feat(review-submissions): add command to list review submissions

- Implement `asc review-submissions list` with filters for app ID, states, and limit
- Add `listSubmissions(appId:states:limit:)` to `SubmissionRepository` and backend
- Include comprehensive tests for state parsing and output formatting

feat(certificates): enhance list command with filtering options

- Add `--limit`, `--expired-only`, and `--before` flags to `asc certificates list`
- Update `CertificateRepository.listCertificates` to support limit parameter
- Apply client-side filtering for expired and expiration cutoff date
- Add tests covering new filtering behaviors and limit forwarding

Author: hanrw

CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+- **`asc review-submissions list`** — list App Store review submissions for an app. Required `--app-id`; optional `--state <CSV>` (e.g. `WAITING_FOR_REVIEW,IN_REVIEW,READY_FOR_REVIEW` or `UNRESOLVED_ISSUES`) and `--limit`. Backed by `SubmissionRepository.listSubmissions(appId:states:limit:)`
+- **`asc certificates list` filtering flags** — `--limit` (server-side), `--expired-only` (client-side, drops unexpired certs), `--before <ISO8601>` (client-side, keeps certs with expirationDate strictly before the cutoff)
+
+### Changed
+- **`CertificateRepository.listCertificates`** signature now takes `(certificateType:limit:)` — forwards `limit` to the SDK
+
 ---
 
 ## [0.1.68] - 2026-04-14

README.md

@@ -164,6 +164,8 @@ asc beta-review submissions create --build-id <id>
 asc beta-review submissions get --submission-id <id>
 asc beta-review detail get --app-id <id>
 asc beta-review detail update --detail-id <id> [--contact-first-name <name>] [--notes <text>]
+
+asc review-submissions list --app-id <id> [--state WAITING_FOR_REVIEW,IN_REVIEW,READY_FOR_REVIEW] [--limit 200]
 ```
 
 ### Xcode Cloud
@@ -364,7 +366,7 @@ asc bundle-ids list [--platform ios|macos|universal] [--identifier com.example.a
 asc bundle-ids create --name "My App" --identifier com.example.app --platform ios
 asc bundle-ids delete --bundle-id-id <id>
 
-asc certificates list [--type IOS_DISTRIBUTION]
+asc certificates list [--type IOS_DISTRIBUTION] [--limit 200] [--expired-only] [--before 2026-11-01T00:00:00Z]
 asc certificates create --type IOS_DISTRIBUTION --csr-content "$(cat MyApp.certSigningRequest)"
 asc certificates revoke --certificate-id <id>
 
@@ -524,6 +526,7 @@ Detailed documentation for each feature:
 - [App Info](docs/features/app-infos.md) — name, subtitle, privacy policy, categories, age rating
 - [TestFlight](docs/features/testflight.md) — beta groups, tester management, CSV import/export
 - [Beta Review](docs/features/beta-review.md) — submit builds for beta app review, manage review contact details
+- [Review Submissions](docs/features/review-submissions.md) — list App Store review submissions filtered by state
 - [Xcode Cloud](docs/features/xcode-cloud.md) — products, workflows, build runs, start builds
 - [Builds Archive](docs/features/builds-archive.md) — archive Xcode projects, export IPA/PKG, optional upload chaining
 - [Builds Upload](docs/features/builds-upload.md) — upload IPA/PKG, TestFlight distribution, beta notes

Sources/ASCCommand/ASC.swift

@@ -64,6 +64,7 @@ struct ASC: AsyncParsableCommand {
             DiagnosticsCommand.self,
             DiagnosticLogsCommand.self,
             BetaReviewCommand.self,
+            ReviewSubmissionsCommand.self,
             AppAvailabilityCommand.self,
             IAPAvailabilityCommand.self,
             SubscriptionAvailabilityCommand.self,

Sources/ASCCommand/Commands/Certificates/CertificatesList.swift

@@ -1,5 +1,6 @@
 import ArgumentParser
 import Domain
+import Foundation
 
 struct CertificatesList: AsyncParsableCommand {
     static let configuration = CommandConfiguration(
@@ -12,14 +13,37 @@ struct CertificatesList: AsyncParsableCommand {
     @Option(name: .long, help: "Filter by certificate type (e.g. IOS_DISTRIBUTION, MAC_APP_STORE)")
     var type: String?
 
+    @Option(name: .long, help: "Maximum number of certificates to return (server-side)")
+    var limit: Int?
+
+    @Flag(name: .long, help: "Only return certificates whose expirationDate has passed")
+    var expiredOnly: Bool = false
+
+    @Option(name: .long, help: "Only return certificates with expirationDate strictly before this ISO8601 date")
+    var before: String?
+
     func run() async throws {
         let repo = try ClientProvider.makeCertificateRepository()
         print(try await execute(repo: repo))
     }
 
     func execute(repo: any CertificateRepository, affordanceMode: AffordanceMode = .cli) async throws -> String {
         let certType = type.flatMap { CertificateType(rawValue: $0.uppercased()) }
-        let items = try await repo.listCertificates(certificateType: certType)
+        var items = try await repo.listCertificates(certificateType: certType, limit: limit)
+
+        if expiredOnly {
+            items = items.filter(\.isExpired)
+        }
+        if let before {
+            guard let cutoff = ISO8601DateFormatter().date(from: before) else {
+                throw ValidationError("--before must be an ISO8601 date (e.g. 2025-11-14T22:13:20Z)")
+            }
+            items = items.filter { cert in
+                guard let exp = cert.expirationDate else { return false }
+                return exp < cutoff
+            }
+        }
+
         let formatter = OutputFormatter(format: globals.outputFormat, pretty: globals.pretty)
         return try formatter.formatAgentItems(items, affordanceMode: affordanceMode)
     }

Sources/ASCCommand/Commands/ReviewSubmissions/ReviewSubmissionsCommand.swift

@@ -0,0 +1,9 @@
+import ArgumentParser
+
+struct ReviewSubmissionsCommand: AsyncParsableCommand {
+    static let configuration = CommandConfiguration(
+        commandName: "review-submissions",
+        abstract: "List App Store review submissions",
+        subcommands: [ReviewSubmissionsList.self]
+    )
+}

Sources/ASCCommand/Commands/ReviewSubmissions/ReviewSubmissionsList.swift

@@ -0,0 +1,41 @@
+import ArgumentParser
+import Domain
+import Foundation
+
+struct ReviewSubmissionsList: AsyncParsableCommand {
+    static let configuration = CommandConfiguration(
+        commandName: "list",
+        abstract: "List App Store review submissions for an app"
+    )
+
+    @OptionGroup var globals: GlobalOptions
+
+    @Option(name: .long, help: "App ID to filter submissions")
+    var appId: String
+
+    @Option(name: .long, help: "Comma-separated states (e.g. WAITING_FOR_REVIEW,IN_REVIEW,READY_FOR_REVIEW)")
+    var state: String?
+
+    @Option(name: .long, help: "Maximum number of submissions to return")
+    var limit: Int?
+
+    func run() async throws {
+        let repo = try ClientProvider.makeSubmissionRepository()
+        print(try await execute(repo: repo))
+    }
+
+    func execute(repo: any SubmissionRepository) async throws -> String {
+        let parsedStates = state.map { csv in
+            csv.split(separator: ",").compactMap {
+                ReviewSubmissionState(rawValue: String($0).trimmingCharacters(in: .whitespaces).uppercased())
+            }
+        }
+        let items = try await repo.listSubmissions(appId: appId, states: parsedStates, limit: limit)
+        let formatter = OutputFormatter(format: globals.outputFormat, pretty: globals.pretty)
+        return try formatter.formatAgentItems(
+            items,
+            headers: ["ID", "App ID", "Platform", "State"],
+            rowMapper: { [$0.id, $0.appId, $0.platform.rawValue, $0.state.rawValue] }
+        )
+    }
+}

Sources/ASCCommand/Commands/Web/Controllers/CodeSigningController.swift

@@ -12,7 +12,7 @@ struct CodeSigningController: Sendable {
 
     func addRoutes(to group: RouterGroup<BasicWebSocketRequestContext>) {
         group.get("/certificates") { _, _ -> Response in
-            let certs = try await self.certRepo.listCertificates(certificateType: nil)
+            let certs = try await self.certRepo.listCertificates(certificateType: nil, limit: nil)
             return try restFormat(certs)
         }
 

Sources/Domain/CodeSigning/Certificates/CertificateRepository.swift

@@ -2,7 +2,7 @@ import Mockable
 
 @Mockable
 public protocol CertificateRepository: Sendable {
-    func listCertificates(certificateType: CertificateType?) async throws -> [Certificate]
+    func listCertificates(certificateType: CertificateType?, limit: Int?) async throws -> [Certificate]
     func createCertificate(certificateType: CertificateType, csrContent: String) async throws -> Certificate
     func revokeCertificate(id: String) async throws
 }

Sources/Domain/Submissions/SubmissionRepository.swift

@@ -3,4 +3,5 @@ import Mockable
 @Mockable
 public protocol SubmissionRepository: Sendable {
     func submitVersion(versionId: String) async throws -> ReviewSubmission
+    func listSubmissions(appId: String, states: [ReviewSubmissionState]?, limit: Int?) async throws -> [ReviewSubmission]
 }

Sources/Infrastructure/CodeSigning/SDKCertificateRepository.swift

@@ -8,12 +8,13 @@ public struct SDKCertificateRepository: CertificateRepository, @unchecked Sendab
         self.client = client
     }
 
-    public func listCertificates(certificateType: Domain.CertificateType?) async throws -> [Domain.Certificate] {
+    public func listCertificates(certificateType: Domain.CertificateType?, limit: Int?) async throws -> [Domain.Certificate] {
         let filterType = certificateType.flatMap {
             APIEndpoint.V1.Certificates.GetParameters.FilterCertificateType(rawValue: $0.rawValue)
         }
         let request = APIEndpoint.v1.certificates.get(parameters: .init(
-            filterCertificateType: filterType.map { [$0] }
+            filterCertificateType: filterType.map { [$0] },
+            limit: limit
         ))
         let response = try await client.request(request)
         return response.data.map(mapCertificate)