- Add DatabaseManager.placeholder property returning '?' (SQLite) or '%s' (MySQL)
- Fix paypal_handler.py: payment_methods INSERT
- Fix service.py: payment_methods INSERT for PayPal vault
- Fix subscription/manager.py: all SQL in create/upgrade/downgrade/cancel_subscription
- Fix subscription/renewal.py: all SQL in process_renewals/_renew_subscription/_cancel_subscription
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- Replace invalid 'ON CONFLICT DO NOTHING' (PostgreSQL) with 'INSERT IGNORE' (MySQL)
  for user_crypto_wallets upsert
- Use repr() and full traceback in exception logging so blank-message exceptions
  are still diagnosable
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

- get_user_by_id and get_user_by_email now include profile_pic in SELECT
- Store profile_pic in session on login and update it on profile save
- base.html and user_index.html use session.profile_pic, falling back to gravatar
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

TEXT maxes at 64 KB; base64-encoded images easily exceed that.
Migration auto-widens existing installations on next startup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

v0.99.51: security hardening — bcrypt passwords, rate limiting, auth fixes, safe cache serialisation

- Migrate password hashing from SHA-256 to bcrypt with backward-compatible auto-upgrade on login
- Add login rate limiting (10 attempts / 5 min window, 10 min lockout) per IP+username
- Force password change when default admin/admin credentials are detected (C3)
- Fix /api/admin/* middleware to require valid admin session instead of unconditional bypass (C5)
- Replace pickle serialisation in all cache backends (Redis, SQLite, MySQL, File) with JSON-first encoding; legacy pickle data still readable (H9)
- Fix PayPal webhook: implement 6 previously empty handler stubs with real wallet credit/debit logic (H1)
- Fix Stripe: remove no-op _handle_payment_succeeded stub, fix real implementation to use WalletManager (C7)
- Fix crypto address derivation race condition via BEGIN EXCLUSIVE / SELECT FOR UPDATE (H6)
- Fix PayPal webhook verification: return False (not True) when webhook_id not configured (C6)
- Fix pre-existing password reset flow using non-existent DB methods
- Fix CORS: allow_credentials=False to be compatible with wildcard origins
- Fix session cookie flags: same_site=lax, https_only via AISBF_HTTPS env var
- Fix background task GC: hold strong references to prevent premature task collection
- Remove dead Jinja2 environment and commented-out analytics init code
- Apply XSS escaping to user-controlled innerHTML in analytics and autoselects dashboard templates
- Update docs: security warnings in README and DEBUG_GUIDE, missing endpoints in ENDPOINTS.md
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Add wallet support to MCP endpoints: implement wallet balance and transaction tools for both global and user-specific MCP access, update documentation with wallet MCP tools and examples

Complete documentation refactoring: updated CHANGELOG with wallet system and docs reorganization, fixed PYPI.md versions, added wallet API examples to API_EXAMPLES.md

Fix token access documentation: global tokens can only access global endpoints, not user-specific endpoints

Fix token access documentation: clarify that user tokens can access global endpoints, global tokens have admin access

Complete documentation reorganization: move donations to README top, reduce README size, add comprehensive wallet documentation, fix directory tree, remove duplications

Task 7: Implement wallet operations, top up flow, auto top up logic, subscription renewal integration with all tests

- Update _renew_subscription() to check wallet first before payment method
- Add wallet debit for renewal amount with transaction logging
- Implement auto top up trigger when balance insufficient
- Add renewal retry after successful auto top up
- Maintain grace period and existing error handling
- Add trigger_auto_topup function to scheduler.py
- Add test cases for wallet renewal flow

- Add _create_wallet_tables() migration method in PaymentMigrations class
- user_wallets table with balance, currency, auto topup configuration
- wallet_transactions table with full transaction history
- Add proper table indexes for performance
- Update test_migrations.py to verify new tables exist
- All migration tests passing

- Fix infinite recursion loop in corrupted config recovery
- Always initialize self.rotations attribute before loading
- Fix invalid default providers.json (remove extra condensation key)
- Fix users table order - create table before column migrations
- Remove invalid extra braces from default rotations.json
- Corrupted configs are now safely backed up with timestamps
- No more JSON decode errors on first run
- No more "no such table: users" warning on first run

- Copy markdown prompt files (*.md) to ~/.aisbf/ on first run
- Fix installation location search order (user-local first, then system)
- Add JSON validation and proper error handling for all config files
- Fix invalid JSON syntax in default rotations.json
- Existing files are never overwritten
- Config files are properly copied from ~/.local/share/aisbf, /usr/local/share/aisbf, /usr/share/aisbf or source directory depending on installation type

- Document all 8 commits and changes made
- List files modified and what changed
- Provide before/after API comparison
- Include configuration requirements
- Add testing checklist and monitoring guidelines
- Reference all documentation and code locations
- Mark migration status as COMPLETE

- Add /api/webhooks/* to auth exemption list in both middlewares
- PayPal and Stripe webhooks can now receive events without Bearer token
- Webhooks authenticate via signature verification instead
- Fixes issue where PayPal would fail to deliver webhook events

- Complete PayPal Developer Dashboard configuration steps
- Webhook setup and event type selection
- Application configuration instructions
- Testing procedures for payment flow and webhooks
- API flow diagrams for setup and charging
- Troubleshooting common issues
- Security considerations and production checklist
- Monitoring and maintenance guidelines
- Support resources and references

- Document current webhook implementation status
- Provide complete code example for signature verification
- Explain why signature verification is critical for production
- Add references to PayPal documentation
- Include testing guidelines

- Add _verify_webhook_signature() method with TODO for proper implementation
- Log warning when webhook_secret is not configured
- Prepare for production-grade webhook security
- Reference PayPal's verify-webhook-signature endpoint

- Add handlers for CHECKOUT.ORDER.COMPLETED/APPROVED
- Add handlers for PAYMENT.CAPTURE.COMPLETED/DENIED/REFUNDED
- Add handlers for VAULT.PAYMENT-TOKEN.CREATED/DELETED
- Add handlers for CUSTOMER.DISPUTE.CREATED/RESOLVED
- Maintain backward compatibility with legacy PAYMENT.SALE events
- Add TODO comments for database integration points

- Remove call to non-existent cancel_billing_agreement method
- PayPal Vault tokens remain in PayPal's system when deleted from our DB
- Add logging for PayPal payment method deletion
- Maintains backward compatibility with legacy billing agreements

- Update _charge_payment() to detect paypal_v3 gateway and use charge_payment_token()
- Add gateway column to payment_method query in renewal processor
- Supports off-session merchant-initiated charges for auto-renewals
- Maintains backward compatibility with legacy billing agreements

- Add create_setup_token() for PayPal Vault setup token generation
- Add create_payment_token() to exchange setup token for permanent payment token
- Add charge_payment_token() for off-session merchant-initiated transactions
- Update payment_methods table schema with gateway, last4, brand, paypal_email columns
- Update dashboard routes to use new vault flow instead of billing agreements
- No longer requires Reference Transactions to be enabled on PayPal account
- Supports merchant-initiated billing for auto top-ups without user presence