AI-powered iOS App Store compliance auditor. Upload your .ipa file and get a comprehensive audit against Apple's Review Guidelines β before you submit.
Live at: opensource.ipaship.com
- IPA Analysis β Upload
.ipafiles (up to 150MB) for automated compliance auditing - Full Guidelines Coverage β Checks all 6 major App Store Review Guideline categories: Safety, Performance, Business, Design, Legal & Privacy, and Technical
- Multi-Provider AI β Bring your own key from Anthropic (Claude), OpenAI (GPT), Google Gemini, or OpenRouter
- Model Selection β Choose specific models per provider (Claude Sonnet 4, GPT-4o, Gemini 2.5 Flash, etc.)
- Real-Time Streaming β Watch your audit report generate live as the AI analyzes your code
- Export Reports β Download as Markdown or PDF
- Zero-Trust Security β Files processed in ephemeral temp storage and deleted immediately. API keys stay in your browser, never on our servers
- 100% Open Source β Fully auditable codebase
| Layer | Technology |
|---|---|
| Frontend | Next.js 15, React 19, TypeScript, Tailwind CSS, Framer Motion |
| Backend | Next.js API Routes (Node.js) |
| Database | MongoDB (Mongoose) |
| AI Providers | Anthropic, OpenAI, Google Gemini, OpenRouter |
| File Processing | Busboy (streaming uploads), unzip (IPA extraction) |
| Export | html2pdf.js, React Markdown |
- Node.js 18+
- MongoDB URI (Atlas or local)
- API key from at least one AI provider
unzipinstalled on the server/runtime environment
# Ubuntu/Debian
sudo apt-get update && sudo apt-get install -y unzip# Clone the repo
git clone https://github.com/atharvnaik1/ipaShip-Ai---Appstore-Playstore-Policy-Auditor-Opensource-.git
cd ipaShip-Ai---Appstore-Playstore-Policy-Auditor-Opensource-
# Install dependencies
npm install
# Create environment file
echo 'MONGODB_URI=your_mongodb_uri_here' > .env.local
# Start dev server
npm run devOpen http://localhost:3000 in your browser.
npm run build
npm start- Upload β Drop your
.ipafile. The server streams it to disk via Busboy without buffering in memory. - Extract β The IPA is unzipped and all relevant source files are collected (
.swift,.m,.plist,.entitlements,.storyboard,.xcprivacy, etc.). Binary files and build artifacts are skipped. - Analyze β Source files are sent to your chosen AI provider with a structured audit prompt. The response streams back in real-time.
- Report β You get a structured compliance report with pass/fail indicators, severity ratings, and a prioritized remediation plan.
| Method | Endpoint | Purpose |
|---|---|---|
POST |
/api/audit |
Upload IPA, stream AI audit report |
POST |
/api/save-report |
Save report to MongoDB |
GET |
/api/visitor |
Increment and return visitor count |
ipaShip provides ready-to-use boilerplate SDKs and wrappers for various ecosystems and languages. You can find them in the wrappers/ directory. Each wrapper is skeletoned to pragmatically audit your .ipa files directly from your CI/CD pipelines, backend backend, or build environments!
Here are quick commands to interact with the given wrappers:
Node.js / NPM
cd wrappers/npm && npm install
node index.jsPython
cd wrappers/python
python3 ipaship.pyRust
cd wrappers/rust
cargo run --releaseGo
cd wrappers/go
go run ipaship.goHomebrew (MacOS CLI)
brew install ./wrappers/homebrew/ipaship.rb
ipaship /path/to/app.ipaC / C++
cd wrappers/c && gcc ipaship.c -o ipaship && ./ipaship
cd wrappers/cpp && g++ ipaship.cpp -o ipaship && ./ipashipJava & Kotlin
# Java
cd wrappers/java && mvn clean install
# Kotlin
cd wrappers/kotlin && ./gradlew buildRuby
cd wrappers/ruby
gem build ipaship.gemspecPHP
cd wrappers/php
composer installC# / .NET
cd wrappers/csharp-dotnet
dotnet buildR
# Load inside your R script (wrappers/r)
source("R/ipaship.R")
ipaship_audit("app.ipa", "API_KEY")Linux (Bash CLI)
chmod +x wrappers/linux/ipaship-cli.sh
./wrappers/linux/ipaship-cli.sh /path/to/app.ipa "YOUR_API_KEY"Swift & Apple Frameworks (Obj-C / Cocoapods)
- Add
wrappers/swift-cocoapodsas a local Swift Package Dependency. - Integrate the Objective-C headers from
wrappers/objcinto your build.
Cross-Platform App Frameworks (Dart/Flutter, Expo, Ionic)
- Flutter: Import
wrappers/flutter-dartvia local path dependency in yourpubspec.yaml. - Expo: Integrate
wrappers/expo/index.jsas an Expo config plugin. - Ionic: Use the
wrappers/ionicwrapper with Capacitor.
A deployment script is included for Ubuntu 24.04 VMs:
# On the server, create .env.local first
echo 'MONGODB_URI=your_mongodb_uri_here' > /opt/ipaship/.env.local
# Ensure unzip is installed (required by /api/audit extraction)
sudo apt-get update && sudo apt-get install -y unzip
# Then run the deploy script
chmod +x deploy.sh
./deploy.shThe script sets up Node.js 20, PM2, Nginx (with streaming/upload support), and UFW firewall.
- No cloud storage β Files are processed in ephemeral
/tmpdirectories and deleted immediately after audit - BYOK (Bring Your Own Key) β API keys are stored in your browser's localStorage, never sent to our servers
- No shell injection β File extraction uses
execFile(no shell), preventing command injection via filenames - Binary detection β Binary plists and compiled files are detected and skipped
- Rate limiting β 5 requests per IP per minute via in-memory LRU cache
- Prompt injection guards β System/user message separation with explicit instructions to treat file contents as data only
Contributions are welcome! Feel free to open issues or submit pull requests.
Open source. See repository for details.
Built by ipaShip Β© ipaShip β Original Creator: Atharv Naik