MCPcopy Index your code
hub / github.com/RevylAI/greenlight

github.com/RevylAI/greenlight @v0.1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v0.1.0 ↗ · + Follow
205 symbols 403 edges 28 files 100 documented · 49%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

greenlight

Know before you submit. Pre-submission compliance scanner for the Apple App Store.

Greenlight scans your app — source code, privacy manifests, IPA binaries, and App Store Connect metadata — against Apple's Review Guidelines, catching rejection risks before Apple does.

Install

# Homebrew (macOS)
brew install revylai/tap/greenlight

# Go
go install github.com/RevylAI/greenlight/cmd/greenlight@latest

# Build from source
git clone https://github.com/RevylAI/greenlight.git
cd greenlight && make build
# Binary at: build/greenlight

Quick Start

# Run EVERYTHING on your project — one command, zero uploads
greenlight preflight /path/to/your/project

# Include IPA for binary analysis
greenlight preflight . --ipa build.ipa

That's it. You get a full report in under a second.

Commands

greenlight preflight [path] — The one command to run

Runs all scanners in parallel. No account needed. Entirely offline.

greenlight preflight .                          # scan current directory
greenlight preflight ./my-app --ipa build.ipa   # with binary inspection
greenlight preflight . --format json            # JSON output for CI/CD
greenlight preflight . --output report.json     # write to file

Scanners included:

Scanner Checks
metadata app.json / Info.plist: name, version, bundle ID format, icon, privacy policy URL, purpose strings
codescan 30+ code patterns: private APIs, secrets, payment violations, missing ATT, social login, placeholders
privacy PrivacyInfo.xcprivacy completeness, Required Reason APIs, tracking SDKs vs ATT implementation
ipa Binary: Info.plist keys, launch storyboard, app icons, app size, framework privacy manifests

greenlight codescan [path] — Code pattern scan

greenlight codescan /path/to/project

Scans Swift, Objective-C, React Native, and Expo projects for: - Private API usage (§2.5.1) — CRITICAL - Hardcoded secrets/API keys (§1.6) — CRITICAL - External payment for digital goods (§3.1.1) — CRITICAL - Dynamic code execution (§2.5.2) — CRITICAL - Cryptocurrency mining (§3.1.5) — CRITICAL - Missing Sign in with Apple when using social login (§4.8) - Missing Restore Purchases for IAP (§3.1.1) - Missing ATT for ad/tracking SDKs (§5.1.2) - Account creation without deletion option (§5.1.1) - Placeholder content in strings (§2.1) - References to competing platforms (§2.3) - Hardcoded IPv4 addresses (§2.5) - Insecure HTTP URLs (§1.6) - Vague Info.plist purpose strings (§5.1.1) - Expo config issues (§2.1)

greenlight privacy [path] — Privacy manifest validator

greenlight privacy /path/to/project

Deep privacy compliance scan: - PrivacyInfo.xcprivacy exists and is properly configured - Required Reason APIs detected in code vs declared in manifest - Tracking SDKs detected vs ATT implementation - Cross-references everything automatically

greenlight ipa <path.ipa> — Binary inspector

greenlight ipa /path/to/build.ipa

Inspects a built IPA for: - PrivacyInfo.xcprivacy presence - Info.plist completeness and purpose string quality - App Transport Security configuration - App icon presence and sizes - Launch storyboard presence - App size vs 200MB cellular download limit - Embedded framework privacy manifests

greenlight scan --app-id <ID> — App Store Connect checks

greenlight auth setup                    # one-time: configure API key
greenlight auth login                    # or: sign in with Apple ID
greenlight scan --app-id 6758967212     # run all tiers

API-based checks against your app in App Store Connect: - Metadata completeness (descriptions, keywords, URLs) - Screenshot verification for required device sizes - Build processing status - Age rating and encryption compliance - Content analysis (platform references, placeholders)

greenlight guidelines — Browse Apple's guidelines

greenlight guidelines list               # all sections
greenlight guidelines show 2.1           # specific guideline
greenlight guidelines search "privacy"   # full-text search

Output formats

All scan commands support:

--format terminal   # colored terminal output (default)
--format json       # JSON for CI/CD pipelines
--output file.json  # write to file instead of stdout

Claude Code Skill

Greenlight works as a Claude Code skill for AI-assisted compliance fixing. Claude runs the scan, reads the output, fixes every issue in your code, and re-runs until GREENLIT.

Setup

Add the SKILL.md to your project's .claude/ directory or install as a plugin:

# Copy skill file into your project
mkdir -p .claude/skills
cp /path/to/greenlight/SKILL.md .claude/skills/greenlight.md

# Or reference it in your CLAUDE.md
echo "See greenlight skill: /path/to/greenlight/SKILL.md" >> CLAUDE.md

Then tell Claude: "Run greenlight preflight and fix everything until it passes"

Claude will: 1. Run greenlight preflight . 2. Read every finding 3. Fix each issue (CRITICAL first, then WARN, then INFO) 4. Re-run and repeat until GREENLIT

Architecture

greenlight
├── preflight         Run ALL checks — one command
│   ├── metadata      app.json / Info.plist local analysis
│   ├── codescan      30+ rejection-risk code patterns
│   ├── privacy       Privacy manifest + Required Reason APIs
│   └── ipa           Binary inspection (optional)
│
├── codescan          Code-only scanning
├── privacy           Privacy-only scanning
├── ipa               Binary-only inspection
│
├── scan              App Store Connect API checks (tiers 1-4)
│   ├── Tier 1        Metadata & completeness
│   ├── Tier 2        Content analysis
│   ├── Tier 3        Binary inspection
│   └── Tier 4        Historical pattern matching
│
├── auth              App Store Connect authentication
│   ├── login         Apple ID + 2FA session auth
│   ├── setup         API key configuration
│   ├── status        Show current auth state
│   └── logout        Remove credentials
│
└── guidelines        Built-in Apple Review Guidelines database
    ├── list          All 5 sections with subsections
    ├── show          Specific guideline details
    └── search        Full-text search

CI/CD Integration

# GitHub Actions
- name: App Store compliance check
  run: |
    greenlight preflight . --format json --output greenlight-report.json
    # Fail the pipeline if critical issues found
    if jq -e '.summary.critical > 0' greenlight-report.json > /dev/null; then
      echo "CRITICAL issues found — fix before submission"
      exit 1
    fi
# JUnit output for test reporting (scan command only)
greenlight scan --app-id $APP_ID --format junit --output greenlight.xml

Built by Revyl

Greenlight catches App Store rejections. Revyl catches bugs.

The mobile reliability platform. AI-powered testing for mobile apps — write tests in natural language, run them on real devices.

Extension points exported contracts — how you extend this code

Rule (Interface)
Rule is a code pattern check. [3 implementers]
internal/codescan/types.go
Check (FuncType)
Check is an individual compliance check function.
internal/checks/runner.go
GlobalAntiPatternRule (Interface)
GlobalAntiPatternRule is implemented by rules that suppress findings when anti-patterns are found anywhere in the projec [1 …
internal/codescan/types.go

Core symbols most depended-on inside this repo

register
called by 15
internal/checks/runner.go
get
called by 10
internal/asc/client.go
Get
called by 8
internal/guidelines/guidelines.go
GetAppStoreVersions
called by 7
internal/asc/apps.go
GetVersionLocalizations
called by 6
internal/asc/apps.go
Scan
called by 4
internal/codescan/scanner.go
String
called by 4
internal/checks/types.go
commonHeaders
called by 4
internal/asc/session_auth.go

Shape

Function 83
Struct 66
Method 49
TypeAlias 4
Interface 2
FuncType 1

Languages

Go100%

Modules by API surface

internal/asc/apps.go35 symbols
internal/asc/session_auth.go14 symbols
internal/codescan/rules.go13 symbols
internal/checks/tier1_metadata.go13 symbols
internal/codescan/types.go12 symbols
internal/privacy/scanner.go11 symbols
internal/report/report.go10 symbols
internal/config/config.go9 symbols
internal/preflight/metadata.go7 symbols
internal/guidelines/guidelines.go7 symbols
internal/codescan/scanner.go7 symbols
internal/checks/types.go7 symbols

For agents

$ claude mcp add greenlight \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact