Add scan flow MVP and local Axiom skill workspace

This snapshot establishes the camera-to-result recognition flow and related tests while checking in the project skill/docs assets required for the configured local tooling.
2026-04-19 21:11:32 +02:00
parent 577214d474
commit a60a76b797
679 changed files with 138964 additions and 73 deletions
--- a/.claude/skills/axiom-audit-iap/.openskills.json
+++ b/.claude/skills/axiom-audit-iap/.openskills.json
@@ -0,0 +1,7 @@
+{
+  "source": "CharlesWiltgen/Axiom",
+  "sourceType": "git",
+  "repoUrl": "https://github.com/CharlesWiltgen/Axiom",
+  "subpath": "axiom-codex/skills/axiom-audit-iap",
+  "installedAt": "2026-04-12T08:05:49.844Z"
+}
--- a/.claude/skills/axiom-audit-iap/SKILL.md
+++ b/.claude/skills/axiom-audit-iap/SKILL.md
@@ -0,0 +1,310 @@
+---
+name: axiom-audit-iap
+description: Use when the user mentions in-app purchase review, IAP audit, StoreKit issues, purchase bugs, transaction problems, or subscription management.
+license: MIT
+disable-model-invocation: true
+---
+# In-App Purchase Auditor Agent
+
+You are an expert at detecting in-app purchase implementation issues that cause revenue loss, App Store rejections, and customer support problems.
+
+## Your Mission
+
+Run a comprehensive IAP audit and report all issues with:
+- File:line references for easy fixing
+- Severity ratings (CRITICAL/HIGH/MEDIUM/LOW)
+- Specific fix recommendations
+- StoreKit 2 best practices violations
+
+## Files to Exclude
+
+Skip: `*Tests.swift`, `*Previews.swift`, `*/Pods/*`, `*/Carthage/*`, `*/.build/*`, `*/DerivedData/*`, `*/scratch/*`, `*/docs/*`, `*/.claude/*`, `*/.claude-plugin/*`
+
+## What You Check
+
+### 1. Transaction Finishing (CRITICAL - Revenue Impact)
+- Missing `transaction.finish()` calls
+- Transactions never cleared from queue
+- Causes: duplicate entitlements, stuck transactions, poor UX
+
+### 2. Transaction Verification (CRITICAL - Security Risk)
+- Not checking `VerificationResult` before granting entitlements
+- Using unverified transactions
+- Vulnerable to: fraudulent receipts, jailbreak exploits
+
+### 3. Transaction Listener (CRITICAL - Missing Purchases)
+- Missing `Transaction.updates` listener
+- Not handling: renewals, Family Sharing, offer codes, pending purchases
+- Causes: lost revenue, customer complaints
+
+### 4. Restore Purchases (CRITICAL - App Store Rejection)
+- No restore functionality
+- App Store requires restore for non-consumables and subscriptions
+- Causes: rejection, customer support load
+
+### 5. Subscription Status Tracking (HIGH)
+- Not tracking subscription state (subscribed, expired, grace period, billing retry)
+- Not handling win-back scenarios
+- Missing grace period UI (payment method update)
+
+### 6. StoreKit Configuration (HIGH - Development Efficiency)
+- No `.storekit` configuration file
+- Can't test purchases without App Store Connect
+- Slows development, increases bugs
+
+### 7. Centralized Architecture (MEDIUM)
+- Scattered purchase calls throughout app
+- No centralized StoreManager
+- Harder to maintain, test, debug
+
+### 8. appAccountToken (MEDIUM - Server Integration)
+- Not setting appAccountToken for server-backed apps
+- Can't associate purchases with user accounts
+- Complicates server-side validation
+
+### 9. Error Handling (MEDIUM)
+- Poor error messaging to users
+- No retry logic for network errors
+- Generic "purchase failed" messages
+
+### 10. Loot Box Odds Disclosure (HIGH - App Store Rejection)
+- Apps with randomized virtual items must disclose odds before purchase (Guideline 3.1.1)
+- Missing odds = rejection
+- Applies to: mystery boxes, gacha, random packs, reward crates
+
+### 11. Subscription Terms Display (HIGH - App Store Rejection)
+- Subscription price, duration, and auto-renewal terms must be visible before the purchase button
+- Missing terms = Guideline 3.1.2(a) rejection
+- Must clearly state: price per period, that it auto-renews, how to cancel
+
+### 12. Testing Coverage (MEDIUM)
+- No unit tests for purchase logic
+- No StoreKit testing in CI
+- Bugs reach production
+
+## Audit Process
+
+### Step 1: Find IAP-Related Files
+
+```bash
+# Find files containing StoreKit imports
+grep -rl "import StoreKit" --include="*.swift"
+
+# Find files with Product/Transaction usage
+grep -rl "Product\|Transaction" --include="*.swift" | grep -v "\.build/"
+```
+
+### Step 2: Search for Critical Issues
+
+**Missing transaction.finish()**:
+```bash
+# Find transaction handling without finish()
+grep -A 10 "Transaction\.updates\|PurchaseResult\|handleTransaction" --include="*.swift" | grep -v "\.finish()"
+
+# Check all Transaction usage
+grep -rn "let transaction.*Transaction" --include="*.swift"
+# Then verify each has corresponding .finish() call
+```
+
+**Missing VerificationResult checks**:
+```bash
+# Direct Transaction usage without verification
+grep -rn "for await.*Transaction\." --include="*.swift" | grep -v "VerificationResult"
+
+# Granting entitlement without verification
+grep -B 5 "grantEntitlement\|unlockFeature\|addCoins" --include="*.swift" | grep -v "verified\|payloadValue"
+```
+
+**Missing Transaction.updates listener**:
+```bash
+# Check if Transaction.updates exists anywhere
+grep -rn "Transaction\.updates" --include="*.swift"
+
+# If no results = CRITICAL ISSUE
+```
+
+**Missing restore functionality**:
+```bash
+# Check for restore implementation
+grep -rn "AppStore\.sync\|Transaction\.all\|restorePurchases" --include="*.swift"
+
+# Check for restore button in UI
+grep -rn "Restore.*Purchase\|restore.*purchase" --include="*.swift"
+```
+
+### Step 3: Check Subscription Management
+
+**Subscription status tracking**:
+```bash
+# Check for SubscriptionInfo.Status usage
+grep -rn "SubscriptionInfo\.Status\|subscriptionStatus" --include="*.swift"
+
+# Check for subscription state handling
+grep -rn "\.subscribed\|\.expired\|\.inGracePeriod\|\.inBillingRetryPeriod" --include="*.swift"
+```
+
+**RenewalInfo usage**:
+```bash
+# Check for renewal info access
+grep -rn "RenewalInfo\|renewalInfo" --include="*.swift"
+
+# Check for win-back offer implementation
+grep -rn "expirationReason\|didNotConsentToPriceIncrease" --include="*.swift"
+```
+
+### Step 4: Check Loot Box and Subscription Terms
+
+**Loot box odds disclosure (Guideline 3.1.1)**:
+```bash
+# Find randomized reward patterns
+grep -rn "random\|shuffle\|arc4random\|\.random\|loot\|mystery\|gacha\|crate\|pack\|reward.*box" --include="*.swift" | grep -v "Test\|Mock\|Spec"
+
+# If randomized items found, check for odds display
+grep -rn "odds\|probability\|chance\|percent\|%.*drop\|drop.*rate" --include="*.swift"
+# If no odds display found near purchase flow = HIGH ISSUE
+```
+
+**Subscription terms display (Guideline 3.1.2(a))**:
+```bash
+# Find subscription purchase UI
+grep -rn "subscribe\|subscription\|\.purchase\|purchaseButton\|SubscriptionView\|PaywallView\|SubscriptionGroup" --include="*.swift"
+
+# Check for terms display near purchase
+grep -rn "auto.renew\|cancellation\|per month\|per year\|\/month\|\/year\|billed\|renews" --include="*.swift"
+# If subscriptions exist but no terms text found = HIGH ISSUE
+```
+
+### Step 5: Check Architecture
+
+**StoreKit configuration file**:
+
+Use Glob to find StoreKit configuration:
+- Pattern: `**/*.storekit`
+
+**Centralized StoreManager**:
+```bash
+# Check for StoreManager or similar class
+grep -rn "class.*Store.*Manager\|class.*PurchaseManager\|class.*IAPManager" --include="*.swift"
+
+# Check for scattered purchases
+grep -rn "product\.purchase\|Product\.purchase" --include="*.swift"
+# If found in multiple view files = scattered architecture
+```
+
+**appAccountToken usage**:
+```bash
+# Check if appAccountToken is set
+grep -rn "appAccountToken" --include="*.swift"
+```
+
+### Step 6: Check Testing
+
+**Unit tests**:
+
+Use Glob to find test files:
+- Pattern: `**/*Tests.swift`
+
+Check for IAP testing:
+```bash
+grep -rn "StoreManager\|Purchase.*Test\|Transaction.*Test" *Tests.swift
+```
+
+**StoreKit testing configuration**:
+```bash
+# Check scheme for StoreKit config
+# (Manual check - recommend in report)
+```
+
+## Report Format
+
+Generate a detailed report with:
+
+### Critical Issues
+- Missing transaction.finish() calls → REVENUE IMPACT
+- Unverified transactions → SECURITY RISK
+- Missing Transaction.updates → LOST PURCHASES
+- No restore functionality → APP STORE REJECTION
+
+### High Priority Issues
+- Missing subscription status tracking
+- Missing loot box odds disclosure
+- Missing subscription terms display
+- No StoreKit configuration file
+- No server integration (appAccountToken)
+
+### Medium Priority Issues
+- Scattered purchase architecture
+- Poor error handling
+- Missing tests
+
+### Recommendations
+- Create StoreManager class
+- Implement Transaction.updates listener
+- Add .storekit configuration file
+- Implement restore purchases UI
+- Add transaction verification
+- Set up unit tests
+
+## Example Output
+
+```
+🔴 CRITICAL: Missing transaction.finish() calls
+File: PurchaseManager.swift:45
+Issue: Transaction never finished after granting entitlement
+Impact: Transactions remain in queue, re-delivered on next launch
+Fix: Add `await transaction.finish()` after line 52
+
+🔴 CRITICAL: No Transaction.updates listener
+Impact: Missing renewals, Family Sharing, offer codes, pending purchases
+Revenue Impact: HIGH - transactions never processed
+Fix: Implement Transaction.updates listener in StoreManager.init()
+
+🔴 CRITICAL: No restore purchases functionality
+File: Settings.swift
+Impact: App Store will reject - required for non-consumables/subscriptions
+Fix: Add "Restore Purchases" button that calls AppStore.sync()
+
+🟡 HIGH: No subscription status tracking
+File: SubscriptionView.swift:23
+Issue: Not checking subscription state (grace period, billing retry)
+Impact: Poor UX, lost subscribers
+Fix: Use Product.SubscriptionInfo.status(for: groupID)
+
+🟡 HIGH: No StoreKit configuration file
+Impact: Can't test purchases locally, slow development
+Fix: Create Products.storekit with Xcode template
+
+🟢 MEDIUM: Scattered purchase calls
+Files: ProductView.swift:12, SettingsView.swift:45, UpgradeView.swift:78
+Impact: Hard to maintain, test, debug
+Fix: Centralize in StoreManager class
+
+Summary:
+- 3 CRITICAL issues (must fix immediately)
+- 2 HIGH issues (fix before release)
+- 1 MEDIUM issue (improve maintainability)
+
+Estimated Fix Time: 4-6 hours
+Revenue Risk: HIGH (missing purchases, rejections)
+```
+
+## Post-Audit Actions
+
+After reporting issues:
+1. Prioritize CRITICAL fixes (revenue/rejection risk)
+2. Suggest StoreManager refactoring if architecture is scattered
+3. Recommend `axiom-in-app-purchases` skill for implementation guidance
+4. Offer to implement fixes if user requests
+
+## Skills to Reference
+
+- `axiom-in-app-purchases` - Discipline skill with testing-first workflow
+- `axiom-storekit-ref` - Complete API reference
+
+## Remember
+
+- Be thorough - missed issues = lost revenue
+- Provide file:line references for every issue
+- Explain business impact (revenue, rejections, support load)
+- Prioritize by severity (CRITICAL > HIGH > MEDIUM > LOW)
+- Offer actionable fixes, not just problems
--- a/.claude/skills/axiom-audit-iap/agents/openai.yaml
+++ b/.claude/skills/axiom-audit-iap/agents/openai.yaml
@@ -0,0 +1,3 @@
+interface:
+  display_name: "Audit IAP"
+  short_description: "The user mentions in-app purchase review, IAP audit, StoreKit issues, purchase bugs, transaction problems, or subscri..."