📱 archetype: mobile-app

Ship to App Store without the rejection email.

Building with React Native, Flutter, Swift, or Kotlin? GreatCTO auto-detects the mobile-app archetype and ships App Store / Play Store policy, IAP receipt validation, and push token security gates before TestFlight.

$ npx great-cto init Back to home ↗
What you avoid

The 5 mobile bugs that break shipping.

Without GreatCTO

  • IAP receipt not server-validated — pirated unlocks
  • Push token leaked in logs — silent push to all users
  • App Store rejected for non-IAP payment in iOS
  • Privacy nutrition label wrong — 7-day re-review
  • Deep-link without verification — phishing vector
  • 2-week shipping delay every release.

With GreatCTO

  • IAP receipt validation (server-side) is gate:ship
  • Push token redacted from logs · APNs signing checked
  • Apple/Google policy compliance audited pre-release
  • Privacy manifest + nutrition label auto-generated
  • Deep-link / universal-link verification mandatory
  • Pass review on first attempt.
Auto-applied gates

Detected: react-native + @stripe/stripe-react-native
mobile-app archetype.

Compliance auto-suggested: app-store · play-store · gdpr. Specialist agents activated:

01 · security-officer

Mobile OWASP

M1 improper credential usage · M3 insecure auth · M4 insufficient input validation · M9 insecure data storage · M10 insufficient cryptography.

02 · code-reviewer

12-angle review

Memory leaks on background · battery drain · network resilience · cold-start budget · accessibility (a11y) compliance.

03 · performance-engineer

Cold start budget

TTI < 2s on iPhone SE · APK/IPA size budget · frame rate targets · battery profile.

04 · senior-dev

TDD with audit trail

Every store-policy decision logged to ~/.great_cto/decisions.md. Reused across iOS + Android variants.

Domain pack overlays

Likely to overlay on mobile-app.

Packs auto-attach when CLI detects pack-specific signals (e.g. twilio in deps → voice-pack). Each pack adds its own reviewer agents + human gates on top of the base archetype pipeline.

+ Voice AI
Voice + telephony compliance (TCPA, STIR/SHAKEN, state recording-consent)
+ Lending/Credit
ECOA / Reg B, FCRA, NMLS state matrix, MLA, BISG fair-lending
30 seconds

Drop into any React Native / Flutter / Swift / Kotlin repo.

$ npx great-cto init
no signup·runs locally·pay your own API