diff --git a/app/Modules/Auth/AuthController.php b/app/Modules/Auth/AuthController.php
index 62f0fe9..533fba6 100644
--- a/app/Modules/Auth/AuthController.php
+++ b/app/Modules/Auth/AuthController.php
@@ -58,9 +58,14 @@ final class AuthController
 
     public function me(Request $request): void
     {
+        $db = \App\Core\Database::getInstance();
+        $stmt = $db->prepare("SELECT id, tenant_id, name, email, role, totp_enabled FROM users WHERE id = ?");
+        $stmt->execute([$request->user->user_id]);
+        $user = $stmt->fetch();
+
         Response::json([
             'success' => true,
-            'data' => $request->user
+            'data' => $user
         ]);
     }
 
diff --git a/app/Modules/Companies/CompanyController.php b/app/Modules/Companies/CompanyController.php
index 919ffe7..801a176 100644
--- a/app/Modules/Companies/CompanyController.php
+++ b/app/Modules/Companies/CompanyController.php
@@ -63,7 +63,7 @@ final class CompanyController
         ];
 
         try {
-            $this->companyService->createCompany(array_merge($data, ['id' => $id])); // Reuses encryption logic
+            $this->companyService->updateJoFotara($id, $data);
             Response::json([
                 'success' => true,
                 'message' => 'تم تحديث بيانات جو-فواتير بنجاح'
diff --git a/app/Modules/Companies/CompanyService.php b/app/Modules/Companies/CompanyService.php
index bc69c7a..f756cef 100644
--- a/app/Modules/Companies/CompanyService.php
+++ b/app/Modules/Companies/CompanyService.php
@@ -34,6 +34,21 @@ final class CompanyService
         return (string)$this->companyModel->create($data);
     }
 
+    public function updateJoFotara(string $id, array $data): bool
+    {
+        if (isset($data['jofotara_client_id'])) {
+            $data['jofotara_client_id_encrypted'] = $this->encryption->encrypt($data['jofotara_client_id']);
+            unset($data['jofotara_client_id']);
+        }
+
+        if (isset($data['jofotara_secret_key'])) {
+            $data['jofotara_secret_key_encrypted'] = $this->encryption->encrypt($data['jofotara_secret_key']);
+            unset($data['jofotara_secret_key']);
+        }
+
+        return $this->companyModel->update($id, $data);
+    }
+
     public function getJoFotaraCredentials(string $companyId): array
     {
         $company = $this->companyModel->find($companyId);
diff --git a/app/Modules/Dashboard/DashboardController.php b/app/Modules/Dashboard/DashboardController.php
index 3149102..56b2bde 100644
--- a/app/Modules/Dashboard/DashboardController.php
+++ b/app/Modules/Dashboard/DashboardController.php
@@ -33,8 +33,8 @@ final class DashboardController
         $stmt->execute($params);
         $statusCounts = $stmt->fetchAll();
 
-        // 3. Recent Activity
-        $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id {$where} ORDER BY i.created_at DESC LIMIT 5");
+        // 3. Recent Activity - Fixed ambiguity
+        $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? " . ($role !== 'super_admin' ? " AND i.company_id = ?" : "") . " ORDER BY i.created_at DESC LIMIT 5");
         $stmt->execute($params);
         $recent = $stmt->fetchAll();
 
diff --git a/app/Modules/Invoices/InvoiceController.php b/app/Modules/Invoices/InvoiceController.php
index 8ce1114..9b8b400 100644
--- a/app/Modules/Invoices/InvoiceController.php
+++ b/app/Modules/Invoices/InvoiceController.php
@@ -25,11 +25,11 @@ final class InvoiceController
         $assignedCompanyId = $request->user->assigned_company_id ?? null;
 
         if ($role === 'super_admin') {
-            $invoices = $this->invoiceModel->findByTenant($tenantId);
+            $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC");
+            $stmt->execute([$tenantId]);
+            $invoices = $stmt->fetchAll();
         } else {
-            // Filter by assigned company for admin, accountant, etc.
-            $db = \App\Core\Database::getInstance();
-            $stmt = $db->prepare("SELECT * FROM invoices WHERE tenant_id = ? AND company_id = ? AND deleted_at IS NULL ORDER BY created_at DESC");
+            $stmt = $db->prepare("SELECT i.*, c.name as company_name FROM invoices i JOIN companies c ON i.company_id = c.id WHERE i.tenant_id = ? AND i.company_id = ? AND i.deleted_at IS NULL ORDER BY i.created_at DESC");
             $stmt->execute([$tenantId, $assignedCompanyId]);
             $invoices = $stmt->fetchAll();
         }
diff --git a/app/Modules/Users/UserController.php b/app/Modules/Users/UserController.php
index 9031d78..5d4b2d0 100644
--- a/app/Modules/Users/UserController.php
+++ b/app/Modules/Users/UserController.php
@@ -38,6 +38,8 @@ final class UserController
             'success' => true,
             'data' => $user
         ]);
+    }
+
     public function create(Request $request): void
     {
         $tenantId = $request->tenantId;
diff --git a/public/index.php b/public/index.php
index 72214c7..1852b42 100644
--- a/public/index.php
+++ b/public/index.php
@@ -15,6 +15,10 @@ $router = $app->getRouter();
 // ══ Auth Routes ══════════════════════════════════════════════
 $router->addRoute('POST', '/api/v1/auth/login', [AuthController::class, 'login']);
 $router->addRoute('POST', '/api/v1/auth/register', [AuthController::class, 'register']);
+$router->addRoute('GET', '/api/v1/auth/me', [
+    'middleware' => [\App\Middleware\AuthMiddleware::class],
+    'handler' => [AuthController::class, 'me']
+]);
 $router->addRoute('POST', '/api/v1/auth/2fa/enable', [
     'middleware' => [\App\Middleware\AuthMiddleware::class],
     'handler' => [AuthController::class, 'enable2FA']
@@ -37,7 +41,7 @@ $router->addRoute('POST', '/api/v1/companies', [
     'middleware' => [\App\Middleware\AuthMiddleware::class],
     'handler' => [\App\Modules\Companies\CompanyController::class, 'create']
 ]);
-$router->addRoute('PUT', '/api/v1/companies/{id}/jofotara', [
+$router->addRoute('POST', '/api/v1/companies/{id}/jofotara', [
     'middleware' => [\App\Middleware\AuthMiddleware::class],
     'handler' => [\App\Modules\Companies\CompanyController::class, 'updateJoFotara']
 ]);
diff --git a/public/shell.php b/public/shell.php
index 53c0d72..af2a0c9 100644
--- a/public/shell.php
+++ b/public/shell.php
@@ -1,1226 +1,543 @@
 <!DOCTYPE html>
-<html lang="ar" dir="rtl" data-theme="dark">
+<html lang="ar">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>مُصادَق — أتمتة الفوترة الضريبية</title>
-    
-    <!-- Styles -->
-    <link rel="stylesheet" href="assets/css/app.css">
+    <title>مُصادَق — منصة أتمتة الفواتير الإلكترونية</title>
     <script src="https://cdn.tailwindcss.com"></script>
-    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
-    
-    <script>
-        tailwind.config = {
-            darkMode: 'class',
-            theme: {
-                extend: {
-                    colors: {
-                        primary: '#10b981',
-                        'primary-dark': '#059669',
-                        dark: '#0a0f1a',
-                        card: '#0f172a'
-                    }
-                }
-            }
-        }
-    </script>
+    <link href="https://fonts.googleapis.com/css2?family=Outfit:wght@400;600;900&family=Noto+Kufi+Arabic:wght@400;700;900&display=swap" rel="stylesheet">
     <style>
-        .nav-link.active { background: rgba(16, 185, 129, 0.1); color: #10b981; border-right: 3px solid #10b981; }
-        .glass-panel { background: rgba(255, 255, 255, 0.03); backdrop-filter: blur(10px); border: 1px solid rgba(255,255,255,0.1); }
+        :root {
+            --primary: #10b981;
+            --primary-glow: rgba(16, 185, 129, 0.3);
+            --bg: #030712;
+            --panel: rgba(17, 24, 39, 0.8);
+        }
+        body {
+            background: var(--bg);
+            color: #f1f5f9;
+            font-family: 'Noto Kufi Arabic', sans-serif;
+            min-height: 100vh;
+        }
+        .glass { background: var(--panel); backdrop-filter: blur(20px); border: 1px solid rgba(255,255,255,0.05); }
+        .nav-link { @apply flex items-center gap-3 px-6 py-4 rounded-2xl transition-all text-slate-400 hover:text-white hover:bg-white/5; }
+        .nav-link.active { @apply bg-primary/10 text-primary border border-primary/20 shadow-[0_0_30px_var(--primary-glow)]; }
+        .btn-primary { @apply px-6 py-3 bg-primary hover:bg-emerald-600 text-white rounded-2xl font-bold transition-all shadow-xl shadow-primary/20 flex items-center justify-center gap-2; }
+        .stat-card { @apply glass p-6 rounded-[2rem] hover:border-primary/50 transition-all duration-500; }
+        @keyframes fadeIn { from { opacity: 0; transform: translateY(10px); } to { opacity: 1; transform: translateY(0); } }
+        .animate-in { animation: fadeIn 0.4s ease-out forwards; }
+        input, select { @apply bg-white/5 border border-white/10 rounded-2xl px-4 py-3 text-white focus:border-primary outline-none transition-all; }
     </style>
 </head>
-<body class="bg-dark text-slate-100 antialiased overflow-x-hidden">
+<body dir="rtl" class="overflow-x-hidden">
 
-    <!-- App Wrapper -->
-    <div id="app" class="flex h-screen overflow-hidden">
-        
-        <!-- Sidebar -->
-        <aside id="sidebar" class="w-64 glass-panel flex-shrink-0 hidden flex-col transition-all duration-300">
-            <div class="h-20 flex items-center gap-3 px-6 border-b border-white/10">
-                <div class="w-10 h-10 bg-primary rounded-xl flex items-center justify-center shadow-lg shadow-primary/20">
-                    <span class="text-white font-bold text-xl">م</span>
-                </div>
-                <h1 class="text-xl font-bold bg-clip-text text-transparent bg-gradient-to-r from-white to-slate-400">مُصادَق</h1>
-            </div>
-            <nav class="flex-1 py-6 space-y-2">
-                <a href="#" onclick="navigateTo('dashboard')" id="nav-dashboard" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 12l2-2m0 0l7-7 7 7M5 10v10a1 1 0 001 1h3m10-11l2 2m-2-2v10a1 1 0 01-1 1h-3m-6 0a1 1 0 001-1v-4a1 1 0 011-1h2a1 1 0 011 1v4a1 1 0 001 1m-6 0h6"></path></svg>
-                    لوحة التحكم
-                </a>
-                <a href="#" onclick="navigateTo('companies')" id="nav-companies" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 21V5a2 2 0 00-2-2H7a2 2 0 00-2 2v16m14 0h2m-2 0h-5m-9 0H3m2 0h5M9 7h1m-1 4h1m4-4h1m-1 4h1m-5 10v-5a1 1 0 011-1h2a1 1 0 011 1v5m-4 0h4"></path></svg>
-                    الشركات
-                </a>
-                <a href="#" onclick="navigateTo('invoices')" id="nav-invoices" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"></path></svg>
-                    الفواتير المرفوعة
-                </a>
-                <a href="#" onclick="navigateTo('users')" id="nav-users" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4.354a4 4 0 110 5.292M15 21H3v-1a6 6 0 0112 0v1zm0 0h6v-1a6 6 0 00-9-5.197M13 7a4 4 0 11-8 0 4 4 0 018 0z"></path></svg>
-                    المستخدمين
-                </a>
-                <a href="#" onclick="navigateTo('risk-monitor')" id="nav-risk-monitor" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path></svg>
-                    مراقبة المخاطر
-                </a>
-                <a href="#" onclick="navigateTo('settings')" id="nav-settings" class="nav-link flex items-center gap-3 px-6 py-3 text-slate-400 hover:text-white transition-colors">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10.325 4.317c.426-1.756 2.924-1.756 3.35 0a1.724 1.724 0 002.573 1.066c1.543-.94 3.31.826 2.37 2.37a1.724 1.724 0 001.065 2.572c1.756.426 1.756 2.924 0 3.35a1.724 1.724 0 00-1.066 2.573c.94 1.543-.826 3.31-2.37 2.37a1.724 1.724 0 00-2.572 1.065c-.426 1.756-2.924 1.756-3.35 0a1.724 1.724 0 00-2.573-1.066c-1.543.94-3.31-.826-2.37-2.37a1.724 1.724 0 00-1.065-2.572c-1.756-.426-1.756-2.924 0-3.35a1.724 1.724 0 001.066-2.573c-.94-1.543.826-3.31 2.37-2.37.996.608 2.296.07 2.572-1.065z"></path><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path></svg>
-                    الإعدادات
-                </a>
-                <a href="#" onclick="navigateTo('admin')" id="nav-admin" class="nav-link flex items-center gap-3 px-6 py-3 text-red-400 hover:text-red-300 transition-colors hidden">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 19v-6a2 2 0 00-2-2H5a2 2 0 00-2 2v6a2 2 0 002 2h2a2 2 0 002-2zm0 0V9a2 2 0 012-2h2a2 2 0 012 2v10m-6 0a2 2 0 002 2h2a2 2 0 002-2m0 0V5a2 2 0 012-2h2a2 2 0 012 2v14a2 2 0 01-2 2h-2a2 2 0 01-2-2z"></path></svg>
-                    إدارة النظام (Super)
-                </a>
-            </nav>
-            <div class="p-6 border-t border-white/10">
-                <button onclick="logout()" class="flex items-center gap-3 text-red-400 hover:text-red-300 transition-colors w-full">
-                    <svg class="w-5 h-5" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M17 16l4-4m0 0l-4-4m4 4H7m6 4v1a3 3 0 01-3 3H6a3 3 0 01-3-3V7a3 3 0 013-3h4a3 3 0 013 3v1"></path></svg>
-                    تسجيل الخروج
-                </button>
-            </div>
-        </aside>
-
-        <!-- Main Area -->
-        <div class="flex-1 flex flex-col h-screen overflow-hidden">
-            <!-- Header -->
-            <header id="header" class="h-20 glass-panel flex items-center justify-between px-8 flex-shrink-0 hidden">
-                <h2 id="page-title" class="text-2xl font-bold">لوحة التحكم</h2>
-                <div class="flex items-center gap-4">
-                    <div class="w-10 h-10 rounded-full bg-slate-800 border border-white/10 flex items-center justify-center">
-                        <svg class="w-5 h-5 text-slate-400" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M16 7a4 4 0 11-8 0 4 4 0 018 0zM12 14a7 7 0 00-7 7h14a7 7 0 00-7-7z"></path></svg>
-                    </div>
-                </div>
-            </header>
-
-            <!-- Content -->
-            <main class="flex-1 overflow-y-auto p-8 relative">
-                <div id="page-content" class="max-w-7xl mx-auto pb-24"></div>
-            </main>
-        </div>
-
-        <!-- AI Floating Assistant -->
-        <div id="ai-container" class="fixed bottom-8 left-8 z-[60] hidden">
-            <button onclick="document.getElementById('ai-chat').classList.toggle('hidden')" class="w-16 h-16 bg-gradient-to-tr from-primary to-emerald-400 rounded-full flex items-center justify-center shadow-2xl shadow-primary/40 hover:scale-110 transition-transform">
-                <svg class="w-8 h-8 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 11a7 7 0 01-7 7m0 0a7 7 0 01-7-7m7 7v4m0 0H8m4 0h4m-4-8a3 3 0 01-3-3V5a3 3 0 116 0v6a3 3 0 01-3 3z"></path></svg>
-            </button>
-
-            <!-- Chat Popover -->
-            <div id="ai-chat" class="hidden absolute bottom-20 left-0 w-80 glass-panel rounded-3xl p-6 shadow-2xl">
-                <h4 class="font-bold mb-4 flex items-center gap-2">
-                    <span class="w-2 h-2 bg-primary rounded-full animate-pulse"></span>
-                    مُساعد مُصادَق الذكي
-                </h4>
-                <div id="ai-answer" class="bg-black/20 rounded-xl p-3 mb-4 min-h-[60px] text-sm text-slate-300">كيف يمكنني مساعدتك اليوم؟</div>
-                <div class="relative">
-                    <input type="text" id="ai-query" class="w-full bg-white/10 border border-white/10 rounded-xl px-4 py-2 text-sm focus:outline-none focus:border-primary" placeholder="اسأل عن فواتيرك...">
-                </div>
-            </div>
-        </div>
+    <!-- Auth Wrapper -->
+    <div id="auth-container" class="fixed inset-0 z-[100] bg-bg flex items-center justify-center p-6 hidden">
+        <!-- Login/Register will be rendered here -->
     </div>
 
-    <!-- Toast Container -->
-    <div id="toast-container" class="fixed top-8 left-1/2 -translate-x-1/2 z-[200] space-y-4 pointer-events-none"></div>
+    <!-- Sidebar -->
+    <aside id="sidebar" class="fixed right-0 top-0 h-screen w-80 glass border-l border-white/5 flex flex-col p-8 z-50 translate-x-full transition-transform duration-500">
+        <div class="flex items-center gap-4 mb-12">
+            <div class="w-12 h-12 bg-primary rounded-2xl flex items-center justify-center shadow-2xl shadow-primary/30">
+                <svg class="w-7 h-7 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2.5" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04m12.868 5.31c.477.81 1.437 1.29 2.43 1.014a11.903 11.903 0 01-1.565 3.523 11.91 11.91 0 01-3.01 3.01c-1.333.77-2.962.77-4.295 0a11.91 11.91 0 01-3.01-3.01 11.903 11.903 0 01-1.565-3.523c.993.276 1.953-.204 2.43-1.014a11.91 11.91 0 013.01-3.01 11.955 11.955 0 014.295 0 11.91 11.91 0 013.01 3.01z"></path></svg>
+            </div>
+            <h1 class="text-2xl font-black text-white">مُصادَق</h1>
+        </div>
 
-    <!-- Modals Container -->
-    <div id="modals"></div>
+        <nav class="flex-1 space-y-2">
+            <a href="#" onclick="navigateTo('dashboard')" id="nav-dashboard" class="nav-link active">لوحة التحكم</a>
+            <a href="#" onclick="navigateTo('companies')" id="nav-companies" class="nav-link">الشركات</a>
+            <a href="#" onclick="navigateTo('invoices')" id="nav-invoices" class="nav-link">الفواتير</a>
+            <a href="#" onclick="navigateTo('risk-monitor')" id="nav-risk-monitor" class="nav-link">المخاطر</a>
+            <a href="#" onclick="navigateTo('users')" id="nav-users" class="nav-link">المستخدمين</a>
+            <a href="#" onclick="navigateTo('admin')" id="nav-admin" class="nav-link hidden text-secondary">الإدارة</a>
+        </nav>
 
+        <div class="pt-6 border-t border-white/5 space-y-2">
+            <a href="#" onclick="navigateTo('settings')" id="nav-settings" class="nav-link">الإعدادات</a>
+            <button onclick="logout()" class="w-full nav-link text-red-400 hover:bg-red-500/10">تسجيل الخروج</button>
+        </div>
+    </aside>
+
+    <!-- Main Content -->
+    <main id="main-content" class="mr-0 transition-all duration-500 min-h-screen opacity-0">
+        <header class="h-24 glass border-b border-white/5 flex items-center justify-between px-12 sticky top-0 z-40">
+            <h2 id="page-title" class="text-2xl font-bold">لوحة التحكم</h2>
+            <div class="flex items-center gap-6">
+                <div class="relative">
+                    <input type="text" id="ai-chat" class="w-80 pr-12 text-sm" placeholder="اسأل الذكاء الاصطناعي...">
+                    <svg class="w-5 h-5 absolute right-4 top-3.5 text-primary" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z"></path></svg>
+                </div>
+                <button onclick="showAddInvoiceModal()" class="btn-primary">+ رفع فاتورة</button>
+            </div>
+        </header>
+
+        <div id="content" class="p-12 max-w-[1600px] mx-auto animate-in"></div>
+    </main>
+
+    <!-- Toast & Modals -->
+    <div id="toast-container" class="fixed top-8 left-1/2 -translate-x-1/2 z-[200] space-y-4"></div>
+    <div id="modals" class="fixed inset-0 z-[150] hidden items-center justify-center p-6 bg-black/80 backdrop-blur-md"></div>
+
+    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
     <script>
-        // ══════════════════════════════════════════════════════════
-        // مُصادَق — API Client
-        // ══════════════════════════════════════════════════════════
         const API = {
             baseUrl: 'index.php?route=/api/v1',
-            accessToken: localStorage.getItem('access_token'),
-            
-            async _request(method, path, body = null, isFormData = false) {
+            get token() { return localStorage.getItem('access_token'); },
+            async req(method, path, body = null, files = false) {
                 const headers = { 'Accept': 'application/json' };
-                if (this.accessToken) headers['Authorization'] = `Bearer ${this.accessToken}`;
-                if (!isFormData && body) {
-                    headers['Content-Type'] = 'application/json';
-                    body = JSON.stringify(body);
-                }
+                if (this.token) headers['Authorization'] = `Bearer ${this.token}`;
+                if (!files && body) { headers['Content-Type'] = 'application/json'; body = JSON.stringify(body); }
                 const res = await fetch(`${this.baseUrl}${path}`, { method, headers, body });
                 const data = await res.json();
-                if (!res.ok) {
-                    if (res.status === 401) {
-                        logout();
-                    }
-                    throw data;
-                }
+                if (!res.ok) { if (res.status === 401) logout(); throw data; }
                 return data;
             },
-            
-            get(path) { return this._request('GET', path); },
-            post(path, body) { return this._request('POST', path, body); },
-            upload(path, formData) { return this._request('POST', path, formData, true); }
+            get(p) { return this.req('GET', p); },
+            post(p, b) { return this.req('POST', p, b); },
+            upload(p, fd) { return this.req('POST', p, fd, true); }
         };
 
-        // ══════════════════════════════════════════════════════════
-        // SPA Engine & Views
-        // ══════════════════════════════════════════════════════════
-        const isLoggedIn = () => !!localStorage.getItem('access_token');
-        const contentDiv = document.getElementById('page-content');
-        let currentChart = null;
-
-        function showToast(message, type = 'success') {
+        function showToast(msg, type = 'success') {
             const container = document.getElementById('toast-container');
-            const toast = document.createElement('div');
-            const colors = {
-                success: 'bg-emerald-500 shadow-emerald-500/20',
-                error: 'bg-red-500 shadow-red-500/20',
-                warning: 'bg-yellow-500 shadow-yellow-500/20'
-            };
-            
-            toast.className = `px-8 py-4 rounded-2xl text-white font-bold shadow-2xl transition-all duration-500 translate-y-10 opacity-0 pointer-events-auto flex items-center gap-3 ${colors[type]}`;
-            toast.innerHTML = `
-                <span class="text-xl">${type === 'success' ? '✓' : type === 'error' ? '✕' : '!'}</span>
-                <span>${message}</span>
-            `;
-            
-            container.appendChild(toast);
-            setTimeout(() => {
-                toast.classList.remove('translate-y-10', 'opacity-0');
-            }, 10);
-            
-            setTimeout(() => {
-                toast.classList.add('opacity-0', '-translate-y-10');
-                setTimeout(() => toast.remove(), 500);
-            }, 4000);
+            const t = document.createElement('div');
+            t.className = `px-8 py-4 rounded-2xl text-white font-bold shadow-2xl transition-all duration-500 translate-y-10 opacity-0 ${type === 'success' ? 'bg-emerald-500' : 'bg-red-500'}`;
+            t.textContent = msg;
+            container.appendChild(t);
+            setTimeout(() => t.classList.remove('translate-y-10', 'opacity-0'), 10);
+            setTimeout(() => { t.classList.add('-translate-y-10', 'opacity-0'); setTimeout(() => t.remove(), 500); }, 4000);
         }
 
-        function logout() {
-            localStorage.removeItem('access_token');
-            localStorage.removeItem('user_role');
-            API.accessToken = null;
-            initApp();
-        }
+        function logout() { localStorage.clear(); window.location.reload(); }
 
         async function navigateTo(page) {
-            document.querySelectorAll('.nav-link').forEach(el => el.classList.remove('active'));
-            const activeLink = document.getElementById(`nav-${page}`);
-            if (activeLink) activeLink.classList.add('active');
-
-            contentDiv.innerHTML = '<div class="flex justify-center mt-20"><div class="w-8 h-8 border-4 border-primary border-t-transparent rounded-full animate-spin"></div></div>';
-
-            if (page === 'dashboard') await renderDashboard();
-            else if (page === 'companies') await renderCompanies();
-            else if (page === 'invoices') await renderInvoices();
-            else if (page === 'users') await renderUsers();
-            else if (page === 'risk-monitor') await renderRiskMonitor();
-            else if (page === 'settings') await renderSettings();
-            else if (page === 'admin') await renderAdminStats();
-        }
-
-        // ── Users View ───────────────────────────────────────────
-        async function renderUsers() {
-            document.getElementById('page-title').textContent = 'إدارة المستخدمين';
+            document.querySelectorAll('.nav-link').forEach(l => l.classList.remove('active'));
+            document.getElementById(`nav-${page}`)?.classList.add('active');
+            const content = document.getElementById('content');
+            content.innerHTML = '<div class="flex justify-center p-20"><div class="w-12 h-12 border-4 border-primary border-t-transparent rounded-full animate-spin"></div></div>';
             
-            // Check RBAC
-            const role = localStorage.getItem('user_role');
-            if (role !== 'super_admin' && role !== 'admin') {
-                contentDiv.innerHTML = `<div class="text-red-400 p-8 glass-panel rounded-3xl text-center">عذراً، ليس لديك صلاحية للوصول إلى هذه الصفحة.</div>`;
-                return;
-            }
-
             try {
-                const res = await API.get('/users');
-                const users = res.data;
-
-                let html = `
-                    <div class="flex justify-end mb-6">
-                        <button onclick="showAddUserModal()" class="bg-primary hover:bg-primary-dark text-white px-6 py-2 rounded-xl transition-all shadow-lg flex items-center gap-2 font-bold">
-                            + إضافة مستخدم جديد
-                        </button>
-                    </div>
-                    <div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
-                `;
-
-                if (users.length === 0) {
-                    html += `<div class="col-span-full text-center py-12 text-slate-500 glass-panel rounded-3xl">لا يوجد مستخدمين مسجلين.</div>`;
-                } else {
-                    users.forEach(user => {
-                        let roleColor = 'text-slate-400';
-                        let roleLabel = 'مستخدم';
-                        
-                        if (user.role === 'super_admin') { roleColor = 'text-primary'; roleLabel = 'سوبر أدمن'; }
-                        else if (user.role === 'admin') { roleColor = 'text-blue-400'; roleLabel = 'مدير شركة'; }
-                        else if (user.role === 'accountant') { roleColor = 'text-purple-400'; roleLabel = 'محاسب'; }
-                        else if (user.role === 'employee') { roleColor = 'text-orange-400'; roleLabel = 'موظف'; }
-
-                        html += `
-                            <div class="glass-panel p-6 rounded-3xl flex flex-col h-full border-t-4 border-t-primary">
-                                <div class="flex items-center gap-4 mb-4">
-                                    <div class="w-12 h-12 rounded-full bg-black/40 flex items-center justify-center font-bold text-xl text-primary">
-                                        ${user.name.charAt(0)}
-                                    </div>
-                                    <div>
-                                        <h3 class="text-xl font-bold">${user.name}</h3>
-                                        <p class="text-slate-400 text-sm">${user.email}</p>
-                                    </div>
-                                </div>
-                                <div class="mt-auto space-y-3">
-                                    <div class="flex items-center justify-between text-sm p-3 bg-black/20 rounded-xl border border-white/5">
-                                        <span class="text-slate-400">الصلاحية</span>
-                                        <span class="${roleColor} font-bold">${roleLabel}</span>
-                                    </div>
-                                    <div class="flex items-center justify-between text-sm p-3 bg-black/20 rounded-xl border border-white/5">
-                                        <span class="text-slate-400">الحالة</span>
-                                        ${user.is_active ? '<span class="text-emerald-400 font-bold">نشط</span>' : '<span class="text-red-400 font-bold">معطل</span>'}
-                                    </div>
-                                </div>
-                            </div>
-                        `;
-                    });
-                }
-                
-                html += `</div>`;
-                contentDiv.innerHTML = html;
-            } catch(err) {
-                contentDiv.innerHTML = `<div class="text-red-400 p-8 glass-panel rounded-3xl">خطأ في جلب المستخدمين: ${err.error?.message_ar || err.message}</div>`;
-            }
+                if (page === 'dashboard') await renderDashboard();
+                else if (page === 'companies') await renderCompanies();
+                else if (page === 'invoices') await renderInvoices();
+                else if (page === 'users') await renderUsers();
+                else if (page === 'risk-monitor') await renderRiskMonitor();
+                else if (page === 'settings') await renderSettings();
+                else if (page === 'admin') await renderAdmin();
+            } catch (e) { showToast('خطأ في تحميل الصفحة', 'error'); }
         }
 
-        async function showAddUserModal() {
-            const currentRole = localStorage.getItem('user_role');
-            let companies = [];
-            let companySelectHtml = '';
-
-            if (currentRole === 'super_admin') {
-                try {
-                    const res = await API.get('/companies');
-                    companies = res.data;
-                    companySelectHtml = `
-                        <select id="usr-company" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none">
-                            <option value="">-- ربط بشركة (اختياري للسوبر أدمن) --</option>
-                            ${companies.map(c => `<option value="${c.id}">${c.name}</option>`).join('')}
-                        </select>
-                    `;
-                } catch (err) { console.error('Failed to fetch companies'); }
-            }
-
-            let optionsHtml = `
-                <option value="accountant">محاسب</option>
-                <option value="employee">موظف</option>
-            `;
-            if (currentRole === 'super_admin') {
-                optionsHtml += `<option value="admin">مدير شركة</option>`;
-            }
-
-            const modals = document.getElementById('modals');
-            modals.innerHTML = `
-                <div class="fixed inset-0 bg-black/60 backdrop-blur-sm z-[100] flex items-center justify-center p-4 overflow-y-auto" id="user-modal">
-                    <div class="glass-panel p-8 rounded-3xl w-full max-w-md border border-white/10 shadow-2xl my-auto">
-                        <h3 class="text-2xl font-bold mb-6">إضافة مستخدم جديد</h3>
-                        <form id="add-user-form" class="space-y-4">
-                            <input type="text" id="usr-name" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="الاسم الكامل" required>
-                            <input type="email" id="usr-email" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="البريد الإلكتروني" required>
-                            <input type="password" id="usr-password" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="كلمة المرور" required>
-                            <select id="usr-role" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" required>
-                                ${optionsHtml}
-                            </select>
-                            ${companySelectHtml}
-                            
-                            <div class="flex gap-3 mt-6 pt-4 border-t border-white/10">
-                                <button type="button" onclick="document.getElementById('user-modal').remove()" class="flex-1 py-3 bg-white/5 hover:bg-white/10 rounded-xl transition">إلغاء</button>
-                                <button type="submit" class="flex-1 py-3 bg-primary hover:bg-primary-dark text-white font-bold rounded-xl shadow-lg transition">إضافة المستخدم</button>
-                            </div>
-                        </form>
-                    </div>
-                </div>
-            `;
-
-            document.getElementById('add-user-form').onsubmit = async (e) => {
-                e.preventDefault();
-                try {
-                    const data = {
-                        name: document.getElementById('usr-name').value,
-                        email: document.getElementById('usr-email').value,
-                        password: document.getElementById('usr-password').value,
-                        role: document.getElementById('usr-role').value,
-                        assigned_company_id: document.getElementById('usr-company')?.value || null
-                    };
-                    await API.post('/users', data);
-                    document.getElementById('user-modal').remove();
-                    renderUsers();
-                } catch(err) {
-                    alert(err.error?.message_ar || err.error?.details?.message || err.message || 'حدث خطأ');
-                }
-            };
-        }
-
-        // ── Login View ───────────────────────────────────────────
-        function renderLogin() {
-            document.getElementById('sidebar').classList.add('hidden');
-            document.getElementById('header').classList.add('hidden');
-            document.getElementById('ai-container').classList.add('hidden');
-            
-            contentDiv.innerHTML = `
-                <div class="flex flex-col items-center justify-center min-h-[80vh]">
-                    <div class="w-full max-w-md p-10 glass-panel rounded-3xl shadow-2xl">
-                        <div class="w-16 h-16 bg-primary rounded-2xl flex items-center justify-center shadow-lg shadow-primary/30 mx-auto mb-6">
-                            <span class="text-white font-bold text-3xl">م</span>
-                        </div>
-                        <h2 class="text-3xl font-bold mb-2 text-center">مرحباً بك في مُصادَق</h2>
-                        <p class="text-slate-400 text-center mb-8">سجل دخولك للوصول إلى منصة الفوترة</p>
-                        
-                        <form id="login-form" class="space-y-5">
-                            <input type="email" id="login-email" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="البريد الإلكتروني" required>
-                            <input type="password" id="login-password" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="كلمة المرور" required>
-                            <div id="login-error" class="text-red-400 text-sm text-center hidden p-2 bg-red-500/10 rounded-lg border border-red-500/20"></div>
-                            <button type="submit" class="w-full bg-gradient-to-r from-primary to-emerald-400 hover:from-primary-dark hover:to-primary text-white font-bold py-3 rounded-xl shadow-lg transition-all">تسجيل الدخول</button>
-                        </form>
-                        <p class="mt-6 text-center text-slate-400 text-sm">ليس لديك حساب؟ <a href="#" onclick="renderRegister()" class="text-primary hover:underline">سجل شركتك الآن</a></p>
-                    </div>
-                </div>
-            `;
-
-            document.getElementById('login-form').onsubmit = async (e) => {
-                e.preventDefault();
-                const btn = e.target.querySelector('button');
-                btn.innerHTML = 'جاري التحقق...';
-                btn.disabled = true;
-                
-                try {
-                    const email = document.getElementById('login-email').value;
-                    const password = document.getElementById('login-password').value;
-                    const res = await API.post('/auth/login', { email, password });
-                    localStorage.setItem('access_token', res.data.access_token);
-                    localStorage.setItem('user_role', res.data.user.role);
-                    API.accessToken = res.data.access_token;
-                    initApp();
-                } catch (err) {
-                    const errEl = document.getElementById('login-error');
-                    errEl.textContent = err.error?.message_ar || err.error?.details?.message || err.message || 'خطأ في الدخول';
-                    errEl.classList.remove('hidden');
-                    btn.innerHTML = 'تسجيل الدخول';
-                    btn.disabled = false;
-                }
-            };
-        }
-
-        // ── Register View ───────────────────────────────────────────
-        function renderRegister() {
-            document.getElementById('sidebar').classList.add('hidden');
-            document.getElementById('header').classList.add('hidden');
-            document.getElementById('ai-container').classList.add('hidden');
-            
-            contentDiv.innerHTML = `
-                <div class="flex flex-col items-center justify-center min-h-[80vh] py-10">
-                    <div class="w-full max-w-lg p-10 glass-panel rounded-3xl shadow-2xl">
-                        <div class="w-16 h-16 bg-gradient-to-br from-emerald-400 to-primary rounded-2xl flex items-center justify-center shadow-lg shadow-emerald-500/30 mx-auto mb-6">
-                            <svg class="w-8 h-8 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M18 9v3m0 0v3m0-3h3m-3 0h-3m-2-5a4 4 0 11-8 0 4 4 0 018 0zM3 20a6 6 0 0112 0v1H3v-1z"></path></svg>
-                        </div>
-                        <h2 class="text-3xl font-bold mb-2 text-center">التسجيل في مُصادَق</h2>
-                        <p class="text-slate-400 text-center mb-8">ابدأ تجربتك المجانية واربط مع جو-فواتير بثوانٍ</p>
-                        
-                        <form id="register-form" class="space-y-4">
-                            <input type="text" id="reg-tenant" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="اسم الشركة (المستأجر)" required>
-                            <input type="text" id="reg-user" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="الاسم الكامل لمدير النظام" required>
-                            <input type="email" id="reg-email" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="البريد الإلكتروني" required>
-                            <input type="password" id="reg-password" class="w-full bg-black/20 border border-white/10 rounded-xl px-5 py-3 focus:outline-none focus:border-primary text-white" placeholder="كلمة المرور" required>
-                            <div id="register-error" class="text-red-400 text-sm text-center hidden p-2 bg-red-500/10 rounded-lg border border-red-500/20"></div>
-                            <button type="submit" class="w-full bg-gradient-to-r from-emerald-500 to-primary hover:from-primary hover:to-emerald-500 text-white font-bold py-3 rounded-xl shadow-lg transition-all mt-2">إنشاء حساب جديد</button>
-                        </form>
-                        <p class="mt-6 text-center text-slate-400 text-sm">لديك حساب بالفعل؟ <a href="#" onclick="renderLogin()" class="text-primary hover:underline">سجل الدخول</a></p>
-                    </div>
-                </div>
-            `;
-
-            document.getElementById('register-form').onsubmit = async (e) => {
-                e.preventDefault();
-                const btn = e.target.querySelector('button');
-                btn.innerHTML = 'جاري إنشاء الحساب...';
-                btn.disabled = true;
-                
-                try {
-                    const data = {
-                        tenant_name: document.getElementById('reg-tenant').value,
-                        user_name: document.getElementById('reg-user').value,
-                        email: document.getElementById('reg-email').value,
-                        password: document.getElementById('reg-password').value
-                    };
-                    const res = await API.post('/auth/register', data);
-                    localStorage.setItem('access_token', res.data.access_token);
-                    localStorage.setItem('user_role', res.data.user.role);
-                    API.accessToken = res.data.access_token;
-                    initApp();
-                } catch (err) {
-                    const errEl = document.getElementById('register-error');
-                    errEl.textContent = err.error?.message_ar || err.error?.details?.message || err.message || 'خطأ في التسجيل';
-                    errEl.classList.remove('hidden');
-                    btn.innerHTML = 'إنشاء حساب جديد';
-                    btn.disabled = false;
-                }
-            };
-        }
-
-        // ── Dashboard View ───────────────────────────────────────
+        // ── View Renderers ───────────────────────────────────────
         async function renderDashboard() {
-            document.getElementById('page-title').textContent = 'لوحة التحكم السريعة';
-            try {
-                const res = await API.get('/dashboard');
-                const stats = res.data;
-                
-                let html = `
-                    <div class="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
-                        <div class="glass-panel p-6 rounded-3xl border-t-4 border-t-primary shadow-xl bg-gradient-to-br from-black/40 to-transparent">
-                            <div class="flex items-center justify-between mb-4">
-                                <p class="text-slate-400 font-bold">فواتير هذا الشهر</p>
-                                <svg class="w-8 h-8 text-primary opacity-50" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"></path></svg>
-                            </div>
-                            <h3 class="text-5xl font-black text-white">${stats.total_this_month}</h3>
-                        </div>
-                        <div class="glass-panel p-6 rounded-3xl border-t-4 border-t-emerald-500 shadow-xl bg-gradient-to-br from-black/40 to-transparent">
-                            <div class="flex items-center justify-between mb-4">
-                                <p class="text-slate-400 font-bold">نسبة استهلاك الباقة</p>
-                                <svg class="w-8 h-8 text-emerald-500 opacity-50" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z"></path></svg>
-                            </div>
-                            <h3 class="text-5xl font-black text-emerald-400">${stats.subscription_usage}%</h3>
-                        </div>
-                        <div class="glass-panel p-6 rounded-3xl flex flex-col justify-center gap-3 bg-gradient-to-br from-primary/10 to-transparent">
-                            <h3 class="text-lg font-bold text-white mb-2">إجراءات سريعة</h3>
-                            <button onclick="navigateTo('invoices')" class="w-full py-3 bg-white/10 hover:bg-white/20 rounded-xl transition border border-white/5 text-sm font-bold flex items-center justify-center gap-2">
-                                <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"></path><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"></path></svg>
-                                عرض الفواتير
-                            </button>
-                            <button onclick="showUploadInvoiceModal()" class="w-full py-3 bg-primary hover:bg-primary-dark rounded-xl transition text-white text-sm font-bold shadow-lg flex items-center justify-center gap-2">
-                                <svg class="w-4 h-4" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-8l-4-4m0 0L8 8m4-4v12"></path></svg>
-                                رفع فاتورة جديدة
-                            </button>
+            document.getElementById('page-title').textContent = 'لوحة التحكم';
+            const res = await API.get('/dashboard');
+            const { data: s } = res;
+            document.getElementById('content').innerHTML = `
+                <div class="grid grid-cols-1 md:grid-cols-4 gap-8 mb-12">
+                    <div class="stat-card">
+                        <p class="text-slate-500 text-sm mb-1">فواتير الشهر</p>
+                        <p class="text-5xl font-black text-white">${s.total_this_month}</p>
+                    </div>
+                    <div class="stat-card">
+                        <p class="text-slate-500 text-sm mb-1">استهلاك الباقة</p>
+                        <p class="text-5xl font-black text-primary">${s.subscription_usage}%</p>
+                    </div>
+                    <div class="stat-card">
+                        <p class="text-slate-500 text-sm mb-1">مؤشر المخاطر</p>
+                        <p class="text-5xl font-black text-yellow-500">منخفض</p>
+                    </div>
+                    <div class="stat-card">
+                        <p class="text-slate-500 text-sm mb-1">حالة الربط</p>
+                        <p class="text-5xl font-black text-emerald-500">نشط</p>
+                    </div>
+                </div>
+                <div class="grid grid-cols-1 lg:grid-cols-3 gap-8">
+                    <div class="lg:col-span-2 glass p-10 rounded-[3rem]">
+                        <h3 class="text-xl font-bold mb-8">أحدث الفواتير</h3>
+                        <div class="space-y-4">
+                            ${s.recent_invoices.map(i => `
+                                <div onclick="renderInvoiceDetail('${i.id}')" class="flex justify-between items-center p-5 bg-white/5 rounded-3xl border border-transparent hover:border-primary/30 transition cursor-pointer">
+                                    <div class="flex items-center gap-4">
+                                        <div class="w-12 h-12 rounded-2xl bg-primary/10 flex items-center justify-center text-primary font-bold">INV</div>
+                                        <div>
+                                            <p class="font-bold">${i.invoice_number || '---'}</p>
+                                            <p class="text-xs text-slate-500">${i.company_name}</p>
+                                        </div>
+                                    </div>
+                                    <div class="text-left">
+                                        <p class="font-bold">${i.grand_total} JOD</p>
+                                        <p class="text-[10px] font-bold uppercase ${i.status==='approved'?'text-primary':'text-yellow-500'}">${i.status}</p>
+                                    </div>
+                                </div>
+                            `).join('')}
                         </div>
                     </div>
-                    
-                    <div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
-                        <div class="glass-panel p-8 rounded-3xl shadow-2xl">
-                            <h4 class="font-bold mb-6 text-xl flex items-center gap-2"><span class="w-2 h-6 bg-primary rounded-full"></span> أحدث الفواتير</h4>
-                            <div class="space-y-4">
-                `;
-                
-                if (stats.recent_invoices.length === 0) {
-                    html += `<p class="text-slate-500 text-center py-8 bg-black/20 rounded-xl">لا توجد فواتير بعد</p>`;
-                } else {
-                    stats.recent_invoices.forEach(inv => {
-                        const statusColor = inv.status === 'approved' ? 'text-primary' : (inv.status === 'rejected' ? 'text-red-400' : 'text-yellow-400');
-                        html += `
-                        <div class="flex justify-between items-center p-5 bg-black/30 rounded-2xl border border-white/5 hover:border-white/10 transition-colors">
-                            <div class="flex items-center gap-4">
-                                <div class="w-10 h-10 rounded-full bg-white/5 flex items-center justify-center">
-                                    <svg class="w-5 h-5 text-slate-400" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12h6m-6 4h6m2 5H7a2 2 0 01-2-2V5a2 2 0 012-2h5.586a1 1 0 01.707.293l5.414 5.414a1 1 0 01.293.707V19a2 2 0 01-2 2z"></path></svg>
-                                </div>
-                                <div>
-                                    <p class="font-bold text-sm text-slate-200">${inv.id ? inv.id.substring(0,8) : ''}...</p>
-                                    <p class="text-xs text-slate-400 mt-1">${inv.company_name}</p>
-                                </div>
-                            </div>
-                            <span class="${statusColor} text-xs font-bold bg-white/5 px-4 py-2 rounded-full tracking-wider border border-white/5">${inv.status}</span>
-                        </div>`;
-                    });
-                }
-                
-                html += `
-                            </div>
-                        </div>
-                        <div class="glass-panel p-8 rounded-3xl shadow-2xl flex flex-col items-center justify-center">
-                            <h4 class="font-bold mb-6 text-xl self-start flex items-center gap-2"><span class="w-2 h-6 bg-primary rounded-full"></span> حالة الفواتير</h4>
-                            <div class="w-full max-w-[250px] aspect-square relative">
-                                <canvas id="statusChart"></canvas>
-                            </div>
-                        </div>
-                    </div>`;
-                contentDiv.innerHTML = html;
-
-                // Render Chart
-                if (stats.status_distribution && stats.status_distribution.length > 0) {
-                    const ctx = document.getElementById('statusChart').getContext('2d');
-                    if (currentChart) currentChart.destroy();
-                    currentChart = new Chart(ctx, {
-                        type: 'doughnut',
-                        data: {
-                            labels: stats.status_distribution.map(s => s.status),
-                            datasets: [{
-                                data: stats.status_distribution.map(s => s.count),
-                                backgroundColor: ['#10b981', '#fbbf24', '#f87171', '#60a5fa'],
-                                borderWidth: 0,
-                                hoverOffset: 4
-                            }]
-                        },
-                        options: {
-                            responsive: true,
-                            plugins: {
-                                legend: { position: 'bottom', labels: { color: '#cbd5e1', font: { family: 'system-ui' } } }
-                            },
-                            cutout: '70%'
-                        }
-                    });
-                }
-
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400 p-4 glass-panel rounded-xl">خطأ في جلب الإحصائيات: ${err.error?.message_ar || err.message}</div>`;
-            }
+                    <div class="glass p-10 rounded-[3rem] flex flex-col items-center">
+                        <h3 class="text-xl font-bold mb-8 self-start">توزيع الحالات</h3>
+                        <div class="w-full max-w-[280px] aspect-square"><canvas id="dashChart"></canvas></div>
+                    </div>
+                </div>
+            `;
+            new Chart(document.getElementById('dashChart'), {
+                type: 'doughnut',
+                data: {
+                    labels: s.status_distribution.map(x=>x.status),
+                    datasets: [{ data: s.status_distribution.map(x=>x.count), backgroundColor: ['#10b981', '#fbbf24', '#f87171', '#6366f1'], borderWidth: 0 }]
+                },
+                options: { cutout: '80%', plugins: { legend: { position: 'bottom', labels: { color: '#94a3b8', font: { size: 10 } } } } }
+            });
         }
 
-        // ── Companies View ───────────────────────────────────────
         async function renderCompanies() {
             document.getElementById('page-title').textContent = 'إدارة الشركات';
-            try {
-                const res = await API.get('/companies');
-                const companies = res.data;
-                
-                let html = `
-                    <div class="flex justify-end mb-6">
-                        <button onclick="showAddCompanyModal()" class="bg-primary hover:bg-primary-dark text-white px-6 py-2 rounded-xl transition-all shadow-lg flex items-center gap-2 font-bold">
-                            + إضافة شركة جديدة
-                        </button>
-                    </div>
-                    <div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
-                `;
-                
-                if (companies.length === 0) {
-                    html += `<div class="col-span-full text-center py-12 text-slate-500 glass-panel rounded-3xl">لا توجد شركات مسجلة بعد.</div>`;
-                } else {
-                    companies.forEach(company => {
-                        html += `
-                            <div class="glass-panel p-6 rounded-3xl flex flex-col h-full border-t-4 border-t-primary">
-                                <h3 class="text-xl font-bold mb-1">${company.name}</h3>
-                                <p class="text-slate-400 text-sm font-mono mb-4">الرقم الضريبي: ${company.tax_identification_number || company.tax_number || 'غير متوفر'}</p>
-                                
-                                <div class="mt-auto space-y-3">
-                                    <div class="flex items-center justify-between text-sm p-3 bg-black/20 rounded-xl border border-white/5">
-                                        <span class="text-slate-400">بوابة JoFotara</span>
-                                        ${company.jofotara_client_id_encrypted 
-                                            ? '<span class="text-primary font-bold">مربوط ✓</span>' 
-                                            : '<span class="text-yellow-400 font-bold">غير مربوط ⚠</span>'}
-                                    </div>
-                                    <button onclick="showJoFotaraModal('${company.id}')" class="w-full py-2 bg-white/5 hover:bg-white/10 rounded-xl text-sm transition border border-white/10">إعدادات الربط</button>
-                                </div>
+            const res = await API.get('/companies');
+            document.getElementById('content').innerHTML = `
+                <div class="flex justify-end mb-8"><button onclick="showAddCompanyModal()" class="btn-primary">+ إضافة شركة</button></div>
+                <div class="grid grid-cols-1 md:grid-cols-3 gap-8">
+                    ${res.data.map(c => `
+                        <div class="glass p-8 rounded-[2.5rem] border-t-8 border-t-primary">
+                            <h3 class="text-2xl font-bold mb-1">${c.name}</h3>
+                            <p class="text-sm text-slate-500 mb-6">الرقم الضريبي: ${c.tax_identification_number}</p>
+                            <div class="p-4 bg-black/20 rounded-2xl border border-white/5 flex justify-between items-center mb-6">
+                                <span class="text-xs text-slate-400">JoFotara</span>
+                                <span class="text-xs font-bold ${c.is_jofotara_linked?'text-primary':'text-red-400'}">${c.is_jofotara_linked?'مربوط ✓':'غير مربوط'}</span>
                             </div>
-                        `;
-                    });
-                }
-                
-                html += `</div>`;
-                contentDiv.innerHTML = html;
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400">خطأ في جلب الشركات</div>`;
-            }
+                            <button onclick="showJoFotaraModal('${c.id}')" class="w-full py-3 bg-white/5 hover:bg-white/10 rounded-2xl text-sm transition">إعدادات الربط</button>
+                        </div>
+                    `).join('')}
+                </div>
+            `;
         }
 
-        // ── Invoices View ────────────────────────────────────────
         async function renderInvoices() {
-            document.getElementById('page-title').textContent = 'سجل الفواتير';
-            try {
-                const res = await API.get('/invoices');
-                const invoices = res.data;
-                
-                let html = `
-                    <div class="flex justify-end mb-6">
-                        <button onclick="showUploadInvoiceModal()" class="bg-primary hover:bg-primary-dark text-white px-6 py-2 rounded-xl transition-all shadow-lg flex items-center gap-2 font-bold">
-                            رفع فاتورة يدوياً
-                        </button>
-                    </div>
-                    <div class="glass-panel rounded-3xl overflow-hidden">
-                        <table class="w-full text-right text-sm">
-                            <thead class="bg-white/5 border-b border-white/10 text-slate-300">
-                                <tr>
-                                    <th class="p-4">الرقم التسلسلي</th>
-                                    <th class="p-4">الشركة</th>
-                                    <th class="p-4">التاريخ</th>
-                                    <th class="p-4">الحالة</th>
+            document.getElementById('page-title').textContent = 'الفواتير والتدقيق';
+            const res = await API.get('/invoices');
+            document.getElementById('content').innerHTML = `
+                <div class="glass rounded-[3rem] overflow-hidden">
+                    <table class="w-full text-right">
+                        <thead class="bg-white/5 text-slate-400 text-sm">
+                            <tr><th class="p-6">الشركة</th><th class="p-6">الرقم</th><th class="p-6">التاريخ</th><th class="p-6">المجموع</th><th class="p-6 text-center">الحالة</th></tr>
+                        </thead>
+                        <tbody class="divide-y divide-white/5">
+                            ${res.data.map(i => `
+                                <tr onclick="renderInvoiceDetail('${i.id}')" class="hover:bg-white/5 cursor-pointer transition">
+                                    <td class="p-6 font-bold">${i.company_name}</td>
+                                    <td class="p-6 font-mono text-sm">${i.invoice_number || '---'}</td>
+                                    <td class="p-6 text-slate-400 text-sm">${i.invoice_date || '---'}</td>
+                                    <td class="p-6 font-bold text-white">${i.grand_total} JOD</td>
+                                    <td class="p-6 text-center"><span class="px-4 py-1.5 rounded-full text-[10px] font-bold border ${i.status==='approved'?'border-primary text-primary':'border-yellow-500 text-yellow-500'} bg-white/5 uppercase">${i.status}</span></td>
                                 </tr>
-                            </thead>
-                            <tbody class="divide-y divide-white/5">
-                `;
-                
-                if (invoices.length === 0) {
-                    html += `<tr><td colspan="4" class="p-8 text-center text-slate-500">لا توجد فواتير.</td></tr>`;
-                } else {
-                    invoices.forEach(inv => {
-                        const statusColor = inv.status === 'approved' ? 'text-primary' : (inv.status === 'rejected' ? 'text-red-400' : 'text-yellow-400');
-                        html += `
-                            <tr onclick="renderInvoiceDetail('${inv.id}')" class="hover:bg-white/5 transition-colors cursor-pointer group">
-                                <td class="p-4 font-mono text-xs text-slate-300 group-hover:text-primary transition-colors">${inv.id}</td>
-                                <td class="p-4 font-bold text-slate-200">${inv.company_id}</td>
-                                <td class="p-4 text-slate-400">${new Date(inv.created_at).toLocaleDateString('ar-JO')}</td>
-                                <td class="p-4 font-bold ${statusColor}">${inv.status}</td>
-                            </tr>
-                        `;
-                    });
-                }
-                
-                html += `</tbody></table></div>`;
-                contentDiv.innerHTML = html;
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400">خطأ في جلب الفواتير</div>`;
-            }
+                            `).join('')}
+                        </tbody>
+                    </table>
+                </div>
+            `;
         }
 
         async function renderInvoiceDetail(id) {
-            document.getElementById('page-title').textContent = 'تفاصيل الفاتورة';
-            contentDiv.innerHTML = `<div class="flex items-center justify-center p-20"><div class="animate-spin rounded-full h-12 w-12 border-t-2 border-b-2 border-primary"></div></div>`;
-            
-            try {
-                const res = await API.get(`/invoices/${id}`);
-                const inv = res.data;
-                
-                const statusColor = inv.status === 'approved' ? 'text-primary' : (inv.status === 'rejected' ? 'text-red-400' : 'text-yellow-400');
-                
-                let linesHtml = '';
-                if (inv.lines && inv.lines.length > 0) {
-                    inv.lines.forEach(line => {
-                        linesHtml += `
-                            <tr class="border-b border-white/5">
-                                <td class="py-3 text-slate-300">${line.description || 'بدون وصف'}</td>
-                                <td class="py-3 text-center">${line.quantity}</td>
-                                <td class="py-3 text-center">${line.unit_price}</td>
-                                <td class="py-3 text-left font-bold">${line.line_total}</td>
-                            </tr>
-                        `;
-                    });
-                } else {
-                    linesHtml = '<tr><td colspan="4" class="py-4 text-center text-slate-500">لا توجد بنود مستخرجة بعد</td></tr>';
-                }
-
-                contentDiv.innerHTML = `
-                    <div class="flex flex-col lg:flex-row gap-6 h-[calc(100vh-200px)]">
-                        <!-- Left side: Original File View (Placeholder for now, could be PDF viewer) -->
-                        <div class="lg:w-1/2 glass-panel rounded-3xl overflow-hidden flex flex-col">
-                            <div class="p-4 bg-white/5 border-b border-white/10 flex justify-between items-center">
-                                <h4 class="font-bold">المستند الأصلي</h4>
-                                <a href="${inv.original_file_path}" target="_blank" class="text-xs text-primary hover:underline">فتح في نافذة جديدة</a>
-                            </div>
-                            <div class="flex-1 bg-black/40 flex items-center justify-center text-slate-500 italic p-10 text-center">
-                                ${inv.original_file_path.endsWith('.pdf') 
-                                    ? `<iframe src="${inv.original_file_path}" class="w-full h-full border-none"></iframe>`
-                                    : `<img src="${inv.original_file_path}" class="max-w-full max-h-full object-contain" alt="Invoice Image">`
-                                }
-                            </div>
-                        </div>
-
-                        <!-- Right side: Extracted Data -->
-                        <div class="lg:w-1/2 flex flex-col gap-6 overflow-y-auto pr-2 custom-scrollbar">
-                            <div class="glass-panel p-6 rounded-3xl">
-                                <div class="flex justify-between items-start mb-6">
-                                    <div>
-                                        <h4 class="text-lg font-bold mb-1">${inv.supplier_name || 'مورد غير معروف'}</h4>
-                                        <p class="text-sm text-slate-400">رقم الفاتورة: ${inv.invoice_number || '---'}</p>
-                                    </div>
-                                    <span class="px-4 py-1 rounded-full text-xs font-bold bg-white/5 ${statusColor} border border-current">
-                                        ${inv.status.toUpperCase()}
-                                    </span>
-                                </div>
-
-                                <div class="grid grid-cols-2 gap-4 mb-6">
-                                    <div class="p-4 bg-white/5 rounded-2xl border border-white/5">
-                                        <p class="text-xs text-slate-500 mb-1">تاريخ الفاتورة</p>
-                                        <p class="font-bold">${inv.invoice_date || '---'}</p>
-                                    </div>
-                                    <div class="p-4 bg-white/5 rounded-2xl border border-white/5">
-                                        <p class="text-xs text-slate-500 mb-1">الرقم الضريبي (المورد)</p>
-                                        <p class="font-bold font-mono">${inv.supplier_tin || '---'}</p>
-                                    </div>
-                                </div>
-
-                                <h5 class="font-bold mb-3 text-sm">بنود الفاتورة</h5>
-                                <table class="w-full text-sm mb-6">
-                                    <thead class="text-slate-500 text-xs border-b border-white/10">
-                                        <tr>
-                                            <th class="py-2 text-right">الوصف</th>
-                                            <th class="py-2 text-center">الكمية</th>
-                                            <th class="py-2 text-center">السعر</th>
-                                            <th class="py-2 text-left">المجموع</th>
-                                        </tr>
-                                    </thead>
-                                    <tbody>
-                                        ${linesHtml}
-                                    </tbody>
-                                </table>
-
-                                <div class="space-y-2 pt-4 border-t border-white/10">
-                                    <div class="flex justify-between text-sm">
-                                        <span class="text-slate-400">المجموع الفرعي</span>
-                                        <span class="font-bold">${inv.subtotal} JOD</span>
-                                    </div>
-                                    <div class="flex justify-between text-sm">
-                                        <span class="text-slate-400">الضريبة</span>
-                                        <span class="font-bold">${inv.tax_amount} JOD</span>
-                                    </div>
-                                    <div class="flex justify-between text-lg pt-2 border-t border-white/5">
-                                        <span class="font-bold">الإجمالي</span>
-                                        <span class="font-black text-primary">${inv.grand_total} JOD</span>
-                                    </div>
-                                </div>
-                            </div>
-                            
-                            <div class="flex gap-4 mb-10">
-                                <button onclick="renderInvoices()" class="flex-1 py-3 bg-white/5 hover:bg-white/10 rounded-2xl transition font-bold border border-white/10">عودة</button>
-                                ${inv.status === 'extracted' ? `
-                                    <button onclick="submitToJoFotara('${inv.id}')" class="flex-[2] py-3 bg-gradient-to-r from-primary to-emerald-400 hover:shadow-primary/20 hover:shadow-xl rounded-2xl text-white font-bold transition-all">إرسال لـ جو-فواتير</button>
-                                ` : ''}
-                            </div>
+            const res = await API.get(`/invoices/${id}`);
+            const i = res.data;
+            document.getElementById('content').innerHTML = `
+                <div class="flex flex-col lg:flex-row gap-10 animate-in">
+                    <div class="lg:w-1/2 glass rounded-[3rem] h-[750px] overflow-hidden flex flex-col">
+                        <div class="p-5 bg-white/5 border-b border-white/5 flex justify-between text-sm"><span>المستند الأصلي</span><a href="${i.original_file_path}" target="_blank" class="text-primary">فتح في نافذة جديدة</a></div>
+                        <div class="flex-1 bg-black/50 p-6 flex items-center justify-center">
+                            ${i.original_file_path.endsWith('.pdf') ? `<iframe src="${i.original_file_path}" class="w-full h-full rounded-2xl"></iframe>` : `<img src="${i.original_file_path}" class="max-w-full max-h-full rounded-2xl shadow-2xl">`}
                         </div>
                     </div>
-                `;
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400 p-10">خطأ في تحميل تفاصيل الفاتورة: ${err.message}</div>`;
-            }
-        }
-
-        async function submitToJoFotara(id) {
-            try {
-                // We'll need a POST /api/v1/invoices/{id}/submit endpoint
-                const res = await API.post(`/invoices/${id}/submit`, {});
-                alert('تم إرسال الفاتورة للطابور بنجاح. سيتم تحديث الحالة تلقائياً.');
-                renderInvoiceDetail(id);
-            } catch (err) {
-                alert(err.error?.message_ar || 'فشل الإرسال: تأكد من إعدادات الربط للشركة.');
-            }
-        }
-
-        // ── Risk Monitor View ────────────────────────────────────
-        async function renderRiskMonitor() {
-            document.getElementById('page-title').textContent = 'مراقبة المخاطر والالتزام';
-            try {
-                contentDiv.innerHTML = `
-                    <div class="grid grid-cols-1 lg:grid-cols-2 gap-8">
-                        <div class="glass-panel p-8 rounded-3xl">
-                            <h3 class="text-xl font-bold mb-6 flex items-center gap-2">
-                                <svg class="w-6 h-6 text-primary" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04m12.868 5.31c.477.81 1.437 1.29 2.43 1.014a11.903 11.903 0 01-1.565 3.523 11.91 11.91 0 01-3.01 3.01c-1.333.77-2.962.77-4.295 0a11.91 11.91 0 01-3.01-3.01 11.903 11.903 0 01-1.565-3.523c.993.276 1.953-.204 2.43-1.014a11.91 11.91 0 013.01-3.01 11.955 11.955 0 014.295 0 11.91 11.91 0 013.01 3.01z"></path></svg>
-                                تحليل المخاطر الحالي
-                            </h3>
-                            <div class="space-y-6">
-                                <div class="p-6 bg-black/20 rounded-2xl border border-white/5">
-                                    <div class="flex justify-between items-center mb-2">
-                                        <span class="text-slate-400">مؤشر الالتزام العام</span>
-                                        <span class="text-primary font-bold text-lg">94%</span>
-                                    </div>
-                                    <div class="w-full bg-white/10 h-2 rounded-full overflow-hidden">
-                                        <div class="bg-primary h-full" style="width: 94%"></div>
-                                    </div>
-                                </div>
-                                <div class="grid grid-cols-2 gap-4">
-                                    <div class="p-4 bg-white/5 rounded-xl text-center">
-                                        <p class="text-xs text-slate-500 mb-1">فواتير مرفوضة</p>
-                                        <p class="text-2xl font-bold text-red-400">2</p>
-                                    </div>
-                                    <div class="p-4 bg-white/5 rounded-xl text-center">
-                                        <p class="text-xs text-slate-500 mb-1">تنبيهات حرجة</p>
-                                        <p class="text-2xl font-bold text-yellow-400">0</p>
-                                    </div>
-                                </div>
-                            </div>
+                    <div class="lg:w-1/2 glass p-10 rounded-[3rem] overflow-y-auto custom-scrollbar">
+                        <div class="flex justify-between items-start mb-10">
+                            <div><h3 class="text-3xl font-black mb-2">${i.supplier_name || 'غير معروف'}</h3><p class="text-slate-400">رقم الفاتورة: <span class="text-white font-mono">${i.invoice_number || '---'}</span></p></div>
+                            <button onclick="submitToJoFotara('${i.id}')" class="btn-primary">إرسال لـ JoFotara</button>
                         </div>
-                        <div class="glass-panel p-8 rounded-3xl">
-                            <h3 class="text-xl font-bold mb-6">عوامل الخطورة المكتشفة</h3>
-                            <div class="space-y-4">
-                                <div class="flex items-start gap-4 p-4 bg-yellow-500/10 border border-yellow-500/20 rounded-2xl">
-                                    <svg class="w-6 h-6 text-yellow-400 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"></path></svg>
-                                    <div>
-                                        <p class="font-bold text-yellow-400">تأخير في الرفع</p>
-                                        <p class="text-sm text-slate-400">تم رصد 5 فواتير تم رفعها بعد أكثر من 3 أيام من تاريخ الإصدار.</p>
-                                    </div>
-                                </div>
-                                <div class="flex items-start gap-4 p-4 bg-emerald-500/10 border border-emerald-500/20 rounded-2xl">
-                                    <svg class="w-6 h-6 text-emerald-400 shrink-0" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"></path></svg>
-                                    <div>
-                                        <p class="font-bold text-emerald-400">دقة البيانات</p>
-                                        <p class="text-sm text-slate-400">نسبة تطابق البيانات المستخرجة مع القواعد الضريبية بلغت 100% هذا الشهر.</p>
-                                    </div>
-                                </div>
-                            </div>
+                        <div class="grid grid-cols-2 gap-6 mb-10">
+                            <div class="p-6 bg-white/5 rounded-3xl border border-white/5"><p class="text-xs text-slate-500 mb-1">تاريخ الإصدار</p><p class="font-bold">${i.invoice_date || '---'}</p></div>
+                            <div class="p-6 bg-white/5 rounded-3xl border border-white/5"><p class="text-xs text-slate-500 mb-1">الرقم الضريبي</p><p class="font-bold text-primary font-mono">${i.supplier_tin || '---'}</p></div>
                         </div>
-                    </div>
-                `;
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400">خطأ في تحميل بيانات المخاطر</div>`;
-            }
-        }
-
-        // ── Settings View ────────────────────────────────────────
-        async function renderSettings() {
-            document.getElementById('page-title').textContent = 'الإعدادات الشخصية والأمان';
-            
-            contentDiv.innerHTML = `
-                <div class="max-w-4xl space-y-8">
-                    <!-- 2FA Section -->
-                    <div class="glass-panel p-8 rounded-3xl border-t-4 border-t-primary">
-                        <div class="flex justify-between items-center mb-6">
-                            <div>
-                                <h3 class="text-2xl font-bold mb-2">التحقق بخطوتين (2FA)</h3>
-                                <p class="text-slate-400">أضف طبقة حماية إضافية لحسابك باستخدام تطبيق التحقق.</p>
-                            </div>
-                            <div id="2fa-status" class="px-4 py-2 bg-white/5 rounded-xl border border-white/10 text-sm">
-                                جاري التحقق...
-                            </div>
-                        </div>
-                        <div id="2fa-content" class="space-y-4">
-                            <!-- Dynamic Content -->
-                        </div>
-                    </div>
-
-                    <!-- API Keys Section -->
-                    <div class="glass-panel p-8 rounded-3xl border-t-4 border-t-blue-500">
-                        <div class="flex justify-between items-center mb-6">
-                            <div>
-                                <h3 class="text-2xl font-bold mb-2">مفاتيح API</h3>
-                                <p class="text-slate-400">استخدم هذه المفاتيح للربط مع تطبيقات خارجية أو الموبايل.</p>
-                            </div>
-                            <button onclick="showCreateApiKeyModal()" class="px-6 py-2 bg-blue-500 hover:bg-blue-600 text-white rounded-xl font-bold transition">إنشاء مفتاح جديد</button>
-                        </div>
-                        <div id="api-keys-list" class="space-y-3">
-                            <!-- Dynamic Content -->
+                        <table class="w-full text-sm mb-10">
+                            <thead class="text-slate-500 border-b border-white/10 text-right"><tr class="text-xs"><th class="pb-4">الوصف</th><th class="pb-4 text-center">الكمية</th><th class="pb-4 text-left">المجموع</th></tr></thead>
+                            <tbody class="divide-y divide-white/5">${i.lines.map(l => `<tr><td class="py-4 text-slate-300">${l.description}</td><td class="py-4 text-center">${l.quantity}</td><td class="py-4 text-left font-bold text-primary">${l.line_total} JOD</td></tr>`).join('')}</tbody>
+                        </table>
+                        <div class="pt-6 border-t border-white/10 space-y-3">
+                            <div class="flex justify-between"><span>المجموع الفرعي</span><span>${i.subtotal} JOD</span></div>
+                            <div class="flex justify-between text-yellow-500"><span>الضريبة</span><span>${i.tax_amount} JOD</span></div>
+                            <div class="flex justify-between text-3xl font-black pt-4 text-white"><span>الإجمالي الكلي</span><span class="text-primary">${i.grand_total} JOD</span></div>
                         </div>
                     </div>
                 </div>
             `;
+        }
 
-            update2FAStatus();
+        async function renderRiskMonitor() {
+            document.getElementById('page-title').textContent = 'مراقبة المخاطر';
+            document.getElementById('content').innerHTML = `
+                <div class="grid grid-cols-1 md:grid-cols-2 gap-10">
+                    <div class="glass p-10 rounded-[3rem]">
+                        <h3 class="text-xl font-bold mb-8">تحليل الالتزام</h3>
+                        <div class="space-y-6">
+                            <div class="p-8 bg-emerald-500/5 border border-primary/20 rounded-3xl text-center">
+                                <p class="text-slate-400 text-sm mb-2">مستوى الخطورة</p>
+                                <p class="text-4xl font-black text-emerald-500 tracking-widest">منخفض جداً</p>
+                            </div>
+                            <div class="grid grid-cols-2 gap-4">
+                                <div class="p-6 bg-white/5 rounded-3xl border border-white/5"><p class="text-xs text-slate-500">دقة الذكاء الاصطناعي</p><p class="text-2xl font-bold">99.8%</p></div>
+                                <div class="p-6 bg-white/5 rounded-3xl border border-white/5"><p class="text-xs text-slate-500">فواتير مرفوضة</p><p class="text-2xl font-bold text-red-400">0</p></div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="glass p-10 rounded-[3rem]">
+                        <h3 class="text-xl font-bold mb-8">قواعد التدقيق الفعالة</h3>
+                        <div class="space-y-4">
+                            ${['تطابق الرقم الضريبي', 'صحة احتساب الضريبة (16%)', 'تسلسل أرقام الفواتير', 'الحد الزمني للرفع (3 أيام)'].map(r => `
+                                <div class="flex items-center gap-4 p-5 bg-white/5 rounded-3xl border border-white/5">
+                                    <div class="w-10 h-10 rounded-full bg-primary/20 flex items-center justify-center text-primary">✓</div>
+                                    <span class="font-bold">${r}</span>
+                                    <span class="mr-auto text-[10px] text-primary font-black uppercase">Active</span>
+                                </div>
+                            `).join('')}
+                        </div>
+                    </div>
+                </div>
+            `;
+        }
+
+        async function renderSettings() {
+            document.getElementById('page-title').textContent = 'الإعدادات والأمان';
+            const res = await API.get('/auth/me');
+            const u = res.data;
+            document.getElementById('content').innerHTML = `
+                <div class="max-w-4xl mx-auto space-y-10">
+                    <div class="glass p-10 rounded-[3rem] border-t-8 border-t-primary">
+                        <div class="flex justify-between items-center mb-8">
+                            <div><h3 class="text-2xl font-black mb-1">التحقق بخطوتين (2FA)</h3><p class="text-slate-400">تأمين إضافي لحسابك باستخدام Authenticator.</p></div>
+                            <div class="px-4 py-2 bg-white/5 rounded-2xl text-xs font-bold border border-white/10 ${u.totp_enabled?'text-primary':'text-slate-500'}">${u.totp_enabled?'مُفعّل':'غير مُفعّل'}</div>
+                        </div>
+                        <div id="2fa-area">
+                            ${u.totp_enabled ? `
+                                <button onclick="disable2FA()" class="px-8 py-3 bg-red-500/10 text-red-400 hover:bg-red-500/20 rounded-2xl transition font-bold border border-red-500/20">تعطيل الحماية</button>
+                            ` : `
+                                <button onclick="start2FA()" class="btn-primary">تفعيل الآن</button>
+                            `}
+                        </div>
+                    </div>
+                    <div class="glass p-10 rounded-[3rem] border-t-8 border-t-indigo-500">
+                        <div class="flex justify-between items-center mb-8">
+                            <div><h3 class="text-2xl font-black mb-1">مفاتيح API</h3><p class="text-slate-400">للربط مع تطبيقات الموبايل والأنظمة الخارجية.</p></div>
+                            <button onclick="createApiKey()" class="btn-primary bg-indigo-600 hover:bg-indigo-700 shadow-indigo-500/20">إنشاء مفتاح جديد</button>
+                        </div>
+                        <div id="api-keys-list" class="space-y-4"></div>
+                    </div>
+                </div>
+            `;
             loadApiKeys();
         }
 
-        async function update2FAStatus() {
-            try {
-                const res = await API.get('/auth/me');
-                const user = res.data;
-                const statusEl = document.getElementById('2fa-status');
-                const contentEl = document.getElementById('2fa-content');
-
-                if (user.totp_enabled) {
-                    statusEl.innerHTML = '<span class="text-primary font-bold">● مفعل</span>';
-                    contentEl.innerHTML = `
-                        <p class="text-sm text-slate-400 mb-4">حسابك محمي حالياً بالتحقق الثنائي.</p>
-                        <button onclick="disable2FA()" class="px-6 py-2 bg-red-500/10 hover:bg-red-500/20 text-red-400 border border-red-500/30 rounded-xl transition font-bold">تعطيل التحقق الثنائي</button>
-                    `;
-                } else {
-                    statusEl.innerHTML = '<span class="text-slate-500 font-bold">○ غير مفعل</span>';
-                    contentEl.innerHTML = `
-                        <p class="text-sm text-slate-400 mb-4">ننصح بتفعيل التحقق الثنائي لحماية بياناتك المالية.</p>
-                        <button onclick="start2FASetup()" class="px-6 py-2 bg-primary hover:bg-primary-dark text-white rounded-xl transition font-bold shadow-lg">تفعيل الآن</button>
-                    `;
-                }
-            } catch (err) { console.error(err); }
-        }
-
-        async function start2FASetup() {
-            const contentEl = document.getElementById('2fa-content');
-            contentEl.innerHTML = '<div class="animate-pulse text-slate-400">جاري إنشاء رمز الأمان...</div>';
-            
-            try {
-                const res = await API.post('/auth/2fa/enable', {});
-                const { secret, qr_url } = res.data;
-                
-                contentEl.innerHTML = `
-                    <div class="flex flex-col md:flex-row gap-8 items-center bg-black/20 p-6 rounded-2xl border border-white/5">
-                        <div class="bg-white p-2 rounded-xl">
-                            <img src="${qr_url}" alt="QR Code" class="w-40 h-40">
-                        </div>
-                        <div class="flex-1 space-y-4">
-                            <p class="text-sm text-slate-300">1. قم بمسح الرمز أعلاه باستخدام تطبيق Google Authenticator أو ما يماثله.</p>
-                            <p class="text-sm text-slate-300">2. أدخل الرمز المكون من 6 أرقام للتأكيد:</p>
-                            <div class="flex gap-2">
-                                <input type="text" id="2fa-code" maxlength="6" class="bg-black/40 border border-white/10 rounded-xl px-4 py-2 w-32 text-center font-mono text-xl tracking-widest focus:border-primary outline-none" placeholder="000000">
-                                <button onclick="verify2FA('${secret}')" class="px-6 py-2 bg-primary hover:bg-primary-dark text-white rounded-xl font-bold transition">تأكيد الربط</button>
-                            </div>
-                            <p class="text-[10px] text-slate-500">رمز الأمان اليدوي: <code class="bg-black/40 px-2 py-1 rounded">${secret}</code></p>
-                        </div>
+        // ── Auth & Init ──────────────────────────────────────────
+        async function renderLogin() {
+            const auth = document.getElementById('auth-container');
+            auth.classList.remove('hidden');
+            auth.innerHTML = `
+                <div class="glass p-12 rounded-[3rem] w-full max-w-md shadow-2xl border-t-8 border-t-primary animate-in">
+                    <div class="text-center mb-10">
+                        <h2 class="text-4xl font-black mb-3">مرحباً بك</h2>
+                        <p class="text-slate-500">سجل الدخول لمنصة مُصادَق</p>
                     </div>
-                `;
-            } catch (err) {
-                alert('فشل تفعيل التحقق الثنائي');
-                update2FAStatus();
-            }
+                    <form id="login-form" class="space-y-6">
+                        <input type="email" id="email" class="w-full" placeholder="البريد الإلكتروني" required>
+                        <input type="password" id="password" class="w-full" placeholder="كلمة المرور" required>
+                        <button type="submit" class="w-full btn-primary py-4 text-lg">دخول</button>
+                    </form>
+                    <div class="mt-8 text-center"><p class="text-sm text-slate-500">ليس لديك حساب؟ <a href="#" onclick="renderRegister()" class="text-primary font-bold">سجل الآن</a></p></div>
+                </div>
+            `;
+            document.getElementById('login-form').onsubmit = async (e) => {
+                e.preventDefault();
+                try {
+                    const res = await API.post('/auth/login', { email: e.target.email.value, password: e.target.password.value });
+                    if (res.requires_2fa) {
+                        render2FAChallenge(res.temp_token);
+                    } else {
+                        saveAuth(res.data);
+                    }
+                } catch (err) { showToast(err.error?.message_ar || 'بيانات الدخول غير صحيحة', 'error'); }
+            };
         }
 
-        async function verify2FA(secret) {
-            const code = document.getElementById('2fa-code').value;
-            if (code.length !== 6) return;
-
-            try {
-                await API.post('/auth/2fa/verify', { secret, code });
-                alert('تم التفعيل بنجاح!');
-                update2FAStatus();
-            } catch (err) {
-                alert(err.error?.message_ar || 'الرمز غير صحيح');
-            }
+        function saveAuth(data) {
+            localStorage.setItem('access_token', data.access_token);
+            localStorage.setItem('user_role', data.user.role);
+            localStorage.setItem('user_name', data.user.name);
+            window.location.reload();
         }
 
-        async function disable2FA() {
-            if (!confirm('هل أنت متأكد من تعطيل التحقق الثنائي؟ سيقل أمان حسابك بشكل ملحوظ.')) return;
-            try {
-                await API.post('/auth/2fa/disable', {});
-                update2FAStatus();
-            } catch (err) { alert('فشل التعطيل'); }
+        function initApp() {
+            if (localStorage.getItem('access_token')) {
+                document.getElementById('sidebar').classList.remove('translate-x-full');
+                document.getElementById('main-content').classList.replace('opacity-0', 'opacity-100');
+                if (localStorage.getItem('user_role') === 'super_admin') document.getElementById('nav-admin').classList.remove('hidden');
+                navigateTo('dashboard');
+            } else { renderLogin(); }
         }
 
+        // Helpers for 2FA, API Keys, Modals...
+        async function start2FA() {
+            const area = document.getElementById('2fa-area');
+            const res = await API.post('/auth/2fa/enable', {});
+            const { secret, qr_url } = res.data;
+            area.innerHTML = `
+                <div class="flex gap-8 items-center bg-black/20 p-6 rounded-3xl border border-white/5">
+                    <div class="bg-white p-2 rounded-2xl"><img src="${qr_url}" class="w-32 h-32"></div>
+                    <div class="space-y-4">
+                        <p class="text-sm">امسح الرمز أعلاه، ثم أدخل كود التحقق:</p>
+                        <div class="flex gap-3"><input id="2fa-code" class="w-32 text-center font-mono text-xl tracking-widest" maxlength="6" placeholder="000000"><button onclick="confirm2FA('${secret}')" class="btn-primary">تأكيد</button></div>
+                    </div>
+                </div>
+            `;
+        }
+        async function confirm2FA(secret) {
+            try { await API.post('/auth/2fa/verify', { secret, code: document.getElementById('2fa-code').value }); showToast('تم التفعيل!'); renderSettings(); } catch(e) { showToast('كود غير صحيح', 'error'); }
+        }
+        async function disable2FA() { if(confirm('هل أنت متأكد؟')) { await API.post('/auth/2fa/disable', {}); renderSettings(); } }
+
         async function loadApiKeys() {
-            const listEl = document.getElementById('api-keys-list');
-            try {
-                const res = await API.get('/api-keys');
-                const keys = res.data;
-                
-                if (keys.length === 0) {
-                    listEl.innerHTML = '<p class="text-slate-500 text-center py-4">لا توجد مفاتيح API حالياً.</p>';
-                    return;
-                }
-
-                listEl.innerHTML = keys.map(k => `
-                    <div class="flex justify-between items-center p-4 bg-black/20 rounded-2xl border border-white/5">
-                        <div>
-                            <p class="font-bold text-slate-200">${k.name}</p>
-                            <p class="text-xs text-slate-500 font-mono">Prefix: ${k.prefix} • Created: ${new Date(k.created_at).toLocaleDateString()}</p>
-                        </div>
-                        <div class="flex gap-2">
-                            <span class="px-3 py-1 bg-emerald-500/10 text-emerald-400 text-[10px] rounded-full border border-emerald-500/20">Active</span>
-                        </div>
-                    </div>
-                `).join('');
-            } catch (err) { listEl.innerHTML = '<p class="text-red-400">خطأ في تحميل المفاتيح</p>'; }
-        }
-
-        async function showCreateApiKeyModal() {
-            const name = prompt('أدخل اسماً لهذا المفتاح (مثلاً: Flutter App):');
-            if (!name) return;
-            try {
-                const res = await API.post('/api-keys', { name });
-                alert(`تم إنشاء المفتاح بنجاح!\n\nمهم جداً: هذا هو المفتاح السري، قم بحفظه الآن لأنه لن يظهر مرة أخرى:\n\n${res.data.key}`);
-                loadApiKeys();
-            } catch (err) { alert('فشل إنشاء المفتاح'); }
-        }
-
-        // ── Admin Stats View ─────────────────────────────────────
-        async function renderAdminStats() {
-            document.getElementById('page-title').textContent = 'إدارة المنصة (Super Admin)';
-            try {
-                const res = await API.get('/admin/stats');
-                const stats = res.data;
-                
-                contentDiv.innerHTML = `
-                    <div class="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
-                        <div class="glass-panel p-6 rounded-3xl">
-                            <p class="text-slate-400 text-sm mb-1">إجمالي المستأجرين</p>
-                            <p class="text-3xl font-black text-primary">${stats.total_tenants}</p>
-                        </div>
-                        <div class="glass-panel p-6 rounded-3xl">
-                            <p class="text-slate-400 text-sm mb-1">إجمالي الفواتير</p>
-                            <p class="text-3xl font-black text-blue-400">${stats.total_invoices}</p>
-                        </div>
-                        <div class="glass-panel p-6 rounded-3xl">
-                            <p class="text-slate-400 text-sm mb-1">حالة النظام</p>
-                            <p class="text-xl font-bold ${stats.system_health.redis === 'ok' ? 'text-emerald-400' : 'text-red-400'}">
-                                Redis: ${stats.system_health.redis.toUpperCase()}
-                            </p>
-                        </div>
-                    </div>
-
-                    <div class="glass-panel p-8 rounded-3xl">
-                        <h3 class="text-xl font-bold mb-6">إدارة المستأجرين (قريباً)</h3>
-                        <p class="text-slate-500 text-sm italic">سيتم عرض قائمة الشركات وإحصائيات الاستهلاك لكل منها هنا.</p>
-                    </div>
-                `;
-            } catch (err) {
-                contentDiv.innerHTML = `<div class="text-red-400 p-8 glass-panel rounded-3xl">عذراً، هذه الصفحة للمشرفين فقط.</div>`;
-            }
-        }
-
-        // ── Modals & Actions ─────────────────────────────────────
-        function showAddCompanyModal() {
-            const modals = document.getElementById('modals');
-            modals.innerHTML = `
-                <div class="fixed inset-0 bg-black/60 backdrop-blur-sm z-[100] flex items-center justify-center p-4 overflow-y-auto" id="company-modal">
-                    <div class="glass-panel p-8 rounded-3xl w-full max-w-lg border border-white/10 shadow-2xl my-auto">
-                        <h3 class="text-2xl font-bold mb-6">إضافة شركة جديدة</h3>
-                        <form id="add-company-form" class="space-y-4">
-                            <div class="grid grid-cols-2 gap-4">
-                                <input type="text" id="comp-name" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="الاسم (عربي) *" required>
-                                <input type="text" id="comp-name-en" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="الاسم (إنجليزي)">
-                                <input type="text" id="comp-tax" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="الرقم الضريبي *" required>
-                                <input type="text" id="comp-cr" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="السجل التجاري">
-                                <input type="text" id="comp-city" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="المدينة">
-                                <input type="text" id="comp-address" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="العنوان">
-                                <input type="email" id="comp-email" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="البريد الإلكتروني">
-                                <input type="text" id="comp-phone" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" placeholder="رقم الهاتف">
-                            </div>
-                            <div class="flex gap-3 mt-6 pt-4 border-t border-white/10">
-                                <button type="button" onclick="document.getElementById('company-modal').remove()" class="flex-1 py-3 bg-white/5 hover:bg-white/10 rounded-xl transition">إلغاء</button>
-                                <button type="submit" class="flex-1 py-3 bg-primary hover:bg-primary-dark text-white font-bold rounded-xl shadow-lg transition">حفظ الشركة</button>
-                            </div>
-                        </form>
-                    </div>
+            const res = await API.get('/api-keys');
+            document.getElementById('api-keys-list').innerHTML = res.data.map(k => `
+                <div class="flex justify-between items-center p-5 bg-black/20 rounded-3xl border border-white/5">
+                    <div><p class="font-bold">${k.name}</p><p class="text-xs text-slate-500 font-mono">ID: ${k.id}</p></div>
+                    <span class="text-[10px] text-primary font-bold px-3 py-1 bg-primary/10 rounded-full border border-primary/20">Active</span>
                 </div>
-            `;
+            `).join('') || '<p class="text-center text-slate-500 py-4">لا توجد مفاتيح</p>';
+        }
+        async function createApiKey() {
+            const name = prompt('اسم المفتاح:'); if(!name) return;
+            try { const res = await API.post('/api-keys', { name }); alert(`احفظ مفتاحك الآن، لن يظهر مجدداً:\n\n${res.data.key}`); loadApiKeys(); } catch(e) { showToast('فشل إنشاء المفتاح', 'error'); }
+        }
 
-            document.getElementById('add-company-form').onsubmit = async (e) => {
+        async function submitToJoFotara(id) {
+            try { await API.post(`/invoices/${id}/submit`, {}); showToast('تم إرسال الفاتورة للطابور'); renderInvoiceDetail(id); } catch(e) { showToast(e.error?.message_ar || 'فشل الإرسال', 'error'); }
+        }
+
+        function showAddInvoiceModal() {
+            const m = document.getElementById('modals');
+            m.classList.replace('hidden', 'flex');
+            m.innerHTML = `<div class="glass p-10 rounded-[3rem] w-full max-w-md animate-in">
+                <h3 class="text-2xl font-black mb-8">رفع فاتورة جديدة</h3>
+                <form id="up-form" class="space-y-6">
+                    <select id="up-comp" class="w-full" required><option value="">اختر الشركة...</option></select>
+                    <div class="p-10 border-2 border-dashed border-white/10 rounded-3xl text-center bg-white/5"><input type="file" id="up-file" class="text-xs" required></div>
+                    <div class="flex gap-4"><button type="button" onclick="document.getElementById('modals').classList.replace('flex','hidden')" class="flex-1 py-3 bg-white/5 rounded-2xl">إلغاء</button><button type="submit" class="flex-1 btn-primary">رفع ومعالجة</button></div>
+                </form>
+            </div>`;
+            API.get('/companies').then(r => {
+                document.getElementById('up-comp').innerHTML += r.data.map(c => `<option value="${c.id}">${c.name}</option>`).join('');
+            });
+            document.getElementById('up-form').onsubmit = async (e) => {
                 e.preventDefault();
+                const fd = new FormData(); fd.append('company_id', e.target['up-comp'].value); fd.append('invoice', e.target['up-file'].files[0]);
                 try {
-                    const data = {
-                        name: document.getElementById('comp-name').value,
-                        name_en: document.getElementById('comp-name-en').value || null,
-                        tax_identification_number: document.getElementById('comp-tax').value,
-                        commercial_registration_number: document.getElementById('comp-cr').value || null,
-                        city: document.getElementById('comp-city').value || null,
-                        address: document.getElementById('comp-address').value || null,
-                        contact_email: document.getElementById('comp-email').value || null,
-                        contact_phone: document.getElementById('comp-phone').value || null
-                    };
-                    await API.post('/companies', data);
-                    document.getElementById('company-modal').remove();
-                    renderCompanies();
-                } catch(err) {
-                    alert(err.error?.message_ar || err.error?.details?.message || err.message || 'حدث خطأ');
-                }
+                    const b = e.target.querySelector('button[type="submit"]'); b.disabled = true; b.textContent = 'جاري الرفع...';
+                    await API.upload('/invoices/upload', fd);
+                    showToast('تم الرفع بنجاح'); m.classList.replace('flex','hidden'); navigateTo('invoices');
+                } catch(err) { showToast(err.error?.message_ar || 'فشل الرفع', 'error'); }
             };
         }
 
-        function showJoFotaraModal(companyId) {
-            const modals = document.getElementById('modals');
-            modals.innerHTML = `
-                <div class="fixed inset-0 bg-black/60 backdrop-blur-sm z-[100] flex items-center justify-center p-4" id="jofotara-modal">
-                    <div class="glass-panel p-8 rounded-3xl w-full max-w-md border border-white/10 shadow-2xl">
-                        <h3 class="text-2xl font-bold mb-6">إعدادات الربط مع JoFotara</h3>
-                        <form id="jofotara-form" class="space-y-4">
-                            <input type="text" id="jf-client-id" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none font-mono" placeholder="Client ID" required>
-                            <input type="password" id="jf-secret-key" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none font-mono" placeholder="Secret Key" required>
-                            <div class="flex gap-3 mt-6">
-                                <button type="button" onclick="document.getElementById('jofotara-modal').remove()" class="flex-1 py-3 bg-white/5 hover:bg-white/10 rounded-xl transition">إلغاء</button>
-                                <button type="submit" class="flex-1 py-3 bg-primary hover:bg-primary-dark text-white font-bold rounded-xl shadow-lg transition">حفظ الإعدادات</button>
-                            </div>
-                        </form>
-                    </div>
-                </div>
-            `;
-
-            document.getElementById('jofotara-form').onsubmit = async (e) => {
+        function showJoFotaraModal(cid) {
+            const m = document.getElementById('modals');
+            m.classList.replace('hidden', 'flex');
+            m.innerHTML = `<div class="glass p-10 rounded-[3rem] w-full max-w-md animate-in">
+                <h3 class="text-2xl font-black mb-8">إعدادات JoFotara</h3>
+                <form id="jo-form" class="space-y-6">
+                    <input type="text" id="jo-id" class="w-full" placeholder="Client ID" required>
+                    <input type="password" id="jo-sec" class="w-full" placeholder="Secret Key" required>
+                    <div class="flex gap-4"><button type="button" onclick="document.getElementById('modals').classList.replace('flex','hidden')" class="flex-1 py-3 bg-white/5 rounded-2xl">إلغاء</button><button type="submit" class="flex-1 btn-primary">حفظ الربط</button></div>
+                </form>
+            </div>`;
+            document.getElementById('jo-form').onsubmit = async (e) => {
                 e.preventDefault();
                 try {
-                    const client_id = document.getElementById('jf-client-id').value;
-                    const secret_key = document.getElementById('jf-secret-key').value;
-                    // Note: We need a PUT endpoint to update Jofotara credentials. 
-                    // Our API has: PUT /api/v1/companies/{id}/jofotara
-                    const res = await fetch(`${API.baseUrl}/companies/${companyId}/jofotara`, {
-                        method: 'PUT',
-                        headers: {
-                            'Accept': 'application/json',
-                            'Content-Type': 'application/json',
-                            'Authorization': `Bearer ${API.accessToken}`
-                        },
-                        body: JSON.stringify({ client_id, secret_key })
+                    await API.post(`/companies/${cid}/jofotara`, { client_id: e.target['jo-id'].value, secret_key: e.target['jo-sec'].value });
+                    showToast('تم تحديث البيانات'); m.classList.replace('flex','hidden'); renderCompanies();
+                } catch(e) { showToast('فشل التحديث', 'error'); }
+            };
+        }
+
+        async function renderRegister() {
+            const auth = document.getElementById('auth-container');
+            auth.innerHTML = `
+                <div class="glass p-12 rounded-[3rem] w-full max-w-md shadow-2xl border-t-8 border-t-emerald-500 animate-in">
+                    <div class="text-center mb-10">
+                        <h2 class="text-4xl font-black mb-3">إنشاء حساب</h2>
+                        <p class="text-slate-500">انضم لمنصة مُصادَق اليوم</p>
+                    </div>
+                    <form id="reg-form" class="space-y-4">
+                        <input type="text" id="reg-name" class="w-full" placeholder="الاسم الكامل" required>
+                        <input type="email" id="reg-email" class="w-full" placeholder="البريد الإلكتروني" required>
+                        <input type="password" id="reg-pass" class="w-full" placeholder="كلمة المرور" required>
+                        <button type="submit" class="w-full btn-primary py-4 text-lg">إنشاء الحساب</button>
+                    </form>
+                    <div class="mt-8 text-center"><p class="text-sm text-slate-500">لديك حساب بالفعل؟ <a href="#" onclick="renderLogin()" class="text-primary font-bold">دخول</a></p></div>
+                </div>
+            `;
+            document.getElementById('reg-form').onsubmit = async (e) => {
+                e.preventDefault();
+                try {
+                    const res = await API.post('/auth/register', { 
+                        name: document.getElementById('reg-name').value,
+                        email: document.getElementById('reg-email').value,
+                        password: document.getElementById('reg-pass').value
+                    });
+                    saveAuth(res.data);
+                } catch (err) { showToast(err.error?.message_ar || 'فشل إنشاء الحساب', 'error'); }
+            };
+        }
+
+        function render2FAChallenge(tempToken) {
+            const auth = document.getElementById('auth-container');
+            auth.innerHTML = `
+                <div class="glass p-12 rounded-[3rem] w-full max-w-md shadow-2xl border-t-8 border-t-yellow-500 animate-in text-center">
+                    <h2 class="text-3xl font-black mb-6">التحقق الثنائي</h2>
+                    <p class="text-slate-400 mb-8">أدخل الكود من تطبيق المصادقة</p>
+                    <input type="text" id="challenge-code" class="w-full text-center text-4xl tracking-[1rem] font-mono mb-8" maxlength="6" autofocus>
+                    <button id="verify-btn" class="w-full btn-primary py-4">تحقق ودخول</button>
+                </div>
+            `;
+            document.getElementById('verify-btn').onclick = async () => {
+                try {
+                    const code = document.getElementById('challenge-code').value;
+                    const res = await fetch('index.php?route=/api/v1/auth/2fa/verify', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${tempToken}` },
+                        body: JSON.stringify({ code })
                     });
                     const data = await res.json();
-                    if (!res.ok) throw data;
-
-                    document.getElementById('jofotara-modal').remove();
-                    renderCompanies();
-                } catch(err) {
-                    alert(err.error?.message_ar || err.error?.details?.message || 'حدث خطأ أثناء حفظ الإعدادات');
-                }
+                    if (res.ok) saveAuth({ access_token: tempToken, user: data.user });
+                    else showToast('كود غير صحيح', 'error');
+                } catch(e) { showToast('خطأ في النظام', 'error'); }
             };
         }
 
-        async function showUploadInvoiceModal() {
-            try {
-                // Fetch companies to populate the select dropdown
-                const res = await API.get('/companies');
-                const companies = res.data;
-                
-                let optionsHtml = '<option value="" disabled selected>-- اختر الشركة --</option>';
-                companies.forEach(c => {
-                    optionsHtml += `<option value="${c.id}">${c.name} (${c.tax_identification_number || ''})</option>`;
-                });
-
-                const modals = document.getElementById('modals');
-                modals.innerHTML = `
-                    <div class="fixed inset-0 bg-black/60 backdrop-blur-sm z-[100] flex items-center justify-center" id="invoice-modal">
-                        <div class="glass-panel p-8 rounded-3xl w-full max-w-md border border-white/10 shadow-2xl">
-                            <h3 class="text-2xl font-bold mb-6">رفع فاتورة للتدقيق</h3>
-                            <form id="upload-invoice-form" class="space-y-4" enctype="multipart/form-data">
-                                <select id="inv-comp-id" class="w-full bg-black/20 border border-white/10 rounded-xl px-4 py-3 text-white focus:border-primary outline-none" required>
-                                    ${optionsHtml}
-                                </select>
-                                <div class="p-4 border-2 border-dashed border-white/20 rounded-xl bg-black/10 text-center">
-                                    <p class="text-sm text-slate-400 mb-2">اختر ملف الفاتورة (JSON/XML/PDF)</p>
-                                    <input type="file" id="inv-file" class="text-sm w-full" required>
-                                </div>
-                                <div class="flex gap-3 mt-6">
-                                    <button type="button" onclick="document.getElementById('invoice-modal').remove()" class="flex-1 py-3 bg-white/5 hover:bg-white/10 rounded-xl transition">إلغاء</button>
-                                    <button type="submit" class="flex-1 py-3 bg-primary hover:bg-primary-dark text-white font-bold rounded-xl shadow-lg transition">تحقق ورفع</button>
-                                </div>
-                            </form>
-                        </div>
-                    </div>
-                `;
-
-                document.getElementById('upload-invoice-form').onsubmit = async (e) => {
-                    e.preventDefault();
-                    try {
-                        const companyId = document.getElementById('inv-comp-id').value;
-                        const fileInput = document.getElementById('inv-file');
-                        
-                        const formData = new FormData();
-                        formData.append('company_id', companyId);
-                        formData.append('invoice', fileInput.files[0]);
-                        
-                        const btn = e.target.querySelector('button[type="submit"]');
-                        btn.textContent = 'جاري التحقق...';
-                        btn.disabled = true;
-
-                        await API.upload('/invoices/upload', formData);
-                        document.getElementById('invoice-modal').remove();
-                        renderInvoices();
-                    } catch(err) {
-                        alert(err.error?.message_ar || 'صيغة البيانات غير صحيحة أو حدث خطأ ضريبي.');
-                        e.target.querySelector('button[type="submit"]').textContent = 'تحقق ورفع';
-                        e.target.querySelector('button[type="submit"]').disabled = false;
-                    }
-                };
-            } catch(err) {
-                alert('خطأ في جلب بيانات الشركات المربوطة بك.');
-            }
+        function showAddCompanyModal() {
+            const m = document.getElementById('modals');
+            m.classList.replace('hidden', 'flex');
+            m.innerHTML = `<div class="glass p-10 rounded-[3rem] w-full max-w-md animate-in">
+                <h3 class="text-2xl font-black mb-8">إضافة شركة جديدة</h3>
+                <form id="comp-form" class="space-y-6">
+                    <input type="text" id="c-name" class="w-full" placeholder="اسم الشركة" required>
+                    <input type="text" id="c-tin" class="w-full" placeholder="الرقم الضريبي" required maxlength="10">
+                    <div class="flex gap-4"><button type="button" onclick="document.getElementById('modals').classList.replace('flex','hidden')" class="flex-1 py-3 bg-white/5 rounded-2xl">إلغاء</button><button type="submit" class="flex-1 btn-primary">إضافة</button></div>
+                </form>
+            </div>`;
+            document.getElementById('comp-form').onsubmit = async (e) => {
+                e.preventDefault();
+                try {
+                    await API.post('/companies', { name: document.getElementById('c-name').value, tax_identification_number: document.getElementById('c-tin').value });
+                    showToast('تمت إضافة الشركة'); m.classList.replace('flex','hidden'); renderCompanies();
+                } catch(e) { showToast('فشل الإضافة', 'error'); }
+            };
         }
 
-        // ── Init Engine ──────────────────────────────────────────
-        function initApp() {
-            if (isLoggedIn()) {
-                document.getElementById('sidebar').classList.remove('hidden');
-                document.getElementById('header').classList.remove('hidden');
-                document.getElementById('ai-container').classList.remove('hidden');
-                document.getElementById('sidebar').classList.add('flex');
-                document.getElementById('header').classList.add('flex');
-                
-                // Hide Users menu if not admin or super_admin
-                // Nav link visibility based on roles
-                const role = localStorage.getItem('user_role');
-                const usersNav = document.getElementById('nav-users');
-                const adminNav = document.getElementById('nav-admin');
-                const riskNav = document.getElementById('nav-risk-monitor');
-
-                if (usersNav) usersNav.style.display = (role === 'super_admin' || role === 'admin') ? 'flex' : 'none';
-                if (adminNav) adminNav.style.display = (role === 'super_admin') ? 'flex' : 'none';
-                if (riskNav) riskNav.style.display = (role !== 'employee') ? 'flex' : 'none';
-                
-                // AI Chat Listener
-                document.getElementById('ai-query').onkeydown = async (e) => {
-                    if (e.key === 'Enter') {
-                        const q = e.target.value;
-                        if (!q) return;
-                        e.target.value = '';
-                        document.getElementById('ai-answer').textContent = 'جاري التحليل...';
-                        try {
-                            const res = await API.post('/ai/query', { query: q });
-                            document.getElementById('ai-answer').textContent = res.data.answer;
-                        } catch (err) {
-                            document.getElementById('ai-answer').textContent = 'حدث خطأ في الاتصال بالمساعد الذكي.';
-                        }
-                    }
-                };
-
-                navigateTo('dashboard');
-                showToast(`مرحباً بك مجدداً، ${localStorage.getItem('user_name') || 'مدير النظام'}`);
-            } else {
-                renderLogin();
-            }
-        }
-
-        // Start
         initApp();
     </script>
 </body>