docs(07-03): create comprehensive deployment checklist

- Server requirements (PHP, WordPress, memory limits)
- Required plugins (ACF Pro, Formidable Forms Pro, Elementor Pro, WP Mail SMTP)
- Plugin configuration (ACF fields, Formidable forms F1-F5, Elementor templates)
- Email configuration (SMTP setup, notification testing)
- Access control verification (pages, redirects)
- User roles and capabilities (ddhh_provider role)
- Action Scheduler monitoring (pending/complete/failed actions)
- Testing checklist (provider/mentor/admin flows from Phase 7)
- Security checklist (HTTPS, ownership validation, CSRF protection)
- Performance considerations (caching, query optimization)
- Backup strategy (pre-deployment, rollback plan)
- Post-deployment verification (smoke tests, functional tests, monitoring)
- Known issues documented (4 minor UX issues from Phase 7 testing)

File: .planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md

.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md

@@ -0,0 +1,312 @@
+# Digital Dabei Job Manager - Deployment Checklist
+
+This checklist ensures the plugin is ready for production deployment and all requirements are met.
+
+## 1. Server Requirements
+
+- [ ] **PHP Version:** 7.4 or higher (8.0+ recommended)
+- [ ] **WordPress Version:** 6.0 or higher
+- [ ] **PHP Memory Limit:** 256M minimum (512M recommended for Action Scheduler)
+- [ ] **Max Execution Time:** 60 seconds minimum
+- [ ] **HTTPS Enabled:** SSL certificate installed and active
+- [ ] **WP Cron:** Enabled (required for Action Scheduler)
+- [ ] **File Upload Limits:** 10MB minimum for logo uploads
+
+## 2. Required Plugins
+
+### Core Dependencies
+- [ ] **Advanced Custom Fields (ACF) Pro:** License activated, all field groups imported
+- [ ] **Formidable Forms Pro:** License activated, all forms (F1-F5) created
+- [ ] **Elementor Pro:** License activated, templates configured
+- [ ] **WP Mail SMTP:** Installed and configured for production email delivery
+
+### Formidable Forms Add-ons
+- [ ] Formidable Pro
+- [ ] Form Action Automation (for post creation)
+- [ ] User Registration Add-on (for provider registration)
+
+## 3. Plugin Configuration
+
+### ACF Field Groups
+- [ ] **Job Details** field group exists
+  - [ ] `job_location` (text field)
+  - [ ] `job_type` (select: Vollzeit, Teilzeit, Minijob, Freelance/Projekt)
+  - [ ] `job_deadline` (date picker, return format: Ymd)
+  - [ ] `job_contact_email` (email field)
+- [ ] **Job Deactivation** field group exists
+  - [ ] `deactivation_reason` (textarea)
+  - [ ] `deactivation_date` (date picker)
+- [ ] **Job Metadata** field group exists
+  - [ ] `submission_date` (date picker, readonly)
+- [ ] All field groups assigned to `job_offer` post type
+- [ ] German labels display correctly in admin
+
+### Formidable Forms (F1-F5)
+- [ ] **F1: Provider Registration** (form key: `provider_registration`)
+  - [ ] Creates user with `ddhh_provider` role
+  - [ ] Required fields: email, password, Anbieter Name
+  - [ ] Auto-login after registration action configured
+  - [ ] Redirect to dashboard after registration
+- [ ] **F2: Job Submission** (form key: `job_submission`)
+  - [ ] Creates `job_offer` post with `pending` status
+  - [ ] Maps all fields to ACF (title, content, location, type, deadline, contact email)
+  - [ ] Logo upload field (stores as attachment)
+  - [ ] Redirect to dashboard after submission
+- [ ] **F3: Job Edit** (form key: `job_edit`)
+  - [ ] Loads existing job data via URL parameter
+  - [ ] Ownership validation via `frm_validate_entry` hook
+  - [ ] Preserves submission date on update
+  - [ ] Resets status to `pending` after edit
+- [ ] **F4: Job Deactivation** (form key: `job_deactivation`)
+  - [ ] Loads existing job data via URL parameter
+  - [ ] Ownership validation
+  - [ ] Sets status to `draft`
+  - [ ] Captures deactivation reason in ACF field
+- [ ] **F5: Job Application** (form key: `job_application`)
+  - [ ] Pre-fills mentor email if logged in
+  - [ ] Sends application to provider's contact email
+  - [ ] Stays on job detail page after submission
+
+### Elementor Templates
+- [ ] Job archive page (`/jobangebote/`) configured with Loop Grid
+- [ ] Single job template displays ACF fields dynamically
+- [ ] Contact form modal displays on single job pages
+- [ ] Templates use German labels and formatting
+
+### User Notification Opt-in
+- [ ] Mentor users can opt-in to job notifications
+- [ ] User meta key: `ddhh_jm_notification_optin` (value: 'yes')
+- [ ] Opt-in setting accessible via profile/account page
+
+## 4. Email Configuration
+
+### WP Mail SMTP Production Setup
+- [ ] SMTP provider configured (Gmail, SendGrid, AWS SES, etc.)
+- [ ] SMTP credentials entered and tested
+- [ ] "From Email" set to verified sender address
+- [ ] "From Name" set appropriately (e.g., "Digital Dabei Hamburg")
+- [ ] Test email sent successfully from WP Mail SMTP settings
+
+### Email Verification
+- [ ] **Admin email** (WordPress Settings → General) is correct
+- [ ] Admin receives test notification emails
+- [ ] Provider receives test notification emails
+- [ ] Mentor receives test notification emails
+- [ ] Email templates display correctly (HTML formatting)
+- [ ] German text displays correctly (no character encoding issues)
+
+### Notification Testing
+- [ ] Job submission triggers admin notification
+- [ ] Job edit triggers admin notification with change summary
+- [ ] Job deactivation triggers admin notification with reason
+- [ ] Job publish triggers mentor notification (async batches)
+- [ ] Job application triggers provider notification
+- [ ] All email links are clickable and work correctly
+
+## 5. Access Control
+
+### Required Pages
+- [ ] `/anbieter-login/` page exists with login/registration forms
+- [ ] `/anbieter-dashboard/` page exists with `[ddhh_provider_dashboard]` shortcode
+- [ ] Page IDs stored in options: `ddhh_jm_login_page_id`, `ddhh_jm_dashboard_page_id`
+- [ ] Pages are published and accessible
+
+### Redirect Testing
+- [ ] Providers attempting WP-Admin access redirected to dashboard
+- [ ] Exception: `profile.php` accessible for providers
+- [ ] Exception: `admin-ajax.php` accessible for AJAX
+- [ ] Non-logged-in users accessing dashboard redirected to login page
+- [ ] Non-logged-in users accessing job archive redirected to login page
+- [ ] Non-logged-in users accessing single job redirected to login page
+
+## 6. User Roles & Capabilities
+
+### ddhh_provider Role
+- [ ] Role exists in WordPress
+- [ ] Capabilities configured:
+  - [ ] `read` (can access WordPress)
+  - [ ] `edit_job_offers` (can edit their own jobs)
+  - [ ] `delete_job_offers` (can delete their own jobs)
+  - [ ] `read_job_offer` (can read published jobs)
+  - [ ] No `publish_job_offers` capability (enforces pending status)
+
+### Test Users
+- [ ] Test provider account created and can log in
+- [ ] Test mentor account (subscriber role) created and can log in
+- [ ] Test admin account can access all features
+- [ ] Provider can only edit/delete their own jobs (not others')
+- [ ] Provider cannot access WP-Admin (except profile.php)
+
+## 7. Action Scheduler
+
+### Verification
+- [ ] Visit: `/wp-admin/tools.php?page=action-scheduler`
+- [ ] Action Scheduler page loads without errors
+- [ ] WP Cron is running (check via WP-Cron Control plugin or server cron)
+- [ ] Alternative: Server cron configured to trigger `wp-cron.php` every 5 minutes
+
+### Monitoring
+- [ ] Check "Pending" tab for queued email batches
+- [ ] Check "Complete" tab for successfully processed batches
+- [ ] Check "Failed" tab for errors (should be empty)
+- [ ] Review logs for "Scheduled X notification batches" messages
+- [ ] Review logs for "Processed notification batch" messages
+- [ ] No PHP errors or warnings in error logs
+
+### Performance
+- [ ] Email batches process in chunks of 50 users (rate limiting)
+- [ ] No timeout errors during batch processing
+- [ ] Batch actions complete within reasonable time (< 30 seconds per batch)
+
+## 8. Testing Checklist
+
+### Provider Flow (See Plan 07-01)
+- [ ] Registration creates provider account successfully
+- [ ] Auto-login after registration works
+- [ ] Redirect to dashboard after registration works
+- [ ] Job submission creates pending post with all fields
+- [ ] Logo upload and display works
+- [ ] Dashboard displays submitted jobs with correct status
+- [ ] Edit form loads job data correctly
+- [ ] Edit saves changes and resets status to pending
+- [ ] Deactivation sets status to draft and captures reason
+- [ ] Provider can view their own jobs in dashboard
+- [ ] Logout functionality available
+
+### Mentor Flow (See Plan 07-02)
+- [ ] Job archive displays published jobs only
+- [ ] Login required to access job archive
+- [ ] Single job page displays all details correctly
+- [ ] Contact form modal displays on single job pages
+- [ ] Application form submits successfully
+- [ ] Provider receives application notification
+- [ ] Notification opt-in preference saves correctly
+- [ ] Opted-in mentors receive job publish notifications
+
+### Admin Flow (See Plan 07-03)
+- [ ] Admin job list displays custom columns (Eingereicht am, Standort, Art)
+- [ ] Custom columns are sortable
+- [ ] Pending jobs visible in admin list
+- [ ] Admin can change status from pending to published
+- [ ] Admin can reject jobs (set to draft)
+- [ ] Admin receives submission notification with edit link
+- [ ] Admin receives edit notification with change summary
+- [ ] Admin receives deactivation notification with reason
+- [ ] Email links are clickable and work correctly
+
+## 9. Security Checklist
+
+- [ ] **HTTPS Enabled:** All pages served over SSL
+- [ ] **User Enumeration:** Blocked via security plugin or .htaccess
+- [ ] **File Upload Restrictions:** Only image files allowed for logos
+- [ ] **Ownership Validation:** Forms validate user owns job before editing/deactivation
+- [ ] **Capability Checks:** All admin functions check user capabilities
+- [ ] **Nonce Verification:** Formidable forms use nonces for CSRF protection
+- [ ] **SQL Injection:** All queries use prepared statements (WordPress core)
+- [ ] **XSS Protection:** All output escaped via `esc_html()`, `esc_url()`, etc.
+- [ ] **Password Strength:** WordPress default password strength enforced
+- [ ] **Admin Access:** Providers cannot access WP-Admin backend
+
+## 10. Performance
+
+- [ ] **Query Optimization:** Custom columns use efficient queries (no N+1 issues)
+- [ ] **Image Optimization:** Logos auto-cropped to 200x200px on upload
+- [ ] **Caching:** Object caching enabled if high traffic expected (Redis, Memcached)
+- [ ] **CDN:** Consider CDN for static assets if high traffic
+- [ ] **Database Indexes:** ACF meta keys indexed for fast sorting
+- [ ] **Action Scheduler Cleanup:** Old completed actions cleaned up regularly (90-day retention)
+
+## 11. Backup Strategy
+
+### Pre-Deployment
+- [ ] **Full Database Backup:** Export complete database before plugin activation
+- [ ] **File System Backup:** Backup entire WordPress installation
+- [ ] **Test Restore:** Verify backup can be restored successfully
+- [ ] **Backup Storage:** Store backups in secure, offsite location
+
+### Rollback Plan
+- [ ] Document rollback procedure (deactivate plugin, restore database)
+- [ ] Identify rollback trigger criteria (critical bugs, data loss)
+- [ ] Assign rollback decision authority (who can authorize rollback)
+- [ ] Test rollback procedure in staging environment
+
+## 12. Post-Deployment Verification
+
+### Smoke Tests (Within 1 hour)
+- [ ] WordPress admin loads without errors
+- [ ] Plugin appears in active plugins list
+- [ ] Job archive page loads
+- [ ] Single job page loads
+- [ ] Provider login page loads
+- [ ] Provider dashboard loads
+- [ ] No fatal PHP errors in error logs
+
+### Functional Tests (Within 24 hours)
+- [ ] Provider registration creates account
+- [ ] Job submission creates pending post
+- [ ] Admin receives submission notification
+- [ ] Admin can publish job
+- [ ] Mentors receive publish notification (check Action Scheduler)
+- [ ] Mentor can apply to job
+- [ ] Provider receives application notification
+- [ ] Job edit works correctly
+- [ ] Job deactivation works correctly
+
+### Monitoring (First 7 days)
+- [ ] Monitor error logs daily for PHP warnings/errors
+- [ ] Check Action Scheduler for failed actions daily
+- [ ] Review email delivery logs for bounces/failures
+- [ ] Monitor server performance (CPU, memory, database queries)
+- [ ] Collect user feedback on any issues or confusion
+- [ ] Track job submission rate and mentor engagement
+
+## Issues Found During Testing
+
+### Known Issues (Phase 7 Testing)
+
+**Issue 1: No logout option on /anbieter-login/ page**
+- **Severity:** Low (UX improvement)
+- **Impact:** Minor confusion for logged-in providers
+- **Status:** Documented, recommended fix for future update
+
+**Issue 2: Admin submission email missing job description**
+- **Severity:** Medium (reduces notification usefulness)
+- **Impact:** Admin must click through to WP-Admin to read description
+- **Status:** Documented, recommended fix for future update
+
+**Issue 3: Deactivation reason not displayed in admin notification**
+- **Severity:** Medium (reduces business intelligence)
+- **Impact:** Admin loses visibility into deactivation reasons via email
+- **Status:** Documented, recommended fix for future update
+
+**Issue 4: Admin email edit links not clickable**
+- **Severity:** Medium (reduces notification usefulness)
+- **Impact:** Admin cannot click edit link, must copy/paste URL
+- **Status:** Documented, recommended fix for future update
+
+## Support Resources
+
+- **Plugin Documentation:** `.planning/PROJECT.md`, `CLAUDE.md`
+- **Test Results:** `.planning/phases/07-testing-polish/` (07-01, 07-02, 07-03 summaries)
+- **Architecture Reference:** `CLAUDE.md` (subsystems, workflows, hooks)
+- **Action Scheduler Docs:** https://actionscheduler.org/
+- **ACF Documentation:** https://www.advancedcustomfields.com/resources/
+- **Formidable Forms Docs:** https://formidableforms.com/knowledgebase/
+
+## Sign-Off
+
+- [ ] **Technical Review:** All checklist items verified by developer
+- [ ] **QA Testing:** All user flows tested end-to-end
+- [ ] **Stakeholder Approval:** Product owner approves deployment
+- [ ] **Deployment Window:** Scheduled deployment time confirmed
+- [ ] **Team Notification:** All stakeholders notified of deployment
+
+**Deployment Date:** _________________
+
+**Deployed By:** _________________
+
+**Verified By:** _________________
+
+---
+
+**Status:** Ready for production deployment with 4 minor UX issues documented for future updates.