Skip to main content

Review & approval

When you submit an IrisX App version, it goes through review before it becomes available in the Trackunit Marketplace. This page explains what happens after you submit, what is checked automatically, and what a reviewer looks at.

What happens when you submit

  1. You submit a new version of your app package. Automated validation runs immediately — if the manifest does not meet the validation rules, the submit is rejected with an error for you to fix.
  2. Private apps are auto-approved — no human review is required, and the app becomes available as a Private App.
  3. Marketplace IrisX Apps go to review. You request a review, a Trackunit reviewer inspects the submitted version, and then either approves it or shares feedback about what needs to change.
  4. Once approved, the app becomes available in the Trackunit Marketplace. If you receive feedback, address it and re-submit a new version.

Response time

Review requests are normally handled within one business day of the request being submitted.

Validation rules

These rules are enforced automatically when you publish. A version that fails any of these checks cannot be published.

Installation config

FieldRequirement
pricingPlanPolicy or pricingPlansAt least one must be present
accountIds or allowOrganizationIdsExactly one must be present (not both)
accountIdsMust be an array of account IDs or "ALL_ACCOUNTS"

For guidance on choosing installation policies and targeting accounts, see Controlling marketplace behavior.

Marketplace metadata

FieldRequirement
marketplaceRequired (object)
marketplace.nameRequired
marketplace.descriptionRequired
marketplace.fullDescriptionPathRequired, and the referenced file must exist in the assets/ directory of the package

Scopes

Scopes must be provided and each scope must be a recognized value from the Trackunit API scopes list.

Custom field definitions

If customFieldDefinitions are present, they are validated against the Custom Fields API on publish. Errors reject the publish; warnings are returned to you.

What reviewers check

Beyond the automated validation above, a reviewer verifies the following when reviewing a Marketplace IrisX App version:

  • Extensions: extension types, IDs, and menu item labels are appropriate.
  • Dependencies: no unexpected or suspicious packages in dependencies and devDependencies.
  • CSP / valid domains: listed domains are legitimate and expected for the app.
  • Scopes: requested API scopes are justified by the app's functionality.
  • Custom field definitions: field keys, entity types, and editability settings are appropriate.
  • Installation targets: accountIds / allowOrganizationIds and pricing plan configuration look reasonable. There is currently no way to verify these against a pre-agreed specification, so it helps to include the expected installation targets in your review request.
  • Diff against the approved version: when re-approving an updated version, particular attention is paid to what changed since the last approved version.

Not covered by review (for now)

  • Runtime behavior — review is based on manifest metadata, not running the app.
  • App performance or reliability.
  • Security posture of external domains listed in CSP / valid domains.
  • Client-side code quality.