# GEO Agent App Review Evidence Ledger

Use this as the current evidence record before the final Partner Dashboard submission. It keeps code-backed proof separate from dashboard-only gates.

## Current Automated Proof

- Production review packet: `https://geo-agent.fly.dev/app-review`
- Machine-readable review packet: `https://geo-agent.fly.dev/app-review.json`
- Live smoke command: `npm run review:smoke`
- Local verification command: `npx -y -p node@20.19.0 -p yarn@1.22.22 -c 'node -v && yarn -v && yarn test && yarn build'`

## Covered By Automated Proof

- Public app URL, support, privacy, terms, pricing, OpenAPI, sitemap, and review packet routes return HTTP 200.
- Agent-readable commerce surfaces are Shopify Billing-only and do not advertise direct card, Stripe Payment Link, SPT, x402, or other off-platform app charges.
- Static `/api/v1` discovery index is checked separately from catalog, quote, and checkout endpoints.
- `/.well-known/commerce.json`, `/.well-known/agent.json`, `/api/v1/catalog`, `/api/v1/quote`, `/api/v1/checkout`, and `/openapi.yaml` all stay inside the Shopify Billing review contract.
- `/api/llms-txt` returns the expected direct-origin 400 or 401 because signed Shopify app-proxy context is required.
- App, product, and compliance webhook routes reject unsigned direct POSTs with auth/error responses instead of returning 404.
- App-review JSON names requested scopes, avoided scopes, compliance webhooks, operational webhooks, data-use limits, AI self-review answers, billing verification, and manual dashboard gates.

## Manual Dashboard Gates Still Open

- Run Shopify's App Store AI self-review from the Partner Dashboard or Shopify AI Toolkit using `marketing/app-review-ai-self-review.md`.
- Install and open the production app in a Shopify development store from Shopify Admin so Shopify can observe embedded App Bridge/session-token usage.
- Approve a Shopify Billing subscription in the development store and confirm the embedded app reflects the active subscription after Shopify reports it.
- Capture and attach the demo screencast following `marketing/app-review-media-plan.md`.
- Paste `marketing/app-review-tester-instructions.md` into the Partner Dashboard testing instructions field.
- Run the storefront app-proxy checks from the review store using `marketing/app-review-app-proxy-verification.md`.

## Submission Guardrails

- Do not submit until the live smoke passes on the deployed app.
- Do not claim final Shopify submission readiness from code checks alone; the gates above require Partner Dashboard or development-store evidence.
- Do not include pricing in screenshots or promotional image captions.
- Do not claim guaranteed search rankings, AI recommendations, sales, or traffic lift.
- Do not mention direct Stripe, Payment Link, SPT, direct card checkout, machine-payment, or other off-platform app charges in review-facing copy.