vtex

Apply when designing or modifying a VTEX IO storefront theme app — the app that owns `store/blocks.json`, `store/routes.json`, `store/templates/`, `store/contentSchemas.json`, and the storefront page tree assembled from `store.home`, `store.product`, `store.search`, `store.custom`, and other native page templates. Covers how a theme app extends a base theme, declares routes, composes blocks across pages, and how its `store/` files relate to merchant Site Editor content. Use for theme scaffolding, custom page routes, theme-level overrides, or reviewing whether a change belongs in the theme app, in a component app, or in app settings.

Apply when choosing which VTEX IO authentication token should back a request from a backend app. Covers `ctx.authToken`, `ctx.storeUserAuthToken`, `ctx.adminUserAuthToken`, `authMethod`, and how requester context should determine the identity used by VTEX clients. Use for deciding which identity talks to VTEX endpoints in storefront-backed requests, Admin actions, or app-level integrations that should avoid hardcoded VTEX credentials.

Scaffolds React components, store blocks, and admin panels for VTEX IO with correct interfaces.json, content schemas, and Styleguide patterns baked in.

Apply when building VTEX IO admin-facing React interfaces under the admin builder. Covers VTEX Styleguide and Shoreline usage, admin page composition, data-heavy admin interactions, and keeping administrative interfaces consistent with the VTEX Admin environment. Use for settings pages, moderation tools, dashboards, or operational UIs inside VTEX Admin.

Helps you write schema definitions, resolvers, and directives for VTEX IO apps. Handles cache control, auth rules, and Service class wiring so queries and mutations work without the boilerplate confusion.

Reviews or designs how your VTEX IO backend connects to VTEX services and external APIs. Recommends the correct client type, registers it in IOClients, and surfaces configuration pitfalls.

Generates React components for VTEX IO Store Framework with proper css-handles, context hooks, and theme-block patterns baked in—so they work in the admin and on the storefront without rewrites.

Maps service routes and integrations to explicit least-privilege permissions, flags overreach, and catches missing access rules before deploy — VTEX IO specific.

Apply when designing VTEX IO configuration apps with the configuration builder or when a service app must receive structured configuration through runtime context. Covers the separation between service apps and configuration apps, schema.json and configuration.json, settingsType, and reading injected configuration through ctx.vtex.settings. Use for shared service configuration, decoupled configuration lifecycle, or reviewing whether app settings should be replaced by a configuration app.

Apply when working with MasterData v2 entities, schemas, or MasterDataClient in VTEX IO apps, or when anyone designing or implementing a solution must scrutinize whether Master Data is the correct storage. The skill prompts hard questions: native Catalog or other VTEX stores, OMS, or an external database may be better; do not default to MD because it is convenient. Covers JSON Schema, CRUD, triggers, search and scroll, schema lifecycle, purchase-path avoidance, single source of truth, and BFF handoffs. Use for justified custom persistence while avoiding the 60-schema limit.

Profiles a Node or .NET service running on VTEX IO and recommends caching patterns, parallelization, and request deduplication to cut latency without adding infrastructure.

Apply when controlling access to VTEX IO app resources using role-based or resource-based policies. Covers policies.json for role-based access control, service.json policies for resource-based access, VRN syntax for principals, the difference between app-to-app and user/integration access, and GraphQL @auth directives. Use when deciding how to secure routes and restrict which apps, users, or integrations can access your endpoints.

Guides you through the workspace-to-master promotion flow for theme app versions, including content migration, conflict resolution, and rollback recovery without losing merchant customizations.

Writes or audits a manifest.json that declares builders, dependencies, and billing correctly—so the app installs, integrates, and publishes without link/contract errors.