The rules JS-005 (init guard), JS-006 (async error handling), JS-007
(loading state), JS-008 (apiClient vs fetch), and JS-009 (Utils.showToast)
were defined in _validate_js_file() but never called. Added these checks
to the main JavaScript validation loop.
This reveals 89 existing violations that need to be addressed.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replaced custom apiGet/apiPost/apiDelete methods with apiClient calls.
The apiClient automatically handles JWT authentication from cookies,
fixing 401 Unauthorized errors on billing API endpoints.
Also replaced showNotification with Utils.showToast for consistency
with JS-009 architecture rule.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The JS-003 architecture rule only matches function names starting with
admin*, vendor*, or shop*. Renamed billingData() to vendorBilling() to
follow the vendor JS naming convention and ensure future violations are
caught by architecture validation.
Also added currentPage: 'billing' for JS-004 compliance.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Extended TPL-009 architecture rule to check vendor templates for invalid
block names (was only checking admin templates)
- Fixed billing.js to inherit base Alpine data via ...data() spread,
resolving undefined errors for dark, isSideMenuOpen, vendorCode
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add missing icons: x-mark, paint-brush, arrow-trending-up,
puzzle-piece, arrow-down-tray, exclamation-triangle
- Fix billing.html to use correct block name (extra_scripts
instead of scripts) so billing.js loads properly
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The feature_gate.html macro file had nested {# #} comments in the
documentation block which broke Jinja2 parsing. Nested comments
are not supported in Jinja2 - the inner {# was interpreted as
closing the outer comment, causing the example code to execute.
Removed Jinja2 syntax from the documentation examples to prevent
parsing issues.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace window.apiClient with apiClient in feature-store.js (JS-002)
- Replace window.apiClient with apiClient in upgrade-prompts.js (JS-002)
- Replace inline SVGs with $icon() helper in features.html (FE-002)
- Add check-circle-filled icon to icons.js
Architecture validation now passes with 0 errors, 0 warnings.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add comprehensive unit tests for FeatureService (24 tests)
- Add comprehensive unit tests for UsageService (11 tests)
- Fix API-002/API-003 architecture violations in feature/usage APIs
- Move database queries from API layer to service layer
- Create UsageService for usage and limits management
- Create custom exceptions (FeatureNotFoundError, TierNotFoundError)
- Fix ValidationException usage in content_pages.py
- Refactor vendor features API to use proper response models
- All 35 new tests passing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement database-driven feature gating with contextual upgrade prompts:
- Add Feature model with 30 features across 8 categories
- Create FeatureService with caching for tier-based feature checking
- Add @require_feature decorator and RequireFeature dependency for backend enforcement
- Create vendor features API (6 endpoints) and admin features API
- Add Alpine.js feature store and upgrade prompts store for frontend
- Create Jinja macros: feature_gate, feature_locked, limit_warning, usage_bar
- Add usage API for tracking orders/products/team limits with upgrade info
- Fix Stripe webhook to create VendorAddOn records on addon purchase
- Integrate upgrade prompts into vendor dashboard with tier badge and usage bars
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add routes for vendor content pages list, create, and edit
- Create content-pages.html with tabs for Platform Defaults and My Pages
- Create content-page-edit.html for creating/editing pages
- Add JavaScript for both list and edit views
- Add "Content Pages" link to vendor sidebar under new "Shop" section
- Add show_in_legal field to vendor content pages API schemas
- Platform Defaults tab shows pages that can be overridden
- My Pages tab shows vendor's custom pages and overrides
Vendors can now:
- View platform default pages and override them with custom content
- Create entirely new custom pages for their shop
- Manage navigation placement (header, footer, legal)
- Publish/unpublish pages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add VENDOR_CONTENT_PAGES config with custom About, Contact, FAQ pages
- WizaMart: custom About and Contact pages
- Fashion Hub: custom About page
- Book Store: custom About and FAQ pages
- Create create_demo_vendor_content_pages() function
- Add ContentPage to reset cleanup (vendor pages only)
- Show content page counts in seeding summary
Demonstrates the CMS vendor override feature where vendors can
customize platform default pages with their own branding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /admin/content-pages/vendor endpoint for vendor overrides
- Update JS to use /vendor or /platform endpoint based on vendor selection
- Platform endpoint forces vendor_id=None, vendor endpoint requires vendor_id
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Escape hyphen in regex pattern to fix Firefox regexp validation error
- Fix vendor API response parsing (use data.vendors instead of data.items)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace console.log/error calls with onboardingLog in handleLogout
function to comply with architecture rules.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Load vendors dynamically in content page editor dropdown
- Add show_in_legal field to default content pages seed script
- Set privacy and terms pages to show_in_legal=true, show_in_footer=false
- Update page creation in seed script to use show_in_legal
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change rounded to rounded-full for pill appearance
- Add font-medium for better readability
- Improve dark mode colors with semi-transparent backgrounds
- Use lighter text colors in dark mode for better contrast
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add amber-colored "Legal" badge in the Navigation column to show pages
marked with show_in_legal=true alongside existing Header and Footer badges.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add "Show in Legal" checkbox to content page editor UI
- Update API schemas (ContentPageCreate, ContentPageUpdate, ContentPageResponse)
- Add show_in_legal parameter to service methods (create_page, update_page, etc.)
- Fix ContentPageNotFoundException to pass identifier correctly
- Fix UnauthorizedContentPageAccessException to use correct AuthorizationException API
- Add comprehensive unit tests for ContentPageService (35 tests)
- Add content page fixtures for testing
- Update CMS documentation with navigation categories diagram
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add third placement category for content pages that appear in the
bottom bar alongside the copyright notice (Privacy Policy, Terms, etc.):
Model changes:
- Add show_in_legal boolean field to ContentPage model
- Add to to_dict() serialization
Service changes:
- Add legal_only filter to list_pages_for_vendor()
Platform changes:
- Fetch legal_pages in get_platform_context()
- Update base.html to render legal_pages dynamically
- Fallback to hardcoded links if no CMS pages configured
Migration:
- Add column with default=False
- Auto-set show_in_legal=True for privacy and terms pages
Categories:
- show_in_header: Top navigation
- show_in_footer: Quick Links column
- show_in_legal: Bottom bar with copyright (NEW)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update platform homepage to dynamically load header and footer navigation
from the CMS content pages instead of hardcoded values:
- Import content_page_service in platform_pages.py
- Update get_platform_context() to fetch pages with show_in_header=True
and show_in_footer=True from the database
- Add generic /{slug} route to serve CMS content pages (about, contact,
faq, privacy, terms, etc.)
- Platform pages use vendor_id=None for platform-wide defaults
Pages can be managed via Admin > Content Pages with:
- show_in_header: Display in header navigation
- show_in_footer: Display in footer quick links
- display_order: Control menu ordering
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive deployment documentation for bare-metal deployment
using GitLab CI/CD to DigitalOcean, including:
- Server setup with deploy user
- PostgreSQL database configuration
- systemd service and Nginx reverse proxy
- HTTPS with Let's Encrypt
- Complete CI/CD pipeline with test, build, and deploy stages
- Environment variables and security recommendations
- Troubleshooting guide
Also remove .env from git tracking (was accidentally committed before
being added to .gitignore).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The vendor orders API endpoint was passing customer_id to the service
but the service method didn't accept it, causing a TypeError.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The onboarding page was a standalone page with no way to log out,
leaving users stuck. Added:
- Logout button in the header
- handleLogout() function to clear vendor tokens and redirect to login
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix admin header.html logout to not use localStorage.clear()
which was clearing vendor/customer tokens too
- Add tests for signup access_token generation
- Test that token is returned in response
- Test that token can authenticate API calls
- Test that vendor_token cookie is set
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This fixes the "Authorization header required for API calls" error during
vendor onboarding after signup.
Changes:
- Generate JWT access token on signup completion
- Set vendor_token cookie for page navigation
- Return access_token in signup response for localStorage
- Store vendor_token in localStorage after signup completion
- Make clearTokens() context-aware to prevent cross-portal interference
- Fix vendor logout to not clear admin/customer tokens
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added billing and shipping address fields to Order test fixtures
to fix NOT NULL constraint errors.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New test files:
- test_onboarding_service.py: 30 tests for vendor onboarding flow
- test_team_service.py: 11 tests for team management
- test_capacity_forecast_service.py: 14 tests for capacity forecasting
- test_i18n.py: 50+ tests for internationalization
- test_money.py: 37 tests for money handling utilities
Coverage improved from 67.09% to 69.06%
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Extended path-based token selection to include customer tokens:
- /shop/* routes now use customer_token
- Fallback order: admin_token || vendor_token || customer_token
This ensures the correct token is used when logged into multiple
portals (admin, vendor, customer) simultaneously.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The apiClient.getToken() now detects the current path to select
the appropriate token:
- /vendor/* routes use vendor_token
- /admin/* routes use admin_token
This fixes the "Vendor access only" error when logged in as both
admin and vendor in different browser tabs.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Onboarding fixes:
- Add missing background task trigger for order sync (step 4)
- Import process_historical_import task in onboarding API
GitLab migration:
- Update audit rules to support both GitHub and GitLab paths
- Add .gitlab-ci.yml with lint, test, security, build stages
- Add merge request template (.gitlab/merge_request_templates/default.md)
- Update validate_audit.py to check for GitLab equivalents
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove redundant 1/4 progress counter from header
- Make step indicators mobile-friendly (smaller circles, hidden labels)
- Add CSV URL help text pointing to Letzshop Admin > API > Export Products
- Fix AttributeError in order sync progress (use correct model attributes)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add language selector with English, French, and German translations
- Fix API key help text to reference Letzshop Support team
- Update shop slug input with URL prefix and clearer example
- Fix step validation bug by adding db.commit() to all POST endpoints
- Translate all form labels, buttons, and messages
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Include static/vendor/js and static/shared/js in JS validation
- Fix onboarding.js: use apiClient (not window.apiClient), use logger
- Fix onboarding.js: use relative paths (not /api/v1/ prefix)
- Add noqa comments for standalone pages (login, onboarding)
- Add ...data() to messages.js for layout inheritance
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Email logs are side effects that need immediate persistence,
so db.commit() is intentional in these cases.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes JavaScript error "can't access property 'get', window.apiClient is undefined"
by following the codebase pattern where apiClient is accessed directly as a global
variable rather than via window object.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create onboarding-specific exceptions (OnboardingNotFoundException, etc.)
- Remove HTTPException usage from API endpoints per architecture rules
- Let exceptions propagate to global handler
- Add 12 integration tests for onboarding API endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implement 4-step onboarding flow for new vendors after signup:
- Step 1: Company profile setup
- Step 2: Letzshop API configuration with connection testing
- Step 3: Product & order import CSV URL configuration
- Step 4: Historical order sync with progress bar
Key features:
- Blocks dashboard access until completed
- Step indicators with visual progress
- Resume capability (progress persisted in DB)
- Admin skip capability for support cases
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements a comprehensive email system with:
- Multi-provider support (SMTP, SendGrid, Mailgun, Amazon SES)
- Database-stored templates with i18n (EN, FR, DE, LB)
- Jinja2 template rendering with variable interpolation
- Email logging for debugging and compliance
- Debug mode for development (logs instead of sending)
- Welcome email integration in signup flow
New files:
- models/database/email.py: EmailTemplate and EmailLog models
- app/services/email_service.py: Provider abstraction and service
- scripts/seed_email_templates.py: Template seeding script
- tests/unit/services/test_email_service.py: 28 unit tests
- docs/features/email-system.md: Complete documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add orders_per_month, team_members, and is_enterprise to tier data
passed to the signup template.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add red asterisk (*) to all mandatory fields in Step 3
- Add "Required fields" legend at top of form
- Fields marked: First Name, Last Name, Company Name, Email, Password
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
