[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-74642":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":13,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":9,"pushedAt":9,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},74642,"greenlight","RevylAI\u002Fgreenlight","RevylAI","Pre-submission compliance scanner for the Apple App Store",null,"Go",1414,87,1,0,6,22,3,18.83,"MIT License",false,"main",true,[],"2026-06-12 02:03:26","# greenlight\n\n**Know before you submit.** Pre-submission compliance scanner for the Apple App Store.\n\nGreenlight scans your app — source code, privacy manifests, IPA binaries, and App Store Connect metadata — against Apple's Review Guidelines, catching rejection risks before Apple does.\n\n## Install\n\n```bash\n# Homebrew (macOS)\nbrew install revylai\u002Ftap\u002Fgreenlight\n\n# Go\ngo install github.com\u002FRevylAI\u002Fgreenlight\u002Fcmd\u002Fgreenlight@latest\n\n# Build from source\ngit clone https:\u002F\u002Fgithub.com\u002FRevylAI\u002Fgreenlight.git\ncd greenlight && make build\n# Binary at: build\u002Fgreenlight\n```\n\n## Quick Start\n\n```bash\n# Run EVERYTHING on your project — one command, zero uploads\ngreenlight preflight \u002Fpath\u002Fto\u002Fyour\u002Fproject\n\n# Include IPA for binary analysis\ngreenlight preflight . --ipa build.ipa\n```\n\nThat's it. You get a full report in under a second.\n\n## Commands\n\n### `greenlight preflight [path]` — The one command to run\n\nRuns all scanners in parallel. No account needed. Entirely offline.\n\n```bash\ngreenlight preflight .                          # scan current directory\ngreenlight preflight .\u002Fmy-app --ipa build.ipa   # with binary inspection\ngreenlight preflight . --format json            # JSON output for CI\u002FCD\ngreenlight preflight . --output report.json     # write to file\n```\n\n**Scanners included:**\n\n| Scanner | Checks |\n|---------|--------|\n| **metadata** | app.json \u002F Info.plist: name, version, bundle ID format, icon, privacy policy URL, purpose strings |\n| **codescan** | 30+ code patterns: private APIs, secrets, payment violations, missing ATT, social login, placeholders |\n| **privacy** | PrivacyInfo.xcprivacy completeness, Required Reason APIs, tracking SDKs vs ATT implementation |\n| **ipa** | Binary: Info.plist keys, launch storyboard, app icons, app size, framework privacy manifests |\n\n### `greenlight codescan [path]` — Code pattern scan\n\n```bash\ngreenlight codescan \u002Fpath\u002Fto\u002Fproject\n```\n\nScans Swift, Objective-C, React Native, and Expo projects for:\n- Private API usage (§2.5.1) — **CRITICAL**\n- Hardcoded secrets\u002FAPI keys (§1.6) — **CRITICAL**\n- External payment for digital goods (§3.1.1) — **CRITICAL**\n- Dynamic code execution (§2.5.2) — **CRITICAL**\n- Cryptocurrency mining (§3.1.5) — **CRITICAL**\n- Missing Sign in with Apple when using social login (§4.8)\n- Missing Restore Purchases for IAP (§3.1.1)\n- Missing ATT for ad\u002Ftracking SDKs (§5.1.2)\n- Account creation without deletion option (§5.1.1)\n- Placeholder content in strings (§2.1)\n- References to competing platforms (§2.3)\n- Hardcoded IPv4 addresses (§2.5)\n- Insecure HTTP URLs (§1.6)\n- Vague Info.plist purpose strings (§5.1.1)\n- Expo config issues (§2.1)\n\n### `greenlight privacy [path]` — Privacy manifest validator\n\n```bash\ngreenlight privacy \u002Fpath\u002Fto\u002Fproject\n```\n\nDeep privacy compliance scan:\n- PrivacyInfo.xcprivacy exists and is properly configured\n- Required Reason APIs detected in code vs declared in manifest\n- Tracking SDKs detected vs ATT implementation\n- Cross-references everything automatically\n\n### `greenlight ipa \u003Cpath.ipa>` — Binary inspector\n\n```bash\ngreenlight ipa \u002Fpath\u002Fto\u002Fbuild.ipa\n```\n\nInspects a built IPA for:\n- PrivacyInfo.xcprivacy presence\n- Info.plist completeness and purpose string quality\n- App Transport Security configuration\n- App icon presence and sizes\n- Launch storyboard presence\n- App size vs 200MB cellular download limit\n- Embedded framework privacy manifests\n\n### `greenlight scan --app-id \u003CID>` — App Store Connect checks\n\n```bash\ngreenlight auth setup                    # one-time: configure API key\ngreenlight auth login                    # or: sign in with Apple ID\ngreenlight scan --app-id 6758967212     # run all tiers\n```\n\nAPI-based checks against your app in App Store Connect:\n- Metadata completeness (descriptions, keywords, URLs)\n- Screenshot verification for required device sizes\n- Build processing status\n- Age rating and encryption compliance\n- Content analysis (platform references, placeholders)\n\n### `greenlight guidelines` — Browse Apple's guidelines\n\n```bash\ngreenlight guidelines list               # all sections\ngreenlight guidelines show 2.1           # specific guideline\ngreenlight guidelines search \"privacy\"   # full-text search\n```\n\n### Output formats\n\nAll scan commands support:\n\n```bash\n--format terminal   # colored terminal output (default)\n--format json       # JSON for CI\u002FCD pipelines\n--output file.json  # write to file instead of stdout\n```\n\n## Claude Code Skill\n\nGreenlight works as a Claude Code skill for AI-assisted compliance fixing. Claude runs the scan, reads the output, fixes every issue in your code, and re-runs until GREENLIT.\n\n### Setup\n\nAdd the SKILL.md to your project's `.claude\u002F` directory or install as a plugin:\n\n```bash\n# Copy skill file into your project\nmkdir -p .claude\u002Fskills\ncp \u002Fpath\u002Fto\u002Fgreenlight\u002FSKILL.md .claude\u002Fskills\u002Fgreenlight.md\n\n# Or reference it in your CLAUDE.md\necho \"See greenlight skill: \u002Fpath\u002Fto\u002Fgreenlight\u002FSKILL.md\" >> CLAUDE.md\n```\n\nThen tell Claude: *\"Run greenlight preflight and fix everything until it passes\"*\n\nClaude will:\n1. Run `greenlight preflight .`\n2. Read every finding\n3. Fix each issue (CRITICAL first, then WARN, then INFO)\n4. Re-run and repeat until GREENLIT\n\n## Codex Skill\n\nGreenlight includes a Codex-native skill package at `codex-skill\u002F`.\n\n### Setup\n\n```bash\nmkdir -p ~\u002F.codex\u002Fskills\u002Fapp-store-preflight-compliance\ncp -R codex-skill\u002F* ~\u002F.codex\u002Fskills\u002Fapp-store-preflight-compliance\u002F\n```\n\nThen in Codex, invoke:\n\n```text\nUse $app-store-preflight-compliance to run Greenlight preflight and fix all findings until GREENLIT.\n```\n\n## Architecture\n\n```\ngreenlight\n├── preflight         Run ALL checks — one command\n│   ├── metadata      app.json \u002F Info.plist local analysis\n│   ├── codescan      30+ rejection-risk code patterns\n│   ├── privacy       Privacy manifest + Required Reason APIs\n│   └── ipa           Binary inspection (optional)\n│\n├── codescan          Code-only scanning\n├── privacy           Privacy-only scanning\n├── ipa               Binary-only inspection\n│\n├── scan              App Store Connect API checks (tiers 1-4)\n│   ├── Tier 1        Metadata & completeness\n│   ├── Tier 2        Content analysis\n│   ├── Tier 3        Binary inspection\n│   └── Tier 4        Historical pattern matching\n│\n├── auth              App Store Connect authentication\n│   ├── login         Apple ID + 2FA session auth\n│   ├── setup         API key configuration\n│   ├── status        Show current auth state\n│   └── logout        Remove credentials\n│\n└── guidelines        Built-in Apple Review Guidelines database\n    ├── list          All 5 sections with subsections\n    ├── show          Specific guideline details\n    └── search        Full-text search\n```\n\n## CI\u002FCD Integration\n\n```yaml\n# GitHub Actions\n- name: App Store compliance check\n  run: |\n    greenlight preflight . --format json --output greenlight-report.json\n    # Fail the pipeline if critical issues found\n    if jq -e '.summary.critical > 0' greenlight-report.json > \u002Fdev\u002Fnull; then\n      echo \"CRITICAL issues found — fix before submission\"\n      exit 1\n    fi\n```\n\n```yaml\n# JUnit output for test reporting (scan command only)\ngreenlight scan --app-id $APP_ID --format junit --output greenlight.xml\n```\n\n## Built by Revyl\n\nGreenlight catches App Store rejections. [Revyl](https:\u002F\u002Frevyl.com) catches bugs.\n\nThe mobile reliability platform. AI-powered testing for mobile apps — write tests in natural language, run them on real devices.\n","greenlight 是一个针对苹果应用商店的预提交合规扫描工具。它能够检查应用程序的源代码、隐私清单、IPA 二进制文件以及 App Store Connect 元数据，确保它们符合苹果的审核指南，在提交前发现潜在的拒绝风险。该工具使用 Go 语言编写，支持通过 Homebrew 或直接从源码构建安装，并提供多种命令行选项以满足不同的分析需求，包括元数据验证、代码模式扫描、隐私清单校验及 IPA 文件审查等。greenlight 适用于 iOS 应用开发者或团队在开发过程中进行自我检查，特别适合那些希望减少因不符合规定而被拒的情况发生的场景。",2,"2026-06-11 03:50:15","high_star"]