@kotao/storefront-contracts
The contract layer between your theme and the platform: Zod schemas the build validates your theme against, plus the signed-context primitives the runtime uses.
Section & settings schemas
Section titled “Section & settings schemas”SectionSchemaSchema— validates a section’sschemaexport (name, settings, blocks, presets). Your sections are checked against it at build time.SettingInputSchema+SETTING_INPUT_TYPES— the allowed setting input types (text, select, color, image, …) merchants configure in the editor.BlockDefSchema/BlockInstanceSchema,PresetSchema,SectionInstanceSchema,ValuesDocumentSchema— the building blocks of settings-as-data documents.
Theme manifest
Section titled “Theme manifest”ThemeManifestSchema validates kotao.theme.json — the manifest every deploy is checked
against. AllowedOriginSchema and ScriptTagsSchema (+ parseStorefrontScriptTags)
govern what a theme may load from where.
Signed shop context
Section titled “Signed shop context”signShopContext / verifyShopContext and signAssertion / verifyAssertion carry the
authenticated shop identity between the platform and your theme (SHOP_HEADER,
SHOP_SIGNATURE_HEADER, CLIENT_IP_HEADER). You rarely call these yourself — the scaffold’s
Worker entry wires them — but they explain how a request proves which shop it belongs to.