diff --git a/app/modules_app/dashboard/stats.php b/app/modules_app/dashboard/stats.php
new file mode 100644
index 0000000..b4a1d88
--- /dev/null
+++ b/app/modules_app/dashboard/stats.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * Dashboard Stats Endpoint
+ */
+
+use App\Core\Database;
+use App\Middleware\AuthMiddleware;
+
+// 1. Auth Check
+AuthMiddleware::check();
+
+$db = Database::getInstance();
+
+try {
+    // Total Invoices
+    $stmt = $db->query("SELECT COUNT(*) FROM invoices");
+    $total = $stmt->fetchColumn();
+
+    // Pending Invoices
+    $stmt = $db->query("SELECT COUNT(*) FROM invoices WHERE status = 'pending'");
+    $pending = $stmt->fetchColumn();
+
+    // Approved Invoices
+    $stmt = $db->query("SELECT COUNT(*) FROM invoices WHERE status = 'approved'");
+    $approved = $stmt->fetchColumn();
+} catch (\Exception $e) {
+    // Fallback if table doesn't exist yet
+    $total = 0;
+    $pending = 0;
+    $approved = 0;
+}
+
+json_success([
+    'total' => $total,
+    'pending' => $pending,
+    'approved' => $approved
+]);
diff --git a/public/index.php b/public/index.php
index ff028fe..d58f3dd 100644
--- a/public/index.php
+++ b/public/index.php
@@ -20,6 +20,7 @@ $routes = [
     'v1/auth/refresh' => ['POST', 'auth/refresh.php'],
     'v1/auth/logout'  => ['POST', 'auth/logout.php'],
     'v1/users'        => ['GET',  'users/index.php'],
+    'v1/dashboard/stats' => ['GET', 'dashboard/stats.php'],
 ];
 
 if (isset($routes[$route])) {
diff --git a/public/shell.php b/public/shell.php
index 3899bd3..b5652db 100644
--- a/public/shell.php
+++ b/public/shell.php
@@ -50,15 +50,15 @@
                     <div class="grid grid-cols-1 md:grid-cols-3 gap-6">
                         <div class="p-6 bg-surface border border-gray-800 rounded">
                             <p class="text-gray-500 text-sm">إجمالي الفواتير</p>
-                            <p class="text-3xl font-bold mt-2">1,240</p>
+                            <p class="text-3xl font-bold mt-2" x-text="stats.total"></p>
                         </div>
                         <div class="p-6 bg-surface border border-gray-800 rounded">
                             <p class="text-gray-500 text-sm">قيد المعالجة</p>
-                            <p class="text-3xl font-bold mt-2 text-yellow-500">12</p>
+                            <p class="text-3xl font-bold mt-2 text-yellow-500" x-text="stats.pending"></p>
                         </div>
                         <div class="p-6 bg-surface border border-gray-800 rounded">
                             <p class="text-gray-500 text-sm">تم الاعتماد</p>
-                            <p class="text-3xl font-bold mt-2 text-emerald-500">1,228</p>
+                            <p class="text-3xl font-bold mt-2 text-emerald-500" x-text="stats.approved"></p>
                         </div>
                     </div>
                 </div>
@@ -96,10 +96,12 @@
                 user: JSON.parse(localStorage.getItem('user')),
                 page: 'dashboard',
                 users: [],
+                stats: { total: 0, pending: 0, approved: 0 },
                 
                 init() {
                     if (!this.user) window.location.href = '/login.php';
                     this.loadUsers();
+                    this.loadStats();
                 },
 
                 title() {
@@ -107,7 +109,7 @@
                 },
 
                 async loadUsers() {
-                    const res = await fetch('/api/users', {
+                    const res = await fetch('/api/v1/users', {
                         headers: { 'Authorization': 'Bearer ' + localStorage.getItem('access_token') }
                     });
                     if (res.status === 401) this.logout();
@@ -115,6 +117,14 @@
                     if (json.success) this.users = json.data;
                 },
 
+                async loadStats() {
+                    const res = await fetch('/api/v1/dashboard/stats', {
+                        headers: { 'Authorization': 'Bearer ' + localStorage.getItem('access_token') }
+                    });
+                    const json = await res.json();
+                    if (json.success) this.stats = json.data;
+                },
+
                 logout() {
                     localStorage.clear();
                     window.location.href = '/login.php';