4 releases
| 0.2.3 | Jan 27, 2026 |
|---|---|
| 0.2.2 | Jan 27, 2026 |
| 0.2.1 | Jan 27, 2026 |
| 0.2.0 | Jan 27, 2026 |
#886 in Development tools
1MB
25K
SLoC
Gatekpr
A fast CLI tool that validates your Shopify and WooCommerce apps against official marketplace approval requirements before you submit.
Catches GDPR webhook violations, billing issues, security vulnerabilities, OAuth problems, and 100+ other common rejection reasons — so you don't have to wait days for review feedback.
Installation
cargo install gatekpr-cli
Getting Started
# Navigate to your app directory
cd ~/my-app
# Run a full validation
gatekpr check .
On first run, Gatekpr will ask for your email and send a magic login link — no password needed.
Usage
Validate Your App
# Full local validation
gatekpr check ./my-app
# Validate with remote analysis (semantic search + LLM)
gatekpr check ./my-app --server https://gatekpr.fly.dev
# Force local-only mode
gatekpr check ./my-app --local
# JSON output (for CI/CD)
gatekpr check ./my-app --output json
Authentication
# Sign up (new account, magic link)
gatekpr auth signup
# Log in (existing account, magic link)
gatekpr auth login
# Check auth status
gatekpr auth status
# Log out
gatekpr auth logout
Documentation Search
# Search approval documentation
gatekpr docs search "GDPR webhooks"
gatekpr docs search "billing API requirements"
Validation Rules
# List all rules
gatekpr rules list
# List rules by category
gatekpr rules list --category webhooks
gatekpr rules list --category security
Billing
# View available plans
gatekpr billing plans
# Upgrade plan
gatekpr billing upgrade
What It Checks
| Category | Rules | Examples |
|---|---|---|
| Webhooks | WH001–WH004 | GDPR mandatory webhooks (customers/redact, shop/redact, customers/data_request) |
| API Usage | API001–API003 | GraphQL vs REST API, required scopes |
| Billing | BIL001–BIL002 | Shopify Billing API compliance |
| Security | SEC001–SEC005 | No eval(), no hardcoded secrets, SQL injection, XSS, SSL validation |
| OAuth | OAUTH001–OAUTH003 | OAuth flow validation |
| Data | DATA001–DATA003 | Data protection and privacy |
| Embedded | EMB001–EMB005 | App Bridge, session tokens, embedded app patterns |
| Checkout | CHECKOUT001–CHECKOUT006 | Checkout extensions, post-purchase |
| Performance | PERF001–PERF006 | Bundle size, Lighthouse, Core Web Vitals |
| Theme | THEME001–THEME006 | Theme app extensions, Online Store 2.0 |
Languages Supported
Gatekpr uses tree-sitter for accurate code parsing:
- JavaScript / JSX
- TypeScript / TSX
- Ruby
- Python
- PHP
Plans
| Plan | Price | Validations | All Rules |
|---|---|---|---|
| Free | $0/mo | 10/month | Core rules |
| Pro | $19/mo | Unlimited | All 110+ rules |
| Team | $49/mo | Unlimited | All rules + API access |
CI/CD Integration
# In your CI pipeline
gatekpr check . --output json --exit-code
Returns exit code 1 if critical issues are found — use in pre-merge checks.
MCP Server (AI Agent Integration)
Gatekpr also ships an MCP server for use with Claude Code, Windsurf, or other AI agents:
cargo install gatekpr-mcp-server
Configure in Claude Code (~/.claude/settings.json):
{
"mcpServers": {
"gatekpr": {
"command": "gatekpr-mcp-server"
}
}
}
Requirements
- Rust 1.85+ (for
cargo install) - A Shopify or WooCommerce app directory to validate
License
MIT
Dependencies
~121MB
~2.5M SLoC