What services do you offer?

We specialize in e-commerce development with expertise in Magento 2, Shopify, and WordPress/WooCommerce. Our services include custom development, theme design, plugin/extension development, performance optimization, and ongoing maintenance and support.

How do you charge for your services?

We offer flexible pricing models including fixed-price projects, hourly rates, and monthly retainers. The pricing model depends on the project scope and client preference. We provide detailed quotes after understanding your requirements.

What technologies do you work with?

We specialize in PHP-based e-commerce platforms including Magento 2 (Adobe Commerce), Shopify, and WordPress/WooCommerce. We also work with modern frontend technologies like React, Vue.js, and Next.js for headless commerce solutions.

Can you migrate my store to Magento 2?

Yes! We have extensive experience in migrating stores from Magento 1, Shopify, WooCommerce, and other platforms to Magento 2. We ensure data integrity, minimal downtime, and seamless transition for your business.

Do you offer ongoing support after project completion?

Yes! We offer flexible maintenance and support plans including bug fixes, security updates, feature enhancements, and technical support. Plans can be customized based on your needs.

Does this replace Magento's native contact form?

Yes. When the module is enabled, the /contact URL is handled by Panth Advanced Contact Us and the stock Magento_Contact form is bypassed. Disable the module to revert to the native form — no data loss.

Does Panth Advanced SEO replace Magento's native SEO features?

It enhances them. Magento's native meta fields still work — Panth Advanced SEO adds template-based defaults, tokens, hreflang groups, JSON-LD, SEO scoring, and dozens of other features Magento ships without.

Does Panth Advanced Cart work with Hyva?

Yes. The module ships dedicated Hyva templates built with Alpine.js and Tailwind CSS. Theme detection is automatic via Panth_Core.

Can I have more than one banner slider on the same page?

Yes. Create as many sliders as you want in the admin and place each one via its own widget or layout block. Each slider maintains independent configuration and slides.

Do I have to pay for Panth Core?

No. Panth Core is completely free and will remain free forever. It is the foundation library that other (paid) Panth extensions depend on.

Does this module change how Magento calculates custom option prices?

No. All price-delta logic continues to flow through Magento's standard priceBox and price-option JS components. This module only replaces the visual rendering.

How many forms can I create?

Unlimited. Each form has a unique identifier and its own submissions scope.

Does Panth Footer replace the default Magento footer?

Yes. When enabled, Panth Footer takes over the footer.container block and renders its own configurable footer. You can disable it any time to restore the default footer.

Will this overwrite my custom image labels?

No. Merchant-authored labels (anything other than empty, the product name, Image, main product photo, or the raw filename) are preserved. Only Magento's default placeholders get upgraded to template output.

Does this submit URLs to Google?

No. Google does not participate in IndexNow and has stated they maintain their own crawl schedule. For Google indexing, use a proper XML sitemap and Google Search Console. This module is specifically for the IndexNow ecosystem (Bing, Yandex, Seznam, Naver, Yep).

Will this slow down my storefront?

No. The notification feed is cached, assets are lightweight, and the JS runs asynchronously after page load.

Is llms.txt an official standard?

An emerging community standard proposed at llmstxt.org with a growing list of adopters (Anthropic, Perplexity, Vercel, Stripe, Cloudflare docs all publish one). Not an IETF RFC yet, but stable enough that major AI platforms rely on it.

Does it work for guests?

Yes, guests can subscribe with their email address. You can optionally require login via admin config.

How is this different from a traditional antivirus?

Panth Malware Scanner is built specifically for Magento 2 filesystems — it understands the directory layout, knows which folders are writable from the frontend, and ships signatures tuned for Magento-targeted threats (Magecart skimmers, PolyShell webshells, admin-layout injection). Traditional AV tools scan everything with generic signatures and produce noise.

Does Panth Mega Menu work on both Hyva and Luma?

Yes. The module ships with two purpose-built templates — Alpine.js + Tailwind for Hyva and vanilla JS for Luma — and auto-switches based on your active storefront theme.

Does this module override Magento's `cms/noroute/index` controller?

No. It uses Magento's standard layout update mechanism to replace the block under the content container. The controller itself is untouched.

How is this different from Magento's native "file" custom option?

Native file custom options are tied to the cart quote item and don't persist cleanly as a first-class order record. Panth Order Attachments creates dedicated panth_quote_attachment and panth_order_attachment tables, linked to the sales order item, ensuring files remain accessible for the full order lifetime — including reorders, invoices, and RMAs.

Does this slow down the order grid?

Minimally. The column loads order items for each visible row (typically 20-50 orders). For very large catalogs, you can disable thumbnails to reduce image loading.

What triggers a price drop alert?

Any reduction in the final displayed price for the store view where the customer subscribed — catalog regular price, special price, catalog price rule discount, tier pricing, or group pricing. The module compares the current final price against the baseline captured at subscription time.

Does this replace Magento's default product gallery?

Yes, on the product detail page. When the module is enabled, the default gallery.phtml is replaced with the Panth gallery (one template for Hyva, another for Luma — chosen automatically).

Can I add more than 3 custom tabs?

Yes. Both CMS block tabs and attribute tabs support unlimited entries. Add as many as your product requires.

Does Panth Search Autocomplete work with Elasticsearch and OpenSearch?

Yes. The module is engine-agnostic — it uses whatever Magento is configured with (Elasticsearch 7, Elasticsearch 8, OpenSearch 1.x/2.x, or the MySQL fallback). No extra setup required.

Does Smart Badge slow down my category pages?

No. Badge lookups are indexed and cached per product + store view + customer group, and badge rendering is pure CSS. Typical overhead is under 5ms on listing pages.

Will this slow down my storefront?

No. The head block is cacheable="true" so the full JSON-LD payload is baked into full-page cache. Providers only run on uncached renders; cached hits serve the pre-rendered tag with zero PHP evaluation.

Does this work on Hyva themes?

Yes. The module ships Hyva-native templates using Alpine.js and Tailwind. No jQuery required.

Do changes require a Tailwind rebuild every time?

No. Color, font, and radius changes use CSS custom properties and take effect instantly. Only changes to Tailwind-class-driven tokens (custom spacing scales, new breakpoints) require a rebuild via the Rebuild Theme button.

Do I need a WhatsApp Business account?

No — any valid WhatsApp number works. However, a WhatsApp Business account is strongly recommended for commercial use (auto-replies, labels, catalog).

When is Adobe Commerce 2.4.9 released?

May 12, 2026 — per Adobe’s official release schedule. Alongside 2.4.9, Adobe ships security patches for every supported line: 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, and 2.4.4-p18.

What's the difference between Magento Open Source and Adobe Commerce for B2B?

Magento Open Source is the free version — it ships with the core e-commerce engine but does not include the B2B module. To run B2B on Open Source you must build the B2B features yourself (custom companies, quote workflow, customer-specific pricing). That is doable but expensive — you’re reinventing what Adobe ships out-of-the-box.Adobe Commerce (the paid edition, formerly Magento Enterprise) ships the official B2B module at no extra cost: companies + roles + permissions, request-for-quote workflow, requisition lists, shared catalogues, multi-tier pricing, and credit limits / payment-on-account. For 95% of B2B stores, Adobe Commerce + B2B module is the right starting point. Annual licence runs from ~$22,000 USD/year and scales with GMV.

Is Adobe Commerce Cloud worth it vs self-hosted Magento?

It depends on your team and traffic profile. ACC is worth it when (a) you don’t want to manage servers, Fastly, New Relic, deploy pipelines, and Adobe-tier patching, (b) your traffic is variable and elastic scaling matters, or (c) you need the bundled support & SLA. It’s not worth it when (a) your team already runs DevOps fluently, (b) traffic is small and steady so a $50/mo VPS would do, or (c) you want full control over kernel-level optimisations. Most stores in $1k-$15k/mo MRR profit from ACC; below that, self-hosted on Hetzner/AWS is cheaper.

When should I build a custom extension vs buy from Marketplace?

Buy when an existing Marketplace extension covers 80%+ of your need with reasonable config — it’s nearly always cheaper than custom and someone else maintains the upgrade path. Build custom when (a) no extension solves the problem, (b) you need it to integrate tightly with proprietary systems (ERP, PIM, custom checkout flows), (c) you’re selling the extension itself, or (d) the closest off-the-shelf extension would need so much customisation it’s cheaper to start clean. Our spec audit ($499) gives you the buy-vs-build call in writing before you commit.

When does headless Magento actually make sense?

Honest answer: about 10% of Magento stores benefit from headless. The shortlist:Mobile traffic > 60% AND mobile conversion lagging desktop by 30%+You want a real PWA (offline / add-to-homescreen / push notifications) or native iOS/Android app sharing the storefront codebaseMulti-region with 4+ storefronts and the marketing team wants per-region content control on the frontendYou have an in-house Node/React/Vue team already — the infra burden is acceptableFor everyone else — speed problems, conversion lifts, Lighthouse scores — Hyvä gets you 90% of the wins at 20% of the cost. We turn down 9 in 10 headless inquiries on this basis.

What’s your hourly rate?

My standard hourly rate is $65–$95 USD/hr depending on engagement type:Hourly retainer (10+ hrs/week): $65/hrAd-hoc hourly: $85/hrEmergency / fire-fighting: $95/hrConsulting / advisory call: $150/hr (90-min minimum)Most clients prefer fixed-price projects ($499–$50k+ depending on scope) where I commit to an outcome rather than billing time. Quotes always include the scope, deliverables, and milestones in writing — you don’t pay until we both sign.

What is Hyvä and why does my store need it?

Hyvä is the modern frontend framework for Magento 2, built on Tailwind CSS + Alpine.js. It replaces Magento’s default Luma theme (which uses jQuery + KnockoutJS) and ships with 5–10× faster page loads, Lighthouse scores in the 90–100 range, and core-web-vitals green by default. Stores that switch typically see conversion lifts of 8–25% from speed alone.

Why do I need to migrate from Magento 1 to Magento 2?

Magento 1 hit End of Life on June 30, 2020. Adobe stopped releasing security patches, bug fixes, and PCI compliance updates from that date. Every day a store stays on M1, it accumulates unpatched CVEs — and most card processors (Stripe, Braintree, Authorize.net) now flag M1 stores as non-compliant during PCI audits. Beyond security: Magento 2 is faster (PHP 8, Varnish, full-page cache native), has a modern admin, ships with B2B and PWA-ready features, and runs on actively-maintained extensions. Migration isn’t optional anymore — it’s the only safe path forward for serious commerce.

When should I use Magento multi-store vs separate Magento installs?

Use multi-store when your storefronts share most of the catalog, customer base, or admin operations — you get one upgrade, one extension stack, one hosting bill, and surgical per-store overrides where needed. Use separate installs when storefronts are run by different teams, have totally distinct catalogs, or need fundamentally different stacks (e.g. one Hyvä, one Luma headless). 90% of cases we see are multi-store wins — the maintenance and SEO consolidation alone usually justify it.

Will my Magento store get faster after the optimization?

Yes — measurably and in writing. Every Full Optimization project ships with a Lighthouse 90+ guarantee and a target of 50%+ TTFB reduction. We capture before/after metrics on staging every day during the project (Lighthouse, WebPageTest, RUM if you have it) so you can see the curve flatten in real time. If we miss the agreed targets at go-live, we keep tuning at no extra charge until we hit them. The audit-only tier doesn’t include the fix — it’s a diagnose-and-prioritise report you can hand to any developer to execute.

Why does Magento have an SEO problem?

Magento ships with the building blocks for great SEO — canonicals, sitemaps, meta-tag editing, URL rewrites — but those defaults are incomplete and aimed at developers, not search engines. Out of the box, Magento has no structured data on category or product pages, no hreflang for multi-store setups, no llms.txt, weak default meta-templates, layered-nav URLs that bloat the index, and a Luma frontend that drags Core Web Vitals. Most stores never go past the defaults — which is why “Magento SEO” is a paid specialism. The good news: every gap is a fixable engineering problem, not a platform limitation.

How do I integrate Telr / PayFort / Network International with Magento?

The three dominant UAE gateways each have a different integration flavour:Telr — UAE-founded (Dubai), strong AED + multi-currency support, hosted-page + JS-SDK both available. Official Magento 2 module on Telr’s GitHub. Best for SMEs that want a quick spin-up. Supports 3DS2 + Mada cross-border.PayFort (Amazon Payment Services) — the regional Amazon-owned gateway, very common with mid-market UAE / KSA stores. Hosted checkout + merchant page + tokenization. Solid Magento 2 module + good fraud tools.Network International — the largest acquirer in the Middle East, best for established UAE retailers with bank-direct relationships. Direct API + 3DS2 + multi-currency. Slightly heavier integration but lowest MDR rates at scale.We integrate any of them — many UAE stores run Telr + PayFort fallback + Tabby/Tamara as a multi-rail stack.

How do I integrate Afterpay with my Magento 2 store?

Afterpay ships an official Magento 2 module via the Magento Marketplace and via Composer (`afterpay/module-afterpay`). Setup is three steps: (1) create an Afterpay merchant account at portal.afterpay.com and grab your Merchant ID + secret key, (2) install the module + configure under Stores → Config → Sales → Payment Methods → Afterpay, (3) test in sandbox before flipping production. The module supports product page messaging (the “4 instalments of A$X” widget), cart messaging, and checkout. Afterpay was founded in Sydney in 2014 — it’s the de-facto BNPL rail for AU consumers, particularly fashion / DTC / lifestyle. We’ve integrated it on 30+ AU stores.

How do I comply with Quebec Bill 96 French-language requirements in Magento?

Bill 96 (Loi sur la langue officielle et commune du Québec) strengthens the existing Charter of the French Language. From June 2025 onward, businesses operating in Quebec must offer products, services, and customer-facing content in French — with French at least as prominent as any other language.For a Magento store this means:A dedicated FR-CA store view (not just an embedded language switcher) so URLs, page titles, meta tags, and structured data render in FrenchFrench translations for product titles, descriptions, attribute labels, category names, CMS pages, transactional emails, and checkout copy — we wire Crowdin or Phrase for the translation pipelineLocale-aware hreflang (en-CA / fr-CA) so Google serves the right page to QC usersFrench-first checkout if the ship-to address is in QC, with a one-click language togglePrivacy policy & cookie banner in both languages, with the French version equally prominentWe deliver Bill 96 readiness as a standard part of the Standard tier.

Home
Claude Code
Claude Code CLI Sandbox: Safe Local Magento Workflow

Back to /claude

Claude code cluster

Claude Code CLI Sandbox: Safe Local Magento Workflow

Q: Why bother sandboxing Claude Code if I trust the model?

You're not sandboxing the model — you're sandboxing the commands the model proposes. A wrong rm -rf var/cache on your host hits a symlinked storefront. A composer require on the wrong terminal updates the live VPS. A test that runs bin/magento config:set writes into app/etc/env.php and pollutes your dev DB. The sandbox isolates blast radius. Standard setup: Docker container with the codebase mounted read-write, vendor/ mounted read-only, MySQL on a throwaway volume, and a fresh DB dump restored on every container start.

Q: How do I configure the Bash allowlist for a Magento repo?

In .claude/settings.json, under permissions.allow. Pre-approve the read-only commands you actually use: Bash(bin/magento module:status), Bash(bin/magento config:show:*), Bash(composer show *), Bash(git status), Bash(git diff *), Bash(php -l *), Bash(vendor/bin/phpcs *), Bash(vendor/bin/phpstan *). Leave write commands unapproved (setup:upgrade, cache:clean, composer require) so they prompt — one click is fine, autopilot on writes is not. The /fewer-permission-prompts skill scans your transcripts and proposes an allowlist automatically.

Q: Best way to make vendor/ write-protected during a Claude session?

Two options. Quick: chmod -R a-w vendor/ at session start, undo it before composer install. Robust: mount vendor/ as a read-only Docker volume in docker-compose.yml: ./vendor:/var/www/html/vendor:ro. Add a PreToolUse hook that blocks any Edit or Write with a path matching ^vendor/: returns { "decision": "block", "reason": "vendor/ is read-only" }. The hook is the belt; the chmod is the suspenders. The model will try to edit vendor on its own occasionally — especially when chasing a bug; the hook stops it cold.

Q: Can I get setup:upgrade to run automatically after di.xml changes?

Yes — PostToolUse hook scoped to Edit and Write. In .claude/settings.json: {"PostToolUse": [{"matcher": "Edit|Write", "hooks": [{"type": "command", "command": "if echo $CLAUDE_TOOL_INPUT | grep -qE 'di\\.xml|module\\.xml|db_schema'; then docker exec magento bin/magento setup:upgrade; fi"}]}]}. Two warnings: (a) setup:upgrade is slow (~30s on a fat install) — consider running setup:di:compile alone for di.xml-only edits; (b) the hook command runs synchronously and blocks the next tool call, so a session where you're rapid-firing edits will feel like syrup. Tune the matcher tight.

Q: How do I stop Claude from accidentally connecting to my production DB?

Don't put production credentials in app/etc/env.php on the dev box — ever. Use a separate app/etc/env.php.prod that lives only on the live VPS. In the Docker dev image, point env.php at db (the docker-compose hostname), not at the live host. Add a PreToolUse hook that greps any Bash command for production hostnames or admin URLs and blocks: echo $CLAUDE_TOOL_INPUT | grep -qE 'prod\\.example\\.com|72\\.62\\.247' && exit 2. Belt-and-suspenders again — one rule for the network layer, one rule for the agent layer.

You are not sandboxing the model — you are sandboxing the commands the model proposes. This page walks the Docker-based setup that lets Claude Code work inside a real Magento codebase without a wrong rm -rf hitting your storefront.

Interactive shell

Try bin/magento — without installing anything

Click a command (or type your own). Watch the simulated output. Learn the order Magento expects.

kishan@magento ~ /var/www/html running…

Simulated only — nothing runs against a real shop. Try `help` to list every recognised command.

Keep going

FAQ

Common questions

Why bother sandboxing Claude Code if I trust the model?

You're not sandboxing the model — you're sandboxing the commands the model proposes. A wrong rm -rf var/cache on your host hits a symlinked storefront. A composer require on the wrong terminal updates the live VPS. A test that runs bin/magento config:set writes into app/etc/env.php and pollutes your dev DB. The sandbox isolates blast radius. Standard setup: Docker container with the codebase mounted read-write, vendor/ mounted read-only, MySQL on a throwaway volume, and a fresh DB dump restored on every container start.

How do I configure the Bash allowlist for a Magento repo?

In .claude/settings.json, under permissions.allow. Pre-approve the read-only commands you actually use: Bash(bin/magento module:status), Bash(bin/magento config:show:*), Bash(composer show *), Bash(git status), Bash(git diff *), Bash(php -l *), Bash(vendor/bin/phpcs *), Bash(vendor/bin/phpstan *). Leave write commands unapproved (setup:upgrade, cache:clean, composer require) so they prompt — one click is fine, autopilot on writes is not. The /fewer-permission-prompts skill scans your transcripts and proposes an allowlist automatically.

Best way to make vendor/ write-protected during a Claude session?

Two options. Quick: chmod -R a-w vendor/ at session start, undo it before composer install. Robust: mount vendor/ as a read-only Docker volume in docker-compose.yml: ./vendor:/var/www/html/vendor:ro. Add a PreToolUse hook that blocks any Edit or Write with a path matching ^vendor/: returns { "decision": "block", "reason": "vendor/ is read-only" }. The hook is the belt; the chmod is the suspenders. The model will try to edit vendor on its own occasionally — especially when chasing a bug; the hook stops it cold.

Can I get setup:upgrade to run automatically after di.xml changes?

Yes — PostToolUse hook scoped to Edit and Write. In .claude/settings.json: {"PostToolUse": [{"matcher": "Edit|Write", "hooks": [{"type": "command", "command": "if echo $CLAUDE_TOOL_INPUT | grep -qE 'di\\.xml|module\\.xml|db_schema'; then docker exec magento bin/magento setup:upgrade; fi"}]}]}. Two warnings: (a) setup:upgrade is slow (~30s on a fat install) — consider running setup:di:compile alone for di.xml-only edits; (b) the hook command runs synchronously and blocks the next tool call, so a session where you're rapid-firing edits will feel like syrup. Tune the matcher tight.

How do I stop Claude from accidentally connecting to my production DB?

Don't put production credentials in app/etc/env.php on the dev box — ever. Use a separate app/etc/env.php.prod that lives only on the live VPS. In the Docker dev image, point env.php at db (the docker-compose hostname), not at the live host. Add a PreToolUse hook that greps any Bash command for production hostnames or admin URLs and blocks: echo $CLAUDE_TOOL_INPUT | grep -qE 'prod\\.example\\.com|72\\.62\\.247' && exit 2. Belt-and-suspenders again — one rule for the network layer, one rule for the agent layer.