fix(auth): Prioritize JWT token over trusted origin bypass

When a user logs in and has a Bearer token, use their actual identity
instead of falling back to internal@system. This ensures logged-in
users see their real email in the admin UI.

Order of auth:
1. If Bearer token provided → use JWT/API token (real user identity)
2. If no token → check trusted origins (for API access like WordPress)
3. Otherwise → 401 unauthorized

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.woodpecker/.ci.yml

@@ -90,10 +90,10 @@ steps:
       platforms: linux/amd64
       provenance: false
       build_args:
-        - APP_BUILD_VERSION=${CI_COMMIT_SHA:0:8}
-        - APP_GIT_SHA=${CI_COMMIT_SHA}
-        - APP_BUILD_TIME=${CI_PIPELINE_CREATED}
-        - CONTAINER_IMAGE_TAG=${CI_COMMIT_SHA:0:8}
+        APP_BUILD_VERSION: ${CI_COMMIT_SHA:0:8}
+        APP_GIT_SHA: ${CI_COMMIT_SHA}
+        APP_BUILD_TIME: ${CI_PIPELINE_CREATED}
+        CONTAINER_IMAGE_TAG: ${CI_COMMIT_SHA:0:8}
     depends_on: []
     when:
       branch: master

backend/docs/BRAND_INTELLIGENCE_API.md

@@ -0,0 +1,394 @@
+# Brand Intelligence API
+
+## Endpoint
+
+```
+GET /api/analytics/v2/brand/:name/intelligence
+```
+
+## Query Parameters
+
+| Param | Type | Default | Description |
+|-------|------|---------|-------------|
+| `window` | `7d\|30d\|90d` | `30d` | Time window for trend calculations |
+| `state` | string | - | Filter by state code (e.g., `AZ`) |
+| `category` | string | - | Filter by category (e.g., `Flower`) |
+
+## Response Payload Schema
+
+```typescript
+interface BrandIntelligenceResult {
+  brand_name: string;
+  window: '7d' | '30d' | '90d';
+  generated_at: string;  // ISO timestamp when data was computed
+
+  performance_snapshot: PerformanceSnapshot;
+  alerts: Alerts;
+  sku_performance: SkuPerformance[];
+  retail_footprint: RetailFootprint;
+  competitive_landscape: CompetitiveLandscape;
+  inventory_health: InventoryHealth;
+  promo_performance: PromoPerformance;
+}
+```
+
+---
+
+## Section 1: Performance Snapshot
+
+Summary cards with key brand metrics.
+
+```typescript
+interface PerformanceSnapshot {
+  active_skus: number;              // Total products in catalog
+  total_revenue_30d: number | null; // Estimated from qty × price
+  total_stores: number;             // Active retail partners
+  new_stores_30d: number;           // New distribution in window
+  market_share: number | null;      // % of category SKUs
+  avg_wholesale_price: number | null;
+  price_position: 'premium' | 'value' | 'competitive';
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label | Helper Text |
+|-------|-------------------|-------------|
+| `active_skus` | Active Products | X total in catalog |
+| `total_revenue_30d` | Monthly Revenue | Estimated from sales |
+| `total_stores` | Retail Distribution | Active retail partners |
+| `new_stores_30d` | New Opportunities | X new in last 30 days |
+| `market_share` | Category Position | % of category |
+| `avg_wholesale_price` | Avg Wholesale | Per unit |
+| `price_position` | Pricing Tier | Premium/Value/Market Rate |
+
+---
+
+## Section 2: Alerts
+
+Issues requiring attention.
+
+```typescript
+interface Alerts {
+  lost_stores_30d_count: number;
+  lost_skus_30d_count: number;
+  competitor_takeover_count: number;
+  avg_oos_duration_days: number | null;
+  avg_reorder_lag_days: number | null;
+  items: AlertItem[];
+}
+
+interface AlertItem {
+  type: 'lost_store' | 'delisted_sku' | 'shelf_loss' | 'extended_oos';
+  severity: 'critical' | 'warning';
+  store_name?: string;
+  product_name?: string;
+  competitor_brand?: string;
+  days_since?: number;
+  state_code?: string;
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `lost_stores_30d_count` | Accounts at Risk |
+| `lost_skus_30d_count` | Delisted SKUs |
+| `competitor_takeover_count` | Shelf Losses |
+| `avg_oos_duration_days` | Avg Stockout Length |
+| `avg_reorder_lag_days` | Avg Restock Time |
+| `severity: critical` | Urgent |
+| `severity: warning` | Watch |
+
+---
+
+## Section 3: SKU Performance (Product Velocity)
+
+How fast each SKU sells.
+
+```typescript
+interface SkuPerformance {
+  store_product_id: number;
+  product_name: string;
+  category: string | null;
+  daily_velocity: number;        // Units/day estimate
+  velocity_status: 'hot' | 'steady' | 'slow' | 'stale';
+  retail_price: number | null;
+  on_sale: boolean;
+  stores_carrying: number;
+  stock_status: 'in_stock' | 'low_stock' | 'out_of_stock';
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `daily_velocity` | Daily Rate |
+| `velocity_status` | Momentum |
+| `velocity_status: hot` | Hot |
+| `velocity_status: steady` | Steady |
+| `velocity_status: slow` | Slow |
+| `velocity_status: stale` | Stale |
+| `retail_price` | Retail Price |
+| `on_sale` | Promo (badge) |
+
+**Velocity Thresholds:**
+- `hot`: >= 5 units/day
+- `steady`: >= 1 unit/day
+- `slow`: >= 0.1 units/day
+- `stale`: < 0.1 units/day
+
+---
+
+## Section 4: Retail Footprint
+
+Store placement and coverage.
+
+```typescript
+interface RetailFootprint {
+  total_stores: number;
+  in_stock_count: number;
+  out_of_stock_count: number;
+  penetration_by_region: RegionPenetration[];
+  whitespace_stores: WhitespaceStore[];
+}
+
+interface RegionPenetration {
+  state_code: string;
+  store_count: number;
+  percent_reached: number;    // % of state's dispensaries
+  in_stock: number;
+  out_of_stock: number;
+}
+
+interface WhitespaceStore {
+  store_id: number;
+  store_name: string;
+  state_code: string;
+  city: string | null;
+  category_fit: number;       // How many competing brands they carry
+  competitor_brands: string[];
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `penetration_by_region` | Market Coverage by Region |
+| `percent_reached` | X% reached |
+| `in_stock` | X stocked |
+| `out_of_stock` | X out |
+| `whitespace_stores` | Expansion Opportunities |
+| `category_fit` | X fit |
+
+---
+
+## Section 5: Competitive Landscape
+
+Market positioning vs competitors.
+
+```typescript
+interface CompetitiveLandscape {
+  brand_price_position: 'premium' | 'value' | 'competitive';
+  market_share_trend: MarketSharePoint[];
+  competitors: Competitor[];
+  head_to_head_skus: HeadToHead[];
+}
+
+interface MarketSharePoint {
+  date: string;
+  share_percent: number;
+}
+
+interface Competitor {
+  brand_name: string;
+  store_overlap_percent: number;
+  price_position: 'premium' | 'value' | 'competitive';
+  avg_price: number | null;
+  sku_count: number;
+}
+
+interface HeadToHead {
+  product_name: string;
+  brand_price: number;
+  competitor_brand: string;
+  competitor_price: number;
+  price_diff_percent: number;
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `price_position: premium` | Premium Tier |
+| `price_position: value` | Value Leader |
+| `price_position: competitive` | Market Rate |
+| `market_share_trend` | Share of Shelf Trend |
+| `head_to_head_skus` | Price Comparison |
+| `store_overlap_percent` | X% store overlap |
+
+---
+
+## Section 6: Inventory Health
+
+Stock projections and risk levels.
+
+```typescript
+interface InventoryHealth {
+  critical_count: number;      // <7 days stock
+  warning_count: number;       // 7-14 days stock
+  healthy_count: number;       // 14-90 days stock
+  overstocked_count: number;   // >90 days stock
+  skus: InventorySku[];
+  overstock_alert: OverstockItem[];
+}
+
+interface InventorySku {
+  store_product_id: number;
+  product_name: string;
+  store_name: string;
+  days_of_stock: number | null;
+  risk_level: 'critical' | 'elevated' | 'moderate' | 'healthy';
+  current_quantity: number | null;
+  daily_sell_rate: number | null;
+}
+
+interface OverstockItem {
+  product_name: string;
+  store_name: string;
+  excess_units: number;
+  days_of_stock: number;
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `risk_level: critical` | Reorder Now |
+| `risk_level: elevated` | Low Stock |
+| `risk_level: moderate` | Monitor |
+| `risk_level: healthy` | Healthy |
+| `critical_count` | Urgent (<7 days) |
+| `warning_count` | Low (7-14 days) |
+| `overstocked_count` | Excess (>90 days) |
+| `days_of_stock` | X days remaining |
+| `overstock_alert` | Overstock Alert |
+| `excess_units` | X excess units |
+
+---
+
+## Section 7: Promotion Effectiveness
+
+How promotions impact sales.
+
+```typescript
+interface PromoPerformance {
+  avg_baseline_velocity: number | null;
+  avg_promo_velocity: number | null;
+  avg_velocity_lift: number | null;     // % increase during promo
+  avg_efficiency_score: number | null;  // ROI proxy
+  promotions: Promotion[];
+}
+
+interface Promotion {
+  product_name: string;
+  store_name: string;
+  status: 'active' | 'scheduled' | 'ended';
+  start_date: string;
+  end_date: string | null;
+  regular_price: number;
+  promo_price: number;
+  discount_percent: number;
+  baseline_velocity: number | null;
+  promo_velocity: number | null;
+  velocity_lift: number | null;
+  efficiency_score: number | null;
+}
+```
+
+**UI Label Mapping:**
+| Field | User-Facing Label |
+|-------|-------------------|
+| `avg_baseline_velocity` | Normal Rate |
+| `avg_promo_velocity` | During Promos |
+| `avg_velocity_lift` | Avg Sales Lift |
+| `avg_efficiency_score` | ROI Score |
+| `velocity_lift` | Sales Lift |
+| `efficiency_score` | ROI Score |
+| `status: active` | Live |
+| `status: scheduled` | Scheduled |
+| `status: ended` | Ended |
+
+---
+
+## Example Queries
+
+### Get full payload
+```javascript
+const response = await fetch('/api/analytics/v2/brand/Wyld/intelligence?window=30d');
+const data = await response.json();
+```
+
+### Extract summary cards (flattened)
+```javascript
+const { performance_snapshot: ps, alerts } = data;
+
+const summaryCards = {
+  activeProducts: ps.active_skus,
+  monthlyRevenue: ps.total_revenue_30d,
+  retailDistribution: ps.total_stores,
+  newOpportunities: ps.new_stores_30d,
+  categoryPosition: ps.market_share,
+  avgWholesale: ps.avg_wholesale_price,
+  pricingTier: ps.price_position,
+  accountsAtRisk: alerts.lost_stores_30d_count,
+  delistedSkus: alerts.lost_skus_30d_count,
+  shelfLosses: alerts.competitor_takeover_count,
+};
+```
+
+### Get top 10 fastest selling SKUs
+```javascript
+const topSkus = data.sku_performance
+  .filter(sku => sku.velocity_status === 'hot' || sku.velocity_status === 'steady')
+  .sort((a, b) => b.daily_velocity - a.daily_velocity)
+  .slice(0, 10);
+```
+
+### Get critical inventory alerts only
+```javascript
+const criticalInventory = data.inventory_health.skus
+  .filter(sku => sku.risk_level === 'critical');
+```
+
+### Get states with <50% penetration
+```javascript
+const underPenetrated = data.retail_footprint.penetration_by_region
+  .filter(region => region.percent_reached < 50)
+  .sort((a, b) => a.percent_reached - b.percent_reached);
+```
+
+### Get active promotions with positive lift
+```javascript
+const effectivePromos = data.promo_performance.promotions
+  .filter(p => p.status === 'active' && p.velocity_lift > 0)
+  .sort((a, b) => b.velocity_lift - a.velocity_lift);
+```
+
+### Build chart data for market share trend
+```javascript
+const chartData = data.competitive_landscape.market_share_trend.map(point => ({
+  x: new Date(point.date),
+  y: point.share_percent,
+}));
+```
+
+---
+
+## Notes for Frontend Implementation
+
+1. **All fields are snake_case** - transform to camelCase if needed
+2. **Null values are possible** - handle gracefully in UI
+3. **Arrays may be empty** - show appropriate empty states
+4. **Timestamps are ISO format** - parse with `new Date()`
+5. **Percentages are already computed** - no need to multiply by 100
+6. **The `window` parameter affects trend calculations** - 7d/30d/90d

backend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dutchie-menus-backend",
-  "version": "1.5.1",
+  "version": "1.6.0",
   "description": "Backend API for Dutchie Menus scraper and management",
   "main": "dist/index.js",
   "scripts": {

backend/public/downloads/cannaiq-menus-latest.zip

@@ -0,0 +1 @@
+cannaiq-menus-1.6.0.zip

backend/src/auth/middleware.ts

@@ -32,6 +32,7 @@ const TRUSTED_ORIGINS = [
 // Pattern-based trusted origins (wildcards)
 const TRUSTED_ORIGIN_PATTERNS = [
   /^https:\/\/.*\.cannabrands\.app$/,  // *.cannabrands.app
+  /^https:\/\/.*\.cannaiq\.co$/,       // *.cannaiq.co
 ];
 
 // Trusted IPs for internal pod-to-pod communication
@@ -152,7 +153,53 @@ export async function authenticateUser(email: string, password: string): Promise
 }
 
 export async function authMiddleware(req: AuthRequest, res: Response, next: NextFunction) {
-  // Allow trusted origins/IPs to bypass auth (internal services, same-origin)
+  const authHeader = req.headers.authorization;
+
+  // If a Bearer token is provided, always try to use it first (logged-in user)
+  if (authHeader && authHeader.startsWith('Bearer ')) {
+    const token = authHeader.substring(7);
+
+    // Try JWT first
+    const jwtUser = verifyToken(token);
+
+    if (jwtUser) {
+      req.user = jwtUser;
+      return next();
+    }
+
+    // If JWT fails, try API token
+    try {
+      const result = await pool.query(`
+        SELECT id, name, rate_limit, active, expires_at, allowed_endpoints
+        FROM api_tokens
+        WHERE token = $1
+      `, [token]);
+
+      if (result.rows.length > 0) {
+        const apiToken = result.rows[0];
+        if (!apiToken.active) {
+          return res.status(401).json({ error: 'API token is inactive' });
+        }
+        if (apiToken.expires_at && new Date(apiToken.expires_at) < new Date()) {
+          return res.status(401).json({ error: 'API token has expired' });
+        }
+        req.user = {
+          id: 0,
+          email: `api:${apiToken.name}`,
+          role: 'api_token'
+        };
+        req.apiToken = apiToken;
+        return next();
+      }
+    } catch (err) {
+      console.error('API token lookup error:', err);
+    }
+
+    // Token provided but invalid
+    return res.status(401).json({ error: 'Invalid token' });
+  }
+
+  // No token provided - check trusted origins for API access (WordPress, etc.)
   if (isTrustedRequest(req)) {
     req.user = {
       id: 0,
@@ -162,80 +209,10 @@ export async function authMiddleware(req: AuthRequest, res: Response, next: Next
     return next();
   }
 
-  const authHeader = req.headers.authorization;
-
-  if (!authHeader || !authHeader.startsWith('Bearer ')) {
-    return res.status(401).json({ error: 'No token provided' });
-  }
-
-  const token = authHeader.substring(7);
-
-  // Try JWT first
-  const jwtUser = verifyToken(token);
-
-  if (jwtUser) {
-    req.user = jwtUser;
-    return next();
-  }
-
-  // If JWT fails, try API token
-  try {
-    const result = await pool.query(`
-      SELECT id, name, rate_limit, active, expires_at, allowed_endpoints
-      FROM api_tokens
-      WHERE token = $1
-    `, [token]);
-
-    if (result.rows.length === 0) {
-      return res.status(401).json({ error: 'Invalid token' });
-    }
-
-    const apiToken = result.rows[0];
-
-    // Check if token is active
-    if (!apiToken.active) {
-      return res.status(401).json({ error: 'Token is disabled' });
-    }
-
-    // Check if token is expired
-    if (apiToken.expires_at && new Date(apiToken.expires_at) < new Date()) {
-      return res.status(401).json({ error: 'Token has expired' });
-    }
-
-    // Check allowed endpoints
-    if (apiToken.allowed_endpoints && apiToken.allowed_endpoints.length > 0) {
-      const isAllowed = apiToken.allowed_endpoints.some((pattern: string) => {
-        // Simple wildcard matching
-        const regex = new RegExp('^' + pattern.replace('*', '.*') + '$');
-        return regex.test(req.path);
-      });
-
-      if (!isAllowed) {
-        return res.status(403).json({ error: 'Endpoint not allowed for this token' });
-      }
-    }
-
-    // Set API token on request for tracking
-    req.apiToken = {
-      id: apiToken.id,
-      name: apiToken.name,
-      rate_limit: apiToken.rate_limit
-    };
-
-    // Set a generic user for compatibility with existing code
-    req.user = {
-      id: apiToken.id,
-      email: `api-token-${apiToken.id}@system`,
-      role: 'api'
-    };
-
-    next();
-  } catch (error) {
-    console.error('Error verifying API token:', error);
-    return res.status(500).json({ error: 'Authentication failed' });
-  }
+  return res.status(401).json({ error: 'No token provided' });
 }
 
+
 /**
  * Require specific role(s) to access endpoint.
  *

backend/src/middleware/trustedDomains.ts

@@ -5,8 +5,8 @@ import { Request, Response, NextFunction } from 'express';
  * These are our own frontends that should have unrestricted access.
  */
 const TRUSTED_DOMAINS = [
-  'cannaiq.co',
-  'www.cannaiq.co',
+  '*.cannaiq.co',
+  '*.cannabrands.app',
   'findagram.co',
   'www.findagram.co',
   'findadispo.com',
@@ -32,6 +32,24 @@ function extractDomain(header: string): string | null {
   }
 }
 
+/**
+ * Checks if a domain matches any trusted domain (supports *.domain.com wildcards)
+ */
+function isTrustedDomain(domain: string): boolean {
+  for (const trusted of TRUSTED_DOMAINS) {
+    if (trusted.startsWith('*.')) {
+      // Wildcard: *.example.com matches example.com and any subdomain
+      const baseDomain = trusted.slice(2);
+      if (domain === baseDomain || domain.endsWith('.' + baseDomain)) {
+        return true;
+      }
+    } else if (domain === trusted) {
+      return true;
+    }
+  }
+  return false;
+}
+
 /**
  * Checks if the request comes from a trusted domain
  */
@@ -42,7 +60,7 @@ function isRequestFromTrustedDomain(req: Request): boolean {
   // Check Origin header first (preferred for CORS requests)
   if (origin) {
     const domain = extractDomain(origin);
-    if (domain && TRUSTED_DOMAINS.includes(domain)) {
+    if (domain && isTrustedDomain(domain)) {
       return true;
     }
   }
@@ -50,7 +68,7 @@ function isRequestFromTrustedDomain(req: Request): boolean {
   // Fallback to Referer header
   if (referer) {
     const domain = extractDomain(referer);
-    if (domain && TRUSTED_DOMAINS.includes(domain)) {
+    if (domain && isTrustedDomain(domain)) {
       return true;
     }
   }

backend/src/routes/analytics-v2.ts

@@ -16,6 +16,7 @@ import { BrandPenetrationService } from '../services/analytics/BrandPenetrationS
 import { CategoryAnalyticsService } from '../services/analytics/CategoryAnalyticsService';
 import { StoreAnalyticsService } from '../services/analytics/StoreAnalyticsService';
 import { StateAnalyticsService } from '../services/analytics/StateAnalyticsService';
+import { BrandIntelligenceService } from '../services/analytics/BrandIntelligenceService';
 import { TimeWindow, LegalType } from '../services/analytics/types';
 
 function parseTimeWindow(window?: string): TimeWindow {
@@ -41,6 +42,7 @@ export function createAnalyticsV2Router(pool: Pool): Router {
   const categoryService = new CategoryAnalyticsService(pool);
   const storeService = new StoreAnalyticsService(pool);
   const stateService = new StateAnalyticsService(pool);
+  const brandIntelligenceService = new BrandIntelligenceService(pool);
 
   // ============================================================
   // PRICE ANALYTICS
@@ -259,6 +261,48 @@ export function createAnalyticsV2Router(pool: Pool): Router {
     }
   });
 
+  /**
+   * GET /brand/:name/intelligence
+   * Get comprehensive B2B brand intelligence dashboard data
+   *
+   * Returns all brand metrics in a single unified response:
+   *   - Performance Snapshot (active SKUs, revenue, stores, market share)
+   *   - Alerts/Slippage (lost stores, delisted SKUs, competitor takeovers)
+   *   - Product Velocity (daily rates, velocity status)
+   *   - Retail Footprint (penetration, whitespace opportunities)
+   *   - Competitive Landscape (price position, market share trend)
+   *   - Inventory Health (days of stock, risk levels)
+   *   - Promotion Effectiveness (baseline vs promo velocity, ROI)
+   *
+   * Query params:
+   *   - window: 7d|30d|90d (default: 30d)
+   *   - state: state code filter (e.g., AZ)
+   *   - category: category filter (e.g., Flower)
+   */
+  router.get('/brand/:name/intelligence', async (req: Request, res: Response) => {
+    try {
+      const brandName = decodeURIComponent(req.params.name);
+      const window = parseTimeWindow(req.query.window as string);
+      const stateCode = req.query.state as string | undefined;
+      const category = req.query.category as string | undefined;
+
+      const result = await brandIntelligenceService.getBrandIntelligence(brandName, {
+        window,
+        stateCode,
+        category,
+      });
+
+      if (!result) {
+        return res.status(404).json({ error: 'Brand not found' });
+      }
+
+      res.json(result);
+    } catch (error) {
+      console.error('[AnalyticsV2] Brand intelligence error:', error);
+      res.status(500).json({ error: 'Failed to fetch brand intelligence' });
+    }
+  });
+
   // ============================================================
   // CATEGORY ANALYTICS
   // ============================================================

backend/src/routes/public-api.ts

@@ -130,6 +130,12 @@ const CONSUMER_TRUSTED_ORIGINS = [
   'http://localhost:3002',
 ];
 
+// Wildcard trusted origin patterns (*.domain.com)
+const CONSUMER_TRUSTED_PATTERNS = [
+  /^https:\/\/([a-z0-9-]+\.)?cannaiq\.co$/,
+  /^https:\/\/([a-z0-9-]+\.)?cannabrands\.app$/,
+];
+
 // Trusted IPs for local development (bypass API key auth)
 const TRUSTED_IPS = ['127.0.0.1', '::1', '::ffff:127.0.0.1'];
 
@@ -150,8 +156,17 @@ function isConsumerTrustedRequest(req: Request): boolean {
     return true;
   }
   const origin = req.headers.origin;
-  if (origin && CONSUMER_TRUSTED_ORIGINS.includes(origin)) {
-    return true;
+  if (origin) {
+    // Check exact matches
+    if (CONSUMER_TRUSTED_ORIGINS.includes(origin)) {
+      return true;
+    }
+    // Check wildcard patterns
+    for (const pattern of CONSUMER_TRUSTED_PATTERNS) {
+      if (pattern.test(origin)) {
+        return true;
+      }
+    }
   }
   const referer = req.headers.referer;
   if (referer) {
@@ -160,6 +175,18 @@ function isConsumerTrustedRequest(req: Request): boolean {
         return true;
       }
     }
+    // Check wildcard patterns against referer origin
+    try {
+      const refererUrl = new URL(referer);
+      const refererOrigin = refererUrl.origin;
+      for (const pattern of CONSUMER_TRUSTED_PATTERNS) {
+        if (pattern.test(refererOrigin)) {
+          return true;
+        }
+      }
+    } catch {
+      // Invalid referer URL, ignore
+    }
   }
   return false;
 }

backend/src/services/analytics/index.ts

@@ -11,3 +11,4 @@ export { BrandPenetrationService } from './BrandPenetrationService';
 export { CategoryAnalyticsService } from './CategoryAnalyticsService';
 export { StoreAnalyticsService } from './StoreAnalyticsService';
 export { StateAnalyticsService } from './StateAnalyticsService';
+export { BrandIntelligenceService } from './BrandIntelligenceService';

wordpress-plugin/cannaiq-menus.php

@@ -46,14 +46,17 @@ class CannaIQ_Menus_Plugin {
         // Initialize plugin
         load_plugin_textdomain('cannaiq-menus', false, dirname(plugin_basename(__FILE__)) . '/languages');
 
-        // Register shortcodes
+        // Register shortcodes - primary CannaIQ shortcodes
         add_shortcode('cannaiq_products', [$this, 'products_shortcode']);
         add_shortcode('cannaiq_product', [$this, 'single_product_shortcode']);
-        // Legacy shortcode support (backward compatibility)
-        add_shortcode('crawlsy_products', [$this, 'products_shortcode']);
-        add_shortcode('crawlsy_product', [$this, 'single_product_shortcode']);
-        add_shortcode('dutchie_products', [$this, 'products_shortcode']);
-        add_shortcode('dutchie_product', [$this, 'single_product_shortcode']);
+
+        // DEPRECATED: Legacy shortcode aliases for backward compatibility only
+        // These allow sites that used the old plugin names to continue working
+        // New implementations should use [cannaiq_products] and [cannaiq_product]
+        add_shortcode('crawlsy_products', [$this, 'products_shortcode']);   // deprecated
+        add_shortcode('crawlsy_product', [$this, 'single_product_shortcode']); // deprecated
+        add_shortcode('dutchie_products', [$this, 'products_shortcode']);   // deprecated
+        add_shortcode('dutchie_product', [$this, 'single_product_shortcode']); // deprecated
     }
 
     /**
@@ -114,7 +117,9 @@ class CannaIQ_Menus_Plugin {
     public function register_settings() {
         register_setting('cannaiq_menus_settings', 'cannaiq_api_token');
 
-        // Migrate old settings if they exist
+        // MIGRATION: Auto-migrate API tokens from old plugin versions
+        // This runs once - if user had crawlsy or dutchie plugin, their token is preserved
+        // Can be removed in a future major version once all users have migrated
         $old_crawlsy_token = get_option('crawlsy_api_token');
         $old_dutchie_token = get_option('dutchie_api_token');