verifyos-cli 0.1.1

A pure Rust CLI tool to scan Apple app bundles for App Store rejection risks before submission.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

# verifyOS-cli

[![Crates.io](https://img.shields.io/crates/v/verifyos-cli.svg)](https://crates.io/crates/verifyos-cli)
[![Docs.rs](https://img.shields.io/docsrs/verifyos-cli)](https://docs.rs/verifyos-cli)
[![CI](https://github.com/0xBoji/verifyos-cli/actions/workflows/rust.yml/badge.svg)](https://github.com/0xBoji/verifyos-cli/actions/workflows/rust.yml)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

`verifyOS-cli` is a pure Rust, cross-platform CLI tool designed to scan Apple app bundles (like `.ipa`, `.app`, `Info.plist`, and Mach-O binaries) for App Store rejection risks before submission. Operating locally or within an automated CI pipeline, it catches potential App Store Connect rejections left of the build process.

The App Store Connect validation step is historically a "black box" that costs developers hours of waiting. By shifting validation to your local machine—or a fast, cheap Linux runner—verifyOS-cli empowers solo developers and robust teams alike. Unlike Apple's toolchain (`codesign`, `otool`), this tool is built entirely in Rust.

## What it does

- Acts as a local static analysis orchestrator for iOS/macOS apps.
- **Privacy Manifests**: Checks for missing `PrivacyInfo.xcprivacy` and API-required privacy labels.
- **Permissions (Info.plist)**: Validates the inclusion of mandatory descriptions (e.g., `NSLocationWhenInUseUsageDescription`) against linked frameworks.
- **Code Signatures**: Extracts binary entitlements and spots mismatches with the embedded provisioning profile.
- **Export Compliance**: Inspects binaries for the `ITSAppUsesNonExemptEncryption` to avoid manual Web UI confirmations.
- **Architecture & Metadata**: Ensures proper Mach-O universal sizes and UI asset configurations.

## Installation

### From crates.io

```bash
cargo install verifyos-cli
```

## Quick start

Run the CLI tool against your `.ipa` or `.app` path:

```bash
verifyos-cli path/to/YourApp.ipa
```

## Architecture

This project is structured with modularity in mind:

- **`core/`**: Orchestrator and logic execution engine.
- **`parsers/`**: Format handlers (`zip` extraction, `plist` mapping, `goblin`/`apple-codesign` Mach-O inspection).
- **`rules/`**: Trait-based rule engine representing the validation checks.

## Conventional Commits

To ensure the automated semantic versioning and changelog parsing through the `release-plz` bot behaves properly, developers MUST use **Git Conventional Commits** format:

*   **`feat:`** A new feature (correlates to a MINOR `v0.X.0` bump).
*   **`fix:`** A bug fix (correlates to a PATCH `v0.0.X` bump).
*   **`docs:`** Documentation only changes.
*   **`style:`** Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc).
*   **`chore:`** Changes to the build process or auxiliary tools and libraries such as documentation generation.

## CI and releases

- CI: lint + tests on push and pull request.
- Automated release PRs: `release-plz` workflow.
- Publishing: crates.io + GitHub release artifacts.

## License

MIT