- Add /api/webhooks/* to auth exemption list in both middlewares
- PayPal and Stripe webhooks can now receive events without Bearer token
- Webhooks authenticate via signature verification instead
- Fixes issue where PayPal would fail to deliver webhook events

- Complete PayPal Developer Dashboard configuration steps
- Webhook setup and event type selection
- Application configuration instructions
- Testing procedures for payment flow and webhooks
- API flow diagrams for setup and charging
- Troubleshooting common issues
- Security considerations and production checklist
- Monitoring and maintenance guidelines
- Support resources and references

- Document current webhook implementation status
- Provide complete code example for signature verification
- Explain why signature verification is critical for production
- Add references to PayPal documentation
- Include testing guidelines

- Add _verify_webhook_signature() method with TODO for proper implementation
- Log warning when webhook_secret is not configured
- Prepare for production-grade webhook security
- Reference PayPal's verify-webhook-signature endpoint

- Add handlers for CHECKOUT.ORDER.COMPLETED/APPROVED
- Add handlers for PAYMENT.CAPTURE.COMPLETED/DENIED/REFUNDED
- Add handlers for VAULT.PAYMENT-TOKEN.CREATED/DELETED
- Add handlers for CUSTOMER.DISPUTE.CREATED/RESOLVED
- Maintain backward compatibility with legacy PAYMENT.SALE events
- Add TODO comments for database integration points

- Remove call to non-existent cancel_billing_agreement method
- PayPal Vault tokens remain in PayPal's system when deleted from our DB
- Add logging for PayPal payment method deletion
- Maintains backward compatibility with legacy billing agreements

- Update _charge_payment() to detect paypal_v3 gateway and use charge_payment_token()
- Add gateway column to payment_method query in renewal processor
- Supports off-session merchant-initiated charges for auto-renewals
- Maintains backward compatibility with legacy billing agreements

- Add create_setup_token() for PayPal Vault setup token generation
- Add create_payment_token() to exchange setup token for permanent payment token
- Add charge_payment_token() for off-session merchant-initiated transactions
- Update payment_methods table schema with gateway, last4, brand, paypal_email columns
- Update dashboard routes to use new vault flow instead of billing agreements
- No longer requires Reference Transactions to be enabled on PayPal account
- Supports merchant-initiated billing for auto top-ups without user presence

- Fix model type reporting for user providers in analytics table
- Fix undefined placeholder variable in duplicate cache settings migration

Refactor: Move cache settings API from /api/user/cache-settings to /dashboard/api/cache-settings and use session-based auth

Fix: Restore missing model_performance, cost_overview, recommendations, and optimization_savings variables

Fix: Call _run_config_migrations from _initialize_database to ensure user_cache_settings table is created

- Clarify cache setting is user-level (not global)
- Rename 'Global Cache Setting' to 'User Default Cache Setting'
- Add detailed cache hierarchy explanation
- Add help text for notify_errors explaining behavior

- Add Enable Prompt Caching toggle at both provider and model levels
- Add detailed help text explaining cache override hierarchy
- Add setCacheSetting function to save cache settings directly from provider page
- Add loadCacheSettings to populate current cache states
- Add isCacheEnabled helper to check cache state with proper priority
- Add toasts for success/error feedback
- Cache hierarchy: Model > Provider > Global (default enabled)

- Added link to /dashboard/cache-settings in account menu
- Users can now access prompt cache settings from the dashboard
- Located between API Tokens and Subscription

- Check if timestamp is string before calling fromisoformat()
- MySQL returns datetime objects directly, SQLite returns strings
- Fixes login error: 'fromisoformat: argument must be str'