### Setup Greenlight Codex Skill Source: https://github.com/revylai/greenlight/blob/main/README.md Instructions for setting up the Greenlight Codex skill package. This involves creating a directory in the Codex skills path and copying the Greenlight skill files into it. ```bash mkdir -p ~/.codex/skills/app-store-preflight-compliance cp -R codex-skill/* ~/.codex/skills/app-store-preflight-compliance/ ``` -------------------------------- ### Install Greenlight CLI Source: https://github.com/revylai/greenlight/blob/main/SKILL.md Provides instructions for installing the greenlight CLI using Homebrew, Go install, or by building from source. This is necessary if the greenlight command is not found in the PATH. ```bash # Homebrew (macOS) brew install revylai/tap/greenlight ``` ```bash # Go install go install github.com/RevylAI/greenlight/cmd/greenlight@latest ``` ```bash # Build from source git clone https://github.com/RevylAI/greenlight.git cd greenlight && make build # Binary at: build/greenlight ``` -------------------------------- ### JUnit Output for Greenlight Scan Command Source: https://github.com/revylai/greenlight/blob/main/README.md This example shows how to configure the Greenlight `scan` command to output results in JUnit format, which is commonly used for test reporting in CI/CD systems. The output is directed to a file named `greenlight.xml`. ```yaml # JUnit output for test reporting (scan command only) greenlight scan --app-id $APP_ID --format junit --output greenlight.xml ``` -------------------------------- ### GitHub Actions CI/CD Integration for Greenlight Source: https://github.com/revylai/greenlight/blob/main/README.md This example demonstrates how to integrate Greenlight's preflight checks into a GitHub Actions workflow. It runs the preflight command, saves the report as JSON, and fails the pipeline if critical issues are detected. ```yaml # GitHub Actions - name: App Store compliance check run: | greenlight preflight . --format json --output greenlight-report.json # Fail the pipeline if critical issues found if jq -e '.summary.critical > 0' greenlight-report.json > /dev/null; then echo "CRITICAL issues found — fix before submission" exit 1 fi ``` -------------------------------- ### Run All Scanners and Get Unified Results (Go) Source: https://context7.com/revylai/greenlight/llms.txt Employs the preflight package to execute all scanners and consolidate the results. It can optionally take an IPA path and a boolean for specific checks. The output includes app details, privacy manifest status, a summary of passed/failed checks, and a detailed JSON representation of the results. ```go package main import ( "encoding/json" "fmt" "github.com/RevylAI/greenlight/internal/preflight" ) func main() { // Run all checks with optional IPA path result, err := preflight.Run("/path/to/project", "/path/to/app.ipa", false) if err != nil { panic(err) } fmt.Printf("App: %s (%s)\n", result.AppName, result.BundleID) fmt.Printf("Privacy Manifest: %v\n", result.HasPrivacyInfo) // Check if passed if result.Summary.Passed { fmt.Println("GREENLIT - Ready for submission!") } else { fmt.Printf("NOT READY - %d critical issues\n", result.Summary.Critical) } // Output as JSON jsonData, _ := json.MarshalIndent(result, "", " ") fmt.Println(string(jsonData)) } ``` -------------------------------- ### Integrate with Codex for Compliance Fixing (Shell) Source: https://context7.com/revylai/greenlight/llms.txt Details the setup process for integrating Greenlight with OpenAI Codex for automated compliance fixing. This includes copying the Codex skill files and invoking Codex with a prompt to run Greenlight preflight checks and resolve all findings until the project achieves 'GREENLIT' status. ```bash # Codex setup mkdir -p ~/.codex/skills/app-store-preflight-compliance cp -R codex-skill/* ~/.codex/skills/app-store-preflight-compliance/ # Invoke in Codex: # "Use $app-store-preflight-compliance to run Greenlight preflight and fix all findings until GREENLIT." ``` -------------------------------- ### Manage Authentication with Greenlight CLI Source: https://context7.com/revylai/greenlight/llms.txt The `greenlight auth` commands handle authentication with App Store Connect. It supports both Apple ID sessions (recommended for 2FA) and API key configuration. Commands include `login`, `setup` for API keys, `status` to check current authentication, and `logout` to remove credentials. ```bash # Sign in with Apple ID (recommended, supports 2FA) greenlight auth login # Prompts for: # Apple ID (email): your@email.com # Password: ******** # 6-digit code: 123456 (if 2FA enabled) # Configure API key (advanced) greenlight auth setup # Prompts for: # Key ID: ABC123DEFG # Issuer ID: 12345678-1234-1234-1234-123456789012 # Path to .p8 private key: ~/AuthKey_ABC123DEFG.p8 # Check authentication status greenlight auth status # Output: # Method: Apple ID session # Account: John Doe (john@example.com) # Team: My Company LLC # Expires: Jan 15, 2025 # Remove credentials greenlight auth logout ``` -------------------------------- ### Integrate Greenlight into GitHub Actions for CI/CD Source: https://context7.com/revylai/greenlight/llms.txt This YAML configuration demonstrates how to integrate the Greenlight CLI into a GitHub Actions workflow. It checks out the code, installs Greenlight, runs a preflight compliance check, and fails the pipeline if critical issues are found. It also uploads the report and optionally performs an App Store Connect scan using secrets. ```yaml # .github/workflows/app-store-compliance.yml name: App Store Compliance Check on: push: branches: [main] pull_request: branches: [main] jobs: compliance: runs-on: macos-latest steps: - uses: actions/checkout@v4 - name: Install greenlight run: brew install revylai/tap/greenlight - name: Run compliance check run: | greenlight preflight . --format json --output greenlight-report.json # Fail pipeline if critical issues found if jq -e '.summary.critical > 0' greenlight-report.json > /dev/null; then echo "::error::CRITICAL App Store compliance issues found" jq '.findings[] | select(.severity == "CRITICAL")' greenlight-report.json exit 1 fi # Warn on non-critical issues if jq -e '.summary.warns > 0' greenlight-report.json > /dev/null; then echo "::warning::App Store compliance warnings found" jq '.findings[] | select(.severity == "WARN")' greenlight-report.json fi - name: Upload compliance report uses: actions/upload-artifact@v4 if: always() with: name: greenlight-report path: greenlight-report.json # Optional: Run API-based scan (requires secrets) - name: App Store Connect scan if: github.ref == 'refs/heads/main' env: ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }} ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }} ASC_PRIVATE_KEY: ${{ secrets.ASC_PRIVATE_KEY }} run: | echo "$ASC_PRIVATE_KEY" > /tmp/authkey.p8 greenlight auth setup <> CLAUDE.md Then tell Claude: *"Run greenlight preflight and fix everything until it passes"* ``` -------------------------------- ### Guidelines - Browse Apple Review Guidelines Source: https://context7.com/revylai/greenlight/llms.txt The `greenlight guidelines` commands provide a built-in database of Apple's App Store Review Guidelines for quick reference. ```APIDOC ## Guidelines - Browse Apple Review Guidelines ### Description The `greenlight guidelines` commands provide a built-in database of Apple's App Store Review Guidelines for quick reference. ### Methods - `greenlight guidelines list` - `greenlight guidelines show [guideline_number]` - `greenlight guidelines search [query]` ### `greenlight guidelines list` #### Description Lists all guideline sections and their sub-sections. #### Response Example ``` 1 Safety 1.1 Objectionable Content 1.2 User-Generated Content 1.3 Kids Category ... 2 Performance 2.1 App Completeness 2.2 Beta Testing ... ``` ### `greenlight guidelines show [guideline_number]` #### Description Displays the details for a specific guideline number. #### Parameters - `guideline_number` (string) - Required - The number of the guideline to display (e.g., `2.1`). #### Response Example ``` Guideline 2.1 App Completeness Apps must be complete and fully functional... Common violations: • Placeholder content visible to users • Features marked "coming soon" • Broken links or buttons ``` ### `greenlight guidelines search [query]` #### Description Searches the guidelines for a given query term. #### Parameters - `query` (string) - Required - The search term. #### Response Example ``` 5.1.1 Data Collection and Storage 5.1.2 Data Use and Sharing ... ``` ``` -------------------------------- ### Run Greenlight Preflight Scan Source: https://github.com/revylai/greenlight/blob/main/SKILL.md Executes the greenlight preflight scan on the project root. This command checks for potential App Store rejection risks. An optional IPA file path can be provided for binary inspection. ```bash greenlight preflight . ``` ```bash greenlight preflight . --ipa /path/to/build.ipa ``` -------------------------------- ### Greenlight Other CLI Commands Source: https://github.com/revylai/greenlight/blob/main/SKILL.md Demonstrates various other commands available in the greenlight CLI for different scanning and inspection purposes. These include code-only scans, privacy manifest scans, IPA binary inspection, App Store Connect checks, and guideline searches. ```bash greenlight codescan . ``` ```bash greenlight privacy . ``` ```bash greenlight ipa /path/to/build.ipa ``` ```bash greenlight scan --app-id ``` ```bash greenlight guidelines search "privacy" ``` -------------------------------- ### Inspect IPA Binaries with Greenlight IPA CLI Source: https://context7.com/revylai/greenlight/llms.txt The `greenlight ipa` command inspects compiled IPA binaries for compliance issues. It checks for the presence of privacy manifests, the completeness of `Info.plist` files, app icons, and adherence to size limits. The command accepts the path to an IPA file and can output results in JSON format. ```bash greenlight ipa /path/to/build.ipa greenlight ipa ./MyApp.ipa --format json ``` -------------------------------- ### Integrate with Claude Code for Compliance Fixing (Shell) Source: https://context7.com/revylai/greenlight/llms.txt Provides instructions for setting up and using Greenlight's skill file with Claude Code for AI-assisted compliance fixing. This involves copying the skill file and instructing Claude to run preflight checks and automatically fix issues until the project is 'GREENLIT'. ```bash # Claude Code setup - copy skill to project mkdir -p .claude/skills cp /path/to/greenlight/SKILL.md .claude/skills/greenlight.md # Or reference in CLAUDE.md echo "See greenlight skill: /path/to/greenlight/SKILL.md" >> CLAUDE.md # Tell Claude: "Run greenlight preflight and fix everything until it passes" # Claude will: # 1. Run `greenlight preflight .` # 2. Read every finding # 3. Fix each issue (CRITICAL first, then WARN, then INFO) # 4. Re-run and repeat until GREENLIT ``` -------------------------------- ### Scan Code for Rejection Risks (Go) Source: https://context7.com/revylai/greenlight/llms.txt Uses the codescan package to programmatically scan a project directory for potential rejection risks. It returns findings including severity, guideline, title, file location, code snippet, and suggested fixes. A summary of findings is also computed. ```go package main import ( "fmt" "github.com/RevylAI/greenlight/internal/codescan" ) func main() { // Create scanner for project directory scanner := codescan.NewScanner("/path/to/project", false) // Run scan findings, err := scanner.Scan() if err != nil { panic(err) } // Process findings for _, f := range findings { fmt.Printf("[%s] %s: %s\n", f.Severity, f.Guideline, f.Title) fmt.Printf(" File: %s:%d\n", f.File, f.Line) fmt.Printf(" Code: %s\n", f.Code) fmt.Printf(" Fix: %s\n\n", f.Fix) } // Get summary summary := codescan.ComputeSummary(findings, 0) fmt.Printf("Total: %d (Critical: %d, Warn: %d, Info: %d)\n", summary.Total, summary.Critical, summary.Warns, summary.Infos) } ``` -------------------------------- ### Scan App Store Connect with Greenlight CLI Source: https://context7.com/revylai/greenlight/llms.txt The `greenlight scan` command performs API-based checks on an app in App Store Connect. It analyzes metadata, screenshots, build status, and historical data. Options include specifying the app ID, build version, tier for analysis depth, and output format (JSON, JUnit). Authentication is required via `greenlight auth`. ```bash # First, authenticate (one-time setup) greenlight auth setup # Configure API key # OR greenlight auth login # Sign in with Apple ID (supports 2FA) # Run scan against your app greenlight scan --app-id 6758967212 # Specify build and tier greenlight scan --app-id 6758967212 --build 1.2.3 --tier 2 # Output formats greenlight scan --app-id 6758967212 --format json --output report.json greenlight scan --app-id 6758967212 --format junit --output report.xml # Check tiers: # --tier 1: Metadata & completeness (descriptions, keywords, URLs) # --tier 2: AI content analysis (platform references, placeholders) # --tier 3: Binary inspection (requires IPA path) # --tier 4: Historical pattern matching (community data) ``` -------------------------------- ### GitHub Actions Integration Source: https://context7.com/revylai/greenlight/llms.txt Integrate greenlight into your CI/CD pipeline using GitHub Actions to catch compliance issues before they reach App Review. ```APIDOC ## CI/CD Integration - GitHub Actions ### Description Integrate greenlight into your CI/CD pipeline to catch compliance issues before they reach App Review. ### Workflow Example (`.github/workflows/app-store-compliance.yml`) ```yaml name: App Store Compliance Check on: push: branches: [main] pull_request: branches: [main] jobs: compliance: runs-on: macos-latest steps: - uses: actions/checkout@v4 - name: Install greenlight run: brew install revylai/tap/greenlight - name: Run compliance check run: | greenlight preflight . --format json --output greenlight-report.json # Fail pipeline if critical issues found if jq -e '.summary.critical > 0' greenlight-report.json > /dev/null; then echo "::error::CRITICAL App Store compliance issues found" jq '.findings[] | select(.severity == "CRITICAL")' greenlight-report.json exit 1 fi # Warn on non-critical issues if jq -e '.summary.warns > 0' greenlight-report.json > /dev/null; then echo "::warning::App Store compliance warnings found" jq '.findings[] | select(.severity == "WARN")' greenlight-report.json fi - name: Upload compliance report uses: actions/upload-artifact@v4 if: always() with: name: greenlight-report path: greenlight-report.json # Optional: Run API-based scan (requires secrets) - name: App Store Connect scan if: github.ref == 'refs/heads/main' env: ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }} ASC_ISSUER_ID: ${{ secrets.ASC_ISSUER_ID }} ASC_PRIVATE_KEY: ${{ secrets.ASC_PRIVATE_KEY }} run: | echo "$ASC_PRIVATE_KEY" > /tmp/authkey.p8 greenlight auth setup <