ipaShip is an open-source CLI tool that uses AI (Google Gemini or Anthropic Claude) to audit Flutter mobile app source code against Apple App Store Review Guidelines and Google Play Developer Policies. It catches compliance issues before you submit your app, preventing costly rejections.

How do I install ipaShip?

Install ipaShip globally via npm: npm install -g @async-atharv/ipaship. Requires Node.js 18 or later. Also available via pip (Python), cargo (Rust), dart pub (Flutter), go install, gem (Ruby), brew (Homebrew), dotnet tool, and Docker.

How does ipaShip prevent App Store rejections?

ipaShip scans your Flutter project's Dart source files, pubspec.yaml, Info.plist (iOS), and AndroidManifest.xml (Android). It checks against the latest Apple and Google Play store policies for missing permissions, privacy violations, IAP compliance, prohibited behaviors, and more. Results are PASS/WARNING/FAIL with specific guideline citations and fix suggestions.

Can I use ipaShip in CI/CD pipelines?

Yes. ipaShip is designed for CI/CD. It exits with code 1 on failure and 0 on pass, making it easy to gate deployments. Ready-made templates are provided for GitHub Actions, GitLab CI, Jenkins, CircleCI, Bitbucket Pipelines, and Azure DevOps.

Which AI models does ipaShip support?

ipaShip supports Google Gemini models (3.1-pro, 3-flash, 2.5-flash, 2.5-pro, 1.5-pro, 1.5-flash) and Anthropic Claude models (opus-4-6, sonnet-4-6, opus-4-5, sonnet-4-5, haiku-4-5, sonnet-4, sonnet-3-7, haiku-3-5). Bring your own API key.

Does ipaShip work with Claude Code, Cursor, or Windsurf?

Yes. ipaShip includes a built-in MCP (Model Context Protocol) server with two tools: ipaShip_store_audit and ipaShip_code_review. It integrates directly with Claude Code, Cursor, and Windsurf so AI assistants can run audits inside your editor.

Is ipaShip free and open source?

Yes. ipaShip is free, open source, and licensed under MIT License. You need your own API key for Google Gemini or Anthropic Claude to power the AI analysis.

What does ipaShip check for iOS apps?

For iOS, ipaShip checks: Privacy & Permissions (undeclared APIs, missing NSUsageDescription), Data Collection & Tracking (ATT dialog, analytics disclosure), Content & Design (minimum functionality), In-App Purchases (StoreKit compliance), Legal & Compliance (privacy policy, export compliance), and Prohibited Behaviors (dynamic code loading, hot-patching).

What does ipaShip check for Android apps?

For Android, ipaShip checks: Permissions & Data Safety, Data Collection & Privacy, Content & Behavior, Billing & Monetization (Google Play Billing), API Level & Compatibility, and Security & Abuse (malware patterns).

v1.2.1 — Code Rules + MCP Server + Dual Store

Stop guessing.
Ship with confidence.

Name: ipaShip
Author: async-atharv

AI-powered store compliance & code quality audits for Flutter apps. Catch rejections before you submit.

$ npm install -g @async-atharv/ipaship

Features

Everything you need to ship.

One command. Two stores. Zero surprises at review time.

🎯

Dual Store Support

Audit against Apple App Store and Google Play guidelines — together or one at a time.

🔍

Two Audit Modes

Store compliance checks, code quality reviews, or both in a single run.

🤖

AI-Powered

Choose from multiple AI providers and models. Bring your own API key.

📋

Up-to-Date Policies

Always checks against the latest Apple & Google Play store policies. Works fully offline.

⚙️

Zero Config

Automatically understands your project structure. Just point it at your Flutter project and run.

🏗️

CI-Ready

Designed for automation. Drop it into your CI pipeline to catch issues before every release.

How It Works

Three steps. That's it.

Point it at your Flutter project. Get an audit report.

Point

Run ipaShip --dir ./ in your Flutter project. It figures out the rest automatically.

Analyze

ipaShip reads your project and checks it against the latest Apple & Google Play store policies.

Report

Get a clear Pass / Warning / Fail checklist with specific guideline references and fix suggestions.

Coverage

What it checks.

Comprehensive audit categories for both stores and code quality.

🍎

App Store (iOS)

Privacy & Permissions
Data Collection & Tracking Transparency
Content & Design
In-App Purchase compliance
Legal & Export compliance
Prohibited behaviors

📱

Play Store (Android)

Permissions & Data Safety
Data Collection & Privacy
Content & Behavior policies
Billing & Monetization
API Level & Compatibility
Security & Abuse prevention

MCP Server

Works inside your AI editor.

ipaShip ships with a built-in MCP server. Claude Code, Cursor, and Windsurf can run audits directly in your editor.

🔧

ipaShip_store_audit

Run store compliance checks against Apple App Store and Google Play guidelines. Returns PASS / WARNING / FAIL with guideline citations.

Parameters: projectDir, platform (optional)

🔍

ipaShip_code_review

Run code quality and security review. Checks architecture, error handling, performance, dependencies, and vulnerabilities.

Parameters: projectDir

# 1. Install globally

$ npm install -g @async-atharv/ipaship

# 2. Add the MCP server

$ claude mcp add ipaShip \

  --transport stdio \

  --env IPASHIP_PROVIDER=claude \

  --env IPASHIP_MODEL=claude-haiku-4-5 \

  --env ANTHROPIC_API_KEY=your-api-key \

  -- ipaShip-mcp

# 3. Restart Claude Code or run /mcp

Stop guessing.Ship with confidence.