System Architecture

Overview of the TenPoint Crossbows platform architecture, data flow, and system integrations.

High-Level Architecture

┌─────────────────────────────────────────────────────────────┐
│             TenPoint Crossbows WordPress/WooCommerce        │
│                   tenpointcrossbows.com                     │
└─────────────────────────────────────────────────────────────┘
           │                 │               │
           ▼                 ▼               ▼
    ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
    │   ORDERS     │ │  INVENTORY   │ │  CUSTOMERS   │
    └──────────────┘ └──────────────┘ └──────────────┘
           │                 │               │
           ├─────────────────┼───────────────┤
           │                 │               │
           ▼                 ▼               ▼
    ┌─────────────────────────────────────────────┐
    │       Epicor Kinetic ERP (2025.2)           │
    │  erp.tenpointcrossbows.com/kineticpilot     │
    │   (tenpoint-epicor-integration plugin)      │
    └─────────────────────────────────────────────┘
           │                 │               │
           ▼                 ▼               ▼
    ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
    │ Sales Order  │ │  Inventory   │ │  Customer    │
    │ Management   │ │  Management  │ │ Master Data  │
    └──────────────┘ └──────────────┘ └──────────────┘

    ┌───────────────────────────────────────────────────┐
    │             EXTERNAL INTEGRATIONS                 │
    ├───────────────────────────────────────────────────┤
    │ • PayPal / EBizCharge / PayTomorrow (Payments)   │
    │ • Signifyd / FraudLabs Pro (Fraud Detection)     │
    │ • Klaviyo (Email Marketing & Customer Data)      │
    │ • Bazaar Voice (Reviews & Ratings)               │
    │ • Avalara AvaTax (Tax Calculation)               │
    │ • Algolia (Search)                               │
    │ • Cloudflare (CDN & Cache)                       │
    │ • RT Systems (Legacy Inventory - SOAP)           │
    └───────────────────────────────────────────────────┘

Technology Stack

Core Platform

• CMS: WordPress 5.0+
• E-Commerce: WooCommerce 4.0+
• PHP: 7.2.5+ (with allow_url_fopen, cURL with OpenSSL+zlib)
• Database: MySQL/MariaDB (wp_tenpoint)
• Web Server: Apache/Nginx

Frontend

• Page Builder: Elementor Pro
• Theme: Hello Elementor (heavily customized child theme)
• JavaScript Libraries:
  • jQuery 2.2.4 (CDN)
  • Swiper (latest, CDN)
  • Fancybox 3.5.7 (CDN)
  • Picturefill 3.0.3 (responsive images polyfill)
• CSS Framework: Custom CSS compiled from SCSS

Backend Integrations

• HTTP Client: Guzzle 7.x (Composer)
• Custom Fields: Advanced Custom Fields (ACF) Pro
• Forms: Gravity Forms Premium
• Search: FacetWP Pro + Algolia InstantSearch
• Caching: WP Rocket (currently disabled)
• Performance: Cloudflare CDN

Data Flow

Order Processing Flow

1. Customer Places Order (WooCommerce)
   ↓
2. Payment Gateway Processes Payment
   - EBizCharge (credit card/ACH)
   - PayPal Commerce Platform
   - PayTomorrow (financing)
   ↓
3. Signifyd Fraud Check (automatic)
   ↓
4. Order Status → wc-processing
   ↓
5. External Cron Triggers Order Export
   GET /wp-json/suma/v1/data/epicor/post-sales-orders
   ↓
6. tenpoint-epicor-integration Plugin:
   - Queries orders (wc-processing, not exported, valid payment)
   - Formats line items (products, shipping, tax, coupons, gift cards)
   - Creates Sales Order in Epicor (REST API)
   - Creates detail lines via OData $batch
   - Updates misc charges (shipping, tax, gift cards)
   ↓
7. On Success:
   - Order meta: _tenpoint-epicor-integration_exported_to_epicor = 1
   - Order meta: _tenpoint-epicor-integration_epicor_order = {OrderNum}
   - Order status → wc-shipment-pending
   - Log via SyncLogger
   ↓
8. Epicor Fulfillment (external to WordPress)
   ↓
9. Epicor Updates Order Status (via webhook or cron)
   GET /wp-json/suma/v1/data/epicor/update-order-status
   ↓
10. WooCommerce Order Status Updated
    - wc-partially-shipped (partial fulfillment)
    - wc-completed (fully shipped)

Inventory Synchronization Flow

1. External Cron Triggers Inventory Sync
   POST /wp-json/suma/v1/data/epicor/sync-inventory
   ↓
2. tenpoint-epicor-integration Plugin:
   - Queries Epicor BAQ: KP-AVAILINV
   - Gets part availability for all SKUs
   - Builds SKU → quantity map
   ↓
3. Bulk Stock Update (SQL):
   - Resolves SKU → post_id mappings
   - Filters out products with skip_inventory_update = 'yes'
   - Updates wp_postmeta (_stock, _stock_status) in batches of 100
   - Updates wp_wc_product_meta_lookup table
   - Updates product visibility taxonomy
   ↓
4. Cache Management:
   - Flushes WooCommerce product object caches
   - Flushes WooCommerce transients
   - Purges Cloudflare cache for entire zone
   ↓
5. Logging:
   - SyncLogger records WC-only counts
   - Details JSON includes SKU => quantity map

Customer Data Flow

1. Customer Creates Account / Places Order
   ↓
2. Klaviyo Plugin Syncs Customer Data
   - Profile creation/update in Klaviyo
   - Purchase event tracking
   - Custom properties (LTV, order count, etc.)
   ↓
3. Email Campaigns / Abandoned Cart Recovery
   - Triggered by Klaviyo based on customer behavior
   ↓
4. Back-in-Stock Notifications
   - Customer subscribes to out-of-stock product
   - Inventory sync updates stock to > 0
   - Klaviyo triggers email notification

Review Data Flow

1. Customer Submits Review (Bazaar Voice Platform)
   ↓
2. Daily Cron Triggers Statistics Update
   (Internal WordPress cron)
   ↓
3. Theme class-bazaar-voice.php:
   - Batch processes 100 products at a time
   - Queries Bazaar Voice API for review stats
   - Updates product meta:
     * bazaarvoice_review_count
     * bazaarvoice_average_rating
     * bazaarvoice_last_review_date
   - Rate limiting via bazaarvoice_last_update meta
   ↓
4. Reviews Display on Product Pages
   - Shortcode: [bzv_accessory_review_summary]
   - Elementor blocks integrate review summary

Directory Structure

Z:\Herd\tenpointcrossbows\
├── wp-admin/                    # WordPress core admin
├── wp-content/
│   ├── plugins/
│   │   ├── suma-blocks/         # Custom Elementor blocks
│   │   ├── suma-cross-sells/    # Cross-sell widget
│   │   ├── suma-dealer-locator/ # Dealer search
│   │   ├── suma-downloads/      # Downloads CPT
│   │   ├── suma-faqs/           # FAQs CPT
│   │   ├── suma-videos/         # Videos CPT
│   │   ├── suma-woo-emails/     # Custom WC emails
│   │   ├── tenpoint-epicor-integration/  # ERP integration
│   │   ├── tenpoint-integrator/ # Bazaar Voice SFTP
│   │   ├── woocommerce-ebizcharge-gateway/
│   │   ├── paytomorrow/
│   │   ├── signifyd-for-woocommerce/
│   │   ├── klaviyo/
│   │   ├── facetwp/             # Faceted filtering
│   │   ├── wp-search-with-algolia/
│   │   └── [other WP/WC plugins]
│   ├── themes/
│   │   └── elementor/           # Hello Elementor child theme
│   │       ├── inc/             # Custom theme modules
│   │       ├── assets/          # CSS, JS, images
│   │       ├── suma-utils/      # Theme bootstrap
│   │       ├── api.php          # AJAX endpoint
│   │       └── functions.php    # Theme entry point
│   └── uploads/                 # Media library
├── wp-includes/                 # WordPress core
├── inc/                         # Root-level custom functionality
│   └── class-inventory.php      # Legacy RT Systems SOAP
├── cron/                        # Scheduled task scripts
├── tools/                       # Utility scripts
└── wp-config.php                # WordPress configuration

Database Schema

Core WordPress Tables

Standard WordPress tables with wp_ prefix.

WooCommerce Tables

Standard WooCommerce tables including High Performance Order Storage (HPOS) custom tables.

Custom Tables

wp_tpi_sync_logs

Structured logging for Epicor integration.

Column	Type	Purpose
id	BIGINT	Primary key
log_type	VARCHAR(20)	'order' or 'inventory'
status	VARCHAR(20)	'success', 'error', 'warning'
wc_order_id	BIGINT	WooCommerce order ID (nullable)
epicor_order_num	VARCHAR(50)	Epicor OrderNum (nullable)
summary	TEXT	Human-readable summary
details	LONGTEXT	JSON with full data
created_at	DATETIME	Timestamp

Indexes: log_type, status, wc_order_id, epicor_order_num, created_at
Retention: 14 days (auto-cleanup via daily cron)

wp_serial_numbers

Product serial number registration.

Column	Type	Purpose
id	BIGINT	Primary key
serial_number	VARCHAR(255)	Serial number
product_id	BIGINT	WooCommerce product ID
order_id	BIGINT	WooCommerce order ID
registered_at	DATETIME	Registration timestamp

wp_serial_numbers_recalled

Recalled serial numbers.

Column	Type	Purpose
id	BIGINT	Primary key
serial_number	VARCHAR(255)	Recalled serial number
recall_date	DATE	Date of recall
reason	TEXT	Recall reason

API Endpoints

WordPress REST API

Epicor Integration Endpoints

Base: /wp-json/suma/v1/data/
Auth: Auth-Token header (configurable in plugin settings)

Endpoint	Method	Purpose
export/get-orders	GET	Return pending WC orders
export/get-single-order	GET	Single order by ID
epicor/post-sales-orders	GET	Trigger order export (cron)
epicor/sync-inventory	POST	Trigger inventory sync (cron)
epicor/get-sales-orders	GET	Retrieve Epicor sales orders
epicor/get-part-description	GET	Part details by SKU
epicor/get-order-status	GET	Epicor order status
epicor/get-part-revision	GET	Part revisions from BAQ
epicor/get-inventory	POST	Inventory for specific part
epicor/public-get-inventory	GET	Public inventory query
epicor/manage-inventory-batch	GET	Enable manage_stock on all products
epicor/update-order-status	GET	Update WC order statuses from Epicor
epicor/clean_logs	POST	Delete logs older than 60 days

Dealer Locator Endpoints

Base: /wp-json/suma-dl/v2/
Auth: Public (no token required)

Endpoint	Method	Purpose
get_dealers	POST	Find dealers within radius

Request body: JSON with location data (lat/lng, radius)
Response: JSON array of dealer objects (max 200 results)

Bazaar Voice Endpoints

Base: /wp-json/bv/v1/
Auth: Internal (nonce-based)

Endpoint	Method	Purpose
statistics-update	POST	Update product review statistics

Custom AJAX Endpoints

Theme API (/api.php)

Query parameter: ?action={action_name}

Action	Purpose
check_serial_number	Validate serial against recall database
current_cart_count	Get current cart item count
check_selection	Product selection validation

Epicor Integration Admin AJAX

WordPress admin-ajax.php actions (nonce + capability verified):

Action	Purpose
tpi_save_settings	Save Epicor integration configuration
tpi_test_connection	Test Epicor API connectivity
tpi_run_order_sync	Manual order export trigger
tpi_run_inventory_sync	Manual inventory sync trigger
tpi_get_log_detail	Retrieve full log entry JSON
tpi_generate_orders	Create test WooCommerce orders

Security Architecture

Authentication & Authorization

• WordPress user roles and capabilities
• WooCommerce manage_woocommerce capability for admin access
• REST API token authentication (timing-safe hash_equals())
• Nonce verification on all AJAX requests
• HTTP Basic Auth for Epicor API

Data Encryption

• Passwords: AES-256-CBC encryption for Epicor credentials
• Encryption Key: hash('sha256', AUTH_KEY) from wp-config.php
• IV: Random initialization vector prepended to ciphertext
• Storage: Single wp_options row (tpi_epicor_settings)

Input Validation & Sanitization

• sanitize_text_field() for user input
• absint() for integer values
• esc_url_raw() for URLs
• wp_json_encode() for JSON serialization
• Prepared statements ($wpdb->prepare()) for all direct DB queries

Output Escaping

• esc_html() for HTML content
• esc_attr() for HTML attributes
• esc_url() for URLs
• wp_kses_post() for rich content

Fraud Prevention

• Signifyd real-time order analysis
• FraudLabs Pro secondary screening
• Recaptcha on checkout forms
• Address validation (prevents email in street address)

Security Monitoring

• Wordfence firewall and malware scanning
• WP Security Audit Log event tracking
• Failed login attempt monitoring
• File integrity monitoring

Performance Optimization

Caching Strategy

• WP Rocket: Installed but currently disabled (WP_CACHE = false)
• Object Cache: Redis/Memcached compatible (if configured)
• Transients: Used throughout plugins and theme
• Cloudflare: CDN and edge caching
• Database Caching: WooCommerce product object cache

Asset Optimization

• CDN assets (jQuery, Swiper, Fancybox, Google Fonts)
• Lazy loading via Picturefill polyfill
• Responsive images with <picture> elements
• Dequeued unnecessary WooCommerce CSS/JS
• Compiled and minified CSS/JS bundles

Database Optimization

• Bulk SQL updates for inventory sync (batches of 100)
• Indexed custom tables
• OData $batch requests to Epicor (reduces HTTP calls)
• Query caching for dealer locator

Image Optimization

• Smush Pro compression
• Advanced Regenerate Thumbnails
• WebP format support (if server configured)
• Rear image support for crossbow product photography

Monitoring & Logging

Application Logs

• File-based logs: /wp-content/uploads/suma-tenpoint-epicor-integration/
  • Daily rotating files (90-day retention)
  • Separate directories: order/, inventory/, epicor/
• Database logs: wp_tpi_sync_logs table (14-day retention)
• Debug logs: wp-content/debug.log (if WP_DEBUG_LOG enabled)

Email Notifications

• Epicor integration errors (order export, inventory sync failures)
• Signifyd fraud alerts (declined orders)
• WooCommerce admin order notifications
• Configurable recipient list in plugin settings

External Monitoring

• Server monitoring (uptime, resource usage)
• Cloudflare analytics
• WooCommerce admin reports
• Klaviyo email campaign analytics

Deployment Architecture

Environment Configuration

• Production: tenpointcrossbows.com
• Staging: (if configured)
• Local Development: Laravel Herd (Z:\Herd\tenpointcrossbows)

Epicor Environments

Configurable in tenpoint-epicor-integration plugin:

• Live: Production Epicor instance
• Sandbox: Epicor test environment

Build Process

• PHP Dependencies: Composer (composer install --no-dev)
• JS/CSS Compilation: Laravel Mix (npx mix --production)
• SCSS Compilation: npx sass src/scss/admin.scss dist/css/admin.css
• Theme Assets: Gulp build (if configured)

Cron Jobs

External cron jobs (recommended over WP-Cron):

# Order export (every 5 minutes)
*/5 * * * * curl -X GET "https://tenpointcrossbows.com/wp-json/suma/v1/data/epicor/post-sales-orders" \
  -H "Auth-Token: {your-token-here}" \
  >> /var/log/tenpoint-order-sync.log 2>&1

# Inventory sync (every hour)
0 * * * * curl -X POST "https://tenpointcrossbows.com/wp-json/suma/v1/data/epicor/sync-inventory" \
  -H "Auth-Token: {your-token-here}" \
  >> /var/log/tenpoint-inventory-sync.log 2>&1

# Clean old logs (daily)
0 2 * * * curl -X POST "https://tenpointcrossbows.com/wp-json/suma/v1/data/epicor/clean_logs" \
  -H "Auth-Token: {your-token-here}" \
  >> /var/log/tenpoint-cleanup.log 2>&1

Integration Summary

System	Integration Method	Data Flow	Frequency
Epicor Kinetic	REST API (Guzzle)	Bidirectional	Every 5 min (orders), hourly (inventory)
PayPal	WooCommerce Gateway	Payment processing	Real-time
EBizCharge	WooCommerce Gateway	Payment processing	Real-time
PayTomorrow	WooCommerce Gateway	Financing	Real-time
Signifyd	WooCommerce Plugin	Fraud analysis	Real-time
Klaviyo	WooCommerce Plugin	Customer sync, emails	Real-time + campaigns
Bazaar Voice	REST API + SFTP	Reviews sync, product feed	Daily
Avalara AvaTax	WooCommerce Plugin	Tax calculation	Real-time
Algolia	InstantSearch JS	Product search	Real-time
FacetWP	WP Query	Product filtering	Real-time
RT Systems	SOAP API	Legacy inventory check	On-demand

Next Steps

• Epicor Integration Details
• Custom Plugins Overview
• Theme Customizations
• WooCommerce Configuration
• Development Setup