ver. 0.296: REST API for ordersPRO — orders management, dictionaries, API key auth

- New API layer: ApiRouter, OrdersApiController, DictionariesApiController
- Orders API: list (with filters/pagination/updated_since), details, change status, set paid/unpaid
- Dictionaries API: order statuses, transport methods, payment methods
- X-Api-Key authentication via pp_settings.api_key
- OrderRepository: listForApi(), findForApi(), touchUpdatedAt()
- updated_at column on pp_shop_orders for polling support
- api.php: skip session for API requests, route to ApiRouter
- SettingsController: api_key field in system tab
- 30 new tests (666 total, 1930 assertions)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

CLAUDE.md

@@ -36,7 +36,7 @@ composer test
 
 PHPUnit 9.6 via `phpunit.phar`. Bootstrap: `tests/bootstrap.php`. Config: `phpunit.xml`.
 
-Current suite: **636 tests, 1868 assertions**.
+Current suite: **666 tests, 1930 assertions**.
 
 ### Creating Updates
 See `docs/UPDATE_INSTRUCTIONS.md` for the full procedure. Updates are ZIP packages in `updates/0.XX/`. Never include `*.md` files, `updates/changelog.php`, or root `.htaccess` in update ZIPs.
@@ -55,6 +55,9 @@ shopPRO/
 │   │   ├── Html/               # Html utility
 │   │   ├── Image/              # ImageManipulator
 │   │   └── Tpl/                # Template engine
+│   ├── api/                    # REST API layer (\api\)
+│   │   ├── ApiRouter.php       # API router (\api\ApiRouter)
+│   │   └── Controllers/        # API controllers (\api\Controllers\)
 │   ├── admin/                  # Admin panel layer
 │   │   ├── App.php             # Admin router (\admin\App)
 │   │   ├── Controllers/        # DI controllers (\admin\Controllers\) — 28 controllers
@@ -76,7 +79,8 @@ shopPRO/
 │   ├── stubs/                  # Test stubs (CacheHandler, Helpers, ShopProduct)
 │   └── Unit/
 │       ├── Domain/             # Repository tests
-│       └── admin/Controllers/  # Controller tests
+│       ├── admin/Controllers/  # Controller tests
+│       └── api/                # API tests
 ├── updates/                    # Update packages for clients
 ├── docs/                       # Technical documentation
 ├── config.php                  # Database/Redis config (not in repo)
@@ -85,7 +89,7 @@ shopPRO/
 ├── admin/index.php             # Admin entry point
 ├── admin/ajax.php              # Admin AJAX handler
 ├── cron.php                    # CRON jobs (Apilo sync)
-└── api.php                     # REST API
+└── api.php                     # REST API (ordersPRO + Ekomi)
 ```
 
 ### Autoloader
@@ -99,6 +103,7 @@ Custom autoloader in each entry point (not Composer autoload at runtime). Tries
 - `\admin\Controllers\` → `autoload/admin/Controllers/` (lowercase a)
 - `\Shared\` → `autoload/Shared/`
 - `\front\` → `autoload/front/`
+- `\api\` → `autoload/api/`
 - Do NOT use `\Admin\` (uppercase A) — the server directory is `admin/` (lowercase)
 - `\shop\` namespace is **deleted** — all 12 legacy classes migrated to `\Domain\`, `autoload/shop/` directory removed
 
@@ -124,6 +129,11 @@ All legacy directories (`admin/controls/`, `admin/factory/`, `admin/view/`, `fro
 **Frontend Views** (`autoload/front/Views/`):
 - Static classes, no state, no DI — pure rendering
 
+**API Controllers** (`autoload/api/Controllers/`):
+- DI via constructor, stateless (no session)
+- Wired in `api\ApiRouter::getControllerFactories()`
+- Auth: `X-Api-Key` header vs `pp_settings.api_key`
+
 ### Key Classes
 | Class | Purpose |
 |-------|---------|
@@ -133,6 +143,7 @@ All legacy directories (`admin/controls/`, `admin/factory/`, `admin/view/`, `fro
 | `\Shared\Helpers\Helpers` | Utility methods (SEO, email, cache clearing) |
 | `\Shared\Tpl\Tpl` | Template engine — `render()`, `set()` |
 | `\Shared\Cache\CacheHandler` | Redis cache — `get()`, `set()`, `delete()`, `deletePattern()` |
+| `\api\ApiRouter` | REST API router — auth, routing, response helpers |
 
 ### Database
 - ORM: Medoo (`$mdb` global variable, injected via DI in new code)
@@ -210,4 +221,5 @@ Before starting implementation, review current state of docs (see AGENTS.md for
 - `docs/TESTING.md` — test suite guide and structure
 - `docs/FORM_EDIT_SYSTEM.md` — form system architecture
 - `docs/CHANGELOG.md` — version history
+- `docs/API.md` — REST API documentation (ordersPRO)
 - `docs/UPDATE_INSTRUCTIONS.md` — how to build client update packages