- Middleware should only set request.account, not request.user
- Let DRF authentication handle request.user setting
- This prevents conflicts between middleware and DRF authentication
- Fixes /me endpoint returning wrong user issue
- Restored fallback to user.account when token account_id is missing/invalid
- Restored validation that user.account matches token account_id
- If user's account changed, use user.account (the correct one)
- Matches main branch behavior which has correct config
- Fixes wrong user/account showing issue
- CreditService.check_credits() now bypasses for:
1. System accounts (aws-admin, default-account, default)
2. Developer/admin users (if user provided)
3. Accounts with developer users (fallback for Celery tasks)
- Updated check_credits_legacy() with same bypass logic
- AIEngine credit check now uses updated CreditService
- Fixes 52 console errors caused by credit checks blocking developers
- Developers can now use AI functions without credit restrictions
- Simplified authentication logic to match unified API documentation
- Token's account_id is now the sole source of truth for account context
- Removed validation against user.account (no longer valid per unified API model)
- Middleware now simply extracts account_id from JWT and sets request.account
- Matches documented flow: Extract Account ID → Load Account Object → Set request.account
- Token's account_id is now authoritative for current account context
- For developers/admins: Always use token's account_id (they can access any account)
- For regular users: Verify they belong to token's account, fallback to user.account if not
- This ensures correct account context is set, especially for developers working across accounts
- Fixes bug where wrong user/account was shown after login
- JWTAuthentication now uses select_related('account', 'account__plan') to get fresh user data
- Added check to use user's current account if it differs from token's account_id
- This ensures correct user/account is shown even if account changed after token was issued
- Fixes bug where wrong user was displayed after login
- Changed to use get() with DoesNotExist exception handling
- Creates settings only if they don't exist
- Better error handling with traceback
- Fixes 404 'Setting not found' errors
- Updated get_queryset to properly filter by account
- Ensures queryset is account-scoped before list() is called
- Prevents potential conflicts with base class behavior
- Added proper exception handling in list() and retrieve() methods
- Use objects.get_or_create() directly instead of class method
- Added *args, **kwargs to method signatures for DRF compatibility
- Better error messages for debugging
- Fixes 404 'Setting not found' errors
- Changed permission_classes to get_permissions() method
- Read operations (list, retrieve) now accessible to all authenticated users
- Write operations (update, partial_update) still restricted to admins/owners
- Fixes 403 Forbidden errors when loading module settings in sidebar
- Fixed infinite loop by memoizing moduleEnabled with useCallback
- Fixed useEffect dependencies to prevent re-render loops
- Added loading check to prevent duplicate API calls
- Fixed setState calls to only update when values actually change
- Removed unused import (isModuleEnabled from modules.config)
- Created billing/tasks.py with replenish_monthly_credits task
- Task runs on first day of each month at midnight
- Adds plan.included_credits to all active accounts
- Creates CreditTransaction records for audit trail
- Configured in celery.py beat_schedule
- Handles errors gracefully and logs all operations
- Updated limits endpoint to show only credits and account management limits
- Removed all operation limit references (keywords, clusters, content ideas, word count, images)
- Limits endpoint now focuses on credit usage by operation type
- Account management limits (users, sites) still shown
- Removed all operation limit fields from Plan model
- Kept account management limits (max_users, max_sites, etc.)
- Updated PlanSerializer to remove limit fields
- Updated PlanAdmin to remove limit fieldsets
- Created migration to remove limit fields from database
- Plan model now only has credits, billing, and account management fields
- Created ModuleEnableSettingsSerializer
- Created ModuleEnableSettingsViewSet with get_or_create logic
- Added URL routing for module enable settings
- One record per account, auto-created on first access
- Created ModuleEnableSettings model with enabled flags for all modules
- Added migration for ModuleEnableSettings
- Updated imports across system module files
- Updated CREDIT_COSTS to match Phase 0 spec (flat structure)
- Added get_credit_cost() method to CreditService
- Updated check_credits() to accept operation_type and amount
- Added deduct_credits_for_operation() convenience method
- Updated AI Engine to check credits BEFORE AI call
- Updated AI Engine to deduct credits AFTER successful execution
- Added helper methods for operation type mapping and amount calculation
- Removed hardcoded model defaults and the MODEL_CONFIG dictionary.
- Updated get_model_config() to require an account parameter and raise clear errors if IntegrationSettings are not configured.
- Eliminated unused helper functions: get_model(), get_max_tokens(), and get_temperature().
- Improved error handling to provide specific messages for missing account or model configurations.
- Cleaned up orphan exports in __init__.py to maintain a streamlined codebase.
- Added error type handling in AIEngine for better error categorization during model configuration and execution.
- Updated _handle_error method to accept and log error types.
- Improved ResourceDebugOverlay to silently ignore 404 responses from the metrics endpoint, preventing unnecessary logging and retries.
- Refactored authStore to utilize fetchAPI for automatic token handling and improved error logging without throwing exceptions.
- Added site_id and sector_id query parameter support in ImagesViewSet for filtering content and task-linked images.
- Implemented event listeners in the Images component to refresh data on site and sector changes.
- Updated image prompt handling to allow undefined values.
- Simplify request data handling in the 'IntegrationSettingsViewSet' by removing unnecessary try-except blocks and improving clarity.
- Enhance API key retrieval logic with better fallback mechanisms for account settings.
- Implement detailed error mapping for OpenAI API responses, ensuring appropriate HTTP status codes are returned based on the response received.
- Update logging for improved visibility during account and settings lookups.
- Exclude the 'MeView' endpoint from public API documentation, marking it as an internal authenticated endpoint.
- Enhance error handling in the 'IntegrationSettingsViewSet' to gracefully manage empty request data and improve logging for account and settings lookups.
- Update API key retrieval logic to ensure fallback mechanisms are more robust and informative.
- Refactor user data fetching in the auth store to utilize a unified API system, improving error handling and data consistency.
- Remove _default_model initialization and attribute
- Remove Django settings fallback for model (lines 89-90)
- Remove model loading from IntegrationSettings in _load_account_settings()
- Update run_ai_request() to require model parameter (not Optional)
- Add model validation at start of run_ai_request()
- Deprecate get_model() method (raises error with helpful message)
- Update error handling to use provided model (no fallback)
- Simplify debug logging (removed model_from_settings comparison)
- Add REFACTORING-PLAN.md: Plan to remove MODEL_CONFIG and Django settings fallbacks
- Add ORPHAN-CODE-AUDIT.md: Audit of unused code and exports
- Update CHANGELOG.md: Document API Standard v1.0 completion
- Update documentation files
- Introduced a new public health check endpoint at `api/ping/` to verify API responsiveness.
- Refactored integration response handling to utilize a unified success and error response format across various methods in `IntegrationSettingsViewSet`, improving consistency and clarity in API responses.
- Updated URL patterns to include the new ping endpoint and adjusted imports accordingly.
