95 Commits

Author	SHA1	Message	Date
soroush.asadi	53d90fa357	feat(rbac): full permission catalog in the custom-role matrix UI (fa/en/ar) ... Mirrors the expanded backend catalog on the client: the Permission type and the custom-role permission matrix now expose all ~80 capabilities grouped into 16 sections (admin, branches, menu, inventory, taxes, staff, tables, orders, register, queue/kitchen, delivery, customers, coupons, marketing, reports, expenses), each with fa/en/ar labels. Nav visibility now maps each page to its View permission; taxes & branches become permission-driven (managers can view), leaving billing as the sole hard owner-only nav gate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 05:49:11 +03:30
soroush.asadi	170a9aa7ac	feat(dashboard): Notifications & sound settings panel (fa/en/ar) ... New Settings → "Notifications & sound" leaf to make the alert channels changeable: toggle sound (+ picker with live preview + volume slider), enable desktop notifications (permission flow + test button), toggle the tab unread badge and in-app toasts. Strings added for fa/en/ar. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 05:08:39 +03:30
soroush.asadi	149a4d88cd	feat(dashboard): configurable notification sound, desktop popups & tab unread badge ... Per-device notification preferences (localStorage) drive three new alert channels in the dashboard shell, all fed by the existing SignalR NotificationReceived events: - Sound: 6 selectable procedural Web Audio chimes + volume, no asset files. - Desktop/Windows popups via the Notification API, fired only when the tab is backgrounded (in-app toast covers the focused case). - Unread count on the browser tab: (N) title prefix + numbered favicon badge. useOrderAlerts is now the single orchestrator (sound + toast + desktop), each gated by prefs; topbar feed enableToasts disabled to avoid double toasts. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-21 05:08:02 +03:30
soroush.asadi	aebfa825cd	feat: custom roles with per-permission matrix for café owners ... - Owner can define named custom roles (e.g. Barista, Supervisor) with color, description, and a fine-grained permission set (21 permissions across 7 categories: admin, menu, staff, customer, reports, ops, kitchen) - Employee assigned a custom role gets its permissions embedded in the JWT at login (customPerms claim) and parsed by TenantMiddleware — overrides the static EmployeeRole matrix for all API permission checks - New endpoints: GET/POST/PATCH/DELETE /api/cafes/{id}/custom-roles and PUT /api/cafes/{id}/employees/{id}/custom-role for assignment - Dashboard Settings → Team & Staff → Custom Roles panel with grouped checkbox matrix, group-level toggles, color preset picker, CRUD forms, and employee-count display; translations in fa/en/ar - EF migration adds CustomRoles table + nullable CustomRoleId FK on Employees - POS slip now shows per-item notes on both thermal print and bill preview Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-21 03:12:43 +03:30
soroush.asadi	73a5e5183b	fix(seed): IgnoreQueryFilters on all seeder queries + sitemap invalid date guard ... DemoSeedService / DemoMenuSeeder: Add IgnoreQueryFilters() to every seeder lookup (Taxes, MenuCategories, MenuItems). Soft-deleted rows still hold their PKs; without this a second seed run after user-deletion throws a PK collision on the Tax or category that was soft-deleted but is still in the index. sitemap.ts: Guard new Date(post.date) against empty / missing frontmatter date fields. new Date("") = Invalid Date → broken <lastmod> in sitemap XML. Fall back to the build-time date when the post date is absent or invalid. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-20 15:54:07 +03:30
soroush.asadi	24fbbcb01c	fix(admin): don't prefill a fake phone on the admin login in production ... The admin login OTP tab hard-coded phone "09120000001" as the initial value. In production that placeholder belongs to no SystemAdmin, so hitting "send code" returns NOT_FOUND → 404 (which WCDN then repaints as an HTML error page) — it looked like the login endpoint was broken. Keep the convenience prefill in development only; ship an empty field in production so the admin types their real number (e.g. the registered admin phone). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-17 00:44:57 +03:30
soroush.asadi	a967e5d211	fix(admin): keep admin panel logged in — refresh the token instead of dying at 7 days ... Prod diag showed every /api/admin/* call returning 401 with "IDX10223: token expired, ValidTo 06/09" — the admin access token was 6 days dead and nothing renewed it, so cafes/tickets/integrations/settings all loaded empty. The admin web (unlike the café dashboard) had NO refresh logic at all: it only ever sent the access token, and its 401 handler early-returned on any error code before the login redirect, so the admin wasn't even bounced to login — pages just showed no data. Client (admin-client.ts): add a silent refresh-on-401 mirroring the dashboard — one shared in-flight POST /api/admin/auth/refresh for a burst of 401s, replay the original request on success, force-logout only on a definitive 4xx, and ride out a transient failure (API restarting during deploy) without logging out. Backend (AdminAuthService): make refresh non-rotating + sliding (reuse the presented refresh token and re-store it) instead of revoke-and-mint, so the dashboard's many concurrent refreshes don't race the rotated token — same fix already applied to the main API. Also bump admin tokens 7d/30d → 30d/365d to match the main API, so the session is long-lived even before the first refresh round-trip. tsc clean; Admin.API builds clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 20:57:21 +03:30
soroush.asadi	82d1cf8e9e	fix(auth): stop logging users out on every deploy ... Diagnostic on prod confirmed the backend keeps sessions valid across deploys (stable 64-char JWT key, 30-day access tokens, 62 refresh tokens persisting in Redis with appendonly; redis/db never restart on deploy). The forced logout was client-side: 1. The axios refresh path treated ANY refresh failure as "session gone" and nuked the tokens. During the ~30s API restart window of a deploy, the refresh POST gets a 502/timeout (transient) → user kicked to /login. Now refresh distinguishes a definitive 4xx (truly invalid/expired refresh → log out) from a transient network/5xx failure (reject + keep the session; retry later). Refresh tokens are opaque Redis GUIDs, so they survive even a key rotation — the only thing that was breaking sessions was this over-eager logout. 2. PWA service worker served a stale app shell after an update, pointing at JS chunks the new build replaced. Added skipWaiting + clientsClaim + cleanupOutdatedCaches and a NetworkFirst handler for navigations so the HTML and its chunk refs always match the live deploy; hashed static stays CacheFirst. Net: a normal update no longer logs anyone out. tsc clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 20:42:38 +03:30
soroush.asadi	d4d7b7e679	feat(website): full Meezi knowledge base with per-feature wireframes ... Turns the static /docs page into a real help center. Every feature now has a detail page at /docs/{slug} with a minimal wireframe mockup + concrete Persian how-to steps (English mirror), grouped into 6 sections. - guide-data.tsx: typed GUIDE_FEATURES (21 features — pos, tables, kds, queue, reservations, menu, inventory, crm, coupons, sms, reviews, reports, expenses, shifts, taxes, hr, branches, subscription, settings, qr-menu, koja) with fa/en title, tagline, 5–8 steps, tips, tier badge, group, wireframe variant. - wireframes.tsx: 7 reusable minimal line-art variants (board/order/menu/list/ dashboard/form/phone), brand-colored, RTL-aware. - docs/[slug]/page.tsx: dynamic guide page (hero, wireframe + numbered steps, tips, prev/next, support CTA); generateStaticParams + generateMetadata; 404 for unknown slugs. - docs/page.tsx: module cards now sourced from GUIDE_FEATURES, grouped, linking to the detail pages. Verified via SSR: index lists all 21, detail pages render titles + wireframe, en mirror 200, unknown slug 404, tsc clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 19:00:10 +03:30
soroush.asadi	d407f0b3e9	fix(brand): real Meezi icon/favicon on website + admin (was missing) ... - web/website: manifest referenced /icon-192.png and /icon-512.png that didn't exist (broken favicon). Added the real transparent Meezi mark (32/180/192/512) + wired icons into metadata. OG image stays dynamic. - web/admin: had no metadata or icons at all. Added title template, favicon/apple icons (icons/ dir), themeColor, noindex. Dashboard + Koja already carry the real logo; web apps are now consistent. Mobile launcher icons will be handled with the Android packaging task. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 18:37:21 +03:30
soroush.asadi	72ab09189c	fix(brand): real transparent Meezi icon + guest-menu image placeholder ... - Icons/favicon were a plain solid-green square (a 547B placeholder). Replaced with the actual Meezi mark (green rounded square + menu lines) on transparent corners, generated at 32/48/180/192/512 + a full-bleed green maskable-512. Wired 32/48 favicon + 180 apple-touch-icon into the panel and /q metadata. Copied the same icons to Koja for consistent branding. - Guest QR menu showed blank muted boxes for items without a photo. Added a minimal themed café-cup placeholder (MenuImageFallback) across all four layouts so the menu looks intentional. (Admin/POS already had placeholders.) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 18:17:52 +03:30
soroush.asadi	456a446850	feat(meta): per-page titles + favicon/app icons + PWA across the panel ... The app had no metadata anywhere — pages showed no <title> and no favicon or app icon. Added: - Root metadata in [locale]/layout: title default + "%s — میزی" template, description, icons (favicon + apple-touch-icon → /icons), manifest link, appleWebApp, themeColor viewport, noindex (private panel). - Per-page title on all 22 dashboard route pages (داشبورد, منو, گزارش‌ها, …). - Guest menu (/q) layout: own title + icon + manifest. PWA + favicon now use the Meezi icon everywhere. Verified via SSR: titles render (e.g. "منو — میزی") and icon/manifest/apple-touch-icon links present. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 15:47:00 +03:30
soroush.asadi	4523c8861f	feat(ui): grouped thousands separators for price/amount inputs ... Price fields showed raw digits (1490000) while typing — hard to read for Toman amounts. New shared MoneyInput groups as you type (1,490,000), accepts Persian/Arabic digits, and reports a raw digit string so callers keep parsing unchanged. Applied to menu item price, branch price override, expense amount, and payment-correction replacement amount. Displays already group via formatCurrency (incl. the QR guest-menu preview). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 15:46:25 +03:30
soroush.asadi	a855cf1d80	feat(auth): admin-issued café recovery key login ... Platform admins can generate a permanent recovery key per café (admin panel → Cafés). The café Owner uses it to sign in when OTP access is lost; once authenticated, all server-side data syncs as normal (data is per-café on the server, the device only caches it). Backend: - Cafe.RecoveryKeyHash (SHA-256, unique index) + RecoveryKeyCreatedAt; migration - RecoveryKeyGenerator util: MZ-XXXXX-XXXXX-XXXXX-XXXXX, ~190-bit entropy, stored as SHA-256 (API-token pattern — raw key shown once, never retrievable) - Admin: POST/DELETE /api/admin/cafes/{id}/recovery-key (key returned once); café list now reports HasRecoveryKey + RecoveryKeyCreatedAt - Login: POST /api/auth/login-key → exact-hash lookup → resolves café Owner → issues normal JWT; rate-limited (auth-otp), suspended/no-owner guarded, logged Admin UI: per-café generate / regenerate / revoke with one-time reveal + copy. Dashboard login: discreet "ورود با کلید بازیابی" link → key field. fa/en/ar. 86 tests pass; all tsc clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 15:10:11 +03:30
soroush.asadi	76d4434581	fix(qr): guest menu 500 (SSR) + remove café discovery from owner panel ... 1. The /q/{code} guest menu returned HTTP 500 on every load. Root cause: menu-item-model-viewer.tsx did a top-level `import "@google/model-viewer"`, a browser-only lib that touches `self` at module evaluation. Next pulled it into the server module graph (page → qr-guest-menu → qr-menu-3d-sheet → model-viewer) and SSR crashed with "self is not defined". Now the library is imported lazily inside useEffect (client-only); a poster placeholder shows until the custom element registers. Verified /q/* now returns 200. 2. Removed the "discover" (browse other cafés) item from the café owner sidebar — café discovery belongs in Koja, not the owner panel. The owner still manages their OWN Koja listing from Settings. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-15 15:08:48 +03:30
soroush.asadi	00649d0248	feat(sms): bring-your-own-provider — cafés use their own SMS account ... The platform no longer sells SMS. Each café saves its OWN Kavenegar API key + sender line (new Cafes columns + migration) and campaigns are sent and billed through that account. Backend: - GET/PUT /sms/settings (Manager/Owner; key echoed masked, verified against the provider before saving) - campaign + balance use the café's credentials; SMS_NOT_CONFIGURED error when missing; plan-tier SMS gating removed everywhere (PlanLimitChecker, SmsMarketingService, billing status) - platform Kavenegar config stays ONLY for login OTPs (env/DB) - design-time DbContext factory so `dotnet ef migrations add` works without booting the host Dashboard: - SMS screen: provider-settings card, not-configured callout, campaign form disabled until configured; quota bar removed (usage stays as info) - subscription screen + plan comparison no longer show SMS limits Admin panel: - Kavenegar/SMS section removed from integrations (request field now optional; stored OTP config untouched) - SMS limit field removed from the plan editor - nav label "درگاه و پیامک" → "درگاه پرداخت و AI" fa/en/ar translations. 86 tests pass; all tsc clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 09:23:50 +03:30
soroush.asadi	615d5348de	fix(subscription): plan comparison + checkout read the live plan catalog ... The merchant plan page hard-coded 4 tiers, prices and a feature matrix that drifted from the admin-editable platform catalog (Starter tier missing, stale prices/features). PlanComparison and CheckoutScreen now consume /platform/plans + new /platform/features-catalog: - columns = active plans by SortOrder (incl. Starter), names from DisplayNameFa/En, prices from MonthlyPriceToman - limit rows from PlanLimitsData (int.MaxValue → "نامحدود") - feature rows from the feature catalog, ticked via FeatureKeys - checkout validates the ?plan= param against isBillableOnline and prices from the catalog — no more client-side price constants fa/en/ar limit-row labels added. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 08:16:29 +03:30
soroush.asadi	74f46a4781	fix(dashboard): Set spread → Array.from for CI tsconfig target ... Local tsconfig.json has uncommitted target changes, so `[...voidIds]` passed locally but failed CI's tsc (TS2802, target < es2015). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 01:30:21 +03:30
soroush.asadi	c47922414a	feat: اصلاح سند payment corrections + audit-log & daily P&L views ... Backend: - POST /orders/{id}/payments/corrections (Manager/Owner): void wrong payments (marked Refunded, never deleted) and/or record replacements atomically; mandatory reason; requires an open register shift; full before/after written to the immutable audit trail. - GET /orders/closed?date= — closed orders of one Iran-calendar day, paged, the browsing surface for corrections. - CalculateExpectedCash now subtracts cash refunds so corrections keep the drawer expectation honest. Dashboard (reports screen now has three tabs): - عملکرد و سود: existing KPIs/charts + new day-by-day breakdown table (orders, revenue, expenses, net profit per Jalali day). - اصلاح سند: closed-orders browser with payment chips + correction dialog (void checkboxes, replacement rows, live balance, reason). - گزارش عملیات: filterable audit-log viewer (category, Jalali range, branch) with expandable structured details. fa/en/ar translations included. 86 backend tests pass; dashboard tsc clean. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 01:24:19 +03:30
soroush.asadi	2a4cf1d20b	feat(dashboard): Jalali date pickers + mobile/tablet responsive shell ... Full Persian calendar: - New JalaliDateField — Shamsi popover picker (Saturday-first weeks, Persian digits, امروز shortcut); wire format stays ISO Gregorian YYYY-MM-DD. Falls back to the native input for the en locale. - Replaces all 5 native type="date" inputs (Gregorian-only pickers): reservations, expenses from/to, reports from/to. - Reservations list date now renders Jalali instead of the raw ISO string; branches purge timestamp now formats with fa-IR. Responsive shell (mobile + tablet): - New MobileNav: hamburger in the topbar (< md) opening an RTL-aware slide-over drawer with all nav destinations, permission-filtered, Escape/backdrop close and body scroll lock. - Desktop sidebar hidden below md; header center cluster (clock/plan) hidden below md; language switcher hidden below sm. - Main content padding scales p-3 → p-4 → p-6. - Verified at 375px and 768px: no horizontal overflow, drawer and Jalali picker fully functional. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-11 23:10:38 +03:30
soroush.asadi	d811b7d6d5	feat(dashboard): simplify navigation — frequency-based IA ... The sidebar had 22 items in 5 accordion groups, all defaulting closed: first visit showed five vague headers and zero destinations, there was no Dashboard/Home link at all, and rare pages (taxes, subscription) had equal weight with POS. Restructured around usage frequency: - Flat primary (always visible, no header): Dashboard, POS, Tables, Kitchen, Queue, Reservations, Menu, Reports - Two collapsible groups: Customers & marketing (crm, coupons, sms, reviews, discover) and Café management (inventory, expenses, shifts, taxes, hr, branches) - Footer utility icons: settings, subscription, support - Removed "notifications" from the nav (duplicate of the topbar bell) Other fixes folded in: - Deleted [locale]/page.tsx which redirected "/" to /pos — it made the POS exit button a no-op loop and left OverviewScreen unreachable. "/" now renders the overview home; login still lands on /pos. - Branch gating moved from group-level to an item whitelist (BRANCH_ALLOWED_NAV_KEYS) — also closes the hole where branch accounts could deep-link to /reports etc. past the RouteGuard. - RouteGuard now checks footer items too (subscription stays gated). - revalidate=300 on the locale layout: Next emitted s-maxage=31536000 and the WCDN edge kept serving year-old HTML shells after deploys. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-11 22:06:59 +03:30
soroush.asadi	82145b0d21	feat(pos2): add dashboard exit button to POS board header ... POS runs in the (fullscreen) layout which strips the sidebar. Adds a Home → داشبورد button at the top-left of the table board so users can navigate back to the dashboard without being stuck. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-07 07:23:14 +03:30
soroush.asadi	59486cdf24	fix(pos2): wait for branch before fetching menu + add left category sidebar ... Race fix: orderBranchId now returns `undefined` (not null) while the /branches query is in flight. usePos2Menu treats undefined as "not yet determined" and skips the fetch, preventing getBranchMenu(cafeId, null) → empty array. Once branchesFetched=true, orderBranchId resolves to the correct branchId (or null for café-wide fallback). Layout: desktop order screen now shows a left vertical category sidebar (116 px, md+) instead of horizontal chips, giving the classic POS sidebar feel. Horizontal chips kept for mobile (<md). Menu grid columns adjusted. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-07 07:10:03 +03:30
soroush.asadi	f02f78a97c	fix(pos): POS v2 menu empty — resolve a valid branch like classic POS ... The menu/tables are branch-scoped. v2 used the raw stored branchId, which is null or stale for users who never opened the classic POS (it has no branch picker), so getBranchMenu returned an empty menu. Now v2 fetches /branches, auto-selects the first valid branch (self-healing the stored id), and loads the branch menu + tables + order submission against that resolved branch — matching the classic POS exactly. Also adds a visible "menu failed to load / retry" state instead of a silent empty grid. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 06:17:37 +03:30
soroush.asadi	cc0933c514	fix(auth): don't log out fullscreen routes (POS/queue) on refresh ... The (fullscreen) layout redirected to /login whenever user.accessToken was falsy — but on a page refresh that fires before Zustand finishes rehydrating the persisted auth from localStorage, so an authenticated user was bounced to login on every refresh. Gate the redirect on _hasHydrated (and show a loader while rehydrating), matching RouteGuard. Tokens themselves are already long (30d access / 365d refresh), so sessions now survive refreshes as expected. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 05:56:11 +03:30
soroush.asadi	7c35984096	feat(pos): default the pay sheet to Card ... Card is now the pre-selected payment method (and split rows default to Card), matching Iran's card-dominant payments. Card already sits first in the selector. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 05:38:13 +03:30
soroush.asadi	bf0ca68fa6	feat(pos): show Card first in pay sheet, keep Cash as default ... Reorder the payment method tabs to کارت / نقدی / تقسیم (Card first, most common in Iran) while keeping Cash as the pre-selected default method. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 05:32:26 +03:30
soroush.asadi	6778c32028	feat(pos): POS v2 feature parity + promote to default /pos ... Completes the four POS v2 roadmap items: 1. Real split payments — split tab records N separate payment rows (equal split, last row takes the remainder), each row toggles Cash/Card; posts payments[]. 2. Card-terminal push — confirmPay sums Card amounts and calls requestPosPayment (POS device) before recording; surfaces POS_DEVICE_* errors. 3. Customer + coupons + loyalty — reuses PosCustomerPicker (attach/search/create) and validates coupons via /coupons/validate (discount in totals). Pay sheet offers loyalty redemption (1 point = 100 toman) when a customer is attached. 4. Promote to default — /pos now renders POS v2 (full-screen, café-themed); the classic terminal moves to /pos-classic with its sidebar+topbar chrome. The "نسخه کلاسیک" link points there. Order submission already carried customerId/guestName/guestPhone/couponId via the shared cart store, so customer + coupon flow straight through send + pay. tsc --noEmit clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 05:16:52 +03:30
soroush.asadi	75a0a1c834	feat(pos): wire POS v2 to live data (board, orders, payments) ... POS v2 is now a real, working point of sale at /[locale]/pos2 (was a static mock). It reuses the existing data layer so it shares the React Query cache and offline pipeline with the classic POS: - Table board ← fetchCafeTableBoard (Free/Busy/Reserved/Cleaning, live totals, guest-QR badge); polls every 15s. Open a free table to start an order; open a busy table to hydrate its existing order (GET order → cart hydrateFromOrder). - Order screen ← real branch/café menu + categories, bound to useCartStore (add/qty/remove). Send via submitOrderToApi (online + offline outbox) then re-hydrate; "ارسال (n)" shows the pending (unsynced) line count. - Pay sheet ← POST /orders/{id}/payments. Cash (numpad + change), Card, and a Split helper (records the full amount; split is cashier guidance for now). - Online/offline badge, loading/empty states, toasts, busy overlay, and a "نسخه کلاسیک" link back to /pos. The static design mock stays at /[locale]/pos2-preview (dev-only, 404 in prod). tsc --noEmit clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-04 00:16:37 +03:30
soroush.asadi	5078af2dd7	feat(pos): clickable POS v2 redesign prototype at /pos2 (static, no backend) ... Responsive RTL big-touch reimagining of the POS order screen for judging the redesign on real devices before decomposing the 1568-line pos-screen.tsx + wiring real logic. Self-contained: mock menu + local cart, no API/store/SignalR. - 3 zones: category chips + item grid · order ticket · sticky action bar. - lg+ side-panel ticket; smaller screens get a "view order" bar + slide-over (covers landscape tablet, portrait tablet, phone). - Big-touch (56px primary / 44px qty), brand green #0F6E56, Toman totals. Send/Pay are mock toasts. tsc clean.	2026-06-03 17:23:58 +03:30
soroush.asadi	55e0c9499d	content(website): reflect latest features across all pages ... Full pass over the marketing site so every page reflects the current product: - Features page: +"Works Offline" and +"Get Discovered on Koja" cards (NEW badges); rewrote "Real-time Notifications" to describe the dashboard sound+toast alert. - Solutions: added offline / Koja / real-time-alert bullets across cafés, restaurants, chains, and cloud kitchens. - Tour: POS step now mentions offline + auto-sync; kitchen step describes the sound+toast new-order alert on any screen. - Docs: +Offline Mode and +Koja Discovery module guides (fa/en). - appPromo: waiter-app "new order" alert notes sound. - privacy/terms: "Last updated" June 2025 → June 2026. Website build clean.	2026-06-03 08:37:42 +03:30
soroush.asadi	dcdb0d5747	feat(realtime): global guest-order alert on the dashboard ... Guest orders from the QR/digital menu already notified via SignalR, but only screens that were open (KDS/POS/tables) reacted — and silently (a data refresh, no alert). So staff on any other screen never knew a menu order arrived. - Add a global useOrderAlerts() mounted in the dashboard shell: connects to /hubs/kds, joins the café group, and on a new GUEST order plays a chime + shows a toast (localized fa/en/ar) + nudges order/KDS/POS lists to refresh — on every screen. - Filter to guest QR-menu orders only (not staff POS orders): LiveOrderDto now carries Source, set in MapLiveOrder (+ the delivery/snappfood mappers). 86 API tests pass; dashboard tsc + build clean.	2026-06-03 02:42:29 +03:30
soroush.asadi	9b2f15151d	feat(website): reflect new features + 5-tier pricing ... - Pricing: add the Starter tier (now Free·Starter·Pro·Business·Enterprise), fix currency ₺ (Turkish Lira) → Toman, and rewrite every plan's bullets to the agreed matrix (Free: 6 tables/30 orders/Koja/offline + watermark; Starter: watermark-removal/custom-styling/review-reply; Pro: CRM/reports/taxes/payroll/ delivery/3 branches; Business: 3D + AI-3D + unlimited; Enterprise: API/white-label/ SLA/24-7). 5-column responsive grid. - Features: add two headliner cards that were missing — "Works offline" and "Get discovered on Koja". fa/en. Website tsc + build clean.	2026-06-03 02:20:16 +03:30
soroush.asadi	7d06f149d3	feat(plans): menu watermark on Free (removed by paid feature) ... Guest QR menu shows a "ساخته‌شده با میزی" watermark under the menu unless the café's plan has the `watermark_removed` feature (Starter+). - PublicMenuDto gains ShowWatermark; PublicService computes it from IsFeatureEnabledForCafeAsync("watermark_removed") for both slug and branch menus. - Guest menu renders the watermark footer when showWatermark. - NoOpPlatformCatalogService test double (all features on) for the PublicService ctor; QrMenuTests updated. 86 tests pass; dashboard tsc clean.	2026-06-03 02:10:24 +03:30
soroush.asadi	8f738f6469	feat(plans): Stage 4 — full admin plan/feature editor ... The admin → Plans screen now edits EVERYTHING per plan (the backend already accepted it; only the UI was partial): - All limits (orders/day, tables, terminals, branches, menu categories, menu items, customers, report history, SMS, AI-3D) with an "unlimited (∞)" toggle. - Display names (fa/en), monthly price, sort order, billable-online, active on/off. - Per-plan feature checkboxes grouped by module, plus an "all features (*)" toggle (Enterprise). Sourced from the live feature catalog (/api/admin/features). - Plans listed in sort order (Free·Starter·Pro·Business·Enterprise). - i18n fa/en/ar. Admin tsc + build clean.	2026-06-03 01:11:18 +03:30
soroush.asadi	db0c3a4a02	feat(hr): add employees from the dashboard ... Previously the only Employee records were the Owner (created at café signup) and one Manager per branch — there was no way to add a waiter/cashier/chef. Adds it. Backend: - POST /api/cafes/{cafeId}/employees (HrController). Owner/Manager only; creating a Manager requires Owner; Owner cannot be created here. Validates name/phone/role, enforces one-employee-per-phone, validates branch belongs to the café, and can optionally set username/password login in the same step (same hashing + uniqueness as the credentials endpoint). Returns EmployeeSummaryDto. Dashboard: - New "Team" tab on the HR screen (now the default): employee roster (name, role, phone, base salary) + an "Add employee" button (owner/manager) opening an inline form — name, phone, role, optional branch, optional base salary, optional login. - Role labels + all form strings in fa/en/ar. 86 API tests pass; dashboard tsc + build clean.	2026-06-02 23:28:36 +03:30
soroush.asadi	f1756b491e	feat(admin): rich text editor for blog content (TipTap) ... Blog post bodies were plain <textarea>s labelled "Markdown". Replace with a TipTap rich editor (bold/italic/strike, H1–H3, lists, blockquote, code, links, undo/redo), RTL-aware, producing HTML. - New RichTextEditor component (TipTap v2: react + starter-kit + pm + link + placeholder), immediatelyRender:false for Next SSR, self-contained content styling, external-value sync. - Wired into the FA/EN content fields of the blog editor; labels no longer say "Markdown" (fa/en/ar). - Website blog page now renders HTML when the body is HTML and falls back to MDXRemote for older Markdown posts (backward-compatible). Content is authored only by trusted SystemAdmins, so HTML is stored/rendered directly. Admin build + website typecheck clean.	2026-06-02 22:25:47 +03:30
soroush.asadi	eb165db182	feat(offline): make every dashboard write durable offline (P2–P5) ... Builds on the outbox engine to take the whole dashboard offline in one place instead of wiring 114 mutation sites individually. Frontend (single chokepoint = the API client): - offline-write: any write auto-queues to the outbox on offline/network failure and returns an optimistic value; the online path is unchanged apart from an Idempotency-Key header (so even online retries de-dup). entityType is derived from the URL; POSTs get a remappable local id. - client.doWrite unifies POST/PUT/PATCH/DELETE through this path. WriteOptions gains `offline: "queue" | "reject" | "manual"`. - Guardrails: auth / billing / payments / SMS / exports are online-only and throw OFFLINE_UNAVAILABLE offline rather than queueing (no queued double-charges or surprise SMS blasts). use-api-error resolves the friendly localized message (fa/en/ar). - submit-order opts out ("manual") to keep its richer local-Order mock; shared helpers de-duplicated into offline-write. - Request persistent storage on mount so unsynced writes survive eviction. Backend: - IdempotencyCleanupJob: daily purge of idempotency records older than 7 days (the table now gets a row per keyed write). Registered in Hangfire. No migration. 86 API tests pass; dashboard tsc + build clean.	2026-06-02 18:34:54 +03:30
soroush.asadi	3b468b48d9	feat(dashboard/offline): generic idempotent outbox + ID remapping ... Completes offline Phase 1 (frontend). Generalises the POS-orders-only queue into a reusable write engine and fixes the two correctness bugs in the old path. - offline-db: generic `outbox` store (DB v3, order_queue/kv preserved) with enqueue/list/update/remove + a persisted client→server id map. - outbox.ts: drains in causal order — remaps local_* ids to server ids (blocking an op until its creator syncs), sends each op with its idempotency key, and classifies failures (offline → stop; 5xx / in-progress → retry; 4xx → poison after 5 attempts). remap/blocked logic validated against representative cases. - client: apiPost/Put/Patch/Delete take an optional idempotencyKey → `Idempotency-Key` header; ApiClientError now carries HTTP status. - submit-order: generates ONE idempotency key per submit, used for both the online attempt and the queued replay → server de-dups (no more double-create); offline create carries createsClientId so a later add-items remaps onto the real order instead of spawning a second order. - use-offline-sync: drains the outbox, one-time migrates legacy order_queue items, invalidates queries after a successful sync. tsc + production build clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 18:19:29 +03:30
soroush.asadi	132f0921e0	feat(dashboard/offline): persist React Query cache for offline reads ... First slice of offline-first (Phase 1). Makes every dashboard area *viewable* offline with last-synced data, instead of empty lists on an offline reload (previously only next-pwa's 10-min API cache survived). - offline-db: add a generic `kv` IndexedDB store (DB v2, preserves order_queue) with kvGet/kvSet/kvDelete; all degrade silently on quota/unavailable. - query-persister: debounced snapshot of the React Query cache via dehydrate/hydrate (no new dependency). Restore is guarded by a schema buster, 24h max-age, and a café scope so one tenant never hydrates another's data. - providers: gcTime 24h so hydrated data isn't GC'd; restore on mount + persist on cache changes, re-scoped when the signed-in café changes. No write-path changes; the existing POS order queue is untouched. Next in Phase 1: generalize that queue into an idempotent outbox with client→server ID remapping. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 17:41:15 +03:30
soroush.asadi	bb0be19dac	feat(billing): queue subscriptions bought while active + cancel queued ... Before, buying a plan immediately switched the tier and stacked the duration. Now a purchase made while the café still has paid coverage is QUEUED to start when the current coverage ends, and the owner can cancel a queued one. Model: - SubscriptionPayment gains EffectiveFrom/EffectiveTo; status gains Scheduled (paid, queued) and Cancelled. EF migration AddSubscriptionScheduling (nullable). BillingService: - On payment completion, compute coverage end (latest of active expiry + furthest queued period). If it is in the future → Scheduled (queued, café tier/expiry untouched); else activate immediately as before. Periods chain correctly. - GetStatusAsync lazily promotes any due queued period to active, and returns the queue (QueuedPlans). - CancelQueuedAsync cancels a Scheduled period (owner-only) and re-packs the queue so later periods slide earlier. Active prepaid plan is never cut short; no automatic refund (manual, per product decision). - Confirmation SMS distinguishes "activated until X" vs "queued, starts X". API: BillingStatusDto.QueuedPlans + DELETE /api/billing/queued/{paymentId}. Dashboard: - Subscription screen shows a "Queued subscriptions" card (tier, window, cancel with confirm). - Checkout shows "you already have an active subscription — this will start on {date}" when the café is still covered. - i18n fa/en/ar. 81 API tests pass; dashboard typechecks. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 16:44:32 +03:30
soroush.asadi	15def7ff1c	feat: delete actions for warehouse/reservations/coupons/customers + Koja listing toggle ... Delete (every manageable entity that only had "add" now has delete): - Ingredients (warehouse): new DELETE /inventory/ingredients/{id} (soft-delete via the global DeletedAt filter — no FK trouble with recipes/movements) + NoOp stub + trash button in the materials cards. - Reservations: new DELETE /reservations/{id} (soft-delete) + per-card delete button. - Coupons & Customers: backend DELETE already existed; wired delete buttons in the UI. - Shared ConfirmDialog component used by all delete flows (RTL-aware). - Audit result: tables/branches/taxes/kitchen-stations/expenses/menu/terminals already had delete; HR has no "add" so no delete needed; shifts intentionally excluded (financial open/close records, not add-style entities). Koja visibility: - New Cafe.ShowOnKoja flag, default TRUE (DB default true so existing cafés stay listed). Discover query now filters IsVerified && !Deleted && ShowOnKoja. - public-profile GET/PUT expose showOnKoja; dashboard public-profile panel has an on-by-default toggle that persists immediately. Platform IsVerified gate unchanged. - EF migration AddCafeShowOnKoja (defaultValue: true). Also: added the missing errors.generic i18n key (fa/en/ar) so useApiError's fallback resolves instead of rendering the literal "errors.generic". 81 API tests pass. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 16:14:40 +03:30
soroush.asadi	a37d93f6cd	fix(ui): force dir=ltr on remaining RTL pill toggles ... The branch-menu-overrides availability switch (dashboard) and the BlogToggle (admin website editor) still moved their knob with translate-x while inheriting RTL, so the knob escaped the track on the right. Pin both to dir="ltr" like the other switches. All four role="switch" toggles in the codebase now share the fix. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 13:24:20 +03:30
soroush.asadi	7122df57b2	feat(menu): delete category/item + fix RTL availability toggle ... - Add DELETE /api/cafes/{cafeId}/menu/items/{id} (DeleteItemAsync soft-delete, mirroring the existing category delete) — item delete had no backend route. - Dashboard menu admin: destructive "delete" action in the item and category edit modals, behind a shared confirm dialog (AlertDialog). Deleting the selected category falls back to "all items". - Fix the availability ToggleSwitch in RTL: force dir="ltr" so the knob's translate-x stays inside the track instead of escaping on the right (same fix as the admin-panel toggles). - i18n: deleteItem/deleteCategory confirm + success strings (fa/en/ar). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 12:24:09 +03:30
soroush.asadi	24da1e0522	feat(orders): per-item kitchen/bar notes (POS + QR app + KDS) ... Lets the POS agent and the QR/app customer attach a free-text note to each order line (e.g. "no tomato", "extra hot") that reaches the kitchen/bar. - Backend already supported it (OrderItem.Notes persists; CreateOrderItemRequest and OrderItemDto carry Notes; LiveOrderDto items include it) — this wires the UI. - cart.store: add setNotes(menuItemId, notes); notes already travel in getPendingLines and round-trip via hydrateFromOrder. - POS pos-screen: a note input under each cart line. - QR guest menu: a note input under each cart line (QrCartLine.note). - KDS: render the note prominently under each item so kitchen/bar sees it. - i18n: pos.itemNotePlaceholder + qrMenu.itemNote (fa/ar/en). Note: notes are captured on items being added; editing a note on an already-submitted line is out of scope (no pending delta to re-send). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 09:37:59 +03:30
soroush.asadi	2203ecbdaf	fix(koja): remove over-broad short-URL redirect that 500'd the home page ... The redirect source "/:slug([a-z0-9][a-z0-9-]*[a-z0-9])" matched single-segment paths including the locale itself, so /fa redirected to /fa/cafe/fa (slug "fa") and /en to /fa/cafe/en — non-existent cafés that returned Internal Server Error. Visiting koja.meezi.ir (-> /fa) hit this. Removed the redirect so the home page renders; short café URLs can be re-added via middleware with reserved-word guards. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 08:29:27 +03:30
soroush.asadi	1aaab6c593	fix(admin): integrations save uses rendered list (fixes dropped Zarinpal merchantId) ... The integrations form rendered from (gateways state, falling back to fetched data) but SAVED from the state and edited via updateGateway on . If gateways hadn't hydrated, edits (e.g. Zarinpal merchantId) were written to an empty array and the save sent nothing. Now updateGateway seeds from fetched data on first edit, and the save maps over — render, edit, and save share one source. NOTE: prod admin had also been stale because recent deploys aborted on the main-API crash before the admin containers restarted. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 08:15:16 +03:30
soroush.asadi	087563bce7	feat(settings): use-my-current-location button; surface ticket-load error ... Location card gets a 'موقعیت فعلی من' button that fills lat/lng from the browser's geolocation. Support ticket list now shows the resolved (localized) error instead of a generic message, so a failure is diagnosable. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 01:52:29 +03:30
soroush.asadi	e839db7331	fix(koja): default to fa (no browser locale guess); guard null discoverProfile ... Koja auto-detected locale from the browser Accept-Language (en for many Persian users); set localeDetection:false so locale-less URLs default to fa. Also guarded cafe.discoverProfile across the cafe page, cafe card, and JSON-LD — a café without a discover profile crashed the page (500). The cafe page now resolves the café first and notFound()s an unknown slug before fetching menu/reviews. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 01:51:50 +03:30
soroush.asadi	a83edf7667	fix: seed all plans/features in prod (upsert); fix admin toggle RTL knob ... Plan + feature seeding was dev-gated and all-or-nothing, so production only had the Free plan (admin Plans page showed one). Now runs in every environment and upserts missing rows (adds Pro/Business/Enterprise on top of the existing Free). Also force LTR on the admin toggle switch so the knob doesn't render off-track under the RTL page. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-02 00:23:17 +03:30