orcaqubits/bc-setup
bigcommerce-commerce/skills/bc-setup/SKILL.md
Set up a BigCommerce development environment — Stencil CLI, API credentials, sandbox stores, Catalyst, and developer tools. Use when starting a new BigCommerce project or configuring development tools.
$ install --global
skillsauthnpx skillsauth add orcaqubits/agentic-commerce-claude-plugins bc-setupInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 6:43 AM150.1s1 file scanned
SKILL.md
- name:
- bc-setup
- description:
- Set up a BigCommerce development environment — Stencil CLI, API credentials, sandbox stores, Catalyst, and developer tools. Use when starting a new BigCommerce project or configuring development tools.
- allowed-tools:
- Read, Write, Edit, Bash, Grep, Glob, WebSearch, WebFetch
BigCommerce Development Environment Setup
Before writing code
Fetch live docs:
- Fetch
https://developer.bigcommerce.com/for the developer center overview - Web-search
site:developer.bigcommerce.com stencil cli getting startedfor Stencil CLI setup - Web-search
bigcommerce sandbox store trialfor sandbox/dev store options
Developer Account & Store
Getting Started
- Create a free trial or sandbox store at bigcommerce.com
- Partner/Developer sandbox stores are available through the BigCommerce Partner Program
- Each store has a unique store hash (found in the API path or admin URL)
API Credentials
Create API credentials at Store Admin > Advanced Settings > API Accounts:
- API Path —
https://api.bigcommerce.com/stores/{store_hash}/v3/ - Client ID — identifies your application
- Access Token — authenticates API requests (
X-Auth-Tokenheader) - Client Secret — used in OAuth flow for apps
- OAuth scopes control access: products, orders, customers, content, etc.
Stencil CLI
Installation
npm install -g @bigcommerce/stencil-cli
Requires Node.js 18+ and npm.
Initializing a Theme
stencil init
Prompts for:
- Store URL (e.g.,
https://my-store.mybigcommerce.com) - API Token (Stencil-CLI scope token)
- Port for local dev server (default 3000)
Stores config in .stencil file (add to .gitignore).
Key Commands
| Command | Description |
|---------|-------------|
| stencil start | Start local development server with live reload |
| stencil bundle | Bundle theme for upload |
| stencil push | Push theme to store (with options to activate) |
| stencil pull | Download current live theme |
| stencil release | Release theme update |
Theme Directory Structure
cornerstone/ # Default theme (fork this)
├── assets/
│ ├── scss/ # Stylesheets
│ ├── js/ # JavaScript modules
│ └── img/ # Static images
├── templates/
│ ├── layout/ # Master layout templates
│ ├── pages/ # Page templates
│ ├── components/ # Reusable partials
│ └── ...
├── lang/ # Internationalization JSON
├── config.json # Theme configuration & variations
├── schema.json # Theme Editor schema
├── package.json # Node dependencies
└── .stencil # Local CLI config (gitignored)
Catalyst (Headless)
Setup
npx create-catalyst-storefront@latest my-store
Creates a Next.js 14+ application pre-configured with:
- BigCommerce GraphQL Storefront API integration
- Product listing, detail, cart, and checkout pages
- Authentication flows
- Tailwind CSS styling
Requires: Node.js 18+, BigCommerce store with Storefront API token.
App Development Setup
Local Tunnel
For OAuth callback during development:
- Use
ngrok,cloudflared, or similar tunnel - Expose local port to a public HTTPS URL
- Set callback URL in Dev Tools Portal
Developer Portal
Register apps at https://devtools.bigcommerce.com/:
- Set OAuth callback URL
- Configure required scopes
- Get Client ID and Client Secret
Environment Variables
Common Variables
BIGCOMMERCE_STORE_HASH=your_store_hash
BIGCOMMERCE_ACCESS_TOKEN=your_access_token
BIGCOMMERCE_CLIENT_ID=your_client_id
BIGCOMMERCE_CLIENT_SECRET=your_client_secret
BIGCOMMERCE_API_URL=https://api.bigcommerce.com/stores/{store_hash}/v3
Store in .env file (add to .gitignore). Never commit credentials.
Best Practices
- Use sandbox/trial stores for development — never develop against production
- Store all credentials in environment variables, never in code
- Add
.stenciland.envto.gitignore - Fork Cornerstone (the default theme) for custom Stencil themes
- Use Catalyst for new headless projects
- Keep Stencil CLI updated:
npm update -g @bigcommerce/stencil-cli
Fetch the BigCommerce developer center and Stencil CLI docs for exact setup steps, supported Node.js versions, and current CLI options before setting up.
Related Skills
orcaqubits/spree-headless-storefront
development
VerifiedTrustedCommunity
Build with Spree's headless Next.js storefront — the official `spree/storefront` repo (Next.js 16 App Router with Server Actions and Turbopack, React 19 Server Components, Tailwind CSS 4, TypeScript 5, `@spree/sdk`, Sentry), server-only auth (httpOnly JWT cookies + publishable key), MeiliSearch faceted catalog, one-page checkout with Apple/Google Pay/Klarna/Affirm/SEPA, multi-region market routing, GA4 + JSON-LD SEO, and Vercel/Docker deployment. Use when forking or customizing the storefront, or evaluating headless adoption.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-extensions
tools
VerifiedTrustedCommunity
Build Spree extensions as Rails engines — gem scaffolding, `bin/rails g spree:extension`, mounting routes/migrations/assets, the modern `prepend` decorator pattern (`*_decorator.rb` with `self.prepended(base)`), generators (`spree:model_decorator`, `spree:controller_decorator`), the four customization surfaces in preference order (Events > Webhooks > Dependencies > Decorators), Spree::Dependencies for swapping service objects, gem release/versioning, and the deprecated Deface engine. Use when building a reusable Spree extension or adding non-trivial customization to an app.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-events-webhooks
development
VerifiedTrustedCommunity
Build with Spree's event bus and Webhooks 2.0 — `Spree::Events` publication, `Spree::Subscriber` DSL with `subscribes_to` and `on`, wildcard matching, lifecycle events (`{model}.created/.updated/.deleted` via `publishes_lifecycle_events`), the canonical event catalog (order.*, payment.*, shipment.*, product.*), Webhooks 2.0 endpoints, HMAC-SHA256 signing (`X-Spree-Webhook-Signature`), exponential-backoff retries, and Sidekiq job orchestration. Use when wiring event-driven business logic, building webhook consumers, or replacing ActiveSupport callback chains.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-dev-patterns
tools
VerifiedTrustedCommunity
Cross-cutting Spree development patterns — the customization preference hierarchy (Events > Webhooks > Dependencies > Decorators), `Spree::Dependencies` service-object swapping, the `_decorator.rb` + `prepend` + `self.prepended` idiom, idempotent subscribers and webhook receivers, multi-store scoping discipline, prefixed IDs, calculator polymorphism (shipping/promotion/tax share the base), service-object composition with `dry-monads` or simple results, why to avoid `class_eval` reopening and Deface, and Spree-on-Rails idioms (Hotwire/Turbo Stimulus, ActiveStorage, Action Cable, Sidekiq). Use when designing the architecture of a Spree extension or solving cross-cutting concerns.
27SKILL.mdUpdated May 14, 2026