feat: add SQL query tool, platform debug, loyalty settings, and multi-module improvements

- Add admin SQL query tool with saved queries, schema explorer presets,
  and collapsible category sections (dev_tools module)
- Add platform debug tool for admin diagnostics
- Add loyalty settings page with owner-only access control
- Fix loyalty settings owner check (use currentUser instead of window.__userData)
- Replace HTTPException with AuthorizationException in loyalty routes
- Expand loyalty module with PIN service, Apple Wallet, program management
- Improve store login with platform detection and multi-platform support
- Update billing feature gates and subscription services
- Add store platform sync improvements and remove is_primary column
- Add unit tests for loyalty (PIN, points, stamps, program services)
- Update i18n translations across dev_tools locales

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/loyalty/routes/api/platform.py

@@ -11,6 +11,7 @@ Platform endpoints for:
 import logging
 
 from fastapi import APIRouter, Depends, Header, Path, Response
+from pydantic import BaseModel, Field
 from sqlalchemy.orm import Session
 
 from app.core.database import get_db
@@ -92,8 +93,14 @@ def download_apple_pass(
 # =============================================================================
 
 
+class AppleRegisterDeviceRequest(BaseModel):
+    """Request body for Apple device registration."""
+    push_token: str = Field(..., alias="pushToken")
+
+
 @platform_router.post("/apple/v1/devices/{device_id}/registrations/{pass_type_id}/{serial_number}")
 def register_device(
+    body: AppleRegisterDeviceRequest,
     device_id: str = Path(...),
     pass_type_id: str = Path(...),
     serial_number: str = Path(...),
@@ -111,10 +118,7 @@ def register_device(
     # Verify auth token (raises InvalidAppleAuthTokenException if invalid)
     apple_wallet_service.verify_auth_token(card, authorization)
 
-    # Get push token from request body
-    # Note: In real implementation, parse the JSON body for pushToken
-    # For now, use device_id as a placeholder
-    apple_wallet_service.register_device_safe(db, card, device_id, device_id)
+    apple_wallet_service.register_device_safe(db, card, device_id, body.pushToken)
     return Response(status_code=201)
 
 

app/modules/loyalty/routes/api/store.py

@@ -20,6 +20,7 @@ from sqlalchemy.orm import Session
 
 from app.api.deps import get_current_store_api, require_module_access
 from app.core.database import get_db
+from app.exceptions.base import AuthorizationException
 from app.modules.enums import FrontendType
 from app.modules.loyalty.schemas import (
     CardDetailResponse,
@@ -40,8 +41,10 @@ from app.modules.loyalty.schemas import (
     PointsRedeemResponse,
     PointsVoidRequest,
     PointsVoidResponse,
+    ProgramCreate,
     ProgramResponse,
     ProgramStatsResponse,
+    ProgramUpdate,
     StampRedeemRequest,
     StampRedeemResponse,
     StampRequest,
@@ -104,6 +107,52 @@ def get_program(
     return response
 
 
+@router.post("/program", response_model=ProgramResponse, status_code=201)
+def create_program(
+    data: ProgramCreate,
+    current_user: User = Depends(get_current_store_api),
+    db: Session = Depends(get_db),
+):
+    """Create a loyalty program (merchant_owner only)."""
+    if current_user.role != "merchant_owner":
+        raise AuthorizationException("Only merchant owners can create programs")
+
+    store_id = current_user.token_store_id
+    merchant_id = get_store_merchant_id(db, store_id)
+
+    program = program_service.create_program(db, merchant_id, data)
+
+    response = ProgramResponse.model_validate(program)
+    response.is_stamps_enabled = program.is_stamps_enabled
+    response.is_points_enabled = program.is_points_enabled
+    response.display_name = program.display_name
+
+    return response
+
+
+@router.put("/program", response_model=ProgramResponse)
+def update_program(
+    data: ProgramUpdate,
+    current_user: User = Depends(get_current_store_api),
+    db: Session = Depends(get_db),
+):
+    """Update the merchant's loyalty program (merchant_owner only)."""
+    if current_user.role != "merchant_owner":
+        raise AuthorizationException("Only merchant owners can update programs")
+
+    store_id = current_user.token_store_id
+
+    program = program_service.require_program_by_store(db, store_id)
+    program = program_service.update_program(db, program.id, data)
+
+    response = ProgramResponse.model_validate(program)
+    response.is_stamps_enabled = program.is_stamps_enabled
+    response.is_points_enabled = program.is_points_enabled
+    response.display_name = program.display_name
+
+    return response
+
+
 @router.get("/stats", response_model=ProgramStatsResponse)
 def get_stats(
     current_user: User = Depends(get_current_store_api),

app/modules/loyalty/routes/pages/store.py

@@ -208,6 +208,32 @@ async def store_loyalty_stats(
     )
 
 
+# ============================================================================
+# SETTINGS (Merchant Owner)
+# ============================================================================
+
+
+@router.get(
+    "/loyalty/settings",
+    response_class=HTMLResponse,
+    include_in_schema=False,
+)
+async def store_loyalty_settings(
+    request: Request,
+    store_code: str = Depends(get_resolved_store_code),
+    current_user: User = Depends(get_current_store_from_cookie_or_header),
+    db: Session = Depends(get_db),
+):
+    """
+    Render loyalty program settings page.
+    Allows merchant owners to create or edit their loyalty program.
+    """
+    return templates.TemplateResponse(
+        "loyalty/store/settings.html",
+        get_store_context(request, db, current_user, store_code),
+    )
+
+
 # ============================================================================
 # ENROLLMENT
 # ============================================================================