app-store-release

App Store Release

The solo-developer pipeline for shipping an iOS app to the App Store: build → archive → validate → upload → TestFlight → metadata → submit → post-review. Three pipeline shapes — pick one before touching anything:

• Bare-bones (xcrun altool + ASC web UI) — no tooling beyond Xcode. Best for the first submission and TestFlight-only flows on native / Flutter / RN / Capacitor. Often shorter than fastlane setup for a single ship.
• Fastlane — own-your-pipeline, runs locally or in CI. Best once you're shipping repeat releases and want screenshot/metadata automation and 2FA-free CI.
• EAS Build + Submit — Expo's hosted pipeline. Best for Expo and bare-RN-on-EAS projects. Collapses Phases 1–4 into two CLI commands.

Framework-aware build routing collapses every project to one Xcode workspace (or a remote EAS build) before Phase 2; everything after that is framework-agnostic.

Scope and siblings. This skill owns the mechanical release act. For the deep pre-upload guideline-compliance audit (Sign in with Apple, account deletion, ATT, usage strings, IAP rules), use the app-review-preflight skill first — it catches rejections while they're cheap. For keyword research, listing copywriting, and store-screenshot design, use app-store-optimization. For icon generation / validation, use app-icons. This skill cross-references those but does not duplicate them; it keeps only the slices that are mechanically part of pushing a binary live (the ASC REST upload protocols, device-size enums, age-rating field discovery, and a post-rejection response loop).

Kernel: 12 axioms

1. Apple changes the rules constantly. Xcode versions, App Review Guidelines, required-reason APIs, privacy-manifest rules, screenshot specs, and ITMS error codes all drift. The current source of truth is always App Store Connect + the live App Review Guidelines + the Xcode release notes for the version you're submitting from — never this skill. Verify before relying on any specific number, key name, enum value, or URL in the references.

2. The .xcarchive is the choke point. Whatever the framework, Phase 2 must produce a valid archive with embedded dSYMs, a Distribution-signed binary, and a matching App Store provisioning profile. After that, the pipeline is identical regardless of framework.

3. Signing failures masquerade as build failures. When gym / xcodebuild archive fails, suspect signing first: expired cert, profile missing entitlement, bundle-ID mismatch, "Automatically manage signing" fighting a manual profile, match repo out of sync. Read the exact error string in the log, not the build summary. Beware Xcode cloud signing: a first archive can succeed without any local Distribution cert (Apple holds the key), then subsequent archives fail with No Accounts / No signing certificate "iOS Distribution" found once the cloud session lapses. Create a local cert before relying on automatic signing for repeat builds — see references/OPERATOR-PATTERNS.md OP-4 → OP-6.

4. Build wrappers hide the truth. When match / gym / pilot / deliver / eas build / eas submit fail, the underlying xcodebuild / altool / Apple-API error is in the log somewhere — find it. Don't retry blindly. EAS is especially opaque — its CLI prints "Something went wrong" while the real ITMS error sits in the EAS dashboard at the submission URL (OP-29). When in doubt, drop a layer: read the raw xcodebuild / altool / EAS-dashboard log instead of the wrapper's summary.

5. Validate before upload, every time. gym's built-in validation (or xcrun altool --validate-app) catches ITMS errors locally in ~30s. Catching them after upload costs a TestFlight processing round-trip (5–30 min) per fix.

6. TestFlight is the only honest validation. "Builds locally" and "validates" are necessary but not sufficient. A build only proves it works once it processes through TestFlight, installs on a real device, and launches without immediate crash.

7. First-time submission ≠ update. First-time requires an ASC record, agreements / tax / banking, primary category, age-rating questionnaire, a full screenshot set, and Beta App Review for external TestFlight. Updates reuse most of that. Route mode before doing work.

8. Privacy manifest is load-bearing. Since May 1 2024, apps using "required reason APIs" must ship PrivacyInfo.xcprivacy. Common third-party SDKs (Firebase, Sentry, RevenueCat, Mapbox, …) need their own signed manifests. Verify at validation time, not after rejection. See references/PRIVACY-MANIFEST.md.

9. Rejections cite a guideline number for a reason. Read the cited App Review Guideline (e.g. 2.1, 4.3, 5.1.1) verbatim before responding. Replying without addressing the specific clause is the fastest path to a second rejection. Then scan for similar issues elsewhere in the app before resubmitting. See references/REJECTIONS.md.

10. ASC's REST API is an undocumented discovery surface. Apple's published OpenAPI spec lags reality. Field sets expand silently (age rating gains fields yearly — OP-17); some endpoints reject sort= that works elsewhere (OP-20); some resources forbid GET entirely (OP-18); a few operations require Admin/Account-Holder key roles even when the docs imply App Manager (OP-5, OP-26). Don't hardcode field lists or trust last year's schema. PATCH-and-read-errors is the only reliable schema introspection. Cache discovered schemas locally with a "last verified" date.

11. TestFlight is not independent of App Store version state. Apple models versions as "trains" — the set of builds attached to one CFBundleShortVersionString. Once a version's train is approved (released, or pending Manual Release), the train closes: Apple refuses new uploads at that version, TestFlight-only included. ITMS-90062 + ITMS-90186 fire as a pair (OP-30). Practical implication: every TestFlight upload after a release requires bumping the version. Pre-flight should query ASC for the latest approved version and refuse to start a build at the same or lower number.

12. ASC credentials are radioactive; treat them like SSH keys. An ASC API key (.p8 + Key ID + Issuer ID) can mutate live store listings, pricing, and submissions. NEVER paste .p8 contents, JWTs, or Authorization headers into chat, a committed file, a log, or any model context. Keep the .p8 outside every project (~/.appstoreconnect/private_keys/ or ~/.ssh/), keep IDs in ~/.asc_secrets (gitignored, never printed), sign a ≤20-min JWT inside the local process only, and on any auth/permission error tell the user to inspect their secret file themselves — you cannot and should not read it. Every mutating ASC operation (POST/PATCH/ DELETE, upload, submit) requires the user to confirm the exact change first. See references/ASC-API.md.

Mode router (read before processing)

First-submission strategy: fill metadata/screenshots/age-rating/review-info once in the ASC web UI (faster than a Deliverfile from scratch); adopt fastlane after the first ship.

Pick exactly one. Each routes to a different subset of phases.

Mode	Trigger	Phases run
first-submission	App not yet in ASC, never released	0 → 8 (full)
update	Existing app, new build/version	0 → 8, skip ASC record creation + agreements + age rating in 6
testflight-only	Internal beta, no Store release this cycle	0 → 5, stop
metadata-only	Description / screenshots / keywords / privacy change only	6 → 7, skip 0–5
resubmission-after-rejection	Apple rejected the previous build	start at references/REJECTIONS.md, then resume from the earliest affected phase
xcode-version-rebuild	New Xcode/SDK forces re-archive (annual iOS bump)	0 → 8 + Xcode-compat audit at Phase 0

Framework router (Phase 1 only)

Each framework collapses to a buildable Xcode workspace or a remote EAS build. After Phase 1, every later phase is framework-agnostic.

Framework	Pipeline	Pre-Xcode step	Workspace path
Native (Swift/SwiftUI/UIKit)	fastlane / altool	bundle exec pod install if a Podfile exists; for XcodeGen repos xcodegen generate first (OP-39)	MyApp.xcworkspace (or .xcodeproj if no Pods, or generated from project.yml)
React Native (bare, no EAS)	fastlane	cd ios && bundle exec pod install	ios/MyApp.xcworkspace
Expo (managed)	EAS	eas build --platform=ios --profile=production	n/a (cloud build)
Expo (bare) / RN with EAS	EAS (recommended) or fastlane	eas build or npx expo prebuild && cd ios && pod install	n/a or ios/<App>.xcworkspace
Flutter	fastlane / altool	flutter build ios --release --no-codesign	ios/Runner.xcworkspace
Capacitor	fastlane	npx cap sync ios	ios/App/App.xcworkspace

Detection: if app.config.js / app.json has an expo: key, or eas.json exists at project root, treat it as an Expo project and prefer EAS unless you have a strong reason for fastlane (custom CI runners, air-gapped builds). Otherwise default to bare-bones for the first submission and graduate to fastlane when repeat-release pain justifies it.

→ See references/FRAMEWORK-BUILDS.md for per-framework command sequences; references/EAS-SUBMISSION.md for the full EAS pipeline.

Quick start

A. Bare-bones (no fastlane) — best first-submission path

Four commands plus one ASC web-UI pass. Flutter shown; native/RN/Capacitor swap step 1 for xcodebuild archive + -exportArchive (see references/GYM-AND-ARCHIVE.md); Expo uses eas build.

# 1. Build (Flutter does archive + export in one step)
flutter build ipa --release --export-options-plist=ios/ExportOptions.plist

# 2. Verify what actually got baked into the IPA (OP-36) — catches wrong scheme / stale version
unzip -p build/ios/ipa/*.ipa "Payload/Runner.app/Info.plist" | \
  plutil -p - | grep -E "CFBundleIdentifier|CFBundleVersion|CFBundleShortVersion|MinimumOSVersion"

# 3. Validate (catches ITMS errors locally in 30s)
xcrun altool --validate-app -f build/ios/ipa/*.ipa -t ios \
  --apiKey <KEY_ID> --apiIssuer <ISSUER_ID>

# 4. Upload
xcrun altool --upload-app -f build/ios/ipa/*.ipa -t ios \
  --apiKey <KEY_ID> --apiIssuer <ISSUER_ID>

--apiKey is the alphanumeric Key ID (not a path); altool finds the .p8 by convention at ~/.appstoreconnect/private_keys/AuthKey_<KEY_ID>.p8 (don't pass --apiKeyPath). Then: ASC web UI → TestFlight → wait 5–30 min → assign to an Internal group → install. Listing metadata + submit stay in the web UI (or scripted, Phase 6 Path B). Poll the build to VALID per references/PILOT-AND-TESTFLIGHT.md (3-state loop — "not yet visible" ~1–3 min, small IPAs skip PROCESSING, OP-35). If altool errors with unable to find utility "altool", CLT is the active dev dir — point at Xcode.app or use the absolute path (OP-52).

B. Fastlane — best for repeat releases / CI

brew install fastlane           # or Bundler-managed — see references/FASTLANE-SETUP.md (preferred)
cd <project>/ios                # Capacitor: <project>/ios/App
fastlane init                   # creates fastlane/Fastfile, fastlane/Appfile, Gemfile

Minimal lane (all frameworks): a release lane that calls build_app (gym, with export_method: "app-store-connect" — the current name, OP-38) then upload_to_app_store (deliver, with submit_for_review: false until you trust the lane). Full recommended lane set in references/FASTLANE-SETUP.md.

Per-release one-liner once the lane exists:

Framework	Release command
Native	cd ios && fastlane release
React Native	cd ios && fastlane release
Flutter	flutter build ipa --release && cd ios && fastlane release
Capacitor	npx cap sync ios && cd ios/App && fastlane release

C. EAS (Expo / RN-on-EAS)

eas build --platform=ios --profile=production --non-interactive --no-wait
# wait 5–10 min for the build to finish
eas submit --platform=ios --latest --non-interactive

Pre-flight: submit.production.ios.ascAppId must be in eas.json for non-interactive submit (OP-28); EAS-managed signing means no local cert; Apple-side errors surface only at the submission URL the CLI prints (OP-29). → references/EAS-SUBMISSION.md.

Authentication: the ASC API key (do this once)

Generate at https://appstoreconnect.apple.com/access/integrations/api (Keys tab). Download the .p8 at creation time only (Apple never shows it again — close the dialog without saving = revoke + regenerate). Role: App Manager for upload/metadata; Admin only for cloud signing or cert/profile management (OP-5). Store outside every project at ~/.appstoreconnect/private_keys/AuthKey_<KEY_ID>.p8, chmod 600. Note the Key ID (10 chars) and Issuer ID (UUID at the top of the Keys page, not the key row — a 401-causing copy-paste trap). Sanity-check before Phase 2 (references/PRE-FLIGHT.md). Full secrets-hygiene model + the 401/403 troubleshooting table: references/ASC-API.md.

Automation coverage

The CLI surface and the web-UI surface are distinct; the manual items are mostly one-time. Know the boundary before you start — don't burn time hunting for a fastlane action that doesn't exist.

CLI-automated (recurring, every release)

Step	Fastlane	EAS (Expo apps)
Build IPA (Flutter)	flutter build ipa --release	n/a
Build IPA (native / RN / Capacitor)	fastlane gym	n/a
Build IPA (Expo)	n/a	eas build --platform=ios --profile=production
Sync signing certs / profiles	fastlane match	implicit (EAS-managed)
Bump build number	fastlane increment_build_number	autoIncrement: true in eas.json
Upload to ASC	fastlane pilot (or xcrun altool raw)	eas submit --platform=ios --latest
Metadata	fastlane deliver	not covered — use deliver / ASC REST / web UI
Screenshots	fastlane snapshot + deliver	not covered — same fallbacks
Submit for review	fastlane deliver --submit_for_review true	not covered — ASC web UI or REST

Other CI/distribution paths: Apple's native CI is Xcode Cloud (configured in Xcode UI/ASC, driven by three ci_scripts/) → references/XCODE-CLOUD.md. macOS distribution (Mac App Store .pkg, Developer-ID notarization, SwiftPM .app, Sparkle) is a different cert/validation surface → references/MACOS-DISTRIBUTION.md.

Web-UI-only (one-time per Apple ID, or one-time per app) — these are Phase 0

• Apple Developer Program enrollment ($99/yr + identity verification) — once per Apple ID
• Agreements / Tax / Banking in ASC — once per account
• First-time app record creation — fastlane produce can do it, but the public ASC REST API cannot (POST /v1/apps does not exist, OP-42); most solo devs do it once in the UI (~60s)
• Privacy nutrition-label questionnaire — Apple gates this in the ASC web UI
• Export-compliance answers — pre-answer the trivial case in Info.plist via ITSAppUsesNonExemptEncryption (OP-24); the questionnaire UI is authoritative otherwise
• Age-rating questionnaire — first submission only, then preserved across updates

→ references/PRE-FLIGHT.md for the one-time setup walkthrough.

Pipeline

Each phase has a hard gate; do not proceed without the listed evidence.

Phase 0 — Pre-flight

Gate: all items below verified in ASC / the Apple Developer portal.

All paths (fastlane + EAS):

• Apple Developer Program active and paid (renewal >30 days out)
• Agreements / Tax / Banking complete (first-submission only)
• ASC record exists (in first-submission, create it now with a matching bundle ID)
• Bundle ID identical across project config / provisioning profile / ASC record / Info.plist
• ITSAppUsesNonExemptEncryption set in Info.plist / ios.infoPlist (saves a per-upload questionnaire — OP-24)
• update mode: local CFBundleShortVersionString is strictly greater than the latest approved version on ASC — ITMS-90062/90186 fires on equal-or-lower (OP-30)

Fastlane-based paths (native, RN-bare-no-EAS, Flutter, Capacitor) additionally:

• Distribution cert physically in the login keychain — security find-identity -v -p codesigning | grep "Apple Distribution". Not just "in the cloud" — that fails on the second archive (OP-4).
• App Store provisioning profile valid for the bundle ID
• Xcode version compatible with the target iOS SDK
• ASC API key generated, .p8 at ~/.appstoreconnect/private_keys/AuthKey_<KEY_ID>.p8, App Manager role (Admin if cloud signing — OP-5)
• fastlane installed via Bundler (not a global gem)
• match repo synced — only if using match

EAS-based paths (Expo or RN-on-EAS) instead:

• eas whoami succeeds
• eas.json has submit.production.ios.ascAppId for non-interactive submits (OP-28)
• EAS-managed cert + profile valid (eas credentials --platform ios if unsure)
• ASC API key — EAS auto-generates/manages on first submit; no local .p8
• Skip the local-cert keychain check (OP-4) — not applicable to EAS-managed signing

→ references/PRE-FLIGHT.md, references/FASTLANE-SETUP.md, references/EAS-SUBMISSION.md.

Phase 1 — Framework build

Gate: Xcode opens the workspace and builds the Release scheme without errors. Plus: app icon and launch screen are not framework defaults.

Apply the framework router. Fail fast on dependency-install errors before touching Xcode — they're cheaper to diagnose than archive failures.

Critical placeholder-asset check (the silent App Review rejection trap):

• App icon: flutter create / RN / Capacitor scaffolds ship default placeholder icons that pass binary validation but get rejected at App Review under Guideline 4.0 (OP-1). Visually inspect the 1024×1024 source before Phase 2. Verify size + no-alpha with sips -g pixelWidth -g pixelHeight -g hasAlpha <icon> (OP-46). If it's the framework default, regenerate (see the app-icons skill, or flutter_launcher_icons).
• Launch screen: verify LaunchScreen.storyboard is customized — default storyboards reference a 68-byte placeholder (OP-2). If hand-writing a storyboard for Xcode 26, stay in the legacy format or Xcode's IB compiler may throw an internal error (OP-7).

→ references/FRAMEWORK-BUILDS.md.

Phase 2 — Archive (fastlane gym / xcodebuild / eas build)

Gate: valid .xcarchive with embedded dSYMs at a known path, Distribution-signed (fastlane/altool); or FINISHED build with a downloadable IPA URL (EAS).

fastlane gym \
  --workspace ios/MyApp.xcworkspace \
  --scheme MyApp --configuration Release \
  --export_method app-store \
  --output_directory build --include_symbols true

EAS path: eas build --platform=ios --profile=production --non-interactive --no-wait, then poll eas build:view <id> --json until status=FINISHED (5–10 min).

→ references/GYM-AND-ARCHIVE.md for ExportOptions.plist templates (use method: app-store-connect — OP-38), manual-signing variants, and the two-stage archive/export signing model (OP-40). For native/XcodeGen, put signing in project.yml, never the .xcodeproj (OP-39).

Phase 3 — Validate

Gate: validation returns success; all ITMS errors resolved.

xcrun altool --validate-app -f build/MyApp.ipa -t ios \
  --apiKey <KEY_ID> --apiIssuer <ISSUER_ID>

gym runs validation by default. Common failures: missing privacy manifest, missing usage descriptions, encryption-export gaps, wrong provisioning profile, deprecated APIs. → references/PRIVACY-MANIFEST.md, references/ITMS-ERRORS.md.

Phase 4 — Upload (fastlane pilot / xcrun altool / eas submit)

Gate: build appears in ASC → TestFlight → Builds, processing complete (~5–30 min).

# fastlane
fastlane pilot upload --ipa build/MyApp.ipa \
  --skip_waiting_for_build_processing false --skip_submission true
# EAS
eas submit --platform=ios --latest --non-interactive

Use the ASC API key over Apple-ID + app-specific-password (required in CI). EAS surfaces Apple-side errors only at the submission URL (OP-29).

⚠ Version-train constraint: the version in this build must be higher than the latest approved App Store version — TestFlight-only included (ITMS-90062 + ITMS-90186, OP-30). Bump before re-uploading after an approval.

→ references/PILOT-AND-TESTFLIGHT.md (fastlane + altool), references/EAS-SUBMISSION.md.

Phase 5 — TestFlight verification

Gate: build installs and launches on at least one real device via TestFlight.

• Internal testing (≤100 testers, no review) — use first.
• External testing (≤10K, Beta App Review for the first build of a version) — only when needed.
• Verify launch, primary flow, no immediate crash. Crash reports: ASC → TestFlight → Crashes.

→ references/PILOT-AND-TESTFLIGHT.md.

Phase 6 — Metadata

Gate: all required ASC fields populated.

For keyword research, listing copywriting, and store-screenshot design, use the app-store-optimization skill — that's where the ASO craft lives. This phase covers only the mechanics of getting the fields and assets into ASC.

• Screenshots cover required device sizes — use APP_IPHONE_67 for any modern Pro Max (APP_IPHONE_69 is not a valid enum despite the 6.9" hardware — OP-21).
• Age rating filled via web UI or PATCH-iterate (the field set expands annually — OP-17, OP-18).
• Screenshot upload via ASC REST API is a 3-step reserve → PUT → commit protocol, not a single POST (OP-22).
• EAS: the build artifact must be ≤30 days old before Phase 7 — EAS garbage-collects after 30 days (OP-32). Don't sit on metadata for a month.

Three paths to fill metadata — pick once and stick with it:

• Path A — fastlane deliver: committed source of truth, multi-locale, repeatable. Best for repeat releases / CI. fastlane deliver --skip_binary_upload true --force.
• Path B — ASC REST API direct: Python/Node script using the ASC key + ES256 JWT. Mind the 3-step screenshot protocol (OP-22) and the annual age-rating expansion (OP-17/18). Cloud-signing ops need Admin; App Manager covers everything else (OP-5). Use the safe client pattern in references/ASC-API.md.
• Path C — ASC web UI: recommended for first submissions. Faster than a Deliverfile from scratch, and the only authoritative privacy-nutrition-label + current age-rating questionnaire.

Required (verify in ASC at submission — specs change): app name (≤30), subtitle (≤30), description (≤4000), keywords (≤100), promotional text (≤170), support URL, privacy policy URL, primary category, age rating, privacy nutrition labels, content-rights declaration, copyright, screenshots covering current required device sizes.

→ references/DELIVER-AND-METADATA.md.

Phase 7 — Submit for Review

Gate: submission accepted; state moves PREPARE_FOR_SUBMISSION → WAITING_FOR_REVIEW. Note: a build showing "Ready to Submit" in TestFlight is not "Submitted" — the review submission is a separate action (OP-13).

• Demo-account credentials (required if any login wall)
• Review notes (non-obvious flows, third-party login, server-side feature flags)
• Phased Release (7-day rollout) on/off
• Manual vs Automatic release after approval

fastlane deliver --submit_for_review true --automatic_release false --phased_release true --force

Or ASC REST (the submit is a PATCH … {submitted:true}, not an actions/submit — that sub-resource does not exist and 404s; OP-47):

POST  /v1/reviewSubmissions                       # → submission id
POST  /v1/reviewSubmissionItems                   # attach the version (409 = already attached)
PATCH /v1/reviewSubmissions/{id} {submitted:true} # the actual submit

Before a resubmit, cancel any stale UNRESOLVED_ISSUES submission first or this 409s (OP-48). → references/ASC-REST-RESOURCES.md.

This is the irreversible action. ALWAYS require explicit user authorization before firing the final submit — never submit programmatically without confirmation (axiom 12). Verify after: GET /v1/reviewSubmissions?filter[app]={appId}&filter[platform]=IOS should return state: "WAITING_FOR_REVIEW" (drop any sort= — OP-20).

→ references/DELIVER-AND-METADATA.md.

Phase 8 — Post-review

Gate: approved + released, OR rejection handled and resubmission queued.

On rejection, references/REJECTIONS.md is the entry point: read the cited guideline verbatim, reproduce locally against the exact build the reviewer saw, fix the root cause, scan for the same pattern elsewhere, then resubmit. Do all four before replying.

References

• PRE-FLIGHT.md — Apple Developer / ASC setup, certs, provisioning, bundle-ID hygiene, credential sanity-check.

• FRAMEWORK-BUILDS.md — Native / RN / Expo / Flutter / Capacitor pre-iOS-build steps + dependency-install errors.

• FASTLANE-SETUP.md — Bundler-managed install, Appfile, lane structure, recommended lanes.

• EAS-SUBMISSION.md — EAS Build + Submit for Expo: config, polling, error reading, fastlane migration.

• MATCH-AND-SIGNING.md — fastlane match, cert storage/sync, manual-signing fallback, common signing errors.

• GYM-AND-ARCHIVE.md — gym config, ExportOptions.plist templates, raw xcodebuild archive/-exportArchive.

• PILOT-AND-TESTFLIGHT.md — pilot/altool upload, JWT minting, the 3-state poll loop, tester groups, Beta App Review, version-train semantics, ASC state verification.

• DELIVER-AND-METADATA.md — deliver layout, screenshot capture (3 paths) + upload/reorder/replace protocols, age-rating, the submit (PATCH {submitted:true}), phased-release curve, idempotent diff-before-write, ASC enum/limit reference.

• PRIVACY-MANIFEST.md — PrivacyInfo.xcprivacy, required-reason APIs + reason codes, the enumerated "commonly used SDK" list, the iOS-26/Xcode-26 SDK floor-version table, third-party SDK signatures.

• ITMS-ERRORS.md — Catalog of common ITMS-XXXXX errors/warnings (incl. 90475, 90348, the iOS-17 split permission keys, non-ITMS archive errors) with cause / fix / prevention.

• ASC-API.md — Secrets-hygiene model, ~/.asc_secrets, the safe JWT client, the 401/403 troubleshooting table, OpenAPI-template script, asc-mcp + the asc community CLI.

• ASC-REST-RESOURCES.md — ongoing-management REST: customer reviews + AI summaries, gzip-TSV sales/finance reports, in-app-events/custom-product-pages/app-clips, recovering a stuck submission.

• MACOS-DISTRIBUTION.md — MAS .pkg (cert pools, embed profile, SwiftPM 409, actool 90546/90236), Developer-ID notarization (hardened runtime, notarytool, staple+re-zip, broken-trust repair), SwiftPM .app packaging, Sparkle appcast.

• XCODE-CLOUD.md — Apple-native CI: the three ci_scripts/, the CI_* env table, the two release scripts (WhatToTest, version↔tag), workflows, troubleshooting, the compute-hour cost model.

• REJECTIONS.md — App Review Guideline routing (2.1 / 4.0 / 4.3 / 5.1.1 / 3.1.1 …), the four-step response loop, fix-time/strategy/seasonal tables, named-AI consent, Resolution Center templates, appeals.

• OPERATOR-PATTERNS.md — Session-mined gotchas in OP-N format (OP-1 … OP-63). Placeholder-icon traps, cloud-signing fragility, ASC API quirks, screenshot upload protocol, age-rating discovery, EAS traps, zero-fastlane Flutter flow, XcodeGen/native-Swift signing, the correct submit endpoint (OP-47), cancel-stale-submission (OP-48), server-authoritative build numbers (OP-61), extension 90348, locale crash, and more.

  Reading order by project type:

  • Any first submission: OP-1, OP-4, OP-7, OP-17, OP-22, OP-47, axiom 12 + ASC-API.md
  • Flutter / altool zero-fastlane: OP-34, OP-35, OP-36, OP-37, OP-38, OP-46, OP-52, OP-60
  • Expo / EAS: OP-28, OP-29, OP-30, OP-31, OP-32, OP-33
  • Native Swift / XcodeGen: OP-39 → OP-46, OP-54, OP-55, OP-57, OP-61, OP-62
  • Resubmit after rejection: OP-47, OP-48, OP-49 + REJECTIONS.md
  • macOS / Xcode Cloud: MACOS-DISTRIBUTION.md, XCODE-CLOUD.md