Audit Log, White-label & Multi-client Store Directory
New
- Audit Log (Pro+) — tamper-proof DB table tracking every staff write-action with user, event, IP, and timestamp
- REST endpoint for audit log with filters: user, date range, event type, pagination
- Audit events stamped across eight controllers: staff, customers, refund requests, shifts, security, locations
- SPA: /audit-log lazy route with filter bar, paginated table, and Pro-gate banner
- White-label (Agency) — custom plugin name, logo, and brand replacement across SPA and login page
- Multi-client Store Directory (Agency) — manage all client stores from one login with header store switcher
- Agency Settings endpoint (GET/PUT) with sanitisation for client store names and URLs
- DB Upgrade Framework — idempotent table creation on version change
Improved
- Settings page reorganised — Gateways tab removed; Permissions now default; summary stat cards always visible
- Payment Gateways moved to dedicated /payment-gateways page with enable/disable toggles and KPI overview
- SPALoader extended with whiteLabel and clientStores boot config
Fixed
- LocationsController — incorrect WP_REST_Response class reference in wrong namespace
- LocationsController — audit stamp placed after return statement (unreachable); moved before return
- LocationsController/CustomersController — meta values cast to (string) for HPOS type contract
Multi-location support
New
- Multi-location support — se_locations table with location_id meta on users, orders, and products
- LocationsController with CRUD endpoints; locations injected into SPA boot config
- Location selector in Staff tab; location context in Customers, Orders, and Shifts
- Business-tier gate on location features
Shift tracking & security settings
New
- Shift tracking — se_shifts table with start/end/force-end/history endpoints
- Security settings: idle timeout, force_logout_on_shift_end, require_active_shift, IP allowlist
- SPA: PINLock overlay, ShiftRequiredScreen, idle-timer, Shift History modal
- Business-tier gate on IP-allowlist enforcement
Refund approval workflows
New
- Refund approval workflow — two-tier submit, approve/reject via HPOS order meta
- RefundRequestsController: submit, list, review, and global pending-queue endpoints
- Per-user max refund amount limit; admin email notifications on submit and review
- Business-tier gate on refund workflow
- "Pending Approvals" tab in SPA RefundsList
Customer management
New
- Customer management — CustomersController with create, search, update, merge endpoints
- Customer creation from the SPA; customer-order linkage
- Permission actions: customers.create, customers.merge
Staff limits & PIN authentication
New
- Per-user discount ceiling and refund limit
- PIN authentication — set/remove PIN, verify-pin endpoint (rate-limited)
- Staff permission limits saved atomically
- Pro-tier gate on custom role configuration; Free tier restricted to Manager + Cashier templates
Staff management & permissions
New
- Staff management — StaffController with CRUD, permissions, and limits endpoints
- Permission system with ACTION_SCHEMA as single source of truth
- PermissionManager: grants/revokes manage_storeelevate capability; blocks wp-admin for non-admin staff
- SPA: Staff tab with role templates, action matrix (Pro), invite flow
- Free-tier staff cap (2 members)
StoreElevate Core — initial release
New
- Plugin scaffold: Plugin, SPALoader, ModuleRegistry, Activator, LicenseManager
- Hub-and-spoke architecture with storeElevateConfig JS boot object
- JWT authentication: issue, refresh, revoke endpoints
- manage_storeelevate capability; admin-only wp-admin guard
- SPA shell: React 18, @wordpress/scripts webpack build, useApp() context
- License tiers: Free, Pro, Business, Agency