Stats
Actions
Tags
From shopify-pack
Executes Shopify app production checklist for App Store submission, GDPR webhooks, API versioning, security verification, rate limits, and error handling.
How this skill is triggered — by the user, by Claude, or both
Slash command
/shopify-pack:shopify-prod-checklistThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Complete pre-launch checklist for deploying Shopify apps to production and submitting to the Shopify App Store.
Complete pre-launch checklist for deploying Shopify apps to production and submitting to the Shopify App Store.
2024-10), not unstableAPP_UNINSTALLED webhook handler cleans up sessionscustomers/data_request webhook handler implementedcustomers/redact webhook handler implementedshop/redact webhook handler implemented (fires 48h after uninstall)shopify.app.tomlX-Shopify-Hmac-Sha256 using HMAC-SHA256crypto.timingSafeEqual() for signature comparisonrequestedQueryCost with debug header)userErrors array (200 with errors!)X-Request-Idframe-ancestors https://*.myshopify.com https://admin.shopify.com# Check which API versions your store supports
curl -s -H "X-Shopify-Access-Token: $TOKEN" \
"https://$STORE/admin/api/versions.json" \
| jq '.supported_versions[] | select(.supported == true) | .handle'
# Shopify deprecates versions ~12 months after release
# Set a calendar reminder to upgrade quarterly
app.get("/health", async (req, res) => {
const checks: Record<string, any> = {};
// Test Shopify connectivity
try {
const start = Date.now();
await client.request("{ shop { name } }");
checks.shopify = { status: "ok", latencyMs: Date.now() - start };
} catch (err) {
checks.shopify = { status: "error", message: (err as Error).message };
}
// Test database
try {
await db.query("SELECT 1");
checks.database = { status: "ok" };
} catch (err) {
checks.database = { status: "error" };
}
const allHealthy = Object.values(checks).every((c: any) => c.status === "ok");
res.status(allHealthy ? 200 : 503).json({
status: allHealthy ? "healthy" : "degraded",
checks,
timestamp: new Date().toISOString(),
});
});
| Alert | Condition | Severity |
|---|---|---|
| Shopify API down | 5xx errors > 5/min | P1 - Critical |
| Auth failures | 401 errors > 0 | P1 - Token may be revoked |
| Rate limited | THROTTLED > 5/min | P2 - Reduce query cost |
| High latency | p95 > 3000ms | P2 - Check query complexity |
| Webhook failures | Delivery success < 95% | P2 - Check endpoint health |
#!/bin/bash
echo "=== Shopify Pre-Deploy Smoke Test ==="
STORE="$SHOPIFY_STORE"
TOKEN="$SHOPIFY_ACCESS_TOKEN"
PASS=0; FAIL=0
# Auth test
if curl -sf -H "X-Shopify-Access-Token: $TOKEN" \
"https://$STORE/admin/api/2024-10/shop.json" > /dev/null; then
echo "PASS: Auth"; ((PASS++))
else
echo "FAIL: Auth"; ((FAIL++))
fi
# Scopes test
SCOPES=$(curl -sf -H "X-Shopify-Access-Token: $TOKEN" \
"https://$STORE/admin/oauth/access_scopes.json" | jq -r '.access_scopes[].handle')
for required in read_products read_orders; do
if echo "$SCOPES" | grep -q "$required"; then
echo "PASS: Scope $required"; ((PASS++))
else
echo "FAIL: Missing scope $required"; ((FAIL++))
fi
done
echo "---"
echo "Results: $PASS passed, $FAIL failed"
[ $FAIL -eq 0 ] && echo "READY FOR DEPLOY" || echo "FIX FAILURES FIRST"
For version upgrades, see shopify-upgrade-migration.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin shopify-packProvides patterns for Shopify app development using Remix/React Router, embedded apps with App Bridge, webhooks, GraphQL Admin API, Polaris components, billing, and extensions.
Identifies Shopify API anti-patterns like ignoring userErrors, outdated versions, REST over GraphQL, missing GDPR webhooks, and timeouts. Reviews code with real examples.
Secures Shopify apps via HMAC webhook verification, session token validation, OAuth scope checks, CSP headers, GDPR webhooks, and input sanitization.