From 019b857af29eb43ea1e6b2095ea59faac027195a Mon Sep 17 00:00:00 2001
From: Quang Tran <16215255+trmquang93@users.noreply.github.com>
Date: Wed, 8 Apr 2026 17:25:39 +0700
Subject: [PATCH 1/2] Rewrite export compliance to use correct ASC API flow

- Surface compliance status in BuildSelector for all builds, not just
  when compliance is missing (always show Edit/Manage button)
- Enrich attached build with complianceState from builds list
- Remove deprecated usesNonExemptEncryption from declaration API calls
- Rewrite PATCH handler to use correct ASC API approach:
  - "No encryption": PATCH build with usesNonExemptEncryption=false
  - "Yes + algorithm": POST new declaration, then PATCH build to link it
- Include usesNonExemptEncryption in build fields and derive compliance
  state as VALID when explicitly set to false
---
 server/routes/apps.js                   | 269 +++++++++++++++++++++---
 src/components/BuildComplianceModal.jsx |  15 +-
 src/components/BuildSelector.jsx        |  40 ++--
 src/components/VersionDetailPage.jsx    |   5 +-
 4 files changed, 275 insertions(+), 54 deletions(-)

diff --git a/server/routes/apps.js b/server/routes/apps.js
index 98a7010..755d781 100644
--- a/server/routes/apps.js
+++ b/server/routes/apps.js
@@ -467,8 +467,8 @@ router.get("/:appId/builds", async (req, res) => {
   const account = accounts.find((a) => a.id === accountId) || accounts[0];
 
   try {
-    const fields = "fields[builds]=version,processingState,uploadedDate,iconAssetToken,minOsVersion,buildAudienceType";
-    const encryptionInclude = "include=appEncryptionDeclaration&fields[appEncryptionDeclarations]=usesNonExemptEncryption,appEncryptionDeclarationState";
+    const fields = "fields[builds]=version,processingState,uploadedDate,iconAssetToken,minOsVersion,buildAudienceType,usesNonExemptEncryption";
+    const encryptionInclude = "include=appEncryptionDeclaration&fields[appEncryptionDeclarations]=appEncryptionDeclarationState";
     let url;
     if (versionString) {
       url = `/v1/builds?filter[app]=${appId}&filter[preReleaseVersion.version]=${encodeURIComponent(versionString)}&${fields}&${encryptionInclude}&limit=25`;
@@ -497,6 +497,11 @@ router.get("/:appId/builds", async (req, res) => {
       }
       const declId = b.relationships?.appEncryptionDeclaration?.data?.id || null;
       const declAttrs = declId ? includedDeclarations.get(declId) : null;
+      // Derive compliance: if usesNonExemptEncryption is explicitly false, compliance is resolved
+      let complianceState = declAttrs?.appEncryptionDeclarationState ?? null;
+      if (!complianceState && attrs.usesNonExemptEncryption === false) {
+        complianceState = "VALID";
+      }
       return {
         id: b.id,
         version: attrs.version,
@@ -506,8 +511,8 @@ router.get("/:appId/builds", async (req, res) => {
         buildAudienceType: attrs.buildAudienceType,
         iconUrl,
         encryptionDeclarationId: declId,
-        usesNonExemptEncryption: declAttrs?.usesNonExemptEncryption ?? null,
-        complianceState: declAttrs?.appEncryptionDeclarationState ?? null,
+        usesNonExemptEncryption: attrs.usesNonExemptEncryption ?? null,
+        complianceState,
       };
     }).sort((a, b) => new Date(b.uploadedDate) - new Date(a.uploadedDate));
 
@@ -533,7 +538,7 @@ router.get("/:appId/versions/:versionId/build", async (req, res) => {
   try {
     const data = await ascFetch(
       account,
-      `/v1/appStoreVersions/${versionId}/build?fields[builds]=version,processingState,uploadedDate,minOsVersion`
+      `/v1/appStoreVersions/${versionId}/build?fields[builds]=version,processingState,uploadedDate,minOsVersion,usesNonExemptEncryption`
     );
 
     const build = data.data
@@ -543,6 +548,7 @@ router.get("/:appId/versions/:versionId/build", async (req, res) => {
           processingState: data.data.attributes.processingState,
           uploadedDate: data.data.attributes.uploadedDate,
           minOsVersion: data.data.attributes.minOsVersion,
+          usesNonExemptEncryption: data.data.attributes.usesNonExemptEncryption ?? null,
         }
       : null;
 
@@ -609,7 +615,7 @@ router.get("/:appId/builds/:buildId/encryptionDeclaration", async (req, res) =>
   try {
     const data = await ascFetch(
       account,
-      `/v1/builds/${buildId}/appEncryptionDeclaration?fields[appEncryptionDeclarations]=usesNonExemptEncryption,appEncryptionDeclarationState,containsProprietaryCryptography,containsThirdPartyCryptography,availableOnFrenchStore,codeValue,platform`
+      `/v1/builds/${buildId}/appEncryptionDeclaration?fields[appEncryptionDeclarations]=appEncryptionDeclarationState,containsProprietaryCryptography,containsThirdPartyCryptography,availableOnFrenchStore,codeValue,platform`
     );
 
     const decl = data.data
@@ -630,7 +636,7 @@ router.get("/:appId/builds/:buildId/encryptionDeclaration", async (req, res) =>
 
 router.patch("/:appId/builds/:buildId/encryptionDeclaration", async (req, res) => {
   const { appId, buildId } = req.params;
-  const { accountId, usesNonExemptEncryption, containsProprietaryCryptography, containsThirdPartyCryptography } = req.body;
+  const { accountId, containsProprietaryCryptography, containsThirdPartyCryptography } = req.body;
 
   if (!accountId) {
     return res.status(400).json({ error: "accountId is required" });
@@ -643,36 +649,61 @@ router.patch("/:appId/builds/:buildId/encryptionDeclaration", async (req, res) =
   }
 
   try {
-    // Fetch the existing declaration ID
-    const declData = await ascFetch(
-      account,
-      `/v1/builds/${buildId}/appEncryptionDeclaration?fields[appEncryptionDeclarations]=appEncryptionDeclarationState`
-    );
-
-    if (!declData.data) {
-      return res.status(404).json({ error: "No encryption declaration found for this build" });
-    }
-
-    const declarationId = declData.data.id;
-    const attributes = { usesNonExemptEncryption };
-    if (usesNonExemptEncryption) {
-      if (containsProprietaryCryptography !== undefined) attributes.containsProprietaryCryptography = containsProprietaryCryptography;
-      if (containsThirdPartyCryptography !== undefined) attributes.containsThirdPartyCryptography = containsThirdPartyCryptography;
-    }
+    const usesEncryption = containsProprietaryCryptography || containsThirdPartyCryptography;
 
-    await ascFetch(account, `/v1/appEncryptionDeclarations/${declarationId}`, {
-      method: "PATCH",
-      body: {
-        data: {
-          type: "appEncryptionDeclarations",
-          id: declarationId,
-          attributes,
+    if (!usesEncryption) {
+      // "No encryption" — set usesNonExemptEncryption=false on the build directly
+      await ascFetch(account, `/v1/builds/${buildId}`, {
+        method: "PATCH",
+        body: {
+          data: {
+            type: "builds",
+            id: buildId,
+            attributes: { usesNonExemptEncryption: false },
+          },
         },
-      },
-    });
+      });
+    } else {
+      // "Yes encryption" — create a declaration and link it to the build
+      const declAttrs = {
+        containsProprietaryCryptography,
+        containsThirdPartyCryptography,
+        availableOnFrenchStore: false,
+        appDescription: "N/A",
+      };
+      const created = await ascFetch(account, `/v1/appEncryptionDeclarations`, {
+        method: "POST",
+        body: {
+          data: {
+            type: "appEncryptionDeclarations",
+            attributes: declAttrs,
+            relationships: {
+              app: { data: { type: "apps", id: appId } },
+            },
+          },
+        },
+      });
+      // Link declaration to build via PATCH on the build
+      await ascFetch(account, `/v1/builds/${buildId}`, {
+        method: "PATCH",
+        body: {
+          data: {
+            type: "builds",
+            id: buildId,
+            attributes: { usesNonExemptEncryption: true },
+            relationships: {
+              appEncryptionDeclaration: {
+                data: { type: "appEncryptionDeclarations", id: created.data.id },
+              },
+            },
+          },
+        },
+      });
+    }
 
     apiCache.deleteByPrefix(`apps:build-encryption:${buildId}:`);
     apiCache.deleteByPrefix(`apps:builds:${appId}:`);
+    apiCache.deleteByPrefix(`apps:version-build:`);
 
     res.json({ success: true });
   } catch (err) {
@@ -959,6 +990,180 @@ router.get("/:appId/review-submissions", async (req, res) => {
   }
 });
 
+// ── Review Submission Detail ──────────────────────────────────────────────
+
+const ITEM_STATE_DISPLAY = {
+  READY_FOR_REVIEW: "Ready for Review",
+  ACCEPTED: "Accepted",
+  APPROVED: "Approved",
+  REJECTED: "Rejected",
+  REMOVED: "Removed",
+};
+
+function parseReviewSubmissionDetail(data) {
+  const includedMap = new Map();
+  if (data.included) {
+    for (const inc of data.included) {
+      includedMap.set(`${inc.type}:${inc.id}`, inc);
+    }
+  }
+
+  const submission = data.data;
+  const attrs = submission.attributes;
+
+  // Resolve version string
+  let versions = null;
+  const versionRef = submission.relationships?.appStoreVersionForReview?.data;
+  if (versionRef) {
+    const ver = includedMap.get(`${versionRef.type}:${versionRef.id}`);
+    if (ver) {
+      const platform = ver.attributes.platform === "IOS" ? "iOS" : ver.attributes.platform === "MAC_OS" ? "macOS" : ver.attributes.platform;
+      versions = `${platform} ${ver.attributes.versionString}`;
+    }
+  }
+
+  // Resolve actors
+  function resolveActor(relationshipName) {
+    const ref = submission.relationships?.[relationshipName]?.data;
+    if (!ref) return null;
+    const actor = includedMap.get(`${ref.type}:${ref.id}`);
+    if (!actor) return null;
+    return [actor.attributes.userFirstName, actor.attributes.userLastName].filter(Boolean).join(" ");
+  }
+
+  // Resolve items
+  const itemRefs = submission.relationships?.items?.data || [];
+  const items = itemRefs.map((ref) => {
+    const item = includedMap.get(`${ref.type}:${ref.id}`);
+    if (!item) return { id: ref.id, state: "UNKNOWN", displayState: "Unknown", type: "unknown" };
+
+    const itemState = item.attributes.state;
+    const itemType = ["appStoreVersion", "appCustomProductPage", "appStoreVersionExperiment", "appEvent"]
+      .find((rel) => item.relationships?.[rel]?.data) || "appStoreVersion";
+
+    let versionString = null;
+    let itemPlatform = null;
+    let appStoreState = null;
+    const itemVersionRef = item.relationships?.appStoreVersion?.data;
+    if (itemVersionRef) {
+      const ver = includedMap.get(`${itemVersionRef.type}:${itemVersionRef.id}`);
+      if (ver) {
+        versionString = ver.attributes.versionString;
+        itemPlatform = ver.attributes.platform === "IOS" ? "iOS" : ver.attributes.platform === "MAC_OS" ? "macOS" : ver.attributes.platform;
+        appStoreState = ver.attributes.appStoreState;
+      }
+    }
+
+    // If no version from items, fall back to the submission-level version
+    if (!versionString && versionRef) {
+      const ver = includedMap.get(`${versionRef.type}:${versionRef.id}`);
+      if (ver) {
+        versionString = ver.attributes.versionString;
+        itemPlatform = ver.attributes.platform === "IOS" ? "iOS" : ver.attributes.platform === "MAC_OS" ? "macOS" : ver.attributes.platform;
+        appStoreState = ver.attributes.appStoreState;
+      }
+    }
+
+    return {
+      id: item.id,
+      state: itemState,
+      displayState: ITEM_STATE_DISPLAY[itemState] || itemState,
+      type: itemType,
+      versionString,
+      platform: itemPlatform,
+      appStoreState,
+    };
+  });
+
+  // If no version resolved yet, try from items
+  if (!versions && items.length > 0) {
+    const versionStrings = new Set(items.filter((i) => i.versionString && i.platform).map((i) => `${i.platform} ${i.versionString}`));
+    if (versionStrings.size > 1) versions = "Multiple Versions";
+    else if (versionStrings.size === 1) versions = [...versionStrings][0];
+  }
+
+  const displayStatus = REVIEW_STATE_DISPLAY[attrs.state] || attrs.state;
+  const platform = attrs.platform === "IOS" ? "iOS" : attrs.platform === "MAC_OS" ? "macOS" : attrs.platform;
+
+  return {
+    id: submission.id,
+    state: attrs.state,
+    displayStatus,
+    platform,
+    submittedDate: attrs.submittedDate,
+    versions: versions || "Unknown",
+    submittedBy: resolveActor("submittedByActor"),
+    lastUpdatedBy: resolveActor("lastUpdatedByActor"),
+    items,
+  };
+}
+
+router.get("/:appId/review-submissions/:submissionId", async (req, res) => {
+  const { appId, submissionId } = req.params;
+  const { accountId } = req.query;
+
+  const cacheKey = `apps:review-submission-detail:${submissionId}:${accountId || "default"}`;
+  const cached = apiCache.get(cacheKey);
+  if (cached) return res.json(cached);
+
+  const accounts = getAccounts();
+  const account = accounts.find((a) => a.id === accountId) || accounts[0];
+
+  try {
+    const submissionUrl = `/v1/reviewSubmissions/${submissionId}`
+      + "?include=items,appStoreVersionForReview,submittedByActor,lastUpdatedByActor"
+      + "&fields[reviewSubmissions]=submittedDate,state,platform"
+      + "&fields[reviewSubmissionItems]=state,appStoreVersion"
+      + "&fields[appStoreVersions]=versionString,platform,appStoreState"
+      + "&fields[actors]=userFirstName,userLastName";
+
+    const itemsUrl = `/v1/reviewSubmissions/${submissionId}/items`
+      + "?include=appStoreVersion"
+      + "&fields[reviewSubmissionItems]=state,appStoreVersion"
+      + "&fields[appStoreVersions]=versionString,platform,appStoreState";
+
+    const [submissionData, itemsData] = await Promise.all([
+      ascFetch(account, submissionUrl),
+      ascFetch(account, itemsUrl),
+    ]);
+
+    // Replace item objects with richer ones from items endpoint (they carry appStoreVersion relationship)
+    if (!submissionData.included) submissionData.included = [];
+    if (itemsData.data) {
+      for (const item of itemsData.data) {
+        const idx = submissionData.included.findIndex((e) => e.type === item.type && e.id === item.id);
+        if (idx >= 0) submissionData.included[idx] = item;
+        else submissionData.included.push(item);
+      }
+    }
+    // Merge included version objects from items endpoint
+    if (itemsData.included) {
+      for (const inc of itemsData.included) {
+        const exists = submissionData.included.some((e) => e.type === inc.type && e.id === inc.id);
+        if (!exists) submissionData.included.push(inc);
+      }
+    }
+
+    // DEBUG: log raw API responses to understand structure
+    console.log("=== SUBMISSION DATA ===");
+    console.log("data.relationships:", JSON.stringify(submissionData.data?.relationships, null, 2));
+    console.log("included types:", submissionData.included?.map(i => `${i.type}:${i.id}`));
+    console.log("=== ITEMS DATA ===");
+    console.log("itemsData.data:", JSON.stringify(itemsData.data, null, 2));
+    console.log("itemsData.included:", JSON.stringify(itemsData.included, null, 2));
+    console.log("=== MERGED INCLUDED ===");
+    console.log("all included:", submissionData.included?.map(i => `${i.type}:${i.id} rels=${Object.keys(i.relationships || {}).join(",")}`));
+
+    const result = parseReviewSubmissionDetail(submissionData);
+
+    apiCache.set(cacheKey, result);
+    res.json(result);
+  } catch (err) {
+    console.error(`Failed to fetch review submission detail ${submissionId}:`, err.message);
+    res.status(502).json({ error: err.message });
+  }
+});
+
 router.post("/:appId/versions/:versionId/submit", async (req, res) => {
   const { appId, versionId } = req.params;
   const { accountId, platform } = req.body;
diff --git a/src/components/BuildComplianceModal.jsx b/src/components/BuildComplianceModal.jsx
index 4aa818f..2eb5407 100644
--- a/src/components/BuildComplianceModal.jsx
+++ b/src/components/BuildComplianceModal.jsx
@@ -61,12 +61,12 @@ export default function BuildComplianceModal({ build, appId, accountId, onClose,
     setSaving(true);
     setError(null);
     try {
-      const data = { accountId, usesNonExemptEncryption: usesEncryption };
-      if (usesEncryption && selectedAlgorithm) {
-        const algo = ALGORITHM_OPTIONS.find((a) => a.id === selectedAlgorithm);
-        data.containsProprietaryCryptography = algo.proprietary;
-        data.containsThirdPartyCryptography = algo.thirdParty;
-      }
+      const algo = ALGORITHM_OPTIONS.find((a) => a.id === selectedAlgorithm);
+      const data = {
+        accountId,
+        containsProprietaryCryptography: algo?.proprietary ?? false,
+        containsThirdPartyCryptography: algo?.thirdParty ?? false,
+      };
       await updateBuildEncryptionDeclaration(appId, build.id, data);
       onSuccess();
     } catch (err) {
@@ -84,7 +84,8 @@ export default function BuildComplianceModal({ build, appId, accountId, onClose,
     setError(null);
     updateBuildEncryptionDeclaration(appId, build.id, {
       accountId,
-      usesNonExemptEncryption: false,
+      containsProprietaryCryptography: false,
+      containsThirdPartyCryptography: false,
     })
       .then(() => onSuccess())
       .catch((err) => {
diff --git a/src/components/BuildSelector.jsx b/src/components/BuildSelector.jsx
index 70afd94..1963ad7 100644
--- a/src/components/BuildSelector.jsx
+++ b/src/components/BuildSelector.jsx
@@ -78,20 +78,32 @@ export default function BuildSelector({ builds, attachedBuild, loading, attachin
                   <span className="text-[11px] text-dark-dim">Min OS {attachedBuild.minOsVersion}</span>
                 )}
               </div>
-              {isMissingCompliance(attachedBuild) && (
-                <div className="flex items-center gap-1.5 mt-1">
-                  <svg width="12" height="12" viewBox="0 0 20 20" fill="#ff9500">
-                    <path d="M10 2L1 18h18L10 2zm0 3.5l6.5 11.5h-13L10 5.5zM9 9v4h2V9H9zm0 5v2h2v-2H9z" />
-                  </svg>
-                  <span className="text-[11px] text-[#ff9500] font-medium">Missing Compliance</span>
-                  <button
-                    onClick={(e) => { e.stopPropagation(); onManageCompliance?.(attachedBuild); }}
-                    className="text-[11px] font-semibold text-accent cursor-pointer bg-transparent border-none font-sans hover:underline ml-1"
-                  >
-                    Manage
-                  </button>
-                </div>
-              )}
+              <div className="flex items-center gap-1.5 mt-1">
+                {isMissingCompliance(attachedBuild) ? (
+                  <>
+                    <svg width="12" height="12" viewBox="0 0 20 20" fill="#ff9500">
+                      <path d="M10 2L1 18h18L10 2zm0 3.5l6.5 11.5h-13L10 5.5zM9 9v4h2V9H9zm0 5v2h2v-2H9z" />
+                    </svg>
+                    <span className="text-[11px] text-[#ff9500] font-medium">Missing Compliance</span>
+                  </>
+                ) : attachedBuild.complianceState === "VALID" ? (
+                  <>
+                    <span className="w-1.5 h-1.5 rounded-full bg-success" />
+                    <span className="text-[11px] text-success font-medium">Compliance Ready</span>
+                  </>
+                ) : (
+                  <>
+                    <span className="w-1.5 h-1.5 rounded-full bg-dark-ghost" />
+                    <span className="text-[11px] text-dark-dim font-medium">Export Compliance</span>
+                  </>
+                )}
+                <button
+                  onClick={(e) => { e.stopPropagation(); onManageCompliance?.(attachedBuild); }}
+                  className="text-[11px] font-semibold text-accent cursor-pointer bg-transparent border-none font-sans hover:underline ml-1"
+                >
+                  {isMissingCompliance(attachedBuild) ? "Manage" : "Edit"}
+                </button>
+              </div>
             </div>
             <button
               onClick={() => setShowModal(true)}
diff --git a/src/components/VersionDetailPage.jsx b/src/components/VersionDetailPage.jsx
index 4077807..4a24697 100644
--- a/src/components/VersionDetailPage.jsx
+++ b/src/components/VersionDetailPage.jsx
@@ -211,7 +211,10 @@ export default function VersionDetailPage({ app, version, accounts, isMobile })
           )}
           <BuildSelector
             builds={builds}
-            attachedBuild={attachedBuild === undefined ? null : attachedBuild}
+            attachedBuild={attachedBuild === undefined ? null : attachedBuild && {
+              ...attachedBuild,
+              complianceState: attachedBuild.complianceState ?? builds.find((b) => b.id === attachedBuild.id)?.complianceState ?? null,
+            }}
             loading={buildsLoading || attachedBuild === undefined}
             attaching={attaching}
             attachingBuildId={attachingBuildId}

From 9f786b2e1d03fface3996081e35ff687acacd510 Mon Sep 17 00:00:00 2001
From: Quang Tran <16215255+trmquang93@users.noreply.github.com>
Date: Wed, 8 Apr 2026 22:49:14 +0700
Subject: [PATCH 2/2] Add review submission detail page with navigation

- Add ReviewSubmissionDetail component showing submission state, dates, actors, and item states
- Wire up URL routing for /app/:id/review/:submissionId with deep linking and back navigation
- Make review submission rows clickable in AppReviewSection to navigate to detail view
- Add fetchReviewSubmissionDetail API client function
- Clean up backend endpoint to use single API call instead of parallel fetch with merge
- Export formatDate and ReviewStatus from AppReviewSection for reuse
---
 server/routes/apps.js                     |  39 +-----
 src/api/index.js                          |   7 +
 src/components/AppDetailPage.jsx          |   4 +-
 src/components/AppReviewSection.jsx       |  26 ++--
 src/components/AppStoreManager.jsx        |  50 +++++++
 src/components/ReviewSubmissionDetail.jsx | 163 ++++++++++++++++++++++
 6 files changed, 241 insertions(+), 48 deletions(-)
 create mode 100644 src/components/ReviewSubmissionDetail.jsx

diff --git a/server/routes/apps.js b/server/routes/apps.js
index 755d781..4ea1fd0 100644
--- a/server/routes/apps.js
+++ b/server/routes/apps.js
@@ -1112,47 +1112,12 @@ router.get("/:appId/review-submissions/:submissionId", async (req, res) => {
   try {
     const submissionUrl = `/v1/reviewSubmissions/${submissionId}`
       + "?include=items,appStoreVersionForReview,submittedByActor,lastUpdatedByActor"
-      + "&fields[reviewSubmissions]=submittedDate,state,platform"
+      + "&fields[reviewSubmissions]=submittedDate,state,platform,items,appStoreVersionForReview,submittedByActor,lastUpdatedByActor"
       + "&fields[reviewSubmissionItems]=state,appStoreVersion"
       + "&fields[appStoreVersions]=versionString,platform,appStoreState"
       + "&fields[actors]=userFirstName,userLastName";
 
-    const itemsUrl = `/v1/reviewSubmissions/${submissionId}/items`
-      + "?include=appStoreVersion"
-      + "&fields[reviewSubmissionItems]=state,appStoreVersion"
-      + "&fields[appStoreVersions]=versionString,platform,appStoreState";
-
-    const [submissionData, itemsData] = await Promise.all([
-      ascFetch(account, submissionUrl),
-      ascFetch(account, itemsUrl),
-    ]);
-
-    // Replace item objects with richer ones from items endpoint (they carry appStoreVersion relationship)
-    if (!submissionData.included) submissionData.included = [];
-    if (itemsData.data) {
-      for (const item of itemsData.data) {
-        const idx = submissionData.included.findIndex((e) => e.type === item.type && e.id === item.id);
-        if (idx >= 0) submissionData.included[idx] = item;
-        else submissionData.included.push(item);
-      }
-    }
-    // Merge included version objects from items endpoint
-    if (itemsData.included) {
-      for (const inc of itemsData.included) {
-        const exists = submissionData.included.some((e) => e.type === inc.type && e.id === inc.id);
-        if (!exists) submissionData.included.push(inc);
-      }
-    }
-
-    // DEBUG: log raw API responses to understand structure
-    console.log("=== SUBMISSION DATA ===");
-    console.log("data.relationships:", JSON.stringify(submissionData.data?.relationships, null, 2));
-    console.log("included types:", submissionData.included?.map(i => `${i.type}:${i.id}`));
-    console.log("=== ITEMS DATA ===");
-    console.log("itemsData.data:", JSON.stringify(itemsData.data, null, 2));
-    console.log("itemsData.included:", JSON.stringify(itemsData.included, null, 2));
-    console.log("=== MERGED INCLUDED ===");
-    console.log("all included:", submissionData.included?.map(i => `${i.type}:${i.id} rels=${Object.keys(i.relationships || {}).join(",")}`));
+    const submissionData = await ascFetch(account, submissionUrl);
 
     const result = parseReviewSubmissionDetail(submissionData);
 
diff --git a/src/api/index.js b/src/api/index.js
index 01b8865..da68329 100644
--- a/src/api/index.js
+++ b/src/api/index.js
@@ -234,6 +234,13 @@ export async function fetchReviewSubmissions(appId, accountId) {
   return res.json();
 }
 
+export async function fetchReviewSubmissionDetail(appId, submissionId, accountId) {
+  const params = new URLSearchParams({ accountId });
+  const res = await fetch(`/api/apps/${appId}/review-submissions/${submissionId}?${params}`);
+  if (!res.ok) throw new Error(`Failed to fetch review submission detail: ${res.status}`);
+  return res.json();
+}
+
 // ── In-App Purchases ─────────────────────────────────────────────────────────
 
 export async function fetchIAPs(appId, accountId) {
diff --git a/src/components/AppDetailPage.jsx b/src/components/AppDetailPage.jsx
index d578d1f..86e7387 100644
--- a/src/components/AppDetailPage.jsx
+++ b/src/components/AppDetailPage.jsx
@@ -16,7 +16,7 @@ function StarRating({ rating }) {
   return <span className="text-warning tracking-wider">{stars.join("")}</span>;
 }
 
-export default function AppDetailPage({ app, accounts, isMobile, onSelectVersion, onViewProducts, onViewXcodeCloud }) {
+export default function AppDetailPage({ app, accounts, isMobile, onSelectVersion, onViewProducts, onViewXcodeCloud, onViewReviewDetail }) {
   const [lookupData, setLookupData] = useState(null);
   const [lookupLoading, setLookupLoading] = useState(true);
   const [descExpanded, setDescExpanded] = useState(false);
@@ -168,7 +168,7 @@ export default function AppDetailPage({ app, accounts, isMobile, onSelectVersion
         )}
 
         {/* App Review */}
-        <AppReviewSection appId={app.id} accountId={app.accountId} />
+        <AppReviewSection appId={app.id} accountId={app.accountId} onViewDetail={onViewReviewDetail} />
 
         {/* Version History */}
         <div>
diff --git a/src/components/AppReviewSection.jsx b/src/components/AppReviewSection.jsx
index b354283..69988f9 100644
--- a/src/components/AppReviewSection.jsx
+++ b/src/components/AppReviewSection.jsx
@@ -14,13 +14,13 @@ const STATUS_ICONS = {
   "Removed": "\u2013",
 };
 
-function formatDate(dateString) {
+export function formatDate(dateString) {
   if (!dateString) return "\u2014";
   const d = new Date(dateString);
   return d.toLocaleDateString("en-US", { month: "short", day: "numeric", year: "numeric" });
 }
 
-function ReviewStatus({ status }) {
+export function ReviewStatus({ status }) {
   const color = STATUS_COLORS[status] || "#8e8e93";
   const icon = STATUS_ICONS[status];
 
@@ -41,7 +41,7 @@ function ReviewStatus({ status }) {
   );
 }
 
-function MessagesTable({ messages }) {
+function MessagesTable({ messages, onViewDetail }) {
   if (messages.length === 0) return null;
 
   return (
@@ -63,7 +63,11 @@ function MessagesTable({ messages }) {
             </thead>
             <tbody>
               {messages.map((msg) => (
-                <tr key={msg.id} className="border-b border-dark-border last:border-b-0">
+                <tr
+                  key={msg.id}
+                  className="border-b border-dark-border last:border-b-0 cursor-pointer hover:bg-dark-hover transition-colors"
+                  onClick={() => onViewDetail(msg.id)}
+                >
                   <td className="px-4 py-3 text-[13px] text-accent font-medium whitespace-nowrap">
                     {formatDate(msg.createdDate)}
                   </td>
@@ -82,7 +86,7 @@ function MessagesTable({ messages }) {
   );
 }
 
-function SubmissionsTable({ submissions }) {
+function SubmissionsTable({ submissions, onViewDetail }) {
   if (submissions.length === 0) return null;
 
   return (
@@ -105,7 +109,11 @@ function SubmissionsTable({ submissions }) {
             </thead>
             <tbody>
               {submissions.map((sub) => (
-                <tr key={sub.id} className="border-b border-dark-border last:border-b-0">
+                <tr
+                  key={sub.id}
+                  className="border-b border-dark-border last:border-b-0 cursor-pointer hover:bg-dark-hover transition-colors"
+                  onClick={() => onViewDetail(sub.id)}
+                >
                   <td className="px-4 py-3 text-[13px] text-accent font-medium whitespace-nowrap">
                     {formatDate(sub.submittedDate)}
                   </td>
@@ -123,7 +131,7 @@ function SubmissionsTable({ submissions }) {
   );
 }
 
-export default function AppReviewSection({ appId, accountId }) {
+export default function AppReviewSection({ appId, accountId, onViewDetail }) {
   const [data, setData] = useState(null);
   const [loading, setLoading] = useState(true);
   const [error, setError] = useState(null);
@@ -180,8 +188,8 @@ export default function AppReviewSection({ appId, accountId }) {
   return (
     <div className="mb-8">
       <h2 className="text-[13px] font-bold text-dark-text uppercase tracking-wide mb-3">App Review</h2>
-      {hasMessages && <MessagesTable messages={data.messages} />}
-      {hasSubmissions && <SubmissionsTable submissions={data.submissions} />}
+      {hasMessages && <MessagesTable messages={data.messages} onViewDetail={onViewDetail} />}
+      {hasSubmissions && <SubmissionsTable submissions={data.submissions} onViewDetail={onViewDetail} />}
     </div>
   );
 }
diff --git a/src/components/AppStoreManager.jsx b/src/components/AppStoreManager.jsx
index f4b8ac9..a9fb589 100644
--- a/src/components/AppStoreManager.jsx
+++ b/src/components/AppStoreManager.jsx
@@ -12,6 +12,7 @@ import ProductsPage from "./ProductsPage.jsx";
 import XcodeCloudPage from "./XcodeCloudPage.jsx";
 import BuildDetailPage from "./BuildDetailPage.jsx";
 import WorkflowEditPage from "./WorkflowEditPage.jsx";
+import ReviewSubmissionDetail from "./ReviewSubmissionDetail.jsx";
 
 function buildGroups(apps, groupBy, accounts) {
   if (groupBy === "none") return [{ key: "all", label: null, apps }];
@@ -49,6 +50,8 @@ function getRouteFromPath() {
   if (xcodeCloudBuildMatch) return { appId: xcodeCloudBuildMatch[1], versionId: null, subPage: "xcode-cloud-build", buildId: xcodeCloudBuildMatch[2] };
   const xcodeCloudMatch = path.match(/^\/app\/([^/]+)\/xcode-cloud$/);
   if (xcodeCloudMatch) return { appId: xcodeCloudMatch[1], versionId: null, subPage: "xcode-cloud" };
+  const reviewMatch = path.match(/^\/app\/([^/]+)\/review\/([^/]+)$/);
+  if (reviewMatch) return { appId: reviewMatch[1], versionId: null, subPage: "review", submissionId: reviewMatch[2] };
   const appMatch = path.match(/^\/app\/([^/]+)$/);
   if (appMatch) return { appId: appMatch[1], versionId: null, subPage: null };
   return { appId: null, versionId: null, subPage: null };
@@ -114,6 +117,7 @@ export default function AppStoreManager() {
 
   const [selectedBuildRun, setSelectedBuildRun] = useState(null);
   const [selectedWorkflowId, setSelectedWorkflowId] = useState(null);
+  const [selectedSubmissionId, setSelectedSubmissionId] = useState(null);
 
   const navigateToWorkflowEdit = useCallback((workflow, app) => {
     setSelectedApp(app);
@@ -140,6 +144,18 @@ export default function AppStoreManager() {
     );
   }, []);
 
+  const navigateToReviewDetail = useCallback((submissionId, app) => {
+    setSelectedApp(app);
+    setSelectedVersion(null);
+    setSelectedSubmissionId(submissionId);
+    setCurrentView("review");
+    window.history.pushState(
+      { appId: app.id, submissionId, subPage: "review" },
+      "",
+      `/app/${app.id}/review/${submissionId}`
+    );
+  }, []);
+
   const loadData = useCallback(async (fresh = false) => {
     try {
       setError(null);
@@ -187,6 +203,13 @@ export default function AppStoreManager() {
             // Build deep-link resolution failed, page will show with available data
           }
         }
+      } else if (route.subPage === "review") {
+        const appMatch = appsList.find((a) => a.id === route.appId);
+        if (appMatch) {
+          setSelectedApp(appMatch);
+          setSelectedSubmissionId(route.submissionId);
+          setCurrentView("review");
+        }
       } else if (route.subPage === "xcode-cloud") {
         const appMatch = appsList.find((a) => a.id === route.appId);
         if (appMatch) {
@@ -279,6 +302,20 @@ export default function AppStoreManager() {
         return;
       }
 
+      if (route.subPage === "review") {
+        const appMatch = apps.find((a) => a.id === route.appId);
+        if (appMatch) {
+          setSelectedApp(appMatch);
+          setSelectedSubmissionId(route.submissionId);
+          setCurrentView("review");
+        } else {
+          setSelectedApp(null);
+          setSelectedSubmissionId(null);
+          setCurrentView(null);
+        }
+        return;
+      }
+
       if (route.subPage === "xcode-cloud") {
         const appMatch = apps.find((a) => a.id === route.appId);
         setSelectedApp(appMatch || null);
@@ -337,6 +374,18 @@ export default function AppStoreManager() {
     );
   }
 
+  if (currentView === "review" && selectedApp && selectedSubmissionId) {
+    return (
+      <div className="font-sans bg-dark-bg text-dark-text min-h-screen antialiased">
+        <ReviewSubmissionDetail
+          app={selectedApp}
+          submissionId={selectedSubmissionId}
+          isMobile={isMobile}
+        />
+      </div>
+    );
+  }
+
   if (currentView === "xcode-cloud-workflow" && selectedApp && selectedWorkflowId) {
     return (
       <div className="font-sans bg-dark-bg text-dark-text min-h-screen antialiased">
@@ -386,6 +435,7 @@ export default function AppStoreManager() {
           onSelectVersion={(version) => selectVersion(version, selectedApp)}
           onViewProducts={() => navigateToProducts(selectedApp)}
           onViewXcodeCloud={() => navigateToXcodeCloud(selectedApp)}
+          onViewReviewDetail={(submissionId) => navigateToReviewDetail(submissionId, selectedApp)}
         />
       </div>
     );
diff --git a/src/components/ReviewSubmissionDetail.jsx b/src/components/ReviewSubmissionDetail.jsx
new file mode 100644
index 0000000..9468d72
--- /dev/null
+++ b/src/components/ReviewSubmissionDetail.jsx
@@ -0,0 +1,163 @@
+import { useState, useEffect } from "react";
+import { fetchReviewSubmissionDetail } from "../api/index.js";
+import { ReviewStatus, formatDate } from "./AppReviewSection.jsx";
+import AppIcon from "./AppIcon.jsx";
+
+const ITEM_STATE_DISPLAY = {
+  READY_FOR_REVIEW: "Ready for Review",
+  ACCEPTED: "Accepted",
+  APPROVED: "Approved",
+  REJECTED: "Rejected",
+  REMOVED: "Removed",
+};
+
+const ITEM_STATE_COLORS = {
+  "Ready for Review": "#ff9f0a",
+  Accepted: "#30d158",
+  Approved: "#30d158",
+  Rejected: "#ff453a",
+  Removed: "#8e8e93",
+};
+
+const ITEM_TYPE_LABELS = {
+  appStoreVersion: "App Store Version",
+  appCustomProductPage: "Custom Product Page",
+  appStoreVersionExperiment: "Product Page Experiment",
+  appEvent: "App Event",
+};
+
+function DetailRow({ label, children }) {
+  return (
+    <div className="flex items-baseline gap-3 py-1.5">
+      <span className="text-[12px] text-dark-dim w-[140px] shrink-0">{label}</span>
+      <span className="text-[13px] text-dark-text">{children}</span>
+    </div>
+  );
+}
+
+export default function ReviewSubmissionDetail({ app, submissionId, isMobile }) {
+  const [data, setData] = useState(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState(null);
+
+  useEffect(() => {
+    let cancelled = false;
+    setLoading(true);
+    setError(null);
+
+    fetchReviewSubmissionDetail(app.id, submissionId, app.accountId)
+      .then((result) => { if (!cancelled) setData(result); })
+      .catch((err) => { if (!cancelled) setError(err.message); })
+      .finally(() => { if (!cancelled) setLoading(false); });
+
+    return () => { cancelled = true; };
+  }, [app.id, submissionId, app.accountId]);
+
+  return (
+    <div style={{ animation: "asc-slidein 0.3s ease backwards" }}>
+      {/* Breadcrumb */}
+      <div className={`sticky top-0 z-10 bg-dark-bg/80 backdrop-blur-lg border-b border-dark-border ${isMobile ? "px-3 py-3" : "px-7 py-3"}`}>
+        <div className="flex items-center gap-3">
+          <button
+            onClick={() => window.history.back()}
+            className="flex items-center gap-1.5 text-accent text-sm font-medium bg-transparent border-none cursor-pointer font-sans px-0"
+          >
+            <span className="text-lg leading-none">{"\u2039"}</span>
+            {app.name}
+          </button>
+        </div>
+      </div>
+
+      <div className={`${isMobile ? "px-3 py-4" : "px-7 py-5"} max-w-4xl`}>
+        {/* Header */}
+        <div className="flex items-center gap-4 mb-6">
+          <AppIcon app={app} size={48} />
+          <div>
+            <h1 className="text-[18px] font-bold text-dark-text m-0 leading-tight">Review Submission</h1>
+            <p className="text-[13px] text-dark-dim m-0 mt-0.5">
+              {data ? data.versions : "Loading..."}
+            </p>
+          </div>
+          {data && (
+            <div className="ml-auto">
+              <ReviewStatus status={data.displayStatus} />
+            </div>
+          )}
+        </div>
+
+        {loading && (
+          <div className="bg-dark-surface rounded-[10px] px-4 py-8 text-center">
+            <span className="text-[12px] text-dark-dim">Loading submission details...</span>
+          </div>
+        )}
+
+        {error && (
+          <div className="bg-dark-surface rounded-[10px] px-4 py-8 text-center">
+            <span className="text-[12px] text-dark-dim">Failed to load submission details.</span>
+          </div>
+        )}
+
+        {data && (
+          <div className="space-y-6">
+            {/* Submission Info */}
+            <div className="bg-dark-surface rounded-[10px] p-5">
+              <h3 className="text-[12px] font-bold text-dark-text uppercase tracking-wide mb-3">Details</h3>
+              <DetailRow label="Status"><ReviewStatus status={data.displayStatus} /></DetailRow>
+              <DetailRow label="Date Submitted">{formatDate(data.submittedDate)}</DetailRow>
+              <DetailRow label="Platform">{data.platform || "Unknown"}</DetailRow>
+              <DetailRow label="Versions">{data.versions}</DetailRow>
+              {data.submittedBy && <DetailRow label="Submitted By">{data.submittedBy}</DetailRow>}
+              {data.lastUpdatedBy && <DetailRow label="Last Updated By">{data.lastUpdatedBy}</DetailRow>}
+            </div>
+
+            {/* Items */}
+            {data.items && data.items.length > 0 && (
+              <div className="bg-dark-surface rounded-[10px] p-5">
+                <h3 className="text-[12px] font-bold text-dark-text uppercase tracking-wide mb-3">
+                  Submission Items ({data.items.length})
+                </h3>
+                <div className="rounded-lg overflow-hidden border border-dark-border">
+                  <table className="w-full text-left border-collapse">
+                    <thead>
+                      <tr className="border-b border-dark-border">
+                        <th className="text-[10px] font-bold text-dark-dim uppercase tracking-wide px-4 py-2.5">Type</th>
+                        <th className="text-[10px] font-bold text-dark-dim uppercase tracking-wide px-4 py-2.5">Version</th>
+                        <th className="text-[10px] font-bold text-dark-dim uppercase tracking-wide px-4 py-2.5">Platform</th>
+                        <th className="text-[10px] font-bold text-dark-dim uppercase tracking-wide px-4 py-2.5">State</th>
+                      </tr>
+                    </thead>
+                    <tbody>
+                      {data.items.map((item) => {
+                        const displayState = ITEM_STATE_DISPLAY[item.state] || item.displayState || item.state;
+                        const stateColor = ITEM_STATE_COLORS[displayState] || "#8e8e93";
+                        return (
+                          <tr key={item.id} className="border-b border-dark-border last:border-b-0">
+                            <td className="px-4 py-3 text-[13px] text-dark-text">
+                              {ITEM_TYPE_LABELS[item.type] || item.type}
+                            </td>
+                            <td className="px-4 py-3 text-[13px] text-dark-text">
+                              {item.versionString || "\u2014"}
+                            </td>
+                            <td className="px-4 py-3 text-[13px] text-dark-text">
+                              {item.platform || "\u2014"}
+                            </td>
+                            <td className="px-4 py-3">
+                              <span className="inline-flex items-center gap-1.5 text-[11px] font-semibold">
+                                <span className="w-[7px] h-[7px] rounded-full shrink-0" style={{ background: stateColor }} />
+                                <span style={{ color: stateColor }}>{displayState}</span>
+                              </span>
+                            </td>
+                          </tr>
+                        );
+                      })}
+                    </tbody>
+                  </table>
+                </div>
+              </div>
+            )}
+          </div>
+        )}
+      </div>
+    </div>
+  );
+}