appstore-tools 1.0.0

package/dist/commands/ipa-generate.d.ts

@@ -0,0 +1,9 @@
+import { type IpaSource } from "../ipa/artifact.js";
+export declare function ipaGenerateCommand(command: {
+    readonly outputIpaPath: string;
+    readonly ipaSource: Exclude<IpaSource, {
+        kind: "prebuilt";
+    }>;
+    readonly json: boolean;
+}): Promise<number>;
+//# sourceMappingURL=ipa-generate.d.ts.map

package/dist/commands/ipa-generate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipa-generate.d.ts","sourceRoot":"","sources":["../../src/commands/ipa-generate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAGxE,wBAAsB,kBAAkB,CAAC,OAAO,EAAE;IAChD,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;QAAE,IAAI,EAAE,UAAU,CAAA;KAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CACxB,GAAG,OAAO,CAAC,MAAM,CAAC,CAoClB"}

package/dist/commands/ipa-generate.js

@@ -0,0 +1,31 @@
+import { resolveIpaArtifact } from "../ipa/artifact.js";
+import { verifyIpa } from "../ipa/preflight.js";
+export async function ipaGenerateCommand(command) {
+    const artifact = await resolveIpaArtifact(command.ipaSource);
+    try {
+        const report = await verifyIpa({ ipaPath: artifact.ipaPath });
+        if (command.json) {
+            console.log(JSON.stringify({
+                outputIpaPath: command.outputIpaPath,
+                report
+            }, null, 2));
+        }
+        else {
+            console.log(`Generated IPA: ${command.outputIpaPath}`);
+            console.log(`Bundle ID: ${report.bundleId ?? "unknown"}`);
+            console.log(`Version: ${report.version ?? "unknown"} (${report.buildNumber ?? "unknown"})`);
+            console.log(`SHA-256: ${report.sha256 ?? "unavailable"}`);
+            console.log(`Signing validated: ${report.signingValidated ? "yes" : "no"}`);
+        }
+        if (report.errors.length > 0) {
+            report.errors.forEach((line) => console.error(`- ${line}`));
+            return 1;
+        }
+        return 0;
+    }
+    finally {
+        if (artifact.dispose) {
+            await artifact.dispose();
+        }
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { AppStoreConnectClient, DomainError, InfrastructureError, type AppStoreConnectAuthConfig, type Clock, type FetchLike, type HttpMethod, type HttpQueryValue, type HttpRequest, type HttpResponse } from "./api/client.js";
+export { executeUploadOperations, parseUploadOperations, type UploadFetchLike, type UploadHttpHeader, type UploadOperation } from "./api/types.js";
+export { appsListCommand, listApps, type AppSummary } from "./commands/apps-list.js";
+export { buildsUploadCommand, uploadBuild, type BuildsUploadInput, type BuildsUploadResult } from "./commands/builds-upload.js";
+export { ipaGenerateCommand } from "./commands/ipa-generate.js";
+export { resolveIpaArtifact, type CustomCommandIpaSource, type IpaArtifact, type IpaSource, type PrebuiltIpaSource, type ProcessRunner, type XcodebuildIpaSource } from "./ipa/artifact.js";
+export { verifyIpa, type IpaPreflightReport, type VerifyStrictIpaInput } from "./ipa/preflight.js";
+export { parseCliCommand, resolveCliEnvironment, runCli, type AppsListCliCommand, type BuildsUploadCliCommand, type CliCommand, type HelpCliCommand, type IpaGenerateCliCommand } from "./cli.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,KAAK,yBAAyB,EAC9B,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,YAAY,EAClB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrF,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACxB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGhE,OAAO,EACL,kBAAkB,EAClB,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACzB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,SAAS,EACT,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,EAC1B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,KAAK,kBAAkB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,qBAAqB,EAC3B,MAAM,UAAU,CAAC"}

package/dist/index.js

@@ -0,0 +1,13 @@
+// API client
+export { AppStoreConnectClient, DomainError, InfrastructureError } from "./api/client.js";
+// Upload operations
+export { executeUploadOperations, parseUploadOperations } from "./api/types.js";
+// Commands
+export { appsListCommand, listApps } from "./commands/apps-list.js";
+export { buildsUploadCommand, uploadBuild } from "./commands/builds-upload.js";
+export { ipaGenerateCommand } from "./commands/ipa-generate.js";
+// IPA utilities
+export { resolveIpaArtifact } from "./ipa/artifact.js";
+export { verifyIpa } from "./ipa/preflight.js";
+// CLI
+export { parseCliCommand, resolveCliEnvironment, runCli } from "./cli.js";

package/dist/ipa/artifact.d.ts

@@ -0,0 +1,40 @@
+export interface PrebuiltIpaSource {
+    readonly kind: "prebuilt";
+    readonly ipaPath: string;
+}
+export interface XcodebuildIpaSource {
+    readonly kind: "xcodebuild";
+    readonly scheme: string;
+    readonly exportOptionsPlist: string;
+    readonly workspacePath?: string;
+    readonly projectPath?: string;
+    readonly configuration?: string;
+    readonly archivePath?: string;
+    readonly derivedDataPath?: string;
+    readonly outputIpaPath?: string;
+}
+export interface CustomCommandIpaSource {
+    readonly kind: "customCommand";
+    readonly buildCommand: string;
+    readonly generatedIpaPath: string;
+    readonly outputIpaPath?: string;
+}
+export type IpaSource = PrebuiltIpaSource | XcodebuildIpaSource | CustomCommandIpaSource;
+export interface IpaArtifact {
+    readonly ipaPath: string;
+    readonly dispose?: () => Promise<void>;
+}
+interface ProcessRunResult {
+    readonly stdout: string;
+    readonly stderr: string;
+}
+export interface ProcessRunner {
+    run(command: string, args: readonly string[], options?: {
+        readonly cwd?: string;
+        readonly env?: NodeJS.ProcessEnv;
+    }): Promise<ProcessRunResult>;
+}
+export declare const defaultProcessRunner: ProcessRunner;
+export declare function resolveIpaArtifact(source: IpaSource, processRunner?: ProcessRunner): Promise<IpaArtifact>;
+export {};
+//# sourceMappingURL=artifact.d.ts.map

package/dist/ipa/artifact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"artifact.d.ts","sourceRoot":"","sources":["../../src/ipa/artifact.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,IAAI,EAAE,eAAe,CAAC;IAC/B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;CACjC;AAED,MAAM,MAAM,SAAS,GAAG,iBAAiB,GAAG,mBAAmB,GAAG,sBAAsB,CAAC;AAEzF,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CACxC;AAMD,UAAU,gBAAgB;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CACD,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAA;KAAE,GACpE,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC9B;AA+DD,eAAO,MAAM,oBAAoB,EAAE,aAAyC,CAAC;AAE7E,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,SAAS,EACjB,aAAa,GAAE,aAAoC,GAClD,OAAO,CAAC,WAAW,CAAC,CAWtB"}

package/dist/ipa/artifact.js

@@ -0,0 +1,180 @@
+import { spawn } from "node:child_process";
+import { access, constants, copyFile, mkdir, mkdtemp, readdir, rm } from "node:fs/promises";
+import * as os from "node:os";
+import * as path from "node:path";
+import { InfrastructureError } from "../api/client.js";
+function createNodeProcessRunner() {
+    return {
+        run(command, args, options = {}) {
+            return new Promise((resolve, reject) => {
+                const child = spawn(command, args, {
+                    cwd: options.cwd,
+                    env: options.env,
+                    stdio: ["ignore", "pipe", "pipe"]
+                });
+                const stdoutChunks = [];
+                const stderrChunks = [];
+                child.stdout.on("data", (chunk) => {
+                    stdoutChunks.push(chunk);
+                });
+                child.stderr.on("data", (chunk) => {
+                    stderrChunks.push(chunk);
+                });
+                child.on("error", (error) => {
+                    reject(new InfrastructureError(`Failed to run command: ${[command, ...args].join(" ")}`, error));
+                });
+                child.on("close", (exitCode) => {
+                    const stdout = Buffer.concat(stdoutChunks).toString("utf8");
+                    const stderr = Buffer.concat(stderrChunks).toString("utf8");
+                    if (exitCode !== 0) {
+                        reject(new InfrastructureError([
+                            `Command exited with status ${String(exitCode)}.`,
+                            `Command: ${[command, ...args].join(" ")}`,
+                            stderr.trim() ? `stderr: ${stderr.trim()}` : "",
+                            stdout.trim() ? `stdout: ${stdout.trim()}` : ""
+                        ]
+                            .filter((line) => line.length > 0)
+                            .join("\n")));
+                        return;
+                    }
+                    resolve({ stdout, stderr });
+                });
+            });
+        }
+    };
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export const defaultProcessRunner = createNodeProcessRunner();
+export async function resolveIpaArtifact(source, processRunner = defaultProcessRunner) {
+    switch (source.kind) {
+        case "prebuilt":
+            return resolvePrebuilt(source);
+        case "xcodebuild":
+            return resolveXcodebuild(source, processRunner);
+        case "customCommand":
+            return resolveCustomCommand(source, processRunner);
+        default:
+            throw new InfrastructureError(`Unsupported IPA source kind: ${String(source)}`);
+    }
+}
+// ---------------------------------------------------------------------------
+// Prebuilt
+// ---------------------------------------------------------------------------
+async function resolvePrebuilt(source) {
+    const ipaPath = path.resolve(source.ipaPath);
+    await access(ipaPath, constants.R_OK).catch((error) => {
+        throw new InfrastructureError(`IPA file is not readable: ${ipaPath}`, error);
+    });
+    return { ipaPath };
+}
+// ---------------------------------------------------------------------------
+// Xcodebuild
+// ---------------------------------------------------------------------------
+const DEFAULT_CONFIGURATION = "Release";
+async function resolveXcodebuild(source, processRunner) {
+    if (!source.scheme.trim()) {
+        throw new InfrastructureError("scheme is required for xcodebuild IPA source.");
+    }
+    if (!source.exportOptionsPlist.trim()) {
+        throw new InfrastructureError("exportOptionsPlist is required for xcodebuild IPA source.");
+    }
+    const hasWorkspace = Boolean(source.workspacePath);
+    const hasProject = Boolean(source.projectPath);
+    if (hasWorkspace === hasProject) {
+        throw new InfrastructureError("Exactly one of workspacePath or projectPath must be provided.");
+    }
+    const createdTemporaryDirectories = [];
+    const rootTemporaryDirectory = await mkdtemp(path.join(os.tmpdir(), "asc-build-"));
+    createdTemporaryDirectories.push(rootTemporaryDirectory);
+    const archivePath = source.archivePath
+        ? path.resolve(source.archivePath)
+        : path.join(rootTemporaryDirectory, "archive.xcarchive");
+    const exportDirectory = path.join(rootTemporaryDirectory, "export");
+    const exportOptionsPlist = path.resolve(source.exportOptionsPlist);
+    await access(exportOptionsPlist, constants.R_OK).catch((error) => {
+        throw new InfrastructureError(`Export options plist is not readable: ${exportOptionsPlist}`, error);
+    });
+    const archiveArgs = createArchiveArgs(source, archivePath);
+    await processRunner.run("xcodebuild", archiveArgs);
+    await mkdir(exportDirectory, { recursive: true });
+    const exportArgs = [
+        "-exportArchive",
+        "-archivePath",
+        archivePath,
+        "-exportOptionsPlist",
+        exportOptionsPlist,
+        "-exportPath",
+        exportDirectory
+    ];
+    await processRunner.run("xcodebuild", exportArgs);
+    const exportedIpaPath = await findIpaInDirectory(exportDirectory);
+    if (!source.outputIpaPath) {
+        return {
+            ipaPath: exportedIpaPath,
+            dispose: async () => {
+                await cleanup(createdTemporaryDirectories);
+            }
+        };
+    }
+    const outputIpaPath = path.resolve(source.outputIpaPath);
+    await mkdir(path.dirname(outputIpaPath), { recursive: true });
+    await copyFile(exportedIpaPath, outputIpaPath);
+    await cleanup(createdTemporaryDirectories);
+    return { ipaPath: outputIpaPath };
+}
+function createArchiveArgs(source, archivePath) {
+    const args = [
+        "archive",
+        "-scheme",
+        source.scheme,
+        "-configuration",
+        source.configuration ?? DEFAULT_CONFIGURATION,
+        "-archivePath",
+        archivePath
+    ];
+    if (source.workspacePath) {
+        args.push("-workspace", path.resolve(source.workspacePath));
+    }
+    if (source.projectPath) {
+        args.push("-project", path.resolve(source.projectPath));
+    }
+    if (source.derivedDataPath) {
+        args.push("-derivedDataPath", path.resolve(source.derivedDataPath));
+    }
+    return args;
+}
+async function findIpaInDirectory(directoryPath) {
+    const entries = await readdir(directoryPath, { withFileTypes: true });
+    const ipaEntry = entries.find((entry) => entry.isFile() && entry.name.endsWith(".ipa"));
+    if (!ipaEntry) {
+        throw new InfrastructureError(`xcodebuild export did not produce an .ipa file in: ${directoryPath}`);
+    }
+    return path.join(directoryPath, ipaEntry.name);
+}
+async function cleanup(paths) {
+    for (const pathToRemove of paths) {
+        await rm(pathToRemove, { recursive: true, force: true });
+    }
+}
+// ---------------------------------------------------------------------------
+// Custom command
+// ---------------------------------------------------------------------------
+async function resolveCustomCommand(source, processRunner) {
+    if (!source.buildCommand.trim()) {
+        throw new InfrastructureError("buildCommand is required for custom command IPA source.");
+    }
+    await processRunner.run("zsh", ["-lc", source.buildCommand]);
+    const generatedIpaPath = path.resolve(source.generatedIpaPath);
+    await access(generatedIpaPath, constants.R_OK).catch((error) => {
+        throw new InfrastructureError(`Generated IPA file is not readable: ${generatedIpaPath}`, error);
+    });
+    if (!source.outputIpaPath) {
+        return { ipaPath: generatedIpaPath };
+    }
+    const outputIpaPath = path.resolve(source.outputIpaPath);
+    await mkdir(path.dirname(outputIpaPath), { recursive: true });
+    await copyFile(generatedIpaPath, outputIpaPath);
+    return { ipaPath: outputIpaPath };
+}

package/dist/ipa/preflight.d.ts

@@ -0,0 +1,21 @@
+import { type ProcessRunner } from "./artifact.js";
+export interface VerifyStrictIpaInput {
+    readonly ipaPath: string;
+    readonly expectedBundleId?: string;
+    readonly expectedVersion?: string;
+    readonly expectedBuildNumber?: string;
+}
+export interface IpaPreflightReport {
+    readonly ipaPath: string;
+    readonly bundleId: string | null;
+    readonly version: string | null;
+    readonly buildNumber: string | null;
+    readonly sizeBytes: number;
+    readonly sha256: string | null;
+    readonly md5: string | null;
+    readonly signingValidated: boolean;
+    readonly errors: readonly string[];
+    readonly warnings: readonly string[];
+}
+export declare function verifyIpa(input: VerifyStrictIpaInput, processRunner?: ProcessRunner): Promise<IpaPreflightReport>;
+//# sourceMappingURL=preflight.d.ts.map

package/dist/ipa/preflight.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preflight.d.ts","sourceRoot":"","sources":["../../src/ipa/preflight.ts"],"names":[],"mappings":"AAOA,OAAO,EAAwB,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AAMzE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CACvC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;CACtC;AAMD,wBAAsB,SAAS,CAC7B,KAAK,EAAE,oBAAoB,EAC3B,aAAa,GAAE,aAAoC,GAClD,OAAO,CAAC,kBAAkB,CAAC,CA2H7B"}

package/dist/ipa/preflight.js

@@ -0,0 +1,203 @@
+import { createHash } from "node:crypto";
+import { createReadStream } from "node:fs";
+import { access, constants, mkdtemp, rm, stat } from "node:fs/promises";
+import * as os from "node:os";
+import * as path from "node:path";
+import { InfrastructureError } from "../api/client.js";
+import { defaultProcessRunner } from "./artifact.js";
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+export async function verifyIpa(input, processRunner = defaultProcessRunner) {
+    const ipaPath = path.resolve(input.ipaPath);
+    const errors = [];
+    const warnings = [];
+    let sizeBytes = 0;
+    let sha256 = null;
+    let md5 = null;
+    let bundleId = null;
+    let version = null;
+    let buildNumber = null;
+    let signingValidated = false;
+    const statResult = await stat(ipaPath).catch(() => null);
+    if (!statResult) {
+        errors.push(`IPA file does not exist: ${ipaPath}`);
+    }
+    else if (!statResult.isFile()) {
+        errors.push(`IPA path is not a file: ${ipaPath}`);
+    }
+    else {
+        sizeBytes = statResult.size;
+    }
+    await access(ipaPath, constants.R_OK).catch(() => {
+        errors.push(`IPA file is not readable: ${ipaPath}`);
+    });
+    if (!ipaPath.endsWith(".ipa")) {
+        errors.push("IPA file must have .ipa extension.");
+    }
+    if (sizeBytes <= 0) {
+        errors.push("IPA file is empty.");
+    }
+    if (errors.length === 0) {
+        try {
+            const digests = await computeDigests(ipaPath);
+            sha256 = digests.sha256;
+            md5 = digests.md5;
+        }
+        catch (error) {
+            errors.push(toMessage(error, "Failed to compute IPA checksums."));
+        }
+    }
+    let infoPlistEntryPath = null;
+    if (errors.length === 0) {
+        try {
+            const zipEntries = await listZipEntries(ipaPath, processRunner);
+            infoPlistEntryPath =
+                zipEntries.find((entry) => /^Payload\/[^/]+\.app\/Info\.plist$/.test(entry)) ?? null;
+            if (!infoPlistEntryPath) {
+                errors.push("IPA is missing Payload/*.app/Info.plist.");
+            }
+        }
+        catch (error) {
+            errors.push(toMessage(error, "Failed to inspect IPA archive contents."));
+        }
+    }
+    if (infoPlistEntryPath) {
+        try {
+            const bundleInfo = await extractBundleInfo(ipaPath, infoPlistEntryPath, processRunner);
+            bundleId = bundleInfo.bundleId;
+            version = bundleInfo.version;
+            buildNumber = bundleInfo.buildNumber;
+        }
+        catch (error) {
+            errors.push(toMessage(error, "Failed to read Info.plist from IPA."));
+        }
+    }
+    if (input.expectedBundleId) {
+        if (bundleId !== input.expectedBundleId) {
+            errors.push(`CFBundleIdentifier mismatch. Expected "${input.expectedBundleId}", got "${bundleId ?? "null"}".`);
+        }
+    }
+    else if (!bundleId) {
+        errors.push("CFBundleIdentifier is missing in Info.plist.");
+    }
+    if (input.expectedVersion) {
+        if (version !== input.expectedVersion) {
+            errors.push(`CFBundleShortVersionString mismatch. Expected "${input.expectedVersion}", got "${version ?? "null"}".`);
+        }
+    }
+    else if (!version) {
+        errors.push("CFBundleShortVersionString is missing in Info.plist.");
+    }
+    if (input.expectedBuildNumber) {
+        if (buildNumber !== input.expectedBuildNumber) {
+            errors.push(`CFBundleVersion mismatch. Expected "${input.expectedBuildNumber}", got "${buildNumber ?? "null"}".`);
+        }
+    }
+    else if (!buildNumber) {
+        errors.push("CFBundleVersion is missing in Info.plist.");
+    }
+    if (infoPlistEntryPath) {
+        try {
+            await verifyCodeSigning(ipaPath, infoPlistEntryPath, processRunner);
+            signingValidated = true;
+        }
+        catch (error) {
+            errors.push(toMessage(error, "Code signing verification failed."));
+        }
+    }
+    return {
+        ipaPath,
+        bundleId,
+        version,
+        buildNumber,
+        sizeBytes,
+        sha256,
+        md5,
+        signingValidated,
+        errors,
+        warnings
+    };
+}
+function computeDigests(filePath) {
+    return new Promise((resolve, reject) => {
+        const sha256Hash = createHash("sha256");
+        const md5Hash = createHash("md5");
+        const stream = createReadStream(filePath);
+        stream.on("data", (chunk) => {
+            sha256Hash.update(chunk);
+            md5Hash.update(chunk);
+        });
+        stream.on("error", (error) => {
+            reject(error);
+        });
+        stream.on("end", () => {
+            resolve({
+                sha256: sha256Hash.digest("hex"),
+                md5: md5Hash.digest("hex")
+            });
+        });
+    });
+}
+async function listZipEntries(ipaPath, processRunner) {
+    const output = await processRunner.run("unzip", ["-Z1", ipaPath]);
+    return output.stdout
+        .split("\n")
+        .map((line) => line.trim())
+        .filter((line) => line.length > 0);
+}
+async function extractBundleInfo(ipaPath, infoPlistEntryPath, processRunner) {
+    const tempDirectory = await mkdtemp(path.join(os.tmpdir(), "asc-ipa-info-"));
+    try {
+        await processRunner.run("unzip", [
+            "-q",
+            "-o",
+            ipaPath,
+            infoPlistEntryPath,
+            "-d",
+            tempDirectory
+        ]);
+        const infoPlistPath = path.join(tempDirectory, ...infoPlistEntryPath.split("/"));
+        const plistJson = await processRunner.run("plutil", [
+            "-convert",
+            "json",
+            "-o",
+            "-",
+            infoPlistPath
+        ]);
+        const payload = JSON.parse(plistJson.stdout);
+        return {
+            bundleId: toNullableString(payload.CFBundleIdentifier),
+            version: toNullableString(payload.CFBundleShortVersionString),
+            buildNumber: toNullableString(payload.CFBundleVersion)
+        };
+    }
+    finally {
+        await rm(tempDirectory, { recursive: true, force: true });
+    }
+}
+async function verifyCodeSigning(ipaPath, infoPlistEntryPath, processRunner) {
+    const appDirectoryEntryPath = infoPlistEntryPath.replace(/\/Info\.plist$/, "");
+    const tempDirectory = await mkdtemp(path.join(os.tmpdir(), "asc-ipa-signing-"));
+    try {
+        await processRunner.run("unzip", ["-q", "-o", ipaPath, "Payload/*", "-d", tempDirectory]);
+        const appDirectoryPath = path.join(tempDirectory, ...appDirectoryEntryPath.split("/"));
+        await processRunner.run("codesign", ["--verify", "--strict", "--deep", appDirectoryPath]);
+        await processRunner.run("codesign", ["-dv", appDirectoryPath]);
+    }
+    finally {
+        await rm(tempDirectory, { recursive: true, force: true });
+    }
+}
+function toNullableString(value) {
+    return typeof value === "string" && value.trim().length > 0 ? value : null;
+}
+function toMessage(error, fallback) {
+    if (error instanceof InfrastructureError) {
+        return error.message;
+    }
+    if (error instanceof Error && error.message.trim()) {
+        return error.message;
+    }
+    return fallback;
+}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "appstore-tools",
+  "version": "1.0.0",
+  "description": "TypeScript App Store Connect API client and CLI.",
+  "main": "dist/index.js",
+  "scripts": {
+    "test": "vitest run",
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc --noEmit",
+    "test:watch": "vitest",
+    "verify": "pnpm typecheck && pnpm test && pnpm build && pnpm cli -- --help",
+    "prepare": "tsc -p tsconfig.build.json",
+    "cli": "node dist/cli.js",
+    "cli:dev": "npx tsx src/cli.ts"
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "app-store-connect",
+    "apple",
+    "ios",
+    "ipa",
+    "cli"
+  ],
+  "author": "Alejandro Sanabria <alesanabriav@gmail.com>",
+  "license": "MIT",
+  "type": "module",
+  "types": "dist/index.d.ts",
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.0",
+    "tsx": "^4.20.6",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "packageManager": "pnpm@10.29.3",
+  "bin": {
+    "appstore-tools": "dist/cli.js"
+  }
+}