asc-doctor

v1.0.0

Published

2 months ago

🩺 Release readiness auditor for App Store Connect

0High
0Medium
0Low

spectrex

app-store-connect ios release audit cli devtools app-store metadata screenshots localization apple

🩺 ASC Doctor

Release readiness auditor for App Store Connect

One command. Full diagnosis. Ship with confidence.

Stop wondering "what did I forget?" before every App Store submission.
ASC Doctor connects to the App Store Connect API and audits your app's metadata across 8 modules — localization, screenshots, age rating, subtitles, privacy, subscriptions, storefront coverage, and review info. Get an instant risk score, actionable findings, and a beautiful report.

⚡ Quick Start

# Try it instantly with demo data (no API key needed!)
npx asc-doctor --demo

# Run against your real app
npx asc-doctor --key-id YOUR_KEY_ID --issuer-id YOUR_ISSUER_ID --key ./AuthKey.p8

🎯 What It Catches

| Module | What It Checks | |--------|---------------| | 🌍 Localization | Missing descriptions, empty keywords, placeholder text ("Lorem ipsum", "TODO"), short descriptions | | 📱 Screenshots | Empty screenshot slots, missing required device types (6.9" iPhone, 13" iPad), locale coverage gaps | | 🔞 Age Rating | Unset declarations, gambling inconsistencies, kids-band + mature content conflicts | | 💬 Subtitle | Missing subtitles, generic text ("Best App Ever"), name repetition, exceeding 30-char limit | | 🔒 Privacy | Missing privacy policy URL, invalid/unreachable URLs, non-HTTPS links | | 💳 Subscriptions & IAP | Missing display names, empty descriptions, subscription group localization gaps | | 🌐 Storefront Coverage | Limited territories, missing major markets (US, JP, DE...), wasted localizations | | 📋 Review Info | Missing contact info, demo account gaps, empty review notes |

📊 Risk Scoring

Every finding is weighted by severity and contributes to a 0-100 risk score:

| Grade | Score | Meaning | |-------|-------|---------| | 🟢 A | 90-100 | Ship it! | | 🟡 B | 75-89 | Almost ready | | 🟠 C | 50-74 | Needs attention | | 🔴 D | 25-49 | High risk | | ⛔ F | 0-24 | Do not submit |

Severities: 🔴 Critical (−15pts) · 🟠 High (−8pts) · 🟡 Warning (−3pts) · ℹ️ Info (−1pt)

🔧 Installation

# Use directly with npx (recommended)
npx asc-doctor --demo

# Or install globally
npm install -g asc-doctor

# Or install locally
npm install --save-dev asc-doctor

🔑 Setup

ASC Doctor uses the App Store Connect API (read-only). You need an API key:

Go to App Store Connect → Users and Access → Integrations → App Store Connect API
Click Generate API Key with at least App Manager role
Download the .p8 private key file (⚠️ you can only download this once!)
Note your Key ID and Issuer ID

See the full setup guide for detailed instructions.

📖 Usage

Basic

ascdoc --key-id ABC123 --issuer-id DEF456 --key ./AuthKey.p8

Specify an App

# Auto-detects if you have only one app
# Otherwise, specify the app ID:
ascdoc --app-id 1234567890 --key-id ABC123 --issuer-id DEF456 --key ./AuthKey.p8

Output Formats

# Beautiful terminal output (default)
ascdoc --format terminal

# Markdown report (great for PRs and docs)
ascdoc --format markdown --output report.md

# JSON (for CI/CD pipelines)
ascdoc --format json

Filter Modules

# Only run specific audits
ascdoc --only localization,screenshots

# Skip specific audits
ascdoc --skip storefront,review-info

CI/CD Integration

# Exit with code 1 if score is below threshold
ascdoc --ci --min-score 75 --format json

# In your GitHub Actions workflow:
# - name: Audit App Store readiness
#   run: npx asc-doctor --ci --min-score 75 --format json

Environment Variables

export ASC_KEY_ID=ABC123
export ASC_ISSUER_ID=DEF456
export ASC_KEY_PATH=./AuthKey.p8
export ASC_APP_ID=1234567890  # optional

ascdoc  # Uses env variables automatically

Config File

Create .ascdocrc.json in your project root:

{
  "keyId": "ABC123",
  "issuerId": "DEF456",
  "keyPath": "./AuthKey.p8",
  "appId": "1234567890",
  "minScore": 75,
  "skip": ["storefront"],
  "format": "terminal"
}

Then just run:

ascdoc

🔒 Security

ASC Doctor is read-only — it never modifies your App Store Connect data
API keys are never stored, logged, or transmitted anywhere except to Apple's API
Add .p8 files to your .gitignore — never commit private keys

📋 All Options

Usage: ascdoc [options]

Options:
  --key-id <id>        App Store Connect API Key ID
  --issuer-id <id>     App Store Connect API Issuer ID
  --key <path>         Path to .p8 private key file
  --app-id <id>        App ID (auto-detected if only one app)
  --format <type>      Output format: terminal, markdown, json (default: terminal)
  --output <path>      Save report to file
  --only <modules>     Run only these audit modules (comma-separated)
  --skip <modules>     Skip these audit modules (comma-separated)
  --ci                 CI mode: exit with non-zero if score below --min-score
  --min-score <score>  Minimum score for CI mode (default: 75)
  --demo               Run with demo data (no API key required)
  --list-modules       List available audit modules
  -V, --version        Output the version number
  -h, --help           Display help

🤝 Contributing

Contributions are welcome! Here's how to get started:

# Clone the repo
git clone https://github.com/aykutbey3543/ascdoc.git
cd ascdoc

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

# Try with demo data
node dist/index.js --demo

Adding a New Audit Rule

Add your check to the appropriate auditor in src/auditors/
Use the existing Finding interface with a unique ID (e.g., LOC-009)
Include a remedy field with an actionable fix suggestion
Add a test in tests/auditors/

📄 License

MIT © Spectrex

If ASC Doctor saved you from a rejection, consider giving it a ⭐

Report Bug · Request Feature · Discussions