# Use FlowRelay with Shopify Sidekick

Canonical: https://docs.flowrelay.app/agent-access/shopify-sidekick/
Markdown: https://docs.flowrelay.app/agent-access/shopify-sidekick.md

Use this guide when a Shopify Admin user wants Sidekick to help with FlowRelay setup, testing, diagnostics, recovery, or swapover planning without handing an agent a separate FlowRelay Agent Access token.

## Agent workflow
Agents should orient through docs before using authenticated tools.
1. Open Shopify Admin and ask Sidekick to use the Shopify app named FlowRelay.
2. Use Sidekick for compact FlowRelay reads such as setup status, endpoint summaries, recent event status, event results, replay eligibility, and plan status.
3. For changes, let Sidekick open the FlowRelay confirmation screen, then review and confirm inside FlowRelay.
4. Keep secrets, endpoint URLs, raw payloads, auth headers, Shopify tokens, customer records, and copied private logs out of chat.
5. When planning a swapover before FlowRelay has data, ask Sidekick to build a candidate-lane inventory from safe Shopify Admin and operator evidence, then label confidence and access gaps.
6. Prove one low-risk pilot with a synthetic event and FlowRelay receipt before changing broader production traffic.

## How authorization works
Shopify Sidekick is a supervised Shopify Admin surface. A merchant or authorized Shopify Admin user is already authenticated to Shopify, so FlowRelay does not use FlowRelay Agent Access tokens for Sidekick. Sidekick calls are tied to the installed FlowRelay Shopify app and still use FlowRelay redaction, confirmation, audit, billing, grant, and safety rails.


## What Sidekick can help with
Sidekick can summarize compact FlowRelay state and open FlowRelay action screens for setup and operations. Validated FlowRelay Sidekick coverage includes endpoint search, setup status, endpoint detail, recent event status, event result, replay and reliability summary, plan status, in-app test-event send, create or edit endpoint, diagnose readiness, replay, support handoff, billing handoff, Agent Access handoff, rotate secret, and delete or tombstone endpoint.


- Need: Understand readiness; Use Sidekick for: Setup status, endpoint summaries, recent events, event results, replay eligibility, and plan status.; Confirm where: Read-only summaries in Sidekick, with links back to FlowRelay for detail.
- Need: Create or change setup; Use Sidekick for: Opening a focused FlowRelay action screen with the requested endpoint or configuration context.; Confirm where: FlowRelay inline confirmation UI inside Shopify Admin.
- Need: Recover or investigate; Use Sidekick for: Diagnose readiness, summarize safe event state, preview eligible replay, or open diagnostics/support handoff.; Confirm where: FlowRelay confirmation UI before replay, support sharing, billing, grants, rotation, or delete.

## Use this wording
In a normal merchant shop, ask for FlowRelay directly. Do not call it a separate production skill or ask Sidekick to bypass FlowRelay confirmation screens.

### FlowRelay Sidekick starter
Use in Shopify Admin after FlowRelay is installed.

```text
Use the Shopify app named FlowRelay in this store.

Help me review FlowRelay setup status, endpoint readiness, recent event status, replay eligibility, and plan status. Do not show or ask for secrets, endpoint URLs, raw payloads, auth headers, tokens, customer records, copied private logs, or Shopify session data.

If something needs to change, open the FlowRelay confirmation screen and tell me what I should verify before I confirm.
```


## Swapover inventory prompt
Use this before a merchant has FlowRelay endpoints or receipts. Sidekick may help organize Shopify Admin context, but it should not be treated as a guaranteed inventory of every Shopify Flow workflow, third-party app, Zapier/Make lane, custom middleware route, or serverless function. The useful output is a confidence-labeled candidate inventory and one safe pilot recommendation.

### Sidekick swapover inventory prompt
Use in Shopify Admin before creating FlowRelay endpoints.

```text
Help me build a safe FlowRelay swapover inventory before I create any FlowRelay endpoints.

Assume FlowRelay may not have data yet. Do not ask me for secrets, auth headers, raw payloads, tokens, customer records, copied private logs, endpoint URLs, or store passwords.

Start by listing candidate event lanes that might eventually move to FlowRelay. For each lane, capture:
- suspected sender/source system
- current receiver or automation path
- suspected Shopify Flow workflow or downstream action
- owner
- volume or rough frequency
- criticality
- retry/failure pattern if known
- rollback owner/path
- evidence source
- confidence level
- access gap or next evidence step

Use Shopify Admin context when available, but label anything you cannot verify. If you cannot reliably inspect a Shopify Flow workflow definition or a third-party app's endpoint setup, say that plainly and ask me for a safe summary instead. Then recommend one low-risk pilot lane and the exact FlowRelay action to open next.
```


## Hard boundaries
Sidekick should not reveal or request endpoint secrets, one-time secret values, endpoint URLs, signed request bodies, HMAC values, full auth headers, Shopify tokens, Shopify sessions, database URLs, customer-data dumps, raw payloads, or copied private logs. Billing, grants, replay, delete, secret rotation, diagnostics sharing, endpoint creation, and endpoint edits stay merchant-confirmed inside FlowRelay and leave audit evidence.


## When to use Agent Access instead
Use FlowRelay Agent Access when the work happens outside Shopify Admin through an API client, CLI, MCP host, private coding agent, or operations assistant. Agent Access uses scoped FlowRelay grants and tokens. Shopify Sidekick uses Shopify Admin authentication and FlowRelay confirmation surfaces, so it is better for a merchant already working inside Shopify Admin.


## Evidence before rollout
For a swapover, do not let a chat summary become the cutover proof. Choose one low-risk lane, create a FlowRelay endpoint, send a synthetic test event, check the FlowRelay receipt and Shopify Flow handoff, confirm downstream Flow behavior separately, then expand lane by lane with rollback owners and monitoring cadence.


## Handoff Boundary
Delivered means FlowRelay handed the trigger to Shopify Flow. It does not mean downstream Shopify Flow branches, app calls, fulfillment changes, emails, or later systems completed.

## Related
- [Swap over to FlowRelay](https://docs.flowrelay.app/use-cases/swapover-to-flowrelay.md)
- [Set up with an agent](https://docs.flowrelay.app/agent-access/setup-with-an-agent.md)
- [Endpoint swap plan](https://docs.flowrelay.app/agent-access/endpoint-swap-plan.md)
- [Read receipts](https://docs.flowrelay.app/operate/receipts.md)
- [Share diagnostics](https://docs.flowrelay.app/recover/diagnostics.md)

## Safety Boundary
Do not include raw event bodies, endpoint secrets, authentication headers, HMAC values, Shopify tokens, Shopify sessions, database URLs, customer data, merchant incidents, or copied private logs in public examples.