@mmerterden/multi-agent-pipeline 8.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (817) hide show
  1. package/CHANGELOG.md +2623 -0
  2. package/LICENSE +21 -0
  3. package/README.md +852 -0
  4. package/docs/FIGMA_PIPELINE.md +138 -0
  5. package/docs/GENERICITY-REVIEW.md +277 -0
  6. package/docs/STABILITY-FIX-PLAN.md +168 -0
  7. package/docs/adr/0001-three-model-triage.md +81 -0
  8. package/docs/adr/0002-instruction-driven-flag.md +62 -0
  9. package/docs/adr/0003-unified-shared-skills.md +55 -0
  10. package/docs/adr/0004-zero-dependency-philosophy.md +60 -0
  11. package/docs/adr/0005-lazy-phase-docs.md +68 -0
  12. package/docs/adr/0006-skills-core-external-split.md +52 -0
  13. package/docs/adr/0007-multi-tool-adapter-framework.md +110 -0
  14. package/docs/adr/0008-installer-modularization-and-secret-leak-defense.md +98 -0
  15. package/docs/adr/README.md +33 -0
  16. package/docs/architecture.md +181 -0
  17. package/docs/best-practices.md +93 -0
  18. package/docs/features.md +274 -0
  19. package/docs/performance.md +116 -0
  20. package/docs/recovery-guide.md +479 -0
  21. package/index.js +76 -0
  22. package/install/_adapters.mjs +69 -0
  23. package/install/_common.mjs +150 -0
  24. package/install/_copilot-instructions.mjs +32 -0
  25. package/install/_dev-only-files.mjs +23 -0
  26. package/install/_platform-filter.mjs +132 -0
  27. package/install/_telemetry.mjs +79 -0
  28. package/install/claude.mjs +332 -0
  29. package/install/copilot.mjs +254 -0
  30. package/install/index.mjs +179 -0
  31. package/install/templates/copilot-instructions.md +319 -0
  32. package/install.js +24 -0
  33. package/package.json +78 -0
  34. package/pipeline/adapters/_base.mjs +288 -0
  35. package/pipeline/adapters/copilot-chat.mjs +158 -0
  36. package/pipeline/adapters/cursor.mjs +187 -0
  37. package/pipeline/agents/android-architect.md +42 -0
  38. package/pipeline/agents/backend-architect.md +43 -0
  39. package/pipeline/agents/code-reviewer.md +57 -0
  40. package/pipeline/agents/dev-critic.md +148 -0
  41. package/pipeline/agents/explorer.md +34 -0
  42. package/pipeline/agents/ios-architect.md +41 -0
  43. package/pipeline/agents/security-auditor.md +98 -0
  44. package/pipeline/agents/task-clarifier.md +113 -0
  45. package/pipeline/claude-md-template.md +55 -0
  46. package/pipeline/commands/archive-guard.md +45 -0
  47. package/pipeline/commands/deploy.md +54 -0
  48. package/pipeline/commands/figma-to-swiftui.md +295 -0
  49. package/pipeline/commands/multi-agent/_account-picker.md +90 -0
  50. package/pipeline/commands/multi-agent/_dev-context.md +111 -0
  51. package/pipeline/commands/multi-agent/_input-parser.md +43 -0
  52. package/pipeline/commands/multi-agent/_repo-picker.md +76 -0
  53. package/pipeline/commands/multi-agent/autopilot.md +116 -0
  54. package/pipeline/commands/multi-agent/channels.md +465 -0
  55. package/pipeline/commands/multi-agent/delete.md +66 -0
  56. package/pipeline/commands/multi-agent/dev-autopilot.md +120 -0
  57. package/pipeline/commands/multi-agent/dev-local-autopilot.md +110 -0
  58. package/pipeline/commands/multi-agent/dev-local.md +105 -0
  59. package/pipeline/commands/multi-agent/dev.md +246 -0
  60. package/pipeline/commands/multi-agent/diff-explain.md +68 -0
  61. package/pipeline/commands/multi-agent/help.md +422 -0
  62. package/pipeline/commands/multi-agent/issue.md +79 -0
  63. package/pipeline/commands/multi-agent/jira.md +132 -0
  64. package/pipeline/commands/multi-agent/kill.md +38 -0
  65. package/pipeline/commands/multi-agent/language.md +94 -0
  66. package/pipeline/commands/multi-agent/local-autopilot.md +139 -0
  67. package/pipeline/commands/multi-agent/local.md +117 -0
  68. package/pipeline/commands/multi-agent/log.md +25 -0
  69. package/pipeline/commands/multi-agent/manual-test.md +43 -0
  70. package/pipeline/commands/multi-agent/purge.md +39 -0
  71. package/pipeline/commands/multi-agent/refactor.md +188 -0
  72. package/pipeline/commands/multi-agent/refs/android-guide.md +250 -0
  73. package/pipeline/commands/multi-agent/refs/audit-guide.md +240 -0
  74. package/pipeline/commands/multi-agent/refs/backend-guide.md +135 -0
  75. package/pipeline/commands/multi-agent/refs/channels/confluence.md +153 -0
  76. package/pipeline/commands/multi-agent/refs/channels/issue-comment.md +141 -0
  77. package/pipeline/commands/multi-agent/refs/channels/jira.md +127 -0
  78. package/pipeline/commands/multi-agent/refs/channels/pr-review-actions.md +135 -0
  79. package/pipeline/commands/multi-agent/refs/channels/pr.md +139 -0
  80. package/pipeline/commands/multi-agent/refs/channels/wiki.md +66 -0
  81. package/pipeline/commands/multi-agent/refs/component-dispatch.md +92 -0
  82. package/pipeline/commands/multi-agent/refs/cross-cli-contract.md +326 -0
  83. package/pipeline/commands/multi-agent/refs/frontend-guide.md +136 -0
  84. package/pipeline/commands/multi-agent/refs/issue-jira-triad.md +104 -0
  85. package/pipeline/commands/multi-agent/refs/keychain.md +80 -0
  86. package/pipeline/commands/multi-agent/refs/knowledge.md +112 -0
  87. package/pipeline/commands/multi-agent/refs/multi-repo-integration-build.md +207 -0
  88. package/pipeline/commands/multi-agent/refs/phases/log-format.md +89 -0
  89. package/pipeline/commands/multi-agent/refs/phases/modes.md +156 -0
  90. package/pipeline/commands/multi-agent/refs/phases/operations.md +91 -0
  91. package/pipeline/commands/multi-agent/refs/phases/phase-0-init.md +481 -0
  92. package/pipeline/commands/multi-agent/refs/phases/phase-1-analysis.md +264 -0
  93. package/pipeline/commands/multi-agent/refs/phases/phase-2-planning.md +278 -0
  94. package/pipeline/commands/multi-agent/refs/phases/phase-3-dev.md +364 -0
  95. package/pipeline/commands/multi-agent/refs/phases/phase-4-review.md +378 -0
  96. package/pipeline/commands/multi-agent/refs/phases/phase-5-test.md +129 -0
  97. package/pipeline/commands/multi-agent/refs/phases/phase-6-commit.md +339 -0
  98. package/pipeline/commands/multi-agent/refs/phases/phase-7-report.md +361 -0
  99. package/pipeline/commands/multi-agent/refs/phases.md +187 -0
  100. package/pipeline/commands/multi-agent/refs/progress-contract.md +155 -0
  101. package/pipeline/commands/multi-agent/refs/rules.md +189 -0
  102. package/pipeline/commands/multi-agent/refs/swiftui-guide.md +254 -0
  103. package/pipeline/commands/multi-agent/refs/tracker-contract.md +256 -0
  104. package/pipeline/commands/multi-agent/refs/wiki-capture.md +109 -0
  105. package/pipeline/commands/multi-agent/resume.md +28 -0
  106. package/pipeline/commands/multi-agent/review.md +228 -0
  107. package/pipeline/commands/multi-agent/scan.md +74 -0
  108. package/pipeline/commands/multi-agent/search.md +97 -0
  109. package/pipeline/commands/multi-agent/setup.md +767 -0
  110. package/pipeline/commands/multi-agent/stack.md +48 -0
  111. package/pipeline/commands/multi-agent/status.md +38 -0
  112. package/pipeline/commands/multi-agent/sync.md +319 -0
  113. package/pipeline/commands/multi-agent/test.md +39 -0
  114. package/pipeline/commands/multi-agent/update.md +88 -0
  115. package/pipeline/commands/multi-agent.md +293 -0
  116. package/pipeline/commands/security-review.md +6 -0
  117. package/pipeline/commands/sim-test.md +256 -0
  118. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-1-analysis.json +25 -0
  119. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-2-plan.json +30 -0
  120. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-review.json +20 -0
  121. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-triage.json +15 -0
  122. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/metadata.json +14 -0
  123. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/task.json +12 -0
  124. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-1-analysis.json +29 -0
  125. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-2-plan.json +43 -0
  126. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-review.json +35 -0
  127. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-triage.json +35 -0
  128. package/pipeline/eval/golden-tasks/02-android-feature-compose/metadata.json +14 -0
  129. package/pipeline/eval/golden-tasks/02-android-feature-compose/task.json +12 -0
  130. package/pipeline/eval/golden-tasks/README.md +65 -0
  131. package/pipeline/eval/triage/01-empty-findings/expected.json +6 -0
  132. package/pipeline/eval/triage/01-empty-findings/input.json +5 -0
  133. package/pipeline/eval/triage/01-empty-findings/notes.md +7 -0
  134. package/pipeline/eval/triage/02-real-blocker/expected.json +15 -0
  135. package/pipeline/eval/triage/02-real-blocker/input.json +14 -0
  136. package/pipeline/eval/triage/02-real-blocker/notes.md +7 -0
  137. package/pipeline/eval/triage/03-out-of-scope-defer/expected.json +18 -0
  138. package/pipeline/eval/triage/03-out-of-scope-defer/input.json +14 -0
  139. package/pipeline/eval/triage/03-out-of-scope-defer/notes.md +10 -0
  140. package/pipeline/eval/triage/04-false-positive-reject/expected.json +18 -0
  141. package/pipeline/eval/triage/04-false-positive-reject/input.json +14 -0
  142. package/pipeline/eval/triage/04-false-positive-reject/notes.md +10 -0
  143. package/pipeline/eval/triage/05-mixed-classification/expected.json +43 -0
  144. package/pipeline/eval/triage/05-mixed-classification/input.json +38 -0
  145. package/pipeline/eval/triage/05-mixed-classification/notes.md +17 -0
  146. package/pipeline/eval/triage/06-severity-mismatch/expected.json +15 -0
  147. package/pipeline/eval/triage/06-severity-mismatch/input.json +14 -0
  148. package/pipeline/eval/triage/06-severity-mismatch/notes.md +9 -0
  149. package/pipeline/eval/triage/07-duplicate-reviewers/expected.json +27 -0
  150. package/pipeline/eval/triage/07-duplicate-reviewers/input.json +22 -0
  151. package/pipeline/eval/triage/07-duplicate-reviewers/notes.md +9 -0
  152. package/pipeline/eval/triage/08-style-misclassified/expected.json +18 -0
  153. package/pipeline/eval/triage/08-style-misclassified/input.json +14 -0
  154. package/pipeline/eval/triage/08-style-misclassified/notes.md +9 -0
  155. package/pipeline/eval/triage/09-cascading-finding/expected.json +23 -0
  156. package/pipeline/eval/triage/09-cascading-finding/input.json +22 -0
  157. package/pipeline/eval/triage/09-cascading-finding/notes.md +9 -0
  158. package/pipeline/eval/triage/10-deferred-crossref/expected.json +18 -0
  159. package/pipeline/eval/triage/10-deferred-crossref/input.json +14 -0
  160. package/pipeline/eval/triage/10-deferred-crossref/notes.md +9 -0
  161. package/pipeline/eval/triage/11-vercel-token-leak-blocker/expected.json +27 -0
  162. package/pipeline/eval/triage/11-vercel-token-leak-blocker/input.json +22 -0
  163. package/pipeline/eval/triage/11-vercel-token-leak-blocker/notes.md +14 -0
  164. package/pipeline/eval/triage/README.md +54 -0
  165. package/pipeline/lib/account-resolver.sh +204 -0
  166. package/pipeline/lib/channels-multi-repo.sh +218 -0
  167. package/pipeline/lib/context-link-extractor.sh +192 -0
  168. package/pipeline/lib/credential-store-resolver.sh +57 -0
  169. package/pipeline/lib/credential-store.sh +226 -0
  170. package/pipeline/lib/fetch-confluence.sh +358 -0
  171. package/pipeline/lib/fetch-crashlytics.sh +314 -0
  172. package/pipeline/lib/fetch-fortify.sh +321 -0
  173. package/pipeline/lib/fetch-swagger.sh +270 -0
  174. package/pipeline/lib/issue-fetcher.sh +333 -0
  175. package/pipeline/lib/multi-repo-pipeline.sh +252 -0
  176. package/pipeline/lib/plan-todos.sh +284 -0
  177. package/pipeline/lib/post-pr-review.sh +374 -0
  178. package/pipeline/lib/repo-cache.sh +231 -0
  179. package/pipeline/lib/review-watch.sh +244 -0
  180. package/pipeline/lib/shadow-git.sh +222 -0
  181. package/pipeline/lib/submodule-detector.sh +177 -0
  182. package/pipeline/lib/vercel-deploy.sh +170 -0
  183. package/pipeline/preferences-template.json +132 -0
  184. package/pipeline/rules/app-store-guidelines.md +59 -0
  185. package/pipeline/rules/code-review.md +27 -0
  186. package/pipeline/rules/code-style.md +37 -0
  187. package/pipeline/rules/debugging.md +24 -0
  188. package/pipeline/rules/figma-pipeline.md +190 -0
  189. package/pipeline/rules/git-conventions.md +29 -0
  190. package/pipeline/rules/kotlin-android.md +92 -0
  191. package/pipeline/rules/performance.md +23 -0
  192. package/pipeline/rules/security.md +39 -0
  193. package/pipeline/rules/swiftui-qa.md +32 -0
  194. package/pipeline/rules/tdd.md +25 -0
  195. package/pipeline/rules/testing.md +37 -0
  196. package/pipeline/schemas/agent-state.schema.json +273 -0
  197. package/pipeline/schemas/analysis-output.schema.json +59 -0
  198. package/pipeline/schemas/clarify-output.schema.json +74 -0
  199. package/pipeline/schemas/dev-critic-output.schema.json +104 -0
  200. package/pipeline/schemas/diff-risk.schema.json +78 -0
  201. package/pipeline/schemas/figma-project-config.schema.json +372 -0
  202. package/pipeline/schemas/migrations/README.md +73 -0
  203. package/pipeline/schemas/migrations/figma-config-1.0.0-to-2.0.0.mjs +112 -0
  204. package/pipeline/schemas/migrations/prefs-2.0.0-to-2.1.0.mjs +75 -0
  205. package/pipeline/schemas/migrations/prefs-2.1.0-to-2.2.0.mjs +64 -0
  206. package/pipeline/schemas/migrations/prefs-2.2.0-to-2.3.0.mjs +36 -0
  207. package/pipeline/schemas/migrations/state-2.0.0-to-2.1.0.mjs +34 -0
  208. package/pipeline/schemas/plan-todos.schema.json +62 -0
  209. package/pipeline/schemas/planning-output.schema.json +57 -0
  210. package/pipeline/schemas/prefs.schema.json +1137 -0
  211. package/pipeline/schemas/reviewer-output.schema.json +55 -0
  212. package/pipeline/schemas/test-gap.schema.json +64 -0
  213. package/pipeline/schemas/token-budget.json +17 -0
  214. package/pipeline/schemas/triage-corpus.schema.json +31 -0
  215. package/pipeline/schemas/triage-output.schema.json +115 -0
  216. package/pipeline/scripts/.last-figma-sync-plan.json +23 -0
  217. package/pipeline/scripts/README-figma-smokes.md +34 -0
  218. package/pipeline/scripts/README.md +104 -0
  219. package/pipeline/scripts/aggregate-metrics.mjs +310 -0
  220. package/pipeline/scripts/audit-log-rotate.sh +61 -0
  221. package/pipeline/scripts/audit-log.sh +69 -0
  222. package/pipeline/scripts/benchmark-phase-0.sh +128 -0
  223. package/pipeline/scripts/build-skills-index.mjs +139 -0
  224. package/pipeline/scripts/classify-plan-safety.mjs +177 -0
  225. package/pipeline/scripts/cost-table.json +27 -0
  226. package/pipeline/scripts/diff-explain.mjs +276 -0
  227. package/pipeline/scripts/diff-risk-score.mjs +328 -0
  228. package/pipeline/scripts/eval-golden-tasks-live.mjs +294 -0
  229. package/pipeline/scripts/eval-golden-tasks.mjs +223 -0
  230. package/pipeline/scripts/eval-triage.mjs +171 -0
  231. package/pipeline/scripts/figma-placeholder-map.json +191 -0
  232. package/pipeline/scripts/fixtures/diff-risk-android.diff +40 -0
  233. package/pipeline/scripts/fixtures/diff-risk-ios.diff +48 -0
  234. package/pipeline/scripts/fixtures/install-layout.tsv +16 -0
  235. package/pipeline/scripts/fixtures/test-gap-node.diff +30 -0
  236. package/pipeline/scripts/fixtures/test-gap-python.diff +32 -0
  237. package/pipeline/scripts/gen-mode-dispatch.mjs +170 -0
  238. package/pipeline/scripts/gen-skills-index.mjs +90 -0
  239. package/pipeline/scripts/github-ssh-setup.sh +103 -0
  240. package/pipeline/scripts/import-figma-skills.sh +253 -0
  241. package/pipeline/scripts/keychain-save.sh +74 -0
  242. package/pipeline/scripts/keychain.py +294 -0
  243. package/pipeline/scripts/log-metric.sh +98 -0
  244. package/pipeline/scripts/match-skills.mjs +167 -0
  245. package/pipeline/scripts/memory-load.sh +46 -0
  246. package/pipeline/scripts/memory-save.sh +76 -0
  247. package/pipeline/scripts/migrate-prefs.mjs +390 -0
  248. package/pipeline/scripts/migrate-state.mjs +215 -0
  249. package/pipeline/scripts/output-quality-check.sh +125 -0
  250. package/pipeline/scripts/phase-banner.sh +158 -0
  251. package/pipeline/scripts/phase-tracker.sh +548 -0
  252. package/pipeline/scripts/pre-commit-check.sh +69 -0
  253. package/pipeline/scripts/pre-push-check.sh +77 -0
  254. package/pipeline/scripts/render-agent-log-cost.sh +149 -0
  255. package/pipeline/scripts/render-cost-summary.sh +137 -0
  256. package/pipeline/scripts/render-work-summary.sh +195 -0
  257. package/pipeline/scripts/repo-map.mjs +367 -0
  258. package/pipeline/scripts/run-aggregator.mjs +298 -0
  259. package/pipeline/scripts/scan-skills.sh +332 -0
  260. package/pipeline/scripts/search-logs.sh +291 -0
  261. package/pipeline/scripts/sign-skills.sh +67 -0
  262. package/pipeline/scripts/smoke-adapters.sh +207 -0
  263. package/pipeline/scripts/smoke-add-detail.sh +137 -0
  264. package/pipeline/scripts/smoke-agent-log-cost.sh +183 -0
  265. package/pipeline/scripts/smoke-agent-model-routing.sh +87 -0
  266. package/pipeline/scripts/smoke-bitbucket-contract.sh +223 -0
  267. package/pipeline/scripts/smoke-channels-flow.sh +130 -0
  268. package/pipeline/scripts/smoke-ci-workflows.sh +88 -0
  269. package/pipeline/scripts/smoke-clarify.sh +148 -0
  270. package/pipeline/scripts/smoke-commands-skills-parity.sh +87 -0
  271. package/pipeline/scripts/smoke-compliance-skills.sh +119 -0
  272. package/pipeline/scripts/smoke-cost-summary.sh +139 -0
  273. package/pipeline/scripts/smoke-cross-cli-behavior.sh +198 -0
  274. package/pipeline/scripts/smoke-cross-phase-cohesion.sh +128 -0
  275. package/pipeline/scripts/smoke-delete-flow.sh +151 -0
  276. package/pipeline/scripts/smoke-dev-critic.sh +144 -0
  277. package/pipeline/scripts/smoke-diff-explain.sh +128 -0
  278. package/pipeline/scripts/smoke-diff-risk.sh +161 -0
  279. package/pipeline/scripts/smoke-dynamic-skill-loading.sh +160 -0
  280. package/pipeline/scripts/smoke-eval-live.sh +136 -0
  281. package/pipeline/scripts/smoke-existing-discovery-gate.sh +71 -0
  282. package/pipeline/scripts/smoke-figma-android-parity.sh +148 -0
  283. package/pipeline/scripts/smoke-figma-config-schema.sh +144 -0
  284. package/pipeline/scripts/smoke-figma-credential-store.sh +105 -0
  285. package/pipeline/scripts/smoke-figma-cross-cli-inventory.sh +177 -0
  286. package/pipeline/scripts/smoke-figma-dispatch.sh +123 -0
  287. package/pipeline/scripts/smoke-figma-skill-import.sh +174 -0
  288. package/pipeline/scripts/smoke-figma-sync.sh +149 -0
  289. package/pipeline/scripts/smoke-identity-isolation.sh +70 -0
  290. package/pipeline/scripts/smoke-install-layout.sh +241 -0
  291. package/pipeline/scripts/smoke-install-leak-gate.sh +125 -0
  292. package/pipeline/scripts/smoke-issue-comment-template.sh +86 -0
  293. package/pipeline/scripts/smoke-issue-jira-triad.sh +120 -0
  294. package/pipeline/scripts/smoke-keychain.sh +158 -0
  295. package/pipeline/scripts/smoke-language-axis.sh +109 -0
  296. package/pipeline/scripts/smoke-lib-scripts.sh +395 -0
  297. package/pipeline/scripts/smoke-migrate-state.sh +102 -0
  298. package/pipeline/scripts/smoke-mode-dispatch-drift.sh +158 -0
  299. package/pipeline/scripts/smoke-multi-repo-integration.sh +116 -0
  300. package/pipeline/scripts/smoke-multi-repo-worktree.sh +61 -0
  301. package/pipeline/scripts/smoke-no-token-prompt.sh +69 -0
  302. package/pipeline/scripts/smoke-pat-audit.sh +107 -0
  303. package/pipeline/scripts/smoke-per-repo-memory.sh +156 -0
  304. package/pipeline/scripts/smoke-personal-data.sh +82 -0
  305. package/pipeline/scripts/smoke-phase-0-multi-repo.sh +170 -0
  306. package/pipeline/scripts/smoke-phase-6-multi.sh +79 -0
  307. package/pipeline/scripts/smoke-phase-banner.sh +101 -0
  308. package/pipeline/scripts/smoke-phase-tracker.sh +255 -0
  309. package/pipeline/scripts/smoke-phase0-bridge-contract.sh +241 -0
  310. package/pipeline/scripts/smoke-phase4-triage.sh +142 -0
  311. package/pipeline/scripts/smoke-plan-approval-gate.sh +71 -0
  312. package/pipeline/scripts/smoke-plan-safety.sh +139 -0
  313. package/pipeline/scripts/smoke-plan-todos.sh +193 -0
  314. package/pipeline/scripts/smoke-pr-review-actions.sh +152 -0
  315. package/pipeline/scripts/smoke-pre-commit.sh +138 -0
  316. package/pipeline/scripts/smoke-pref-migration.sh +224 -0
  317. package/pipeline/scripts/smoke-prefs-language.sh +134 -0
  318. package/pipeline/scripts/smoke-progress-contract.sh +118 -0
  319. package/pipeline/scripts/smoke-push-retry.sh +75 -0
  320. package/pipeline/scripts/smoke-readme-counts.sh +120 -0
  321. package/pipeline/scripts/smoke-repo-map.sh +300 -0
  322. package/pipeline/scripts/smoke-review-watch.sh +134 -0
  323. package/pipeline/scripts/smoke-run-aggregator.sh +216 -0
  324. package/pipeline/scripts/smoke-schema-validation.sh +173 -0
  325. package/pipeline/scripts/smoke-search.sh +187 -0
  326. package/pipeline/scripts/smoke-shadow-git.sh +175 -0
  327. package/pipeline/scripts/smoke-skill-authoring.sh +142 -0
  328. package/pipeline/scripts/smoke-skill-language.sh +83 -0
  329. package/pipeline/scripts/smoke-skill-manifest.sh +138 -0
  330. package/pipeline/scripts/smoke-skill-scan.sh +198 -0
  331. package/pipeline/scripts/smoke-stack-swap.sh +132 -0
  332. package/pipeline/scripts/smoke-subagent-validators.sh +105 -0
  333. package/pipeline/scripts/smoke-sync-delegation.sh +74 -0
  334. package/pipeline/scripts/smoke-sync-parity.sh +92 -0
  335. package/pipeline/scripts/smoke-tasklist-ordering.sh +111 -0
  336. package/pipeline/scripts/smoke-telemetry.sh +147 -0
  337. package/pipeline/scripts/smoke-test-gap.sh +183 -0
  338. package/pipeline/scripts/smoke-token-budget.sh +67 -0
  339. package/pipeline/scripts/smoke-tracker-contract.sh +129 -0
  340. package/pipeline/scripts/smoke-tracker-tokens-invocation.sh +65 -0
  341. package/pipeline/scripts/smoke-triage-memory.sh +174 -0
  342. package/pipeline/scripts/smoke-url-enrichment.sh +70 -0
  343. package/pipeline/scripts/smoke-validator-contradiction.sh +67 -0
  344. package/pipeline/scripts/smoke-vercel-deploy-redact.sh +129 -0
  345. package/pipeline/scripts/smoke-wiki-integration.sh +146 -0
  346. package/pipeline/scripts/smoke-work-summary.sh +163 -0
  347. package/pipeline/scripts/smoke-worktree-path-convention.sh +86 -0
  348. package/pipeline/scripts/smoke-write-state.sh +115 -0
  349. package/pipeline/scripts/stack-swap.sh +182 -0
  350. package/pipeline/scripts/sync-figma-source.sh +228 -0
  351. package/pipeline/scripts/sync-parity-check.sh +135 -0
  352. package/pipeline/scripts/test-gap-rules/android.json +25 -0
  353. package/pipeline/scripts/test-gap-rules/ios.json +29 -0
  354. package/pipeline/scripts/test-gap-rules/node.json +17 -0
  355. package/pipeline/scripts/test-gap-rules/python.json +19 -0
  356. package/pipeline/scripts/test-gap-scan.mjs +343 -0
  357. package/pipeline/scripts/token-budget-report.mjs +145 -0
  358. package/pipeline/scripts/triage-memory.mjs +258 -0
  359. package/pipeline/scripts/ui-tree-dumper.swift +122 -0
  360. package/pipeline/scripts/uninstall.mjs +331 -0
  361. package/pipeline/scripts/update-issue-progress.sh +146 -0
  362. package/pipeline/scripts/validate-analysis.mjs +132 -0
  363. package/pipeline/scripts/validate-diff-risk.mjs +117 -0
  364. package/pipeline/scripts/validate-planning.mjs +180 -0
  365. package/pipeline/scripts/validate-reviewer.mjs +131 -0
  366. package/pipeline/scripts/validate-schemas.mjs +88 -0
  367. package/pipeline/scripts/validate-test-gap.mjs +90 -0
  368. package/pipeline/scripts/validate-triage.mjs +175 -0
  369. package/pipeline/scripts/verify-skills.sh +126 -0
  370. package/pipeline/scripts/write-state.mjs +175 -0
  371. package/pipeline/skills/.skill-manifest.json +779 -0
  372. package/pipeline/skills/.skills-index.json +1771 -0
  373. package/pipeline/skills/figma-android/README.md +36 -0
  374. package/pipeline/skills/figma-android/figma-component-code-connect/SKILL.md +62 -0
  375. package/pipeline/skills/figma-android/figma-component-implement/SKILL.md +158 -0
  376. package/pipeline/skills/figma-android/figma-component-test/SKILL.md +120 -0
  377. package/pipeline/skills/figma-android/figma-component-wiki/SKILL.md +35 -0
  378. package/pipeline/skills/figma-android/figma-to-component/SKILL.md +124 -0
  379. package/pipeline/skills/figma-common/README.md +57 -0
  380. package/pipeline/skills/figma-common/figma-cli-iterate/SKILL.md +277 -0
  381. package/pipeline/skills/figma-common/figma-cli-iterate-mend/SKILL.md +498 -0
  382. package/pipeline/skills/figma-common/figma-cli-lean-iterate/SKILL.md +283 -0
  383. package/pipeline/skills/figma-common/figma-cli-skip/SKILL.md +362 -0
  384. package/pipeline/skills/figma-common/figma-commit/COMMON_REBASE.md +206 -0
  385. package/pipeline/skills/figma-common/figma-commit/REVIEW.md +337 -0
  386. package/pipeline/skills/figma-common/figma-commit/SKILL.md +211 -0
  387. package/pipeline/skills/figma-common/figma-component-confluence-sync/SKILL.md +218 -0
  388. package/pipeline/skills/figma-common/figma-component-start/SKILL.md +246 -0
  389. package/pipeline/skills/figma-common/figma-component-status-update/SKILL.md +73 -0
  390. package/pipeline/skills/figma-common/figma-fix/SKILL.md +316 -0
  391. package/pipeline/skills/figma-common/figma-form-integration/SKILL.md +542 -0
  392. package/pipeline/skills/figma-common/figma-issue/SKILL.md +745 -0
  393. package/pipeline/skills/figma-common/figma-iterate/SKILL.md +203 -0
  394. package/pipeline/skills/figma-common/figma-iteration-commit/SKILL.md +1015 -0
  395. package/pipeline/skills/figma-common/figma-mend/SKILL.md +331 -0
  396. package/pipeline/skills/figma-common/figma-price-integration/SKILL.md +398 -0
  397. package/pipeline/skills/figma-common/figma-remote-mcp-auth/SKILL.md +104 -0
  398. package/pipeline/skills/figma-common/figma-review/SKILL.md +395 -0
  399. package/pipeline/skills/figma-common/figma-setup/SKILL.md +514 -0
  400. package/pipeline/skills/figma-common/figma-setup/scripts/fetch-mcp-token.py +592 -0
  401. package/pipeline/skills/figma-common/figma-skip/SKILL.md +129 -0
  402. package/pipeline/skills/figma-common/figma-ui-patterns/SKILL.md +104 -0
  403. package/pipeline/skills/figma-common/figma-utility/SKILL.md +274 -0
  404. package/pipeline/skills/figma-common/figma-utility/scripts/figma-utility.py +808 -0
  405. package/pipeline/skills/figma-common/figma-validate/SKILL.md +633 -0
  406. package/pipeline/skills/figma-common/performance-iteration-commit-all/SKILL.md +711 -0
  407. package/pipeline/skills/figma-common/performance-review-next/SKILL.md +233 -0
  408. package/pipeline/skills/figma-common/performance-start/SKILL.md +425 -0
  409. package/pipeline/skills/figma-common/performance-swiftui/SKILL.md +706 -0
  410. package/pipeline/skills/figma-common/performance-tour/SKILL.md +418 -0
  411. package/pipeline/skills/figma-ios/REVIEW_CHECKLIST.md +67 -0
  412. package/pipeline/skills/figma-ios/figma-component-code-connect/SKILL.md +178 -0
  413. package/pipeline/skills/figma-ios/figma-component-implement/SKILL.md +184 -0
  414. package/pipeline/skills/figma-ios/figma-component-test/SKILL.md +219 -0
  415. package/pipeline/skills/figma-ios/figma-component-wiki/SKILL.md +274 -0
  416. package/pipeline/skills/figma-ios/figma-to-component/SKILL.md +401 -0
  417. package/pipeline/skills/figma-ios/figma-to-component/halt-return-protocol.md +57 -0
  418. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-0-init.md +307 -0
  419. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1-gathering.md +119 -0
  420. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1.5-existing-discovery.md +174 -0
  421. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2-orchestrator.md +333 -0
  422. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2a-testing-identifiers.md +368 -0
  423. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2b-localization.md +393 -0
  424. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2c-accessibility.md +617 -0
  425. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2d-analytics.md +352 -0
  426. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3-orchestrator.md +337 -0
  427. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3a-location.md +206 -0
  428. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3b-tokens.md +235 -0
  429. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3c-nested.md +214 -0
  430. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3d-patterns.md +871 -0
  431. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3e-assets.md +156 -0
  432. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3f-utilities.md +175 -0
  433. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3g-property-coverage.md +176 -0
  434. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3h-variant-config.md +333 -0
  435. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4-orchestrator.md +412 -0
  436. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4a-configuration.md +336 -0
  437. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4b-view.md +695 -0
  438. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4c-documentation.md +332 -0
  439. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4d-preview.md +380 -0
  440. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4e-modifiers.md +262 -0
  441. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5-orchestrator.md +482 -0
  442. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5a-viewinspector.md +274 -0
  443. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5b-snapshot.md +636 -0
  444. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5c-unit.md +142 -0
  445. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-6-code-connect.md +547 -0
  446. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7-wiki.md +39 -0
  447. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-confluence-generate.md +659 -0
  448. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-wiki-generate.md +580 -0
  449. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-8-cleanup.md +51 -0
  450. package/pipeline/skills/figma-ios/figma-to-component/reference/accessibility.md +129 -0
  451. package/pipeline/skills/figma-ios/figma-to-component/reference/analytics-events.md +64 -0
  452. package/pipeline/skills/figma-ios/figma-to-component/reference/code-connect.md +531 -0
  453. package/pipeline/skills/figma-ios/figma-to-component/reference/confluence-api.md +89 -0
  454. package/pipeline/skills/figma-ios/figma-to-component/reference/confluence-xhtml.md +155 -0
  455. package/pipeline/skills/figma-ios/figma-to-component/reference/figma-to-swiftui-effects.md +196 -0
  456. package/pipeline/skills/figma-ios/figma-to-component/reference/halt-return-protocol.md +57 -0
  457. package/pipeline/skills/figma-ios/figma-to-component/reference/localization-naming.md +89 -0
  458. package/pipeline/skills/figma-ios/figma-to-component/reference/macros.md +227 -0
  459. package/pipeline/skills/figma-ios/figma-to-component/reference/missing-tokens.md +157 -0
  460. package/pipeline/skills/figma-ios/figma-to-component/reference/orchestrator-discipline.md +90 -0
  461. package/pipeline/skills/figma-ios/figma-to-component/reference/registry.md +116 -0
  462. package/pipeline/skills/figma-ios/figma-to-component/reference/remote-mcp-script.md +153 -0
  463. package/pipeline/skills/figma-ios/figma-to-component/reference/rest-api-script.md +130 -0
  464. package/pipeline/skills/figma-ios/figma-to-component/reference/scripts-inventory.md +218 -0
  465. package/pipeline/skills/figma-ios/figma-to-component/reference/snapshot-testing.md +188 -0
  466. package/pipeline/skills/figma-ios/figma-to-component/reference/subcomponent-graph.md +93 -0
  467. package/pipeline/skills/figma-ios/figma-to-component/reference/testing-identifiers-naming.md +98 -0
  468. package/pipeline/skills/figma-ios/figma-to-component/reference/tools.md +261 -0
  469. package/pipeline/skills/figma-ios/figma-to-component/reference/viewinspector.md +147 -0
  470. package/pipeline/skills/figma-ios/figma-to-component/reference/wiki-to-confluence-mapping.md +182 -0
  471. package/pipeline/skills/figma-ios/figma-to-component/scripts/apply-author-login-map.py +185 -0
  472. package/pipeline/skills/figma-ios/figma-to-component/scripts/backfill-status.py +609 -0
  473. package/pipeline/skills/figma-ios/figma-to-component/scripts/build-author-registry.py +332 -0
  474. package/pipeline/skills/figma-ios/figma-to-component/scripts/bulk-sync-issues.py +261 -0
  475. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-data-gather.py +184 -0
  476. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-publish.sh +188 -0
  477. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status-upload.py +768 -0
  478. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status.py +191 -0
  479. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-data-gather.py +420 -0
  480. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.json +94 -0
  481. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-publish.py +336 -0
  482. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-subcomponent-graph.py +391 -0
  483. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-update.py +292 -0
  484. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/__init__.py +1 -0
  485. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/issue_sync_propagate.py +93 -0
  486. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/registry_writer.py +299 -0
  487. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_backfill_status.py +343 -0
  488. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update.py +206 -0
  489. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update_http.py +149 -0
  490. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_phase_clis.py +281 -0
  491. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_registry_writer.py +332 -0
  492. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_issue.py +176 -0
  493. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_review.py +98 -0
  494. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue.py +298 -0
  495. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue_gh.py +195 -0
  496. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase1-gather.py +1298 -0
  497. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase2-finalize.py +228 -0
  498. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase3-scripts.py +1089 -0
  499. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase4-finalize.py +141 -0
  500. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase5-finalize.py +106 -0
  501. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase6-finalize.py +162 -0
  502. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase7-finalize.py +105 -0
  503. package/pipeline/skills/figma-ios/figma-to-component/scripts/register-icons-codeconnect.py +179 -0
  504. package/pipeline/skills/figma-ios/figma-to-component/scripts/remote-mcp-fetch.py +260 -0
  505. package/pipeline/skills/figma-ios/figma-to-component/scripts/resolve-author-logins.py +260 -0
  506. package/pipeline/skills/figma-ios/figma-to-component/scripts/run-uicomponents-tests.sh +86 -0
  507. package/pipeline/skills/figma-ios/figma-to-component/scripts/sidebar-generator.py +321 -0
  508. package/pipeline/skills/figma-ios/figma-to-component/scripts/update-issue-from-registry.py +1470 -0
  509. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase4.sh +176 -0
  510. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase6.sh +147 -0
  511. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase7a.py +629 -0
  512. package/pipeline/skills/shared/README.md +212 -0
  513. package/pipeline/skills/shared/core/apple-archive-compliance/SKILL.md +315 -0
  514. package/pipeline/skills/shared/core/google-play-compliance/SKILL.md +348 -0
  515. package/pipeline/skills/shared/core/multi-agent/SKILL.md +944 -0
  516. package/pipeline/skills/shared/core/multi-agent-autopilot/SKILL.md +51 -0
  517. package/pipeline/skills/shared/core/multi-agent-channels/SKILL.md +300 -0
  518. package/pipeline/skills/shared/core/multi-agent-delete/SKILL.md +63 -0
  519. package/pipeline/skills/shared/core/multi-agent-dev/SKILL.md +64 -0
  520. package/pipeline/skills/shared/core/multi-agent-dev-autopilot/SKILL.md +56 -0
  521. package/pipeline/skills/shared/core/multi-agent-dev-local/SKILL.md +36 -0
  522. package/pipeline/skills/shared/core/multi-agent-dev-local-autopilot/SKILL.md +42 -0
  523. package/pipeline/skills/shared/core/multi-agent-diff-explain/SKILL.md +66 -0
  524. package/pipeline/skills/shared/core/multi-agent-help/SKILL.md +292 -0
  525. package/pipeline/skills/shared/core/multi-agent-issue/SKILL.md +35 -0
  526. package/pipeline/skills/shared/core/multi-agent-jira/SKILL.md +38 -0
  527. package/pipeline/skills/shared/core/multi-agent-kill/SKILL.md +41 -0
  528. package/pipeline/skills/shared/core/multi-agent-language/SKILL.md +87 -0
  529. package/pipeline/skills/shared/core/multi-agent-local/SKILL.md +37 -0
  530. package/pipeline/skills/shared/core/multi-agent-local-autopilot/SKILL.md +53 -0
  531. package/pipeline/skills/shared/core/multi-agent-log/SKILL.md +28 -0
  532. package/pipeline/skills/shared/core/multi-agent-manual-test/SKILL.md +47 -0
  533. package/pipeline/skills/shared/core/multi-agent-purge/SKILL.md +42 -0
  534. package/pipeline/skills/shared/core/multi-agent-refactor/SKILL.md +191 -0
  535. package/pipeline/skills/shared/core/multi-agent-resume/SKILL.md +31 -0
  536. package/pipeline/skills/shared/core/multi-agent-review/SKILL.md +61 -0
  537. package/pipeline/skills/shared/core/multi-agent-scan/SKILL.md +61 -0
  538. package/pipeline/skills/shared/core/multi-agent-search/SKILL.md +62 -0
  539. package/pipeline/skills/shared/core/multi-agent-setup/SKILL.md +309 -0
  540. package/pipeline/skills/shared/core/multi-agent-stack/SKILL.md +55 -0
  541. package/pipeline/skills/shared/core/multi-agent-status/SKILL.md +41 -0
  542. package/pipeline/skills/shared/core/multi-agent-sync/SKILL.md +184 -0
  543. package/pipeline/skills/shared/core/multi-agent-test/SKILL.md +44 -0
  544. package/pipeline/skills/shared/core/multi-agent-update/SKILL.md +34 -0
  545. package/pipeline/skills/shared/external/accessibility-compliance-accessibility-audit/SKILL.md +45 -0
  546. package/pipeline/skills/shared/external/agentflow/SKILL.md +199 -0
  547. package/pipeline/skills/shared/external/alarmkit/SKILL.md +438 -0
  548. package/pipeline/skills/shared/external/alarmkit/references/alarmkit-patterns.md +584 -0
  549. package/pipeline/skills/shared/external/android-architecture/SKILL.md +407 -0
  550. package/pipeline/skills/shared/external/android-jetpack-compose-expert/SKILL.md +153 -0
  551. package/pipeline/skills/shared/external/android-performance/SKILL.md +736 -0
  552. package/pipeline/skills/shared/external/android-security/SKILL.md +577 -0
  553. package/pipeline/skills/shared/external/android_ui_verification/SKILL.md +66 -0
  554. package/pipeline/skills/shared/external/api-patterns/SKILL.md +85 -0
  555. package/pipeline/skills/shared/external/api-security-best-practices/SKILL.md +910 -0
  556. package/pipeline/skills/shared/external/app-clips/SKILL.md +436 -0
  557. package/pipeline/skills/shared/external/app-intents/SKILL.md +489 -0
  558. package/pipeline/skills/shared/external/app-intents/references/appintents-advanced.md +1076 -0
  559. package/pipeline/skills/shared/external/app-store-changelog/SKILL.md +75 -0
  560. package/pipeline/skills/shared/external/app-store-optimization/SKILL.md +409 -0
  561. package/pipeline/skills/shared/external/app-store-review/SKILL.md +411 -0
  562. package/pipeline/skills/shared/external/app-store-review/references/code-signing.md +259 -0
  563. package/pipeline/skills/shared/external/app-store-review/references/privacy-manifest.md +90 -0
  564. package/pipeline/skills/shared/external/app-store-review/references/rejection-patterns.md +152 -0
  565. package/pipeline/skills/shared/external/app-store-review/references/review-checklists.md +118 -0
  566. package/pipeline/skills/shared/external/apple-on-device-ai/SKILL.md +500 -0
  567. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-conversion.md +425 -0
  568. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-optimization.md +344 -0
  569. package/pipeline/skills/shared/external/apple-on-device-ai/references/foundation-models.md +508 -0
  570. package/pipeline/skills/shared/external/apple-on-device-ai/references/mlx-swift.md +285 -0
  571. package/pipeline/skills/shared/external/architecture/SKILL.md +60 -0
  572. package/pipeline/skills/shared/external/authentication/SKILL.md +496 -0
  573. package/pipeline/skills/shared/external/authentication/references/keychain-biometric.md +211 -0
  574. package/pipeline/skills/shared/external/background-processing/SKILL.md +499 -0
  575. package/pipeline/skills/shared/external/background-processing/references/background-task-patterns.md +390 -0
  576. package/pipeline/skills/shared/external/callkit-voip/SKILL.md +461 -0
  577. package/pipeline/skills/shared/external/callkit-voip/references/callkit-patterns.md +425 -0
  578. package/pipeline/skills/shared/external/ci-cd-pipelines/SKILL.md +462 -0
  579. package/pipeline/skills/shared/external/clean-code/SKILL.md +94 -0
  580. package/pipeline/skills/shared/external/closed-loop-delivery/SKILL.md +116 -0
  581. package/pipeline/skills/shared/external/cloudkit-sync/SKILL.md +492 -0
  582. package/pipeline/skills/shared/external/cloudkit-sync/references/cloudkit-patterns.md +461 -0
  583. package/pipeline/skills/shared/external/compose-components/SKILL.md +441 -0
  584. package/pipeline/skills/shared/external/compose-navigation/SKILL.md +436 -0
  585. package/pipeline/skills/shared/external/compose-testing/SKILL.md +527 -0
  586. package/pipeline/skills/shared/external/contacts-framework/SKILL.md +425 -0
  587. package/pipeline/skills/shared/external/contacts-framework/references/contacts-patterns.md +409 -0
  588. package/pipeline/skills/shared/external/context-compression/SKILL.md +266 -0
  589. package/pipeline/skills/shared/external/core-bluetooth/SKILL.md +491 -0
  590. package/pipeline/skills/shared/external/core-bluetooth/references/ble-patterns.md +435 -0
  591. package/pipeline/skills/shared/external/core-motion/SKILL.md +388 -0
  592. package/pipeline/skills/shared/external/core-motion/references/motion-patterns.md +405 -0
  593. package/pipeline/skills/shared/external/core-nfc/SKILL.md +495 -0
  594. package/pipeline/skills/shared/external/core-nfc/references/nfc-patterns.md +420 -0
  595. package/pipeline/skills/shared/external/coreml/SKILL.md +458 -0
  596. package/pipeline/skills/shared/external/coreml/references/coreml-swift-integration.md +765 -0
  597. package/pipeline/skills/shared/external/css-modern/SKILL.md +467 -0
  598. package/pipeline/skills/shared/external/database-patterns/SKILL.md +335 -0
  599. package/pipeline/skills/shared/external/debugging-instruments/SKILL.md +422 -0
  600. package/pipeline/skills/shared/external/debugging-instruments/references/instruments-guide.md +387 -0
  601. package/pipeline/skills/shared/external/debugging-instruments/references/lldb-patterns.md +298 -0
  602. package/pipeline/skills/shared/external/debugging-strategies/SKILL.md +37 -0
  603. package/pipeline/skills/shared/external/device-integrity/SKILL.md +477 -0
  604. package/pipeline/skills/shared/external/docker-expert/SKILL.md +413 -0
  605. package/pipeline/skills/shared/external/energykit/SKILL.md +460 -0
  606. package/pipeline/skills/shared/external/energykit/references/energykit-patterns.md +541 -0
  607. package/pipeline/skills/shared/external/eventkit-calendar/SKILL.md +483 -0
  608. package/pipeline/skills/shared/external/eventkit-calendar/references/eventkit-patterns.md +326 -0
  609. package/pipeline/skills/shared/external/fastapi-pro/SKILL.md +190 -0
  610. package/pipeline/skills/shared/external/firebase/SKILL.md +61 -0
  611. package/pipeline/skills/shared/external/github-actions-templates/SKILL.md +348 -0
  612. package/pipeline/skills/shared/external/gradle-kotlin-dsl/SKILL.md +552 -0
  613. package/pipeline/skills/shared/external/healthkit/SKILL.md +498 -0
  614. package/pipeline/skills/shared/external/healthkit/references/healthkit-patterns.md +602 -0
  615. package/pipeline/skills/shared/external/help-skills/SKILL.md +166 -0
  616. package/pipeline/skills/shared/external/hig-components-content/SKILL.md +81 -0
  617. package/pipeline/skills/shared/external/hig-components-layout/SKILL.md +95 -0
  618. package/pipeline/skills/shared/external/hig-components-status/SKILL.md +82 -0
  619. package/pipeline/skills/shared/external/hig-components-system/SKILL.md +101 -0
  620. package/pipeline/skills/shared/external/hig-foundations/SKILL.md +94 -0
  621. package/pipeline/skills/shared/external/hig-inputs/SKILL.md +110 -0
  622. package/pipeline/skills/shared/external/hig-patterns/SKILL.md +99 -0
  623. package/pipeline/skills/shared/external/hig-platforms/SKILL.md +81 -0
  624. package/pipeline/skills/shared/external/hig-technologies/SKILL.md +125 -0
  625. package/pipeline/skills/shared/external/homekit-matter/SKILL.md +496 -0
  626. package/pipeline/skills/shared/external/homekit-matter/references/matter-commissioning.md +455 -0
  627. package/pipeline/skills/shared/external/html-semantic/SKILL.md +301 -0
  628. package/pipeline/skills/shared/external/humanizer/SKILL.md +118 -0
  629. package/pipeline/skills/shared/external/ios-accessibility/SKILL.md +301 -0
  630. package/pipeline/skills/shared/external/ios-accessibility/references/a11y-patterns.md +140 -0
  631. package/pipeline/skills/shared/external/ios-debugger-agent/SKILL.md +59 -0
  632. package/pipeline/skills/shared/external/ios-developer/SKILL.md +217 -0
  633. package/pipeline/skills/shared/external/ios-localization/SKILL.md +418 -0
  634. package/pipeline/skills/shared/external/ios-localization/references/formatstyle-locale.md +627 -0
  635. package/pipeline/skills/shared/external/ios-localization/references/string-catalogs.md +462 -0
  636. package/pipeline/skills/shared/external/ios-networking/SKILL.md +441 -0
  637. package/pipeline/skills/shared/external/ios-networking/references/background-websocket.md +862 -0
  638. package/pipeline/skills/shared/external/ios-networking/references/lightweight-clients.md +93 -0
  639. package/pipeline/skills/shared/external/ios-networking/references/network-framework.md +563 -0
  640. package/pipeline/skills/shared/external/ios-networking/references/urlsession-patterns.md +1116 -0
  641. package/pipeline/skills/shared/external/ios-security/SKILL.md +496 -0
  642. package/pipeline/skills/shared/external/ios-security/references/app-review-guidelines.md +174 -0
  643. package/pipeline/skills/shared/external/ios-security/references/cryptokit-advanced.md +297 -0
  644. package/pipeline/skills/shared/external/ios-security/references/file-storage-patterns.md +354 -0
  645. package/pipeline/skills/shared/external/ios-security/references/privacy-manifest.md +117 -0
  646. package/pipeline/skills/shared/external/kotlin-coroutines-expert/SKILL.md +101 -0
  647. package/pipeline/skills/shared/external/live-activities/SKILL.md +500 -0
  648. package/pipeline/skills/shared/external/live-activities/references/live-activity-patterns.md +868 -0
  649. package/pipeline/skills/shared/external/macos-menubar-tuist-app/SKILL.md +109 -0
  650. package/pipeline/skills/shared/external/macos-spm-app-packaging/SKILL.md +110 -0
  651. package/pipeline/skills/shared/external/mapkit-location/SKILL.md +485 -0
  652. package/pipeline/skills/shared/external/mapkit-location/references/corelocation-patterns.md +730 -0
  653. package/pipeline/skills/shared/external/mapkit-location/references/mapkit-patterns.md +748 -0
  654. package/pipeline/skills/shared/external/metrickit-diagnostics/SKILL.md +479 -0
  655. package/pipeline/skills/shared/external/monorepo-architect/SKILL.md +64 -0
  656. package/pipeline/skills/shared/external/musickit-audio/SKILL.md +395 -0
  657. package/pipeline/skills/shared/external/musickit-audio/references/musickit-patterns.md +363 -0
  658. package/pipeline/skills/shared/external/natural-language/SKILL.md +412 -0
  659. package/pipeline/skills/shared/external/natural-language/references/translation-patterns.md +311 -0
  660. package/pipeline/skills/shared/external/nextjs-app-router/SKILL.md +418 -0
  661. package/pipeline/skills/shared/external/nodejs-backend-patterns/SKILL.md +38 -0
  662. package/pipeline/skills/shared/external/observability-engineer/SKILL.md +235 -0
  663. package/pipeline/skills/shared/external/passkit-wallet/SKILL.md +398 -0
  664. package/pipeline/skills/shared/external/passkit-wallet/references/wallet-passes.md +254 -0
  665. package/pipeline/skills/shared/external/pencilkit-drawing/SKILL.md +387 -0
  666. package/pipeline/skills/shared/external/pencilkit-drawing/references/paperkit-integration.md +376 -0
  667. package/pipeline/skills/shared/external/pencilkit-drawing/references/pencilkit-patterns.md +302 -0
  668. package/pipeline/skills/shared/external/permissionkit/SKILL.md +446 -0
  669. package/pipeline/skills/shared/external/permissionkit/references/permissionkit-patterns.md +435 -0
  670. package/pipeline/skills/shared/external/photos-camera-media/SKILL.md +501 -0
  671. package/pipeline/skills/shared/external/photos-camera-media/references/av-playback.md +701 -0
  672. package/pipeline/skills/shared/external/photos-camera-media/references/camera-capture.md +774 -0
  673. package/pipeline/skills/shared/external/photos-camera-media/references/image-loading-caching.md +869 -0
  674. package/pipeline/skills/shared/external/photos-camera-media/references/photospicker-patterns.md +597 -0
  675. package/pipeline/skills/shared/external/play-store-review/SKILL.md +350 -0
  676. package/pipeline/skills/shared/external/push-notifications/SKILL.md +501 -0
  677. package/pipeline/skills/shared/external/push-notifications/references/notification-patterns.md +677 -0
  678. package/pipeline/skills/shared/external/push-notifications/references/rich-notifications.md +745 -0
  679. package/pipeline/skills/shared/external/python-patterns/SKILL.md +383 -0
  680. package/pipeline/skills/shared/external/react-best-practices/SKILL.md +290 -0
  681. package/pipeline/skills/shared/external/realitykit-ar/SKILL.md +479 -0
  682. package/pipeline/skills/shared/external/realitykit-ar/references/realitykit-patterns.md +480 -0
  683. package/pipeline/skills/shared/external/rest-api-design/SKILL.md +386 -0
  684. package/pipeline/skills/shared/external/retrofit-networking/SKILL.md +506 -0
  685. package/pipeline/skills/shared/external/room-database/SKILL.md +564 -0
  686. package/pipeline/skills/shared/external/shareplay-activities/SKILL.md +483 -0
  687. package/pipeline/skills/shared/external/shareplay-activities/references/shareplay-patterns.md +544 -0
  688. package/pipeline/skills/shared/external/speech-recognition/SKILL.md +485 -0
  689. package/pipeline/skills/shared/external/storekit/SKILL.md +478 -0
  690. package/pipeline/skills/shared/external/storekit/references/app-review-guidelines.md +58 -0
  691. package/pipeline/skills/shared/external/storekit/references/storekit-advanced.md +755 -0
  692. package/pipeline/skills/shared/external/swift-charts/SKILL.md +487 -0
  693. package/pipeline/skills/shared/external/swift-charts/references/charts-patterns.md +895 -0
  694. package/pipeline/skills/shared/external/swift-codable/SKILL.md +467 -0
  695. package/pipeline/skills/shared/external/swift-concurrency/SKILL.md +408 -0
  696. package/pipeline/skills/shared/external/swift-concurrency/references/approachable-concurrency.md +80 -0
  697. package/pipeline/skills/shared/external/swift-concurrency/references/swift-6-2-concurrency.md +233 -0
  698. package/pipeline/skills/shared/external/swift-concurrency/references/swiftui-concurrency.md +187 -0
  699. package/pipeline/skills/shared/external/swift-concurrency/references/synchronization-primitives.md +341 -0
  700. package/pipeline/skills/shared/external/swift-concurrency-expert/SKILL.md +113 -0
  701. package/pipeline/skills/shared/external/swift-concurrency-pro/SKILL.md +124 -0
  702. package/pipeline/skills/shared/external/swift-concurrency-pro/references/actors.md +155 -0
  703. package/pipeline/skills/shared/external/swift-concurrency-pro/references/async-streams.md +67 -0
  704. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bridging.md +52 -0
  705. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bug-patterns.md +100 -0
  706. package/pipeline/skills/shared/external/swift-concurrency-pro/references/cancellation.md +107 -0
  707. package/pipeline/skills/shared/external/swift-concurrency-pro/references/diagnostics.md +70 -0
  708. package/pipeline/skills/shared/external/swift-concurrency-pro/references/hotspots.md +47 -0
  709. package/pipeline/skills/shared/external/swift-concurrency-pro/references/interop.md +129 -0
  710. package/pipeline/skills/shared/external/swift-concurrency-pro/references/new-features.md +224 -0
  711. package/pipeline/skills/shared/external/swift-concurrency-pro/references/structured.md +101 -0
  712. package/pipeline/skills/shared/external/swift-concurrency-pro/references/testing.md +218 -0
  713. package/pipeline/skills/shared/external/swift-concurrency-pro/references/unstructured.md +61 -0
  714. package/pipeline/skills/shared/external/swift-language/SKILL.md +498 -0
  715. package/pipeline/skills/shared/external/swift-language/references/swift-patterns-extended.md +505 -0
  716. package/pipeline/skills/shared/external/swift-testing/SKILL.md +462 -0
  717. package/pipeline/skills/shared/external/swift-testing/references/testing-patterns.md +504 -0
  718. package/pipeline/skills/shared/external/swift-testing-pro/SKILL.md +97 -0
  719. package/pipeline/skills/shared/external/swift-testing-pro/references/async-tests.md +252 -0
  720. package/pipeline/skills/shared/external/swift-testing-pro/references/core-rules.md +52 -0
  721. package/pipeline/skills/shared/external/swift-testing-pro/references/migrating-from-xctest.md +34 -0
  722. package/pipeline/skills/shared/external/swift-testing-pro/references/new-features.md +318 -0
  723. package/pipeline/skills/shared/external/swift-testing-pro/references/writing-better-tests.md +254 -0
  724. package/pipeline/skills/shared/external/swiftdata/SKILL.md +334 -0
  725. package/pipeline/skills/shared/external/swiftdata/references/core-data-coexistence.md +504 -0
  726. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-advanced.md +975 -0
  727. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-queries.md +675 -0
  728. package/pipeline/skills/shared/external/swiftdata-pro/SKILL.md +102 -0
  729. package/pipeline/skills/shared/external/swiftdata-pro/references/class-inheritance.md +104 -0
  730. package/pipeline/skills/shared/external/swiftdata-pro/references/cloudkit.md +10 -0
  731. package/pipeline/skills/shared/external/swiftdata-pro/references/core-rules.md +20 -0
  732. package/pipeline/skills/shared/external/swiftdata-pro/references/indexing.md +27 -0
  733. package/pipeline/skills/shared/external/swiftdata-pro/references/predicates.md +73 -0
  734. package/pipeline/skills/shared/external/swiftui-animation/SKILL.md +503 -0
  735. package/pipeline/skills/shared/external/swiftui-animation/references/animation-advanced.md +821 -0
  736. package/pipeline/skills/shared/external/swiftui-animation/references/core-animation-bridge.md +553 -0
  737. package/pipeline/skills/shared/external/swiftui-expert-skill/SKILL.md +102 -0
  738. package/pipeline/skills/shared/external/swiftui-expert-skill/references/accessibility-patterns.md +215 -0
  739. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-advanced.md +403 -0
  740. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-basics.md +284 -0
  741. package/pipeline/skills/shared/external/swiftui-expert-skill/references/animation-transitions.md +326 -0
  742. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts-accessibility.md +135 -0
  743. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts.md +602 -0
  744. package/pipeline/skills/shared/external/swiftui-expert-skill/references/image-optimization.md +203 -0
  745. package/pipeline/skills/shared/external/swiftui-expert-skill/references/latest-apis.md +464 -0
  746. package/pipeline/skills/shared/external/swiftui-expert-skill/references/layout-best-practices.md +266 -0
  747. package/pipeline/skills/shared/external/swiftui-expert-skill/references/liquid-glass.md +416 -0
  748. package/pipeline/skills/shared/external/swiftui-expert-skill/references/list-patterns.md +394 -0
  749. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-scenes.md +318 -0
  750. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-views.md +357 -0
  751. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-window-styling.md +303 -0
  752. package/pipeline/skills/shared/external/swiftui-expert-skill/references/performance-patterns.md +403 -0
  753. package/pipeline/skills/shared/external/swiftui-expert-skill/references/scroll-patterns.md +293 -0
  754. package/pipeline/skills/shared/external/swiftui-expert-skill/references/sheet-navigation-patterns.md +363 -0
  755. package/pipeline/skills/shared/external/swiftui-expert-skill/references/state-management.md +417 -0
  756. package/pipeline/skills/shared/external/swiftui-expert-skill/references/view-structure.md +389 -0
  757. package/pipeline/skills/shared/external/swiftui-gestures/SKILL.md +450 -0
  758. package/pipeline/skills/shared/external/swiftui-gestures/references/gesture-patterns.md +425 -0
  759. package/pipeline/skills/shared/external/swiftui-layout-components/SKILL.md +336 -0
  760. package/pipeline/skills/shared/external/swiftui-layout-components/references/form.md +97 -0
  761. package/pipeline/skills/shared/external/swiftui-layout-components/references/grids.md +69 -0
  762. package/pipeline/skills/shared/external/swiftui-layout-components/references/list.md +99 -0
  763. package/pipeline/skills/shared/external/swiftui-layout-components/references/scrollview.md +147 -0
  764. package/pipeline/skills/shared/external/swiftui-liquid-glass/SKILL.md +98 -0
  765. package/pipeline/skills/shared/external/swiftui-navigation/SKILL.md +262 -0
  766. package/pipeline/skills/shared/external/swiftui-navigation/references/deeplinks.md +207 -0
  767. package/pipeline/skills/shared/external/swiftui-navigation/references/navigationstack.md +177 -0
  768. package/pipeline/skills/shared/external/swiftui-navigation/references/sheets.md +169 -0
  769. package/pipeline/skills/shared/external/swiftui-navigation/references/tabview.md +178 -0
  770. package/pipeline/skills/shared/external/swiftui-patterns/SKILL.md +371 -0
  771. package/pipeline/skills/shared/external/swiftui-patterns/references/architecture-patterns.md +486 -0
  772. package/pipeline/skills/shared/external/swiftui-patterns/references/deprecated-migration.md +1097 -0
  773. package/pipeline/skills/shared/external/swiftui-patterns/references/design-polish.md +780 -0
  774. package/pipeline/skills/shared/external/swiftui-patterns/references/platform-and-sharing.md +696 -0
  775. package/pipeline/skills/shared/external/swiftui-performance/SKILL.md +487 -0
  776. package/pipeline/skills/shared/external/swiftui-performance/references/demystify-swiftui-performance-wwdc23.md +46 -0
  777. package/pipeline/skills/shared/external/swiftui-performance/references/optimizing-swiftui-performance-instruments.md +29 -0
  778. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-hangs-in-your-app.md +33 -0
  779. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-improving-swiftui-performance.md +52 -0
  780. package/pipeline/skills/shared/external/swiftui-performance-audit/SKILL.md +114 -0
  781. package/pipeline/skills/shared/external/swiftui-pro/SKILL.md +108 -0
  782. package/pipeline/skills/shared/external/swiftui-pro/references/accessibility.md +13 -0
  783. package/pipeline/skills/shared/external/swiftui-pro/references/api.md +39 -0
  784. package/pipeline/skills/shared/external/swiftui-pro/references/data.md +43 -0
  785. package/pipeline/skills/shared/external/swiftui-pro/references/design.md +31 -0
  786. package/pipeline/skills/shared/external/swiftui-pro/references/hygiene.md +9 -0
  787. package/pipeline/skills/shared/external/swiftui-pro/references/navigation.md +14 -0
  788. package/pipeline/skills/shared/external/swiftui-pro/references/performance.md +46 -0
  789. package/pipeline/skills/shared/external/swiftui-pro/references/swift.md +56 -0
  790. package/pipeline/skills/shared/external/swiftui-pro/references/views.md +35 -0
  791. package/pipeline/skills/shared/external/swiftui-ui-patterns/SKILL.md +103 -0
  792. package/pipeline/skills/shared/external/swiftui-uikit-interop/SKILL.md +428 -0
  793. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/hosting-migration.md +534 -0
  794. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/representable-recipes.md +948 -0
  795. package/pipeline/skills/shared/external/swiftui-view-refactor/SKILL.md +210 -0
  796. package/pipeline/skills/shared/external/swiftui-webkit/SKILL.md +273 -0
  797. package/pipeline/skills/shared/external/swiftui-webkit/references/loading-and-observation.md +151 -0
  798. package/pipeline/skills/shared/external/swiftui-webkit/references/local-content-and-custom-schemes.md +95 -0
  799. package/pipeline/skills/shared/external/swiftui-webkit/references/migration-and-fallbacks.md +51 -0
  800. package/pipeline/skills/shared/external/swiftui-webkit/references/navigation-and-javascript.md +111 -0
  801. package/pipeline/skills/shared/external/tailwind-css/SKILL.md +309 -0
  802. package/pipeline/skills/shared/external/testing-backend/SKILL.md +393 -0
  803. package/pipeline/skills/shared/external/tipkit/SKILL.md +494 -0
  804. package/pipeline/skills/shared/external/tipkit/references/tipkit-patterns.md +782 -0
  805. package/pipeline/skills/shared/external/typescript-patterns/SKILL.md +336 -0
  806. package/pipeline/skills/shared/external/vision-framework/SKILL.md +475 -0
  807. package/pipeline/skills/shared/external/vision-framework/references/vision-requests.md +736 -0
  808. package/pipeline/skills/shared/external/vision-framework/references/visionkit-scanner.md +738 -0
  809. package/pipeline/skills/shared/external/vue-composition/SKILL.md +371 -0
  810. package/pipeline/skills/shared/external/weatherkit/SKILL.md +410 -0
  811. package/pipeline/skills/shared/external/weatherkit/references/weatherkit-patterns.md +567 -0
  812. package/pipeline/skills/shared/external/web-accessibility/SKILL.md +373 -0
  813. package/pipeline/skills/shared/external/web-performance/SKILL.md +345 -0
  814. package/pipeline/skills/shared/external/web-testing/SKILL.md +385 -0
  815. package/pipeline/skills/shared/external/widgetkit/SKILL.md +497 -0
  816. package/pipeline/skills/shared/external/widgetkit/references/widgetkit-advanced.md +871 -0
  817. package/pipeline/skills/skills-index.md +205 -0
@@ -0,0 +1,411 @@
1
+ ---
2
+ name: app-store-review
3
+ description: "Prepare for App Store review and prevent rejections. Covers App Store review guidelines, app rejection reasons, code signing errors (ITMS-90035, ITMS-90034, ITMS-90046, ITMS-91065), provisioning profile issues, SDK signature requirements, entitlements mismatches, PrivacyInfo.xcprivacy privacy manifest requirements, required API reason codes, in-app purchase IAP and StoreKit rules, App Store Guidelines compliance, ATT App Tracking Transparency, EU DMA Digital Markets Act, HIG compliance checklist, app submission preparation, review preparation, metadata requirements, entitlements, widgets, and Live Activities review rules. Use when preparing for App Store submission, fixing rejection reasons, resolving code signing issues, fixing ITMS errors, auditing privacy manifests, implementing ATT consent flow, configuring StoreKit IAP, or checking HIG compliance."
4
+ ---
5
+
6
+ # App Store Review Preparation
7
+
8
+ Guidance for catching App Store rejection risks before submission. Apple reviewed 7.7 million submissions in 2024 and rejected 1.9 million. Most rejections are preventable with proper preparation.
9
+
10
+ ## Contents
11
+
12
+ - [Overview](#overview)
13
+ - [Code Signing and SDK Signature Errors](#code-signing-and-sdk-signature-errors)
14
+ - [Top Rejection Reasons and How to Avoid Them](#top-rejection-reasons-and-how-to-avoid-them)
15
+ - [PrivacyInfo.xcprivacy -- Privacy Manifest Requirements](#privacyinfoxcprivacy-privacy-manifest-requirements)
16
+ - [Data Use, Sharing, and Privacy Policy (Guideline 5.1.2)](#data-use-sharing-and-privacy-policy-guideline-512)
17
+ - [In-App Purchase and StoreKit Rules (Guideline 3.1.1)](#in-app-purchase-and-storekit-rules-guideline-311)
18
+ - [HIG Compliance Checklist](#hig-compliance-checklist)
19
+ - [App Tracking Transparency (ATT)](#app-tracking-transparency-att)
20
+ - [EU Digital Markets Act (DMA) Considerations](#eu-digital-markets-act-dma-considerations)
21
+ - [Entitlements and Capabilities](#entitlements-and-capabilities)
22
+ - [Submission Workflow](#submission-workflow)
23
+ - [Metadata Best Practices](#metadata-best-practices)
24
+ - [Appeal Process](#appeal-process)
25
+ - [Common Mistakes](#common-mistakes)
26
+ - [Review Checklist](#review-checklist)
27
+ - [References](#references)
28
+
29
+ ## Overview
30
+
31
+ Use this SKILL.md for quick guidance on common rejection reasons and key policies. Use the references for detailed checklists, privacy manifest specifics, and code signing troubleshooting.
32
+
33
+ ## Code Signing and SDK Signature Errors
34
+
35
+ Code signing issues are the most common **upload-time** rejection (before human review even starts). See `references/code-signing.md` for the full guide and `references/rejection-patterns.md` for high-risk patterns.
36
+
37
+ ### ITMS-91065: Missing SDK Signature (Most Common in 2024+)
38
+
39
+ Apple now requires commonly used third-party SDK binaries to include a code signature. This is triggered when embedding unsigned `.framework` files.
40
+
41
+ **Error example:**
42
+ ```
43
+ ITMS-91065: Missing signature - Your app includes "Frameworks/Toast.framework/Toast",
44
+ which includes Toast, an SDK that was identified as a commonly used third-party SDK.
45
+ ```
46
+
47
+ **Resolution options (in priority order):**
48
+
49
+ 1. **Replace binary with source files** — Add the SDK's source `.swift` files directly to your project instead of embedding the pre-built binary. No binary = no signature requirement. This is the most reliable fix.
50
+ 2. **Switch to SPM or source-based CocoaPods** — Source-level integration compiles the SDK as part of your project, eliminating the signature issue entirely.
51
+ 3. **Update SDK** — Get a newer version that includes Apple's required signature from the vendor.
52
+ 4. **Sign the framework manually** (last resort):
53
+ ```bash
54
+ codesign --force --sign "Apple Distribution: Your Company (TEAM_ID)" \
55
+ --preserve-metadata=identifier,entitlements \
56
+ Frameworks/SDKName.framework
57
+ ```
58
+
59
+ **Prevention:** Before adding any binary dependency, verify it is signed:
60
+ ```bash
61
+ codesign --verify --deep --strict NewSDK.framework
62
+ ```
63
+
64
+ ### ITMS-90035: Invalid Signature
65
+
66
+ Binary signed with wrong certificate (development instead of distribution).
67
+
68
+ **Fix:** Archive must use "Apple Distribution" certificate. Verify:
69
+ ```bash
70
+ codesign -dv --verbose=4 YourApp.app
71
+ # Authority line must show "Apple Distribution"
72
+ ```
73
+
74
+ ### ITMS-90046: Invalid Code Signing Entitlements
75
+
76
+ App claims entitlements not in provisioning profile.
77
+
78
+ **Fix:** Compare binary entitlements against profile:
79
+ ```bash
80
+ # Binary entitlements
81
+ codesign -d --entitlements - YourApp.app
82
+
83
+ # Profile entitlements
84
+ security cms -D -i YourApp.app/embedded.mobileprovision
85
+ ```
86
+
87
+ Every entitlement in the binary MUST exist in the provisioning profile.
88
+
89
+ ### Quick Code Signing Checklist
90
+
91
+ - [ ] Archive built with Release configuration + Apple Distribution certificate
92
+ - [ ] All provisioning profiles are App Store type and not expired
93
+ - [ ] All targets (app, extensions, widgets) use same team ID
94
+ - [ ] Entitlements in binary match profile capabilities
95
+ - [ ] No `get-task-allow` in Release builds (debug-only entitlement)
96
+ - [ ] All embedded frameworks signed with same distribution identity
97
+ - [ ] No simulator architectures (`x86_64`, `i386`) in embedded frameworks
98
+ - [ ] Push environment is `production` (not `development`) in Release
99
+ - [ ] Third-party binary SDKs are signed (ITMS-91065)
100
+
101
+ ## Top Rejection Reasons and How to Avoid Them
102
+
103
+ ### Guideline 2.1 -- App Completeness
104
+
105
+ The app must be fully functional when reviewed. Apple rejects for:
106
+
107
+ - Placeholder content, lorem ipsum, or test data visible anywhere
108
+ - Broken links or empty screens
109
+ - Features behind logins without demo credentials provided in App Review notes
110
+ - Features that require hardware Apple does not have access to
111
+
112
+ **Prevention:**
113
+ - Provide demo account credentials in the App Review Information notes field in App Store Connect
114
+ - Walk through every screen and verify real content is present
115
+ - Test all flows end-to-end, including edge cases like empty states and error conditions
116
+
117
+ ### Guideline 2.3 -- Accurate Metadata
118
+
119
+ - App name must match what the app actually does
120
+ - Screenshots must show the actual app UI, not marketing renders or mockups
121
+ - Description must not contain prices (they vary by region)
122
+ - No references to other platforms ("Also available on Android")
123
+ - Keywords must be relevant -- no competitor names or unrelated terms
124
+ - Category must match the app's primary function
125
+
126
+ ### Guideline 4.2 -- Minimum Functionality
127
+
128
+ Apple rejects apps that are too simple or are just websites in a wrapper:
129
+
130
+ - WKWebView-only apps are rejected unless they add meaningful native functionality
131
+ - Single-feature apps may be rejected if the feature is better suited as part of another app
132
+ - Apps that duplicate built-in iOS functionality without significant improvement are rejected
133
+
134
+ ### Guideline 2.5.1 -- Software Requirements
135
+
136
+ - Must use public APIs only -- private API usage is an instant rejection
137
+ - Must be built with the current Xcode GM release or later
138
+ - Must support the latest two major iOS versions (guideline, not strict rule)
139
+ - Must not download or execute code dynamically (except JavaScript in WKWebView)
140
+
141
+ ## PrivacyInfo.xcprivacy -- Privacy Manifest Requirements
142
+
143
+ This is the fastest-growing rejection category (Guideline 5.1.1). A privacy manifest is **required** if your app or any of its dependencies uses certain categories of APIs.
144
+
145
+ **See:** `references/privacy-manifest.md` for the full structure, reason codes, and checklists.
146
+
147
+ ### Summary
148
+
149
+ - File timestamp, system boot time, disk space, user defaults, and active keyboard APIs all require reason codes.
150
+ - Every third-party SDK must ship its own privacy manifest.
151
+ - Manifest declarations must match App Store privacy nutrition labels and actual network behavior.
152
+
153
+ ## Data Use, Sharing, and Privacy Policy (Guideline 5.1.2)
154
+
155
+ - A privacy policy URL must be set in App Store Connect AND accessible within the app
156
+ - The privacy policy must accurately describe what data you collect, how you use it, and who you share it with
157
+ - App Store privacy nutrition labels must match your actual data collection practices
158
+ - Apple cross-references your privacy manifest, nutrition labels, and observed network traffic
159
+
160
+ ## In-App Purchase and StoreKit Rules (Guideline 3.1.1)
161
+
162
+ IAP rules are strict and heavily enforced.
163
+
164
+ ### What Requires Apple IAP
165
+
166
+ All digital content and services must use Apple's In-App Purchase system:
167
+
168
+ - Premium features or content unlocks
169
+ - Subscriptions to app functionality
170
+ - Virtual currency, coins, gems
171
+ - Ad removal
172
+ - Digital tips or donations
173
+
174
+ ### What Does NOT Require IAP
175
+
176
+ - Physical products (e-commerce)
177
+ - Ride-sharing, food delivery, real-world services
178
+ - One-to-one services (tutoring, consulting booked through the app)
179
+ - Enterprise/B2B apps distributed through Apple Business Manager
180
+
181
+ ### Subscription Display Requirements
182
+
183
+ - Price, duration, and auto-renewal terms must be clearly displayed before purchase
184
+ - Free trials must state what happens when they end (price, billing frequency)
185
+ - No links, buttons, or language directing users to purchase outside the app
186
+ - "Reader" apps (Netflix, Spotify) may link to external sign-up but cannot offer IAP bypass
187
+
188
+ ### StoreKit Implementation Checklist
189
+
190
+ - Consumables, non-consumables, and subscriptions must be correctly categorized in App Store Connect
191
+ - Restore purchases functionality must be present and working
192
+ - Transaction verification should use StoreKit 2 `Transaction.currentEntitlements` or server-side validation
193
+ - Handle interrupted purchases, deferred transactions, and ask-to-buy gracefully
194
+
195
+ ## HIG Compliance Checklist
196
+
197
+ See `references/review-checklists.md` for the full HIG checklist (navigation, modals, widgets, system feature support, launch screen, empty states). This section stays intentionally brief to keep SKILL.md concise.
198
+
199
+ ## App Tracking Transparency (ATT)
200
+
201
+ ### When ATT Is Required
202
+
203
+ If your app tracks users across other companies' apps or websites, you must:
204
+
205
+ 1. Request permission via `ATTrackingManager.requestTrackingAuthorization` before any tracking occurs
206
+ 2. Respect the user's choice -- do not track if the user denies permission
207
+ 3. Not gate app functionality behind tracking consent ("Accept tracking or you cannot use this app" is rejected)
208
+ 4. Provide a clear purpose string in `NSUserTrackingUsageDescription` explaining what tracking is used for
209
+
210
+ ### When ATT Is NOT Required
211
+
212
+ If you do not track users across apps or websites, do not show the ATT prompt. Apple rejects unnecessary ATT prompts.
213
+
214
+ ### ATT Implementation
215
+
216
+ ```swift
217
+ import AppTrackingTransparency
218
+
219
+ func requestTrackingPermission() async {
220
+ let status = await ATTrackingManager.requestTrackingAuthorization()
221
+ switch status {
222
+ case .authorized:
223
+ // Enable tracking, initialize ad SDKs with tracking
224
+ break
225
+ case .denied, .restricted:
226
+ // Use non-personalized ads, disable cross-app tracking
227
+ break
228
+ case .notDetermined:
229
+ // Should not happen after request, handle gracefully
230
+ break
231
+ @unknown default:
232
+ break
233
+ }
234
+ }
235
+ ```
236
+
237
+ **Timing:** Request ATT permission after the app has launched and the user has context for why tracking is being requested. Do not show the prompt immediately on first launch.
238
+
239
+ ## EU Digital Markets Act (DMA) Considerations
240
+
241
+ For apps distributed in the EU:
242
+
243
+ - Alternative browser engines are permitted on iOS in the EU
244
+ - Alternative app marketplaces exist -- apps may be distributed outside the App Store
245
+ - External payment links may be allowed under specific conditions, with Apple's commission structure adjusted
246
+ - Notarization is required even for sideloaded apps distributed outside the App Store
247
+ - Apps using alternative distribution must still meet Apple's notarization requirements for security
248
+
249
+ ## Entitlements and Capabilities
250
+
251
+ Every entitlement must be justified. Apple reviews these closely:
252
+
253
+ | Entitlement | Apple Scrutiny |
254
+ |---|---|
255
+ | Camera | Must explain purpose in `NSCameraUsageDescription` |
256
+ | Location (Always) | Must have clear, user-visible reason for background location |
257
+ | Push Notifications | Must not be used for marketing without user opt-in |
258
+ | HealthKit | Must actually use health data in a meaningful way |
259
+ | Background Modes | Each mode (audio, location, VoIP, fetch) must be justified and actively used |
260
+ | App Groups | Must explain what shared data is needed |
261
+ | Associated Domains | Universal links must actually resolve and function |
262
+
263
+ ### Usage Description Strings
264
+
265
+ Usage descriptions in Info.plist must be specific about what data is accessed and why:
266
+
267
+ ```xml
268
+ // REJECTED -- too vague
269
+
270
+ // APPROVED -- specific purpose
271
+ "Your location is used to show nearby restaurants on the map."
272
+
273
+ // REJECTED -- too vague
274
+ "This app needs access to your camera."
275
+
276
+ // APPROVED -- specific purpose
277
+ "The camera is used to scan barcodes for price comparison."
278
+ ```
279
+
280
+ Apple rejects vague usage descriptions. Always state what the data is used for in user-facing terms.
281
+
282
+ ## Submission Workflow
283
+
284
+ ### Pre-Submission Steps
285
+
286
+ 1. **Archive in Xcode.** Product > Archive (requires a Distribution signing identity). Verify the archive builds clean with zero warnings in Release configuration.
287
+ 2. **Upload to App Store Connect.** Use the Organizer window (Distribute App > App Store Connect) or `xcodebuild -exportArchive`. Automated uploads via `altool` or Transporter also work.
288
+ 3. **TestFlight internal testing.** The build is available to internal testers (your team) within minutes of processing. Walk through every screen and flow on at least two device sizes.
289
+ 4. **TestFlight external testing.** External groups require a brief Beta App Review (usually < 24 hours). Use this to validate with real users before full submission.
290
+ 5. **Submit for App Review.** In App Store Connect, select the build, fill in all metadata fields, attach screenshots, and click Submit for Review. Average review time is under 24 hours, but allow 48 hours.
291
+
292
+ ### Expedited Review Requests
293
+
294
+ Apple grants expedited reviews for critical situations only:
295
+
296
+ - Critical bug fix affecting existing users
297
+ - Time-sensitive event (holiday launch, legal compliance deadline)
298
+ - Security vulnerability patch
299
+
300
+ Request via the Contact Us form in App Store Connect (App Review > Expedite Request). Provide a specific, factual justification. Do not request expedited review for initial launches or feature updates.
301
+
302
+ ### Phased Release
303
+
304
+ After approval, you can enable phased release to gradually roll out the update:
305
+
306
+ | Day | Percentage of Users |
307
+ |-----|---------------------|
308
+ | 1 | 1% |
309
+ | 2 | 2% |
310
+ | 3 | 5% |
311
+ | 4 | 10% |
312
+ | 5 | 20% |
313
+ | 6 | 50% |
314
+ | 7 | 100% |
315
+
316
+ Users who manually check for updates in the App Store will receive the update immediately regardless of phased release stage. You can pause, resume, or complete the rollout at any time from App Store Connect.
317
+
318
+ ## Metadata Best Practices
319
+
320
+ ### App Name and Subtitle
321
+
322
+ - **30 characters max** for the app name. Keep it memorable and unique.
323
+ - **30 characters max** for the subtitle. Use it for a concise value proposition.
324
+ - No generic terms that describe a category ("Photo Editor" alone is likely rejected).
325
+ - No competitor names or trademarked terms you do not own.
326
+ - No pricing information in the name or subtitle.
327
+ - Name must be unique on the App Store -- Apple rejects duplicates.
328
+
329
+ ### Screenshot Requirements
330
+
331
+ - Provide screenshots for every required device size (6.9", 6.7", 6.5", 5.5" for iPhone; 13" for iPad if supporting iPad).
332
+ - Screenshots must show the **actual app UI** -- no misleading content, no features that do not exist.
333
+ - Text overlays and marketing frames are allowed but must not obscure or misrepresent the actual interface.
334
+ - Up to 10 screenshots per localization. Lead with your most compelling screen.
335
+ - Screenshots for different localizations should show localized UI.
336
+
337
+ ### Keywords Optimization
338
+
339
+ - 100-character limit, comma-separated, no spaces after commas.
340
+ - Do not duplicate words already in your app name or subtitle (Apple indexes those automatically).
341
+ - Use singular or plural, not both ("game" not "game,games").
342
+ - No competitor names, trademarked terms, or irrelevant words.
343
+ - Place highest-value keywords first.
344
+ - Update keywords with each release based on Search Ads and analytics data.
345
+
346
+ ### App Preview Videos
347
+
348
+ - **30 seconds max** per preview video.
349
+ - Up to 3 preview videos per localization.
350
+ - Must show the actual app running on device -- no pre-rendered animations of features that look different in practice.
351
+ - App audio is captured; narration and background music are optional.
352
+ - No device frames or hands unless showing real device interaction.
353
+ - First frame is used as the poster frame on the product page (choose carefully).
354
+
355
+ ## Appeal Process
356
+
357
+ ### Replying to Rejections
358
+
359
+ All rejections appear in the **Resolution Center** in App Store Connect. To respond:
360
+
361
+ 1. Read the rejection message carefully -- it cites the specific guideline violated.
362
+ 2. Reply directly in the Resolution Center thread with a clear, factual explanation.
363
+ 3. If you made a fix, describe exactly what changed and resubmit the binary.
364
+ 4. If you believe the rejection is incorrect, explain why your app complies, with references to the specific guideline text.
365
+
366
+ **Tone matters.** Be professional, specific, and concise. Provide demo credentials, screenshots, or screen recordings that demonstrate compliance. Avoid emotional language or threats.
367
+
368
+ ### Escalation to App Review Board
369
+
370
+ If the Resolution Center exchange does not resolve the issue:
371
+
372
+ 1. Request an appeal to the **App Review Board** via the Resolution Center or the App Store Contact form (App Review > Appeal).
373
+ 2. The Board is a separate team from the original reviewer. Provide all context -- they review the full history.
374
+ 3. Board decisions are final for that submission, but you can always modify the app and resubmit.
375
+
376
+ ### Common Successful Appeal Strategies
377
+
378
+ - **Provide a video walkthrough** showing the feature the reviewer could not find or access.
379
+ - **Cite the specific guideline** and explain how the app satisfies each requirement.
380
+ - **Include demo credentials** if the reviewer could not log in (the most common 2.1 rejection cause).
381
+ - **Reference precedent** -- if similar apps exist on the App Store with the same pattern, note them (respectfully).
382
+ - **Offer a compromise** -- if Apple objects to a specific implementation, propose an alternative that satisfies both sides.
383
+
384
+ ## Common Mistakes
385
+
386
+ 1. **Missing demo credentials.** Provide App Review login credentials in App Store Connect notes. Most Guideline 2.1 rejections are from reviewers unable to test behind a login.
387
+ 2. **Privacy manifest mismatch.** Declared data collection in PrivacyInfo.xcprivacy must match App Store privacy nutrition labels and actual network traffic.
388
+ 3. **Unnecessary ATT prompt.** Do not show the App Tracking Transparency prompt unless you actually track users across apps or websites. Apple rejects unnecessary prompts.
389
+ 4. **Vague usage descriptions.** "This app needs your location" is rejected. State the specific feature that uses the data.
390
+ 5. **External payment links for digital content.** Any language or button directing users to purchase digital content outside the app is rejected.
391
+ 6. **Missing concurrency annotations.** Ensure ATT request and StoreKit calls run on `@MainActor` or appropriate actor context. Mark shared state types as `Sendable` for Swift 6 concurrency safety.
392
+
393
+ ## Review Checklist
394
+
395
+ Quick-check before every submission (full version in `references/review-checklists.md`):
396
+
397
+ - [ ] No placeholder/test content; all features functional; demo credentials provided
398
+ - [ ] App name matches functionality; screenshots are real; no prices in description
399
+ - [ ] PrivacyInfo.xcprivacy present with reason codes; nutrition labels match reality
400
+ - [ ] Privacy policy URL set and accessible in-app
401
+ - [ ] Digital content uses IAP; subscription terms visible; restore purchases works
402
+ - [ ] Dark Mode and Dynamic Type supported; standard navigation patterns
403
+ - [ ] Built with current Xcode GM; no private APIs; entitlements justified
404
+ - [ ] ATT prompt only if cross-app tracking occurs
405
+
406
+ ## References
407
+
408
+ - Review checklists: `references/review-checklists.md`
409
+ - Privacy manifest guide: `references/privacy-manifest.md`
410
+ - Code signing guide: `references/code-signing.md`
411
+ - High-risk rejection patterns: `references/rejection-patterns.md`
@@ -0,0 +1,259 @@
1
+ # Code Signing & Provisioning — App Store Rejection Reference
2
+
3
+ ## Contents
4
+ - Common Code Signing Rejections
5
+ - Certificate & Provisioning Profile Setup
6
+ - Entitlements Mismatches
7
+ - Xcode Signing Configuration
8
+ - Distribution Signing Checklist
9
+ - Troubleshooting Commands
10
+ - Enterprise vs App Store Distribution
11
+ - Automatic vs Manual Signing
12
+
13
+ ## Common Code Signing Rejections
14
+
15
+ ### ITMS-90035: Invalid Signature
16
+ **Cause:** Binary signed with wrong certificate type (development instead of distribution) or corrupted signature.
17
+ **Fix:**
18
+ - Archive must use "Apple Distribution" certificate, not "Apple Development"
19
+ - Re-export with Distribution provisioning profile
20
+ - Check: `codesign -dv --verbose=4 YourApp.app` — `Authority` must show "Apple Distribution"
21
+
22
+ ### ITMS-90034: Missing or Invalid Provisioning Profile
23
+ **Cause:** Embedded provisioning profile is missing, expired, or does not match the bundle identifier.
24
+ **Fix:**
25
+ - Verify profile is embedded: `ls -la YourApp.app/embedded.mobileprovision`
26
+ - Decode and inspect: `security cms -D -i YourApp.app/embedded.mobileprovision`
27
+ - Check `application-identifier` matches your bundle ID with team prefix
28
+ - Regenerate profile in Apple Developer Portal if expired
29
+
30
+ ### ITMS-90046: Invalid Code Signing Entitlements
31
+ **Cause:** App claims entitlements not included in provisioning profile.
32
+ **Fix:**
33
+ - Compare entitlements: `codesign -d --entitlements - YourApp.app`
34
+ - Match against profile: `security cms -D -i embedded.mobileprovision` — check `Entitlements` dict
35
+ - Remove unused entitlements from `.entitlements` file in Xcode
36
+ - Regenerate provisioning profile after adding capabilities in Developer Portal
37
+
38
+ ### ITMS-90174: Invalid Bundle Structure (Framework Signing)
39
+ **Cause:** Embedded frameworks not signed or signed with wrong identity.
40
+ **Fix:**
41
+ - All embedded frameworks in `Frameworks/` must be signed with same distribution certificate
42
+ - Strip simulator architectures before submission: no `x86_64` or `i386` slices
43
+ - Verify: `lipo -info YourFramework.framework/YourFramework`
44
+ - Run: `codesign --verify --deep --strict YourApp.app`
45
+
46
+ ### ITMS-90426: Invalid Swift Support
47
+ **Cause:** Swift runtime libraries in `SwiftSupport/` not properly signed or missing.
48
+ **Fix:**
49
+ - Use Xcode Organizer for distribution (handles SwiftSupport automatically)
50
+ - If using `xcodebuild -exportArchive`, ensure export options include `stripSwiftSymbols: true`
51
+ - Do not manually copy Swift dylibs
52
+
53
+ ### ITMS-90717: Invalid Provisioning Profile (Push Notifications)
54
+ **Cause:** Push notification entitlement present but provisioning profile does not include APN capability.
55
+ **Fix:**
56
+ - Enable Push Notifications in Developer Portal > App ID > Capabilities
57
+ - Create APNs key or certificate
58
+ - Regenerate provisioning profile after enabling capability
59
+ - Remove `aps-environment` entitlement if push not used
60
+
61
+ ### ITMS-90283: Invalid Provisioning Profile (App Groups)
62
+ **Cause:** App Groups entitlement mismatch between binary and provisioning profile.
63
+ **Fix:**
64
+ - Register App Group in Developer Portal: `group.com.yourcompany.appname`
65
+ - Add to App ID capabilities
66
+ - Regenerate provisioning profiles for ALL targets sharing the group
67
+ - Verify group ID matches exactly in `.entitlements` and profile
68
+
69
+ ### ERROR ITMS-90161: Invalid Provisioning Profile (Missing Capabilities)
70
+ **Cause:** Binary uses capabilities (HealthKit, HomeKit, etc.) not enabled on App ID.
71
+ **Fix:**
72
+ 1. Go to Developer Portal > Identifiers > Your App ID
73
+ 2. Enable the required capability
74
+ 3. Regenerate ALL provisioning profiles for this App ID
75
+ 4. In Xcode: delete old profiles, download new ones
76
+ 5. Clean build folder and re-archive
77
+
78
+ ## Certificate & Provisioning Profile Setup
79
+
80
+ ### Certificate Types
81
+ | Certificate | Purpose | Valid For |
82
+ |---|---|---|
83
+ | Apple Development | Debug builds on devices | 1 year |
84
+ | Apple Distribution | App Store & Ad Hoc distribution | 1 year |
85
+ | iOS Distribution (legacy) | Same as Apple Distribution | 1 year |
86
+
87
+ ### Provisioning Profile Types
88
+ | Profile Type | Certificate | Use Case |
89
+ |---|---|---|
90
+ | iOS App Development | Apple Development | Running on test devices |
91
+ | Ad Hoc | Apple Distribution | TestFlight external / direct install |
92
+ | App Store | Apple Distribution | App Store submission |
93
+
94
+ ### Certificate Renewal
95
+ - Certificates expire annually — set calendar reminders
96
+ - When renewing: create new certificate, regenerate ALL profiles, update CI/CD
97
+ - Old apps on App Store continue working with expired certificates
98
+ - New submissions require valid certificates
99
+
100
+ ## Entitlements Mismatches — The #1 Code Signing Rejection
101
+
102
+ ### Golden Rule
103
+ Every entitlement in the binary's `.entitlements` file MUST exist in the provisioning profile. No exceptions.
104
+
105
+ ### How to Audit Entitlements
106
+
107
+ ```bash
108
+ # Step 1: Extract entitlements from binary
109
+ codesign -d --entitlements - YourApp.app > binary_entitlements.plist
110
+
111
+ # Step 2: Extract entitlements from provisioning profile
112
+ security cms -D -i YourApp.app/embedded.mobileprovision > profile.plist
113
+ /usr/libexec/PlistBuddy -c "Print :Entitlements" profile.plist
114
+
115
+ # Step 3: Compare — every key in binary must exist in profile
116
+ # Common mismatches:
117
+ # - aps-environment (push): production vs development
118
+ # - com.apple.developer.associated-domains
119
+ # - com.apple.security.application-groups
120
+ # - com.apple.developer.healthkit
121
+ # - com.apple.developer.in-app-payments (Apple Pay)
122
+ ```
123
+
124
+ ### Entitlements That Require Special Approval
125
+ Some entitlements need Apple's explicit approval before they work:
126
+ - `com.apple.developer.networking.multipath` — Multipath TCP
127
+ - `com.apple.developer.networking.HotspotHelper` — Hotspot Helper
128
+ - `com.apple.developer.ClassKit-environment` — ClassKit
129
+ - `com.apple.developer.pass-type-identifiers` — Wallet passes
130
+ - `com.apple.developer.carplay-audio` / `carplay-messaging` — CarPlay
131
+
132
+ Apply for these via Developer Portal > Request > Additional Capabilities.
133
+
134
+ ## Xcode Signing Configuration
135
+
136
+ ### Recommended Setup (Automatic Signing)
137
+ ```
138
+ Build Settings:
139
+ CODE_SIGN_STYLE = Automatic
140
+ DEVELOPMENT_TEAM = YOUR_TEAM_ID
141
+ CODE_SIGN_IDENTITY = Apple Distribution (for Release)
142
+ PROVISIONING_PROFILE_SPECIFIER = (leave empty for automatic)
143
+ ```
144
+
145
+ ### Manual Signing (CI/CD)
146
+ ```
147
+ Build Settings:
148
+ CODE_SIGN_STYLE = Manual
149
+ DEVELOPMENT_TEAM = YOUR_TEAM_ID
150
+ CODE_SIGN_IDENTITY = Apple Distribution
151
+ PROVISIONING_PROFILE_SPECIFIER = "YourApp AppStore Profile"
152
+ ```
153
+
154
+ ### Per-Target Signing
155
+ Each target (main app, extensions, widgets, watch app) needs its own:
156
+ - Bundle identifier
157
+ - Provisioning profile
158
+ - Matching entitlements
159
+
160
+ Extensions MUST use the same team ID as the main app.
161
+
162
+ ### Common Xcode Signing Mistakes
163
+ 1. **Debug signing config used for Archive** — Always check Release configuration
164
+ 2. **Different team IDs across targets** — All targets must share same team
165
+ 3. **Stale provisioning profiles** — Delete `~/Library/MobileDevice/Provisioning Profiles/` and re-download
166
+ 4. **Keychain access issues** — Certificate private key must be accessible to build user
167
+ 5. **Missing "Automatically manage signing" for new capabilities** — Toggle off and on to refresh
168
+
169
+ ## Distribution Signing Checklist
170
+
171
+ Before every App Store submission:
172
+
173
+ - [ ] Archive built with Release configuration
174
+ - [ ] Code signing identity is "Apple Distribution" (not Development)
175
+ - [ ] All provisioning profiles are App Store type and not expired
176
+ - [ ] All targets (app, extensions, widgets) use same team ID
177
+ - [ ] Entitlements in binary match provisioning profile capabilities
178
+ - [ ] No simulator architectures in embedded frameworks (`lipo -info`)
179
+ - [ ] `codesign --verify --deep --strict` passes on the .app bundle
180
+ - [ ] Frameworks in `Frameworks/` are signed with same distribution identity
181
+ - [ ] No `get-task-allow` entitlement in Release build (this is debug-only)
182
+ - [ ] Push notification environment is `production` (not `development`) in Release
183
+
184
+ ## Troubleshooting Commands
185
+
186
+ ```bash
187
+ # Verify code signature
188
+ codesign --verify --deep --strict --verbose=2 YourApp.app
189
+
190
+ # Display signing info
191
+ codesign -dv --verbose=4 YourApp.app
192
+
193
+ # Show entitlements
194
+ codesign -d --entitlements - YourApp.app
195
+
196
+ # Decode provisioning profile
197
+ security cms -D -i YourApp.app/embedded.mobileprovision
198
+
199
+ # List installed provisioning profiles
200
+ ls ~/Library/MobileDevice/Provisioning\ Profiles/
201
+
202
+ # Decode a specific profile
203
+ security cms -D -i ~/Library/MobileDevice/Provisioning\ Profiles/PROFILE_UUID.mobileprovision
204
+
205
+ # Check framework architectures (must NOT contain x86_64/i386 for submission)
206
+ lipo -info YourFramework.framework/YourFramework
207
+
208
+ # Strip simulator architectures from framework
209
+ lipo -remove x86_64 -output YourFramework YourFramework
210
+
211
+ # Find all code signing identities
212
+ security find-identity -v -p codesigning
213
+
214
+ # Verify specific provisioning profile expiry
215
+ security cms -D -i profile.mobileprovision | grep -A1 ExpirationDate
216
+ ```
217
+
218
+ ## Enterprise vs App Store Distribution
219
+
220
+ | | App Store | Enterprise (In-House) |
221
+ |---|---|---|
222
+ | Certificate | Apple Distribution | iOS Distribution (In-House) |
223
+ | Profile Type | App Store | In-House |
224
+ | Review | Required | Not reviewed |
225
+ | Distribution | App Store only | Internal MDM/web |
226
+ | Entitlements | Standard | Standard + managed |
227
+
228
+ **WARNING:** Enterprise certificates are for internal apps ONLY. Apple terminates enterprise accounts that distribute to the public.
229
+
230
+ ## Automatic vs Manual Signing
231
+
232
+ ### When to Use Automatic
233
+ - Solo developer or small team
234
+ - Standard capabilities
235
+ - Xcode manages profiles
236
+
237
+ ### When to Use Manual
238
+ - CI/CD pipelines (Fastlane, Xcode Cloud, GitHub Actions)
239
+ - Multiple signing configurations
240
+ - Custom entitlements requiring specific profiles
241
+ - Team with shared certificates via match/Fastlane
242
+
243
+ ### Fastlane Match Setup
244
+ ```ruby
245
+ # Matchfile
246
+ git_url("https://github.com/your-org/certificates")
247
+ storage_mode("git")
248
+ type("appstore")
249
+ app_identifier(["com.yourcompany.app", "com.yourcompany.app.widget"])
250
+ ```
251
+
252
+ ```ruby
253
+ # Fastfile
254
+ lane :release do
255
+ match(type: "appstore")
256
+ build_app(scheme: "YourApp")
257
+ upload_to_app_store
258
+ end
259
+ ```