Guides research and improvement work for the nofy Android app (offline encrypted notes vault, Jetpack Compose, Koin, SQLCipher, modular Clean Architecture). Use when the user asks to improve the product, run product/security/UX/performance investigations, prioritize changes, or evaluate ideas against nofy conventions and threat model.
nofy is a local-first notes vault: SQLCipher + field encryption, Android Keystore, Argon2, BiometricPrompt, lockout, heuristic environment checks, FLAG_SECURE, auto-lock. UI: Jetpack Compose via :platform:designsystem. Architecture: feature api/impl, platform/*, shared/*, Koin, UDF (UiState / Intent / Effect) per AGENTS.md.
This skill steers how to improve the product without contradicting repo rules.
AGENTS.md (Compose, design system, VM/UI boundaries, no drive-by refactors).docs/tech.md and docs/source-layout.md for stack, security posture, and file placement.| Tier | Use for | Examples |
|---|---|---|
| A | Decisions that affect crypto, backup, or platform APIs | Android security / cryptography / backup, OWASP MASTG |
| B | Compose performance, Baseline Profiles | Compose performance, Baseline Profiles |
| C | Ideas only — verify against A before code | Blogs, Medium, competitor marketing |
State tier when citing. Never treat tier C as proof.
dataExtractionRules vs encrypted DB; user expectations for export, wipe, and data loss; alignment with docs/tech.md threat model (heuristics are not perfect tamper-proofing).remember / derivedStateOf, Lazy keys, defer state reads; measure with Studio recomposition tracing before large refactors.contentDescription, focus order, toggles; short manual pass beats long article research.api not depending on other features’ api/impl).shared:auth under com.segnities007.auth.domain.* (no Android in domain packages by convention); feature patterns match docs/source-layout.md.Use this structure (concise):
## Goal
[User-visible or measurable outcome]
## Findings
- [Bullet + tier A/B/C if external]
## Recommendations
1. [Actionable, scoped] — Effort: S/M/L — Risk: low/med/high
## Repo alignment
[How this respects AGENTS.md / design system / modules]
## Out of scope / defer
[What not to do now]
Backup / extraction
Security-sensitive change
UI / Compose
Theme in feature screens at runtime (root only).:platform:designsystem for chrome that repeats.Context, resources, or navigation inside ViewModel / domain use cases.For link-only reference material (official URLs), see reference.md.