ginskill-init 1.0.0

package/skills/security-scanner/references/nestjs-security.md

@@ -0,0 +1,260 @@
+# NestJS Backend Security Checklist
+
+Deep-dive security checklist for the NestJS backend. Read this when scanning the backend.
+
+## Table of Contents
+1. [Authentication & JWT](#authentication--jwt)
+2. [Authorization & RBAC](#authorization--rbac)
+3. [Input Validation & Injection](#input-validation--injection)
+4. [Rate Limiting & DoS](#rate-limiting--dos)
+5. [File Upload](#file-upload)
+6. [Error Handling & Info Disclosure](#error-handling--info-disclosure)
+7. [Database Security](#database-security)
+8. [Cache & Session Security](#cache--session-security)
+9. [Third-Party API Security](#third-party-api-security)
+10. [LLM/AI Agent Security](#llmai-agent-security)
+
+---
+
+## Authentication & JWT
+
+### Token Configuration
+- File: `core/config/jwt.config.ts`
+- Access token: 15min expiry (good)
+- Refresh token: 7d / 30d with "remember me"
+
+### Checklist
+- [ ] JWT secret loaded from env, not hardcoded
+- [ ] Token expiration enforced (`ignoreExpiration: false`)
+- [ ] Refresh token rotation on use (old token invalidated)
+- [ ] Refresh token stored server-side (Redis/DB) for revocation
+- [ ] Logout invalidates refresh token
+- [ ] Token extraction order: Bearer header → signed cookie → regular cookie
+- [ ] No token in URL query parameters
+- [ ] JWE (encrypted JWT) considered for sensitive claims
+
+### Common Vulnerabilities
+```typescript
+// BAD: JWT algorithm confusion
+jwt.verify(token, secret) // No algorithm specified — attacker could use 'none'
+
+// GOOD: Specify algorithm
+jwt.verify(token, secret, { algorithms: ['HS256'] })
+```
+
+## Authorization & RBAC
+
+### Checklist
+- [ ] All endpoints have `@UseGuards(JwtAuthGuard)` unless intentionally public
+- [ ] Public endpoints documented with `@Public()` decorator
+- [ ] Role guard (`roles.guard.ts`) checks resource ownership, not just role
+- [ ] Admin bypass is restricted to verified admin accounts
+- [ ] No horizontal privilege escalation (user A accessing user B's data)
+- [ ] Bulk endpoints check ownership for each item
+
+### IDOR Check Pattern
+```typescript
+// BAD: No ownership check
+@Get(':id')
+findOne(@Param('id') id: string) {
+  return this.service.findById(id); // Any user can access any record
+}
+
+// GOOD: Ownership check
+@Get(':id')
+findOne(@Param('id') id: string, @CurrentUser() user: User) {
+  return this.service.findByIdAndUser(id, user._id);
+}
+```
+
+## Input Validation & Injection
+
+### Global Validation (already configured in main.ts)
+- `whitelist: true` — strips unknown properties
+- `forbidNonWhitelisted: true` — rejects unknown properties
+- `transform: true` — auto-transforms types
+
+### NoSQL Injection Checklist
+- [ ] No raw `$where` queries with user input
+- [ ] No `$regex` with unescaped user input
+- [ ] No `JSON.parse()` of user input used directly in queries
+- [ ] Mongoose `.lean()` used where possible (prevents prototype pollution)
+- [ ] ObjectId params validated with `@IsMongoId()`
+
+```typescript
+// BAD: NoSQL injection possible
+const users = await this.userModel.find({ name: req.body.name });
+// If req.body.name = { "$gt": "" }, returns all users
+
+// GOOD: Validate type first
+@IsString() name: string; // class-validator ensures string type
+```
+
+### Prototype Pollution
+- [ ] No `Object.assign()` or spread with unchecked user input into query objects
+- [ ] `JSON.parse()` outputs validated before use
+
+## Rate Limiting & DoS
+
+### Checklist
+- [ ] Rate limiting on auth endpoints (login, register, forgot-password)
+- [ ] Rate limiting on API endpoints (especially AI/LLM which are expensive)
+- [ ] File upload size limits configured
+- [ ] Request body size limit set
+- [ ] Pagination enforced (no unbounded `find()`)
+- [ ] Bull queue jobs have timeout limits
+- [ ] LLM API calls have timeout and token limits
+
+### Implementation
+```typescript
+// NestJS throttler
+@Throttle({ default: { limit: 5, ttl: 60000 } })
+@Post('login')
+login() { ... }
+```
+
+## File Upload
+
+### Checklist
+- [ ] File type validated (not just extension — check magic bytes)
+- [ ] File size limited
+- [ ] Uploaded files stored outside webroot (S3, not `/public`)
+- [ ] Filenames sanitized (no path traversal `../`)
+- [ ] Image files re-encoded to strip EXIF/metadata
+- [ ] No server-side file execution possible
+
+## Error Handling & Info Disclosure
+
+### Checklist
+- [ ] Production mode strips stack traces (`HttpExceptionFilter`)
+- [ ] No internal paths leaked in error messages
+- [ ] No database error details in API responses
+- [ ] No technology fingerprinting (remove `X-Powered-By`)
+- [ ] Mongoose validation errors don't expose schema structure
+
+```typescript
+// BAD: Leaks internal details
+catch (error) {
+  throw new InternalServerErrorException(error.message);
+}
+
+// GOOD: Generic message, log details internally
+catch (error) {
+  this.logger.error('Operation failed', error.stack);
+  throw new InternalServerErrorException('An unexpected error occurred');
+}
+```
+
+## Database Security
+
+### MongoDB Checklist
+- [ ] Connection string uses authentication
+- [ ] TLS/SSL enabled for database connections
+- [ ] Database user has minimal required permissions
+- [ ] Indexes exist on fields used in auth queries (email, userId)
+- [ ] No `$where` or `$expr` with user-controlled input
+- [ ] Backup encryption enabled
+
+## Cache & Session Security
+
+### Redis Checklist
+- [ ] Redis requires authentication (`REDIS_PASSWORD`)
+- [ ] Redis connection uses TLS in production
+- [ ] Cache keys don't contain sensitive data
+- [ ] Cache invalidation on permission changes
+- [ ] Session data encrypted at rest
+
+## Third-Party API Security
+
+### Checklist
+- [ ] All API keys loaded from environment variables
+- [ ] API keys have minimal required permissions/scopes
+- [ ] Webhook endpoints validate request signatures
+- [ ] External API responses validated before use
+- [ ] Timeout configured for all HTTP clients
+- [ ] Circuit breaker on external service calls
+
+### Known External Services
+Check for these common integrations:
+- Image generation APIs — API key management
+- LLM providers (OpenAI, Google/Vertex AI, Anthropic) — API keys
+- Cloud storage (AWS S3, GCS) — credentials and IAM
+- Vector databases (Qdrant, Pinecone, Weaviate) — access control
+- Payment processors — webhook signature verification
+
+## LLM/AI Agent Security (OWASP LLM Top 10:2025)
+
+This project uses LangChain + LangGraph with multi-provider LLMs (OpenAI, Gemini, Vertex AI) and Qdrant vector DB. AI agent security is a critical surface.
+
+### Prompt Injection (LLM01) — #1 Risk
+- [ ] User input sanitized before inclusion in LLM prompts
+- [ ] System prompts not exposed to users (check for leakage via prompt tricks)
+- [ ] Tool calls validated and sandboxed
+- [ ] LLM output not trusted for authorization decisions
+- [ ] Rate limiting on AI endpoints (expensive operations)
+- [ ] Multi-modal inputs (images) checked for embedded prompt injections
+- [ ] Indirect injection: external documents processed by RAG checked for injected instructions
+
+**Mitigation reality check:** Prompt injection cannot be fully prevented with current LLM architecture. Focus on containment — least privilege, output validation, logging, and separating instructions from data.
+
+### Sensitive Information Disclosure (LLM02)
+- [ ] PII not sent to external LLM providers unnecessarily
+- [ ] Conversation history access restricted to conversation owner
+- [ ] Knowledge base doesn't contain user PII
+- [ ] LLM responses sanitized before storing/displaying
+- [ ] Model responses don't echo back system prompts or internal config
+
+### Improper Output Handling (LLM05)
+- [ ] AI-generated HTML/markdown sanitized before frontend rendering
+- [ ] AI-suggested actions validated before execution
+- [ ] No `dangerouslySetInnerHTML` with raw AI output
+- [ ] URLs in AI responses validated (no `javascript:` links)
+
+### Excessive Agency (LLM06)
+- [ ] LangGraph tools scoped to minimum required permissions
+- [ ] Agent can't access resources outside current user's scope
+- [ ] Human-in-the-loop for destructive or irreversible actions
+- [ ] Tool execution timeouts prevent runaway agents
+- [ ] Cross-agent trust: agents can't escalate each other's permissions
+
+### System Prompt Leakage (LLM07)
+- [ ] System prompts not retrievable via "ignore previous instructions" attacks
+- [ ] No system prompt content in error messages
+- [ ] Prompt templates don't contain sensitive business logic that would be harmful if exposed
+
+### Vector/Embedding Weaknesses (LLM08)
+- [ ] Qdrant vector DB requires authentication
+- [ ] Access to knowledge base restricted by user/tenant
+- [ ] Embedding poisoning: can users inject malicious content into the knowledge base?
+- [ ] Retrieval results validated before inclusion in prompts
+
+### Unbounded Consumption (LLM10)
+- [ ] Max token limits on LLM API calls
+- [ ] Rate limiting per user on AI endpoints
+- [ ] Timeout on LangGraph agent execution
+- [ ] Cost alerting for LLM provider API usage
+- [ ] Queue-based processing with bounded concurrency for AI jobs
+
+### Tool Execution
+- [ ] LangGraph tools have input validation
+- [ ] Tools can't access resources outside their scope
+- [ ] Tool errors don't leak internal state
+- [ ] Tool call chains have maximum depth limit
+
+## Known NestJS Vulnerabilities
+
+### CVE-2025-54782 — RCE in @nestjs/devtools-integration
+- **Affected:** `@nestjs/devtools-integration` ≤ 0.2.0
+- **Impact:** Remote code execution on developer machines via unsafe `vm.runInNewContext()` + missing CORS
+- **Fix:** Upgrade to ≥ 0.2.1
+- [ ] Check if `@nestjs/devtools-integration` is in dependencies and version is ≥ 0.2.1
+
+## Security Logging & Alerting (OWASP A09:2025)
+
+- [ ] Auth events logged (login success/failure, token refresh, logout)
+- [ ] Admin actions logged with actor + target + timestamp
+- [ ] Failed access control attempts logged and alerted
+- [ ] Rate limit violations logged
+- [ ] Suspicious AI usage patterns detected (repeated prompt injection attempts)
+- [ ] Logs don't contain PII or secrets (sanitize before logging)
+- [ ] Log aggregation configured (Pino → structured JSON → log service)

package/skills/security-scanner/references/nextjs-security.md

@@ -0,0 +1,201 @@
+# Next.js Frontend Security Checklist
+
+Deep-dive security checklist for the Next.js frontend. Read this when scanning the frontend.
+
+## Table of Contents
+1. [Server/Client Boundary](#serverclient-boundary)
+2. [API Routes](#api-routes)
+3. [Authentication & Session](#authentication--session)
+4. [XSS Prevention](#xss-prevention)
+5. [Environment Variables](#environment-variables)
+6. [Middleware & Headers](#middleware--headers)
+7. [Dependencies](#dependencies)
+
+---
+
+## Server/Client Boundary
+
+Next.js 15 App Router has a critical server/client boundary. Mistakes here cause security issues.
+
+### Checklist
+- [ ] Server Components don't pass secrets to Client Components via props
+- [ ] `"use client"` files don't import server-only modules
+- [ ] Server Actions validate input (they're public HTTP endpoints!)
+- [ ] No `process.env.SECRET_*` accessed in client components
+- [ ] `server-only` package used to prevent accidental client imports
+
+### Dangerous Pattern
+```typescript
+// BAD: Server component passes secret to client
+// page.tsx (Server Component)
+export default function Page() {
+  return <ClientComponent apiKey={process.env.SECRET_API_KEY} />;
+  // Secret ends up in client bundle!
+}
+
+// GOOD: Server component uses secret server-side only
+export default async function Page() {
+  const data = await fetchWithSecret(process.env.SECRET_API_KEY);
+  return <ClientComponent data={data} />;
+}
+```
+
+## API Routes
+
+### Location: `src/app/api/`
+
+### Checklist
+- [ ] All API routes check authentication before processing
+- [ ] Input validated with Zod or similar
+- [ ] Error responses don't leak internal details
+- [ ] Rate limiting on sensitive endpoints
+- [ ] CORS headers set correctly (or inherited from middleware)
+- [ ] No secrets returned in API responses
+- [ ] POST/PUT/DELETE routes check CSRF token
+
+### Current Pattern
+```typescript
+// src/app/api/me/route.ts — proxies to backend
+// Check: Is auth token validated before proxying?
+// Check: Are error responses generic?
+```
+
+## Authentication & Session
+
+### Checklist
+- [ ] JWT stored in httpOnly cookie (not localStorage)
+- [ ] Cookie has `Secure` flag (HTTPS only)
+- [ ] Cookie has `SameSite=Strict` or `SameSite=Lax`
+- [ ] Cookie `Path` is restricted (not `/`)
+- [ ] Token refresh handled transparently
+- [ ] Logout clears all auth cookies
+- [ ] CSRF protection on state-changing requests
+- [ ] Session timeout after inactivity
+
+### Token Storage Safety
+```typescript
+// BAD: Token in localStorage (XSS accessible)
+localStorage.setItem('token', jwt);
+
+// BAD: Token in client-side state (lost on refresh, XSS accessible)
+const [token, setToken] = useState(jwt);
+
+// GOOD: httpOnly cookie (not accessible via JavaScript)
+// Set by backend, sent automatically by browser
+```
+
+## XSS Prevention
+
+### Checklist
+- [ ] No `dangerouslySetInnerHTML` with user content
+- [ ] Markdown rendering sanitized (DOMPurify or similar)
+- [ ] AI-generated content sanitized before display
+- [ ] SVG uploads sanitized (can contain inline scripts)
+- [ ] URL parameters not reflected in HTML without encoding
+- [ ] Rich text editor output sanitized
+
+### React's Built-in Protection
+React auto-escapes JSX expressions, but these bypass it:
+```typescript
+// DANGEROUS: Direct HTML insertion
+<div dangerouslySetInnerHTML={{ __html: userContent }} />
+
+// DANGEROUS: javascript: URLs
+<a href={userProvidedUrl}>Click</a>  // href="javascript:alert(1)"
+
+// SAFE: React auto-escapes
+<div>{userContent}</div>  // HTML entities escaped
+```
+
+### AI Content Rendering
+```typescript
+// When displaying AI stylist responses:
+// 1. Sanitize HTML if rendering as rich text
+// 2. Strip script tags, event handlers
+// 3. Validate URLs in generated content
+```
+
+## Environment Variables
+
+### Next.js Rules
+- `NEXT_PUBLIC_*` — bundled into client JavaScript (NEVER put secrets here)
+- All other env vars — server-only
+
+### Checklist
+- [ ] No secrets in `NEXT_PUBLIC_*` variables
+- [ ] `.env.local` in `.gitignore`
+- [ ] `NEXT_PUBLIC_*` values are safe to expose (API URLs, feature flags)
+- [ ] Server-side env vars not accessed in `"use client"` files
+- [ ] `.env.example` doesn't contain real values
+
+### Verify
+```bash
+# Find all NEXT_PUBLIC_ usages
+grep -rn "NEXT_PUBLIC_" src/ --include="*.ts" --include="*.tsx"
+# Verify none contain sensitive data
+```
+
+## Middleware & Headers
+
+### Checklist
+- [ ] Security headers set in `middleware.ts` or `next.config.js`
+- [ ] `Content-Security-Policy` configured
+- [ ] `X-Frame-Options: DENY` (prevent clickjacking)
+- [ ] `X-Content-Type-Options: nosniff`
+- [ ] `Referrer-Policy: strict-origin-when-cross-origin`
+- [ ] Auth middleware protects `(dashboard)` route group
+
+### next.config.js Headers
+```javascript
+// Verify these are set:
+const securityHeaders = [
+  { key: 'X-DNS-Prefetch-Control', value: 'on' },
+  { key: 'X-Frame-Options', value: 'DENY' },
+  { key: 'X-Content-Type-Options', value: 'nosniff' },
+  { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
+  { key: 'Permissions-Policy', value: 'camera=(), microphone=(), geolocation=()' },
+];
+```
+
+## Dependencies & Supply Chain (OWASP A03:2025)
+
+### Dependency Vulnerability Scanning
+- [ ] `npm audit` shows no critical/high vulnerabilities
+- [ ] `npm audit signatures` — verify package signatures (npm 9+)
+- [ ] Dependencies pinned (lock file committed and reviewed on changes)
+- [ ] No `eval()` or `Function()` in dependencies
+- [ ] shadcn/ui components from trusted source
+- [ ] Image optimization libraries up to date (sharp, next/image)
+
+### Supply Chain Hardening
+- [ ] No `preinstall`/`postinstall` scripts that download or execute code
+- [ ] Lifecycle scripts disabled by default (`npm config set ignore-scripts true`)
+- [ ] `package-lock.json` committed and integrity verified on CI
+- [ ] No typosquatted dependencies (verify package names match intended)
+- [ ] Dependabot or Snyk configured for automatic vulnerability alerts
+- [ ] SBOM generated for compliance audits (`npm sbom --sbom-format cyclonedx`)
+
+### Regular Audit
+```bash
+cd <frontend-dir>
+npm audit --production    # production deps only
+npm audit fix             # auto-fix where possible
+npm audit signatures      # verify package signatures
+```
+
+### AI-Generated Code Warning
+If using AI coding assistants (Copilot, Claude, Cursor), review generated code for:
+- [ ] Hardcoded secrets or placeholder credentials
+- [ ] Insecure patterns (eval, innerHTML, unsafe-inline)
+- [ ] Outdated API usage from training data
+- [ ] Missing input validation or error handling
+
+## Mishandling Exceptional Conditions (OWASP A10:2025)
+
+New in OWASP 2025 — how the frontend handles edge cases:
+- [ ] API error responses don't expose stack traces to users
+- [ ] Auth token refresh failure redirects to login (doesn't fail-open)
+- [ ] Network failures show user-friendly errors (no raw error objects)
+- [ ] Server Action errors handled gracefully (no unhandled promise rejections)
+- [ ] Image/asset loading failures have fallback UI
+- [ ] Rate limit responses (429) handled with retry logic, not crashes

package/skills/security-scanner/references/react-native-security.md

@@ -0,0 +1,199 @@
+# React Native Mobile Security Checklist
+
+Deep-dive security checklist for the React Native mobile app. Aligned with **OWASP Mobile Top 10 2024**. Read this when scanning the mobile app.
+
+## OWASP Mobile Top 10 Mapping
+
+| OWASP ID | Risk | Primary Section |
+|----------|------|-----------------|
+| M1 | Improper Credential Usage | Secure Storage, Authentication Flow |
+| M2 | Inadequate Supply Chain Security | Third-Party SDKs |
+| M3 | Insecure Authentication/Authorization | Authentication Flow |
+| M4 | Insufficient Input/Output Validation | Deep Links, Data Leakage |
+| M5 | Insecure Communication | Network Security |
+| M8 | Security Misconfiguration | Binary Protection |
+| M9 | Insecure Data Storage | Secure Storage |
+| M10 | Insufficient Cryptography | Secure Storage, Network Security |
+
+## Table of Contents
+1. [Secure Storage](#secure-storage) (M1, M9)
+2. [Network Security](#network-security) (M5, M10)
+3. [Authentication Flow](#authentication-flow) (M1, M3)
+4. [Deep Links & URL Schemes](#deep-links--url-schemes) (M4)
+5. [Binary Protection](#binary-protection) (M8)
+6. [Data Leakage](#data-leakage) (M4)
+7. [Third-Party SDKs](#third-party-sdks) (M2)
+8. [Hermes Engine Security](#hermes-engine-security)
+
+---
+
+## Secure Storage
+
+### Current Implementation (GOOD)
+- File: `shared/libs/token-storage.ts`
+- Uses `react-native-keychain` (Keychain on iOS, Keystore on Android)
+- Separate service names for access and refresh tokens
+
+### Checklist
+- [ ] Tokens stored in Keychain/Keystore (NOT AsyncStorage) ✅ already done
+- [ ] AsyncStorage only used for non-sensitive data (preferences, UI state)
+- [ ] No sensitive data in `MMKV`, `SecureStore`, or custom solutions without encryption
+- [ ] Biometric lock for sensitive operations (account deletion, payment)
+- [ ] Data cleared on logout (tokens, cached user data)
+- [ ] No sensitive data in app logs (check `console.log` in release builds)
+
+### What NOT to store insecurely
+```typescript
+// BAD: AsyncStorage is NOT encrypted
+import AsyncStorage from '@react-native-async-storage/async-storage';
+await AsyncStorage.setItem('token', accessToken); // INSECURE
+
+// GOOD: Keychain is encrypted by OS
+import * as Keychain from 'react-native-keychain';
+await Keychain.setGenericPassword('accessToken', token, {
+  service: 'AppTokens',
+});
+```
+
+## Network Security
+
+### Certificate Pinning
+- [ ] Certificate pinning implemented for production API
+- [ ] Pinning includes backup certificates
+- [ ] Pinning gracefully handles certificate rotation
+
+### Network Checklist
+- [ ] All API calls use HTTPS (no HTTP fallback)
+- [ ] No `NSAppTransportSecurity` exceptions for production domains (iOS)
+- [ ] `android:usesCleartextTraffic="false"` in AndroidManifest
+- [ ] API base URL loaded from config, not hardcoded
+- [ ] Proxy detection (optional — detect MITM tools like Charles/Fiddler)
+- [ ] Sensitive headers not logged in development interceptors
+
+### Check in API Client
+```typescript
+// File: shared/libs/api-client.ts
+// Verify:
+// 1. Base URL is HTTPS
+// 2. Token not logged in request interceptor
+// 3. Error interceptor doesn't leak tokens in error messages
+```
+
+## Authentication Flow
+
+### Token Refresh Pattern (Current — GOOD)
+- Single-flight refresh prevents race conditions
+- 401 responses trigger automatic refresh
+- Failed refresh → logout and clear tokens
+
+### Checklist
+- [ ] Access token refreshed silently before expiry
+- [ ] Refresh token rotation (new refresh token on each use)
+- [ ] Failed refresh clears all auth state
+- [ ] Login screen shown immediately on auth failure (no stale UI)
+- [ ] Biometric re-authentication for sensitive actions
+- [ ] Session timeout after inactivity
+
+### Background State
+- [ ] App clears sensitive data from memory when backgrounded
+- [ ] Screenshot prevention on sensitive screens (iOS: `UIApplicationDelegate`, Android: `FLAG_SECURE`)
+- [ ] Clipboard cleared after copying sensitive data (if applicable)
+
+## Deep Links & URL Schemes
+
+### Checklist
+- [ ] Deep link URLs validated before navigation
+- [ ] No sensitive data in deep link parameters
+- [ ] Deep link handlers sanitize all parameters
+- [ ] Custom URL scheme can't be hijacked (use Universal Links / App Links)
+- [ ] OAuth redirect URIs validated against whitelist
+
+### Vulnerability Pattern
+```typescript
+// BAD: Unvalidated deep link navigation
+Linking.addEventListener('url', ({ url }) => {
+  navigation.navigate(url.split('/').pop()); // Attacker controls destination
+});
+
+// GOOD: Validate against known routes
+const ALLOWED_ROUTES = ['wardrobe', 'outfit', 'settings'];
+Linking.addEventListener('url', ({ url }) => {
+  const route = parseRoute(url);
+  if (ALLOWED_ROUTES.includes(route.name)) {
+    navigation.navigate(route.name, route.params);
+  }
+});
+```
+
+## Binary Protection
+
+### Checklist
+- [ ] ProGuard/R8 obfuscation enabled (Android release)
+- [ ] Hermes bytecode compilation (reduces reverse engineering)
+- [ ] No debug flags in release builds
+- [ ] No sensitive strings in binary (use env vars or remote config)
+- [ ] Root/jailbreak detection (optional, but recommended for financial features)
+- [ ] Tamper detection (optional)
+
+### Expo/EAS Build
+- [ ] `expo-updates` configured with code signing
+- [ ] OTA updates use HTTPS
+- [ ] Update manifest signed to prevent MITM
+
+## Data Leakage
+
+### Checklist
+- [ ] No sensitive data in `console.log` (strip in production with babel plugin)
+- [ ] No sensitive data in crash reports (Sentry, Crashlytics)
+- [ ] Keyboard caching disabled on sensitive inputs (`secureTextEntry`, `autoCorrect={false}`)
+- [ ] WebView content not cached (if WebView used)
+- [ ] Images with PII not cached to disk unencrypted
+- [ ] Clipboard data cleared after sensitive copy operations
+
+### Production Logging
+```javascript
+// babel.config.js — strip console in production
+module.exports = {
+  plugins: [
+    ['transform-remove-console', { exclude: ['error', 'warn'] }],
+  ],
+};
+```
+
+## Third-Party SDKs
+
+### Checklist
+- [ ] SDKs reviewed for data collection practices
+- [ ] Minimal permissions requested
+- [ ] Analytics SDKs don't collect PII without consent
+- [ ] Adapty SDK (subscriptions) — ensure payment data handled securely
+- [ ] Expo modules — check for known vulnerabilities
+
+### Data Flow Review
+Map where user data flows:
+1. User input → App → Backend API (encrypted in transit?)
+2. User input → App → Analytics SDK (what's collected?)
+3. User input → App → LLM API (PII in prompts?)
+4. User photos → App → Image generation API (stored? for how long?)
+
+### Supply Chain Scanning (OWASP M2)
+- [ ] `npm audit` / `yarn audit` run regularly on the mobile app directory
+- [ ] Native dependency versions checked for known CVEs
+- [ ] Expo SDK version up to date
+- [ ] No deprecated or unmaintained RN packages
+
+## Hermes Engine Security
+
+React Native uses the Hermes JS engine (from Facebook/Meta). Key considerations:
+
+### Checklist
+- [ ] Hermes bytecode compilation enabled for release builds (harder to reverse-engineer than plain JS)
+- [ ] Hermes version updated — check for known Hermes vulnerabilities
+- [ ] No eval-like patterns that could be exploited through the JS engine
+- [ ] Source maps NOT included in release builds (would expose original code)
+
+### Threat Model
+- Native JS engines make extracting minified JS from app bundles easy
+- Hermes compiles to bytecode which is harder to decompile but NOT impossible
+- Hermes has had several reported vulnerabilities — keep it updated
+- Application logic in the entry file is visible; protect sensitive business logic server-side