feat: App Store Connect MCP Server v1.0.0

109 tools across 17 workers for App Store Connect API.
Multi-account support, JWT auth, pagination, worker filtering.
Swift 6.1, macOS 14+, 296 unit tests.

Author: zelentsov-dev

.github/workflows/ci.yml

@@ -0,0 +1,28 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+    tags: ['*']
+  pull_request:
+    branches: [main, develop]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-and-test:
+    name: Build & Test
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Select Xcode
+        run: sudo xcode-select -s /Applications/Xcode_26.2.app
+
+      - name: Build
+        run: swift build
+
+      - name: Test
+        run: swift test

.gitignore

@@ -0,0 +1,124 @@
+# Xcode
+#
+# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
+
+## User settings
+xcuserdata/
+
+## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9)
+*.xcscmblueprint
+*.xccheckout
+
+## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4)
+build/
+DerivedData/
+*.moved-aside
+*.pbxuser
+!default.pbxuser
+*.mode1v3
+!default.mode1v3
+*.mode2v3
+!default.mode2v3
+*.perspectivev3
+!default.perspectivev3
+
+## Obj-C/Swift specific
+*.hmap
+
+## App packaging
+*.ipa
+*.dSYM.zip
+*.dSYM
+
+## Playgrounds
+timeline.xctimeline
+playground.xcworkspace
+
+# Swift Package Manager
+.swiftpm
+.build/
+Package.resolved
+
+# CocoaPods
+Pods/
+
+# Carthage
+Carthage/Build/
+
+# Accio dependency management
+Dependencies/
+.accio/
+
+# fastlane
+fastlane/report.xml
+fastlane/Preview.html
+fastlane/screenshots/**/*.png
+fastlane/test_output
+
+# Code Injection
+iOSInjectionProject/
+
+# Configuration files with sensitive data
+companies.json
+.env
+.env.local
+.env.*.local
+
+# App Store Connect Keys
+*.p8
+*.pem
+*.key
+AuthKey_*.p8
+companies.*.json
+
+# XcodeBuildMCP
+.xcodebuildmcp/
+
+# macOS
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# Test files
+test_input.json
+test_output.json
+*.test.json
+test_main.swift
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Claude settings
+.claude/
+
+# Debug
+*.log
+debug/
+logs/
+
+# Other
+.netrc
+Packages/

CHANGELOG.md

@@ -0,0 +1,49 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2025-02-17
+
+### Added
+
+- **17 workers** with ~109 tools covering the full App Store Connect API
+- **Multi-account support** via `companies.json` configuration
+- **Worker filtering** with `--workers` flag for tool-limited MCP clients
+- **JWT authentication** with ES256 signing and automatic 20-minute refresh
+- **HTTP client** as actor with retry logic, 429 rate-limit handling, and idempotent request support
+- **Pagination** helper for traversing large API result sets
+
+#### Workers
+
+- **CompaniesWorker** (3 tools) — multi-account management, switching, listing
+- **AuthWorker** (4 tools) — JWT token generation, validation, refresh
+- **AppsWorker** (9 tools) — app listing, metadata, localized descriptions, keywords
+- **BuildsWorker** (4 tools) — build listing, details, individual build info
+- **BuildBetaDetailsWorker** (9 tools) — TestFlight localizations, beta groups, notifications
+- **BuildProcessingWorker** (5 tools) — build states, encryption declarations
+- **AppLifecycleWorker** (12 tools) — version create/submit/release, phased rollout
+- **ReviewsWorker** (8 tools) — customer reviews, responses, statistics
+- **BetaGroupsWorker** (9 tools) — TestFlight groups CRUD, testers, builds
+- **BetaTestersWorker** (6 tools) — tester management, search, invite
+- **InAppPurchasesWorker** (12 tools) — IAP and subscriptions CRUD, localizations, submit
+- **ProvisioningWorker** (17 tools) — bundle IDs, devices, certificates, profiles, capabilities
+- **AppInfoWorker** (6 tools) — app info, categories, age rating, localizations
+- **PricingWorker** (6 tools) — territories, availability, price points and schedules
+- **UsersWorker** (6 tools) — team members, roles, invitations
+- **AppEventsWorker** (6 tools) — in-app events CRUD, localizations
+- **AnalyticsWorker** (4 tools) — sales reports, financial reports, analytics
+
+### Security
+
+- SSRF protection for pagination URL validation
+- Sensitive credential masking in MCP responses
+- HTTPS-only communication with App Store Connect API
+- JWT tokens held in memory only, never persisted
+
+### Testing
+
+- 295+ unit tests using Swift Testing framework
+- Test fixtures with placeholder credentials (no real keys)

CLAUDE.md

@@ -0,0 +1,138 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Language
+Response language: Russian
+Comment language: English    
+
+## Project Overview
+
+MCP (Model Context Protocol) server for App Store Connect API integration, designed for Claude Code CLI. This server provides tools to manage iOS/macOS apps through App Store Connect.
+
+## Build and Run Commands
+
+```bash
+# Build the project
+swift build
+
+# Run the MCP server (requires environment variables)
+./.build/debug/asc-mcp
+
+# Run tests/debug mode
+./.build/debug/asc-mcp --test
+
+# Clean build
+swift package clean
+```
+
+## Environment Configuration
+
+Uses `companies.json` for multi-account configuration. Each company entry contains `keyID`, `issuerID`, and `privateKeyPath`.
+
+## Architecture
+
+### Core Components
+
+**WorkerManager** (`Workers/MainWorker/WorkerManager.swift`) — central registry, routes tool calls by prefix.
+
+**Workers** (17 workers, ~109 tools):
+
+| Worker | Prefix | Tools | Domain |
+|--------|--------|-------|--------|
+| CompaniesWorker | `company_` | 3 | Multi-account management |
+| AuthWorker | `auth_` | 4 | JWT tokens |
+| AppsWorker | `apps_` | 9 | App listing, metadata, localizations, create/delete localization |
+| BuildsWorker | `builds_` | 4 | Build management |
+| BuildBetaDetailsWorker | `builds_*_beta_` | 9 | TestFlight localizations, notifications, beta groups |
+| BuildProcessingWorker | `builds_*_processing_` | 5 | Build states, encryption |
+| AppLifecycleWorker | `app_versions_` | 12 | Versions, submit, release, phased rollout |
+| ReviewsWorker | `reviews_` | 8 | Customer reviews and responses |
+| BetaGroupsWorker | `beta_groups_` | 9 | TestFlight groups CRUD, testers, builds |
+| InAppPurchasesWorker | `iap_` | 12 | IAP, subscriptions, localizations CRUD, submit |
+| ProvisioningWorker | `provisioning_` | 17 | Bundle IDs, devices, certificates, profiles, capabilities |
+| BetaTestersWorker | `beta_testers_` | 6 | Tester management, search, invite |
+| AppInfoWorker | `app_info_` | 6 | App info, categories, localizations |
+| PricingWorker | `pricing_` | 6 | Territories, availability, price points/schedule |
+| UsersWorker | `users_` | 6 | Team members, roles, invitations |
+| AppEventsWorker | `app_events_` | 6 | In-app events CRUD, localizations |
+| AnalyticsWorker | `analytics_` | 4 | Sales/financial reports, analytics requests |
+
+**Services**: HTTPClient (actor, GET/POST/PATCH/PUT/DELETE + retry with 429), JWTService (ES256)
+
+### Key Implementation Details
+
+1. **Swift 6 Compliance**: All types `Sendable`, proper actor isolation
+2. **JWT Auth**: CryptoKit ES256, tokens expire after 20 min
+3. **Worker Pattern**: 3 files per worker (Main + ToolDefinitions + Handlers)
+4. **Routing**: WorkerManager routes by tool name prefix
+5. **Error Handling**: Custom `ASCError` type
+
+## API Constraints
+
+- **No emojis** in metadata fields (What's New, Description, etc.)
+- **Version states**: 
+  - `READY_FOR_SALE`: Published, read-only
+  - `PREPARE_FOR_SUBMISSION`: Editable
+  - `WAITING_FOR_REVIEW`, `IN_REVIEW`: Read-only
+- **Locale codes**: Use standard format (en-US, ru-RU, de-DE, etc.)
+
+## Testing
+
+Test mode (`--test` flag) performs:
+1. Lists app versions to find editable one
+2. If found, updates What's New field
+3. Verifies the update succeeded
+
+## Common Tasks
+
+### Adding New Tool
+
+1. Implement method in appropriate Worker (e.g., `AppsWorker+Handlers.swift`)
+2. Add tool definition method in Worker's tool definitions file (e.g., `AppsWorker+ToolDefinitions.swift`)
+3. Register the tool in Worker's `getTools()` method
+4. Add case to Worker's `handleTool()` switch
+5. No changes needed in WorkerManager - it automatically routes by prefix
+
+### Debugging API Issues
+
+- Check version state (must be PREPARE_FOR_SUBMISSION for edits)
+- Verify locale exists for the version
+- Remove any emojis from text fields
+- Check JWT token expiration (20 minutes)
+
+## Important Files
+
+- `main.swift`: Entry point with test mode
+- `Workers/MainWorker/WorkerManager.swift`: Tool registry and routing
+- `Models/`: API response/request models (AppStoreConnect, Builds, InAppPurchases, Provisioning)
+- `Services/HTTPClient.swift`: HTTP actor with JWT auth and retry logic
+
+## Development Workflow Rules
+
+### Testing Approach
+- **ALWAYS test as real MCP**: When testing functionality, use actual MCP commands as if you're a real user working with the server
+- Test edge cases and error scenarios
+- Verify responses contain all necessary data for practical use
+
+### Development Process
+1. **After making changes and building the project:**
+   - Always respond: "✅ Готово к перезагрузке MCP"
+   - Wait for user confirmation: "я перезагрузил" or similar
+   - Then proceed with testing via MCP commands
+   - Fix any issues found during testing
+
+2. **After implementing features:**
+   - Explain what each method returns
+   - Describe practical use cases for the returned data
+   - Example: "Метод `builds_list` возвращает список билдов с их статусами и датами. Это нужно для выбора билда для TestFlight или отправки в App Store"
+
+### Code Documentation Requirements
+- **MANDATORY**: Comment all public methods with:
+  ```swift
+  /// Brief description of what the method does
+  /// - Returns: Description of return value and its structure
+  /// - Throws: What errors can be thrown
+  ```
+- Document complex logic inline
+- Add usage examples for non-obvious methods