Remote MCP server for App Store Connect, built for Cloudflare Workers.
This repository is intentionally not a 1:1 port of the Go CLI. Cloudflare’s MCP guidance favors focused tools over a giant API wrapper, so this server exposes release-oriented tools plus one raw API escape hatch.
Related references:
- Cloudflare MCP overview: https://developers.cloudflare.com/agents/model-context-protocol/
- Cloudflare tools guidance: https://developers.cloudflare.com/agents/model-context-protocol/tools/
- App Store Connect API mirror: https://sosumi.ai/documentation/appstoreconnectapi/
- Design note: docs/design.md
validate_credentialsfind_appslist_buildslist_testflight_groupslist_app_store_versionslist_review_submissionsget_release_statusapp_store_connect_request
Set these secrets before local or remote use:
ASC_KEY_IDASC_ISSUER_ID- one of:
ASC_PRIVATE_KEYASC_PRIVATE_KEY_B64
Optional:
ASC_API_BASE_URLASC_TOKEN_AUDIENCE
For local development, using base64 is easier than pasting a multiline PEM into .dev.vars.
Example:
base64 -i /path/to/AuthKey_ABC123.p8 | tr -d '\n'Then put the value into .dev.vars as ASC_PRIVATE_KEY_B64.
npm install
npm run cf-typegen
npm run devThe MCP endpoint is:
http://127.0.0.1:8787/mcp
The root URL returns a small JSON status document:
http://127.0.0.1:8787/
wrangler secret put ASC_KEY_ID
wrangler secret put ASC_ISSUER_ID
wrangler secret put ASC_PRIVATE_KEY
npm run deployIf you prefer base64 secrets:
wrangler secret put ASC_PRIVATE_KEY_B64Example with mcp-remote:
{
"mcpServers": {
"asc-cloudflare": {
"command": "npx",
"args": ["mcp-remote", "https://your-worker.your-subdomain.workers.dev/mcp"]
}
}
}npm run format
npm run lint
npm run cf-typegen
npm run type-check
npm run check- This server is Cloudflare-native and calls App Store Connect directly.
- It does not run the Go CLI binary inside Workers.
- It covers the common discovery and release-status paths first.
app_store_connect_requestexists for unsupported endpoints, but the focused tools should be preferred.