@onmyway133/asc-cli 1.0.1

package/src/api/hey-api-client.ts

@@ -0,0 +1,20 @@
+/**
+ * Configures the @hey-api/client-fetch generated client with JWT authentication.
+ * Import this file before using any functions from src/api/generated/sdk.gen.ts
+ * to ensure all SDK calls include the Authorization header.
+ */
+
+import { client } from "./generated/client.gen.ts"
+import { getActiveProfile } from "../auth/credentials.ts"
+import { generateJWT } from "../auth/jwt.ts"
+
+client.interceptors.request.use(async (request) => {
+  const profile = getActiveProfile()
+  if (profile) {
+    const token = await generateJWT(profile)
+    request.headers.set("Authorization", `Bearer ${token}`)
+  }
+  return request
+})
+
+export { client }

package/src/api/types.ts

@@ -0,0 +1,160 @@
+// Core App Store Connect API types (JSON:API format)
+
+export interface JsonApiResource<T> {
+  type: string
+  id: string
+  attributes: T
+  relationships?: Record<string, JsonApiRelationship>
+  links?: Record<string, string>
+}
+
+export interface JsonApiRelationship {
+  data?: { type: string; id: string } | Array<{ type: string; id: string }>
+  links?: { self?: string; related?: string }
+}
+
+export interface JsonApiResponse<T> {
+  data: T
+  included?: JsonApiResource<unknown>[]
+  links?: { self?: string; next?: string; first?: string; last?: string }
+  meta?: { paging?: { total?: number; limit?: number } }
+}
+
+export interface JsonApiError {
+  id?: string
+  status: string
+  code: string
+  title: string
+  detail?: string
+  source?: { pointer?: string; parameter?: string }
+}
+
+export interface JsonApiErrorResponse {
+  errors: JsonApiError[]
+}
+
+// ---- Apps ----
+export interface AppAttributes {
+  name: string
+  bundleId: string
+  sku: string
+  primaryLocale: string
+  isOrEverWasMadeForKids: boolean
+  subscriptionStatusUrl?: string
+  contentRightsDeclaration?: string
+}
+
+export type App = JsonApiResource<AppAttributes>
+
+// ---- App Store Versions ----
+export interface AppStoreVersionAttributes {
+  platform: "IOS" | "MAC_OS" | "TV_OS" | "VISION_OS"
+  versionString: string
+  appStoreState:
+    | "ACCEPTED"
+    | "DEVELOPER_REMOVED_FROM_SALE"
+    | "DEVELOPER_REJECTED"
+    | "IN_REVIEW"
+    | "INVALID_BINARY"
+    | "METADATA_REJECTED"
+    | "PENDING_APPLE_RELEASE"
+    | "PENDING_CONTRACT"
+    | "PENDING_DEVELOPER_RELEASE"
+    | "PREPARE_FOR_SUBMISSION"
+    | "PREORDER_READY_FOR_SALE"
+    | "PROCESSING_FOR_APP_STORE"
+    | "READY_FOR_DISTRIBUTION"
+    | "READY_FOR_REVIEW"
+    | "READY_FOR_SALE"
+    | "REJECTED"
+    | "REMOVED_FROM_SALE"
+    | "WAITING_FOR_EXPORT_COMPLIANCE"
+    | "WAITING_FOR_REVIEW"
+  releaseType?: "MANUAL" | "AFTER_APPROVAL" | "SCHEDULED"
+  createdDate?: string
+  downloadable?: boolean
+}
+
+export type AppStoreVersion = JsonApiResource<AppStoreVersionAttributes>
+
+// ---- Builds ----
+export interface BuildAttributes {
+  version: string
+  uploadedDate?: string
+  expirationDate?: string
+  expired?: boolean
+  minOsVersion?: string
+  lsMinimumSystemVersion?: string
+  computedMinMacOsVersion?: string
+  iconAssetToken?: { templateUrl: string }
+  processingState?: "PROCESSING" | "FAILED" | "INVALID" | "VALID"
+  buildAudienceType?: string
+  usesNonExemptEncryption?: boolean
+}
+
+export type Build = JsonApiResource<BuildAttributes>
+
+// ---- Beta Groups ----
+export interface BetaGroupAttributes {
+  name: string
+  createdDate?: string
+  isInternalGroup: boolean
+  hasAccessToAllBuilds?: boolean
+  publicLinkEnabled?: boolean
+  publicLinkId?: string
+  publicLinkLimitEnabled?: boolean
+  publicLinkLimit?: number
+  publicLink?: string
+  feedbackEnabled?: boolean
+  iosBuildsAvailableForAppleSiliconMac?: boolean
+}
+
+export type BetaGroup = JsonApiResource<BetaGroupAttributes>
+
+// ---- Beta Testers ----
+export interface BetaTesterAttributes {
+  firstName?: string
+  lastName?: string
+  email: string
+  inviteType?: string
+  state?: string
+}
+
+export type BetaTester = JsonApiResource<BetaTesterAttributes>
+
+// ---- App Store Version Localizations ----
+export interface AppStoreVersionLocalizationAttributes {
+  locale: string
+  description?: string
+  keywords?: string
+  marketingUrl?: string
+  promotionalText?: string
+  supportUrl?: string
+  whatsNew?: string
+}
+
+export type AppStoreVersionLocalization = JsonApiResource<AppStoreVersionLocalizationAttributes>
+
+// ---- Customer Reviews ----
+export interface CustomerReviewAttributes {
+  rating: number
+  title?: string
+  body?: string
+  reviewerNickname?: string
+  createdDate?: string
+  territory?: string
+}
+
+export type CustomerReview = JsonApiResource<CustomerReviewAttributes>
+
+// ---- Review Responses ----
+export interface CustomerReviewResponseAttributes {
+  responseBody: string
+  lastModifiedDate?: string
+  state?: "PUBLISHED" | "PENDING_PUBLISH"
+}
+
+export type CustomerReviewResponse = JsonApiResource<CustomerReviewResponseAttributes>
+
+// ---- Platform ----
+export type Platform = "IOS" | "MAC_OS" | "TV_OS" | "VISION_OS"

package/src/auth/credentials.ts

@@ -0,0 +1,125 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync } from "fs"
+import { homedir } from "os"
+import { join } from "path"
+
+export interface Profile {
+  name: string
+  keyId: string
+  issuerId: string
+  privateKeyPath?: string
+  privateKeyPem?: string
+  isDefault: boolean
+  vendorNumber?: string
+  storedInKeychain?: boolean
+}
+
+export interface CredentialsFile {
+  activeProfile: string
+  profiles: Profile[]
+}
+
+function getAscDir(): string {
+  return join(process.env["HOME"] ?? homedir(), ".asc")
+}
+
+function getCredentialsPath(): string {
+  return join(getAscDir(), "credentials.json")
+}
+
+function ensureAscDir(): void {
+  const dir = getAscDir()
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true, mode: 0o700 })
+  }
+}
+
+export function loadCredentials(): CredentialsFile {
+  const path = getCredentialsPath()
+  if (!existsSync(path)) {
+    return { activeProfile: "default", profiles: [] }
+  }
+  try {
+    const raw = readFileSync(path, "utf8")
+    return JSON.parse(raw) as CredentialsFile
+  } catch {
+    return { activeProfile: "default", profiles: [] }
+  }
+}
+
+export function saveCredentials(creds: CredentialsFile): void {
+  ensureAscDir()
+  const path = getCredentialsPath()
+  writeFileSync(path, JSON.stringify(creds, null, 2), "utf8")
+  chmodSync(path, 0o600)
+}
+
+export function getActiveProfile(): Profile | undefined {
+  // Env var override
+  const envKeyId = process.env["ASC_KEY_ID"]
+  const envIssuerId = process.env["ASC_ISSUER_ID"]
+  const envPrivateKeyPath = process.env["ASC_PRIVATE_KEY_PATH"]
+  const envPrivateKey = process.env["ASC_PRIVATE_KEY"]
+
+  if (envKeyId && envIssuerId && (envPrivateKeyPath || envPrivateKey)) {
+    return {
+      name: "env",
+      keyId: envKeyId,
+      issuerId: envIssuerId,
+      privateKeyPath: envPrivateKeyPath,
+      privateKeyPem: envPrivateKey,
+      isDefault: true,
+    }
+  }
+
+  const creds = loadCredentials()
+  const name = process.env["ASC_PROFILE"] ?? creds.activeProfile ?? "default"
+  return creds.profiles.find((p) => p.name === name)
+}
+
+export function addOrUpdateProfile(profile: Profile): void {
+  const creds = loadCredentials()
+  const idx = creds.profiles.findIndex((p) => p.name === profile.name)
+  if (idx >= 0) {
+    creds.profiles[idx] = profile
+  } else {
+    creds.profiles.push(profile)
+  }
+  // If first profile, set as active
+  if (creds.profiles.length === 1) {
+    creds.activeProfile = profile.name
+  }
+  saveCredentials(creds)
+}
+
+export function removeProfile(name: string): boolean {
+  const creds = loadCredentials()
+  const idx = creds.profiles.findIndex((p) => p.name === name)
+  if (idx < 0) return false
+  creds.profiles.splice(idx, 1)
+  if (creds.activeProfile === name) {
+    creds.activeProfile = creds.profiles[0]?.name ?? "default"
+  }
+  saveCredentials(creds)
+  return true
+}
+
+export function setActiveProfile(name: string): boolean {
+  const creds = loadCredentials()
+  if (!creds.profiles.find((p) => p.name === name)) return false
+  creds.activeProfile = name
+  saveCredentials(creds)
+  return true
+}
+
+export function updateProfile(name: string, updates: Partial<Omit<Profile, "name">>): boolean {
+  const creds = loadCredentials()
+  const idx = creds.profiles.findIndex((p) => p.name === name)
+  if (idx < 0) return false
+  creds.profiles[idx] = { ...creds.profiles[idx]!, ...updates }
+  saveCredentials(creds)
+  return true
+}
+
+export function credentialsPath(): string {
+  return getCredentialsPath()
+}

package/src/auth/jwt.ts

@@ -0,0 +1,118 @@
+import { importPKCS8, SignJWT } from "jose"
+import { existsSync, readFileSync } from "fs"
+import { spawnSync } from "child_process"
+import type { Profile } from "./credentials.ts"
+
+interface CachedToken {
+  token: string
+  expiresAt: number
+}
+
+// Per-profile in-memory cache
+const tokenCache = new Map<string, CachedToken>()
+
+const KEYCHAIN_SERVICE = "asc-cli"
+
+export async function generateJWT(profile: Profile): Promise<string> {
+  const cacheKey = `${profile.name}:${profile.keyId}`
+  const cached = tokenCache.get(cacheKey)
+  // Reuse if more than 2 minutes remain
+  if (cached && cached.expiresAt - Date.now() > 120_000) {
+    return cached.token
+  }
+
+  const pem = await resolvePrivateKey(profile)
+  const privateKey = await importPKCS8(pem, "ES256")
+
+  const now = Math.floor(Date.now() / 1000)
+  const exp = now + 20 * 60 // 20 minutes max (Apple limit)
+
+  const token = await new SignJWT({})
+    .setProtectedHeader({ alg: "ES256", kid: profile.keyId, typ: "JWT" })
+    .setIssuer(profile.issuerId)
+    .setIssuedAt(now)
+    .setExpirationTime(exp)
+    .setAudience("appstoreconnect-v1")
+    .sign(privateKey)
+
+  tokenCache.set(cacheKey, { token, expiresAt: exp * 1000 })
+  return token
+}
+
+async function resolvePrivateKey(profile: Profile): Promise<string> {
+  // 1. Try keychain
+  const keychainKey = loadFromKeychain(profile.name)
+  if (keychainKey) return keychainKey
+
+  // 2. Inline PEM
+  if (profile.privateKeyPem) {
+    return profile.privateKeyPem
+  }
+
+  // 3. File path
+  if (profile.privateKeyPath) {
+    const expanded = profile.privateKeyPath.trim().replace(/^~/, process.env["HOME"] ?? "")
+    if (!existsSync(expanded)) {
+      throw new Error(`Private key file not found: ${expanded}`)
+    }
+    return readFileSync(expanded, "utf8")
+  }
+
+  throw new Error(`No private key found for profile "${profile.name}". Run: asc auth login`)
+}
+
+export function loadFromKeychain(profileName: string): string | undefined {
+  try {
+    const result = spawnSync(
+      "security",
+      ["find-generic-password", "-a", profileName, "-s", KEYCHAIN_SERVICE, "-w"],
+      { encoding: "utf8" },
+    )
+    if (result.status !== 0 || !result.stdout) return undefined
+    const stored = result.stdout.trim()
+    if (!stored) return undefined
+    // Decode from base64 (PEM is stored encoded to survive newlines in the -w arg)
+    const decoded = Buffer.from(stored, "base64").toString("utf8")
+    return decoded.includes("BEGIN") ? decoded : stored // fallback for legacy plain-text entries
+  } catch {
+    return undefined
+  }
+}
+
+export function saveToKeychain(profileName: string, pem: string): boolean {
+  try {
+    // Base64-encode so the multi-line PEM survives as a single-line -w argument
+    const encoded = Buffer.from(pem).toString("base64")
+    const result = spawnSync(
+      "security",
+      ["add-generic-password", "-U", "-a", profileName, "-s", KEYCHAIN_SERVICE, "-w", encoded],
+      { encoding: "utf8" },
+    )
+    return result.status === 0
+  } catch {
+    return false
+  }
+}
+
+export function deleteFromKeychain(profileName: string): void {
+  try {
+    spawnSync(
+      "security",
+      ["delete-generic-password", "-a", profileName, "-s", KEYCHAIN_SERVICE],
+      { encoding: "utf8" },
+    )
+  } catch {
+    // ignore — item may not exist
+  }
+}
+
+export function clearTokenCache(profileName?: string): void {
+  if (profileName) {
+    for (const key of tokenCache.keys()) {
+      if (key.startsWith(`${profileName}:`)) tokenCache.delete(key)
+    }
+  } else {
+    tokenCache.clear()
+  }
+}
+

package/src/commands/app-info.ts

@@ -0,0 +1,110 @@
+import { ascFetch, ascFetchAll } from "../api/client.ts"
+import { detectFormat, printJSON, printTable } from "../utils/output.ts"
+
+// ---- App Info (content ratings, age ratings, primary/secondary categories) ----
+
+export async function appInfoGet(appId: string, opts: { output?: string } = {}): Promise<void> {
+  const result = await ascFetch<{
+    data: Array<{
+      id: string
+      attributes: {
+        appStoreState?: string
+        appStoreAgeRating?: string
+        brazilAgeRating?: string
+        kidsAgeBand?: string
+      }
+    }>
+  }>(`/v1/apps/${appId}/appInfos`, {
+    params: {
+      include: "primaryCategory,secondaryCategory",
+      "fields[appInfos]": "appStoreState,appStoreAgeRating,brazilAgeRating,kidsAgeBand",
+    },
+  })
+  const fmt = detectFormat(opts.output)
+  if (fmt === "json") { printJSON(result.data); return }
+  for (const info of result.data.data) {
+    const a = info.attributes
+    console.log(`Info ID:       ${info.id}`)
+    console.log(`State:         ${a.appStoreState ?? "-"}`)
+    console.log(`Age Rating:    ${a.appStoreAgeRating ?? "-"}`)
+    console.log(`Brazil Rating: ${a.brazilAgeRating ?? "-"}`)
+    console.log(`Kids Band:     ${a.kidsAgeBand ?? "-"}`)
+    console.log("")
+  }
+}
+
+export async function appInfoUpdate(opts: {
+  infoId: string
+  primaryCategoryId?: string
+  secondaryCategoryId?: string
+}): Promise<void> {
+  const relationships: Record<string, unknown> = {}
+  if (opts.primaryCategoryId) {
+    relationships["primaryCategory"] = { data: { type: "appCategories", id: opts.primaryCategoryId } }
+  }
+  if (opts.secondaryCategoryId) {
+    relationships["secondaryCategory"] = { data: { type: "appCategories", id: opts.secondaryCategoryId } }
+  }
+  await ascFetch(`/v1/appInfos/${opts.infoId}`, {
+    method: "PATCH",
+    body: {
+      data: {
+        type: "appInfos",
+        id: opts.infoId,
+        relationships,
+      },
+    },
+  })
+  console.log(`App info ${opts.infoId} updated`)
+}
+
+export async function appCategoriesList(opts: {
+  platform?: string
+  output?: string
+} = {}): Promise<void> {
+  const params: Record<string, string> = {}
+  if (opts.platform) params["filter[platforms]"] = opts.platform
+  const items = await ascFetchAll<{
+    id: string
+    attributes: { platforms?: string[] }
+  }>("/v1/appCategories", { params })
+  const fmt = detectFormat(opts.output)
+  if (fmt === "json") { printJSON(items); return }
+  printTable(
+    ["Category ID", "Platforms"],
+    items.map(c => [c.id, (c.attributes.platforms ?? []).join(", ")]),
+    `App Categories (${items.length})`,
+  )
+}
+
+export async function ageRatingDeclarationUpdate(opts: {
+  declarationId: string
+  alcoholTobaccoOrDrugUseOrReferences?: string
+  contests?: string
+  gambling?: boolean
+  gamblingAndContests?: boolean
+  horrorOrFearThemes?: string
+  kidsAgeBand?: string
+  matureOrSuggestiveThemes?: string
+  medicalOrTreatmentInformation?: string
+  profanityOrCrudeHumor?: string
+  sexualContentGraphicAndNudity?: string
+  sexualContentOrNudity?: string
+  unrestrictedWebAccess?: boolean
+  violenceCartoonOrFantasy?: string
+  violenceRealisticProlongedGraphicOrSadistic?: string
+  violenceRealistic?: string
+}): Promise<void> {
+  const { declarationId, ...attributes } = opts
+  await ascFetch(`/v1/ageRatingDeclarations/${declarationId}`, {
+    method: "PATCH",
+    body: {
+      data: {
+        type: "ageRatingDeclarations",
+        id: declarationId,
+        attributes,
+      },
+    },
+  })
+  console.log(`Age rating declaration ${declarationId} updated`)
+}

package/src/commands/apps.ts

@@ -0,0 +1,44 @@
+import { ascFetch, ascFetchAll } from "../api/client.ts"
+import type { App } from "../api/types.ts"
+import { detectFormat, formatDate, printJSON, printTable, truncate } from "../utils/output.ts"
+
+export async function appsList(opts: { limit?: number; output?: string } = {}): Promise<void> {
+  const apps = await ascFetchAll<App>("/v1/apps", {
+    params: { "fields[apps]": "name,bundleId,sku,primaryLocale" },
+  })
+
+  const fmt = detectFormat(opts.output)
+  if (fmt === "json") {
+    printJSON(apps.map((a) => ({ id: a.id, ...a.attributes })))
+    return
+  }
+
+  printTable(
+    ["ID", "Name", "Bundle ID", "SKU", "Locale"],
+    apps.map((a) => [
+      a.id,
+      truncate(a.attributes.name, 40),
+      a.attributes.bundleId,
+      a.attributes.sku ?? "-",
+      a.attributes.primaryLocale,
+    ]),
+    `Apps (${apps.length})`,
+  )
+}
+
+export async function appsGet(appId: string, opts: { output?: string } = {}): Promise<void> {
+  const res = await ascFetch<App>(`/v1/apps/${appId}`)
+  const app = res.data
+
+  const fmt = detectFormat(opts.output)
+  if (fmt === "json") {
+    printJSON({ id: app.id, ...app.attributes })
+    return
+  }
+
+  console.log(`ID:             ${app.id}`)
+  console.log(`Name:           ${app.attributes.name}`)
+  console.log(`Bundle ID:      ${app.attributes.bundleId}`)
+  console.log(`SKU:            ${app.attributes.sku ?? "-"}`)
+  console.log(`Primary Locale: ${app.attributes.primaryLocale}`)
+}