Release v1.0.1 (#333)

* feat(mobile): improve dashboard, leaderboard & AI helper UX for touch devices

  - Add touch drag support for AI helper modal and explained terms reorder
  - Position explain button below selected word on mobile
  - Show delete/restore buttons always visible on mobile (no hover)
  - Add user avatar to dashboard profile card (same as leaderboard)
  - Fix leaderboard page layout
  - Fix Tailwind v4 canonical class warnings

* Added touchcancel listener

* (SP: 2) [Frontend] Quiz results dashboard, review cache fix, UX improvements (#317)

* (SP: 3) [Backend] add internal janitor (jobs 1-4), claim/lease + runbook (G0-G6) (#318)

* (SP: 2) [Frontend] Redesign Home Hero & Add Features Section (#319)

* refactor(home): rename hero sections and add complete i18n support

- Rename LegacyHeroSection → WelcomeHeroSection
- Rename HeroSection → FeaturesHeroSection
- Add welcomeDescription translation key to eliminate duplication
- Translate all hardcoded text (headings, badges, CTAs)
- Improve Ukrainian/Polish translations for better readability
- Remove unused legacy components and images

* feat(about): update LinkedIn follower count to reflect current stat (1.5k+)

* refactor(home): implement i18n for FlipCardQA & fix memory leaks

* fix(home): resolve rotateY conflict & scope keyboard events in FlipCardQA

* fix(home): resolve all issues

* chore(home): cleanup comments, remove dead code & fix trailing spaces

* (SP: 2) [Frontend] Quiz UX improvements: violations counter, breadcrumbs, status badges (#320)

* feat(quiz): add guest warning before start and bot protection

Guest warning: show login/signup/continue buttons for unauthenticated
users on quiz rules screen before starting.

Bot protection: multi-attempt verification via Redis - each question
can only be verified once per user per attempt. Keys use dynamic TTL
matching quiz time limit and are cleared on retake.

Additional fixes:
- Footer flash on quiz navigation (added loading.tsx, eliminated redirect)
- Renamed QaLoader to Loader for reuse across pages
- React compiler purity errors (crypto.getRandomValues in handlers)
- Start button disabled after retake (isStarting not reset)

* refactor(quiz): PR review feedback

- Extract shared resolveRequestIdentifier() helper to eliminate
  duplicated auth/IP resolution logic in route.ts and actions/quiz.ts
- Return null instead of 'unknown' when identifier unresolvable,
  skip verification tracking for unidentifiable users
- Cap Redis TTL with MAX_TTL (3600s) to prevent client-supplied
  timeLimitSeconds from persisting keys indefinitely
- Add locale prefix to returnTo paths in guest warning links
- Replace nested Button inside Link with styled Link to fix
  invalid HTML (interactive element nesting)

* fix(quiz): fall through to IP when auth cookie is expired/invalid

* feat(quiz): add quiz results dashboard and review page

- Add quiz history section to dashboard with last attempt per quiz
- Add review page showing incorrect questions with explanations
- Add collapsible cards with expand/collapse all toggle
- Add "Review Mistakes" button on quiz result screen
- Add category icons to quiz page and review page headers
- Add BookOpen icon to explanation block in QuizQuestion
- Update guest message to mention error review benefit
- Add i18n translations (en/uk/pl) for all new features

* fix(quiz): scroll to next button on answer reveal, scope review cache by userId

* fix(quiz): restore type imports and userId cache key after merge conflict

* fix: restore type imports, sync @swc/helpers, fix indentation after merge

* feat(quiz): add violations counter UI, fix disqualification threshold

- Add ViolationsCounter component with color escalation (green/yellow/red)
- Sticky top bar keeps counter visible on scroll (mobile/tablet)
- Add i18n counter keys for en/uk/pl with ICU plural forms
- Fix threshold bug: violations warning now triggers at 4+ (was 3+)
  to match actual integrity score calculation (100 - violations * 10 < 70)

* fix(quiz): fix points mismatch between leaderboard and dashboard

Dashboard showed raw pointsEarned from last quiz_attempt, while
leaderboard summed improvement deltas from point_transactions.
Additionally, orphaned transactions from re-seeded quizzes inflated
leaderboard totals (12 rows, 83 ghost points cleaned up in DB).

- Dashboard query now joins point_transactions to show actual awarded
  points per quiz instead of raw attempt score
- Leaderboard query filters out orphaned transactions where the
  source attempt no longer exists in quiz_attempts

* OBfix(quiz): fix points mismatch, consistent status badges, mobile UX

Dashboard showed raw pointsEarned from last attempt while leaderboard
summed improvement deltas from point_transactions. Orphaned transactions
from re-seeded quizzes inflated leaderboard totals (cleaned up in DB).

- Dashboard query joins point_transactions for actual awarded points
- Leaderboard query filters orphaned transactions (source_id not in quiz_attempts)
- Quiz cards use 3-level badges (Mastered/Review/Study) matching dashboard
- Mobile quiz results show dash for zero points, added chevron indicator

* fix(quiz): add breadcrumbs to review page, fix recommendation tautology

* Header UX polish, quiz highlight fix, Blog button styling, shop i18n product    descriptions (#322)

* Header UX: reorder languages, swap controls, fix quiz highlight, style Blog button

* shop i18n product descriptions

* (SP: 1) [Frontend] Q&A: Next.js tab states + faster loader start (#324)

* fix(qa): align Next.js tab states and speed up loader startup

* feat(home,qa): improve home snap flow and add configurable Q&A page size

* fix(i18n,qa,seed): address review issues for locale handling and pagination state

* (SP: 1) [Frontend] Align quiz result messages with status badges, fix locale switch on result page (#325)

* feat(quiz): add guest warning before start and bot protection

Guest warning: show login/signup/continue buttons for unauthenticated
users on quiz rules screen before starting.

Bot protection: multi-attempt verification via Redis - each question
can only be verified once per user per attempt. Keys use dynamic TTL
matching quiz time limit and are cleared on retake.

Additional fixes:
- Footer flash on quiz navigation (added loading.tsx, eliminated redirect)
- Renamed QaLoader to Loader for reuse across pages
- React compiler purity errors (crypto.getRandomValues in handlers)
- Start button disabled after retake (isStarting not reset)

* refactor(quiz): PR review feedback

- Extract shared resolveRequestIdentifier() helper to eliminate
  duplicated auth/IP resolution logic in route.ts and actions/quiz.ts
- Return null instead of 'unknown' when identifier unresolvable,
  skip verification tracking for unidentifiable users
- Cap Redis TTL with MAX_TTL (3600s) to prevent client-supplied
  timeLimitSeconds from persisting keys indefinitely
- Add locale prefix to returnTo paths in guest warning links
- Replace nested Button inside Link with styled Link to fix
  invalid HTML (interactive element nesting)

* fix(quiz): fall through to IP when auth cookie is expired/invalid

* feat(quiz): add quiz results dashboard and review page

- Add quiz history section to dashboard with last attempt per quiz
- Add review page showing incorrect questions with explanations
- Add collapsible cards with expand/collapse all toggle
- Add "Review Mistakes" button on quiz result screen
- Add category icons to quiz page and review page headers
- Add BookOpen icon to explanation block in QuizQuestion
- Update guest message to mention error review benefit
- Add i18n translations (en/uk/pl) for all new features

* fix(quiz): scroll to next button on answer reveal, scope review cache by userId

* fix(quiz): restore type imports and userId cache key after merge conflict

* fix: restore type imports, sync @swc/helpers, fix indentation after merge

* feat(quiz): add violations counter UI, fix disqualification threshold

- Add ViolationsCounter component with color escalation (green/yellow/red)
- Sticky top bar keeps counter visible on scroll (mobile/tablet)
- Add i18n counter keys for en/uk/pl with ICU plural forms
- Fix threshold bug: violations warning now triggers at 4+ (was 3+)
  to match actual integrity score calculation (100 - violations * 10 < 70)

* fix(quiz): fix points mismatch between leaderboard and dashboard

Dashboard showed raw pointsEarned from last quiz_attempt, while
leaderboard summed improvement deltas from point_transactions.
Additionally, orphaned transactions from re-seeded quizzes inflated
leaderboard totals (12 rows, 83 ghost points cleaned up in DB).

- Dashboard query now joins point_transactions to show actual awarded
  points per quiz instead of raw attempt score
- Leaderboard query filters out orphaned transactions where the
  source attempt no longer exists in quiz_attempts

* OBfix(quiz): fix points mismatch, consistent status badges, mobile UX

Dashboard showed raw pointsEarned from last attempt while leaderboard
summed improvement deltas from point_transactions. Orphaned transactions
from re-seeded quizzes inflated leaderboard totals (cleaned up in DB).

- Dashboard query joins point_transactions for actual awarded points
- Leaderboard query filters orphaned transactions (source_id not in quiz_attempts)
- Quiz cards use 3-level badges (Mastered/Review/Study) matching dashboard
- Mobile quiz results show dash for zero points, added chevron indicator

* fix(quiz): add breadcrumbs to review page, fix recommendation tautology

* fix(quiz): align result messages with status badges, persist result on locale switch

* chore(release): v1.0.0

* feat(jpg): add images for shop

* (SP: 3) [Shop][Monobank] Janitor map + internal janitor endpoint stub + status UX + security/obs + J test gate (#328)

* (SP: 3) [Backend] add internal janitor (jobs 1-4), claim/lease + runbook (G0-G6)

* (SP: 3) [Backend] add provider selector, fix payments gating, i18n checkout errors

* Add shop category images to public

* (SP: 3) [Shop][Monobank] I1 structured logging: codes + logging safety checks

* (SP: 3) [Shop][Monobank] Fail-closed non-browser origin posture for webhook + janitor (ORIGIN_BLOCKED)

* (SP: 3) [Shop][Monobank] [Shop][Monobank] J gate: add orders status ownership test and pass all pre-prod invariants

* (SP: 3) [Shop][Monobank]  review fixes (tests, logging, success UI)

* (SP: 1) [Shop][Monobank] Tighten webhook log-code typing; harden DB tests; minor security/log/UI cleanups

* (SP: 1) [Shop][Monobank] harden Monobank webhook (origin/PII-safe logs) and remove duplicate sha256 hashing

* (SP:2) [Frontend] Fix duplicated Q&A items after content updates (#330)

* fix(qa): prevent duplicate questions and improve cache invalidation

* fix(qa): keep pagination totals consistent after deduplication

* (SP: 1) [Frontend] Integrate online users counter popup and fix header (#331)

* feat(home): add online users counter + fix header breakpoint

* deleted scrollY in OnlineCounterPopup

* fixed fetch in OnlineCounterPopup

* Bug/fix qa (#332)

* fix(qa): prevent duplicate questions and improve cache invalidation

* fix(qa): keep pagination totals consistent after deduplication

* fix(qa): paginate by unique questions and bump cache namespace

* chore(release): v1.0.1

---------

Co-authored-by: tetiana zorii <tanyusha.zoriy@gmail.com>
Co-authored-by: Lesia Soloviova <106915140+LesiaUKR@users.noreply.github.com>
Co-authored-by: liudmylasovetovs <127711697+liudmylasovetovs@users.noreply.github.com>
Co-authored-by: Yevhenii Datsenko <134847096+yevheniidatsenko@users.noreply.github.com>
Co-authored-by: Tetiana Zorii <131365289+TiZorii@users.noreply.github.com>
Co-authored-by: Yuliia Nazymko <122815071+YNazymko12@users.noreply.github.com>

Author: 6 people

CHANGELOG.md

@@ -579,3 +579,48 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
 - Redis caching for quiz questions and review data
 - Environment configuration cleanup and standardization
 - Improved build stability and dependency management
+
+## [1.0.1] - 2026-02-15
+
+### Added
+
+- Shop / Payments reliability improvements:
+  - Monobank janitor map documentation as a source of truth
+  - Internal Monobank janitor endpoint scaffold with strict auth and rate-limit guards
+  - Post-redirect payment status UX with secure `/status` polling (no-store)
+- Homepage engagement:
+  - Online users counter popup integrated into Hero section
+  - Single fetch per visit to reduce Neon usage
+
+### Changed
+
+- Header responsiveness:
+  - Desktop breakpoint adjusted from 1024px to 1050px
+  - Reduced glow/shimmer intensity in light theme
+- Navigation and layout polish:
+  - Improved loader positioning to avoid overlap with navigation
+  - Optimized counter positioning logic
+
+### Fixed
+
+- Q&A data integrity:
+  - Fixed duplicated questions in API responses
+  - Added Redis cache versioning (`qa:v2:*`)
+  - Implemented automatic deduplication and cache rewrite on inconsistent data
+  - Improved pagination total count accuracy
+- Cache stability:
+  - Added TTL for Q&A cache
+  - Automatic cache invalidation after content seeding
+- Header layout issues after counter integration
+
+### Security
+
+- Hardened Monobank flows:
+  - Stronger origin checks and structured logging without PII
+  - Ownership protection for `/orders/[id]/status` (IDOR prevention)
+  - Pre-production test gate improvements
+
+### Infrastructure
+
+- Improved Redis cache reliability for Q&A
+- Extended automated tests for caching and payment flows

frontend/app/[locale]/shop/cart/CartPageClient.tsx

@@ -4,7 +4,7 @@ import { Loader2, Minus, Plus, ShoppingBag, Trash2 } from 'lucide-react';
 import Image from 'next/image';
 import { useParams } from 'next/navigation';
 import { useTranslations } from 'next-intl';
-import { useState } from 'react';
+import { useEffect, useState } from 'react';
 
 import { useCart } from '@/components/shop/CartProvider';
 import { Link, useRouter } from '@/i18n/routing';
@@ -54,18 +54,61 @@ const SHOP_HERO_CTA = cn(
   'shadow-[var(--shop-hero-btn-shadow)] hover:shadow-[var(--shop-hero-btn-shadow-hover)]'
 );
 
-export default function CartPage() {
+type Props = {
+  stripeEnabled: boolean;
+  monobankEnabled: boolean;
+};
+
+type CheckoutProvider = 'stripe' | 'monobank';
+
+function resolveInitialProvider(args: {
+  stripeEnabled: boolean;
+  monobankEnabled: boolean;
+  currency: string | null | undefined;
+}): CheckoutProvider {
+  const isUah = args.currency === 'UAH';
+  const canUseStripe = args.stripeEnabled;
+  const canUseMonobank = args.monobankEnabled && isUah;
+
+  if (canUseStripe) return 'stripe';
+  if (canUseMonobank) return 'monobank';
+  return 'stripe';
+}
+
+export default function CartPage({ stripeEnabled, monobankEnabled }: Props) {
   const { cart, updateQuantity, removeFromCart } = useCart();
   const router = useRouter();
   const t = useTranslations('shop.cart');
   const tColors = useTranslations('shop.catalog.colors');
   const [isCheckingOut, setIsCheckingOut] = useState(false);
   const [checkoutError, setCheckoutError] = useState<string | null>(null);
   const [createdOrderId, setCreatedOrderId] = useState<string | null>(null);
+  const [selectedProvider, setSelectedProvider] = useState<CheckoutProvider>(
+    () =>
+      resolveInitialProvider({
+        stripeEnabled,
+        monobankEnabled,
+        currency: cart?.summary?.currency,
+      })
+  );
 
   const params = useParams<{ locale?: string }>();
   const locale = params.locale ?? 'en';
   const shopBase = '/shop';
+  const isUahCheckout = cart.summary.currency === 'UAH';
+  const canUseStripe = stripeEnabled;
+  const canUseMonobank = monobankEnabled && isUahCheckout;
+  const hasSelectableProvider = canUseStripe || canUseMonobank;
+
+  useEffect(() => {
+    if (selectedProvider === 'stripe' && !canUseStripe && canUseMonobank) {
+      setSelectedProvider('monobank');
+      return;
+    }
+    if (selectedProvider === 'monobank' && !canUseMonobank && canUseStripe) {
+      setSelectedProvider('stripe');
+    }
+  }, [canUseMonobank, canUseStripe, selectedProvider]);
 
   const translateColor = (color: string | null | undefined): string | null => {
     if (!color) return null;
@@ -78,6 +121,23 @@ export default function CartPage() {
   };
 
   async function handleCheckout() {
+    if (!hasSelectableProvider) {
+      setCheckoutError(t('checkout.paymentMethod.noAvailable'));
+      return;
+    }
+    if (selectedProvider === 'stripe' && !canUseStripe) {
+      setCheckoutError(t('checkout.paymentMethod.noAvailable'));
+      return;
+    }
+    if (selectedProvider === 'monobank' && !canUseMonobank) {
+      setCheckoutError(
+        monobankEnabled
+          ? t('checkout.paymentMethod.monobankUahOnlyHint')
+          : t('checkout.paymentMethod.monobankUnavailable')
+      );
+      return;
+    }
+
     setCheckoutError(null);
     setCreatedOrderId(null);
     setIsCheckingOut(true);
@@ -92,6 +152,7 @@ export default function CartPage() {
           'Idempotency-Key': idempotencyKey,
         },
         body: JSON.stringify({
+          paymentProvider: selectedProvider,
           items: cart.items.map(item => ({
             productId: item.productId,
             quantity: item.quantity,
@@ -109,13 +170,13 @@ export default function CartPage() {
             ? data.message
             : typeof data?.error === 'string'
               ? data.error
-              : 'Unable to start checkout right now.';
+              : t('checkout.errors.startFailed');
         setCheckoutError(message);
         return;
       }
 
       if (!data?.orderId) {
-        setCheckoutError('Unexpected checkout response.');
+        setCheckoutError(t('checkout.errors.unexpectedResponse'));
         return;
       }
 
@@ -125,6 +186,10 @@ export default function CartPage() {
         data.clientSecret.trim().length > 0
           ? data.clientSecret
           : null;
+      const monobankPageUrl: string | null =
+        typeof data.pageUrl === 'string' && data.pageUrl.trim().length > 0
+          ? data.pageUrl
+          : null;
 
       const orderId = String(data.orderId);
       setCreatedOrderId(orderId);
@@ -137,6 +202,14 @@ export default function CartPage() {
         );
         return;
       }
+      if (paymentProvider === 'monobank' && monobankPageUrl) {
+        window.location.assign(monobankPageUrl);
+        return;
+      }
+      if (paymentProvider === 'monobank' && !monobankPageUrl) {
+        setCheckoutError(t('checkout.errors.unexpectedResponse'));
+        return;
+      }
 
       const paymentsDisabledFlag =
         paymentProvider !== 'stripe' || !clientSecret
@@ -149,7 +222,7 @@ export default function CartPage() {
         )}&clearCart=1${paymentsDisabledFlag}`
       );
     } catch {
-      setCheckoutError('Unable to start checkout right now.');
+      setCheckoutError(t('checkout.errors.startFailed'));
     } finally {
       setIsCheckingOut(false);
     }
@@ -385,11 +458,69 @@ export default function CartPage() {
             </div>
           </div>
 
+          <fieldset className="border-border mt-6 rounded-md border p-4">
+            <legend className="text-foreground px-1 text-sm font-semibold">
+              {t('checkout.paymentMethod.label')}
+            </legend>
+
+            <div className="mt-3 space-y-2">
+              {canUseStripe ? (
+                <label className="border-border flex cursor-pointer items-center gap-2 rounded-md border px-3 py-2">
+                  <input
+                    type="radio"
+                    name="payment-provider"
+                    value="stripe"
+                    checked={selectedProvider === 'stripe'}
+                    onChange={() => setSelectedProvider('stripe')}
+                    className="h-4 w-4"
+                  />
+                  <span className="text-sm font-medium">
+                    {t('checkout.paymentMethod.stripe')}
+                  </span>
+                </label>
+              ) : null}
+
+              <label
+                className={cn(
+                  'border-border flex items-center gap-2 rounded-md border px-3 py-2',
+                  canUseMonobank ? 'cursor-pointer' : 'opacity-60'
+                )}
+              >
+                <input
+                  type="radio"
+                  name="payment-provider"
+                  value="monobank"
+                  checked={selectedProvider === 'monobank'}
+                  onChange={() => setSelectedProvider('monobank')}
+                  disabled={!canUseMonobank}
+                  className="h-4 w-4"
+                />
+                <span className="text-sm font-medium">
+                  {t('checkout.paymentMethod.monobank')}
+                </span>
+              </label>
+
+              {!canUseMonobank ? (
+                <p className="text-muted-foreground text-xs">
+                  {monobankEnabled
+                    ? t('checkout.paymentMethod.monobankUahOnlyHint')
+                    : t('checkout.paymentMethod.monobankUnavailable')}
+                </p>
+              ) : null}
+
+              {!hasSelectableProvider ? (
+                <p className="text-destructive text-xs" role="status">
+                  {t('checkout.paymentMethod.noAvailable')}
+                </p>
+              ) : null}
+            </div>
+          </fieldset>
+
           <div className="mt-6 space-y-3">
             <button
               type="button"
               onClick={handleCheckout}
-              disabled={isCheckingOut}
+              disabled={isCheckingOut || !hasSelectableProvider}
               className={SHOP_HERO_CTA}
               aria-busy={isCheckingOut}
             >

frontend/app/[locale]/shop/cart/page.tsx

@@ -1,12 +1,43 @@
 import type { Metadata } from 'next';
 
+import { isMonobankEnabled } from '@/lib/env/monobank';
+
 import CartPageClient from './CartPageClient';
 
 export const metadata: Metadata = {
   title: 'Cart | DevLovers',
   description: 'Review items in your cart and proceed to checkout.',
 };
 
+function isFlagEnabled(value: string | undefined): boolean {
+  return (value ?? '').trim() === 'true';
+}
+
+function resolveStripeCheckoutEnabled(): boolean {
+  const paymentsEnabled = isFlagEnabled(process.env.PAYMENTS_ENABLED);
+  const stripeFlag = (process.env.STRIPE_PAYMENTS_ENABLED ?? '').trim();
+
+  return (
+    paymentsEnabled && (stripeFlag.length > 0 ? stripeFlag === 'true' : true)
+  );
+}
+
+function resolveMonobankCheckoutEnabled(): boolean {
+  const paymentsEnabled = isFlagEnabled(process.env.PAYMENTS_ENABLED);
+  if (!paymentsEnabled) return false;
+
+  try {
+    return isMonobankEnabled();
+  } catch {
+    return false;
+  }
+}
+
 export default function CartPage() {
-  return <CartPageClient />;
+  return (
+    <CartPageClient
+      stripeEnabled={resolveStripeCheckoutEnabled()}
+      monobankEnabled={resolveMonobankCheckoutEnabled()}
+    />
+  );
 }