@daemux/store-automator 0.10.18 → 0.10.20

package/.claude-plugin/marketplace.json

@@ -5,14 +5,14 @@
   },
   "metadata": {
     "description": "App Store & Google Play automation for Flutter apps",
-    "version": "0.10.18"
+    "version": "0.10.20"
   },
   "plugins": [
     {
       "name": "store-automator",
       "source": "./plugins/store-automator",
       "description": "3 agents for app store publishing: reviewer, meta-creator, media-designer",
-      "version": "0.10.18",
+      "version": "0.10.20",
       "keywords": [
         "flutter",
         "app-store",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@daemux/store-automator",
-  "version": "0.10.18",
+  "version": "0.10.20",
   "description": "Full App Store & Google Play automation for Flutter apps with Claude Code agents",
   "type": "module",
   "bin": {

package/plugins/store-automator/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "store-automator",
-  "version": "0.10.18",
+  "version": "0.10.20",
   "description": "App Store & Google Play automation agents for Flutter app publishing",
   "author": {
     "name": "Daemux"

package/plugins/store-automator/agents/appstore-meta-creator.md

@@ -14,7 +14,8 @@ You are a senior ASO (App Store Optimization) specialist and localization expert
 4. TRANSLATE to all other configured languages using parallel sub-agents
 5. SAVE all files to fastlane/metadata/ in the correct directory structure
 6. GENERATE fastlane/app_rating_config.json based on app content analysis
-7. Verify character limits are respected in every language
+7. GENERATE fastlane/data_safety.csv based on app data collection analysis
+8. Verify character limits are respected in every language
 
 ## Files You Create
 
@@ -80,6 +81,47 @@ Analyze the app's content (screens, features, user interactions) and generate a
 
 Apple string values: "NONE", "INFREQUENT_MILD", "FREQUENT_INTENSE". Google string values: "NO", "MILD", "MODERATE", "STRONG".
 
+### Data Safety Config (fastlane/data_safety.csv)
+
+Analyze the app's data collection practices (authentication, messaging, payments, analytics, crash reporting, etc.) and generate a CSV declaring what data is collected, shared, its purpose, and security practices.
+
+**Format:** Two columns -- `question_id` and `response`. Each row maps a question identifier to `true`, `false`, or empty (for optional URL fields). The file is parsed by `scripts/update_data_safety.py` and uploaded via the Google Play Developer API.
+
+**Sections to cover:**
+
+| Section Prefix | Description |
+|---------------|-------------|
+| `DATA_COLLECTED` | Top-level flag, then `DATA_COLLECTED_{CATEGORY}` and `DATA_COLLECTED_{CATEGORY}_{TYPE}` for each data type collected |
+| `DATA_SHARED` | Top-level flag, then `DATA_SHARED_{CATEGORY}` for each category -- set `false` if data is not shared with third parties |
+| `DATA_USAGE_{TYPE}_COLLECTION_PURPOSE_{PURPOSE}` | Purpose of collection per data type (APP_FUNCTIONALITY, ANALYTICS, ACCOUNT_MANAGEMENT, ADVERTISING, FRAUD_PREVENTION, PERSONALIZATION, DEVELOPER_COMMUNICATIONS) |
+| `SECURITY_PRACTICES_DATA_ENCRYPTED_IN_TRANSIT` | Whether all data is encrypted in transit |
+| `SECURITY_PRACTICES_DATA_DELETION_REQUEST` | Whether users can request data deletion |
+| `SECURITY_PRACTICES_DATA_DELETION_REQUEST_URL` | URL for deletion requests (leave response empty if not applicable) |
+
+**Data type categories:** PERSONAL_INFO (NAME, EMAIL, ADDRESS, PHONE), FINANCIAL_INFO (PURCHASE_HISTORY, CREDIT_INFO), LOCATION (APPROXIMATE, PRECISE), MESSAGES (EMAILS, SMS, OTHER_MESSAGES), PHOTOS_AND_VIDEOS, AUDIO, FILES_AND_DOCS, CALENDAR, CONTACTS, APP_ACTIVITY (APP_INTERACTIONS, IN_APP_SEARCH_HISTORY, INSTALLED_APPS, OTHER_USER_GENERATED_CONTENT, OTHER_ACTIONS), APP_INFO_AND_PERFORMANCE (CRASH_LOGS, DIAGNOSTICS, OTHER), DEVICE_OR_OTHER_IDS, HEALTH_AND_FITNESS, WEB_BROWSING.
+
+**Analysis checklist:**
+1. Authentication method -- what personal info is collected (email, name, phone)
+2. Core features -- what user content is generated (messages, photos, files)
+3. Payments/subscriptions -- purchase history, financial info
+4. Analytics SDKs (Firebase Analytics, etc.) -- app interactions, device IDs
+5. Crash reporting (Crashlytics, Sentry, etc.) -- crash logs, diagnostics
+6. Location services -- approximate or precise location
+7. Third-party sharing -- is any collected data shared externally
+8. Security -- encryption in transit, data deletion capability
+
+```csv
+question_id,response
+DATA_COLLECTED,true
+DATA_COLLECTED_PERSONAL_INFO,true
+DATA_COLLECTED_PERSONAL_INFO_EMAIL,true
+DATA_SHARED,false
+DATA_SHARED_PERSONAL_INFO,false
+DATA_USAGE_PERSONAL_INFO_EMAIL_COLLECTION_PURPOSE_ACCOUNT_MANAGEMENT,true
+SECURITY_PRACTICES_DATA_ENCRYPTED_IN_TRANSIT,true
+SECURITY_PRACTICES_DATA_DELETION_REQUEST,true
+```
+
 ## Apple ASO Guidelines
 
 ### Name (name.txt)
@@ -182,6 +224,7 @@ af, am, ar, hy-AM, az-AZ, eu-ES, be, bn-BD, bg, my-MM, ca, zh-HK, zh-CN, zh-TW,
 ```
 fastlane/
   app_rating_config.json
+  data_safety.csv
   metadata/
     ios/
       copyright.txt
@@ -218,6 +261,10 @@ fastlane/
 - copyright.txt has current year
 - Release notes are specific to the actual version changes
 - app_rating_config.json exists with all categories populated (no null values)
+- data_safety.csv exists with header `question_id,response` and covers all collected data types
+- data_safety.csv has matching DATA_SHARED entries for every DATA_COLLECTED category
+- data_safety.csv has DATA_USAGE purpose entries for every collected data type
+- data_safety.csv includes SECURITY_PRACTICES entries for encryption and deletion
 
 ## Output Footer
 

package/templates/CLAUDE.md.template

@@ -49,6 +49,9 @@ name.txt, subtitle.txt, description.txt, keywords.txt, promotional_text.txt, rel
 **Android** (fastlane/metadata/android/{locale}/):
 title.txt, short_description.txt, full_description.txt, changelogs/default.txt
 
+### fastlane/data_safety.csv
+Google Play Data Safety declarations in `question_id,response` CSV format. Declares what data the app collects, shares, its purpose, and security practices. Generated by the appstore-meta-creator agent and uploaded via `scripts/update_data_safety.py`. See `templates/fastlane/data_safety.csv.example` for format reference.
+
 ### fastlane/iap_config.json
 IAP and subscription configuration. Durations: ONE_WEEK to ONE_YEAR. Intro offers: FREE, PAY_AS_YOU_GO, PAY_UP_FRONT.
 

package/templates/fastlane/data_safety.csv.example

@@ -0,0 +1,105 @@
+# Google Play Data Safety CSV
+#
+# This file declares your app's data collection and sharing practices for
+# the Google Play Data Safety section. It is read by scripts/update_data_safety.py
+# and uploaded via the Google Play Developer API.
+#
+# FORMAT:
+#   question_id,response
+#
+# Each row maps a question identifier to a response value.
+# Responses are typically "true" or "false". Leave the response empty
+# for optional fields that do not apply (e.g., a URL field).
+#
+# SECTIONS:
+#   DATA_COLLECTED_*           -- Which data types the app collects
+#   DATA_SHARED_*              -- Which data types are shared with third parties
+#   DATA_USAGE_*               -- Purpose of collection for each data type
+#   SECURITY_PRACTICES_*       -- Encryption, deletion, and other security measures
+#
+# DATA TYPE CATEGORIES (append to DATA_COLLECTED_ or DATA_SHARED_):
+#   PERSONAL_INFO              -- Name, email, address, phone, etc.
+#   PERSONAL_INFO_NAME
+#   PERSONAL_INFO_EMAIL
+#   PERSONAL_INFO_ADDRESS
+#   PERSONAL_INFO_PHONE
+#   FINANCIAL_INFO             -- Payment info, purchase history, etc.
+#   FINANCIAL_INFO_PURCHASE_HISTORY
+#   FINANCIAL_INFO_CREDIT_INFO
+#   LOCATION                   -- Approximate or precise location
+#   LOCATION_APPROXIMATE
+#   LOCATION_PRECISE
+#   WEB_BROWSING               -- Web browsing history
+#   MESSAGES                   -- Emails, SMS, other messages
+#   MESSAGES_EMAILS
+#   MESSAGES_SMS
+#   MESSAGES_OTHER_MESSAGES
+#   PHOTOS_AND_VIDEOS          -- Photos or videos
+#   AUDIO                      -- Voice/sound recordings
+#   FILES_AND_DOCS             -- Files and documents
+#   CALENDAR                   -- Calendar events
+#   CONTACTS                   -- Contact list
+#   APP_ACTIVITY               -- App interactions, search history, etc.
+#   APP_ACTIVITY_APP_INTERACTIONS
+#   APP_ACTIVITY_IN_APP_SEARCH_HISTORY
+#   APP_ACTIVITY_INSTALLED_APPS
+#   APP_ACTIVITY_OTHER_USER_GENERATED_CONTENT
+#   APP_ACTIVITY_OTHER_ACTIONS
+#   APP_INFO_AND_PERFORMANCE   -- Crash logs, diagnostics, other performance data
+#   APP_INFO_AND_PERFORMANCE_CRASH_LOGS
+#   APP_INFO_AND_PERFORMANCE_DIAGNOSTICS
+#   APP_INFO_AND_PERFORMANCE_OTHER
+#   DEVICE_OR_OTHER_IDS        -- Device or other identifiers
+#   HEALTH_AND_FITNESS         -- Health and fitness data
+#
+# COLLECTION PURPOSE SUFFIXES (append to DATA_USAGE_{TYPE}_COLLECTION_PURPOSE_):
+#   APP_FUNCTIONALITY
+#   ANALYTICS
+#   DEVELOPER_COMMUNICATIONS
+#   ADVERTISING
+#   FRAUD_PREVENTION
+#   PERSONALIZATION
+#   ACCOUNT_MANAGEMENT
+#
+# SECURITY PRACTICES:
+#   SECURITY_PRACTICES_DATA_ENCRYPTED_IN_TRANSIT  -- All data encrypted in transit
+#   SECURITY_PRACTICES_DATA_DELETION_REQUEST      -- Users can request data deletion
+#   SECURITY_PRACTICES_DATA_DELETION_REQUEST_URL  -- URL for deletion requests (optional)
+#
+# EXAMPLE: A chat app with Firebase Auth, messaging, purchases, analytics, and crashlytics
+#
+question_id,response
+DATA_COLLECTED,true
+DATA_COLLECTED_PERSONAL_INFO,true
+DATA_COLLECTED_PERSONAL_INFO_NAME,true
+DATA_COLLECTED_PERSONAL_INFO_EMAIL,true
+DATA_COLLECTED_FINANCIAL_INFO,true
+DATA_COLLECTED_FINANCIAL_INFO_PURCHASE_HISTORY,true
+DATA_COLLECTED_MESSAGES,true
+DATA_COLLECTED_MESSAGES_OTHER_MESSAGES,true
+DATA_COLLECTED_APP_ACTIVITY,true
+DATA_COLLECTED_APP_ACTIVITY_APP_INTERACTIONS,true
+DATA_COLLECTED_APP_INFO_AND_PERFORMANCE,true
+DATA_COLLECTED_APP_INFO_AND_PERFORMANCE_CRASH_LOGS,true
+DATA_COLLECTED_APP_INFO_AND_PERFORMANCE_DIAGNOSTICS,true
+DATA_COLLECTED_DEVICE_OR_OTHER_IDS,true
+DATA_SHARED,false
+DATA_SHARED_PERSONAL_INFO,false
+DATA_SHARED_FINANCIAL_INFO,false
+DATA_SHARED_MESSAGES,false
+DATA_SHARED_APP_ACTIVITY,false
+DATA_SHARED_APP_INFO_AND_PERFORMANCE,false
+DATA_SHARED_DEVICE_OR_OTHER_IDS,false
+DATA_USAGE_PERSONAL_INFO_NAME_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_PERSONAL_INFO_NAME_COLLECTION_PURPOSE_ANALYTICS,false
+DATA_USAGE_PERSONAL_INFO_EMAIL_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_PERSONAL_INFO_EMAIL_COLLECTION_PURPOSE_ACCOUNT_MANAGEMENT,true
+DATA_USAGE_FINANCIAL_INFO_PURCHASE_HISTORY_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_MESSAGES_OTHER_MESSAGES_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_APP_ACTIVITY_APP_INTERACTIONS_COLLECTION_PURPOSE_ANALYTICS,true
+DATA_USAGE_APP_INFO_CRASH_LOGS_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_APP_INFO_DIAGNOSTICS_COLLECTION_PURPOSE_APP_FUNCTIONALITY,true
+DATA_USAGE_DEVICE_OR_OTHER_IDS_COLLECTION_PURPOSE_ANALYTICS,true
+SECURITY_PRACTICES_DATA_ENCRYPTED_IN_TRANSIT,true
+SECURITY_PRACTICES_DATA_DELETION_REQUEST,true
+SECURITY_PRACTICES_DATA_DELETION_REQUEST_URL,

package/templates/scripts/ci/android/upload-metadata.sh

@@ -72,7 +72,7 @@ Metadata and screenshots were uploaded by CI but **could not be saved** because
 1. Go to [Google Play Console](https://play.google.com/console) → Select your app
 2. **Dashboard** → Complete all required setup tasks shown in the checklist
 3. **Store listing** → Create your default store listing (title, description, screenshots)
-   - *Note: CI uploaded this data but it was discarded. After completing setup, re-run CI to auto-upload.*
+   - *Copy-paste the values from the **Store Listing** table below, then re-run CI after setup to auto-upload future changes.*
 4. **Content rating** → Complete the content rating questionnaire
 5. **App pricing** → Set pricing and distribution countries
 6. **First release** → Go to **Testing → Internal testing** → Click **Create new release**
@@ -84,8 +84,36 @@ Metadata and screenshots were uploaded by CI but **could not be saved** because
 All subsequent CI runs will automatically upload metadata, screenshots, and new builds without manual intervention. Re-trigger the CI workflow after completing the steps above.
 SUMMARY
 
-      # --- Append app URLs table (read from metadata files) ---
+      # --- Append store listing table (read from metadata files) ---
       META_DIR="$PROJECT_ROOT/fastlane/metadata/en-US"
+      _app_name="" _short_desc="" _full_desc=""
+      [ -s "$META_DIR/title.txt" ] && _app_name=$(cat "$META_DIR/title.txt")
+      [ -s "$META_DIR/short_description.txt" ] && _short_desc=$(cat "$META_DIR/short_description.txt")
+      [ -s "$META_DIR/full_description.txt" ] && _full_desc=$(cat "$META_DIR/full_description.txt")
+
+      if [ -n "$_app_name" ] || [ -n "$_short_desc" ] || [ -n "$_full_desc" ]; then
+        {
+          echo ""
+          echo "### Store Listing (copy-paste into Google Play Console)"
+          echo ""
+          if [ -n "$_app_name" ] || [ -n "$_short_desc" ]; then
+            echo "| Field | Value |"
+            echo "|-------|-------|"
+            [ -n "$_app_name" ] && echo "| App Name (max 30 chars) | \`$_app_name\` |"
+            [ -n "$_short_desc" ] && echo "| Short description (max 80 chars) | \`$_short_desc\` |"
+          fi
+          if [ -n "$_full_desc" ]; then
+            echo ""
+            echo "**Full description** (max 4000 chars):"
+            echo ""
+            echo "~~~"
+            echo "$_full_desc"
+            echo "~~~"
+          fi
+        } >> "$GITHUB_STEP_SUMMARY"
+      fi
+
+      # --- Append app URLs table (read from metadata files) ---
       _privacy_url="" _support_url="" _marketing_url="" _support_email=""
       [ -s "$META_DIR/privacy_url.txt" ] && _privacy_url=$(cat "$META_DIR/privacy_url.txt")
       [ -s "$META_DIR/support_url.txt" ] && _support_url=$(cat "$META_DIR/support_url.txt")