AGENTSOURCE

The Shelf / App Store / App Review Pre-Submit Checklist

App Store

App Review Pre-Submit Checklist

The final gate before archive + upload. Every check here exists because a submission failed.

The job: stop Apple from finding your mistakes before you do.

A rejection costs you a review cycle — a day or more of dead time, sometimes a cascade of follow-on flags that cost another. Most rejections aren't exotic: a trial toggle on the paywall, a Terms link the reviewer couldn't see, an IAP that was "Ready to Submit" but never attached to the version, a privacy questionnaire that was filled in but never published. This checklist is the final gate an agent runs in five to ten minutes before every archive.

How it was built: the hard way. Every item in here was added after a real submission failed without it. The section headers still carry the scars — the icon check exists because a placeholder icon with two letters on a gradient passed a "file exists" check and got rejected on sight; the description-EULA check exists because two separate submissions had the check written down and never executed.

What's on the tag:

  • Subscription hard blockers with exact greps — the two paywall patterns that used to pass as conversion tricks and now draw confirmed 3.1.2(c)/5.6 rejections, plus the billed-amount-dominance rule and the 13pt link standard.
  • The traps the simulator can't show you: widget taps that are silently dead on a real Home Screen, features whose Swift is complete but whose entitlement was never provisioned, localhost URLs that work on your Mac and fail on every phone.
  • The App Store Connect state audit: IAP-to-version linkage (and why first-time IAPs can only be bundled through the web UI — every API endpoint that fails is documented so your agent doesn't waste an hour rediscovering it), territory-scoped intro offers, pricing and availability, and the false-green catalog where a 200 from the API does not mean the field is complete.
  • Watch-target gates, games-specific rules (loot-box odds, test-ad footguns, review-prompt law), URL-consistency checks, and a final smoke test.
  • A full ASC API playbook: JWT generator, endpoint map, submit and cancellation flows, fix scripts.

Who it's issued to: iOS developers who ship — especially subscription apps, where 3.1.2 and 2.1(b) do most of the damage — and anyone staring down a first submission with IAPs.

Why not a free directory download? Free checklists paraphrase Apple's guidelines. This one encodes what the guidelines don't say: where the ASC API lies, which gates only surface at the submit click, and which fixes actually cleared real rejections. It's maintained — when Apple adds a questionnaire step or moves a field, the checklist gets the update and your locker gets the new version.

Output is operator-grade: PASS/FAIL per item, file:line, exact fix, severity. Blockers stop the archive.

FIELD REPORT real output, not a promise

Three findings in the checklist's own output format, each drawn from a documented real rejection (or near-miss) that the corresponding check now catches. App names anonymized; guideline citations and fixes as documented.

Finding 1 — Section A0: trial toggle on the paywall

CHECK:    A0 — trial toggle (3.1.2(c))
RESULT:   FAIL — BLOCKER
EVIDENCE: PaywallView.swift — SwiftUI Toggle bound to $trialEnabled adds/removes
          the free trial on the offer card
FIX:      Remove the toggle. One clear offer; the trial rides on the StoreKit
          intro offer and reads as subordinate text: "7 days free, then
          $59.99/year automatically. Auto-renews until cancelled."

Origin: a quit-habit app's v1.0 was rejected with this exact pattern on the paywall — a pattern that was considered a conversion best practice until the rejection landed. The same review also flagged a post-cancel "win-back" sheet under Guideline 5.6; both are hard blockers in the checklist now.

Finding 2 — Section D.5: IAPs not attached to the version

CHECK:    D.5 — IAP-to-version linkage (2.1(b))
RESULT:   FAIL — BLOCKER
EVIDENCE: 3 products referenced in SubscriptionManager.swift, all "Ready to
          Submit" in ASC — none listed in the version page's "In-App Purchases
          and Subscriptions" table
FIX:      First-time IAPs cannot be bundled via the public API (all four
          submission endpoints tested: schema rejection or 409
          FIRST_*_MUST_BE_SUBMITTED_ON_VERSION). Use the web UI: version page →
          select all IAPs → Add for Review → Submit. Verify each product's
          state flips to WAITING_FOR_REVIEW via the API afterwards.

Origin: a first-launch build submitted via the API alone was rejected under 2.1(b) roughly ten hours later — the reviewer could not locate the IAPs. The rebuilt submission used the web-UI flow and the version plus all three IAPs entered review together.

Finding 3 — Section A2: EULA link missing from the store description

CHECK:    A2 — Terms of Use in the App Description (3.1.2)
RESULT:   FAIL — BLOCKER
EVIDENCE: grep -c 'stdeula' <live description> → 0. The binary paywall's
          Terms link is present and compliant; the description text has no
          EULA link.
FIX:      Add to the description:
          "Terms of Use (EULA): https://www.apple.com/legal/internet-services/itunes/dev/stdeula/"
          plus the standard auto-renewal disclosure paragraph.

Origin: a subscription app carried both a 2.1(b) IAP-linkage rejection AND this independent 3.1.2(c) miss in the same review. Attaching the IAPs did not clear it — the description needed its own edit, costing an extra full review cycle. The checklist now forces the description grep to actually run even when the paywall itself is compliant.

That's the shape of every run: PASS/FAIL per item, evidence at file or field level, the exact fix, and a hard stop on the archive until every blocker clears.

SERVICE RECORD living gear — updated as the factory learns

v1.0.0 — 2026-07-17

First issue. Ported from the factory's internal skill: sanitized for general use, methodology intact, field report captured from a real run.

Every update ships free to owners — your locker always serves the latest version.

QUESTIONS

Is this just the App Review Guidelines reformatted?

No. The guidelines tell you the rules; this tells you where submissions actually fail them — including ASC-state traps the guidelines never mention, like unattached IAPs, unsynced intro offers, and an app approved for sale with zero territories configured.

Do I need the App Store Connect API?

The code-side checks run on any local agent with grep. The ASC-state checks are strongest with an API key (setup included, takes minutes), and the checklist flags the handful of gates only the web UI can verify.

My app has no subscriptions — is it still useful?

Yes. Section A skips cleanly; the crash, privacy, assets, review-notes, versioning, and games sections apply to every submission.

What agents does it run on?

Written for Claude Code; works in Codex/AGENTS.md setups and as a review guide in claude.ai Projects. Plain markdown, ripgrep-flavored greps, portable Python for the API calls.