Production quick wins for improved observability and scalability:
Sentry Error Tracking:
- Add sentry-sdk[fastapi] dependency
- Initialize Sentry in main.py with FastAPI/SQLAlchemy integrations
- Add Celery integration for background task error tracking
- Feature-flagged via SENTRY_DSN (disabled when empty)
Cloudflare R2 Storage:
- Add boto3 dependency for S3-compatible API
- Create storage_service.py with StorageBackend abstraction
- LocalStorageBackend for development (default)
- R2StorageBackend for production cloud storage
- Feature-flagged via STORAGE_BACKEND setting
CloudFlare CDN/Proxy:
- Create middleware/cloudflare.py for CF header handling
- Extract real client IP from CF-Connecting-IP
- Support CF-IPCountry for geo features
- Feature-flagged via CLOUDFLARE_ENABLED setting
Documentation:
- Add docs/deployment/cloudflare.md setup guide
- Update infrastructure.md with dev vs prod requirements
- Add enterprise upgrade checklist for scaling beyond 1000 users
- Update installation.md with new environment variables
All features are optional and disabled by default for development.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update Makefile help sections with correct target names (platform-install)
- Add Celery infrastructure section to background-tasks.md
- Update installation.md with Celery setup instructions and environment vars
- Update index.md with comprehensive development commands including Celery
- Add Flower monitoring and task queue commands to docs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Rename second 'install' target to 'platform-install' to avoid conflict
- Add broker_connection_retry_on_startup=True for Celery 6.0 compatibility
- Update install.py references to use 'make platform-install'
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Migrate background tasks from FastAPI BackgroundTasks to Celery with Redis
for persistent task queuing, retries, and scheduled jobs.
Key changes:
- Add Celery configuration with Redis broker/backend
- Create task dispatcher with USE_CELERY feature flag for gradual rollout
- Add Celery task wrappers for all background operations:
- Marketplace imports
- Letzshop historical imports
- Product exports
- Code quality scans
- Test runs
- Subscription scheduled tasks (via Celery Beat)
- Add celery_task_id column to job tables for Flower integration
- Add Flower dashboard link to admin background tasks page
- Update docker-compose.yml with worker, beat, and flower services
- Add Makefile targets: celery-worker, celery-beat, celery-dev, flower
When USE_CELERY=false (default), system falls back to FastAPI BackgroundTasks
for development without Redis dependency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add migration step (Step 0/5) to init-prod to ensure the database
exists before running initialization scripts. This allows init-prod
to be run standalone without requiring migrate-up first.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Rename first 'install' target to 'install-all' to avoid conflict
with the full installation script target at line 120.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Document the media library feature including:
- API endpoints for admin media management
- Media picker component usage in templates
- JavaScript mixin integration guide
- File storage structure and URL paths
- Product image handling (main + additional)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The media library stores uploaded files in the uploads/ directory
but this wasn't being served by FastAPI. Added StaticFiles mount
for /uploads path to serve user-uploaded media files.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The media library returns relative paths like /uploads/... which
don't pass HTML5 url validation. Changed to type="text" to accept
both full URLs and relative paths from the media library.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add success and media fields to MediaUploadResponse
- Add url alias field to MediaItemResponse for JS compatibility
- JS expects response.success and response.media.url
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Prevents form validation from being triggered when clicking
the close button or load more button inside the modal.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add admin media API endpoints for vendor media management
- Create reusable media_picker_modal macro in modals.html
- Create mediaPickerMixin Alpine.js helper for media selection
- Update product create/edit forms with media picker UI
- Support main image + additional images selection
- Add upload functionality within the picker modal
- Update vendor_product_service to handle additional_images
- Add additional_images field to Pydantic schemas
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added title, description, image_url, and additional_images fields to
the product detail API response. These fields extract data from the
proper sources (translations, primary_image_url) for easier UI display.
Fixes image not displaying on product detail page (was using image_url
but API returned primary_image_url).
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The override concept is no longer relevant with the independent copy
architecture. Products are fully independent entities, not inherited
from marketplace products. Removed all Override badges and updated
the info banner text to reflect the new architecture.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added PATCH request method to the shared APIClient class. The method
was missing which caused "apiClient.patch is not a function" error
when saving product edits on the vendor-product-edit page.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add is_digital and product_type columns to Product model
- Remove is_digital/product_type properties that derived from MarketplaceProduct
- Update Create form with translation tabs, GTIN type, sale price, VAT rate, image
- Update Edit form to allow editing is_digital (remove disabled state)
- Add Availability field to Edit form
- Fix Detail page for directly created products (no marketplace source)
- Update vendor_product_service to handle new fields in create/update
- Add VendorProductCreate/Update schema fields for translations and is_digital
- Add unit tests for is_digital column and direct product creation
- Add integration tests for create/update API with new fields
- Create product-architecture.md documenting the independent copy pattern
- Add migration y3d4e5f6g7h8 for is_digital and product_type columns
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add proper media exceptions (MediaNotFoundException, MediaUploadException, etc.)
- Update media service to use exceptions from app/exceptions/media
- Remove direct HTTPException raises from vendor/media.py and vendor/customers.py
- Move db.query from customers API to service layer (get_customer_orders)
- Fix pagination macro call in vendor/media.html template
- Update media.js: add parent init call, PlatformSettings, apiClient.postFormData
- Add try/catch error handling to media.js init method
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add full-text product search in ProductService.search_products()
searching titles, descriptions, SKUs, brands, and GTINs
- Implement complete vendor media library with file uploads,
thumbnails, folders, and product associations
- Implement vendor customers API with listing, details, orders,
statistics, and status management
- Add shop search results UI with pagination and add-to-cart
- Add vendor media library UI with drag-drop upload and grid view
- Add database migration for media_files and product_media tables
- Update TODO file with current launch status (~95% complete)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SMTP connections with no timeout were causing indefinite hangs when
connecting to invalid hosts. Also improved error display template.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Error and success messages were only shown at page top, not visible
when scrolled to Email tab. Now shows feedback directly below button.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
send_raw() returns EmailLog, not boolean - check status=="sent" and
return error_message on failure instead of always reporting success.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Change icon from 'envelope' to 'mail' (envelope not in icons.js)
- Add default query param to GET /admin/settings/{key} endpoint
- Return AdminSettingDefaultResponse instead of 404 when default provided
- Update loadShippingSettings() to use default param for carrier settings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix API-002 in admin/settings.py: use service layer for DB delete
- Fix API-001/API-003 in vendor/email_settings.py: add Pydantic response
models, remove HTTPException raises
- Fix SVC-002/SVC-006 in vendor_email_settings_service.py: use domain
exceptions, change db.commit() to db.flush()
- Add unit tests for VendorEmailSettingsService
- Add integration tests for vendor and admin email settings APIs
- Add user guide (docs/guides/email-settings.md)
- Add developer guide (docs/implementation/email-settings.md)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Use error_state macro in vendor dashboard instead of inline HTML
- Add # authenticated marker to shop profile/addresses endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- JS-005: Add initialization guards to email-templates.js (admin/vendor)
- JS-006: Add try/catch error handling to content-pages.js init
- SVC-006: Move db.commit() from services to endpoints for proper
transaction control in email_template_service and vendor_team_service
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace direct console.error calls with centralized logger pattern
in both admin and vendor email templates JavaScript files.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Technical Documentation:
- docs/development/architecture-fixes-2026-01.md: Complete guide to
all architecture validation fixes (62 -> 0 errors)
User Guides:
- docs/guides/email-templates.md: How-to guide for vendors and admins
to use the email template customization system
Implementation Docs:
- docs/implementation/password-reset-implementation.md: Technical
documentation for the password reset feature
- Updated email-templates-architecture.md with EmailTemplateService
documentation and related links
Bugfix:
- Fixed TemplateListItem Pydantic model to match service output
(languages vs available_languages field name)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Create EmailTemplateService to follow layered architecture:
- Move database queries from API endpoints to service
- Move business logic (validation, resolution) to service
- Reduce architecture violations from 62 to 29 errors
Files:
- app/services/email_template_service.py (new)
- app/api/v1/admin/email_templates.py (refactored)
- app/api/v1/vendor/email_templates.py (refactored)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update implementation docs to reflect completed email system:
- Database models (EmailTemplate, VendorEmailTemplate)
- Email service enhancements (language/template/branding resolution)
- Admin and Vendor API endpoints
- UI features and pages
- Template variables and categories
- Usage examples and file structure
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive email template management for both admin and vendors:
Admin Features:
- Email templates management page at /admin/email-templates
- Edit platform templates with language support (en, fr, de, lb)
- Preview templates with sample variables
- Send test emails
- View email logs per template
Vendor Features:
- Email templates customization page at /vendor/{code}/email-templates
- Override platform templates with vendor-specific versions
- Preview and test customized templates
- Revert to platform defaults
Technical Changes:
- Migration for vendor_email_templates table
- VendorEmailTemplate model with override management
- Enhanced EmailService with language resolution chain
(customer preferred -> vendor preferred -> platform default)
- Branding resolution (Wizamart default, removed for whitelabel)
- Platform-only template protection (billing templates)
- Admin and vendor API endpoints with full CRUD
- Updated seed script with billing and team templates
Files: 22 changed, ~3,900 lines added
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add complete password reset functionality:
Database:
- Add password_reset_tokens migration with token hash, expiry, used_at
- Create PasswordResetToken model with secure token hashing (SHA256)
- One active token per customer (old tokens invalidated on new request)
- 1-hour token expiry for security
API:
- Implement forgot_password endpoint with email lookup
- Implement reset_password endpoint with token validation
- No email enumeration (same response for all requests)
- Password minimum 8 characters validation
Frontend:
- Add reset-password.html template with Alpine.js
- Support for invalid/expired token states
- Success state with login redirect
- Dark mode support
Email:
- Add password_reset email templates (en, fr, de, lb)
- Uses existing EmailService with template rendering
Testing:
- Add comprehensive pytest tests (19 tests)
- Test token creation, validation, expiry, reuse prevention
- Test endpoint success and error cases
Removes critical launch blocker for password reset functionality.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace custom sidebar/icon nav with standard tabs_nav macro
- Add horizontal scroll for mobile (overflow-x-auto)
- Reduce tab spacing on mobile (space-x-4 vs space-x-8 on desktop)
- Content panels now take full width below tabs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add structured API response with business_info, localization, letzshop,
invoice_settings, theme_settings, domains, and stripe_info sections
- Add PUT /vendor/settings/business-info with reset_to_company capability
- Add PUT /vendor/settings/letzshop with validation for tax rates, delivery
- Add 9 settings sections: General, Business Info, Localization, Marketplace,
Invoices, Branding, Domains, API & Payments, Notifications
- Business Info shows "Inherited" badges and Reset buttons for company fields
- Marketplace section includes Letzshop CSV URLs and feed options
- Read-only sections for Invoices, Branding, Domains, API with contact support
- Add globe-alt icon for Domains section
- Document email templates architecture for future implementation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove hardcoded locale fallbacks from templates and ensure all routes
use the proper resolution chain (AdminSetting → Config → Default).
Changes:
- Add get_vendor_context() helper to vendor_pages.py mirroring shop pattern
- Update all vendor routes to use get_vendor_context() with db session
- Update shop routes to pass db session for locale resolution
- Remove hardcoded fallbacks from shop/base.html and vendor/base.html
- Templates now receive pre-resolved locale values from routes
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed {% block page_scripts %} to {% block extra_scripts %} to match
the vendor base template. This was preventing messages.js from loading,
causing all the Alpine.js variable errors (dark, isSideMenuOpen, etc.)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added all vendor page loggers to vendorLoggers config
- Added safe fallback pattern to marketplace.js and dashboard.js
- Logger names now match what JS files expect
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Detects deprecated buttons=[] parameter usage in page_header macro.
Correct API:
- Single button: action_label, action_icon, action_onclick
- Multiple buttons: use page_header_flex with {% call %}
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changed from old buttons=[] parameter to action_label/action_onclick
parameters which are the correct API for page_header macro.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added TPL-013 and TPL-014 rules to detect deprecated macro usage:
TPL-013: Use new pagination macro API
- Detects old parameters: current_page, total_pages, page_numbers, etc.
- New API only accepts show_condition parameter
- Component must provide standardized Alpine.js properties
TPL-014: Use new modal_simple macro API with call block
- Detects {{ modal_simple( instead of {% call modal_simple( %}
- Detects deprecated parameters: icon, confirm_text, confirm_fn, etc.
- New API uses {% call %}...{% endcall %} with content in body
These rules will catch template issues at validation time rather than
at runtime, preventing the TypeError crashes we saw.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The modal_simple macro was simplified to use {% call %}...{% endcall %}
syntax with content passed as the caller block. Updated 5 vendor templates:
- products.html (2 modals: delete, bulk delete)
- orders.html (2 modals: status update, bulk status update)
- inventory.html (3 modals: adjust, set quantity, bulk adjust)
- order-detail.html (2 modals: status update, ship all)
- team.html (2 modals: edit member, remove member)
The new pattern provides more flexibility by allowing custom content
including buttons to be placed inside the modal body.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The pagination macro was updated to use a simplified API that only
accepts show_condition. Updated 4 vendor templates:
- products.html
- orders.html
- inventory.html
- customers.html
The macro now relies on standardized Alpine.js component properties
(pagination.page, totalPages, pageNumbers, etc.) instead of passing
them as macro arguments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Vendor API endpoints use JWT authentication, not URL path parameters.
The vendorCode should only be used for page URLs (navigation), not API calls.
Fixed API paths in 10 vendor JS files:
- analytics.js, customers.js, inventory.js, notifications.js
- order-detail.js, orders.js, products.js, profile.js
- settings.js, team.js
Added architecture rule JS-014 to prevent this pattern from recurring.
Added validation check _check_vendor_api_paths to validate_architecture.py.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
