docs: improve Spark developer onboarding

[next-devin]

Summary

• split the README quick start into local inspection and real-store install paths, with expected time and first-run troubleshooting
• add CONTRIBUTING, CHANGELOG, issue templates, CI checks, and an Extending Spark guide
• link the new extension guide from README/docs and update the roadmap so it is not stale

Verification

• python3 -m unittest discover -s tests
• python3 scripts/sass-compat.py --check assets/main.css
• parsed new GitHub workflow and issue-template YAML with PyYAML
• git diff --check

Follow-up

• This PR improves the existing GitHub-first DX. It does not solve the bigger magical first-run question: a sandbox, sample store, hosted preview, or demo flow that lets developers see Spark without real store credentials.

[kilo-code-bot]

WARNING: Node.js 22 is installed but never used in this workflow. The only steps that run are python3 -m unittest discover -s tests and python3 scripts/sass-compat.py --check assets/main.css. actions/setup-node@v4 adds ~30s of setup time and disk on every CI run for no benefit — remove the Node step until a Node-based check (lint, build, etc.) is actually wired in.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: Add an explicit permissions: block (e.g. permissions: { contents: read }) and consider a concurrency: group with cancel-in-progress: true. A verify-only workflow should request the least privilege it needs, and canceling superseded runs saves minutes on every push to a PR.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: sass-compat.py imports yaml (PyYAML) in several places; CI does not install it. If any test or sass-compat path hits a YAML parser, the workflow will fail with ModuleNotFoundError. Either add pip install pyyaml (or a requirements-ci.txt) to this step, or guard the YAML imports in the scripts.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: Every other field in this template is required: true, but the checks "Verification" field is not. For a reproducible-bug template this is the most useful field for maintainers (it confirms whether the reporter ran the canonical tests). Consider making it required, or at minimum add required: false with an explicit note that it's optional, so the schema intent matches the prose.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: The Affected surface dropdown has no "Web Component" option even though Spark ships 6 Web Components (<spark-add-to-cart>, <spark-cart-drawer>, <spark-progress-bar>, <spark-quantity>, <spark-subscription>, <spark-upsell-item>) per CLAUDE.md. Bug reports against those components will be forced into "Other" or miscategorized. Add a "Web Component" option (and consider sub-options for the six components).

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: The verification section lists python3 scripts/sass-compat.py --check assets/main.css but does not install dependencies first. sass-compat.py parses YAML in places; a fresh clone running only this command may hit ModuleNotFoundError: yaml. Consider adding python3 -m pip install pyyaml (or a pinned requirements-dev.txt) as the first step, so the verification commands are actually self-sufficient on a clean machine.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: The previous entries use ## X.Y.Z - YYYY-MM-DD (dated). The new top section is just ## Unreleased with no date and no version. That is conventional, but to keep grep-ability and tooling friendly, consider including the in-progress version (e.g. ## Unreleased - 1.1.2) so the next release can simply replace the heading instead of inserting a new section in the middle of the file.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

WARNING: "If ntk reports that -a/--apikey and -s/--store are required..." — this hard-codes the exact ntk CLI flag names and error message. If next-theme-kit renames the flags or changes the error wording, this README sentence will be silently wrong and contributors will lose trust in the docs. Either link to the canonical ntk --help / ntk README rather than quoting the error, or add a CI check that exercises ntk init and updates this paragraph when the wording changes.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: "If Python prints a local OpenSSL or urllib3 warning before ntk output, use a newer Python virtual environment..." This troubleshooting note is about the user's local Python TLS stack, not about Spark. It will date quickly (Python 3.12+ ships stricter TLS defaults) and crowds out Spark-specific troubleshooting. Consider moving it to a docs/troubleshooting.md or to a footnote, and keep the Quick Start focused on Spark-specific steps.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: The new row for extending-spark.md is sandwiched between section-specs/ (a directory of specs) and design-block-authoring.md. extending-spark.md is a higher-level "how to extend" guide, so it logically belongs as the first or second row of the Start Here table (before the per-section specs and authoring guides). Reorder so readers find the extension overview before the per-feature details.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

Code Review Summary

Status: 0 New Issues | Recommendation: Ready to merge (subject to carried-forward items)

Overview

Severity	Count
CRITICAL	0
WARNING	0
SUGGESTION	0 (this commit)

The follow-up commit d28700d resolves all three SUGGESTIONs flagged in the previous review. No new issues were introduced on the changed lines.

Resolved in this commit

File	Prior issue	Resolution
.github/workflows/ci.yml	Line 37: python3 bypassed setup-python 3.11 toolchain	All four steps now invoke python, matching the configured toolchain
.github/workflows/ci.yml	Line 56: hardcoded a single JS test file	Now iterates tests/js/*.test.js via a for loop, picking up any future test module
README.md	Line 75: ## Troubleshooting lived inside ## Development and only covered install pain	Section moved to a top-level ## Troubleshooting (now line 89) after ## CSS Compatibility Verification; bullets consolidated to include both install/credential pain and CSS/build/cache troubleshooting

Carried forward (unchanged files / unchanged lines)

File	Line	Issue
docs/extending-spark.md	N/A (unchanged)	Even after the prior fix, this guide still does not link to a single canonical {% app_hook %} index; consider adding a short "App Hook Catalog" table near the App Hooks section. (Minor; not flagged again this round.)
PLAN.md	111 (unchanged)	The line Keep the "Extending Spark" guide current as settings, partials, app hooks, and Web Components evolve. is unchanged but still very close to a duplicate of the first bullet. (Minor; not flagged this round.)

Notes on new code in this diff

• for test_file in tests/js/*.test.js; do node "$test_file"; done runs under the GitHub Actions default bash -eo pipefail shell, so set -e is in effect and a failing test will fail the step. The loop body is therefore fail-fast; no reliability regression vs. the previous hardcoded invocation.
• The python invocations resolve to the setup-python@v5 3.11 toolchain on default GitHub-hosted Ubuntu runners, so PyYAML and the unittests run against the same Python version as the YAML-validation step.

Assumptions

• GitHub-hosted Ubuntu runner with the default bash shell is the only execution target; if a self-hosted runner with a non-bash default shell is added later, the for loop should be re-evaluated.
• The tests/js/ directory continues to contain at least one *.test.js file; if it is ever emptied, the loop will run once with the literal glob string and node will fail (a clear, expected signal — not a bug).

Files Reviewed (2 files in this incremental diff)

• .github/workflows/ci.yml - 0 new issues (2 prior issues resolved)
• README.md - 0 new issues (1 prior issue resolved)

Fix these issues in Kilo Cloud

Previous Review Summaries (2 snapshots, latest commit c0cbd3c)

Current summary above is authoritative. Previous snapshots are kept for context only.

Previous review (commit c0cbd3c)

Status: 7 Issues Found (5 resolved since prior review, 2 carried forward, 3 new) | Recommendation: Address the new CI/README findings before merge

Overview

Severity	Count
CRITICAL	0
WARNING	0
SUGGESTION	3 (new) + 2 carried forward (unchanged-file lines)

The follow-up commit c0cbd3c resolves 5 of the 7 issues from the prior review and tightens the rest. The most important fix is the corrected {% app_hook %} link targets in docs/extending-spark.md, which now point to docs/terminology.md (defines app_hook on line 17) and docs/performance-load-order.md (mentions head_app_hooks on line 15). Three genuine new issues remain on changed lines, all SUGGESTION severity.

Resolved in this commit

File	Prior issue	Resolution
docs/extending-spark.md	app_hook Start Here links pointed at files that did not document it	Replaced with docs/terminology.md, docs/performance-load-order.md (both verified to reference app_hook/head_app_hooks)
docs/extending-spark.md	Told contributors to run a non-existent JSON/schema parity check	Reworded to defer to standard local checks + CI registration
docs/extending-spark.md	ASCII rule had no source pointer	Now cross-links to CLAUDE.md#critical-js-asset-files and names the DTL parsing failure mode
CONTRIBUTING.md	"GitHub issue creation may be limited" contradicted the new templates	Reworded to instruct template use, with a fallback for store-specific issues
CONTRIBUTING.md	"Link the relevant workstream" assumed internal context	Reworded to "name the workstream when it applies"
CONTRIBUTING.md	Verification commands assumed PyYAML preinstalled	Added a sentence explaining CI's PyYAML step and how to opt in locally
README.md	Hard-coded ntk -a/--apikey/-s/--store flag names + OpenSSL/urllib3 wording	Replaced with ntk --help reference; extracted a separate ## Troubleshooting block
CHANGELOG.md	## Unreleased had no version tag	Now ## 1.1.2 - Unreleased
.github/ISSUE_TEMPLATE/bug_report.yml	Web Component missing from Affected surface	Added to the dropdown
.github/ISSUE_TEMPLATE/bug_report.yml	checks was the only non-required field	Marked required: true
.github/ISSUE_TEMPLATE/dx_feedback.yml	time_lost placeholder read like a default value	Reworded to "e.g., about 10 minutes"
.github/ISSUE_TEMPLATE/config.yml	Only Security contact link existed	Added "Store-specific support" pointing at CONTRIBUTING.md
.github/workflows/ci.yml	Node 22 installed but unused	Now actually runs node tests/js/membership-pricing.test.js
.github/workflows/ci.yml	No explicit permissions / concurrency	Both added (contents: read, cancel-in-progress)
.github/workflows/ci.yml	PyYAML never installed for the YAML check	New python3 -m pip install pyyaml step
docs/README.md	extending-spark.md sandwiched between per-feature specs	Moved to the top of the table

NEW issues (this commit)

File	Line	Issue
.github/workflows/ci.yml	37	Steps use python3 instead of the setup-python (3.11)-managed python, so CI may run PyYAML/unittest against the Ubuntu system Python rather than the configured toolchain
.github/workflows/ci.yml	56	The JS test step hardcodes a single file; future tests/js/*.test.js modules will be silently skipped
README.md	75	New top-level ## Troubleshooting section sits in ## Development but only covers Quick Start install pain; the existing Troubleshooting quick read: block at line 94 also lives in this README

Carried forward (on unchanged lines / unchanged scope)

File	Line	Issue
docs/extending-spark.md	N/A (unchanged)	Even after the fix, this guide still does not link to a single canonical {% app_hook %} index; consider adding a short "App Hook Catalog" table near the App Hooks section. (Minor; not flagged again this round.)
PLAN.md	111	The line Keep the "Extending Spark" guide current as settings, partials, app hooks, and Web Components evolve. is unchanged but still very close to a duplicate of the first bullet. (Minor; not flagged this round.)

Assumptions

• The python3 vs python CI concern is judged against default GitHub-hosted Ubuntu runners (which ship a system python3 separate from the setup-python virtualenv path). If the repo relies on a self-hosted runner where python3 is symlinked to the configured toolchain, this is moot.
• The anchor #critical-js-asset-files in docs/extending-spark.md was not exercised against GitHub's anchor generator; the heading is ### CRITICAL: JS Asset Files, which GitHub typically slugifies to that exact anchor (colon stripped). Low confidence on this — not flagged.

Files Reviewed (10 files)

• .github/ISSUE_TEMPLATE/bug_report.yml - 2 issues (both now resolved)
• .github/ISSUE_TEMPLATE/config.yml - 1 issue (resolved)
• .github/ISSUE_TEMPLATE/dx_feedback.yml - 1 issue (resolved)
• .github/workflows/ci.yml - 3 prior issues (all resolved) + 2 new issues
• CHANGELOG.md - 1 issue (resolved)
• CONTRIBUTING.md - 3 issues (all resolved)
• PLAN.md - 0 issues
• README.md - 2 prior issues (both resolved) + 1 new issue
• docs/README.md - 1 issue (resolved)
• docs/extending-spark.md - 4 issues (all resolved)

Fix these issues in Kilo Cloud

Previous review (commit b77da8c)

Status: 18 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
CRITICAL	0
WARNING	5
SUGGESTION	13

This PR is a docs/CI polish change — README quick-start split, new CONTRIBUTING/CHANGELOG, issue templates, a verify-only GitHub Actions workflow, and a new docs/extending-spark.md guide. No runtime code changed, so most findings are documentation accuracy, contributor UX, and CI hygiene. A few issues are load-bearing: the CI workflow installs Node but never uses it; two of the new doc links point at files that don't document what the link claims; one CONTRIBUTING.md sentence contradicts the new issue templates; and a tests/parity command is referenced but doesn't exist in the repo.

Issue Details (click to expand)

WARNING

File	Line	Issue
.github/workflows/ci.yml	24	actions/setup-node@v4 installs Node 22 but no step uses it; ~30s wasted per CI run.
.github/ISSUE_TEMPLATE/bug_report.yml	67	The most useful field for maintainers (checks) is the only non-required field; intent unclear.
docs/extending-spark.md	11	Start Here links for {% app_hook %} point to cart-events.md and cart-drawer-architecture.md, neither of which documents app_hook (verified via grep).
docs/extending-spark.md	28	Instructs contributors to run "JSON/schema parity checks" but no such check exists in the repo.
CONTRIBUTING.md	52	"GitHub issue creation may be limited" contradicts the new issue templates added in the same PR.
README.md	48	Hard-codes ntk CLI flag names and exact error wording; will go stale silently.

SUGGESTION

File	Line	Issue
.github/workflows/ci.yml	32	Add explicit permissions: contents: read and concurrency: cancel-in-progress for a verify-only workflow.
.github/workflows/ci.yml	29	No pip install pyyaml step; sass-compat.py may fail on a clean runner.
.github/ISSUE_TEMPLATE/bug_report.yml	55	"Web Component" missing from Affected surface even though Spark ships 6 of them.
.github/ISSUE_TEMPLATE/dx_feedback.yml	47	time_lost placeholder reads like a default value rather than an example.
.github/ISSUE_TEMPLATE/config.yml	1	contact_links only lists security; consider support/community channels and align with CONTRIBUTING.md.
docs/extending-spark.md	79	Cross-reference CLAUDE.md for the ASCII-only JS rule and name the specific failure mode.
docs/extending-spark.md	25	Add a concrete featured_products_* example and link the actual settings file.
CONTRIBUTING.md	44	"Link the relevant workstream from PLAN.md" assumes internal W1-W7 context that outside contributors don't have.
CONTRIBUTING.md	18	Verification commands assume PyYAML is installed; fresh clones may hit ModuleNotFoundError.
CHANGELOG.md	7	## Unreleased has no in-progress version tag; add 1.1.2 for tooling/grep friendliness.
README.md	48	OpenSSL/urllib3 TLS troubleshooting is a third-party Python issue and will date quickly; consider moving out of Quick Start.
docs/README.md	11	New extending-spark.md row is sandwiched between per-feature specs; logically belongs near the top of Start Here.

Files Reviewed (10 files)

• .github/ISSUE_TEMPLATE/bug_report.yml - 2 issues
• .github/ISSUE_TEMPLATE/config.yml - 1 issue
• .github/ISSUE_TEMPLATE/dx_feedback.yml - 1 issue
• .github/workflows/ci.yml - 3 issues
• CHANGELOG.md - 1 issue
• CONTRIBUTING.md - 3 issues
• PLAN.md - 0 issues
• README.md - 2 issues
• docs/README.md - 1 issue
• docs/extending-spark.md - 4 issues

---

Fix these issues in Kilo Cloud

---

_{Reviewed by minimax-m3 · Input: 48.9K · Output: 4.3K · Cached: 184.3K}

[kilo-code-bot]

SUGGESTION: python3 here bypasses actions/setup-python@v5, which only puts the configured python (3.11) on PATH. On the Ubuntu runner, python3 resolves to the system Python (3.10 on older images, 3.12 on newer), so PyYAML and the unittest step may run against a different interpreter than the rest of the workflow advertises. Either drop setup-python and rely on the runner default, or use python -m pip install pyyaml / python -m unittest discover -s tests consistently so the 3.11 toolchain is what CI actually exercises.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: This step hardcodes a single JS test file. New tests/js/*.test.js files will be silently skipped by CI as the JS surface grows (cart, PDP, events, etc.). Consider looping over the directory so the step scales, e.g.:

- name: Run JavaScript module tests
  run: |
    set -e
    for f in tests/js/*.test.js; do
      echo "Running $f"
      node "$f"
    done

That way adding a new JS test under tests/js/ is enough to get CI coverage without editing the workflow.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.

[kilo-code-bot]

SUGGESTION: A new top-level ## Troubleshooting section is wedged between the ## Development command table and ## CSS Compatibility Verification. Its two bullets (ntk credential errors, pre-ntk Python warnings) both describe Quick Start install pain, not Development-tooling pain, so it sits in the wrong section. Either move it under ### Install On A Store as a #### Troubleshooting (or > **Note:**) block, or rename to something like ## Quick Start Troubleshooting so readers find it next to the install steps. Note also that a second Troubleshooting quick read: block already lives under ## CSS Compatibility Verification at line 94, so keeping the two related to the sections they live in will reduce the impression of duplicate content.

---

Reply with @kilocode-bot fix it to have Kilo Code address this issue.