From 34c9b722d18da08cf386a1fc40914e87accfecee Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 30 Jan 2026 11:57:01 -0300
Subject: [PATCH 1/5] feat(pos-app): rename merchant API key to partner API key

Update API key naming throughout POS app to use 'partner' terminology for consistency with platform branding. Changes include environment variables, secure storage keys, store state/methods, UI text, and documentation. Adds migration function to handle upgrade path for existing users.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 dapps/pos-app/.env.example                    |  2 +-
 dapps/pos-app/AGENTS.md                       |  6 +-
 .../__tests__/services/payment.test.ts        | 12 ++--
 .../__tests__/store/useSettingsStore.test.ts  | 38 +++++-----
 .../pos-app/__tests__/utils/store-helpers.ts  | 10 +--
 dapps/pos-app/app/_layout.tsx                 | 17 ++++-
 dapps/pos-app/app/index.tsx                   |  4 +-
 dapps/pos-app/app/settings.tsx                | 24 +++----
 dapps/pos-app/hooks/use-merchant-flow.ts      | 70 +++++++++----------
 dapps/pos-app/services/payment.ts             |  8 +--
 dapps/pos-app/services/payment.web.ts         |  4 +-
 dapps/pos-app/store/useSettingsStore.ts       | 51 ++++++--------
 dapps/pos-app/utils/merchant-config.ts        |  8 +--
 dapps/pos-app/utils/secure-storage.ts         | 18 ++++-
 dapps/pos-app/utils/secure-storage.web.ts     | 19 ++++-
 15 files changed, 163 insertions(+), 128 deletions(-)

diff --git a/dapps/pos-app/.env.example b/dapps/pos-app/.env.example
index 84b43916..2c0295ae 100644
--- a/dapps/pos-app/.env.example
+++ b/dapps/pos-app/.env.example
@@ -4,6 +4,6 @@ SENTRY_AUTH_TOKEN=""
 EXPO_PUBLIC_API_URL=""
 EXPO_PUBLIC_GATEWAY_URL=""
 EXPO_PUBLIC_DEFAULT_MERCHANT_ID=""
-EXPO_PUBLIC_DEFAULT_MERCHANT_API_KEY=""
+EXPO_PUBLIC_DEFAULT_PARTNER_API_KEY=""
 EXPO_PUBLIC_MERCHANT_API_URL=""
 EXPO_PUBLIC_MERCHANT_PORTAL_API_KEY=""
\ No newline at end of file
diff --git a/dapps/pos-app/AGENTS.md b/dapps/pos-app/AGENTS.md
index 8caeac76..608f0c4d 100644
--- a/dapps/pos-app/AGENTS.md
+++ b/dapps/pos-app/AGENTS.md
@@ -258,7 +258,7 @@ SENTRY_AUTH_TOKEN=""                   # Sentry authentication token
 EXPO_PUBLIC_API_URL=""                 # Payment API base URL
 EXPO_PUBLIC_GATEWAY_URL=""             # WalletConnect gateway URL
 EXPO_PUBLIC_DEFAULT_MERCHANT_ID=""     # Default merchant ID (optional)
-EXPO_PUBLIC_DEFAULT_MERCHANT_API_KEY="" # Default merchant API key (optional)
+EXPO_PUBLIC_DEFAULT_PARTNER_API_KEY="" # Default partner API key (optional)
 EXPO_PUBLIC_MERCHANT_API_URL=""        # Merchant Portal API base URL
 EXPO_PUBLIC_MERCHANT_PORTAL_API_KEY="" # Merchant Portal API key (for Activity screen)
 ```
@@ -678,11 +678,11 @@ const { data, isLoading, error } = usePaymentStatus(paymentId, {
 import { secureStorage, SECURE_STORAGE_KEYS } from "@/utils/secure-storage";
 
 // Store
-await secureStorage.setItem(SECURE_STORAGE_KEYS.MERCHANT_API_KEY, apiKey);
+await secureStorage.setItem(SECURE_STORAGE_KEYS.PARTNER_API_KEY, apiKey);
 
 // Retrieve
 const apiKey = await secureStorage.getItem(
-  SECURE_STORAGE_KEYS.MERCHANT_API_KEY,
+  SECURE_STORAGE_KEYS.PARTNER_API_KEY,
 );
 ```
 
diff --git a/dapps/pos-app/__tests__/services/payment.test.ts b/dapps/pos-app/__tests__/services/payment.test.ts
index 48ac2f63..a3506101 100644
--- a/dapps/pos-app/__tests__/services/payment.test.ts
+++ b/dapps/pos-app/__tests__/services/payment.test.ts
@@ -42,10 +42,10 @@ describe("Payment Service", () => {
   describe("getApiHeaders (via startPayment/getPaymentStatus)", () => {
     it("should throw error when merchant ID is not configured", async () => {
       // Set API key but not merchant ID
-      await SecureStore.setItemAsync("merchant_api_key", "test-api-key");
+      await SecureStore.setItemAsync("partner_api_key", "test-api-key");
       useSettingsStore.setState({
         merchantId: null,
-        isMerchantApiKeySet: true,
+        isPartnerApiKeySet: true,
       });
 
       await expect(
@@ -57,10 +57,10 @@ describe("Payment Service", () => {
     });
 
     it("should throw error when merchant ID is empty string", async () => {
-      await SecureStore.setItemAsync("merchant_api_key", "test-api-key");
+      await SecureStore.setItemAsync("partner_api_key", "test-api-key");
       useSettingsStore.setState({
         merchantId: "   ", // whitespace only
-        isMerchantApiKeySet: true,
+        isPartnerApiKeySet: true,
       });
 
       await expect(
@@ -74,7 +74,7 @@ describe("Payment Service", () => {
     it("should throw error when API key is not configured", async () => {
       useSettingsStore.setState({
         merchantId: "merchant-123",
-        isMerchantApiKeySet: false,
+        isPartnerApiKeySet: false,
       });
       // Don't set the API key in secure storage
 
@@ -83,7 +83,7 @@ describe("Payment Service", () => {
           referenceId: "ref-123",
           amount: { value: "1000", unit: "cents" },
         }),
-      ).rejects.toThrow("Merchant API key is not configured");
+      ).rejects.toThrow("Partner API key is not configured");
     });
 
     it("should include correct headers when merchant is configured", async () => {
diff --git a/dapps/pos-app/__tests__/store/useSettingsStore.test.ts b/dapps/pos-app/__tests__/store/useSettingsStore.test.ts
index a14bd798..5eb7e35e 100644
--- a/dapps/pos-app/__tests__/store/useSettingsStore.test.ts
+++ b/dapps/pos-app/__tests__/store/useSettingsStore.test.ts
@@ -34,9 +34,9 @@ describe("useSettingsStore", () => {
       expect(merchantId).toBeNull();
     });
 
-    it("should have isMerchantApiKeySet as false", () => {
-      const { isMerchantApiKeySet } = useSettingsStore.getState();
-      expect(isMerchantApiKeySet).toBe(false);
+    it("should have isPartnerApiKeySet as false", () => {
+      const { isPartnerApiKeySet } = useSettingsStore.getState();
+      expect(isPartnerApiKeySet).toBe(false);
     });
 
     it("should have zero failed PIN attempts", () => {
@@ -155,57 +155,57 @@ describe("useSettingsStore", () => {
     });
   });
 
-  describe("setMerchantApiKey / clearMerchantApiKey / getMerchantApiKey", () => {
+  describe("setPartnerApiKey / clearPartnerApiKey / getPartnerApiKey", () => {
     it("should store API key in secure storage", async () => {
-      const { setMerchantApiKey } = useSettingsStore.getState();
+      const { setPartnerApiKey } = useSettingsStore.getState();
 
-      await setMerchantApiKey("api-key-123");
+      await setPartnerApiKey("api-key-123");
 
-      expect(useSettingsStore.getState().isMerchantApiKeySet).toBe(true);
+      expect(useSettingsStore.getState().isPartnerApiKeySet).toBe(true);
       expect(SecureStore.setItemAsync).toHaveBeenCalledWith(
-        "merchant_api_key",
+        "partner_api_key",
         "api-key-123",
       );
     });
 
     it("should retrieve API key from secure storage", async () => {
       // First store the key
-      await useSettingsStore.getState().setMerchantApiKey("api-key-456");
+      await useSettingsStore.getState().setPartnerApiKey("api-key-456");
 
       // Then retrieve it
-      const apiKey = await useSettingsStore.getState().getMerchantApiKey();
+      const apiKey = await useSettingsStore.getState().getPartnerApiKey();
 
       expect(apiKey).toBe("api-key-456");
     });
 
     it("should clear API key from secure storage", async () => {
       // First store a key
-      await useSettingsStore.getState().setMerchantApiKey("api-key-789");
-      expect(useSettingsStore.getState().isMerchantApiKeySet).toBe(true);
+      await useSettingsStore.getState().setPartnerApiKey("api-key-789");
+      expect(useSettingsStore.getState().isPartnerApiKeySet).toBe(true);
 
       // Clear it
-      await useSettingsStore.getState().clearMerchantApiKey();
+      await useSettingsStore.getState().clearPartnerApiKey();
 
-      expect(useSettingsStore.getState().isMerchantApiKeySet).toBe(false);
+      expect(useSettingsStore.getState().isPartnerApiKeySet).toBe(false);
       expect(SecureStore.deleteItemAsync).toHaveBeenCalledWith(
-        "merchant_api_key",
+        "partner_api_key",
       );
     });
 
     it("should remove API key when setting null", async () => {
       // First store a key
-      await useSettingsStore.getState().setMerchantApiKey("api-key-to-remove");
+      await useSettingsStore.getState().setPartnerApiKey("api-key-to-remove");
 
       // Set to null
-      await useSettingsStore.getState().setMerchantApiKey(null);
+      await useSettingsStore.getState().setPartnerApiKey(null);
 
       expect(SecureStore.deleteItemAsync).toHaveBeenCalledWith(
-        "merchant_api_key",
+        "partner_api_key",
       );
     });
 
     it("should return null when no API key is stored", async () => {
-      const apiKey = await useSettingsStore.getState().getMerchantApiKey();
+      const apiKey = await useSettingsStore.getState().getPartnerApiKey();
       expect(apiKey).toBeNull();
     });
   });
diff --git a/dapps/pos-app/__tests__/utils/store-helpers.ts b/dapps/pos-app/__tests__/utils/store-helpers.ts
index f25586ba..bda274ae 100644
--- a/dapps/pos-app/__tests__/utils/store-helpers.ts
+++ b/dapps/pos-app/__tests__/utils/store-helpers.ts
@@ -16,7 +16,7 @@ export function resetSettingsStore() {
     variant: "default",
     _hasHydrated: false,
     merchantId: null,
-    isMerchantApiKeySet: false,
+    isPartnerApiKeySet: false,
     pinFailedAttempts: 0,
     pinLockoutUntil: null,
     biometricEnabled: false,
@@ -51,11 +51,11 @@ export async function setupTestMerchant(
 ): Promise<() => Promise<void>> {
   // eslint-disable-next-line @typescript-eslint/no-require-imports
   const SecureStore = require("expo-secure-store");
-  await SecureStore.setItemAsync("merchant_api_key", apiKey);
+  await SecureStore.setItemAsync("partner_api_key", apiKey);
 
   useSettingsStore.setState({
     merchantId,
-    isMerchantApiKeySet: true,
+    isPartnerApiKeySet: true,
   });
 
   // Return cleanup function for use in afterEach or manual cleanup
@@ -68,10 +68,10 @@ export async function setupTestMerchant(
 export async function clearTestMerchant() {
   // eslint-disable-next-line @typescript-eslint/no-require-imports
   const SecureStore = require("expo-secure-store");
-  await SecureStore.deleteItemAsync("merchant_api_key");
+  await SecureStore.deleteItemAsync("partner_api_key");
 
   useSettingsStore.setState({
     merchantId: null,
-    isMerchantApiKeySet: false,
+    isPartnerApiKeySet: false,
   });
 }
diff --git a/dapps/pos-app/app/_layout.tsx b/dapps/pos-app/app/_layout.tsx
index 1404ff9d..5beff6df 100644
--- a/dapps/pos-app/app/_layout.tsx
+++ b/dapps/pos-app/app/_layout.tsx
@@ -28,7 +28,10 @@ import { useLogsStore } from "@/store/useLogsStore";
 import { useSettingsStore } from "@/store/useSettingsStore";
 import { getDeviceIdentifier } from "@/utils/misc";
 import { requestBluetoothPermission } from "@/utils/printer";
-import { clearStaleSecureStorage } from "@/utils/secure-storage";
+import {
+  clearStaleSecureStorage,
+  migratePartnerApiKey,
+} from "@/utils/secure-storage";
 import { showInfoToast } from "@/utils/toast";
 import { toastConfig } from "@/utils/toasts";
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
@@ -71,7 +74,17 @@ export default Sentry.wrap(function RootLayout() {
   });
 
   useEffect(() => {
-    clearStaleSecureStorage();
+    const initializeStorage = async () => {
+      clearStaleSecureStorage();
+      await migratePartnerApiKey();
+
+      // Sync isPartnerApiKeySet flag after migration in case a key was migrated
+      const apiKey = await useSettingsStore.getState().getPartnerApiKey();
+      if (apiKey && !useSettingsStore.getState().isPartnerApiKeySet) {
+        useSettingsStore.setState({ isPartnerApiKeySet: true });
+      }
+    };
+    initializeStorage();
   }, []);
 
   useEffect(() => {
diff --git a/dapps/pos-app/app/index.tsx b/dapps/pos-app/app/index.tsx
index dcb8c164..33677607 100644
--- a/dapps/pos-app/app/index.tsx
+++ b/dapps/pos-app/app/index.tsx
@@ -17,10 +17,10 @@ export default function HomeScreen() {
   ]);
 
   const Theme = useTheme();
-  const { merchantId, isMerchantApiKeySet } = useSettingsStore();
+  const { merchantId, isPartnerApiKeySet } = useSettingsStore();
 
   const handleStartPayment = () => {
-    if (!merchantId || !isMerchantApiKeySet) {
+    if (!merchantId || !isPartnerApiKeySet) {
       router.push("/settings");
       showErrorToast("Merchant information not configured");
       return;
diff --git a/dapps/pos-app/app/settings.tsx b/dapps/pos-app/app/settings.tsx
index fa8258b9..da8a540d 100644
--- a/dapps/pos-app/app/settings.tsx
+++ b/dapps/pos-app/app/settings.tsx
@@ -55,16 +55,16 @@ export default function SettingsScreen() {
 
   const {
     merchantIdInput,
-    merchantApiKeyInput,
+    partnerApiKeyInput,
     activeModal,
     pinError,
     isMerchantIdConfirmDisabled,
-    isMerchantApiKeyConfirmDisabled,
-    hasStoredMerchantApiKey,
+    isPartnerApiKeyConfirmDisabled,
+    hasStoredPartnerApiKey,
     handleMerchantIdInputChange,
-    handleMerchantApiKeyInputChange,
+    handlePartnerApiKeyInputChange,
     handleMerchantIdConfirm,
-    handleMerchantApiKeyConfirm,
+    handlePartnerApiKeyConfirm,
     handlePinVerifyComplete,
     handleBiometricAuthSuccess,
     handleBiometricAuthFailure,
@@ -260,12 +260,12 @@ export default function SettingsScreen() {
           </ThemedText>
           <View style={styles.merchantInputRow}>
             <TextInput
-              value={merchantApiKeyInput}
-              onChangeText={handleMerchantApiKeyInputChange}
+              value={partnerApiKeyInput}
+              onChangeText={handlePartnerApiKeyInputChange}
               placeholder={
-                hasStoredMerchantApiKey
+                hasStoredPartnerApiKey
                   ? "****************"
-                  : "Enter merchant API key"
+                  : "Enter partner API key"
               }
               placeholderTextColor={theme["text-tertiary"]}
               autoCapitalize="none"
@@ -281,12 +281,12 @@ export default function SettingsScreen() {
               ]}
             />
             <Button
-              onPress={handleMerchantApiKeyConfirm}
-              disabled={isMerchantApiKeyConfirmDisabled}
+              onPress={handlePartnerApiKeyConfirm}
+              disabled={isPartnerApiKeyConfirmDisabled}
               style={[
                 styles.confirmButton,
                 {
-                  backgroundColor: isMerchantApiKeyConfirmDisabled
+                  backgroundColor: isPartnerApiKeyConfirmDisabled
                     ? theme["foreground-tertiary"]
                     : theme["bg-accent-primary"],
                 },
diff --git a/dapps/pos-app/hooks/use-merchant-flow.ts b/dapps/pos-app/hooks/use-merchant-flow.ts
index c0c69299..9ad4b60a 100644
--- a/dapps/pos-app/hooks/use-merchant-flow.ts
+++ b/dapps/pos-app/hooks/use-merchant-flow.ts
@@ -4,12 +4,12 @@ import { showErrorToast, showSuccessToast } from "@/utils/toast";
 import { useCallback, useEffect, useState } from "react";
 
 type ModalType = "none" | "pin-verify" | "pin-setup";
-type PendingAction = "merchant-id" | "merchant-api-key" | null;
+type PendingAction = "merchant-id" | "partner-api-key" | null;
 
 interface MerchantFlowState {
   merchantIdInput: string;
-  merchantApiKeyInput: string;
-  storedMerchantApiKey: string | null;
+  partnerApiKeyInput: string;
+  storedPartnerApiKey: string | null;
   activeModal: ModalType;
   pinError: string | null;
   pendingValue: string | null;
@@ -18,8 +18,8 @@ interface MerchantFlowState {
 
 const initialState: MerchantFlowState = {
   merchantIdInput: "",
-  merchantApiKeyInput: "",
-  storedMerchantApiKey: null,
+  partnerApiKeyInput: "",
+  storedPartnerApiKey: null,
   activeModal: "none",
   pinError: null,
   pendingValue: null,
@@ -30,12 +30,8 @@ export function useMerchantFlow() {
   const storedMerchantId = useSettingsStore((state) => state.merchantId);
   const setMerchantId = useSettingsStore((state) => state.setMerchantId);
   const clearMerchantId = useSettingsStore((state) => state.clearMerchantId);
-  const getMerchantApiKey = useSettingsStore(
-    (state) => state.getMerchantApiKey,
-  );
-  const setMerchantApiKey = useSettingsStore(
-    (state) => state.setMerchantApiKey,
-  );
+  const getPartnerApiKey = useSettingsStore((state) => state.getPartnerApiKey);
+  const setPartnerApiKey = useSettingsStore((state) => state.setPartnerApiKey);
   const isPinSet = useSettingsStore((state) => state.isPinSet);
   const verifyPin = useSettingsStore((state) => state.verifyPin);
   const setPin = useSettingsStore((state) => state.setPin);
@@ -61,17 +57,17 @@ export function useMerchantFlow() {
     }));
   }, [storedMerchantId]);
 
-  // Load merchant API key from secure storage (only store internally, don't show in input)
+  // Load partner API key from secure storage (only store internally, don't show in input)
   useEffect(() => {
     const loadApiKey = async () => {
-      const apiKey = await getMerchantApiKey();
+      const apiKey = await getPartnerApiKey();
       setState((prev) => ({
         ...prev,
-        storedMerchantApiKey: apiKey,
+        storedPartnerApiKey: apiKey,
       }));
     };
     loadApiKey();
-  }, [getMerchantApiKey]);
+  }, [getPartnerApiKey]);
 
   const formatLockoutMessage = useCallback(() => {
     const remaining = getLockoutRemainingSeconds();
@@ -87,10 +83,10 @@ export function useMerchantFlow() {
     }));
   }, []);
 
-  const handleMerchantApiKeyInputChange = useCallback((value: string) => {
+  const handlePartnerApiKeyInputChange = useCallback((value: string) => {
     setState((prev) => ({
       ...prev,
-      merchantApiKeyInput: value,
+      partnerApiKeyInput: value,
     }));
   }, []);
 
@@ -134,14 +130,14 @@ export function useMerchantFlow() {
     await initiateSave(trimmedMerchantId || "", "merchant-id");
   }, [state.merchantIdInput, storedMerchantId, initiateSave]);
 
-  const handleMerchantApiKeyConfirm = useCallback(async () => {
-    const trimmedApiKey = state.merchantApiKeyInput.trim();
+  const handlePartnerApiKeyConfirm = useCallback(async () => {
+    const trimmedApiKey = state.partnerApiKeyInput.trim();
     if (!trimmedApiKey) {
       return;
     }
 
-    await initiateSave(trimmedApiKey, "merchant-api-key");
-  }, [state.merchantApiKeyInput, initiateSave]);
+    await initiateSave(trimmedApiKey, "partner-api-key");
+  }, [state.partnerApiKeyInput, initiateSave]);
 
   const completeSave = useCallback(async () => {
     if (state.pendingValue === null || !state.pendingAction) {
@@ -175,15 +171,15 @@ export function useMerchantFlow() {
             "completeSave",
           );
         }
-      } else if (state.pendingAction === "merchant-api-key") {
-        await setMerchantApiKey(state.pendingValue);
+      } else if (state.pendingAction === "partner-api-key") {
+        await setPartnerApiKey(state.pendingValue);
         setState((prev) => ({
           ...prev,
-          storedMerchantApiKey: state.pendingValue,
-          merchantApiKeyInput: "", // Clear input after saving
+          storedPartnerApiKey: state.pendingValue,
+          partnerApiKeyInput: "", // Clear input after saving
         }));
-        showSuccessToast("Merchant API key saved successfully");
-        addLog("info", "Merchant API key updated", "settings", "completeSave");
+        showSuccessToast("Partner API key saved successfully");
+        addLog("info", "Partner API key updated", "settings", "completeSave");
       }
 
       setState((prev) => ({
@@ -203,7 +199,7 @@ export function useMerchantFlow() {
     state.pendingAction,
     setMerchantId,
     clearMerchantId,
-    setMerchantApiKey,
+    setPartnerApiKey,
     addLog,
   ]);
 
@@ -270,7 +266,7 @@ export function useMerchantFlow() {
       pendingValue: null,
       pendingAction: null,
       merchantIdInput: storedMerchantId ?? "",
-      merchantApiKeyInput: "", // Clear input on cancel
+      partnerApiKeyInput: "", // Clear input on cancel
     }));
   }, [storedMerchantId]);
 
@@ -278,27 +274,27 @@ export function useMerchantFlow() {
   const isMerchantIdConfirmDisabled =
     state.merchantIdInput.trim() === (storedMerchantId ?? "");
 
-  const isMerchantApiKeyConfirmDisabled =
-    state.merchantApiKeyInput.trim().length === 0;
+  const isPartnerApiKeyConfirmDisabled =
+    state.partnerApiKeyInput.trim().length === 0;
 
-  const hasStoredMerchantApiKey = state.storedMerchantApiKey !== null;
+  const hasStoredPartnerApiKey = state.storedPartnerApiKey !== null;
 
   return {
     // State
     merchantIdInput: state.merchantIdInput,
-    merchantApiKeyInput: state.merchantApiKeyInput,
+    partnerApiKeyInput: state.partnerApiKeyInput,
     activeModal: state.activeModal,
     pinError: state.pinError,
     storedMerchantId,
     isMerchantIdConfirmDisabled,
-    isMerchantApiKeyConfirmDisabled,
-    hasStoredMerchantApiKey,
+    isPartnerApiKeyConfirmDisabled,
+    hasStoredPartnerApiKey,
 
     // Handlers
     handleMerchantIdInputChange,
-    handleMerchantApiKeyInputChange,
+    handlePartnerApiKeyInputChange,
     handleMerchantIdConfirm,
-    handleMerchantApiKeyConfirm,
+    handlePartnerApiKeyConfirm,
     handlePinVerifyComplete,
     handleBiometricAuthSuccess,
     handleBiometricAuthFailure,
diff --git a/dapps/pos-app/services/payment.ts b/dapps/pos-app/services/payment.ts
index 8ce9ba7a..ce340041 100644
--- a/dapps/pos-app/services/payment.ts
+++ b/dapps/pos-app/services/payment.ts
@@ -13,18 +13,18 @@ import { apiClient } from "./client";
  */
 async function getApiHeaders(): Promise<Record<string, string>> {
   const merchantId = useSettingsStore.getState().merchantId;
-  const merchantApiKey = await useSettingsStore.getState().getMerchantApiKey();
+  const partnerApiKey = await useSettingsStore.getState().getPartnerApiKey();
 
   if (!merchantId || merchantId.trim().length === 0) {
     throw new Error("Merchant ID is not configured");
   }
 
-  if (!merchantApiKey || merchantApiKey.trim().length === 0) {
-    throw new Error("Merchant API key is not configured");
+  if (!partnerApiKey || partnerApiKey.trim().length === 0) {
+    throw new Error("Partner API key is not configured");
   }
 
   return {
-    "Api-Key": merchantApiKey,
+    "Api-Key": partnerApiKey,
     "Merchant-Id": merchantId,
     "Sdk-Name": "pos-device",
     "Sdk-Version": "1.0.0",
diff --git a/dapps/pos-app/services/payment.web.ts b/dapps/pos-app/services/payment.web.ts
index 82cf18ca..63db2056 100644
--- a/dapps/pos-app/services/payment.web.ts
+++ b/dapps/pos-app/services/payment.web.ts
@@ -16,14 +16,14 @@ async function getMerchantCredentials(): Promise<{
   apiKey: string;
 }> {
   const merchantId = useSettingsStore.getState().merchantId;
-  const apiKey = await useSettingsStore.getState().getMerchantApiKey();
+  const apiKey = await useSettingsStore.getState().getPartnerApiKey();
 
   if (!merchantId || merchantId.trim().length === 0) {
     throw new Error("Merchant ID is not configured");
   }
 
   if (!apiKey || apiKey.trim().length === 0) {
-    throw new Error("Merchant API key is not configured");
+    throw new Error("Partner API key is not configured");
   }
 
   return { merchantId, apiKey };
diff --git a/dapps/pos-app/store/useSettingsStore.ts b/dapps/pos-app/store/useSettingsStore.ts
index 1718d483..0e418683 100644
--- a/dapps/pos-app/store/useSettingsStore.ts
+++ b/dapps/pos-app/store/useSettingsStore.ts
@@ -51,7 +51,7 @@ interface SettingsStore {
   currency: CurrencyCode;
   _hasHydrated: boolean;
   merchantId: string | null;
-  isMerchantApiKeySet: boolean;
+  isPartnerApiKeySet: boolean;
 
   // Transaction filter
   transactionFilter: TransactionFilterType;
@@ -69,9 +69,9 @@ interface SettingsStore {
   setCurrency: (currency: CurrencyCode) => void;
   setMerchantId: (merchantId: string | null) => void;
   clearMerchantId: () => Promise<string | null>;
-  setMerchantApiKey: (apiKey: string | null) => Promise<void>;
-  clearMerchantApiKey: () => Promise<void>;
-  getMerchantApiKey: () => Promise<string | null>;
+  setPartnerApiKey: (apiKey: string | null) => Promise<void>;
+  clearPartnerApiKey: () => Promise<void>;
+  getPartnerApiKey: () => Promise<string | null>;
 
   // PIN actions
   setPin: (pin: string) => Promise<void>;
@@ -98,7 +98,7 @@ export const useSettingsStore = create<SettingsStore>()(
       currency: "USD",
       _hasHydrated: false,
       merchantId: null,
-      isMerchantApiKeySet: false,
+      isPartnerApiKeySet: false,
       transactionFilter: "all",
       pinFailedAttempts: 0,
       pinLockoutUntil: null,
@@ -126,44 +126,41 @@ export const useSettingsStore = create<SettingsStore>()(
         // Reset both merchant ID and API key to env defaults
         const defaultMerchantId = MerchantConfig.getDefaultMerchantId();
         set({ merchantId: defaultMerchantId });
-        const defaultApiKey = MerchantConfig.getDefaultMerchantApiKey();
+        const defaultApiKey = MerchantConfig.getDefaultPartnerApiKey();
         if (defaultApiKey) {
           await secureStorage.setItem(
-            SECURE_STORAGE_KEYS.MERCHANT_API_KEY,
+            SECURE_STORAGE_KEYS.PARTNER_API_KEY,
             defaultApiKey,
           );
-          set({ isMerchantApiKeySet: true });
+          set({ isPartnerApiKeySet: true });
         } else {
-          await secureStorage.removeItem(SECURE_STORAGE_KEYS.MERCHANT_API_KEY);
-          set({ isMerchantApiKeySet: false });
+          await secureStorage.removeItem(SECURE_STORAGE_KEYS.PARTNER_API_KEY);
+          set({ isPartnerApiKeySet: false });
         }
         return defaultMerchantId;
       },
-      setMerchantApiKey: async (apiKey: string | null) => {
+      setPartnerApiKey: async (apiKey: string | null) => {
         try {
           if (apiKey) {
             await secureStorage.setItem(
-              SECURE_STORAGE_KEYS.MERCHANT_API_KEY,
+              SECURE_STORAGE_KEYS.PARTNER_API_KEY,
               apiKey,
             );
-            set({ isMerchantApiKeySet: true });
+            set({ isPartnerApiKeySet: true });
           } else {
-            await secureStorage.removeItem(
-              SECURE_STORAGE_KEYS.MERCHANT_API_KEY,
-            );
+            await secureStorage.removeItem(SECURE_STORAGE_KEYS.PARTNER_API_KEY);
+            set({ isPartnerApiKeySet: false });
           }
         } catch {
           throw new Error("Failed to save credentials securely");
         }
       },
-      clearMerchantApiKey: async () => {
-        await secureStorage.removeItem(SECURE_STORAGE_KEYS.MERCHANT_API_KEY);
-        set({ isMerchantApiKeySet: false });
+      clearPartnerApiKey: async () => {
+        await secureStorage.removeItem(SECURE_STORAGE_KEYS.PARTNER_API_KEY);
+        set({ isPartnerApiKeySet: false });
       },
-      getMerchantApiKey: async () => {
-        return await secureStorage.getItem(
-          SECURE_STORAGE_KEYS.MERCHANT_API_KEY,
-        );
+      getPartnerApiKey: async () => {
+        return await secureStorage.getItem(SECURE_STORAGE_KEYS.PARTNER_API_KEY);
       },
 
       // PIN methods
@@ -268,8 +265,6 @@ export const useSettingsStore = create<SettingsStore>()(
           persistedState.biometricEnabled = false;
         }
         if (version < 8) {
-          persistedState.isMerchantApiKeySet = false;
-
           // Store pinHash temporarily for migration in onRehydrateStorage
           const pinHash = persistedState.pinHash;
           delete persistedState.pinHash;
@@ -317,14 +312,14 @@ export const useSettingsStore = create<SettingsStore>()(
 
           // Initialize merchant defaults from env if not set
           const defaultMerchantId = MerchantConfig.getDefaultMerchantId();
-          const defaultApiKey = MerchantConfig.getDefaultMerchantApiKey();
+          const defaultApiKey = MerchantConfig.getDefaultPartnerApiKey();
 
           if (!state.merchantId && defaultMerchantId) {
             state.setMerchantId(defaultMerchantId);
           }
 
-          if (!state.isMerchantApiKeySet && defaultApiKey) {
-            await state.setMerchantApiKey(defaultApiKey);
+          if (!state.isPartnerApiKeySet && defaultApiKey) {
+            await state.setPartnerApiKey(defaultApiKey);
           }
         }
 
diff --git a/dapps/pos-app/utils/merchant-config.ts b/dapps/pos-app/utils/merchant-config.ts
index 56762a9d..e8477597 100644
--- a/dapps/pos-app/utils/merchant-config.ts
+++ b/dapps/pos-app/utils/merchant-config.ts
@@ -1,10 +1,10 @@
 const DEFAULT_MERCHANT_ID = process.env.EXPO_PUBLIC_DEFAULT_MERCHANT_ID ?? null;
-const DEFAULT_MERCHANT_API_KEY =
-  process.env.EXPO_PUBLIC_DEFAULT_MERCHANT_API_KEY ?? null;
+const DEFAULT_PARTNER_API_KEY =
+  process.env.EXPO_PUBLIC_DEFAULT_PARTNER_API_KEY ?? null;
 
 export const MerchantConfig = {
   getDefaultMerchantId: (): string | null => DEFAULT_MERCHANT_ID,
-  getDefaultMerchantApiKey: (): string | null => DEFAULT_MERCHANT_API_KEY,
+  getDefaultPartnerApiKey: (): string | null => DEFAULT_PARTNER_API_KEY,
   hasEnvDefaults: (): boolean =>
-    Boolean(DEFAULT_MERCHANT_ID && DEFAULT_MERCHANT_API_KEY),
+    Boolean(DEFAULT_MERCHANT_ID && DEFAULT_PARTNER_API_KEY),
 };
diff --git a/dapps/pos-app/utils/secure-storage.ts b/dapps/pos-app/utils/secure-storage.ts
index 4560bfbf..00f9c698 100644
--- a/dapps/pos-app/utils/secure-storage.ts
+++ b/dapps/pos-app/utils/secure-storage.ts
@@ -2,7 +2,7 @@ import * as SecureStore from "expo-secure-store";
 import { storage } from "./storage";
 
 const KEYS = {
-  MERCHANT_API_KEY: "merchant_api_key",
+  PARTNER_API_KEY: "partner_api_key",
   PIN_HASH: "pin_hash",
 } as const;
 
@@ -12,13 +12,27 @@ export async function clearStaleSecureStorage(): Promise<void> {
   const hasLaunchedBefore = storage.getItem<boolean>(FRESH_INSTALL_KEY);
 
   if (!hasLaunchedBefore) {
-    await SecureStore.deleteItemAsync(KEYS.MERCHANT_API_KEY);
+    await SecureStore.deleteItemAsync(KEYS.PARTNER_API_KEY);
     await SecureStore.deleteItemAsync(KEYS.PIN_HASH);
 
     storage.setItem(FRESH_INSTALL_KEY, true);
   }
 }
 
+export async function migratePartnerApiKey(): Promise<void> {
+  const OLD_KEY = "merchant_api_key";
+  const NEW_KEY = "partner_api_key";
+
+  const oldValue = await SecureStore.getItemAsync(OLD_KEY);
+  if (oldValue) {
+    const newValue = await SecureStore.getItemAsync(NEW_KEY);
+    if (!newValue) {
+      await SecureStore.setItemAsync(NEW_KEY, oldValue);
+    }
+    await SecureStore.deleteItemAsync(OLD_KEY);
+  }
+}
+
 export const secureStorage = {
   async getItem(key: string): Promise<string | null> {
     try {
diff --git a/dapps/pos-app/utils/secure-storage.web.ts b/dapps/pos-app/utils/secure-storage.web.ts
index 93174556..0faab0f6 100644
--- a/dapps/pos-app/utils/secure-storage.web.ts
+++ b/dapps/pos-app/utils/secure-storage.web.ts
@@ -78,6 +78,23 @@ export const secureStorage = {
 };
 
 export const SECURE_STORAGE_KEYS = {
-  MERCHANT_API_KEY: "merchant_api_key",
+  PARTNER_API_KEY: "partner_api_key",
   PIN_HASH: "pin_hash",
 } as const;
+
+export async function migratePartnerApiKey(): Promise<void> {
+  const OLD_KEY = getKey("merchant_api_key");
+  const NEW_KEY = getKey("partner_api_key");
+
+  const storage = getStorage();
+  if (!storage) return;
+
+  const oldValue = storage.getItem(OLD_KEY);
+  if (oldValue) {
+    const newValue = storage.getItem(NEW_KEY);
+    if (!newValue) {
+      storage.setItem(NEW_KEY, oldValue);
+    }
+    storage.removeItem(OLD_KEY);
+  }
+}

From 7724eb5d63a9fc5f29d17e20e21d0797af0e3863 Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 30 Jan 2026 13:39:04 -0300
Subject: [PATCH 2/5] fix(pos-app): address PR review feedback for partner API
 key rename

- Add migration completion tracking to avoid running on every app start
- Move migration to onRehydrateStorage to fix race condition with defaults
- Update user-facing text from "merchant settings" to "partner settings"
- Update JSDoc comment in payment.ts for new terminology
- Add test coverage for migration function (5 test cases)
- Simplify _layout.tsx by removing redundant migration call

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../__tests__/utils/secure-storage.test.ts    | 105 ++++++++++++++++++
 dapps/pos-app/app/_layout.tsx                 |  19 +---
 dapps/pos-app/app/settings.tsx                |   4 +-
 dapps/pos-app/services/payment.ts             |   4 +-
 dapps/pos-app/store/useSettingsStore.ts       |  14 ++-
 dapps/pos-app/utils/secure-storage.ts         |  18 ++-
 dapps/pos-app/utils/secure-storage.web.ts     |  23 +++-
 7 files changed, 162 insertions(+), 25 deletions(-)
 create mode 100644 dapps/pos-app/__tests__/utils/secure-storage.test.ts

diff --git a/dapps/pos-app/__tests__/utils/secure-storage.test.ts b/dapps/pos-app/__tests__/utils/secure-storage.test.ts
new file mode 100644
index 00000000..84df358f
--- /dev/null
+++ b/dapps/pos-app/__tests__/utils/secure-storage.test.ts
@@ -0,0 +1,105 @@
+/**
+ * Secure Storage Tests
+ *
+ * Tests for the secure storage migration function.
+ */
+
+import { migratePartnerApiKey } from "@/utils/secure-storage";
+import { storage } from "@/utils/storage";
+
+// Get the mocked secure store
+const SecureStore = require("expo-secure-store");
+
+describe("migratePartnerApiKey", () => {
+  beforeEach(() => {
+    // Clear secure storage mock between tests
+    if (SecureStore.__clearMockStorage) {
+      SecureStore.__clearMockStorage();
+    }
+    // Clear the migration completed flag
+    storage.removeItem("migration_partner_api_key_completed");
+  });
+
+  it("should migrate from old key to new key when old key exists", async () => {
+    // Set up old key
+    await SecureStore.setItemAsync("merchant_api_key", "test-api-key-123");
+
+    const migrated = await migratePartnerApiKey();
+
+    expect(migrated).toBe(true);
+    expect(SecureStore.setItemAsync).toHaveBeenCalledWith(
+      "partner_api_key",
+      "test-api-key-123",
+    );
+    expect(SecureStore.deleteItemAsync).toHaveBeenCalledWith("merchant_api_key");
+  });
+
+  it("should not overwrite existing new key", async () => {
+    // Set up both old and new keys
+    await SecureStore.setItemAsync("merchant_api_key", "old-api-key");
+    await SecureStore.setItemAsync("partner_api_key", "existing-new-key");
+
+    // Clear mock calls from setup
+    jest.clearAllMocks();
+
+    const migrated = await migratePartnerApiKey();
+
+    // Should still delete old key but not set new key (existing value preserved)
+    expect(migrated).toBe(false);
+    expect(SecureStore.setItemAsync).not.toHaveBeenCalledWith(
+      "partner_api_key",
+      expect.anything(),
+    );
+    expect(SecureStore.deleteItemAsync).toHaveBeenCalledWith("merchant_api_key");
+  });
+
+  it("should do nothing when old key does not exist", async () => {
+    // No keys set up
+
+    const migrated = await migratePartnerApiKey();
+
+    expect(migrated).toBe(false);
+    expect(SecureStore.setItemAsync).not.toHaveBeenCalledWith(
+      "partner_api_key",
+      expect.anything(),
+    );
+    expect(SecureStore.deleteItemAsync).not.toHaveBeenCalled();
+  });
+
+  it("should track migration completion and skip on subsequent calls", async () => {
+    // Set up old key
+    await SecureStore.setItemAsync("merchant_api_key", "test-api-key");
+
+    // First call should perform migration
+    const firstResult = await migratePartnerApiKey();
+    expect(firstResult).toBe(true);
+
+    // Clear mocks but keep storage state
+    jest.clearAllMocks();
+
+    // Set up old key again to simulate what would happen if migration ran again
+    await SecureStore.setItemAsync("merchant_api_key", "another-key");
+
+    // Second call should skip due to completion flag
+    const secondResult = await migratePartnerApiKey();
+    expect(secondResult).toBe(false);
+
+    // Should not have attempted to read/write secure storage for migration
+    // (only the setup call above)
+    expect(SecureStore.getItemAsync).not.toHaveBeenCalledWith("merchant_api_key");
+  });
+
+  it("should properly clean up old key after migration", async () => {
+    await SecureStore.setItemAsync("merchant_api_key", "api-key-to-migrate");
+
+    await migratePartnerApiKey();
+
+    // Verify old key was deleted
+    const oldValue = await SecureStore.getItemAsync("merchant_api_key");
+    expect(oldValue).toBeNull();
+
+    // Verify new key has the value
+    const newValue = await SecureStore.getItemAsync("partner_api_key");
+    expect(newValue).toBe("api-key-to-migrate");
+  });
+});
diff --git a/dapps/pos-app/app/_layout.tsx b/dapps/pos-app/app/_layout.tsx
index 5beff6df..9351af8e 100644
--- a/dapps/pos-app/app/_layout.tsx
+++ b/dapps/pos-app/app/_layout.tsx
@@ -28,10 +28,7 @@ import { useLogsStore } from "@/store/useLogsStore";
 import { useSettingsStore } from "@/store/useSettingsStore";
 import { getDeviceIdentifier } from "@/utils/misc";
 import { requestBluetoothPermission } from "@/utils/printer";
-import {
-  clearStaleSecureStorage,
-  migratePartnerApiKey,
-} from "@/utils/secure-storage";
+import { clearStaleSecureStorage } from "@/utils/secure-storage";
 import { showInfoToast } from "@/utils/toast";
 import { toastConfig } from "@/utils/toasts";
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
@@ -74,17 +71,9 @@ export default Sentry.wrap(function RootLayout() {
   });
 
   useEffect(() => {
-    const initializeStorage = async () => {
-      clearStaleSecureStorage();
-      await migratePartnerApiKey();
-
-      // Sync isPartnerApiKeySet flag after migration in case a key was migrated
-      const apiKey = await useSettingsStore.getState().getPartnerApiKey();
-      if (apiKey && !useSettingsStore.getState().isPartnerApiKeySet) {
-        useSettingsStore.setState({ isPartnerApiKeySet: true });
-      }
-    };
-    initializeStorage();
+    // clearStaleSecureStorage handles fresh installs (clears secure storage on first launch)
+    // Migration is handled in useSettingsStore's onRehydrateStorage to avoid race conditions
+    clearStaleSecureStorage();
   }, []);
 
   useEffect(() => {
diff --git a/dapps/pos-app/app/settings.tsx b/dapps/pos-app/app/settings.tsx
index da8a540d..c6388590 100644
--- a/dapps/pos-app/app/settings.tsx
+++ b/dapps/pos-app/app/settings.tsx
@@ -157,7 +157,7 @@ export default function SettingsScreen() {
 
   const handleBiometricAuth = async () => {
     const success = await authenticate(
-      `Use ${biometricLabel} to change merchant settings`,
+      `Use ${biometricLabel} to change partner settings`,
     );
 
     if (success) {
@@ -354,7 +354,7 @@ export default function SettingsScreen() {
       <PinModal
         visible={activeModal === "pin-verify"}
         title="Enter PIN"
-        subtitle="Enter your PIN to save merchant settings"
+        subtitle="Enter your PIN to save partner settings"
         onComplete={handlePinVerifyComplete}
         onCancel={handleCancelSecurityFlow}
         error={pinError}
diff --git a/dapps/pos-app/services/payment.ts b/dapps/pos-app/services/payment.ts
index ce340041..35f337b4 100644
--- a/dapps/pos-app/services/payment.ts
+++ b/dapps/pos-app/services/payment.ts
@@ -7,9 +7,9 @@ import {
 import { apiClient } from "./client";
 
 /**
- * Get merchant API headers for authenticated requests
+ * Get API headers for authenticated requests
  * @returns Headers object with Api-Key, Merchant-Id, and SDK headers
- * @throws Error if API key or merchant ID is missing
+ * @throws Error if partner API key or merchant ID is missing
  */
 async function getApiHeaders(): Promise<Record<string, string>> {
   const merchantId = useSettingsStore.getState().merchantId;
diff --git a/dapps/pos-app/store/useSettingsStore.ts b/dapps/pos-app/store/useSettingsStore.ts
index 0e418683..792718fc 100644
--- a/dapps/pos-app/store/useSettingsStore.ts
+++ b/dapps/pos-app/store/useSettingsStore.ts
@@ -2,7 +2,11 @@ import { DEFAULT_LOGO_BASE64 } from "@/constants/printer-logos";
 import { VariantName, Variants } from "@/constants/variants";
 import { CurrencyCode } from "@/utils/currency";
 import { MerchantConfig } from "@/utils/merchant-config";
-import { SECURE_STORAGE_KEYS, secureStorage } from "@/utils/secure-storage";
+import {
+  migratePartnerApiKey,
+  SECURE_STORAGE_KEYS,
+  secureStorage,
+} from "@/utils/secure-storage";
 import { storage } from "@/utils/storage";
 import { TransactionFilterType } from "@/utils/types";
 import * as Crypto from "expo-crypto";
@@ -310,6 +314,14 @@ export const useSettingsStore = create<SettingsStore>()(
             delete (state as any).__migrationData;
           }
 
+          // Run partner API key migration before applying defaults
+          // This ensures existing users keep their API key during the rename
+          const migrated = await migratePartnerApiKey();
+          if (migrated) {
+            // Migration was performed, sync the flag
+            state.isPartnerApiKeySet = true;
+          }
+
           // Initialize merchant defaults from env if not set
           const defaultMerchantId = MerchantConfig.getDefaultMerchantId();
           const defaultApiKey = MerchantConfig.getDefaultPartnerApiKey();
diff --git a/dapps/pos-app/utils/secure-storage.ts b/dapps/pos-app/utils/secure-storage.ts
index 00f9c698..87f09606 100644
--- a/dapps/pos-app/utils/secure-storage.ts
+++ b/dapps/pos-app/utils/secure-storage.ts
@@ -7,6 +7,7 @@ const KEYS = {
 } as const;
 
 const FRESH_INSTALL_KEY = "app_has_launched";
+const PARTNER_API_KEY_MIGRATION_KEY = "migration_partner_api_key_completed";
 
 export async function clearStaleSecureStorage(): Promise<void> {
   const hasLaunchedBefore = storage.getItem<boolean>(FRESH_INSTALL_KEY);
@@ -19,18 +20,33 @@ export async function clearStaleSecureStorage(): Promise<void> {
   }
 }
 
-export async function migratePartnerApiKey(): Promise<void> {
+/**
+ * Migrates partner API key from old storage key to new one.
+ * Tracks completion to avoid running on every app start.
+ * @returns true if migration was performed, false if skipped
+ */
+export async function migratePartnerApiKey(): Promise<boolean> {
+  const migrationCompleted = storage.getItem<boolean>(
+    PARTNER_API_KEY_MIGRATION_KEY,
+  );
+  if (migrationCompleted) return false;
+
   const OLD_KEY = "merchant_api_key";
   const NEW_KEY = "partner_api_key";
 
+  let migrated = false;
   const oldValue = await SecureStore.getItemAsync(OLD_KEY);
   if (oldValue) {
     const newValue = await SecureStore.getItemAsync(NEW_KEY);
     if (!newValue) {
       await SecureStore.setItemAsync(NEW_KEY, oldValue);
+      migrated = true;
     }
     await SecureStore.deleteItemAsync(OLD_KEY);
   }
+
+  storage.setItem(PARTNER_API_KEY_MIGRATION_KEY, true);
+  return migrated;
 }
 
 export const secureStorage = {
diff --git a/dapps/pos-app/utils/secure-storage.web.ts b/dapps/pos-app/utils/secure-storage.web.ts
index 0faab0f6..cdecd3c9 100644
--- a/dapps/pos-app/utils/secure-storage.web.ts
+++ b/dapps/pos-app/utils/secure-storage.web.ts
@@ -82,19 +82,34 @@ export const SECURE_STORAGE_KEYS = {
   PIN_HASH: "pin_hash",
 } as const;
 
-export async function migratePartnerApiKey(): Promise<void> {
-  const OLD_KEY = getKey("merchant_api_key");
-  const NEW_KEY = getKey("partner_api_key");
+const PARTNER_API_KEY_MIGRATION_KEY = "migration_partner_api_key_completed";
 
+/**
+ * Migrates partner API key from old storage key to new one.
+ * Tracks completion to avoid running on every app start.
+ * @returns true if migration was performed, false if skipped
+ */
+export async function migratePartnerApiKey(): Promise<boolean> {
   const storage = getStorage();
-  if (!storage) return;
+  if (!storage) return false;
+
+  const migrationCompleted = storage.getItem(PARTNER_API_KEY_MIGRATION_KEY);
+  if (migrationCompleted === "true") return false;
 
+  const OLD_KEY = getKey("merchant_api_key");
+  const NEW_KEY = getKey("partner_api_key");
+
+  let migrated = false;
   const oldValue = storage.getItem(OLD_KEY);
   if (oldValue) {
     const newValue = storage.getItem(NEW_KEY);
     if (!newValue) {
       storage.setItem(NEW_KEY, oldValue);
+      migrated = true;
     }
     storage.removeItem(OLD_KEY);
   }
+
+  storage.setItem(PARTNER_API_KEY_MIGRATION_KEY, "true");
+  return migrated;
 }

From f3a6486e3ea92bee204adfa715c9285b235e4539 Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 30 Jan 2026 15:41:20 -0300
Subject: [PATCH 3/5] fix(pos-app): keep "merchant settings" in PIN/biometric
 prompts

Reverted user-facing PIN and biometric prompt text to use "merchant settings"
instead of "partner settings" per user preference.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 dapps/pos-app/app/settings.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dapps/pos-app/app/settings.tsx b/dapps/pos-app/app/settings.tsx
index c6388590..7be908df 100644
--- a/dapps/pos-app/app/settings.tsx
+++ b/dapps/pos-app/app/settings.tsx
@@ -157,7 +157,7 @@ export default function SettingsScreen() {
 
   const handleBiometricAuth = async () => {
     const success = await authenticate(
-      `Use ${biometricLabel} to change partner settings`,
+      `Use ${biometricLabel} to change merchant settings`,
     );
 
     if (success) {

From 154083ec6d4af3ac15c5c7589b64142f5eee2fae Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 30 Jan 2026 15:41:44 -0300
Subject: [PATCH 4/5] fix(pos-app): revert PIN verify subtitle to merchant
 settings

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 dapps/pos-app/app/settings.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dapps/pos-app/app/settings.tsx b/dapps/pos-app/app/settings.tsx
index 7be908df..da8a540d 100644
--- a/dapps/pos-app/app/settings.tsx
+++ b/dapps/pos-app/app/settings.tsx
@@ -354,7 +354,7 @@ export default function SettingsScreen() {
       <PinModal
         visible={activeModal === "pin-verify"}
         title="Enter PIN"
-        subtitle="Enter your PIN to save partner settings"
+        subtitle="Enter your PIN to save merchant settings"
         onComplete={handlePinVerifyComplete}
         onCancel={handleCancelSecurityFlow}
         error={pinError}

From 859297bd4d3347ff1dbabede1f230a673c948d51 Mon Sep 17 00:00:00 2001
From: ignaciosantise <25931366+ignaciosantise@users.noreply.github.com>
Date: Fri, 30 Jan 2026 16:08:55 -0300
Subject: [PATCH 5/5] feat(pos-app): add logging after partner API key
 migration

Add an info log entry to track when the partner API key migration
from the old merchant_api_key is performed. This helps with debugging
and monitoring app updates in production.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 dapps/pos-app/store/useSettingsStore.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/dapps/pos-app/store/useSettingsStore.ts b/dapps/pos-app/store/useSettingsStore.ts
index 792718fc..86c89335 100644
--- a/dapps/pos-app/store/useSettingsStore.ts
+++ b/dapps/pos-app/store/useSettingsStore.ts
@@ -13,6 +13,7 @@ import * as Crypto from "expo-crypto";
 import { Appearance } from "react-native";
 import { create } from "zustand";
 import { persist } from "zustand/middleware";
+import { useLogsStore } from "./useLogsStore";
 
 async function hashPin(pin: string): Promise<string> {
   return await Crypto.digestStringAsync(
@@ -320,6 +321,12 @@ export const useSettingsStore = create<SettingsStore>()(
           if (migrated) {
             // Migration was performed, sync the flag
             state.isPartnerApiKeySet = true;
+            useLogsStore.getState().addLog(
+              "info",
+              "Partner API key migrated from merchant_api_key",
+              "Settings",
+              "onRehydrateStorage",
+            );
           }
 
           // Initialize merchant defaults from env if not set