From 488987a5a03f8b83bc8a394a0fefe9a7018e2dda Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 20:25:22 +0000
Subject: [PATCH] Complete proposal/payment workflow: webhook, settings UI,
 dashboard counters

---
 client/proposal-view.php    | 359 ++++++++++++++++++++++++++++
 client/proposal.php         |  10 +-
 client/proposals.php        | 106 +++++++--
 dashboard.php               |  71 +++++-
 data/payments.json          |   3 +
 includes/portal-helpers.php |  87 ++++++-
 paypal-webhook.php          |  65 ++++++
 settings.php                | 162 +++++++++----
 staff/payment-record.php    | 297 +++++++++++++++++++++++
 staff/proposal-edit.php     | 454 ++++++++++++++++++++++++++++++++++++
 staff/proposal-send.php     | 141 +++++++++++
 staff/proposal-view.php     | 198 ++++++++++++++++
 staff/proposals.php         | 179 ++++++++++++++
 13 files changed, 2061 insertions(+), 71 deletions(-)
 create mode 100644 client/proposal-view.php
 create mode 100644 data/payments.json
 create mode 100644 paypal-webhook.php
 create mode 100644 staff/payment-record.php
 create mode 100644 staff/proposal-edit.php
 create mode 100644 staff/proposal-send.php
 create mode 100644 staff/proposal-view.php
 create mode 100644 staff/proposals.php

diff --git a/client/proposal-view.php b/client/proposal-view.php
new file mode 100644
index 0000000..2195abf
--- /dev/null
+++ b/client/proposal-view.php
@@ -0,0 +1,359 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+
+portalRequireLogin();
+if (portalGetRole() !== 'client') {
+    header('Location: /dashboard.php');
+    exit;
+}
+
+$user     = portalGetUser();
+$username = (string)($user['username'] ?? '');
+
+$proposalId = trim((string)($_GET['proposal_id'] ?? ''));
+$proposals  = portalLoadProposals();
+$requests   = portalLoadProjectRequests();
+
+$proposal = null;
+foreach ($proposals as $row) {
+    if ((string)($row['proposal_id'] ?? '') !== $proposalId) { continue; }
+    // Check ownership
+    if ((string)($row['client_username'] ?? '') === $username) {
+        $proposal = $row;
+        break;
+    }
+    foreach ($requests as $req) {
+        if ((string)($req['client_username'] ?? '') === $username
+            && portalGetRequestDisplayId((array)$req) === (string)($row['request_id'] ?? '')) {
+            $proposal = $row;
+            break 2;
+        }
+    }
+}
+
+if ($proposal === null) {
+    http_response_code(404);
+}
+
+$status = '';
+if ($proposal !== null) {
+    $status = (string)($proposal['proposal_status'] ?? $proposal['status'] ?? 'sent');
+}
+
+// Block draft proposals from client view
+if ($proposal !== null && in_array($status, ['draft', 'cancelled'], true)) {
+    $proposal = null;
+    http_response_code(404);
+}
+
+$notice = '';
+$error  = '';
+
+// Handle POST actions
+if ($proposal !== null && $_SERVER['REQUEST_METHOD'] === 'POST') {
+    $action = trim((string)($_POST['action'] ?? ''));
+
+    if ($action === 'accept') {
+        $agreed = ($_POST['agreed'] ?? '') === '1';
+        if (!$agreed) {
+            $error = 'You must check the agreement checkbox to accept this proposal.';
+        } elseif (!in_array($status, ['sent', 'changes_requested'], true)) {
+            $error = 'This proposal cannot be accepted in its current status.';
+        } else {
+            $now = date('c');
+            $proposals = portalLoadProposals();
+            foreach ($proposals as &$p) {
+                if ((string)($p['proposal_id'] ?? '') !== $proposalId) { continue; }
+                $p['proposal_status'] = 'accepted';
+                $p['accepted_at']     = $now;
+                $p['updated_at']      = $now;
+                $proposal = $p;
+                break;
+            }
+            unset($p);
+            portalSaveProposals($proposals);
+            $status = 'accepted';
+            $notice = 'Proposal accepted. We will follow up with payment instructions.';
+        }
+    } elseif ($action === 'request_changes') {
+        $message = trim((string)($_POST['change_message'] ?? ''));
+        if ($message === '') {
+            $error = 'Please describe what you would like changed.';
+        } else {
+            $cr = [
+                'date'                  => date('Y-m-d H:i:s'),
+                'message'               => $message,
+                'requested_budget'      => trim((string)($_POST['requested_budget']      ?? '')),
+                'requested_timeline'    => trim((string)($_POST['requested_timeline']    ?? '')),
+                'requested_deliverable' => trim((string)($_POST['requested_deliverable'] ?? '')),
+                'status'                => 'open',
+            ];
+            $now = date('c');
+            $proposals = portalLoadProposals();
+            foreach ($proposals as &$p) {
+                if ((string)($p['proposal_id'] ?? '') !== $proposalId) { continue; }
+                $existing = (isset($p['change_requests']) && is_array($p['change_requests'])) ? $p['change_requests'] : [];
+                $existing[] = $cr;
+                $p['change_requests']      = $existing;
+                $p['proposal_status']      = 'changes_requested';
+                $p['change_requested_at']  = $now;
+                $p['updated_at']           = $now;
+                $proposal = $p;
+                break;
+            }
+            unset($p);
+            portalSaveProposals($proposals);
+            $status = 'changes_requested';
+            $notice = 'Your change request has been submitted. We will review and update the proposal.';
+        }
+    }
+}
+
+$settings = portalLoadAdminSettings();
+$paypalMode = (string)($settings['paypal']['mode'] ?? 'manual');
+$paypalLink = '';
+if ($paypalMode === 'live') {
+    $paypalLink = (string)($settings['paypal']['live']['payment_link'] ?? '');
+} elseif ($paypalMode === 'sandbox') {
+    $paypalLink = (string)($settings['paypal']['sandbox']['payment_link'] ?? '');
+}
+
+$milestoneStatuses = [
+    'not_started'       => 'Not Started',
+    'in_progress'       => 'In Progress',
+    'ready_for_review'  => 'Ready for Review',
+    'payment_due'       => 'Payment Due',
+    'paid'              => 'Paid',
+    'complete'          => 'Complete',
+];
+
+$current_page = 'client-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title>Proposal | Client Portal | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:30px 0 80px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .lbl{color:#5a7a9e;font-size:.7rem;text-transform:uppercase;letter-spacing:.04em;margin-bottom:3px;}
+        .val{color:#d8e7f7;font-size:.88rem;white-space:pre-wrap;}
+        .section-label{color:#36f3ff;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.06em;margin:14px 0 8px;padding-bottom:4px;border-bottom:1px solid rgba(54,243,255,.12);}
+        .notice{background:rgba(34,197,94,.16);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:12px 14px;margin-bottom:14px;font-size:.86rem;}
+        .error{background:rgba(239,68,68,.16);border:1px solid rgba(239,68,68,.35);color:#fecaca;border-radius:6px;padding:12px 14px;margin-bottom:14px;font-size:.86rem;}
+        .milestone-card{background:#06101d;border:1px solid rgba(54,243,255,.12);border-radius:8px;padding:12px;margin-bottom:8px;}
+        .milestone-title{color:#ffc600;font-size:.82rem;font-weight:700;margin-bottom:8px;}
+        .btn{display:inline-block;border-radius:5px;padding:8px 14px;font-size:.84rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-green{background:rgba(52,211,153,.14);border:1px solid rgba(52,211,153,.4);color:#34d399;}
+        .action-card{border-color:rgba(54,243,255,.3);}
+        .input,.textarea,.select{background:#09111d;color:#eaf3ff;border:1px solid rgba(54,243,255,.25);border-radius:6px;padding:8px 10px;width:100%;font-size:.86rem;}
+        .textarea{min-height:100px;resize:vertical;}
+        .status-badge{display:inline-block;padding:3px 12px;border-radius:999px;font-size:.72rem;font-weight:700;}
+        .how-list{list-style:none;margin:0;padding:0;display:flex;flex-direction:column;gap:5px;}
+        .how-list li{color:#7a9ac0;font-size:.82rem;padding-left:22px;position:relative;}
+        .how-list li::before{content:attr(data-n);position:absolute;left:0;top:0;color:#36f3ff;font-weight:700;font-size:.72rem;}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <a href="/client/proposals.php" style="color:#36f3ff;font-size:.84rem;">← My Proposals</a>
+
+    <?php if ($notice !== ''): ?><div class="notice" style="margin-top:10px;"><?php echo pe($notice); ?></div><?php endif; ?>
+    <?php if ($error !== ''): ?><div class="error" style="margin-top:10px;"><?php echo pe($error); ?></div><?php endif; ?>
+
+    <?php if ($proposal === null): ?>
+        <div class="card" style="margin-top:10px;"><p style="color:#fecaca;">Proposal not found or not available.</p></div>
+    <?php else: ?>
+
+    <div class="card" style="margin-top:10px;">
+        <div style="display:flex;justify-content:space-between;align-items:flex-start;gap:10px;flex-wrap:wrap;">
+            <div>
+                <h1 style="margin:0 0 4px;color:#ffc600;font-size:1.18rem;"><?php echo pe($proposal['project_title'] ?? 'Project Proposal'); ?></h1>
+                <p style="margin:0;color:#7a9ac0;font-size:.8rem;">Runlevel Systems &mdash; Proposal ID: <?php echo pe($proposal['proposal_id'] ?? ''); ?></p>
+            </div>
+            <?php
+                $statusLabels = [
+                    'sent'             => 'Awaiting Your Review',
+                    'changes_requested'=> 'Changes Requested',
+                    'accepted'         => 'Accepted',
+                    'payment_pending'  => 'Payment Pending',
+                    'paid_start'       => 'Paid — Work Starting',
+                    'in_progress'      => 'In Progress',
+                    'completed'        => 'Completed',
+                ];
+                $statusColors = [
+                    'sent'             => '#36f3ff',
+                    'changes_requested'=> '#ffc600',
+                    'accepted'         => '#86efac',
+                    'payment_pending'  => '#fbbf24',
+                    'paid_start'       => '#34d399',
+                    'in_progress'      => '#60a5fa',
+                    'completed'        => '#4ade80',
+                ];
+                $statusLabel = $statusLabels[$status] ?? ucfirst(str_replace('_', ' ', $status));
+                $statusColor = $statusColors[$status] ?? '#7a9ac0';
+            ?>
+            <span class="status-badge" style="background:<?php echo pe($statusColor); ?>18;border:1px solid <?php echo pe($statusColor); ?>44;color:<?php echo pe($statusColor); ?>;"><?php echo pe($statusLabel); ?></span>
+        </div>
+    </div>
+
+    <div class="card">
+        <div class="section-label">What You Asked For</div>
+        <div class="val"><?php echo pe($proposal['request_summary'] ?? ''); ?></div>
+    </div>
+
+    <div class="card">
+        <div class="section-label">Proposed Work</div>
+        <div class="val"><?php echo pe($proposal['proposed_work'] ?? ''); ?></div>
+        <?php if (!empty($proposal['deliverables'])): ?>
+        <div class="section-label" style="margin-top:14px;">Deliverables</div>
+        <div class="val"><?php echo pe($proposal['deliverables']); ?></div>
+        <?php endif; ?>
+        <?php if (!empty($proposal['out_of_scope'])): ?>
+        <div class="section-label" style="margin-top:14px;">Not Included (Out of Scope)</div>
+        <div class="val" style="color:#a8bedc;"><?php echo pe($proposal['out_of_scope']); ?></div>
+        <?php endif; ?>
+    </div>
+
+    <div class="card">
+        <div class="section-label">Timeline & Pricing</div>
+        <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(160px,1fr));gap:10px;">
+            <?php if (!empty($proposal['timeline_estimate'])): ?>
+            <div><div class="lbl">Timeline</div><div class="val"><?php echo pe($proposal['timeline_estimate']); ?></div></div>
+            <?php endif; ?>
+            <?php if (!empty($proposal['total_price'])): ?>
+            <div><div class="lbl">Total Project Amount</div><div class="val" style="color:#86efac;font-size:1.1rem;font-weight:700;">$<?php echo pe($proposal['total_price']); ?></div></div>
+            <?php endif; ?>
+            <?php if (!empty($proposal['amount_due_to_start'])): ?>
+            <div><div class="lbl">Amount Due To Start</div><div class="val" style="color:#ffc600;font-size:1.1rem;font-weight:700;">$<?php echo pe($proposal['amount_due_to_start']); ?></div></div>
+            <?php endif; ?>
+        </div>
+        <?php if (!empty($proposal['payment_terms'])): ?>
+        <div style="margin-top:10px;"><div class="lbl">Payment Terms</div><div class="val" style="color:#a8bedc;"><?php echo pe($proposal['payment_terms']); ?></div></div>
+        <?php endif; ?>
+    </div>
+
+    <?php $milestones = (isset($proposal['milestones']) && is_array($proposal['milestones'])) ? $proposal['milestones'] : []; ?>
+    <?php if (!empty($milestones)): ?>
+    <div class="card">
+        <div class="section-label">Project Milestones</div>
+        <p style="color:#7a9ac0;font-size:.82rem;margin:0 0 10px;">Amount due to start: <strong style="color:#ffc600;">$<?php echo pe($proposal['amount_due_to_start'] ?? '0'); ?></strong> — required before work begins.</p>
+        <p style="color:#7a9ac0;font-size:.78rem;margin:0 0 10px;">Future milestone payments are only due when the related milestone is completed or ready for review, depending on the proposal terms.</p>
+        <?php foreach ($milestones as $idx => $ms): ?>
+        <div class="milestone-card">
+            <div class="milestone-title">Milestone <?php echo $idx + 1; ?>: <?php echo pe($ms['milestone_name'] ?? ''); ?></div>
+            <div style="display:flex;gap:16px;flex-wrap:wrap;font-size:.82rem;margin-bottom:6px;">
+                <?php if (!empty($ms['milestone_amount'])): ?><div style="color:#86efac;">Amount Due Upon Completion: <strong>$<?php echo pe($ms['milestone_amount']); ?></strong></div><?php endif; ?>
+                <div style="color:#36f3ff;"><?php echo pe($milestoneStatuses[$ms['milestone_status'] ?? 'not_started'] ?? 'Not Started'); ?></div>
+            </div>
+            <?php if (!empty($ms['milestone_description'])): ?><div class="val" style="font-size:.82rem;"><?php echo pe($ms['milestone_description']); ?></div><?php endif; ?>
+            <?php if (!empty($ms['milestone_deliverables'])): ?><div style="margin-top:6px;"><div class="lbl">Deliverables</div><div class="val" style="font-size:.82rem;"><?php echo pe($ms['milestone_deliverables']); ?></div></div><?php endif; ?>
+        </div>
+        <?php endforeach; ?>
+    </div>
+    <?php endif; ?>
+
+    <?php if (!empty($proposal['customer_responsibilities']) || !empty($proposal['third_party_costs']) || !empty($proposal['revision_terms'])): ?>
+    <div class="card">
+        <div class="section-label">Terms & Expectations</div>
+        <?php if (!empty($proposal['customer_responsibilities'])): ?>
+        <div style="margin-bottom:10px;"><div class="lbl">Your Responsibilities</div><div class="val" style="color:#a8bedc;"><?php echo pe($proposal['customer_responsibilities']); ?></div></div>
+        <?php endif; ?>
+        <?php if (!empty($proposal['third_party_costs'])): ?>
+        <div style="margin-bottom:10px;"><div class="lbl">Third-Party Costs</div><div class="val" style="color:#a8bedc;"><?php echo pe($proposal['third_party_costs']); ?></div></div>
+        <?php endif; ?>
+        <?php if (!empty($proposal['revision_terms'])): ?>
+        <div><div class="lbl">Revisions</div><div class="val" style="color:#a8bedc;"><?php echo pe($proposal['revision_terms']); ?></div></div>
+        <?php endif; ?>
+    </div>
+    <?php endif; ?>
+
+    <?php if ($status === 'accepted' || $status === 'payment_pending' || $status === 'paid_start'): ?>
+    <div class="card" id="payment-section">
+        <div class="section-label">Payment</div>
+        <?php if ($status === 'paid_start'): ?>
+        <p style="color:#34d399;font-weight:700;margin:0 0 8px;">✓ Starting payment received. Work will begin shortly.</p>
+        <?php elseif ($status === 'accepted' || $status === 'payment_pending'): ?>
+        <p style="color:#d8e7f7;font-size:.88rem;margin:0 0 10px;">To begin work, the starting payment listed above must be received.</p>
+        <?php if (!empty($proposal['amount_due_to_start'])): ?>
+        <div style="font-size:1.1rem;color:#ffc600;font-weight:700;margin-bottom:12px;">Amount Due To Start: $<?php echo pe($proposal['amount_due_to_start']); ?></div>
+        <?php endif; ?>
+        <?php if ($paypalMode === 'manual'): ?>
+        <p style="color:#7a9ac0;font-size:.84rem;">Runlevel Systems will send a PayPal invoice or payment link after proposal acceptance.</p>
+        <?php elseif ($paypalLink !== ''): ?>
+        <a href="<?php echo pe($paypalLink); ?>" class="btn btn-gold" target="_blank" rel="noopener noreferrer">Pay With PayPal</a>
+        <?php else: ?>
+        <p style="color:#7a9ac0;font-size:.84rem;">Payment instructions will be sent to you by email.</p>
+        <?php endif; ?>
+        <?php endif; ?>
+    </div>
+    <?php endif; ?>
+
+    <?php if (in_array($status, ['sent', 'changes_requested'], true)): ?>
+
+    <div class="card action-card" id="accept">
+        <h2 style="margin:0 0 8px;color:#34d399;font-size:1rem;">Accept This Proposal</h2>
+        <p style="color:#d8e7f7;font-size:.86rem;margin:0 0 12px;">By accepting this proposal, you are asking Runlevel Systems to begin work after the required starting payment is received.</p>
+        <?php if (!empty($proposal['amount_due_to_start'])): ?>
+        <div style="margin-bottom:12px;font-size:.92rem;color:#d8e7f7;">Amount Due To Start: <strong style="color:#ffc600;">$<?php echo pe($proposal['amount_due_to_start']); ?></strong></div>
+        <?php endif; ?>
+        <?php if (!empty($proposal['acceptance_statement'])): ?>
+        <div style="background:rgba(52,211,153,.06);border:1px solid rgba(52,211,153,.18);border-radius:6px;padding:10px 12px;margin-bottom:12px;color:#a8bedc;font-size:.82rem;"><?php echo pe($proposal['acceptance_statement']); ?></div>
+        <?php endif; ?>
+        <form method="post">
+            <input type="hidden" name="action" value="accept">
+            <label style="display:flex;align-items:flex-start;gap:8px;cursor:pointer;margin-bottom:12px;">
+                <input type="checkbox" name="agreed" value="1" style="margin-top:2px;">
+                <span style="color:#d8e7f7;font-size:.84rem;">I have reviewed the proposal and agree to the listed work, deliverables, payment terms, and project terms.</span>
+            </label>
+            <button class="btn btn-green" type="submit">Accept Proposal</button>
+        </form>
+    </div>
+
+    <div class="card" id="request-changes">
+        <h2 style="margin:0 0 8px;color:#ffc600;font-size:1rem;">Request Changes</h2>
+        <p style="color:#7a9ac0;font-size:.84rem;margin:0 0 12px;">Tell us what you would like changed and we will review and update the proposal.</p>
+        <form method="post">
+            <input type="hidden" name="action" value="request_changes">
+            <div style="margin-bottom:10px;">
+                <label style="color:#a8bedc;font-size:.75rem;text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">What would you like changed? *</label>
+                <textarea class="textarea" name="change_message" required placeholder="Describe the changes you are requesting..."></textarea>
+            </div>
+            <div style="margin-bottom:10px;">
+                <label style="color:#a8bedc;font-size:.75rem;text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Requested Budget Change (optional)</label>
+                <input class="input" type="text" name="requested_budget" placeholder="e.g. Looking for something closer to $300">
+            </div>
+            <div style="margin-bottom:10px;">
+                <label style="color:#a8bedc;font-size:.75rem;text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Requested Timeline Change (optional)</label>
+                <input class="input" type="text" name="requested_timeline" placeholder="e.g. Need it done in 1 week">
+            </div>
+            <div style="margin-bottom:12px;">
+                <label style="color:#a8bedc;font-size:.75rem;text-transform:uppercase;letter-spacing:.04em;display:block;margin-bottom:4px;">Deliverable Change (optional)</label>
+                <input class="input" type="text" name="requested_deliverable" placeholder="e.g. Remove the mobile app part">
+            </div>
+            <button class="btn btn-gold" type="submit">Submit Change Request</button>
+        </form>
+    </div>
+
+    <?php endif; ?>
+
+    <?php endif; ?>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+</body>
+</html>
diff --git a/client/proposal.php b/client/proposal.php
index e7ab8e9..0422afd 100644
--- a/client/proposal.php
+++ b/client/proposal.php
@@ -3,11 +3,11 @@
 define('WDS_SYSTEM', true);
 require_once __DIR__ . '/../includes/portal-helpers.php';
 
-portalRequireLogin();
-if (portalGetRole() !== 'client') {
-    header('Location: /dashboard.php');
-    exit;
-}
+// Forward to the new unified proposal view page
+$proposalId = isset($_GET['proposal_id']) ? '?proposal_id=' . urlencode((string)$_GET['proposal_id']) : '';
+header('Location: /client/proposal-view.php' . $proposalId);
+exit;
+
 
 $user = portalGetUser();
 $username = (string)($user['username'] ?? '');
diff --git a/client/proposals.php b/client/proposals.php
index 6ff7a7a..4f6aaba 100644
--- a/client/proposals.php
+++ b/client/proposals.php
@@ -9,7 +9,7 @@
     exit;
 }
 
-$user = portalGetUser();
+$user     = portalGetUser();
 $username = (string)($user['username'] ?? '');
 $requests = array_values(array_filter(portalLoadProjectRequests(), function ($r) use ($username) {
     return (string)($r['client_username'] ?? '') === $username;
@@ -21,10 +21,39 @@
         || (string)($p['client_username'] ?? '') === $username;
 }));
 
+// Only show proposals that have been sent (not draft)
+$proposals = array_values(array_filter($proposals, function ($p) {
+    $st = (string)($p['proposal_status'] ?? $p['status'] ?? 'draft');
+    return !in_array($st, ['draft', 'cancelled'], true);
+}));
+
 usort($proposals, function ($a, $b) {
-    return strcmp((string)($b['updated_at'] ?? $b['created_at'] ?? ''), (string)($a['updated_at'] ?? $a['created_at'] ?? ''));
+    return strcmp(
+        (string)($b['updated_at'] ?? $b['created_at'] ?? ''),
+        (string)($a['updated_at'] ?? $a['created_at'] ?? '')
+    );
 });
 
+$statusLabels = [
+    'sent'             => 'Awaiting Your Review',
+    'changes_requested'=> 'Changes Requested',
+    'accepted'         => 'Accepted',
+    'payment_pending'  => 'Payment Pending',
+    'paid_start'       => 'Paid — Work Starting',
+    'in_progress'      => 'In Progress',
+    'completed'        => 'Completed',
+];
+
+$statusColors = [
+    'sent'             => '#36f3ff',
+    'changes_requested'=> '#ffc600',
+    'accepted'         => '#86efac',
+    'payment_pending'  => '#fbbf24',
+    'paid_start'       => '#34d399',
+    'in_progress'      => '#60a5fa',
+    'completed'        => '#4ade80',
+];
+
 $current_page = 'client-portal';
 $header_class = 'inner-header';
 ?>
@@ -32,15 +61,23 @@
 <html lang="en">
 <head>
     <meta charset="utf-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
     <title>My Proposals | Client Portal | Runlevel Systems</title>
     <link href="../assets/css/coreloop.css" rel="stylesheet">
     <style>
         .portal-wrap{padding:30px 0 70px;}
-        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:16px;}
-        .item{background:#09111d;border:1px solid rgba(54,243,255,.14);border-radius:8px;padding:12px;margin-bottom:10px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .how-list{list-style:none;margin:0;padding:0;display:flex;flex-direction:column;gap:6px;}
+        .how-list li{display:flex;align-items:flex-start;gap:10px;color:#a8bedc;font-size:.85rem;}
+        .how-step{display:inline-flex;align-items:center;justify-content:center;width:22px;height:22px;min-width:22px;border-radius:50%;background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;font-size:.72rem;font-weight:700;}
+        .prop-card{background:#09111d;border:1px solid rgba(54,243,255,.14);border-radius:8px;padding:14px;margin-bottom:10px;}
+        .status-badge{display:inline-block;padding:2px 10px;border-radius:999px;font-size:.68rem;font-weight:700;}
+        .prop-actions{display:flex;gap:8px;flex-wrap:wrap;margin-top:10px;}
+        .btn{display:inline-block;border-radius:5px;padding:6px 12px;font-size:.8rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-green{background:rgba(52,211,153,.12);border:1px solid rgba(52,211,153,.35);color:#34d399;}
     </style>
 </head>
 <body>
@@ -48,21 +85,57 @@
 <?php include __DIR__ . '/../includes/navigation.php'; ?>
 <section class="portal-wrap">
 <div class="container">
-    <a href="/dashboard.php" style="color:#36f3ff;font-size:.84rem;">← Back to Dashboard</a>
+    <a href="/dashboard.php" style="color:#36f3ff;font-size:.84rem;">← Dashboard</a>
+
     <div class="card" style="margin-top:10px;">
-        <h2 style="margin:0 0 12px;color:#ffc600;font-size:1.1rem;">My Proposals</h2>
+        <h2 style="margin:0 0 12px;color:#ffc600;font-size:1rem;">How This Works</h2>
+        <ul class="how-list">
+            <li><span class="how-step">1</span> You tell us what you need.</li>
+            <li><span class="how-step">2</span> We create a proposal.</li>
+            <li><span class="how-step">3</span> You can accept it or request changes.</li>
+            <li><span class="how-step">4</span> Once accepted, you pay the amount due to start.</li>
+            <li><span class="how-step">5</span> We begin work.</li>
+            <li><span class="how-step">6</span> You review the delivered work.</li>
+            <li><span class="how-step">7</span> Additional milestones or final payment are handled according to the proposal.</li>
+        </ul>
+    </div>
+
+    <div class="card">
+        <h2 style="margin:0 0 12px;color:#ffc600;font-size:1rem;">My Proposals</h2>
         <?php if (empty($proposals)): ?>
-            <p style="color:#7a9ac0;">No proposals available yet.</p>
+            <p style="color:#7a9ac0;margin:0;">No proposals available yet. Once we review your request and create a proposal, it will appear here.</p>
         <?php else: ?>
-            <?php foreach ($proposals as $proposal): ?>
-                <div class="item">
-                    <div style="display:flex;justify-content:space-between;gap:8px;flex-wrap:wrap;">
-                        <div style="color:#ffc600;font-family:monospace;font-weight:700;"><?php echo pe($proposal['proposal_id'] ?? 'Proposal'); ?></div>
-                        <div style="color:#a8bedc;font-size:.8rem;"><?php echo pe(ucfirst((string)($proposal['status'] ?? 'draft'))); ?></div>
+            <?php foreach ($proposals as $proposal):
+                $pid    = (string)($proposal['proposal_id'] ?? '');
+                $status = (string)($proposal['proposal_status'] ?? $proposal['status'] ?? 'sent');
+                $label  = $statusLabels[$status] ?? ucfirst(str_replace('_', ' ', $status));
+                $color  = $statusColors[$status] ?? '#7a9ac0';
+                $updTs  = strtotime((string)($proposal['updated_at'] ?? $proposal['created_at'] ?? '')) ?: 0;
+            ?>
+                <div class="prop-card">
+                    <div style="display:flex;justify-content:space-between;align-items:flex-start;gap:8px;flex-wrap:wrap;">
+                        <div>
+                            <div style="color:#ffc600;font-weight:700;font-size:.92rem;"><?php echo pe($proposal['project_title'] ?? 'Project Proposal'); ?></div>
+                            <div style="color:#7a9ac0;font-size:.74rem;margin-top:2px;">ID: <?php echo pe($pid); ?></div>
+                        </div>
+                        <span class="status-badge" style="background:<?php echo pe($color); ?>18;border:1px solid <?php echo pe($color); ?>44;color:<?php echo pe($color); ?>;"><?php echo pe($label); ?></span>
+                    </div>
+                    <?php if (!empty($proposal['total_price']) || !empty($proposal['amount_due_to_start'])): ?>
+                    <div style="display:flex;gap:16px;margin-top:8px;flex-wrap:wrap;">
+                        <?php if (!empty($proposal['total_price'])): ?><div style="font-size:.8rem;color:#a8bedc;">Total: <strong style="color:#86efac;">$<?php echo pe($proposal['total_price']); ?></strong></div><?php endif; ?>
+                        <?php if (!empty($proposal['amount_due_to_start'])): ?><div style="font-size:.8rem;color:#a8bedc;">Due to Start: <strong style="color:#ffc600;">$<?php echo pe($proposal['amount_due_to_start']); ?></strong></div><?php endif; ?>
+                    </div>
+                    <?php endif; ?>
+                    <?php if ($updTs > 0): ?><div style="color:#5a7a9e;font-size:.72rem;margin-top:4px;">Updated <?php echo pe(date('M j, Y', $updTs)); ?></div><?php endif; ?>
+                    <div class="prop-actions">
+                        <a class="btn btn-teal" href="/client/proposal-view.php?proposal_id=<?php echo urlencode($pid); ?>">View Proposal</a>
+                        <?php if ($status === 'sent' || $status === 'changes_requested'): ?>
+                        <a class="btn btn-green" href="/client/proposal-view.php?proposal_id=<?php echo urlencode($pid); ?>#accept">Accept</a>
+                        <a class="btn btn-gold" href="/client/proposal-view.php?proposal_id=<?php echo urlencode($pid); ?>#request-changes">Request Changes</a>
+                        <?php endif; ?>
+                        <?php if ($status === 'accepted'): ?><span style="color:#86efac;font-size:.78rem;padding:6px 0;">✓ Accepted — awaiting payment</span><?php endif; ?>
+                        <?php if ($status === 'payment_pending'): ?><span style="color:#fbbf24;font-size:.78rem;padding:6px 0;">Payment pending</span><?php endif; ?>
                     </div>
-                    <div style="color:#eaf3ff;font-size:.9rem;margin-top:4px;"><?php echo pe($proposal['project_title'] ?? 'Project Proposal'); ?></div>
-                    <div style="color:#7a9ac0;font-size:.78rem;margin-top:4px;">Request ID: <?php echo pe($proposal['request_id'] ?? ''); ?></div>
-                    <a style="display:inline-block;margin-top:6px;color:#36f3ff;font-size:.82rem;" href="/client/proposal.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">View proposal</a>
                 </div>
             <?php endforeach; ?>
         <?php endif; ?>
@@ -74,3 +147,4 @@
 <script src="../assets/js/bootstrap.min.js"></script>
 </body>
 </html>
+
diff --git a/dashboard.php b/dashboard.php
index 53c9db1..aa69d4c 100644
--- a/dashboard.php
+++ b/dashboard.php
@@ -114,6 +114,41 @@
 $awaitingApproval = 0;
 $awaitingSignature = 0;
 
+// Proposal status counters (new workflow)
+$proposalsDraft = 0;
+$proposalsSent = 0;
+$proposalsChangesRequested = 0;
+$proposalsAccepted = 0;
+$proposalsAwaitingPayment = 0;
+$proposalsPaidStart = 0;
+$proposalsInProgress = 0;
+$proposalsMyReview = 0; // client-facing: proposals awaiting client action
+
+// Also count from all proposals directly for staff overview
+foreach ($proposals as $prop) {
+    $ps = (string)($prop['proposal_status'] ?? $prop['status'] ?? 'draft');
+    if ($isStaffRole) {
+        switch ($ps) {
+            case 'draft': $proposalsDraft++; break;
+            case 'sent': $proposalsSent++; break;
+            case 'changes_requested': $proposalsChangesRequested++; break;
+            case 'accepted': $proposalsAccepted++; break;
+            case 'payment_pending': $proposalsAwaitingPayment++; break;
+            case 'paid_start': $proposalsPaidStart++; break;
+            case 'in_progress': $proposalsInProgress++; break;
+        }
+    } elseif ($role === 'client') {
+        // Only count proposals the client owns
+        $ownerUsername = (string)($prop['client_username'] ?? '');
+        if ($ownerUsername !== $myUsername && $ownerUsername !== '') {
+            continue;
+        }
+        if (in_array($ps, ['sent', 'changes_requested'], true)) {
+            $proposalsMyReview++;
+        }
+    }
+}
+
 foreach ($visibleRequests as $request) {
     $projectId = portalGetRequestDisplayId((array)$request);
     $requestStatus = (string)($request['status'] ?? 'new');
@@ -163,6 +198,7 @@
     ];
 }
 
+
 usort($projectRows, function ($a, $b) {
     return ((int)$b['last_updated_ts']) <=> ((int)$a['last_updated_ts']);
 });
@@ -319,21 +355,46 @@
             </div>
             <div class="portal-actions">
                 <a href="/estimate.php" class="portal-link-btn">Start Project</a>
-                <?php if ($isStaffRole): ?><a href="/staff/estimate-requests.php" class="portal-link-btn">All Projects</a><?php endif; ?>
+                <?php if ($isStaffRole): ?>
+                    <a href="/staff/proposals.php" class="portal-link-btn">Proposals</a>
+                    <a href="/staff/proposal-edit.php" class="portal-link-btn">+ New Proposal</a>
+                    <a href="/staff/estimate-requests.php" class="portal-link-btn">All Requests</a>
+                    <a href="/staff/payment-record.php" class="portal-link-btn">Record Payment</a>
+                <?php endif; ?>
                 <?php if ($isAdminRole): ?><a href="/settings.php" class="portal-link-btn">Settings</a><?php endif; ?>
                 <a href="/logout.php" class="portal-logout">Sign Out</a>
             </div>
         </div>
 
+        <?php if ($isStaffRole): ?>
+        <p class="portal-section-title">Proposal Pipeline</p>
+        <div class="portal-card-grid">
+            <a href="/staff/proposals.php?status=draft" class="portal-dash-card"><div class="card-label">Draft</div><div class="card-count"><?php echo $proposalsDraft; ?></div></a>
+            <a href="/staff/proposals.php?status=sent" class="portal-dash-card"><div class="card-label">Sent</div><div class="card-count"><?php echo $proposalsSent; ?></div></a>
+            <a href="/staff/proposals.php?status=changes_requested" class="portal-dash-card" style="border-color:rgba(251,191,36,.35);"><div class="card-label" style="color:#fbbf24;">Changes Requested</div><div class="card-count" style="color:#fbbf24;"><?php echo $proposalsChangesRequested; ?></div></a>
+            <a href="/staff/proposals.php?status=accepted" class="portal-dash-card" style="border-color:rgba(34,197,94,.35);"><div class="card-label" style="color:#86efac;">Accepted</div><div class="card-count" style="color:#86efac;"><?php echo $proposalsAccepted; ?></div></a>
+            <a href="/staff/proposals.php?status=payment_pending" class="portal-dash-card" style="border-color:rgba(251,191,36,.35);"><div class="card-label" style="color:#fbbf24;">Awaiting Payment</div><div class="card-count" style="color:#fbbf24;"><?php echo $proposalsAwaitingPayment; ?></div></a>
+            <a href="/staff/proposals.php?status=paid_start" class="portal-dash-card" style="border-color:rgba(54,243,255,.35);"><div class="card-label" style="color:#36f3ff;">Paid / Ready</div><div class="card-count" style="color:#36f3ff;"><?php echo $proposalsPaidStart; ?></div></a>
+            <a href="/staff/proposals.php?status=in_progress" class="portal-dash-card"><div class="card-label">In Progress</div><div class="card-count"><?php echo $proposalsInProgress; ?></div></a>
+        </div>
+
         <p class="portal-section-title">Project Overview</p>
         <div class="portal-card-grid">
             <a href="#recent-projects" class="portal-dash-card"><div class="card-label">Recent Projects</div><div class="card-count"><?php echo count($recentProjects); ?></div></a>
+            <a href="#active-projects" class="portal-dash-card"><div class="card-label">Active</div><div class="card-count"><?php echo $activeProjects; ?></div></a>
+            <a href="#pending-projects" class="portal-dash-card"><div class="card-label">Pending</div><div class="card-count"><?php echo $pendingProjects; ?></div></a>
+            <a href="#completed-projects" class="portal-dash-card"><div class="card-label">Completed</div><div class="card-count"><?php echo $completedProjects; ?></div></a>
+        </div>
+        <?php else: ?>
+        <p class="portal-section-title">My Overview</p>
+        <div class="portal-card-grid">
+            <a href="/client/proposals.php" class="portal-dash-card" style="<?php echo $proposalsMyReview > 0 ? 'border-color:rgba(251,191,36,.5);' : ''; ?>"><div class="card-label" style="<?php echo $proposalsMyReview > 0 ? 'color:#fbbf24;' : ''; ?>">Proposals to Review</div><div class="card-count" style="<?php echo $proposalsMyReview > 0 ? 'color:#fbbf24;' : ''; ?>"><?php echo $proposalsMyReview; ?></div></a>
+            <a href="/client/proposals.php" class="portal-dash-card"><div class="card-label">My Proposals</div><div class="card-count"><?php echo count(array_filter($proposals, function($p) use ($myUsername) { return (string)($p['client_username'] ?? '') === $myUsername || (string)($p['client_id'] ?? '') === $myUsername; })); ?></div></a>
+            <a href="#recent-projects" class="portal-dash-card"><div class="card-label">My Requests</div><div class="card-count"><?php echo count($visibleRequests); ?></div></a>
             <a href="#active-projects" class="portal-dash-card"><div class="card-label">Active Projects</div><div class="card-count"><?php echo $activeProjects; ?></div></a>
-            <a href="#pending-projects" class="portal-dash-card"><div class="card-label">Pending Projects</div><div class="card-count"><?php echo $pendingProjects; ?></div></a>
-            <a href="#completed-projects" class="portal-dash-card"><div class="card-label">Completed Projects</div><div class="card-count"><?php echo $completedProjects; ?></div></a>
-            <a href="#recent-activity" class="portal-dash-card"><div class="card-label">Awaiting Approval</div><div class="card-count"><?php echo $awaitingApproval; ?></div></a>
-            <a href="#recent-activity" class="portal-dash-card"><div class="card-label">Awaiting Signature</div><div class="card-count"><?php echo $awaitingSignature; ?></div></a>
         </div>
+        <?php endif; ?>
+
 
         <div class="portal-layout">
             <div class="portal-panel" id="recent-projects">
diff --git a/data/payments.json b/data/payments.json
new file mode 100644
index 0000000..76d501a
--- /dev/null
+++ b/data/payments.json
@@ -0,0 +1,3 @@
+{
+    "payments": []
+}
diff --git a/includes/portal-helpers.php b/includes/portal-helpers.php
index 474f30e..a5067a3 100644
--- a/includes/portal-helpers.php
+++ b/includes/portal-helpers.php
@@ -225,6 +225,8 @@ function portalRefreshVerificationTokenByEmail($email, &$userOut = null) {
 define('PORTAL_PROJECT_REQUESTS_FILE', PORTAL_DATA_DIR . '/project_requests.json');
 define('PORTAL_ESTIMATES_FILE',        PORTAL_DATA_DIR . '/estimate_requests.json');
 define('PORTAL_PROPOSALS_FILE',        PORTAL_DATA_DIR . '/proposals.json');
+define('PORTAL_PAYMENTS_FILE',         PORTAL_DATA_DIR . '/payments.json');
+define('PORTAL_PAYPAL_WEBHOOK_LOG',    PORTAL_DATA_DIR . '/paypal-webhook-log.json');
 define('PORTAL_PROJECT_AGREEMENTS_FILE', PORTAL_DATA_DIR . '/project_agreements.json');
 define('PORTAL_ADMIN_SETTINGS_FILE', PORTAL_DATA_DIR . '/admin_settings.json');
 
@@ -280,10 +282,32 @@ function portalSaveJson($file, $data) {
 function portalDefaultAdminSettings() {
     return [
         'paypal' => [
-            'client_id' => '',
-            'secret' => '',
-            'environment' => 'sandbox',
-            'business_email' => '',
+            'mode' => 'manual',
+            'sandbox' => [
+                'client_id'    => '',
+                'secret'       => '',
+                'business_email' => '',
+                'webhook_id'   => '',
+                'payment_link' => '',
+            ],
+            'live' => [
+                'client_id'    => '',
+                'secret'       => '',
+                'business_email' => '',
+                'webhook_id'   => '',
+                'payment_link' => '',
+            ],
+            'currency'                     => 'USD',
+            'invoice_message'              => '',
+            'payment_instructions'         => '',
+            'require_payment_before_work'  => true,
+            'enable_manual_recording'      => true,
+            'enable_webhook_logging'       => false,
+            // Legacy flat fields kept for backward compat
+            'client_id'     => '',
+            'secret'        => '',
+            'environment'   => 'sandbox',
+            'business_email'=> '',
             'invoice_defaults' => '',
         ],
         'email' => [
@@ -312,8 +336,12 @@ function portalLoadAdminSettings() {
     $emailStored = isset($stored['email']) && is_array($stored['email']) ? $stored['email'] : [];
     $siteStored = isset($stored['site']) && is_array($stored['site']) ? $stored['site'] : [];
     $businessStored = isset($stored['business']) && is_array($stored['business']) ? $stored['business'] : [];
+    $paypal = array_merge($defaults['paypal'], $paypalStored);
+    // Ensure nested sandbox/live sub-arrays are merged properly
+    $paypal['sandbox'] = array_merge($defaults['paypal']['sandbox'], isset($paypalStored['sandbox']) && is_array($paypalStored['sandbox']) ? $paypalStored['sandbox'] : []);
+    $paypal['live']    = array_merge($defaults['paypal']['live'],    isset($paypalStored['live'])    && is_array($paypalStored['live'])    ? $paypalStored['live']    : []);
     return [
-        'paypal' => array_merge($defaults['paypal'], $paypalStored),
+        'paypal' => $paypal,
         'email' => array_merge($defaults['email'], $emailStored),
         'site' => array_merge($defaults['site'], $siteStored),
         'business' => array_merge($defaults['business'], $businessStored),
@@ -324,8 +352,12 @@ function portalLoadAdminSettings() {
 
 function portalSaveAdminSettings(array $settings) {
     $defaults = portalDefaultAdminSettings();
+    $paypalIn = isset($settings['paypal']) && is_array($settings['paypal']) ? $settings['paypal'] : [];
+    $paypal = array_merge($defaults['paypal'], $paypalIn);
+    $paypal['sandbox'] = array_merge($defaults['paypal']['sandbox'], isset($paypalIn['sandbox']) && is_array($paypalIn['sandbox']) ? $paypalIn['sandbox'] : []);
+    $paypal['live']    = array_merge($defaults['paypal']['live'],    isset($paypalIn['live'])    && is_array($paypalIn['live'])    ? $paypalIn['live']    : []);
     $payload = [
-        'paypal' => array_merge($defaults['paypal'], isset($settings['paypal']) && is_array($settings['paypal']) ? $settings['paypal'] : []),
+        'paypal' => $paypal,
         'email' => array_merge($defaults['email'], isset($settings['email']) && is_array($settings['email']) ? $settings['email'] : []),
         'site' => array_merge($defaults['site'], isset($settings['site']) && is_array($settings['site']) ? $settings['site'] : []),
         'business' => array_merge($defaults['business'], isset($settings['business']) && is_array($settings['business']) ? $settings['business'] : []),
@@ -804,6 +836,49 @@ function portalSaveProposals(array $proposals) {
     return portalSaveJson(PORTAL_PROPOSALS_FILE, ['proposals' => array_values($proposals)]);
 }
 
+function portalGenerateUniqueProposalId() {
+    $proposals = portalLoadProposals();
+    $existing = [];
+    foreach ($proposals as $p) {
+        if (!empty($p['proposal_id'])) {
+            $existing[(string)$p['proposal_id']] = true;
+        }
+    }
+    $datePart = date('Ymd');
+    $attempts = 0;
+    do {
+        $id = 'PROP-' . $datePart . '-' . str_pad((string) random_int(1, 9999), 4, '0', STR_PAD_LEFT);
+        $attempts++;
+    } while (isset($existing[$id]) && $attempts < 10000);
+    return $id;
+}
+
+function portalGenerateUniquePaymentId() {
+    $payments = portalLoadPayments();
+    $existing = [];
+    foreach ($payments as $p) {
+        if (!empty($p['payment_id'])) {
+            $existing[(string)$p['payment_id']] = true;
+        }
+    }
+    $datePart = date('Ymd');
+    $attempts = 0;
+    do {
+        $id = 'PAY-' . $datePart . '-' . str_pad((string) random_int(1, 9999), 4, '0', STR_PAD_LEFT);
+        $attempts++;
+    } while (isset($existing[$id]) && $attempts < 10000);
+    return $id;
+}
+
+function portalLoadPayments() {
+    $data = portalLoadJson(PORTAL_PAYMENTS_FILE);
+    return isset($data['payments']) && is_array($data['payments']) ? $data['payments'] : [];
+}
+
+function portalSavePayments(array $payments) {
+    return portalSaveJson(PORTAL_PAYMENTS_FILE, ['payments' => array_values($payments)]);
+}
+
 function portalLoadProjectAgreements() {
     $data = portalLoadJson(PORTAL_PROJECT_AGREEMENTS_FILE);
     return isset($data['agreements']) && is_array($data['agreements']) ? $data['agreements'] : [];
diff --git a/paypal-webhook.php b/paypal-webhook.php
new file mode 100644
index 0000000..c59806d
--- /dev/null
+++ b/paypal-webhook.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * PayPal Webhook Placeholder — Runlevel Systems
+ *
+ * This endpoint receives PayPal webhook payloads and logs them for review.
+ * Live payment processing is NOT implemented yet.
+ *
+ * TODO: Verify PayPal webhook signature before trusting payment events.
+ * TODO: Match PayPal invoice/transaction ID to proposal_id.
+ * TODO: Update payments.json automatically after verification.
+ */
+
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/includes/portal-helpers.php';
+
+// Only accept POST requests
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    exit('Method Not Allowed');
+}
+
+$settings = portalLoadAdminSettings();
+$loggingEnabled = (bool)($settings['paypal']['enable_webhook_logging'] ?? false);
+
+// Read raw POST body
+$rawBody = file_get_contents('php://input');
+$payload = [];
+if ($rawBody !== false && trim($rawBody) !== '') {
+    $decoded = json_decode($rawBody, true);
+    $payload = is_array($decoded) ? $decoded : ['raw' => $rawBody];
+}
+
+$logEntry = [
+    'received_at'        => date('c'),
+    'remote_addr'        => $_SERVER['REMOTE_ADDR'] ?? '',
+    'content_type'       => $_SERVER['CONTENT_TYPE'] ?? '',
+    'paypal_event_type'  => $payload['event_type'] ?? '',
+    'paypal_event_id'    => $payload['id'] ?? '',
+    'payload_preview'    => array_slice($payload, 0, 20),
+    'note'               => 'Webhook received but not processed. Manual review required.',
+];
+
+if ($loggingEnabled) {
+    // Append to webhook log
+    $logFile = PORTAL_PAYPAL_WEBHOOK_LOG;
+    $log = [];
+    if (file_exists($logFile)) {
+        $existing = @json_decode(file_get_contents($logFile), true);
+        $log = (isset($existing['events']) && is_array($existing['events'])) ? $existing['events'] : [];
+    }
+    // Keep last 500 entries to prevent unbounded growth
+    $log[] = $logEntry;
+    if (count($log) > 500) {
+        $log = array_slice($log, -500);
+    }
+    portalSaveJson($logFile, ['events' => array_values($log)]);
+}
+
+// TODO: Verify PayPal webhook signature before trusting payment events.
+// TODO: Match PayPal invoice/transaction ID to proposal_id.
+// TODO: Update payments.json automatically after verification.
+
+http_response_code(200);
+header('Content-Type: application/json');
+echo json_encode(['status' => 'received', 'note' => 'Webhook logging only. Not processed.']);
diff --git a/settings.php b/settings.php
index 3654855..19fcc3b 100644
--- a/settings.php
+++ b/settings.php
@@ -7,36 +7,65 @@
 $current_page = 'dashboard';
 $header_class = 'inner-header';
 
-$user = portalGetUser();
+$user     = portalGetUser();
 $settings = portalLoadAdminSettings();
-$notice = '';
-$error = '';
+$notice   = '';
+$error    = '';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $paypal = $settings['paypal'];
-    $email = $settings['email'];
-    $site = $settings['site'];
+    $paypal   = $settings['paypal'];
+    $email    = $settings['email'];
+    $site     = $settings['site'];
     $business = $settings['business'];
 
-    $paypal['client_id'] = trim((string)($_POST['paypal_client_id'] ?? ''));
-    $paypal['secret'] = trim((string)($_POST['paypal_secret'] ?? ''));
-    $paypal['environment'] = trim((string)($_POST['paypal_environment'] ?? 'sandbox')) === 'production' ? 'production' : 'sandbox';
-    $paypal['business_email'] = trim((string)($_POST['paypal_business_email'] ?? ''));
-    $paypal['invoice_defaults'] = trim((string)($_POST['paypal_invoice_defaults'] ?? ''));
+    // PayPal general
+    $paypal['mode']     = in_array(trim((string)($_POST['paypal_mode'] ?? 'manual')), ['manual','sandbox','live'], true)
+                          ? trim((string)$_POST['paypal_mode']) : 'manual';
+    $paypal['currency'] = strtoupper(substr(trim((string)($_POST['paypal_currency'] ?? 'USD')), 0, 3));
+    $paypal['invoice_message']             = trim((string)($_POST['paypal_invoice_message']             ?? ''));
+    $paypal['payment_instructions']        = trim((string)($_POST['paypal_payment_instructions']        ?? ''));
+    $paypal['require_payment_before_work'] = (bool)($_POST['paypal_require_payment_before_work'] ?? false);
+    $paypal['enable_manual_recording']     = (bool)($_POST['paypal_enable_manual_recording']     ?? false);
+    $paypal['enable_webhook_logging']      = (bool)($_POST['paypal_enable_webhook_logging']      ?? false);
 
-    $email['from_name'] = trim((string)($_POST['email_from_name'] ?? ''));
+    // Sandbox credentials — only overwrite secret if a non-blank value is submitted
+    $paypal['sandbox']['client_id']     = trim((string)($_POST['sandbox_client_id']     ?? ''));
+    $paypal['sandbox']['business_email']= trim((string)($_POST['sandbox_business_email']?? ''));
+    $paypal['sandbox']['webhook_id']    = trim((string)($_POST['sandbox_webhook_id']    ?? ''));
+    $paypal['sandbox']['payment_link']  = trim((string)($_POST['sandbox_payment_link']  ?? ''));
+    $sbSecret = trim((string)($_POST['sandbox_secret'] ?? ''));
+    if ($sbSecret !== '') {
+        $paypal['sandbox']['secret'] = $sbSecret;
+    }
+
+    // Live credentials
+    $paypal['live']['client_id']     = trim((string)($_POST['live_client_id']     ?? ''));
+    $paypal['live']['business_email']= trim((string)($_POST['live_business_email']?? ''));
+    $paypal['live']['webhook_id']    = trim((string)($_POST['live_webhook_id']    ?? ''));
+    $paypal['live']['payment_link']  = trim((string)($_POST['live_payment_link']  ?? ''));
+    $liveSecret = trim((string)($_POST['live_secret'] ?? ''));
+    if ($liveSecret !== '') {
+        $paypal['live']['secret'] = $liveSecret;
+    }
+
+    $email['from_name']  = trim((string)($_POST['email_from_name']  ?? ''));
     $email['from_email'] = trim((string)($_POST['email_from_email'] ?? ''));
-    $email['reply_to'] = trim((string)($_POST['email_reply_to'] ?? ''));
+    $email['reply_to']   = trim((string)($_POST['email_reply_to']   ?? ''));
 
-    $site['company_name'] = trim((string)($_POST['site_company_name'] ?? 'Runlevel Systems'));
-    $site['support_email'] = trim((string)($_POST['site_support_email'] ?? ''));
-    $site['support_phone'] = trim((string)($_POST['site_support_phone'] ?? ''));
+    $site['company_name']   = trim((string)($_POST['site_company_name']   ?? 'Runlevel Systems'));
+    $site['support_email']  = trim((string)($_POST['site_support_email']  ?? ''));
+    $site['support_phone']  = trim((string)($_POST['site_support_phone']  ?? ''));
 
     $business['legal_name'] = trim((string)($_POST['business_legal_name'] ?? ''));
-    $business['address'] = trim((string)($_POST['business_address'] ?? ''));
+    $business['address']    = trim((string)($_POST['business_address']    ?? ''));
 
-    if ($paypal['business_email'] !== '' && !filter_var($paypal['business_email'], FILTER_VALIDATE_EMAIL)) {
-        $error = 'Please enter a valid PayPal business email.';
+    // Email validation
+    $sbEmailVal   = $paypal['sandbox']['business_email'];
+    $liveEmailVal = $paypal['live']['business_email'];
+    if ($sbEmailVal !== '' && !filter_var($sbEmailVal, FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid sandbox business email.';
+    } elseif ($liveEmailVal !== '' && !filter_var($liveEmailVal, FILTER_VALIDATE_EMAIL)) {
+        $error = 'Please enter a valid live business email.';
     } elseif ($email['from_email'] !== '' && !filter_var($email['from_email'], FILTER_VALIDATE_EMAIL)) {
         $error = 'Please enter a valid sender email.';
     } elseif ($email['reply_to'] !== '' && !filter_var($email['reply_to'], FILTER_VALIDATE_EMAIL)) {
@@ -47,21 +76,31 @@
 
     if ($error === '') {
         $settings = [
-            'paypal' => $paypal,
-            'email' => $email,
-            'site' => $site,
-            'business' => $business,
+            'paypal'     => $paypal,
+            'email'      => $email,
+            'site'       => $site,
+            'business'   => $business,
             'updated_at' => date('c'),
             'updated_by' => (string)($user['username'] ?? 'admin'),
         ];
         if (portalSaveAdminSettings($settings)) {
             $notice = 'Settings saved.';
+            $settings = portalLoadAdminSettings();
         } else {
             $error = 'Unable to save settings.';
         }
     }
 }
+
+// Helper: mask secret for display
+function maskSecret($val) {
+    $val = (string)$val;
+    if ($val === '') { return ''; }
+    if (strlen($val) <= 8) { return str_repeat('•', strlen($val)); }
+    return substr($val, 0, 4) . str_repeat('•', min(24, strlen($val) - 4));
+}
 ?>
+
 <!DOCTYPE html>
 <html lang="en">
 <head>
@@ -105,28 +144,73 @@
         <?php if ($error !== ''): ?><div class="error"><?php echo pe($error); ?></div><?php endif; ?>
 
         <form method="post" class="settings-grid">
-            <article class="settings-card">
+            <article class="settings-card" style="grid-column:1/-1;">
                 <h2>PayPal Settings</h2>
-                <p>PayPal Configuration (Admin Only).</p>
-                <label class="settings-label" for="paypal_client_id">Client ID</label>
-                <input class="settings-input" id="paypal_client_id" name="paypal_client_id" type="text" value="<?php echo pe($settings['paypal']['client_id'] ?? ''); ?>">
-
-                <label class="settings-label" for="paypal_secret">Secret</label>
-                <input class="settings-input" id="paypal_secret" name="paypal_secret" type="password" value="<?php echo pe($settings['paypal']['secret'] ?? ''); ?>">
+                <p>Configure PayPal mode and credentials. Secrets are masked after saving — enter a new value to update.</p>
 
-                <label class="settings-label" for="paypal_environment">Environment</label>
-                <select class="settings-select" id="paypal_environment" name="paypal_environment">
-                    <option value="sandbox" <?php echo ($settings['paypal']['environment'] ?? 'sandbox') === 'sandbox' ? 'selected' : ''; ?>>Sandbox</option>
-                    <option value="production" <?php echo ($settings['paypal']['environment'] ?? '') === 'production' ? 'selected' : ''; ?>>Production</option>
+                <label class="settings-label" for="paypal_mode">PayPal Mode</label>
+                <select class="settings-select" id="paypal_mode" name="paypal_mode">
+                    <option value="manual"  <?php echo ($settings['paypal']['mode'] ?? 'manual') === 'manual'  ? 'selected' : ''; ?>>Manual Invoice (send invoice/link manually)</option>
+                    <option value="sandbox" <?php echo ($settings['paypal']['mode'] ?? 'manual') === 'sandbox' ? 'selected' : ''; ?>>Sandbox API (testing)</option>
+                    <option value="live"    <?php echo ($settings['paypal']['mode'] ?? 'manual') === 'live'    ? 'selected' : ''; ?>>Live API (production)</option>
                 </select>
 
-                <label class="settings-label" for="paypal_business_email">Business Email</label>
-                <input class="settings-input" id="paypal_business_email" name="paypal_business_email" type="email" value="<?php echo pe($settings['paypal']['business_email'] ?? ''); ?>">
+                <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(260px,1fr));gap:12px;margin-top:14px;">
+                    <div>
+                        <div style="color:#36f3ff;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.05em;margin-bottom:8px;padding-bottom:4px;border-bottom:1px solid rgba(54,243,255,.14);">Sandbox Credentials</div>
+                        <label class="settings-label">Sandbox Client ID</label>
+                        <input class="settings-input" name="sandbox_client_id" type="text" value="<?php echo pe($settings['paypal']['sandbox']['client_id'] ?? ''); ?>">
+                        <label class="settings-label">Sandbox Secret <span style="color:#5a7a9e;font-size:.65rem;">(leave blank to keep existing)</span></label>
+                        <input class="settings-input" name="sandbox_secret" type="password" placeholder="<?php echo ($settings['paypal']['sandbox']['secret'] ?? '') !== '' ? maskSecret($settings['paypal']['sandbox']['secret']) : ''; ?>" autocomplete="new-password">
+                        <label class="settings-label">Sandbox Business Email</label>
+                        <input class="settings-input" name="sandbox_business_email" type="email" value="<?php echo pe($settings['paypal']['sandbox']['business_email'] ?? ''); ?>">
+                        <label class="settings-label">Sandbox Webhook ID <span style="color:#5a7a9e;font-size:.65rem;">(optional)</span></label>
+                        <input class="settings-input" name="sandbox_webhook_id" type="text" value="<?php echo pe($settings['paypal']['sandbox']['webhook_id'] ?? ''); ?>">
+                        <label class="settings-label">Sandbox PayPal.Me / Payment Link <span style="color:#5a7a9e;font-size:.65rem;">(optional)</span></label>
+                        <input class="settings-input" name="sandbox_payment_link" type="url" value="<?php echo pe($settings['paypal']['sandbox']['payment_link'] ?? ''); ?>">
+                    </div>
+                    <div>
+                        <div style="color:#ffc600;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.05em;margin-bottom:8px;padding-bottom:4px;border-bottom:1px solid rgba(255,198,0,.18);">Live Credentials</div>
+                        <label class="settings-label">Live Client ID</label>
+                        <input class="settings-input" name="live_client_id" type="text" value="<?php echo pe($settings['paypal']['live']['client_id'] ?? ''); ?>">
+                        <label class="settings-label">Live Secret <span style="color:#5a7a9e;font-size:.65rem;">(leave blank to keep existing)</span></label>
+                        <input class="settings-input" name="live_secret" type="password" placeholder="<?php echo ($settings['paypal']['live']['secret'] ?? '') !== '' ? maskSecret($settings['paypal']['live']['secret']) : ''; ?>" autocomplete="new-password">
+                        <label class="settings-label">Live Business Email</label>
+                        <input class="settings-input" name="live_business_email" type="email" value="<?php echo pe($settings['paypal']['live']['business_email'] ?? ''); ?>">
+                        <label class="settings-label">Live Webhook ID <span style="color:#5a7a9e;font-size:.65rem;">(optional)</span></label>
+                        <input class="settings-input" name="live_webhook_id" type="text" value="<?php echo pe($settings['paypal']['live']['webhook_id'] ?? ''); ?>">
+                        <label class="settings-label">Live PayPal.Me / Payment Link <span style="color:#5a7a9e;font-size:.65rem;">(optional)</span></label>
+                        <input class="settings-input" name="live_payment_link" type="url" value="<?php echo pe($settings['paypal']['live']['payment_link'] ?? ''); ?>">
+                    </div>
+                </div>
 
-                <label class="settings-label" for="paypal_invoice_defaults">Invoice Defaults</label>
-                <textarea class="settings-textarea" id="paypal_invoice_defaults" name="paypal_invoice_defaults"><?php echo pe($settings['paypal']['invoice_defaults'] ?? ''); ?></textarea>
+                <div style="margin-top:14px;padding-top:10px;border-top:1px solid rgba(54,243,255,.1);">
+                    <div style="color:#a8bedc;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.05em;margin-bottom:8px;">General PayPal Settings</div>
+                    <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(200px,1fr));gap:10px;">
+                        <div>
+                            <label class="settings-label" for="paypal_currency">Default Currency</label>
+                            <input class="settings-input" id="paypal_currency" name="paypal_currency" type="text" maxlength="3" value="<?php echo pe($settings['paypal']['currency'] ?? 'USD'); ?>">
+                        </div>
+                        <div style="display:flex;align-items:center;gap:8px;padding-top:18px;">
+                            <input type="checkbox" id="paypal_require_payment" name="paypal_require_payment_before_work" value="1" <?php echo !empty($settings['paypal']['require_payment_before_work']) ? 'checked' : ''; ?>>
+                            <label for="paypal_require_payment" class="settings-label" style="margin:0;text-transform:none;cursor:pointer;">Require payment before work begins</label>
+                        </div>
+                        <div style="display:flex;align-items:center;gap:8px;padding-top:18px;">
+                            <input type="checkbox" id="paypal_manual_recording" name="paypal_enable_manual_recording" value="1" <?php echo !empty($settings['paypal']['enable_manual_recording']) ? 'checked' : ''; ?>>
+                            <label for="paypal_manual_recording" class="settings-label" style="margin:0;text-transform:none;cursor:pointer;">Enable manual payment recording</label>
+                        </div>
+                        <div style="display:flex;align-items:center;gap:8px;padding-top:18px;">
+                            <input type="checkbox" id="paypal_webhook_logging" name="paypal_enable_webhook_logging" value="1" <?php echo !empty($settings['paypal']['enable_webhook_logging']) ? 'checked' : ''; ?>>
+                            <label for="paypal_webhook_logging" class="settings-label" style="margin:0;text-transform:none;cursor:pointer;">Enable webhook payload logging</label>
+                        </div>
+                    </div>
+                    <label class="settings-label" for="paypal_invoice_message" style="margin-top:10px;">Invoice Default Message</label>
+                    <textarea class="settings-textarea" id="paypal_invoice_message" name="paypal_invoice_message"><?php echo pe($settings['paypal']['invoice_message'] ?? ''); ?></textarea>
+                    <label class="settings-label" for="paypal_payment_instructions">Payment Instructions (shown to customer)</label>
+                    <textarea class="settings-textarea" id="paypal_payment_instructions" name="paypal_payment_instructions"><?php echo pe($settings['paypal']['payment_instructions'] ?? ''); ?></textarea>
+                </div>
 
-                <div style="margin-top:10px;"><button class="settings-btn" type="submit">Save Settings</button></div>
+                <div style="margin-top:12px;"><button class="settings-btn" type="submit">Save Settings</button></div>
             </article>
 
             <article class="settings-card">
diff --git a/staff/payment-record.php b/staff/payment-record.php
new file mode 100644
index 0000000..f2de75c
--- /dev/null
+++ b/staff/payment-record.php
@@ -0,0 +1,297 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+
+portalRequireStaff();
+
+$proposals = portalLoadProposals();
+
+$preloadProposalId = trim((string)($_GET['proposal_id'] ?? ''));
+
+$paymentTypes = [
+    'start_payment'   => 'Start Payment',
+    'milestone_payment'=> 'Milestone Payment',
+    'final_payment'   => 'Final Payment',
+    'manual_payment'  => 'Manual Payment',
+    'refund'          => 'Refund',
+];
+
+$paymentStatuses = [
+    'pending'   => 'Pending',
+    'received'  => 'Received',
+    'failed'    => 'Failed',
+    'refunded'  => 'Refunded',
+    'disputed'  => 'Disputed',
+];
+
+$milestoneStatuses = [
+    'not_started'       => 'Not Started',
+    'in_progress'       => 'In Progress',
+    'ready_for_review'  => 'Ready for Review',
+    'payment_due'       => 'Payment Due',
+    'paid'              => 'Paid',
+    'complete'          => 'Complete',
+];
+
+$notice = '';
+$error  = '';
+
+$form = [
+    'proposal_id'          => $preloadProposalId,
+    'payment_type'         => 'start_payment',
+    'milestone_index'      => '',
+    'amount'               => '',
+    'currency'             => 'USD',
+    'payment_status'       => 'received',
+    'paypal_transaction_id'=> '',
+    'paypal_invoice_id'    => '',
+    'paypal_payer_email'   => '',
+    'environment'          => 'live',
+    'notes'                => '',
+];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    foreach (array_keys($form) as $key) {
+        $form[$key] = trim((string)($_POST[$key] ?? ''));
+    }
+
+    if ($form['proposal_id'] === '' || $form['amount'] === '' || !is_numeric($form['amount'])) {
+        $error = 'Proposal and a valid amount are required.';
+    } else {
+        // Find proposal
+        $linkedProposal = null;
+        foreach ($proposals as $p) {
+            if ((string)($p['proposal_id'] ?? '') === $form['proposal_id']) {
+                $linkedProposal = $p;
+                break;
+            }
+        }
+        if ($linkedProposal === null) {
+            $error = 'Proposal not found.';
+        }
+    }
+
+    if ($error === '') {
+        $paymentId = portalGenerateUniquePaymentId();
+        $now = date('c');
+
+        $payment = [
+            'payment_id'            => $paymentId,
+            'proposal_id'           => $form['proposal_id'],
+            'request_id'            => (string)($linkedProposal['request_id'] ?? ''),
+            'client_id'             => (string)($linkedProposal['client_id'] ?? ''),
+            'payment_type'          => $form['payment_type'],
+            'milestone_index'       => $form['milestone_index'],
+            'amount'                => $form['amount'],
+            'currency'              => $form['currency'] !== '' ? $form['currency'] : 'USD',
+            'payment_status'        => $form['payment_status'],
+            'paypal_transaction_id' => $form['paypal_transaction_id'],
+            'paypal_invoice_id'     => $form['paypal_invoice_id'],
+            'paypal_payer_email'    => $form['paypal_payer_email'],
+            'environment'           => $form['environment'],
+            'notes'                 => $form['notes'],
+            'created_at'            => $now,
+            'recorded_at'           => $now,
+            'recorded_by'           => (string)((portalGetUser())['username'] ?? 'staff'),
+        ];
+
+        $payments = portalLoadPayments();
+        $payments[] = $payment;
+        portalSavePayments($payments);
+
+        // Update proposal status
+        $proposalStatus = (string)($linkedProposal['proposal_status'] ?? $linkedProposal['status'] ?? 'accepted');
+        $newStatus = $proposalStatus;
+
+        if ($form['payment_status'] === 'received') {
+            if ($form['payment_type'] === 'start_payment') {
+                $newStatus = 'paid_start';
+            } elseif ($form['payment_type'] === 'final_payment') {
+                $newStatus = 'completed';
+            }
+        }
+
+        $proposals = portalLoadProposals();
+        foreach ($proposals as &$p) {
+            if ((string)($p['proposal_id'] ?? '') !== $form['proposal_id']) { continue; }
+            $p['proposal_status'] = $newStatus;
+            $p['updated_at'] = $now;
+
+            // Update milestone status if applicable
+            if ($form['payment_type'] === 'milestone_payment' && $form['milestone_index'] !== '' && $form['payment_status'] === 'received') {
+                $msIdx = (int)$form['milestone_index'];
+                if (isset($p['milestones'][$msIdx])) {
+                    $p['milestones'][$msIdx]['milestone_status'] = 'paid';
+                }
+            }
+            break;
+        }
+        unset($p);
+        portalSaveProposals($proposals);
+
+        $notice = 'Payment recorded. Payment ID: ' . $paymentId;
+        $form = array_fill_keys(array_keys($form), '');
+        $form['proposal_id']    = $preloadProposalId;
+        $form['payment_type']   = 'start_payment';
+        $form['payment_status'] = 'received';
+        $form['environment']    = 'live';
+        $form['currency']       = 'USD';
+    }
+}
+
+// Build proposal options
+$proposalOptions = [];
+foreach ($proposals as $p) {
+    $pid = (string)($p['proposal_id'] ?? '');
+    if ($pid === '') { continue; }
+    $proposalOptions[$pid] = $pid . ' — ' . ($p['project_title'] ?? '') . ' (' . ($p['client_name'] ?? '') . ')';
+}
+
+// Selected proposal for milestone list
+$selectedProposal = null;
+foreach ($proposals as $p) {
+    if ((string)($p['proposal_id'] ?? '') === $form['proposal_id']) {
+        $selectedProposal = $p;
+        break;
+    }
+}
+
+$current_page = 'staff-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title>Record Payment | Staff | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:28px 0 70px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .grid2{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:10px;}
+        @media(max-width:640px){.grid2{grid-template-columns:1fr;}}
+        label{color:#a8bedc;font-size:.75rem;display:block;margin-bottom:4px;text-transform:uppercase;letter-spacing:.04em;}
+        .input,.textarea,.select{background:#09111d;color:#eaf3ff;border:1px solid rgba(54,243,255,.25);border-radius:6px;padding:8px 10px;width:100%;font-size:.86rem;}
+        .textarea{min-height:80px;resize:vertical;}
+        .btn{display:inline-block;border-radius:5px;padding:8px 14px;font-size:.84rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .notice{background:rgba(34,197,94,.16);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .error{background:rgba(239,68,68,.16);border:1px solid rgba(239,68,68,.35);color:#fecaca;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .section-label{color:#36f3ff;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.06em;margin:14px 0 8px;padding-bottom:4px;border-bottom:1px solid rgba(54,243,255,.12);}
+        .milestone-field{display:none;}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <div style="display:flex;justify-content:space-between;align-items:center;gap:8px;flex-wrap:wrap;margin-bottom:10px;">
+        <h1 style="margin:0;color:#ffc600;font-size:1.18rem;">Record Payment</h1>
+        <a href="/staff/proposals.php" class="btn btn-teal">← Proposals</a>
+    </div>
+
+    <?php if ($notice !== ''): ?><div class="notice"><?php echo pe($notice); ?></div><?php endif; ?>
+    <?php if ($error !== ''): ?><div class="error"><?php echo pe($error); ?></div><?php endif; ?>
+
+    <div class="card">
+        <p style="color:#7a9ac0;font-size:.82rem;margin:0 0 14px;">Manually record a PayPal or other payment for a proposal.</p>
+        <form method="post" onsubmit="return confirm('Record this payment?');">
+            <div class="section-label">Payment Details</div>
+            <div class="grid2">
+                <div>
+                    <label>Proposal *</label>
+                    <select class="select" name="proposal_id" required onchange="updateMilestoneField(this)">
+                        <option value="">— Select Proposal —</option>
+                        <?php foreach ($proposalOptions as $pid => $plabel): ?>
+                        <option value="<?php echo pe($pid); ?>" <?php echo $form['proposal_id'] === $pid ? 'selected' : ''; ?>><?php echo pe($plabel); ?></option>
+                        <?php endforeach; ?>
+                    </select>
+                </div>
+                <div>
+                    <label>Payment Type *</label>
+                    <select class="select" name="payment_type" onchange="toggleMilestoneField(this.value)">
+                        <?php foreach ($paymentTypes as $k => $v): ?>
+                        <option value="<?php echo pe($k); ?>" <?php echo $form['payment_type'] === $k ? 'selected' : ''; ?>><?php echo pe($v); ?></option>
+                        <?php endforeach; ?>
+                    </select>
+                </div>
+                <div id="milestone-index-wrap" class="milestone-field">
+                    <label>Milestone Number (0-based)</label>
+                    <input class="input" type="number" name="milestone_index" value="<?php echo pe($form['milestone_index']); ?>" min="0" max="4" placeholder="0">
+                </div>
+                <div>
+                    <label>Amount *</label>
+                    <input class="input" type="number" name="amount" step="0.01" min="0.01" value="<?php echo pe($form['amount']); ?>" required placeholder="e.g. 250.00">
+                </div>
+                <div>
+                    <label>Currency</label>
+                    <input class="input" type="text" name="currency" value="<?php echo pe($form['currency'] !== '' ? $form['currency'] : 'USD'); ?>" maxlength="3">
+                </div>
+                <div>
+                    <label>Payment Status</label>
+                    <select class="select" name="payment_status">
+                        <?php foreach ($paymentStatuses as $k => $v): ?>
+                        <option value="<?php echo pe($k); ?>" <?php echo $form['payment_status'] === $k ? 'selected' : ''; ?>><?php echo pe($v); ?></option>
+                        <?php endforeach; ?>
+                    </select>
+                </div>
+            </div>
+
+            <div class="section-label" style="margin-top:14px;">PayPal Details</div>
+            <div class="grid2">
+                <div>
+                    <label>PayPal Transaction ID</label>
+                    <input class="input" type="text" name="paypal_transaction_id" value="<?php echo pe($form['paypal_transaction_id']); ?>" placeholder="Optional">
+                </div>
+                <div>
+                    <label>PayPal Invoice ID</label>
+                    <input class="input" type="text" name="paypal_invoice_id" value="<?php echo pe($form['paypal_invoice_id']); ?>" placeholder="Optional">
+                </div>
+                <div>
+                    <label>Payer Email</label>
+                    <input class="input" type="email" name="paypal_payer_email" value="<?php echo pe($form['paypal_payer_email']); ?>" placeholder="Optional">
+                </div>
+                <div>
+                    <label>Environment</label>
+                    <select class="select" name="environment">
+                        <option value="live" <?php echo $form['environment'] === 'live' ? 'selected' : ''; ?>>Live</option>
+                        <option value="sandbox" <?php echo $form['environment'] === 'sandbox' ? 'selected' : ''; ?>>Sandbox</option>
+                        <option value="manual" <?php echo $form['environment'] === 'manual' ? 'selected' : ''; ?>>Manual / Other</option>
+                    </select>
+                </div>
+            </div>
+
+            <div style="margin-top:10px;">
+                <label>Notes</label>
+                <textarea class="textarea" name="notes"><?php echo pe($form['notes']); ?></textarea>
+            </div>
+
+            <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:14px;">
+                <button class="btn btn-gold" type="submit">Record Payment</button>
+                <a class="btn btn-teal" href="/staff/proposals.php">Cancel</a>
+            </div>
+        </form>
+    </div>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+<script>
+function toggleMilestoneField(type) {
+    var wrap = document.getElementById('milestone-index-wrap');
+    if (wrap) wrap.style.display = (type === 'milestone_payment') ? '' : 'none';
+}
+function updateMilestoneField(sel) {
+    // Could be extended to dynamically load milestone list
+}
+// Init
+toggleMilestoneField(document.querySelector('[name="payment_type"]').value);
+</script>
+</body>
+</html>
diff --git a/staff/proposal-edit.php b/staff/proposal-edit.php
new file mode 100644
index 0000000..5fdbf28
--- /dev/null
+++ b/staff/proposal-edit.php
@@ -0,0 +1,454 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+require_once __DIR__ . '/../includes/email.php';
+
+portalRequireStaff();
+
+$proposals    = portalLoadProposals();
+$requests     = portalLoadProjectRequests();
+
+$proposalStatuses = [
+    'draft'            => 'Draft',
+    'sent'             => 'Sent',
+    'changes_requested'=> 'Changes Requested',
+    'accepted'         => 'Accepted',
+    'payment_pending'  => 'Payment Pending',
+    'paid_start'       => 'Paid — Ready to Start',
+    'in_progress'      => 'In Progress',
+    'completed'        => 'Completed',
+    'cancelled'        => 'Cancelled',
+];
+
+$milestoneStatuses = [
+    'not_started'       => 'Not Started',
+    'in_progress'       => 'In Progress',
+    'ready_for_review'  => 'Ready for Review',
+    'payment_due'       => 'Payment Due',
+    'paid'              => 'Paid',
+    'complete'          => 'Complete',
+];
+
+$requestIdQuery  = trim((string)($_GET['request_id']  ?? ''));
+$proposalIdQuery = trim((string)($_GET['proposal_id'] ?? ''));
+$requestRecordId = '';
+
+$request  = null;
+$proposal = null;
+
+if ($proposalIdQuery !== '') {
+    foreach ($proposals as $row) {
+        if ((string)($row['proposal_id'] ?? '') === $proposalIdQuery) {
+            $proposal = $row;
+            $requestIdQuery = (string)($row['request_id'] ?? $requestIdQuery);
+            break;
+        }
+    }
+}
+
+if ($requestIdQuery !== '') {
+    foreach ($requests as $row) {
+        if (portalGetRequestDisplayId((array)$row) === $requestIdQuery) {
+            $request = portalNormalizeProjectRequest((array)$row);
+            $requestRecordId = (string)($row['id'] ?? '');
+            break;
+        }
+    }
+}
+
+$notice = '';
+$error  = '';
+
+// Build defaults from existing proposal or request
+$defaults = [
+    'proposal_id'            => $proposal['proposal_id'] ?? '',
+    'request_id'             => $requestIdQuery,
+    'client_id'              => $proposal['client_id'] ?? ($request['client_id'] ?? ''),
+    'client_name'            => $proposal['client_name'] ?? ($request['name'] ?? ''),
+    'client_email'           => $proposal['client_email'] ?? ($request['email'] ?? ''),
+    'client_username'        => $proposal['client_username'] ?? ($request['client_username'] ?? ''),
+    'project_title'          => $proposal['project_title'] ?? ($request['project_type'] ?? ''),
+    'proposal_status'        => $proposal['proposal_status'] ?? ($proposal['status'] ?? 'draft'),
+    'request_summary'        => $proposal['request_summary'] ?? ($request['description'] ?? ''),
+    'staff_review_notes'     => $proposal['staff_review_notes'] ?? ($proposal['staff_summary'] ?? ''),
+    'proposed_work'          => $proposal['proposed_work'] ?? '',
+    'deliverables'           => $proposal['deliverables'] ?? '',
+    'out_of_scope'           => $proposal['out_of_scope'] ?? '',
+    'timeline_estimate'      => $proposal['timeline_estimate'] ?? ($proposal['estimated_time'] ?? ($request['estimated_time_range'] ?? '')),
+    'total_price'            => $proposal['total_price'] ?? ($proposal['estimated_cost'] ?? ($request['estimated_cost_range'] ?? '')),
+    'amount_due_to_start'    => $proposal['amount_due_to_start'] ?? ($proposal['payment_required_to_begin'] ?? ''),
+    'payment_terms'          => $proposal['payment_terms'] ?? "Start payment required before work begins.\nRemaining balance due after milestone completion or final delivery.",
+    'customer_responsibilities' => $proposal['customer_responsibilities'] ?? "Customer must provide access, files, logins, repo links, screenshots, or other information needed to complete the work.",
+    'third_party_costs'      => $proposal['third_party_costs'] ?? "Assets, hosting, app store fees, licenses, paid APIs, plugins, or marketplace tools are not included unless specifically listed.",
+    'revision_terms'         => $proposal['revision_terms'] ?? "Small corrections related to agreed work are included. New requests or scope changes may require a revised proposal.",
+    'acceptance_statement'   => $proposal['acceptance_statement'] ?? "By accepting this proposal, the customer agrees that Runlevel Systems may begin work after the required starting payment is received.",
+    'requires_contract'      => $proposal['requires_contract'] ?? '0',
+    'contract_link'          => $proposal['contract_link'] ?? '',
+    'num_milestones'         => (string)($proposal['num_milestones'] ?? '0'),
+    'created_at'             => $proposal['created_at'] ?? '',
+    'updated_at'             => $proposal['updated_at'] ?? '',
+    'sent_at'                => $proposal['sent_at'] ?? '',
+    'accepted_at'            => $proposal['accepted_at'] ?? '',
+    'change_requested_at'    => $proposal['change_requested_at'] ?? '',
+];
+
+// Milestones array
+$existingMilestones = (isset($proposal['milestones']) && is_array($proposal['milestones'])) ? $proposal['milestones'] : [];
+
+$form = $defaults;
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $fields = array_keys($form);
+    foreach ($fields as $key) {
+        $form[$key] = trim((string)($_POST[$key] ?? ''));
+    }
+
+    if ($form['proposal_id'] === '') {
+        $form['proposal_id'] = portalGenerateUniqueProposalId();
+    }
+
+    if ($form['request_id'] === '' || $form['client_name'] === '' || $form['client_email'] === '') {
+        $error = 'Request ID, client name, and client email are required.';
+    } else {
+        $action = trim((string)($_POST['action'] ?? 'save_draft'));
+
+        // Status logic
+        if ($action === 'send_to_customer') {
+            $form['proposal_status'] = 'sent';
+            $form['sent_at'] = date('c');
+        } else {
+            if (!isset($proposalStatuses[$form['proposal_status']])) {
+                $form['proposal_status'] = 'draft';
+            }
+        }
+
+        // Parse milestones
+        $numMs = max(0, min(5, (int)$form['num_milestones']));
+        $form['num_milestones'] = (string)$numMs;
+        $milestones = [];
+        for ($i = 0; $i < $numMs; $i++) {
+            $milestones[] = [
+                'milestone_name'        => trim((string)($_POST['ms_name_'       . $i] ?? '')),
+                'milestone_description' => trim((string)($_POST['ms_desc_'       . $i] ?? '')),
+                'milestone_deliverables'=> trim((string)($_POST['ms_deliv_'      . $i] ?? '')),
+                'milestone_amount'      => trim((string)($_POST['ms_amount_'     . $i] ?? '')),
+                'milestone_trigger'     => trim((string)($_POST['ms_trigger_'    . $i] ?? '')),
+                'milestone_status'      => trim((string)($_POST['ms_status_'     . $i] ?? 'not_started')),
+            ];
+        }
+
+        $record = $form;
+        $record['milestones']  = $milestones;
+        $record['updated_at']  = date('c');
+        if (empty($record['created_at'])) {
+            $record['created_at'] = date('c');
+        }
+        // Remove legacy field aliases
+        unset($record['status']);
+
+        $proposals = portalLoadProposals();
+        $found = false;
+        foreach ($proposals as &$item) {
+            if ((string)($item['proposal_id'] ?? '') === $record['proposal_id']) {
+                $record['created_at'] = (string)($item['created_at'] ?? $record['created_at']);
+                $item = $record;
+                $found = true;
+                break;
+            }
+        }
+        unset($item);
+        if (!$found) {
+            $proposals[] = $record;
+        }
+        portalSaveProposals($proposals);
+
+        // Update linked request
+        $requests = portalLoadProjectRequests();
+        foreach ($requests as &$req) {
+            if (portalGetRequestDisplayId((array)$req) !== $record['request_id']) { continue; }
+            $ids = isset($req['proposal_ids']) && is_array($req['proposal_ids']) ? $req['proposal_ids'] : [];
+            if (!in_array($record['proposal_id'], $ids, true)) {
+                $ids[] = $record['proposal_id'];
+            }
+            $req['proposal_ids'] = array_values($ids);
+            if ($action === 'send_to_customer') {
+                $req['status'] = 'proposal_sent';
+            } elseif (in_array($req['status'] ?? '', ['new', 'reviewing'], true)) {
+                $req['status'] = 'proposal_drafted';
+            }
+            break;
+        }
+        unset($req);
+        portalSaveProjectRequests($requests);
+
+        if ($action === 'send_to_customer') {
+            $host = $_SERVER['HTTP_HOST'] ?? 'runlevel.systems';
+            $clientLink = 'https://' . $host . '/client/proposals.php';
+            send_project_proposal_email($record['client_email'], $record['client_name'], $record['request_id'], $clientLink);
+            $notice = 'Proposal sent to customer.';
+        } else {
+            $notice = 'Proposal saved.';
+        }
+
+        $proposal = $record;
+        $form = $record;
+        $existingMilestones = $milestones;
+    }
+}
+
+$numMsForm = max(0, min(5, (int)$form['num_milestones']));
+
+$current_page = 'staff-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title><?php echo $form['proposal_id'] !== '' ? 'Edit Proposal' : 'New Proposal'; ?> | Staff | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:28px 0 80px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .grid2{display:grid;grid-template-columns:repeat(2,minmax(0,1fr));gap:10px;}
+        @media(max-width:760px){.grid2{grid-template-columns:1fr;}}
+        label{color:#a8bedc;font-size:.75rem;display:block;margin-bottom:4px;text-transform:uppercase;letter-spacing:.04em;}
+        .input,.textarea,.select{background:#09111d;color:#eaf3ff;border:1px solid rgba(54,243,255,.25);border-radius:6px;padding:8px 10px;width:100%;font-size:.86rem;}
+        .textarea{min-height:100px;resize:vertical;}
+        .textarea-sm{min-height:70px;}
+        .btn{display:inline-block;border-radius:5px;padding:8px 12px;font-size:.82rem;border:none;font-weight:700;text-decoration:none;cursor:pointer;}
+        .btn-blue{background:#0a84ff;color:#fff;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .notice{background:rgba(34,197,94,.16);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .error{background:rgba(239,68,68,.16);border:1px solid rgba(239,68,68,.35);color:#fecaca;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .section-label{color:#36f3ff;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.06em;margin:18px 0 10px;padding-bottom:4px;border-bottom:1px solid rgba(54,243,255,.14);}
+        .milestone-card{background:#06101d;border:1px solid rgba(54,243,255,.15);border-radius:8px;padding:14px;margin-bottom:10px;}
+        .milestone-title{color:#ffc600;font-size:.8rem;font-weight:700;margin-bottom:10px;}
+        #milestone-container .grid2{margin-top:8px;}
+        .private-note{border-color:rgba(255,198,0,.25) !important;}
+        @media print{.no-print{display:none!important;} body{background:#fff;color:#000;} .card{border:1px solid #ccc;background:#fff;}}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <div style="display:flex;justify-content:space-between;gap:8px;align-items:center;flex-wrap:wrap;margin-bottom:6px;" class="no-print">
+        <a href="/staff/proposals.php" style="color:#36f3ff;font-size:.84rem;">← All Proposals</a>
+        <button type="button" class="btn btn-teal" onclick="window.print()">Print / Save PDF</button>
+    </div>
+
+    <?php if ($notice !== ''): ?><div class="notice"><?php echo pe($notice); ?></div><?php endif; ?>
+    <?php if ($error !== ''): ?><div class="error"><?php echo pe($error); ?></div><?php endif; ?>
+
+    <form method="post">
+        <div class="card">
+            <h1 style="margin:0 0 4px;color:#ffc600;font-size:1.2rem;"><?php echo $form['proposal_id'] !== '' ? 'Edit Proposal' : 'New Proposal'; ?></h1>
+            <p style="margin:0 0 14px;color:#7a9ac0;font-size:.82rem;">Runlevel Systems &mdash; Proposal Editor</p>
+
+            <div class="section-label">Proposal Info</div>
+            <div class="grid2">
+                <div>
+                    <label>Proposal ID</label>
+                    <input class="input" type="text" name="proposal_id" value="<?php echo pe($form['proposal_id']); ?>" readonly placeholder="Auto-generated">
+                </div>
+                <div>
+                    <label>Related Request ID</label>
+                    <input class="input" type="text" name="request_id" value="<?php echo pe($form['request_id']); ?>" placeholder="RLS-YYYYMMDD-XXXX">
+                </div>
+                <div>
+                    <label>Client Name</label>
+                    <input class="input" type="text" name="client_name" value="<?php echo pe($form['client_name']); ?>" required>
+                </div>
+                <div>
+                    <label>Client Email</label>
+                    <input class="input" type="email" name="client_email" value="<?php echo pe($form['client_email']); ?>" required>
+                </div>
+                <div>
+                    <label>Proposal Title</label>
+                    <input class="input" type="text" name="project_title" value="<?php echo pe($form['project_title']); ?>" placeholder="e.g. Website Redesign Project">
+                </div>
+                <div>
+                    <label>Status</label>
+                    <select class="select" name="proposal_status">
+                        <?php foreach ($proposalStatuses as $k => $v): ?>
+                        <option value="<?php echo pe($k); ?>" <?php echo $form['proposal_status'] === $k ? 'selected' : ''; ?>><?php echo pe($v); ?></option>
+                        <?php endforeach; ?>
+                    </select>
+                </div>
+            </div>
+        </div>
+
+        <div class="card">
+            <div class="section-label">Request & Work Details</div>
+
+            <div style="margin-bottom:10px;">
+                <label>Request Summary <span style="color:#5a7a9e;font-size:.7rem;">(what the customer asked for)</span></label>
+                <textarea class="textarea" name="request_summary"><?php echo pe($form['request_summary']); ?></textarea>
+            </div>
+
+            <div style="margin-bottom:10px;">
+                <label>Staff Review Notes <span style="color:#ffc600;font-size:.7rem;">PRIVATE — not visible to customer</span></label>
+                <textarea class="textarea private-note" name="staff_review_notes"><?php echo pe($form['staff_review_notes']); ?></textarea>
+            </div>
+
+            <div style="margin-bottom:10px;">
+                <label>Proposed Work <span style="color:#5a7a9e;font-size:.7rem;">(plain English explanation of what we will do)</span></label>
+                <textarea class="textarea" name="proposed_work"><?php echo pe($form['proposed_work']); ?></textarea>
+            </div>
+
+            <div style="margin-bottom:10px;">
+                <label>Deliverables <span style="color:#5a7a9e;font-size:.7rem;">(what the customer will receive)</span></label>
+                <textarea class="textarea" name="deliverables"><?php echo pe($form['deliverables']); ?></textarea>
+            </div>
+
+            <div style="margin-bottom:10px;">
+                <label>Out of Scope <span style="color:#5a7a9e;font-size:.7rem;">(what is not included unless separately approved)</span></label>
+                <textarea class="textarea textarea-sm" name="out_of_scope"><?php echo pe($form['out_of_scope']); ?></textarea>
+            </div>
+        </div>
+
+        <div class="card">
+            <div class="section-label">Pricing & Timeline</div>
+            <div class="grid2">
+                <div>
+                    <label>Timeline Estimate</label>
+                    <input class="input" type="text" name="timeline_estimate" value="<?php echo pe($form['timeline_estimate']); ?>" placeholder="e.g. 1-2 weeks">
+                </div>
+                <div>
+                    <label>Total Estimated Price ($)</label>
+                    <input class="input" type="text" name="total_price" value="<?php echo pe($form['total_price']); ?>" placeholder="e.g. 500">
+                </div>
+                <div>
+                    <label>Amount Due To Start ($)</label>
+                    <input class="input" type="text" name="amount_due_to_start" value="<?php echo pe($form['amount_due_to_start']); ?>" placeholder="e.g. 250">
+                </div>
+            </div>
+        </div>
+
+        <div class="card">
+            <div class="section-label">Milestones</div>
+            <div style="margin-bottom:12px;">
+                <label>Number of Milestones</label>
+                <select class="select" name="num_milestones" id="num-milestones-select" style="max-width:160px;" onchange="updateMilestones(this.value)">
+                    <?php for ($n = 0; $n <= 5; $n++): ?>
+                    <option value="<?php echo $n; ?>" <?php echo $numMsForm === $n ? 'selected' : ''; ?>><?php echo $n === 0 ? '0 — Simple Job' : $n; ?></option>
+                    <?php endfor; ?>
+                </select>
+                <p style="color:#7a9ac0;font-size:.78rem;margin:6px 0 0;">If 0: single start payment + final delivery. If 1+: milestone payments apply after start payment.</p>
+            </div>
+
+            <div id="milestone-container">
+            <?php for ($i = 0; $i < max($numMsForm, 5); $i++):
+                $ms = $existingMilestones[$i] ?? [];
+                $display = $i < $numMsForm ? '' : 'none';
+            ?>
+                <div class="milestone-card" id="ms-block-<?php echo $i; ?>" style="display:<?php echo $display; ?>;">
+                    <div class="milestone-title">Milestone <?php echo $i + 1; ?></div>
+                    <div class="grid2">
+                        <div>
+                            <label>Milestone Name</label>
+                            <input class="input" type="text" name="ms_name_<?php echo $i; ?>" value="<?php echo pe($ms['milestone_name'] ?? ''); ?>">
+                        </div>
+                        <div>
+                            <label>Amount Due ($)</label>
+                            <input class="input" type="text" name="ms_amount_<?php echo $i; ?>" value="<?php echo pe($ms['milestone_amount'] ?? ''); ?>" placeholder="e.g. 150">
+                        </div>
+                        <div>
+                            <label>Due / Trigger</label>
+                            <input class="input" type="text" name="ms_trigger_<?php echo $i; ?>" value="<?php echo pe($ms['milestone_trigger'] ?? ''); ?>" placeholder="e.g. Upon completion of phase 1">
+                        </div>
+                        <div>
+                            <label>Milestone Status</label>
+                            <select class="select" name="ms_status_<?php echo $i; ?>">
+                                <?php foreach ($milestoneStatuses as $mk => $mv): ?>
+                                <option value="<?php echo pe($mk); ?>" <?php echo ($ms['milestone_status'] ?? 'not_started') === $mk ? 'selected' : ''; ?>><?php echo pe($mv); ?></option>
+                                <?php endforeach; ?>
+                            </select>
+                        </div>
+                    </div>
+                    <div style="margin-top:8px;">
+                        <label>Milestone Description</label>
+                        <textarea class="textarea textarea-sm" name="ms_desc_<?php echo $i; ?>"><?php echo pe($ms['milestone_description'] ?? ''); ?></textarea>
+                    </div>
+                    <div style="margin-top:8px;">
+                        <label>Milestone Deliverables</label>
+                        <textarea class="textarea textarea-sm" name="ms_deliv_<?php echo $i; ?>"><?php echo pe($ms['milestone_deliverables'] ?? ''); ?></textarea>
+                    </div>
+                </div>
+            <?php endfor; ?>
+            </div>
+        </div>
+
+        <div class="card">
+            <div class="section-label">Terms & Conditions</div>
+
+            <div style="margin-bottom:10px;">
+                <label>Payment Terms</label>
+                <textarea class="textarea textarea-sm" name="payment_terms"><?php echo pe($form['payment_terms']); ?></textarea>
+            </div>
+            <div style="margin-bottom:10px;">
+                <label>Customer Responsibilities</label>
+                <textarea class="textarea textarea-sm" name="customer_responsibilities"><?php echo pe($form['customer_responsibilities']); ?></textarea>
+            </div>
+            <div style="margin-bottom:10px;">
+                <label>Third-Party Costs</label>
+                <textarea class="textarea textarea-sm" name="third_party_costs"><?php echo pe($form['third_party_costs']); ?></textarea>
+            </div>
+            <div style="margin-bottom:10px;">
+                <label>Revision / Change Terms</label>
+                <textarea class="textarea textarea-sm" name="revision_terms"><?php echo pe($form['revision_terms']); ?></textarea>
+            </div>
+            <div style="margin-bottom:10px;">
+                <label>Acceptance Statement</label>
+                <textarea class="textarea textarea-sm" name="acceptance_statement"><?php echo pe($form['acceptance_statement']); ?></textarea>
+            </div>
+
+            <div style="display:flex;align-items:center;gap:8px;margin-top:10px;">
+                <input type="checkbox" id="requires_contract" name="requires_contract" value="1" <?php echo $form['requires_contract'] === '1' ? 'checked' : ''; ?> onchange="toggleContractField(this)">
+                <label for="requires_contract" style="text-transform:none;letter-spacing:0;font-size:.84rem;cursor:pointer;">Requires a separate contract / project agreement</label>
+            </div>
+            <div id="contract-link-field" style="margin-top:8px;<?php echo $form['requires_contract'] !== '1' ? 'display:none;' : ''; ?>">
+                <label>Contract Link or Reference</label>
+                <input class="input" type="text" name="contract_link" value="<?php echo pe($form['contract_link']); ?>" placeholder="URL or reference number">
+            </div>
+        </div>
+
+        <div class="card no-print">
+            <div style="display:flex;gap:8px;flex-wrap:wrap;align-items:center;">
+                <button class="btn btn-blue" type="submit" name="action" value="save_draft">Save Draft</button>
+                <button class="btn btn-gold" type="submit" name="action" value="send_to_customer">Send To Customer</button>
+                <?php if ($form['proposal_id'] !== ''): ?>
+                <a class="btn btn-teal" href="/staff/proposal-view.php?proposal_id=<?php echo urlencode($form['proposal_id']); ?>">View Proposal</a>
+                <?php endif; ?>
+                <a class="btn btn-teal" href="/staff/proposals.php">All Proposals</a>
+            </div>
+        </div>
+    </form>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+<script>
+function updateMilestones(num) {
+    num = parseInt(num, 10);
+    for (var i = 0; i < 5; i++) {
+        var block = document.getElementById('ms-block-' + i);
+        if (block) {
+            block.style.display = (i < num) ? '' : 'none';
+        }
+    }
+}
+function toggleContractField(cb) {
+    var field = document.getElementById('contract-link-field');
+    if (field) field.style.display = cb.checked ? '' : 'none';
+}
+</script>
+</body>
+</html>
diff --git a/staff/proposal-send.php b/staff/proposal-send.php
new file mode 100644
index 0000000..20953ae
--- /dev/null
+++ b/staff/proposal-send.php
@@ -0,0 +1,141 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+require_once __DIR__ . '/../includes/email.php';
+
+portalRequireStaff();
+
+$proposalId = trim((string)($_GET['proposal_id'] ?? ''));
+$proposals  = portalLoadProposals();
+
+$proposal = null;
+foreach ($proposals as $row) {
+    if ((string)($row['proposal_id'] ?? '') === $proposalId) {
+        $proposal = $row;
+        break;
+    }
+}
+
+$notice = '';
+$error  = '';
+
+if ($proposal === null) {
+    $error = 'Proposal not found.';
+}
+
+if ($proposal !== null && $_SERVER['REQUEST_METHOD'] === 'POST') {
+    $confirmed = ($_POST['confirm'] ?? '') === '1';
+    if (!$confirmed) {
+        $error = 'Please check the confirmation box before sending.';
+    } else {
+        foreach ($proposals as &$p) {
+            if ((string)($p['proposal_id'] ?? '') === $proposalId) {
+                $p['proposal_status'] = 'sent';
+                $p['sent_at']         = date('c');
+                $p['updated_at']      = date('c');
+                $proposal = $p;
+                break;
+            }
+        }
+        unset($p);
+        portalSaveProposals($proposals);
+
+        $requests = portalLoadProjectRequests();
+        foreach ($requests as &$req) {
+            if (portalGetRequestDisplayId((array)$req) !== (string)($proposal['request_id'] ?? '')) { continue; }
+            $req['status'] = 'proposal_sent';
+            $req['updated_at'] = date('c');
+            break;
+        }
+        unset($req);
+        portalSaveProjectRequests($requests);
+
+        $host = $_SERVER['HTTP_HOST'] ?? 'runlevel.systems';
+        $clientLink = 'https://' . $host . '/client/proposals.php';
+        $sent = send_project_proposal_email(
+            (string)($proposal['client_email'] ?? ''),
+            (string)($proposal['client_name'] ?? ''),
+            (string)($proposal['request_id'] ?? ''),
+            $clientLink
+        );
+        if ($sent) {
+            $notice = 'Proposal sent to ' . htmlspecialchars((string)($proposal['client_email'] ?? ''), ENT_QUOTES, 'UTF-8') . '.';
+        } else {
+            $notice = 'Proposal status set to Sent. Email notification could not be delivered — check email settings.';
+        }
+    }
+}
+
+$current_page = 'staff-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title>Send Proposal | Staff | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:28px 0 70px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .btn{display:inline-block;border-radius:5px;padding:8px 14px;font-size:.84rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .notice{background:rgba(34,197,94,.16);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .error{background:rgba(239,68,68,.16);border:1px solid rgba(239,68,68,.35);color:#fecaca;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .lbl{color:#5a7a9e;font-size:.72rem;text-transform:uppercase;}
+        .val{color:#d8e7f7;font-size:.88rem;}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <a href="/staff/proposals.php" style="color:#36f3ff;font-size:.84rem;">← All Proposals</a>
+
+    <?php if ($notice !== ''): ?><div class="notice" style="margin-top:10px;"><?php echo pe($notice); ?></div><?php endif; ?>
+    <?php if ($error !== ''): ?><div class="error" style="margin-top:10px;"><?php echo pe($error); ?></div><?php endif; ?>
+
+    <?php if ($proposal !== null && $notice === ''): ?>
+    <div class="card" style="margin-top:10px;">
+        <h1 style="margin:0 0 12px;color:#ffc600;font-size:1.1rem;">Send Proposal to Customer</h1>
+        <div style="margin-bottom:8px;"><span class="lbl">Proposal</span><br><span class="val"><?php echo pe($proposal['proposal_id'] ?? ''); ?> — <?php echo pe($proposal['project_title'] ?? ''); ?></span></div>
+        <div style="margin-bottom:8px;"><span class="lbl">Customer</span><br><span class="val"><?php echo pe($proposal['client_name'] ?? ''); ?></span></div>
+        <div style="margin-bottom:8px;"><span class="lbl">Customer Email</span><br><span class="val"><?php echo pe($proposal['client_email'] ?? ''); ?></span></div>
+        <div style="margin-bottom:8px;"><span class="lbl">Total Price</span><br><span class="val" style="color:#86efac;"><?php echo $proposal['total_price'] !== '' ? '$' . pe($proposal['total_price'] ?? '') : '—'; ?></span></div>
+        <div style="margin-bottom:14px;"><span class="lbl">Amount Due To Start</span><br><span class="val" style="color:#ffc600;"><?php echo $proposal['amount_due_to_start'] !== '' ? '$' . pe($proposal['amount_due_to_start'] ?? '') : '—'; ?></span></div>
+
+        <form method="post">
+            <label style="display:flex;align-items:flex-start;gap:8px;color:#d8e7f7;font-size:.86rem;cursor:pointer;">
+                <input type="checkbox" name="confirm" value="1" style="margin-top:2px;">
+                <span>I have reviewed this proposal and it is ready to send to the customer. Sending will set the status to <strong>Sent</strong> and make it visible in the client portal.</span>
+            </label>
+            <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:12px;">
+                <button class="btn btn-gold" type="submit">Send Proposal</button>
+                <a class="btn btn-teal" href="/staff/proposal-view.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Review First</a>
+                <a class="btn btn-teal" href="/staff/proposal-edit.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Edit Proposal</a>
+            </div>
+        </form>
+    </div>
+    <?php endif; ?>
+
+    <?php if ($notice !== ''): ?>
+    <div class="card">
+        <p style="margin:0;color:#d8e7f7;">The proposal has been sent. The customer will see it in their client dashboard.</p>
+        <div style="display:flex;gap:8px;flex-wrap:wrap;margin-top:12px;">
+            <a class="btn btn-teal" href="/staff/proposals.php">All Proposals</a>
+            <a class="btn btn-teal" href="/staff/proposal-view.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">View Proposal</a>
+        </div>
+    </div>
+    <?php endif; ?>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+</body>
+</html>
diff --git a/staff/proposal-view.php b/staff/proposal-view.php
new file mode 100644
index 0000000..f28e2f6
--- /dev/null
+++ b/staff/proposal-view.php
@@ -0,0 +1,198 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+
+portalRequireStaff();
+
+$proposalId = trim((string)($_GET['proposal_id'] ?? ''));
+$proposal   = null;
+foreach (portalLoadProposals() as $row) {
+    if ((string)($row['proposal_id'] ?? '') === $proposalId) {
+        $proposal = $row;
+        break;
+    }
+}
+
+if ($proposal === null) {
+    http_response_code(404);
+}
+
+$statusLabels = [
+    'draft'            => 'Draft',
+    'sent'             => 'Sent',
+    'changes_requested'=> 'Changes Requested',
+    'accepted'         => 'Accepted',
+    'payment_pending'  => 'Payment Pending',
+    'paid_start'       => 'Paid — Ready to Start',
+    'in_progress'      => 'In Progress',
+    'completed'        => 'Completed',
+    'cancelled'        => 'Cancelled',
+];
+
+$milestoneStatuses = [
+    'not_started'       => 'Not Started',
+    'in_progress'       => 'In Progress',
+    'ready_for_review'  => 'Ready for Review',
+    'payment_due'       => 'Payment Due',
+    'paid'              => 'Paid',
+    'complete'          => 'Complete',
+];
+
+$changeRequests = (isset($proposal['change_requests']) && is_array($proposal['change_requests'])) ? $proposal['change_requests'] : [];
+
+$current_page = 'staff-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title>View Proposal | Staff | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:28px 0 70px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:18px;margin-bottom:14px;}
+        .lbl{color:#5a7a9e;font-size:.7rem;text-transform:uppercase;letter-spacing:.04em;margin-bottom:3px;}
+        .val{color:#d8e7f7;font-size:.88rem;white-space:pre-wrap;}
+        .mono{font-family:monospace;color:#ffc600;}
+        .btn{display:inline-block;border-radius:5px;padding:6px 12px;font-size:.8rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-blue{background:#0a84ff;color:#fff;}
+        .section-label{color:#36f3ff;font-size:.72rem;font-weight:700;text-transform:uppercase;letter-spacing:.06em;margin:14px 0 8px;padding-bottom:4px;border-bottom:1px solid rgba(54,243,255,.12);}
+        .field-row{margin-bottom:12px;}
+        .milestone-card{background:#06101d;border:1px solid rgba(54,243,255,.12);border-radius:8px;padding:12px;margin-bottom:8px;}
+        .milestone-title{color:#ffc600;font-size:.8rem;font-weight:700;margin-bottom:8px;}
+        .cr-card{background:#0a1628;border:1px solid rgba(255,198,0,.2);border-radius:8px;padding:12px;margin-bottom:8px;}
+        .private-badge{display:inline-block;background:rgba(255,198,0,.1);border:1px solid rgba(255,198,0,.3);color:#ffc600;border-radius:4px;padding:2px 6px;font-size:.65rem;font-weight:700;margin-left:6px;}
+        @media print{.no-print{display:none!important;} body{background:#fff;color:#000;} .card{border:1px solid #ccc;background:#fff;}}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <div style="display:flex;justify-content:space-between;gap:8px;align-items:center;flex-wrap:wrap;margin-bottom:8px;" class="no-print">
+        <a href="/staff/proposals.php" style="color:#36f3ff;font-size:.84rem;">← All Proposals</a>
+        <button type="button" class="btn btn-teal" onclick="window.print()">Print / PDF</button>
+    </div>
+
+    <?php if ($proposal === null): ?>
+        <div class="card"><p style="color:#fecaca;">Proposal not found.</p></div>
+    <?php else: ?>
+
+    <div class="card">
+        <div style="display:flex;justify-content:space-between;align-items:flex-start;gap:10px;flex-wrap:wrap;">
+            <div>
+                <h1 style="margin:0;color:#ffc600;font-size:1.2rem;"><?php echo pe($proposal['project_title'] ?? 'Project Proposal'); ?></h1>
+                <div style="color:#7a9ac0;font-size:.82rem;margin-top:3px;">Proposal ID: <span class="mono"><?php echo pe($proposal['proposal_id'] ?? ''); ?></span></div>
+            </div>
+            <?php
+                $status = (string)($proposal['proposal_status'] ?? $proposal['status'] ?? 'draft');
+                $label  = $statusLabels[$status] ?? ucfirst($status);
+            ?>
+            <span style="display:inline-block;padding:4px 12px;border-radius:999px;font-size:.75rem;font-weight:700;background:rgba(54,243,255,.1);border:1px solid rgba(54,243,255,.3);color:#36f3ff;"><?php echo pe($label); ?></span>
+        </div>
+
+        <div class="no-print" style="display:flex;gap:8px;flex-wrap:wrap;margin-top:12px;">
+            <a class="btn btn-blue" href="/staff/proposal-edit.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Edit</a>
+            <?php if (in_array($status, ['draft', 'changes_requested'], true)): ?>
+            <a class="btn btn-gold" href="/staff/proposal-send.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Send To Customer</a>
+            <?php endif; ?>
+            <?php if (in_array($status, ['accepted', 'payment_pending'], true)): ?>
+            <a class="btn btn-gold" href="/staff/payment-record.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Record Payment</a>
+            <?php endif; ?>
+        </div>
+    </div>
+
+    <div class="card">
+        <div class="section-label">Proposal Details</div>
+        <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(200px,1fr));gap:10px;">
+            <div class="field-row"><div class="lbl">Request ID</div><div class="val mono"><?php echo pe($proposal['request_id'] ?? ''); ?></div></div>
+            <div class="field-row"><div class="lbl">Client Name</div><div class="val"><?php echo pe($proposal['client_name'] ?? ''); ?></div></div>
+            <div class="field-row"><div class="lbl">Client Email</div><div class="val"><?php echo pe($proposal['client_email'] ?? ''); ?></div></div>
+            <div class="field-row"><div class="lbl">Total Price</div><div class="val" style="color:#86efac;font-weight:700;"><?php echo $proposal['total_price'] !== '' ? '$' . pe($proposal['total_price'] ?? '') : '—'; ?></div></div>
+            <div class="field-row"><div class="lbl">Amount Due To Start</div><div class="val" style="color:#ffc600;font-weight:700;"><?php echo $proposal['amount_due_to_start'] !== '' ? '$' . pe($proposal['amount_due_to_start'] ?? '') : '—'; ?></div></div>
+            <div class="field-row"><div class="lbl">Timeline</div><div class="val"><?php echo pe($proposal['timeline_estimate'] ?? ''); ?></div></div>
+            <div class="field-row"><div class="lbl">Created</div><div class="val"><?php $ts = strtotime((string)($proposal['created_at'] ?? '')); echo $ts ? pe(date('M j, Y g:i A', $ts)) : '—'; ?></div></div>
+            <div class="field-row"><div class="lbl">Last Updated</div><div class="val"><?php $ts = strtotime((string)($proposal['updated_at'] ?? '')); echo $ts ? pe(date('M j, Y g:i A', $ts)) : '—'; ?></div></div>
+            <div class="field-row"><div class="lbl">Sent At</div><div class="val"><?php $ts = strtotime((string)($proposal['sent_at'] ?? '')); echo $ts ? pe(date('M j, Y g:i A', $ts)) : '—'; ?></div></div>
+            <div class="field-row"><div class="lbl">Accepted At</div><div class="val"><?php $ts = strtotime((string)($proposal['accepted_at'] ?? '')); echo $ts ? pe(date('M j, Y g:i A', $ts)) : '—'; ?></div></div>
+        </div>
+    </div>
+
+    <div class="card">
+        <div class="section-label">Content</div>
+        <div class="field-row"><div class="lbl">Request Summary</div><div class="val"><?php echo pe($proposal['request_summary'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Staff Review Notes <span class="private-badge">PRIVATE</span></div><div class="val"><?php echo pe($proposal['staff_review_notes'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Proposed Work</div><div class="val"><?php echo pe($proposal['proposed_work'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Deliverables</div><div class="val"><?php echo pe($proposal['deliverables'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Out of Scope</div><div class="val"><?php echo pe($proposal['out_of_scope'] ?? ''); ?></div></div>
+    </div>
+
+    <?php $milestones = (isset($proposal['milestones']) && is_array($proposal['milestones'])) ? $proposal['milestones'] : []; ?>
+    <?php if (!empty($milestones)): ?>
+    <div class="card">
+        <div class="section-label">Milestones</div>
+        <p style="color:#7a9ac0;font-size:.8rem;margin:0 0 10px;">Amount Due To Start: <strong style="color:#ffc600;"><?php echo $proposal['amount_due_to_start'] !== '' ? '$' . pe($proposal['amount_due_to_start'] ?? '') : '—'; ?></strong> (due before work begins)</p>
+        <?php foreach ($milestones as $idx => $ms): ?>
+        <div class="milestone-card">
+            <div class="milestone-title">Milestone <?php echo $idx + 1; ?>: <?php echo pe($ms['milestone_name'] ?? ''); ?></div>
+            <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(160px,1fr));gap:8px;font-size:.82rem;">
+                <div><div class="lbl">Amount</div><div style="color:#86efac;font-weight:700;"><?php echo $ms['milestone_amount'] !== '' ? '$' . pe($ms['milestone_amount'] ?? '') : '—'; ?></div></div>
+                <div><div class="lbl">Trigger</div><div style="color:#d8e7f7;"><?php echo pe($ms['milestone_trigger'] ?? ''); ?></div></div>
+                <div><div class="lbl">Status</div><div style="color:#36f3ff;"><?php echo pe($milestoneStatuses[$ms['milestone_status'] ?? 'not_started'] ?? 'Not Started'); ?></div></div>
+            </div>
+            <?php if (!empty($ms['milestone_description'])): ?><div style="margin-top:8px;"><div class="lbl">Description</div><div class="val"><?php echo pe($ms['milestone_description']); ?></div></div><?php endif; ?>
+            <?php if (!empty($ms['milestone_deliverables'])): ?><div style="margin-top:8px;"><div class="lbl">Deliverables</div><div class="val"><?php echo pe($ms['milestone_deliverables']); ?></div></div><?php endif; ?>
+        </div>
+        <?php endforeach; ?>
+    </div>
+    <?php endif; ?>
+
+    <div class="card">
+        <div class="section-label">Terms</div>
+        <div class="field-row"><div class="lbl">Payment Terms</div><div class="val"><?php echo pe($proposal['payment_terms'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Customer Responsibilities</div><div class="val"><?php echo pe($proposal['customer_responsibilities'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Third-Party Costs</div><div class="val"><?php echo pe($proposal['third_party_costs'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Revision / Change Terms</div><div class="val"><?php echo pe($proposal['revision_terms'] ?? ''); ?></div></div>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Acceptance Statement</div><div class="val"><?php echo pe($proposal['acceptance_statement'] ?? ''); ?></div></div>
+        <?php if ($proposal['requires_contract'] === '1'): ?>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Contract</div><div class="val"><?php echo pe($proposal['contract_link'] ?? ''); ?></div></div>
+        <?php else: ?>
+        <div class="field-row" style="margin-top:10px;"><div class="lbl">Governing Terms</div><div class="val" style="color:#7a9ac0;">This proposal is governed by the Runlevel Systems Terms of Service.</div></div>
+        <?php endif; ?>
+    </div>
+
+    <?php if (!empty($changeRequests)): ?>
+    <div class="card">
+        <div class="section-label">Change Requests <span style="color:#ffc600;">(<?php echo count($changeRequests); ?>)</span></div>
+        <?php foreach ($changeRequests as $cr): ?>
+        <div class="cr-card">
+            <div style="display:flex;justify-content:space-between;gap:8px;margin-bottom:6px;flex-wrap:wrap;">
+                <span style="color:#ffc600;font-size:.75rem;font-weight:700;">Change Request</span>
+                <span style="color:#7a9ac0;font-size:.72rem;"><?php echo pe($cr['date'] ?? ''); ?></span>
+                <span style="display:inline-block;padding:1px 7px;border-radius:999px;font-size:.68rem;font-weight:700;background:rgba(251,191,36,.12);border:1px solid rgba(251,191,36,.3);color:#fbbf24;"><?php echo pe(ucfirst((string)($cr['status'] ?? 'open'))); ?></span>
+            </div>
+            <div style="color:#d8e7f7;font-size:.84rem;white-space:pre-wrap;"><?php echo pe($cr['message'] ?? ''); ?></div>
+            <?php if (!empty($cr['requested_budget'])): ?><div style="margin-top:4px;color:#7a9ac0;font-size:.78rem;">Requested budget: <?php echo pe($cr['requested_budget']); ?></div><?php endif; ?>
+            <?php if (!empty($cr['requested_timeline'])): ?><div style="color:#7a9ac0;font-size:.78rem;">Requested timeline: <?php echo pe($cr['requested_timeline']); ?></div><?php endif; ?>
+            <?php if (!empty($cr['requested_deliverable'])): ?><div style="color:#7a9ac0;font-size:.78rem;">Deliverable change: <?php echo pe($cr['requested_deliverable']); ?></div><?php endif; ?>
+        </div>
+        <?php endforeach; ?>
+        <a class="btn btn-blue no-print" href="/staff/proposal-edit.php?proposal_id=<?php echo urlencode((string)($proposal['proposal_id'] ?? '')); ?>">Review & Update Proposal →</a>
+    </div>
+    <?php endif; ?>
+
+    <?php endif; ?>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+</body>
+</html>
diff --git a/staff/proposals.php b/staff/proposals.php
new file mode 100644
index 0000000..36ffc3f
--- /dev/null
+++ b/staff/proposals.php
@@ -0,0 +1,179 @@
+<?php
+session_start();
+define('WDS_SYSTEM', true);
+require_once __DIR__ . '/../includes/portal-helpers.php';
+
+portalRequireStaff();
+
+$proposals = portalLoadProposals();
+
+usort($proposals, function ($a, $b) {
+    $ta = strtotime((string)($b['updated_at'] ?? $b['created_at'] ?? '')) ?: 0;
+    $tb = strtotime((string)($a['updated_at'] ?? $a['created_at'] ?? '')) ?: 0;
+    return $ta <=> $tb;
+});
+
+$statusLabels = [
+    'draft'            => 'Draft',
+    'sent'             => 'Sent',
+    'changes_requested'=> 'Changes Requested',
+    'accepted'         => 'Accepted',
+    'payment_pending'  => 'Payment Pending',
+    'paid_start'       => 'Paid — Ready',
+    'in_progress'      => 'In Progress',
+    'completed'        => 'Completed',
+    'cancelled'        => 'Cancelled',
+];
+
+$statusColors = [
+    'draft'            => '#7a9ac0',
+    'sent'             => '#36f3ff',
+    'changes_requested'=> '#ffc600',
+    'accepted'         => '#86efac',
+    'payment_pending'  => '#fbbf24',
+    'paid_start'       => '#34d399',
+    'in_progress'      => '#60a5fa',
+    'completed'        => '#4ade80',
+    'cancelled'        => '#ef4444',
+];
+
+$notice = '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $pid = trim((string)($_POST['proposal_id'] ?? ''));
+    $action = trim((string)($_POST['action'] ?? ''));
+    $proposals = portalLoadProposals();
+    foreach ($proposals as &$p) {
+        if ((string)($p['proposal_id'] ?? '') !== $pid) { continue; }
+        if ($action === 'cancel') {
+            $p['proposal_status'] = 'cancelled';
+            $p['updated_at'] = date('c');
+            $notice = 'Proposal cancelled.';
+        } elseif ($action === 'mark_accepted') {
+            $p['proposal_status'] = 'accepted';
+            $p['accepted_at'] = date('c');
+            $p['updated_at'] = date('c');
+            $notice = 'Proposal marked accepted.';
+        }
+        break;
+    }
+    unset($p);
+    portalSaveProposals($proposals);
+    $proposals = portalLoadProposals();
+}
+
+$current_page = 'staff-portal';
+$header_class = 'inner-header';
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="icon" type="image/png" href="../assets/images/RL-icon.png">
+    <title>Proposals | Staff | Runlevel Systems</title>
+    <link href="../assets/css/coreloop.css" rel="stylesheet">
+    <style>
+        .wrap{padding:28px 0 70px;}
+        .card{background:#0c1729;border:1px solid rgba(54,243,255,.18);border-radius:10px;padding:16px;margin-bottom:14px;}
+        .tbl{width:100%;border-collapse:collapse;font-size:.8rem;}
+        .tbl th{color:#5a7a9e;font-size:.68rem;text-transform:uppercase;padding:6px 8px;border-bottom:1px solid rgba(54,243,255,.12);white-space:nowrap;}
+        .tbl td{padding:8px 8px;border-bottom:1px solid rgba(54,243,255,.08);color:#d0e4f7;vertical-align:middle;}
+        .tbl tr:last-child td{border-bottom:none;}
+        .btn{display:inline-block;border-radius:4px;padding:3px 8px;font-size:.7rem;font-weight:700;text-decoration:none;border:none;cursor:pointer;}
+        .btn-blue{background:#0a84ff;color:#fff;}
+        .btn-teal{background:rgba(54,243,255,.12);border:1px solid rgba(54,243,255,.3);color:#36f3ff;}
+        .btn-gold{background:#ffc600;color:#08111f;}
+        .btn-red{background:rgba(239,68,68,.15);border:1px solid rgba(239,68,68,.35);color:#fca5a5;}
+        .mono{font-family:monospace;color:#ffc600;}
+        .notice{background:rgba(34,197,94,.14);border:1px solid rgba(34,197,94,.35);color:#86efac;border-radius:6px;padding:10px 12px;margin-bottom:10px;font-size:.84rem;}
+        .overflow-x{overflow-x:auto;}
+        @media(max-width:700px){.tbl{min-width:700px;}}
+    </style>
+</head>
+<body>
+<?php include __DIR__ . '/../includes/header.php'; ?>
+<?php include __DIR__ . '/../includes/navigation.php'; ?>
+<section class="wrap">
+<div class="container">
+    <div style="display:flex;justify-content:space-between;align-items:center;gap:10px;flex-wrap:wrap;margin-bottom:12px;">
+        <div>
+            <h1 style="margin:0;color:#ffc600;font-size:1.22rem;">Proposals</h1>
+            <p style="margin:4px 0 0;color:#7a9ac0;font-size:.8rem;">All client proposals.</p>
+        </div>
+        <div style="display:flex;gap:8px;flex-wrap:wrap;">
+            <a href="/staff/proposal-edit.php" class="btn btn-gold">+ New Proposal</a>
+            <a href="/staff/payment-record.php" class="btn btn-teal">Record Payment</a>
+            <a href="/dashboard.php" class="btn btn-teal">← Dashboard</a>
+        </div>
+    </div>
+
+    <?php if ($notice !== ''): ?><div class="notice"><?php echo pe($notice); ?></div><?php endif; ?>
+
+    <div class="card overflow-x">
+        <?php if (empty($proposals)): ?>
+            <p style="color:#7a9ac0;">No proposals yet. <a href="/staff/proposal-edit.php" style="color:#36f3ff;">Create one →</a></p>
+        <?php else: ?>
+        <table class="tbl">
+            <thead>
+                <tr>
+                    <th>Proposal ID</th>
+                    <th>Project Title</th>
+                    <th>Client</th>
+                    <th>Status</th>
+                    <th>Total</th>
+                    <th>Due To Start</th>
+                    <th>Updated</th>
+                    <th>Actions</th>
+                </tr>
+            </thead>
+            <tbody>
+            <?php foreach ($proposals as $p):
+                $pid = (string)($p['proposal_id'] ?? '');
+                $status = (string)($p['proposal_status'] ?? $p['status'] ?? 'draft');
+                $label = $statusLabels[$status] ?? ucfirst($status);
+                $color = $statusColors[$status] ?? '#7a9ac0';
+                $updatedTs = strtotime((string)($p['updated_at'] ?? $p['created_at'] ?? '')) ?: 0;
+            ?>
+                <tr>
+                    <td class="mono"><?php echo pe($pid); ?></td>
+                    <td><?php echo pe($p['project_title'] ?? ''); ?></td>
+                    <td style="color:#a8bedc;"><?php echo pe($p['client_name'] ?? ''); ?></td>
+                    <td><span style="display:inline-block;padding:2px 8px;border-radius:999px;font-size:.68rem;font-weight:700;background:<?php echo pe($color); ?>22;border:1px solid <?php echo pe($color); ?>55;color:<?php echo pe($color); ?>;"><?php echo pe($label); ?></span></td>
+                    <td style="color:#86efac;"><?php echo $p['total_price'] !== '' ? '$' . pe($p['total_price'] ?? '') : '—'; ?></td>
+                    <td style="color:#ffc600;"><?php echo $p['amount_due_to_start'] !== '' ? '$' . pe($p['amount_due_to_start'] ?? '') : '—'; ?></td>
+                    <td style="color:#5a7a9e;white-space:nowrap;"><?php echo $updatedTs > 0 ? pe(date('M j, Y', $updatedTs)) : '—'; ?></td>
+                    <td style="white-space:nowrap;">
+                        <a class="btn btn-teal" href="/staff/proposal-view.php?proposal_id=<?php echo urlencode($pid); ?>">View</a>
+                        <a class="btn btn-blue" href="/staff/proposal-edit.php?proposal_id=<?php echo urlencode($pid); ?>">Edit</a>
+                        <?php if (in_array($status, ['draft', 'changes_requested'], true)): ?>
+                        <a class="btn btn-gold" href="/staff/proposal-send.php?proposal_id=<?php echo urlencode($pid); ?>">Send</a>
+                        <?php endif; ?>
+                        <?php if ($status === 'sent'): ?>
+                        <form method="post" style="display:inline;">
+                            <input type="hidden" name="proposal_id" value="<?php echo pe($pid); ?>">
+                            <button class="btn btn-teal" type="submit" name="action" value="mark_accepted">Mark Accepted</button>
+                        </form>
+                        <?php endif; ?>
+                        <?php if (in_array($status, ['accepted', 'payment_pending'], true)): ?>
+                        <a class="btn btn-gold" href="/staff/payment-record.php?proposal_id=<?php echo urlencode($pid); ?>">Record Payment</a>
+                        <?php endif; ?>
+                        <?php if (!in_array($status, ['cancelled', 'completed'], true)): ?>
+                        <form method="post" style="display:inline;" onsubmit="return confirm('Cancel this proposal?');">
+                            <input type="hidden" name="proposal_id" value="<?php echo pe($pid); ?>">
+                            <button class="btn btn-red" type="submit" name="action" value="cancel">Cancel</button>
+                        </form>
+                        <?php endif; ?>
+                    </td>
+                </tr>
+            <?php endforeach; ?>
+            </tbody>
+        </table>
+        <?php endif; ?>
+    </div>
+</div>
+</section>
+<?php include __DIR__ . '/../includes/footer.php'; ?>
+<script src="../assets/js/jquery-1.12.3.min.js"></script>
+<script src="../assets/js/bootstrap.min.js"></script>
+</body>
+</html>