chore(release): publish v0.3.0 (#22)

Author: ct-sdks[bot]

.agents/plugins/commercetools/.codex-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "commercetools",
   "displayName": "commercetools",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "Build commercetools solutions faster",
   "author": {
     "name": "commercetools",

.agents/plugins/commercetools/skills/commercetools-commerce-patterns/SKILL.md

@@ -0,0 +1,94 @@
+# Approval Rules
+
+**Source:** https://docs.commercetools.com/api/projects/approval-rules
+
+---
+
+## Overview
+
+Approval Rules are predicates defined on a Business Unit that gate Order creation behind a human approval step. When an order being placed by a buyer matches an Approval Rule's predicate, the platform intercepts the `order from cart` action and places the resulting Order in a `Pending` state instead of immediately confirming it.
+
+---
+
+## Core Concepts
+
+### Approval Rules Are Predicates
+
+An Approval Rule contains a `predicate` string written in the [commercetools query predicate syntax](https://docs.commercetools.com/api/predicates/query). The predicate is evaluated against the **Order** at creation time.
+
+Common predicate fields include:
+
+| Field | Example use case |
+|---|---|
+| `totalPrice.centAmount` | Orders above a spend threshold require approval |
+| `lineItems(quantity > X)` | Large quantity orders trigger approval |
+| `lineItems(totalPrice.centAmount > X)` | High-value individual line items |
+| Custom fields | Business-specific rules (e.g. product category, custom flags) |
+
+Example predicate: `totalPrice.centAmount > 1000000` (orders over €10,000 at centAmount scale).
+
+### Approvers
+
+Each Approval Rule specifies one or more **approver tiers** — sets of associate roles that must approve the order. Tiers are evaluated sequentially:
+
+- All required approvers in a tier must act before the next tier is evaluated.
+- An Approval Rule can have multiple tiers to model multi-level approval chains (e.g. line manager → finance director).
+
+### Requesters
+
+Rules can also restrict which associate roles the rule applies to (i.e. which buyers' orders are subject to the rule). This allows different rules for different buyer roles within the same BU.
+
+---
+
+## Approval Flow State Machine
+
+When an Order matches an Approval Rule, it enters the **approval flow** lifecycle:
+
+```
+Order created → Pending
+                  │
+          ┌───────┴───────┐
+          │               │
+       Approved        Rejected
+          │
+       Order confirmed / fulfilment continues
+```
+
+| State | Description |
+|---|---|
+| `Pending` | Order is awaiting approval from one or more approver tiers. |
+| `Approved` | All required approver tiers have approved. Order proceeds normally. |
+| `Rejected` | At least one required approver has rejected. Order is declined. |
+
+The state transitions are driven by the `Approve` and `Reject` update actions (applied via Update ApprovalFlow by ID), which must be called via the `asAssociate` API path.
+
+---
+
+## Evaluation at Order Creation
+
+1. Buyer places an order.
+2. The platform evaluates all active Approval Rules on the buyer's Business Unit (and inherited from parent BUs).
+3. If **any** rule's predicate matches the order, an **Approval Flow** is created and the Order is placed in `Pending` state.
+4. If **no** rule matches, the Order is confirmed immediately.
+
+Rules from parent BUs are inherited by child BUs unless overridden.
+
+---
+
+## Key API Resources
+
+| Resource | Endpoint |
+|---|---|
+| Approval Rules | `GET /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/approval-rules` |
+| Approval Flows | `GET /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/approval-flows` |
+| Approve an Order | Update ApprovalFlow by ID (`POST /as-associate/{associateId}/in-business-unit/key={buKey}/orders/{orderId}/approval-flows/{flowId}`) with action `Approve` |
+| Reject an Order | Update ApprovalFlow by ID (`POST /as-associate/{associateId}/in-business-unit/key={buKey}/orders/{orderId}/approval-flows/{flowId}`) with action `Reject` |
+
+---
+
+## Implementation Notes
+
+- Only associates with an `approveOrder` permission can call approve/reject actions.
+- An order can match multiple Approval Rules simultaneously; the platform creates one Approval Flow that merges all required approver tiers.
+- Approval Rules are managed by associates with the `updateApprovalRules` permission (typically a BU admin).
+- Approval Rule predicates are validated at creation time — an invalid predicate is rejected with a `400` error.

.agents/plugins/commercetools/skills/commercetools-commerce-patterns/references/approval-rules.md

@@ -0,0 +1,138 @@
+# As-Associate API
+
+**Source:** https://docs.commercetools.com/api/projects/associate-roles
+
+---
+
+## Overview
+
+The **As-Associate API** is a special API path prefix in commercetools that enforces Business Unit–scoped permission checks on behalf of a buyer (associate). Any operation that a buyer performs within the context of a Business Unit — reading orders, creating carts, placing orders, managing quotes, approving flows — **must** go through this API path. Calling the standard API paths bypasses the BU permission layer and is only appropriate for merchant/admin contexts.
+
+---
+
+## The API Chain Pattern
+
+The TypeScript SDK exposes the As-Associate API through a fluent builder chain:
+
+```typescript
+apiRoot
+  .asAssociate()
+  .withAssociateIdValue({ associateId: "customer-id-here" })
+  .inBusinessUnitKeyWithBusinessUnitKeyValue({ businessUnitKey: "bu-key-here" })
+  .<resource>()
+  .<action>()
+  .execute();
+```
+
+### Breaking Down the Chain
+
+| Segment | Purpose |
+|---|---|
+| `.asAssociate()` | Switches the SDK into the as-associate routing context. |
+| `.withAssociateIdValue({ associateId })` | Identifies which customer (associate) is performing the action. The platform validates that this customer is an associate of the target BU. |
+| `.inBusinessUnitKeyWithBusinessUnitKeyValue({ businessUnitKey })` | Scopes the operation to a specific Business Unit. |
+| `.<resource>()` | The resource type (e.g. `.carts()`, `.orders()`, `.quoteRequests()`). |
+
+### Example: Create a Cart as an Associate
+
+```typescript
+const cart = await apiRoot
+  .asAssociate()
+  .withAssociateIdValue({ associateId: customerId })
+  .inBusinessUnitKeyWithBusinessUnitKeyValue({ businessUnitKey: "acme-uk" })
+  .carts()
+  .post({
+    body: {
+      currency: "GBP",
+      country: "GB",
+      businessUnit: { key: "acme-uk", typeId: "business-unit" },
+      store: { key: "acme-uk-store", typeId: "store" },
+    },
+  })
+  .execute();
+```
+
+### Example: Place an Order as an Associate
+
+```typescript
+const order = await apiRoot
+  .asAssociate()
+  .withAssociateIdValue({ associateId: customerId })
+  .inBusinessUnitKeyWithBusinessUnitKeyValue({ businessUnitKey: "acme-uk" })
+  .orders()
+  .post({
+    body: {
+      cart: { id: cart.body.id, typeId: "cart" },
+      version: cart.body.version,
+    },
+  })
+  .execute();
+```
+
+---
+
+## Why the As-Associate Path Is Required
+
+### Platform Permission Enforcement
+
+commercetools enforces B2B permissions **at the API layer** using the as-associate path. When a request arrives via this path, the platform:
+
+1. Verifies the `associateId` is an active associate of the named Business Unit.
+2. Checks whether that associate holds the required `associateRole` permission for the requested operation (e.g. `createMyCarts`, `createOrders`, `viewOrders`, `updateApprovalFlows`).
+3. Rejects the request with an `AssociateMissingPermissionError` (an HTTP 403-class error) if the permission is absent.
+
+Calling `/carts`, `/orders`, etc. directly (without `asAssociate`) uses project-level OAuth scopes only and does not apply associate-role permission logic. This means:
+- A buyer could see or modify another BU's data if project scopes are broad.
+- Approval rule enforcement is bypassed.
+- Audit trail (who did what, in which BU) is lost.
+
+**Always use the as-associate path for buyer-facing operations.**
+
+---
+
+## Operations Covered
+
+The as-associate path supports the following resource types (non-exhaustive):
+
+| Resource | Typical Operations |
+|---|---|
+| `carts` | Create, read, update, replicate carts scoped to the BU |
+| `orders` | Place orders from cart, read orders |
+| `orders/quotes` | Create an order from an accepted Quote |
+| `quote-requests` | Create and manage QuoteRequests |
+| `quotes` | Read, accept, decline Quotes |
+| `order-approval-flows` | Approve or reject pending orders |
+| `business-units` | Read BU details, update associates (where permitted) |
+
+---
+
+## REST Equivalent
+
+The SDK chain maps to the following REST path structure:
+
+```
+POST /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/carts
+GET  /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/orders
+POST /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/orders
+POST /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/quote-requests
+POST /as-associate/{associateId}/in-business-unit/key={businessUnitKey}/orders/quotes
+```
+
+---
+
+## Common Mistakes
+
+| Mistake | Consequence |
+|---|---|
+| Using `/carts` instead of `asAssociate().*.carts()` | No associate permission check; any authenticated customer could access any BU's carts if scopes allow. |
+| Omitting `businessUnitKey` from the cart body | Cart may not be associated with the BU, breaking approval rule evaluation. |
+| Using a merchant/admin token for buyer flows | Bypasses all associate-role enforcement; creates audit and security gaps. |
+| Calling approval actions via the standard orders path | Not supported — approval transitions are only available through the as-associate path. |
+
+---
+
+## OAuth Scope
+
+The OAuth token used in as-associate requests should carry:
+- `manage_my_orders:{projectKey}` or `manage_orders:{projectKey}` (depending on whether you use customer tokens or merchant tokens acting on behalf of a customer).
+- For customer-token flows (recommended for buyer-facing apps): use the `customer` OAuth flow so the token is bound to the specific customer, and the platform cross-checks `associateId` against the token's subject.

.agents/plugins/commercetools/skills/commercetools-commerce-patterns/references/as-associate-api.md

@@ -0,0 +1,72 @@
+# B2B Customer Group Pricing
+
+---
+
+## Overview
+
+Customer Groups are the primary mechanism for applying differentiated pricing to B2B buyers in commercetools. They work as one of several **price selection parameters** that the platform evaluates at query time and at line-item addition to select the correct price from a product variant's price list.
+
+---
+
+## Price Selection Parameters
+
+commercetools uses a combination of the following parameters to select a price from the variant's embedded price array:
+
+| Parameter | Notes |
+|---|---|
+| `currencyCode` | Required. Drives which price entry is eligible. |
+| `country` | Optional. Narrows selection to country-specific prices. |
+| `customerGroup` | Optional. Narrows selection to group-specific prices. |
+| `channel` | Optional. Narrows selection to channel-specific prices (e.g. distribution channel). |
+| `priceDate` (`validFrom` / `validTo`) | Optional. Filters prices that are valid at the given point in time. |
+
+These parameters are also known as **price selection criteria**.
+
+---
+
+## How Price Selection Works
+
+### 1. Product Projection Search
+
+If currency and additional price selection parameters are passed in a Product Projection Search request, the platform applies price selection logic and returns the matching price for each product/variant. See the official docs: [Price Selection](https://docs.commercetools.com/api/projects/products#price-selection).
+
+### 2. Cart Line Items
+
+When `addLineItem` is called on a cart, the platform uses the cart's own price selection parameters (`currencyCode`, `country`, `customerGroup`, `channel`) to resolve the price for that line item. For price selection to work correctly:
+
+- The relevant price selection parameters must be set **on the cart** before or at the time line items are added.
+- The Customer Group is typically derived from the customer's profile and propagated to the cart automatically, but it can also be set explicitly.
+
+Reference: [Carts API](https://docs.commercetools.com/api/projects/carts)
+
+### 3. Fallback / Default Price
+
+It is strongly recommended to include a **default price** (one without any customer group, channel, or country constraint) within the variant's pricing model. This serves as a fallback when none of the more specific price selection criteria match, preventing scenarios where no price is resolved.
+
+---
+
+## Customer Group Constraints and Limitations
+
+### Deletion Constraint
+
+A Customer Group **cannot be deleted** while it is still referenced by product pricing entries. Attempting to do so returns an HTTP `400` error with the message:
+
+> "Can not delete a source while it is referenced from at least one 'product'."
+
+**Migration workflow** when replacing a Customer Group:
+1. Create the new Customer Group.
+2. Update all product prices (and any discounts referencing the old group) to reference the new Customer Group.
+3. Delete the old Customer Group once no pricing entries reference it.
+
+### Multiple Groups Per Customer
+
+A Customer can hold **multiple Customer Groups** via `customerGroupAssignments` (up to 500). The legacy single `customerGroup` field still exists but is no longer the only option. Price selection resolves the **best qualifying price across all assigned groups**. If a buyer's pricing tier changes (e.g. they move from "Silver" to "Gold"), update the customer's group assignments accordingly.
+
+---
+
+## B2B Recommendations
+
+- **Segment pricing tiers** using Customer Groups (e.g. `tier-bronze`, `tier-silver`, `tier-gold`, `distributor`, `reseller`).
+- **Always define a base/default price** to avoid null prices for customers not assigned to any group.
+- **Use Channel + Customer Group** together when pricing also varies by distribution channel (e.g. online vs. in-store B2B).
+- **Automate group assignment** as part of the customer onboarding or account management workflow so carts always carry the correct Customer Group from the start.