Add scan flow MVP and local Axiom skill workspace

This snapshot establishes the camera-to-result recognition flow and related tests while checking in the project skill/docs assets required for the configured local tooling.

.claude/skills/axiom-app-store-ref/.openskills.json

@@ -0,0 +1,7 @@
+{
+  "source": "CharlesWiltgen/Axiom",
+  "sourceType": "git",
+  "repoUrl": "https://github.com/CharlesWiltgen/Axiom",
+  "subpath": "axiom-codex/skills/axiom-app-store-ref",
+  "installedAt": "2026-04-12T08:05:47.497Z"
+}

.claude/skills/axiom-app-store-ref/agents/openai.yaml

@@ -0,0 +1,3 @@
+interface:
+  display_name: "App Store Reference"
+  short_description: "Looking up ANY App Store metadata field requirement, privacy manifest schema, age rating tier, export compliance deci..."

.claude/skills/axiom-app-store-ref/references/app-review-guidelines.md

@@ -0,0 +1,133 @@
+# App Review Guidelines Index
+
+Verified against Apple's published guidelines (February 6, 2026 revision).
+
+## Section 1: Safety
+
+| Guideline | Topic |
+|-----------|-------|
+| 1.1 | Objectionable Content |
+| 1.1.1 | Defamatory, discriminatory, or mean-spirited content |
+| 1.1.2 | Realistic portrayals of people or animals being killed/maimed/tortured/abused |
+| 1.1.3 | Depictions encouraging weapons use against people/animals |
+| 1.1.4 | Pornographic material (immediate removal) |
+| 1.1.5 | Religious/cultural/ethnic commentary that fosters prejudice |
+| 1.1.6 | False information, fake functionality ("for entertainment" does NOT excuse this) |
+| 1.1.7 | Capitalizing on recent events (tragedies, conflicts, epidemics) |
+| 1.2 | User-Generated Content — must have filtering, reporting, blocking, contact info, age verification |
+| 1.3 | Kids Category — no third-party analytics/advertising, COPPA/GDPR-Kids compliance |
+| 1.4 | Physical Harm |
+| 1.4.1 | Medical apps: disclose limitations, link to real medical help |
+| 1.4.2 | Drug dosage calculators: recognized institutions only |
+| 1.4.3 | Tobacco, e-cigarettes, vape, illegal drug use encouragement |
+| 1.4.4 | DUI/checkpoint apps that encourage reckless behavior |
+| 1.4.5 | Activities that risk physical harm (bets, dares, body modification) |
+| 1.5 | Developer Information — program membership must be current |
+| 1.6 | Data Security — ATS required, justified exceptions only |
+
+## Section 2: Performance
+
+| Guideline | Topic |
+|-----------|-------|
+| 2.1 | App Completeness — no crashes, broken links, placeholders, missing demo accounts |
+| 2.2 | Beta/Demo/Trial — use TestFlight, not "beta" in app name or bundle ID |
+| 2.3 | Accurate Metadata |
+| 2.3.1 | No hidden/undocumented features; no misleading descriptions |
+| 2.3.2 | No concealed features |
+| 2.3.3 | Screenshots must reflect actual app experience on correct device |
+| 2.3.5 | Use accurate App Store category |
+| 2.3.6 | Age rating must match actual content |
+| 2.3.7 | App name max 30 chars; no keyword stuffing in name/subtitle |
+| 2.3.8 | Metadata must be age-appropriate; "For Kids"/"For Children" reserved for Kids category |
+| 2.4 | Hardware Compatibility — must work with current OS |
+| 2.5 | Software Requirements |
+| 2.5.1 | Only public APIs |
+| 2.5.2 | Self-contained; no code downloads that change functionality |
+| 2.5.3 | No viruses, malware, code injection (immediate removal) |
+| 2.5.4 | Multitasking must use proper background modes |
+| 2.5.5 | Must be fully functional on IPv6-only networks |
+| 2.5.6 | Web browsing must use WebKit (alternative engine entitlement available) |
+| 2.5.9 | Request only necessary permissions |
+| 2.5.11 | SiriKit/HealthKit must actually use the declared feature |
+| 2.5.17 | Matter integration must use Apple's framework; third-party components CSA-certified |
+| 2.5.18 | No display advertising in extensions, App Clips, widgets, notifications, keyboards, watchOS |
+
+## Section 3: Business
+
+| Guideline | Topic |
+|-----------|-------|
+| 3.1.1 | In-App Purchase required for digital goods/services. Loot box odds must be disclosed before purchase. NFTs: may sell via IAP, ownership must not unlock features. |
+| 3.1.2 | Subscriptions: ongoing value, 7-day minimum period, cross-device, transparent terms (price, duration, auto-renewal, cancellation). Schedule 2 of DPLA requires ToS/PP on purchase screen. |
+| 3.1.3(a-e) | External payments: reader apps, multiplatform, enterprise, person-to-person, physical goods |
+| 3.1.4 | No artificial barriers between IAP and web purchase options |
+| 3.1.5 | Cryptocurrency: wallets require organization enrollment, exchanges need licensing, no on-device mining, no crypto rewards for tasks |
+| 3.2.2(viii) | Binary options trading apps prohibited |
+| 3.2.2(ix) | Loan apps: max 36% APR including fees, no full repayment required within 60 days |
+
+## Section 4: Design
+
+| Guideline | Topic |
+|-----------|-------|
+| 4.0 | General design standards (HIG compliance) |
+| 4.1 | Copycats — apps confusingly similar to existing apps (4.1(b): impersonation = removal from Developer Program) |
+| 4.2 | Minimum Functionality — no web wrappers, no single-media apps, must have lasting value |
+| 4.2.6 | Template/app-generation-service apps rejected unless submitted by content provider |
+| 4.3 | Spam — no duplicate apps from same developer |
+| 4.4.1 | Keyboard extensions must include next-keyboard switching |
+| 4.5.4 | Push notifications: no advertising, marketing, or spam |
+| 4.7 | Mini apps, streaming games, chatbots, emulators: must provide universal link index, age restrictions, content filtering |
+| 4.8 | Sign in with Apple required when ANY third-party/social login offered (exceptions: company-internal, education, government, client apps for specific services) |
+| 4.10 | Cannot monetize built-in capabilities (push, camera, gyroscope, Apple Music, iCloud storage, Screen Time APIs) |
+
+## Section 5: Legal
+
+| Guideline | Topic |
+|-----------|-------|
+| 5.1.1(i) | Privacy policy required in App Store Connect AND within app |
+| 5.1.1(ii) | Permission requests must explain purpose with benefit to user |
+| 5.1.1(iii) | Don't require unnecessary personal info |
+| 5.1.1(v) | Account deletion must be offered if account creation supported |
+| 5.1.1(vi) | Surreptitiously discovering passwords (removal from Developer Program) |
+| 5.1.2(i) | No sharing with third parties without consent; ATT required for tracking |
+| 5.1.3 | Health data must not be stored in iCloud; no false HealthKit data |
+| 5.1.4 | Kids Category requirements (COPPA) |
+| 5.1.5 | Location Services must have clear purpose |
+| 5.2 | Intellectual Property — no unauthorized copyrighted material |
+| 5.3 | Gaming/Gambling — real-money gambling requires licensing |
+| 5.4 | VPN Apps — must use NEVPNManager API |
+| 5.5 | Developer Code of Conduct |
+| 5.6 | Telecommunications |
+
+## Zero-Tolerance Guidelines (Immediate Removal Risk)
+
+| Guideline | Consequence |
+|-----------|-------------|
+| 1.1.4 | Pornographic content → immediate removal |
+| 2.5.3 | Viruses/malware → immediate removal |
+| 4.1(b) | App impersonation → removal from Developer Program |
+| 5.1.1(vi) | Surreptitious password discovery → removal from Developer Program |
+
+## Top 10 Rejection Causes
+
+| Rank | Guideline | Issue | % of Rejections |
+|------|-----------|-------|-----------------|
+| 1 | 2.1 | App Completeness (crashes, placeholders, broken flows) | ~40% |
+| 2 | 5.1.1(i) | Privacy policy missing/inadequate | — |
+| 3 | 2.1 | Incomplete review info (missing demo accounts) | — |
+| 4 | 2.3.3 | Screenshots don't match app | — |
+| 5 | 4.0 | Substandard UI / HIG violations | — |
+| 6 | 4.2 | Web wrapper / insufficient functionality | — |
+| 7 | 2.3.1 | Misleading metadata | — |
+| 8 | 4.2 | Insufficient lasting value | — |
+| 9 | 4.1 | Copycat app | — |
+| 10 | 4.3 | Repeated similar apps | — |
+
+## Sensitive App Types Requiring Extra Documentation
+
+| Type | Requirements |
+|------|-------------|
+| Kids apps with third-party ads | Links to ad policies, proof of human review |
+| Medical hardware integration | Regulatory clearance for all regions |
+| Third-party content/trademarks | Authorization documentation |
+| Gambling, VPN, real money gaming | Licensing documentation |
+| Banking, crypto, healthcare, air travel | Must be submitted by legal entity (not individuals) |

.claude/skills/axiom-app-store-ref/references/expert-review-checklist.md

@@ -0,0 +1,95 @@
+# Expert Review Checklist
+
+Comprehensive 9-section submission checklist. For the discipline-focused pre-flight workflow, see `app-store-submission`.
+
+## Build
+
+- [ ] Built with required SDK version (currently Xcode 16, iOS 18 SDK)
+- [ ] Export compliance answered (`ITSAppUsesNonExemptEncryption`)
+- [ ] Encryption documentation uploaded (if custom encryption)
+- [ ] IPv6-only network compatible
+- [ ] Signed with distribution certificate and provisioning profile
+- [ ] Correct bundle ID for target environment (production, not development)
+- [ ] Build string unique for this version
+- [ ] Binary under 200 MB OTA cellular limit (or warn users)
+- [ ] All required architectures included (arm64)
+- [ ] No private API usage
+
+## Privacy
+
+- [ ] `PrivacyInfo.xcprivacy` present and complete
+- [ ] Privacy policy URL set in App Store Connect
+- [ ] Privacy policy accessible within the app
+- [ ] All purpose strings (`NS*UsageDescription`) present for requested permissions
+- [ ] ATT implemented if app tracks users
+- [ ] Required Reason APIs declared with approved reasons
+- [ ] Privacy Nutrition Labels match actual data collection
+- [ ] Third-party SDK privacy manifests included
+- [ ] Privacy report generated and reviewed (`Product > Archive > Generate Privacy Report`)
+
+## Metadata
+
+- [ ] App name unique, max 30 characters
+- [ ] Description complete, max 4000 characters, plain text
+- [ ] Keywords set, max 100 bytes, no trademarked terms
+- [ ] Screenshots provided for all supported device sizes
+- [ ] Screenshots show app in actual use (not title art or splash screens)
+- [ ] What's New text updated for this version
+- [ ] Copyright field current year
+- [ ] Support URL links to real contact information
+- [ ] Privacy Policy URL is HTTPS and publicly accessible
+- [ ] Promotional Text set (editable without submission)
+- [ ] App category accurate
+- [ ] All metadata localized for target markets
+
+## Account
+
+- [ ] Account deletion implemented and easy to find
+- [ ] SIWA token revocation on account deletion
+- [ ] Sign in with Apple offered if any third-party login exists
+- [ ] SIWA given equal visual prominence to other login options
+- [ ] Demo credentials provided in App Review Information (if login required)
+- [ ] Demo credentials will not expire during review period
+
+## Content
+
+- [ ] No placeholder content ("Lorem ipsum", "Coming Soon", etc.)
+- [ ] All links functional and leading to real content
+- [ ] Final production assets (not development/staging URLs)
+- [ ] No test data visible in screenshots or app
+- [ ] No references to other mobile platforms in metadata
+
+## Age Rating
+
+- [ ] Age rating questionnaire completed
+- [ ] New capability declarations answered (messaging, UGC, advertising, parental, age assurance)
+- [ ] UGC moderation implemented if applicable
+- [ ] Content filtering in place for web views (or accept 16+ minimum)
+- [ ] Loot box odds disclosed if applicable
+
+## Monetization
+
+- [ ] All IAPs configured and in "Ready to Submit" status
+- [ ] IAP screenshots uploaded
+- [ ] Subscription terms clear (price, duration, auto-renewal, cancellation)
+- [ ] Loot box odds displayed before purchase
+- [ ] Restore Purchases functionality working
+- [ ] No removing paid features to force new purchases
+- [ ] Subscription grace period supported
+- [ ] Offer codes configured if planned
+
+## EU Compliance
+
+- [ ] DSA trader status declared for all EU-distributed apps
+- [ ] Trader email verified via 2FA
+- [ ] Trader phone verified via 2FA
+- [ ] Contact information accurate and current
+- [ ] Labels and markings complete (if applicable for product category)
+
+## App Review
+
+- [ ] Contact information complete (name, email, phone)
+- [ ] Demo account credentials provided (if login required)
+- [ ] Notes for Review explain any non-obvious features
+- [ ] Attachment uploaded for features requiring special hardware or setup
+- [ ] Review contact email actively monitored