shopify-policy-guardrails

Featured

Implement Shopify app policy enforcement with ESLint rules for API key detection, query cost budgets, and App Store compliance checks. Trigger with phrases like "shopify policy", "shopify lint", "shopify guardrails", "shopify compliance", "shopify eslint", "shopify app review".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

70

Documentation 15%

100

Issue Health 10%

50

License 10%

100

Description 5%

100

Skill Content

# Shopify Policy & Guardrails ## Overview Automated policy enforcement for Shopify apps: secret detection, query cost budgets, App Store compliance checks, and CI policy validation. ## Prerequisites - ESLint configured in project - Pre-commit hooks infrastructure - CI/CD pipeline with GitHub Actions - Shopify app with `shopify.app.toml` ## Instructions ### Step 1: Secret Detection Rules ```javascript // eslint-rules/no-shopify-secrets.js module.exports = { meta: { type: "problem", docs: { description: "Detect hardcoded Shopify tokens and secrets" }, messages: { adminToken: "Hardcoded Shopify Admin API token detected (shpat_*)", apiSecret: "Potential Shopify API secret detected", storefrontToken: "Hardcoded Storefront API token detected", }, }, create(context) { return { Literal(node) { if (typeof node.value !== "string") return; const v = node.value; // Admin API access token: shpat_ + 32 hex chars if (/^shpat_[a-f0-9]{32}$/i.test(v)) { context.report({ node, messageId: "adminToken" }); } // Storefront token: shpss_ pattern if (/^shpss_[a-f0-9]{32}$/i.test(v)) { context.report({ node, messageId: "storefrontToken" }); } // Generic secret pattern (32+ hex that's clearly a token) if (/^[a-f0-9]{32,}$/i.test(v) && v.length === 32) { context.report({ node, messageId: "apiSecret" }); } }, Template...

Details

Author: jeremylongshore
Repository: jeremylongshore/claude-code-plugins-plus-skills
Created: 7 months ago
Last Updated: today
Language: Python
License: MIT

Integrates with

Anthropic · AI GitHub · DevTools Shopify · Commerce

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

hubspot-policy-guardrails

Implement HubSpot lint rules, secret scanning, and CI policy checks. Use when setting up code quality rules for HubSpot integrations, preventing token leaks, or configuring CI guardrails. Trigger with phrases like "hubspot policy", "hubspot lint", "hubspot guardrails", "hubspot security check", "hubspot eslint rules".

2,266 Updated today

jeremylongshore

AI & Automation Featured

salesforce-policy-guardrails

Implement Salesforce lint rules, SOQL injection prevention, and API usage guardrails. Use when enforcing Salesforce integration code quality, preventing SOQL injection, or configuring CI policy checks for Salesforce best practices. Trigger with phrases like "salesforce policy", "salesforce lint", "salesforce guardrails", "SOQL injection", "salesforce eslint", "salesforce code review".

2,266 Updated today

jeremylongshore

AI & Automation Solid

vercel-policy-guardrails

Implement lint rules, CI policy checks, and automated guardrails for Vercel projects. Use when setting up code quality rules, preventing secret exposure, or enforcing deployment policies for Vercel applications. Trigger with phrases like "vercel policy", "vercel lint", "vercel guardrails", "vercel best practices check", "vercel secret scan".

2,266 Updated today

jeremylongshore

AI & Automation Featured

shopify-security-basics

Apply Shopify security best practices for API credentials, webhook HMAC validation, and access scope management. Use when securing API keys, validating webhook signatures, or auditing Shopify security configuration. Trigger with phrases like "shopify security", "shopify secrets", "secure shopify", "shopify HMAC", "shopify webhook verify".

2,266 Updated today

jeremylongshore

AI & Automation Featured

shopify-observability

Set up observability for Shopify app integrations with query cost tracking, rate limit monitoring, webhook delivery metrics, and structured logging. Trigger with phrases like "shopify monitoring", "shopify metrics", "shopify observability", "monitor shopify API", "shopify alerts", "shopify dashboard".

2,266 Updated today

jeremylongshore