Installing the `gatekpr` executable

Assuming you have Rust/Cargo installed, run this command in a terminal:

cargo install gatekpr-cli

It will make the gatekpr command available in your PATH if you've allowed the PATH to be modified when installing Rust. cargo uninstall gatekpr-cli uninstalls.

Back to the crate overview.

Readme

Gatekpr

A fast CLI tool that validates your Shopify and WooCommerce apps against official marketplace approval requirements before you submit.

Catches GDPR webhook violations, billing issues, security vulnerabilities, OAuth problems, and 100+ other common rejection reasons — so you don't have to wait days for review feedback.

Installation

cargo install gatekpr-cli

Getting Started

# Navigate to your app directory
cd ~/my-app

# Run a full validation
gatekpr check .

On first run, Gatekpr will ask for your email and send a magic login link — no password needed.

Usage

Validate Your App

# Full local validation
gatekpr check ./my-app

# Validate with remote analysis (semantic search + LLM)
gatekpr check ./my-app --server https://gatekpr.fly.dev

# Force local-only mode
gatekpr check ./my-app --local

# JSON output (for CI/CD)
gatekpr check ./my-app --output json

Authentication

# Sign up (new account, magic link)
gatekpr auth signup

# Log in (existing account, magic link)
gatekpr auth login

# Check auth status
gatekpr auth status

# Log out
gatekpr auth logout

Documentation Search

# Search approval documentation
gatekpr docs search "GDPR webhooks"
gatekpr docs search "billing API requirements"

Validation Rules

# List all rules
gatekpr rules list

# List rules by category
gatekpr rules list --category webhooks
gatekpr rules list --category security

Billing

# View available plans
gatekpr billing plans

# Upgrade plan
gatekpr billing upgrade

What It Checks

Category	Rules	Examples
Webhooks	WH001–WH004	GDPR mandatory webhooks (`customers/redact`, `shop/redact`, `customers/data_request`)
API Usage	API001–API003	GraphQL vs REST API, required scopes
Billing	BIL001–BIL002	Shopify Billing API compliance
Security	SEC001–SEC005	No `eval()`, no hardcoded secrets, SQL injection, XSS, SSL validation
OAuth	OAUTH001–OAUTH003	OAuth flow validation
Data	DATA001–DATA003	Data protection and privacy
Embedded	EMB001–EMB005	App Bridge, session tokens, embedded app patterns
Checkout	CHECKOUT001–CHECKOUT006	Checkout extensions, post-purchase
Performance	PERF001–PERF006	Bundle size, Lighthouse, Core Web Vitals
Theme	THEME001–THEME006	Theme app extensions, Online Store 2.0

Languages Supported

Gatekpr uses tree-sitter for accurate code parsing:

JavaScript / JSX
TypeScript / TSX
Ruby
Python
PHP

Plans

Plan	Price	Validations	All Rules
Free	$0/mo	10/month	Core rules
Pro	$19/mo	Unlimited	All 110+ rules
Team	$49/mo	Unlimited	All rules + API access

CI/CD Integration

# In your CI pipeline
gatekpr check . --output json --exit-code

Returns exit code 1 if critical issues are found — use in pre-merge checks.

MCP Server (AI Agent Integration)

Gatekpr also ships an MCP server for use with Claude Code, Windsurf, or other AI agents:

cargo install gatekpr-mcp-server

Configure in Claude Code (~/.claude/settings.json):

{
  "mcpServers": {
    "gatekpr": {
      "command": "gatekpr-mcp-server"
    }
  }
}

Requirements

Rust 1.85+ (for cargo install)
A Shopify or WooCommerce app directory to validate

License

MIT

Installing the gatekpr executable

Installing the `gatekpr` executable