playbooks

home / skills / rshankras / claude-code-apple-skills / release-review

release-review skill

/skills/release-review

This skill provides a senior release review for macOS and iOS apps, identifying security, privacy, UX, and distribution issues with actionable fixes.

npx playbooks add skill rshankras/claude-code-apple-skills --skill release-review

Review the files below or copy the command above to add this skill to your agents.

Files (6)
SKILL.md
5.1 KB
---
name: release-review
description: Senior developer-level release review for macOS/iOS apps. Identifies security, privacy, UX, and distribution issues with actionable fixes. Use when preparing an app for release, want a critical review, or before App Store submission.
allowed-tools: [Read, Glob, Grep]
---

# Release Review for Apple Platforms

Performs a comprehensive pre-release audit of macOS and iOS applications from a senior developer's perspective. Identifies critical issues that could cause rejection, security vulnerabilities, privacy concerns, and UX problems—with actionable fixes.

## When This Skill Activates

Use this skill when the user:
- Says "review for release", "release review", or "pre-release audit"
- Asks for "senior developer review" or "critical review"
- Mentions preparing for "App Store", "TestFlight", or "notarization"
- Wants to know what "power users might complain about"
- Asks to "review before shipping" or "check before release"

## Review Process

### Phase 1: Project Discovery

First, understand the project:

```bash
# Find project type
Glob: **/*.xcodeproj or **/*.xcworkspace
Glob: **/Info.plist
Glob: **/project.pbxproj
```

Identify:
- Platform (macOS, iOS, or both)
- App type (standard app, menu bar app, widget, extension)
- Distribution method (App Store, direct download, TestFlight)

### Phase 2: Security Review

Load and apply: **security-checklist.md**

Key areas:
- Credential storage (Keychain patterns, no hardcoded secrets)
- Data transmission (HTTPS, certificate validation)
- Input validation (injection prevention)
- Entitlements audit
- Hardened runtime (macOS)

### Phase 3: Privacy Review

Load and apply: **privacy-checklist.md**

Key areas:
- Data collection transparency
- Privacy manifest (iOS 17+)
- User consent flows
- Third-party SDK disclosure
- GDPR compliance basics

### Phase 4: UX Polish Review

Load and apply: **ux-polish-checklist.md**

Key areas:
- First launch / onboarding
- Empty states and error handling
- Loading states
- Text truncation and accessibility
- Platform-specific UX patterns

### Phase 5: Distribution Review

Load and apply: **distribution-checklist.md**

Key areas:
- Bundle identifier format
- Code signing configuration
- Info.plist completeness
- App icons
- Platform-specific requirements (notarization, App Store)

### Phase 6: API Design Review

Load and apply: **api-design-checklist.md**

Key areas:
- User-Agent headers (honest identification)
- Error handling patterns
- Token expiration handling
- Rate limiting
- Offline handling

## Output Format

Present findings in this structure:

```markdown
# Release Review: [App Name]

**Platform**: macOS / iOS / Universal
**Distribution**: App Store / Direct Download / TestFlight
**Review Date**: [Date]

## Summary

| Priority | Count |
|----------|-------|
| Critical | X |
| High | X |
| Medium | X |
| Low | X |

---

## 🔴 Critical Issues (Must Fix)

Issues that will cause rejection, crashes, or security vulnerabilities.

### [Category]: [Issue Title]

**File**: `path/to/file.swift:123`
**Impact**: [Why this matters]

**Current Code**:
```swift
// problematic code
```

**Suggested Fix**:
```swift
// fixed code
```

---

## 🟠 High Priority (Should Fix)

Issues that significantly impact user experience or trust.

[Same format as above]

---

## 🟡 Medium Priority (Fix Soon)

Issues that should be addressed but won't block release.

[Same format as above]

---

## 🟢 Low Priority / Suggestions

Nice-to-have improvements and polish.

[Same format as above]

---

## ✅ Strengths

What the app does well:
- [Strength 1]
- [Strength 2]
- [Strength 3]

---

## Recommended Action Plan

1. **[Critical]** [First thing to fix]
2. **[Critical]** [Second thing to fix]
3. **[High]** [Third thing to fix]
...
```

## Priority Classification

### 🔴 Critical
- Security vulnerabilities (credential exposure, injection)
- Crashes or data loss scenarios
- App Store rejection causes
- Privacy violations
- Hardcoded secrets or spoofed identifiers

### 🟠 High
- Poor error handling (silent failures)
- Missing user consent or transparency
- Accessibility blockers
- Missing required Info.plist keys
- Broken functionality

### 🟡 Medium
- Incomplete onboarding
- Suboptimal UX patterns
- Missing empty states
- Performance concerns
- Minor accessibility issues

### 🟢 Low
- Code style improvements
- Additional features
- Polish and refinement
- Documentation improvements

## Platform-Specific Considerations

### macOS
- Menu bar app window activation (`NSApp.activate`)
- Sandbox exceptions justification
- Notarization requirements
- Hardened runtime
- Developer ID signing
- DMG/installer considerations

### iOS
- App Tracking Transparency
- Privacy nutrition labels
- Launch screen requirements
- Export compliance
- In-app purchase requirements
- TestFlight configuration

## References

- **security-checklist.md** - Detailed security review items
- **privacy-checklist.md** - Privacy and data handling
- **ux-polish-checklist.md** - User experience review
- **distribution-checklist.md** - Release and distribution
- **api-design-checklist.md** - Network and API patterns

Overview

This skill performs a senior developer–level pre-release audit for macOS and iOS apps, detecting security, privacy, UX, and distribution issues with actionable fixes. It targets problems that cause App Store rejections, security vulnerabilities, or poor user experience, and produces a prioritized, developer-friendly action plan. Use it to harden apps before TestFlight, notarization, or public release.

How this skill works

I inspect the project structure to determine platform and app type, then run focused checks across six phases: project discovery, security, privacy, UX polish, distribution, and API design. Findings are categorized by priority (Critical, High, Medium, Low) and include file references, impact statements, and concrete suggested fixes. The output is a short, actionable review that you can use directly to triage and remediate issues before submission.

When to use it

  • Preparing an app for App Store submission or TestFlight distribution
  • Before notarization or direct macOS distribution
  • When you want a critical, senior-developer review of security and privacy
  • If you need to reduce risk of App Store rejection
  • When you want a prioritized, actionable checklist before shipping

Best practices

  • Run the review after a release candidate build so file paths and Info.plist content are stable
  • Fix all critical security and privacy issues first, then address high-priority UX and distribution items
  • Include concrete code examples or stack traces when a crash or vulnerability is reported
  • Keep Info.plist, entitlements, and signing configuration consistent between CI and local builds
  • Document any sandbox exceptions, third-party SDKs, and user data flows for reviewers

Example use cases

  • A developer wants to ensure no hardcoded secrets, insecure network calls, or Keychain misuse remain
  • QA needs a checklist of issues that could trigger App Store rejection for an iOS release
  • Product manager requests a prioritized action plan covering privacy disclosures and consent flows
  • Engineering lead wants UX polish items (onboarding, empty states, accessibility) identified before launch
  • A macOS app preparing for notarization needs checks for hardened runtime and signing configuration

FAQ

What gets flagged as a critical issue?

Critical issues include security vulnerabilities (exposed credentials, insecure transport), crashes or data loss, privacy violations, and any condition likely to cause App Store rejection.

Will you change my code automatically?

No. The review provides concrete suggested fixes and code examples for developers to apply; it does not modify source files.