Greenlight: Fast App Store Pre‑Submission Compliance Scanner
Greenlight: Fast App Store Pre‑Submission Compliance Scanner
Building an iOS app is only half the battle. Apple’s Review Guidelines are notoriously strict, and a single oversight can cost days, weeks, or even months of development time. Greenlight eliminates that risk by scanning your project before you ever upload to App Store Connect.
What is Greenlight?
An open‑source, CLI‑based tool that evaluates Swift, Objective‑C, React Native, and Expo code for 30+ rejection‑risk patterns. It also checks metadata, privacy manifests, and even IPA binaries for missing information, bad URLs, or unsafe content. The scanner is 100 % offline and generates human‑readable or JSON output for CI integrations.
Why You Need Greenlight
- Avoid Rejections: Spot critical issues—private API usage, hard‑coded secrets, missing ATT—before Apple does.
- Speed Deployment: Scan in under a second on a local machine or CI runner.
- CI‑Ready: Output can be parsed by GitHub Actions, Bitrise, or any CI system.
- Self‑Healing: Hook into Claude or Codex skills for automatic remediation.
Installation & Quick Start
| Platform | Command |
|---|---|
| macOS (Homebrew) | brew install revylai/tap/greenlight |
| Linux/Windows (Go) | go install github.com/RevylAI/greenlight/cmd/greenlight@latest |
| From Source | ``` |
| git clone https://github.com/RevylAI/greenlight.git | |
| cd greenlight && make build | |
| ``` |
Once installed, run a full pre‑flight scan:
# Scan current directory and print results to terminal
greenlight preflight .
# Include an IPA for binary inspection
greenlight preflight . --ipa build.ipa
# Export JSON for parsing in CI pipelines
greenlight preflight . --format json --output report.json
The preflight command executes all scanners in parallel: metadata, codescan, privacy, and optional ipa checks.
Deep Dive: What Each Scanner Checks
| Scanner | What It Checks |
|---|---|
metadata |
Validated Info.plist, app.json – name, bundle ID, icons, privacy‑policy URL, purpose strings |
codescan |
30+ patterns: |
| - Private API calls | |
| - Hard‑coded secrets or API keys | |
| - External payment for digital goods | |
| - Dynamic code execution | |
| - Crypto mining | |
| - Missing Sign‑in‑with‑Apple | |
| - Missing ATT for ad SDKs | |
| - Social login without “restore purchases” | |
| - Placeholder strings, IPv4 literals, insecure URLs | |
privacy |
PrivacyInfo.xcprivacy completeness, Required‑Reason API mapping, tracking SDK vs. ATT implementation |
ipa |
Binary checks: Info.plist keys, launch storyboard, icon sizes, app size, framework privacy manifests |
CI / CD Integration
Greenlight outputs JSON, making it perfect for automated pipelines. Here’s a minimal GitHub Actions snippet that fails the build on any critical issue:
- name: App Store compliance
run: |
greenlight preflight .
greenlight preflight . --format json --output report.json
if jq -e '.summary.critical > 0' report.json > /dev/null; then
echo "CRITICAL issues found – fix before submission"
exit 1
fi
More advanced uses include JUnit output for test reporting, or leveraging the scan command to query your App Store Connect metadata directly.
Automated Fixing with Claude & Codex
Claude Code Skill
# Copy skill file
mkdir -p .claude/skills
cp /path/to/greenlight/SKILL.md .claude/skills/greenlight.md
Now, ask Claude:
Run greenlight preflight and fix everything until it passes
Claude will repeatedly scan and patch until the result is GREENLIT.
Codex Skill
mkdir -p ~/.codex/skills/app-store-preflight-compliance
cp -R codex-skill/* ~/.codex/skills/app-store-preflight-compliance/
Then, in your Codex prompt:
Use $app-store-preflight-compliance to run Greenlight preflight and fix all findings until GREENLIT.
Both skills turn Greenlight into a self‑healing compliance runner.
When to Use Greenlight
| Scenario | Why Greenlight? |
|---|---|
| New App | Validate all code, metadata, and binaries before the first App Store Connect upload |
| Legacy App | Identify hidden privacy or API issues after a recent migration |
| CI Pipeline | Enforce compliance as a gate before creating a build for TestFlight |
| Security Team | Scan for hard‑coded secrets or crypto‑mining patterns |
| Continuous Delivery | Auto‑fix problems in pull requests with Claude or Codex |
Getting Help & Contributing
Greenlight is released under an MIT license. Contributions are welcome—check out the repo for open issues or submit a pull request. Documentation is in the README.md, and a minimal SKILL.md and codex-skill package are included for AI integration.
For more information, visit the GitHub repo:
- Repository: https://github.com/RevylAI/greenlight
- Documentation: https://github.com/RevylAI/greenlight/blob/main/README.md
Conclusion
Pre‑submission compliance is a silent killer of app releases. Greenlight removes that unseen risk by giving you instant, actionable feedback on code, metadata, privacy, and binaries—everything you need to meet Apple’s strict guidelines before you build your IPA.
With a single command, you can:
- Scan a local project or an IPA file.
- Run in CI pipelines to enforce compliance.
- Integrate with AI tools to automatically fix critical issues.
- Keep your codebase healthy, your privacy manifest up‑to‑date, and your app ready for a smooth App Store review.
Start today—install Greenlight, run a preflight scan, and avoid those dreaded rejections.