- Implemented checks for active site in Home, Planner, and Writer dashboards to prevent data fetching when no site is selected.
- Updated API calls to include site_id in requests for better data accuracy.
- Modified user messages to guide users in selecting an active site for insights.
- Introduced new fields in the Content model for source tracking and sync status, including external references and optimization fields.
- Updated the services module to include new content generation and pipeline services for better organization and clarity.
- Set app labels for CreditTransaction and CreditUsageLog models to 'billing'.
- Updated app labels for Tasks, Content, and Images models to 'writer'.
- Changed foreign key references in automation migrations from 'account' to 'tenant' for consistency.
- Registered the new AutomationConfig in the INSTALLED_APPS of settings.py.
- Set the app_label for AutomationRule and ScheduledTask models to 'automation' for better organization and clarity in the database schema.
- Introduced a new scheduled task for executing automation rules every 5 minutes in the Celery beat schedule.
- Updated URL routing to include a new endpoint for automation-related functionalities.
- Refactored imports in various modules to align with the new business layer structure, ensuring backward compatibility for billing models, exceptions, and services.
- Renamed `domain/` to `business/` to better reflect the organization of code by business logic.
- Updated all relevant file paths and references throughout the project to align with the new structure.
- Ensured that all models and services are now located under the `business/` directory, maintaining existing functionality while improving clarity.
- Added a check for the existence of the ModuleEnableSettings table before attempting to retrieve or fixed all phase 0 create settings for an account.
- Implemented logging and a user-friendly error response if the table does not exist, prompting the user to run the necessary migration.
- Updated migration to create the ModuleEnableSettings table using raw SQL to avoid model resolution issues.
- Introduced RefreshTokenView to allow users to refresh their access tokens using a valid refresh token.
- Enhanced LoginView to ensure correct user/account loading and improved error handling during user serialization.
- Updated API response structure to include access and refresh token expiration times.
- Adjusted frontend API handling to support both new and legacy token response formats.
- Middleware should only set request.account, not request.user
- Let DRF authentication handle request.user setting
- This prevents conflicts between middleware and DRF authentication
- Fixes /me endpoint returning wrong user issue
- Restored fallback to user.account when token account_id is missing/invalid
- Restored validation that user.account matches token account_id
- If user's account changed, use user.account (the correct one)
- Matches main branch behavior which has correct config
- Fixes wrong user/account showing issue
- CreditService.check_credits() now bypasses for:
1. System accounts (aws-admin, default-account, default)
2. Developer/admin users (if user provided)
3. Accounts with developer users (fallback for Celery tasks)
- Updated check_credits_legacy() with same bypass logic
- AIEngine credit check now uses updated CreditService
- Fixes 52 console errors caused by credit checks blocking developers
- Developers can now use AI functions without credit restrictions
- Simplified authentication logic to match unified API documentation
- Token's account_id is now the sole source of truth for account context
- Removed validation against user.account (no longer valid per unified API model)
- Middleware now simply extracts account_id from JWT and sets request.account
- Matches documented flow: Extract Account ID → Load Account Object → Set request.account
- Token's account_id is now authoritative for current account context
- For developers/admins: Always use token's account_id (they can access any account)
- For regular users: Verify they belong to token's account, fallback to user.account if not
- This ensures correct account context is set, especially for developers working across accounts
- Fixes bug where wrong user/account was shown after login
- JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data
- Added check to use user's current account if it differs from token's account_id
- This ensures correct user/account is shown even if account changed after token was issued
- Fixes bug where wrong user was displayed after login
- Changed to use get() with DoesNotExist exception handling
- Creates settings only if they don't exist
- Better error handling with traceback
- Fixes 404 'Setting not found' errors
- Updated get_queryset to properly filter by account
- Ensures queryset is account-scoped before list() is called
- Prevents potential conflicts with base class behavior
- Added proper exception handling in list() and retrieve() methods
- Use objects.get_or_create() directly instead of class method
- Added *args, **kwargs to method signatures for DRF compatibility
- Better error messages for debugging
- Fixes 404 'Setting not found' errors
- Updated getAuthToken/getRefreshToken to read from Zustand store first (faster, no parsing delay)
- Added token existence check before making API calls in AppLayout
- Added retry mechanism with 100ms delay to wait for Zustand persist to write token
- Made 403 error handler smarter - only logout if token actually exists (prevents false logouts)
- Fixes issue where user gets logged out immediately after successful login
- Added isAuthenticated check before loading active site
- Prevents 403 errors when user is not logged in
- Only loads sites when user is authenticated
- Silently handles 403 errors (expected when not authenticated)
- Added isAuthenticated check before loading module enable settings
- Prevents 403 errors when user is not logged in
- Only loads settings when user is authenticated and settings aren't already loaded
- Changed permission_classes to get_permissions() method
- Read operations (list, retrieve) now accessible to all authenticated users
- Write operations (update, partial_update) still restricted to admins/owners
- Fixes 403 Forbidden errors when loading module settings in sidebar
- Fixed infinite loop by memoizing moduleEnabled with useCallback
- Fixed useEffect dependencies to prevent re-render loops
- Added loading check to prevent duplicate API calls
- Fixed setState calls to only update when values actually change
- Removed unused import (isModuleEnabled from modules.config)
- Updated Usage page to show only credits and account management limits
- Removed plan operation limit displays (planner, writer, images)
- Added credit costs reference table showing cost per operation type
- Updated limit cards to handle null limits (for current balance display)
- Improved UI to focus on credit-only system
- Created billing/tasks.py with replenish_monthly_credits task
- Task runs on first day of each month at midnight
- Adds plan.included_credits to all active accounts
- Creates CreditTransaction records for audit trail
- Configured in celery.py beat_schedule
- Handles errors gracefully and logs all operations
- Updated limits endpoint to show only credits and account management limits
- Removed all operation limit references (keywords, clusters, content ideas, word count, images)
- Limits endpoint now focuses on credit usage by operation type
- Account management limits (users, sites) still shown
- Removed all operation limit fields from Plan model
- Kept account management limits (max_users, max_sites, etc.)
- Updated PlanSerializer to remove limit fields
- Updated PlanAdmin to remove limit fieldsets
- Created migration to remove limit fields from database
- Plan model now only has credits, billing, and account management fields
