContext on the main thread and surfaces user-cancel errors.
- Ensure SecurityAvailabilityResolver probes capabilities on the main thread and correctly distinguishes simulator biometry/secure-enclave availability.
- Update example Podfile.lock: SensitiveInfo -> 6.0.0-rc.10 and CocoaPods -> 1.16.2.

Author: mCodex

example/ios/Podfile.lock

@@ -2437,7 +2437,7 @@ PODS:
     - React-perflogger (= 0.82.1)
     - React-utils (= 0.82.1)
     - SocketRocket
-  - SensitiveInfo (6.0.0-rc.8):
+  - SensitiveInfo (6.0.0-rc.10):
     - boost
     - DoubleConversion
     - fast_float
@@ -2784,10 +2784,10 @@ SPEC CHECKSUMS:
   ReactAppDependencyProvider: a45ef34bb22dc1c9b2ac1f74167d9a28af961176
   ReactCodegen: 878add6c7d8ff8cea87697c44d29c03b79b6f2d9
   ReactCommon: 804dc80944fa90b86800b43c871742ec005ca424
-  SensitiveInfo: de10b692c50b4dfaf81507b23470ad0c616f7f5e
+  SensitiveInfo: 929dfd44a2b79e7f040d3e1e134bef749d2c8cee
   SocketRocket: d4aabe649be1e368d1318fdf28a022d714d65748
   Yoga: 689c8e04277f3ad631e60fe2a08e41d411daf8eb
 
 PODFILE CHECKSUM: 7ee3efea19ddd1156f9f61f93fc84a48ff536985
 
-COCOAPODS: 1.15.2
+COCOAPODS: 1.16.2

ios/HybridSensitiveInfo.swift

@@ -266,6 +266,9 @@ final class HybridSensitiveInfo: HybridSensitiveInfoSpec {
   }
 
   private func copyMatching(query: [String: Any], prompt: AuthenticationPrompt?) throws -> AnyObject? {
+#if targetEnvironment(simulator)
+    try performSimulatorBiometricPromptIfNeeded(prompt: prompt)
+#endif
     var result: CFTypeRef?
     var status = performCopyMatching(query as CFDictionary, result: &result)
 
@@ -405,4 +408,46 @@ final class HybridSensitiveInfo: HybridSensitiveInfoSpec {
     }
     return status
   }
+
+#if targetEnvironment(simulator)
+  private func performSimulatorBiometricPromptIfNeeded(prompt: AuthenticationPrompt?) throws {
+    guard let prompt else { return }
+
+    let context = makeLAContext(prompt: prompt)
+    var error: NSError?
+
+    guard context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error),
+          context.biometryType != .none else {
+      return
+    }
+
+    let reason = prompt.description ?? prompt.title ?? "Authenticate to continue"
+    let semaphore = DispatchSemaphore(value: 0)
+    var evaluationError: Error?
+
+    DispatchQueue.main.async {
+      context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: reason) { success, policyError in
+        if !success {
+          evaluationError = policyError
+        }
+        semaphore.signal()
+      }
+    }
+
+    semaphore.wait()
+
+    if let evaluationError {
+      if let laError = evaluationError as? LAError {
+        switch laError.code {
+        case .userCancel, .userFallback, .systemCancel:
+          throw RuntimeError.error(withMessage: "[E_AUTH_CANCELED] Authentication prompt canceled by the user.")
+        default:
+          break
+        }
+      }
+
+      throw RuntimeError.error(withMessage: "Keychain fetch failed: \(evaluationError.localizedDescription)")
+    }
+  }
+#endif
 }

ios/Internal/Security/SecurityAvailabilityResolver.swift

@@ -20,20 +20,50 @@ final class SecurityAvailabilityResolver {
       return cachedValue
     }
 
+    let snapshot = resolveOnMainThread()
+    cached = snapshot
+    return snapshot
+  }
+
+  private func resolveOnMainThread() -> (secureEnclave: Bool, strongBox: Bool, biometry: Bool, deviceCredential: Bool) {
+    if Thread.isMainThread {
+      return performCapabilityProbe()
+    }
+
+    var snapshot: (secureEnclave: Bool, strongBox: Bool, biometry: Bool, deviceCredential: Bool) = (
+      secureEnclave: false,
+      strongBox: false,
+      biometry: false,
+      deviceCredential: false
+    )
+
+    DispatchQueue.main.sync {
+      snapshot = performCapabilityProbe()
+    }
+
+    return snapshot
+  }
+
+  private func performCapabilityProbe() -> (secureEnclave: Bool, strongBox: Bool, biometry: Bool, deviceCredential: Bool) {
     let context = LAContext()
     var error: NSError?
 
-    let supportsBiometry = context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) && context.biometryType != .none
+    let supportsBiometry = context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)
+    #if targetEnvironment(simulator)
+    let biometryAvailable = supportsBiometry
+    let secureEnclaveAvailable = supportsBiometry
+    #else
+    let biometryAvailable = supportsBiometry && context.biometryType != .none
+    let secureEnclaveAvailable = biometryAvailable
+    #endif
     error = nil
     let supportsDeviceCredential = context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error)
 
-    let snapshot = (
-      secureEnclave: supportsBiometry,
+    return (
+      secureEnclave: secureEnclaveAvailable,
       strongBox: false,
-      biometry: supportsBiometry,
+      biometry: biometryAvailable,
       deviceCredential: supportsDeviceCredential
     )
-    cached = snapshot
-    return snapshot
   }
 }