orcaqubits/medusa-storefront
dist/codex/medusa-commerce/skills/medusa-storefront/SKILL.md
Build Medusa v2 storefronts with Next.js 15 — App Router, JS SDK client setup, Tanstack Query, server components, product pages, cart, and checkout flow. Use when developing headless storefronts.
$ install --global
skillsauthnpx skillsauth add orcaqubits/agentic-commerce-claude-plugins medusa-storefrontInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 9, 2026, 7:04 AM192.9s1 file scanned
SKILL.md
- name:
- medusa-storefront
- description:
- >
Medusa v2 Storefront with Next.js
Before writing code
Fetch live docs:
- Fetch
https://docs.medusajs.com/resources/storefront-developmentfor storefront overview - Web-search
site:docs.medusajs.com nextjs starter storefrontfor starter template - Web-search
site:docs.medusajs.com JS SDK client setupfor Medusa SDK configuration - Web-search
site:docs.medusajs.com storefront API referencefor Store API endpoints - Web-search
site:github.com medusajs nextjs-starter-medusafor latest starter source
Storefront Architecture
Medusa v2 storefronts are headless -- they consume the Store API over HTTP:
| Layer | Component |
|-------|-----------|
| Frontend | Next.js App (SSR/RSC) |
| HTTP Client | Medusa JS SDK |
| Backend | Medusa Backend (/store/* API routes) |
| Storage | PostgreSQL / Redis |
Next.js Starter Structure
| Directory | Key Files |
|-----------|-----------|
| app/ | layout.tsx, page.tsx (homepage) |
| app/(main)/products/ | page.tsx (listing), [handle]/page.tsx (detail) |
| app/(main)/collections/ | [handle]/page.tsx (collection) |
| app/(main)/cart/, app/(main)/checkout/ | Cart page, checkout flow |
| app/(auth)/, app/account/ | Login/register, customer dashboard |
| lib/ | sdk.ts (Medusa client), data/ (fetching), util/ |
| components/ | products/, cart/, checkout/, layout/ |
| Root | next.config.js, .env.local |
JS SDK Client Setup
SDK Installation
The Medusa JS SDK provides typed access to the Store API:
// lib/sdk.ts — Fetch live docs for Medusa SDK initialization
import Medusa from "@medusajs/js-sdk"
export const sdk = new Medusa({
baseUrl: process.env.NEXT_PUBLIC_MEDUSA_BACKEND_URL!,
// Fetch live docs for publishableKey and other options
})
Environment Variables
NEXT_PUBLIC_MEDUSA_BACKEND_URL=http://localhost:9000
NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY=pk_...
The publishable API key is required for Store API requests and scopes them to a specific sales channel.
Key Store API Domains
| Domain | SDK Namespace | Key Operations |
|--------|--------------|----------------|
| Products | sdk.store.product | List, retrieve by handle |
| Collections | sdk.store.collection | List, retrieve |
| Categories | sdk.store.category | List, tree |
| Cart | sdk.store.cart | Create, add items, update |
| Checkout | sdk.store.cart | Add shipping, complete |
| Customer | sdk.store.customer | Register, login, profile |
| Orders | sdk.store.order | List customer orders |
| Regions | sdk.store.region | List regions and currencies |
| Shipping | sdk.store.fulfillment | List shipping options |
Fetch live docs for the complete SDK namespace list and method signatures.
Server Components vs Client Components
| Pattern | Use For | |---------|---------| | Server Component (RSC) | Product listing, product detail, static content | | Client Component | Cart interactions, checkout form, quantity selectors | | Server Action | Cart mutations, checkout submission |
Data Fetching in Server Components
// app/(main)/products/[handle]/page.tsx
// Fetch live docs for SDK method signatures
export default async function ProductPage({ params }) {
const { product } = await sdk.store.product.retrieve(params.handle)
return <ProductTemplate product={product} />
}
Cart Flow
| Step | Action | SDK Method |
|------|--------|-----------|
| 1. Create cart | On first add-to-cart | sdk.store.cart.create() |
| 2. Add line item | User adds product | sdk.store.cart.addLineItem() |
| 3. Update quantity | User changes qty | sdk.store.cart.updateLineItem() |
| 4. Remove item | User removes product | sdk.store.cart.removeLineItem() |
| 5. Set region | Auto or user selection | sdk.store.cart.update() |
Cart ID is typically stored in a cookie or localStorage for persistence across sessions.
Checkout Flow
| Step | Required Data | SDK Call |
|------|--------------|---------|
| 1. Address | Shipping + billing address | sdk.store.cart.update() |
| 2. Shipping | Selected shipping option | sdk.store.cart.addShippingMethod() |
| 3. Payment | Payment provider session | sdk.store.cart.initiatePaymentSession() |
| 4. Complete | Confirmation | sdk.store.cart.complete() |
Customer Authentication
| Flow | Description | |------|-------------| | Registration | Create customer account via Store API | | Login | Authenticate and receive session token | | Session | Token stored in cookie, sent with requests | | Profile | Update customer info, addresses | | Orders | View past orders linked to customer |
// Fetch live docs for customer auth SDK methods
await sdk.auth.login("customer", "emailpass", {
email: "[email protected]",
password: "password",
})
Region and Currency Handling
- Medusa supports multiple regions with different currencies
- Storefront should detect or let the user select a region
- All product prices are region-aware
- Cart is tied to a region which determines currency and tax rules
Performance Considerations
| Technique | Implementation |
|-----------|---------------|
| Static Generation (SSG) | Use generateStaticParams for product pages |
| ISR | Revalidate product pages periodically |
| Streaming | Use Suspense boundaries for slow data |
| Image optimization | Use Next.js <Image> with Medusa image URLs |
| Prefetching | Use <Link> for product navigation |
Best Practices
- Use Server Components for data fetching -- minimize client-side JavaScript
- Store the cart ID in a cookie for cross-tab and SSR access
- Use the publishable API key to scope requests to the correct sales channel
- Handle region/currency at the layout level, not per-page
- Implement optimistic UI updates for cart operations to improve perceived performance
- Use
generateStaticParamsfor product and collection pages for SEO and speed - Keep checkout as a linear flow -- do not allow skipping steps
Fetch the Medusa storefront documentation and Next.js starter source for exact SDK method signatures, component patterns, and checkout flow details before implementing.
Related Skills
orcaqubits/spree-headless-storefront
development
VerifiedTrustedCommunity
Build with Spree's headless Next.js storefront — the official `spree/storefront` repo (Next.js 16 App Router with Server Actions and Turbopack, React 19 Server Components, Tailwind CSS 4, TypeScript 5, `@spree/sdk`, Sentry), server-only auth (httpOnly JWT cookies + publishable key), MeiliSearch faceted catalog, one-page checkout with Apple/Google Pay/Klarna/Affirm/SEPA, multi-region market routing, GA4 + JSON-LD SEO, and Vercel/Docker deployment. Use when forking or customizing the storefront, or evaluating headless adoption.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-extensions
tools
VerifiedTrustedCommunity
Build Spree extensions as Rails engines — gem scaffolding, `bin/rails g spree:extension`, mounting routes/migrations/assets, the modern `prepend` decorator pattern (`*_decorator.rb` with `self.prepended(base)`), generators (`spree:model_decorator`, `spree:controller_decorator`), the four customization surfaces in preference order (Events > Webhooks > Dependencies > Decorators), Spree::Dependencies for swapping service objects, gem release/versioning, and the deprecated Deface engine. Use when building a reusable Spree extension or adding non-trivial customization to an app.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-events-webhooks
development
VerifiedTrustedCommunity
Build with Spree's event bus and Webhooks 2.0 — `Spree::Events` publication, `Spree::Subscriber` DSL with `subscribes_to` and `on`, wildcard matching, lifecycle events (`{model}.created/.updated/.deleted` via `publishes_lifecycle_events`), the canonical event catalog (order.*, payment.*, shipment.*, product.*), Webhooks 2.0 endpoints, HMAC-SHA256 signing (`X-Spree-Webhook-Signature`), exponential-backoff retries, and Sidekiq job orchestration. Use when wiring event-driven business logic, building webhook consumers, or replacing ActiveSupport callback chains.
27SKILL.mdUpdated May 14, 2026
orcaqubits/spree-dev-patterns
tools
VerifiedTrustedCommunity
Cross-cutting Spree development patterns — the customization preference hierarchy (Events > Webhooks > Dependencies > Decorators), `Spree::Dependencies` service-object swapping, the `_decorator.rb` + `prepend` + `self.prepended` idiom, idempotent subscribers and webhook receivers, multi-store scoping discipline, prefixed IDs, calculator polymorphism (shipping/promotion/tax share the base), service-object composition with `dry-monads` or simple results, why to avoid `class_eval` reopening and Deface, and Spree-on-Rails idioms (Hotwire/Turbo Stimulus, ActiveStorage, Action Cable, Sidekiq). Use when designing the architecture of a Spree extension or solving cross-cutting concerns.
27SKILL.mdUpdated May 14, 2026