gatekpr-validators 0.2.3

Validation rule engine for Shopify and WooCommerce app compliance (GDPR, billing, security)
docs.rs failed to build gatekpr-validators-0.2.3
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.

Gatekpr

A Rust-native platform that validates Shopify and WooCommerce apps against official approval requirements. Provides CLI, REST API, MCP server, and AI agent integration.

CI

Features

  • 110+ Validation Rules across webhooks, API usage, billing, security, OAuth, data protection, checkout, performance, and themes
  • Multi-Platform: Shopify and WooCommerce support
  • Multi-Language Parsing: JavaScript, TypeScript, Ruby, Python, PHP via tree-sitter
  • Semantic Search: RAG-powered documentation search with Qdrant (17 collections)
  • LLM Analysis: GLM 4.7 primary with Claude fallback, circuit breaker pattern
  • Multi-Tenant SaaS: JWT auth, Stripe billing, email notifications
  • MCP Integration: Tools for Claude Code, Windsurf, OpenCode
  • Production Ready: Fly.io deployment, OpenTelemetry tracing, rate limiting

Architecture

gatekpr/
├── crates/
│   ├── core/           # Shared types, traits, HTTP client, formatting
│   ├── config/         # Configuration management
│   ├── patterns/       # Reusable patterns (retry, circuit breaker)
│   ├── rate-limiter/   # Standalone rate limiting crate
│   ├── parsers/        # Multi-language code parsing (tree-sitter)
│   ├── validators/     # Rule engine with pattern matching
│   ├── vector/         # Qdrant client, embedding registry
│   ├── db/             # SQLite with SQLx + query helpers
│   ├── rig-agent/      # LLM orchestration with circuit breaker
│   ├── opencode/       # OpenCode CLI client for RAG enrichment
│   ├── email/          # SMTP email with MJML templates
│   ├── billing/        # Stripe billing integration
│   ├── monitoring/     # Health checks, deprecation tracking
│   ├── mcp-server/     # MCP protocol server for AI agents
│   ├── cli/            # Command-line interface
│   ├── api/            # REST API (Axum)
│   └── ingestion/      # Documentation crawler
├── rules/              # Validation rules (TOML)
├── migrations/         # SQLx database migrations
├── packages/           # Distribution wrappers (npm, PyPI, RubyGems, Composer)
├── HomebrewFormula/    # Homebrew formula
└── tests/              # Integration tests

Installation

# From crates.io
cargo install gatekpr-cli

# From source
cargo install --git https://github.com/umerkhan95/gatekpr.git gatekpr-cli

Quick Start

Prerequisites

  • Rust 1.75+
  • SQLite 3.x (bundled via SQLx)

Build from source

git clone https://github.com/umerkhan95/shopify-app-approver.git
cd shopify-app-approver
cargo build --release

CLI

# Validate a Shopify app
cargo run -p gatekpr-cli -- check ./path/to/app

# Remote validation via API
cargo run -p gatekpr-cli -- check ./path/to/app --server https://gatekpr.fly.dev

# Search documentation
cargo run -p gatekpr-cli -- docs search "GDPR webhooks"

# List validation rules
cargo run -p gatekpr-cli -- rules list

API Server

export JWT_SECRET="your-secret-key-at-least-32-characters"
cargo run -p gatekpr-api
# Server starts at http://localhost:3000

MCP Server

cargo run -p gatekpr-mcp-server

# With RAG support
OPENAI_API_KEY=your-key QDRANT_URL=http://localhost:6333 cargo run -p gatekpr-mcp-server

Configure in Claude Code (~/.claude/settings.json):

{
  "mcpServers": {
    "gatekpr": {
      "command": "/path/to/gatekpr-mcp-server"
    }
  }
}

API Endpoints

Authentication

Method Endpoint Auth Description
POST /api/v1/auth/register No Register user
POST /api/v1/auth/login No Login, returns JWT
POST /api/v1/auth/refresh No Refresh access token
POST /api/v1/auth/validate No Validate API key (CLI)
GET /api/v1/auth/verify-email/:token No Verify email
POST /api/v1/auth/forgot-password No Request password reset
POST /api/v1/auth/reset-password No Reset password
POST /api/v1/auth/api-key Yes Generate API key

Validation

Method Endpoint Description
POST /api/v1/validate/file Validate single file
POST /api/v1/validate/webhooks Check GDPR webhooks
POST /api/v1/validate/api Check API compliance
POST /api/v1/validate/billing Check billing compliance
POST /api/v1/validate/security Security scan
POST /api/v1/validate/codebase Full codebase validation
GET /api/v1/validate/codebase/:id Get validation status
POST /api/v1/validate/github GitHub CI/CD validation

Reviews

Method Endpoint Description
GET /api/v1/reviews List reviews (paginated)
POST /api/v1/reviews Create review
GET /api/v1/reviews/:id Get review details
DELETE /api/v1/reviews/:id Delete review
GET /api/v1/reviews/:id/findings Get findings

Billing (Stripe)

Method Endpoint Description
GET /api/v1/billing/plans List plans
POST /api/v1/billing/checkout Create checkout session
GET /api/v1/billing/subscription Get subscription status
POST /api/v1/billing/subscription/cancel Cancel subscription
POST /api/v1/billing/subscription/reactivate Reactivate
POST /api/v1/billing/portal Billing portal
GET /api/v1/billing/usage Usage stats
POST /api/v1/billing/webhooks Stripe webhook

Documentation

Method Endpoint Description
GET /api/v1/docs/search?q=query Semantic search
GET /api/v1/docs/rules List validation rules
GET /api/v1/docs/rules/:id Get rule details

Validation Rules

Category Rules Description
Webhooks WH001-WH004 GDPR webhook compliance
API API001-API003 GraphQL vs REST, scope validation
Billing BIL001-BIL002 Shopify Billing API
Security SEC001-SEC005 HTTPS, HMAC, secrets, eval, SSL
OAuth OAUTH001-OAUTH003 OAuth flow validation
Data DATA001-DATA003 Customer data protection
Embedded EMB001-EMB005 App Bridge, session tokens
Checkout CHECKOUT001-CHECKOUT006 Checkout extensions
Performance PERF001-PERF006 Bundle size, Core Web Vitals
Theme THEME001-THEME006 Theme app extensions

Environment Variables

Variable Required Description
JWT_SECRET Yes JWT signing secret (min 32 chars)
DATABASE_URL No SQLite path (default: sqlite:./data/approver.db)
API_HOST No Server host (default: 0.0.0.0)
API_PORT No Server port (default: 3000)
ALLOWED_ORIGINS No CORS origins
STRIPE_SECRET_KEY No Stripe secret key (enables billing)
STRIPE_PUBLISHABLE_KEY No Stripe publishable key
STRIPE_WEBHOOK_SECRET No Stripe webhook signing secret
EMAIL_SMTP_HOST No SMTP host (enables email)
EMAIL_SMTP_PASSWORD No SMTP password
EMAIL_FROM_ADDRESS No Sender email
OPENAI_API_KEY No OpenAI embeddings
QDRANT_URL No Qdrant server URL
GLM_API_KEY No GLM 4.7 API key
ANTHROPIC_API_KEY No Claude API key (fallback)

Deployment

Production runs on Fly.io. See DEPLOYMENT.md for full details.

# Deploy API
flyctl deploy --config fly.production.toml --app gatekpr

# Deploy Qdrant
flyctl deploy --config fly.qdrant.production.toml --app gatekpr-qdrant

# Health check
curl https://gatekpr.fly.dev/health

Development

# Run tests
cargo test --workspace

# Format
cargo fmt --all

# Lint
cargo clippy --workspace -- -D warnings

CI Pipeline

CI runs on every push to main:

  • Format - cargo fmt --check
  • Check - cargo check --workspace
  • Clippy - cargo clippy -- -D warnings
  • Test - cargo test --workspace

Release builds and Docker images are produced by release.yml on version tags (v*).

License

MIT