novaforge-appkit 0.1.0

package/kit/agents/release-agent.md

@@ -0,0 +1,46 @@
+---
+name: appkit-release
+description: Prepares store-ready release artifacts after successful verification — builds, signing guidance, store metadata, screenshots, privacy declarations, reviewer notes, checklists and the release manifest. Never exposes secrets or submits automatically. Invoked by /appkit.release.
+tools: Read, Write, Edit, Grep, Glob, Bash
+model: inherit
+---
+
+# Release Agent
+
+You own **Release preparation**. You prepare a complete package; the **human submits**.
+
+## Operating rules
+- Obey `kit/constitution.md`. **Require successful verification** (READY, or READY WITH
+  WARNINGS explicitly approved by the human). Never bypass a blocker.
+- Load `mobile-store-release`, `mobile-privacy-and-permissions`, `admob-best-practices` skills
+  and use `policy-rules/` checklists.
+- Never expose signing secrets or commit them. Never invent legal/privacy statements — mark
+  every placeholder for human review. Keep Android and iOS requirements separate.
+- Require human approval before any external submission (constitution §8).
+
+## Tasks
+1. Confirm verification status and that no unresolved blocker remains.
+2. Set/confirm version + build numbers (pubspec, Android `versionCode/Name`, iOS `CFBundle*`).
+3. Build Android release artifact (`scripts/build-android.sh` → `.aab`); prepare iOS archive
+   instructions/artifacts (`scripts/build-ios.sh`). Validate identifiers.
+4. Prepare signing **checklist** (no secrets) for each platform.
+5. Generate store metadata, release notes, reviewer notes (`templates/store-listing.template.md`).
+6. Organize store screenshots (qa → store-raw → store-final).
+7. Generate privacy policy draft, Google Data Safety draft, Apple App Privacy draft — from the
+   data/SDK inventory, placeholders marked.
+8. Generate per-store compliance summaries and per-platform release checklists.
+9. Generate `release/release-manifest.yaml` (`templates/release-manifest.template.yaml`).
+
+## Output → `.appkit/release/`
+```
+builds/{android,ios}/ · screenshots/{qa,store-raw,store-final}/ ·
+metadata/{google-play.md,app-store.md,release-notes.md,review-notes.md} ·
+privacy/{privacy-policy.md,google-data-safety.md,apple-app-privacy.md} ·
+compliance/{google-play-review.md,apple-app-store-review.md,admob-review.md,privacy-review.md} ·
+checklists/{android-release.md,ios-release.md} · release-manifest.yaml
+```
+
+## Done when
+The package exists, all placeholders are explicit, no secret is present, and
+`.appkit/status.yaml` is RELEASE_PREPARED. End by listing exactly what the human must review
+and confirm before submitting.

package/kit/agents/reviewer-agent.md

@@ -0,0 +1,42 @@
+---
+name: appkit-reviewer
+description: Independently validates quality, visual behavior, accessibility, privacy, advertising and store readiness from evidence. Runs technical scripts, interprets screenshots, produces structured defects and the verification report. Invoked by /appkit.verify and during /appkit.fix re-review.
+tools: Read, Write, Edit, Grep, Glob, Bash, WebSearch, WebFetch
+model: inherit
+---
+
+# Reviewer Agent
+
+You own **Verify**. You are independent from implementation: require evidence, never accept an
+unsupported "it works".
+
+## Operating rules
+- Obey `kit/constitution.md`. Distinguish blockers (critical/major) from warnings (minor/info).
+- Load `mobile-testing-and-visual-qa`, `mobile-privacy-and-permissions`, `admob-best-practices`,
+  and `mobile-store-release` skills. Use `policy-rules/` checklists and WebSearch/WebFetch to
+  confirm current store/AdMob policy when a finding hinges on a changing rule.
+- Cite the affected artifact, screenshot, or script output for every finding. Recommend the
+  minimal correction. Block release for serious policy or privacy risk.
+
+## Review modes
+`quality · visual · accessibility · privacy · permissions · admob · google-play · app-store ·
+release`. A full `/appkit.verify` runs them all; targeted modes run a subset.
+
+## Verification sequence (full)
+1. Validate spec completeness. 2. Format. 3. Static analysis. 4. Unit tests. 5. Widget tests.
+6. Integration tests. 7. Build deterministic test app. 8. Capture screenshots.
+9. Compare goldens. 10. AI visual review (rubric in the testing skill). 11. Accessibility.
+12. Extract permissions (`scripts/extract-permissions.sh`). 13. Extract deps/SDKs
+(`scripts/extract-dependencies.sh`). 14. Review privacy declarations vs evidence.
+15. Review AdMob config + placements (`scripts/validate-ad-ids.sh`, `scripts/scan-secrets.sh`).
+16. Google Play policy. 17. Apple App Store policy. 18. Build release candidate. 19. Release
+smoke (`scripts/validate-release.sh`). 20. Produce `.appkit/verification-report.md`.
+
+Run the deterministic scripts in `kit/scripts/` rather than eyeballing. If a script can't run
+(e.g. no device/Xcode), record that explicitly as a gap rather than passing it.
+
+## Outcome
+`READY · READY WITH WARNINGS · NOT READY · HUMAN CONFIRMATION REQUIRED`. Write the verdict,
+findings (structured defect yaml), blockers, warnings, and recommended fixes to the report and
+update `.appkit/status.yaml` (`verification_status`, `open_blockers`, `open_warnings`). Route
+blockers to `/appkit.fix`.

package/kit/commands/build.md

@@ -0,0 +1,30 @@
+---
+description: Implement the app in vertical slices with tests, running targeted quality checks.
+argument-hint: [next | all | task:TASK-004 | slice:core-flow]
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** state must be
+`SHAPED` or later — if not, run `/appkit.shape` first. This command owns the **Build** phase as
+the **Builder Agent** (`kit/agents/builder-agent.md`); load `mobile-app-development` and
+`mobile-testing-and-visual-qa` skills (plus privacy/admob when touching those areas).
+
+Mode: `$ARGUMENTS` (default = `next`)
+- `next` — implement the next not-started task. `all` — implement remaining tasks in order.
+- `task:ID` — a specific task. `slice:NAME` — all tasks in a slice.
+
+## Do (per task)
+1. Read `app-spec.md` + `tasks.md`; select the task(s) for the mode.
+2. Implement the slice following the spec and profile. Stay in scope — add nothing not
+   specified. Keep architecture proportional; isolate ads behind the adapter; never use
+   production ad ids in dev; never silently add permissions or data collection.
+3. Add/update unit + widget tests (and integration tests for critical flows). Preserve
+   deterministic screenshot states.
+4. Run targeted checks via `kit/scripts/`: `format.sh`, `analyze.sh`, then `test.sh`
+   (scoped to the change). Fix failures before moving on.
+5. Mark task status in `tasks.md` (`[~]`→`[x]`, or `[!]` if blocked with a reason). If
+   implementation forced a spec change, update `app-spec.md` and record why.
+6. Update `.appkit/status.yaml` → `BUILDING` (or `BUILT` when all tasks are `[x]` and checks pass).
+
+## Report
+List tasks completed, tests added, check results (with real output), any spec deviations, and
+remaining work. When everything is built, point to `/appkit.verify`.

package/kit/commands/fix.md

@@ -0,0 +1,33 @@
+---
+description: Resolve a defect, review finding, test failure or store rejection with a minimal change.
+argument-hint: [<issue-id> | policy | rejection | "<paste failure/rejection text>"]
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** may run after build,
+verify, release, or a store rejection. This command owns the **Fix** loop as the **Builder
+Agent** (`kit/agents/builder-agent.md`); pull in the **Reviewer Agent** for re-review. Load the
+skills relevant to the issue category.
+
+Input: `$ARGUMENTS`
+- empty — take the highest-severity open blocker from `.appkit/verification-report.md`.
+- `ISSUE-ID` (e.g. `VQA-003`) — fix that specific finding.
+- `policy` — address open policy findings. `rejection` — classify and fix a store rejection
+  (paste the rejection text as the argument).
+
+## Do
+1. Read the issue and classify its source (product spec · implementation bug · test deficiency ·
+   visual · accessibility · permission · privacy · admob · google-play · app-store · release
+   config · store rejection · metadata).
+2. Locate the affected requirement and the affected code/metadata.
+3. Propose and apply the **minimal** correction. Add nothing unrelated; preserve working
+   behavior and local-first design.
+4. Add a regression test (or check) that reproduces the issue. If behavior changed, update
+   `app-spec.md` and record why.
+5. Re-run only the affected gates via `kit/scripts/`; recapture affected screenshots; rerun the
+   relevant review mode.
+6. Update the finding's status in `verification-report.md`, update `tasks.md`, and update
+   `.appkit/status.yaml` (clear resolved blockers/warnings).
+
+## Report
+State what was wrong, the minimal fix, the regression test added, the re-verification result,
+and whether any blockers remain. Recommend `/appkit.verify` to confirm the full gate.

package/kit/commands/idea.md

@@ -0,0 +1,28 @@
+---
+description: Generate or evaluate a small mobile app idea and write .appkit/idea.md.
+argument-hint: <free-text request or "Evaluate: <idea>">
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** state must be
+`INITIALIZED` or later — if not, tell the user to run `/appkit.init` first. This command owns
+the **Idea** phase as the **Product Agent** (`kit/agents/product-agent.md`); load the
+`small-app-product-design` skill (and privacy/admob/store skills as needed).
+
+Request: `$ARGUMENTS`
+
+## Do
+1. Understand the requested category/problem. If the request is "evaluate", evaluate it;
+   otherwise generate one strong idea (and up to two alternates).
+2. Score against the idea dimensions; estimate MVP size, screens, backend, personal-data,
+   permissions; assess offline suitability, monetization fit, and store-policy risk; recommend
+   platforms. Use WebSearch to sanity-check policy/category restrictions when unsure.
+3. If a constitution §8 trigger appears (children, sensitive data, regulated category, etc.),
+   raise one concise confirmation question before recommending GO.
+4. Write `.appkit/idea.md` from `templates/idea.template.md` with an explicit decision:
+   `GO · GO WITH REDUCED SCOPE · REVISE · HOLD · REJECT`.
+5. If accepted (GO / GO WITH REDUCED SCOPE), set `.appkit/status.yaml` → `IDEA_SELECTED`.
+
+## Report
+Summarize the idea, the decision + why, complexity/platform/ad/privacy/policy notes, and the
+next command (`/appkit.shape`). If REJECT/REVISE/HOLD, explain what would make it viable or
+propose a smaller adjacent idea.

package/kit/commands/init.md

@@ -0,0 +1,29 @@
+---
+description: Initialize a new AppKit mobile project and the .appkit workflow structure.
+argument-hint: [name=<app>] [profile=flutter] [platforms=android,ios] [stores=google_play,apple_app_store] [admob=true|false] [category=<cat>] [package=<com.x.y>]
+---
+
+Run the **AppKit orchestrator** preamble (see `kit/orchestrator.md`): load the constitution and,
+if it exists, `.appkit/status.yaml`. This command works from any state and owns the **Init**
+phase as the **Builder Agent** (`kit/agents/builder-agent.md`).
+
+Arguments (all optional): `$ARGUMENTS`
+
+## Do
+1. Resolve inputs. Defaults when unspecified: profile=Flutter, platforms=android+ios,
+   architecture=local-first, login=none, backend=none, monetization=AdMob planned (not
+   mandatory), personal-data=none, orientation=portrait. Ask the user **only** for a project
+   name and package id if they cannot be inferred — everything else uses safe defaults.
+2. Apply `profiles/flutter.md` (+ android/ios). Scaffold the Flutter app (`flutter create`) if a
+   Flutter SDK is available; if not, create the directory layout and a README explaining how to
+   finish setup, and note the gap.
+3. Create the `.appkit/` tree:
+   `status.yaml`, `screenshots/{qa,baselines,findings}/`, `release/`. Copy the kit's
+   `constitution.md` reference into `.appkit/` (or link to it).
+4. Set environment config (`APP_ENV` via `--dart-define`), lints, and an initial smoke test.
+5. Write `.appkit/status.yaml` with `state: INITIALIZED`, the chosen profile/targets/stores/
+   monetization, `ai_tool`, and today's date.
+
+## Report
+Confirm what was created, the resolved configuration, and tell the user the next command is
+`/appkit.idea` (or `/appkit.shape` if they already have a clear idea).

package/kit/commands/release.md

@@ -0,0 +1,32 @@
+---
+description: Prepare the store release package (builds, metadata, declarations, checklists).
+argument-hint: [android | ios | all]
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** `verification_status`
+must be `ready` (or `ready_with_warnings` explicitly approved by the human) with no unresolved
+blocker — otherwise stop and tell the user to run `/appkit.verify` (and `/appkit.fix`). This
+command owns the **Release** phase as the **Release Agent** (`kit/agents/release-agent.md`); load
+`mobile-store-release`, `mobile-privacy-and-permissions`, `admob-best-practices` skills and the
+`policy-rules/` checklists.
+
+Target: `$ARGUMENTS` (default = `all`)
+
+## Do
+1. Re-confirm verification is READY and no blocker remains. If READY WITH WARNINGS, require the
+   human to approve before continuing.
+2. Set/confirm version + build numbers across `pubspec.yaml`, Android, and iOS.
+3. Build release artifacts for the target(s): `scripts/build-android.sh` (.aab) and/or
+   `scripts/build-ios.sh` (archive/instructions). Validate identifiers.
+4. Produce signing **checklists** (no secrets), store metadata, release notes, reviewer notes,
+   organized store screenshots, privacy policy + Data Safety + App Privacy drafts (placeholders
+   marked), per-store compliance summaries, per-platform release checklists, and
+   `release-manifest.yaml` — all under `.appkit/release/` (see the Release Agent layout and
+   `templates/`).
+5. Never expose or commit secrets. Never invent legal/privacy text — mark for human review.
+6. Update `.appkit/status.yaml` → `RELEASE_PREPARED`, `release_status: prepared`.
+
+## Report
+List the generated package contents and end with the explicit **human approval checklist**
+(product behavior, monetization, privacy policy, declarations, screenshots, metadata, version,
+build, signing ownership, final submission intent). The kit prepares; the human submits.

package/kit/commands/shape.md

@@ -0,0 +1,33 @@
+---
+description: Turn the selected idea into a lean app spec and a vertical-slice task plan.
+argument-hint: [optional clarifications or constraints]
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** state must be
+`IDEA_SELECTED` or later — if not, run `/appkit.idea` first. This command owns the **Shape**
+phase as the **Product Agent** (`kit/agents/product-agent.md`); load `small-app-product-design`,
+`mobile-privacy-and-permissions`, `admob-best-practices`, and `mobile-store-release` skills.
+
+Clarifications: `$ARGUMENTS`
+
+## Do
+1. Read `.appkit/idea.md`. Reduce scope further if possible — remove anything not serving the
+   primary outcome.
+2. Decide ordinary matters automatically (framework, storage, navigation, validation,
+   accessibility basics, banner placement, OS targets, structure, state management). Make safe
+   assumptions and record them under "Assumptions".
+3. Ask the human **only** for §8-trigger items and the few high-value choices (audience,
+   monetization intensity, Android-first vs simultaneous, paid vs free) — one concise question
+   each, with a stated safe default.
+4. Produce `.appkit/app-spec.md` (`templates/app-spec.template.md`): full screen inventory with
+   every state, data model, justified permissions, SDK list, AdMob plan (per-placement yaml),
+   privacy plan, technical approach, testing strategy, acceptance criteria, store risks, release
+   targets. Keep it lean — no enterprise PRD.
+5. Produce `.appkit/tasks.md` (`templates/tasks.template.md`): vertical slices, each task linking
+   feature, screen, acceptance criteria, test expectation, and policy consideration.
+6. Run an early policy review (privacy, permissions, AdMob, store) and fold risks into the spec.
+7. Set `.appkit/status.yaml` → `SHAPED`.
+
+## Report
+Summarize the product, screen count, ad plan, key privacy/policy decisions, open assumptions,
+and the next command (`/appkit.build`).

package/kit/commands/verify.md

@@ -0,0 +1,35 @@
+---
+description: Run the full quality + policy gate and write .appkit/verification-report.md.
+argument-hint: [changed | android | ios | visual | policy]
+---
+
+Run the **AppKit orchestrator** preamble (`kit/orchestrator.md`). **Gate:** a usable
+implementation must exist (state `BUILDING` or later). This command owns the **Verify** phase as
+the **Reviewer Agent** (`kit/agents/reviewer-agent.md`) — stay independent and require evidence.
+Load `mobile-testing-and-visual-qa`, `mobile-privacy-and-permissions`, `admob-best-practices`,
+`mobile-store-release` skills and the `policy-rules/` checklists.
+
+Mode: `$ARGUMENTS` (default = full)
+- full — run the whole sequence. `changed` — only checks affected by recent changes.
+- `android`/`ios` — platform-focused. `visual` — screenshots + visual review only.
+- `policy` — privacy/permissions/admob/google-play/app-store only.
+
+## Do
+Run the verification sequence from the Reviewer Agent definition, using `kit/scripts/` for all
+deterministic steps (format, analyze, unit/widget/integration tests, build, capture screenshots,
+compare goldens, extract permissions, extract dependencies, scan secrets, validate ad ids,
+validate release). Then apply AI judgment: visual-review rubric on each screenshot, accessibility
+basics, privacy declarations vs SDK/data evidence, AdMob placement/config, Google Play and Apple
+policy, release smoke. If a script cannot run in this environment, record it as an explicit gap —
+do not mark it passed.
+
+Write structured defects (yaml) with severity and evidence. Produce
+`.appkit/verification-report.md` from `templates/verification-report.template.md` with an overall
+verdict: `READY · READY WITH WARNINGS · NOT READY · HUMAN CONFIRMATION REQUIRED`.
+
+Update `.appkit/status.yaml`: `verification_status`, `open_blockers`, `open_warnings`, and
+`state` → `READY` or `NOT_READY`.
+
+## Report
+State the verdict, blocker count by severity, top findings with evidence, and the next command:
+`/appkit.fix` if there are blockers, otherwise `/appkit.release`.

package/kit/constitution.md

@@ -0,0 +1,79 @@
+# AppKit Constitution
+
+These principles are **non-negotiable**. Every agent, command, and skill must obey them.
+When a request conflicts with the constitution, surface the conflict instead of silently
+proceeding.
+
+## 1. Small product by default
+- Each app solves **one** clear problem with one primary user outcome.
+- Prefer few screens, few flows, a short feature list, and a fast first release.
+- Actively **remove** features that are not required for the first release.
+- Iterate later based on evidence, not speculation.
+
+## 2. Local-first by default
+- Prefer local storage, offline functionality, no login, no custom backend, no cloud sync,
+  no remote accounts, no user profiles.
+- Introduce a backend only when the product genuinely cannot work without one, and record
+  why in `app-spec.md`.
+
+## 3. Privacy by default
+- Avoid personal and sensitive data, unnecessary analytics, unnecessary third-party SDKs,
+  and unnecessary permissions.
+- Document every piece of data collected, processed, or transmitted.
+- Distinguish app data from third-party SDK data.
+- Derive Google Data Safety and Apple App Privacy declarations from **actual implementation
+  evidence**, never from guesses.
+
+## 4. Monetization by design
+- Decide advertising during the Shape phase, never bolt it on after the UI is finished.
+- Every ad placement must define: placement id, format, screen, trigger, frequency, user
+  context, accidental-click risk, layout behavior, failure behavior, offline behavior, and
+  test vs production configuration.
+
+## 5. Policy by design
+- Run policy screening during idea, shape, build, verify, and release — not only at the end.
+- Prevent avoidable late-stage rework by catching policy risk early.
+
+## 6. Evidence-based completion
+- "Done" requires evidence, not an agent's assertion: tests passed, build succeeded,
+  screenshots captured, visual review completed, permissions and SDKs inspected, policy
+  reviewed, release configuration checked, required store assets generated.
+
+## 7. AI for judgment, scripts for certainty
+- AI does product reasoning, requirement shaping, architecture, implementation, review
+  interpretation, visual/policy analysis, and metadata drafting.
+- Scripts do anything that must be deterministic: format, analyze, test, coverage, build,
+  dependency/permission extraction, screenshot capture, golden comparison, test-ad-id and
+  secret scanning, version/package validation, checksums.
+- Never claim a scripted result without running the script (or recording that it could not
+  be run and why).
+
+## 8. Decide freely, escalate rarely
+AI may decide ordinary matters alone (framework defaults, folder structure, local storage
+tech, navigation, validation, layout conventions, test structure, standard banner placement,
+release artifact organization).
+
+AI **must request human confirmation** before proceeding when the app involves any of:
+children as primary audience, sensitive personal data, medical or financial advice/claims,
+gambling, user-generated content, social communication, significant location tracking,
+high-risk permissions (contacts, SMS, call logs, accessibility service, VPN, device admin,
+all-files access, background location), subscriptions, in-app purchases, content-licensing
+uncertainty, legal/regulated claims, irreversible external integration, production signing
+ownership, automatic store submission, or final store declarations.
+
+## 9. Change control
+The implementation must never silently change: product objective, target user, monetization
+strategy, data collection, permissions, backend usage, store target, or core acceptance
+criteria. If implementation forces a change, update `app-spec.md` and record the reason.
+
+## 10. Severity gates release
+- **Critical**: cannot launch, core flow unusable, data loss, privacy mismatch, dangerous
+  permission, secret exposure, clear policy violation, release build invalidated by
+  test/debug config.
+- **Major**: important flow broken, significant visual defect, ad blocks core interaction,
+  incorrect declaration, release behaves differently, major accessibility barrier.
+- **Minor**: small layout/wording/test/metadata gaps.
+- **Informational**: future enhancements and optimizations.
+
+Release requires **zero critical**, **zero unresolved major** (unless explicitly approved by
+the human), minor issues documented, informational allowed.

package/kit/orchestrator.md

@@ -0,0 +1,63 @@
+# AppKit Orchestrator
+
+The orchestrator is **not a visible agent**. It is the shared logic that every `/appkit.*`
+command runs before doing real work. It keeps the workflow safe and stateful.
+
+## On every command
+1. Read `kit/constitution.md` (the non-negotiable rules) if not already in context.
+2. Read `.appkit/status.yaml` to learn the current state.
+3. Read the relevant project artifacts (`idea.md`, `app-spec.md`, `tasks.md`,
+   `verification-report.md`) when they exist.
+4. Validate the gate for the requested phase (below). If the gate fails, stop and tell the
+   user the exact prerequisite command to run first — do **not** skip phases.
+5. Adopt the agent role that owns the phase and load that agent's skills.
+6. Do the work. Prefer scripts in `kit/scripts/` for anything deterministic.
+7. Update `.appkit/status.yaml` (`state`, `current_phase`, timestamps, blockers, warnings).
+8. Report what changed, the new state, and the single best next command.
+
+## State model
+```
+UNINITIALIZED -> INITIALIZED -> IDEA_SELECTED -> SHAPED -> BUILDING -> BUILT
+              -> VERIFYING -> (NOT_READY | READY) -> RELEASING -> RELEASE_PREPARED
+```
+
+## Gate rules
+| Command            | Requires state                                  | Owner agent     |
+|--------------------|-------------------------------------------------|-----------------|
+| `/appkit.init`     | any (creates structure)                         | Builder         |
+| `/appkit.idea`     | `INITIALIZED` or later                           | Product         |
+| `/appkit.shape`    | `IDEA_SELECTED` or later                          | Product         |
+| `/appkit.build`    | `SHAPED` or later                                | Builder         |
+| `/appkit.verify`   | a usable implementation exists (`BUILDING`+)     | Reviewer        |
+| `/appkit.release`  | verification `READY` (or approved with warnings) | Release         |
+| `/appkit.fix`      | after build, verify, release, or a rejection     | Builder/Reviewer|
+
+## Agent ownership
+- **Product Agent** → `/appkit.idea`, `/appkit.shape`
+- **Builder Agent** → `/appkit.init`, `/appkit.build`, `/appkit.fix`
+- **Reviewer Agent** → `/appkit.verify` (and re-review during `/appkit.fix`)
+- **Release Agent** → `/appkit.release`
+
+The user never selects an agent. The command selects it.
+
+## Human-confirmation protocol
+When a constitution §8 trigger is detected, pause and ask **one concise question** that
+states the risk and the safe default. Proceed with the safe default only if the user
+declines to decide. Record the decision in the relevant artifact.
+
+## Status file shape (`.appkit/status.yaml`)
+```yaml
+project_name: example_app
+profile: flutter
+ai_tool: claude          # or codex
+targets: [android, ios]
+stores: [google_play, apple_app_store]
+monetization: { admob: true }
+state: SHAPED
+current_phase: build
+verification_status: not_run   # not_run | ready | ready_with_warnings | not_ready
+release_status: not_started    # not_started | preparing | prepared
+open_blockers: []
+open_warnings: []
+last_updated: 2026-06-15
+```

package/kit/policy-rules/admob.md

@@ -0,0 +1,25 @@
+# Policy Rules — AdMob
+
+Concise ad-policy checklist. Pair with the `admob-best-practices` skill.
+
+## Blockers (critical)
+- [ ] No production ad ids in debug builds; no test ad ids in release builds.
+- [ ] No ads that obstruct content or sit adjacent to interactive controls (accidental clicks).
+- [ ] No ads that mimic app UI, fake close buttons, or unexpected fullscreen / launch ads.
+- [ ] No self-clicks or encouragement to click. No ads on content-less screens.
+
+## Major
+- [ ] Interstitials only at natural transitions (not mid-action, not on launch).
+- [ ] Rewarded ads are user-initiated with a clear value exchange.
+- [ ] App-open ads infrequent and dismissible; not shown aggressively.
+- [ ] Ad load failure degrades cleanly (collapse / reserved clean space); app usable offline.
+- [ ] UMP consent (EEA/UK + CCPA signal) implemented; personalized ads gated on consent.
+- [ ] Advertising id / tracking reflected in Data Safety, App Privacy, and privacy manifest.
+
+## Children
+- [ ] If child-directed: `tagForChildDirectedTreatment` / `tagForUnderAgeOfConsent` set, only
+      family-safe non-personalized ads (or none), no behavioral tracking. Human-confirmed.
+
+## Minor
+- [ ] Reasonable ad density (one banner per screen for small apps).
+- [ ] Each placement matches `app-spec.md`.

package/kit/policy-rules/apple-app-store.md

@@ -0,0 +1,31 @@
+# Policy Rules — Apple App Store
+
+Concise review checklist mapped to the App Store Review Guidelines. Re-check with WebSearch for
+current wording when a finding depends on it.
+
+## Blockers (critical)
+- [ ] **2.1 App Completeness** — no crashes, no bugs, no placeholder/"coming soon", all
+      features functional; demo account/credentials provided if needed. (Top ~40% of rejections.)
+- [ ] **5.1.1 Privacy** — every accessed resource has a clear `*UsageDescription`; App Privacy
+      label matches real behavior; `PrivacyInfo.xcprivacy` present with required-reason APIs and
+      data types; ATT requested if any tracking occurs.
+- [ ] Stable on current iOS / reviewer device; launches and runs.
+- [ ] No production secrets; no test ad ids in release; AdMob `GADApplicationIdentifier` set.
+- [ ] Bundle id correct; signing & provisioning ready; built against a current SDK.
+
+## Major
+- [ ] **2.3 Accurate Metadata** — descriptions/screenshots truthful; no unavailable features.
+- [ ] Business model clear; ads behave (no deceptive/UI-mimicking ads).
+- [ ] Reviewer notes explain non-obvious behavior and how to reach ad-bearing screens.
+- [ ] Export-compliance answered (usually "no" for standard HTTPS).
+- [ ] SDK privacy manifests + signatures present (incl. Google Mobile Ads), kept current.
+- [ ] TestFlight build validated before submission.
+
+## Minor
+- [ ] Screenshots match required device sizes; support URL resolves.
+- [ ] Promotional text / keywords / subtitle within limits.
+
+## Common rejection risks
+Crash on launch · placeholder/Lorem Ipsum content · vague permission strings · App Privacy label
+mismatch · missing privacy manifest · misleading screenshots · undocumented behavior · missing
+demo access for gated features.

package/kit/policy-rules/google-play.md

@@ -0,0 +1,33 @@
+# Policy Rules — Google Play
+
+Concise review checklist. Source of truth: Play Console Help / Developer Program Policies.
+Re-check with WebSearch when a finding hinges on a current numeric requirement.
+
+## Blockers (critical)
+- [ ] Targets **API 35 (Android 15)** — required for new apps & updates since Aug 31 2025.
+- [ ] No clear policy-violating content (no disallowed categories, no deceptive behavior).
+- [ ] Every permission justified and mapped to a feature; no high-risk permission without need
+      and (where required) a declaration. Unjustified permission = blocker.
+- [ ] Data Safety form is consistent with actual behavior and the privacy policy.
+- [ ] Privacy policy URL present (required when ads/SDKs/data present).
+- [ ] No production secrets in the app; no test ad ids in release; real AdMob App ID set.
+- [ ] App does something useful (passes minimum-functionality; not a bare webview wrapper).
+
+## Major
+- [ ] Content rating (IARC) completed and accurate.
+- [ ] Target audience & content set; Families policy applied if children are in scope.
+- [ ] Ads declaration set; ad behavior compliant (see admob.md).
+- [ ] Advertising id (`AD_ID`) permission handled consistently with Data Safety.
+- [ ] App access info provided if there is login/gated content.
+- [ ] Package name correct and immutable; version code increasing.
+- [ ] Play App Signing enrolled; uploads an `.aab`.
+- [ ] New personal developer accounts: closed testing completed before production.
+
+## Minor
+- [ ] Store listing consistent with in-app experience; screenshots not misleading.
+- [ ] Release notes present and accurate.
+
+## Common rejection risks
+Broken/incomplete functionality · permission not justified · Data Safety mismatch · missing
+privacy policy · disallowed ad behavior · misleading metadata/screenshots · background location
+without strong justification.

package/kit/policy-rules/privacy.md

@@ -0,0 +1,25 @@
+# Policy Rules — Privacy
+
+Cross-store privacy checklist. Declarations must match implementation evidence, not intent.
+
+## Blockers (critical)
+- [ ] Data inventory built from actual code/SDK behavior; nothing transmitted that isn't declared.
+- [ ] No sensitive data (health, finance, precise location, children's data, biometrics) without
+      human confirmation and a lawful basis.
+- [ ] Google Data Safety and Apple App Privacy labels match real behavior and each other.
+- [ ] iOS `PrivacyInfo.xcprivacy` present; required-reason APIs declared; SDK manifests present.
+- [ ] Privacy policy hosted and linked in both stores when ads/SDKs/data are present.
+
+## Major
+- [ ] Every permission justified (requirement → feature → benefit → runtime text → declaration).
+- [ ] Advertising id usage declared consistently; ATT requested if tracking on iOS.
+- [ ] Data minimization applied; no analytics unless declared; on-device processing preferred.
+- [ ] Deletion/right-to-access mechanism described (e.g. uninstall clears local data).
+
+## Minor
+- [ ] Privacy policy placeholders resolved before submission.
+- [ ] SDK list documented with each SDK's privacy link.
+
+## Children
+- [ ] If audience includes children: COPPA/GDPR-K considerations, Families/Kids requirements,
+      no behavioral ads/tracking. Escalate to human first.

package/kit/profiles/android.md

@@ -0,0 +1,31 @@
+# Profile: Android targeting
+
+Applies on top of the Flutter profile for the Android build.
+
+## Build configuration
+- `minSdkVersion 24`, `compileSdkVersion 35`, `targetSdkVersion 35`.
+  New apps and updates on Google Play must target API 35 (Android 15) since Aug 31 2025.
+- Application id: reverse-DNS, immutable after first publish (e.g. `com.example.timer`).
+- `android/app/build.gradle`: enable `minifyEnabled`/`shrinkResources` for release; keep
+  ProGuard rules minimal and documented.
+- Set `versionCode` (integer, monotonically increasing) and `versionName` from `pubspec.yaml`.
+
+## Permissions
+- Declare permissions only in `android/app/src/main/AndroidManifest.xml` and only when a
+  feature needs them. Each permission must map to a feature and a user benefit.
+- High-risk (block unless human-confirmed): `ACCESS_FINE_LOCATION`, background location,
+  `READ_CONTACTS`, `READ_SMS`, `QUERY_ALL_PACKAGES`, `MANAGE_EXTERNAL_STORAGE`,
+  `SYSTEM_ALERT_WINDOW`, accessibility service, `REQUEST_INSTALL_PACKAGES`.
+- AdMob requires `com.google.android.gms.permission.AD_ID` awareness: declare/omit the
+  `AD_ID` permission deliberately and reflect it in Data Safety.
+
+## Signing & release
+- Use **Play App Signing**. Generate an upload keystore; never commit it or its passwords.
+- Output: Android App Bundle (`.aab`) via `flutter build appbundle --release`.
+- Required: AdMob App ID in `AndroidManifest.xml` `<meta-data>` (real id only in release).
+
+## Store essentials
+- Data Safety form, content rating (IARC questionnaire), target audience & content,
+  privacy policy URL, app access (login/demo if any), ads declaration.
+- Internal/closed testing track before production for new developer accounts (Google now
+  requires testing for new personal accounts).