igny8/CHANGELOG.md

# Changelog

All notable changes to the IGNY8 platform will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

---

## 📋 Changelog Management

**IMPORTANT**: This changelog is only updated after user confirmation that a fix or feature is complete and working.

### Changelog Structure

Each entry follows this format:
- **Version**: Semantic versioning (MAJOR.MINOR.PATCH)
- **Date**: YYYY-MM-DD format
- **Type**: Added, Changed, Fixed, Deprecated, Removed, Security
- **Description**: Clear description of the change
- **Affected Areas**: Modules, components, or features affected

---

## [1.0.1] - 2025-11-24

### Changed

#### WordPress Integration - Authentication Modernization
- **Simplified authentication to API key only** across WordPress plugin and Django backend
  - Removed webhook secret/signature validation in favor of direct API key authentication
  - Updated `class-igny8-webhooks.php` to validate `X-IGNY8-API-KEY` or `Authorization: Bearer` headers
  - Modified Django `views.py` validator to require only `api_key` in `credentials_json` for new WordPress integrations
  - Files changed:
    - `igny8-wp-integration/includes/class-igny8-webhooks.php`
    - `igny8/backend/igny8_core/modules/integration/views.py`

- **Implemented 3-state connection model** for clearer integration status tracking
  - States: `not_connected` (no API key), `configured` (API key + integration_id), `connected` (structure synced)
  - Added `igny8_get_connection_state()` helper function
  - Files changed:
    - `igny8-wp-integration/includes/functions.php`
    - `igny8-wp-integration/admin/settings.php`

### Added

#### WordPress Integration - Enhanced Logging & Filtering
- **Safe logging functions** that filter sensitive data (api_key, password, secret, token)
  - Added `igny8_log_connection_state()` for connection state transitions
  - Added `igny8_log_sync()` for sync operations with context tracking
  - Enhanced `igny8_sync_site_structure_to_backend()` with detailed operation logging
  - Files changed:
    - `igny8-wp-integration/includes/functions.php`

- **Product attribute filtering** to sync only IGNY8-created WooCommerce attributes
  - Filters product attribute terms by `igny8_origin = 'igny8_app'` term meta
  - Applies to taxonomies starting with `pa_` prefix
  - Files changed:
    - `igny8-wp-integration/data/site-collection.php`

### Removed

#### WordPress Integration - Legacy Authentication
- **Removed webhook secret authentication** from WordPress plugin
  - Deleted `igny8_get_webhook_secret()` and `igny8_regenerate_webhook_secret()` functions
  - Removed webhook secret UI from admin settings page
  - Removed HMAC-SHA256 signature validation from webhook handler
  - Files changed:
    - `igny8-wp-integration/includes/functions.php`
    - `igny8-wp-integration/includes/class-igny8-webhooks.php`
    - `igny8-wp-integration/admin/settings.php`

### Security

#### WordPress Integration
- **Upgraded authentication security** by consolidating to single API key method
  - Eliminated webhook signature complexity and potential timing attack vectors
  - Implemented constant-time comparison for API key validation using `hash_equals()`
  - All incoming webhook requests now require valid API key in headers
  - Files affected:
    - `igny8-wp-integration/includes/class-igny8-webhooks.php`
    - `igny8-wp-integration/includes/class-igny8-rest-api.php`

---

## [1.0.0] - 2025-11-24

### Added

#### Backend Core
- **Multi-Tenancy System**
  - Complete account isolation with Account → Site → Sector hierarchy
  - User roles: Developer, Owner, Admin, Editor, Viewer, System Bot
  - Automatic account filtering via `AccountContextMiddleware`
  - Base classes: `AccountModelViewSet` and `SiteSectorModelViewSet`
  - Account isolation at database level with ForeignKey relationships

- **Authentication & Authorization**
  - JWT token authentication with PyJWT 2.8+
  - 15-minute access token expiry
  - Refresh token support
  - API key authentication for WordPress integration
  - Permission classes: `IsAuthenticatedAndActive`, `HasTenantAccess`, `IsEditorOrAbove`, `IsAdminOrOwner`
  - Role-based access control matrix

- **Planner Module** (`modules/planner/`)
  - Keywords model with search volume, difficulty, intent tracking
  - Clusters model with many-to-many keyword relationships
  - ContentIdeas model linked to clusters
  - AI-powered keyword clustering via `auto_cluster` function
  - AI-powered content idea generation via `generate_ideas` function
  - Bulk keyword import (CSV and manual)
  - ViewSets: `KeywordViewSet`, `ClusterViewSet`, `ContentIdeasViewSet`

- **Writer Module** (`modules/writer/`)
  - Tasks model for content creation workflow
  - Content model with HTML/plain text support and unified taxonomy structure
  - Images model with featured/in-article image support
  - AI content generation via GPT-4 (`generate_content` function)
  - AI image generation via DALL-E 3 and Runware (`generate_images` function)
  - Content taxonomies (`ContentTaxonomy`) and attributes (unified JSON structure)
  - ViewSets: `TasksViewSet`, `ContentViewSet`, `ImagesViewSet`, `ContentTaxonomyViewSet`, `ContentAttributeViewSet`

- **Linker Module** (`modules/linker/`)
  - Internal linking recommendations
  - Link graph analysis
  - `LinkerViewSet` for link operations

- **Optimizer Module** (`modules/optimizer/`)
  - Content quality scoring
  - SEO optimization suggestions
  - `OptimizerViewSet` for optimization operations

- **Publisher Module** (`modules/publisher/`)
  - Publishing records tracking (`PublishingRecord` model)
  - Deployment records (`DeploymentRecord` model)
  - `PublisherViewSet`, `PublishingRecordViewSet`, `DeploymentRecordViewSet`

- **Site Builder Module** (`modules/site_builder/`)
  - Site blueprint management (`SiteBlueprint` model)
  - Page blueprint creation (`PageBlueprint` model)
  - Site structure planning with clusters and taxonomies
  - `SiteBlueprintViewSet`, `PageBlueprintViewSet`, `SiteAssetView`, `SiteBuilderMetadataView`

- **Automation Module** (`modules/automation/`)
  - Automation rules engine (`AutomationRule` model)
  - Scheduled tasks (`ScheduledTask` model)
  - Rule execution via Celery beat
  - `AutomationRuleViewSet`, `ScheduledTaskViewSet`

- **Integration Module** (`modules/integration/`)
  - WordPress integration support via `SiteIntegration` model
  - Connection testing: `POST /integrations/test-connection/`
  - Structure update: `POST /integrations/{id}/update-structure/`
  - Content type summary: `GET /integrations/{id}/content-types/`
  - Bidirectional sync support with sync status and logs
  - Integration services: `IntegrationService`, `SyncService`, `ContentSyncService`, `SyncHealthService`
  - Site-level sync endpoints: `/sites/{id}/sync/status/`, `/sites/{id}/sync/run/`
  - `IntegrationViewSet` with comprehensive sync management

- **System Module** (`modules/system/`)
  - AI prompt management (`AIPrompt` model with types: cluster, ideas, content, image_prompts)
  - Integration settings (`IntegrationSettings` model for OpenAI/Runware config)
  - Author profiles for content style (`AuthorProfile` model)
  - Content strategies (`Strategy` model)
  - System and account settings endpoints
  - ViewSets: `AIPromptViewSet`, `AuthorProfileViewSet`, `StrategyViewSet`
  - Settings ViewSets: `SystemSettingsViewSet`, `AccountSettingsViewSet`, `UserSettingsViewSet`, `ModuleSettingsViewSet`, `AISettingsViewSet`

- **Billing Module** (`modules/billing/`)
  - Credit-based usage system
  - Credit transactions tracking (`CreditTransaction` model)
  - Usage analytics (`CreditUsageLog` model)
  - `CreditService` for credit operations
  - Monthly credit replenishment via Celery beat task
  - ViewSets: `CreditBalanceViewSet`, `CreditUsageViewSet`, `CreditTransactionViewSet`

- **AI Framework** (`ai/`)
  - `AIEngine` - Central orchestrator for all AI operations with progress tracking
  - `AICore` - Unified API client for OpenAI/Runware with rate calculation
  - `BaseAIFunction` - Abstract interface for AI function implementations
  - AI function registry system with 5 core functions
  - Progress tracking with Celery task state updates
  - Cost tracking (token usage and pricing)
  - Console step tracker for debugging (`ConsoleStepTracker`)
  - Prompt registry system (`PromptRegistry`)
  - Model configuration per account via `IntegrationSettings`
  - Validators for payload validation
  - Celery task wrapper: `run_ai_task`

- **AI Functions** (`ai/functions/`)
  - `auto_cluster.py` - Semantic keyword clustering
  - `generate_ideas.py` - Content idea generation from clusters
  - `generate_content.py` - Full blog post generation with HTML
  - `generate_image_prompts.py` - Extract image prompts from content
  - `generate_images.py` - Image generation via DALL-E 3 / Runware

- **API Infrastructure** (`api/`)
  - Unified response format: `{success, data, message, request_id}`
  - Response helpers: `success_response()`, `error_response()`, `paginated_response()`
  - Request ID tracking via `RequestIDMiddleware`
  - Resource tracking via `ResourceTrackingMiddleware`
  - Rate limiting with `DebugScopedRateThrottle` (bypass in DEBUG mode)
  - Custom pagination: `CustomPageNumberPagination` (default: 10, max: 100)
  - OpenAPI 3.0 schema via drf-spectacular
  - Swagger UI at `/api/docs/`
  - ReDoc at `/api/redoc/`
  - Centralized exception handling with unified error format

- **Celery Integration** (`celery.py`)
  - Async task processing for AI operations
  - Celery beat for scheduled tasks
  - Beat schedule: monthly credit replenishment, automation rule execution (every 5 min)
  - Task autodiscovery from all installed apps

#### Frontend Core
- **React 19 Application** (`frontend/`)
  - Vite 6.1.0 build system with fast HMR
  - TypeScript 5.7.2 for type safety
  - React Router v7.9.5 for client-side routing
  - Zustand 5.0.8 state management with localStorage persistence
  - Lazy loading for all module pages (code splitting)
  - Tailwind CSS 4.0.8 for styling

- **Authentication** (`pages/AuthPages/`, `store/authStore.ts`)
  - JWT-based authentication with automatic token refresh
  - Login/signup pages
  - Protected routes with `ProtectedRoute` component
  - Auth store with Zustand (user, token, refreshToken state)
  - Auto token refresh on 401 errors

- **Module Pages**
  - **Planner** (`pages/Planner/`): Keywords list, Clusters view, Ideas dashboard, Keyword opportunities
  - **Writer** (`pages/Writer/`): Tasks dashboard, Content viewer with HTML preview, Drafts, Published list, Images gallery
  - **Linker** (`pages/Linker/`): Link analysis dashboard, Content list with link suggestions
  - **Optimizer** (`pages/Optimizer/`): Optimization dashboard, Content selector, Analysis preview
  - **Thinker** (`pages/Thinker/`): AI prompts editor, Author profiles, Strategies, Image testing
  - **Billing** (`pages/Billing/`): Credit balance, Transaction history, Usage analytics
  - **Automation** (`pages/Automation/`): Rules management, Scheduled tasks list
  - **Settings** (`pages/Settings/`): General, Users, Subscriptions, System, AI settings, API monitor

- **UI Components** (`components/`)
  - Reusable components library
  - ApexCharts for data visualization
  - Heroicons for icons
  - Responsive layouts with Tailwind
  - Form components with validation
  - Modal system
  - Loading states and skeletons

- **API Integration** (`api/`, `services/`)
  - Axios client with automatic token injection
  - Request/response interceptors
  - Automatic token refresh on 401
  - Module-specific API clients (planner, writer, linker, etc.)
  - `fetchAPI` wrapper with unified format handling
  - Error handling with toast notifications

- **State Management** (`store/`)
  - `authStore` - User authentication state
  - `siteStore` - Site and sector context
  - Module-specific stores (plannerStore, writerStore, etc.)
  - Global app state (loading, errors, notifications)
  - Zustand persist middleware for localStorage

#### WordPress Plugin
- **Core Plugin** (`igny8-wp-integration/`)
  - Plugin version 1.0.0
  - WordPress 5.0+ compatibility
  - PHP 7.4+ requirement
  - Main file: `igny8-bridge.php`
  - Uninstall cleanup: `uninstall.php`

- **API Client** (`includes/class-igny8-api.php`)
  - `Igny8API` class for backend communication
  - API key authentication (primary method)
  - JWT token authentication support (fallback)
  - Automatic retry on 401 errors
  - Request/response parsing with unified format support
  - Methods: `connect()`, `get()`, `post()`, `put()`, `delete()`, `parse_response()`

- **REST API Endpoints** (`includes/class-igny8-rest-api.php`)
  - `GET /wp-json/igny8/v1/site-metadata/` - Export site structure
  - `GET /wp-json/igny8/v1/post-by-task-id/{id}` - Lookup by task ID
  - `GET /wp-json/igny8/v1/post-by-content-id/{id}` - Lookup by content ID
  - `POST /wp-json/igny8/v1/posts/` - Create post from IGNY8
  - `PUT /wp-json/igny8/v1/posts/{id}` - Update post from IGNY8
  - API key authentication via `X-IGNY8-API-Key` header

- **Synchronization** (`sync/`)
  - **WP → IGNY8** (`post-sync.php`): Post status sync on `save_post` hook
  - **IGNY8 → WP** (`igny8-to-wp.php`): Content publishing via REST API
  - **Taxonomy Sync** (`taxonomy-sync.php`): Taxonomy term synchronization
  - **Hooks** (`hooks.php`): WordPress action/filter hook registration
  - Bidirectional sync with status mapping
  - Post meta tracking: `_igny8_task_id`, `_igny8_content_id`, `_igny8_wordpress_status`, `_igny8_last_synced`, `_igny8_managed`

- **Admin Interface** (`admin/`)
  - Settings page at Settings → IGNY8 API (`settings.php`)
  - API key, email, password configuration
  - Connection testing button
  - Post columns showing IGNY8 status (`class-admin-columns.php`)
  - Post meta boxes in editor (`class-post-meta-boxes.php`)
  - Admin class: `Igny8Admin` (`class-admin.php`)

- **Data Collection** (`data/`)
  - Full site metadata collection (`site-collection.php`)
  - Post type discovery with counts
  - Taxonomy discovery with counts
  - Link graph extraction (`link-graph.php`)
  - Semantic mapping (`semantic-mapping.php`)
  - WooCommerce integration support (`woocommerce.php`)

- **Supporting Classes** (`includes/`)
  - `Igny8Site` - Site data collection and export
  - `Igny8Webhooks` - Webhook handlers (legacy)
  - `Igny8WebhookLogs` - Webhook logging
  - `Igny8LinkQueue` - Link processing queue
  - Helper functions in `functions.php`

#### Infrastructure
- **Docker Deployment** (`docker-compose.app.yml`)
  - Multi-container setup for development
  - Services: PostgreSQL, Redis, Django backend, Celery worker, Celery beat
  - Volume persistence for database and media
  - Network isolation

- **Database** (PostgreSQL 14+)
  - Multi-tenant data model with account isolation
  - Optimized indexes for common queries
  - JSON fields for flexible configuration storage
  - Database migrations system

- **Task Queue** (Celery + Redis)
  - Redis as message broker
  - Celery worker for async tasks
  - Celery beat for scheduled tasks
  - Progress tracking with task state updates

### Documentation
- **Master Documentation** (`master-docs/`)
  - Complete architecture documentation
  - API reference with endpoint details
  - Frontend and backend implementation guides
  - WordPress plugin integration guide

- **Project Documentation**
  - `MASTER_REFERENCE.md` - Complete system architecture and navigation
  - `README.md` - Quick start and setup guide
  - `CHANGELOG.md` - This file

### Changed
- N/A (Initial release)

### Deprecated
- N/A (Initial release)

### Removed
- N/A (Initial release)

### Fixed
- N/A (Initial release)

### Security
- JWT token authentication with 15-minute expiry and refresh tokens
- Secure API key storage in WordPress using encryption helpers
- CSRF protection on all forms
- SQL injection prevention via Django ORM
- XSS protection via Django template escaping
- HTTPS enforcement in production
- Account isolation at database level with automatic filtering
- Permission-based access control with role matrix
- Rate limiting to prevent abuse
- Request ID tracking for audit trails

---

## Version History

- **1.0.0** (2025-11-24) - Initial release with complete feature set

---

## Versioning Strategy

- **Major version** (X.0.0) - Breaking changes, major architectural changes
- **Minor version** (1.X.0) - New features, new modules, backward compatible
- **Patch version** (1.0.X) - Bug fixes, minor improvements, documentation updates

---

## Upgrade Notes

### Upgrading to 1.0.0
This is the initial release. No upgrade path required.

Future upgrade notes will be documented here for each version.

---

## Future Roadmap

Planned features and improvements (subject to change):

- Enhanced analytics and reporting
- Additional AI model integrations
- Stripe payment integration
- Advanced automation workflows
- Mobile app support
- API webhooks
- Collaborative editing features
- Multi-language support

See project board for current priorities and development status.

---

**Note:** This changelog is maintained according to [Keep a Changelog](https://keepachangelog.com/) principles and only updated after user confirmation of completed features and fixes.