Claude Code prompts, copy-paste ready.

# Magento 2.4.x Open Source — Claude Code project rules

## Hard rules (never break)
- NEVER edit anything under `vendor/`. Extend via plugins, observers, di.xml preferences, or theme overrides.
- All schema changes go in `etc/db_schema.xml` — never raw `ALTER TABLE` SQL.
- All data seeds go in `Setup/Patch/Data/*.php` implementing `DataPatchInterface`. Patches MUST be idempotent.
- PSR-12 + `phpcs` with `Magento2` + `MEQP2` standards. PHPStan level 6 minimum.
- No `ObjectManager::getInstance()` outside Setup/Patch and tests. Use constructor DI.
- Prefer `\Magento\Framework\App\ResourceConnection` over deprecated `\Magento\Framework\DB\Adapter\Pdo\Mysql` direct.

## Frontend
- `requirejs-config.js` for Luma JS modules; KnockoutJS UIComponents for admin grids.
- Hyvä storefront: Tailwind classes only, Alpine.js x-data, no jQuery.

## Tests (mandatory, not optional)
- Every service class ships with PHPUnit unit tests in `Test/Unit/`.
- Every admin/storefront flow ships with MFTF coverage in `Test/Mftf/`.
- Run `vendor/bin/phpunit -c dev/tests/unit/phpunit.xml` before commit.

## Forbidden patterns
- `class_exists()` / `method_exists()` runtime checks — use DI.
- Inline `<?php echo $foo ?>` — use `$escaper->escapeHtml($foo)`.
- `Mage::` calls (Magento 1.x leftover).

## Adobe Commerce-only rules (additions to base CLAUDE.md)

- Schema for B2B modules MUST live under `app/code/<Vendor>/<Module>/etc/db_schema.xml`,
  but referencing `magento_company_*` and `negotiable_quote_*` tables requires
  declaring `<table ... resource="checkout">` to land on the correct connection.
- Staging changes MUST go through the Staging API, never direct DB writes —
  use `\Magento\Staging\Model\VersionManager` for entity edits.
- Live Search / Catalog Service / Visual Merchandiser are SaaS — never patch
  their REST endpoints. Add admin config + a UI override module instead.
- Customer Segments, Shared Catalogs, and Tier Pricing rules require
  `Magento_CustomerSegment::setup-upgrade` to fire AFTER your patch — declare
  it in `getDependencies()`.
- Cloud-specific: never write to `pub/static/` directly; use
  `static-content:deploy -f` and let the build container produce assets.
- Page Builder content templates ship as `.html` under
  `view/adminhtml/web/template/content-type/`. Never inline JSON.

## Hyvä Themes — Claude Code rules

## Stack constraints
- Tailwind CSS only. Custom CSS goes in `web/tailwind/tailwind-source.css`.
- Alpine.js for interactivity. No jQuery, no RequireJS, no Knockout.
- Magewire for server-driven components (Livewire-port for Magento).

## Class-order convention (enforced by prettier-plugin-tailwindcss)
1. Layout (flex, grid, block)
2. Box-model (w-, h-, p-, m-)
3. Typography (text-, font-)
4. Colors (bg-, text-, border-)
5. Effects (shadow, opacity)
6. State (hover:, focus:, dark:)

## Phtml conventions
- Always escape with `$escaper->escapeHtml()` / `escapeHtmlAttr()` / `escapeUrl()`.
- Prefer `$viewModel` data feeds over Block-class methods for testability.
- Heroicons via `@heroicons/v2/outline/*.phtml` partials, never inline SVG.

## Compatibility bridges
- Legacy Luma extensions auto-bridged by `Hyva_CompatModuleFallback`.
- Module-specific bridges live under `app/code/Hyva/<VendorName><Module>/`.
- Never run `setup:upgrade` after adding a bridge without
  `bin/magento hyva:check:compat` first.

## Magento B2B — Claude Code rules

## Entity scoping
- Company entities live under `magento_company_*` tables, on the `default` connection.
- Negotiable quotes use `negotiable_quote_*` on the `checkout` connection.
- Requisition lists scope to BOTH customer_id AND company_id — never just customer_id.
- Shared Catalogs check via `\Magento\SharedCatalog\Api\StatusInfoInterface` — never read DB directly.

## ACL paths (acl.xml)
- Resource `Magento_Company::index` for company admin grids
- Resource `Magento_NegotiableQuote::view_quotes` for quote views
- Resource `Magento_PurchaseOrder::manage_approval_rules` for PO approvals

## Email templates
- Order/quote/PO emails MUST use `{{depend}}` blocks for B2B-only fields.
- Adjacent `}}{{depend` is FORBIDDEN — pre-compute conditionals in PHP.
- Variable whitelist in `etc/email_templates.xml` `<vars/>` element — Magento 2.4.x silently rejects unwhitelisted vars.

## Tests
- B2B integration tests need `@magentoApiDataFixture` with a company seeded.
- Use `\Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get(\Magento\Company\Model\CompanyManagement::class)`.

---
allowed-tools: [Bash, Edit, Write, Read]
description: Scaffold a new Magento 2 module with PSR-12 boilerplate
argument-hint: "<Vendor> <ModuleName>"
---

Scaffold a new Magento 2 module under `app/code/$1/$2/` with:

1. `registration.php` calling `ComponentRegistrar::register`
2. `etc/module.xml` with version 1.0.0 and a sequence on `Magento_Catalog`
3. `etc/di.xml` (empty `<config>` shell)
4. `etc/db_schema.xml` (empty `<schema>` shell)
5. `etc/acl.xml` with one resource id `$1_$2::admin`
6. `Setup/Patch/Data/.gitkeep`
7. `Test/Unit/.gitkeep` and `Test/Mftf/.gitkeep`
8. A stub `Controller/Adminhtml/Index/Index.php` extending `\Magento\Backend\App\Action`
9. `composer.json` with `"type": "magento2-module"` and `"name": "$1/module-$2"` lowercased

Then run:
- `bin/magento module:enable $1_$2`
- `bin/magento setup:upgrade`
- `bin/magento setup:di:compile`

Report the module path and confirm `bin/magento module:status $1_$2` returns enabled.

---
allowed-tools: [Read, Write, Edit, Bash]
description: Generate an idempotent DataPatchInterface seed for a Magento table
argument-hint: "<Vendor>_<Module> <TableName> <PatchName>"
---

Create `app/code/$1/Setup/Patch/Data/$3.php` that:

1. Implements `\Magento\Framework\Setup\Patch\DataPatchInterface`
2. Constructor takes `\Magento\Framework\Setup\ModuleDataSetupInterface`
3. `getDependencies()` returns `[]` unless we explicitly need ordering
4. `apply()` checks if a sentinel row exists FIRST (idempotency guard) — skip if found
5. Wraps inserts in `\Magento\Framework\DB\Transaction` from ResourceConnection
6. Uses `insertOnDuplicate($table, $row, ['updated_at'])` for safety

After writing the file:
- Run `bin/magento setup:upgrade` and verify the patch ran
- Confirm `SELECT * FROM patch_list WHERE patch_name LIKE '%$3%'` returns 1 row

If the patch was already applied but content changed: warn the user that
they need `DELETE FROM patch_list WHERE patch_name LIKE '%$3%';` BEFORE
re-running setup:upgrade — Magento won't re-run a completed DataPatchInterface.

---
allowed-tools: [Read, Write, Edit, Bash]
description: Append a new declarative-schema table + whitelist entry
argument-hint: "<Vendor>_<Module> <table_name> <comma-sep-columns>"
---

Append to `app/code/$1/etc/db_schema.xml` (create if missing):

```xml
<table name="$2" resource="default" engine="innodb" comment="Auto-scaffolded by Claude Code">
    <column xsi:type="int" name="entity_id" padding="10" unsigned="true"
            nullable="false" identity="true" comment="PK"/>
    <!-- expand columns from $3 here -->
    <column xsi:type="timestamp" name="created_at" on_update="false" nullable="false"
            default="CURRENT_TIMESTAMP" comment="Created"/>
    <constraint xsi:type="primary" referenceId="PRIMARY">
        <column name="entity_id"/>
    </constraint>
</table>
```

Then:
1. Run `bin/magento setup:db-declaration:generate-whitelist --module-name=$1`
2. `git add app/code/$1/etc/db_schema*.{xml,json}`
3. `bin/magento setup:upgrade --dry-run` to preview the ALTER TABLE
4. Confirm dry-run output before live upgrade

Report the generated whitelist diff so I can review the column types
before touching the live schema.

---
allowed-tools: [Read, Write, Edit, Bash, mcp__figma__*]
description: Build a Hyvä CMS page from a Figma frame URL
argument-hint: "<figma-frame-url> <cms-identifier>"
---

1. Fetch the Figma frame metadata via `mcp__figma__get_frame($1)`
2. Extract: hero copy, CTA labels, image URLs, color tokens, breakpoints
3. Generate `app/design/frontend/<Vendor>/<theme>/Magento_Cms/templates/page/$2.phtml`
   - Tailwind class order: layout → box-model → typography → color → effects → state
   - Mobile-first, then `md:`, `lg:`, `2xl:` breakpoints
   - Use `$escaper` for ALL output (HTML, attr, URL)
   - Hero CTA opens via Alpine.js `x-data="{ open: false }"` modal
   - Image URLs go through `Magento\Framework\View\Asset\Repository::getUrl()`
4. Append a layout XML at
   `view/frontend/layout/cms_page_view_id_$2.xml` that wires the template
5. Run `bin/magento cache:clean layout block_html`
6. Open `https://localhost/$2` in headless Chrome and report any console errors

If Figma uses fonts not in `etc/view.xml`, prompt me to add the @font-face
rules to `web/tailwind/tailwind-source.css` BEFORE I commit.

---
allowed-tools: [Bash, Read, Edit]
description: Run Magento Marketplace EQP audit against a module
argument-hint: "<Vendor>_<Module>"
---

Run the following checks IN ORDER and stop on any failure:

1. `vendor/bin/phpcs --standard=Magento2 app/code/$1/`
2. `vendor/bin/phpcs --standard=MEQP2 app/code/$1/`
3. `vendor/bin/phpmd app/code/$1/ ansi cleancode,codesize,controversial,design,naming,unusedcode`
4. `vendor/bin/phpstan analyse --level=6 app/code/$1/`
5. `vendor/bin/phpcpd --min-lines=5 --min-tokens=70 app/code/$1/`
6. `bin/magento dev:tests:run unit --filter=$1`

Then validate Marketplace metadata:
- `app/code/$1/composer.json` has `name`, `description`, `version`, `type=magento2-module`, `license`, `require` with PHP + magento/framework constraints
- `app/code/$1/etc/module.xml` `<module setup_version="...">` matches composer version
- `app/code/$1/registration.php` exists
- `app/code/$1/README.md` ≥ 200 words with install instructions

Report: a checklist of green/red, total errors, total warnings,
and a summary of the top 5 fixes needed before submission.

{
  "mcpServers": {
    "magento-mysql": {
      "command": "npx",
      "args": [
        "-y",
        "@benborla29/mcp-server-mysql"
      ],
      "env": {
        "MYSQL_HOST": "127.0.0.1",
        "MYSQL_PORT": "3306",
        "MYSQL_USER": "magento_readonly",
        "MYSQL_PASS": "<read-only-password-from-1password>",
        "MYSQL_DB": "magento",
        "ALLOW_INSERT_OPERATION": "false",
        "ALLOW_UPDATE_OPERATION": "false",
        "ALLOW_DELETE_OPERATION": "false",
        "SCHEMA_QUERY_TIMEOUT_MS": "5000"
      }
    }
  }
}

{
  "mcpServers": {
    "github-magento": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-github"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "<github-pat-with-repo-read-and-pr-write-only>",
        "GITHUB_REPO_ALLOWLIST": "acme-store/magento-monorepo",
        "GITHUB_DEFAULT_BRANCH": "main",
        "GITHUB_REQUIRE_PR_FOR_MAIN": "true"
      }
    }
  }
}

{
  "mcpServers": {
    "fs-magento-src": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/var/www/magento/app/code",
        "/var/www/magento/app/design/frontend",
        "/var/www/magento/CLAUDE.md"
      ]
    }
  }
}

// NOTE: paths passed as positional args become the read+write allowlist.
// vendor/, pub/static/, generated/, var/, and any node_modules are all
// outside the allowlist — Claude returns ENOENT before even reading them.

{
  "mcpServers": {
    "sentry-magento": {
      "command": "npx",
      "args": [
        "-y",
        "@sentry/mcp-server"
      ],
      "env": {
        "SENTRY_AUTH_TOKEN": "<sentry-internal-integration-token>",
        "SENTRY_ORG": "acme-store",
        "SENTRY_PROJECT": "magento-prod",
        "SENTRY_ENVIRONMENT_FILTER": "production,staging",
        "SENTRY_DEFAULT_QUERY": "is:unresolved level:[error,fatal] age:-24h"
      }
    }
  }
}

#!/usr/bin/env bash
# .git/hooks/pre-commit — block vendor edits in Magento repos
set -euo pipefail

BANNED_PATHS=("^vendor/" "^generated/" "^pub/static/" "^var/")
FAILED=0

staged=$(git diff --cached --name-only --diff-filter=ACMR)
if [[ -z "$staged" ]]; then
    exit 0
fi

while IFS= read -r file; do
    for pattern in "${BANNED_PATHS[@]}"; do
        if [[ "$file" =~ $pattern ]]; then
            echo "BLOCKED: $file matches banned path '$pattern'"
            FAILED=1
        fi
    done
done <<< "$staged"

if [[ $FAILED -eq 1 ]]; then
    echo
    echo "Vendor / generated / static / var paths must NEVER be committed."
    echo "Extend Magento via plugins, observers, di.xml, or theme overrides."
    echo "Run 'git restore --staged <file>' on the offending paths and retry."
    exit 1
fi

exit 0

#!/usr/bin/env bash
# .git/hooks/pre-commit — phpcs Magento2 + PHPStan L6 on staged PHP
set -euo pipefail

php_files=$(git diff --cached --name-only --diff-filter=ACMR | grep -E '\.php\$' || true)
if [[ -z "$php_files" ]]; then
    exit 0
fi

echo "Running phpcs (Magento2)..."
vendor/bin/phpcs --standard=Magento2 \
    --colors --report=full \
    $php_files || {
        echo
        echo "phpcs failed. Fix with: vendor/bin/phpcbf --standard=Magento2 $php_files"
        exit 1
    }

echo "Running phpstan (level 6)..."
vendor/bin/phpstan analyse --level=6 --no-progress $php_files || {
    echo
    echo "phpstan failed. Review errors above and refactor before commit."
    exit 1
}

echo "All checks green."
exit 0

{
  "hooks": {
    "PostToolUse": [
      {
        "matcher": {
          "tool": "Edit|Write",
          "path": "app/code/.+/(di|layout|events|webapi|frontend/routes|adminhtml/routes)\\.xml\$"
        },
        "command": "bin/magento cache:flush config layout block_html full_page",
        "timeout_ms": 15000,
        "on_failure": "warn"
      },
      {
        "matcher": {
          "tool": "Edit|Write",
          "path": "app/code/.+/etc/db_schema\\.xml\$"
        },
        "command": "echo 'db_schema.xml changed — remember to run bin/magento setup:upgrade'",
        "on_failure": "warn"
      }
    ]
  }
}

## Parallel module audit recipe

**Prompt to root agent:**

> List every directory under `app/code/`. For each `<Vendor>/<Module>` pair,
> fan out a sub-agent in parallel using the Task tool with this prompt:
>
> ```
> Audit app/code/<Vendor>/<Module> against the Magento Marketplace EQP
> checklist. Run phpcs Magento2, phpstan L6, phpmd. Read README.md and
> composer.json. Report: critical issues, warnings, missing tests,
> deprecated API usage. Output a single JSON object with keys:
> { module, score (0-100), critical_issues[], warnings[], next_actions[] }
> ```
>
> Wait for ALL sub-agents to return. Aggregate results into one
> markdown table sorted by score ASC (worst first). Highlight any
> module with score < 60 in red.

**Why this works:**
- Each sub-agent has its own context window (200K) — no cross-contamination
- Parallel execution: 200 modules × 90 seconds each = 25 min wall-clock vs 5 hours sequential
- Single aggregate output is easy to share with the team

## Parallel test-generation recipe

**Prompt to root agent:**

> 1. List all PHP classes under `app/code/<Vendor>/<Module>/` whose path
>    contains `/Model/` or `/Service/` — these are the unit-test candidates.
> 2. For each class, fan out a sub-agent in parallel:
>
> ```
> Read app/code/<Vendor>/<Module>/Model/<Class>.php. Generate a PHPUnit
> unit test at app/code/<Vendor>/<Module>/Test/Unit/Model/<Class>Test.php
> following these rules:
> - extends \PHPUnit\Framework\TestCase
> - constructor dependencies mocked via createMock()
> - one test method per public method
> - happy-path + edge-case + error-path coverage
> - 70% line coverage minimum on the target class
> Return the file path on success.
> ```
>
> 3. After ALL sub-agents complete, run
>    `vendor/bin/phpunit --testsuite=Unit --coverage-text` and report
>    the coverage delta.

**Tip:** use `Bash(vendor/bin/phpunit:*)` in `--allowedTools` so the
root agent can run the suite without prompting per-test.

## Hyvä compat-bridge audit recipe

**Prompt to root agent:**

> Read composer.lock. For every package matching `^(?!hyva|magento)`
> with a Magento module in vendor/<vendor>/<package>/etc/module.xml:
>
> 1. Check if a bridge already exists at
>    `app/code/Hyva/<vendor><package>/` — if yes, skip.
> 2. Otherwise, fan out a sub-agent with this prompt:
>
> ```
> Read vendor/<vendor>/<package>/view/frontend/. Identify every
> .phtml that uses jQuery, RequireJS, or Knockout. For each, generate
> a Hyvä-compatible replacement at
> app/code/Hyva/<vendor><package>/view/frontend/templates/<same-path>.phtml
> using Tailwind + Alpine.js + Magewire. Preserve the same Block class
> and template var names so layout XML still works.
> Return: a list of files generated and any layout XML changes needed.
> ```
>
> 3. Aggregate: produce a Markdown report listing every extension,
>    bridge status (✅ existed / 🔨 generated / ❌ manual port needed),
>    and which ones need human review.

## Parallel Tier-2 country page builder

**Prompt to root agent:**

> Read reference_country_pages_content.md from memory. For each country
> entry (12 total: US, UK, CA, AU, DE, FR, NL, IN, ES, IT, NZ, SG):
>
> 1. Fan out a sub-agent with this prompt:
>
> ```
> Build app/code/Panth/Customization/Block/MagentoDeveloper<Country>.php
> + view/frontend/templates/magento-dev-<country>/page.phtml
> + view/frontend/web/css/magento-dev-<country>.less
> + Setup/Patch/Data/InstallMagentoDev<Country>Page.php
>
> Use the country-specific facts (payment gateways, hosting, languages,
> compliance) from reference_country_pages_content.md. Avoid the
> doorway-page penalty: each page must have AT LEAST 3 country-specific
> case studies, the local Magento meetup name, and 1 unique technical
> example (e.g. PIX integration for BR, AusPost for AU).
>
> Output: a list of files created.
> ```
>
> 2. After ALL 12 sub-agents return, generate a single hreflang patch
>    that links all 12 country pages to each other via
>    Panth_Hreflang::add().
> 3. Update reference_seo_pages_built.md tracker.

# 5-minute Magento onboarding (run from repo root)

# 1. Clone + composer install (90s)
git clone --depth=1 git@github.com:client/magento-monorepo.git
cd magento-monorepo
composer install --no-dev --prefer-dist

# 2. Drop CLAUDE.md (10s)
curl -fsSL https://kishansavaliya.in/claude-md/magento-os.md > CLAUDE.md

# 3. Wire MCP servers (60s)
mkdir -p .claude
curl -fsSL https://kishansavaliya.in/mcp/magento-bundle.json > .claude/mcp.json
# (edit .claude/mcp.json with your MYSQL_PASS, GITHUB_PAT, SENTRY_TOKEN)

# 4. Wire pre-commit hooks (30s)
curl -fsSL https://kishansavaliya.in/hooks/pre-commit > .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit

# 5. Sanity scan (90s)
claude --print --append-system-prompt 'Audit this Magento repo. \
  List: Magento version, edition, frontend (Luma/Hyvä), enabled custom modules, \
  any vendor edits, any TODOs older than 30 days, any deprecated APIs.'

# Total: ~5 minutes. You're now ready to ship tickets.

## Magento 2.4.6 → 2.4.9 upgrade with Claude Code

### Phase 0 — pre-upgrade audit (1 day)
```
claude --print 'Read composer.json + composer.lock. List every third-party
Magento extension. For each, check the latest version on packagist.org or
github. Build a compatibility matrix: extension × Magento 2.4.7/2.4.8/2.4.9.
Flag any extension without a 2.4.9 version available.'
```

### Phase 1 — clone to upgrade-staging branch (30 min)
```bash
git checkout -b upgrade/2.4.9
composer require magento/product-community-edition:2.4.9 --no-update
composer update --with-all-dependencies
```

### Phase 2 — fix breaking changes (1-3 days)
```
claude --print 'Run composer update. List every conflict. For each conflict,
propose: (a) bump the third-party extension, OR (b) write a compat shim.
Never fork vendor.'
```

Key breakages 2.4.6 → 2.4.9:
- ElasticSearch 7 dropped → migrate to OpenSearch 2.x (auto via setup:upgrade)
- 2.4.8 GraphQL: `customer.is_subscribed` removed → use Newsletter API
- 2.4.9 Hyvä Checkout: Hyvä-Compat module bumped to 4.x

### Phase 3 — full setup:upgrade + di:compile (90 min)
```bash
bin/magento maintenance:enable
bin/magento setup:upgrade
bin/magento setup:di:compile
bin/magento setup:static-content:deploy -f
bin/magento maintenance:disable
```

### Phase 4 — regression test (1-2 days)
```bash
vendor/bin/phpunit --testsuite=Integration
bin/magento dev:tests:run integration
# MFTF on staging URL
vendor/bin/mftf run:test AdminCreateOrderTest
```

Total: ~1 week wall-clock for a medium store with 30 third-party extensions.

## Luma → Hyvä migration with Claude Code (6-week plan)

### Week 1 — audit + dependency map
- Run /audit-marketplace-eqp on every custom module
- Run sub-agent: parallel-hyva-compat-bridge-audit
- Output: a matrix of (extension × bridge status × estimated port hours)

### Week 2-3 — install Hyvä + scaffold theme
```bash
composer require hyva-themes/magento2-default-theme
composer require hyva-themes/magento2-compat-module-fallback
bin/magento setup:upgrade
bin/magento hyva:config:generate-tailwind-config
```
Then scaffold the project theme:
```bash
bin/magento hyva:theme:create <Vendor> <ThemeName> --parent=Hyva/default
```

### Week 3-4 — port custom phtml in parallel
Use the parallel-test-generation sub-agent recipe but pointed at
`view/frontend/templates/` of every Luma module that needs a Hyvä equivalent.
Claude generates the Tailwind+Alpine version following the class-order
convention from CLAUDE.md (Hyvä).

### Week 4-5 — Lighthouse 95+ floor
Run `npx unlighthouse --site=https://staging.example.com` and iterate
until every page hits performance ≥ 95.

### Week 5-6 — blue-green cutover
- New Hyvä storefront on `next.example.com`
- 5% traffic via Cloudflare load-balancer for 48h
- 50% traffic for 48h
- 100% with old Luma kept warm for 7 days for rollback

## Ship a B2B feature in one sprint (2 weeks)

### Day 1-2 — design + schema
- Run `/scaffold-magento-module Acme B2bRequisition`
- Run `/db-schema-add-table Acme_B2bRequisition acme_requisition "customer_id,company_id,status,total"`
- Add Service Contracts: `Api/RequisitionRepositoryInterface.php`,
  `Api/Data/RequisitionInterface.php`, `Model/Repository/Requisition.php`
- Apply CLAUDE.md (B2B) rules — scope by company_id, not just customer_id

### Day 3-4 — ACL + admin grid
- `etc/acl.xml` with `Acme_B2bRequisition::manage`
- UIComponent admin grid: `view/adminhtml/ui_component/acme_requisition_listing.xml`
- Form: `view/adminhtml/ui_component/acme_requisition_form.xml`

### Day 5-7 — GraphQL + REST
- `etc/schema.graphqls` declaring Query.requisitions and
  Mutation.placeRequisition
- Resolvers under `Model/Resolver/`
- `etc/webapi.xml` for REST equivalents
- Auth: `<resources><resource ref="Magento_Customer::customers"/></resources>`

### Day 8-10 — customer-account UI (Hyvä)
- `app/design/frontend/<Vendor>/<theme>/Acme_B2bRequisition/templates/customer/list.phtml`
- Magewire component for live filtering
- Tailwind classes per class-order convention

### Day 11-12 — MFTF + PHPUnit
- Sub-agent: parallel-test-generation against Model/Repository/
- MFTF tests: 'CustomerCreatesRequisition', 'AdminApprovesRequisition'

### Day 13-14 — staging deploy + UAT
- `setup:upgrade` on staging-clone
- Run /audit-marketplace-eqp Acme_B2bRequisition (must pass green)
- Client UAT review session
- Cutover Friday evening, watch Sentry for 48h