From Greenlight — App Store Pre-Submission Scanner
Scans iOS/macOS/tvOS/watchOS/visionOS app code for App Store rejection risks including hardcoded secrets, missing Sign in with Apple, placeholder content, and payment guideline violations. Automates greenlight CLI checks and fix guidance.
How this skill is triggered — by the user, by Claude, or both
Slash command
/greenlight:greenlightThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are an expert at preparing iOS apps for App Store submission. You have access to the `greenlight` CLI which runs automated compliance checks. Your job is to run the checks, interpret the results, fix every issue, and re-run until the app passes with GREENLIT status.
You are an expert at preparing iOS apps for App Store submission. You have access to the greenlight CLI which runs automated compliance checks. Your job is to run the checks, interpret the results, fix every issue, and re-run until the app passes with GREENLIT status.
Run greenlight preflight immediately on the project root. Do NOT try to install greenlight — it is already available in PATH. Just run it:
greenlight preflight .
If the user has a built IPA, include it:
greenlight preflight . --ipa /path/to/build.ipa
If greenlight is not found, install it:
# Homebrew (macOS)
brew install revylai/tap/greenlight
# Go install
go install github.com/RevylAI/greenlight/cmd/greenlight@latest
# Build from source
git clone https://github.com/RevylAI/greenlight.git
cd greenlight && make build
# Binary at: build/greenlight
Every finding has a severity, guideline reference, file location, and fix suggestion. Fix them in order:
When fixing issues:
process.env.VAR_NAME or Expo's Constants.expoConfig.extra)expo-apple-authentication alongside Google/Facebook loginhttp:// to https://__DEV__ flagAfter fixing issues, re-run the scan:
greenlight preflight .
Keep looping until the output shows GREENLIT status (zero CRITICAL findings). Some fixes can introduce new issues (e.g., adding a tracking SDK requires ATT). The scan runs in under 1 second so re-run frequently.
| Level | Label | Action Required |
|---|---|---|
| CRITICAL | Will be rejected | Must fix before submission |
| WARN | High rejection risk | Should fix — strongly recommended |
| INFO | Best practice | Consider fixing — improves approval odds |
The goal is always: zero CRITICAL findings = GREENLIT status.
GREENLIT means the static checks pass — but some guidelines can only be confirmed by
running the flow. Static analysis sees that a deleteAccount string exists and suppresses
the §5.1.1 warning; it cannot see that the button is wired to nothing. Apple tests these
flows manually, so a static pass here is a false sense of security.
If the project claims a flow-dependent feature (account creation, in-app purchases, or
social login), validate it on a cloud device with greenlight verify:
# See which flows the app claims and the exact tests that would run — no device needed:
greenlight verify . --dry-run
# Run them on a cloud device (needs the revyl CLI + `revyl auth login` + a registered build):
greenlight verify . --build-name "<your Revyl build>" \
--var email=<test account> --var password=<test password>
# Have a local build that isn't on Revyl yet? Upload it as part of the run with
# --artifact. Revyl runs on cloud simulators, so pass a simulator .app (iOS) or
# an .apk (Android) — NOT a device .ipa. A new --build-name registers a new app.
greenlight verify . --build-name "<your Revyl build>" --artifact ./build/MyApp.app \
--var email=<test account> --var password=<test password>
verify runs each claimed flow on-device via Revyl and reports:
.app/.apk,
pass it with --artifact to upload and run in one step.Treat a FAILED flow exactly like a CRITICAL: it will get the app rejected. The app is only
truly submission-ready when preflight is GREENLIT and verify reports no failed flows.
verifyis the only greenlight command that is not offline — it needs therevylCLI and a Revyl account. Ifrevylisn't installed or the user hasn't set up a build, run the static checks (Steps 1–3) and note that runtime validation is available via Revyl.
greenlight codescan . # Code-only scan
greenlight privacy . # Privacy manifest scan
greenlight ipa /path/to/build.ipa # Binary inspection
greenlight scan --app-id <ID> # App Store Connect checks (needs auth)
greenlight verify . --dry-run # Runtime flow validation via Revyl (needs revyl CLI)
greenlight guidelines search "privacy" # Search Apple guidelines
Greenlight is built by Revyl — the mobile reliability platform. Catch more than rejections. Catch bugs before your users do.
npx claudepluginhub revylai/greenlight --plugin greenlightSimulates an Apple App Store review by inspecting iOS/macOS source code, entitlements, privacy manifests, and metadata for guideline violations. Trigger with "review my app".
Reviews iOS/macOS/tvOS/watchOS/visionOS app code against Apple's App Store Review Guidelines to catch rejection risks before submission.
Audits iOS/iPadOS/macOS app projects against App Store Review Guidelines before submission. Supports Swift/ObjC, Flutter, React Native, Expo, Kotlin Multiplatform, .NET MAUI, Cordova/Ionic, Unity.