capacitor-apple-review-preflight

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Capacitor Apple Review Preflight

Capacitor Apple审核预检

Run a pre-submission or post-rejection Apple review audit for a Capacitor app.

This skill adapts the Apple guideline and rejection-rule corpus from truongduy2611/app-store-preflight-skills and narrows the workflow to Capacitor-specific project inspection.

针对Capacitor应用执行提交前或被拒后的Apple审核审计。

本技能适配了truongduy2611/app-store-preflight-skills仓库中的Apple指南和被拒规则库，并将工作流收窄到Capacitor专属的项目检查范围。

When to Use This Skill

何时使用本技能

User wants an Apple App Store review preflight for a Capacitor app
User received an Apple rejection and wants the project audited against likely guideline failures
User wants to check metadata, entitlements, privacy manifests, Sign in with Apple, subscriptions, or minimum functionality before submission
User wants reviewer-notes guidance for a Capacitor iOS submission

用户需要为Capacitor应用做Apple App Store审核预检
用户的应用被Apple驳回，需要对照可能违反的指南对项目做审计
用户需要在提交前检查元数据、entitlements、隐私清单、Sign in with Apple、订阅或最低功能要求达标情况
用户需要Capacitor iOS版本提交的审核备注指引

Live Project Snapshot

实时项目快照

Detected Capacitor, auth, subscription, analytics, and privacy-related packages: !

node -e "const fs=require('fs');if(!fs.existsSync('package.json'))process.exit(0);const pkg=JSON.parse(fs.readFileSync('package.json','utf8'));const sections=['dependencies','devDependencies'];const out=[];for(const section of sections){for(const [name,version] of Object.entries(pkg[section]||{})){if(name.startsWith('@capacitor/')||name.startsWith('@capgo/')||name.includes('firebase')||name.includes('sentry')||name.includes('revenuecat')||name.includes('purchase')||name.includes('subscription')||name.includes('auth')||name.includes('analytics')||name.includes('segment')||name.includes('amplitude')||name.includes('mixpanel'))out.push(section+'.'+name+'='+version)}}console.log(out.sort().join('\n'))"

Relevant Apple review file paths: !

find . -maxdepth 6 \( -name 'package.json' -o -name 'capacitor.config.json' -o -name 'capacitor.config.ts' -o -name 'capacitor.config.js' -o -name 'Info.plist' -o -name '*.entitlements' -o -name 'PrivacyInfo.xcprivacy' -o -name 'project.pbxproj' -o -path './ios' -o -path './fastlane/metadata' -o -path './metadata' \)

检测到的Capacitor、授权、订阅、分析及隐私相关包： !

node -e "const fs=require('fs');if(!fs.existsSync('package.json'))process.exit(0);const pkg=JSON.parse(fs.readFileSync('package.json','utf8'));const sections=['dependencies','devDependencies'];const out=[];for(const section of sections){for(const [name,version] of Object.entries(pkg[section]||{})){if(name.startsWith('@capacitor/')||name.startsWith('@capgo/')||name.includes('firebase')||name.includes('sentry')||name.includes('revenuecat')||name.includes('purchase')||name.includes('subscription')||name.includes('auth')||name.includes('analytics')||name.includes('segment')||name.includes('amplitude')||name.includes('mixpanel'))out.push(section+'.'+name+'='+version)}}console.log(out.sort().join('\n'))"

Procedure

操作流程

Step 1: Confirm This Is the Right Review Scope

步骤1：确认审核范围适配

Use this skill for Apple-facing review work, not for generic publishing.

If the task is mostly about screenshots, release setup, or store upload mechanics, combine this skill with

capacitor-app-store

本技能仅用于面向Apple的审核工作，不适用于通用发布场景。

如果任务主要涉及截图、发布配置或商店上传机制，请将本技能与

capacitor-app-store

搭配使用。

Step 2: Identify App Type and Load the Right Checklist

步骤2：确定应用类型并加载匹配的检查清单

Always read:

references/guidelines/by-app-type/all_apps.md

Then add the checklist that matches the app:

```
subscription_iap.md
```
for subscriptions or IAP
```
social_ugc.md
```
for UGC or moderation-heavy apps
```
kids.md
```
for Kids Category
```
health_fitness.md
```
for health, fitness, or medical claims
```
games.md
```
for games
```
ai_apps.md
```
for AI or LLM features
```
crypto_finance.md
```
for crypto, trading, or financial workflows
```
vpn.md
```
for VPN and networking apps
```
macos.md
```
only when the submission also targets macOS

Use

references/guidelines/README.md

for the full guideline index when a rejection cites a specific section.

请始终阅读：

references/guidelines/by-app-type/all_apps.md

然后添加与应用匹配的检查清单：

订阅或应用内购（IAP）应用使用
```
subscription_iap.md
```
用户生成内容（UGC）或需要大量内容审核的应用使用
```
social_ugc.md
```
儿童分类应用使用
```
kids.md
```
健康、健身或涉及医疗宣称的应用使用
```
health_fitness.md
```
游戏类应用使用
```
games.md
```
包含AI或LLM功能的应用使用
```
ai_apps.md
```
加密货币、交易或金融相关流程的应用使用
```
crypto_finance.md
```
VPN和网络类应用使用
```
vpn.md
```
仅当提交同时适配macOS时使用
```
macos.md
```

如果被拒通知引用了特定条款章节，请参考

references/guidelines/README.md

获取完整指南索引。

Step 3: Inspect Capacitor and iOS Project State

步骤3：检查Capacitor和iOS项目状态

Start from the injected snapshot above, then inspect:

```
package.json
```
for Capacitor, auth, analytics, subscription, and SDK dependencies
```
capacitor.config.*
```
for app identifiers, app name, web asset config, and live update settings
```
ios/App/App/Info.plist
```
or the project-specific
```
Info.plist
```
any
```
*.entitlements
```
files
```
PrivacyInfo.xcprivacy
```
if present
```
fastlane/metadata
```
or other local metadata directories if they exist

Pay special attention to Capacitor-specific Apple review risks:

social login providers without a Sign in with Apple path when required
heavy WebView-only apps that may trigger 4.2 minimum functionality concerns
third-party SDKs that imply Required Reason API declarations or privacy disclosures
native capabilities enabled in Xcode but not justified by shipped functionality
Capgo, Appflow, or other live-update flows that need clear reviewer notes and compliance boundaries
missing or vague usage strings for camera, photo library, microphone, location, notifications, Face ID, tracking, or local network access

以上文注入的快照为起点，随后检查以下内容：

```
package.json
```
中的Capacitor、授权、分析、订阅及SDK依赖
```
capacitor.config.*
```
中的应用标识符、应用名称、网页资源配置及热更新设置
```
ios/App/App/Info.plist
```
或项目专属的
```
Info.plist
```
所有
```
*.entitlements
```
文件
若存在
```
PrivacyInfo.xcprivacy
```
也需检查
若存在
```
fastlane/metadata
```
或其他本地元数据目录也需检查

请特别关注Capacitor专属的Apple审核风险：

按要求需要提供Sign in with Apple但仅提供第三方社交登录入口
纯WebView包裹的轻量应用可能触发4.2最低功能要求相关问题
第三方SDK需要声明Required Reason API或隐私披露
Xcode中开启了原生能力，但上线的功能没有对应的使用场景说明
Capgo、Appflow或其他热更新流程需要清晰的审核备注和合规边界说明
相机、相册、麦克风、定位、通知、Face ID、追踪、本地网络访问的权限使用说明缺失或模糊

Step 4: Run Rule-Based Review Passes

步骤4：执行基于规则的审核流程

Use the upstream rule files as the source of truth:

metadata:
```
references/rules/metadata/*.md
```
subscription:
```
references/rules/subscription/*.md
```
privacy:
```
references/rules/privacy/*.md
```
design:
```
references/rules/design/*.md
```
entitlements:
```
references/rules/entitlements/*.md
```

Map them onto the Capacitor app:

metadata rules against App Store text, screenshots, preview videos, and review notes
privacy rules against
```
Info.plist
```
, privacy manifests, SDK usage, and data collection flows
design rules against app navigation, native value, login flows, and reviewer accessibility
entitlements rules against enabled capabilities in the iOS project

If App Store metadata is not stored locally and

asc

is available, pull it with

asc metadata pull --output-dir ./metadata

. If not, audit local metadata sources and state what remains unverified.

以上游规则文件为唯一标准：

元数据：
```
references/rules/metadata/*.md
```
订阅：
```
references/rules/subscription/*.md
```
隐私：
```
references/rules/privacy/*.md
```
设计：
```
references/rules/design/*.md
```
权限：
```
references/rules/entitlements/*.md
```

将规则对应到Capacitor应用做检查：

对照元数据规则检查App Store文案、截图、预览视频和审核备注
对照隐私规则检查
```
Info.plist
```
、隐私清单、SDK使用情况和数据收集流程
对照设计规则检查应用导航、原生能力价值、登录流程和审核人员可访问性
对照权限规则检查iOS项目中开启的能力

如果App Store元数据没有存储在本地且已配置

asc

，可通过

asc metadata pull --output-dir ./metadata

拉取。否则请审计本地元数据资源，并说明未验证的内容项。

Step 5: Produce a Capacitor-Focused Preflight Report

步骤5：生成聚焦Capacitor的预检报告

Use this format:

markdown

undefined

使用以下格式：

markdown

undefined

Apple Review Preflight

Rejections Found

[GUIDELINE X.X.X] Issue summary
- Evidence: file or metadata location
- Why it matters for this Capacitor app
- Fix: exact remediation

[GUIDELINE X.X.X] Issue summary
- Evidence: file or metadata location
- Why it matters for this Capacitor app
- Fix: exact remediation

Warnings

[GUIDELINE X.X.X] Potential issue

[GUIDELINE X.X.X] Potential issue

Passed

[Category] Checks that looked clean

[Category] Checks that looked clean

Missing Inputs

Metadata or review assets that were not available locally


Order findings by severity and make each fix concrete.

Metadata or review assets that were not available locally


按严重程度排序发现的问题，每个修复方案都要具体可执行。

Step 6: Suggest Reviewer Notes and Submission Follow-Ups

步骤6：给出审核备注建议和提交后续指引

When relevant, draft reviewer notes for:

demo accounts or test credentials
hidden or non-obvious features
hardware dependencies
subscription test flows
AI moderation or content controls
live-update behavior and what code can change post-review
reasons for special entitlements or network behavior

适用场景下，为以下内容编写审核备注：

演示账号或测试凭证
隐藏或不明显的功能
硬件依赖
订阅测试流程
AI内容审核或内容管控机制
热更新行为，以及审核通过后可修改的代码范围
特殊权限或网络行为的使用理由

Error Handling

错误处理

If app metadata is unavailable locally and
```
asc
```
is not configured, continue with the code and project audit and clearly mark metadata checks as partial.
If the app is mostly a thin web wrapper, call out guideline 4.2 risk directly rather than burying it in warnings.
If social login is present, verify whether guideline 4.8 requires Sign in with Apple before concluding the auth flow is review-safe.
If third-party SDKs suggest Required Reason API usage, inspect
```
PrivacyInfo.xcprivacy
```
before assuming privacy compliance.
If the user is asking how to fix a specific rejection, prioritize the cited guideline and only then expand to adjacent risks.

如果本地没有应用元数据且未配置
```
asc
```
，请继续完成代码和项目审计，明确标记元数据检查为部分完成。
如果应用基本是轻量网页包裹的形式，请直接指出4.2条款相关风险，不要将其隐藏在警告中。
如果应用提供了社交登录，请先验证4.8条款是否要求提供Sign in with Apple，再判定登录流程符合审核要求。
如果第三方SDK涉及Required Reason API使用，请先检查
```
PrivacyInfo.xcprivacy
```
再判定隐私合规。
如果用户询问如何修复特定的被拒问题，请优先处理引用的条款，再扩展到相邻的风险点。