rn-store-skills 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 MrAdib
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,112 @@
+# rn-store-skills
+
+React Native App Store & Google Play compliance skill for AI coding agents.
+
+Catches store rejection issues **before** you submit — in every chat where you write or modify React Native code.
+
+## What it does
+
+Every time you add a feature, fix a bug, or change configuration in a React Native / Expo app, this skill automatically checks your changes against:
+
+- **Apple App Store Review Guidelines** — privacy, payments, permissions, design, metadata, and more
+- **Google Play Store Policies** — target SDK, billing, data safety, content policies, and more
+- **Common React Native rejection patterns** — Expo Go submissions, missing JS bundles, Hermes crashes, WebView-heavy apps, permission overuse
+
+About 40% of app submissions get rejected on the first try. This skill helps you avoid that.
+
+## Install
+
+### Via skills CLI (recommended)
+
+```bash
+npx skills add johnad/rn-store-skills
+```
+
+### Via skillpm
+
+```bash
+npx skillpm add rn-store-skills
+```
+
+### Manual (Claude web / claude.ai)
+
+1. Download or zip the `skills/rn-store-compliance/` folder
+2. Go to [claude.ai/customize/skills](https://claude.ai/customize/skills)
+3. Upload the zip — it contains one SKILL.md + reference files that Claude loads on-demand
+
+### Manual (any agent)
+
+Copy `skills/rn-store-compliance/` into your project's skills directory:
+
+```bash
+# Claude Code
+cp -r skills/rn-store-compliance .claude/skills/
+
+# Cursor
+cp -r skills/rn-store-compliance .cursor/skills/
+
+# Windsurf
+cp -r skills/rn-store-compliance .windsurf/skills/
+```
+
+## Skill Structure
+
+```
+skills/rn-store-compliance/
+├── SKILL.md                              ← main hub (loaded on trigger)
+└── references/
+    ├── apple-guidelines.md               ← Apple App Store Review Guidelines (1.x–5.x)
+    ├── google-play-guidelines.md         ← Google Play Store policies
+    ├── react-native-patterns.md          ← RN-specific checks, 10 rejection patterns, AI rules
+    ├── pre-submission-checklist.md       ← both-store + platform-specific checklists
+    └── handling-rejections.md            ← how to respond to and appeal rejections
+```
+
+The SKILL.md is a lightweight navigation hub. Claude loads only the reference files relevant to the current task, keeping context efficient.
+
+## Coverage
+
+### Apple App Store
+- Safety (objectionable content, kids, health apps)
+- Performance (completeness, metadata accuracy, SDK requirements)
+- Business (IAP, subscriptions, reader apps)
+- Design (quality, copycats, minimum functionality, Sign in with Apple)
+- Legal (privacy, ATT, PrivacyInfo.xcprivacy, nutrition labels)
+
+### Google Play Store
+- Content policies (restricted content, deceptive behavior, ads)
+- Technical requirements (target SDK, AAB, 64-bit, billing library, foreground services)
+- Store listing (screenshots, data safety, content rating)
+- Closed testing requirements
+- Account deletion requirements
+
+### React Native Specific
+- Permission handling (Info.plist / AndroidManifest.xml) with code examples
+- Payment integration (react-native-iap, RevenueCat)
+- Build configuration (ProGuard, Hermes, signing, EAS Build)
+- 10 most common RN rejection patterns with fixes
+- AI/generative AI feature rules for both stores
+- Age rating requirements
+
+## Compatibility
+
+Works with any AI coding agent that supports the Agent Skills format:
+
+- Claude Code / Claude.ai
+- Cursor
+- Windsurf
+- Cline
+- GitHub Copilot (via skills)
+- Any agent supporting skills directories
+
+## Research & Docs
+
+The `docs/` folder contains research notes, official source links, changelog, and improvement backlog. See [docs/README.md](docs/README.md) for the structure.
+
+## Contributing
+
+PRs welcome! If you know of a store guideline or rejection pattern we're missing, please open an issue or PR. See [docs/ideas/backlog.md](docs/ideas/backlog.md) for planned improvements.
+
+## License
+
+MIT

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "rn-store-skills",
+  "version": "1.0.0",
+  "description": "React Native App Store & Google Play compliance skill for AI coding agents. Checks every code change against Apple and Google store guidelines to prevent rejections.",
+  "keywords": [
+    "agent-skill",
+    "react-native",
+    "expo",
+    "app-store",
+    "google-play",
+    "compliance",
+    "mobile",
+    "ios",
+    "android",
+    "store-guidelines",
+    "app-review",
+    "claude",
+    "cursor",
+    "windsurf",
+    "ai-agent"
+  ],
+  "author": "johnad <johnad@justzapp.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/johnad/rn-store-skills"
+  },
+  "homepage": "https://www.npmjs.com/package/rn-store-skills",
+  "files": [
+    "skills",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "publish:npm": "npm publish --access public",
+    "prepublishOnly": "node scripts/validate.js",
+    "pack:check": "npm pack --dry-run",
+    "version:patch": "npm version patch && npm run publish:npm",
+    "version:minor": "npm version minor && npm run publish:npm",
+    "version:major": "npm version major && npm run publish:npm"
+  }
+}

package/skills/rn-store-compliance/SKILL.md

@@ -0,0 +1,123 @@
+---
+name: rn-store-compliance
+description: >
+  React Native app store compliance checker for Apple App Store and Google Play Store.
+  Use this skill whenever someone is building, modifying, or reviewing a React Native (or Expo)
+  app that will be published to the Apple App Store or Google Play Store. This includes adding
+  features, fixing bugs, implementing payments, handling permissions, adding push notifications,
+  integrating ads, setting up analytics, handling user data, creating onboarding flows, or any
+  code change — even small ones. The skill ensures every change is verified against current
+  Apple and Google store guidelines before shipping, preventing rejections. Trigger on any
+  mention of: React Native, Expo, iOS, Android, App Store, Google Play, mobile app, TestFlight,
+  app review, app submission, store rejection, in-app purchase, push notification, privacy policy,
+  App Tracking Transparency, IDFA, permissions, app signing, release build, or app bundle.
+license: MIT
+metadata:
+  author: johnad
+  version: "1.0.0"
+  tags:
+    - react-native
+    - expo
+    - app-store
+    - google-play
+    - compliance
+    - mobile
+---
+
+# React Native Store Compliance Skill
+
+You are a React Native store compliance advisor. Every code change, feature addition, or
+configuration update in a React Native / Expo project should be checked against both
+Apple App Store and Google Play Store guidelines. Your job is to catch issues that cause
+rejections **before** they reach app review.
+
+About 40% of app submissions get rejected on the first attempt. Most rejections come from
+a small set of repeated mistakes — wrong permission usage, missing privacy declarations,
+broken payment flows, or metadata issues. This skill helps you avoid all of them.
+
+## How to Use This Skill
+
+When a developer asks you to add or modify any feature in a React Native app:
+
+1. **Build the feature** as requested
+2. **Run the compliance check** against the change — consult the relevant reference files below
+3. **Flag any violations** with the specific guideline reference number and a concrete fix
+4. **Summarize** what passed and what needs attention
+
+If a change touches multiple areas (e.g., adding a subscription screen involves payments,
+UI, and privacy), check all relevant reference files.
+
+## Reference Files
+
+This skill uses progressive loading. Only read the reference files relevant to the current
+task — don't load everything at once.
+
+### Apple App Store Guidelines
+
+Refer to [references/apple-guidelines.md](references/apple-guidelines.md) for the complete
+Apple App Store Review Guidelines covering:
+- Safety (1.x) — objectionable content, kids, health apps
+- Performance (2.x) — completeness, metadata, SDK requirements
+- Business (3.x) — IAP, subscriptions, reader apps
+- Design (4.x) — quality, copycats, minimum functionality, Sign in with Apple
+- Legal (5.x) — privacy, ATT, PrivacyInfo.xcprivacy, nutrition labels
+
+Read this file when the change involves any iOS-specific feature, Apple services integration,
+or when preparing for App Store submission.
+
+### Google Play Store Guidelines
+
+Refer to [references/google-play-guidelines.md](references/google-play-guidelines.md) for
+the complete Google Play Store policies covering:
+- Content policies — restricted content, deceptive behavior, ads
+- Technical requirements — target SDK, AAB, 64-bit, billing library, foreground services
+- Store listing & metadata — screenshots, data safety, content rating
+- Closed testing requirements
+
+Read this file when the change involves any Android-specific feature, Google services
+integration, or when preparing for Play Store submission.
+
+### React Native Specific Patterns
+
+Refer to [references/react-native-patterns.md](references/react-native-patterns.md) for
+RN-specific compliance issues covering:
+- Apple-specific RN checks (Info.plist, ATS, Sign in with Apple, background modes)
+- Google-specific RN checks (AndroidManifest, ProGuard, signing, crash rates)
+- 10 most common React Native rejection patterns
+- AI/generative AI feature rules for both stores
+- Age rating requirements
+
+Read this file for every change — it contains the patterns most likely to cause rejection
+in React Native apps specifically.
+
+### Pre-Submission Checklist
+
+Refer to [references/pre-submission-checklist.md](references/pre-submission-checklist.md)
+for the complete pre-submission verification checklist. This covers both-store checks,
+Apple-specific checks, and Google Play-specific checks.
+
+Read this file when the developer is preparing a release build or submitting to either store.
+
+### Handling Rejections
+
+Refer to [references/handling-rejections.md](references/handling-rejections.md) for guidance
+on responding to App Store and Play Store rejections, including appeal processes.
+
+Read this file when a developer reports a rejection or asks how to respond to one.
+
+## Quick Decision Guide
+
+Use this to decide which reference files to read for common tasks:
+
+| Task | Files to Read |
+|------|--------------|
+| Adding a new feature | `react-native-patterns.md` + relevant store guide |
+| Implementing payments/subscriptions | `apple-guidelines.md` (section 3) + `google-play-guidelines.md` (billing) |
+| Adding permissions (camera, location, etc.) | `react-native-patterns.md` (permissions section) |
+| Adding push notifications | `react-native-patterns.md` + both store guides |
+| Adding user-generated content | `apple-guidelines.md` (section 1.1) + `google-play-guidelines.md` (content) |
+| Privacy/data collection changes | `apple-guidelines.md` (section 5.1) + `google-play-guidelines.md` (privacy) |
+| Preparing for submission | `pre-submission-checklist.md` |
+| Got a rejection | `handling-rejections.md` |
+| Adding AI features | `react-native-patterns.md` (AI section) |
+| Upgrading React Native version | `react-native-patterns.md` (all sections) |

package/skills/rn-store-compliance/references/apple-guidelines.md

@@ -0,0 +1,306 @@
+# Apple App Store Review Guidelines
+
+Complete reference for Apple App Store Review Guidelines relevant to React Native apps.
+Guideline numbers match Apple's official numbering at https://developer.apple.com/app-store/review/guidelines/
+
+---
+
+## 1. Safety (Guidelines 1.x)
+
+### 1.1 Objectionable Content
+
+Apps with user-generated content (UGC) must include all three:
+- Content filtering or moderation (automated or manual)
+- A reporting mechanism for offensive content
+- The ability to block abusive users
+
+If the app has any social features — comments, profiles, chat, photo/video sharing, forums —
+all three are required. Missing even one will cause rejection.
+
+Apps must not include content that is offensive, insensitive, upsetting, intended to disgust,
+in exceptionally poor taste, or simply creepy. This includes content targeting specific
+nationalities, ethnicities, or other groups.
+
+### 1.2 User Safety
+
+Apps must not encourage dangerous behavior. Specifically:
+- Health/fitness apps must include disclaimers that they are not a substitute for medical advice
+- Apps that encourage excessive consumption of alcohol, drug use, or risky physical activities
+  will be rejected
+- Emergency service apps must include real emergency contact information
+
+### 1.3 Kids Category
+
+If targeting children under 13:
+- No third-party analytics or advertising SDKs that aren't certified for children
+- Must comply with COPPA (Children's Online Privacy Protection Act)
+- No links out of the app without a parental gate
+- No login requirement unless it provides clear value to the child
+- No behavioral advertising
+- Data collection must be minimal and clearly disclosed to parents
+- Must not include links to external websites, social media, or purchasing opportunities
+  without age verification
+
+### 1.4 Physical Harm
+
+- Medical apps must clearly disclaim they are not FDA-approved (unless they actually are)
+- Don't provide dosage calculators without proper disclaimers
+- Apps that could present a physical safety risk (e.g., using the phone while driving) must
+  include appropriate warnings
+- SOS/emergency features must connect to actual emergency services
+
+### 1.5 Developer Information
+
+- The developer name and contact info must be accurate and visible in the app and on the
+  store listing
+- A valid support URL is required
+- Apps must have a working contact mechanism (email, support form, etc.)
+
+---
+
+## 2. Performance (Guidelines 2.x)
+
+### 2.1 App Completeness
+
+The app must be a finished product:
+- No placeholder content ("Lorem ipsum", stock images used as real content)
+- No broken links or buttons that do nothing
+- No "coming soon" sections or empty features
+- TestFlight/beta labels must be removed from all UI text and assets
+- The app must not crash on launch or during any core user flows
+- All features shown in screenshots must be functional
+- Demo/test accounts must be provided to App Review if login is required
+
+### 2.2 Beta Testing
+
+- Don't reference "beta", "test", "preview", or "demo" in the App Store version
+- Don't include TestFlight-specific UI or references
+- The App Store version must be the final, production-ready build
+
+### 2.3 Accurate Metadata
+
+- Screenshots must reflect the actual app experience on the device size shown
+- Don't show features that don't exist in the current version
+- The app description must match actual functionality — no aspirational language
+- Don't include competitor names or irrelevant keywords in metadata
+- App name must not include generic terms like "best" or pricing info
+- Category selection must accurately reflect the app's primary function
+- What's New text should describe actual changes in this version
+
+### 2.4 Hardware Compatibility
+
+- If the app requires specific hardware (camera, GPS, ARKit, NFC), handle gracefully when
+  hardware is unavailable — show a clear message, don't crash
+- Use `UIRequiredDeviceCapabilities` in Info.plist to prevent installation on incompatible devices
+- Test on devices without the required hardware to verify graceful degradation
+- iPad apps must support both orientations unless there's a compelling reason not to
+
+### 2.5 Software Requirements
+
+- Target the current or previous iOS SDK
+- **As of April 2026, submissions must use iOS 26 SDK or later**
+- Use a React Native CLI or Expo SDK version that supports the required minimum
+- Don't use deprecated APIs without fallbacks
+- Support the latest two major iOS versions at minimum
+
+---
+
+## 3. Business (Guidelines 3.x)
+
+### 3.1.1 In-App Purchase (IAP)
+
+**The most common rejection reason in this category.**
+
+All digital goods and services MUST use Apple IAP:
+- Subscriptions to digital content
+- Premium features or feature unlocks
+- Virtual currency, in-game items, loot boxes
+- One-time purchases for digital content (e.g., additional filters, themes)
+
+Physical goods and real-world services CAN use external payment:
+- Physical merchandise (Stripe, etc.)
+- Ride-sharing, food delivery, hotel bookings
+- Real-world event tickets
+- Person-to-person payments (e.g., Venmo-style)
+
+**Never** link to an external website for purchasing digital content. Even mentioning that
+content can be purchased elsewhere has caused rejections.
+
+React Native implementation:
+- `react-native-iap` — most popular, wraps StoreKit
+- `expo-in-app-purchases` — Expo's built-in module
+- RevenueCat — managed service, handles receipt validation
+
+### 3.1.2 Subscriptions
+
+Must clearly show:
+- The price in the user's local currency
+- The subscription duration (weekly, monthly, yearly)
+- What happens when the subscription ends (access revoked, downgraded, etc.)
+- Free trial details: when billing starts, how to cancel before being charged
+
+Required elements on subscription screens:
+- Link to Apple's subscription management page (`https://apps.apple.com/account/subscriptions`)
+- Terms of Service link
+- Privacy Policy link
+- Clear disclosure of auto-renewal
+
+Free trials must:
+- Disclose the price that will be charged after the trial
+- Make cancellation instructions clear
+- Not auto-subscribe without explicit user consent
+
+### 3.1.3 Reader Apps
+
+Reader apps (Netflix, Spotify, Kindle-style) may:
+- Link to their website for account creation
+- Allow users to access previously purchased content
+
+Reader apps must NOT:
+- Include in-app purchase buttons for content
+- Link directly to a purchase page on their website (allowed only for account creation)
+
+### 3.2 Other Business Model Issues
+
+- Don't create an app that is essentially a website wrapped in a WebView with no native
+  functionality — it must provide value beyond the mobile website
+- Free apps cannot lock all content behind a paywall on first launch without offering a
+  meaningful free experience
+- Don't artificially inflate download size or ratings
+- Bait-and-switch tactics (free download but everything locked) will be rejected
+- Multi-app developers: don't create apps that primarily exist to cross-promote other apps
+
+---
+
+## 4. Design (Guidelines 4.x)
+
+### 4.0 Design Quality
+
+The app must feel native and polished:
+- Use proper safe area insets (`SafeAreaView` in React Native)
+- Support Dynamic Type where possible (text should scale with system settings)
+- Handle dark mode if the system supports it (at least don't break in dark mode)
+- Use system UI conventions (swipe to go back, pull to refresh where expected)
+- No pixelated or stretched images
+- Consistent visual language throughout the app
+- Text must be readable — sufficient contrast, appropriate font sizes
+
+### 4.1 Copycats
+
+- Don't clone another app's UI or functionality — bring your own design
+- Don't use another company's trademarks, branding, or trade dress without written permission
+- Don't mimic Apple's built-in apps in a confusing way
+
+### 4.2 Minimum Functionality
+
+The app must do something useful:
+- Single-feature apps are fine if the feature is substantive and well-executed
+- WebView-only apps will be rejected unless they add meaningful native features on top
+- Apps that are primarily marketing material for a company will be rejected
+- Calculator/flashlight/tip-calculator style apps are generally rejected unless they offer
+  something significantly unique
+
+### 4.3 Spam
+
+- Don't submit multiple apps that are essentially the same with different themes, data sets,
+  or minor variations (template apps)
+- Don't duplicate built-in iOS functionality without significant added value
+- Don't submit an app that is a repackaged version of another developer's app
+
+### 4.5 Apple Sites and Services
+
+If using Apple services, follow each service's specific guidelines:
+- **Sign in with Apple**: REQUIRED if you offer any third-party social login (Google, Facebook,
+  Twitter, etc.). Must be offered as a login option alongside other providers. Must use the
+  Apple-provided UI button style.
+- **Apple Maps**: Use MapKit for maps functionality on iOS
+- **HealthKit**: Must explain data usage clearly, can't use health data for advertising
+- **HomeKit**: Must support user-initiated control
+- **SiriKit / App Intents**: Follow the specific interaction patterns
+
+### 4.7 HTML5 Games/Apps
+
+- Apps that are just HTML5/web content in a native wrapper will be rejected
+- There must be meaningful native functionality beyond the WebView
+- Performance must be comparable to native apps
+
+---
+
+## 5. Legal (Guidelines 5.x)
+
+### 5.1 Privacy
+
+Apps must include a privacy policy:
+- The privacy policy link must work and be accessible from within the app AND on the store listing
+- Must be in plain language, not just legal boilerplate
+- Must accurately describe what data is collected, how it's used, and who it's shared with
+- Must request user permission before collecting personal data
+- Must not collect data unrelated to the app's core functionality
+
+#### App Tracking Transparency (ATT)
+
+If using IDFA or tracking users across apps/websites owned by other companies:
+- Must show the ATT prompt before any tracking occurs
+- Use `react-native-tracking-transparency` or `expo-tracking-transparency`
+- Don't gate app functionality on the user accepting tracking
+- Don't incentivize users to allow tracking ("allow tracking for bonus coins")
+- The ATT purpose string must clearly explain what data is collected and how it's used
+
+#### PrivacyInfo.xcprivacy
+
+Required manifest file declaring all privacy-related API usage:
+- Must declare reasons for accessing APIs: UserDefaults, file timestamp APIs, disk space APIs,
+  system boot time, active keyboard APIs, user defaults
+- React Native apps should audit ALL native modules (including transitive dependencies) for
+  API usage that requires declaration
+- Common React Native libraries that need declarations: AsyncStorage, RNFS, react-native-device-info
+- Xcode will warn about missing declarations during build
+
+#### Privacy Nutrition Labels
+
+Must accurately declare all data collection in App Store Connect:
+- This includes data collected by ALL third-party SDKs, not just your own code
+- Common React Native SDKs to audit:
+  - Firebase (Analytics, Crashlytics, Remote Config) — collects device ID, crash data, usage data
+  - Sentry — collects crash data, device info
+  - Amplitude / Mixpanel / Segment — collects usage analytics, device info
+  - Facebook SDK — collects device ID, usage data, potentially advertising data
+  - Google Sign-In — collects email, name, profile picture
+  - OneSignal / FCM — collects device tokens, notification interaction data
+- Under-declaring will cause rejection; over-declaring is safer than under-declaring
+
+### 5.1.2 Data Use and Sharing
+
+- Data collected for one purpose can't be repurposed without consent
+- Don't share user data with data brokers
+- Third-party SDKs that share data must be disclosed
+- Financial and health data have additional restrictions on sharing
+
+### 5.2 Intellectual Property
+
+- Don't use copyrighted content (music, images, text) without proper licensing
+- Don't include Apple's proprietary icons, UI elements, or trademarks
+- Open source license compliance — if using GPL libraries, your distribution must comply
+
+### 5.3 Gaming, Gambling, Lotteries
+
+- Real-money gambling requires specific licenses per jurisdiction
+- Must implement geo-restrictions for gambling features
+- Loot boxes and gacha mechanics must disclose odds of each item/tier
+- Contests and sweepstakes must have official rules and eligibility requirements
+
+### 5.4 VPN Apps
+
+- Must use `NEVPNManager` API
+- Can't harvest or sell user data
+- Must clearly explain what data is routed through the VPN
+- VPN profile installation must be user-initiated
+
+### 5.6 Developer Code of Conduct
+
+- Don't manipulate ratings or reviews (incentivized reviews, review farms)
+- Don't use misleading marketing or fake social proof
+- Respond to App Review communications within 14 days
+- Don't attempt to deceive the review process (hidden features, different behavior during review)
+- Use `SKStoreReviewController` for requesting reviews — don't build custom review prompts
+  that redirect to the App Store