Hi Everyone,
I’m on the team that owns the Theme CLI. Thank you for all your reports and insights and for bearing with us while we sort out this most recent flare up of CLI errors. We know it’s very frustrating and disruptive to your workflows and productivity.
I’d like to give you all some insight into what has been going on and what we’re trying to do about it
For this specific case
The 429s a number of you have been hitting with Shopify theme dev over the past week are caused by a UA-parsing bug on our side: when the CLI appends Shopify CLI; v=… to the end of an existing User-Agent string, our bot-detection sniffer misses it, so the request loses its CLI exemption and trips a complexity-based rate limit at the Cloudflare edge. Fix is up and will roll out shortly. In the meantime, switching from OAuth to a Theme Access password has been working as a workaround. We’ll follow up here once the fix is deployed.
This problem keeps happening, what are we doing about it?
Part of the challenge is that the theme CLI gets caught in the crosshairs of changes to bot detection. For various reasons, the theme CLI will get misidentified as bot traffic and that then impacts theme devs. We do have monitoring in place to see when it is happening and respond when we see spikes to identify what changed and why the CLI was impacted.
It will take more investment and coordination to have a more proactive rather than reactive approach to addressing this.
For future
We will keep monitoring this thread and others on the 429s
Some of you have been very kind to share logs directly with us in the past which have helped us sort out these issues. Thank you for that.
I do ask that you please refrain from emailing our dev directly unless we have requested it as it becomes quite noisy to sift through the logs we need vs general reports of issues.