cap-go/capgo-native-builds
skills/capgo-native-builds/SKILL.md
Use for Capgo Cloud Build native iOS and Android workflows, including CLI login, API-key handling, iOS build onboarding, signing credential storage, build requests, store upload settings, output download links, and troubleshooting. Do not use for OTA bundle uploads or generic Capacitor setup unless a native Capgo build is requested.
$ install --global
skillsauthnpx skillsauth add cap-go/capgo-skills capgo-native-buildsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 6, 2026, 4:10 AM291.9s2 files scanned
SKILL.md
- name:
- capgo-native-builds
- description:
- Use for Capgo Cloud Build native iOS and Android workflows, including CLI login, API-key handling, iOS build onboarding, signing credential storage, build requests, store upload settings, output download links, and troubleshooting. Do not use for OTA bundle uploads or generic Capacitor setup unless a native Capgo build is requested.
Capgo Native Builds
Use this skill when the user wants Capgo to build native iOS or Android binaries in the cloud.
When to Use This Skill
- The user asks for a Capgo Cloud Build, native build, signed IPA/APK/AAB, TestFlight/App Store build, Play Store build, or temporary build download link.
- The user needs Capgo CLI login, build API-key setup, or help choosing between
login,CAPGO_TOKEN, and-a, --apikey. - The user needs iOS build onboarding, Apple signing setup, Android keystore setup, Play service account setup, or credential rotation.
- The user asks about
build init,build request,build credentials save,build credentials update,build credentials list,build credentials clear, orbuild credentials migrate.
Do not use this skill for JavaScript-only OTA update uploads, generic CI/CD setup, or local native builds that do not involve Capgo Cloud Build.
Operating Rules
- Use
npx @capgo/cli@latestin user-facing commands. - Treat API keys, P12 passwords, keystore passwords, App Store Connect keys, and Play service account JSON as secrets. Use placeholders in examples and do not echo secret values back to the user.
- Prefer Capgo CLI build flows before inventing custom CI scripts.
- Confirm the platform, app ID, project path, desired output destination, and whether the user wants store upload or a temporary download link.
- Credentials are stored locally by the CLI and are only sent to Capgo for the build job. They are not stored permanently on Capgo servers and are deleted after the build process. See the Capgo CLI credentials documentation.
First Checks
Before requesting a build, verify:
- The project is a Capacitor app and has the native folder for the target platform (
ios/orandroid/). - The Capgo app exists. If needed, add it first:
npx @capgo/cli@latest app add com.example.app
- The user has a Capgo API key with permission to trigger native builds for the app.
- Signing credentials exist or the workflow will create/save them before
build request. - The output destination is clear:
- Store upload: provide App Store Connect credentials for iOS or Play config for Android.
- Download link only: use
--output-upload, optionally with--output-retention <duration>.
Authentication and Login
Use login when the machine should remember the Capgo API key:
npx @capgo/cli@latest login
npx @capgo/cli@latest login YOUR_API_KEY
npx @capgo/cli@latest login --local YOUR_API_KEY
Authentication precedence for build commands:
-a, --apikey <apikey>on the command.CAPGO_TOKENenvironment variable.- Local key saved by
login --localin.capgo. - Global key saved by
loginin~/.capgo.
Use CAPGO_TOKEN for CI secrets. Use -a, --apikey when creating a single copy-pasteable command for onboarding or support. Use login --local only when the key should stay scoped to this repository; verify .capgo is ignored by git.
Recommended Build Flows
iOS Fast Path: build init
For a first iOS cloud build, prefer the interactive onboarding command:
npx @capgo/cli@latest build init
If no key is saved, pass one explicitly:
npx @capgo/cli@latest build init -a YOUR_API_KEY
build init also has the alias build onboarding. It is best when the user wants the CLI to create and save iOS signing material with the fewest manual steps.
What it handles:
- Verifies the App Store Connect API key.
- Creates or reuses Apple signing assets where possible.
- Registers or reuses the bundle ID.
- Creates App Store provisioning profiles.
- Saves build credentials into the same local store used by
build request. - Can request the first cloud build at the end.
- Persists onboarding progress under
~/.capgo-credentials/onboarding/so the user can resume. - Saves recovery/support material under
~/.capgo-credentials/support/after unexpected failures.
Use manual credential commands instead when the user already has certificates, profiles, or CI secrets prepared.
Manual iOS Credential Save
Use this when the user already has Apple signing files:
npx @capgo/cli@latest build credentials save --appId com.example.app --platform ios \
--certificate ./cert.p12 --p12-password "P12_PASSWORD" \
--ios-provisioning-profile ./profile.mobileprovision \
--apple-key ./AuthKey_KEYID.p8 --apple-key-id "KEY_ID" \
--apple-issuer-id "ISSUER_UUID" --apple-team-id "TEAM_ID"
For apps with extensions or multiple targets, repeat --ios-provisioning-profile and map each bundle ID:
npx @capgo/cli@latest build credentials save --appId com.example.app --platform ios \
--ios-provisioning-profile com.example.app=./App.mobileprovision \
--ios-provisioning-profile com.example.app.widget=./Widget.mobileprovision
For ad-hoc iOS builds, set the distribution mode and collect the IPA with --output-upload:
npx @capgo/cli@latest build credentials save --appId com.example.app --platform ios \
--ios-distribution ad_hoc \
--certificate ./cert.p12 \
--ios-provisioning-profile ./adhoc.mobileprovision \
--output-upload
Manual Android Credential Save
Use this when the user already has Android signing files:
npx @capgo/cli@latest build credentials save --appId com.example.app --platform android \
--keystore ./release.jks --keystore-alias "release-key" \
--keystore-key-password "KEY_PASSWORD" \
--keystore-store-password "STORE_PASSWORD" \
--play-config ./service-account.json
If the user only needs an APK/AAB download link and not Play upload, save --output-upload and omit or override Play upload:
npx @capgo/cli@latest build credentials save --appId com.example.app --platform android \
--keystore ./release.jks --keystore-alias "release-key" \
--keystore-key-password "KEY_PASSWORD" \
--keystore-store-password "STORE_PASSWORD" \
--output-upload
Use --android-flavor <flavor> when the Android project has multiple product flavors.
Request a Build
Use build request [appId] after login and credentials are ready:
npx @capgo/cli@latest build request com.example.app --platform ios --path .
npx @capgo/cli@latest build request com.example.app --platform android --path .
Useful request options:
--platform ios|android: required.--path <path>: project directory, default is the current directory.--build-mode debug|release: defaults to release.--ios-scheme <scheme>and--ios-target <target>for custom Xcode projects.--ios-distribution app_store|ad_hoc.--android-flavor <flavor>for Android product flavors.--output-uploadto create temporary IPA/APK/AAB download links.--output-retention <duration>from1hto7d.--no-playstore-uploadto skip Play upload for an Android build. This requires--output-upload.--skip-build-number-bumpwhen the project owns native build numbers itself.--verbosefor support/debugging.
Example: collect an iOS ad-hoc IPA link:
npx @capgo/cli@latest build request com.example.app \
--platform ios \
--ios-distribution ad_hoc \
--output-upload \
--output-retention 2d
Example: Android flavor with a download link instead of Play upload:
npx @capgo/cli@latest build request com.example.app \
--platform android \
--android-flavor production \
--output-upload \
--no-playstore-upload
Credential Management
Build credentials are stored globally in ~/.capgo-credentials/credentials.json by default. Add --local to use .capgo-credentials.json in the project root. Never commit either credentials file.
List masked saved credentials:
npx @capgo/cli@latest build credentials list
npx @capgo/cli@latest build credentials list --appId com.example.app
npx @capgo/cli@latest build credentials list --local
Update only changed fields:
npx @capgo/cli@latest build credentials update --appId com.example.app --platform ios \
--ios-provisioning-profile ./new-profile.mobileprovision
npx @capgo/cli@latest build credentials update --appId com.example.app --platform android \
--keystore ./new-release.jks
For iOS provisioning profile updates:
- By default, new
--ios-provisioning-profileentries are merged into the existing map. - Use
--overwrite-ios-provisioning-maponly when replacing the whole mapping intentionally.
Migrate legacy iOS provisioning credentials:
npx @capgo/cli@latest build credentials migrate --appId com.example.app --platform ios
Clear credentials only when the user wants removal:
npx @capgo/cli@latest build credentials clear --appId com.example.app --platform ios
npx @capgo/cli@latest build credentials clear --local
CI Guidance
For CI, prefer secrets in environment variables instead of local credential files:
CAPGO_TOKEN=YOUR_CAPGO_TOKEN \
BUILD_CERTIFICATE_BASE64=BASE64_P12 \
P12_PASSWORD=P12_PASSWORD \
APPLE_KEY_ID=KEY_ID \
APPLE_ISSUER_ID=ISSUER_UUID \
APPLE_KEY_CONTENT=BASE64_P8 \
APP_STORE_CONNECT_TEAM_ID=TEAM_ID \
CAPGO_IOS_PROVISIONING_MAP=PROVISIONING_MAP_JSON \
npx @capgo/cli@latest build request com.example.app --platform ios
Android CI commonly uses:
CAPGO_TOKENANDROID_KEYSTORE_FILEKEYSTORE_KEY_ALIASKEYSTORE_KEY_PASSWORDKEYSTORE_STORE_PASSWORDPLAY_CONFIG_JSONor--output-upload
Use repository or CI secret storage. Do not commit signing files or generated credential JSON.
Troubleshooting
No Capgo API key found: runnpx @capgo/cli@latest login, setCAPGO_TOKEN, or pass-a YOUR_API_KEY.Insufficient permissions: verify the API key can access the app and includes native build permission.- Missing output destination: add store upload credentials or enable
--output-upload. - No download link: request or save credentials with
--output-uploadand set--output-retentionif the default TTL is too short. - iOS signing failure: verify certificate password, Apple Team ID, distribution mode, and every bundle ID to provisioning profile mapping.
- Legacy iOS provisioning profile error: run
npx @capgo/cli@latest build credentials migrate --appId com.example.app --platform ios. - Android signing failure: verify keystore path, alias, key password, store password, and product flavor.
- Play upload should be skipped: use
--output-upload --no-playstore-upload. - Monorepo path mismatch: pass the app-specific
--pathvalue and run from the app root when possible. - Need support evidence: rerun the failing command with
--verbose.
Supporting Docs
- Build command reference:
https://capgo.app/docs/cli/reference/build/ - Login command reference:
https://capgo.app/docs/cli/reference/login/ - Cloud Build getting started:
https://capgo.app/docs/cli/cloud-build/getting-started/ - iOS build setup:
https://capgo.app/docs/cli/cloud-build/ios/ - Android build setup:
https://capgo.app/docs/cli/cloud-build/android/ - Credential management:
https://capgo.app/docs/cli/cloud-build/credentials/
Related Skills
cap-go/webapp-to-capacitor
development
VerifiedTrustedCommunity
Guide for migrating an existing web app, PWA, or SPA into a store-ready Capacitor iOS and Android app. Use this skill when users want to wrap or convert a web app into a mobile app, avoid thin WebView app store rejection, add native-feeling UX, handle permissions, offline behavior, account deletion, billing, testing, and Capgo live updates.
32SKILL.mdUpdated May 6, 2026
cap-go/tailwind-capacitor
development
VerifiedTrustedCommunity
Guide to using Tailwind CSS in Capacitor mobile apps. Covers mobile-first design, touch targets, safe areas, dark mode, and performance optimization. Use this skill when users want to style Capacitor apps with Tailwind.
32SKILL.mdUpdated May 6, 2026
cap-go/subscription-app-revenue
development
VerifiedTrustedCommunity
Revenue playbook for getting a mobile or web subscription app from zero to early MRR. Use when users ask how to make revenue, reach $1K MRR, monetize an app, get first users, improve ASO, plan TikTok/Reels/Shorts or Reddit acquisition, design a paywall, choose freemium vs trial, price subscriptions, reduce churn, or build a simple growth loop for an app.
32SKILL.mdUpdated May 6, 2026
cap-go/sqlite-to-fast-sql
tools
VerifiedTrustedCommunity
Guides the agent through migrating SQLite and SQL-style Capacitor plugins to @capgo/capacitor-fast-sql. Use when replacing bridge-based SQL plugins, adding encryption, preserving transactions, or moving key-value storage onto Fast SQL. Do not use for non-SQL storage, generic app upgrades, or plugins that already wrap Fast SQL.
32SKILL.mdUpdated May 6, 2026