Shopify’s AI Toolkit adds self-review: tighten App Store compliance before (and during) review
TL;DR
Shopify is extending the AI Toolkit with an AI self-review flow so you can stress-test compliance while your app is still in review. Here’s how to fold it into Cursor, Claude, Codex, and the rest of your agent stack.
The Shopify AI Toolkit connects your editor or CLI agent to Shopify’s documentation, API schemas, and validation so it stops guessing. A recent update, summarised by Joe Zazove on X, adds AI self-review: a compliance-oriented pass you can run while the app is still in App Store review, catching issues before they cost another revision.
Whether you use Cursor, Claude Code, Codex, VS Code agents, or Gemini CLI, the pattern is the same: ground the agent in Shopify’s sources of truth, then run self-review as a repeatable gate whenever the codebase or listing changes.
Wire it into what you already use
Use the plugin when available. Shopify recommends it because it auto-updates as new checks and skills ship—faster than maintaining a static prompt. Cursor: install Shopify from the Cursor Marketplace. Claude Code: add the Shopify marketplace and install the plugin from Shopify’s install guide.
Prefer MCP? Add Dev MCP (@shopify/dev-mcp) so answers come from live developer docs. Codex users add a mcp_servers entry in ~/.codex/config.toml; Cursor users add the server under MCP settings (Shopify publishes the JSON). Note Codex officially supports the Toolkit via skills and MCP, not the full plugin path—plan accordingly. Skills-only install: npx skills add Shopify/shopify-ai-toolkit (optional --skill for a subset)—great for a small footprint, but you must pull updates yourself.
Run self-review like a checklist, not a vibe check
Ask for a structured review: embedded session-token auth, billing and plan limits, webhooks and idempotency, protected customer data, and listing vs. implementation parity—common review friction points. Paste relevant error messages, webhook payloads, or Partner Dashboard copy when you can; context reduces false positives. Re-run the same prompt after fixes so changes stay auditable.
In review, run self-review after meaningful commits: reviewers may lag your branch; catching regressions early shortens round-trips. If you ship a hotfix for one finding, run the full pass again—compliance regressions rarely stay isolated. Still test manually on a dev store and representative themes—self-review complements human QA; it does not replace it.
The Toolkit keeps agents aligned with how Shopify works today; self-review applies that to App Store compliance early and often, inside the tools you already build with.