diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78781392..0da6b31a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,14 +21,42 @@
 # Changelog
 ## [Unreleased]
 
-## [02.44.00] --- 2026-06-20
+### Added
+- **Mirror Domains & Staging** — repeatable subform table in DevTools plugin for configuring domain aliases with per-alias offline bypass, robots directive, and labels
+- **Daily Support PIN** — HMAC-SHA256 rotating PIN shown on cpanel module, component dashboard, and HQ site cards
+- **Domain as support key** — click-to-copy domain in admin status bar
+- **Current IP display** — firewall plugin settings show admin's IP with copy button
+- **Heartbeat monitor** — consolidated into core plugin from retired monitor plugin, with diagnostic logging on all bail-out points
+- **Backup bridge plugin** — discovers MokoSuiteBackup's BackupStatusHelper and sends status in heartbeat payloads
+- **Activity log** — blockchain-style hash chain for tamper detection in MokoSuiteHQ
+- **Dev domain in heartbeat** — client sends dev alias to HQ for display on dashboard
+
+### Changed
+- **Plugin install** — self-healing: extracts plugin zips from package on every update, creates missing extension records with namespace
+- **Menu naming** — MokoSuiteClient displays as "MokoSuite", MokoSuiteHQ as "MokoHQ", others stripped of prefix
+- **Menu ordering** — HQ first, MokoSuite second, others alphabetical
+- **Cpanel module** — always starts collapsed, access level 3 (Special), pretty plugin badge labels
+- **Module namespaces** — fixed cpanel (MokoSuiteCpanel → MokoSuiteClientCpanel) and cache (MokoSuiteCache → MokoSuiteClientCache)
+- **Health checks** — return status:error on exceptions instead of false status:ok; MokoSuiteBackup detection queries correct table
+- **Heartbeat** — correct URL (suite.dev), correct API route (mokosuitehq), correct headers (X-MokoSuite-*), fresh RSA key pair
+- **Date formats** — all templates use Joomla locale-aware DATE_FORMAT_LC2/LC4
+- **Domains** — updated from waas.dev to suite.dev.mokoconsulting.tech throughout
+
+### Removed
+- **Helpdesk/tickets** — migrated to MokoSuiteCRM (issue #67)
+- **Monitor plugin** — retired, config consolidated into core plugin
+- **Backup bridge** — temporarily removed from package manifest (build pipeline issue)
+- **Update server migration** — removed migrateUpdateServerUrls, cleanupStaleUpdateSites, fixUpdateRecords, enableUpdateServer calls
+
+### Fixed
+- Plugin files installing to group root instead of element subdirectory (ALTER TABLE DEFAULT '' + empty element cleanup)
+- Orphan extension rows with empty element or display-name-as-element
+- Module not publishing (ensureAdminModule direct DB update bypasses checked_out)
+- RSA key pair had Windows line endings causing signature verification failure
+- Heartbeat connection failing due to wrong domain, route, and header names
 
 ## [02.44.00] --- 2026-06-20
 
-## [02.43.00] --- 2026-06-20
-
-## [02.43.00] --- 2026-06-20
-
 ## [02.42.00] --- 2026-06-20
 
 ## [02.42.00] --- 2026-06-20
diff --git a/README.md b/README.md
index 45b6b97d..620007d6 100644
--- a/README.md
+++ b/README.md
@@ -21,17 +21,40 @@
 [![Joomla](https://img.shields.io/badge/Joomla-5.x%20%7C%206.x-red.svg?logo=joomla&logoColor=white)](https://www.joomla.org)
 [![PHP](https://img.shields.io/badge/PHP-8.1%2B-777BB4.svg?logo=php&logoColor=white)](https://www.php.net)
 
-MokoSuiteClient is a Joomla 5.x / 6.x system plugin package that provides white-label branding, security hardening, tenant restrictions, health monitoring, and multi-domain management for the MokoSuiteClient platform.
+MokoSuiteClient is the Joomla 5.x / 6.x client-facing tracker and identity layer for the MokoSuite platform. It provides security hardening, health monitoring, privacy compliance, multi-domain management, and integration with MokoSuiteHQ for centralized site management.
 
 ## Features
 
-- **White-Label Branding** — configurable brand name, company, support URL, colors, favicon, custom CSS
-- **Tenant Restrictions** — master user enforcement, installer/sysinfo/config/template access control
-- **Health Monitoring** — 16 diagnostic checks via `/?mokosuiteclient=health` with Grafana auto-provisioning
-- **Site Aliases** — per-alias offline mode, robots directives, backend redirect, canonical URLs
-- **Remote API** — 6 endpoints (health, install, update, cache, backup, info)
-- **Security Hardening** — HTTPS enforcement, session timeouts, password policy, upload restrictions
-- **Plugin Protection** — protected status, hidden from non-master users, disable/uninstall blocked
+### Core
+- **Admin Dashboard** — site info, plugin status, quick actions, support PIN
+- **Health Monitoring** — 15 diagnostic checks via `/?mokosuiteclient=health`
+- **Heartbeat** — RSA-signed registration with MokoSuiteHQ, daily support PIN rotation
+- **Extension Catalog** — browse and install Moko Consulting extensions
+
+### Security (Firewall Plugin)
+- **Web Application Firewall** — SQL injection, XSS, RFI, directory traversal shields
+- **Security Headers** — X-Frame-Options, CSP, HSTS, Referrer-Policy, Permissions-Policy
+- **IP Management** — trusted IPs, blocklist, auto-ban on WAF threshold
+- **Password Policy** — min length, uppercase, number, special character requirements
+- **Access Control** — admin secret URL, frontend super user block, upload restrictions
+
+### Privacy Guard
+- **GDPR Compliance** — data subject requests, consent logging, retention policies
+- **User Data** — export, anonymize, or delete user data on request
+
+### DevTools
+- **Development Mode** — debug, cache disable, hit suppression
+- **Mirror Domains & Staging** — repeatable table of domain aliases with offline bypass and robots directives
+- **Maintenance** — reset hits, delete versions, reset download keys
+
+### Multi-Domain
+- **Site Aliases** — per-alias offline mode, robots directives, canonical URLs
+- **Offline Bypass** — TOS, privacy policy, and support pages remain accessible when site is offline
+
+### Integration
+- **MokoSuiteHQ** — heartbeat, health data, backup status, activity logging
+- **MokoSuiteBackup** — bridge plugin discovers BackupStatusHelper for heartbeat payloads
+- **Joomla** — guided tours, action logging, custom fields, scheduled tasks
 
 ## Requirements