app-store-preflight-compliance
Pre-submission compliance scanner workflow for Apple App Store apps. Use when reviewing iOS, macOS, tvOS, watchOS, or visionOS projects (Swift, Objective-C, React Native, Expo) for App Store rejection risks, submission readiness, privacy compliance, or guideline violations.
What this skill does
# App Store Preflight Compliance Run Greenlight checks, fix findings, and repeat until the project reaches GREENLIT status. ## Workflow 1. Run `greenlight preflight` at the project root. 2. Triage findings by severity (`CRITICAL`, then `WARN`, then `INFO`). 3. Apply concrete code/configuration fixes. 4. Re-run and continue until no `CRITICAL` findings remain. ## Step 1: Run Scan ```bash greenlight preflight . ``` If an IPA is available: ```bash greenlight preflight . --ipa /path/to/build.ipa ``` If `greenlight` is missing, install it: ```bash # Homebrew (macOS) brew install revylai/tap/greenlight # Go go install github.com/RevylAI/greenlight/cmd/greenlight@latest # Build from source git clone https://github.com/RevylAI/greenlight.git cd greenlight && make build ``` ## Step 2: Fix Findings Fix in order: 1. `CRITICAL`: must fix before submission. 2. `WARN`: high rejection risk, strongly recommended to fix. 3. `INFO`: best-practice improvements. Common fixes: - Move hardcoded secrets to environment variables. - Replace external payment flows for digital goods with StoreKit/IAP. - Add Sign in with Apple when social login exists. - Add account deletion when account creation exists. - Remove references to competing platforms. - Replace placeholder text (`Lorem ipsum`, `TBD`, `Coming soon`). - Rewrite vague purpose strings with concrete app behavior. - Replace hardcoded IPs with hostnames. - Replace `http://` URLs with `https://`. - Remove debug logs or gate them behind development flags. - Add missing privacy policy URL and required App Store metadata. ## Step 3: Re-Run Until GREENLIT ```bash greenlight preflight . ``` Continue until output reports GREENLIT (zero `CRITICAL` findings). ## Useful Commands ```bash greenlight codescan . greenlight privacy . greenlight ipa /path/to/build.ipa greenlight scan --app-id <ID> greenlight guidelines search "privacy" ``` ## Attribution Original project and workflow: [RevylAI/greenlight](https://github.com/RevylAI/greenlight). Credit to Lanseer and the Revyl team for creating Greenlight. This package is a Codex-native adaptation for the same workflow.
Related in Web Dev
generating-lwc-components
IncludedLightning Web Components with PICKLES methodology and 165-point scoring. Use this skill when the user creates or edits LWC components, builds wire service patterns, or writes Jest tests for LWC. TRIGGER when: user creates/edits LWC components, touches lwc/**/*.js, .html, .css, .js-meta.xml files, or asks about wire service, SLDS, or Jest LWC tests. DO NOT TRIGGER when: Apex classes (use generating-apex), Aura components, or Visualforce.
tanstack-query
IncludedManage server state in React with TanStack Query v5. Set up queries with useQuery, mutations with useMutation, configure QueryClient caching strategies, implement optimistic updates, and handle infinite scroll with useInfiniteQuery. Use when: setting up data fetching in React projects, migrating from v4 to v5, or fixing object syntax required errors, query callbacks removed issues, cacheTime renamed to gcTime, isPending vs isLoading confusion, keepPreviousData removed problems.
document-processor-api
IncludedProcess documents with Nutrient DWS. Use when the user wants to generate PDFs from HTML or URLs, convert Office/images/PDFs, assemble or split packets, OCR scans, extract text/tables/key-value pairs, redact PII, watermark, sign, fill forms, optimize PDFs, or produce compliance outputs like PDF/A or PDF/UA. Triggers include convert to PDF, merge these PDFs, OCR this scan, extract tables, redact PII, sign this PDF, make this PDF/A, or linearize for web delivery.
nutrient-document-processing
IncludedProcess documents with Nutrient DWS. Use when the user wants to generate PDFs from HTML or URLs, convert Office/images/PDFs, assemble or split packets, OCR scans, extract text/tables/key-value pairs, redact PII, watermark, sign, fill forms, optimize PDFs, or produce compliance outputs like PDF/A or PDF/UA. Triggers include convert to PDF, merge these PDFs, OCR this scan, extract tables, redact PII, sign this PDF, make this PDF/A, or linearize for web delivery.
tanstack-query
IncludedManage server state in React with TanStack Query v5. Covers useMutationState, simplified optimistic updates, throwOnError, network mode (offline/PWA), and infiniteQueryOptions. Use when setting up data fetching, fixing v4→v5 migration errors (object syntax, gcTime, isPending, keepPreviousData), or debugging SSR/hydration issues with streaming server components.
accelint-nextjs-best-practices
IncludedNext.js performance optimization and best practices. Use when writing Next.js code (App Router or Pages Router); implementing Server Components, Server Actions, or API routes; optimizing RSC serialization, data fetching, or server-side rendering; reviewing Next.js code for performance issues; fixing authentication in Server Actions; or implementing Suspense boundaries, parallel data fetching, or request deduplication.