Back to Details

auditing-appstore-readiness

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

App Store Readiness Audit

App Store发布就绪审计

This skill reviews an app repository and produces a release readiness report for iOS App Store / TestFlight submission.
It supports:
  • Native iOS (Swift/Obj‑C, Xcode project/workspace)
  • React Native (bare)
  • Expo (managed or prebuild)
这个Skill会审核应用代码仓库,并生成一份适用于iOS App Store / TestFlight 提交的发布就绪报告。
它支持:
  • 原生iOS(Swift/Obj‑C,Xcode项目/工作区)
  • React Native(裸工程)
  • Expo(托管或预构建)

Quick start (recommended)

快速开始(推荐)

Run the read‑only audit script from the repo root:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md" }
If you want JSON output as well:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md --json audit.json" }
If the repo is a monorepo, point at the app directory:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo apps/mobile --format md" }
从仓库根目录运行只读审计脚本:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md" }
如果同时需要JSON格式输出:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo . --format md --json audit.json" }
如果是单体仓库(monorepo),请指定应用目录:
{ "tool": "exec", "command": "node {baseDir}/scripts/audit.mjs --repo apps/mobile --format md" }

Output contract

输出规范

Always return:
  • Overall verdict: PASS / WARN / FAIL
  • Detected project flavour and key identifiers (bundle id, version, build)
  • A list of checks with evidence and remediation steps
  • A Publish checklist the developer can tick off
Use: references/report-template.md
需始终返回:
  • 整体结论:PASS / WARN / FAIL
  • 检测到的项目类型和关键标识(Bundle ID、版本号、构建号)
  • 包含证据和修复步骤的检查项列表
  • 可供开发者勾选的发布检查清单
使用模板:references/report-template.md

Safety rules (don’t break the repo)

安全规则(请勿破坏仓库)

Default to read‑only commands. Do not run commands that modify the workspace unless:
  • the user explicitly asks, or
  • the fix is trivial and clearly desired (then explain what will change first)
Examples of mutating commands:
  • dependency installs (
    npm i
    , 
    yarn
    , 
    pnpm i
    , 
    pod install
    )
  • config generation (
    expo prebuild
    )
  • signing automation (
    fastlane match
    )
  • archiving (
    xcodebuild archive
    , 
    eas build
    ) — creates artefacts and may require signing
If you must run a mutating command, label it clearly as MUTATING before running.
默认使用只读命令。除非满足以下条件,否则不要运行会修改工作区的命令:
  • 用户明确要求,或者
  • 修复操作简单且明确必要(执行前需先说明会做出哪些变更)
会修改仓库的命令示例:
  • 依赖安装(
    npm i
    yarn
    pnpm i
    pod install
  • 配置生成(
    expo prebuild
  • 签名自动化(
    fastlane match
  • 归档操作(
    xcodebuild archive
    eas build
    )——会生成构建产物,可能需要签名
如果必须执行修改仓库的命令,需在执行前明确标记为MUTATING

Main workflow

主要工作流程

1) Identify the repo and project flavour

1) 识别仓库与项目类型

Prefer scripted detection (
audit.mjs
). If doing manually:
  • Expo likely: 
    package.json
    contains 
    expo
    and 
    app.json
    / 
    app.config.*
    exists
  • React Native (bare): 
    package.json
    contains 
    react-native
    and 
    ios/
    exists
  • Native iOS: 
    *.xcodeproj
    or 
    *.xcworkspace
    exists
If multiple apps exist, pick the one matching the user’s intent; otherwise pick the directory with:
  • a single 
    ios/<AppName>/Info.plist
    , and
  • exactly one 
    .xcodeproj
    or 
    .xcworkspace
    near the root.
优先使用脚本自动检测(
audit.mjs
)。如果手动检测:
  • 若为Expo项目:
    package.json
    包含
    expo
    ,且存在
    app.json
    / 
    app.config.*
    文件
  • 若为React Native(裸工程):
    package.json
    包含
    react-native
    ,且存在
    ios/
    目录
  • 若为原生iOS项目:存在
    *.xcodeproj
    *.xcworkspace
    文件
如果仓库包含多个应用,选择符合用户需求的那个;否则选择满足以下条件的目录:
  • 包含单个
    ios/<AppName>/Info.plist
    文件,且
  • 根目录附近存在恰好一个
    .xcodeproj
    .xcworkspace
    文件

2) Run static compliance checks (works everywhere)

2) 执行静态合规性检查(全场景支持)

Run these checks even without Xcode:
  • Repo hygiene: clean git status; obvious secrets not committed
  • iOS identifiers: bundle id, version, build number
  • App icons: includes an App Store (1024×1024) icon
  • Launch screen present
  • Privacy & permissions:
    • Privacy manifest present (
      PrivacyInfo.xcprivacy
      ) or explicitly accounted for
    • Permission usage strings present when relevant (camera, location, tracking, etc.)
    • Avoid broad ATS exemptions (
      NSAllowsArbitraryLoads
      )
  • Third‑party SDK hygiene: licences, privacy manifests, tracking disclosures
  • Store listing basics: privacy policy URL exists somewhere in repo/docs; support/contact info
The script outputs PASS/WARN/FAIL for these.
即使没有Xcode也可执行以下检查:
  • 仓库卫生:Git状态干净;未提交明显的敏感信息
  • iOS标识:Bundle ID、版本号、构建号
  • 应用图标:包含App Store要求的1024×1024尺寸图标
  • 启动页已配置
  • 隐私与权限:
    • 存在隐私清单(
      PrivacyInfo.xcprivacy
      )或已明确说明无需配置
    • 相关权限使用字符串已配置(如相机、位置、追踪等)
    • 避免使用宽泛的ATS豁免(
      NSAllowsArbitraryLoads
  • 第三方SDK合规:许可证、隐私清单、追踪披露
  • 商店列表基础:仓库/文档中存在隐私政策URL;包含支持/联系信息
脚本会为这些检查项输出PASS/WARN/FAIL结果。

3) Run build‑accuracy checks (macOS + Xcode, optional but high confidence)

3) 执行构建准确性检查(需macOS + Xcode,可选但可信度高)

Only if you have Xcode available (local macOS gateway or a paired macOS node).
Recommended sequence (creates build artefacts):
  1. Show Xcode + SDK versions: { "tool": "exec", "command": "xcodebuild -version" }
  2. List schemes (project/workspace as detected): { "tool": "exec", "command": "xcodebuild -list -json -workspace <path>.xcworkspace" } or { "tool": "exec", "command": "xcodebuild -list -json -project <path>.xcodeproj" }
  3. Release build for simulator (fast, avoids signing): { "tool": "exec", "command": "xcodebuild -workspace <...> -scheme <...> -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' build" }
  4. If you need a distribution artefact (MUTATING / signing):
  • Prefer Fastlane if already configured
  • Otherwise 
    xcodebuild archive
    + 
    xcodebuild -exportArchive
If build checks aren’t possible, the report must explicitly say so and keep the verdict at WARN (unless there are definite FAIL items).
仅当Xcode可用时执行(本地macOS环境或配对的macOS节点)。
推荐执行顺序(会生成构建产物):
  1. 查看Xcode + SDK版本: { "tool": "exec", "command": "xcodebuild -version" }
  2. 列出Scheme(根据检测到的项目/工作区): { "tool": "exec", "command": "xcodebuild -list -json -workspace <path>.xcworkspace" } 或 { "tool": "exec", "command": "xcodebuild -list -json -project <path>.xcodeproj" }
  3. 为模拟器构建发布版本(速度快,无需签名): { "tool": "exec", "command": "xcodebuild -workspace <...> -scheme <...> -configuration Release -sdk iphonesimulator -destination 'platform=iOS Simulator,name=iPhone 15' build" }
  4. 如果需要分发产物(MUTATING / 需签名):
  • 若已配置Fastlane,优先使用该工具
  • 否则使用
    xcodebuild archive
    + 
    xcodebuild -exportArchive
    组合命令
如果无法执行构建检查,报告中必须明确说明这一点,并且将结论设为WARN(除非存在明确的FAIL项)。

4) Produce the final readiness report

4) 生成最终就绪报告

  • Use references/report-template.md
  • Include a “Go / No‑Go” recommendation:
    • FAIL → must fix before submitting
    • WARN → submission may work, but risk areas remain
    • PASS → ready to submit; remaining items are administrative
  • 使用模板:references/report-template.md
  • 包含“可提交/不可提交”建议:
    • FAIL → 提交前必须修复问题
    • WARN → 可能可以提交,但仍存在风险点
    • PASS → 已准备好提交;剩余事项均为行政流程

Manual checks the agent cannot fully verify

无法由Agent完全验证的手动检查项

Always include these as a final checklist section (even if automated checks pass):
  • App Store Connect metadata: screenshots, description, keywords, age rating, pricing, categories
  • Privacy Nutrition Labels match actual behaviour
  • Export compliance (encryption) answers are correct
  • Content/IP rights: licences, third‑party assets, trademarks
  • Account / regional requirements (e.g. EU trader status if applicable)
  • In‑app purchases / subscriptions configured if used
See: references/manual-checklist.md
无论自动化检查是否通过,都需在报告末尾包含以下检查清单:
  • App Store Connect元数据:截图、描述、关键词、年龄分级、定价、分类
  • 隐私营养标签与实际行为一致
  • 出口合规(加密)回答正确
  • 内容/知识产权:许可证、第三方资产、商标
  • 账号/区域要求(如适用欧盟商家身份)
  • 若使用内购/订阅功能,需确认已完成配置
参考:references/manual-checklist.md

When the user asks “make it compliant”

当用户要求“使其合规”时

Switch to fix mode:
  1. Identify failing items that can be fixed safely in‑repo (Info.plist strings, 
    PrivacyInfo.xcprivacy
    template, ATS exceptions tightening, etc.)
  2. Propose minimal patches and apply with 
    apply_patch
  3. Re‑run 
    audit.mjs
    and update the report
切换至修复模式:
  1. 识别可在仓库内安全修复的失败项(如Info.plist字符串、
    PrivacyInfo.xcprivacy
    模板、ATS豁免收紧等)
  2. 提出最小化补丁并使用
    apply_patch
    应用
  3. 重新运行
    audit.mjs
    并更新报告

Quick search

快速参考

  • Permissions mapping: references/permissions-map.md
  • Expo‑specific checks: references/expo.md
  • React Native iOS checks: references/react-native.md
  • Native iOS checks: references/native-ios.md
  • 权限映射:references/permissions-map.md
  • Expo专属检查项:references/expo.md
  • React Native iOS检查项:references/react-native.md
  • 原生iOS检查项:references/native-ios.md