npm - @buivietphi/skill-mobile-mt - Versions diffs - 1.2.0 → 1.3.0 - Mend

@buivietphi/skill-mobile-mt 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @buivietphi/skill-mobile-mt might be problematic. Click here for more details.

Files changed (8) hide show

package/AGENTS.md +66 -19
package/README.md +68 -19
package/SKILL.md +329 -6
package/bin/install.mjs +280 -12
package/package.json +1 -1
package/shared/code-review.md +12 -0
package/shared/prompt-engineering.md +28 -0
package/shared/version-management.md +17 -0

package/AGENTS.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Skill Mobile MT — Agent Rules
-> Multi-agent compatibility layer for Claude Code, Codex, Gemini CLI, Kimi, Cursor, Copilot, Windsurf, Antigravity, and all Agent Skills-compatible tools.
+> Multi-agent compatibility layer for Claude Code, Cline, Roo Code, Cursor, Windsurf, Copilot, Codex, Gemini CLI, Kimi, Kilo Code, Kiro, Antigravity, and all Agent Skills-compatible tools.
 ---
@@ -9,12 +9,16 @@
 | Agent | How it loads rules | Setup | Think Block |
 |-------|-------------------|-------|-------------|
 | Claude Code | `~/.claude/skills/` (auto) | `npx skill-mobile-mt --claude` | `<think>...</think>` |
+| **Cline** | **`.clinerules/` in project root** | **`npx skill-mobile-mt --init cline`** | Inline reasoning |
+| **Roo Code** | **`.roo/rules/` in project root** | **`npx skill-mobile-mt --init roocode`** | Inline reasoning |
+| **Cursor** | **`.cursorrules` in project root** | **`npx skill-mobile-mt --init cursor`** | Inline reasoning |
+| **Windsurf** | **`.windsurfrules` in project root** | **`npx skill-mobile-mt --init windsurf`** | Inline reasoning |
+| **Copilot** | **`.github/copilot-instructions.md`** | **`npx skill-mobile-mt --init copilot`** | `// PLAN:` comments |
 | Codex | `~/.codex/skills/` (auto) | `npx skill-mobile-mt --codex` | `<think>...</think>` |
 | Gemini CLI | `~/.gemini/skills/` (auto) | `npx skill-mobile-mt --gemini` | `## Thinking:` block |
 | Kimi | `~/.kimi/skills/` (manual) | `npx skill-mobile-mt --kimi` | `【思考】` or markdown |
-| **Cursor** | **`.cursorrules` in project root** | **`npx skill-mobile-mt --init cursor`** | Inline reasoning |
-| **Copilot** | **`.github/copilot-instructions.md`** | **`npx skill-mobile-mt --init copilot`** | `// PLAN:` comments |
-| **Windsurf** | **`.windsurfrules` in project root** | **`npx skill-mobile-mt --init windsurf`** | Inline reasoning |
+| **Kilo Code** | **`.kilocode/rules/` in project root** | **`npx skill-mobile-mt --init kilocode`** | Inline reasoning |
+| **Kiro** | **`.kiro/steering/` in project root** | **`npx skill-mobile-mt --init kiro`** | Inline reasoning |
 | Antigravity | `~/.agents/skills/` (auto) | `npx skill-mobile-mt --antigravity` | Agent-native format |
 ---
@@ -137,7 +141,7 @@ The agent reads the task, then decides which extra file to load:
 ```yaml
 skill:
   name: skill-mobile-mt
-  version: "1.2.0"
+  version: "1.3.0"
   author: buivietphi
   category: engineering
   tags:
@@ -299,24 +303,51 @@ Priority 6 (ON-DEMAND): shared/common-pitfalls.md — Known issue patterns
 - Supports both Chinese and English prompts
 - Think blocks use `【思考】` format
+### Cline
+- Reads `.clinerules/` directory from project root (also supports `.clinerules` single file)
+- Also reads from `~/.cline/skills/` for global skills
+- Run `npx @buivietphi/skill-mobile-mt --init cline` to generate `.clinerules/mobile-rules.md`
+- Supports conditional rules with YAML frontmatter `paths:` field
+### Roo Code
+- Reads `.roo/rules/` directory from project root (recursive, multi-file)
+- Also reads from `~/.roo/skills/` for global skills
+- Supports mode-specific rules: `.roo/rules-code/`, `.roo/rules-architect/`
+- Run `npx @buivietphi/skill-mobile-mt --init roocode` to generate `.roo/rules/mobile-rules.md`
+- Auto-loads `AGENTS.md` from workspace root
 ### Cursor
-- **Does NOT read from `~/.cursor/skills/`** — reads `.cursorrules` from project root
-- Run `npx @buivietphi/skill-mobile-mt --init cursor` in your project to generate `.cursorrules`
+- Reads `.cursorrules` from project root
+- Run `npx @buivietphi/skill-mobile-mt --init cursor` to generate `.cursorrules`
 - The generated file includes auto-detected framework, rules, and security patterns
 - Think blocks embedded as inline reasoning in Composer
 ### GitHub Copilot
-- **Does NOT read from `~/.copilot/skills/`** — reads `.github/copilot-instructions.md`
-- Run `npx @buivietphi/skill-mobile-mt --init copilot` in your project to generate the file
+- Reads `.github/copilot-instructions.md` from project
+- Run `npx @buivietphi/skill-mobile-mt --init copilot` to generate the file
 - The generated file includes code patterns, required templates, and rules
 - Think blocks as `// PLAN:` comments before code
 ### Windsurf
-- **Does NOT read from `~/.windsurf/skills/`** — reads `.windsurfrules` from project root
-- Run `npx @buivietphi/skill-mobile-mt --init windsurf` in your project to generate `.windsurfrules`
+- Reads `.windsurfrules` from project root
+- Run `npx @buivietphi/skill-mobile-mt --init windsurf` to generate `.windsurfrules`
 - The generated file includes coding rules, security rules, and architecture patterns
 - Think blocks as inline reasoning
+### Kilo Code
+- Reads `.kilocode/rules/` directory from project root
+- Also reads from `~/.kilocode/rules/` for global rules
+- Supports mode-specific rules: `.kilocode/rules-code/`, `.kilocode/rules-architect/`
+- Run `npx @buivietphi/skill-mobile-mt --init kilocode` to generate `.kilocode/rules/mobile-rules.md`
+- Auto-loads `AGENTS.md` from workspace root
+### Kiro (AWS)
+- Reads `.kiro/steering/` directory from project root
+- Also reads from `~/.kiro/steering/` for global steering
+- Uses YAML frontmatter with `inclusion: always|fileMatch|manual|auto`
+- Run `npx @buivietphi/skill-mobile-mt --init kiro` to generate `.kiro/steering/mobile-rules.md`
+- Separate specs system in `.kiro/specs/` for feature development
 ### Antigravity
 - Orchestrator loads based on detected project type
 - Follows `platform_detection` rules above
@@ -332,12 +363,16 @@ These are separate from the skill files — they go in the user's project, not i
 | Agent | File | Location |
 |-------|------|----------|
 | Claude Code | `CLAUDE.md` | Project root |
+| Cline | `.clinerules/` directory | Project root |
+| Roo Code | `.roo/rules/` directory | Project root |
 | Cursor | `.cursorrules` | Project root |
 | Windsurf | `.windsurfrules` | Project root |
 | GitHub Copilot | `.github/copilot-instructions.md` | `.github/` folder |
 | Codex | `AGENTS.md` | Project root |
 | Gemini CLI | `GEMINI.md` | Project root |
 | Kimi | No auto-load — paste as context | — |
+| Kilo Code | `.kilocode/rules/` directory | Project root |
+| Kiro | `.kiro/steering/` directory | Project root |
 | Antigravity | YAML `context.rules` field | Antigravity config |
 **Templates for all agents:** `shared/agent-rules-template.md`
@@ -356,11 +391,14 @@ Copy the relevant section to your project to enable auto-check rules in every se
 ### Skill directory install (agents that read from skills/)
 ```bash
-# Claude Code (global)
+# Claude Code
 ~/.claude/skills/skill-mobile-mt/
-# Claude Code (project-local)
-.claude/skills/skill-mobile-mt/
+# Cline
+~/.cline/skills/skill-mobile-mt/
+# Roo Code
+~/.roo/skills/skill-mobile-mt/
 # Codex
 ~/.codex/skills/skill-mobile-mt/
@@ -371,6 +409,12 @@ Copy the relevant section to your project to enable auto-check rules in every se
 # Kimi
 ~/.kimi/skills/skill-mobile-mt/
+# Kilo Code
+~/.kilocode/skills/skill-mobile-mt/
+# Kiro
+~/.kiro/skills/skill-mobile-mt/
 # Antigravity (shared agent directory)
 ~/.agents/skills/skill-mobile-mt/
@@ -380,8 +424,7 @@ npx @buivietphi/skill-mobile-mt --path /your/custom/path
 ### Project-level files (agents that read from project root)
-These agents read rules from project-level files, NOT from a skills directory.
-Use `--init` to generate them:
+These agents read rules from project-level files. Use `--init` to generate them:
 ```bash
 # Generate all project-level files (interactive selector)
@@ -389,9 +432,13 @@ npx @buivietphi/skill-mobile-mt --init
 # Generate specific agent file
 npx @buivietphi/skill-mobile-mt --init cursor     # → .cursorrules
+npx @buivietphi/skill-mobile-mt --init cline      # → .clinerules/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init roocode    # → .roo/rules/mobile-rules.md
 npx @buivietphi/skill-mobile-mt --init copilot    # → .github/copilot-instructions.md
 npx @buivietphi/skill-mobile-mt --init windsurf   # → .windsurfrules
-npx @buivietphi/skill-mobile-mt --init all        # → all three files
+npx @buivietphi/skill-mobile-mt --init kilocode   # → .kilocode/rules/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init kiro       # → .kiro/steering/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init all        # → all files
 ```
 **What `--init` does:**
@@ -408,7 +455,7 @@ npx @buivietphi/skill-mobile-mt --init all        # → all three files
 {
   "id": "skill-mobile-mt",
   "name": "skill-mobile-mt",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "author": "buivietphi",
   "category": "engineering",
   "description": "Master Senior Mobile Engineer. Pre-built patterns from 18 production apps + project adaptation. Auto-detects language and framework. React Native, Flutter, iOS, Android.",
@@ -416,6 +463,6 @@ npx @buivietphi/skill-mobile-mt --init all        # → all three files
   "source": "buivietphi (MIT)",
   "platforms": ["react-native", "flutter", "ios", "android"],
   "languages": ["typescript", "javascript", "dart", "swift", "kotlin", "java"],
-  "agents": ["claude-code", "codex", "gemini", "kimi", "cursor", "copilot", "windsurf", "antigravity"]
+  "agents": ["claude-code", "cline", "roo-code", "cursor", "windsurf", "copilot", "codex", "gemini", "kimi", "kilo-code", "kiro", "antigravity"]
 }
 ```

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # @buivietphi/skill-mobile-mt
-**Master Senior Mobile Engineer** — AI skill for Claude Code, Codex, Gemini CLI, Kimi, Cursor, Copilot, Windsurf, and Antigravity.
+**Master Senior Mobile Engineer** — AI skill for Claude Code, Cline, Roo Code, Cursor, Windsurf, Copilot, Codex, Gemini CLI, Kimi, Kilo Code, Kiro, and Antigravity.
 Pre-built architecture patterns from **30+ production repos (200k+ GitHub stars)** including Ignite, Expensify, Mattermost, Immich, AppFlowy, Now in Android, TCA + auto-adaptation to your current project.
@@ -24,16 +24,20 @@ npx @buivietphi/skill-mobile-mt --all          # All agents
 npx @buivietphi/skill-mobile-mt --path ./dir   # Custom directory
 ```
-### Generate project-level rules (Cursor, Copilot, Windsurf)
+### Generate project-level rules
-Cursor, Copilot, and Windsurf read rules from **project-level files**, not from a skills directory. Run `--init` inside your project to generate them:
+Cline, Roo Code, Cursor, Windsurf, Copilot, Kilo Code, and Kiro read rules from **project-level files**. Run `--init` inside your project to generate them:
 ```bash
 npx @buivietphi/skill-mobile-mt --init            # Interactive selector
 npx @buivietphi/skill-mobile-mt --init cursor     # .cursorrules
+npx @buivietphi/skill-mobile-mt --init cline      # .clinerules/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init roocode    # .roo/rules/mobile-rules.md
 npx @buivietphi/skill-mobile-mt --init copilot    # .github/copilot-instructions.md
 npx @buivietphi/skill-mobile-mt --init windsurf   # .windsurfrules
-npx @buivietphi/skill-mobile-mt --init all        # All three files
+npx @buivietphi/skill-mobile-mt --init kilocode   # .kilocode/rules/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init kiro       # .kiro/steering/mobile-rules.md
+npx @buivietphi/skill-mobile-mt --init all        # All files
 ```
 **What `--init` does:**
@@ -84,16 +88,20 @@ You'll see an interactive checkbox — use arrow keys to navigate, space to sele
   ↑↓ navigate   Space toggle   A select all   Enter confirm   Q cancel
   › ◉ Claude Code   [detected]
+    ◯ Cline          [detected]
+    ◯ Roo Code       [not found]
     ◯ Cursor         [detected]
     ◯ Windsurf       [not found]
     ◯ Copilot        [not found]
     ◯ Codex          [not found]
     ◉ Gemini CLI     [detected]
     ◯ Kimi           [not found]
+    ◯ Kilo Code      [not found]
+    ◯ Kiro           [not found]
     ◯ Antigravity    [not found]
 ```
-### Step 2 (Cursor/Copilot/Windsurf only): Generate project rules
+### Step 2: Generate project rules
 ```bash
 # cd into your mobile project first
@@ -111,9 +119,13 @@ Output:
   ✓ .cursorrules → Cursor (auto-detected: Expo (React Native))
   ✓ .github/copilot-instructions.md → GitHub Copilot
+  ✓ .clinerules/mobile-rules.md → Cline
+  ✓ .roo/rules/mobile-rules.md → Roo Code
+  ✓ .kilocode/rules/mobile-rules.md → Kilo Code
+  ✓ .kiro/steering/mobile-rules.md → Kiro
   ✓ .windsurfrules → Windsurf
-  ✅ Done! → 3 file(s) generated
+  ✅ Done! → 7 file(s) generated
 ```
 ### Step 3: Use in your AI agent
@@ -132,27 +144,28 @@ Output:
 > Add cart feature following the same pattern as ProductList
 ```
-#### Cursor
+#### Cline / Roo Code / Kilo Code
-After running `--init cursor`, Cursor auto-loads `.cursorrules` every session. Just open your project and code — Cursor follows the rules automatically.
+After running `--init cline` (or `roocode`, `kilocode`), rules are auto-loaded from the project directory. Just open your project and ask:
 ```
-# In Cursor Composer, just ask:
 > Create a login screen with email/password
 > Fix the crash in ProductDetail when images is null
 > Review this PR for mobile best practices
 ```
+#### Cursor
+After running `--init cursor`, Cursor auto-loads `.cursorrules` every session. Just open your project and code normally.
+#### Kiro (AWS)
+After running `--init kiro`, Kiro loads `.kiro/steering/mobile-rules.md` as steering context. The generated file uses `inclusion: always` frontmatter.
 #### GitHub Copilot
 After running `--init copilot`, Copilot reads `.github/copilot-instructions.md` as workspace context.
-```
-# In VS Code with Copilot Chat:
-> Add pagination to the product list
-> Handle offline mode for the cart feature
-```
 #### Windsurf
 After running `--init windsurf`, Windsurf auto-loads `.windsurfrules`. Just code normally.
@@ -252,7 +265,7 @@ iOS only?
 ## Installed Structure
 ```
-~/.claude/skills/               (or ~/.gemini/skills/, ~/.agents/skills/, etc.)
+~/.claude/skills/               (or ~/.cline/skills/, ~/.roo/skills/, ~/.gemini/skills/, etc.)
 └── skill-mobile-mt/
     ├── SKILL.md                       Entry point + auto-detect + quality gates
     ├── AGENTS.md                      Multi-agent compatibility
@@ -288,6 +301,17 @@ iOS only?
 your-project/
 ├── .cursorrules                       Cursor rules (auto-detected stack)
 ├── .windsurfrules                     Windsurf rules (auto-detected stack)
+├── .clinerules/
+│   └── mobile-rules.md               Cline rules (auto-detected stack)
+├── .roo/
+│   └── rules/
+│       └── mobile-rules.md           Roo Code rules (auto-detected stack)
+├── .kilocode/
+│   └── rules/
+│       └── mobile-rules.md           Kilo Code rules (auto-detected stack)
+├── .kiro/
+│   └── steering/
+│       └── mobile-rules.md           Kiro steering (auto-detected stack)
 └── .github/
     └── copilot-instructions.md        Copilot rules (auto-detected stack)
 ```
@@ -309,6 +333,27 @@ your-project/
 - Security vulnerabilities, performance issues, UX problems
 - Platform-specific detection rules
+### Grounding Protocol (Anti-Hallucination)
+- **Source hierarchy**: project code > skill files > official docs > production repos > AI knowledge
+- **Mandatory rules**: Read before answer, verify APIs exist, cite sources, say "I don't know" when unsure
+- **No phantom packages**: verify package exists in package.json before suggesting
+- **Version-specific**: check actual SDK version, never assume latest
+- **Grounded bug fix**: read file → find exact line → verify types → cite source
+- **Anti-hallucination checklist**: runs before every AI response
+### Docs-First Protocol (Always Use Latest)
+- **WebSearch before coding**: when setting up any library, ALWAYS search official docs first
+- **Never rely on AI memory**: docs change, APIs change, syntax changes between versions
+- **Package installation protocol**: verify exists → check compatibility → search install guide → test both platforms
+- **Common AI traps**: React Navigation v5 vs v7, Firebase v8 vs v9 modular, Swift async/await availability
+- **Version matrix + live verification**: snapshot matrix in skill + mandatory WebSearch for current data
+### Security Protocol
+- **7-category security scan** on every feature: secrets, token storage, input validation, network, data protection, auth flow, platform-specific
+- **6 absolute rules**: never store tokens in plain storage, never hardcode secrets, never log sensitive data, never trust deep links, never disable SSL, never commit .env
+- **Platform-specific checks**: iOS ATS + privacy manifest, Android cleartext + ProGuard + exported components
+- **Never skip security**: even for prototypes, internal apps, or "quick fixes"
 ### Advanced AI Patterns (from Windsurf, Cursor, Devin, Cline)
 - **Status Update Pattern**: Brief progress notes before tool use (no monologues)
 - **Execution Modes**: Discovery → Implementation → Completion (prevents thrashing)
@@ -364,13 +409,17 @@ your-project/
 | Agent | How it works | Setup command |
 |-------|-------------|---------------|
 | **Claude Code** | Reads from `~/.claude/skills/` | `npx skill-mobile-mt --claude` |
+| **Cline** | Reads `.clinerules/` from project root | `npx skill-mobile-mt --init cline` |
+| **Roo Code** | Reads `.roo/rules/` from project root | `npx skill-mobile-mt --init roocode` |
+| **Cursor** | Reads `.cursorrules` from project root | `npx skill-mobile-mt --init cursor` |
+| **Windsurf** | Reads `.windsurfrules` from project root | `npx skill-mobile-mt --init windsurf` |
+| **Copilot** | Reads `.github/copilot-instructions.md` | `npx skill-mobile-mt --init copilot` |
 | **Codex** | Reads from `~/.codex/skills/` | `npx skill-mobile-mt --codex` |
 | **Gemini CLI** | Reads from `~/.gemini/skills/` | `npx skill-mobile-mt --gemini` |
 | **Kimi** | Reads from `~/.kimi/skills/` | `npx skill-mobile-mt --kimi` |
+| **Kilo Code** | Reads `.kilocode/rules/` from project root | `npx skill-mobile-mt --init kilocode` |
+| **Kiro** | Reads `.kiro/steering/` from project root | `npx skill-mobile-mt --init kiro` |
 | **Antigravity** | Reads from `~/.agents/skills/` | `npx skill-mobile-mt --antigravity` |
-| **Cursor** | Reads `.cursorrules` from project root | `npx skill-mobile-mt --init cursor` |
-| **Copilot** | Reads `.github/copilot-instructions.md` | `npx skill-mobile-mt --init copilot` |
-| **Windsurf** | Reads `.windsurfrules` from project root | `npx skill-mobile-mt --init windsurf` |
 ## License

package/SKILL.md CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 name: skill-mobile-mt
 description: "Master Senior Mobile Engineer. Patterns from 30+ production repos (200k+ GitHub stars: Ignite, Expensify, Mattermost, Immich, AppFlowy, Now in Android, TCA). Use when: building mobile features, fixing mobile bugs, reviewing mobile code, mobile architecture, React Native, Flutter, iOS Swift, Android Kotlin, mobile performance, mobile security audit, mobile code review, app release. Two modes: (1) default = pre-built production patterns, (2) 'project' = reads current project and adapts."
-version: "1.2.0"
+version: "1.3.0"
 author: buivietphi
 priority: high
 user-invocable: true
@@ -48,9 +48,12 @@ allowed-tools:
 10. [Quality Gate](#quality-gate)
 11. [Build & Deploy Gates](#build--deploy-gates)
 12. [Smart Loading](#smart-loading)
-13. [Hard Bans](#hard-bans)
-14. [Mobile Anti-Patterns](#mobile-anti-patterns)
-15. [Reference Files](#reference-files)
+13. [Grounding Protocol (Anti-Hallucination)](#grounding-protocol-anti-hallucination)
+14. [Docs-First Protocol (Always Use Latest)](#docs-first-protocol-always-use-latest)
+15. [Security Protocol](#security-protocol)
+16. [Hard Bans](#hard-bans)
+17. [Mobile Anti-Patterns](#mobile-anti-patterns)
+18. [Reference Files](#reference-files)
 ---
@@ -101,8 +104,12 @@ USER REQUEST                    → ACTION (Read tool required)
                                   Read: shared/anti-patterns.md
                                   then: scan for all violations
-"Add package/library"           → Read: shared/version-management.md
-                                  then: check SDK compat FIRST → suggest version
+"Add package/library"           → Docs-First Protocol (below) + Read: shared/version-management.md
+                                  then: WebSearch official docs → check SDK compat → install
+"Setup/configure X library"     → Docs-First Protocol (below)
+                                  then: WebSearch "[library] [version] setup guide [year]"
+                                  then: follow official docs, NOT memory
 "Platform UI / guidelines"      → Read: shared/platform-excellence.md
                                   then: apply iOS 18+ vs Android 15+ native patterns
@@ -728,6 +735,322 @@ FOR UI CHANGES:
 ---
+## Grounding Protocol (Anti-Hallucination)
+**Every answer MUST be grounded in verifiable sources. NEVER answer from "memory" or "intuition".**
+### Source Hierarchy (use in order)
+```
+PRIORITY 1: PROJECT CODE (highest trust)
+  → Read the actual file → cite file:line
+  → "Based on src/services/authService.ts:42, your project uses axios with interceptor"
+PRIORITY 2: SKILL REFERENCE FILES
+  → Read shared/*.md or platform/*.md → cite which file
+  → "Per react-native/react-native.md, use FlatList instead of ScrollView for lists"
+PRIORITY 3: OFFICIAL DOCS (via WebSearch)
+  → Search official docs → cite URL
+  → "Per React Native docs: https://reactnative.dev/docs/flatlist"
+PRIORITY 4: PRODUCTION REPOS (from architecture-intelligence.md)
+  → Cite which repo the pattern comes from
+  → "Ignite (19.7k stars) uses this folder structure for features"
+⛔ PRIORITY 5: AI GENERAL KNOWLEDGE (lowest trust — AVOID)
+  → Only when Priorities 1-4 return nothing
+  → MUST prefix with: "⚠️ Not verified from your project or docs:"
+  → MUST add: "Verify this before using in production"
+```
+### Mandatory Rules
+```
+RULE 1: READ BEFORE ANSWER
+  ⛔ NEVER suggest code changes to a file you haven't Read
+  ⛔ NEVER reference a function/class without verifying it exists
+  ✅ ALWAYS: Read file → find the code → then suggest fix
+RULE 2: VERIFY APIs AND LIBRARIES EXIST
+  ⛔ NEVER suggest an import without verifying the package is installed
+  ⛔ NEVER use a function name without checking it exists in the codebase
+  ✅ Check package.json/pubspec.yaml FIRST → then suggest usage
+  ✅ Grep for the function → confirm it exists → then reference it
+RULE 3: CITE YOUR SOURCE
+  Every code suggestion MUST cite where it came from:
+  - "Cloned from src/features/product/productService.ts" (project code)
+  - "Pattern from shared/architecture-intelligence.md" (skill file)
+  - "Per React Navigation v6 docs" (official docs)
+  ⛔ If you can't cite a source → say "I need to verify this first"
+RULE 4: SAY "I DON'T KNOW" WHEN YOU DON'T KNOW
+  ✅ "I'm not sure about this API. Let me check the docs."
+  ✅ "I need to read your codebase to answer this correctly."
+  ✅ "This might work but I haven't verified — let me check."
+  ⛔ NEVER confidently state something you haven't verified
+  ⛔ NEVER invent function signatures, API endpoints, or library names
+RULE 5: VERSION-SPECIFIC ANSWERS
+  ⛔ NEVER suggest code for "React Native" without knowing the version
+  ⛔ NEVER assume latest version — check package.json first
+  ✅ "Your project uses RN 0.73, so the correct API is..."
+  ✅ "Expo SDK 51 uses expo-router v3, here's the correct import..."
+RULE 6: NO PHANTOM PACKAGES
+  Before suggesting ANY npm/pub/pod package:
+  ✅ Verify it exists: check package.json or search npm/pub
+  ✅ Verify it's compatible: check version against project SDK
+  ⛔ NEVER suggest a package name from memory without verification
+  ⛔ NEVER mix up similar packages (e.g., @react-navigation vs react-navigation)
+```
+### When Fixing Bugs
+```
+GROUNDED BUG FIX PROTOCOL:
+1. READ the file with the bug (don't guess from error message alone)
+2. FIND the exact line causing the issue
+3. UNDERSTAND the data flow (what calls this? what does it return?)
+4. VERIFY the fix works with the actual types/interfaces in the project
+5. CHECK side effects (grep for other files using this function)
+6. CITE: "Fix in [file]:[line] — [root cause] — [why fix works]"
+⛔ NEVER:
+  - "The error is probably because..." (guess without reading code)
+  - "Try changing X to Y" (without reading the file first)
+  - "This should fix it" (without verifying types match)
+```
+### Anti-Hallucination Checklist (run before EVERY response)
+```
+Before responding, verify:
+□ Did I READ the relevant files? (not just guess from file names)
+□ Are all function/class names I mentioned REAL? (verified via Grep/Read)
+□ Are all package names I mentioned INSTALLED? (checked package.json)
+□ Are my API suggestions compatible with the project's SDK version?
+□ Did I cite where my solution comes from?
+□ If I'm unsure about something, did I flag it?
+If ANY checkbox fails → go back and verify before responding.
+```
+---
+## Docs-First Protocol (Always Use Latest)
+**When setting up, installing, or configuring ANY library/SDK/tool — ALWAYS search official docs FIRST.**
+### When This Triggers
+```
+TRIGGERS:
+  - "Install X" / "Add X package" / "Setup X"
+  - "Configure X" / "Integrate X"
+  - "How to use X" / "What's the API for X"
+  - "Upgrade from X to Y"
+  - ANY new library, framework feature, or SDK API
+⛔ DO NOT answer from memory. Docs change. APIs change. Syntax changes.
+```
+### Docs-First Protocol
+```
+STEP 1: CHECK PROJECT VERSION
+  Read package.json / pubspec.yaml → get exact version of:
+  - Framework (react-native, expo, flutter)
+  - Target library (if already installed)
+  - Related dependencies
+STEP 2: SEARCH OFFICIAL DOCS (WebSearch)
+  Search: "[library name] [version] official documentation [current year]"
+  Examples:
+  - "react-navigation v7 installation guide 2026"
+  - "expo-camera SDK 52 setup documentation"
+  - "riverpod 2.0 getting started flutter"
+  ✅ ALWAYS search with the CURRENT YEAR to get latest docs
+  ⛔ NEVER rely on training data — it may be outdated
+STEP 3: VERIFY API / SYNTAX
+  From the docs, confirm:
+  - Import path (packages rename, move, split)
+  - Function signatures (params change between versions)
+  - Configuration format (config files change)
+  - Peer dependencies (new requirements)
+  - Breaking changes (v6 → v7 migration)
+STEP 4: APPLY WITH CITATION
+  "Per [library] v[X] docs ([URL]):
+   import { X } from '[correct-package]';"
+  ⛔ If docs not found → say "I couldn't find current docs, let me try..."
+  ⛔ If conflicting info → use the OFFICIAL source, not blog posts
+```
+### Common Outdated Patterns (AI memory traps)
+```
+⛔ AI OFTEN GETS WRONG:
+  - React Navigation: v5 syntax vs v6 vs v7 (changed significantly)
+  - Expo Router: file-based routing changed between SDK versions
+  - Firebase: modular v9+ syntax vs old v8 namespaced syntax
+  - Swift: async/await vs completion handlers (iOS 15+ only)
+  - Jetpack Compose: API surface changes rapidly between versions
+  - React Native: New Architecture (Fabric/TurboModules) vs Bridge
+✅ ALWAYS WebSearch for the exact version in the project:
+  "react-navigation v7 createStackNavigator" ← correct for v7
+  NOT "react-navigation createStackNavigator" ← could return v4/v5 syntax
+```
+### Package Installation Protocol
+```
+BEFORE running npm install / flutter pub add / pod install:
+1. CHECK if the package exists:
+   → WebSearch "[package name] npm" or "[package name] pub.dev"
+   → Verify it's maintained (last publish date)
+   → Verify it's compatible with project SDK version
+2. CHECK the correct install command:
+   → WebSearch "[package name] installation [framework version]"
+   → Some packages need peer dependencies
+   → Some packages need native setup (pod install, gradle sync)
+   → Expo packages: use "npx expo install" NOT "npm install"
+3. CHECK for breaking changes:
+   → If upgrading: WebSearch "[package name] migration guide v[old] to v[new]"
+   → Read CHANGELOG for breaking changes
+   → Check if config format changed
+4. AFTER install:
+   → Verify import works (no red squiggles)
+   → Run build to check native linking
+   → Test on BOTH platforms (iOS + Android)
+⛔ NEVER:
+  - "npm install [package]" without checking version compatibility
+  - Copy import from memory (import paths change between versions)
+  - Assume the API is the same as 6 months ago
+  - Skip native setup steps (pod install, gradle sync)
+```
+---
+## Security Protocol
+**Security is NOT optional. Every feature MUST pass security checks before completion.**
+### Security Scan (run on EVERY feature)
+```
+BEFORE marking any feature as done, scan for:
+1. 🔴 SECRETS & CREDENTIALS
+   □ No hardcoded API keys, tokens, passwords, or secrets
+   □ No secrets in source code, comments, or config files
+   □ .env files in .gitignore (NEVER committed)
+   □ API keys loaded from environment variables or secure config
+2. 🔴 TOKEN & AUTH STORAGE
+   □ Auth tokens → SecureStore (Expo) / Keychain (iOS) / EncryptedSharedPreferences (Android)
+   □ ⛔ NEVER AsyncStorage / SharedPreferences / UserDefaults for tokens
+   □ ⛔ NEVER localStorage / sessionStorage for tokens
+   □ Refresh tokens stored separately from access tokens
+   □ Token cleared on logout (all storage locations)
+3. 🔴 INPUT VALIDATION
+   □ User input sanitized before display (prevent XSS)
+   □ User input validated before API calls (prevent injection)
+   □ Deep link parameters validated before navigation
+   □ File uploads: validate type, size, content (not just extension)
+   □ Search/filter inputs: debounced + length-limited
+4. 🔴 NETWORK SECURITY
+   □ All API calls over HTTPS (never HTTP)
+   □ Certificate pinning for sensitive endpoints (banking, health)
+   □ API responses validated (don't trust server blindly)
+   □ Timeout on all network requests (prevent hanging)
+   □ No sensitive data in URL query parameters (use POST body)
+5. 🟠 DATA PROTECTION
+   □ PII (name, email, phone, location) never in logs
+   □ PII never in analytics events without anonymization
+   □ Crash reports don't contain user data
+   □ Cache/temp files cleared on logout
+   □ Clipboard cleared after paste of sensitive data
+6. 🟠 AUTHENTICATION FLOW
+   □ Login: rate-limited (prevent brute force)
+   □ 401 response → auto-refresh token OR logout
+   □ Session timeout after inactivity
+   □ Biometric auth: use system APIs (Face ID / fingerprint)
+   □ OAuth: validate redirect URI, use PKCE
+7. 🟡 PLATFORM-SPECIFIC
+   iOS:
+   □ App Transport Security (ATS) enabled
+   □ Keychain access groups configured correctly
+   □ Privacy manifest (PrivacyInfo.xcprivacy) for required APIs
+   □ NSCameraUsageDescription / NSLocationUsageDescription set
+   Android:
+   □ android:usesCleartextTraffic="false" in manifest
+   □ ProGuard/R8 rules for obfuscation in release
+   □ Exported activities/receivers properly restricted
+   □ Backup rules exclude sensitive data (android:allowBackup)
+```
+### Security Non-Negotiables (NEVER bypass)
+```
+⛔ ABSOLUTE RULES — no exceptions, no workarounds:
+1. NEVER store tokens in plain storage
+   AsyncStorage / SharedPreferences / UserDefaults = ❌ CRITICAL
+   SecureStore / Keychain / EncryptedSharedPreferences = ✅ ONLY
+2. NEVER hardcode secrets
+   const API_KEY = "sk-..." = ❌ CRITICAL
+   process.env.API_KEY / Config.API_KEY = ✅ ONLY
+3. NEVER log sensitive data
+   console.log(user.password) = ❌ CRITICAL
+   console.log("Login attempt for user:", user.id) = ✅ OK (ID only)
+4. NEVER trust deep links
+   navigation.navigate(params.screen) = ❌ CRITICAL (arbitrary navigation)
+   if (ALLOWED_SCREENS.includes(params.screen)) navigate(params.screen) = ✅
+5. NEVER disable SSL verification
+   rejectUnauthorized: false = ❌ CRITICAL
+   Proper certificate handling = ✅ ONLY
+6. NEVER commit .env files
+   .env in git = ❌ CRITICAL
+   .env in .gitignore + .env.example committed = ✅
+```
+### When User Asks to "Skip Security" or "Do It Quick"
+```
+✅ Response: "I'll implement it correctly AND quickly. Security doesn't slow down development — it prevents emergency patches later."
+⛔ NEVER skip security checks because:
+  - "It's just a prototype" → Prototypes become production
+  - "We'll fix it later" → Technical debt compounds
+  - "It's internal only" → Internal apps get attacked too
+  - "Just hardcode it for now" → Secrets leak to git history permanently
+```
+---
 ## Hard Bans
 **❌ These will CRASH, LEAK, or get REJECTED from app stores:**

package/bin/install.mjs CHANGED Viewed

@@ -18,7 +18,11 @@
  *   npx @buivietphi/skill-mobile --init cursor    # Generate .cursorrules
  *   npx @buivietphi/skill-mobile --init copilot   # Generate .github/copilot-instructions.md
  *   npx @buivietphi/skill-mobile --init windsurf  # Generate .windsurfrules
- *   npx @buivietphi/skill-mobile --init all       # Generate all project-level files
+ *   npx @buivietphi/skill-mobile --init cline      # Generate .clinerules/mobile-rules.md
+ *   npx @buivietphi/skill-mobile --init roocode    # Generate .roo/rules/mobile-rules.md
+ *   npx @buivietphi/skill-mobile --init kilocode   # Generate .kilocode/rules/mobile-rules.md
+ *   npx @buivietphi/skill-mobile --init kiro       # Generate .kiro/steering/mobile-rules.md
+ *   npx @buivietphi/skill-mobile --init all        # Generate all project-level files
  */
 import { existsSync, mkdirSync, cpSync, readFileSync, writeFileSync } from 'node:fs';
@@ -44,12 +48,16 @@ const SUBFOLDERS = {
 const AGENTS = {
   claude:       { name: 'Claude Code',  dir: join(HOME, '.claude', 'skills'),   detect: () => existsSync(join(HOME, '.claude')) },
+  cline:        { name: 'Cline',        dir: join(HOME, '.cline', 'skills'),    detect: () => existsSync(join(HOME, '.cline')) },
+  roocode:      { name: 'Roo Code',     dir: join(HOME, '.roo', 'skills'),      detect: () => existsSync(join(HOME, '.roo')) },
   cursor:       { name: 'Cursor',       dir: join(HOME, '.cursor', 'skills'),   detect: () => existsSync(join(HOME, '.cursor')) },
   windsurf:     { name: 'Windsurf',     dir: join(HOME, '.windsurf', 'skills'), detect: () => existsSync(join(HOME, '.windsurf')) },
   copilot:      { name: 'Copilot',      dir: join(HOME, '.copilot', 'skills'),  detect: () => existsSync(join(HOME, '.copilot')) },
   codex:        { name: 'Codex',        dir: join(HOME, '.codex', 'skills'),    detect: () => existsSync(join(HOME, '.codex')) },
   gemini:       { name: 'Gemini CLI',   dir: join(HOME, '.gemini', 'skills'),   detect: () => existsSync(join(HOME, '.gemini')) },
   kimi:         { name: 'Kimi',         dir: join(HOME, '.kimi', 'skills'),     detect: () => existsSync(join(HOME, '.kimi')) },
+  kilocode:     { name: 'Kilo Code',    dir: join(HOME, '.kilocode', 'skills'), detect: () => existsSync(join(HOME, '.kilocode')) },
+  kiro:         { name: 'Kiro',         dir: join(HOME, '.kiro', 'skills'),     detect: () => existsSync(join(HOME, '.kiro')) },
   antigravity:  { name: 'Antigravity',  dir: join(HOME, '.agents', 'skills'),   detect: () => existsSync(join(HOME, '.agents')) },
 };
@@ -60,14 +68,15 @@ const info = m => log(`  ${c.blue}ℹ${c.reset} ${m}`);
 const fail = m => log(`  ${c.red}✗${c.reset} ${m}`);
 function banner() {
-  log(`\n${c.bold}${c.cyan}  ┌──────────────────────────────────────────────┐`);
-  log(`  │  📱 @buivietphi/skill-mobile-mt v1.2.0       │`);
-  log(`  │  Master Senior Mobile Engineer                │`);
-  log(`  │                                              │`);
-  log(`  │  Claude · Codex · Gemini · Kimi              │`);
-  log(`  │  Antigravity · Cursor · Windsurf · Copilot  │`);
-  log(`  │  React Native · Flutter · iOS · Android      │`);
-  log(`  └──────────────────────────────────────────────┘${c.reset}\n`);
+  log(`\n${c.bold}${c.cyan}  ┌──────────────────────────────────────────────────┐`);
+  log(`  │  📱 @buivietphi/skill-mobile-mt v1.3.0           │`);
+  log(`  │  Master Senior Mobile Engineer                    │`);
+  log(`  │                                                  │`);
+  log(`  │  Claude · Cline · Roo Code · Cursor · Windsurf  │`);
+  log(`  │  Copilot · Codex · Gemini · Kimi · Kilo · Kiro  │`);
+  log(`  │  Antigravity                                     │`);
+  log(`  │  React Native · Flutter · iOS · Android          │`);
+  log(`  └──────────────────────────────────────────────────┘${c.reset}\n`);
 }
 function tokenCount(filePath) {
@@ -319,6 +328,265 @@ Full skill with patterns from 30+ production repos: ~/.copilot/skills/skill-mobi
 `,
   },
+  cline: {
+    name: 'Cline',
+    file: 'mobile-rules.md',
+    dir:  '.clinerules',
+    generate: (p) => `# ${p.framework} Project — Mobile Rules
+# Generated by @buivietphi/skill-mobile-mt
+## Project
+- Framework: ${p.framework}
+- Language: ${p.language}
+- State: ${p.state}
+- Navigation: ${p.nav}
+- API: ${p.api}
+- Package Manager: ${p.pkgMgr}
+## Code Style
+- PascalCase for screens and components
+- camelCase for hooks, services, utils
+- Absolute imports with @/ alias (if configured)
+## Auto-Check (before every completion)
+- No console.log / print in production code
+- No hardcoded secrets or API keys
+- All async wrapped in try/catch
+- All 4 states: loading / error / empty / success
+- useEffect has cleanup (return () => ...)
+- FlatList (not ScrollView) for dynamic lists > 20 items
+- No implicit 'any' in TypeScript
+- No force unwrap (! / !!) without null check
+- New screens registered in navigator
+## Performance
+- React.memo / const widget for expensive components
+- useMemo/useCallback for stable references
+- Images cached and resized
+- No main thread blocking
+## Security (non-negotiable)
+- Tokens → SecureStore / Keychain / EncryptedSharedPreferences
+- API calls → HTTPS only
+- Sensitive data → never in logs
+- User input → sanitize before display
+- Deep links → validate before navigation
+## Never
+- Change framework or architecture
+- Change state management library
+- Add packages without checking SDK compatibility
+- Mix package managers
+- Use ScrollView for long lists
+- Leave empty catch blocks
+- Store tokens in AsyncStorage / SharedPreferences / UserDefaults
+## Architecture
+- Dependencies flow inward: UI → Domain → Data
+- Single responsibility per file (max 300 lines)
+- Feature-based organization preferred
+## Reference
+- Full skill: ~/.cline/skills/skill-mobile-mt/
+- Patterns from 30+ production repos (200k+ GitHub stars)
+`,
+  },
+  roocode: {
+    name: 'Roo Code',
+    file: 'mobile-rules.md',
+    dir:  '.roo/rules',
+    generate: (p) => `# ${p.framework} Project — Mobile Rules
+# Generated by @buivietphi/skill-mobile-mt
+## Project
+- Framework: ${p.framework}
+- Language: ${p.language}
+- State: ${p.state}
+- Navigation: ${p.nav}
+- API: ${p.api}
+- Package Manager: ${p.pkgMgr}
+## Code Style
+- PascalCase for screens and components
+- camelCase for hooks, services, utils
+- Absolute imports with @/ alias (if configured)
+## Auto-Check (before every completion)
+- No console.log / print in production code
+- No hardcoded secrets or API keys
+- All async wrapped in try/catch
+- All 4 states: loading / error / empty / success
+- useEffect has cleanup (return () => ...)
+- FlatList (not ScrollView) for dynamic lists > 20 items
+- No implicit 'any' in TypeScript
+- No force unwrap (! / !!) without null check
+- New screens registered in navigator
+## Performance
+- React.memo / const widget for expensive components
+- useMemo/useCallback for stable references
+- Images cached and resized
+- No main thread blocking
+## Security (non-negotiable)
+- Tokens → SecureStore / Keychain / EncryptedSharedPreferences
+- API calls → HTTPS only
+- Sensitive data → never in logs
+- User input → sanitize before display
+- Deep links → validate before navigation
+## Never
+- Change framework or architecture
+- Change state management library
+- Add packages without checking SDK compatibility
+- Mix package managers
+- Use ScrollView for long lists
+- Leave empty catch blocks
+- Store tokens in AsyncStorage / SharedPreferences / UserDefaults
+## Architecture
+- Dependencies flow inward: UI → Domain → Data
+- Single responsibility per file (max 300 lines)
+- Feature-based organization preferred
+## Reference
+- Full skill: ~/.roo/skills/skill-mobile-mt/
+- Patterns from 30+ production repos (200k+ GitHub stars)
+`,
+  },
+  kilocode: {
+    name: 'Kilo Code',
+    file: 'mobile-rules.md',
+    dir:  '.kilocode/rules',
+    generate: (p) => `# ${p.framework} Project — Mobile Rules
+# Generated by @buivietphi/skill-mobile-mt
+## Project
+- Framework: ${p.framework}
+- Language: ${p.language}
+- State: ${p.state}
+- Navigation: ${p.nav}
+- API: ${p.api}
+- Package Manager: ${p.pkgMgr}
+## Code Style
+- PascalCase for screens and components
+- camelCase for hooks, services, utils
+- Absolute imports with @/ alias (if configured)
+## Auto-Check (before every completion)
+- No console.log / print in production code
+- No hardcoded secrets or API keys
+- All async wrapped in try/catch
+- All 4 states: loading / error / empty / success
+- useEffect has cleanup (return () => ...)
+- FlatList (not ScrollView) for dynamic lists > 20 items
+- No implicit 'any' in TypeScript
+- No force unwrap (! / !!) without null check
+- New screens registered in navigator
+## Performance
+- React.memo / const widget for expensive components
+- useMemo/useCallback for stable references
+- Images cached and resized
+- No main thread blocking
+## Security (non-negotiable)
+- Tokens → SecureStore / Keychain / EncryptedSharedPreferences
+- API calls → HTTPS only
+- Sensitive data → never in logs
+- User input → sanitize before display
+- Deep links → validate before navigation
+## Never
+- Change framework or architecture
+- Change state management library
+- Add packages without checking SDK compatibility
+- Mix package managers
+- Use ScrollView for long lists
+- Leave empty catch blocks
+- Store tokens in AsyncStorage / SharedPreferences / UserDefaults
+## Architecture
+- Dependencies flow inward: UI → Domain → Data
+- Single responsibility per file (max 300 lines)
+- Feature-based organization preferred
+## Reference
+- Full skill: ~/.kilocode/skills/skill-mobile-mt/
+- Patterns from 30+ production repos (200k+ GitHub stars)
+`,
+  },
+  kiro: {
+    name: 'Kiro',
+    file: 'mobile-rules.md',
+    dir:  '.kiro/steering',
+    generate: (p) => `---
+inclusion: always
+---
+# ${p.framework} Project — Mobile Rules
+# Generated by @buivietphi/skill-mobile-mt
+## Project
+- Framework: ${p.framework}
+- Language: ${p.language}
+- State: ${p.state}
+- Navigation: ${p.nav}
+- API: ${p.api}
+- Package Manager: ${p.pkgMgr}
+## Code Style
+- PascalCase for screens and components
+- camelCase for hooks, services, utils
+- Absolute imports with @/ alias (if configured)
+## Auto-Check (before every completion)
+- No console.log / print in production code
+- No hardcoded secrets or API keys
+- All async wrapped in try/catch
+- All 4 states: loading / error / empty / success
+- useEffect has cleanup (return () => ...)
+- FlatList (not ScrollView) for dynamic lists > 20 items
+- No implicit 'any' in TypeScript
+- No force unwrap (! / !!) without null check
+- New screens registered in navigator
+## Performance
+- React.memo / const widget for expensive components
+- useMemo/useCallback for stable references
+- Images cached and resized
+- No main thread blocking
+## Security (non-negotiable)
+- Tokens → SecureStore / Keychain / EncryptedSharedPreferences
+- API calls → HTTPS only
+- Sensitive data → never in logs
+- User input → sanitize before display
+- Deep links → validate before navigation
+## Never
+- Change framework or architecture
+- Change state management library
+- Add packages without checking SDK compatibility
+- Mix package managers
+- Use ScrollView for long lists
+- Leave empty catch blocks
+- Store tokens in AsyncStorage / SharedPreferences / UserDefaults
+## Architecture
+- Dependencies flow inward: UI → Domain → Data
+- Single responsibility per file (max 300 lines)
+- Feature-based organization preferred
+## Reference
+- Patterns from 30+ production repos (200k+ GitHub stars)
+`,
+  },
   windsurf: {
     name: 'Windsurf',
     file: '.windsurfrules',
@@ -380,7 +648,7 @@ Patterns from 30+ production repos (200k+ GitHub stars)
 };
 // Agents that need project-level files (don't just read from skills dir)
-const NEEDS_PROJECT_FILE = new Set(['cursor', 'copilot', 'windsurf']);
+const NEEDS_PROJECT_FILE = new Set(['cursor', 'copilot', 'windsurf', 'cline', 'roocode', 'kilocode', 'kiro']);
 function initProjectFiles(dir, agents) {
   const project = detectProject(dir);
@@ -671,8 +939,8 @@ async function main() {
     log('');
     log(`     ${c.cyan}npx @buivietphi/skill-mobile-mt --init${c.reset}`);
     log('');
-    log(`     This generates ${c.bold}.cursorrules${c.reset}, ${c.bold}.windsurfrules${c.reset}, ${c.bold}.github/copilot-instructions.md${c.reset}`);
-    log(`     with auto-detected project settings.\n`);
+    log(`     This generates project-level rules files`);
+    log(`     (${c.bold}.cursorrules${c.reset}, ${c.bold}.clinerules/${c.reset}, ${c.bold}.roo/rules/${c.reset}, etc.) with auto-detected settings.\n`);
   } else {
     log('');
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@buivietphi/skill-mobile-mt",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Master Senior Mobile Engineer skill for AI agents. Pre-built patterns from 18 production apps + local project adaptation. React Native, Flutter, iOS, Android. Supports Claude, Gemini, Kimi, Cursor, Copilot, Antigravity.",
   "author": "buivietphi",
   "license": "MIT",

package/shared/code-review.md CHANGED Viewed

@@ -68,6 +68,18 @@
 ❌ Missing loading / error / empty state (blank screen)
 ```
+### Grounding Auto-Fail (AI-generated code)
+**If the code was generated by AI, also check:**
+```
+❌ Import from a package NOT in package.json / pubspec.yaml
+❌ Function/method call that doesn't exist in the codebase
+❌ API endpoint or response shape not verified from actual service code
+❌ Library version syntax that doesn't match installed version
+❌ Platform API that doesn't exist in the project's min SDK
+```
 ---
 ## Review Comment Templates

package/shared/prompt-engineering.md CHANGED Viewed

@@ -66,6 +66,14 @@
 BUG: [description]
 FILE: [path]
+<source_verification>
+  ⚠️ BEFORE analyzing — verify I have real data:
+  - [ ] Read the actual file (not guessing from error message)
+  - [ ] Verified function/class names exist (grep)
+  - [ ] Checked package versions in package.json/pubspec.yaml
+  - [ ] Identified data types from actual code (not assumed)
+</source_verification>
 <context_needed>
   - Read [file] to understand current implementation
   - Grep for similar patterns: grep "[pattern]" src/
@@ -77,6 +85,7 @@ FILE: [path]
   - What code is executed?
   - What values are passed?
   - What conditions are checked?
+  SOURCE: [file:line where the bug is — cite exact location]
 </root_cause>
 <fix>
@@ -84,6 +93,7 @@ FILE: [path]
   WHY IT WORKS:
   [Explain the fix based on root cause]
+  SOURCE: [where this fix pattern comes from — project code / skill file / official docs]
 </fix>
 <side_effects>
@@ -165,6 +175,14 @@ BUG: App crashes when tapping product with no images
 FEATURE: [description]
 PLATFORM: [React Native / Flutter / iOS / Android]
+<source_verification>
+  ⚠️ GROUNDING CHECK:
+  - [ ] Scanned actual project structure (not assumed)
+  - [ ] Found real reference feature (not imagined)
+  - [ ] Will read reference files before cloning pattern
+  - [ ] Will verify all imports/packages exist before using
+</source_verification>
 STEP 1: SCAN PROJECT
   - List screens: ls src/screens/
   - Find similar features: grep -r "useState" src/screens/
@@ -620,6 +638,16 @@ Faster than reading documentation.
    "Create login screen following pattern in src/screens/ProductScreen
    using Redux slice from src/store/slices/authSlice
    with email/password fields + remember me checkbox"
+❌ Hallucinated answers (AI "intuition")
+   "Use react-native-awesome-picker for this"  ← package may not exist
+   "Call the fetchUserData() method"            ← function may not exist
+   "This API returns { data: [...] }"           ← response shape may be wrong
+✅ Grounded answers (verified from source)
+   Read package.json → verify package exists → then suggest usage
+   Grep "fetchUser" src/ → find actual function → then reference it
+   Read API service file → check actual response shape → then use it
 ```
 ---

package/shared/version-management.md CHANGED Viewed

@@ -9,6 +9,23 @@
 ---
+## ⚠️ IMPORTANT: Always WebSearch for Latest
+**The version matrix below is a SNAPSHOT and may be outdated.**
+**Before installing ANY package or suggesting ANY version:**
+```
+1. WebSearch "[package] latest version [current year]"
+2. WebSearch "[package] [framework version] compatibility"
+3. Read the OFFICIAL changelog/migration guide
+4. Cross-reference with the matrix below
+⛔ NEVER rely solely on the matrix below — it was written at a point in time
+✅ ALWAYS verify with WebSearch for the most current information
+```
+---
 ## Version Matrix (React Native / Expo)
 ### Expo SDK Compatibility