4 releases
| 0.2.3 | Jan 27, 2026 |
|---|---|
| 0.2.2 | Jan 27, 2026 |
| 0.2.1 | Jan 27, 2026 |
| 0.2.0 | Jan 27, 2026 |
#1920 in Development tools
Used in gatekpr-cli
725KB
16K
SLoC
Gatekpr
A Rust-native platform that validates Shopify and WooCommerce apps against official approval requirements. Provides CLI, REST API, MCP server, and AI agent integration.
Features
- 110+ Validation Rules across webhooks, API usage, billing, security, OAuth, data protection, checkout, performance, and themes
- Multi-Platform: Shopify and WooCommerce support
- Multi-Language Parsing: JavaScript, TypeScript, Ruby, Python, PHP via tree-sitter
- Semantic Search: RAG-powered documentation search with Qdrant (17 collections)
- LLM Analysis: GLM 4.7 primary with Claude fallback, circuit breaker pattern
- Multi-Tenant SaaS: JWT auth, Stripe billing, email notifications
- MCP Integration: Tools for Claude Code, Windsurf, OpenCode
- Production Ready: Fly.io deployment, OpenTelemetry tracing, rate limiting
Architecture
gatekpr/
├── crates/
│ ├── core/ # Shared types, traits, HTTP client, formatting
│ ├── config/ # Configuration management
│ ├── patterns/ # Reusable patterns (retry, circuit breaker)
│ ├── rate-limiter/ # Standalone rate limiting crate
│ ├── parsers/ # Multi-language code parsing (tree-sitter)
│ ├── validators/ # Rule engine with pattern matching
│ ├── vector/ # Qdrant client, embedding registry
│ ├── db/ # SQLite with SQLx + query helpers
│ ├── rig-agent/ # LLM orchestration with circuit breaker
│ ├── opencode/ # OpenCode CLI client for RAG enrichment
│ ├── email/ # SMTP email with MJML templates
│ ├── billing/ # Stripe billing integration
│ ├── monitoring/ # Health checks, deprecation tracking
│ ├── mcp-server/ # MCP protocol server for AI agents
│ ├── cli/ # Command-line interface
│ ├── api/ # REST API (Axum)
│ └── ingestion/ # Documentation crawler
├── rules/ # Validation rules (TOML)
├── migrations/ # SQLx database migrations
├── packages/ # Distribution wrappers (npm, PyPI, RubyGems, Composer)
├── HomebrewFormula/ # Homebrew formula
└── tests/ # Integration tests
Installation
# From crates.io
cargo install gatekpr-cli
# From source
cargo install --git https://github.com/umerkhan95/gatekpr.git gatekpr-cli
Quick Start
Prerequisites
- Rust 1.75+
- SQLite 3.x (bundled via SQLx)
Build from source
git clone https://github.com/umerkhan95/shopify-app-approver.git
cd shopify-app-approver
cargo build --release
CLI
# Validate a Shopify app
cargo run -p gatekpr-cli -- check ./path/to/app
# Remote validation via API
cargo run -p gatekpr-cli -- check ./path/to/app --server https://gatekpr.fly.dev
# Search documentation
cargo run -p gatekpr-cli -- docs search "GDPR webhooks"
# List validation rules
cargo run -p gatekpr-cli -- rules list
API Server
export JWT_SECRET="your-secret-key-at-least-32-characters"
cargo run -p gatekpr-api
# Server starts at http://localhost:3000
MCP Server
cargo run -p gatekpr-mcp-server
# With RAG support
OPENAI_API_KEY=your-key QDRANT_URL=http://localhost:6333 cargo run -p gatekpr-mcp-server
Configure in Claude Code (~/.claude/settings.json):
{
"mcpServers": {
"gatekpr": {
"command": "/path/to/gatekpr-mcp-server"
}
}
}
API Endpoints
Authentication
| Method | Endpoint | Auth | Description |
|---|---|---|---|
| POST | /api/v1/auth/register |
No | Register user |
| POST | /api/v1/auth/login |
No | Login, returns JWT |
| POST | /api/v1/auth/refresh |
No | Refresh access token |
| POST | /api/v1/auth/validate |
No | Validate API key (CLI) |
| GET | /api/v1/auth/verify-email/:token |
No | Verify email |
| POST | /api/v1/auth/forgot-password |
No | Request password reset |
| POST | /api/v1/auth/reset-password |
No | Reset password |
| POST | /api/v1/auth/api-key |
Yes | Generate API key |
Validation
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/validate/file |
Validate single file |
| POST | /api/v1/validate/webhooks |
Check GDPR webhooks |
| POST | /api/v1/validate/api |
Check API compliance |
| POST | /api/v1/validate/billing |
Check billing compliance |
| POST | /api/v1/validate/security |
Security scan |
| POST | /api/v1/validate/codebase |
Full codebase validation |
| GET | /api/v1/validate/codebase/:id |
Get validation status |
| POST | /api/v1/validate/github |
GitHub CI/CD validation |
Reviews
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/reviews |
List reviews (paginated) |
| POST | /api/v1/reviews |
Create review |
| GET | /api/v1/reviews/:id |
Get review details |
| DELETE | /api/v1/reviews/:id |
Delete review |
| GET | /api/v1/reviews/:id/findings |
Get findings |
Billing (Stripe)
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/billing/plans |
List plans |
| POST | /api/v1/billing/checkout |
Create checkout session |
| GET | /api/v1/billing/subscription |
Get subscription status |
| POST | /api/v1/billing/subscription/cancel |
Cancel subscription |
| POST | /api/v1/billing/subscription/reactivate |
Reactivate |
| POST | /api/v1/billing/portal |
Billing portal |
| GET | /api/v1/billing/usage |
Usage stats |
| POST | /api/v1/billing/webhooks |
Stripe webhook |
Documentation
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/v1/docs/search?q=query |
Semantic search |
| GET | /api/v1/docs/rules |
List validation rules |
| GET | /api/v1/docs/rules/:id |
Get rule details |
Validation Rules
| Category | Rules | Description |
|---|---|---|
| Webhooks | WH001-WH004 | GDPR webhook compliance |
| API | API001-API003 | GraphQL vs REST, scope validation |
| Billing | BIL001-BIL002 | Shopify Billing API |
| Security | SEC001-SEC005 | HTTPS, HMAC, secrets, eval, SSL |
| OAuth | OAUTH001-OAUTH003 | OAuth flow validation |
| Data | DATA001-DATA003 | Customer data protection |
| Embedded | EMB001-EMB005 | App Bridge, session tokens |
| Checkout | CHECKOUT001-CHECKOUT006 | Checkout extensions |
| Performance | PERF001-PERF006 | Bundle size, Core Web Vitals |
| Theme | THEME001-THEME006 | Theme app extensions |
Environment Variables
| Variable | Required | Description |
|---|---|---|
JWT_SECRET |
Yes | JWT signing secret (min 32 chars) |
DATABASE_URL |
No | SQLite path (default: sqlite:./data/approver.db) |
API_HOST |
No | Server host (default: 0.0.0.0) |
API_PORT |
No | Server port (default: 3000) |
ALLOWED_ORIGINS |
No | CORS origins |
STRIPE_SECRET_KEY |
No | Stripe secret key (enables billing) |
STRIPE_PUBLISHABLE_KEY |
No | Stripe publishable key |
STRIPE_WEBHOOK_SECRET |
No | Stripe webhook signing secret |
EMAIL_SMTP_HOST |
No | SMTP host (enables email) |
EMAIL_SMTP_PASSWORD |
No | SMTP password |
EMAIL_FROM_ADDRESS |
No | Sender email |
OPENAI_API_KEY |
No | OpenAI embeddings |
QDRANT_URL |
No | Qdrant server URL |
GLM_API_KEY |
No | GLM 4.7 API key |
ANTHROPIC_API_KEY |
No | Claude API key (fallback) |
Deployment
Production runs on Fly.io. See DEPLOYMENT.md for full details.
# Deploy API
flyctl deploy --config fly.production.toml --app gatekpr
# Deploy Qdrant
flyctl deploy --config fly.qdrant.production.toml --app gatekpr-qdrant
# Health check
curl https://gatekpr.fly.dev/health
Development
# Run tests
cargo test --workspace
# Format
cargo fmt --all
# Lint
cargo clippy --workspace -- -D warnings
CI Pipeline
CI runs on every push to main:
- Format -
cargo fmt --check - Check -
cargo check --workspace - Clippy -
cargo clippy -- -D warnings - Test -
cargo test --workspace
Release builds and Docker images are produced by release.yml on version tags (v*).
License
MIT
Dependencies
~106MB
~2.5M SLoC