pos-system/ROADMAP.md

GoodGo Platform — Roadmap & Development Tracker

Last updated: 2026-03-20 Maintained by: CTO & Agents Team Status convention: DONE | IN-PROGRESS | TODO | BLOCKED | SKIPPED

---

I. Platform Overview

Metric	Current (Mar 13)	Phase 3 Target	Launch Target
Services production-ready	15/23	18/23	20/23
Services in-progress	5/23	3/23	2/23
Services scaffold	3/23	2/23	1/23
POS verticals working	2/5 fully, 2 partial	4/5	5/5
Payment methods live	1 (VNPay sandbox)	3 (VNPay, Momo, ZaloPay)	4+
Real-time features	SignalR hubs (KDS, POS, Chat, Mining)	Full POS	Full
Mobile apps	iOS in-progress, MAUI scaffold	iOS v1	iOS + Android
Environments	Local Docker active	Staging live	Production
Test coverage	~15% (IAM CI only)	50%	70%
Docker Compose services	20/23 (4 mkt missing)	23/23	23/23
K8s staging manifests	9/23 services	14/23	20/23
K8s production manifests	10/23 services	14/23	20/23
CI/CD test pipelines	1 (IAM only)	8 core	All

---

II. Microservices Status (Verified from Code Audit 2026-03-13)

Production-Ready (15 services)

#	Service	Port	Controllers	Key Features	DB Tables	Notes
1	iam-service-net	5001	12	OAuth2/RBAC/MFA/2FA/Sessions/Audit/Compliance	22 DbSets	Duende IdentityServer, full CQRS
2	merchant-service-net	5005	10	Shop CRUD/Staff/Attendance/Leave/Subscriptions	8 DbSets	Multi-branch, DDD enumerations
3	order-service-net	5017	3	Order lifecycle/returns/multi-tenant	Owned collections	Shop-level tenant filter
4	catalog-service-net	5016	2	Product/Category CRUD	2+ DbSets	Shop-level tenant filter
5	wallet-service-net	5004	7	Wallet/Points/Payments/Holds	7 DbSets	User-level tenant filter
6	storage-service-net	5002	11	S3/Multipart/Versioning/Sharing/Signed URLs	3+ DbSets	MinIO backend
7	chat-service-net	5010	3	E2E encryption/Conversations/Messages	5 DbSets	SignalR + Redis backplane
8	membership-service-net	5003	3	Members/Levels/StampCards/Experience	4+ DbSets	Loyalty progression
9	booking-service-net	5020	8	Schedules/Slots/Resources/Therapists	4 DbSets	Spa + staff scheduling
10	mining-service-net	5006	4	Mining/Circles/Referrals	3+ DbSets	SignalR hub
11	social-service-net	5009	3	Friends/Follow/Block/Suggestions	2+ DbSets	Relationship management
12	ads-manager-service-net	5011	7	Campaigns/Audiences/Ads/AdSets	4+ DbSets	Full CRUD + admin reports
13	mkt-facebook-service-net	5000*	4	Webhooks/Customers/Conversations/Chatbots	3 DbSets	Facebook Graph API
14	mkt-whatsapp-service-net	5000*	5	Webhooks/Conversations/Accounts	3 DbSets	WhatsApp Business API
15	mkt-zalo-service-net	5000*	4	Webhooks/Conversations/ChatbotRules	3 DbSets	Zalo OA API

*Port 5000 conflict: mkt-facebook, mkt-whatsapp, mkt-zalo, mkt-x all use port 5000. Need unique ports (5021-5024).

In-Progress (5 services)

#	Service	Port	What's Done	Critical Gap	Priority
16	ads-analytics-service-net	5015	6 controllers, metrics/reports structure	Minimal commands, incomplete aggregation	P3
17	ads-billing-service-net	5013	6 controllers, billing/credit/invoice entities	Limited commands (3), no payment processing	P3
18	ads-tracking-service-net	5014	6 controllers, pixel/event/conversion tracking	Basic structure only, no real-time streaming	P3
19	ads-serving-service-net	5012	4 controllers, auction/budget entities	ZERO commands — all read-only	P3
20	mkt-x-service-net	5000*	7 controllers, account/campaign/conversation	Minimal commands (4), business logic incomplete	P3

Scaffold (3 services — CRITICAL GAPS)

#	Service	Port	Domain Model	Commands	Queries	Blocker For
21	inventory-service-net	5018	Complete	1 only	0	Orders, Kitchen deduction, Stock management
22	promotion-service-net	5008	Well-designed	0	0	Marketing campaigns, Vouchers
23	mission-service-net	5000*	Fully modeled	0	0	Gamification, User engagement

CRITICAL: inventory-service has only 1 command handler despite 12+ controller endpoints. promotion-service and mission-service have 0 handlers — controllers reference non-existent logic.

FnB Engine (Special Note)

Service	Port	Status	Controllers	Tests	Notes
fnb-engine-net	5019	PRODUCTION-READY	6+	96	KDS/Sessions/Tables/Recipes/Reservations/BaristaQueue, SignalR hub

MCP Server (AI Integration Layer)

Service	Stack	Status	Tools	Vertical	Notes
goodgo-mcp-server	TypeScript	PRODUCTION-READY	12	Cafe	AI-assisted F&B ops: products CRUD, recipes, inventory, cost analysis, popular items. Routes through Traefik gateway. Audited & hardened (3c43ca5).

---

III. Frontend Apps Status (Verified 2026-03-13)

App	Stack	Status	Pages	Services	Layouts	Locales	Testing
web-client-tpos-net	Blazor WASM + MudBlazor	IN-PROGRESS	141	5	7	441 keys (en/vi)	xUnit + Playwright E2E (8 specs)
web-client-base-net	Blazor WASM + MudBlazor	SCAFFOLD	11	0	1	Basic	xUnit smoke
app-client-base-swift	SwiftUI + Combine	IN-PROGRESS	9	3	2	en/vi	XCTest
app-client-base-net	.NET MAUI	SCAFFOLD	0	0	1	—	xUnit
web-docs	VitePress + Mermaid	SCAFFOLD	0	0	0	—	None

POS Page Breakdown (web-client-tpos-net)

Section	Pages	Status
Auth flows	16	WORKING (login/register/OTP/2FA/verify/reset)
Admin Dashboard	6	WORKING (KPIs, settings, revenue dashboard)
Admin Shop Management	28	MIXED (menu/inventory/staff/attendance WORKING, recipes/kitchen/finance STUB)
Admin Staff/Roles	2	PARTIAL
Admin Stores	3	PARTIAL
Admin Onboarding	6	WORKING (6-step wizard)
Admin System	3	STUB
POS Karaoke	10+	WORKING — Room grid, sessions, F&B ordering
POS Restaurant	13+	WORKING — Table map, dine-in orders, KDS
POS Cafe	10+	IN-PROGRESS — Barista queue, loyalty stamps
POS Spa	9+	PARTIAL — Layout works, appointment logic stub
POS Beauty	8+	STUB — Layout only
POS Retail	5+	IN-PROGRESS — Barcode scan, cart, returns partial
POS Shared (Payment)	17	Cash/Card/QR/Bank/GiftCard/Split/Tip/Receipt
Staff Portal	10	MIXED (dashboard/attendance/leave WORKING, payroll/kitchen STUB)
Marketing	7	ALL STUB
Customer	2	QR menu WORKING

POS Vertical Matrix

Vertical	Desktop	Tablet	Mobile	Order Flow	Payment	Inventory	Real API	Status
Karaoke	DONE	DONE	DONE	DONE	UI-ONLY	DONE	YES	WORKING
Restaurant	DONE	DONE	DONE	DONE	UI-ONLY	DONE	YES	WORKING
Cafe	DONE	DONE	DONE	DONE	UI-ONLY	DONE	PARTIAL	IN-PROGRESS
Spa/Beauty	DONE	DONE	DONE	STUB	STUB	STUB	PARTIAL	PARTIAL
Retail	DONE	DONE	DONE	DONE	UI-ONLY	DONE	PARTIAL	IN-PROGRESS

Frontend Services

Service	Size	Purpose
PosDataService.cs	86KB	Smart 4-format API deserialization, JWT auto-attach, error extraction
AuthService.cs	10KB	Register/login/OTP/2FA/token management via Duende IdentityServer
AuthStateService.cs	1KB	Singleton auth state (token, email, role), role-based portal routing
IamApiService.cs	14KB	IAM endpoints (roles, users, RBAC, MFA, sessions)
MerchantApiService.cs	4KB	Merchant/shop endpoints

---

IV. Infrastructure Status (Verified 2026-03-13)

Docker Compose (Local Development)

Category	Services	Status
Infrastructure	PostgreSQL 16, Redis 7, MinIO, RabbitMQ 3, Traefik v3.3	ALL RUNNING
Backend services	20/23 in docker-compose	4 mkt-* services MISSING
Frontend	web-client-tpos-net (port 3001)	RUNNING
Observability	Prometheus (9090), Grafana (3002), Loki (3100), Promtail	RUNNING

Port Allocation

Port Range	Services
3001	web-client-tpos-net (POS)
3002	Grafana
5001-5020	20 backend microservices
5432	PostgreSQL
6379	Redis
9000-9001	MinIO (API/Console)
5672/15672	RabbitMQ (AMQP/Management)
80/8080	Traefik (HTTP/Dashboard)
9090	Prometheus
3100	Loki

Traefik Routes

Configured	Missing Routes
IAM, Merchant, Order, FnB, Inventory, Wallet, Catalog, Booking, Storage	Chat, Social, Mining, Mission, Promotion, Membership, All 5 Ads services

Kubernetes Deployment

Environment	Services Deployed	Missing
Staging	9 (IAM, Merchant, Order, FnB, Inventory, Wallet, Catalog, Storage, POS-Web)	Booking*, Chat, Social, Mining, Mission, Promotion, Membership, 5 Ads
Production	10 (same as staging + Booking)	Chat, Social, Mining, Mission, Promotion, Membership, 5 Ads

*Note: booking-service is in production K8s but NOT staging — inconsistency to fix.

CI/CD Pipelines

Workflow	Trigger	Services Covered
pr-checks.yml	PR opened	Frontend only (lint, typecheck, build)
ci-iam-service.yml	Changes to IAM	IAM only (build + test)
ci-web.yml	Changes to frontend	POS app (Playwright E2E)
ci-mobile.yml	Changes to mobile	MAUI + Swift builds
docker-build.yml	Push to main/develop	9 services (IAM, Merchant, Order, FnB, Inventory, Wallet, Catalog, Storage, POS-Web)
deploy-staging.yml	Push to develop	Same 9 services
deploy-production.yml	Push to main	Same 9 + approval required

Gap: Only IAM has CI test pipeline. 17 other .NET services have NO automated tests in CI.

Databases (24 PostgreSQL databases)

Connection	Databases	Notes
Local Docker (postgres-local)	24	User: goodgo, all created via init-databases.sh
Neon Cloud (staging/prod)	24	Shared credentials across all services (security concern)

---

V. Database Architecture (Verified 2026-03-13)

Multi-Tenant Patterns

Pattern	Services	Tenant Key	Implementation
Shop-level	Order, Inventory, Catalog, FnB, Merchant	shop_id	EF Core global query filter + PostgreSQL RLS
User-level	Wallet	user_id	EF Core global query filter
No filter	IAM, Chat, Social, Booking, Storage, Mining, Mission	N/A	Explicit query scoping
Shared resources	FnB (Recipes only)	N/A	No tenant filter on recipes

Key Schema Patterns

• Entity pattern: Private fields + public getters, behavior methods, domain events
• DbContext: Implements IUnitOfWork, dispatches domain events before SaveChanges
• Column naming: snake_case via FluentAPI
• Enumerations: DDD pattern (Enumeration class), seeded via migrations
• Owned entities: ContactInfo, Address, GeoLocation (stored in parent table)
• Owned collections: OrderItems, InventoryTransactions (separate tables)
• JSONB: ShopFeatures (flexible per-vertical config)

---

VI. Critical Gaps & Priority Tracker

P0 — Must Fix (Blocking Core Features)

#	Gap	Status	Impact	Action Required
1	Inventory Service — 1/12 handlers	TODO	Orders, Kitchen deduction, Stock management ALL broken	Implement all command/query handlers
2	Promotion Service — 0 handlers	TODO	Vouchers, campaigns, discounts non-functional	Implement CreateCampaign, RedeemVoucher, etc.
3	Payment Gateway — Momo	TODO	Only VNPay sandbox available	Add MomoGateway in wallet-service
4	Payment UI → Real Gateway	TODO	Cash/Card/QR buttons are UI-only	Wire payment components to wallet-service API
5	CI test pipelines	TODO	Only IAM tested in CI; 17 services untested	Create ci-{service}.yml for core services
6	4 mkt- services not in Docker*	TODO	Cannot run locally	Add to docker-compose.yml with unique ports

P1 — Required for Launch

#	Gap	Status	Impact	Action Required
7	Mission Service — 0 handlers	TODO	Gamification, daily check-ins non-functional	Implement commands/queries
8	Missing Traefik routes (13 services)	TODO	API calls don't route through gateway	Add routes in routes.yml
9	Booking-service K8s inconsistency	TODO	In prod but not staging	Add staging manifest
10	Port 5000 conflict (4 mkt services)	TODO	Docker Compose will fail	Assign ports 5021-5024
11	Staging deployment	TODO	Not yet live	Deploy to api.staging.goodgo.vn
12	Load testing	TODO	Unknown capacity	100 concurrent users test
13	SignalR sticky session for order hub	TODO	WebSocket may break in K8s	Add session affinity

P2 — Enhancement

#	Gap	Status	Impact
14	Ads serving — 0 commands	TODO	Ad auction/delivery non-functional
15	Ads analytics — minimal queries	TODO	No real analytics aggregation
16	Staff Payroll (frontend)	TODO	Salary page is stub
17	Marketing section (7 pages)	TODO	All stubs — CRM, Chatbot, Analytics
18	Beauty vertical	TODO	Layout only, no real data
19	web-client-base-net	TODO	Enterprise portal is scaffold
20	web-docs	TODO	Documentation site empty
21	Neon shared credentials	TODO	All services share same DB password
22	PostgreSQL RLS backup	TODO	App-level filters only, no DB-level RLS policies on all tables

---

VII. Phase Roadmap

Phase 1-2: COMPLETED (Week 1-8) — See "Recently Completed" section

Phase 3: Growth Features (Current — Week 9-12)

Goal: Complete core gaps, marketing integration, mobile apps

Week 9-10: Core Completion

Task	Agent	Status	Priority
Inventory service — implement all handlers	Senior Backend	TODO	P0
Promotion service — implement all handlers	Senior Backend	TODO	P0
Mission service — implement all handlers	Senior Backend	TODO	P1
Momo payment gateway	Senior Backend	TODO	P0
Wire payment UI to real gateway	Senior Frontend	TODO	P0
Add mkt-* services to Docker (ports 5021-5024)	DevOps	TODO	P0
CI pipelines for 8 core services	DevOps	TODO	P0
Add 13 missing Traefik routes	DevOps	TODO	P1
Fix booking-service K8s staging manifest	DevOps	TODO	P1

Week 10-11: Marketing & Mobile

Task	Agent	Status	Priority
Zalo OA integration (wire to real API)	Senior Backend	TODO	P2
Facebook Messenger integration	Senior Backend	TODO	P2
CRM dashboard (segments, campaigns)	Senior Frontend	TODO	P2
iOS app v1 — complete explore/profile	Senior Mobile (Swift)	TODO	P2
WhatsApp integration	Senior Backend	TODO	P2

Week 11-12: Deployment & Testing

Task	Agent	Status	Priority
Staging K8s deployment (all services)	DevOps	TODO	P1
Load testing (100 concurrent)	QA + DevOps	TODO	P1
Full regression testing	QA	TODO	P1
Ads serving + billing completion	Senior Backend	TODO	P3
CDN + edge caching	DevOps	TODO	P3
Production deployment	CTO + All	TODO	P1

---

VIII. Architecture Decisions Log

Date	Decision	Rationale	Status
2026-03-20	MCP Server as external AI integration layer (TypeScript, not .NET)	Lightweight tooling for AI assistants, Cafe vertical first, routes through Traefik gateway	ACTIVE
2026-03-13	Staff schedule via booking-service (not merchant-service)	Booking owns all scheduling/appointment logic	ACTIVE
2026-03-13	Role enrichment on frontend (not BFF)	Staff role comes from merchant-service, schedule from booking-service — join on client	ACTIVE
2026-03-06	IPaymentGateway in Domain, implementations in Infrastructure	Multiple gateways via same interface	ACTIVE
2026-03-06	PosHub in order-service (not separate service)	Order lifecycle owns real-time notifications	ACTIVE
2026-03-06	Kitchen→Inventory via HTTP + Polly (not message queue)	Simpler, sufficient for MVP, direct await	ACTIVE
2026-03-06	Subscription stored in Merchant aggregate	Simple, no separate service needed for MVP	ACTIVE
2026-03-05	BFF pattern for frontend-backend proxy	Single entry point, auth forwarding, response normalization	ACTIVE
2026-03-05	Neon PostgreSQL for staging/prod	Serverless, auto-scaling	ACTIVE
—	Clean Architecture + CQRS + MediatR pipeline	Separation of concerns, testability	ACTIVE
—	Multi-tenant via EF Core global query filters	Shop-level (most), User-level (wallet), None (shared)	ACTIVE
—	Bilingual docs (EN + VI)	Team accessibility	ACTIVE
—	Role-suffixed localStorage keys (aPOS_token_{role})	Prevent admin/staff token conflict	ACTIVE
—	Smart 4-format deserialization in PosDataService	Handle diverse API response formats	ACTIVE

---

IX. Environment & Access

Environment	URL	Database	Status
Local Docker	localhost:3001 (POS), :5001-:5020 (services)	PostgreSQL local container (user: goodgo)	ACTIVE
Staging	api.staging.goodgo.vn	Neon PostgreSQL	TODO
Production	goodgo.vn / admin.goodgo.vn	Neon PostgreSQL	TODO

Test Accounts

Security note: Credentials are NOT stored in this file. See .env.local (local dev) or request access via the team password manager. Set up local test accounts by running scripts/db/seed.sh after starting the stack.

Role	Email format	Source
Admin/Owner	See .env.local → TEST_ADMIN_EMAIL	scripts/db/seed.sh
Staff/Cashier	See .env.local → TEST_STAFF_EMAIL	scripts/db/seed.sh
Staff/Waiter	See .env.local → TEST_STAFF_EMAIL_2	scripts/db/seed.sh
Staff/Kitchen	See .env.local → TEST_STAFF_EMAIL_3	scripts/db/seed.sh
Staff/Manager	See .env.local → TEST_STAFF_EMAIL_4	scripts/db/seed.sh

Key IDs

Entity	ID	Notes
Merchant	5ec21f06-3ba8-4c57-ada5-8423cd5fd4d2	Main test merchant
Shop (Cobic Coffee)	e1f392af-fe95-4c7f-8656-5b74ad5fd0a9	Cafe vertical
Staff (Trần Văn Bình)	fb236199-5dc3-45af-923f-270323a95fc6	Cashier role

---

X. Recently Completed

2026-03-20 (MCP Server, Shop Lifecycle, Onboarding Redesign)

Task	Details
GoodGo MCP Server — AI-assisted F&B operations	TypeScript MCP server with 12 tools (list/create/update/delete products, recipes, inventory check, low stock alerts, cost analysis, popular items). Cafe vertical. Commits: b7a194f, 20cf878, 3c43ca5
MCP Server audit & fixes	Fixed 4 critical + 8 high severity issues: corrected API routing through Traefik gateway, input validation, error handling, auth token flow (3c43ca5)
Shop lifecycle management UI	Admin UI for deactivating & closing shops with confirmation dialogs and status transitions (6263eeb)
POS settings role-based navigation	Settings button now navigates by role — staff to /staff, admin to /admin (659e8e0)
Onboarding wizard redesign	Inline step progress indicator, improved layout and UX for 6-step onboarding flow (ca022de)

2026-03-13 (Schedule Module Fix)

Task	Details
Staff Schedule — rewrite from hardcoded to real API	StaffSchedule.razor: profile → shop schedules → filter by staffId
Admin Schedule — role display fix	VAI TRÒ column: enriched from merchant staff data instead of "—"
Admin Schedule — time format fix	FormatTime() strips seconds (08:00:00 → 08:00)
Full CRUD verified on Chrome	Create/Read/Delete schedule entries via Admin UI, real-time sync to Staff view
PostgreSQL local verified	booking_service DB, staff_schedules table, 5 records for test staff

2026-03-06 (Phase 2 Close-out)

Task	Details
Multi-branch Shop Management	SetDefaultShop, TransferShop, GetMerchantShops paginated
Revenue Dashboard UI	MudChart line/donut/bar, 4 KPI cards, growth %
Staff Performance UI	Sortable MudTable, color-coded completion, CSV export
Customer QR Menu	Public page /menu/{ShopId}, mobile-first
Responsive POS Layout	Collapsible sidebar, slide-out drawer, ResponsiveOrderPanel
Production K8s	8 services (3 replicas, HPA), Redis PVC, ingress
Observability Stack	Prometheus (11 targets, 7 alerts), Grafana (10-panel dashboard), Loki + Promtail
Spa/Booking Backend	Therapist CRUD, Appointment scheduling, Staff schedules
Retail Backend	Barcode lookup, Stock check, Return/Exchange commands
Cafe Backend	StampCard aggregate, BaristaQueue (5-status workflow)
E2E Playwright Tests	8 spec files, ~39 test cases

2026-03-06 (Phase 1 Close-out)

Task	Details
VNPay Payment Gateway	IPaymentGateway + VnPayGateway (HMAC-SHA512, sandbox)
SignalR POS Hub	Strongly-typed, 3 groups, Redis backplane, MessagePack
Kitchen→Inventory Deduction	Domain event → HTTP + Polly retry + circuit breaker
Row-Level Security (5 services)	EF Core filters + PostgreSQL RLS, defense-in-depth
FnB Engine Tests (96)	57 domain + 39 handler tests
Order Integration Tests (29)	Full lifecycle, WebApplicationFactory
Staging K8s (16 manifests)	8 services + Redis + POS, HPA, CI/CD
Subscription System	4 plans (Starter→Enterprise), merchant API + dynamic UI
Code Review (75 issues fixed)	Security, EF Config, fire-and-forget, SQL injection, etc.

---

XI. Service Deployment Matrix

Service	Docker	Traefik	K8s Staging	K8s Prod	CI Tests	Docker Build
iam-service-net	Y	Y	Y	Y	Y	Y
merchant-service-net	Y	Y	Y	Y	-	Y
order-service-net	Y	Y	Y	Y	-	Y
fnb-engine-net	Y	Y	Y	Y	-	Y
inventory-service-net	Y	Y	Y	Y	-	Y
wallet-service-net	Y	Y	Y	Y	-	Y
catalog-service-net	Y	Y	Y	Y	-	Y
storage-service-net	Y	Y	Y	Y	-	Y
booking-service-net	Y	Y*	-	Y	-	-
chat-service-net	Y	-	-	-	-	-
social-service-net	Y	-	-	-	-	-
mining-service-net	Y	-	-	-	-	-
mission-service-net	Y	-	-	-	-	-
promotion-service-net	Y	-	-	-	-	-
membership-service-net	Y	-	-	-	-	-
ads-manager-service-net	Y	-	-	-	-	-
ads-serving-service-net	Y	-	-	-	-	-
ads-billing-service-net	Y	-	-	-	-	-
ads-tracking-service-net	Y	-	-	-	-	-
ads-analytics-service-net	Y	-	-	-	-	-
mkt-facebook-service-net	-	-	-	-	-	-
mkt-whatsapp-service-net	-	-	-	-	-	-
mkt-x-service-net	-	-	-	-	-	-
mkt-zalo-service-net	-	-	-	-	-	-

Legend: Y = Configured, - = Missing, Y* = Partial (has /api/v1/bookings but missing /api/v1/schedules)

---

XII. How to Update This File

1. When starting a task: Change status to IN-PROGRESS
2. When completing: Change to DONE and add to "Recently Completed"
3. When blocked: Change to BLOCKED and add note
4. Weekly: CTO reviews and reprioritizes
5. After each sprint: Update metrics in Section I
6. After code changes: Verify actual service status from code, not from this doc

Agent Workflow

CTO → Analyze requirement → Update ROADMAP.md with new tasks
Tech Lead → Breakdown tasks → Assign to agents
Backend Dev → Implement → Update status to DONE
Frontend Dev → Implement → Update status to DONE
QA → Test → Report issues or confirm DONE
DevOps → Deploy → Update environment status
CTO → Review → Move to "Recently Completed"

---

This file is the single source of truth for GoodGo Platform development progress. All agents should consult this file before starting work and update it after completing tasks. Last full audit: 2026-03-13 (4 parallel agents: backend, frontend, infrastructure, database) Last incremental update: 2026-03-20 (MCP server, shop lifecycle, onboarding redesign, POS nav fix)