- Simplified authentication logic to match unified API documentation
- Token's account_id is now the sole source of truth for account context
- Removed validation against user.account (no longer valid per unified API model)
- Middleware now simply extracts account_id from JWT and sets request.account
- Matches documented flow: Extract Account ID → Load Account Object → Set request.account
- Token's account_id is now authoritative for current account context
- For developers/admins: Always use token's account_id (they can access any account)
- For regular users: Verify they belong to token's account, fallback to user.account if not
- This ensures correct account context is set, especially for developers working across accounts
- Fixes bug where wrong user/account was shown after login
- JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data
- Added check to use user's current account if it differs from token's account_id
- This ensures correct user/account is shown even if account changed after token was issued
- Fixes bug where wrong user was displayed after login
- Changed to use get() with DoesNotExist exception handling
- Creates settings only if they don't exist
- Better error handling with traceback
- Fixes 404 'Setting not found' errors
- Updated get_queryset to properly filter by account
- Ensures queryset is account-scoped before list() is called
- Prevents potential conflicts with base class behavior
- Added proper exception handling in list() and retrieve() methods
- Use objects.get_or_create() directly instead of class method
- Added *args, **kwargs to method signatures for DRF compatibility
- Better error messages for debugging
- Fixes 404 'Setting not found' errors
- Updated getAuthToken/getRefreshToken to read from Zustand store first (faster, no parsing delay)
- Added token existence check before making API calls in AppLayout
- Added retry mechanism with 100ms delay to wait for Zustand persist to write token
- Made 403 error handler smarter - only logout if token actually exists (prevents false logouts)
- Fixes issue where user gets logged out immediately after successful login
- Added isAuthenticated check before loading active site
- Prevents 403 errors when user is not logged in
- Only loads sites when user is authenticated
- Silently handles 403 errors (expected when not authenticated)
- Added isAuthenticated check before loading module enable settings
- Prevents 403 errors when user is not logged in
- Only loads settings when user is authenticated and settings aren't already loaded
- Changed permission_classes to get_permissions() method
- Read operations (list, retrieve) now accessible to all authenticated users
- Write operations (update, partial_update) still restricted to admins/owners
- Fixes 403 Forbidden errors when loading module settings in sidebar
- Fixed infinite loop by memoizing moduleEnabled with useCallback
- Fixed useEffect dependencies to prevent re-render loops
- Added loading check to prevent duplicate API calls
- Fixed setState calls to only update when values actually change
- Removed unused import (isModuleEnabled from modules.config)
- Updated Usage page to show only credits and account management limits
- Removed plan operation limit displays (planner, writer, images)
- Added credit costs reference table showing cost per operation type
- Updated limit cards to handle null limits (for current balance display)
- Improved UI to focus on credit-only system
- Created billing/tasks.py with replenish_monthly_credits task
- Task runs on first day of each month at midnight
- Adds plan.included_credits to all active accounts
- Creates CreditTransaction records for audit trail
- Configured in celery.py beat_schedule
- Handles errors gracefully and logs all operations
- Updated limits endpoint to show only credits and account management limits
- Removed all operation limit references (keywords, clusters, content ideas, word count, images)
- Limits endpoint now focuses on credit usage by operation type
- Account management limits (users, sites) still shown
- Removed all operation limit fields from Plan model
- Kept account management limits (max_users, max_sites, etc.)
- Updated PlanSerializer to remove limit fields
- Updated PlanAdmin to remove limit fieldsets
- Created migration to remove limit fields from database
- Plan model now only has credits, billing, and account management fields
- Updated AppSidebar to filter out disabled modules from navigation
- Added ModuleGuard to all module routes (planner, writer, thinker, automation)
- Modules now dynamically appear/disappear based on enable settings
- Routes are protected and redirect to settings if module is disabled
- Created ModuleGuard component to protect routes based on module status
- Implemented Modules.tsx page with toggle switches for all modules
- Fixed Switch component onChange prop type
- Module enable/disable UI fully functional
- Created modules.config.ts with module definitions
- Added ModuleEnableSettings API functions
- Updated settingsStore with module enable settings support
- Added isModuleEnabled helper method
- Created ModuleEnableSettingsSerializer
- Created ModuleEnableSettingsViewSet with get_or_create logic
- Added URL routing for module enable settings
- One record per account, auto-created on first access
- Created ModuleEnableSettings model with enabled flags for all modules
- Added migration for ModuleEnableSettings
- Updated imports across system module files
- Updated CREDIT_COSTS to match Phase 0 spec (flat structure)
- Added get_credit_cost() method to CreditService
- Updated check_credits() to accept operation_type and amount
- Added deduct_credits_for_operation() convenience method
- Updated AI Engine to check credits BEFORE AI call
- Updated AI Engine to deduct credits AFTER successful execution
- Added helper methods for operation type mapping and amount calculation
- Created a new `docs/planning/` directory to better organize architecture and implementation planning documents.
- Moved existing planning documents into the new directory for improved accessibility.
- Updated `README.md` to reflect the new document structure and added references to the organized planning documents.
- Enhanced overall documentation management for easier navigation and maintenance.
- Introduced a new Site Integration API structure to support multiple platforms (WordPress, Shopify).
- Added credit-based usage system, removing previous plan limits and implementing a credit cost structure for various operations.
- Updated Site model to include new fields for integration and hosting types.
- Enhanced publishing workflow to support multi-destination publishing and integration adapters.
- Created docs/API-COMPLETE-REFERENCE.md as single source of truth
- Removed redundant API documentation files:
- docs/API-DOCUMENTATION.md
- docs/DOCUMENTATION-SUMMARY.md
- docs/README.md
- unified-api/API-ENDPOINTS-ANALYSIS.md
- unified-api/API-STANDARD-v1.0.md
- Updated main README.md with API documentation section
- Updated CHANGELOG.md with documentation consolidation details
- Removed hardcoded model defaults and the MODEL_CONFIG dictionary.
- Updated get_model_config() to require an account parameter and raise clear errors if IntegrationSettings are not configured.
- Eliminated unused helper functions: get_model(), get_max_tokens(), and get_temperature().
- Improved error handling to provide specific messages for missing account or model configurations.
- Cleaned up orphan exports in __init__.py to maintain a streamlined codebase.
- Added error type handling in AIEngine for better error categorization during model configuration and execution.
- Updated _handle_error method to accept and log error types.
- Improved ResourceDebugOverlay to silently ignore 404 responses from the metrics endpoint, preventing unnecessary logging and retries.
- Refactored authStore to utilize fetchAPI for automatic token handling and improved error logging without throwing exceptions.
- Added site_id and sector_id query parameter support in ImagesViewSet for filtering content and task-linked images.
- Implemented event listeners in the Images component to refresh data on site and sector changes.
- Updated image prompt handling to allow undefined values.
- Simplify request data handling in the 'IntegrationSettingsViewSet' by removing unnecessary try-except blocks and improving clarity.
- Enhance API key retrieval logic with better fallback mechanisms for account settings.
- Implement detailed error mapping for OpenAI API responses, ensuring appropriate HTTP status codes are returned based on the response received.
- Update logging for improved visibility during account and settings lookups.
- Exclude the 'MeView' endpoint from public API documentation, marking it as an internal authenticated endpoint.
- Enhance error handling in the 'IntegrationSettingsViewSet' to gracefully manage empty request data and improve logging for account and settings lookups.
- Update API key retrieval logic to ensure fallback mechanisms are more robust and informative.
- Refactor user data fetching in the auth store to utilize a unified API system, improving error handling and data consistency.
- Remove _default_model initialization and attribute
- Remove Django settings fallback for model (lines 89-90)
- Remove model loading from IntegrationSettings in _load_account_settings()
- Update run_ai_request() to require model parameter (not Optional)
- Add model validation at start of run_ai_request()
- Deprecate get_model() method (raises error with helpful message)
- Update error handling to use provided model (no fallback)
- Simplify debug logging (removed model_from_settings comparison)
- Add REFACTORING-PLAN.md: Plan to remove MODEL_CONFIG and Django settings fallbacks
- Add ORPHAN-CODE-AUDIT.md: Audit of unused code and exports
- Update CHANGELOG.md: Document API Standard v1.0 completion
- Update documentation files
- Introduced a new public health check endpoint at `api/ping/` to verify API responsiveness.
- Refactored integration response handling to utilize a unified success and error response format across various methods in `IntegrationSettingsViewSet`, improving consistency and clarity in API responses.
- Updated URL patterns to include the new ping endpoint and adjusted imports accordingly.
