ci: Bump version to 0.7.3 [skip ci]

flyer upload (anon) issues
ci: Bump version to 0.7.2 [skip ci]
2025-12-31 15:09:29 +05:00 · 2025-12-31 02:08:37 -08:00 · 2025-12-31 13:32:58 +05:00 · 2025-12-31 00:31:18 -08:00 · 2025-12-31 13:21:54 +05:00 · 2025-12-31 00:21:19 -08:00
177 changed files with 12245 additions and 4914 deletions
--- a/.gitea/workflows/deploy-to-prod.yml
+++ b/.gitea/workflows/deploy-to-prod.yml
@@ -138,6 +138,10 @@ jobs:
          cd /var/www/flyer-crawler.projectium.com
          npm install --omit=dev

+          # --- Cleanup Errored Processes ---
+          echo "Cleaning up errored or stopped PM2 processes..."
+          node -e "const exec = require('child_process').execSync; try { const list = JSON.parse(exec('pm2 jlist').toString()); list.forEach(p => { if (p.pm2_env.status === 'errored' || p.pm2_env.status === 'stopped') { console.log('Deleting ' + p.pm2_env.status + ' process: ' + p.name + ' (' + p.pm2_env.pm_id + ')'); try { exec('pm2 delete ' + p.pm2_env.pm_id); } catch(e) { console.error('Failed to delete ' + p.pm2_env.pm_id); } } }); } catch (e) { console.error('Error cleaning up processes:', e); }"
+
          # --- Version Check Logic ---
          # Get the version from the newly deployed package.json
          NEW_VERSION=$(node -p "require('./package.json').version")
@@ -154,7 +158,7 @@ jobs:
            else
              echo "Version mismatch (Running: $RUNNING_VERSION -> Deployed: $NEW_VERSION) or app not running. Reloading PM2..."
            fi
-            pm2 startOrReload ecosystem.config.cjs --env production && pm2 save
+            pm2 startOrReload ecosystem.config.cjs --env production --update-env && pm2 save
            echo "Production backend server reloaded successfully."
          else
            echo "Version $NEW_VERSION is already running. Skipping PM2 reload."
@@ -181,7 +185,17 @@ jobs:
      - name: Show PM2 Environment for Production
        run: |
          echo "--- Displaying recent PM2 logs for flyer-crawler-api ---"
-          sleep 5
-          pm2 describe flyer-crawler-api || echo "Could not find production pm2 process."
-          pm2 logs flyer-crawler-api --lines 20 --nostream || echo "Could not find production pm2 process."
-          pm2 env flyer-crawler-api || echo "Could not find production pm2 process."
+          sleep 5 # Wait a few seconds for the app to start and log its output.
+
+          # Resolve the PM2 ID dynamically to ensure we target the correct process
+          PM2_ID=$(pm2 jlist | node -e "try { const list = JSON.parse(require('fs').readFileSync(0, 'utf-8')); const app = list.find(p => p.name === 'flyer-crawler-api'); console.log(app ? app.pm2_env.pm_id : ''); } catch(e) { console.log(''); }")
+
+          if [ -n "$PM2_ID" ]; then
+            echo "Found process ID: $PM2_ID"
+            pm2 describe "$PM2_ID" || echo "Failed to describe process $PM2_ID"
+            pm2 logs "$PM2_ID" --lines 20 --nostream || echo "Failed to get logs for $PM2_ID"
+            pm2 env "$PM2_ID" || echo "Failed to get env for $PM2_ID"
+          else
+            echo "Could not find process 'flyer-crawler-api' in pm2 list."
+            pm2 list # Fallback to listing everything to help debug
+          fi
--- a/.gitea/workflows/deploy-to-test.yml
+++ b/.gitea/workflows/deploy-to-test.yml
@@ -90,10 +90,11 @@ jobs:
        # integration test suite can launch its own, fresh server instance.
        # '|| true' ensures the workflow doesn't fail if the process isn't running.
        run: |
-          pm2 stop flyer-crawler-api-test || true
-          pm2 stop flyer-crawler-worker-test || true
-          pm2 delete flyer-crawler-api-test || true
-          pm2 delete flyer-crawler-worker-test || true
+          echo "--- Stopping and deleting all test processes ---"
+          # Use a script to parse pm2's JSON output and delete any process whose name ends with '-test'.
+          # This is safer than 'pm2 delete all' and more robust than naming each process individually.
+          # It prevents the accumulation of duplicate processes from previous test runs.
+          node -e "const exec = require('child_process').execSync; try { const list = JSON.parse(exec('pm2 jlist').toString()); list.forEach(p => { if (p.name && p.name.endsWith('-test')) { console.log('Deleting test process: ' + p.name + ' (' + p.pm2_env.pm_id + ')'); try { exec('pm2 delete ' + p.pm2_env.pm_id); } catch(e) { console.error('Failed to delete ' + p.pm2_env.pm_id, e.message); } } }); console.log('✅ Test process cleanup complete.'); } catch (e) { if (e.stdout.toString().includes('No process found')) { console.log('No PM2 processes running, cleanup not needed.'); } else { console.error('Error cleaning up test processes:', e.message); } }" || true

      - name: Run All Tests and Generate Merged Coverage Report
        # This single step runs both unit and integration tests, then merges their
@@ -126,7 +127,7 @@ jobs:

          # --- Increase Node.js memory limit to prevent heap out of memory errors ---
          # This is crucial for memory-intensive tasks like running tests and coverage.
-          NODE_OPTIONS: '--max-old-space-size=8192'
+          NODE_OPTIONS: '--max-old-space-size=8192 --trace-warnings --unhandled-rejections=strict'

        run: |
          # Fail-fast check to ensure secrets are configured in Gitea for testing.
@@ -142,15 +143,48 @@ jobs:
          # The `|| true` ensures the workflow continues even if tests fail, allowing coverage to run.
          echo "--- Running Unit Tests ---"
          # npm run test:unit -- --coverage --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only || true
-          npm run test:unit -- --coverage --coverage.exclude='**/*.test.ts' --coverage.exclude='**/tests/**' --coverage.exclude='**/mocks/**' --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only  --no-file-parallelism || true
+          npm run test:unit -- --coverage \
+            --coverage.exclude='**/*.test.ts' \
+            --coverage.exclude='**/tests/**' \
+            --coverage.exclude='**/mocks/**' \
+            --coverage.exclude='src/components/icons/**' \
+            --coverage.exclude='src/db/**' \
+            --coverage.exclude='src/lib/**' \
+            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
+            --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only --no-file-parallelism || true

          echo "--- Running Integration Tests ---"
-          npm run test:integration -- --coverage --coverage.exclude='**/*.test.ts' --coverage.exclude='**/tests/**' --coverage.exclude='**/mocks/**' --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only || true
+          npm run test:integration -- --coverage \
+            --coverage.exclude='**/*.test.ts' \
+            --coverage.exclude='**/tests/**' \
+            --coverage.exclude='**/mocks/**' \
+            --coverage.exclude='src/components/icons/**' \
+            --coverage.exclude='src/db/**' \
+            --coverage.exclude='src/lib/**' \
+            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
+            --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only || true

          echo "--- Running E2E Tests ---"
          # Run E2E tests using the dedicated E2E config which inherits from integration config.
          # We still pass --coverage to enable it, but directory and timeout are now in the config.
-          npx vitest run --config vitest.config.e2e.ts --coverage --coverage.exclude='**/*.test.ts' --coverage.exclude='**/tests/**' --coverage.exclude='**/mocks/**' --reporter=verbose --no-file-parallelism || true
+          npx vitest run --config vitest.config.e2e.ts --coverage \
+            --coverage.exclude='**/*.test.ts' \
+            --coverage.exclude='**/tests/**' \
+            --coverage.exclude='**/mocks/**' \
+            --coverage.exclude='src/components/icons/**' \
+            --coverage.exclude='src/db/**' \
+            --coverage.exclude='src/lib/**' \
+            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
+            --reporter=verbose --no-file-parallelism || true

          # Re-enable secret masking for subsequent steps.
          echo "::secret-masking::"
@@ -221,7 +255,10 @@ jobs:
            --temp-dir "$NYC_SOURCE_DIR" \
            --exclude "**/*.test.ts" \
            --exclude "**/tests/**" \
-            --exclude "**/mocks/**"
+            --exclude "**/mocks/**" \
+            --exclude "**/index.tsx" \
+            --exclude "**/vite-env.d.ts" \
+            --exclude "**/vitest.setup.ts"

          # Re-enable secret masking for subsequent steps.
          echo "::secret-masking::"
@@ -234,16 +271,6 @@ jobs:
        if: always() # This step runs even if the previous test or coverage steps failed.
        run: echo "Skipping test artifact cleanup on runner; this is handled on the server."

-      - name: Deploy Coverage Report to Public URL
-        if: always()
-        run: |
-          TARGET_DIR="/var/www/flyer-crawler-test.projectium.com/coverage"
-          echo "Deploying HTML coverage report to $TARGET_DIR..."
-          mkdir -p "$TARGET_DIR"
-          rm -rf "$TARGET_DIR"/*
-          cp -r .coverage/* "$TARGET_DIR/"
-          echo "✅ Coverage report deployed to https://flyer-crawler-test.projectium.com/coverage"
-
      - name: Archive Code Coverage Report
        # This action saves the generated HTML coverage report as a downloadable artifact.
        uses: actions/upload-artifact@v3
@@ -283,7 +310,7 @@ jobs:
            echo "WARNING: No schema hash found in the test database."
            echo "This is expected for a first-time deployment. The hash will be set after a successful deployment."
            echo "--- Debug: Dumping schema_info table ---"
-            PGPASSWORD="$DB_PASSWORD" psql -v ON_ERROR_STOP=0 -h "$DB_HOST" -p 5432 -U "$DB_USER" -d "$DB_NAME" -c "SELECT * FROM public.schema_info;" || true
+            PGPASSWORD="$DB_PASSWORD" psql -v ON_ERROR_STOP=0 -h "$DB_HOST" -p 5432 -U "$DB_USER" -d "$DB_NAME" -P pager=off -c "SELECT * FROM public.schema_info;" || true
            echo "----------------------------------------"
            # We allow the deployment to continue, but a manual schema update is required.
            # You could choose to fail here by adding `exit 1`.
@@ -333,6 +360,17 @@ jobs:
          rsync -avz dist/ "$APP_PATH"
          echo "Application deployment complete."

+      - name: Deploy Coverage Report to Public URL
+        if: always()
+        run: |
+          TARGET_DIR="/var/www/flyer-crawler-test.projectium.com/coverage"
+          echo "Deploying HTML coverage report to $TARGET_DIR..."
+          mkdir -p "$TARGET_DIR"
+          rm -rf "$TARGET_DIR"/*
+          # The merged nyc report is generated in the .coverage directory. We copy its contents.
+          cp -r .coverage/* "$TARGET_DIR/"
+          echo "✅ Coverage report deployed to https://flyer-crawler-test.projectium.com/coverage"
+
      - name: Install Backend Dependencies and Restart Test Server
        env:
          # --- Test Secrets Injection ---
@@ -351,7 +389,7 @@ jobs:

          # Application Secrets
          FRONTEND_URL: 'https://flyer-crawler-test.projectium.com'
-          JWT_SECRET: ${{ secrets.JWT_SECRET_TEST }}
+          JWT_SECRET: ${{ secrets.JWT_SECRET }}
          GEMINI_API_KEY: ${{ secrets.VITE_GOOGLE_GENAI_API_KEY_TEST }}
          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}

@@ -365,18 +403,30 @@ jobs:

        run: |
          # Fail-fast check to ensure secrets are configured in Gitea.
-          if [ -z "$DB_HOST" ] || [ -z "$DB_USER" ] || [ -z "$DB_PASSWORD" ] || [ -z "$DB_NAME" ]; then
-            echo "ERROR: One or more test database secrets (DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE_TEST) are not set in Gitea repository settings."
+          MISSING_SECRETS=""
+          if [ -z "$DB_HOST" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_HOST"; fi
+          if [ -z "$DB_USER" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_USER"; fi
+          if [ -z "$DB_PASSWORD" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_PASSWORD"; fi
+          if [ -z "$DB_NAME" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_NAME"; fi
+          if [ -z "$JWT_SECRET" ]; then MISSING_SECRETS="${MISSING_SECRETS} JWT_SECRET"; fi
+
+          if [ ! -z "$MISSING_SECRETS" ]; then
+            echo "ERROR: The following required secrets are missing in Gitea:${MISSING_SECRETS}"
            exit 1
          fi

          echo "Installing production dependencies and restarting test server..."
          cd /var/www/flyer-crawler-test.projectium.com
          npm install --omit=dev
+
+          # --- Cleanup Errored Processes ---
+          echo "Cleaning up errored or stopped PM2 processes..."
+          node -e "const exec = require('child_process').execSync; try { const list = JSON.parse(exec('pm2 jlist').toString()); list.forEach(p => { if (p.pm2_env.status === 'errored' || p.pm2_env.status === 'stopped') { console.log('Deleting ' + p.pm2_env.status + ' process: ' + p.name + ' (' + p.pm2_env.pm_id + ')'); try { exec('pm2 delete ' + p.pm2_env.pm_id); } catch(e) { console.error('Failed to delete ' + p.pm2_env.pm_id); } } }); } catch (e) { console.error('Error cleaning up processes:', e); }"
+
          # Use `startOrReload` with the ecosystem file. This is the standard, idempotent way to deploy.
          # It will START the process if it's not running, or RELOAD it if it is.
          # We also add `&& pm2 save` to persist the process list across server reboots.
-          pm2 startOrReload ecosystem.config.cjs --env test && pm2 save
+          pm2 startOrReload ecosystem.config.cjs --env test --update-env && pm2 save
          echo "Test backend server reloaded successfully."

          # After a successful deployment, update the schema hash in the database.
@@ -411,7 +461,17 @@ jobs:
        run: |
          echo "--- Displaying recent PM2 logs for flyer-crawler-api-test ---"
          # After a reload, the server restarts. We'll show the last 20 lines of the log to see the startup messages.
-          sleep 5 # Wait a few seconds for the app to start and log its output.
-          pm2 describe flyer-crawler-api-test || echo "Could not find test pm2 process."
-          pm2 logs flyer-crawler-api-test --lines 20 --nostream || echo "Could not find test pm2 process."
-          pm2 env flyer-crawler-api-test || echo "Could not find test pm2 process."
+          sleep 5
+
+          # Resolve the PM2 ID dynamically to ensure we target the correct process
+          PM2_ID=$(pm2 jlist | node -e "try { const list = JSON.parse(require('fs').readFileSync(0, 'utf-8')); const app = list.find(p => p.name === 'flyer-crawler-api-test'); console.log(app ? app.pm2_env.pm_id : ''); } catch(e) { console.log(''); }")
+
+          if [ -n "$PM2_ID" ]; then
+            echo "Found process ID: $PM2_ID"
+            pm2 describe "$PM2_ID" || echo "Failed to describe process $PM2_ID"
+            pm2 logs "$PM2_ID" --lines 20 --nostream || echo "Failed to get logs for $PM2_ID"
+            pm2 env "$PM2_ID" || echo "Failed to get env for $PM2_ID"
+          else
+            echo "Could not find process 'flyer-crawler-api-test' in pm2 list."
+            pm2 list # Fallback to listing everything to help debug
+          fi
--- a/.gitea/workflows/manual-deploy-major.yml
+++ b/.gitea/workflows/manual-deploy-major.yml
@@ -137,6 +137,10 @@ jobs:
          cd /var/www/flyer-crawler.projectium.com
          npm install --omit=dev

+          # --- Cleanup Errored Processes ---
+          echo "Cleaning up errored or stopped PM2 processes..."
+          node -e "const exec = require('child_process').execSync; try { const list = JSON.parse(exec('pm2 jlist').toString()); list.forEach(p => { if (p.pm2_env.status === 'errored' || p.pm2_env.status === 'stopped') { console.log('Deleting ' + p.pm2_env.status + ' process: ' + p.name + ' (' + p.pm2_env.pm_id + ')'); try { exec('pm2 delete ' + p.pm2_env.pm_id); } catch(e) { console.error('Failed to delete ' + p.pm2_env.pm_id); } } }); } catch (e) { console.error('Error cleaning up processes:', e); }"
+
          # --- Version Check Logic ---
          # Get the version from the newly deployed package.json
          NEW_VERSION=$(node -p "require('./package.json').version")
@@ -153,7 +157,7 @@ jobs:
            else
              echo "Version mismatch (Running: $RUNNING_VERSION -> Deployed: $NEW_VERSION) or app not running. Reloading PM2..."
            fi
-            pm2 startOrReload ecosystem.config.cjs --env production && pm2 save
+            pm2 startOrReload ecosystem.config.cjs --env production --update-env && pm2 save
            echo "Production backend server reloaded successfully."
          else
            echo "Version $NEW_VERSION is already running. Skipping PM2 reload."
--- a/ecosystem.config.cjs
+++ b/ecosystem.config.cjs
@@ -3,22 +3,39 @@
 // It allows us to define all the settings for our application in one place.
 // The .cjs extension is required because the project's package.json has "type": "module".

+// --- Environment Variable Validation ---
+const requiredSecrets = ['DB_HOST', 'JWT_SECRET', 'GEMINI_API_KEY'];
+const missingSecrets = requiredSecrets.filter(key => !process.env[key]);
+
+if (missingSecrets.length > 0) {
+  console.warn('\n[ecosystem.config.cjs] ⚠️  WARNING: The following environment variables are MISSING in the shell:');
+  missingSecrets.forEach(key => console.warn(`   - ${key}`));
+  console.warn('[ecosystem.config.cjs] The application may crash if these are required for startup.\n');
+  process.exit(1); // Fail fast so PM2 doesn't attempt to start a broken app
+} else {
+  console.log('[ecosystem.config.cjs] ✅ Critical environment variables are present.');
+}
+
 module.exports = {
  apps: [
    {
      // --- API Server ---
-      // The name is now dynamically set based on the environment.
-      // This is a common pattern but requires you to call pm2 with the correct name.
-      // The deploy script handles this by using 'flyer-crawler-api' for prod and 'flyer-crawler-api-test' for test.
      name: 'flyer-crawler-api',
+      // Note: The process names below are referenced in .gitea/workflows/ for status checks.
      script: './node_modules/.bin/tsx',
-      args: 'server.ts', // tsx will execute this file
+      args: 'server.ts',
+      max_memory_restart: '500M',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
-        NODE_ENV: 'production', // Set the Node.js environment to production
+        NODE_ENV: 'production',
        name: 'flyer-crawler-api',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -38,10 +55,9 @@ module.exports = {
      },
      // Test Environment Settings
      env_test: {
-        NODE_ENV: 'test', // Set to 'test' to match the environment purpose and disable pino-pretty
+        NODE_ENV: 'test',
        name: 'flyer-crawler-api-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -65,7 +81,6 @@ module.exports = {
        name: 'flyer-crawler-api-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -88,13 +103,19 @@ module.exports = {
      // --- General Worker ---
      name: 'flyer-crawler-worker',
      script: './node_modules/.bin/tsx',
-      args: 'src/services/queueService.server.ts', // tsx will execute this file
+      args: 'src/services/worker.ts',
+      max_memory_restart: '1G',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
        NODE_ENV: 'production',
        name: 'flyer-crawler-worker',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -117,7 +138,6 @@ module.exports = {
        NODE_ENV: 'test',
        name: 'flyer-crawler-worker-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -141,7 +161,6 @@ module.exports = {
        name: 'flyer-crawler-worker-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -164,13 +183,19 @@ module.exports = {
      // --- Analytics Worker ---
      name: 'flyer-crawler-analytics-worker',
      script: './node_modules/.bin/tsx',
-      args: 'src/services/queueService.server.ts', // tsx will execute this file
+      args: 'src/services/worker.ts',
+      max_memory_restart: '1G',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
        NODE_ENV: 'production',
        name: 'flyer-crawler-analytics-worker',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -193,7 +218,6 @@ module.exports = {
        NODE_ENV: 'test',
        name: 'flyer-crawler-analytics-worker-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -217,7 +241,6 @@ module.exports = {
        name: 'flyer-crawler-analytics-worker-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
--- a/notes-to-ai4.txt
+++ b/notes-to-ai4.txt
@@ -0,0 +1,118 @@
+RULES:
+1) if you do not have a file that you need, stop, and request it immediately.
+2) never remove logging or comments
+3) you cannot ever use 'any' or 'unknown' to solve possible typescript issues
+4) when creating new files, output there entire path in your explanation, to make it easier to know where to save those new files and directories to
+5) add comments when you can, as that will help ensure ideas persist into the app
+6) Your knowledge of package version, like nodejs, is always old, like a year or more old - ask me for the best version to use, as your knowledge is incomplete
+7) Stop making predictions and/or guessing at solutions.  Focus on adding logging and debugging to issues that are not solved right away.
+8) Do not make obsequious statements - we're here to do a job, not get patted on the shoulder for insignificant achievements.
+9) Provide me with the npm command to execute rather than wanting to edit the package.json file. That is not the correct way to handle a package update.
+10) Provide the code solution in DIFF format for brevity.
+11) Always add logging and debugging to prove a solution works, and only remove logging and debugging when it is not possible to adapt it to the new conditions.
+
+
+
+
+
+UPC SCANNING !
+
+EXPIRY DATES !
+
+
+
+
+are there any other unit test files that should be refactored :
+
+Extract Shared Utility Functions Several utility functions are duplicated across multiple route files.
+
+Update Route Files to Use New Utilities route files will be updated to import these new utility functions
+
+
+
+
+
+
+
+
+Review the `getJobStatus` API client function and add more robust error handling for non-JSON responses.
+
+
+
+
+
+
+
+Review the `src/services/apiClient.test.ts` file. It seems to have a lot of manual data creation for API payloads. Can we refactor it to use factories where appropriate, or create new factories for API payloads if needed?
+
+
+
+The `useApi` hook has complex state management. Can you suggest a way to simplify it, perhaps by using a reducer or a state machine?
+
+
+
+
+
+Are there any opportunities to improve the mock factories themselves, for example, by adding more realistic default data?
+
+Now that the user creation is centralized, can we add more complex test user scenarios to the helper, like a user with a pre-existing shopping list?
+
+
+
+
+
+
+
+How can I add a new "Recipes Created" stat to the AdminStatsPage and its tests?
+
+NO CODE just outline the steps
+
+
+Gemini
+Outlining the Implementation Path
+Gemini 2.5 generated this response due to high traffic on Gemini 3
+
+Of course! Here is a step-by-step outline of how to add a new "Recipes Created" statistic to your AdminStatsPage.
+
+Backend Steps
+
+
+Update Database Query:
+
+In the database repository file responsible for fetching admin statistics (e.g., admin.db.ts), you'll need to add a query that performs a COUNT(*) on your recipes table.
+
+
+Update Service Layer:
+
+The service function that aggregates the statistics (which is called by your API controller) needs to be modified to execute the new recipe count query.
+The result of this query should be added to the statistics object that is returned.
+
+
+Update API Endpoint:
+
+The controller for the /api/admin/stats endpoint must be updated to include the new recipeCount field in the JSON object it sends to the frontend.
+Frontend Steps
+
+
+Update AppStats Type:
+
+In src/services/apiClient.ts, where the AppStats type is defined, add the new property: recipeCount: number;.
+Update Mock Factory:
+
+In src/tests/utils/mockFactories.ts, modify the createMockAppStats function. Add recipeCount to the defaultStats object with a default value (e.g., recipeCount: 500). This ensures any test that uses the factory will not break due to the missing property.
+
+
+
+
+
+Update AdminStatsPage Component (AdminStatsPage.tsx):
+
+Import a suitable icon for recipes, like BookOpenIcon, at the top of the file.
+Inside the main div where the other StatCard components are rendered, add a new one for the recipe count:
+jsx
+<StatCard title="Total Recipes" value={stats.recipeCount.toLocaleString()} icon={<BookOpenIcon className="w-6 h-6" />} />
+Update AdminStatsPage Tests (AdminStatsPage.test.tsx):
+
+In the test 'should display stats cards when data is fetched successfully', update the mockStats object to include a value for recipeCount. Add a new expect assertion to verify that the "Total Recipes" title and its corresponding value are rendered.
+In the test 'should format large numbers with commas for readability', add a large number for recipeCount in the mock data and assert that it is rendered with commas.
+In the test 'should correctly display zero values for all stats', add recipeCount: 0 to the mock data and increase the expected count of "0" elements found in the document from 5 to 6.
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,22 +1,24 @@
 {
  "name": "flyer-crawler",
-  "version": "0.1.6",
+  "version": "0.7.3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "flyer-crawler",
-      "version": "0.1.6",
+      "version": "0.7.3",
      "dependencies": {
        "@bull-board/api": "^6.14.2",
        "@bull-board/express": "^6.14.2",
        "@google/genai": "^1.30.0",
+        "@tanstack/react-query": "^5.90.12",
        "@types/connect-timeout": "^1.9.0",
        "bcrypt": "^5.1.1",
        "bullmq": "^5.65.1",
        "connect-timeout": "^1.9.1",
        "cookie-parser": "^1.4.7",
        "date-fns": "^4.1.0",
+        "exif-parser": "^0.1.12",
        "express": "^5.1.0",
        "express-list-endpoints": "^7.1.1",
        "express-rate-limit": "^8.2.1",
@@ -34,6 +36,7 @@
        "passport-local": "^1.0.0",
        "pdfjs-dist": "^5.4.394",
        "pg": "^8.16.3",
+        "piexifjs": "^1.0.6",
        "pino": "^10.1.0",
        "react": "^19.2.0",
        "react-dom": "^19.2.0",
@@ -65,6 +68,7 @@
        "@types/passport-jwt": "^4.0.1",
        "@types/passport-local": "^1.0.38",
        "@types/pg": "^8.15.6",
+        "@types/piexifjs": "^1.0.0",
        "@types/pino": "^7.0.4",
        "@types/react": "^19.2.7",
        "@types/react-dom": "^19.2.3",
@@ -4882,6 +4886,32 @@
      "dev": true,
      "license": "MIT"
    },
+    "node_modules/@tanstack/query-core": {
+      "version": "5.90.12",
+      "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.90.12.tgz",
+      "integrity": "sha512-T1/8t5DhV/SisWjDnaiU2drl6ySvsHj1bHBCWNXd+/T+Hh1cf6JodyEYMd5sgwm+b/mETT4EV3H+zCVczCU5hg==",
+      "license": "MIT",
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/tannerlinsley"
+      }
+    },
+    "node_modules/@tanstack/react-query": {
+      "version": "5.90.12",
+      "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.12.tgz",
+      "integrity": "sha512-graRZspg7EoEaw0a8faiUASCyJrqjKPdqJ9EwuDRUF9mEYJ1YPczI9H+/agJ0mOJkPCJDk0lsz5QTrLZ/jQ2rg==",
+      "license": "MIT",
+      "dependencies": {
+        "@tanstack/query-core": "5.90.12"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/tannerlinsley"
+      },
+      "peerDependencies": {
+        "react": "^18 || ^19"
+      }
+    },
    "node_modules/@testcontainers/postgresql": {
      "version": "11.10.0",
      "resolved": "https://registry.npmjs.org/@testcontainers/postgresql/-/postgresql-11.10.0.tgz",
@@ -5408,6 +5438,13 @@
        "pg-types": "^2.2.0"
      }
    },
+    "node_modules/@types/piexifjs": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@types/piexifjs/-/piexifjs-1.0.0.tgz",
+      "integrity": "sha512-PPiGeCkmkZQgYjvqtjD3kp4OkbCox2vEFVuK4DaLVOIazJLAXk+/ujbizkIPH5CN4AnN9Clo5ckzUlaj3+SzCA==",
+      "dev": true,
+      "license": "MIT"
+    },
    "node_modules/@types/pino": {
      "version": "7.0.4",
      "resolved": "https://registry.npmjs.org/@types/pino/-/pino-7.0.4.tgz",
@@ -8938,6 +8975,11 @@
        "bare-events": "^2.7.0"
      }
    },
+    "node_modules/exif-parser": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/exif-parser/-/exif-parser-0.1.12.tgz",
+      "integrity": "sha512-c2bQfLNbMzLPmzQuOr8fy0csy84WmwnER81W88DzTp9CYNPJ6yzOj2EZAh9pywYpqHnshVLHQJ8WzldAyfY+Iw=="
+    },
    "node_modules/expect-type": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
@@ -13336,6 +13378,12 @@
        "url": "https://github.com/sponsors/jonschlinkert"
      }
    },
+    "node_modules/piexifjs": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/piexifjs/-/piexifjs-1.0.6.tgz",
+      "integrity": "sha512-0wVyH0cKohzBQ5Gi2V1BuxYpxWfxF3cSqfFXfPIpl5tl9XLS5z4ogqhUCD20AbHi0h9aJkqXNJnkVev6gwh2ag==",
+      "license": "MIT"
+    },
    "node_modules/pino": {
      "version": "10.1.0",
      "resolved": "https://registry.npmjs.org/pino/-/pino-10.1.0.tgz",
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "flyer-crawler",
  "private": true,
-  "version": "0.1.6",
+  "version": "0.7.3",
  "type": "module",
  "scripts": {
    "dev": "concurrently \"npm:start:dev\" \"vite\"",
@@ -30,12 +30,14 @@
    "@bull-board/api": "^6.14.2",
    "@bull-board/express": "^6.14.2",
    "@google/genai": "^1.30.0",
+    "@tanstack/react-query": "^5.90.12",
    "@types/connect-timeout": "^1.9.0",
    "bcrypt": "^5.1.1",
    "bullmq": "^5.65.1",
    "connect-timeout": "^1.9.1",
    "cookie-parser": "^1.4.7",
    "date-fns": "^4.1.0",
+    "exif-parser": "^0.1.12",
    "express": "^5.1.0",
    "express-list-endpoints": "^7.1.1",
    "express-rate-limit": "^8.2.1",
@@ -53,6 +55,7 @@
    "passport-local": "^1.0.0",
    "pdfjs-dist": "^5.4.394",
    "pg": "^8.16.3",
+    "piexifjs": "^1.0.6",
    "pino": "^10.1.0",
    "react": "^19.2.0",
    "react-dom": "^19.2.0",
@@ -84,6 +87,7 @@
    "@types/passport-jwt": "^4.0.1",
    "@types/passport-local": "^1.0.38",
    "@types/pg": "^8.15.6",
+    "@types/piexifjs": "^1.0.0",
    "@types/pino": "^7.0.4",
    "@types/react": "^19.2.7",
    "@types/react-dom": "^19.2.3",
--- a/sql/initial_schema.sql
+++ b/sql/initial_schema.sql
@@ -115,6 +115,7 @@ CREATE TABLE IF NOT EXISTS public.flyers (
  valid_from DATE,
  valid_to DATE,
  store_address TEXT,
+  status TEXT DEFAULT 'processed' NOT NULL CHECK (status IN ('processed', 'needs_review', 'archived')),
  item_count INTEGER DEFAULT 0 NOT NULL,
  uploaded_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
@@ -130,11 +131,13 @@ COMMENT ON COLUMN public.flyers.store_id IS 'Foreign key linking this flyer to a
 COMMENT ON COLUMN public.flyers.valid_from IS 'The start date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.valid_to IS 'The end date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.store_address IS 'The physical store address if it was successfully extracted from the flyer image.';
+COMMENT ON COLUMN public.flyers.status IS 'The processing status of the flyer, e.g., if it needs manual review.';
 COMMENT ON COLUMN public.flyers.item_count IS 'A cached count of the number of items in this flyer, maintained by a trigger.';
 COMMENT ON COLUMN public.flyers.uploaded_by IS 'The user who uploaded the flyer. Can be null for anonymous or system uploads.';

 CREATE INDEX IF NOT EXISTS idx_flyers_created_at ON public.flyers (created_at DESC);
 CREATE INDEX IF NOT EXISTS idx_flyers_valid_to_file_name ON public.flyers (valid_to DESC, file_name ASC);
+CREATE INDEX IF NOT EXISTS idx_flyers_status ON public.flyers(status);
 -- 7. The 'master_grocery_items' table. This is the master dictionary.
 CREATE TABLE IF NOT EXISTS public.master_grocery_items (
    master_grocery_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
--- a/sql/master_schema_rollup.sql
+++ b/sql/master_schema_rollup.sql
@@ -131,6 +131,7 @@ CREATE TABLE IF NOT EXISTS public.flyers (
    valid_from DATE,
    valid_to DATE,
    store_address TEXT,
+  status TEXT DEFAULT 'processed' NOT NULL CHECK (status IN ('processed', 'needs_review', 'archived')),
    item_count INTEGER DEFAULT 0 NOT NULL,
    uploaded_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
@@ -146,11 +147,13 @@ COMMENT ON COLUMN public.flyers.store_id IS 'Foreign key linking this flyer to a
 COMMENT ON COLUMN public.flyers.valid_from IS 'The start date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.valid_to IS 'The end date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.store_address IS 'The physical store address if it was successfully extracted from the flyer image.';
+COMMENT ON COLUMN public.flyers.status IS 'The processing status of the flyer, e.g., if it needs manual review.';
 COMMENT ON COLUMN public.flyers.item_count IS 'A cached count of the number of items in this flyer, maintained by a trigger.';
 COMMENT ON COLUMN public.flyers.uploaded_by IS 'The user who uploaded the flyer. Can be null for anonymous or system uploads.';

 CREATE INDEX IF NOT EXISTS idx_flyers_created_at ON public.flyers (created_at DESC);
 CREATE INDEX IF NOT EXISTS idx_flyers_valid_to_file_name ON public.flyers (valid_to DESC, file_name ASC);
+CREATE INDEX IF NOT EXISTS idx_flyers_status ON public.flyers(status);
 -- 7. The 'master_grocery_items' table. This is the master dictionary.
 CREATE TABLE IF NOT EXISTS public.master_grocery_items (
    master_grocery_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
--- a/src/App.test.tsx
+++ b/src/App.test.tsx
@@ -20,6 +20,7 @@ import {
  mockUseUserData,
  mockUseFlyerItems,
 } from './tests/setup/mockHooks';
+import { useAppInitialization } from './hooks/useAppInitialization';

 // Mock top-level components rendered by App's routes

@@ -52,6 +53,9 @@ vi.mock('./hooks/useFlyerItems', async () => {
  return { useFlyerItems: hooks.mockUseFlyerItems };
 });

+vi.mock('./hooks/useAppInitialization');
+const mockedUseAppInitialization = vi.mocked(useAppInitialization);
+
 vi.mock('./hooks/useAuth', async () => {
  const hooks = await import('./tests/setup/mockHooks');
  return { useAuth: hooks.mockUseAuth };
@@ -122,7 +126,23 @@ vi.mock('./layouts/MainLayout', async () => {
  return { MainLayout: MockMainLayout };
 });

-const mockedAiApiClient = vi.mocked(aiApiClient); // Mock aiApiClient
+vi.mock('./components/AppGuard', async () => {
+  // We need to use the real useModal hook inside our mock AppGuard
+  const { useModal } = await vi.importActual<typeof import('./hooks/useModal')>('./hooks/useModal');
+  return {
+    AppGuard: ({ children }: { children: React.ReactNode }) => {
+      const { isModalOpen } = useModal();
+      return (
+        <div data-testid="app-guard-mock">
+          {children}
+          {isModalOpen('whatsNew') && <div data-testid="whats-new-modal-mock" />}
+        </div>
+      );
+    },
+  };
+});
+
+const mockedAiApiClient = vi.mocked(aiApiClient);
 const mockedApiClient = vi.mocked(apiClient);

 const mockFlyers: Flyer[] = [
@@ -131,33 +151,6 @@ const mockFlyers: Flyer[] = [
 ];

 describe('App Component', () => {
-  // Mock localStorage
-  let storage: { [key: string]: string } = {};
-  const localStorageMock = {
-    getItem: vi.fn((key: string) => storage[key] || null),
-    setItem: vi.fn((key: string, value: string) => {
-      storage[key] = value;
-    }),
-    removeItem: vi.fn((key: string) => {
-      delete storage[key];
-    }),
-    clear: vi.fn(() => {
-      storage = {};
-    }),
-  };
-
-  // Mock matchMedia
-  const matchMediaMock = vi.fn().mockImplementation((query) => ({
-    matches: false, // Default to light mode
-    media: query,
-    onchange: null,
-    addListener: vi.fn(), // deprecated
-    removeListener: vi.fn(), // deprecated
-    addEventListener: vi.fn(),
-    removeEventListener: vi.fn(),
-    dispatchEvent: vi.fn(),
-  }));
-
  beforeEach(() => {
    console.log('[TEST DEBUG] beforeEach: Clearing mocks and setting up defaults');
    vi.clearAllMocks();
@@ -205,11 +198,9 @@ describe('App Component', () => {
    mockUseFlyerItems.mockReturnValue({
      flyerItems: [],
      isLoading: false,
+      error: null,
    });
-    // Clear local storage to prevent state from leaking between tests.
-    localStorage.clear();
-    Object.defineProperty(window, 'localStorage', { value: localStorageMock, configurable: true });
-    Object.defineProperty(window, 'matchMedia', { value: matchMediaMock, configurable: true });
+    mockedUseAppInitialization.mockReturnValue({ isDarkMode: false, unitSystem: 'imperial' });

    // Default mocks for API calls
    // Use mockImplementation to create a new Response object for each call,
@@ -261,6 +252,7 @@ describe('App Component', () => {

  it('should render the main layout and header', async () => {
    // Simulate the auth hook finishing its initial check
+    mockedUseAppInitialization.mockReturnValue({ isDarkMode: false, unitSystem: 'imperial' });
    mockUseAuth.mockReturnValue({
      userProfile: null,
      authStatus: 'SIGNED_OUT',
@@ -272,6 +264,7 @@ describe('App Component', () => {

    renderApp();
    await waitFor(() => {
+      expect(screen.getByTestId('app-guard-mock')).toBeInTheDocument();
      expect(screen.getByTestId('header-mock')).toBeInTheDocument();
      // Check that the main layout and home page are rendered for the root path
      expect(screen.getByTestId('main-layout-mock')).toBeInTheDocument();
@@ -364,193 +357,6 @@ describe('App Component', () => {
    });
  });

-  describe('Theme and Unit System Synchronization', () => {
-    it('should set dark mode based on user profile preferences', async () => {
-      console.log(
-        '[TEST DEBUG] Test Start: should set dark mode based on user profile preferences',
-      );
-      const profileWithDarkMode: UserProfile = createMockUserProfile({
-        user: createMockUser({ user_id: 'user-1', email: 'dark@mode.com' }),
-        role: 'user',
-        points: 0,
-        preferences: { darkMode: true },
-      });
-      mockUseAuth.mockReturnValue({
-        userProfile: profileWithDarkMode,
-        authStatus: 'AUTHENTICATED',
-        isLoading: false,
-        login: vi.fn(),
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      console.log('[TEST DEBUG] Rendering App');
-      renderApp();
-      // The useEffect that sets the theme is asynchronous. We must wait for the update.
-      await waitFor(() => {
-        console.log(
-          '[TEST DEBUG] Checking for dark class. Current classes:',
-          document.documentElement.className,
-        );
-        expect(document.documentElement).toHaveClass('dark');
-      });
-    });
-
-    it('should set light mode based on user profile preferences', async () => {
-      const profileWithLightMode: UserProfile = createMockUserProfile({
-        user: createMockUser({ user_id: 'user-1', email: 'light@mode.com' }),
-        role: 'user',
-        points: 0,
-        preferences: { darkMode: false },
-      });
-      mockUseAuth.mockReturnValue({
-        userProfile: profileWithLightMode,
-        authStatus: 'AUTHENTICATED',
-        isLoading: false,
-        login: vi.fn(),
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-      renderApp();
-      await waitFor(() => {
-        expect(document.documentElement).not.toHaveClass('dark');
-      });
-    });
-
-    it('should set dark mode based on localStorage if profile has no preference', async () => {
-      localStorageMock.setItem('darkMode', 'true');
-      renderApp();
-      await waitFor(() => {
-        expect(document.documentElement).toHaveClass('dark');
-      });
-    });
-
-    it('should set dark mode based on system preference if no other setting exists', async () => {
-      matchMediaMock.mockImplementationOnce((query) => ({ matches: true, media: query }));
-      renderApp();
-      await waitFor(() => {
-        expect(document.documentElement).toHaveClass('dark');
-      });
-    });
-
-    it('should set unit system based on user profile preferences', async () => {
-      const profileWithMetric: UserProfile = createMockUserProfile({
-        user: createMockUser({ user_id: 'user-1', email: 'metric@user.com' }),
-        role: 'user',
-        points: 0,
-        preferences: { unitSystem: 'metric' },
-      });
-      mockUseAuth.mockReturnValue({
-        userProfile: profileWithMetric,
-        authStatus: 'AUTHENTICATED',
-        isLoading: false,
-        login: vi.fn(),
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      renderApp();
-      // The unit system is passed as a prop to Header, which is mocked.
-      // We can't directly see the result in the DOM easily, so we trust the state is set.
-      // A more integrated test would be needed to verify the Header receives the prop.
-      // For now, this test ensures the useEffect logic runs without crashing.
-      await waitFor(() => {
-        expect(screen.getByTestId('header-mock')).toBeInTheDocument();
-      });
-    });
-  });
-
-  describe('OAuth Token Handling', () => {
-    it('should call login when a googleAuthToken is in the URL', async () => {
-      console.log(
-        '[TEST DEBUG] Test Start: should call login when a googleAuthToken is in the URL',
-      );
-      const mockLogin = vi.fn().mockResolvedValue(undefined);
-      mockUseAuth.mockReturnValue({
-        userProfile: null,
-        authStatus: 'SIGNED_OUT',
-        isLoading: false,
-        login: mockLogin,
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      console.log('[TEST DEBUG] Rendering App with googleAuthToken');
-      renderApp(['/?googleAuthToken=test-google-token']);
-
-      await waitFor(() => {
-        console.log('[TEST DEBUG] Checking mockLogin calls:', mockLogin.mock.calls);
-        expect(mockLogin).toHaveBeenCalledWith('test-google-token');
-      });
-    });
-
-    it('should call login when a githubAuthToken is in the URL', async () => {
-      console.log(
-        '[TEST DEBUG] Test Start: should call login when a githubAuthToken is in the URL',
-      );
-      const mockLogin = vi.fn().mockResolvedValue(undefined);
-      mockUseAuth.mockReturnValue({
-        userProfile: null,
-        authStatus: 'SIGNED_OUT',
-        isLoading: false,
-        login: mockLogin,
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      console.log('[TEST DEBUG] Rendering App with githubAuthToken');
-      renderApp(['/?githubAuthToken=test-github-token']);
-
-      await waitFor(() => {
-        console.log('[TEST DEBUG] Checking mockLogin calls:', mockLogin.mock.calls);
-        expect(mockLogin).toHaveBeenCalledWith('test-github-token');
-      });
-    });
-
-    it('should log an error if login with a GitHub token fails', async () => {
-      console.log(
-        '[TEST DEBUG] Test Start: should log an error if login with a GitHub token fails',
-      );
-      const mockLogin = vi.fn().mockRejectedValue(new Error('GitHub login failed'));
-      mockUseAuth.mockReturnValue({
-        userProfile: null,
-        authStatus: 'SIGNED_OUT',
-        isLoading: false,
-        login: mockLogin,
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      console.log('[TEST DEBUG] Rendering App with githubAuthToken');
-      renderApp(['/?githubAuthToken=bad-token']);
-
-      await waitFor(() => {
-        console.log('[TEST DEBUG] Checking mockLogin calls:', mockLogin.mock.calls);
-        expect(mockLogin).toHaveBeenCalled();
-      });
-    });
-
-    it('should log an error if login with a token fails', async () => {
-      console.log('[TEST DEBUG] Test Start: should log an error if login with a token fails');
-      const mockLogin = vi.fn().mockRejectedValue(new Error('Token login failed'));
-      mockUseAuth.mockReturnValue({
-        userProfile: null,
-        authStatus: 'SIGNED_OUT',
-        isLoading: false,
-        login: mockLogin,
-        logout: vi.fn(),
-        updateProfile: vi.fn(),
-      });
-
-      console.log('[TEST DEBUG] Rendering App with googleAuthToken');
-      renderApp(['/?googleAuthToken=bad-token']);
-      await waitFor(() => {
-        console.log('[TEST DEBUG] Checking mockLogin calls:', mockLogin.mock.calls);
-        expect(mockLogin).toHaveBeenCalled();
-      });
-    });
-  });
-
  describe('Flyer Selection from URL', () => {
    it('should select a flyer when flyerId is present in the URL', async () => {
      renderApp(['/flyers/2']);
@@ -583,23 +389,9 @@ describe('App Component', () => {
    });
  });

-  describe('Version and "What\'s New" Modal', () => {
-    it('should show the "What\'s New" modal if the app version is new', async () => {
-      // Mock the config module for this specific test
-      vi.mock('./config', () => ({
-        default: {
-          app: { version: '20250101-1200:abc1234:1.0.1', commitMessage: 'New feature!', commitUrl: '#' },
-          google: { mapsEmbedApiKey: 'mock-key' },
-        },
-      }));
-      localStorageMock.setItem('lastSeenVersion', '20250101-1200:abc1234:1.0.0');
-      renderApp();
-      await expect(screen.findByTestId('whats-new-modal-mock')).resolves.toBeInTheDocument();
-    });
-  });
-
  describe('Modal Interactions', () => {
    it('should open and close the ProfileManager modal', async () => {
+      console.log('[TEST DEBUG] Test Start: should open and close the ProfileManager modal');
      renderApp();
      expect(screen.queryByTestId('profile-manager-mock')).not.toBeInTheDocument();

@@ -607,11 +399,13 @@ describe('App Component', () => {
      fireEvent.click(screen.getByText('Open Profile'));
      expect(await screen.findByTestId('profile-manager-mock')).toBeInTheDocument();

+      console.log('[TEST DEBUG] ProfileManager modal opened. Now closing...');
      // Close modal
      fireEvent.click(screen.getByText('Close Profile'));
      await waitFor(() => {
        expect(screen.queryByTestId('profile-manager-mock')).not.toBeInTheDocument();
      });
+      console.log('[TEST DEBUG] ProfileManager modal closed.');
    });

    it('should open and close the VoiceAssistant modal for authenticated users', async () => {
@@ -636,7 +430,7 @@ describe('App Component', () => {
      fireEvent.click(screen.getByText('Open Voice Assistant'));

      console.log('[TEST DEBUG] Waiting for voice-assistant-mock');
-      expect(await screen.findByTestId('voice-assistant-mock')).toBeInTheDocument();
+      expect(await screen.findByTestId('voice-assistant-mock', {}, { timeout: 3000 })).toBeInTheDocument();

      // Close modal
      fireEvent.click(screen.getByText('Close Voice Assistant'));
@@ -735,64 +529,6 @@ describe('App Component', () => {
    });
  });

-  describe("Version Display and What's New", () => {
-    beforeEach(() => {
-      // Also mock the config module to reflect this change
-      vi.mock('./config', () => ({
-        default: {
-          app: {
-            version: '20250101-1200:abc1234:2.0.0',
-            commitMessage: 'A new version!',
-            commitUrl: 'http://example.com/commit/2.0.0',
-          },
-          google: { mapsEmbedApiKey: 'mock-key' },
-        },
-      }));
-    });
-
-    it('should display the version number and commit link', () => {
-      renderApp();
-      const versionLink = screen.getByText(`Version: 20250101-1200:abc1234:2.0.0`);
-      expect(versionLink).toBeInTheDocument();
-      expect(versionLink).toHaveAttribute('href', 'http://example.com/commit/2.0.0');
-    });
-
-    it('should open the "What\'s New" modal when the question mark icon is clicked', async () => {
-      // Pre-set the localStorage to prevent the modal from opening automatically
-      localStorageMock.setItem('lastSeenVersion', '20250101-1200:abc1234:2.0.0');
-
-      renderApp();
-      expect(screen.queryByTestId('whats-new-modal-mock')).not.toBeInTheDocument();
-
-      const openButton = await screen.findByTitle("Show what's new in this version");
-      fireEvent.click(openButton);
-
-      expect(await screen.findByTestId('whats-new-modal-mock')).toBeInTheDocument();
-    });
-  });
-
-  describe('Dynamic Toaster Styles', () => {
-    it('should render the correct CSS variables for toast styling in light mode', async () => {
-      renderApp();
-      await waitFor(() => {
-        const styleTag = document.querySelector('style');
-        expect(styleTag).not.toBeNull();
-        expect(styleTag!.innerHTML).toContain('--toast-bg: #FFFFFF');
-        expect(styleTag!.innerHTML).toContain('--toast-color: #1F2937');
-      });
-    });
-
-    it('should render the correct CSS variables for toast styling in dark mode', async () => {
-      localStorageMock.setItem('darkMode', 'true');
-      renderApp();
-      await waitFor(() => {
-        const styleTag = document.querySelector('style');
-        expect(styleTag).not.toBeNull();
-        expect(styleTag!.innerHTML).toContain('--toast-bg: #4B5563');
-      });
-    });
-  });
-
  describe('Profile and Login Handlers', () => {
    it('should call updateProfile when handleProfileUpdate is triggered', async () => {
      console.log(
@@ -841,12 +577,19 @@ describe('App Component', () => {
        logout: vi.fn(),
        updateProfile: vi.fn(),
      });
+      // Mock the login function to simulate a successful login. Signature: (token, profile)
+      const mockLoginSuccess = vi.fn(async (_token: string, _profile?: UserProfile) => {
+        // Simulate fetching profile after login
+        const profileResponse = await mockedApiClient.getAuthenticatedUserProfile();
+        const userProfileData: UserProfile = await profileResponse.json();
+        mockUseAuth.mockReturnValue({ ...mockUseAuth(), userProfile: userProfileData, authStatus: 'AUTHENTICATED' });
+      });

      console.log('[TEST DEBUG] Rendering App');
      renderApp();
      console.log('[TEST DEBUG] Opening Profile');
      fireEvent.click(screen.getByText('Open Profile'));
-      const loginButton = await screen.findByText('Login');
+      const loginButton = await screen.findByRole('button', { name: 'Login' });
      console.log('[TEST DEBUG] Clicking Login');
      fireEvent.click(loginButton);

@@ -857,4 +600,33 @@ describe('App Component', () => {
      });
    });
  });
+
+  describe("Version Display and What's New", () => {
+    beforeEach(() => {
+      vi.mock('./config', () => ({
+        default: {
+          app: {
+            version: '2.0.0',
+            commitMessage: 'A new version!',
+            commitUrl: 'http://example.com/commit/2.0.0',
+          },
+        },
+      }));
+    });
+
+    it('should display the version number and commit link', () => {
+      renderApp();
+      const versionLink = screen.getByText(`Version: 2.0.0`);
+      expect(versionLink).toBeInTheDocument();
+      expect(versionLink).toHaveAttribute('href', 'http://example.com/commit/2.0.0');
+    });
+
+    it('should open the "What\'s New" modal when the question mark icon is clicked', async () => {
+      renderApp();
+      const openButton = await screen.findByTitle("Show what's new in this version");
+      fireEvent.click(openButton);
+      // The mock AppGuard now renders the modal when it's open
+      expect(await screen.findByTestId('whats-new-modal-mock')).toBeInTheDocument();
+    });
+  });
 });
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -1,9 +1,9 @@
 // src/App.tsx
 import React, { useState, useCallback, useEffect } from 'react';
-import { Routes, Route, useParams, useLocation, useNavigate } from 'react-router-dom';
-import { Toaster } from 'react-hot-toast';
+import { Routes, Route, useParams } from 'react-router-dom';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import * as pdfjsLib from 'pdfjs-dist';
-import { Footer } from './components/Footer'; // Assuming this is where your Footer component will live
+import { Footer } from './components/Footer';
 import { Header } from './components/Header';
 import { logger } from './services/logger.client';
 import type { Flyer, Profile, UserProfile } from './types';
@@ -13,18 +13,20 @@ import { AdminPage } from './pages/admin/AdminPage';
 import { AdminRoute } from './components/AdminRoute';
 import { CorrectionsPage } from './pages/admin/CorrectionsPage';
 import { AdminStatsPage } from './pages/admin/AdminStatsPage';
+import { FlyerReviewPage } from './pages/admin/FlyerReviewPage';
 import { ResetPasswordPage } from './pages/ResetPasswordPage';
 import { VoiceLabPage } from './pages/VoiceLabPage';
-import { WhatsNewModal } from './components/WhatsNewModal';
 import { FlyerCorrectionTool } from './components/FlyerCorrectionTool';
 import { QuestionMarkCircleIcon } from './components/icons/QuestionMarkCircleIcon';
 import { useAuth } from './hooks/useAuth';
-import { useFlyers } from './hooks/useFlyers'; // Assuming useFlyers fetches all flyers
-import { useFlyerItems } from './hooks/useFlyerItems'; // Import the new hook for flyer items
+import { useFlyers } from './hooks/useFlyers';
+import { useFlyerItems } from './hooks/useFlyerItems';
 import { useModal } from './hooks/useModal';
 import { MainLayout } from './layouts/MainLayout';
 import config from './config';
 import { HomePage } from './pages/HomePage';
+import { AppGuard } from './components/AppGuard';
+import { useAppInitialization } from './hooks/useAppInitialization';

 // pdf.js worker configuration
 // This is crucial for allowing pdf.js to process PDFs in a separate thread, preventing the UI from freezing.
@@ -35,15 +37,20 @@ pdfjsLib.GlobalWorkerOptions.workerSrc = new URL(
  import.meta.url,
 ).toString();

+// Create a client
+const queryClient = new QueryClient();
+
 function App() {
  const { userProfile, authStatus, login, logout, updateProfile } = useAuth();
  const { flyers } = useFlyers();
  const [selectedFlyer, setSelectedFlyer] = useState<Flyer | null>(null);
  const { openModal, closeModal, isModalOpen } = useModal();
-  const location = useLocation();
-  const navigate = useNavigate();
  const params = useParams<{ flyerId?: string }>();

+  // This hook now handles initialization effects (OAuth, version check, theme)
+  // and returns the theme/unit state needed by other components.
+  const { isDarkMode, unitSystem } = useAppInitialization();
+
  // Debugging: Log renders to identify infinite loops
  useEffect(() => {
    if (process.env.NODE_ENV === 'test') {
@@ -53,14 +60,11 @@ function App() {
        paramsFlyerId: params?.flyerId, // This was a duplicate, fixed.
        authStatus,
        profileId: userProfile?.user.user_id,
-        locationSearch: location.search,
      });
    }
  });

-  const [isDarkMode, setIsDarkMode] = useState(false);
  const { flyerItems } = useFlyerItems(selectedFlyer);
-  const [unitSystem, setUnitSystem] = useState<'metric' | 'imperial'>('imperial');

  // Define modal handlers with useCallback at the top level to avoid Rules of Hooks violations
  const handleOpenProfile = useCallback(() => openModal('profile'), [openModal]);
@@ -105,37 +109,6 @@ function App() {

  // --- State Synchronization and Error Handling ---

-  // Effect to set initial theme based on user profile, local storage, or system preference
-  useEffect(() => {
-    if (process.env.NODE_ENV === 'test')
-      console.log('[App] Effect: Theme Update', { profileId: userProfile?.user.user_id });
-    if (userProfile && userProfile.preferences?.darkMode !== undefined) {
-      // Preference from DB
-      const dbDarkMode = userProfile.preferences.darkMode;
-      setIsDarkMode(dbDarkMode);
-      document.documentElement.classList.toggle('dark', dbDarkMode);
-    } else {
-      // Fallback to local storage or system preference
-      const savedMode = localStorage.getItem('darkMode');
-      const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
-      const initialDarkMode = savedMode !== null ? savedMode === 'true' : prefersDark;
-      setIsDarkMode(initialDarkMode);
-      document.documentElement.classList.toggle('dark', initialDarkMode);
-    }
-  }, [userProfile?.preferences?.darkMode, userProfile?.user.user_id]);
-
-  // Effect to set initial unit system based on user profile or local storage
-  useEffect(() => {
-    if (userProfile && userProfile.preferences?.unitSystem) {
-      setUnitSystem(userProfile.preferences.unitSystem);
-    } else {
-      const savedSystem = localStorage.getItem('unitSystem') as 'metric' | 'imperial' | null;
-      if (savedSystem) {
-        setUnitSystem(savedSystem);
-      }
-    }
-  }, [userProfile?.preferences?.unitSystem, userProfile?.user.user_id]);
-
  // This is the login handler that will be passed to the ProfileManager component.
  const handleLoginSuccess = useCallback(
    async (userProfile: UserProfile, token: string, _rememberMe: boolean) => {
@@ -153,36 +126,6 @@ function App() {
    [login],
  );

-  // Effect to handle the token from Google OAuth redirect
-  useEffect(() => {
-    const urlParams = new URLSearchParams(location.search);
-    const googleToken = urlParams.get('googleAuthToken');
-
-    if (googleToken) {
-      logger.info('Received Google Auth token from URL. Authenticating...');
-      // The login flow is now handled by the useAuth hook. We just need to trigger it.
-      // We pass only the token; the AuthProvider will fetch the user profile.
-      login(googleToken).catch((err) =>
-        logger.error('Failed to log in with Google token', { error: err }),
-      );
-      // Clean the token from the URL
-      navigate(location.pathname, { replace: true });
-    }
-
-    const githubToken = urlParams.get('githubAuthToken');
-    if (githubToken) {
-      logger.info('Received GitHub Auth token from URL. Authenticating...');
-      login(githubToken).catch((err) => {
-        logger.error('Failed to log in with GitHub token', { error: err });
-        // Optionally, redirect to a page with an error message
-        // navigate('/login?error=github_auth_failed');
-      });
-
-      // Clean the token from the URL
-      navigate(location.pathname, { replace: true });
-    }
-  }, [login, location.search, navigate, location.pathname]);
-
  const handleFlyerSelect = useCallback(async (flyer: Flyer) => {
    setSelectedFlyer(flyer);
  }, []);
@@ -210,31 +153,10 @@ function App() {
  // Read the application version injected at build time.
  // This will only be available in the production build, not during local development.
  const appVersion = config.app.version;
-  const commitMessage = config.app.commitMessage;
-  useEffect(() => {
-    if (appVersion) {
-      logger.info(`Application version: ${appVersion}`);
-      const lastSeenVersion = localStorage.getItem('lastSeenVersion');
-      // If the current version is new, show the "What's New" modal.
-      if (appVersion !== lastSeenVersion) {
-        openModal('whatsNew');
-        localStorage.setItem('lastSeenVersion', appVersion);
-      }
-    }
-  }, [appVersion]);

  return (
-    <div className="bg-gray-100 dark:bg-gray-950 min-h-screen font-sans text-gray-800 dark:text-gray-200">
-      {/* Toaster component for displaying notifications. It's placed at the top level. */}
-      <Toaster position="top-center" reverseOrder={false} />
-      {/* Add CSS variables for toast theming based on dark mode */}
-      <style>{`
-        :root {
-          --toast-bg: ${isDarkMode ? '#4B5563' : '#FFFFFF'};
-          --toast-color: ${isDarkMode ? '#F9FAFB' : '#1F2937'};
-        }
-      `}</style>
-
+    // AppGuard now handles the main page wrapper, theme styles, and "What's New" modal
+    <AppGuard>
      <Header
        isDarkMode={isDarkMode}
        unitSystem={unitSystem}
@@ -261,15 +183,6 @@ function App() {
        />
      )}

-      {appVersion && commitMessage && (
-        <WhatsNewModal
-          isOpen={isModalOpen('whatsNew')}
-          onClose={handleCloseWhatsNew}
-          version={appVersion}
-          commitMessage={commitMessage}
-        />
-      )}
-
      {selectedFlyer && (
        <FlyerCorrectionTool
          isOpen={isModalOpen('correctionTool')}
@@ -316,6 +229,7 @@ function App() {
          <Route path="/admin" element={<AdminPage />} />
          <Route path="/admin/corrections" element={<CorrectionsPage />} />
          <Route path="/admin/stats" element={<AdminStatsPage />} />
+          <Route path="/admin/flyer-review" element={<FlyerReviewPage />} />
          <Route path="/admin/voice-lab" element={<VoiceLabPage />} />
        </Route>
        <Route path="/reset-password/:token" element={<ResetPasswordPage />} />
@@ -341,8 +255,14 @@ function App() {
      )}

      <Footer />
-    </div>
+    </AppGuard>
  );
 }

-export default App;
+const WrappedApp = () => (
+  <QueryClientProvider client={queryClient}>
+    <App />
+  </QueryClientProvider>
+);
+
+export default WrappedApp;
--- a/src/pages/admin/components/AnonymousUserBanner.test.tsx
+++ b/src/pages/admin/components/AnonymousUserBanner.test.tsx
@@ -5,7 +5,7 @@ import { describe, it, expect, vi } from 'vitest';
 import { AnonymousUserBanner } from './AnonymousUserBanner';

 // Mock the icon to ensure it is rendered correctly
-vi.mock('../../../components/icons/InformationCircleIcon', () => ({
+vi.mock('./icons/InformationCircleIcon', () => ({
  InformationCircleIcon: (props: React.SVGProps<SVGSVGElement>) => (
    <svg data-testid="info-icon" {...props} />
  ),
--- a/src/pages/admin/components/AnonymousUserBanner.tsx
+++ b/src/pages/admin/components/AnonymousUserBanner.tsx
@@ -1,6 +1,6 @@
-// src/pages/admin/components/AnonymousUserBanner.tsx
+// src/components/AnonymousUserBanner.tsx
 import React from 'react';
-import { InformationCircleIcon } from '../../../components/icons/InformationCircleIcon';
+import { InformationCircleIcon } from './icons/InformationCircleIcon';

 interface AnonymousUserBannerProps {
  /**
--- a/src/components/AppGuard.test.tsx
+++ b/src/components/AppGuard.test.tsx
@@ -0,0 +1,93 @@
+// src/components/AppGuard.test.tsx
+import React from 'react';
+import { render, screen, waitFor } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { AppGuard } from './AppGuard';
+import { useAppInitialization } from '../hooks/useAppInitialization';
+import { useModal } from '../hooks/useModal';
+
+// Mock dependencies
+vi.mock('../hooks/useAppInitialization');
+vi.mock('../hooks/useModal');
+vi.mock('./WhatsNewModal', () => ({
+  WhatsNewModal: ({ isOpen }: { isOpen: boolean }) =>
+    isOpen ? <div data-testid="whats-new-modal-mock" /> : null,
+}));
+vi.mock('../config', () => ({
+  default: {
+    app: { version: '1.0.0', commitMessage: 'Test commit' },
+  },
+}));
+
+const mockedUseAppInitialization = vi.mocked(useAppInitialization);
+const mockedUseModal = vi.mocked(useModal);
+
+describe('AppGuard', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Default mocks
+    mockedUseAppInitialization.mockReturnValue({
+      isDarkMode: false,
+      unitSystem: 'imperial',
+    });
+    mockedUseModal.mockReturnValue({
+      isModalOpen: vi.fn().mockReturnValue(false),
+      openModal: vi.fn(),
+      closeModal: vi.fn(),
+    });
+  });
+
+  it('should render children', () => {
+    render(
+      <AppGuard>
+        <div>Child Content</div>
+      </AppGuard>,
+    );
+    expect(screen.getByText('Child Content')).toBeInTheDocument();
+  });
+
+  it('should render WhatsNewModal when it is open', () => {
+    mockedUseModal.mockReturnValue({
+      ...mockedUseModal(),
+      isModalOpen: (modalId) => modalId === 'whatsNew',
+    });
+    render(
+      <AppGuard>
+        <div>Child</div>
+      </AppGuard>,
+    );
+    expect(screen.getByTestId('whats-new-modal-mock')).toBeInTheDocument();
+  });
+
+  it('should set dark mode styles for toaster', async () => {
+    mockedUseAppInitialization.mockReturnValue({
+      isDarkMode: true,
+      unitSystem: 'imperial',
+    });
+    render(
+      <AppGuard>
+        <div>Child</div>
+      </AppGuard>,
+    );
+    await waitFor(() => {
+      const styleTag = document.querySelector('style');
+      expect(styleTag).not.toBeNull();
+      expect(styleTag!.innerHTML).toContain('--toast-bg: #4B5563');
+      expect(styleTag!.innerHTML).toContain('--toast-color: #F9FAFB');
+    });
+  });
+
+  it('should set light mode styles for toaster', async () => {
+    render(
+      <AppGuard>
+        <div>Child</div>
+      </AppGuard>,
+    );
+    await waitFor(() => {
+      const styleTag = document.querySelector('style');
+      expect(styleTag).not.toBeNull();
+      expect(styleTag!.innerHTML).toContain('--toast-bg: #FFFFFF');
+      expect(styleTag!.innerHTML).toContain('--toast-color: #1F2937');
+    });
+  });
+});
--- a/src/components/AppGuard.tsx
+++ b/src/components/AppGuard.tsx
@@ -0,0 +1,47 @@
+// src/components/AppGuard.tsx
+import React, { useCallback } from 'react';
+import { Toaster } from 'react-hot-toast';
+import { useAppInitialization } from '../hooks/useAppInitialization';
+import { useModal } from '../hooks/useModal';
+import { WhatsNewModal } from './WhatsNewModal';
+import config from '../config';
+
+interface AppGuardProps {
+  children: React.ReactNode;
+}
+
+export const AppGuard: React.FC<AppGuardProps> = ({ children }) => {
+  // This hook handles OAuth tokens, version checks, and returns theme state.
+  const { isDarkMode } = useAppInitialization();
+  const { isModalOpen, closeModal } = useModal();
+
+  const handleCloseWhatsNew = useCallback(() => closeModal('whatsNew'), [closeModal]);
+
+  const appVersion = config.app.version;
+  const commitMessage = config.app.commitMessage;
+
+  return (
+    <div className="bg-gray-100 dark:bg-gray-950 min-h-screen font-sans text-gray-800 dark:text-gray-200">
+      {/* Toaster component for displaying notifications. It's placed at the top level. */}
+      <Toaster position="top-center" reverseOrder={false} />
+      {/* Add CSS variables for toast theming based on dark mode */}
+      <style>{`
+        :root {
+          --toast-bg: ${isDarkMode ? '#4B5563' : '#FFFFFF'};
+          --toast-color: ${isDarkMode ? '#F9FAFB' : '#1F2937'};
+        }
+      `}</style>
+
+      {appVersion && commitMessage && (
+        <WhatsNewModal
+          isOpen={isModalOpen('whatsNew')}
+          onClose={handleCloseWhatsNew}
+          version={appVersion}
+          commitMessage={commitMessage}
+        />
+      )}
+
+      {children}
+    </div>
+  );
+};
--- a/src/pages/admin/components/PasswordInput.test.tsx
+++ b/src/pages/admin/components/PasswordInput.test.tsx
--- a/src/pages/admin/components/PasswordInput.tsx
+++ b/src/pages/admin/components/PasswordInput.tsx
@@ -1,7 +1,7 @@
-// src/pages/admin/components/PasswordInput.tsx
+// src/components/PasswordInput.tsx
 import React, { useState } from 'react';
-import { EyeIcon } from '../../../components/icons/EyeIcon';
-import { EyeSlashIcon } from '../../../components/icons/EyeSlashIcon';
+import { EyeIcon } from './icons/EyeIcon';
+import { EyeSlashIcon } from './icons/EyeSlashIcon';
 import { PasswordStrengthIndicator } from './PasswordStrengthIndicator';

 /**
--- a/src/pages/admin/components/PasswordStrengthIndicator.test.tsx
+++ b/src/pages/admin/components/PasswordStrengthIndicator.test.tsx
--- a/src/pages/admin/components/PasswordStrengthIndicator.tsx
+++ b/src/pages/admin/components/PasswordStrengthIndicator.tsx
@@ -1,4 +1,5 @@
 // src/pages/admin/components/PasswordStrengthIndicator.tsx
+// src/components/PasswordStrengthIndicator.tsx
 import React from 'react';
 import zxcvbn from 'zxcvbn';

--- a/src/components/icons/DocumentMagnifyingGlassIcon.tsx
+++ b/src/components/icons/DocumentMagnifyingGlassIcon.tsx
@@ -0,0 +1,18 @@
+import React from 'react';
+
+export const DocumentMagnifyingGlassIcon: React.FC<React.SVGProps<SVGSVGElement>> = (props) => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    fill="none"
+    viewBox="0 0 24 24"
+    strokeWidth={1.5}
+    stroke="currentColor"
+    {...props}
+  >
+    <path
+      strokeLinecap="round"
+      strokeLinejoin="round"
+      d="M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m5.231 13.481L15 17.25m-4.5 4.5L6.75 21.75m0 0L2.25 17.25m4.5 4.5v-4.5m13.5-3V9A2.25 2.25 0 0 0 16.5 6.75h-9A2.25 2.25 0 0 0 5.25 9v9.75m14.25-10.5a2.25 2.25 0 0 0-2.25-2.25H5.25a2.25 2.25 0 0 0-2.25 2.25v10.5a2.25 2.25 0 0 0 2.25 225h5.25"
+    />
+  </svg>
+);
--- a/src/features/charts/PriceHistoryChart.test.tsx
+++ b/src/features/charts/PriceHistoryChart.test.tsx
@@ -38,8 +38,26 @@ vi.mock('recharts', () => ({
  ),
  CartesianGrid: () => <div data-testid="cartesian-grid" />,
  XAxis: () => <div data-testid="x-axis" />,
-  YAxis: () => <div data-testid="y-axis" />,
-  Tooltip: () => <div data-testid="tooltip" />,
+  YAxis: ({ tickFormatter, domain }: any) => {
+    // Execute functions for coverage
+    if (typeof tickFormatter === 'function') {
+      tickFormatter(1000);
+    }
+    if (Array.isArray(domain)) {
+      domain.forEach((d) => {
+        if (typeof d === 'function') d(100);
+      });
+    }
+    return <div data-testid="y-axis" />;
+  },
+  Tooltip: ({ formatter }: any) => {
+    // Execute formatter for coverage
+    if (typeof formatter === 'function') {
+      formatter(1000);
+      formatter(undefined);
+    }
+    return <div data-testid="tooltip" />;
+  },
  Legend: () => <div data-testid="legend" />,
  // Fix: Use dataKey if name is not explicitly provided, as the component relies on dataKey
  Line: ({ name, dataKey }: { name?: string; dataKey?: string }) => (
@@ -301,4 +319,66 @@ describe('PriceHistoryChart', () => {
      expect(chartData).toHaveLength(2);
    });
  });
+
+  it('should handle malformed data points and unmatched items gracefully', async () => {
+    const malformedData: any[] = [
+      { master_item_id: null, summary_date: '2024-10-01', avg_price_in_cents: 100 }, // Missing ID
+      { master_item_id: 1, summary_date: null, avg_price_in_cents: 100 }, // Missing date
+      { master_item_id: 1, summary_date: '2024-10-01', avg_price_in_cents: null }, // Missing price
+      { master_item_id: 999, summary_date: '2024-10-01', avg_price_in_cents: 100 }, // ID not in watchlist
+    ];
+    vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
+      new Response(JSON.stringify(malformedData)),
+    );
+    render(<PriceHistoryChart />);
+
+    await waitFor(() => {
+      // Should show "Not enough historical data" because all points are invalid or filtered
+      expect(
+        screen.getByText(
+          'Not enough historical data for your watched items. Process more flyers to build a trend.',
+        ),
+      ).toBeInTheDocument();
+    });
+  });
+
+  it('should ignore higher prices for the same day', async () => {
+    const dataWithHigherPrice: HistoricalPriceDataPoint[] = [
+      createMockHistoricalPriceDataPoint({
+        master_item_id: 1,
+        summary_date: '2024-10-01',
+        avg_price_in_cents: 100,
+      }),
+      createMockHistoricalPriceDataPoint({
+        master_item_id: 1,
+        summary_date: '2024-10-01',
+        avg_price_in_cents: 150, // Higher price should be ignored
+      }),
+      createMockHistoricalPriceDataPoint({
+        master_item_id: 1,
+        summary_date: '2024-10-08',
+        avg_price_in_cents: 100,
+      }),
+    ];
+    vi.mocked(apiClient.fetchHistoricalPriceData).mockResolvedValue(
+      new Response(JSON.stringify(dataWithHigherPrice)),
+    );
+    render(<PriceHistoryChart />);
+
+    await waitFor(() => {
+      const chart = screen.getByTestId('line-chart');
+      const chartData = JSON.parse(chart.getAttribute('data-chartdata')!);
+      const dataPoint = chartData.find((d: any) => d.date === 'Oct 1');
+      expect(dataPoint['Organic Bananas']).toBe(100);
+    });
+  });
+
+  it('should handle non-Error objects thrown during fetch', async () => {
+    vi.mocked(apiClient.fetchHistoricalPriceData).mockRejectedValue('String Error');
+    render(<PriceHistoryChart />);
+
+    await waitFor(() => {
+      expect(screen.getByText('Failed to load price history.')).toBeInTheDocument();
+    });
+  });
 });
--- a/src/features/flyer/ExtractedDataTable.test.tsx
+++ b/src/features/flyer/ExtractedDataTable.test.tsx
@@ -406,6 +406,74 @@ describe('ExtractedDataTable', () => {
      render(<ExtractedDataTable {...defaultProps} items={singleCategoryItems} />);
      expect(screen.queryByLabelText('Filter by category')).not.toBeInTheDocument();
    });
+
+    it('should allow switching filter back to All Categories', () => {
+      render(<ExtractedDataTable {...defaultProps} />);
+      const categoryFilter = screen.getByLabelText('Filter by category');
+
+      // Filter to Dairy
+      fireEvent.change(categoryFilter, { target: { value: 'Dairy' } });
+      expect(screen.queryByText('Gala Apples')).not.toBeInTheDocument();
+      expect(screen.getByText('2% Milk')).toBeInTheDocument();
+
+      // Filter back to All
+      fireEvent.change(categoryFilter, { target: { value: 'all' } });
+      expect(screen.getByText('Gala Apples')).toBeInTheDocument();
+      expect(screen.getByText('2% Milk')).toBeInTheDocument();
+    });
+
+    it('should sort items alphabetically within watched and unwatched groups', () => {
+      const items = [
+        createMockFlyerItem({
+          flyer_item_id: 1,
+          item: 'Yam',
+          master_item_id: 3,
+          category_name: 'Produce',
+        }), // Unwatched
+        createMockFlyerItem({
+          flyer_item_id: 2,
+          item: 'Zebra',
+          master_item_id: 1,
+          category_name: 'Produce',
+        }), // Watched
+        createMockFlyerItem({
+          flyer_item_id: 3,
+          item: 'Banana',
+          master_item_id: 4,
+          category_name: 'Produce',
+        }), // Unwatched
+        createMockFlyerItem({
+          flyer_item_id: 4,
+          item: 'Apple',
+          master_item_id: 2,
+          category_name: 'Produce',
+        }), // Watched
+      ];
+
+      vi.mocked(useUserData).mockReturnValue({
+        watchedItems: [
+          createMockMasterGroceryItem({ master_grocery_item_id: 1, name: 'Zebra' }),
+          createMockMasterGroceryItem({ master_grocery_item_id: 2, name: 'Apple' }),
+        ],
+        shoppingLists: [],
+        setWatchedItems: vi.fn(),
+        setShoppingLists: vi.fn(),
+        isLoading: false,
+        error: null,
+      });
+
+      render(<ExtractedDataTable {...defaultProps} items={items} />);
+
+      const rows = screen.getAllByRole('row');
+      // Extract item names based on the bold/semibold classes used for names
+      const itemNames = rows.map((row) => {
+        const nameEl = row.querySelector('.font-bold, .font-semibold');
+        return nameEl?.textContent;
+      });
+
+      // Expected: Watched items first (Apple, Zebra), then Unwatched (Banana, Yam)
+      expect(itemNames).toEqual(['Apple', 'Zebra', 'Banana', 'Yam']);
+    });
  });

  describe('Data Edge Cases', () => {
@@ -460,5 +528,46 @@ describe('ExtractedDataTable', () => {
      // Check for the unit suffix, which might be in a separate element or part of the string
      expect(within(chickenItemRow).getAllByText(/\/kg/i).length).toBeGreaterThan(0);
    });
+
+    it('should handle activeListId pointing to a non-existent list', () => {
+      vi.mocked(useShoppingLists).mockReturnValue({
+        activeListId: 999, // Non-existent
+        shoppingLists: mockShoppingLists,
+        addItemToList: mockAddItemToList,
+        setActiveListId: vi.fn(),
+        createList: vi.fn(),
+        deleteList: vi.fn(),
+        updateItemInList: vi.fn(),
+        removeItemFromList: vi.fn(),
+        isCreatingList: false,
+        isDeletingList: false,
+        isAddingItem: false,
+        isUpdatingItem: false,
+        isRemovingItem: false,
+        error: null,
+      });
+
+      render(<ExtractedDataTable {...defaultProps} />);
+
+      // Should behave as if item is not in list (Add button enabled)
+      const appleItemRow = screen.getByText('Gala Apples').closest('tr')!;
+      const addToListButton = within(appleItemRow).getByTitle('Add Apples to list');
+      expect(addToListButton).toBeInTheDocument();
+      expect(addToListButton).not.toBeDisabled();
+    });
+
+    it('should display numeric quantity in parentheses if available', () => {
+      const itemWithQtyNum = createMockFlyerItem({
+        flyer_item_id: 999,
+        item: 'Bulk Rice',
+        quantity: 'Bag',
+        quantity_num: 5,
+        unit_price: { value: 10, unit: 'kg' },
+        category_name: 'Pantry',
+        flyer_id: 1,
+      });
+      render(<ExtractedDataTable {...defaultProps} items={[itemWithQtyNum]} />);
+      expect(screen.getByText('(5)')).toBeInTheDocument();
+    });
  });
 });
--- a/src/features/flyer/FlyerList.test.tsx
+++ b/src/features/flyer/FlyerList.test.tsx
@@ -1,7 +1,7 @@
 // src/features/flyer/FlyerList.test.tsx
 import React from 'react';
 import { render, screen, fireEvent, waitFor } from '@testing-library/react';
-import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach, type Mocked } from 'vitest';
 import { FlyerList } from './FlyerList';
 import { formatShortDate } from './dateUtils';
 import type { Flyer, UserProfile } from '../../types';
@@ -257,6 +257,73 @@ describe('FlyerList', () => {
    });
  });

+  describe('Expiration Status Logic', () => {
+    beforeEach(() => {
+      vi.useFakeTimers();
+    });
+
+    afterEach(() => {
+      vi.useRealTimers();
+    });
+
+    it('should show "Expired" for past dates', () => {
+      // Flyer 1 valid_to is 2023-10-11
+      vi.setSystemTime(new Date('2023-10-12T12:00:00Z'));
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expired')).toBeInTheDocument();
+      expect(screen.getByText('• Expired')).toHaveClass('text-red-500');
+    });
+
+    it('should show "Expires today" when valid_to is today', () => {
+      vi.setSystemTime(new Date('2023-10-11T12:00:00Z'));
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires today')).toBeInTheDocument();
+      expect(screen.getByText('• Expires today')).toHaveClass('text-orange-500');
+    });
+
+    it('should show "Expires in X days" (orange) for <= 3 days', () => {
+      vi.setSystemTime(new Date('2023-10-09T12:00:00Z')); // 2 days left
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires in 2 days')).toBeInTheDocument();
+      expect(screen.getByText('• Expires in 2 days')).toHaveClass('text-orange-500');
+    });
+
+    it('should show "Expires in X days" (green) for > 3 days', () => {
+      vi.setSystemTime(new Date('2023-10-05T12:00:00Z')); // 6 days left
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires in 6 days')).toBeInTheDocument();
+      expect(screen.getByText('• Expires in 6 days')).toHaveClass('text-green-600');
+    });
+  });
+
  describe('Admin Functionality', () => {
    const adminProfile: UserProfile = createMockUserProfile({
      user: { user_id: 'admin-1', email: 'admin@example.com' },
--- a/src/features/flyer/FlyerUploader.test.tsx
+++ b/src/features/flyer/FlyerUploader.test.tsx
@@ -6,14 +6,24 @@ import { FlyerUploader } from './FlyerUploader';
 import * as aiApiClientModule from '../../services/aiApiClient';
 import * as checksumModule from '../../utils/checksum';
 import { useNavigate, MemoryRouter } from 'react-router-dom';
+import { QueryClient, QueryClientProvider, onlineManager } from '@tanstack/react-query';

 // Mock dependencies
-vi.mock('../../services/aiApiClient');
+vi.mock('../../services/aiApiClient', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('../../services/aiApiClient')>();
+  return {
+    ...actual,
+    uploadAndProcessFlyer: vi.fn(),
+    getJobStatus: vi.fn(),
+  };
+});
 vi.mock('../../services/logger.client', () => ({
  // Keep the original logger.info/error but also spy on it for test assertions if needed
  logger: {
    info: vi.fn((...args) => console.log('[LOGGER.INFO]', ...args)),
    error: vi.fn((...args) => console.error('[LOGGER.ERROR]', ...args)),
+    warn: vi.fn((...args) => console.warn('[LOGGER.WARN]', ...args)),
+    debug: vi.fn((...args) => console.debug('[LOGGER.DEBUG]', ...args)),
  },
 }));
 vi.mock('../../utils/checksum', () => ({
@@ -39,10 +49,19 @@ const mockedChecksumModule = checksumModule as unknown as {

 const renderComponent = (onProcessingComplete = vi.fn()) => {
  console.log('--- [TEST LOG] ---: Rendering component inside MemoryRouter.');
+  const queryClient = new QueryClient({
+    defaultOptions: {
+      queries: {
+        retry: false,
+      },
+    },
+  });
  return render(
-    <MemoryRouter>
-      <FlyerUploader onProcessingComplete={onProcessingComplete} />
-    </MemoryRouter>,
+    <QueryClientProvider client={queryClient}>
+      <MemoryRouter>
+        <FlyerUploader onProcessingComplete={onProcessingComplete} />
+      </MemoryRouter>
+    </QueryClientProvider>,
  );
 };

@@ -50,10 +69,11 @@ describe('FlyerUploader', () => {
  const navigateSpy = vi.fn();

  beforeEach(() => {
+    // Disable react-query's online manager to prevent it from interfering with fake timers
+    onlineManager.setEventListener((setOnline) => {
+      return () => {};
+    });
    console.log(`\n--- [TEST LOG] ---: Starting test: "${expect.getState().currentTestName}"`);
-    // Use the 'modern' implementation of fake timers to handle promise microtasks correctly.
-    vi.useFakeTimers({ toFake: ['setTimeout'], shouldAdvanceTime: true });
-    console.log('--- [TEST LOG] ---: MODERN fake timers enabled.');
    vi.resetAllMocks(); // Resets mock implementations AND call history.
    console.log('--- [TEST LOG] ---: Mocks reset.');
    mockedChecksumModule.generateFileChecksum.mockResolvedValue('mock-checksum');
@@ -61,7 +81,6 @@ describe('FlyerUploader', () => {
  });

  afterEach(() => {
-    vi.useRealTimers();
    console.log(`--- [TEST LOG] ---: Finished test: "${expect.getState().currentTestName}"\n`);
  });

@@ -104,21 +123,18 @@ describe('FlyerUploader', () => {
    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(1);
    console.log('--- [TEST LOG] ---: 7. Mocks verified. Advancing timers now...');

-    await act(async () => {
-      console.log('--- [TEST LOG] ---: 8a. vi.advanceTimersByTime(3000) starting...');
-      vi.advanceTimersByTime(3000);
-      console.log('--- [TEST LOG] ---: 8b. vi.advanceTimersByTime(3000) complete.');
-    });
+    // With real timers, we now wait for the polling interval to elapse.
    console.log(
      `--- [TEST LOG] ---: 9. Act block finished. Now checking if getJobStatus was called again.`,
    );

    try {
+      // The polling interval is 3s, so we wait for a bit longer.
      await waitFor(() => {
        const calls = mockedAiApiClient.getJobStatus.mock.calls.length;
        console.log(`--- [TEST LOG] ---: 10. waitFor check: getJobStatus calls = ${calls}`);
        expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(2);
-      });
+      }, { timeout: 4000 });
      console.log('--- [TEST LOG] ---: 11. SUCCESS: Second poll confirmed.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 11. ERROR: waitFor for second poll timed out.');
@@ -181,24 +197,21 @@ describe('FlyerUploader', () => {
    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(1);
    console.log('--- [TEST LOG] ---: 5. First poll confirmed. Now AWAITING timer advancement.');

-    await act(async () => {
-      console.log(`--- [TEST LOG] ---: 6. Advancing timers by 4000ms for the second poll...`);
-      vi.advanceTimersByTime(4000);
-    });
-    console.log(`--- [TEST LOG] ---: 7. Timers advanced. Now AWAITING completion message.`);
-
    try {
      console.log(
        '--- [TEST LOG] ---: 8a. waitFor check: Waiting for completion text and job status count.',
      );
+      // Wait for the second poll to occur and the UI to update.
      await waitFor(() => {
        console.log(
-          `--- [TEST LOG] ---: 8b. waitFor interval: calls=${mockedAiApiClient.getJobStatus.mock.calls.length}`,
+          `--- [TEST LOG] ---: 8b. waitFor interval: calls=${
+            mockedAiApiClient.getJobStatus.mock.calls.length
+          }`,
        );
        expect(
          screen.getByText('Processing complete! Redirecting to flyer 42...'),
        ).toBeInTheDocument();
-      });
+      }, { timeout: 4000 });
      console.log('--- [TEST LOG] ---: 9. SUCCESS: Completion message found.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 9. ERROR: waitFor for completion message timed out.');
@@ -208,12 +221,9 @@ describe('FlyerUploader', () => {
    }
    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(2);

-    await act(async () => {
-      console.log(`--- [TEST LOG] ---: 10. Advancing timers by 2000ms for redirect...`);
-      vi.advanceTimersByTime(2000);
-    });
+    // Wait for the redirect timer (1.5s in component) to fire.
+    await act(() => new Promise((r) => setTimeout(r, 2000)));
    console.log(`--- [TEST LOG] ---: 11. Timers advanced. Now asserting navigation.`);
-
    expect(onProcessingComplete).toHaveBeenCalled();
    expect(navigateSpy).toHaveBeenCalledWith('/flyers/42');
    console.log('--- [TEST LOG] ---: 12. Callback and navigation confirmed.');
@@ -222,10 +232,10 @@ describe('FlyerUploader', () => {
  it('should handle a failed job', async () => {
    console.log('--- [TEST LOG] ---: 1. Setting up mocks for a failed job.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-fail' });
-    mockedAiApiClient.getJobStatus.mockResolvedValue({
-      state: 'failed',
-      failedReason: 'AI model exploded',
-    });
+    // The getJobStatus function throws a specific error when the job fails,
+    // which is then caught by react-query and placed in the `error` state.
+    const jobFailedError = new aiApiClientModule.JobFailedError('AI model exploded', 'UNKNOWN_ERROR');
+    mockedAiApiClient.getJobStatus.mockRejectedValue(jobFailedError);

    console.log('--- [TEST LOG] ---: 2. Rendering and uploading.');
    renderComponent();
@@ -238,7 +248,8 @@ describe('FlyerUploader', () => {

    try {
      console.log('--- [TEST LOG] ---: 4. AWAITING failure message...');
-      expect(await screen.findByText(/Processing failed: AI model exploded/i)).toBeInTheDocument();
+      // The UI should now display the error from the `pollError` state, which includes the "Polling failed" prefix.
+      expect(await screen.findByText(/Polling failed: AI model exploded/i)).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 5. SUCCESS: Failure message found.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 5. ERROR: findByText for failure message timed out.');
@@ -252,14 +263,17 @@ describe('FlyerUploader', () => {
  });

  it('should clear the polling timeout when a job fails', async () => {
-    const clearTimeoutSpy = vi.spyOn(global, 'clearTimeout');
    console.log('--- [TEST LOG] ---: 1. Setting up mocks for failed job timeout clearance.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-fail-timeout' });

    // We need at least one 'active' response to establish a timeout loop so we have something to clear
+    // The second call should be a rejection, as this is how getJobStatus signals a failure.
    mockedAiApiClient.getJobStatus
-      .mockResolvedValueOnce({ state: 'active', progress: { message: 'Working...' } })
-      .mockResolvedValueOnce({ state: 'failed', failedReason: 'Fatal Error' });
+      .mockResolvedValueOnce({
+        state: 'active',
+        progress: { message: 'Working...' },
+      } as aiApiClientModule.JobStatus)
+      .mockRejectedValueOnce(new aiApiClientModule.JobFailedError('Fatal Error', 'UNKNOWN_ERROR'));

    renderComponent();
    const file = new File(['content'], 'flyer.pdf', { type: 'application/pdf' });
@@ -270,31 +284,14 @@ describe('FlyerUploader', () => {
    // Wait for the first poll to complete and UI to update to "Working..."
    await screen.findByText('Working...');

-    // Advance time to trigger the second poll
-    await act(async () => {
-      vi.advanceTimersByTime(3000);
-    });
-
    // Wait for the failure UI
-    await screen.findByText(/Processing failed: Fatal Error/i);
-
-    // Verify clearTimeout was called
-    expect(clearTimeoutSpy).toHaveBeenCalled();
-
-    // Verify no further polling occurs
-    const callsBefore = mockedAiApiClient.getJobStatus.mock.calls.length;
-    await act(async () => {
-      vi.advanceTimersByTime(10000);
-    });
-    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(callsBefore);
-
-    clearTimeoutSpy.mockRestore();
+    await waitFor(() => expect(screen.getByText(/Polling failed: Fatal Error/i)).toBeInTheDocument(), { timeout: 4000 });
  });

-  it('should clear the polling timeout when the component unmounts', async () => {
-    const clearTimeoutSpy = vi.spyOn(global, 'clearTimeout');
-    console.log('--- [TEST LOG] ---: 1. Setting up mocks for unmount timeout clearance.');
+  it('should stop polling for job status when the component unmounts', async () => {
+    console.log('--- [TEST LOG] ---: 1. Setting up mocks for unmount polling stop.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-unmount' });
+    // Mock getJobStatus to always return 'active' to keep polling
    mockedAiApiClient.getJobStatus.mockResolvedValue({
      state: 'active',
      progress: { message: 'Polling...' },
@@ -306,26 +303,38 @@ describe('FlyerUploader', () => {

    fireEvent.change(input, { target: { files: [file] } });

-    // Wait for the first poll to complete and the UI to show the polling state
+    // Wait for the first poll to complete and UI to update
    await screen.findByText('Polling...');

-    // Now that we are in a polling state (and a timeout is set), unmount the component
-    console.log('--- [TEST LOG] ---: 2. Unmounting component to trigger cleanup effect.');
+    // Wait for exactly one call to be sure polling has started.
+    await waitFor(() => {
+      expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(1);
+    });
+    console.log('--- [TEST LOG] ---: 2. First poll confirmed.');
+
+    // Record the number of calls before unmounting.
+    const callsBeforeUnmount = mockedAiApiClient.getJobStatus.mock.calls.length;
+
+    // Now unmount the component, which should stop the polling.
+    console.log('--- [TEST LOG] ---: 3. Unmounting component.');
    unmount();

-    // Verify that the cleanup function in the useEffect hook was called
-    expect(clearTimeoutSpy).toHaveBeenCalled();
-    console.log('--- [TEST LOG] ---: 3. clearTimeout confirmed.');
+    // Wait for a duration longer than the polling interval (3s) to see if more calls are made.
+    console.log('--- [TEST LOG] ---: 4. Waiting for 4 seconds to check for further polling.');
+    await act(() => new Promise((resolve) => setTimeout(resolve, 4000)));

-    clearTimeoutSpy.mockRestore();
+    // Verify that getJobStatus was not called again after unmounting.
+    console.log('--- [TEST LOG] ---: 5. Asserting no new polls occurred.');
+    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(callsBeforeUnmount);
  });

  it('should handle a duplicate flyer error (409)', async () => {
    console.log('--- [TEST LOG] ---: 1. Setting up mock for 409 duplicate error.');
-    // The API client now throws a structured error for non-2xx responses.
+    // The API client throws a structured error, which useFlyerUploader now parses
+    // to set both the errorMessage and the duplicateFlyerId.
    mockedAiApiClient.uploadAndProcessFlyer.mockRejectedValue({
      status: 409,
-      body: { flyerId: 99, message: 'Duplicate' },
+      body: { flyerId: 99, message: 'This flyer has already been processed.' },
  });

    console.log('--- [TEST LOG] ---: 2. Rendering and uploading.');
@@ -339,9 +348,10 @@ describe('FlyerUploader', () => {

    try {
      console.log('--- [TEST LOG] ---: 4. AWAITING duplicate flyer message...');
-      expect(
-        await screen.findByText('This flyer has already been processed. You can view it here:'),
-      ).toBeInTheDocument();
+      // With the fix, the duplicate error message and the link are combined into a single paragraph.
+      // We now look for this combined message.
+      const errorMessage = await screen.findByText(/This flyer has already been processed. You can view it here:/i);
+      expect(errorMessage).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 5. SUCCESS: Duplicate message found.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 5. ERROR: findByText for duplicate message timed out.');
@@ -453,7 +463,7 @@ describe('FlyerUploader', () => {
      fireEvent.change(input, { target: { files: [file] } });

      console.log('--- [TEST LOG] ---: 3. Awaiting error message.');
-      expect(await screen.findByText(/Polling Network Error/i)).toBeInTheDocument();
+      expect(await screen.findByText(/Polling failed: Polling Network Error/i)).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 4. Assertions passed.');
    });

@@ -495,7 +505,9 @@ describe('FlyerUploader', () => {
      fireEvent.change(input, { target: { files: [file] } });

      console.log('--- [TEST LOG] ---: 3. Awaiting error message.');
-      expect(await screen.findByText(/Failed to parse JSON response from server/i)).toBeInTheDocument();
+      expect(
+        await screen.findByText(/Polling failed: Failed to parse JSON response from server/i),
+      ).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 4. Assertions passed.');
    });

--- a/src/features/flyer/FlyerUploader.tsx
+++ b/src/features/flyer/FlyerUploader.tsx
@@ -1,208 +1,68 @@
 // src/features/flyer/FlyerUploader.tsx
-import React, { useState, useEffect, useRef, useCallback } from 'react';
+import React, { useEffect, useCallback } from 'react';
 import { useNavigate, Link } from 'react-router-dom';
-import { uploadAndProcessFlyer, getJobStatus } from '../../services/aiApiClient';
-import { generateFileChecksum } from '../../utils/checksum';
 import { logger } from '../../services/logger.client';
 import { ProcessingStatus } from './ProcessingStatus';
-import type { ProcessingStage } from '../../types';
 import { useDragAndDrop } from '../../hooks/useDragAndDrop';
-
-type ProcessingState = 'idle' | 'uploading' | 'polling' | 'completed' | 'error';
+import { useFlyerUploader } from '../../hooks/useFlyerUploader';

 interface FlyerUploaderProps {
  onProcessingComplete: () => void;
 }

 export const FlyerUploader: React.FC<FlyerUploaderProps> = ({ onProcessingComplete }) => {
-  const [processingState, setProcessingState] = useState<ProcessingState>('idle');
-  const [statusMessage, setStatusMessage] = useState<string | null>(null);
-  const [jobId, setJobId] = useState<string | null>(null);
-  const [errorMessage, setErrorMessage] = useState<string | null>(null);
-  const [duplicateFlyerId, setDuplicateFlyerId] = useState<number | null>(null);
  const navigate = useNavigate();

-  const pollingTimeoutRef = useRef<number | null>(null);
-
-  const [processingStages, setProcessingStages] = useState<ProcessingStage[]>([]);
-  const [estimatedTime, setEstimatedTime] = useState(0);
-  const [currentFile, setCurrentFile] = useState<string | null>(null);
-
-  // DEBUG: Log component mount and unmount
-  useEffect(() => {
-    console.debug('[DEBUG] FlyerUploader: Component did mount.');
-    return () => {
-      console.debug('[DEBUG] FlyerUploader: Component will unmount.');
-    };
-  }, []);
-
-  // DEBUG: Log state changes
-  useEffect(() => {
-    console.debug(`[DEBUG] FlyerUploader: processingState changed to -> ${processingState}`);
-  }, [processingState]);
+  const {
+    processingState,
+    statusMessage,
+    errorMessage,
+    duplicateFlyerId,
+    processingStages,
+    estimatedTime,
+    currentFile,
+    flyerId,
+    upload,
+    resetUploaderState,
+  } = useFlyerUploader();

  useEffect(() => {
    if (statusMessage) logger.info(`FlyerUploader Status: ${statusMessage}`);
  }, [statusMessage]);

  useEffect(() => {
-    console.debug(`[DEBUG] Polling Effect Triggered: state=${processingState}, jobId=${jobId}`);
-    if (processingState !== 'polling' || !jobId) {
-      if (pollingTimeoutRef.current) {
-        console.debug(
-          `[DEBUG] Polling Effect: Clearing timeout ID ${pollingTimeoutRef.current} because state is not 'polling' or no jobId exists.`,
-        );
-        clearTimeout(pollingTimeoutRef.current);
-      }
-      return;
+    if (errorMessage) {
+      logger.error(`[FlyerUploader] Error encountered: ${errorMessage}`, { duplicateFlyerId });
    }
+  }, [errorMessage, duplicateFlyerId]);

-    const pollStatus = async () => {
-      console.debug(`[DEBUG] pollStatus(): Polling for jobId: ${jobId}`);
-      try {
-        const job = await getJobStatus(jobId); // Now returns parsed JSON directly
-        console.debug('[DEBUG] pollStatus(): Job status received:', job); // The rest of the logic remains the same
-
-        if (job.progress) {
-          setProcessingStages(job.progress.stages || []);
-          setEstimatedTime(job.progress.estimatedTimeRemaining || 0);
-          setStatusMessage(job.progress.message || null);
-        }
-
-        switch (job.state) {
-          case 'completed':
-            console.debug('[DEBUG] pollStatus(): Job state is "completed".');
-            const flyerId = job.returnValue?.flyerId;
-            if (flyerId) {
-              setStatusMessage(`Processing complete! Redirecting to flyer ${flyerId}...`);
-              setProcessingState('completed');
-              onProcessingComplete();
-              console.debug('[DEBUG] pollStatus(): Setting 1500ms timeout for redirect.');
-              setTimeout(() => {
-                console.debug(`[DEBUG] pollStatus(): Redirecting to /flyers/${flyerId}`);
-                navigate(`/flyers/${flyerId}`);
-              }, 1500);
-            } else {
-              throw new Error('Job completed but did not return a flyer ID.');
-            }
-            break;
-
-          case 'failed':
-            console.debug(
-              `[DEBUG] pollStatus(): Job state is "failed". Reason: ${job.failedReason}`,
-            );
-            // Explicitly clear any pending timeout to stop the polling loop immediately.
-            if (pollingTimeoutRef.current) {
-              clearTimeout(pollingTimeoutRef.current);
-            }
-            setErrorMessage(`Processing failed: ${job.failedReason || 'Unknown error'}`);
-            // Clear any stale "in-progress" messages to avoid user confusion.
-            setStatusMessage(null);
-            setProcessingState('error');
-            break;
-
-          case 'active':
-          case 'waiting':
-          default:
-            console.debug(
-              `[DEBUG] pollStatus(): Job state is "${job.state}". Setting timeout for next poll (3000ms).`,
-            );
-            pollingTimeoutRef.current = window.setTimeout(pollStatus, 3000);
-            console.debug(`[DEBUG] pollStatus(): Timeout ID ${pollingTimeoutRef.current} set.`);
-            break;
-        }
-      } catch (error) {
-        logger.error({ error }, 'Error during polling:');
-        setErrorMessage(
-          error instanceof Error ? error.message : 'An unexpected error occurred during polling.',
-        );
-        setProcessingState('error');
-      }
-    };
-
-    pollStatus();
-
-    return () => {
-      if (pollingTimeoutRef.current) {
-        console.debug(
-          `[DEBUG] Polling Effect Cleanup: Clearing timeout ID ${pollingTimeoutRef.current}`,
-        );
-        clearTimeout(pollingTimeoutRef.current);
-        pollingTimeoutRef.current = null;
-      } else {
-        console.debug('[DEBUG] Polling Effect Cleanup: No active timeout to clear.');
-      }
-    };
-  }, [processingState, jobId, onProcessingComplete, navigate]);
-
-  const processFile = useCallback(async (file: File) => {
-    console.debug('[DEBUG] processFile(): Starting file processing for', file.name);
-    setProcessingState('uploading');
-    setErrorMessage(null);
-    setDuplicateFlyerId(null);
-    setCurrentFile(file.name);
-
-    try {
-      console.debug('[DEBUG] processFile(): Generating file checksum.');
-      const checksum = await generateFileChecksum(file);
-      setStatusMessage('Uploading file...');
-      console.debug(
-        `[DEBUG] processFile(): Checksum generated: ${checksum}. Calling uploadAndProcessFlyer.`,
-      );
-
-      // The API client now returns parsed JSON on success or throws a structured error on failure.
-      const { jobId: newJobId } = await uploadAndProcessFlyer(file, checksum);
-      console.debug(`[DEBUG] processFile(): Upload successful. Received jobId: ${newJobId}`);
-      setJobId(newJobId);
-      setProcessingState('polling');
-    } catch (error: any) {
-      // Handle the structured error thrown by the API client.
-      logger.error({ error }, 'An error occurred during file upload:');
-      // Handle 409 Conflict for duplicate flyers
-      if (error?.status === 409 && error.body?.flyerId) {
-        setErrorMessage(`This flyer has already been processed. You can view it here:`);
-        setDuplicateFlyerId(error.body.flyerId);
-      } else {
-        // Handle other errors (e.g., validation, server errors)
-        const message =
-          error?.body?.message || error?.message || 'An unexpected error occurred during upload.';
-        setErrorMessage(message);
-      }
-      setProcessingState('error');
+  // Handle completion and navigation
+  useEffect(() => {
+    if (processingState === 'completed' && flyerId) {
+      onProcessingComplete();
+      // Small delay to show the "Complete" state before redirecting
+      const timer = setTimeout(() => {
+        navigate(`/flyers/${flyerId}`);
+      }, 1500);
+      return () => clearTimeout(timer);
    }
-  }, []);
+  }, [processingState, flyerId, onProcessingComplete, navigate]);

  const handleFileChange = (event: React.ChangeEvent<HTMLInputElement>) => {
-    console.debug('[DEBUG] handleFileChange(): File input changed.');
    const file = event.target.files?.[0];
    if (file) {
-      processFile(file);
+      upload(file);
    }
    event.target.value = '';
  };

-  const resetUploaderState = useCallback(() => {
-    console.debug(
-      `[DEBUG] resetUploaderState(): User triggered reset. Previous jobId was: ${jobId}`,
-    );
-    setProcessingState('idle');
-    setJobId(null);
-    setErrorMessage(null);
-    setDuplicateFlyerId(null);
-    setCurrentFile(null);
-    setProcessingStages([]);
-    setEstimatedTime(0);
-    logger.info('Uploader state has been reset. Previous job ID was:', jobId);
-  }, [jobId]);
-
  const onFilesDropped = useCallback(
    (files: FileList) => {
-      console.debug('[DEBUG] onFilesDropped(): Files were dropped.');
      if (files && files.length > 0) {
-        processFile(files[0]);
+        upload(files[0]);
      }
    },
-    [processFile],
+    [upload],
  );

  const isProcessing = processingState === 'uploading' || processingState === 'polling';
@@ -216,11 +76,6 @@ export const FlyerUploader: React.FC<FlyerUploaderProps> = ({ onProcessingComple
    ? 'bg-brand-light/50 dark:bg-brand-dark/20'
    : 'bg-gray-50/50 dark:bg-gray-800/20';

-  // If processing, show the detailed status component. Otherwise, show the uploader.
-  console.debug(
-    `[DEBUG] FlyerUploader: Rendering. State=${processingState}, Msg=${statusMessage}, Err=${!!errorMessage}`,
-  );
-
  if (isProcessing || processingState === 'completed' || processingState === 'error') {
    return (
      <div className="max-w-4xl mx-auto">
@@ -230,22 +85,30 @@ export const FlyerUploader: React.FC<FlyerUploaderProps> = ({ onProcessingComple
          currentFile={currentFile}
        />
        <div className="mt-4 text-center">
-          {/* Display the current status message to the user and the test runner */}
-          {statusMessage && (
+          {/* Display status message if not completed (completed has its own redirect logic) */}
+          {statusMessage && processingState !== 'completed' && (
            <p className="text-gray-600 dark:text-gray-400 mt-2 italic animate-pulse">
              {statusMessage}
            </p>
          )}

+          {processingState === 'completed' && (
+            <p className="text-green-600 dark:text-green-400 mt-2 font-bold">
+              Processing complete! Redirecting to flyer {flyerId}...
+            </p>
+          )}
+
          {errorMessage && (
            <div className="text-red-600 dark:text-red-400 font-semibold p-4 bg-red-100 dark:bg-red-900/30 rounded-md">
-              <p>{errorMessage}</p>
-              {duplicateFlyerId && (
+              {duplicateFlyerId ? (
                <p>
-                  <Link to={`/flyers/${duplicateFlyerId}`} className="text-blue-500 underline">
+                  {errorMessage} You can view it here:{' '}
+                  <Link to={`/flyers/${duplicateFlyerId}`} className="text-blue-500 underline" data-discover="true">
                    Flyer #{duplicateFlyerId}
                  </Link>
                </p>
+              ) : (
+                <p>{errorMessage}</p>
              )}
            </div>
          )}
--- a/src/features/shopping/ShoppingList.test.tsx
+++ b/src/features/shopping/ShoppingList.test.tsx
@@ -236,6 +236,24 @@ describe('ShoppingListComponent (in shopping feature)', () => {
    alertSpy.mockRestore();
  });

+  it('should show a generic alert if reading aloud fails with a non-Error object', async () => {
+    const alertSpy = vi.spyOn(window, 'alert').mockImplementation(() => {});
+    vi.spyOn(aiApiClient, 'generateSpeechFromText').mockRejectedValue('A string error');
+
+    render(<ShoppingListComponent {...defaultProps} />);
+    const readAloudButton = screen.getByTitle(/read list aloud/i);
+
+    fireEvent.click(readAloudButton);
+
+    await waitFor(() => {
+      expect(alertSpy).toHaveBeenCalledWith(
+        'Could not read list aloud: An unknown error occurred while generating audio.',
+      );
+    });
+
+    alertSpy.mockRestore();
+  });
+
  it('should handle interactions with purchased items', () => {
    render(<ShoppingListComponent {...defaultProps} />);

--- a/src/features/shopping/ShoppingList.tsx
+++ b/src/features/shopping/ShoppingList.tsx
@@ -1,5 +1,5 @@
 // src/features/shopping/ShoppingList.tsx
-import React, { useState, useMemo, useCallback, useEffect } from 'react';
+import React, { useState, useMemo, useCallback } from 'react';
 import type { ShoppingList, ShoppingListItem, User } from '../../types';
 import { UserIcon } from '../../components/icons/UserIcon';
 import { ListBulletIcon } from '../../components/icons/ListBulletIcon';
@@ -56,28 +56,6 @@ export const ShoppingListComponent: React.FC<ShoppingListComponentProps> = ({
    return { neededItems, purchasedItems };
  }, [activeList]);

-  useEffect(() => {
-    if (activeList) {
-      console.log('ShoppingList Debug: Active List:', activeList.name);
-      console.log(
-        'ShoppingList Debug: Needed Items:',
-        neededItems.map((i) => ({
-          id: i.shopping_list_item_id,
-          name: i.custom_item_name || i.master_item?.name,
-          raw: i,
-        })),
-      );
-      console.log(
-        'ShoppingList Debug: Purchased Items:',
-        purchasedItems.map((i) => ({
-          id: i.shopping_list_item_id,
-          name: i.custom_item_name || i.master_item?.name,
-          raw: i,
-        })),
-      );
-    }
-  }, [activeList, neededItems, purchasedItems]);
-
  const handleCreateList = async () => {
    const name = prompt('Enter a name for your new shopping list:');
    if (name && name.trim()) {
--- a/src/features/shopping/WatchedItemsList.test.tsx
+++ b/src/features/shopping/WatchedItemsList.test.tsx
@@ -164,6 +164,15 @@ describe('WatchedItemsList (in shopping feature)', () => {
    expect(itemsDesc[1]).toHaveTextContent('Eggs');
    expect(itemsDesc[2]).toHaveTextContent('Bread');
    expect(itemsDesc[3]).toHaveTextContent('Apples');
+
+    // Click again to sort ascending
+    fireEvent.click(sortButton);
+
+    const itemsAscAgain = screen.getAllByRole('listitem');
+    expect(itemsAscAgain[0]).toHaveTextContent('Apples');
+    expect(itemsAscAgain[1]).toHaveTextContent('Bread');
+    expect(itemsAscAgain[2]).toHaveTextContent('Eggs');
+    expect(itemsAscAgain[3]).toHaveTextContent('Milk');
  });

  it('should call onAddItemToList when plus icon is clicked', () => {
@@ -222,6 +231,18 @@ describe('WatchedItemsList (in shopping feature)', () => {
      fireEvent.change(nameInput, { target: { value: 'Grapes' } });
      expect(addButton).toBeDisabled();
    });
+
+    it('should not submit if form is submitted with invalid data', () => {
+      render(<WatchedItemsList {...defaultProps} />);
+      const nameInput = screen.getByPlaceholderText(/add item/i);
+      const form = nameInput.closest('form')!;
+      const categorySelect = screen.getByDisplayValue('Select a category');
+      fireEvent.change(categorySelect, { target: { value: 'Dairy & Eggs' } });
+
+      fireEvent.change(nameInput, { target: { value: '   ' } });
+      fireEvent.submit(form);
+      expect(mockOnAddItem).not.toHaveBeenCalled();
+    });
  });

  describe('Error Handling', () => {
--- a/src/hooks/useApi.ts
+++ b/src/hooks/useApi.ts
@@ -3,6 +3,7 @@ import { useState, useCallback, useRef, useEffect } from 'react';
 import { logger } from '../services/logger.client';
 import { notifyError } from '../services/notificationService';

+
 /**
 * A custom React hook to simplify API calls, including loading and error states.
 * It is designed to work with apiClient functions that return a `Promise<Response>`.
@@ -26,8 +27,17 @@ export function useApi<T, TArgs extends unknown[]>(
  const [isRefetching, setIsRefetching] = useState<boolean>(false);
  const [error, setError] = useState<Error | null>(null);
  const hasBeenExecuted = useRef(false);
+  const lastErrorMessageRef = useRef<string | null>(null);
  const abortControllerRef = useRef<AbortController>(new AbortController());

+  // Use a ref to track the latest apiFunction. This allows us to keep `execute` stable
+  // even if `apiFunction` is recreated on every render (common with inline arrow functions).
+  const apiFunctionRef = useRef(apiFunction);
+
+  useEffect(() => {
+    apiFunctionRef.current = apiFunction;
+  }, [apiFunction]);
+
  // This effect ensures that when the component using the hook unmounts,
  // any in-flight request is cancelled.
  useEffect(() => {
@@ -52,12 +62,13 @@ export function useApi<T, TArgs extends unknown[]>(
    async (...args: TArgs): Promise<T | null> => {
      setLoading(true);
      setError(null);
+      lastErrorMessageRef.current = null;
      if (hasBeenExecuted.current) {
        setIsRefetching(true);
      }

      try {
-        const response = await apiFunction(...args, abortControllerRef.current.signal);
+        const response = await apiFunctionRef.current(...args, abortControllerRef.current.signal);

        if (!response.ok) {
          // Attempt to parse a JSON error response. This is aligned with ADR-003,
@@ -96,7 +107,17 @@ export function useApi<T, TArgs extends unknown[]>(
        }
        return result;
      } catch (e) {
-        const err = e instanceof Error ? e : new Error('An unknown error occurred.');
+        let err: Error;
+        if (e instanceof Error) {
+          err = e;
+        } else if (typeof e === 'object' && e !== null && 'status' in e) {
+          // Handle structured errors (e.g. { status: 409, body: { ... } })
+          const structuredError = e as { status: number; body?: { message?: string } };
+          const message = structuredError.body?.message || `Request failed with status ${structuredError.status}`;
+          err = new Error(message);
+        } else {
+          err = new Error('An unknown error occurred.');
+        }
        // If the error is an AbortError, it's an intentional cancellation, so we don't set an error state.
        if (err.name === 'AbortError') {
          logger.info('API request was cancelled.', { functionName: apiFunction.name });
@@ -106,7 +127,13 @@ export function useApi<T, TArgs extends unknown[]>(
          error: err.message,
          functionName: apiFunction.name,
        });
-        setError(err);
+        // Only set a new error object if the message is different from the last one.
+        // This prevents creating new object references for the same error (e.g. repeated timeouts)
+        // and helps break infinite loops in components that depend on the `error` object.
+        if (err.message !== lastErrorMessageRef.current) {
+          setError(err);
+          lastErrorMessageRef.current = err.message;
+        }
        notifyError(err.message); // Optionally notify the user automatically.
        return null; // Return null on failure.
      } finally {
@@ -114,7 +141,7 @@ export function useApi<T, TArgs extends unknown[]>(
        setIsRefetching(false);
      }
    },
-    [apiFunction],
+    [], // execute is now stable because it uses apiFunctionRef
  ); // abortControllerRef is stable

  return { execute, loading, isRefetching, error, data, reset };
--- a/src/hooks/useAppInitialization.test.tsx
+++ b/src/hooks/useAppInitialization.test.tsx
@@ -0,0 +1,174 @@
+// src/hooks/useAppInitialization.test.tsx
+import { renderHook, waitFor } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { MemoryRouter, useNavigate } from 'react-router-dom';
+import { useAppInitialization } from './useAppInitialization';
+import { useAuth } from './useAuth';
+import { useModal } from './useModal';
+import { createMockUserProfile } from '../tests/utils/mockFactories';
+
+// Mock dependencies
+vi.mock('./useAuth');
+vi.mock('./useModal');
+vi.mock('react-router-dom', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('react-router-dom')>();
+  return {
+    ...actual,
+    useNavigate: vi.fn(),
+  };
+});
+vi.mock('../services/logger.client');
+vi.mock('../config', () => ({
+  default: {
+    app: { version: '1.0.1' },
+  },
+}));
+
+const mockedUseAuth = vi.mocked(useAuth);
+const mockedUseModal = vi.mocked(useModal);
+const mockedUseNavigate = vi.mocked(useNavigate);
+
+const mockLogin = vi.fn().mockResolvedValue(undefined);
+const mockNavigate = vi.fn();
+const mockOpenModal = vi.fn();
+
+// Wrapper with MemoryRouter is needed because the hook uses useLocation and useNavigate
+const wrapper = ({
+  children,
+  initialEntries = ['/'],
+}: {
+  children: React.ReactNode;
+  initialEntries?: string[];
+}) => <MemoryRouter initialEntries={initialEntries}>{children}</MemoryRouter>;
+
+describe('useAppInitialization Hook', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockedUseNavigate.mockReturnValue(mockNavigate);
+    mockedUseAuth.mockReturnValue({
+      userProfile: null,
+      login: mockLogin,
+      authStatus: 'SIGNED_OUT',
+      isLoading: false,
+      logout: vi.fn(),
+      updateProfile: vi.fn(),
+    });
+    mockedUseModal.mockReturnValue({
+      openModal: mockOpenModal,
+      closeModal: vi.fn(),
+      isModalOpen: vi.fn(),
+    });
+    // Mock localStorage
+    Object.defineProperty(window, 'localStorage', {
+      value: {
+        getItem: vi.fn().mockReturnValue(null),
+        setItem: vi.fn(),
+        removeItem: vi.fn(),
+        clear: vi.fn(),
+      },
+      writable: true,
+    });
+    // Mock matchMedia
+    Object.defineProperty(window, 'matchMedia', {
+      value: vi.fn().mockImplementation((query) => ({
+        matches: false, // default to light mode
+      })),
+      writable: true,
+      configurable: true,
+    });
+  });
+
+  it('should call login when googleAuthToken is in URL', async () => {
+    renderHook(() => useAppInitialization(), {
+      wrapper: (props) => wrapper({ ...props, initialEntries: ['/?googleAuthToken=test-token'] }),
+    });
+    await waitFor(() => {
+      expect(mockLogin).toHaveBeenCalledWith('test-token');
+    });
+  });
+
+  it('should call login when githubAuthToken is in URL', async () => {
+    renderHook(() => useAppInitialization(), {
+      wrapper: (props) => wrapper({ ...props, initialEntries: ['/?githubAuthToken=test-token'] }),
+    });
+    await waitFor(() => {
+      expect(mockLogin).toHaveBeenCalledWith('test-token');
+    });
+  });
+
+  it('should call navigate to clean the URL after processing a token', async () => {
+    renderHook(() => useAppInitialization(), {
+      wrapper: (props) => wrapper({ ...props, initialEntries: ['/some/path?googleAuthToken=test-token'] }),
+    });
+    await waitFor(() => {
+      expect(mockLogin).toHaveBeenCalledWith('test-token');
+    });
+    expect(mockNavigate).toHaveBeenCalledWith('/some/path', { replace: true });
+  });
+
+  it("should open \"What's New\" modal if version is new", () => {
+    vi.spyOn(window.localStorage, 'getItem').mockReturnValue('1.0.0');
+    renderHook(() => useAppInitialization(), { wrapper });
+    expect(mockOpenModal).toHaveBeenCalledWith('whatsNew');
+    expect(window.localStorage.setItem).toHaveBeenCalledWith('lastSeenVersion', '1.0.1');
+  });
+
+  it("should not open \"What's New\" modal if version is the same", () => {
+    vi.spyOn(window.localStorage, 'getItem').mockReturnValue('1.0.1');
+    renderHook(() => useAppInitialization(), { wrapper });
+    expect(mockOpenModal).not.toHaveBeenCalled();
+  });
+
+  it('should set dark mode from user profile', async () => {
+    mockedUseAuth.mockReturnValue({
+      ...mockedUseAuth(),
+      userProfile: createMockUserProfile({ preferences: { darkMode: true } }),
+    });
+    const { result } = renderHook(() => useAppInitialization(), { wrapper });
+    await waitFor(() => {
+      expect(result.current.isDarkMode).toBe(true);
+      expect(document.documentElement.classList.contains('dark')).toBe(true);
+    });
+  });
+
+  it('should set dark mode from localStorage', async () => {
+    vi.spyOn(window.localStorage, 'getItem').mockImplementation((key) =>
+      key === 'darkMode' ? 'true' : null,
+    );
+    const { result } = renderHook(() => useAppInitialization(), { wrapper });
+    await waitFor(() => {
+      expect(result.current.isDarkMode).toBe(true);
+      expect(document.documentElement.classList.contains('dark')).toBe(true);
+    });
+  });
+
+  it('should set dark mode from system preference', async () => {
+    vi.spyOn(window, 'matchMedia').mockReturnValue({ matches: true } as any);
+    const { result } = renderHook(() => useAppInitialization(), { wrapper });
+    await waitFor(() => {
+      expect(result.current.isDarkMode).toBe(true);
+      expect(document.documentElement.classList.contains('dark')).toBe(true);
+    });
+  });
+
+  it('should set unit system from user profile', async () => {
+    mockedUseAuth.mockReturnValue({
+      ...mockedUseAuth(),
+      userProfile: createMockUserProfile({ preferences: { unitSystem: 'metric' } }),
+    });
+    const { result } = renderHook(() => useAppInitialization(), { wrapper });
+    await waitFor(() => {
+      expect(result.current.unitSystem).toBe('metric');
+    });
+  });
+
+  it('should set unit system from localStorage', async () => {
+    vi.spyOn(window.localStorage, 'getItem').mockImplementation((key) =>
+      key === 'unitSystem' ? 'metric' : null,
+    );
+    const { result } = renderHook(() => useAppInitialization(), { wrapper });
+    await waitFor(() => {
+      expect(result.current.unitSystem).toBe('metric');
+    });
+  });
+});
--- a/src/hooks/useAppInitialization.ts
+++ b/src/hooks/useAppInitialization.ts
@@ -0,0 +1,88 @@
+// src/hooks/useAppInitialization.ts
+import { useState, useEffect } from 'react';
+import { useLocation, useNavigate } from 'react-router-dom';
+import { useAuth } from './useAuth';
+import { useModal } from './useModal';
+import { logger } from '../services/logger.client';
+import config from '../config';
+
+export const useAppInitialization = () => {
+  const { userProfile, login } = useAuth();
+  const { openModal } = useModal();
+  const location = useLocation();
+  const navigate = useNavigate();
+
+  const [isDarkMode, setIsDarkMode] = useState(false);
+  const [unitSystem, setUnitSystem] = useState<'metric' | 'imperial'>('imperial');
+
+  // Effect to handle the token from Google/GitHub OAuth redirect
+  useEffect(() => {
+    const urlParams = new URLSearchParams(location.search);
+    const googleToken = urlParams.get('googleAuthToken');
+
+    if (googleToken) {
+      logger.info('Received Google Auth token from URL. Authenticating...');
+      login(googleToken).catch((err) =>
+        logger.error('Failed to log in with Google token', { error: err }),
+      );
+      navigate(location.pathname, { replace: true });
+    }
+
+    const githubToken = urlParams.get('githubAuthToken');
+    if (githubToken) {
+      logger.info('Received GitHub Auth token from URL. Authenticating...');
+      login(githubToken).catch((err) => {
+        logger.error('Failed to log in with GitHub token', { error: err });
+      });
+      navigate(location.pathname, { replace: true });
+    }
+  }, [login, location.search, navigate, location.pathname]);
+
+  // Effect to handle "What's New" modal
+  useEffect(() => {
+    const appVersion = config.app.version;
+    if (appVersion) {
+      logger.info(`Application version: ${appVersion}`);
+      const lastSeenVersion = localStorage.getItem('lastSeenVersion');
+      if (appVersion !== lastSeenVersion) {
+        openModal('whatsNew');
+        localStorage.setItem('lastSeenVersion', appVersion);
+      }
+    }
+  }, [openModal]);
+
+  // Effect to set initial theme based on user profile, local storage, or system preference
+  useEffect(() => {
+    let darkModeValue: boolean;
+    if (userProfile && userProfile.preferences?.darkMode !== undefined) {
+      // Preference from DB
+      darkModeValue = userProfile.preferences.darkMode;
+    } else {
+      // Fallback to local storage or system preference
+      const savedMode = localStorage.getItem('darkMode');
+      const prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
+      darkModeValue = savedMode !== null ? savedMode === 'true' : prefersDark;
+    }
+    setIsDarkMode(darkModeValue);
+    document.documentElement.classList.toggle('dark', darkModeValue);
+    // Also save to local storage if coming from profile, to persist on logout
+    if (userProfile && userProfile.preferences?.darkMode !== undefined) {
+      localStorage.setItem('darkMode', String(userProfile.preferences.darkMode));
+    }
+  }, [userProfile]);
+
+  // Effect to set initial unit system based on user profile or local storage
+  useEffect(() => {
+    if (userProfile && userProfile.preferences?.unitSystem) {
+      setUnitSystem(userProfile.preferences.unitSystem);
+      localStorage.setItem('unitSystem', userProfile.preferences.unitSystem);
+    } else {
+      const savedSystem = localStorage.getItem('unitSystem') as 'metric' | 'imperial' | null;
+      if (savedSystem) {
+        setUnitSystem(savedSystem);
+      }
+    }
+  }, [userProfile?.preferences?.unitSystem, userProfile?.user.user_id]);
+
+  return { isDarkMode, unitSystem };
+};
--- a/src/hooks/useAuth.test.tsx
+++ b/src/hooks/useAuth.test.tsx
@@ -6,24 +6,28 @@ import { useAuth } from './useAuth';
 import { AuthProvider } from '../providers/AuthProvider';
 import * as apiClient from '../services/apiClient';
 import type { UserProfile } from '../types';
+import * as tokenStorage from '../services/tokenStorage';
 import { createMockUserProfile } from '../tests/utils/mockFactories';
+import { logger } from '../services/logger.client';

 // Mock the dependencies
 vi.mock('../services/apiClient', () => ({
  // Mock other functions if needed
  getAuthenticatedUserProfile: vi.fn(),
 }));
+vi.mock('../services/tokenStorage');

-// Mock the logger to see auth provider logs during test execution
+// Mock the logger to spy on its methods
 vi.mock('../services/logger.client', () => ({
  logger: {
-    info: vi.fn((...args) => console.log('[AUTH-INFO]', ...args)),
-    warn: vi.fn((...args) => console.warn('[AUTH-WARN]', ...args)),
-    error: vi.fn((...args) => console.error('[AUTH-ERROR]', ...args)),
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
  },
 }));

 const mockedApiClient = vi.mocked(apiClient);
+const mockedTokenStorage = vi.mocked(tokenStorage);

 const mockProfile: UserProfile = createMockUserProfile({
  full_name: 'Test User',
@@ -36,26 +40,9 @@ const mockProfile: UserProfile = createMockUserProfile({
 const wrapper = ({ children }: { children: ReactNode }) => <AuthProvider>{children}</AuthProvider>;

 describe('useAuth Hook and AuthProvider', () => {
-  // Mock localStorage
-  let storage: { [key: string]: string } = {};
-  const localStorageMock = {
-    getItem: vi.fn((key: string) => storage[key] || null),
-    setItem: vi.fn((key: string, value: string) => {
-      storage[key] = value;
-    }),
-    removeItem: vi.fn((key: string) => {
-      delete storage[key];
-    }),
-    clear: vi.fn(() => {
-      storage = {};
-    }),
-  };
-
  beforeEach(() => {
    // Reset mocks and storage before each test
    vi.clearAllMocks();
-    storage = {};
-    Object.defineProperty(window, 'localStorage', { value: localStorageMock, configurable: true });
  });

  afterEach(() => {
@@ -85,7 +72,8 @@ describe('useAuth Hook and AuthProvider', () => {
  });

  describe('Initial Auth Check (useEffect)', () => {
-    it('sets state to SIGNED_OUT if no token is found', async () => {
+    it('sets state to SIGNED_OUT if no token is found in storage', async () => {
+      mockedTokenStorage.getToken.mockReturnValue(null);
      const { result } = renderHook(() => useAuth(), { wrapper });

      await waitFor(() => {
@@ -97,7 +85,7 @@ describe('useAuth Hook and AuthProvider', () => {
    });

    it('sets state to AUTHENTICATED if a valid token is found', async () => {
-      localStorageMock.setItem('authToken', 'valid-token');
+      mockedTokenStorage.getToken.mockReturnValue('valid-token');
      mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue({
        ok: true,
        status: 200,
@@ -121,7 +109,7 @@ describe('useAuth Hook and AuthProvider', () => {
    });

    it('sets state to SIGNED_OUT and removes token if validation fails', async () => {
-      localStorageMock.setItem('authToken', 'invalid-token');
+      mockedTokenStorage.getToken.mockReturnValue('invalid-token');
      mockedApiClient.getAuthenticatedUserProfile.mockRejectedValue(new Error('Invalid token'));

      const { result } = renderHook(() => useAuth(), { wrapper });
@@ -132,13 +120,40 @@ describe('useAuth Hook and AuthProvider', () => {

      expect(result.current.authStatus).toBe('SIGNED_OUT');
      expect(result.current.userProfile).toBeNull();
-      expect(localStorageMock.removeItem).toHaveBeenCalledWith('authToken');
+      expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
    });
  });

+  it('sets state to SIGNED_OUT and removes token if profile fetch returns null after token validation', async () => {
+    mockedTokenStorage.getToken.mockReturnValue('valid-token');
+    // Mock getAuthenticatedUserProfile to return a 200 OK response with a null body
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue({
+      ok: true,
+      status: 200,
+      json: () => Promise.resolve(null), // Simulate API returning no profile data
+    } as unknown as Response);
+
+    const { result } = renderHook(() => useAuth(), { wrapper });
+
+    await waitFor(() => {
+      expect(result.current.isLoading).toBe(false);
+    });
+
+    expect(result.current.authStatus).toBe('SIGNED_OUT');
+    expect(result.current.userProfile).toBeNull();
+    expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+    expect(logger.warn).toHaveBeenCalledWith(
+      '[AuthProvider-Effect] Token was present but validation returned no profile. Signing out.',
+    );
+  });
+
  describe('login function', () => {
    // This was the failing test
    it('sets token, fetches profile, and updates state on successful login', async () => {
+      // --- FIX ---
+      // Explicitly mock that no token exists initially to prevent state leakage from other tests.
+      mockedTokenStorage.getToken.mockReturnValue(null);
+
      // --- FIX ---
      // The mock for `getAuthenticatedUserProfile` must resolve to a `Response`-like object,
      // as this is the return type of the actual function. The `useApi` hook then
@@ -172,7 +187,7 @@ describe('useAuth Hook and AuthProvider', () => {
      console.log('[TEST-DEBUG] State immediately after login `act` call:', result.current);

      // 3. Assertions
-      expect(localStorageMock.setItem).toHaveBeenCalledWith('authToken', 'new-valid-token');
+      expect(mockedTokenStorage.setToken).toHaveBeenCalledWith('new-valid-token');

      // 4. We must wait for the state update inside the hook to propagate
      await waitFor(() => {
@@ -202,16 +217,44 @@ describe('useAuth Hook and AuthProvider', () => {
      });

      // Should trigger the logout flow
-      expect(localStorageMock.removeItem).toHaveBeenCalledWith('authToken');
+      expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
      expect(result.current.authStatus).toBe('SIGNED_OUT'); // This was a duplicate, fixed.
      expect(result.current.userProfile).toBeNull();
    });
+
+    it('logs out and throws an error if profile fetch returns null after login (no profileData)', async () => {
+      // Simulate successful token setting, but subsequent profile fetch returns null
+      mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue({
+        ok: true,
+        status: 200,
+        json: () => Promise.resolve(null), // Simulate API returning no profile data
+      } as unknown as Response);
+
+      const { result } = renderHook(() => useAuth(), { wrapper });
+      await waitFor(() => expect(result.current.isLoading).toBe(false));
+
+      // Call login without profileData, forcing a profile fetch
+      await act(async () => {
+        await expect(result.current.login('new-token-no-profile-data')).rejects.toThrow(
+          'Login succeeded, but failed to fetch your data: Received null or undefined profile from API.',
+        );
+      });
+
+      // Should trigger the logout flow
+      expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+      expect(result.current.authStatus).toBe('SIGNED_OUT');
+      expect(result.current.userProfile).toBeNull();
+      expect(logger.error).toHaveBeenCalledWith(
+        expect.any(String), // The error message
+        expect.objectContaining({ error: 'Received null or undefined profile from API.' }),
+      );
+    });
  });

  describe('logout function', () => {
    it('removes token and resets auth state', async () => {
-      // Start in a logged-in state
-      localStorageMock.setItem('authToken', 'valid-token');
+      // Start in a logged-in state by mocking the token storage
+      mockedTokenStorage.getToken.mockReturnValue('valid-token');
      mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue({
        ok: true,
        status: 200,
@@ -227,16 +270,15 @@ describe('useAuth Hook and AuthProvider', () => {
        result.current.logout();
      });

-      expect(localStorageMock.removeItem).toHaveBeenCalledWith('authToken');
+      expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
      expect(result.current.authStatus).toBe('SIGNED_OUT');
      expect(result.current.userProfile).toBeNull();
    });
  });

  describe('updateProfile function', () => {
-    it('merges new data into the existing profile state', async () => {
-      // Start in a logged-in state
-      localStorageMock.setItem('authToken', 'valid-token');
+    it('merges new data into the existing profile state', async () => {      // Start in a logged-in state
+      mockedTokenStorage.getToken.mockReturnValue('valid-token');
      mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue({
        ok: true,
        status: 200,
@@ -264,6 +306,10 @@ describe('useAuth Hook and AuthProvider', () => {
    });

    it('should not update profile if user is not authenticated', async () => {
+      // --- FIX ---
+      // Explicitly mock that no token exists initially to prevent state leakage from other tests.
+      mockedTokenStorage.getToken.mockReturnValue(null);
+
      const { result } = renderHook(() => useAuth(), { wrapper });

      // Wait for initial check to complete
--- a/src/hooks/useFlyerUploader.test.tsx
+++ b/src/hooks/useFlyerUploader.test.tsx
@@ -0,0 +1,136 @@
+import { renderHook, act, waitFor } from '@testing-library/react';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { useFlyerUploader } from './useFlyerUploader';
+import * as aiApiClient from '../services/aiApiClient';
+import * as checksumUtil from '../utils/checksum';
+
+// Import the actual error class because the module is mocked
+const { JobFailedError } = await vi.importActual<typeof import('../services/aiApiClient')>(
+  '../services/aiApiClient',
+);
+
+// Mock dependencies
+vi.mock('../services/aiApiClient');
+vi.mock('../utils/checksum');
+vi.mock('../services/logger.client', () => ({
+  logger: {
+    info: vi.fn(),
+    error: vi.fn(),
+    warn: vi.fn(),
+    debug: vi.fn(),
+  },
+}));
+
+const mockedAiApiClient = vi.mocked(aiApiClient);
+const mockedChecksumUtil = vi.mocked(checksumUtil);
+
+// Helper to wrap the hook with QueryClientProvider, which is required by react-query
+const createWrapper = () => {
+  const queryClient = new QueryClient({
+    defaultOptions: {
+      queries: {
+        retry: false, // Disable retries for tests for predictable behavior
+      },
+    },
+  });
+  return ({ children }: { children: React.ReactNode }) => (
+    <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>
+  );
+};
+
+describe('useFlyerUploader Hook with React Query', () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+    mockedChecksumUtil.generateFileChecksum.mockResolvedValue('mock-checksum');
+  });
+
+  it('should handle a successful upload and polling flow', async () => {
+    // Arrange
+    const mockJobId = 'job-123';
+    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: mockJobId });
+    mockedAiApiClient.getJobStatus
+      .mockResolvedValueOnce({
+        // First poll: active
+        id: mockJobId,
+        state: 'active',
+        progress: { message: 'Processing...' },
+        returnValue: null,
+        failedReason: null,
+      } as aiApiClient.JobStatus)
+      .mockResolvedValueOnce({
+        // Second poll: completed
+        id: mockJobId,
+        state: 'completed',
+        progress: { message: 'Complete!' },
+        returnValue: { flyerId: 777 },
+        failedReason: null,
+      } as aiApiClient.JobStatus);
+
+    const { result } = renderHook(() => useFlyerUploader(), { wrapper: createWrapper() });
+    const mockFile = new File([''], 'flyer.pdf');
+
+    // Act
+    await act(async () => {
+      result.current.upload(mockFile);
+    });
+
+    // Assert initial upload state
+    await waitFor(() => expect(result.current.processingState).toBe('polling'));
+    expect(result.current.jobId).toBe(mockJobId);
+
+    // Assert polling state
+    await waitFor(() => expect(result.current.statusMessage).toBe('Processing...'));
+
+    // Assert completed state
+    await waitFor(() => expect(result.current.processingState).toBe('completed'), { timeout: 5000 });
+    expect(result.current.flyerId).toBe(777);
+  });
+
+  it('should handle an upload failure', async () => {
+    // Arrange
+    const uploadError = {
+      status: 409,
+      body: { message: 'Duplicate flyer detected.', flyerId: 99 },
+    };
+    mockedAiApiClient.uploadAndProcessFlyer.mockRejectedValue(uploadError);
+
+    const { result } = renderHook(() => useFlyerUploader(), { wrapper: createWrapper() });
+    const mockFile = new File([''], 'flyer.pdf');
+
+    // Act
+    await act(async () => {
+      result.current.upload(mockFile);
+    });
+
+    // Assert error state
+    await waitFor(() => expect(result.current.processingState).toBe('error'));
+    expect(result.current.errorMessage).toBe('Duplicate flyer detected.');
+    expect(result.current.duplicateFlyerId).toBe(99);
+    expect(result.current.jobId).toBeNull();
+  });
+
+  it('should handle a job failure during polling', async () => {
+    // Arrange
+    const mockJobId = 'job-456';
+    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: mockJobId });
+
+    // Mock getJobStatus to throw a JobFailedError
+    mockedAiApiClient.getJobStatus.mockRejectedValue(
+      new JobFailedError('AI validation failed.', 'AI_VALIDATION_FAILED'),
+    );
+
+    const { result } = renderHook(() => useFlyerUploader(), { wrapper: createWrapper() });
+    const mockFile = new File([''], 'flyer.pdf');
+
+    // Act
+    await act(async () => {
+      result.current.upload(mockFile);
+    });
+
+    // Assert error state after polling fails
+    await waitFor(() => expect(result.current.processingState).toBe('error'));
+    expect(result.current.errorMessage).toBe('Polling failed: AI validation failed.');
+    expect(result.current.flyerId).toBeNull();
+  });
+});
--- a/src/hooks/useFlyerUploader.ts
+++ b/src/hooks/useFlyerUploader.ts
@@ -0,0 +1,171 @@
+// src/hooks/useFlyerUploader.ts
+// src/hooks/useFlyerUploader.ts
+import { useState, useCallback, useMemo } from 'react';
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
+import {
+  uploadAndProcessFlyer,
+  getJobStatus,
+  type JobStatus,
+  JobFailedError,
+} from '../services/aiApiClient';
+import { logger } from '../services/logger.client';
+import { generateFileChecksum } from '../utils/checksum';
+import type { ProcessingStage } from '../types';
+
+export type ProcessingState = 'idle' | 'uploading' | 'polling' | 'completed' | 'error';
+
+// Define a type for the structured error thrown by the API client
+interface ApiError {
+  status: number;
+  body: {
+    message: string;
+    flyerId?: number;
+  };
+}
+
+// Type guard to check if an error is a structured API error
+function isApiError(error: unknown): error is ApiError {
+  return (
+    typeof error === 'object' &&
+    error !== null &&
+    'status' in error &&
+    typeof (error as { status: unknown }).status === 'number' &&
+    'body' in error &&
+    typeof (error as { body: unknown }).body === 'object' &&
+    (error as { body: unknown }).body !== null &&
+    'message' in ((error as { body: unknown }).body as object)
+  );
+}
+export const useFlyerUploader = () => {
+  const queryClient = useQueryClient();
+  const [jobId, setJobId] = useState<string | null>(null);
+  const [currentFile, setCurrentFile] = useState<string | null>(null);
+
+  // Mutation for the initial file upload
+  const uploadMutation = useMutation({
+    mutationFn: async (file: File) => {
+      setCurrentFile(file.name);
+      const checksum = await generateFileChecksum(file);
+      return uploadAndProcessFlyer(file, checksum);
+    },
+    onSuccess: (data) => {
+      // When upload is successful, we get a jobId and can start polling.
+      setJobId(data.jobId);
+    },
+    // onError is handled automatically by react-query and exposed in `uploadMutation.error`
+  });
+
+  // Query for polling the job status
+  const { data: jobStatus, error: pollError } = useQuery({
+    queryKey: ['jobStatus', jobId],
+    queryFn: () => {
+      if (!jobId) throw new Error('No job ID to poll');
+      return getJobStatus(jobId);
+    },
+    // Only run this query if there is a jobId
+    enabled: !!jobId,
+    // Polling logic: react-query handles the interval
+    refetchInterval: (query) => {
+      const data = query.state.data as JobStatus | undefined;
+      // Stop polling if the job is completed or has failed
+      if (data?.state === 'completed' || data?.state === 'failed') {
+        return false;
+      }
+      // Also stop polling if the query itself has errored (e.g. network error, or JobFailedError thrown from getJobStatus)
+      if (query.state.status === 'error') {
+        logger.warn('[useFlyerUploader] Polling stopped due to query error state.');
+        return false;
+      }
+      // Otherwise, poll every 3 seconds
+      return 3000;
+    },
+    refetchOnWindowFocus: false, // No need to refetch on focus, interval is enough
+    // If a poll fails (e.g., network error), don't retry automatically.
+    // The user can see the error and choose to retry manually if we build that feature.
+    retry: false,
+  });
+
+  const upload = useCallback(
+    (file: File) => {
+      // Reset previous state before a new upload
+      setJobId(null);
+      setCurrentFile(null);
+      queryClient.removeQueries({ queryKey: ['jobStatus'] });
+      uploadMutation.mutate(file);
+    },
+    [uploadMutation, queryClient],
+  );
+
+  const resetUploaderState = useCallback(() => {
+    setJobId(null);
+    setCurrentFile(null);
+    uploadMutation.reset();
+    queryClient.removeQueries({ queryKey: ['jobStatus'] });
+  }, [uploadMutation, queryClient]);
+
+  // Consolidate state derivation for the UI from the react-query hooks using useMemo.
+  // This improves performance by memoizing the derived state and makes the logic easier to follow.
+  const { processingState, errorMessage, duplicateFlyerId, flyerId, statusMessage } = useMemo(() => {
+    // The order of these checks is critical. Errors must be checked first to override
+    // any stale `jobStatus` from a previous successful poll.
+    const state: ProcessingState = (() => {
+      if (uploadMutation.isError || pollError) return 'error';
+      if (uploadMutation.isPending) return 'uploading';
+      if (jobStatus && (jobStatus.state === 'active' || jobStatus.state === 'waiting'))
+        return 'polling';
+      if (jobStatus?.state === 'completed') {
+        if (!jobStatus.returnValue?.flyerId) return 'error';
+        return 'completed';
+      }
+      return 'idle';
+    })();
+
+    let msg: string | null = null;
+    let dupId: number | null = null;
+
+    if (state === 'error') {
+      if (uploadMutation.isError) {
+        const uploadError = uploadMutation.error;
+        if (isApiError(uploadError)) {
+          msg = uploadError.body.message;
+          // Specifically handle 409 Conflict for duplicate flyers
+          if (uploadError.status === 409) {
+            dupId = uploadError.body.flyerId ?? null;
+          }
+        } else if (uploadError instanceof Error) {
+          msg = uploadError.message;
+        } else {
+          msg = 'An unknown upload error occurred.';
+        }
+      } else if (pollError) {
+        msg = `Polling failed: ${pollError.message}`;
+      } else if (jobStatus?.state === 'failed') {
+        msg = `Processing failed: ${jobStatus.progress?.message || jobStatus.failedReason || 'Unknown reason'}`;
+      } else if (jobStatus?.state === 'completed' && !jobStatus.returnValue?.flyerId) {
+        msg = 'Job completed but did not return a flyer ID.';
+      }
+    }
+
+    return {
+      processingState: state,
+      errorMessage: msg,
+      duplicateFlyerId: dupId,
+      flyerId: jobStatus?.state === 'completed' ? jobStatus.returnValue?.flyerId ?? null : null,
+      statusMessage: uploadMutation.isPending ? 'Uploading file...' : jobStatus?.progress?.message,
+    };
+  }, [uploadMutation, jobStatus, pollError]);
+
+  return {
+    processingState,
+    statusMessage: uploadMutation.isPending ? 'Uploading file...' : jobStatus?.progress?.message,
+    errorMessage,
+    duplicateFlyerId,
+    processingStages: jobStatus?.progress?.stages || [],
+    estimatedTime: jobStatus?.progress?.estimatedTimeRemaining || 0,
+    currentFile,
+    flyerId,
+    upload,
+    resetUploaderState,
+    jobId,
+  };
+};
--- a/src/hooks/useInfiniteQuery.ts
+++ b/src/hooks/useInfiniteQuery.ts
@@ -47,6 +47,7 @@ export function useInfiniteQuery<T>(

  // Use a ref to store the cursor for the next page.
  const nextCursorRef = useRef<number | string | null | undefined>(initialCursor);
+  const lastErrorMessageRef = useRef<string | null>(null);

  const fetchPage = useCallback(
    async (cursor?: number | string | null) => {
@@ -59,6 +60,7 @@ export function useInfiniteQuery<T>(
        setIsFetchingNextPage(true);
      }
      setError(null);
+      lastErrorMessageRef.current = null;

      try {
        const response = await apiFunction(cursor);
@@ -99,7 +101,10 @@ export function useInfiniteQuery<T>(
          error: err.message,
          functionName: apiFunction.name,
        });
-        setError(err);
+        if (err.message !== lastErrorMessageRef.current) {
+          setError(err);
+          lastErrorMessageRef.current = err.message;
+        }
        notifyError(err.message);
      } finally {
        setIsLoading(false);
@@ -125,6 +130,7 @@ export function useInfiniteQuery<T>(
  // Function to be called by the UI to refetch the entire query from the beginning.
  const refetch = useCallback(() => {
    setIsRefetching(true);
+    lastErrorMessageRef.current = null;
    setData([]);
    fetchPage(initialCursor);
  }, [fetchPage, initialCursor]);
--- a/src/hooks/useShoppingLists.test.tsx
+++ b/src/hooks/useShoppingLists.test.tsx
@@ -495,6 +495,22 @@ describe('useShoppingLists Hook', () => {
      expect(currentLists[0].items).toHaveLength(1); // Length should remain 1
      console.log('  LOG: SUCCESS! Duplicate was not added and API was not called.');
    });
+
+    it('should log an error and not call the API if the listId does not exist', async () => {
+      const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      const { result } = renderHook(() => useShoppingLists());
+
+      await act(async () => {
+        // Call with a non-existent list ID (mock lists have IDs 1 and 2)
+        await result.current.addItemToList(999, { customItemName: 'Wont be added' });
+      });
+
+      // The API should not have been called because the list was not found.
+      expect(mockAddItemApi).not.toHaveBeenCalled();
+      expect(consoleErrorSpy).toHaveBeenCalledWith('useShoppingLists: List with ID 999 not found.');
+
+      consoleErrorSpy.mockRestore();
+    });
  });

  describe('updateItemInList', () => {
@@ -656,24 +672,14 @@ describe('useShoppingLists Hook', () => {
      },
      {
        name: 'updateItemInList',
-        action: (hook: any) => {
-          act(() => {
-            hook.setActiveListId(1);
-          });
-          return hook.updateItemInList(101, { is_purchased: true });
-        },
+        action: (hook: any) => hook.updateItemInList(101, { is_purchased: true }),
        apiMock: mockUpdateItemApi,
        mockIndex: 3,
        errorMessage: 'Update failed',
      },
      {
        name: 'removeItemFromList',
-        action: (hook: any) => {
-          act(() => {
-            hook.setActiveListId(1);
-          });
-          return hook.removeItemFromList(101);
-        },
+        action: (hook: any) => hook.removeItemFromList(101),
        apiMock: mockRemoveItemApi,
        mockIndex: 4,
        errorMessage: 'Removal failed',
@@ -681,6 +687,17 @@ describe('useShoppingLists Hook', () => {
    ])(
      'should set an error for $name if the API call fails',
      async ({ action, apiMock, mockIndex, errorMessage }) => {
+        // Setup a default list so activeListId is set automatically
+        const mockList = createMockShoppingList({ shopping_list_id: 1, name: 'List 1' });
+        mockedUseUserData.mockReturnValue({
+          shoppingLists: [mockList],
+          setShoppingLists: mockSetShoppingLists,
+          watchedItems: [],
+          setWatchedItems: vi.fn(),
+          isLoading: false,
+          error: null,
+        });
+
        const apiMocksWithError = [...defaultApiMocks];
        apiMocksWithError[mockIndex] = {
          ...apiMocksWithError[mockIndex],
@@ -689,11 +706,25 @@ describe('useShoppingLists Hook', () => {
        setupApiMocks(apiMocksWithError);
        apiMock.mockRejectedValue(new Error(errorMessage));

+        // Spy on console.error to ensure the catch block is executed for logging
+        const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+
        const { result } = renderHook(() => useShoppingLists());
+
+        // Wait for the effect to set the active list ID
+        await waitFor(() => expect(result.current.activeListId).toBe(1));
+
        await act(async () => {
          await action(result.current);
        });
-        await waitFor(() => expect(result.current.error).toBe(errorMessage));
+
+        await waitFor(() => {
+          expect(result.current.error).toBe(errorMessage);
+          // Verify that our custom logging within the catch block was called
+          expect(consoleErrorSpy).toHaveBeenCalled();
+        });
+
+        consoleErrorSpy.mockRestore();
      },
    );
  });
--- a/src/layouts/MainLayout.test.tsx
+++ b/src/layouts/MainLayout.test.tsx
@@ -79,7 +79,7 @@ vi.mock('../pages/admin/ActivityLog', async () => {
    ),
  };
 });
-vi.mock('../pages/admin/components/AnonymousUserBanner', () => ({
+vi.mock('../components/AnonymousUserBanner', () => ({
  AnonymousUserBanner: () => <div data-testid="anonymous-banner" />,
 }));
 vi.mock('../components/ErrorDisplay', () => ({
--- a/src/layouts/MainLayout.tsx
+++ b/src/layouts/MainLayout.tsx
@@ -16,7 +16,7 @@ import { PriceChart } from '../features/charts/PriceChart';
 import { PriceHistoryChart } from '../features/charts/PriceHistoryChart';
 import Leaderboard from '../components/Leaderboard';
 import { ActivityLog, ActivityLogClickHandler } from '../pages/admin/ActivityLog';
-import { AnonymousUserBanner } from '../pages/admin/components/AnonymousUserBanner';
+import { AnonymousUserBanner } from '../components/AnonymousUserBanner';
 import { ErrorDisplay } from '../components/ErrorDisplay';

 export interface MainLayoutProps {
--- a/src/middleware/errorHandler.test.ts
+++ b/src/middleware/errorHandler.test.ts
@@ -15,16 +15,19 @@ import type { Logger } from 'pino';
 // Create a mock logger that we can inject into requests and assert against.
 // We only mock the methods we intend to spy on. The rest of the complex Pino
 // Logger type is satisfied by casting, which is a common and clean testing practice.
-const mockLogger = {
-  error: vi.fn(),
-  warn: vi.fn(),
-  info: vi.fn(),
-  debug: vi.fn(),
-  fatal: vi.fn(),
-  trace: vi.fn(),
-  silent: vi.fn(),
-  child: vi.fn().mockReturnThis(),
-} as unknown as Logger;
+const { mockLogger } = vi.hoisted(() => {
+  const mockLogger = {
+    error: vi.fn(),
+    warn: vi.fn(),
+    info: vi.fn(),
+    debug: vi.fn(),
+    fatal: vi.fn(),
+    trace: vi.fn(),
+    silent: vi.fn(),
+    child: vi.fn().mockReturnThis(),
+  };
+  return { mockLogger };
+});

 // Mock the global logger as a fallback, though our tests will focus on req.log
 vi.mock('../services/logger.server', () => ({ logger: mockLogger }));
@@ -37,7 +40,7 @@ const app = express();
 app.use(express.json());
 // Add a middleware to inject our mock logger into each request as `req.log`
 app.use((req: Request, res: Response, next: NextFunction) => {
-  req.log = mockLogger;
+  req.log = mockLogger as unknown as Logger;
  next();
 });

@@ -106,17 +109,21 @@ describe('errorHandler Middleware', () => {
  it('should return a generic 500 error for a standard Error object', async () => {
    const response = await supertest(app).get('/generic-error');
    expect(response.status).toBe(500);
-    expect(response.body).toEqual({ message: 'A generic server error occurred.' });
+    // In test/dev, we now expect a stack trace for 5xx errors.
+    expect(response.body.message).toBe('A generic server error occurred.');
+    expect(response.body.stack).toBeDefined();
+    expect(response.body.errorId).toEqual(expect.any(String));
+    console.log('[DEBUG] errorHandler.test.ts: Received 500 error response with ID:', response.body.errorId);
    expect(mockLogger.error).toHaveBeenCalledWith(
      expect.objectContaining({
        err: expect.any(Error),
        errorId: expect.any(String),
        req: expect.objectContaining({ method: 'GET', url: '/generic-error' }),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
+      expect.stringMatching(/--- \[TEST\] UNHANDLED ERROR \(ID: \w+\) ---/),
      expect.any(Error),
    );
  });
@@ -130,15 +137,11 @@ describe('errorHandler Middleware', () => {
    expect(mockLogger.warn).toHaveBeenCalledWith(
      {
        err: expect.any(Error),
-        validationErrors: undefined,
        statusCode: 404,
      },
      'Client Error on GET /http-error-404: Resource not found',
    );
-    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
-      expect.any(Error),
-    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle a NotFoundError with a 404 status', async () => {
@@ -150,15 +153,11 @@ describe('errorHandler Middleware', () => {
    expect(mockLogger.warn).toHaveBeenCalledWith(
      {
        err: expect.any(NotFoundError),
-        validationErrors: undefined,
        statusCode: 404,
      },
      'Client Error on GET /not-found-error: Specific resource missing',
    );
-    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
-      expect.any(NotFoundError),
-    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle a ForeignKeyConstraintError with a 400 status and the specific error message', async () => {
@@ -170,15 +169,11 @@ describe('errorHandler Middleware', () => {
    expect(mockLogger.warn).toHaveBeenCalledWith(
      {
        err: expect.any(ForeignKeyConstraintError),
-        validationErrors: undefined,
        statusCode: 400,
      },
      'Client Error on GET /fk-error: The referenced item does not exist.',
    );
-    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
-      expect.any(ForeignKeyConstraintError),
-    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle a UniqueConstraintError with a 409 status and the specific error message', async () => {
@@ -190,15 +185,11 @@ describe('errorHandler Middleware', () => {
    expect(mockLogger.warn).toHaveBeenCalledWith(
      {
        err: expect.any(UniqueConstraintError),
-        validationErrors: undefined,
        statusCode: 409,
      },
      'Client Error on GET /unique-error: This item already exists.',
    );
-    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
-      expect.any(UniqueConstraintError),
-    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle a ValidationError with a 400 status and include the validation errors array', async () => {
@@ -219,27 +210,27 @@ describe('errorHandler Middleware', () => {
      },
      'Client Error on GET /validation-error: Input validation failed',
    );
-    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
-      expect.any(ValidationError),
-    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle a DatabaseError with a 500 status and a generic message', async () => {
    const response = await supertest(app).get('/db-error-500');

    expect(response.status).toBe(500);
-    expect(response.body).toEqual({ message: 'A database connection issue occurred.' });
+    // In test/dev, we now expect a stack trace for 5xx errors.
+    expect(response.body.message).toBe('A database connection issue occurred.');
+    expect(response.body.stack).toBeDefined();
+    expect(response.body.errorId).toEqual(expect.any(String));
    expect(mockLogger.error).toHaveBeenCalledWith(
      expect.objectContaining({
        err: expect.any(DatabaseError),
        errorId: expect.any(String),
        req: expect.objectContaining({ method: 'GET', url: '/db-error-500' }),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
    expect(consoleErrorSpy).toHaveBeenCalledWith(
-      expect.stringContaining('--- [TEST] UNHANDLED ERROR ---'),
+      expect.stringMatching(/--- \[TEST\] UNHANDLED ERROR \(ID: \w+\) ---/),
      expect.any(DatabaseError),
    );
  });
@@ -249,8 +240,14 @@ describe('errorHandler Middleware', () => {

    expect(response.status).toBe(401);
    expect(response.body).toEqual({ message: 'Invalid Token' });
-    // 4xx errors log as warn
-    expect(mockLogger.warn).toHaveBeenCalled();
+    expect(mockLogger.warn).toHaveBeenCalledWith(
+      {
+        err: expect.any(Error),
+        statusCode: 401,
+      },
+      'Client Error on GET /unauthorized-error-no-status: Invalid Token',
+    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should handle an UnauthorizedError with explicit status', async () => {
@@ -258,6 +255,14 @@ describe('errorHandler Middleware', () => {

    expect(response.status).toBe(401);
    expect(response.body).toEqual({ message: 'Invalid Token' });
+    expect(mockLogger.warn).toHaveBeenCalledWith(
+      {
+        err: expect.any(Error),
+        statusCode: 401,
+      },
+      'Client Error on GET /unauthorized-error-with-status: Invalid Token',
+    );
+    expect(consoleErrorSpy).not.toHaveBeenCalled();
  });

  it('should call next(err) if headers have already been sent', () => {
@@ -302,6 +307,7 @@ describe('errorHandler Middleware', () => {
      expect(response.body.message).toMatch(
        /An unexpected server error occurred. Please reference error ID: \w+/,
      );
+      expect(response.body.stack).toBeUndefined();
    });

    it('should return the actual error message for client errors (4xx) in production', async () => {
--- a/src/middleware/errorHandler.ts
+++ b/src/middleware/errorHandler.ts
@@ -1,5 +1,6 @@
 // src/middleware/errorHandler.ts
 import { Request, Response, NextFunction } from 'express';
+import crypto from 'crypto';
 import { ZodError } from 'zod';
 import {
  ForeignKeyConstraintError,
@@ -24,45 +25,77 @@ export const errorHandler = (err: Error, req: Request, res: Response, next: Next
  // Use the request-scoped logger if available, otherwise fall back to the global logger.
  const log = req.log || logger;

-  // --- Handle Zod Validation Errors ---
+  // --- Handle Zod Validation Errors (from validateRequest middleware) ---
  if (err instanceof ZodError) {
-    log.warn({ err: err.flatten() }, 'Request validation failed');
-    return res.status(400).json({
-      message: 'The request data is invalid.',
-      errors: err.issues.map((e) => ({ path: e.path, message: e.message })),
-    });
+    const statusCode = 400;
+    const message = 'The request data is invalid.';
+    const errors = err.issues.map((e) => ({ path: e.path, message: e.message }));
+    log.warn({ err, validationErrors: errors, statusCode }, `Client Error on ${req.method} ${req.path}: ${message}`);
+    return res.status(statusCode).json({ message, errors });
  }

  // --- Handle Custom Operational Errors ---
  if (err instanceof NotFoundError) {
-    log.info({ err }, 'Resource not found');
-    return res.status(404).json({ message: err.message });
+    const statusCode = 404;
+    log.warn({ err, statusCode }, `Client Error on ${req.method} ${req.path}: ${err.message}`);
+    return res.status(statusCode).json({ message: err.message });
  }

  if (err instanceof ValidationError) {
-    log.warn({ err }, 'Validation error occurred');
-    return res.status(400).json({ message: err.message, errors: err.validationErrors });
+    const statusCode = 400;
+    log.warn(
+      { err, validationErrors: err.validationErrors, statusCode },
+      `Client Error on ${req.method} ${req.path}: ${err.message}`,
+    );
+    return res.status(statusCode).json({ message: err.message, errors: err.validationErrors });
  }

  if (err instanceof UniqueConstraintError) {
-    log.warn({ err }, 'Constraint error occurred');
-    return res.status(409).json({ message: err.message }); // Use 409 Conflict for unique constraints
+    const statusCode = 409;
+    log.warn({ err, statusCode }, `Client Error on ${req.method} ${req.path}: ${err.message}`);
+    return res.status(statusCode).json({ message: err.message }); // Use 409 Conflict for unique constraints
  }

  if (err instanceof ForeignKeyConstraintError) {
-    log.warn({ err }, 'Foreign key constraint violation');
-    return res.status(400).json({ message: err.message });
+    const statusCode = 400;
+    log.warn({ err, statusCode }, `Client Error on ${req.method} ${req.path}: ${err.message}`);
+    return res.status(statusCode).json({ message: err.message });
  }

-  // --- Handle Generic Errors ---
-  // Log the full error object for debugging. The pino logger will handle redaction.
-  log.error({ err }, 'An unhandled error occurred in an Express route');
+  // --- Handle Generic Client Errors (e.g., from express-jwt, or manual status setting) ---
+  let status = (err as any).status || (err as any).statusCode;
+  // Default UnauthorizedError to 401 if no status is present, a common case for express-jwt.
+  if (err.name === 'UnauthorizedError' && !status) {
+    status = 401;
+  }
+  if (status && status >= 400 && status < 500) {
+    log.warn({ err, statusCode: status }, `Client Error on ${req.method} ${req.path}: ${err.message}`);
+    return res.status(status).json({ message: err.message });
+  }
+
+  // --- Handle All Other (500-level) Errors ---
+  const errorId = crypto.randomBytes(4).toString('hex');
+  log.error(
+    {
+      err,
+      errorId,
+      req: { method: req.method, url: req.url, headers: req.headers, body: req.body },
+    },
+    `Unhandled API Error (ID: ${errorId})`,
+  );
+
+  // Also log to console in test environment for visibility in test runners
+  if (process.env.NODE_ENV === 'test') {
+    console.error(`--- [TEST] UNHANDLED ERROR (ID: ${errorId}) ---`, err);
+  }

  // In production, send a generic message to avoid leaking implementation details.
  if (process.env.NODE_ENV === 'production') {
-    return res.status(500).json({ message: 'An internal server error occurred.' });
+    return res.status(500).json({
+      message: `An unexpected server error occurred. Please reference error ID: ${errorId}`,
+    });
  }

-  // In development, send more details for easier debugging.
-  return res.status(500).json({ message: err.message, stack: err.stack });
+  // In non-production environments (dev, test, etc.), send more details for easier debugging.
+  return res.status(500).json({ message: err.message, stack: err.stack, errorId });
 };
--- a/src/middleware/multer.middleware.test.ts
+++ b/src/middleware/multer.middleware.test.ts
@@ -0,0 +1,269 @@
+// src/middleware/multer.middleware.test.ts
+import { describe, it, expect, vi, beforeEach, afterEach, Mock } from 'vitest';
+import multer from 'multer';
+import type { Request, Response, NextFunction } from 'express';
+import { createUploadMiddleware, handleMulterError } from './multer.middleware';
+import { createMockUserProfile } from '../tests/utils/mockFactories';
+import { ValidationError } from '../services/db/errors.db';
+
+// 1. Hoist the mocks so they can be referenced inside vi.mock factories.
+const mocks = vi.hoisted(() => ({
+  mkdir: vi.fn(),
+  logger: {
+    info: vi.fn(),
+    error: vi.fn(),
+    warn: vi.fn(),
+    debug: vi.fn(),
+  },
+}));
+
+// 2. Mock node:fs/promises.
+// We mock the default export because that's how it's imported in the source file.
+vi.mock('node:fs/promises', () => ({
+  default: {
+    mkdir: mocks.mkdir,
+  },
+}));
+
+// 3. Mock the logger service.
+vi.mock('../services/logger.server', () => ({
+  logger: mocks.logger,
+}));
+
+// 4. Mock multer to prevent it from doing anything during import.
+vi.mock('multer', () => {
+  const diskStorage = vi.fn((options) => options);
+  // A more realistic mock for MulterError that maps error codes to messages,
+  // similar to how the actual multer library works.
+  class MulterError extends Error {
+    code: string;
+    field?: string;
+
+    constructor(code: string, field?: string) {
+      const messages: { [key: string]: string } = {
+        LIMIT_FILE_SIZE: 'File too large',
+        LIMIT_UNEXPECTED_FILE: 'Unexpected file',
+        // Add other codes as needed for tests
+      };
+      const message = messages[code] || code;
+      super(message);
+      this.code = code;
+      this.name = 'MulterError';
+      if (field) {
+        this.field = field;
+      }
+    }
+  }
+  const multer = vi.fn(() => ({
+    single: vi.fn().mockImplementation(() => (req: any, res: any, next: any) => next()),
+    array: vi.fn().mockImplementation(() => (req: any, res: any, next: any) => next()),
+  }));
+  (multer as any).diskStorage = diskStorage;
+  (multer as any).MulterError = MulterError;
+  return {
+    default: multer,
+    diskStorage,
+    MulterError,
+  };
+});
+
+describe('Multer Middleware Directory Creation', () => {
+  beforeEach(() => {
+    // Critical: Reset modules to ensure the top-level IIFE runs again for each test.
+    vi.resetModules();
+    vi.clearAllMocks();
+  });
+
+  it('should attempt to create directories on module load and log success', async () => {
+    // Arrange
+    mocks.mkdir.mockResolvedValue(undefined);
+
+    // Act: Dynamic import triggers the top-level code execution
+    await import('./multer.middleware');
+
+    // Assert
+    // It should try to create both the flyer storage and avatar storage paths
+    expect(mocks.mkdir).toHaveBeenCalledTimes(2);
+    expect(mocks.mkdir).toHaveBeenCalledWith(expect.any(String), { recursive: true });
+    expect(mocks.logger.info).toHaveBeenCalledWith('Ensured multer storage directories exist.');
+    expect(mocks.logger.error).not.toHaveBeenCalled();
+  });
+
+  it('should log an error if directory creation fails', async () => {
+    // Arrange
+    const error = new Error('Permission denied');
+    mocks.mkdir.mockRejectedValue(error);
+
+    // Act
+    await import('./multer.middleware');
+
+    // Assert
+    expect(mocks.mkdir).toHaveBeenCalled();
+    expect(mocks.logger.error).toHaveBeenCalledWith(
+      { error },
+      'Failed to create multer storage directories on startup.',
+    );
+  });
+});
+
+describe('createUploadMiddleware', () => {
+  const mockFile = { originalname: 'test.png' } as Express.Multer.File;
+  const mockUser = createMockUserProfile({ user: { user_id: 'user-123', email: 'test@user.com' } });
+  let originalNodeEnv: string | undefined;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    originalNodeEnv = process.env.NODE_ENV;
+  });
+
+  afterEach(() => {
+    process.env.NODE_ENV = originalNodeEnv;
+  });
+
+  describe('Avatar Storage', () => {
+    it('should generate a unique filename for an authenticated user', () => {
+      process.env.NODE_ENV = 'production';
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = { user: mockUser } as unknown as Request;
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, expect.stringContaining('user-123-'));
+      expect(cb).toHaveBeenCalledWith(null, expect.stringContaining('.png'));
+    });
+
+    it('should call the callback with an error for an unauthenticated user', () => {
+      // This test covers line 37
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request; // No user on request
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(
+        new Error('User not authenticated for avatar upload'),
+        expect.any(String),
+      );
+    });
+
+    it('should use a predictable filename in test environment', () => {
+      process.env.NODE_ENV = 'test';
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = { user: mockUser } as unknown as Request;
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, 'test-avatar.png');
+    });
+  });
+
+  describe('Flyer Storage', () => {
+    it('should generate a unique, sanitized filename in production environment', () => {
+      process.env.NODE_ENV = 'production';
+      const mockFlyerFile = {
+        fieldname: 'flyerFile',
+        originalname: 'My Flyer (Special!).pdf',
+      } as Express.Multer.File;
+      createUploadMiddleware({ storageType: 'flyer' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request;
+
+      storageOptions.filename!(mockReq, mockFlyerFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(
+        null,
+        expect.stringMatching(/^flyerFile-\d+-\d+-my-flyer-special\.pdf$/i),
+      );
+    });
+
+    it('should generate a predictable filename in test environment', () => {
+      // This test covers lines 43-46
+      process.env.NODE_ENV = 'test';
+      const mockFlyerFile = {
+        fieldname: 'flyerFile',
+        originalname: 'test-flyer.jpg',
+      } as Express.Multer.File;
+      createUploadMiddleware({ storageType: 'flyer' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request;
+
+      storageOptions.filename!(mockReq, mockFlyerFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, 'flyerFile-test-flyer-image.jpg');
+    });
+  });
+
+  describe('Image File Filter', () => {
+    it('should accept files with an image mimetype', () => {
+      createUploadMiddleware({ storageType: 'flyer', fileFilter: 'image' });
+      const multerOptions = vi.mocked(multer).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockImageFile = { mimetype: 'image/png' } as Express.Multer.File;
+
+      multerOptions!.fileFilter!({} as Request, mockImageFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, true);
+    });
+
+    it('should reject files without an image mimetype', () => {
+      createUploadMiddleware({ storageType: 'flyer', fileFilter: 'image' });
+      const multerOptions = vi.mocked(multer).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockTextFile = { mimetype: 'text/plain' } as Express.Multer.File;
+
+      multerOptions!.fileFilter!({} as Request, { ...mockTextFile, fieldname: 'test' }, cb);
+
+      const error = (cb as Mock).mock.calls[0][0];
+      expect(error).toBeInstanceOf(ValidationError);
+      expect(error.validationErrors[0].message).toBe('Only image files are allowed!');
+    });
+  });
+});
+
+describe('handleMulterError Middleware', () => {
+  let mockRequest: Partial<Request>;
+  let mockResponse: Partial<Response>;
+  let mockNext: NextFunction;
+
+  beforeEach(() => {
+    mockRequest = {};
+    mockResponse = {
+      status: vi.fn().mockReturnThis(),
+      json: vi.fn(),
+    };
+    mockNext = vi.fn();
+  });
+
+  it('should handle a MulterError (e.g., file too large)', () => {
+    const err = new multer.MulterError('LIMIT_FILE_SIZE');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    expect(mockResponse.status).toHaveBeenCalledWith(400);
+    expect(mockResponse.json).toHaveBeenCalledWith({
+      message: 'File upload error: File too large',
+    });
+    expect(mockNext).not.toHaveBeenCalled();
+  });
+
+  it('should pass on a ValidationError to the next handler', () => {
+    const err = new ValidationError([], 'Only image files are allowed!');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    // It should now pass the error to the global error handler
+    expect(mockNext).toHaveBeenCalledWith(err);
+    expect(mockResponse.status).not.toHaveBeenCalled();
+    expect(mockResponse.json).not.toHaveBeenCalled();
+  });
+
+  it('should pass on non-multer errors to the next error handler', () => {
+    const err = new Error('A generic error');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    expect(mockNext).toHaveBeenCalledWith(err);
+    expect(mockResponse.status).not.toHaveBeenCalled();
+  });
+});
--- a/src/middleware/multer.middleware.ts
+++ b/src/middleware/multer.middleware.ts
@@ -0,0 +1,122 @@
+// src/middleware/multer.middleware.ts
+import multer from 'multer';
+import path from 'path';
+import fs from 'node:fs/promises';
+import { Request, Response, NextFunction } from 'express';
+import { UserProfile } from '../types';
+import { sanitizeFilename } from '../utils/stringUtils';
+import { ValidationError } from '../services/db/errors.db';
+import { logger } from '../services/logger.server';
+
+export const flyerStoragePath =
+  process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
+export const avatarStoragePath = path.join(process.cwd(), 'public', 'uploads', 'avatars');
+
+// Ensure directories exist at startup
+(async () => {
+  try {
+    await fs.mkdir(flyerStoragePath, { recursive: true });
+    await fs.mkdir(avatarStoragePath, { recursive: true });
+    logger.info('Ensured multer storage directories exist.');
+  } catch (error) {
+    const err = error instanceof Error ? error : new Error(String(error));
+    logger.error({ error: err }, 'Failed to create multer storage directories on startup.');
+  }
+})();
+
+type StorageType = 'flyer' | 'avatar';
+
+const getStorageConfig = (type: StorageType) => {
+  switch (type) {
+    case 'avatar':
+      return multer.diskStorage({
+        destination: (req, file, cb) => cb(null, avatarStoragePath),
+        filename: (req, file, cb) => {
+          const user = req.user as UserProfile | undefined;
+          if (!user) {
+            // This should ideally not happen if auth middleware runs first.
+            return cb(new Error('User not authenticated for avatar upload'), '');
+          }
+          if (process.env.NODE_ENV === 'test') {
+            // Use a predictable filename for test avatars for easy cleanup.
+            return cb(null, `test-avatar${path.extname(file.originalname) || '.png'}`);
+          }
+          const uniqueSuffix = `${user.user.user_id}-${Date.now()}${path.extname(
+            file.originalname,
+          )}`;
+          cb(null, uniqueSuffix);
+        },
+      });
+    case 'flyer':
+    default:
+      return multer.diskStorage({
+        destination: (req, file, cb) => cb(null, flyerStoragePath),
+        filename: (req, file, cb) => {
+          if (process.env.NODE_ENV === 'test') {
+            // Use a predictable filename for test flyers for easy cleanup.
+            const ext = path.extname(file.originalname);
+            return cb(null, `${file.fieldname}-test-flyer-image${ext || '.jpg'}`);
+          }
+          const uniqueSuffix = `${Date.now()}-${Math.round(Math.random() * 1e9)}`;
+          const sanitizedOriginalName = sanitizeFilename(file.originalname);
+          cb(null, `${file.fieldname}-${uniqueSuffix}-${sanitizedOriginalName}`);
+        },
+      });
+  }
+};
+
+const imageFileFilter = (req: Request, file: Express.Multer.File, cb: multer.FileFilterCallback) => {
+  if (file.mimetype.startsWith('image/')) {
+    cb(null, true);
+  } else {
+    // Reject the file with a specific error that can be caught by a middleware.
+    const validationIssue = { path: ['file', file.fieldname], message: 'Only image files are allowed!' };
+    const err = new ValidationError([validationIssue], 'Only image files are allowed!');
+    cb(err as Error); // Cast to Error to satisfy multer's type, though ValidationError extends Error.
+  }
+};
+
+interface MulterOptions {
+  storageType: StorageType;
+  fileSize?: number;
+  fileFilter?: 'image';
+}
+
+/**
+ * Creates a configured multer instance for file uploads.
+ * @param options - Configuration for storage type, file size, and file filter.
+ * @returns A multer instance.
+ */
+export const createUploadMiddleware = (options: MulterOptions) => {
+  const multerOptions: multer.Options = {
+    storage: getStorageConfig(options.storageType),
+  };
+
+  if (options.fileSize) {
+    multerOptions.limits = { fileSize: options.fileSize };
+  }
+
+  if (options.fileFilter === 'image') {
+    multerOptions.fileFilter = imageFileFilter;
+  }
+
+  return multer(multerOptions);
+};
+
+/**
+ * A general error handler for multer. Place this after all routes using multer in your router file.
+ * It catches errors from `fileFilter` and other multer issues (e.g., file size limits).
+ */
+export const handleMulterError = (
+  err: Error,
+  req: Request,
+  res: Response,
+  next: NextFunction,
+) => {
+  if (err instanceof multer.MulterError) {
+    // A Multer error occurred when uploading (e.g., file too large).
+    return res.status(400).json({ message: `File upload error: ${err.message}` });
+  }
+  // If it's not a multer error, pass it on.
+  next(err);
+};
--- a/src/pages/ResetPasswordPage.tsx
+++ b/src/pages/ResetPasswordPage.tsx
@@ -4,7 +4,7 @@ import { useParams, useNavigate, Link } from 'react-router-dom';
 import * as apiClient from '../services/apiClient';
 import { logger } from '../services/logger.client';
 import { LoadingSpinner } from '../components/LoadingSpinner';
-import { PasswordInput } from './admin/components/PasswordInput';
+import { PasswordInput } from '../components/PasswordInput';

 export const ResetPasswordPage: React.FC = () => {
  const { token } = useParams<{ token: string }>();
--- a/src/pages/admin/AdminPage.tsx
+++ b/src/pages/admin/AdminPage.tsx
@@ -4,6 +4,7 @@ import { SystemCheck } from './components/SystemCheck';
 import { Link } from 'react-router-dom';
 import { ShieldExclamationIcon } from '../../components/icons/ShieldExclamationIcon';
 import { ChartBarIcon } from '../../components/icons/ChartBarIcon';
+import { DocumentMagnifyingGlassIcon } from '../../components/icons/DocumentMagnifyingGlassIcon';

 export const AdminPage: React.FC = () => {
  // The onReady prop for SystemCheck is present to allow for future UI changes,
@@ -39,6 +40,13 @@ export const AdminPage: React.FC = () => {
              <ChartBarIcon className="w-6 h-6 mr-3 text-brand-primary" />
              <span className="font-semibold">View Statistics</span>
            </Link>
+            <Link
+              to="/admin/flyer-review"
+              className="flex items-center p-3 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-700/50 transition-colors"
+            >
+              <DocumentMagnifyingGlassIcon className="w-6 h-6 mr-3 text-brand-primary" />
+              <span className="font-semibold">Flyer Review Queue</span>
+            </Link>
          </div>
        </div>
        <SystemCheck />
--- a/src/pages/admin/FlyerReviewPage.test.tsx
+++ b/src/pages/admin/FlyerReviewPage.test.tsx
@@ -0,0 +1,179 @@
+// src/pages/admin/FlyerReviewPage.test.tsx
+import { render, screen, waitFor, within } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { FlyerReviewPage } from './FlyerReviewPage';
+import { MemoryRouter } from 'react-router-dom';
+import * as apiClient from '../../services/apiClient';
+import { logger } from '../../services/logger.client';
+
+// Mock dependencies
+vi.mock('../../services/apiClient', () => ({
+  getFlyersForReview: vi.fn(),
+}));
+
+vi.mock('../../services/logger.client', () => ({
+  logger: {
+    error: vi.fn(),
+  },
+}));
+
+// Mock LoadingSpinner to simplify DOM and avoid potential issues
+vi.mock('../../components/LoadingSpinner', () => ({
+  LoadingSpinner: () => <div data-testid="loading-spinner">Loading...</div>,
+}));
+
+describe('FlyerReviewPage', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('renders loading spinner initially', () => {
+    // Mock a promise that doesn't resolve immediately to check loading state
+    vi.mocked(apiClient.getFlyersForReview).mockReturnValue(new Promise(() => {}));
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    expect(screen.getByRole('status', { name: /loading flyers for review/i })).toBeInTheDocument();
+  });
+
+  it('renders empty state when no flyers are returned', async () => {
+    vi.mocked(apiClient.getFlyersForReview).mockResolvedValue({
+      ok: true,
+      json: async () => [],
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText(/the review queue is empty/i)).toBeInTheDocument();
+  });
+
+  it('renders a list of flyers when API returns data', async () => {
+    const mockFlyers = [
+      {
+        flyer_id: 1,
+        file_name: 'flyer1.jpg',
+        created_at: '2023-01-01T00:00:00Z',
+        store: { name: 'Store A' },
+        icon_url: 'icon1.jpg',
+      },
+      {
+        flyer_id: 2,
+        file_name: 'flyer2.jpg',
+        created_at: '2023-01-02T00:00:00Z',
+        store: { name: 'Store B' },
+        icon_url: 'icon2.jpg',
+      },
+      {
+        flyer_id: 3,
+        file_name: 'flyer3.jpg',
+        created_at: '2023-01-03T00:00:00Z',
+        store: null,
+        icon_url: null,
+      },
+    ];
+
+    vi.mocked(apiClient.getFlyersForReview).mockResolvedValue({
+      ok: true,
+      json: async () => mockFlyers,
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Store A')).toBeInTheDocument();
+    expect(screen.getByText('flyer1.jpg')).toBeInTheDocument();
+    expect(screen.getByText('Store B')).toBeInTheDocument();
+    expect(screen.getByText('flyer2.jpg')).toBeInTheDocument();
+
+    // Test fallback for null store and icon_url
+    expect(screen.getByText('Unknown Store')).toBeInTheDocument();
+    expect(screen.getByText('flyer3.jpg')).toBeInTheDocument();
+    const unknownStoreItem = screen.getByText('Unknown Store').closest('li');
+    const unknownStoreImage = within(unknownStoreItem!).getByRole('img');
+    expect(unknownStoreImage).not.toHaveAttribute('src');
+    expect(unknownStoreImage).not.toHaveAttribute('alt');
+  });
+
+  it('renders error message when API response is not ok', async () => {
+    vi.mocked(apiClient.getFlyersForReview).mockResolvedValue({
+      ok: false,
+      json: async () => ({ message: 'Server error' }),
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Server error')).toBeInTheDocument();
+    expect(logger.error).toHaveBeenCalledWith(
+      expect.objectContaining({ err: expect.any(Error) }),
+      'Failed to fetch flyers for review'
+    );
+  });
+
+  it('renders error message when API throws an error', async () => {
+    const networkError = new Error('Network error');
+    vi.mocked(apiClient.getFlyersForReview).mockRejectedValue(networkError);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Network error')).toBeInTheDocument();
+    expect(logger.error).toHaveBeenCalledWith(
+      { err: networkError },
+      'Failed to fetch flyers for review'
+    );
+  });
+
+  it('renders a generic error for non-Error rejections', async () => {
+    const nonErrorRejection = { message: 'This is not an Error object' };
+    vi.mocked(apiClient.getFlyersForReview).mockRejectedValue(nonErrorRejection);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>,
+    );
+
+    await waitFor(() => {
+      expect(screen.getByText('An unknown error occurred while fetching data.')).toBeInTheDocument();
+    });
+
+    expect(logger.error).toHaveBeenCalledWith(
+      { err: nonErrorRejection },
+      'Failed to fetch flyers for review',
+    );
+  });
+});
--- a/src/pages/admin/FlyerReviewPage.tsx
+++ b/src/pages/admin/FlyerReviewPage.tsx
@@ -0,0 +1,93 @@
+// src/pages/admin/FlyerReviewPage.tsx
+import React, { useEffect, useState } from 'react';
+import { Link } from 'react-router-dom';
+import { getFlyersForReview } from '../../services/apiClient';
+import { logger } from '../../services/logger.client';
+import type { Flyer } from '../../types';
+import { LoadingSpinner } from '../../components/LoadingSpinner';
+import { format } from 'date-fns';
+
+export const FlyerReviewPage: React.FC = () => {
+  const [flyers, setFlyers] = useState<Flyer[]>([]);
+  const [isLoading, setIsLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    const fetchFlyers = async () => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        const response = await getFlyersForReview();
+        if (!response.ok) {
+          throw new Error((await response.json()).message || 'Failed to fetch flyers for review.');
+        }
+        setFlyers(await response.json());
+      } catch (err) {
+        const errorMessage =
+          err instanceof Error ? err.message : 'An unknown error occurred while fetching data.';
+        logger.error({ err }, 'Failed to fetch flyers for review');
+        setError(errorMessage);
+      } finally {
+        setIsLoading(false);
+      }
+    };
+
+    fetchFlyers();
+  }, []);
+
+  return (
+    <div className="max-w-7xl mx-auto py-8 px-4">
+      <div className="mb-8">
+        <Link to="/admin" className="text-brand-primary hover:underline">
+          &larr; Back to Admin Dashboard
+        </Link>
+        <h1 className="text-3xl font-bold text-gray-800 dark:text-white mt-2">
+          Flyer Review Queue
+        </h1>
+        <p className="text-gray-500 dark:text-gray-400">
+          Review flyers that were processed with low confidence by the AI.
+        </p>
+      </div>
+
+      {isLoading && (
+        <div
+          role="status"
+          aria-label="Loading flyers for review"
+          className="flex justify-center items-center h-64"
+        >
+          <LoadingSpinner />
+        </div>
+      )}
+      {error && (
+        <div className="text-red-500 bg-red-100 dark:bg-red-900/20 p-4 rounded-lg">{error}</div>
+      )}
+
+      {!isLoading && !error && (
+        <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 overflow-hidden">
+          <ul className="divide-y divide-gray-200 dark:divide-gray-700">
+            {flyers.length === 0 ? (
+              <li className="p-6 text-center text-gray-500">
+                The review queue is empty. Great job!
+              </li>
+            ) : (
+              flyers.map((flyer) => (
+                <li key={flyer.flyer_id} className="p-4 hover:bg-gray-50 dark:hover:bg-gray-700/50">
+                  <Link to={`/flyers/${flyer.flyer_id}`} className="flex items-center space-x-4">
+                    <img src={flyer.icon_url || undefined} alt={flyer.store?.name} className="w-12 h-12 rounded-md object-cover" />
+                    <div className="flex-1">
+                      <p className="font-semibold text-gray-800 dark:text-white">{flyer.store?.name || 'Unknown Store'}</p>
+                      <p className="text-sm text-gray-500 dark:text-gray-400">{flyer.file_name}</p>
+                    </div>
+                    <div className="text-right text-sm text-gray-500 dark:text-gray-400">
+                      <p>Uploaded: {format(new Date(flyer.created_at), 'MMM d, yyyy')}</p>
+                    </div>
+                  </Link>
+                </li>
+              ))
+            )}
+          </ul>
+        </div>
+      )}
+    </div>
+  );
+};
--- a/src/pages/admin/components/AuthView.test.tsx
+++ b/src/pages/admin/components/AuthView.test.tsx
@@ -1,6 +1,6 @@
 // src/pages/admin/components/AuthView.test.tsx
 import React from 'react';
-import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+import { render, screen, fireEvent, waitFor, act } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mock } from 'vitest';
 import { AuthView } from './AuthView';
 import * as apiClient from '../../../services/apiClient';
@@ -12,6 +12,11 @@ const mockedApiClient = vi.mocked(apiClient, true);
 const mockOnClose = vi.fn();
 const mockOnLoginSuccess = vi.fn();

+vi.mock('../../../components/PasswordInput', () => ({
+  // Mock the moved component
+  PasswordInput: (props: any) => <input {...props} data-testid="password-input" />,
+}));
+
 const defaultProps = {
  onClose: mockOnClose,
  onLoginSuccess: mockOnLoginSuccess,
@@ -353,4 +358,27 @@ describe('AuthView', () => {
      expect(screen.queryByText('Send Reset Link')).not.toBeInTheDocument();
    });
  });
+
+  it('should show loading state during registration submission', async () => {
+    // Mock a promise that doesn't resolve immediately
+    (mockedApiClient.registerUser as Mock).mockReturnValue(new Promise(() => {}));
+    render(<AuthView {...defaultProps} />);
+
+    // Switch to registration view
+    fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));
+
+    fireEvent.change(screen.getByLabelText(/email address/i), {
+      target: { value: 'test@example.com' },
+    });
+    fireEvent.change(screen.getByTestId('password-input'), { target: { value: 'password' } });
+    fireEvent.submit(screen.getByTestId('auth-form'));
+
+    await waitFor(() => {
+      const submitButton = screen.getByTestId('auth-form').querySelector('button[type="submit"]');
+      expect(submitButton).toBeInTheDocument();
+      expect(submitButton).toBeDisabled();
+      // Verify the text 'Register' is gone from any button
+      expect(screen.queryByRole('button', { name: 'Register' })).not.toBeInTheDocument();
+    });
+  });
 });
--- a/src/pages/admin/components/AuthView.tsx
+++ b/src/pages/admin/components/AuthView.tsx
@@ -7,7 +7,7 @@ import { notifySuccess } from '../../../services/notificationService';
 import { LoadingSpinner } from '../../../components/LoadingSpinner';
 import { GoogleIcon } from '../../../components/icons/GoogleIcon';
 import { GithubIcon } from '../../../components/icons/GithubIcon';
-import { PasswordInput } from './PasswordInput';
+import { PasswordInput } from '../../../components/PasswordInput';

 interface AuthResponse {
  userprofile: UserProfile;
--- a/src/pages/admin/components/ProfileManager.test.tsx
+++ b/src/pages/admin/components/ProfileManager.test.tsx
@@ -1,7 +1,7 @@
 // src/pages/admin/components/ProfileManager.test.tsx
 import React from 'react';
 import { render, screen, fireEvent, waitFor, cleanup, act } from '@testing-library/react';
-import { describe, it, expect, vi, beforeEach, afterEach, type Mock } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach, type Mock, test } from 'vitest';
 import { ProfileManager } from './ProfileManager';
 import * as apiClient from '../../../services/apiClient';
 import { notifySuccess, notifyError } from '../../../services/notificationService';
@@ -16,6 +16,11 @@ import {
 // Unmock the component to test the real implementation
 vi.unmock('./ProfileManager');

+vi.mock('../../../components/PasswordInput', () => ({
+  // Mock the moved component
+  PasswordInput: (props: any) => <input {...props} data-testid="password-input" />,
+}));
+
 const mockedApiClient = vi.mocked(apiClient, true);

 vi.mock('../../../services/notificationService');
@@ -242,6 +247,17 @@ describe('ProfileManager', () => {
      expect(screen.queryByRole('heading', { name: /^sign in$/i })).not.toBeInTheDocument();
    });

+    it('should close the modal when clicking the backdrop', async () => {
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      // The backdrop is the element with role="dialog"
+      const backdrop = screen.getByRole('dialog');
+      fireEvent.click(backdrop);
+
+      await waitFor(() => {
+        expect(mockOnClose).toHaveBeenCalled();
+      });
+    });
+
    it('should reset state when the modal is closed and reopened', async () => {
      const { rerender } = render(<ProfileManager {...defaultAuthenticatedProps} />);
      await waitFor(() => expect(screen.getByLabelText(/full name/i)).toHaveValue('Test User'));
@@ -308,6 +324,41 @@ describe('ProfileManager', () => {
      });
    });

+    it('should handle partial success when saving profile and address', async () => {
+      const loggerSpy = vi.spyOn(logger.logger, 'warn');
+      // Mock profile update to succeed
+      mockedApiClient.updateUserProfile.mockResolvedValue(
+        new Response(JSON.stringify({ ...authenticatedProfile, full_name: 'New Name' })),
+      );
+      // Mock address update to fail (useApi will return null)
+      mockedApiClient.updateUserAddress.mockRejectedValue(new Error('Address update failed'));
+
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
+
+      // Change both profile and address data
+      fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'New Name' } });
+      fireEvent.change(screen.getByLabelText(/city/i), { target: { value: 'NewCity' } });
+
+      fireEvent.click(screen.getByRole('button', { name: /save profile/i }));
+
+      await waitFor(() => {
+        // The useApi hook for the failed call will show its own error
+        expect(notifyError).toHaveBeenCalledWith('Address update failed');
+        // The profile update should still go through
+        expect(mockOnProfileUpdate).toHaveBeenCalledWith(
+          expect.objectContaining({ full_name: 'New Name' }),
+        );
+        // The specific warning for partial failure should be logged
+        expect(loggerSpy).toHaveBeenCalledWith(
+          '[handleProfileSave] One or more operations failed. The useApi hook should have shown an error. The modal will remain open.',
+        );
+        // The modal should remain open and no global success message shown
+        expect(mockOnClose).not.toHaveBeenCalled();
+        expect(notifySuccess).not.toHaveBeenCalledWith('Profile updated successfully!');
+      });
+    });
+
    it('should handle unexpected critical error during profile save', async () => {
      const loggerSpy = vi.spyOn(logger.logger, 'error');
      mockedApiClient.updateUserProfile.mockRejectedValue(new Error('Catastrophic failure'));
@@ -324,6 +375,31 @@ describe('ProfileManager', () => {
      });
    });

+    it('should handle unexpected Promise.allSettled rejection during save', async () => {
+      const allSettledSpy = vi
+        .spyOn(Promise, 'allSettled')
+        .mockRejectedValueOnce(new Error('AllSettled failed'));
+      const loggerSpy = vi.spyOn(logger.logger, 'error');
+
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
+
+      fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'New Name' } });
+      fireEvent.click(screen.getByRole('button', { name: /save profile/i }));
+
+      await waitFor(() => {
+        expect(loggerSpy).toHaveBeenCalledWith(
+          { err: new Error('AllSettled failed') },
+          "[CRITICAL] An unexpected error was caught directly in handleProfileSave's catch block.",
+        );
+        expect(notifyError).toHaveBeenCalledWith(
+          'An unexpected critical error occurred: AllSettled failed',
+        );
+      });
+
+      allSettledSpy.mockRestore();
+    });
+
    it('should show map view when address has coordinates', async () => {
      render(<ProfileManager {...defaultAuthenticatedProps} />);
      await waitFor(() => {
@@ -365,51 +441,52 @@ describe('ProfileManager', () => {
      });
    });

-    it('should automatically geocode address after user stops typing', async () => {
+    it('should automatically geocode address after user stops typing (using fake timers)', async () => {
+      // Use fake timers for the entire test to control the debounce.
+      vi.useFakeTimers();
      const addressWithoutCoords = { ...mockAddress, latitude: undefined, longitude: undefined };
      mockedApiClient.getUserAddress.mockResolvedValue(
        new Response(JSON.stringify(addressWithoutCoords)),
      );

-      console.log('[TEST LOG] Rendering for automatic geocode test (Real Timers + Wait)');
      render(<ProfileManager {...defaultAuthenticatedProps} />);

-      console.log('[TEST LOG] Waiting for initial address load...');
-      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown'));
-
-      console.log('[TEST LOG] Initial address loaded. Changing city...');
+      // Wait for initial async address load to complete by flushing promises.
+      await act(async () => {
+        await vi.runAllTimersAsync();
+      });
+      expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown');

      // Change address, geocode should not be called immediately
      fireEvent.change(screen.getByLabelText(/city/i), { target: { value: 'NewCity' } });
      expect(mockedApiClient.geocodeAddress).not.toHaveBeenCalled();

-      console.log('[TEST LOG] Waiting 1600ms for debounce...');
-      // Wait for debounce (1500ms) + buffer using real timers to avoid freeze
+      // Advance timers to fire the debounce and resolve the subsequent geocode promise.
      await act(async () => {
-        await new Promise((resolve) => setTimeout(resolve, 1600));
+        await vi.runAllTimersAsync();
      });
-      console.log('[TEST LOG] Wait complete. Checking results.');

-      await waitFor(() => {
-        expect(mockedApiClient.geocodeAddress).toHaveBeenCalledWith(
-          expect.stringContaining('NewCity'),
-          expect.anything(),
-        );
-        expect(toast.success).toHaveBeenCalledWith('Address geocoded successfully!');
-      });
+      // Now check the final result.
+      expect(mockedApiClient.geocodeAddress).toHaveBeenCalledWith(
+        expect.stringContaining('NewCity'),
+        expect.anything(),
+      );
+      expect(toast.success).toHaveBeenCalledWith('Address geocoded successfully!');
    });

-    it('should not geocode if address already has coordinates', async () => {
-      console.log('[TEST LOG] Rendering for no-geocode test (Real Timers + Wait)');
+    it('should not geocode if address already has coordinates (using fake timers)', async () => {
+      // Use real timers for the initial async render and data fetch
+      vi.useRealTimers();
      render(<ProfileManager {...defaultAuthenticatedProps} />);
      console.log('[TEST LOG] Waiting for initial address load...');
      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown'));

-      console.log(
-        '[TEST LOG] Initial address loaded. Waiting 1600ms to ensure no geocode triggers...',
-      );
-      await act(async () => {
-        await new Promise((resolve) => setTimeout(resolve, 1600));
+      // Switch to fake timers to control the debounce check
+      vi.useFakeTimers();
+
+      // Advance timers past the debounce threshold. Nothing should happen.
+      act(() => {
+        vi.advanceTimersByTime(1600);
      });
      console.log('[TEST LOG] Wait complete. Verifying no geocode call.');

@@ -434,6 +511,29 @@ describe('ProfileManager', () => {
      });
    });

+    it('should switch between all tabs correctly', async () => {
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+
+      // Initial state: Profile tab
+      expect(screen.getByLabelText('Profile Form')).toBeInTheDocument();
+
+      // Switch to Security
+      fireEvent.click(screen.getByRole('button', { name: /security/i }));
+      expect(await screen.findByLabelText('New Password')).toBeInTheDocument();
+
+      // Switch to Data & Privacy
+      fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));
+      expect(await screen.findByRole('heading', { name: /export your data/i })).toBeInTheDocument();
+
+      // Switch to Preferences
+      fireEvent.click(screen.getByRole('button', { name: /preferences/i }));
+      expect(await screen.findByRole('heading', { name: /theme/i })).toBeInTheDocument();
+
+      // Switch back to Profile
+      fireEvent.click(screen.getByRole('button', { name: /^profile$/i }));
+      expect(await screen.findByLabelText('Profile Form')).toBeInTheDocument();
+    });
+
    it('should show an error if password is too short', async () => {
      render(<ProfileManager {...defaultAuthenticatedProps} />);
      fireEvent.click(screen.getByRole('button', { name: /security/i }));
@@ -442,7 +542,7 @@ describe('ProfileManager', () => {
      fireEvent.change(screen.getByLabelText('Confirm New Password'), {
        target: { value: 'short' },
      });
-      fireEvent.submit(screen.getByTestId('update-password-form'));
+      fireEvent.submit(screen.getByTestId('update-password-form'), {});

      await waitFor(() => {
        expect(notifyError).toHaveBeenCalledWith('Password must be at least 6 characters long.');
@@ -456,7 +556,7 @@ describe('ProfileManager', () => {
      fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));
      fireEvent.click(screen.getByRole('button', { name: /delete my account/i }));

-      fireEvent.change(screen.getByPlaceholderText(/enter your password/i), {
+      fireEvent.change(screen.getByTestId('password-input'), {
        target: { value: 'password' },
      });
      fireEvent.submit(screen.getByTestId('delete-account-form'));
@@ -593,7 +693,7 @@ describe('ProfileManager', () => {
      fireEvent.change(screen.getByLabelText('Confirm New Password'), {
        target: { value: 'newpassword123' },
      });
-      fireEvent.submit(screen.getByTestId('update-password-form'));
+      fireEvent.submit(screen.getByTestId('update-password-form'), {});

      await waitFor(() => {
        expect(mockedApiClient.updateUserPassword).toHaveBeenCalledWith(
@@ -614,7 +714,7 @@ describe('ProfileManager', () => {
      fireEvent.change(screen.getByLabelText('Confirm New Password'), {
        target: { value: 'mismatch' },
      });
-      fireEvent.submit(screen.getByTestId('update-password-form'));
+      fireEvent.submit(screen.getByTestId('update-password-form'), {});

      await waitFor(() => {
        expect(notifyError).toHaveBeenCalledWith('Passwords do not match.');
@@ -641,9 +741,10 @@ describe('ProfileManager', () => {
    });

    it('should handle account deletion flow', async () => {
-      // Use spy instead of fake timers to avoid blocking waitFor during async API calls
-      const setTimeoutSpy = vi.spyOn(window, 'setTimeout');
-      const { unmount } = render(<ProfileManager {...defaultAuthenticatedProps} />);
+      // Use fake timers to control the setTimeout call for the entire test.
+      vi.useFakeTimers();
+
+      render(<ProfileManager {...defaultAuthenticatedProps} />);

      fireEvent.click(screen.getByRole('button', { name: /data & privacy/i }));

@@ -654,39 +755,28 @@ describe('ProfileManager', () => {
      ).toBeInTheDocument();

      // Fill password and submit to open modal
-      fireEvent.change(screen.getByPlaceholderText(/enter your password/i), {
+      fireEvent.change(screen.getByTestId('password-input'), {
        target: { value: 'correctpassword' },
      });
      fireEvent.submit(screen.getByTestId('delete-account-form'));

      // Confirm in the modal
-      const confirmButton = await screen.findByRole('button', { name: /yes, delete my account/i });
+      // Use getByRole since the modal appears synchronously after the form submit.
+      const confirmButton = screen.getByRole('button', { name: /yes, delete my account/i });
      fireEvent.click(confirmButton);

-      await waitFor(() => {
-        expect(mockedApiClient.deleteUserAccount).toHaveBeenCalledWith(
-          'correctpassword',
-          expect.objectContaining({ signal: expect.anything() }),
-        );
-        expect(notifySuccess).toHaveBeenCalledWith(
-          'Account deleted successfully. You will be logged out shortly.',
-        );
-      });
-
-      // Verify setTimeout was called with 3000ms
-      const deletionTimeoutCall = setTimeoutSpy.mock.calls.find((call) => call[1] === 3000);
-      expect(deletionTimeoutCall).toBeDefined();
-
-      // Manually trigger the callback to verify cleanup
-      act(() => {
-        if (deletionTimeoutCall) (deletionTimeoutCall[0] as Function)();
+      // The async deleteAccount call is now pending. We need to flush promises
+      // and then advance the timers to run the subsequent setTimeout.
+      // `runAllTimersAsync` will resolve pending promises and run timers recursively.
+      await act(async () => {
+        await vi.runAllTimersAsync();
      });

+      // Now that all timers and promises have been flushed, we can check the final state.
+      expect(mockedApiClient.deleteUserAccount).toHaveBeenCalled();
+      expect(notifySuccess).toHaveBeenCalled();
      expect(mockOnClose).toHaveBeenCalled();
      expect(mockOnSignOut).toHaveBeenCalled();
-
-      unmount();
-      setTimeoutSpy.mockRestore();
    });

    it('should allow toggling dark mode', async () => {
--- a/src/pages/admin/components/ProfileManager.tsx
+++ b/src/pages/admin/components/ProfileManager.tsx
@@ -9,8 +9,8 @@ import { LoadingSpinner } from '../../../components/LoadingSpinner';
 import { XMarkIcon } from '../../../components/icons/XMarkIcon';
 import { GoogleIcon } from '../../../components/icons/GoogleIcon';
 import { GithubIcon } from '../../../components/icons/GithubIcon';
-import { ConfirmationModal } from '../../../components/ConfirmationModal';
-import { PasswordInput } from './PasswordInput';
+import { ConfirmationModal } from '../../../components/ConfirmationModal'; // This path is correct
+import { PasswordInput } from '../../../components/PasswordInput';
 import { MapView } from '../../../components/MapView';
 import type { AuthStatus } from '../../../hooks/useAuth';
 import { AuthView } from './AuthView';
--- a/src/providers/ApiProvider.test.tsx
+++ b/src/providers/ApiProvider.test.tsx
@@ -0,0 +1,55 @@
+// src/providers/ApiProvider.test.tsx
+import React, { useContext } from 'react';
+import { render, screen } from '@testing-library/react';
+import { describe, it, expect, vi } from 'vitest';
+import { ApiProvider } from './ApiProvider';
+import { ApiContext } from '../contexts/ApiContext';
+import * as apiClient from '../services/apiClient';
+
+// Mock the apiClient module.
+// Since ApiProvider and ApiContext import * as apiClient, mocking it ensures
+// we control the reference identity and can verify it's being passed correctly.
+vi.mock('../services/apiClient', () => ({
+  fetchFlyers: vi.fn(),
+  fetchMasterItems: vi.fn(),
+  // Add other mocked methods as needed for the shape to be valid-ish
+}));
+
+describe('ApiProvider & ApiContext', () => {
+  const TestConsumer = () => {
+    const contextValue = useContext(ApiContext);
+    // We check if the context value is strictly equal to the imported module
+    return (
+      <div>
+        <span data-testid="value-check">
+          {contextValue === apiClient ? 'Matches apiClient' : 'Does not match'}
+        </span>
+      </div>
+    );
+  };
+
+  it('renders children correctly', () => {
+    render(
+      <ApiProvider>
+        <div data-testid="child">Child Content</div>
+      </ApiProvider>
+    );
+    expect(screen.getByTestId('child')).toBeInTheDocument();
+    expect(screen.getByText('Child Content')).toBeInTheDocument();
+  });
+
+  it('provides the apiClient module via context', () => {
+    render(
+      <ApiProvider>
+        <TestConsumer />
+      </ApiProvider>
+    );
+    expect(screen.getByTestId('value-check')).toHaveTextContent('Matches apiClient');
+  });
+
+  it('ApiContext has apiClient as the default value (when no provider is present)', () => {
+    // This verifies the logic in ApiContext.tsx: createContext(apiClient)
+    render(<TestConsumer />);
+    expect(screen.getByTestId('value-check')).toHaveTextContent('Matches apiClient');
+  });
+});
--- a/src/providers/AuthProvider.tsx
+++ b/src/providers/AuthProvider.tsx
@@ -4,6 +4,7 @@ import { AuthContext, AuthContextType } from '../contexts/AuthContext';
 import type { UserProfile } from '../types';
 import * as apiClient from '../services/apiClient';
 import { useApi } from '../hooks/useApi';
+import { getToken, setToken, removeToken } from '../services/tokenStorage';
 import { logger } from '../services/logger.client';

 export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
@@ -14,7 +15,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
  // FIX: Stabilize the apiFunction passed to useApi.
  // By wrapping this in useCallback, we ensure the same function instance is passed to
  // useApi on every render. This prevents the `execute` function returned by `useApi`
-  // from being recreated, which in turn breaks the infinite re-render loop in the useEffect below.
+  // from being recreated, which in turn breaks the infinite re-render loop in the useEffect.
  const getProfileCallback = useCallback(() => apiClient.getAuthenticatedUserProfile(), []);

  const { execute: checkTokenApi } = useApi<UserProfile, []>(getProfileCallback);
@@ -27,7 +28,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
    logger.info('[AuthProvider-Effect] Starting initial authentication check.');

    const checkAuthToken = async () => {
-      const token = localStorage.getItem('authToken');
+      const token = getToken();
      if (token) {
        logger.info('[AuthProvider-Effect] Found auth token. Validating...');
        try {
@@ -41,7 +42,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
            logger.warn(
              '[AuthProvider-Effect] Token was present but validation returned no profile. Signing out.',
            );
-            localStorage.removeItem('authToken');
+            removeToken();
            setUserProfile(null);
            setAuthStatus('SIGNED_OUT');
          }
@@ -49,7 +50,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
          // This catch block is now primarily for unexpected errors, as useApi handles API errors.
          logger.warn('Auth token validation failed. Clearing token.', { error: e });
          if (isMounted) {
-            localStorage.removeItem('authToken');
+            removeToken();
            setUserProfile(null);
            setAuthStatus('SIGNED_OUT');
          }
@@ -79,7 +80,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>

  const logout = useCallback(() => {
    logger.info('[AuthProvider-Logout] Clearing user data and auth token.');
-    localStorage.removeItem('authToken');
+    removeToken();
    setUserProfile(null);
    setAuthStatus('SIGNED_OUT');
  }, []);
@@ -87,7 +88,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
  const login = useCallback(
    async (token: string, profileData?: UserProfile) => {
      logger.info(`[AuthProvider-Login] Attempting login.`);
-      localStorage.setItem('authToken', token);
+      setToken(token);

      if (profileData) {
        // If profile is provided (e.g., from credential login), use it directly.
--- a/src/providers/FlyersProvider.tsx
+++ b/src/providers/FlyersProvider.tsx
@@ -4,17 +4,21 @@ import { FlyersContext, FlyersContextType } from '../contexts/FlyersContext';
 import type { Flyer } from '../types';
 import * as apiClient from '../services/apiClient';
 import { useInfiniteQuery } from '../hooks/useInfiniteQuery';
+import { useCallback } from 'react';

 export const FlyersProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
+  // Memoize the fetch function to ensure stability for the useInfiniteQuery hook.
+  const fetchFlyersFn = useCallback(apiClient.fetchFlyers, []);
+
  const {
    data: flyers,
-    isLoading: isLoadingFlyers,
+    isLoading: isLoadingFlyers,    
    error: flyersError,
    fetchNextPage: fetchNextFlyersPage,
    hasNextPage: hasNextFlyersPage,
    refetch: refetchFlyers,
    isRefetching: isRefetchingFlyers,
-  } = useInfiniteQuery<Flyer>(apiClient.fetchFlyers);
+  } = useInfiniteQuery<Flyer>(fetchFlyersFn);

  const value: FlyersContextType = {
    flyers: flyers || [],
@@ -26,5 +30,5 @@ export const FlyersProvider: React.FC<{ children: ReactNode }> = ({ children })
    refetchFlyers,
  };

-  return <FlyersContext.Provider value={value}>{children}</FlyersContext.Provider>;
+ return <FlyersContext.Provider value={value}>{children}</FlyersContext.Provider>;
 };
--- a/src/providers/MasterItemsProvider.tsx
+++ b/src/providers/MasterItemsProvider.tsx
@@ -1,14 +1,22 @@
 // src/providers/MasterItemsProvider.tsx
-import React, { ReactNode, useMemo } from 'react';
+import React, { ReactNode, useMemo, useEffect, useCallback } from 'react';
 import { MasterItemsContext } from '../contexts/MasterItemsContext';
 import type { MasterGroceryItem } from '../types';
 import * as apiClient from '../services/apiClient';
 import { useApiOnMount } from '../hooks/useApiOnMount';
+import { logger } from '../services/logger.client';

 export const MasterItemsProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
-  const { data, loading, error } = useApiOnMount<MasterGroceryItem[], []>(() =>
-    apiClient.fetchMasterItems(),
-  );
+  // LOGGING: Check if the provider is unmounting/remounting repeatedly
+  useEffect(() => {
+    logger.debug('MasterItemsProvider: MOUNTED');
+    return () => logger.debug('MasterItemsProvider: UNMOUNTED');
+  }, []);
+
+  // Memoize the fetch function to ensure stability for the useApiOnMount hook.
+  const fetchFn = useCallback(() => apiClient.fetchMasterItems(), []);
+
+  const { data, loading, error } = useApiOnMount<MasterGroceryItem[], []>(fetchFn);

  const value = useMemo(
    () => ({
--- a/src/providers/UserDataProvider.tsx
+++ b/src/providers/UserDataProvider.tsx
@@ -1,5 +1,6 @@
 // src/providers/UserDataProvider.tsx
-import React, { useState, useEffect, useMemo, ReactNode } from 'react';
+import { logger } from '../services/logger.client';
+import React, { useState, useEffect, useMemo, ReactNode, useCallback } from 'react';
 import { UserDataContext } from '../contexts/UserDataContext';
 import type { MasterGroceryItem, ShoppingList } from '../types';
 import * as apiClient from '../services/apiClient';
@@ -9,18 +10,25 @@ import { useAuth } from '../hooks/useAuth';
 export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
  const { userProfile } = useAuth();

+  // Wrap the API calls in useCallback to prevent unnecessary re-renders.
+  const fetchWatchedItemsFn = useCallback(
+    () => apiClient.fetchWatchedItems(),
+    [],
+  );
+  const fetchShoppingListsFn = useCallback(() => apiClient.fetchShoppingLists(), []);
+
  const {
    data: watchedItemsData,
    loading: isLoadingWatched,
    error: watchedItemsError,
-  } = useApiOnMount<MasterGroceryItem[], []>(() => apiClient.fetchWatchedItems(), [userProfile], {
+  } = useApiOnMount<MasterGroceryItem[], []>(fetchWatchedItemsFn, [userProfile], {
    enabled: !!userProfile,
  });
  const {
    data: shoppingListsData,
-    loading: isLoadingShoppingLists,
+    loading: isLoadingShoppingLists,    
    error: shoppingListsError,
-  } = useApiOnMount<ShoppingList[], []>(() => apiClient.fetchShoppingLists(), [userProfile], {
+  } = useApiOnMount<ShoppingList[], []>(fetchShoppingListsFn, [userProfile], {
    enabled: !!userProfile,
  });

@@ -32,7 +40,7 @@ export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }
  useEffect(() => {
    // When the user logs out (user becomes null), immediately clear all user-specific data.
    // This also serves to clear out old data when a new user logs in, before their new data arrives.
-    if (!userProfile) {
+ if (!userProfile) {
      setWatchedItems([]);
      setShoppingLists([]);
      return;
@@ -60,7 +68,7 @@ export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }
      watchedItemsError,
      shoppingListsError,
    ],
-  );
+ );

  return <UserDataContext.Provider value={value}>{children}</UserDataContext.Provider>;
 };
--- a/src/routes/admin.content.routes.test.ts
+++ b/src/routes/admin.content.routes.test.ts
@@ -1,19 +1,22 @@
 // src/routes/admin.content.routes.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterAll } from 'vitest';
 import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
+import path from 'path';
 import {
  createMockUserProfile,
  createMockSuggestedCorrection,
  createMockBrand,
  createMockRecipe,
+  createMockFlyer,
  createMockRecipeComment,
  createMockUnmatchedFlyerItem,
 } from '../tests/utils/mockFactories';
 import type { SuggestedCorrection, Brand, UserProfile, UnmatchedFlyerItem } from '../types';
 import { NotFoundError } from '../services/db/errors.db'; // This can stay, it's a type/class not a module with side effects.
+import fs from 'node:fs/promises';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';
+import { cleanupFiles } from '../tests/utils/cleanupFiles';

 // Mock the file upload middleware to allow testing the controller's internal check
 vi.mock('../middleware/fileUpload.middleware', () => ({
@@ -38,9 +41,11 @@ const { mockedDb } = vi.hoisted(() => {
        rejectCorrection: vi.fn(),
        updateSuggestedCorrection: vi.fn(),
        getUnmatchedFlyerItems: vi.fn(),
+        getFlyersForReview: vi.fn(), // Added for flyer review tests
        updateRecipeStatus: vi.fn(),
        updateRecipeCommentStatus: vi.fn(),
        updateBrandLogo: vi.fn(),
+        getApplicationStats: vi.fn(),
      },
      flyerRepo: {
        getAllBrands: vi.fn(),
@@ -73,10 +78,12 @@ vi.mock('node:fs/promises', () => ({
  // Named exports
  writeFile: vi.fn().mockResolvedValue(undefined),
  unlink: vi.fn().mockResolvedValue(undefined),
+  mkdir: vi.fn().mockResolvedValue(undefined),
  // FIX: Add default export to handle `import fs from ...` syntax.
  default: {
    writeFile: vi.fn().mockResolvedValue(undefined),
    unlink: vi.fn().mockResolvedValue(undefined),
+    mkdir: vi.fn().mockResolvedValue(undefined),
  },
 }));
 vi.mock('../services/backgroundJobService');
@@ -96,8 +103,9 @@ vi.mock('@bull-board/express', () => ({
 }));

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport middleware
@@ -134,6 +142,26 @@ describe('Admin Content Management Routes (/api/admin)', () => {
    vi.clearAllMocks();
  });

+  afterAll(async () => {
+    // Safeguard to clean up any logo files created during tests.
+    const uploadDir = path.resolve(__dirname, '../../../flyer-images');
+    try {
+      const allFiles = await fs.readdir(uploadDir);
+      // Files are named like 'logoImage-timestamp-original.ext'
+      const testFiles = allFiles
+        .filter((f) => f.startsWith('logoImage-'))
+        .map((f) => path.join(uploadDir, f));
+
+      if (testFiles.length > 0) {
+        await cleanupFiles(testFiles);
+      }
+    } catch (error) {
+      if (error instanceof Error && (error as NodeJS.ErrnoException).code !== 'ENOENT') {
+        console.error('Error during admin content test file cleanup:', error);
+      }
+    }
+  });
+
  describe('Corrections Routes', () => {
    it('GET /corrections should return corrections data', async () => {
      const mockCorrections: SuggestedCorrection[] = [
@@ -224,6 +252,39 @@ describe('Admin Content Management Routes (/api/admin)', () => {
    });
  });

+  describe('Flyer Review Routes', () => {
+    it('GET /review/flyers should return flyers for review', async () => {
+      const mockFlyers = [
+        createMockFlyer({ flyer_id: 1, status: 'needs_review' }),
+        createMockFlyer({ flyer_id: 2, status: 'needs_review' }),
+      ];
+      vi.mocked(mockedDb.adminRepo.getFlyersForReview).mockResolvedValue(mockFlyers);
+      const response = await supertest(app).get('/api/admin/review/flyers');
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual(mockFlyers);
+      expect(vi.mocked(mockedDb.adminRepo.getFlyersForReview)).toHaveBeenCalledWith(
+        expect.anything(),
+      );
+    });
+
+    it('GET /review/flyers should return 500 on DB error', async () => {
+      vi.mocked(mockedDb.adminRepo.getFlyersForReview).mockRejectedValue(new Error('DB Error'));
+      const response = await supertest(app).get('/api/admin/review/flyers');
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('DB Error');
+    });
+  });
+
+  describe('Stats Routes', () => {
+    // This test covers the error path for GET /stats
+    it('GET /stats should return 500 on DB error', async () => {
+      vi.mocked(mockedDb.adminRepo.getApplicationStats).mockRejectedValue(new Error('DB Error'));
+      const response = await supertest(app).get('/api/admin/stats');
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('DB Error');
+    });
+  });
+
  describe('Brand Routes', () => {
    it('GET /brands should return a list of all brands', async () => {
      const mockBrands: Brand[] = [createMockBrand({ brand_id: 1, name: 'Brand A' })];
@@ -243,7 +304,7 @@ describe('Admin Content Management Routes (/api/admin)', () => {
      expect(response.body.message).toBe('Brand logo updated successfully.');
      expect(vi.mocked(mockedDb.adminRepo.updateBrandLogo)).toHaveBeenCalledWith(
        brandId,
-        expect.stringContaining('/assets/'),
+        expect.stringContaining('/flyer-images/'),
        expect.anything(),
      );
    });
@@ -265,6 +326,32 @@ describe('Admin Content Management Routes (/api/admin)', () => {
      );
    });

+    it('should clean up the uploaded file if updating the brand logo fails', async () => {
+      const brandId = 55;
+      const dbError = new Error('DB Connection Failed');
+      vi.mocked(mockedDb.adminRepo.updateBrandLogo).mockRejectedValue(dbError);
+
+      const response = await supertest(app)
+        .post(`/api/admin/brands/${brandId}/logo`)
+        .attach('logoImage', Buffer.from('dummy-logo-content'), 'test-logo.png');
+
+      expect(response.status).toBe(500);
+      // Verify that the cleanup function was called via the mocked fs module
+      expect(fs.unlink).toHaveBeenCalledTimes(1);
+      // The filename is predictable because of the multer config in admin.routes.ts
+      expect(fs.unlink).toHaveBeenCalledWith(expect.stringContaining('logoImage-'));
+    });
+
+    it('POST /brands/:id/logo should return 400 if a non-image file is uploaded', async () => {
+      const brandId = 55;
+      const response = await supertest(app)
+        .post(`/api/admin/brands/${brandId}/logo`)
+        .attach('logoImage', Buffer.from('this is not an image'), 'document.txt');
+      expect(response.status).toBe(400);
+      // This message comes from the handleMulterError middleware for the imageFileFilter
+      expect(response.body.message).toBe('Only image files are allowed!');
+    });
+
    it('POST /brands/:id/logo should return 400 for an invalid brand ID', async () => {
      const response = await supertest(app)
        .post('/api/admin/brands/abc/logo')
--- a/src/routes/admin.jobs.routes.test.ts
+++ b/src/routes/admin.jobs.routes.test.ts
@@ -6,12 +6,13 @@ import { createMockUserProfile } from '../tests/utils/mockFactories';
 import type { Job } from 'bullmq';
 import type { UserProfile } from '../types';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the background job service to control its methods.
 vi.mock('../services/backgroundJobService', () => ({
  backgroundJobService: {
    runDailyDealCheck: vi.fn(),
+    triggerAnalyticsReport: vi.fn(),
+    triggerWeeklyAnalyticsReport: vi.fn(),
  },
 }));

@@ -66,8 +67,9 @@ import {
 } from '../services/queueService.server';

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport middleware
@@ -142,22 +144,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/analytics-report', () => {
    it('should trigger the analytics report job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-report-job-123' } as Job;
-      vi.mocked(analyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockResolvedValue('manual-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/analytics-report');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Analytics report generation job has been enqueued');
-      expect(analyticsQueue.add).toHaveBeenCalledWith(
-        'generate-daily-report',
-        expect.objectContaining({ reportDate: expect.any(String) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the analytics job fails', async () => {
-      vi.mocked(analyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/analytics-report');
      expect(response.status).toBe(500);
    });
@@ -165,22 +162,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/weekly-analytics', () => {
    it('should trigger the weekly analytics job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-weekly-report-job-123' } as Job;
-      vi.mocked(weeklyAnalyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockResolvedValue('manual-weekly-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Successfully enqueued weekly analytics job');
-      expect(weeklyAnalyticsQueue.add).toHaveBeenCalledWith(
-        'generate-weekly-report',
-        expect.objectContaining({ reportYear: expect.any(Number), reportWeek: expect.any(Number) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerWeeklyAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the weekly analytics job fails', async () => {
-      vi.mocked(weeklyAnalyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');
      expect(response.status).toBe(500);
    });
@@ -242,15 +234,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
      expect(response.status).toBe(400);
    });

-    it('should return 404 if the queue name is valid but not in the retry map', async () => {
-      const queueName = 'weekly-analytics-reporting'; // This is in the Zod enum but not the queueMap
+    it('should return 404 if the job ID is not found in the weekly-analytics-reporting queue', async () => {
+      const queueName = 'weekly-analytics-reporting';
      const jobId = 'some-job-id';

+      // Ensure getJob returns undefined (not found)
+      vi.mocked(weeklyAnalyticsQueue.getJob).mockResolvedValue(undefined);
+
      const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);

-      // The route throws a NotFoundError, which the error handler should convert to a 404.
      expect(response.status).toBe(404);
-      expect(response.body.message).toBe(`Queue 'weekly-analytics-reporting' not found.`);
+      expect(response.body.message).toBe(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
    });

    it('should return 404 if the job ID is not found in the queue', async () => {
--- a/src/routes/admin.monitoring.routes.test.ts
+++ b/src/routes/admin.monitoring.routes.test.ts
@@ -5,7 +5,16 @@ import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile, createMockActivityLogItem } from '../tests/utils/mockFactories';
 import type { UserProfile } from '../types';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';
+
+const { mockLogger } = vi.hoisted(() => ({
+  mockLogger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+    child: vi.fn().mockReturnThis(),
+  },
+}));

 vi.mock('../lib/queue', () => ({
  serverAdapter: {
@@ -27,19 +36,22 @@ vi.mock('../services/db/index.db', () => ({
  notificationRepo: {},
 }));

-// Mock the queue service to control worker statuses
+// Mock the queue service for queue status checks
 vi.mock('../services/queueService.server', () => ({
+  flyerQueue: { name: 'flyer-processing', getJobCounts: vi.fn() },
+  emailQueue: { name: 'email-sending', getJobCounts: vi.fn() },
+  analyticsQueue: { name: 'analytics-reporting', getJobCounts: vi.fn() },
+  cleanupQueue: { name: 'file-cleanup', getJobCounts: vi.fn() },
+  weeklyAnalyticsQueue: { name: 'weekly-analytics-reporting', getJobCounts: vi.fn() },
+}));
+
+// Mock the worker service for worker status checks
+vi.mock('../services/workers.server', () => ({
  flyerWorker: { name: 'flyer-processing', isRunning: vi.fn() },
  emailWorker: { name: 'email-sending', isRunning: vi.fn() },
  analyticsWorker: { name: 'analytics-reporting', isRunning: vi.fn() },
  cleanupWorker: { name: 'file-cleanup', isRunning: vi.fn() },
  weeklyAnalyticsWorker: { name: 'weekly-analytics-reporting', isRunning: vi.fn() },
-  flyerQueue: { name: 'flyer-processing', getJobCounts: vi.fn() },
-  emailQueue: { name: 'email-sending', getJobCounts: vi.fn() },
-  analyticsQueue: { name: 'analytics-reporting', getJobCounts: vi.fn() },
-  cleanupQueue: { name: 'file-cleanup', getJobCounts: vi.fn() },
-  // FIX: Add the missing weeklyAnalyticsQueue to prevent import errors in admin.routes.ts
-  weeklyAnalyticsQueue: { name: 'weekly-analytics-reporting', getJobCounts: vi.fn() },
 }));

 // Mock other dependencies that are part of the adminRouter setup but not directly tested here
@@ -67,8 +79,10 @@ import adminRouter from './admin.routes';

 // Import the mocked modules to control them
 import * as queueService from '../services/queueService.server';
+import * as workerService from '../services/workers.server';
 import { adminRepo } from '../services/db/index.db';
 const mockedQueueService = queueService as Mocked<typeof queueService>;
+const mockedWorkerService = workerService as Mocked<typeof workerService>;

 // Mock the logger
 vi.mock('../services/logger.server', () => ({
@@ -137,11 +151,11 @@ describe('Admin Monitoring Routes (/api/admin)', () => {
  describe('GET /workers/status', () => {
    it('should return the status of all registered workers', async () => {
      // Arrange: Set the mock status for each worker
-      vi.mocked(mockedQueueService.flyerWorker.isRunning).mockReturnValue(true);
-      vi.mocked(mockedQueueService.emailWorker.isRunning).mockReturnValue(true);
-      vi.mocked(mockedQueueService.analyticsWorker.isRunning).mockReturnValue(false); // Simulate one worker being stopped
-      vi.mocked(mockedQueueService.cleanupWorker.isRunning).mockReturnValue(true);
-      vi.mocked(mockedQueueService.weeklyAnalyticsWorker.isRunning).mockReturnValue(true);
+      vi.mocked(mockedWorkerService.flyerWorker.isRunning).mockReturnValue(true);
+      vi.mocked(mockedWorkerService.emailWorker.isRunning).mockReturnValue(true);
+      vi.mocked(mockedWorkerService.analyticsWorker.isRunning).mockReturnValue(false); // Simulate one worker being stopped
+      vi.mocked(mockedWorkerService.cleanupWorker.isRunning).mockReturnValue(true);
+      vi.mocked(mockedWorkerService.weeklyAnalyticsWorker.isRunning).mockReturnValue(true);

      // Act
      const response = await supertest(app).get('/api/admin/workers/status');
--- a/src/routes/admin.routes.ts
+++ b/src/routes/admin.routes.ts
@@ -9,6 +9,10 @@ import * as db from '../services/db/index.db';
 import type { UserProfile } from '../types';
 import { geocodingService } from '../services/geocodingService.server';
 import { requireFileUpload } from '../middleware/fileUpload.middleware'; // This was a duplicate, fixed.
+import {
+  createUploadMiddleware,
+  handleMulterError,
+} from '../middleware/multer.middleware';
 import { NotFoundError, ValidationError } from '../services/db/errors.db';
 import { validateRequest } from '../middleware/validation.middleware';

@@ -16,33 +20,25 @@ import { validateRequest } from '../middleware/validation.middleware';
 import { createBullBoard } from '@bull-board/api';
 import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
 import { ExpressAdapter } from '@bull-board/express';
-
-import type { Queue } from 'bullmq';
 import { backgroundJobService } from '../services/backgroundJobService';
-import {
-  flyerQueue,
-  emailQueue,
-  analyticsQueue,
-  cleanupQueue,
-  weeklyAnalyticsQueue,
-  flyerWorker,
-  emailWorker,
-  analyticsWorker,
-  cleanupWorker,
-  weeklyAnalyticsWorker,
-} from '../services/queueService.server'; // Import your queues
+import { flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue } from '../services/queueService.server';
 import { getSimpleWeekAndYear } from '../utils/dateUtils';
 import {
  requiredString,
  numericIdParam,
  uuidParamSchema,
  optionalNumeric,
+  optionalString,
 } from '../utils/zodUtils';
-import { logger } from '../services/logger.server';
+import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
+import { monitoringService } from '../services/monitoringService.server';
+import { userService } from '../services/userService';
+import { cleanupUploadedFile } from '../utils/fileUtils';
+import { brandService } from '../services/brandService';

 const updateCorrectionSchema = numericIdParam('id').extend({
  body: z.object({
-    suggested_value: requiredString('A new suggested_value is required.'),
+    suggested_value: z.string().trim().min(1, 'A new suggested_value is required.'),
  }),
 });

@@ -80,25 +76,19 @@ const jobRetrySchema = z.object({
      'file-cleanup',
      'weekly-analytics-reporting',
    ]),
-    jobId: requiredString('A valid Job ID is required.'),
+    jobId: z.string().trim().min(1, 'A valid Job ID is required.'),
  }),
 });

+const emptySchema = z.object({});
+
 const router = Router();

-// --- Multer Configuration for File Uploads ---
-const storagePath =
-  process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
-const storage = multer.diskStorage({
-  destination: function (req, file, cb) {
-    cb(null, storagePath);
-  },
-  filename: function (req, file, cb) {
-    const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
-    cb(null, file.fieldname + '-' + uniqueSuffix + '-' + file.originalname);
-  },
+const brandLogoUpload = createUploadMiddleware({
+  storageType: 'flyer', // Using flyer storage path is acceptable for brand logos.
+  fileSize: 2 * 1024 * 1024, // 2MB limit for logos
+  fileFilter: 'image',
 });
-const upload = multer({ storage: storage });

 // --- Bull Board (Job Queue UI) Setup ---
 const serverAdapter = new ExpressAdapter();
@@ -130,7 +120,7 @@ router.use(passport.authenticate('jwt', { session: false }), isAdmin);

 // --- Admin Routes ---

-router.get('/corrections', async (req, res, next: NextFunction) => {
+router.get('/corrections', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const corrections = await db.adminRepo.getSuggestedCorrections(req.log);
    res.json(corrections);
@@ -140,7 +130,19 @@ router.get('/corrections', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/brands', async (req, res, next: NextFunction) => {
+router.get('/review/flyers', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
+  try {
+    req.log.debug('Fetching flyers for review via adminRepo');
+    const flyers = await db.adminRepo.getFlyersForReview(req.log);
+    req.log.info({ count: Array.isArray(flyers) ? flyers.length : 'unknown' }, 'Successfully fetched flyers for review');
+    res.json(flyers);
+  } catch (error) {
+    logger.error({ error }, 'Error fetching flyers for review');
+    next(error);
+  }
+});
+
+router.get('/brands', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const brands = await db.flyerRepo.getAllBrands(req.log);
    res.json(brands);
@@ -150,7 +152,7 @@ router.get('/brands', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats', async (req, res, next: NextFunction) => {
+router.get('/stats', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const stats = await db.adminRepo.getApplicationStats(req.log);
    res.json(stats);
@@ -160,7 +162,7 @@ router.get('/stats', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats/daily', async (req, res, next: NextFunction) => {
+router.get('/stats/daily', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const dailyStats = await db.adminRepo.getDailyStatsForLast30Days(req.log);
    res.json(dailyStats);
@@ -241,10 +243,9 @@ router.put(
 router.post(
  '/brands/:id/logo',
  validateRequest(numericIdParam('id')),
-  upload.single('logoImage'),
+  brandLogoUpload.single('logoImage'),
  requireFileUpload('logoImage'),
  async (req: Request, res: Response, next: NextFunction) => {
-    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
    try {
      // Although requireFileUpload middleware should ensure the file exists,
@@ -252,19 +253,22 @@ router.post(
      if (!req.file) {
        throw new ValidationError([], 'Logo image file is missing.');
      }
-      const logoUrl = `/assets/${req.file.filename}`;
-      await db.adminRepo.updateBrandLogo(params.id, logoUrl, req.log);
+
+      const logoUrl = await brandService.updateBrandLogo(params.id, req.file, req.log);

      logger.info({ brandId: params.id, logoUrl }, `Brand logo updated for brand ID: ${params.id}`);
      res.status(200).json({ message: 'Brand logo updated successfully.', logoUrl });
    } catch (error) {
+      // If an error occurs after the file has been uploaded (e.g., DB error),
+      // we must clean up the orphaned file from the disk.
+      await cleanupUploadedFile(req.file);
      logger.error({ error }, 'Error updating brand logo');
      next(error);
    }
  },
 );

-router.get('/unmatched-items', async (req, res, next: NextFunction) => {
+router.get('/unmatched-items', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const items = await db.adminRepo.getUnmatchedFlyerItems(req.log);
    res.json(items);
@@ -334,7 +338,7 @@ router.put(
  },
 );

-router.get('/users', async (req, res, next: NextFunction) => {
+router.get('/users', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const users = await db.adminRepo.getAllUsers(req.log);
    res.json(users);
@@ -349,14 +353,11 @@ router.get(
  validateRequest(activityLogSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    // Apply ADR-003 pattern for type safety.
-    // We explicitly coerce query params here because the validation middleware might not
-    // replace req.query with the coerced values in all environments.
-    const query = req.query as unknown as { limit?: string; offset?: string };
-    const limit = query.limit ? Number(query.limit) : 50;
-    const offset = query.offset ? Number(query.offset) : 0;
+    // We parse the query here to apply Zod's coercions (string to number) and defaults.
+    const { limit, offset } = activityLogSchema.shape.query.parse(req.query);

    try {
-      const logs = await db.adminRepo.getActivityLog(limit, offset, req.log);
+      const logs = await db.adminRepo.getActivityLog(limit!, offset!, req.log);
      res.json(logs);
    } catch (error) {
      logger.error({ error }, 'Error fetching activity log');
@@ -405,10 +406,7 @@ router.delete(
    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof uuidParamSchema>>;
    try {
-      if (userProfile.user.user_id === params.id) {
-        throw new ValidationError([], 'Admins cannot delete their own account.');
-      }
-      await db.userRepo.deleteUserById(params.id, req.log);
+      await userService.deleteUserAsAdmin(userProfile.user.user_id, params.id, req.log);
      res.status(204).send();
    } catch (error) {
      logger.error({ error }, 'Error deleting user');
@@ -423,6 +421,7 @@ router.delete(
 */
 router.post(
  '/trigger/daily-deal-check',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -450,6 +449,7 @@ router.post(
 */
 router.post(
  '/trigger/analytics-report',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -457,14 +457,9 @@ router.post(
    );

    try {
-      const reportDate = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
-      // Use a unique job ID for manual triggers to distinguish them from scheduled jobs.
-      const jobId = `manual-report-${reportDate}-${Date.now()}`;
-
-      const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
-
+      const jobId = await backgroundJobService.triggerAnalyticsReport();
      res.status(202).json({
-        message: `Analytics report generation job has been enqueued successfully. Job ID: ${job.id}`,
+        message: `Analytics report generation job has been enqueued successfully. Job ID: ${jobId}`,
      });
    } catch (error) {
      logger.error({ error }, '[Admin] Failed to enqueue analytics report job.');
@@ -505,7 +500,10 @@ router.post(
 * POST /api/admin/trigger/failing-job - Enqueue a test job designed to fail.
 * This is for testing the retry mechanism and Bull Board UI.
 */
-router.post('/trigger/failing-job', async (req: Request, res: Response, next: NextFunction) => {
+router.post(
+  '/trigger/failing-job',
+  validateRequest(emptySchema),
+  async (req: Request, res: Response, next: NextFunction) => {
  const userProfile = req.user as UserProfile;
  logger.info(
    `[Admin] Manual trigger for a failing job received from user: ${userProfile.user.user_id}`,
@@ -521,7 +519,8 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
    logger.error({ error }, 'Error enqueuing failing job');
    next(error);
  }
-});
+}
+);

 /**
 * POST /api/admin/system/clear-geocode-cache - Clears the Redis cache for geocoded addresses.
@@ -529,6 +528,7 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
 */
 router.post(
  '/system/clear-geocode-cache',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -551,44 +551,23 @@ router.post(
 * GET /api/admin/workers/status - Get the current running status of all BullMQ workers.
 * This is useful for a system health dashboard to see if any workers have crashed.
 */
-router.get('/workers/status', async (req: Request, res: Response) => {
-  const workers = [flyerWorker, emailWorker, analyticsWorker, cleanupWorker, weeklyAnalyticsWorker];
-
-  const workerStatuses = await Promise.all(
-    workers.map(async (worker) => {
-      return {
-        name: worker.name,
-        isRunning: worker.isRunning(),
-      };
-    }),
-  );
-
-  res.json(workerStatuses);
+router.get('/workers/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const workerStatuses = await monitoringService.getWorkerStatuses();
+    res.json(workerStatuses);
+  } catch (error) {
+    logger.error({ error }, 'Error fetching worker statuses');
+    next(error);
+  }
 });

 /**
 * GET /api/admin/queues/status - Get job counts for all BullMQ queues.
 * This is useful for monitoring the health and backlog of background jobs.
 */
-router.get('/queues/status', async (req: Request, res: Response, next: NextFunction) => {
+router.get('/queues/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
  try {
-    const queues = [flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue];
-
-    const queueStatuses = await Promise.all(
-      queues.map(async (queue) => {
-        return {
-          name: queue.name,
-          counts: await queue.getJobCounts(
-            'waiting',
-            'active',
-            'completed',
-            'failed',
-            'delayed',
-            'paused',
-          ),
-        };
-      }),
-    );
+    const queueStatuses = await monitoringService.getQueueStatuses();
    res.json(queueStatuses);
  } catch (error) {
    logger.error({ error }, 'Error fetching queue statuses');
@@ -608,35 +587,11 @@ router.post(
      params: { queueName, jobId },
    } = req as unknown as z.infer<typeof jobRetrySchema>;

-    const queueMap: { [key: string]: Queue } = {
-      'flyer-processing': flyerQueue,
-      'email-sending': emailQueue,
-      'analytics-reporting': analyticsQueue,
-      'file-cleanup': cleanupQueue,
-    };
-
-    const queue = queueMap[queueName];
-
-    if (!queue) {
-      // Throw a NotFoundError to be handled by the central error handler.
-      throw new NotFoundError(`Queue '${queueName}' not found.`);
-    }
-
    try {
-      const job = await queue.getJob(jobId);
-      if (!job)
-        throw new NotFoundError(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
-
-      const jobState = await job.getState();
-      if (jobState !== 'failed')
-        throw new ValidationError(
-          [],
-          `Job is not in a 'failed' state. Current state: ${jobState}.`,
-        ); // This was a duplicate, fixed.
-
-      await job.retry();
-      logger.info(
-        `[Admin] User ${userProfile.user.user_id} manually retried job ${jobId} in queue ${queueName}.`,
+      await monitoringService.retryFailedJob(
+        queueName,
+        jobId,
+        userProfile.user.user_id,
      );
      res.status(200).json({ message: `Job ${jobId} has been successfully marked for retry.` });
    } catch (error) {
@@ -651,6 +606,7 @@ router.post(
 */
 router.post(
  '/trigger/weekly-analytics',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile; // This was a duplicate, fixed.
    logger.info(
@@ -658,19 +614,10 @@ router.post(
    );

    try {
-      const { year: reportYear, week: reportWeek } = getSimpleWeekAndYear();
-      const { weeklyAnalyticsQueue } = await import('../services/queueService.server');
-      const job = await weeklyAnalyticsQueue.add(
-        'generate-weekly-report',
-        { reportYear, reportWeek },
-        {
-          jobId: `manual-weekly-report-${reportYear}-${reportWeek}-${Date.now()}`, // Add timestamp to avoid ID conflict
-        },
-      );
-
+      const jobId = await backgroundJobService.triggerWeeklyAnalyticsReport();
      res
        .status(202)
-        .json({ message: 'Successfully enqueued weekly analytics job.', jobId: job.id });
+        .json({ message: 'Successfully enqueued weekly analytics job.', jobId });
    } catch (error) {
      logger.error({ error }, 'Error enqueuing weekly analytics job');
      next(error);
@@ -678,4 +625,8 @@ router.post(
  },
 );

+/* Catches errors from multer (e.g., file size, file filter) */
+router.use(handleMulterError);
+
+
 export default router;
--- a/src/routes/admin.stats.routes.test.ts
+++ b/src/routes/admin.stats.routes.test.ts
@@ -5,7 +5,6 @@ import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile } from '../tests/utils/mockFactories';
 import type { UserProfile } from '../types';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';

 vi.mock('../services/db/index.db', () => ({
  adminRepo: {
@@ -45,8 +44,9 @@ import adminRouter from './admin.routes';
 import { adminRepo } from '../services/db/index.db';

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport middleware
--- a/src/routes/admin.system.routes.test.ts
+++ b/src/routes/admin.system.routes.test.ts
@@ -4,7 +4,6 @@ import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile } from '../tests/utils/mockFactories';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';

 // Mock dependencies
 vi.mock('../services/geocodingService.server', () => ({
@@ -50,8 +49,9 @@ import adminRouter from './admin.routes';
 import { geocodingService } from '../services/geocodingService.server';

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport middleware
--- a/src/routes/admin.users.routes.test.ts
+++ b/src/routes/admin.users.routes.test.ts
@@ -4,9 +4,8 @@ import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile, createMockAdminUserView } from '../tests/utils/mockFactories';
 import type { UserProfile, Profile } from '../types';
-import { NotFoundError } from '../services/db/errors.db';
+import { NotFoundError, ValidationError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';
-import { mockLogger } from '../tests/utils/mockLogger';

 vi.mock('../services/db/index.db', () => ({
  adminRepo: {
@@ -23,6 +22,12 @@ vi.mock('../services/db/index.db', () => ({
  notificationRepo: {},
 }));

+vi.mock('../services/userService', () => ({
+  userService: {
+    deleteUserAsAdmin: vi.fn(),
+  },
+}));
+
 // Mock other dependencies that are not directly tested but are part of the adminRouter setup
 vi.mock('../services/db/flyer.db');
 vi.mock('../services/db/recipe.db');
@@ -44,8 +49,9 @@ vi.mock('@bull-board/express', () => ({
 }));

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Import the router AFTER all mocks are defined.
@@ -53,6 +59,7 @@ import adminRouter from './admin.routes';

 // Import the mocked repos to control them in tests
 import { adminRepo, userRepo } from '../services/db/index.db';
+import { userService } from '../services/userService';

 // Mock the passport middleware
 vi.mock('./passport.routes', () => ({
@@ -191,22 +198,27 @@ describe('Admin User Management Routes (/api/admin/users)', () => {
    it('should successfully delete a user', async () => {
      const targetId = '123e4567-e89b-12d3-a456-426614174999';
      vi.mocked(userRepo.deleteUserById).mockResolvedValue(undefined);
+      vi.mocked(userService.deleteUserAsAdmin).mockResolvedValue(undefined);
      const response = await supertest(app).delete(`/api/admin/users/${targetId}`);
      expect(response.status).toBe(204);
-      expect(userRepo.deleteUserById).toHaveBeenCalledWith(targetId, expect.any(Object));
+      expect(userService.deleteUserAsAdmin).toHaveBeenCalledWith(adminId, targetId, expect.any(Object));
    });

    it('should prevent an admin from deleting their own account', async () => {
+      const validationError = new ValidationError([], 'Admins cannot delete their own account.');
+      vi.mocked(userService.deleteUserAsAdmin).mockRejectedValue(validationError);
      const response = await supertest(app).delete(`/api/admin/users/${adminId}`);
      expect(response.status).toBe(400);
      expect(response.body.message).toMatch(/Admins cannot delete their own account/);
      expect(userRepo.deleteUserById).not.toHaveBeenCalled();
+      expect(userService.deleteUserAsAdmin).toHaveBeenCalledWith(adminId, adminId, expect.any(Object));
    });

    it('should return 500 on a generic database error', async () => {
      const targetId = '123e4567-e89b-12d3-a456-426614174999';
      const dbError = new Error('DB Error');
      vi.mocked(userRepo.deleteUserById).mockRejectedValue(dbError);
+      vi.mocked(userService.deleteUserAsAdmin).mockRejectedValue(dbError);
      const response = await supertest(app).delete(`/api/admin/users/${targetId}`);
      expect(response.status).toBe(500);
    });
--- a/src/routes/ai.routes.test.ts
+++ b/src/routes/ai.routes.test.ts
@@ -13,14 +13,21 @@ import {
 import * as aiService from '../services/aiService.server';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
+import { ValidationError } from '../services/db/errors.db';

 // Mock the AI service methods to avoid making real AI calls
-vi.mock('../services/aiService.server', () => ({
-  aiService: {
-    extractTextFromImageArea: vi.fn(),
-    planTripWithMaps: vi.fn(), // Added this missing mock
-  },
-}));
+vi.mock('../services/aiService.server', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('../services/aiService.server')>();
+  return {
+    ...actual,
+    aiService: {
+      extractTextFromImageArea: vi.fn(),
+      planTripWithMaps: vi.fn(),
+      enqueueFlyerProcessing: vi.fn(),
+      processLegacyFlyerUpload: vi.fn(),
+    },
+  };
+});

 const { mockedDb } = vi.hoisted(() => ({
  mockedDb: {
@@ -30,6 +37,9 @@ const { mockedDb } = vi.hoisted(() => ({
    adminRepo: {
      logActivity: vi.fn(),
    },
+    personalizationRepo: {
+      getAllMasterItems: vi.fn(),
+    },
    // This function is a standalone export, not part of a repo
    createFlyerAndItems: vi.fn(),
  },
@@ -40,6 +50,7 @@ vi.mock('../services/db/flyer.db', () => ({ createFlyerAndItems: mockedDb.create
 vi.mock('../services/db/index.db', () => ({
  flyerRepo: mockedDb.flyerRepo,
  adminRepo: mockedDb.adminRepo,
+  personalizationRepo: mockedDb.personalizationRepo,
 }));

 // Mock the queue service
@@ -55,8 +66,9 @@ import aiRouter from './ai.routes';
 import { flyerQueue } from '../services/queueService.server';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport module to control authentication for different tests.
@@ -82,36 +94,6 @@ describe('AI Routes (/api/ai)', () => {
  });
  const app = createTestApp({ router: aiRouter, basePath: '/api/ai' });

-  describe('Module-level error handling', () => {
-    it('should log an error if storage path creation fails', async () => {
-      // Arrange
-      const mkdirError = new Error('EACCES: permission denied');
-      vi.resetModules(); // Reset modules to re-run top-level code
-      vi.doMock('node:fs', () => {
-        const mockFs = {
-          ...fs,
-          mkdirSync: vi.fn().mockImplementation(() => {
-            throw mkdirError;
-          }),
-        };
-        return { ...mockFs, default: mockFs };
-      });
-      const { logger } = await import('../services/logger.server');
-
-      // Act: Dynamically import the router to trigger the mkdirSync call
-      await import('./ai.routes');
-
-      // Assert
-      const storagePath =
-        process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
-      expect(logger.error).toHaveBeenCalledWith(
-        { error: 'EACCES: permission denied' },
-        `Failed to create storage path (${storagePath}). File uploads may fail.`,
-      );
-      vi.doUnmock('node:fs'); // Cleanup
-    });
-  });
-
  // New test to cover the router.use diagnostic middleware's catch block and errMsg branches
  describe('Diagnostic Middleware Error Handling', () => {
    it('should log an error if logger.debug throws an object with a message property', async () => {
@@ -165,26 +147,27 @@ describe('AI Routes (/api/ai)', () => {

  describe('POST /upload-and-process', () => {
    const imagePath = path.resolve(__dirname, '../tests/assets/test-flyer-image.jpg');
+    // A valid SHA-256 checksum is 64 hex characters.
+    const validChecksum = 'a'.repeat(64);

    it('should enqueue a job and return 202 on success', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-123' } as unknown as Job);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-123' } as unknown as Job);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(202);
      expect(response.body.message).toBe('Flyer accepted for processing.');
      expect(response.body.jobId).toBe('job-123');
-      expect(flyerQueue.add).toHaveBeenCalledWith('process-flyer', expect.any(Object));
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
    });

    it('should return 400 if no file is provided', async () => {
      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'some-checksum');
+        .field('checksum', validChecksum);

      expect(response.status).toBe(400);
      expect(response.body.message).toBe('A flyer file (PDF or image) is required.');
@@ -201,13 +184,12 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 409 if flyer checksum already exists', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(
-        createMockFlyer({ flyer_id: 99 }),
-      );
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValue(duplicateError);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'duplicate-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(409);
@@ -215,12 +197,11 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 500 if enqueuing the job fails', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockRejectedValueOnce(new Error('Redis connection failed'));
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValueOnce(new Error('Redis connection failed'));

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(500);
@@ -238,19 +219,20 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUser,
      });
-
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-456' } as unknown as Job);
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-456' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'auth-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(flyerQueue.add).toHaveBeenCalled();
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userId).toBe('auth-user-1');
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      // Check the userProfile argument (3rd argument)
+      expect(callArgs[2]?.user.user_id).toBe('auth-user-1');
    });

    it('should pass user profile address to the job when authenticated user has an address', async () => {
@@ -272,17 +254,35 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUserWithAddress,
      });
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-789' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'addr-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userProfileAddress).toBe(
-        '123 Pacific St, Anytown, BC, V8T 1A1, CA',
-      );
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      // The service handles address extraction from profile, so we just verify the profile was passed
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      expect(callArgs[2]?.address?.address_line_1).toBe('123 Pacific St');
+    });
+
+    it('should clean up the uploaded file if validation fails (e.g., missing checksum)', async () => {
+      // Spy on the unlink function to ensure it's called on error
+      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);
+
+      const response = await supertest(app)
+        .post('/api/ai/upload-and-process')
+        .attach('flyerFile', imagePath); // No checksum field, will cause validation to throw
+
+      expect(response.status).toBe(400);
+      // The validation error is now caught inside the route handler, which then calls cleanup.
+      expect(unlinkSpy).toHaveBeenCalledTimes(1);
+
+      unlinkSpy.mockRestore();
    });
  });

@@ -330,9 +330,7 @@ describe('AI Routes (/api/ai)', () => {
        flyer_id: 1,
        file_name: mockDataPayload.originalFileName,
      });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined); // No duplicate
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
-      vi.mocked(mockedDb.adminRepo.logActivity).mockResolvedValue();
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);

      // Act
      const response = await supertest(app)
@@ -343,7 +341,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('Flyer processed and saved successfully.');
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should return 400 if no flyer image is provided', async () => {
@@ -355,8 +353,8 @@ describe('AI Routes (/api/ai)', () => {

    it('should return 409 Conflict and delete the uploaded file if flyer checksum already exists', async () => {
      // Arrange
-      const mockExistingFlyer = createMockFlyer({ flyer_id: 99 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(mockExistingFlyer); // Duplicate found
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(duplicateError);
      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);

      // Act
@@ -368,7 +366,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(409);
      expect(response.body.message).toBe('This flyer has already been processed.');
-      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled();
+      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled(); // Should not be called if service throws
      // Assert that the file was deleted
      expect(unlinkSpy).toHaveBeenCalledTimes(1);
      // The filename is predictable in the test environment because of the multer config in ai.routes.ts
@@ -383,12 +381,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { store_name: 'Partial Store' }, // no items key
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 2,
-        file_name: partialPayload.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 2 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -396,13 +389,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // verify the items array passed to DB was an empty array
-      const callArgs = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0]?.[1];
-      expect(callArgs).toBeDefined();
-      expect(Array.isArray(callArgs)).toBe(true);
-      // use non-null assertion for the runtime-checked variable so TypeScript is satisfied
-      expect(callArgs!.length).toBe(0);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should fallback to a safe store name when store_name is missing', async () => {
@@ -412,12 +399,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { items: [] }, // store_name missing
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 3,
-        file_name: payloadNoStore.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 3 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -425,19 +407,11 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // verify the flyerData.store_name passed to DB was the fallback string
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store');
-      // Also verify the warning was logged
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle a generic error during flyer creation', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockRejectedValueOnce(
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValueOnce(
        new Error('DB transaction failed'),
      );

@@ -460,8 +434,7 @@ describe('AI Routes (/api/ai)', () => {

    beforeEach(() => {
      const mockFlyer = createMockFlyer({ flyer_id: 1 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);
    });

    it('should handle payload where "data" field is an object, not stringified JSON', async () => {
@@ -471,7 +444,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

   it('should handle payload where extractedData is null', async () => {
@@ -487,14 +460,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is a string', async () => {
@@ -510,14 +476,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is at the root of the body', async () => {
@@ -531,9 +490,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201); // This test was failing with 500, the fix is in ai.routes.ts
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toBe('Root Store');
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should default item quantity to 1 if missing', async () => {
@@ -552,9 +509,55 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const itemsArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][1];
-      expect(itemsArg[0].quantity).toBe(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe('POST /flyers/process (Legacy Error Handling)', () => {
+    const imagePath = path.resolve(__dirname, '../tests/assets/test-flyer-image.jpg');
+
+    it('should handle malformed JSON in data field and return 400', async () => {
+      const malformedDataString = '{"checksum":'; // Invalid JSON
+      
+      // Since the service parses the data, we mock it to throw a ValidationError when parsing fails
+      // or when it detects the malformed input.
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));
+
+      const response = await supertest(app)
+        .post('/api/ai/flyers/process')
+        .field('data', malformedDataString)
+        .attach('flyerImage', imagePath);
+
+      // The outer catch block should be hit, leading to empty parsed data.
+      // The handler then fails the checksum validation.
+      expect(response.status).toBe(400);
+      expect(response.body.message).toBe('Checksum is required.');
+      // Note: The logging expectation was removed because if the service throws a ValidationError, 
+      // the route handler passes it to the global error handler, which might log differently or not as a "critical error during parsing" in the route itself.
+    });
+
+    it('should return 400 if checksum is missing from legacy payload', async () => {
+      const payloadWithoutChecksum = {
+        originalFileName: 'flyer.jpg',
+        extractedData: { store_name: 'Test Store', items: [] },
+      };
+      // Spy on fs.promises.unlink to verify file cleanup
+      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);
+      
+      // Mock the service to throw a ValidationError because the checksum is missing
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));
+
+      const response = await supertest(app)
+        .post('/api/ai/flyers/process')
+        .field('data', JSON.stringify(payloadWithoutChecksum))
+        .attach('flyerImage', imagePath);
+
+      expect(response.status).toBe(400);
+      expect(response.body.message).toBe('Checksum is required.');
+      // Ensure the uploaded file is cleaned up
+      expect(unlinkSpy).toHaveBeenCalledTimes(1);
+
+      unlinkSpy.mockRestore();
    });
  });

@@ -827,6 +830,39 @@ describe('AI Routes (/api/ai)', () => {
      expect(response.body.message).toBe('Maps API key invalid');
    });

+    it('POST /deep-dive should return 500 on a generic error', async () => {
+      vi.mocked(mockLogger.info).mockImplementationOnce(() => {
+        throw new Error('Deep dive logging failed');
+      });
+      const response = await supertest(app)
+        .post('/api/ai/deep-dive')
+        .send({ items: [{ name: 'test' }] });
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('Deep dive logging failed');
+    });
+
+    it('POST /search-web should return 500 on a generic error', async () => {
+      vi.mocked(mockLogger.info).mockImplementationOnce(() => {
+        throw new Error('Search web logging failed');
+      });
+      const response = await supertest(app)
+        .post('/api/ai/search-web')
+        .send({ query: 'test query' });
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('Search web logging failed');
+    });
+
+    it('POST /compare-prices should return 500 on a generic error', async () => {
+      vi.mocked(mockLogger.info).mockImplementationOnce(() => {
+        throw new Error('Compare prices logging failed');
+      });
+      const response = await supertest(app)
+        .post('/api/ai/compare-prices')
+        .send({ items: [{ name: 'Milk' }] });
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('Compare prices logging failed');
+    });
+
    it('POST /quick-insights should return 400 if items are missing', async () => {
      const response = await supertest(app).post('/api/ai/quick-insights').send({});
      expect(response.status).toBe(400);
--- a/src/routes/ai.routes.ts
+++ b/src/routes/ai.routes.ts
@@ -1,38 +1,32 @@
 // src/routes/ai.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import multer from 'multer';
-import path from 'path';
-import fs from 'node:fs';
 import { z } from 'zod';
 import passport from './passport.routes';
 import { optionalAuth } from './passport.routes';
-import * as db from '../services/db/index.db';
-import { createFlyerAndItems } from '../services/db/flyer.db';
-import * as aiService from '../services/aiService.server'; // Correctly import server-side AI service
-import { generateFlyerIcon } from '../utils/imageProcessor';
-import { sanitizeFilename } from '../utils/stringUtils';
-import { logger } from '../services/logger.server';
-import { UserProfile, ExtractedCoreData, ExtractedFlyerItem } from '../types';
-import { flyerQueue } from '../services/queueService.server';
+import { aiService, DuplicateFlyerError } from '../services/aiService.server';
+import {
+  createUploadMiddleware,
+  handleMulterError,
+} from '../middleware/multer.middleware';
+import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
+import { UserProfile } from '../types'; // This was a duplicate, fixed.
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString } from '../utils/zodUtils';
+import { cleanupUploadedFile, cleanupUploadedFiles } from '../utils/fileUtils';
+import { monitoringService } from '../services/monitoringService.server';

 const router = Router();

-interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
-  checksum?: string;
-  originalFileName?: string;
-  extractedData?: Partial<ExtractedCoreData>;
-  data?: FlyerProcessPayload; // For nested data structures
-}
-
 // --- Zod Schemas for AI Routes (as per ADR-003) ---

 const uploadAndProcessSchema = z.object({
  body: z.object({
-    checksum: requiredString('File checksum is required.'),
-    // Potential improvement: If checksum is always a specific format (e.g., SHA-256),
-    // you could add `.length(64).regex(/^[a-f0-9]+$/)` for stricter validation.
+    // Stricter validation for SHA-256 checksum. It must be a 64-character hexadecimal string.
+    checksum: requiredString('File checksum is required.').pipe(
+      z.string()
+        .length(64, 'Checksum must be 64 characters long.')
+        .regex(/^[a-f0-9]+$/, 'Checksum must be a valid hexadecimal string.'),
+    ),
  }),
 });

@@ -50,15 +44,6 @@ const errMsg = (e: unknown) => {
  return String(e || 'An unknown error occurred.');
 };

-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.promises.unlink(file.path);
-  } catch (err) {
-    // Ignore cleanup errors (e.g. file already deleted)
-  }
-};
-
 const cropAreaObjectSchema = z.object({
  x: z.number(),
  y: z.number(),
@@ -87,7 +72,6 @@ const rescanAreaSchema = z.object({
      })
      .pipe(cropAreaObjectSchema), // Further validate the structure of the parsed object
    extractionType: z.enum(['store_name', 'dates', 'item_details'], {
-      // This is the line with the error
      message: "extractionType must be one of 'store_name', 'dates', or 'item_details'.",
    }),
  }),
@@ -95,13 +79,20 @@ const rescanAreaSchema = z.object({

 const flyerItemForAnalysisSchema = z
  .object({
-    item: z.string().nullish(),
-    name: z.string().nullish(),
+    // Sanitize item and name by trimming whitespace.
+    // The transform ensures that null/undefined values are preserved
+    // while trimming any actual string values.
+    item: z.string().nullish().transform(val => (val ? val.trim() : val)),
+    name: z.string().nullish().transform(val => (val ? val.trim() : val)),
  })
+  // Using .passthrough() allows extra properties on the item object.
+  // If the intent is to strictly enforce only 'item' and 'name' (and other known properties),
+  // consider using .strict() instead for tighter security and data integrity.
  .passthrough()
  .refine(
    (data) =>
-      (data.item && data.item.trim().length > 0) || (data.name && data.name.trim().length > 0),
+      // After the transform, the values are already trimmed.
+      (data.item && data.item.length > 0) || (data.name && data.name.length > 0),
    {
      message: "Item identifier is required (either 'item' or 'name').",
    },
@@ -121,6 +112,8 @@ const comparePricesSchema = z.object({

 const planTripSchema = z.object({
  body: z.object({
+    // Consider if this array should be non-empty. If a trip plan requires at least one item,
+    // you could add `.nonempty('At least one item is required to plan a trip.')`
    items: z.array(flyerItemForAnalysisSchema),
    store: z.object({ name: requiredString('Store name is required.') }),
    userLocation: z.object({
@@ -148,40 +141,7 @@ const searchWebSchema = z.object({
  body: z.object({ query: requiredString('A search query is required.') }),
 });

-// --- Multer Configuration for File Uploads ---
-const storagePath =
-  process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
-
-// Ensure the storage path exists at startup so multer can write files there.
-try {
-  fs.mkdirSync(storagePath, { recursive: true });
-  logger.debug(`AI upload storage path ready: ${storagePath}`);
-} catch (err) {
-  logger.error(
-    { error: errMsg(err) },
-    `Failed to create storage path (${storagePath}). File uploads may fail.`,
-  );
-}
-const diskStorage = multer.diskStorage({
-  destination: function (req, file, cb) {
-    cb(null, storagePath);
-  },
-  filename: function (req, file, cb) {
-    // If in a test environment, use a predictable filename for easy cleanup.
-    if (process.env.NODE_ENV === 'test') {
-      return cb(null, `${file.fieldname}-test-flyer-image.jpg`);
-    } else {
-      const uniqueSuffix = Date.now() + '-' + Math.round(Math.random() * 1e9);
-      // Sanitize the original filename to remove spaces and special characters
-      return cb(
-        null,
-        file.fieldname + '-' + uniqueSuffix + '-' + sanitizeFilename(file.originalname),
-      );
-    }
-  },
-});
-
-const uploadToDisk = multer({ storage: diskStorage });
+const uploadToDisk = createUploadMiddleware({ storageType: 'flyer' });

 // Diagnostic middleware: log incoming AI route requests (headers and sizes)
 router.use((req: Request, res: Response, next: NextFunction) => {
@@ -207,58 +167,29 @@ router.post(
  '/upload-and-process',
  optionalAuth,
  uploadToDisk.single('flyerFile'),
-  validateRequest(uploadAndProcessSchema),
+  // Validation is now handled inside the route to ensure file cleanup on failure.
+  // validateRequest(uploadAndProcessSchema),
  async (req, res, next: NextFunction) => {
    try {
+      // Manually validate the request body. This will throw if validation fails.
+      const { body } = uploadAndProcessSchema.parse({ body: req.body });
+
      if (!req.file) {
        return res.status(400).json({ message: 'A flyer file (PDF or image) is required.' });
      }

      logger.debug(
-        { filename: req.file.originalname, size: req.file.size, checksum: req.body.checksum },
+        { filename: req.file.originalname, size: req.file.size, checksum: body.checksum },
        'Handling /upload-and-process',
      );

-      const { checksum } = req.body;
-      // Check for duplicate flyer using checksum before even creating a job
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        // Use 409 Conflict for duplicates
-        return res.status(409).json({
-          message: 'This flyer has already been processed.',
-          flyerId: existingFlyer.flyer_id,
-        });
-      }
-
      const userProfile = req.user as UserProfile | undefined;
-      // Construct a user address string from their profile if they are logged in.
-      let userProfileAddress: string | undefined = undefined;
-      if (userProfile?.address) {
-        userProfileAddress = [
-          userProfile.address.address_line_1,
-          userProfile.address.address_line_2,
-          userProfile.address.city,
-          userProfile.address.province_state,
-          userProfile.address.postal_code,
-          userProfile.address.country,
-        ]
-          .filter(Boolean)
-          .join(', ');
-      }
-
-      // Add job to the queue
-      const job = await flyerQueue.add('process-flyer', {
-        filePath: req.file.path,
-        originalFileName: req.file.originalname,
-        checksum: checksum,
-        userId: userProfile?.user.user_id,
-        submitterIp: req.ip, // Capture the submitter's IP address
-        userProfileAddress: userProfileAddress, // Pass the user's profile address
-      });
-
-      logger.info(
-        `Enqueued flyer for processing. File: ${req.file.originalname}, Job ID: ${job.id}`,
+      const job = await aiService.enqueueFlyerProcessing(
+        req.file,
+        body.checksum,
+        userProfile,
+        req.ip ?? 'unknown',
+        req.log,
      );

      // Respond immediately to the client with 202 Accepted
@@ -267,6 +198,11 @@ router.post(
        jobId: job.id,
      });
    } catch (error) {
+      await cleanupUploadedFile(req.file);
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${req.body?.checksum}`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -283,18 +219,11 @@ router.get(
    const {
      params: { jobId },
    } = req as unknown as JobIdRequest;
+
    try {
-      const job = await flyerQueue.getJob(jobId);
-      if (!job) {
-        // Adhere to ADR-001 by throwing a specific error to be handled centrally.
-        return res.status(404).json({ message: 'Job not found.' });
-      }
-      const state = await job.getState();
-      const progress = job.progress;
-      const returnValue = job.returnvalue;
-      const failedReason = job.failedReason;
-      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${state}`);
-      res.json({ id: job.id, state, progress, returnValue, failedReason });
+      const jobStatus = await monitoringService.getFlyerJobStatus(jobId); // This was a duplicate, fixed.
+      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${jobStatus.state}`);
+      res.json(jobStatus);
    } catch (error) {
      next(error);
    }
@@ -316,184 +245,22 @@ router.post(
        return res.status(400).json({ message: 'Flyer image file is required.' });
      }

-      // Diagnostic & tolerant parsing for flyers/process
-      logger.debug(
-        { keys: Object.keys(req.body || {}) },
-        '[API /ai/flyers/process] Processing legacy upload',
-      );
-      logger.debug({ filePresent: !!req.file }, '[API /ai/flyers/process] file present:');
-
-      // Try several ways to obtain the payload so we are tolerant to client variations.
-      let parsed: FlyerProcessPayload = {};
-      let extractedData: Partial<ExtractedCoreData> | null | undefined = {};
-      try {
-        // If the client sent a top-level `data` field (stringified JSON), parse it.
-        if (req.body && (req.body.data || req.body.extractedData)) {
-          const raw = req.body.data ?? req.body.extractedData;
-          logger.debug(
-            { type: typeof raw, length: raw?.length ?? 0 },
-            '[API /ai/flyers/process] raw extractedData',
-          );
-          try {
-            parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse raw extractedData; falling back to direct assign',
-            );
-            parsed = (
-              typeof raw === 'string' ? JSON.parse(String(raw).slice(0, 2000)) : raw
-            ) as FlyerProcessPayload;
-          }
-          // If parsed itself contains an `extractedData` field, use that, otherwise assume parsed is the extractedData
-          extractedData = 'extractedData' in parsed ? parsed.extractedData : (parsed as Partial<ExtractedCoreData>);
-        } else {
-          // No explicit `data` field found. Attempt to interpret req.body as an object (Express may have parsed multipart fields differently).
-          try {
-            parsed = typeof req.body === 'string' ? JSON.parse(req.body) : req.body;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse req.body; using empty object',
-            );
-            parsed = (req.body as FlyerProcessPayload) || {};
-          }
-          // extractedData might be nested under `data` or `extractedData`, or the body itself may be the extracted data.
-          if (parsed.data) {
-            try {
-              const inner = typeof parsed.data === 'string' ? JSON.parse(parsed.data) : parsed.data;
-              extractedData = inner.extractedData ?? inner;
-            } catch (err) {
-              logger.warn(
-                { error: errMsg(err) },
-                '[API /ai/flyers/process] Failed to parse parsed.data; falling back',
-              );
-              extractedData = parsed.data as unknown as Partial<ExtractedCoreData>;
-            }
-          } else if (parsed.extractedData) {
-            extractedData = parsed.extractedData;
-          } else {
-            // Assume the body itself is the extracted data if it looks like it (has items or store_name keys)
-            if ('items' in parsed || 'store_name' in parsed || 'valid_from' in parsed) {
-              extractedData = parsed as Partial<ExtractedCoreData>;
-            } else {
-              extractedData = {};
-            }
-          }
-        }
-      } catch (err) {
-        logger.error(
-          { error: err },
-          '[API /ai/flyers/process] Unexpected error while parsing request body',
-        );
-        parsed = {};
-        extractedData = {};
-      }
-
-      // Pull common metadata fields (checksum, originalFileName) from whichever shape we parsed.
-      const checksum = parsed.checksum ?? parsed?.data?.checksum ?? '';
-
-      if (!checksum) {
-        await cleanupUploadedFile(req.file);
-        return res.status(400).json({ message: 'Checksum is required.' });
-      }
-
-      const originalFileName =
-        parsed.originalFileName ?? parsed?.data?.originalFileName ?? req.file.originalname;
      const userProfile = req.user as UserProfile | undefined;

-      // Validate extractedData to avoid database errors (e.g., null store_name)
-      if (!extractedData || typeof extractedData !== 'object') {
-        logger.warn(
-          { bodyData: parsed },
-          'Missing extractedData in /api/ai/flyers/process payload.',
-        );
-        // Don't fail hard here; proceed with empty items and fallback store name so the upload can be saved for manual review.
-        extractedData = {};
-      }
-
-      // Transform the extracted items into the format required for database insertion.
-      // This adds default values for fields like `view_count` and `click_count`
-      // and makes this legacy endpoint consistent with the newer FlyerDataTransformer service.
-      const rawItems = extractedData.items ?? [];
-      const itemsArray = Array.isArray(rawItems)
-        ? rawItems
-        : typeof rawItems === 'string'
-          ? JSON.parse(rawItems)
-          : [];
-      const itemsForDb = itemsArray.map((item: Partial<ExtractedFlyerItem>) => ({
-        ...item,
-        master_item_id: item.master_item_id === null ? undefined : item.master_item_id,
-        quantity: item.quantity ?? 1, // Default to 1 to satisfy DB constraint
-        view_count: 0,
-        click_count: 0,
-        updated_at: new Date().toISOString(),
-      }));
-
-      // Ensure we have a valid store name; the DB requires a non-null store name.
-      const storeName =
-        extractedData.store_name && String(extractedData.store_name).trim().length > 0
-          ? String(extractedData.store_name)
-          : 'Unknown Store (auto)';
-      if (storeName.startsWith('Unknown')) {
-        logger.warn(
-          'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-        );
-      }
-
-      // 1. Check for duplicate flyer using checksum
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        await cleanupUploadedFile(req.file);
-        return res.status(409).json({ message: 'This flyer has already been processed.' });
-      }
-
-      // Generate a 64x64 icon from the uploaded flyer image.
-      const iconsDir = path.join(path.dirname(req.file.path), 'icons');
-      const iconFileName = await generateFlyerIcon(req.file.path, iconsDir, req.log);
-      const iconUrl = `/flyer-images/icons/${iconFileName}`;
-
-      // 2. Prepare flyer data for insertion
-      const flyerData = {
-        file_name: originalFileName,
-        image_url: `/flyer-images/${req.file.filename}`, // Store the full URL path
-        icon_url: iconUrl,
-        checksum: checksum,
-        // Use normalized store name (fallback applied above).
-        store_name: storeName,
-        valid_from: extractedData.valid_from ?? null,
-        valid_to: extractedData.valid_to ?? null,
-        store_address: extractedData.store_address ?? null,
-        item_count: 0, // Set default to 0; the trigger will update it.
-        uploaded_by: userProfile?.user.user_id, // Associate with user if logged in
-      };
-
-      // 3. Create flyer and its items in a transaction
-      const { flyer: newFlyer, items: newItems } = await createFlyerAndItems(
-        flyerData,
-        itemsForDb,
-        req.log,
-      );
-
-      logger.info(
-        `Successfully processed and saved new flyer: ${newFlyer.file_name} (ID: ${newFlyer.flyer_id}) with ${newItems.length} items.`,
-      );
-
-      // Log this significant event
-      await db.adminRepo.logActivity(
-        {
-          userId: userProfile?.user.user_id,
-          action: 'flyer_processed',
-          displayText: `Processed a new flyer for ${flyerData.store_name}.`,
-          details: { flyerId: newFlyer.flyer_id, storeName: flyerData.store_name },
-        },
+      const newFlyer = await aiService.processLegacyFlyerUpload(
+        req.file,
+        req.body,
+        userProfile,
        req.log,
      );

      res.status(201).json({ message: 'Flyer processed and saved successfully.', flyer: newFlyer });
    } catch (error) {
      await cleanupUploadedFile(req.file);
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked.`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -516,6 +283,8 @@ router.post(
      res.status(200).json({ is_flyer: true }); // Stubbed response
    } catch (error) {
      next(error);
+    } finally {
+      await cleanupUploadedFile(req.file);
    }
  },
 );
@@ -533,6 +302,8 @@ router.post(
      res.status(200).json({ address: 'not identified' }); // Updated stubbed response
    } catch (error) {
      next(error);
+    } finally {
+      await cleanupUploadedFile(req.file);
    }
  },
 );
@@ -550,6 +321,8 @@ router.post(
      res.status(200).json({ store_logo_base_64: null }); // Stubbed response
    } catch (error) {
      next(error);
+    } finally {
+      await cleanupUploadedFiles(req.files as Express.Multer.File[]);
    }
  },
 );
@@ -626,7 +399,7 @@ router.post(
    try {
      const { items, store, userLocation } = req.body;
      logger.debug({ itemCount: items.length, storeName: store.name }, 'Trip planning requested.');
-      const result = await aiService.aiService.planTripWithMaps(items, store, userLocation);
+      const result = await aiService.planTripWithMaps(items, store, userLocation);
      res.status(200).json(result);
    } catch (error) {
      logger.error({ error: errMsg(error) }, 'Error in /api/ai/plan-trip endpoint:');
@@ -686,7 +459,7 @@ router.post(
        'Rescan area requested',
      );

-      const result = await aiService.aiService.extractTextFromImageArea(
+      const result = await aiService.extractTextFromImageArea(
        path,
        mimetype,
        cropArea,
@@ -697,8 +470,13 @@ router.post(
      res.status(200).json(result);
    } catch (error) {
      next(error);
+    } finally {
+      await cleanupUploadedFile(req.file);
    }
  },
 );

+/* Catches errors from multer (e.g., file size, file filter) */
+router.use(handleMulterError);
+
 export default router;
--- a/src/routes/auth.routes.test.ts
+++ b/src/routes/auth.routes.test.ts
@@ -2,14 +2,8 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
 import { Request, Response, NextFunction } from 'express';
-import cookieParser from 'cookie-parser';
-import * as bcrypt from 'bcrypt';
-import jwt from 'jsonwebtoken';
-import {
-  createMockUserProfile,
-  createMockUserWithPasswordHash,
-} from '../tests/utils/mockFactories';
-import { mockLogger } from '../tests/utils/mockLogger';
+import cookieParser from 'cookie-parser'; // This was a duplicate, fixed.
+import { createMockUserProfile } from '../tests/utils/mockFactories';

 // --- FIX: Hoist passport mocks to be available for vi.mock ---
 const passportMocks = vi.hoisted(() => {
@@ -70,49 +64,25 @@ vi.mock('./passport.routes', () => ({
  optionalAuth: vi.fn((req: Request, res: Response, next: NextFunction) => next()),
 }));

-// Mock the DB connection pool to control transactional behavior
-const { mockPool } = vi.hoisted(() => {
-  const client = {
-    query: vi.fn(),
-    release: vi.fn(),
-  };
+// Mock the authService, which is now the primary dependency of the routes.
+const { mockedAuthService } = vi.hoisted(() => {
  return {
-    mockPool: {
-      connect: vi.fn(() => Promise.resolve(client)),
+    mockedAuthService: {
+      registerAndLoginUser: vi.fn(),
+      handleSuccessfulLogin: vi.fn(),
+      resetPassword: vi.fn(),
+      updatePassword: vi.fn(),
+      refreshAccessToken: vi.fn(),
+      logout: vi.fn(),
    },
-    mockClient: client,
  };
 });
-// Mock the Service Layer directly.
-// We use async import inside the factory to properly hoist the UniqueConstraintError class usage.
-vi.mock('../services/db/index.db', async () => {
-  const { UniqueConstraintError } = await import('../services/db/errors.db');
-  return {
-    userRepo: {
-      findUserByEmail: vi.fn(),
-      createUser: vi.fn(),
-      saveRefreshToken: vi.fn(),
-      createPasswordResetToken: vi.fn(),
-      getValidResetTokens: vi.fn(),
-      updateUserPassword: vi.fn(),
-      deleteResetToken: vi.fn(),
-      findUserByRefreshToken: vi.fn(),
-      deleteRefreshToken: vi.fn(),
-    },
-    adminRepo: {
-      logActivity: vi.fn(),
-    },
-    UniqueConstraintError: UniqueConstraintError,
-  };
-});
-
-vi.mock('../services/db/connection.db', () => ({
-  getPool: () => mockPool,
-}));
+vi.mock('../services/authService', () => ({ authService: mockedAuthService }));

 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the email service
@@ -120,15 +90,8 @@ vi.mock('../services/emailService.server', () => ({
  sendPasswordResetEmail: vi.fn(),
 }));

-// Mock bcrypt
-vi.mock('bcrypt', async (importOriginal) => {
-  const actual = await importOriginal<typeof bcrypt>();
-  return { ...actual, compare: vi.fn() };
-});
-
 // Import the router AFTER mocks are established
 import authRouter from './auth.routes';
-import * as db from '../services/db/index.db'; // This was a duplicate, fixed.

 import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks

@@ -144,6 +107,8 @@ import { UniqueConstraintError } from '../services/db/errors.db'; // Import actu
 import express from 'express';
 import { errorHandler } from '../middleware/errorHandler'; // Assuming this exists

+const { mockLogger } = await import('../tests/utils/mockLogger');
+
 const app = express();
 app.use(express.json());
 app.use(cookieParser()); // Mount BEFORE router
@@ -174,13 +139,11 @@ describe('Auth Routes (/api/auth)', () => {
        user: { user_id: 'new-user-id', email: newUserEmail },
        full_name: 'Test User',
      });
-
-      // FIX: Mock the method on the imported singleton instance `userRepo` directly,
-      // as this is what the route handler uses. Spying on the prototype does not
-      // affect this already-created instance.
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/register').send({
@@ -188,22 +151,61 @@ describe('Auth Routes (/api/auth)', () => {
        password: strongPassword,
        full_name: 'Test User',
      });
-
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('User registered successfully!');
      expect(response.body.userprofile.user.email).toBe(newUserEmail);
      expect(response.body.token).toBeTypeOf('string'); // This was a duplicate, fixed.
-      expect(db.userRepo.createUser).toHaveBeenCalled();
+      expect(mockedAuthService.registerAndLoginUser).toHaveBeenCalledWith(
+        newUserEmail,
+        strongPassword,
+        'Test User',
+        undefined, // avatar_url
+        mockLogger,
+      );
+    });
+
+    it('should allow registration with an empty string for avatar_url', async () => {
+      // Arrange
+      const email = 'avatar-user@test.com';
+      const mockNewUser = createMockUserProfile({
+        user: { user_id: 'avatar-user-id', email },
+      });
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'avatar-access-token',
+        refreshToken: 'avatar-refresh-token',
+      });
+
+      // Act
+      const response = await supertest(app).post('/api/auth/register').send({
+        email,
+        password: strongPassword,
+        full_name: 'Avatar User',
+        avatar_url: '', // Send an empty string
+      });
+
+      // Assert
+      expect(response.status).toBe(201);
+      expect(response.body.message).toBe('User registered successfully!');
+      expect(mockedAuthService.registerAndLoginUser).toHaveBeenCalledWith(
+        email,
+        strongPassword,
+        'Avatar User',
+        undefined, // The preprocess step in the Zod schema should convert '' to undefined
+        mockLogger,
+      );
    });

    it('should set a refresh token cookie on successful registration', async () => {
      const mockNewUser = createMockUserProfile({
        user: { user_id: 'new-user-id', email: 'cookie@test.com' },
      });
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      const response = await supertest(app).post('/api/auth/register').send({
        email: 'cookie@test.com',
@@ -233,15 +235,14 @@ describe('Auth Routes (/api/auth)', () => {
      expect(errorMessages).toMatch(/Password is too weak/i);
    });

-    it('should reject registration if the email already exists', async () => {
+    it('should reject registration if the auth service throws UniqueConstraintError', async () => {
      // Create an error object that includes the 'code' property for simulating a PG unique violation.
      // This is more type-safe than casting to 'any'.
      const dbError = new UniqueConstraintError(
        'User with that email already exists.',
      ) as UniqueConstraintError & { code: string };
      dbError.code = '23505';
-
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -249,12 +250,11 @@ describe('Auth Routes (/api/auth)', () => {

      expect(response.status).toBe(409); // 409 Conflict
      expect(response.body.message).toBe('User with that email already exists.');
-      expect(db.userRepo.createUser).toHaveBeenCalled();
    });

    it('should return 500 if a generic database error occurs during registration', async () => {
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -287,7 +287,10 @@ describe('Auth Routes (/api/auth)', () => {
    it('should successfully log in a user and return a token and cookie', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -307,25 +310,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.headers['set-cookie']).toBeDefined();
    });

-    it('should contain the correct payload in the JWT token', async () => {
-      // Arrange
-      const loginCredentials = { email: 'payload.test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-
-      // Act
-      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
-
-      // Assert
-      expect(response.status).toBe(200);
-      const token = response.body.token;
-      expect(token).toBeTypeOf('string');
-
-      const decodedPayload = jwt.decode(token) as { user_id: string; email: string; role: string };
-      expect(decodedPayload.user_id).toBe('user-123');
-      expect(decodedPayload.email).toBe(loginCredentials.email);
-      expect(decodedPayload.role).toBe('user'); // Default role from mock factory
-    });
-
    it('should reject login for incorrect credentials', async () => {
      const response = await supertest(app)
        .post('/api/auth/login')
@@ -357,7 +341,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should return 500 if saving the refresh token fails', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockRejectedValue(new Error('DB write failed'));
+      mockedAuthService.handleSuccessfulLogin.mockRejectedValue(new Error('DB write failed'));

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -399,7 +383,10 @@ describe('Auth Routes (/api/auth)', () => {
        password: 'password123',
        rememberMe: true,
      };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'remember-access-token',
+        refreshToken: 'remember-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -414,10 +401,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /forgot-password', () => {
    it('should send a reset link if the user exists', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue('mock-reset-token');

      // Act
      const response = await supertest(app)
@@ -431,7 +415,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return a generic success message even if the user does not exist', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue(undefined);

      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -442,7 +426,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 500 if the database call fails', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockRejectedValue(new Error('DB connection failed'));
+      mockedAuthService.resetPassword.mockRejectedValue(new Error('DB connection failed'));
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
        .send({ email: 'any@test.com' });
@@ -450,25 +434,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(500);
    });

-    it('should still return 200 OK if the email service fails', async () => {
-      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
-      // Mock the email service to fail
-      const { sendPasswordResetEmail } = await import('../services/emailService.server');
-      vi.mocked(sendPasswordResetEmail).mockRejectedValue(new Error('SMTP server down'));
-
-      // Act
-      const response = await supertest(app)
-        .post('/api/auth/forgot-password')
-        .send({ email: 'test@test.com' });
-
-      // Assert: The route should not fail even if the email does.
-      expect(response.status).toBe(200);
-    });
-
    it('should return 400 for an invalid email format', async () => {
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -481,16 +446,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /reset-password', () => {
    it('should reset the password with a valid token and strong password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]); // This was a duplicate, fixed.
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never); // Token matches
-      vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
-      vi.mocked(db.userRepo.deleteResetToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.updatePassword.mockResolvedValue(true);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -501,7 +457,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should reject with an invalid or expired token', async () => {
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([]); // No valid tokens found
+      mockedAuthService.updatePassword.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -511,31 +467,8 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.body.message).toBe('Invalid or expired password reset token.');
    });

-    it('should reject if token does not match any valid tokens in DB', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(false as never); // Token does not match
-
-      const response = await supertest(app)
-        .post('/api/auth/reset-password')
-        .send({ token: 'wrong-token', newPassword: 'a-Very-Strong-Password-123!' });
-
-      expect(response.status).toBe(400);
-      expect(response.body.message).toBe('Invalid or expired password reset token.');
-    });
-
    it('should return 400 for a weak new password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+      // No need to mock the service here as validation runs first

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -555,11 +488,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /refresh-token', () => {
    it('should issue a new access token with a valid refresh token cookie', async () => {
-      const mockUser = createMockUserWithPasswordHash({
-        user_id: 'user-123',
-        email: 'test@test.com',
-      });
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(mockUser);
+      mockedAuthService.refreshAccessToken.mockResolvedValue({ accessToken: 'new-access-token' });

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -576,8 +505,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 403 if refresh token is invalid', async () => {
-      // Mock finding no user for this token, which should trigger the 403 logic
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(undefined as any);
+      mockedAuthService.refreshAccessToken.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -588,7 +516,7 @@ describe('Auth Routes (/api/auth)', () => {

    it('should return 500 if the database call fails', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockRejectedValue(new Error('DB Error'));
+      mockedAuthService.refreshAccessToken.mockRejectedValue(new Error('DB Error'));

      // Act
      const response = await supertest(app)
@@ -602,7 +530,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /logout', () => {
    it('should clear the refresh token cookie and return a success message', async () => {
      // Arrange
-      vi.mocked(db.userRepo.deleteRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.logout.mockResolvedValue(undefined);

      // Act
      const response = await supertest(app)
@@ -625,7 +553,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should still return 200 OK even if deleting the refresh token from DB fails', async () => {
      // Arrange
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.deleteRefreshToken).mockRejectedValue(dbError);
+      mockedAuthService.logout.mockRejectedValue(dbError);
      const { logger } = await import('../services/logger.server');

      // Act
@@ -637,7 +565,7 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(200);
      expect(logger.error).toHaveBeenCalledWith(
        expect.objectContaining({ error: dbError }),
-        'Failed to delete refresh token from DB during logout.',
+        'Logout token invalidation failed in background.',
      );
    });

--- a/src/routes/auth.routes.ts
+++ b/src/routes/auth.routes.ts
@@ -1,26 +1,18 @@
 // src/routes/auth.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import * as bcrypt from 'bcrypt';
 import { z } from 'zod';
-import jwt from 'jsonwebtoken';
-import crypto from 'crypto';
 import rateLimit from 'express-rate-limit';
-
 import passport from './passport.routes';
-import { userRepo, adminRepo } from '../services/db/index.db';
-import { UniqueConstraintError } from '../services/db/errors.db';
-import { getPool } from '../services/db/connection.db';
+import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks
 import { logger } from '../services/logger.server';
-import { sendPasswordResetEmail } from '../services/emailService.server';
 import { validateRequest } from '../middleware/validation.middleware';
 import type { UserProfile } from '../types';
 import { validatePasswordStrength } from '../utils/authUtils';
 import { requiredString } from '../utils/zodUtils';

+import { authService } from '../services/authService';
 const router = Router();

-const JWT_SECRET = process.env.JWT_SECRET!;
-
 // Conditionally disable rate limiting for the test environment
 const isTestEnv = process.env.NODE_ENV === 'test';

@@ -31,7 +23,9 @@ const forgotPasswordLimiter = rateLimit({
  message: 'Too many password reset requests from this IP, please try again after 15 minutes.',
  standardHeaders: true,
  legacyHeaders: false,
-  skip: () => isTestEnv, // Skip this middleware if in test environment
+  // Do not skip in test environment so we can write integration tests for it.
+  // The limiter uses an in-memory store by default, so counts are reset when the test server restarts.
+  // skip: () => isTestEnv,
 });

 const resetPasswordLimiter = rateLimit({
@@ -45,21 +39,31 @@ const resetPasswordLimiter = rateLimit({

 const registerSchema = z.object({
  body: z.object({
-    email: z.string().email('A valid email is required.'),
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
    password: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
        if (!strength.isValid) ctx.addIssue({ code: 'custom', message: strength.feedback });
      }),
-    full_name: z.string().optional(),
-    avatar_url: z.string().url().optional(),
+    // Sanitize optional string inputs.
+    full_name: z.string().trim().optional(),
+    // Allow empty string or valid URL. If empty string is received, convert to undefined.
+    avatar_url: z.preprocess(
+      (val) => (val === '' ? undefined : val),
+      z.string().trim().url().optional(),
+    ),
  }),
 });

 const forgotPasswordSchema = z.object({
-  body: z.object({ email: z.string().email('A valid email is required.') }),
+  body: z.object({
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
+  }),
 });

 const resetPasswordSchema = z.object({
@@ -67,6 +71,7 @@ const resetPasswordSchema = z.object({
    token: requiredString('Token is required.'),
    newPassword: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -88,39 +93,14 @@ router.post(
    } = req as unknown as RegisterRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(password, saltRounds);
-      logger.info(`Hashing password for new user: ${email}`);
-
-      // The createUser method in UserRepository now handles its own transaction.
-      const newUser = await userRepo.createUser(
+      const { newUserProfile, accessToken, refreshToken } = await authService.registerAndLoginUser(
        email,
-        hashedPassword,
-        { full_name, avatar_url },
+        password,
+        full_name,
+        avatar_url,
        req.log,
      );

-      const userEmail = newUser.user.email;
-      const userId = newUser.user.user_id;
-      logger.info(`Successfully created new user in DB: ${userEmail} (ID: ${userId})`);
-
-      // Use the new standardized logging function
-      await adminRepo.logActivity(
-        {
-          userId: newUser.user.user_id,
-          action: 'user_registered',
-          displayText: `${userEmail} has registered.`,
-          icon: 'user-plus',
-        },
-        req.log,
-      );
-
-      const payload = { user_id: newUser.user.user_id, email: userEmail };
-      const token = jwt.sign(payload, JWT_SECRET, { expiresIn: '1h' });
-
-      const refreshToken = crypto.randomBytes(64).toString('hex');
-      await userRepo.saveRefreshToken(newUser.user.user_id, refreshToken, req.log);
-
      res.cookie('refreshToken', refreshToken, {
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
@@ -128,7 +108,7 @@ router.post(
      });
      return res
        .status(201)
-        .json({ message: 'User registered successfully!', userprofile: newUser, token });
+        .json({ message: 'User registered successfully!', userprofile: newUserProfile, token: accessToken });
    } catch (error: unknown) {
      if (error instanceof UniqueConstraintError) {
        // If the email is a duplicate, return a 409 Conflict status.
@@ -154,17 +134,6 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
      if (user) req.log.debug({ user }, '[API /login] Passport user object:'); // Log the user object passport returns
      if (user) req.log.info({ user }, '[API /login] Passport reported USER FOUND.');

-      try {
-        const allUsersInDb = await getPool().query(
-          'SELECT u.user_id, u.email, p.role FROM public.users u JOIN public.profiles p ON u.user_id = p.user_id',
-        );
-        req.log.debug('[API /login] Current users in DB from SERVER perspective:');
-        console.table(allUsersInDb.rows);
-      } catch (dbError) {
-        req.log.error({ dbError }, '[API /login] Could not query users table for debugging.');
-      }
-      // --- END DEBUG LOGGING ---
-      const { rememberMe } = req.body;
      if (err) {
        req.log.error(
          { error: err },
@@ -176,33 +145,24 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
        return res.status(401).json({ message: info.message || 'Login failed' });
      }

-      const userProfile = user as UserProfile;
-      const payload = {
-        user_id: userProfile.user.user_id,
-        email: userProfile.user.email,
-        role: userProfile.role,
-      };
-      const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
      try {
-        const refreshToken = crypto.randomBytes(64).toString('hex');
-        await userRepo.saveRefreshToken(userProfile.user.user_id, refreshToken, req.log);
+        const { rememberMe } = req.body;
+        const userProfile = user as UserProfile;
+        const { accessToken, refreshToken } = await authService.handleSuccessfulLogin(userProfile, req.log);
        req.log.info(`JWT and refresh token issued for user: ${userProfile.user.email}`);

        const cookieOptions = {
          httpOnly: true,
          secure: process.env.NODE_ENV === 'production',
-          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined,
+          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined, // 30 days
        };

        res.cookie('refreshToken', refreshToken, cookieOptions);
        // Return the full user profile object on login to avoid a second fetch on the client.
        return res.json({ userprofile: userProfile, token: accessToken });
      } catch (tokenErr) {
-        req.log.error(
-          { error: tokenErr },
-          `Failed to save refresh token during login for user: ${userProfile.user.email}`,
-        );
+        const email = (user as UserProfile)?.user?.email || req.body.email;
+        req.log.error({ error: tokenErr }, `Failed to process login for user: ${email}`);
        return next(tokenErr);
      }
    },
@@ -221,38 +181,14 @@ router.post(
    } = req as unknown as ForgotPasswordRequest;

    try {
-      req.log.debug(`[API /forgot-password] Received request for email: ${email}`);
-      const user = await userRepo.findUserByEmail(email, req.log);
-      let token: string | undefined;
-      req.log.debug(
-        { user: user ? { user_id: user.user_id, email: user.email } : 'NOT FOUND' },
-        `[API /forgot-password] Database search result for ${email}:`,
-      );
-
-      if (user) {
-        token = crypto.randomBytes(32).toString('hex');
-        const saltRounds = 10;
-        const tokenHash = await bcrypt.hash(token, saltRounds);
-        const expiresAt = new Date(Date.now() + 3600000); // 1 hour
-
-        await userRepo.createPasswordResetToken(user.user_id, tokenHash, expiresAt, req.log);
-
-        const resetLink = `${process.env.FRONTEND_URL}/reset-password/${token}`;
-
-        try {
-          await sendPasswordResetEmail(email, resetLink, req.log);
-        } catch (emailError) {
-          req.log.error({ emailError }, `Email send failure during password reset for user`);
-        }
-      } else {
-        req.log.warn(`Password reset requested for non-existent email: ${email}`);
-      }
+      // The service handles finding the user, creating the token, and sending the email.
+      const token = await authService.resetPassword(email, req.log);

      // For testability, return the token in the response only in the test environment.
      const responsePayload: { message: string; token?: string } = {
        message: 'If an account with that email exists, a password reset link has been sent.',
      };
-      if (process.env.NODE_ENV === 'test' && user) responsePayload.token = token;
+      if (process.env.NODE_ENV === 'test' && token) responsePayload.token = token;
      res.status(200).json(responsePayload);
    } catch (error) {
      req.log.error({ error }, `An error occurred during /forgot-password for email: ${email}`);
@@ -273,38 +209,12 @@ router.post(
    } = req as unknown as ResetPasswordRequest;

    try {
-      const validTokens = await userRepo.getValidResetTokens(req.log);
-      let tokenRecord;
-      for (const record of validTokens) {
-        const isMatch = await bcrypt.compare(token, record.token_hash);
-        if (isMatch) {
-          tokenRecord = record;
-          break;
-        }
-      }
+      const resetSuccessful = await authService.updatePassword(token, newPassword, req.log);

-      if (!tokenRecord) {
+      if (!resetSuccessful) {
        return res.status(400).json({ message: 'Invalid or expired password reset token.' });
      }

-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
-
-      await userRepo.updateUserPassword(tokenRecord.user_id, hashedPassword, req.log);
-      await userRepo.deleteResetToken(tokenRecord.token_hash, req.log);
-
-      // Log this security event after a successful password reset.
-      await adminRepo.logActivity(
-        {
-          userId: tokenRecord.user_id,
-          action: 'password_reset',
-          displayText: `User ID ${tokenRecord.user_id} has reset their password.`,
-          icon: 'key',
-          details: { source_ip: req.ip ?? null },
-        },
-        req.log,
-      );
-
      res.status(200).json({ message: 'Password has been reset successfully.' });
    } catch (error) {
      req.log.error({ error }, `An error occurred during password reset.`);
@@ -321,15 +231,11 @@ router.post('/refresh-token', async (req: Request, res: Response, next: NextFunc
  }

  try {
-    const user = await userRepo.findUserByRefreshToken(refreshToken, req.log);
-    if (!user) {
+    const result = await authService.refreshAccessToken(refreshToken, req.log);
+    if (!result) {
      return res.status(403).json({ message: 'Invalid or expired refresh token.' });
    }
-
-    const payload = { user_id: user.user_id, email: user.email };
-    const newAccessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
-    res.json({ token: newAccessToken });
+    res.json({ token: result.accessToken });
  } catch (error) {
    req.log.error({ error }, 'An error occurred during /refresh-token.');
    next(error);
@@ -346,8 +252,8 @@ router.post('/logout', async (req: Request, res: Response) => {
  if (refreshToken) {
    // Invalidate the token in the database so it cannot be used again.
    // We don't need to wait for this to finish to respond to the user.
-    userRepo.deleteRefreshToken(refreshToken, req.log).catch((err: Error) => {
-      req.log.error({ error: err }, 'Failed to delete refresh token from DB during logout.');
+    authService.logout(refreshToken, req.log).catch((err: Error) => {
+      req.log.error({ error: err }, 'Logout token invalidation failed in background.');
    });
  }
  // Instruct the browser to clear the cookie by setting its expiration to the past.
--- a/src/routes/budget.routes.test.ts
+++ b/src/routes/budget.routes.test.ts
@@ -7,7 +7,6 @@ import {
  createMockBudget,
  createMockSpendingByCategory,
 } from '../tests/utils/mockFactories';
-import { mockLogger } from '../tests/utils/mockLogger';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { ForeignKeyConstraintError, NotFoundError } from '../services/db/errors.db';
 // 1. Mock the Service Layer directly.
@@ -26,8 +25,9 @@ vi.mock('../services/db/index.db', () => ({
 }));

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Import the router and mocked DB AFTER all mocks are defined.
--- a/src/routes/deals.routes.test.ts
+++ b/src/routes/deals.routes.test.ts
@@ -4,7 +4,6 @@ import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile, createMockWatchedItemDeal } from '../tests/utils/mockFactories';
 import type { WatchedItemDeal } from '../types';
-import { mockLogger } from '../tests/utils/mockLogger';
 import { createTestApp } from '../tests/utils/createTestApp';

 // 1. Mock the Service Layer directly.
@@ -17,10 +16,12 @@ vi.mock('../services/db/deals.db', () => ({
 // Import the router and mocked repo AFTER all mocks are defined.
 import dealsRouter from './deals.routes';
 import { dealsRepo } from '../services/db/deals.db';
+import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock the passport middleware
--- a/src/routes/flyer.routes.test.ts
+++ b/src/routes/flyer.routes.test.ts
@@ -23,8 +23,9 @@ import * as db from '../services/db/index.db';
 import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Define a reusable matcher for the logger object.
--- a/src/routes/gamification.routes.test.ts
+++ b/src/routes/gamification.routes.test.ts
@@ -27,8 +27,9 @@ import gamificationRouter from './gamification.routes';
 import * as db from '../services/db/index.db';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Use vi.hoisted to create mutable mock function references.
--- a/src/routes/gamification.routes.ts
+++ b/src/routes/gamification.routes.ts
@@ -1,11 +1,10 @@
 // src/routes/gamification.routes.ts
 import express, { NextFunction } from 'express';
 import { z } from 'zod';
-import passport, { isAdmin } from './passport.routes';
-import { gamificationRepo } from '../services/db/index.db';
+import passport, { isAdmin } from './passport.routes'; // Correctly imported
+import { gamificationService } from '../services/gamificationService';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
-import { ForeignKeyConstraintError } from '../services/db/errors.db';
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString, optionalNumeric } from '../utils/zodUtils';

@@ -14,10 +13,12 @@ const adminGamificationRouter = express.Router(); // Create a new router for adm

 // --- Zod Schemas for Gamification Routes (as per ADR-003) ---

+const leaderboardQuerySchema = z.object({
+  limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
+});
+
 const leaderboardSchema = z.object({
-  query: z.object({
-    limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
-  }),
+  query: leaderboardQuerySchema,
 });

 const awardAchievementSchema = z.object({
@@ -35,7 +36,7 @@ const awardAchievementSchema = z.object({
 */
 router.get('/', async (req, res, next: NextFunction) => {
  try {
-    const achievements = await gamificationRepo.getAllAchievements(req.log);
+    const achievements = await gamificationService.getAllAchievements(req.log);
    res.json(achievements);
  } catch (error) {
    logger.error({ error }, 'Error fetching all achievements in /api/achievements:');
@@ -51,14 +52,11 @@ router.get(
  '/leaderboard',
  validateRequest(leaderboardSchema),
  async (req, res, next: NextFunction): Promise<void> => {
-    // Apply ADR-003 pattern for type safety.
-    // Explicitly coerce query params to ensure numbers are passed to the repo,
-    // as validateRequest might not replace req.query in all test environments.
-    const query = req.query as unknown as { limit?: string };
-    const limit = query.limit ? Number(query.limit) : 10;
-
    try {
-      const leaderboard = await gamificationRepo.getLeaderboard(limit, req.log);
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
+      const { limit } = leaderboardQuerySchema.parse(req.query);
+      const leaderboard = await gamificationService.getLeaderboard(limit!, req.log);
      res.json(leaderboard);
    } catch (error) {
      logger.error({ error }, 'Error fetching leaderboard:');
@@ -79,7 +77,7 @@ router.get(
  async (req, res, next: NextFunction): Promise<void> => {
    const userProfile = req.user as UserProfile;
    try {
-      const userAchievements = await gamificationRepo.getUserAchievements(
+      const userAchievements = await gamificationService.getUserAchievements(
        userProfile.user.user_id,
        req.log,
      );
@@ -111,21 +109,13 @@ adminGamificationRouter.post(
    type AwardAchievementRequest = z.infer<typeof awardAchievementSchema>;
    const { body } = req as unknown as AwardAchievementRequest;
    try {
-      await gamificationRepo.awardAchievement(body.userId, body.achievementName, req.log);
+      await gamificationService.awardAchievement(body.userId, body.achievementName, req.log);
      res
        .status(200)
        .json({
          message: `Successfully awarded '${body.achievementName}' to user ${body.userId}.`,
        });
    } catch (error) {
-      if (error instanceof ForeignKeyConstraintError) {
-        res.status(400).json({ message: error.message });
-        return;
-      }
-      logger.error(
-        { error, userId: body.userId, achievementName: body.achievementName },
-        'Error awarding achievement via admin endpoint:',
-      );
      next(error);
    }
  },
--- a/src/routes/health.routes.test.ts
+++ b/src/routes/health.routes.test.ts
@@ -32,8 +32,9 @@ import healthRouter from './health.routes';
 import * as dbConnection from '../services/db/connection.db';

 // Mock the logger to keep test output clean.
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Cast the mocked import to a Mocked type for type-safe access to mock functions.
@@ -160,10 +161,15 @@ describe('Health Routes (/api/health)', () => {
      const response = await supertest(app).get('/api/health/db-schema');

      expect(response.status).toBe(500);
-      expect(response.body.message).toBe('DB connection failed');
-      expect(logger.error).toHaveBeenCalledWith(
-        { error: 'DB connection failed' },
-        'Error during DB schema check:',
+      expect(response.body.message).toBe('DB connection failed'); // This is the message from the original error
+      expect(response.body.stack).toBeDefined();
+      expect(response.body.errorId).toEqual(expect.any(String));
+      console.log('[DEBUG] health.routes.test.ts: Verifying logger.error for DB schema check failure');
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });

@@ -175,10 +181,13 @@ describe('Health Routes (/api/health)', () => {
      const response = await supertest(app).get('/api/health/db-schema');

      expect(response.status).toBe(500);
-      expect(response.body.message).toBe('DB connection failed');
-      expect(logger.error).toHaveBeenCalledWith(
-        { error: dbError },
-        'Error during DB schema check:',
+      expect(response.body.message).toBe('DB connection failed'); // This is the message from the original error
+      expect(response.body.errorId).toEqual(expect.any(String));
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.objectContaining({ message: 'DB connection failed' }),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });
  });
@@ -208,9 +217,11 @@ describe('Health Routes (/api/health)', () => {
      // Assert
      expect(response.status).toBe(500);
      expect(response.body.message).toContain('Storage check failed.');
-      expect(logger.error).toHaveBeenCalledWith(
-        { error: 'EACCES: permission denied' },
-        expect.stringContaining('Storage check failed for path:'),
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });

@@ -225,9 +236,11 @@ describe('Health Routes (/api/health)', () => {
      // Assert
      expect(response.status).toBe(500);
      expect(response.body.message).toContain('Storage check failed.');
-      expect(logger.error).toHaveBeenCalledWith(
-        { error: accessError },
-        expect.stringContaining('Storage check failed for path:'),
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });
  });
@@ -282,10 +295,13 @@ describe('Health Routes (/api/health)', () => {
    const response = await supertest(app).get('/api/health/db-pool');

    expect(response.status).toBe(500);
-    expect(response.body.message).toBe('Pool is not initialized');
-    expect(logger.error).toHaveBeenCalledWith(
-      { error: 'Pool is not initialized' },
-      'Error during DB pool health check:',
+    expect(response.body.message).toBe('Pool is not initialized'); // This is the message from the original error
+    expect(response.body.errorId).toEqual(expect.any(String));
+    expect(mockLogger.error).toHaveBeenCalledWith(
+      expect.objectContaining({
+        err: expect.any(Error),
+      }),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
  });

@@ -299,10 +315,52 @@ describe('Health Routes (/api/health)', () => {
    const response = await supertest(app).get('/api/health/db-pool');

    expect(response.status).toBe(500);
-    expect(response.body.message).toBe('Pool is not initialized');
-    expect(logger.error).toHaveBeenCalledWith(
-      { error: poolError },
-      'Error during DB pool health check:',
+    expect(response.body.message).toBe('Pool is not initialized'); // This is the message from the original error
+    expect(response.body.stack).toBeDefined();
+    expect(response.body.errorId).toEqual(expect.any(String));
+    expect(mockLogger.error).toHaveBeenCalledWith(
+      expect.objectContaining({
+        err: expect.objectContaining({ message: 'Pool is not initialized' }),
+      }),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
  });
+
+  describe('GET /redis', () => {
+    it('should return 500 if Redis ping fails', async () => {
+      const redisError = new Error('Connection timed out');
+      mockedRedisConnection.ping.mockRejectedValue(redisError);
+
+      const response = await supertest(app).get('/api/health/redis');
+
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('Connection timed out');
+      expect(response.body.stack).toBeDefined();
+      expect(response.body.errorId).toEqual(expect.any(String));
+      console.log('[DEBUG] health.routes.test.ts: Checking if logger.error was called with the correct pattern');
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
+      );
+    });
+
+    it('should return 500 if Redis ping returns an unexpected response', async () => {
+      mockedRedisConnection.ping.mockResolvedValue('OK'); // Not 'PONG'
+
+      const response = await supertest(app).get('/api/health/redis');
+
+      expect(response.status).toBe(500);
+      expect(response.body.message).toContain('Unexpected Redis ping response: OK');
+      expect(response.body.stack).toBeDefined();
+      expect(response.body.errorId).toEqual(expect.any(String));
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+        }),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
+      );
+    });
+  });
 });
--- a/src/routes/health.routes.ts
+++ b/src/routes/health.routes.ts
@@ -39,8 +39,12 @@ router.get('/db-schema', validateRequest(emptySchema), async (req, res, next: Ne
    }
    return res.status(200).json({ success: true, message: 'All required database tables exist.' });
  } catch (error: unknown) {
-    logger.error({ error }, 'Error during DB schema check:');
-    next(error);
+    if (error instanceof Error) {
+      return next(error);
+    }
+    const message =
+      (error as any)?.message || 'An unknown error occurred during DB schema check.';
+    return next(new Error(message));
  }
 });

@@ -49,7 +53,7 @@ router.get('/db-schema', validateRequest(emptySchema), async (req, res, next: Ne
 * This is important for features like file uploads.
 */
 router.get('/storage', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
-  const storagePath = process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/assets';
+  const storagePath = process.env.STORAGE_PATH || '/var/www/flyer-crawler.projectium.com/flyer-images';
  try {
    await fs.access(storagePath, fs.constants.W_OK); // Use fs.promises
    return res
@@ -59,10 +63,6 @@ router.get('/storage', validateRequest(emptySchema), async (req, res, next: Next
        message: `Storage directory '${storagePath}' is accessible and writable.`,
      });
  } catch (error: unknown) {
-    logger.error(
-      { error: error instanceof Error ? error.message : error },
-      `Storage check failed for path: ${storagePath}`,
-    );
    next(
      new Error(
        `Storage check failed. Ensure the directory '${storagePath}' exists and is writable by the application.`,
@@ -93,11 +93,12 @@ router.get(
          .json({ success: false, message: `Pool may be under stress. ${message}` });
      }
    } catch (error: unknown) {
-      logger.error(
-        { error: error instanceof Error ? error.message : error },
-        'Error during DB pool health check:',
-      );
-      next(error);
+      if (error instanceof Error) {
+        return next(error);
+      }
+      const message =
+        (error as any)?.message || 'An unknown error occurred during DB pool check.';
+      return next(new Error(message));
    }
  },
 );
@@ -130,8 +131,12 @@ router.get(
      }
      throw new Error(`Unexpected Redis ping response: ${reply}`); // This will be caught below
    } catch (error: unknown) {
-      logger.error({ error }, 'Error checking Redis health');
-      next(error);
+      if (error instanceof Error) {
+        return next(error);
+      }
+      const message =
+        (error as any)?.message || 'An unknown error occurred during Redis health check.';
+      return next(new Error(message));
    }
  },
 );
--- a/src/routes/passport.routes.test.ts
+++ b/src/routes/passport.routes.test.ts
@@ -56,7 +56,6 @@ import {
  createMockUserProfile,
  createMockUserWithPasswordHash,
 } from '../tests/utils/mockFactories';
-import { mockLogger } from '../tests/utils/mockLogger';

 // Mock dependencies before importing the passport configuration
 vi.mock('../services/db/index.db', () => ({
@@ -74,9 +73,10 @@ vi.mock('../services/db/index.db', () => ({

 const mockedDb = db as Mocked<typeof db>;

-vi.mock('../services/logger.server', () => ({
-  // This mock is used by the module under test and can be imported in the test file.
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  // Note: We need to await the import inside the factory
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Mock bcrypt for password comparisons
--- a/src/routes/passport.routes.ts
+++ b/src/routes/passport.routes.ts
@@ -260,6 +260,13 @@ const jwtOptions = {
  secretOrKey: JWT_SECRET,
 };

+// --- DEBUG LOGGING FOR JWT SECRET ---
+if (!JWT_SECRET) {
+  logger.fatal('[Passport] CRITICAL: JWT_SECRET is missing or empty in environment variables! JwtStrategy will fail.');
+} else {
+  logger.info(`[Passport] JWT_SECRET loaded successfully (length: ${JWT_SECRET.length}).`);
+}
+
 passport.use(
  new JwtStrategy(jwtOptions, async (jwt_payload, done) => {
    logger.debug(
--- a/src/routes/personalization.routes.test.ts
+++ b/src/routes/personalization.routes.test.ts
@@ -6,7 +6,6 @@ import {
  createMockDietaryRestriction,
  createMockAppliance,
 } from '../tests/utils/mockFactories';
-import { mockLogger } from '../tests/utils/mockLogger';
 import { createTestApp } from '../tests/utils/createTestApp';

 // 1. Mock the Service Layer directly.
@@ -21,10 +20,12 @@ vi.mock('../services/db/index.db', () => ({
 // Import the router and mocked DB AFTER all mocks are defined.
 import personalizationRouter from './personalization.routes';
 import * as db from '../services/db/index.db';
+import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 describe('Personalization Routes (/api/personalization)', () => {
--- a/src/routes/personalization.routes.ts
+++ b/src/routes/personalization.routes.ts
@@ -19,6 +19,12 @@ router.get(
  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
+      // LOGGING: Track how often this heavy DB call is actually made vs served from cache
+      req.log.info('Fetching master items list from database...');
+
+      // Optimization: This list changes rarely. Instruct clients to cache it for 1 hour (3600s).
+      res.set('Cache-Control', 'public, max-age=3600');
+
      const masterItems = await db.personalizationRepo.getAllMasterItems(req.log);
      res.json(masterItems);
    } catch (error) {
--- a/src/routes/price.routes.test.ts
+++ b/src/routes/price.routes.test.ts
@@ -12,8 +12,9 @@ vi.mock('../services/db/price.db', () => ({
 }));

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Import the router AFTER other setup.
--- a/src/routes/recipe.routes.test.ts
+++ b/src/routes/recipe.routes.test.ts
@@ -1,7 +1,6 @@
 // src/routes/recipe.routes.test.ts
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
-import { mockLogger } from '../tests/utils/mockLogger';
 import { createMockRecipe, createMockRecipeComment } from '../tests/utils/mockFactories';
 import { NotFoundError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';
@@ -20,10 +19,12 @@ vi.mock('../services/db/index.db', () => ({
 // Import the router and mocked DB AFTER all mocks are defined.
 import recipeRouter from './recipe.routes';
 import * as db from '../services/db/index.db';
+import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Import the mocked db module to control its functions in tests
--- a/src/routes/stats.routes.test.ts
+++ b/src/routes/stats.routes.test.ts
@@ -1,7 +1,6 @@
 // src/routes/stats.routes.test.ts
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
-import { mockLogger } from '../tests/utils/mockLogger';
 import { createTestApp } from '../tests/utils/createTestApp';

 // 1. Mock the Service Layer directly.
@@ -14,10 +13,12 @@ vi.mock('../services/db/index.db', () => ({
 // Import the router and mocked DB AFTER all mocks are defined.
 import statsRouter from './stats.routes';
 import * as db from '../services/db/index.db';
+import { mockLogger } from '../tests/utils/mockLogger';

 // Mock the logger to keep test output clean
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 const expectLogger = expect.objectContaining({
--- a/src/routes/stats.routes.ts
+++ b/src/routes/stats.routes.ts
@@ -28,10 +28,9 @@ router.get(
  validateRequest(mostFrequentSalesSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
-      // Parse req.query to ensure coercion (string -> number) and defaults are applied.
-      // Even though validateRequest checks validity, it may not mutate req.query with the parsed result.
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
      const { days, limit } = statsQuerySchema.parse(req.query);
-
      const items = await db.adminRepo.getMostFrequentSaleItems(days!, limit!, req.log);
      res.json(items);
    } catch (error) {
--- a/src/routes/system.routes.test.ts
+++ b/src/routes/system.routes.test.ts
@@ -1,26 +1,15 @@
 // src/routes/system.routes.test.ts
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
-import systemRouter from './system.routes'; // This was a duplicate, fixed.
-import { exec, type ExecException, type ExecOptions } from 'child_process';
-import { geocodingService } from '../services/geocodingService.server';
 import { createTestApp } from '../tests/utils/createTestApp';

-// FIX: Use the simple factory pattern for child_process to avoid default export issues
-vi.mock('child_process', () => {
-  const mockExec = vi.fn((command, callback) => {
-    if (typeof callback === 'function') {
-      callback(null, 'PM2 OK', '');
-    }
-    return { unref: () => {} };
-  });
-
-  return {
-    default: { exec: mockExec },
-    exec: mockExec,
-  };
-});
-
+// 1. Mock the Service Layer
+// This decouples the route test from the service's implementation details.
+vi.mock('../services/systemService', () => ({
+  systemService: {
+    getPm2Status: vi.fn(),
+  },
+}));
 // 2. Mock Geocoding
 vi.mock('../services/geocodingService.server', () => ({
  geocodingService: {
@@ -39,44 +28,25 @@ vi.mock('../services/logger.server', () => ({
  },
 }));

+// Import the router AFTER all mocks are defined to ensure systemService picks up the mocked util.promisify
+import { systemService } from '../services/systemService';
+import systemRouter from './system.routes';
+import { geocodingService } from '../services/geocodingService.server';
+
 describe('System Routes (/api/system)', () => {
  const app = createTestApp({ router: systemRouter, basePath: '/api/system' });

  beforeEach(() => {
-    // We cast here to get type-safe access to mock functions like .mockImplementation
    vi.clearAllMocks();
  });

  describe('GET /pm2-status', () => {
    it('should return success: true when pm2 process is online', async () => {
      // Arrange: Simulate a successful `pm2 describe` output for an online process.
-      const pm2OnlineOutput = `
-        ┌─ PM2 info ────────────────┐
-        │ status    │ online    │
-        └───────────┴───────────┘
-      `;
-
-      type ExecCallback = (error: ExecException | null, stdout: string, stderr: string) => void;
-
-      // A robust mock for `exec` that handles its multiple overloads.
-      // This avoids the complex and error-prone `...args` signature.
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?: ExecOptions | ExecCallback | null,
-          callback?: ExecCallback | null,
-        ) => {
-          // The actual callback can be the second or third argument.
-          const actualCallback = (
-            typeof options === 'function' ? options : callback
-          ) as ExecCallback;
-          if (actualCallback) {
-            actualCallback(null, pm2OnlineOutput, '');
-          }
-          // Return a minimal object that satisfies the ChildProcess type for .unref()
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: true,
+        message: 'Application is online and running under PM2.',
+      });

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
@@ -90,28 +60,10 @@ describe('System Routes (/api/system)', () => {
    });

    it('should return success: false when pm2 process is stopped or errored', async () => {
-      const pm2StoppedOutput = `│ status    │ stopped   │`;
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(null, pm2StoppedOutput, '');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: false,
+        message: 'Application process exists but is not online.',
+      });

      const response = await supertest(app).get('/api/system/pm2-status');

@@ -122,33 +74,10 @@ describe('System Routes (/api/system)', () => {

    it('should return success: false when pm2 process does not exist', async () => {
      // Arrange: Simulate `pm2 describe` failing because the process isn't found.
-      const processNotFoundOutput =
-        "[PM2][ERROR] Process or Namespace flyer-crawler-api doesn't exist";
-      const processNotFoundError = new Error(
-        'Command failed: pm2 describe flyer-crawler-api',
-      ) as ExecException;
-      processNotFoundError.code = 1;
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(processNotFoundError, processNotFoundOutput, '');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: false,
+        message: 'Application process is not running under PM2.',
+      });

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
@@ -163,55 +92,17 @@ describe('System Routes (/api/system)', () => {

    it('should return 500 if pm2 command produces stderr output', async () => {
      // Arrange: Simulate a successful exit code but with content in stderr.
-      const stderrOutput = 'A non-fatal warning occurred.';
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(null, 'Some stdout', stderrOutput);
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      const serviceError = new Error('PM2 command produced an error: A non-fatal warning occurred.');
+      vi.mocked(systemService.getPm2Status).mockRejectedValue(serviceError);

      const response = await supertest(app).get('/api/system/pm2-status');
      expect(response.status).toBe(500);
-      expect(response.body.message).toBe(`PM2 command produced an error: ${stderrOutput}`);
+      expect(response.body.message).toBe(serviceError.message);
    });

    it('should return 500 on a generic exec error', async () => {
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(new Error('System error') as ExecException, '', 'stderr output');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      const serviceError = new Error('System error');
+      vi.mocked(systemService.getPm2Status).mockRejectedValue(serviceError);

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
--- a/src/routes/system.routes.ts
+++ b/src/routes/system.routes.ts
@@ -1,11 +1,11 @@
 // src/routes/system.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import { exec } from 'child_process';
-import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { geocodingService } from '../services/geocodingService.server';
 import { validateRequest } from '../middleware/validation.middleware';
+import { z } from 'zod';
 import { requiredString } from '../utils/zodUtils';
+import { systemService } from '../services/systemService';

 const router = Router();

@@ -25,39 +25,13 @@ const emptySchema = z.object({});
 router.get(
  '/pm2-status',
  validateRequest(emptySchema),
-  (req: Request, res: Response, next: NextFunction) => {
-    // The name 'flyer-crawler-api' comes from your ecosystem.config.cjs file.
-    exec('pm2 describe flyer-crawler-api', (error, stdout, stderr) => {
-      if (error) {
-        // 'pm2 describe' exits with an error if the process is not found.
-        // We can treat this as a "fail" status for our check.
-        if (stdout && stdout.includes("doesn't exist")) {
-          logger.warn('[API /pm2-status] PM2 process "flyer-crawler-api" not found.');
-          return res.json({
-            success: false,
-            message: 'Application process is not running under PM2.',
-          });
-        }
-        logger.error(
-          { error: stderr || error.message },
-          '[API /pm2-status] Error executing pm2 describe:',
-        );
-        return next(error);
-      }
-
-      // Check if there was output to stderr, even if the exit code was 0 (success).
-      if (stderr && stderr.trim().length > 0) {
-        logger.error({ stderr }, '[API /pm2-status] PM2 executed but produced stderr:');
-        return next(new Error(`PM2 command produced an error: ${stderr}`));
-      }
-
-      // If the command succeeds, we can parse stdout to check the status.
-      const isOnline = /│ status\s+│ online\s+│/m.test(stdout);
-      const message = isOnline
-        ? 'Application is online and running under PM2.'
-        : 'Application process exists but is not online.';
-      res.json({ success: isOnline, message });
-    });
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const status = await systemService.getPm2Status();
+      res.json(status);
+    } catch (error) {
+      next(error);
+    }
  },
 );

--- a/src/routes/user.routes.test.ts
+++ b/src/routes/user.routes.test.ts
@@ -1,8 +1,9 @@
 // src/routes/user.routes.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterAll } from 'vitest';
 import supertest from 'supertest';
 import express from 'express';
-import * as bcrypt from 'bcrypt';
+import path from 'path';
+import fs from 'node:fs/promises';
 import {
  createMockUserProfile,
  createMockMasterGroceryItem,
@@ -16,10 +17,12 @@ import {
  createMockAddress,
 } from '../tests/utils/mockFactories';
 import { Appliance, Notification, DietaryRestriction } from '../types';
-import { ForeignKeyConstraintError, NotFoundError } from '../services/db/errors.db';
+import { ForeignKeyConstraintError, NotFoundError, ValidationError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
+import { cleanupFiles } from '../tests/utils/cleanupFiles';
 import { logger } from '../services/logger.server';
+import { userService } from '../services/userService';

 // 1. Mock the Service Layer directly.
 // The user.routes.ts file imports from '.../db/index.db'. We need to mock that module.
@@ -28,9 +31,6 @@ vi.mock('../services/db/index.db', () => ({
  userRepo: {
    findUserProfileById: vi.fn(),
    updateUserProfile: vi.fn(),
-    updateUserPassword: vi.fn(),
-    findUserWithPasswordHashById: vi.fn(),
-    deleteUserById: vi.fn(),
    updateUserPreferences: vi.fn(),
  },
  personalizationRepo: {
@@ -69,30 +69,22 @@ vi.mock('../services/db/index.db', () => ({
 // Mock userService
 vi.mock('../services/userService', () => ({
  userService: {
+    updateUserAvatar: vi.fn(),
+    updateUserPassword: vi.fn(),
+    deleteUserAccount: vi.fn(),
+    getUserAddress: vi.fn(),
    upsertUserAddress: vi.fn(),
  },
 }));

-// 2. Mock bcrypt.
-// We return an object that satisfies both default and named imports to be safe.
-vi.mock('bcrypt', () => {
-  const hash = vi.fn();
-  const compare = vi.fn();
-  return {
-    default: { hash, compare },
-    hash,
-    compare,
-  };
-});
-
 // Mock the logger
-vi.mock('../services/logger.server', () => ({
-  logger: mockLogger,
+vi.mock('../services/logger.server', async () => ({
+  // Use async import to avoid hoisting issues with mockLogger
+  logger: (await import('../tests/utils/mockLogger')).mockLogger,
 }));

 // Import the router and other modules AFTER mocks are established
 import userRouter from './user.routes';
-import { userService } from '../services/userService'; // Import for checking calls
 // Import the mocked db module to control its functions in tests
 import * as db from '../services/db/index.db';

@@ -147,8 +139,8 @@ describe('User Routes (/api/users)', () => {

      // Assert
      expect(logger.error).toHaveBeenCalledWith(
-        'Failed to create avatar upload directory:',
-        mkdirError,
+        { error: mkdirError },
+        'Failed to create multer storage directories on startup.',
      );
      vi.doUnmock('node:fs/promises'); // Clean up
    });
@@ -176,6 +168,26 @@ describe('User Routes (/api/users)', () => {
    beforeEach(() => {
      // All tests in this block will use the authenticated app
    });
+
+    afterAll(async () => {
+      // Safeguard to clean up any avatar files created during tests.
+      const uploadDir = path.resolve(__dirname, '../../../uploads/avatars');
+      try {
+        const allFiles = await fs.readdir(uploadDir);
+        // Files are named like 'avatar-user-123-timestamp.ext'
+        const testFiles = allFiles
+          .filter((f) => f.startsWith(`avatar-${mockUserProfile.user.user_id}`))
+          .map((f) => path.join(uploadDir, f));
+
+        if (testFiles.length > 0) {
+          await cleanupFiles(testFiles);
+        }
+      } catch (error) {
+        if (error instanceof Error && (error as NodeJS.ErrnoException).code !== 'ENOENT') {
+          console.error('Error during user routes test file cleanup:', error);
+        }
+      }
+    });
    describe('GET /profile', () => {
      it('should return the full user profile', async () => {
        vi.mocked(db.userRepo.findUserProfileById).mockResolvedValue(mockUserProfile);
@@ -573,6 +585,27 @@ describe('User Routes (/api/users)', () => {
        expect(response.body).toEqual(updatedProfile);
      });

+      it('should allow updating the profile with an empty string for avatar_url', async () => {
+        // Arrange
+        const profileUpdates = { avatar_url: '' };
+        // The service should receive `undefined` after Zod preprocessing
+        const updatedProfile = createMockUserProfile({ ...mockUserProfile, avatar_url: undefined });
+        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue(updatedProfile);
+
+        // Act
+        const response = await supertest(app).put('/api/users/profile').send(profileUpdates);
+
+        // Assert
+        expect(response.status).toBe(200);
+        expect(response.body).toEqual(updatedProfile);
+        // Verify that the Zod schema preprocessed the empty string to undefined
+        expect(db.userRepo.updateUserProfile).toHaveBeenCalledWith(
+          mockUserProfile.user.user_id,
+          { avatar_url: undefined },
+          expectLogger,
+        );
+      });
+
      it('should return 500 on a generic database error', async () => {
        const dbError = new Error('DB Connection Failed');
        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
@@ -597,20 +630,17 @@ describe('User Routes (/api/users)', () => {

    describe('PUT /profile/password', () => {
      it('should update the password successfully with a strong password', async () => {
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
+        vi.mocked(userService.updateUserPassword).mockResolvedValue(undefined);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
-
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Password updated successfully.');
      });

      it('should return 500 on a generic database error', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserPassword).mockRejectedValue(dbError);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
@@ -622,7 +652,6 @@ describe('User Routes (/api/users)', () => {
      });

      it('should return 400 for a weak password', async () => {
-        // Use a password long enough to pass .min(8) but weak enough to fail strength check
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'password123' });
@@ -634,70 +663,38 @@ describe('User Routes (/api/users)', () => {

    describe('DELETE /account', () => {
      it('should delete the account with the correct password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(db.userRepo.deleteUserById).mockResolvedValue(undefined);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+        vi.mocked(userService.deleteUserAccount).mockResolvedValue(undefined);
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Account deleted successfully.');
+        expect(userService.deleteUserAccount).toHaveBeenCalledWith('user-123', 'correct-password', expectLogger);
      });

-      it('should return 403 for an incorrect password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(false as never);
+      it('should return 400 for an incorrect password', async () => {
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new ValidationError([], 'Incorrect password.'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'wrong-password' });

-        expect(response.status).toBe(403);
+        expect(response.status).toBe(400);
        expect(response.body.message).toBe('Incorrect password.');
      });

      it('should return 404 if the user to delete is not found', async () => {
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockRejectedValue(
-          new NotFoundError('User not found or password not set.'),
-        );
-        const response = await supertest(app)
-          .delete('/api/users/account')
-          .send({ password: 'any-password' });
-        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
-      });
-
-      it('should return 404 if user is an OAuth user without a password', async () => {
-        // Simulate an OAuth user who has no password_hash set.
-        const userWithoutHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: null,
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithoutHash);
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new NotFoundError('User not found.'));

        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'any-password' });

        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
+        expect(response.body.message).toBe('User not found.');
      });

      it('should return 500 on a generic database error', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
-        vi.mocked(db.userRepo.deleteUserById).mockRejectedValue(new Error('DB Connection Failed'));
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new Error('DB Connection Failed'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
@@ -978,7 +975,7 @@ describe('User Routes (/api/users)', () => {
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
        const mockAddress = createMockAddress({ address_id: 1, address_line_1: '123 Main St' });
-        vi.mocked(db.addressRepo.getAddressById).mockResolvedValue(mockAddress);
+        vi.mocked(userService.getUserAddress).mockResolvedValue(mockAddress);
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(200);
        expect(response.body).toEqual(mockAddress);
@@ -990,7 +987,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(new Error('DB Error'));
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new Error('DB Error'));
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(500);
      });
@@ -1003,13 +1000,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('GET /addresses/:addressId should return 403 if address does not belong to user', async () => {
-        const appWithDifferentUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: 999 },
-        });
-        const response = await supertest(appWithDifferentUser).get('/api/users/addresses/1');
-        expect(response.status).toBe(403);
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new ValidationError([], 'Forbidden'));
+        const response = await supertest(app).get('/api/users/addresses/2'); // Requesting address 2
+        expect(response.status).toBe(400); // ValidationError maps to 400 by default in the test error handler
+        expect(response.body.message).toBe('Forbidden');
      });

      it('GET /addresses/:addressId should return 404 if address not found', async () => {
@@ -1018,7 +1012,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(
+        vi.mocked(userService.getUserAddress).mockRejectedValue(
          new NotFoundError('Address not found.'),
        );
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
@@ -1027,19 +1021,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('PUT /profile/address should call upsertAddress and updateUserProfile if needed', async () => {
-        const appWithUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: null },
-        }); // User has no address yet
        const addressData = { address_line_1: '123 New St' };
-        vi.mocked(db.addressRepo.upsertAddress).mockResolvedValue(5); // New address ID is 5
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue({
-          ...mockUserProfile,
-          address_id: 5,
-        });
+        vi.mocked(userService.upsertUserAddress).mockResolvedValue(5);

-        const response = await supertest(appWithUser)
+        const response = await supertest(app)
          .put('/api/users/profile/address')
          .send(addressData);

@@ -1071,11 +1056,11 @@ describe('User Routes (/api/users)', () => {

    describe('POST /profile/avatar', () => {
      it('should upload an avatar and update the user profile', async () => {
-        const mockUpdatedProfile = {
+        const mockUpdatedProfile = createMockUserProfile({
          ...mockUserProfile,
          avatar_url: '/uploads/avatars/new-avatar.png',
-        };
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue(mockUpdatedProfile);
+        });
+        vi.mocked(userService.updateUserAvatar).mockResolvedValue(mockUpdatedProfile);

        // Create a dummy file path for supertest to attach
        const dummyImagePath = 'test-avatar.png';
@@ -1085,17 +1070,17 @@ describe('User Routes (/api/users)', () => {
          .attach('avatar', Buffer.from('dummy-image-content'), dummyImagePath);

        expect(response.status).toBe(200);
-        expect(response.body.avatar_url).toContain('/uploads/avatars/');
-        expect(db.userRepo.updateUserProfile).toHaveBeenCalledWith(
+        expect(response.body.avatar_url).toContain('/uploads/avatars/'); // This was a duplicate, fixed.
+        expect(userService.updateUserAvatar).toHaveBeenCalledWith(
          mockUserProfile.user.user_id,
-          { avatar_url: expect.any(String) },
+          expect.any(Object),
          expectLogger,
        );
      });

      it('should return 500 if updating the profile fails after upload', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
        const dummyImagePath = 'test-avatar.png';
        const response = await supertest(app)
          .post('/api/users/profile/avatar')
@@ -1134,6 +1119,27 @@ describe('User Routes (/api/users)', () => {
        expect(response.body.message).toBe('No avatar file uploaded.');
      });

+      it('should clean up the uploaded file if updating the profile fails', async () => {
+        // Spy on the unlink function to ensure it's called on error
+        const unlinkSpy = vi.spyOn(fs, 'unlink').mockResolvedValue(undefined);
+
+        const dbError = new Error('DB Connection Failed');
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
+        const dummyImagePath = 'test-avatar.png';
+
+        const response = await supertest(app)
+          .post('/api/users/profile/avatar')
+          .attach('avatar', Buffer.from('dummy-image-content'), dummyImagePath);
+
+        expect(response.status).toBe(500);
+        // Verify that the cleanup function was called
+        expect(unlinkSpy).toHaveBeenCalledTimes(1);
+        // The filename is predictable because of the multer config in user.routes.ts
+        expect(unlinkSpy).toHaveBeenCalledWith(expect.stringContaining('test-avatar.png'));
+
+        unlinkSpy.mockRestore();
+      });
+
      it('should return 400 for a non-numeric address ID', async () => {
        const response = await supertest(app).get('/api/users/addresses/abc');
        expect(response.status).toBe(400);
--- a/src/routes/user.routes.ts
+++ b/src/routes/user.routes.ts
@@ -1,13 +1,14 @@
 // src/routes/user.routes.ts
 import express, { Request, Response, NextFunction } from 'express';
 import passport from './passport.routes';
-import multer from 'multer';
-import path from 'path';
-import fs from 'node:fs/promises';
-import * as bcrypt from 'bcrypt'; // This was a duplicate, fixed.
+import multer from 'multer'; // Keep for MulterError type check
 import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
+import {
+  createUploadMiddleware,
+  handleMulterError,
+} from '../middleware/multer.middleware';
 import { userService } from '../services/userService';
 import { ForeignKeyConstraintError } from '../services/db/errors.db';
 import { validateRequest } from '../middleware/validation.middleware';
@@ -19,12 +20,19 @@ import {
  optionalBoolean,
 } from '../utils/zodUtils';
 import * as db from '../services/db/index.db';
+import { cleanupUploadedFile } from '../utils/fileUtils';

 const router = express.Router();

 const updateProfileSchema = z.object({
  body: z
-    .object({ full_name: z.string().optional(), avatar_url: z.string().url().optional() })
+    .object({
+      full_name: z.string().optional(),
+      avatar_url: z.preprocess(
+        (val) => (val === '' ? undefined : val),
+        z.string().trim().url().optional(),
+      ),
+    })
    .refine((data) => Object.keys(data).length > 0, {
      message: 'At least one field to update must be provided.',
    }),
@@ -34,6 +42,7 @@ const updatePasswordSchema = z.object({
  body: z.object({
    newPassword: z
      .string()
+      .trim() // Trim whitespace from password input.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -42,6 +51,9 @@ const updatePasswordSchema = z.object({
  }),
 });

+// The `requiredString` utility (modified in `zodUtils.ts`) now handles trimming,
+// so no changes are needed here, but we are confirming that password trimming
+// is now implicitly handled for this schema.
 const deleteAccountSchema = z.object({
  body: z.object({ password: requiredString("Field 'password' is required.") }),
 });
@@ -72,35 +84,10 @@ const emptySchema = z.object({});
 // Any request to a /api/users/* endpoint will now require a valid JWT.
 router.use(passport.authenticate('jwt', { session: false }));

-// --- Multer Configuration for Avatar Uploads ---
-
-// Ensure the directory for avatar uploads exists.
-const avatarUploadDir = path.join(process.cwd(), 'public', 'uploads', 'avatars');
-fs.mkdir(avatarUploadDir, { recursive: true }).catch((err) => {
-  logger.error({ err }, 'Failed to create avatar upload directory');
-});
-
-// Define multer storage configuration. The `req.user` object will be available
-// here because the passport middleware runs before this route handler.
-const avatarStorage = multer.diskStorage({
-  destination: (req, file, cb) => cb(null, avatarUploadDir),
-  filename: (req, file, cb) => {
-    const uniqueSuffix = `${(req.user as UserProfile).user.user_id}-${Date.now()}${path.extname(file.originalname)}`;
-    cb(null, uniqueSuffix);
-  },
-});
-
-const avatarUpload = multer({
-  storage: avatarStorage,
-  limits: { fileSize: 1 * 1024 * 1024 }, // 1MB file size limit
-  fileFilter: (req, file, cb) => {
-    if (file.mimetype.startsWith('image/')) {
-      cb(null, true);
-    } else {
-      // Reject the file with a specific error
-      cb(new Error('Only image files are allowed!'));
-    }
-  },
+const avatarUpload = createUploadMiddleware({
+  storageType: 'avatar',
+  fileSize: 1 * 1024 * 1024, // 1MB
+  fileFilter: 'image',
 });

 /**
@@ -110,18 +97,17 @@ router.post(
  '/profile/avatar',
  avatarUpload.single('avatar'),
  async (req: Request, res: Response, next: NextFunction) => {
+    // The try-catch block was already correct here.
    try {
-      // The try-catch block was already correct here.
+      // The `requireFileUpload` middleware is not used here, so we must check for `req.file`.
      if (!req.file) return res.status(400).json({ message: 'No avatar file uploaded.' });
      const userProfile = req.user as UserProfile;
-      const avatarUrl = `/uploads/avatars/${req.file.filename}`;
-      const updatedProfile = await db.userRepo.updateUserProfile(
-        userProfile.user.user_id,
-        { avatar_url: avatarUrl },
-        req.log,
-      );
+      const updatedProfile = await userService.updateUserAvatar(userProfile.user.user_id, req.file, req.log);
      res.json(updatedProfile);
    } catch (error) {
+      // If an error occurs after the file has been uploaded (e.g., DB error),
+      // we must clean up the orphaned file from the disk.
+      await cleanupUploadedFile(req.file);
      logger.error({ error }, 'Error uploading avatar');
      next(error);
    }
@@ -263,9 +249,7 @@ router.put(
    const { body } = req as unknown as UpdatePasswordRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(body.newPassword, saltRounds);
-      await db.userRepo.updateUserPassword(userProfile.user.user_id, hashedPassword, req.log);
+      await userService.updateUserPassword(userProfile.user.user_id, body.newPassword, req.log);
      res.status(200).json({ message: 'Password updated successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] PUT /api/users/profile/password - ERROR`);
@@ -288,20 +272,7 @@ router.delete(
    const { body } = req as unknown as DeleteAccountRequest;

    try {
-      const userWithHash = await db.userRepo.findUserWithPasswordHashById(
-        userProfile.user.user_id,
-        req.log,
-      );
-      if (!userWithHash || !userWithHash.password_hash) {
-        return res.status(404).json({ message: 'User not found or password not set.' });
-      }
-
-      const isMatch = await bcrypt.compare(body.password, userWithHash.password_hash);
-      if (!isMatch) {
-        return res.status(403).json({ message: 'Incorrect password.' });
-      }
-
-      await db.userRepo.deleteUserById(userProfile.user.user_id, req.log);
+      await userService.deleteUserAccount(userProfile.user.user_id, body.password, req.log);
      res.status(200).json({ message: 'Account deleted successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] DELETE /api/users/account - ERROR`);
@@ -491,7 +462,11 @@ const addShoppingListItemSchema = shoppingListIdSchema.extend({
  body: z
    .object({
      masterItemId: z.number().int().positive().optional(),
-      customItemName: z.string().min(1, 'customItemName cannot be empty if provided').optional(),
+      customItemName: z
+        .string()
+        .trim()
+        .min(1, 'customItemName cannot be empty if provided')
+        .optional(),
    })
    .refine((data) => data.masterItemId || data.customItemName, {
      message: 'Either masterItemId or customItemName must be provided.',
@@ -717,13 +692,7 @@ router.get(
    const { params } = req as unknown as GetAddressRequest;
    try {
      const addressId = params.addressId;
-      // Security check: Ensure the requested addressId matches the one on the user's profile.
-      if (userProfile.address_id !== addressId) {
-        return res
-          .status(403)
-          .json({ message: 'Forbidden: You can only access your own address.' });
-      }
-      const address = await db.addressRepo.getAddressById(addressId, req.log); // This will throw NotFoundError if not found
+      const address = await userService.getUserAddress(userProfile, addressId, req.log);
      res.json(address);
    } catch (error) {
      logger.error({ error }, 'Error fetching user address');
@@ -738,12 +707,12 @@ router.get(
 const updateUserAddressSchema = z.object({
  body: z
    .object({
-      address_line_1: z.string().optional(),
-      address_line_2: z.string().optional(),
-      city: z.string().optional(),
-      province_state: z.string().optional(),
-      postal_code: z.string().optional(),
-      country: z.string().optional(),
+      address_line_1: z.string().trim().optional(),
+      address_line_2: z.string().trim().optional(),
+      city: z.string().trim().optional(),
+      province_state: z.string().trim().optional(),
+      postal_code: z.string().trim().optional(),
+      country: z.string().trim().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, {
      message: 'At least one address field must be provided.',
@@ -803,13 +772,13 @@ router.delete(
 const updateRecipeSchema = recipeIdSchema.extend({
  body: z
    .object({
-      name: z.string().optional(),
-      description: z.string().optional(),
-      instructions: z.string().optional(),
+      name: z.string().trim().optional(),
+      description: z.string().trim().optional(),
+      instructions: z.string().trim().optional(),
      prep_time_minutes: z.number().int().optional(),
      cook_time_minutes: z.number().int().optional(),
      servings: z.number().int().optional(),
-      photo_url: z.string().url().optional(),
+      photo_url: z.string().trim().url().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, { message: 'No fields provided to update.' }),
 });
@@ -841,18 +810,7 @@ router.put(
  },
 );

-// --- General Multer Error Handler ---
-// This should be placed after all routes that use multer.
-// It catches errors from `fileFilter` and other multer issues (e.g., file size limits).
-router.use((err: Error, req: Request, res: Response, next: NextFunction) => {
-  if (err instanceof multer.MulterError) {
-    // A Multer error occurred when uploading (e.g., file too large).
-    return res.status(400).json({ message: `File upload error: ${err.message}` });
-  } else if (err && err.message === 'Only image files are allowed!') {
-    // A custom error from our fileFilter.
-    return res.status(400).json({ message: err.message });
-  }
-  next(err); // Pass on to the next error handler if it's not a multer error we handle.
-});
+/* Catches errors from multer (e.g., file size, file filter) */
+router.use(handleMulterError);

 export default router;
--- a/src/services/aiApiClient.test.ts
+++ b/src/services/aiApiClient.test.ts
@@ -19,13 +19,15 @@ vi.mock('./logger.client', () => ({
    debug: vi.fn(),
    info: vi.fn(),
    error: vi.fn(),
+    warn: vi.fn(),
  },
 }));

 // 2. Mock ./apiClient to simply pass calls through to the global fetch.
 vi.mock('./apiClient', async (importOriginal) => {
-  return {
-    apiFetch: (
+  // This is the core logic we want to preserve: it calls the global fetch
+  // which is then intercepted by MSW.
+  const apiFetch = (
      url: string,
      options: RequestInit = {},
      apiOptions: import('./apiClient').ApiOptions = {},
@@ -59,6 +61,26 @@ vi.mock('./apiClient', async (importOriginal) => {
      const request = new Request(fullUrl, options);
      console.log(`[apiFetch MOCK] Executing fetch for URL: ${request.url}.`);
      return fetch(request);
+  };
+
+  return {
+    // The original mock only had apiFetch. We need to add the helpers.
+    apiFetch,
+
+    // These helpers are what aiApiClient.ts actually calls.
+    // Their mock implementation should just call our mocked apiFetch.
+    authedGet: (endpoint: string, options: import('./apiClient').ApiOptions = {}) => {
+      return apiFetch(endpoint, { method: 'GET' }, options);
+    },
+    authedPost: <T>(endpoint: string, body: T, options: import('./apiClient').ApiOptions = {}) => {
+      return apiFetch(
+        endpoint,
+        { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(body) },
+        options,
+      );
+    },
+    authedPostForm: (endpoint: string, formData: FormData, options: import('./apiClient').ApiOptions = {}) => {
+      return apiFetch(endpoint, { method: 'POST', body: formData }, options);
    },
    // Add a mock for ApiOptions to satisfy the compiler
    ApiOptions: vi.fn(),
@@ -178,6 +200,45 @@ describe('AI API Client (Network Mocking with MSW)', () => {
    });
  });

+  describe('uploadAndProcessFlyer error handling', () => {
+    it('should throw a structured error with JSON body on non-ok response', async () => {
+      const mockFile = new File(['content'], 'flyer.pdf', { type: 'application/pdf' });
+      const checksum = 'checksum-abc-123';
+      const errorBody = { message: 'Checksum already exists', flyerId: 99 };
+
+      server.use(
+        http.post('http://localhost/api/ai/upload-and-process', () => {
+          return HttpResponse.json(errorBody, { status: 409 });
+        }),
+      );
+
+      // The function now throws a structured object, not an Error instance.
+      await expect(aiApiClient.uploadAndProcessFlyer(mockFile, checksum)).rejects.toEqual({
+        status: 409,
+        body: errorBody,
+      });
+    });
+
+    it('should throw a structured error with text body on non-ok, non-JSON response', async () => {
+      const mockFile = new File(['content'], 'flyer.pdf', { type: 'application/pdf' });
+      const checksum = 'checksum-abc-123';
+      const errorText = 'Internal Server Error';
+
+      server.use(
+        http.post('http://localhost/api/ai/upload-and-process', () => {
+          return HttpResponse.text(errorText, { status: 500 });
+        }),
+      );
+
+      // The function now throws a structured object, not an Error instance.
+      // The catch block in the implementation wraps the text in a message property.
+      await expect(aiApiClient.uploadAndProcessFlyer(mockFile, checksum)).rejects.toEqual({
+        status: 500,
+        body: { message: errorText },
+      });
+    });
+  });
+
  describe('getJobStatus', () => {
    it('should send a GET request to the correct job status URL', async () => {
      const jobId = 'job-id-456';
@@ -192,6 +253,82 @@ describe('AI API Client (Network Mocking with MSW)', () => {
    });
  });

+  describe('getJobStatus error handling', () => {
+    const jobId = 'job-id-789';
+
+    it('should throw a JobFailedError if job state is "failed"', async () => {
+      const failedStatus: aiApiClient.JobStatus = {
+        id: jobId,
+        state: 'failed',
+        progress: { message: 'AI model exploded', errorCode: 'AI_ERROR' },
+        returnValue: null,
+        failedReason: 'Raw error from BullMQ',
+      };
+
+      server.use(
+        http.get(`http://localhost/api/ai/jobs/${jobId}/status`, () => {
+          return HttpResponse.json(failedStatus);
+        }),
+      );
+
+      await expect(aiApiClient.getJobStatus(jobId)).rejects.toThrow(
+        new aiApiClient.JobFailedError('AI model exploded', 'AI_ERROR'),
+      );
+    });
+
+    it('should use failedReason for JobFailedError if progress message is missing', async () => {
+      const failedStatus: aiApiClient.JobStatus = {
+        id: jobId,
+        state: 'failed',
+        progress: null, // No progress object
+        returnValue: null,
+        failedReason: 'Raw error from BullMQ',
+      };
+
+      server.use(
+        http.get(`http://localhost/api/ai/jobs/${jobId}/status`, () => {
+          return HttpResponse.json(failedStatus);
+        }),
+      );
+
+      await expect(aiApiClient.getJobStatus(jobId)).rejects.toThrow(
+        new aiApiClient.JobFailedError('Raw error from BullMQ', 'UNKNOWN_ERROR'),
+      );
+    });
+
+    it('should throw a generic error if the API response is not ok', async () => {
+      const errorBody = { message: 'Job not found' };
+      server.use(
+        http.get(`http://localhost/api/ai/jobs/${jobId}/status`, () => {
+          return HttpResponse.json(errorBody, { status: 404 });
+        }),
+      );
+
+      await expect(aiApiClient.getJobStatus(jobId)).rejects.toThrow('Job not found');
+    });
+
+    it('should throw a specific error if a 200 OK response is not valid JSON', async () => {
+      server.use(
+        http.get(`http://localhost/api/ai/jobs/${jobId}/status`, () => {
+          // A 200 OK response that is not JSON is a server-side contract violation.
+          return HttpResponse.text('This should have been JSON', { status: 200 });
+        }),
+      );
+      await expect(aiApiClient.getJobStatus(jobId)).rejects.toThrow(
+        'Failed to parse job status from a successful API response.',
+      );
+    });
+
+    it('should throw a generic error with status text if the non-ok API response is not valid JSON', async () => {
+      server.use(
+        http.get(`http://localhost/api/ai/jobs/${jobId}/status`, () => {
+          return HttpResponse.text('Gateway Timeout', { status: 504, statusText: 'Gateway Timeout' });
+        }),
+      );
+      await expect(aiApiClient.getJobStatus(jobId)).rejects.toThrow('Gateway Timeout');
+    });
+  });
+
  describe('isImageAFlyer', () => {
    it('should construct FormData and send a POST request', async () => {
      const mockFile = new File(['dummy image content'], 'flyer.jpg', { type: 'image/jpeg' });
--- a/src/services/aiApiClient.ts
+++ b/src/services/aiApiClient.ts
@@ -12,7 +12,7 @@ import type {
  GroundedResponse,
 } from '../types';
 import { logger } from './logger.client';
-import { apiFetch } from './apiClient';
+import { apiFetch, authedGet, authedPost, authedPostForm } from './apiClient';

 /**
 * Uploads a flyer file to the backend to be processed asynchronously.
@@ -33,21 +33,16 @@ export const uploadAndProcessFlyer = async (

  logger.info(`[aiApiClient] Starting background processing for file: ${file.name}`);

-  const response = await apiFetch(
-    '/ai/upload-and-process',
-    {
-      method: 'POST',
-      body: formData,
-    },
-    { tokenOverride },
-  );
+  const response = await authedPostForm('/ai/upload-and-process', formData, { tokenOverride });

  if (!response.ok) {
    let errorBody;
+    // Clone the response so we can read the body twice (once as JSON, and as text on failure).
+    const clonedResponse = response.clone();
    try {
      errorBody = await response.json();
    } catch (e) {
-      errorBody = { message: await response.text() };
+      errorBody = { message: await clonedResponse.text() };
    }
    // Throw a structured error so the component can inspect the status and body
    throw { status: response.status, body: errorBody };
@@ -63,12 +58,28 @@ export interface JobStatus {
  progress: {
    stages?: ProcessingStage[];
    estimatedTimeRemaining?: number;
+    // The structured error payload from the backend worker
+    errorCode?: string;
    message?: string;
  } | null;
  returnValue: {
    flyerId?: number;
  } | null;
-  failedReason: string | null;
+  failedReason: string | null; // The raw error string from BullMQ
+}
+
+/**
+ * Custom error class for job failures to make `catch` blocks more specific.
+ * This allows the UI to easily distinguish between a job failure and a network error.
+ */
+export class JobFailedError extends Error {
+  public errorCode: string;
+
+  constructor(message: string, errorCode: string) {
+    super(message);
+    this.name = 'JobFailedError';
+    this.errorCode = errorCode;
+  }
 }

 /**
@@ -77,30 +88,59 @@ export interface JobStatus {
 * @param jobId The ID of the job to check.
 * @param tokenOverride Optional token for testing.
 * @returns A promise that resolves to the parsed job status object.
- * @throws An error if the network request fails or if the response is not valid JSON.
+ * @throws A `JobFailedError` if the job has failed, or a generic `Error` for other issues.
 */
 export const getJobStatus = async (
  jobId: string,
  tokenOverride?: string,
 ): Promise<JobStatus> => {
-  const response = await apiFetch(`/ai/jobs/${jobId}/status`, {}, { tokenOverride });
+  const response = await authedGet(`/ai/jobs/${jobId}/status`, { tokenOverride });

+  // Handle non-OK responses first, as they might not have a JSON body.
  if (!response.ok) {
-    let errorText = `API Error: ${response.status} ${response.statusText}`;
+    let errorMessage = `API Error: ${response.status} ${response.statusText}`;
    try {
-      const errorBody = await response.text();
-      if (errorBody) errorText = `API Error ${response.status}: ${errorBody}`;
+      // Try to get a more specific message from the body.
+      const errorData = await response.json();
+      if (errorData.message) {
+        errorMessage = errorData.message;
+      }
    } catch (e) {
-      // ignore if reading body fails
+      // The body was not JSON, which is fine for a server error page.
+      // The default message is sufficient.
+      logger.warn('getJobStatus received a non-JSON error response.', { status: response.status });
    }
-    throw new Error(errorText);
+    throw new Error(errorMessage);
  }

+  // If we get here, the response is OK (2xx). Now parse the body.
  try {
-    return await response.json();
+    const statusData: JobStatus = await response.json();
+
+    // If the job itself has failed, we should treat this as an error condition
+    // for the polling logic by rejecting the promise. This will stop the polling loop.
+    if (statusData.state === 'failed') {
+      // The structured error payload is in the 'progress' object.
+      const progress = statusData.progress;
+      const userMessage =
+        progress?.message || statusData.failedReason || 'Job failed with an unknown error.';
+      const errorCode = progress?.errorCode || 'UNKNOWN_ERROR';
+
+      logger.error(`Job ${jobId} failed with code: ${errorCode}, message: ${userMessage}`);
+
+      // Throw a custom, structured error so the frontend can react to the errorCode.
+      throw new JobFailedError(userMessage, errorCode);
+    }
+
+    return statusData;
  } catch (error) {
-    const rawText = await response.text();
-    throw new Error(`Failed to parse JSON response from server. Body: ${rawText}`);
+    // If it's the specific error we threw, just re-throw it.
+    if (error instanceof JobFailedError) {
+      throw error;
+    }
+    // This now primarily catches JSON parsing errors on an OK response, which is unexpected.
+    logger.error('getJobStatus failed to parse a successful API response.', { error });
+    throw new Error('Failed to parse job status from a successful API response.');
  }
 };

@@ -113,14 +153,7 @@ export const isImageAFlyer = (

  // Use apiFetchWithAuth for FormData to let the browser set the correct Content-Type.
  // The URL must be relative, as the helper constructs the full path.
-  return apiFetch(
-    '/ai/check-flyer',
-    {
-      method: 'POST',
-      body: formData,
-    },
-    { tokenOverride },
-  );
+  return authedPostForm('/ai/check-flyer', formData, { tokenOverride });
 };

 export const extractAddressFromImage = (
@@ -130,14 +163,7 @@ export const extractAddressFromImage = (
  const formData = new FormData();
  formData.append('image', imageFile);

-  return apiFetch(
-    '/ai/extract-address',
-    {
-      method: 'POST',
-      body: formData,
-    },
-    { tokenOverride },
-  );
+  return authedPostForm('/ai/extract-address', formData, { tokenOverride });
 };

 export const extractLogoFromImage = (
@@ -149,14 +175,7 @@ export const extractLogoFromImage = (
    formData.append('images', file);
  });

-  return apiFetch(
-    '/ai/extract-logo',
-    {
-      method: 'POST',
-      body: formData,
-    },
-    { tokenOverride },
-  );
+  return authedPostForm('/ai/extract-logo', formData, { tokenOverride });
 };

 export const getQuickInsights = (
@@ -164,16 +183,7 @@ export const getQuickInsights = (
  signal?: AbortSignal,
  tokenOverride?: string,
 ): Promise<Response> => {
-  return apiFetch(
-    '/ai/quick-insights',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ items }),
-      signal,
-    },
-    { tokenOverride, signal },
-  );
+  return authedPost('/ai/quick-insights', { items }, { tokenOverride, signal });
 };

 export const getDeepDiveAnalysis = (
@@ -181,16 +191,7 @@ export const getDeepDiveAnalysis = (
  signal?: AbortSignal,
  tokenOverride?: string,
 ): Promise<Response> => {
-  return apiFetch(
-    '/ai/deep-dive',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ items }),
-      signal,
-    },
-    { tokenOverride, signal },
-  );
+  return authedPost('/ai/deep-dive', { items }, { tokenOverride, signal });
 };

 export const searchWeb = (
@@ -198,16 +199,7 @@ export const searchWeb = (
  signal?: AbortSignal,
  tokenOverride?: string,
 ): Promise<Response> => {
-  return apiFetch(
-    '/ai/search-web',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ query }),
-      signal,
-    },
-    { tokenOverride, signal },
-  );
+  return authedPost('/ai/search-web', { query }, { tokenOverride, signal });
 };

 // ============================================================================
@@ -222,15 +214,7 @@ export const planTripWithMaps = async (
  tokenOverride?: string,
 ): Promise<Response> => {
  logger.debug('Stub: planTripWithMaps called with location:', { userLocation });
-  return apiFetch(
-    '/ai/plan-trip',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ items, store, userLocation }),
-    },
-    { signal, tokenOverride },
-  );
+  return authedPost('/ai/plan-trip', { items, store, userLocation }, { signal, tokenOverride });
 };

 /**
@@ -244,16 +228,7 @@ export const generateImageFromText = (
  tokenOverride?: string,
 ): Promise<Response> => {
  logger.debug('Stub: generateImageFromText called with prompt:', { prompt });
-  return apiFetch(
-    '/ai/generate-image',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ prompt }),
-      signal,
-    },
-    { tokenOverride, signal },
-  );
+  return authedPost('/ai/generate-image', { prompt }, { tokenOverride, signal });
 };

 /**
@@ -267,16 +242,7 @@ export const generateSpeechFromText = (
  tokenOverride?: string,
 ): Promise<Response> => {
  logger.debug('Stub: generateSpeechFromText called with text:', { text });
-  return apiFetch(
-    '/ai/generate-speech',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ text }),
-      signal,
-    },
-    { tokenOverride, signal },
-  );
+  return authedPost('/ai/generate-speech', { text }, { tokenOverride, signal });
 };

 /**
@@ -329,11 +295,7 @@ export const rescanImageArea = (
  formData.append('cropArea', JSON.stringify(cropArea));
  formData.append('extractionType', extractionType);

-  return apiFetch(
-    '/ai/rescan-area',
-    { method: 'POST', body: formData },
-    { tokenOverride },
-  );
+  return authedPostForm('/ai/rescan-area', formData, { tokenOverride });
 };

 /**
@@ -347,12 +309,5 @@ export const compareWatchedItemPrices = (
 ): Promise<Response> => {
  // Use the apiFetch wrapper for consistency with other API calls in this file.
  // This centralizes token handling and base URL logic.
-  return apiFetch(
-    '/ai/compare-prices',
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ items: watchedItems }),
-    },
-    { signal },
-  )};
+  return authedPost('/ai/compare-prices', { items: watchedItems }, { signal });
+};
--- a/src/services/aiService.server.test.ts
+++ b/src/services/aiService.server.test.ts
@@ -1,11 +1,18 @@
 // src/services/aiService.server.test.ts
-import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach, type Mock } from 'vitest';
 import { createMockLogger } from '../tests/utils/mockLogger';
 import type { Logger } from 'pino';
-import type { MasterGroceryItem } from '../types';
+import type { FlyerStatus, MasterGroceryItem, UserProfile } from '../types';
 // Import the class, not the singleton instance, so we can instantiate it with mocks.
-import { AIService } from './aiService.server';
+import {
+  AIService,
+  aiService as aiServiceSingleton,
+  DuplicateFlyerError,
+  type RawFlyerItem,
+} from './aiService.server';
 import { createMockMasterGroceryItem } from '../tests/utils/mockFactories';
+import { ValidationError } from './db/errors.db';
+import { AiFlyerDataSchema } from '../types/ai';

 // Mock the logger to prevent the real pino instance from being created, which causes issues with 'pino-pretty' in tests.
 vi.mock('./logger.server', () => ({
@@ -45,6 +52,55 @@ vi.mock('@google/genai', () => {
  };
 });

+// --- New Mocks for Database and Queue ---
+vi.mock('./db/index.db', () => ({
+  flyerRepo: {
+    findFlyerByChecksum: vi.fn(),
+  },
+  adminRepo: {
+    logActivity: vi.fn(),
+  },
+}));
+
+vi.mock('./queueService.server', () => ({
+  flyerQueue: {
+    add: vi.fn(),
+  },
+}));
+
+vi.mock('./db/flyer.db', () => ({
+  createFlyerAndItems: vi.fn(),
+}));
+
+vi.mock('../utils/imageProcessor', () => ({
+  generateFlyerIcon: vi.fn(),
+}));
+
+// Import mocked modules to assert on them
+import * as dbModule from './db/index.db';
+import { flyerQueue } from './queueService.server';
+import { createFlyerAndItems } from './db/flyer.db';
+import { generateFlyerIcon } from '../utils/imageProcessor';
+
+// Define a mock interface that closely resembles the actual Flyer type for testing purposes.
+// This helps ensure type safety in mocks without relying on 'any'.
+interface MockFlyer {
+  flyer_id: number;
+  file_name: string;
+  image_url: string;
+  icon_url: string;
+  checksum: string;
+  store_name: string;
+  valid_from: string | null;
+  valid_to: string | null;
+  store_address: string | null;
+  item_count: number;
+  status: FlyerStatus;
+  uploaded_by: string | null | undefined;
+  created_at: string;
+  updated_at: string;
+}
+
 describe('AI Service (Server)', () => {
  // Create mock dependencies that will be injected into the service
  const mockAiClient = { generateContent: vi.fn() };
@@ -65,6 +121,25 @@ describe('AI Service (Server)', () => {
    });
  });

+  describe('AiFlyerDataSchema', () => {
+    it('should fail validation if store_name is null or empty, covering requiredString', () => {
+      const dataWithNull = { store_name: null, items: [] };
+      const dataWithEmpty = { store_name: '', items: [] };
+      const resultNull = AiFlyerDataSchema.safeParse(dataWithNull);
+      const resultEmpty = AiFlyerDataSchema.safeParse(dataWithEmpty);
+
+      expect(resultNull.success).toBe(false);
+      if (!resultNull.success) {
+        expect(resultNull.error.issues[0].message).toBe('Store name cannot be empty');
+      }
+
+      expect(resultEmpty.success).toBe(false);
+      if (!resultEmpty.success) {
+        expect(resultEmpty.error.issues[0].message).toBe('Store name cannot be empty');
+      }
+    });
+  });
+
  describe('Constructor', () => {
    const originalEnv = process.env;

@@ -148,7 +223,7 @@ describe('AI Service (Server)', () => {
      await adapter.generateContent(request);

      expect(mockGenerateContent).toHaveBeenCalledWith({
-        model: 'gemini-2.5-flash',
+        model: 'gemini-3-flash-preview',
        ...request,
      });
    });
@@ -202,21 +277,22 @@ describe('AI Service (Server)', () => {
      expect(mockGenerateContent).toHaveBeenCalledTimes(2);

      // Check first call
-      expect(mockGenerateContent).toHaveBeenNthCalledWith(1, {
-        model: 'gemini-2.5-flash',
+      expect(mockGenerateContent).toHaveBeenNthCalledWith(1, { // The first model in the list is now 'gemini-3-flash-preview'
+        model: 'gemini-3-flash-preview',
        ...request,
      });

      // Check second call
-      expect(mockGenerateContent).toHaveBeenNthCalledWith(2, {
-        model: 'gemini-3-flash',
+      expect(mockGenerateContent).toHaveBeenNthCalledWith(2, { // The second model in the list is 'gemini-2.5-flash'
+        model: 'gemini-2.5-flash',
        ...request,
      });

      // Check that a warning was logged
      expect(logger.warn).toHaveBeenCalledWith(
+        // The warning should be for the model that failed ('gemini-3-flash-preview'), not the next one.
        expect.stringContaining(
-          "Model 'gemini-2.5-flash' failed due to quota/rate limit. Trying next model.",
+          "Model 'gemini-3-flash-preview' failed due to quota/rate limit. Trying next model.",
        ),
      );
    });
@@ -239,8 +315,8 @@ describe('AI Service (Server)', () => {

      expect(mockGenerateContent).toHaveBeenCalledTimes(1);
      expect(logger.error).toHaveBeenCalledWith(
-        { error: nonRetriableError },
-        `[AIService Adapter] Model 'gemini-2.5-flash' failed with a non-retriable error.`,
+        { error: nonRetriableError }, // The first model in the list is now 'gemini-3-flash-preview'
+        `[AIService Adapter] Model 'gemini-3-flash-preview' failed with a non-retriable error.`,
      );
    });

@@ -267,15 +343,15 @@ describe('AI Service (Server)', () => {
      );

      expect(mockGenerateContent).toHaveBeenCalledTimes(3);
-      expect(mockGenerateContent).toHaveBeenNthCalledWith(1, {
+      expect(mockGenerateContent).toHaveBeenNthCalledWith(1, { // The first model in the list is now 'gemini-3-flash-preview'
+        model: 'gemini-3-flash-preview',
+        ...request,
+      });
+      expect(mockGenerateContent).toHaveBeenNthCalledWith(2, { // The second model in the list is 'gemini-2.5-flash'
        model: 'gemini-2.5-flash',
        ...request,
      });
-      expect(mockGenerateContent).toHaveBeenNthCalledWith(2, {
-        model: 'gemini-3-flash',
-        ...request,
-      });
-      expect(mockGenerateContent).toHaveBeenNthCalledWith(3, {
+      expect(mockGenerateContent).toHaveBeenNthCalledWith(3, { // The third model in the list is 'gemini-2.5-flash-lite'
        model: 'gemini-2.5-flash-lite',
        ...request,
      });
@@ -577,40 +653,6 @@ describe('AI Service (Server)', () => {
    });
  });

-  describe('_normalizeExtractedItems (private method)', () => {
-    it('should replace null or undefined fields with default values', () => {
-      const rawItems: {
-        item: string;
-        price_display: null;
-        quantity: undefined;
-        category_name: null;
-        master_item_id: null;
-      }[] = [
-        {
-          item: 'Test',
-          price_display: null,
-          quantity: undefined,
-          category_name: null,
-          master_item_id: null,
-        },
-      ];
-      const [normalized] = (
-        aiServiceInstance as unknown as {
-          _normalizeExtractedItems: (items: typeof rawItems) => {
-            price_display: string;
-            quantity: string;
-            category_name: string;
-            master_item_id: undefined;
-          }[];
-        }
-      )._normalizeExtractedItems(rawItems);
-      expect(normalized.price_display).toBe('');
-      expect(normalized.quantity).toBe('');
-      expect(normalized.category_name).toBe('Other/Miscellaneous');
-      expect(normalized.master_item_id).toBeUndefined();
-    });
-  });
-
  describe('extractTextFromImageArea', () => {
    it('should call sharp to crop the image and call the AI with the correct prompt', async () => {
      console.log("TEST START: 'should call sharp to crop...'");
@@ -706,4 +748,367 @@ describe('AI Service (Server)', () => {
      );
    });
  });
+
+  describe('planTripWithMaps', () => {
+    const mockUserLocation: GeolocationCoordinates = {
+      latitude: 45,
+      longitude: -75,
+      accuracy: 10,
+      altitude: null,
+      altitudeAccuracy: null,
+      heading: null,
+      speed: null,
+      toJSON: () => ({}),
+    };
+    const mockStore = { name: 'Test Store' };
+
+    it('should throw a "feature disabled" error', async () => {
+      // This test verifies the current implementation which has the feature disabled.
+      await expect(
+        aiServiceInstance.planTripWithMaps([], mockStore, mockUserLocation, mockLoggerInstance),
+      ).rejects.toThrow("The 'planTripWithMaps' feature is currently disabled due to API costs.");
+
+      // Also verify that the warning is logged
+      expect(mockLoggerInstance.warn).toHaveBeenCalledWith(
+        '[AIService] planTripWithMaps called, but feature is disabled. Throwing error.',
+      );
+    });
+  });
+
+  describe('enqueueFlyerProcessing', () => {
+    const mockFile = {
+      path: '/tmp/test.pdf',
+      originalname: 'test.pdf',
+    } as Express.Multer.File;
+    const mockProfile = {
+      user: { user_id: 'user123' },
+      address: {
+        address_line_1: '123 St',
+        city: 'City',
+        country: 'Country', // This was a duplicate, fixed.
+      },
+    } as UserProfile;
+
+    it('should throw DuplicateFlyerError if flyer already exists', async () => {
+      vi.mocked(dbModule.flyerRepo.findFlyerByChecksum).mockResolvedValue({ flyer_id: 99 } as any);
+
+      await expect(
+        aiServiceInstance.enqueueFlyerProcessing(
+          mockFile,
+          'checksum123',
+          mockProfile,
+          '127.0.0.1',
+          mockLoggerInstance,
+        ),
+      ).rejects.toThrow(DuplicateFlyerError);
+    });
+
+    it('should enqueue job with user address if profile exists', async () => {
+      vi.mocked(dbModule.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
+      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job123' } as any);
+
+      const result = await aiServiceInstance.enqueueFlyerProcessing(
+        mockFile,
+        'checksum123',
+        mockProfile,
+        '127.0.0.1',
+        mockLoggerInstance,
+      );
+
+      expect(flyerQueue.add).toHaveBeenCalledWith('process-flyer', {
+        filePath: mockFile.path,
+        originalFileName: mockFile.originalname,
+        checksum: 'checksum123',
+        userId: 'user123',
+        submitterIp: '127.0.0.1',
+        userProfileAddress: '123 St, City, Country', // Partial address match based on filter(Boolean)
+      });
+      expect(result.id).toBe('job123');
+    });
+
+    it('should enqueue job without address if profile is missing', async () => {
+      vi.mocked(dbModule.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
+      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job456' } as any);
+
+      await aiServiceInstance.enqueueFlyerProcessing(
+        mockFile,
+        'checksum123',
+        undefined, // No profile
+        '127.0.0.1',
+        mockLoggerInstance,
+      );
+
+      expect(flyerQueue.add).toHaveBeenCalledWith(
+        'process-flyer',
+        expect.objectContaining({
+          userId: undefined,
+          userProfileAddress: undefined,
+        }),
+      );
+    });
+  });
+
+  describe('processLegacyFlyerUpload', () => {
+    const mockFile = {
+      path: '/tmp/upload.jpg',
+      filename: 'upload.jpg',
+      originalname: 'orig.jpg',
+    } as Express.Multer.File; // This was a duplicate, fixed.
+    const mockProfile = { user: { user_id: 'u1' } } as UserProfile;
+
+    beforeEach(() => {
+      // Default success mocks
+      vi.mocked(dbModule.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
+      vi.mocked(generateFlyerIcon).mockResolvedValue('icon.jpg');
+      vi.mocked(createFlyerAndItems).mockResolvedValue({
+        flyer: {
+          flyer_id: 100,
+          file_name: 'orig.jpg',
+          image_url: '/flyer-images/upload.jpg',
+          icon_url: '/flyer-images/icons/icon.jpg',
+          checksum: 'mock-checksum-123',
+          store_name: 'Mock Store',
+          valid_from: null,
+          valid_to: null,
+          store_address: null,
+          item_count: 0,
+          status: 'processed',
+          uploaded_by: 'u1',
+          created_at: new Date().toISOString(),
+          updated_at: new Date().toISOString(),
+        } as MockFlyer, // Use the more specific MockFlyer type
+        items: [],
+      });
+    });
+
+    it('should throw ValidationError if checksum is missing', async () => {
+      const body = { data: JSON.stringify({}) }; // No checksum
+      await expect(
+        aiServiceInstance.processLegacyFlyerUpload(
+          mockFile,
+          body,
+          mockProfile,
+          mockLoggerInstance,
+        ),
+      ).rejects.toThrow(ValidationError);
+    });
+
+    it('should throw DuplicateFlyerError if checksum exists', async () => {
+      vi.mocked(dbModule.flyerRepo.findFlyerByChecksum).mockResolvedValue({ flyer_id: 55 } as any);
+      const body = { checksum: 'dup-sum' };
+
+      await expect(
+        aiServiceInstance.processLegacyFlyerUpload(
+          mockFile,
+          body,
+          mockProfile,
+          mockLoggerInstance,
+        ),
+      ).rejects.toThrow(DuplicateFlyerError);
+    });
+
+    it('should parse "data" string property containing extractedData', async () => {
+      const payload = {
+        checksum: 'abc',
+        originalFileName: 'test.jpg',
+        extractedData: {
+          store_name: 'My Store',
+          items: [{ item: 'Milk', price_in_cents: 200 }],
+        },
+      };
+      const body = { data: JSON.stringify(payload) };
+
+      await aiServiceInstance.processLegacyFlyerUpload(
+        mockFile,
+        body,
+        mockProfile,
+        mockLoggerInstance,
+      );
+
+      expect(createFlyerAndItems).toHaveBeenCalledWith(
+        expect.objectContaining({
+          store_name: 'My Store',
+          checksum: 'abc',
+        }),
+        expect.arrayContaining([expect.objectContaining({ item: 'Milk' })]),
+        mockLoggerInstance,
+      );
+    });
+
+    it('should handle direct object body with extractedData', async () => {
+      const body = {
+        checksum: 'xyz',
+        extractedData: {
+          store_name: 'Direct Store',
+          valid_from: '2023-01-01',
+        },
+      };
+
+      await aiServiceInstance.processLegacyFlyerUpload(
+        mockFile,
+        body,
+        mockProfile,
+        mockLoggerInstance,
+      );
+
+      expect(createFlyerAndItems).toHaveBeenCalledWith(
+        expect.objectContaining({
+          store_name: 'Direct Store',
+          valid_from: '2023-01-01',
+        }),
+        [], // No items
+        mockLoggerInstance,
+      );
+    });
+
+    it('should fallback for missing store name and normalize items', async () => {
+      const body = {
+        checksum: 'fallback',
+        extractedData: {
+          // store_name missing
+          items: [{ item: 'Bread' }], // minimal item
+        },
+      };
+
+      await aiServiceInstance.processLegacyFlyerUpload(
+        mockFile,
+        body,
+        mockProfile,
+        mockLoggerInstance,
+      );
+
+      expect(createFlyerAndItems).toHaveBeenCalledWith(
+        expect.objectContaining({
+          store_name: 'Unknown Store (auto)',
+        }),
+        expect.arrayContaining([
+          expect.objectContaining({
+            item: 'Bread',
+            quantity: 1, // Default
+            view_count: 0,
+          }),
+        ]),
+        mockLoggerInstance,
+      );
+      expect(mockLoggerInstance.warn).toHaveBeenCalledWith(
+        expect.stringContaining('extractedData.store_name missing'),
+      );
+    });
+
+    it('should log activity and return the new flyer', async () => {
+      const body = { checksum: 'act', extractedData: { store_name: 'Act Store' } };
+      const result = await aiServiceInstance.processLegacyFlyerUpload(
+        mockFile,
+        body,
+        mockProfile,
+        mockLoggerInstance,
+      );
+
+      expect(result).toHaveProperty('flyer_id', 100);
+      expect(dbModule.adminRepo.logActivity).toHaveBeenCalledWith(
+        expect.objectContaining({
+          action: 'flyer_processed',
+          userId: 'u1',
+        }),
+        mockLoggerInstance,
+      );
+    });
+
+    it('should catch JSON parsing errors in _parseLegacyPayload and log warning (errMsg coverage)', async () => {
+      // Sending a body where 'data' is a malformed JSON string to trigger the catch block in _parseLegacyPayload
+      const body = { data: '{ "malformed": json ' };
+
+      // This will eventually throw ValidationError because checksum won't be found
+      await expect(
+        aiServiceInstance.processLegacyFlyerUpload(
+          mockFile,
+          body,
+          mockProfile,
+          mockLoggerInstance,
+        ),
+      ).rejects.toThrow(ValidationError);
+
+      // Verify that the error was caught and logged using errMsg logic
+      expect(mockLoggerInstance.warn).toHaveBeenCalledWith(
+        expect.objectContaining({ error: expect.any(String) }),
+        '[AIService] Failed to parse nested "data" property string.',
+      );
+    });
+
+    it('should handle body as a string', async () => {
+      const payload = { checksum: 'str-body', extractedData: { store_name: 'String Body' } };
+      const body = JSON.stringify(payload);
+
+      await aiServiceInstance.processLegacyFlyerUpload(
+        mockFile,
+        body,
+        mockProfile,
+        mockLoggerInstance,
+      );
+
+      expect(createFlyerAndItems).toHaveBeenCalledWith(
+        expect.objectContaining({ checksum: 'str-body' }),
+        expect.anything(),
+        mockLoggerInstance,
+      );
+    });
+  });
+
+  describe('Singleton Export', () => {
+    it('should export a singleton instance of AIService', () => {
+      expect(aiServiceSingleton).toBeInstanceOf(AIService);
+    });
+  });
+
+  describe('_normalizeExtractedItems (private method)', () => {
+    it('should correctly normalize items with null or undefined price_in_cents', () => {
+      const rawItems: RawFlyerItem[] = [
+        {
+          item: 'Valid Item',
+          price_display: '$1.99',
+          price_in_cents: 199,
+          quantity: '1',
+          category_name: 'Category A',
+          master_item_id: 1,
+        },
+        {
+          item: 'Item with Null Price',
+          price_display: null,
+          price_in_cents: null, // Test case for null
+          quantity: '1',
+          category_name: 'Category B',
+          master_item_id: 2,
+        },
+        {
+          item: 'Item with Undefined Price',
+          price_display: '$2.99',
+          price_in_cents: undefined, // Test case for undefined
+          quantity: '1',
+          category_name: 'Category C',
+          master_item_id: 3,
+        },
+        {
+          item: null, // Test null item name
+          price_display: undefined, // Test undefined display price
+          price_in_cents: 50,
+          quantity: null, // Test null quantity
+          category_name: undefined, // Test undefined category
+          master_item_id: null, // Test null master_item_id
+        },
+      ];
+
+      // Access the private method for testing
+      const normalized = (aiServiceInstance as any)._normalizeExtractedItems(rawItems);
+
+      expect(normalized).toHaveLength(4);
+      expect(normalized[0].price_in_cents).toBe(199);
+      expect(normalized[1].price_in_cents).toBe(null); // null should remain null
+      expect(normalized[2].price_in_cents).toBe(null); // undefined should become null
+      expect(normalized[3].item).toBe('Unknown Item');
+      expect(normalized[3].quantity).toBe('');
+      expect(normalized[3].category_name).toBe('Other/Miscellaneous');
+      expect(normalized[3].master_item_id).toBeUndefined(); // nullish coalescing to undefined
+    });
+  });
+
 });
--- a/src/services/aiService.server.ts
+++ b/src/services/aiService.server.ts
@@ -4,35 +4,47 @@
 * It is intended to be used only by the backend (e.g., server.ts) and should never be imported into client-side code.
 * The `.server.ts` naming convention helps enforce this separation.
 */
-
 import { GoogleGenAI, type GenerateContentResponse, type Content, type Tool } from '@google/genai';
 import fsPromises from 'node:fs/promises';
 import type { Logger } from 'pino';
 import { z } from 'zod';
 import { pRateLimit } from 'p-ratelimit';
-import type { FlyerItem, MasterGroceryItem, ExtractedFlyerItem } from '../types';
+import type {
+  FlyerItem,
+  MasterGroceryItem,
+  ExtractedFlyerItem,
+  UserProfile,
+  ExtractedCoreData,
+  FlyerInsert,
+  Flyer,
+} from '../types';
+import { FlyerProcessingError } from './processingErrors';
+import * as db from './db/index.db';
+import { flyerQueue } from './queueService.server';
+import type { Job } from 'bullmq';
+import { createFlyerAndItems } from './db/flyer.db';
+import { generateFlyerIcon } from '../utils/imageProcessor';
+import path from 'path';
+import { ValidationError } from './db/errors.db'; // Keep this import for ValidationError
+import {
+  AiFlyerDataSchema,
+  ExtractedFlyerItemSchema,
+} from '../types/ai'; // Import consolidated schemas

-// Helper for consistent required string validation (handles missing/null/empty)
-const requiredString = (message: string) =>
-  z.preprocess((val) => val ?? '', z.string().min(1, message));
+interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
+  checksum?: string;
+  originalFileName?: string;
+  extractedData?: Partial<ExtractedCoreData>;
+  data?: FlyerProcessPayload; // For nested data structures
+}

-// --- Zod Schemas for AI Response Validation (exported for the transformer) ---
-const ExtractedFlyerItemSchema = z.object({
-  item: z.string(),
-  price_display: z.string(),
-  price_in_cents: z.number().nullable(),
-  quantity: z.string(),
-  category_name: z.string(),
-  master_item_id: z.number().nullish(), // .nullish() allows null or undefined
-});
-
-export const AiFlyerDataSchema = z.object({
-  store_name: requiredString('Store name cannot be empty'),
-  valid_from: z.string().nullable(),
-  valid_to: z.string().nullable(),
-  store_address: z.string().nullable(),
-  items: z.array(ExtractedFlyerItemSchema),
-});
+// Helper to safely extract an error message from unknown `catch` values.
+const errMsg = (e: unknown) => {
+  if (e instanceof Error) return e.message;
+  if (typeof e === 'object' && e !== null && 'message' in e)
+    return String((e as { message: unknown }).message);
+  return String(e || 'An unknown error occurred.');
+};

 /**
 * Defines the contract for a file system utility. This interface allows for
@@ -58,21 +70,30 @@ interface IAiClient {
 * This type is intentionally loose to accommodate potential null/undefined values
 * from the AI before they are cleaned and normalized.
 */
-type RawFlyerItem = {
-  item: string;
+export type RawFlyerItem = {
+  item: string | null;
  price_display: string | null | undefined;
-  price_in_cents: number | null;
+  price_in_cents: number | null | undefined;
  quantity: string | null | undefined;
  category_name: string | null | undefined;
  master_item_id?: number | null | undefined;
 };

+export class DuplicateFlyerError extends FlyerProcessingError {
+  constructor(message: string, public flyerId: number) {
+    super(message, 'DUPLICATE_FLYER', message);
+  }
+}
+
 export class AIService {
  private aiClient: IAiClient;
  private fs: IFileSystem;
  private rateLimiter: <T>(fn: () => Promise<T>) => Promise<T>;
  private logger: Logger;
-  private readonly models = ['gemini-2.5-flash', 'gemini-3-flash', 'gemini-2.5-flash-lite'];
+  // The fallback list is ordered by preference (speed/cost vs. power).
+  // We try the fastest models first, then the more powerful 'pro' model as a high-quality fallback,
+  // and finally the 'lite' model as a last resort.
+  private readonly models = [ 'gemini-3-flash-preview', 'gemini-2.5-flash', 'gemini-2.5-flash-lite'];

  constructor(logger: Logger, aiClient?: IAiClient, fs?: IFileSystem) {
    this.logger = logger;
@@ -193,7 +214,8 @@ export class AIService {
          errorMessage.includes('quota') ||
          errorMessage.includes('429') || // HTTP 429 Too Many Requests
          errorMessage.includes('resource_exhausted') || // Make case-insensitive
-          errorMessage.includes('model is overloaded')
+          errorMessage.includes('model is overloaded') ||
+          errorMessage.includes('not found') // Also retry if model is not found (e.g., regional availability or API version issue)
        ) {
          this.logger.warn(
            `[AIService Adapter] Model '${modelName}' failed due to quota/rate limit. Trying next model. Error: ${errorMessage}`,
@@ -466,7 +488,7 @@ export class AIService {
    userProfileAddress?: string,
    logger: Logger = this.logger,
  ): Promise<{
-    store_name: string;
+    store_name: string | null;
    valid_from: string | null;
    valid_to: string | null;
    store_address: string | null;
@@ -551,6 +573,11 @@ export class AIService {
  private _normalizeExtractedItems(items: RawFlyerItem[]): ExtractedFlyerItem[] {
    return items.map((item: RawFlyerItem) => ({
      ...item,
+      // Ensure 'item' is always a string, defaulting to 'Unknown Item' if null/undefined.
+      item:
+        item.item === null || item.item === undefined || String(item.item).trim() === ''
+          ? 'Unknown Item'
+          : String(item.item),
      price_display:
        item.price_display === null || item.price_display === undefined
          ? ''
@@ -560,6 +587,8 @@ export class AIService {
        item.category_name === null || item.category_name === undefined
          ? 'Other/Miscellaneous'
          : String(item.category_name),
+      // Ensure undefined is converted to null to match the Zod schema.
+      price_in_cents: item.price_in_cents ?? null,
      master_item_id: item.master_item_id ?? undefined,
    }));
  }
@@ -685,6 +714,168 @@ export class AIService {
      }
      */
  }
+
+
+async enqueueFlyerProcessing(
+    file: Express.Multer.File,
+    checksum: string,
+    userProfile: UserProfile | undefined,
+    submitterIp: string,
+    logger: Logger,
+  ): Promise<Job> {
+    // 1. Check for duplicate flyer
+    const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, logger);
+    if (existingFlyer) {
+      // Throw a specific error for the route to handle
+      throw new DuplicateFlyerError(
+        'This flyer has already been processed.',
+        existingFlyer.flyer_id,
+      );
+    }
+
+    // 2. Construct user address string
+    let userProfileAddress: string | undefined = undefined;
+    if (userProfile?.address) {
+      userProfileAddress = [
+        userProfile.address.address_line_1,
+        userProfile.address.address_line_2,
+        userProfile.address.city,
+        userProfile.address.province_state,
+        userProfile.address.postal_code,
+        userProfile.address.country,
+      ]
+        .filter(Boolean)
+        .join(', ');
+    }
+
+    // 3. Add job to the queue
+    const job = await flyerQueue.add('process-flyer', {
+      filePath: file.path,
+      originalFileName: file.originalname,
+      checksum: checksum,
+      userId: userProfile?.user.user_id,
+      submitterIp: submitterIp,
+      userProfileAddress: userProfileAddress,
+    });
+
+    logger.info(
+      `Enqueued flyer for processing. File: ${file.originalname}, Job ID: ${job.id}`,
+    );
+
+    return job;
+  }
+
+  private _parseLegacyPayload(
+    body: any,
+    logger: Logger,
+  ): { parsed: FlyerProcessPayload; extractedData: Partial<ExtractedCoreData> | null | undefined } {
+    let parsed: FlyerProcessPayload = {};
+
+    try {
+      parsed = typeof body === 'string' ? JSON.parse(body) : body || {};
+    } catch (e) {
+      logger.warn({ error: errMsg(e) }, '[AIService] Failed to parse top-level request body string.');
+      return { parsed: {}, extractedData: {} };
+    }
+
+    // If the real payload is nested inside a 'data' property (which could be a string),
+    // we parse it out but keep the original `parsed` object for top-level properties like checksum.
+    let potentialPayload: FlyerProcessPayload = parsed;
+    if (parsed.data) {
+      if (typeof parsed.data === 'string') {
+        try {
+          potentialPayload = JSON.parse(parsed.data);
+        } catch (e) {
+          logger.warn({ error: errMsg(e) }, '[AIService] Failed to parse nested "data" property string.');
+        }
+      } else if (typeof parsed.data === 'object') {
+        potentialPayload = parsed.data;
+      }
+    }
+
+    // The extracted data is either in an `extractedData` key or is the payload itself.
+    const extractedData = potentialPayload.extractedData ?? potentialPayload;
+
+    // Merge for checksum lookup: properties in the outer `parsed` object (like a top-level checksum)
+    // take precedence over any same-named properties inside `potentialPayload`.
+    const finalParsed = { ...potentialPayload, ...parsed };
+
+    return { parsed: finalParsed, extractedData };
+  }
+
+  async processLegacyFlyerUpload(
+    file: Express.Multer.File,
+    body: any,
+    userProfile: UserProfile | undefined,
+    logger: Logger,
+  ): Promise<Flyer> {
+    const { parsed, extractedData: initialExtractedData } = this._parseLegacyPayload(body, logger);
+    let extractedData = initialExtractedData;
+
+    const checksum = parsed.checksum ?? parsed?.data?.checksum ?? '';
+    if (!checksum) {
+      throw new ValidationError([], 'Checksum is required.');
+    }
+
+    const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, logger);
+    if (existingFlyer) {
+      throw new DuplicateFlyerError('This flyer has already been processed.', existingFlyer.flyer_id);
+    }
+
+    const originalFileName = parsed.originalFileName ?? parsed?.data?.originalFileName ?? file.originalname;
+
+    if (!extractedData || typeof extractedData !== 'object') {
+      logger.warn({ bodyData: parsed }, 'Missing extractedData in legacy payload.');
+      extractedData = {};
+    }
+
+    const rawItems = extractedData.items ?? [];
+    const itemsArray = Array.isArray(rawItems) ? rawItems : typeof rawItems === 'string' ? JSON.parse(rawItems) : [];
+    const itemsForDb = itemsArray.map((item: Partial<ExtractedFlyerItem>) => ({
+      ...item,
+      master_item_id: item.master_item_id === null ? undefined : item.master_item_id,
+      quantity: item.quantity ?? 1,
+      view_count: 0,
+      click_count: 0,
+      updated_at: new Date().toISOString(),
+    }));
+
+    const storeName = extractedData.store_name && String(extractedData.store_name).trim().length > 0 ? String(extractedData.store_name) : 'Unknown Store (auto)';
+    if (storeName.startsWith('Unknown')) {
+      logger.warn('extractedData.store_name missing; using fallback store name.');
+    }
+
+    const iconsDir = path.join(path.dirname(file.path), 'icons');
+    const iconFileName = await generateFlyerIcon(file.path, iconsDir, logger);
+    const iconUrl = `/flyer-images/icons/${iconFileName}`;
+
+    const flyerData: FlyerInsert = {
+      file_name: originalFileName,
+      image_url: `/flyer-images/${file.filename}`,
+      icon_url: iconUrl,
+      checksum: checksum,
+      store_name: storeName,
+      valid_from: extractedData.valid_from ?? null,
+      valid_to: extractedData.valid_to ?? null,
+      store_address: extractedData.store_address ?? null,
+      item_count: 0,
+      status: 'needs_review',
+      uploaded_by: userProfile?.user.user_id,
+    };
+
+    const { flyer: newFlyer, items: newItems } = await createFlyerAndItems(flyerData, itemsForDb, logger);
+
+    logger.info(`Successfully processed legacy flyer: ${newFlyer.file_name} (ID: ${newFlyer.flyer_id}) with ${newItems.length} items.`);
+
+    await db.adminRepo.logActivity({
+      userId: userProfile?.user.user_id,
+      action: 'flyer_processed',
+      displayText: `Processed a new flyer for ${flyerData.store_name}.`,
+      details: { flyerId: newFlyer.flyer_id, storeName: flyerData.store_name },
+    }, logger);
+
+    return newFlyer;
+  }
 }

 // Export a singleton instance of the service for use throughout the application.
--- a/src/services/analyticsService.server.test.ts
+++ b/src/services/analyticsService.server.test.ts
@@ -0,0 +1,153 @@
+// src/services/analyticsService.server.test.ts
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { AnalyticsService } from './analyticsService.server';
+import { logger } from './logger.server';
+import type { Job } from 'bullmq';
+import type { AnalyticsJobData, WeeklyAnalyticsJobData } from '../types/job-data';
+
+// Mock logger
+vi.mock('./logger.server', () => ({
+  logger: {
+    child: vi.fn(),
+    info: vi.fn(),
+    error: vi.fn(),
+  },
+}));
+
+describe('AnalyticsService', () => {
+  let service: AnalyticsService;
+  let mockLoggerInstance: any;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.useFakeTimers();
+
+    // Setup mock logger instance returned by child()
+    mockLoggerInstance = {
+      info: vi.fn(),
+      error: vi.fn(),
+      warn: vi.fn(),
+      debug: vi.fn(),
+    };
+    vi.mocked(logger.child).mockReturnValue(mockLoggerInstance);
+
+    service = new AnalyticsService();
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  const createMockJob = <T>(data: T): Job<T> =>
+    ({
+      id: 'job-123',
+      name: 'analytics-job',
+      data,
+      attemptsMade: 1,
+      updateProgress: vi.fn(),
+    } as unknown as Job<T>);
+
+  describe('processDailyReportJob', () => {
+    it('should process successfully', async () => {
+      const job = createMockJob<AnalyticsJobData>({ reportDate: '2023-10-27' } as AnalyticsJobData);
+
+      const promise = service.processDailyReportJob(job);
+
+      // Fast-forward time to bypass the 10s delay
+      await vi.advanceTimersByTimeAsync(10000);
+
+      const result = await promise;
+
+      expect(result).toEqual({ status: 'success', reportDate: '2023-10-27' });
+      expect(logger.child).toHaveBeenCalledWith(
+        expect.objectContaining({
+          jobId: 'job-123',
+          reportDate: '2023-10-27',
+        }),
+      );
+      expect(mockLoggerInstance.info).toHaveBeenCalledWith('Picked up daily analytics job.');
+      expect(mockLoggerInstance.info).toHaveBeenCalledWith(
+        'Successfully generated report for 2023-10-27.',
+      );
+    });
+
+    it('should handle failure when reportDate is FAIL', async () => {
+      const job = createMockJob<AnalyticsJobData>({ reportDate: 'FAIL' } as AnalyticsJobData);
+
+      const promise = service.processDailyReportJob(job);
+
+      await expect(promise).rejects.toThrow('This is a test failure for the analytics job.');
+
+      expect(mockLoggerInstance.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+          attemptsMade: 1,
+        }),
+        'Daily analytics job failed.',
+      );
+    });
+  });
+
+  describe('processWeeklyReportJob', () => {
+    it('should process successfully', async () => {
+      const job = createMockJob<WeeklyAnalyticsJobData>({
+        reportYear: 2023,
+        reportWeek: 43,
+      } as WeeklyAnalyticsJobData);
+
+      const promise = service.processWeeklyReportJob(job);
+
+      await vi.advanceTimersByTimeAsync(30000);
+
+      const result = await promise;
+
+      expect(result).toEqual({ status: 'success', reportYear: 2023, reportWeek: 43 });
+      expect(logger.child).toHaveBeenCalledWith(
+        expect.objectContaining({
+          jobId: 'job-123',
+          reportYear: 2023,
+          reportWeek: 43,
+        }),
+      );
+      expect(mockLoggerInstance.info).toHaveBeenCalledWith('Picked up weekly analytics job.');
+      expect(mockLoggerInstance.info).toHaveBeenCalledWith(
+        'Successfully generated weekly report for week 43, 2023.',
+      );
+    });
+
+    it('should handle errors during processing', async () => {
+      const job = createMockJob<WeeklyAnalyticsJobData>({
+        reportYear: 2023,
+        reportWeek: 43,
+      } as WeeklyAnalyticsJobData);
+
+      // Make the second info call throw to simulate an error inside the try block
+      mockLoggerInstance.info
+        .mockImplementationOnce(() => {}) // "Picked up..."
+        .mockImplementationOnce(() => {
+          throw new Error('Processing failed');
+        }); // "Successfully generated..."
+
+      // Get the promise from the service method.
+      const promise = service.processWeeklyReportJob(job);
+
+      // Capture the expectation promise BEFORE triggering the rejection.
+      const expectation = expect(promise).rejects.toThrow('Processing failed');
+
+      // Advance timers to trigger the part of the code that throws.
+      await vi.advanceTimersByTimeAsync(30000);
+
+      // Await the expectation to ensure assertions ran.
+      await expectation;
+
+      // Verify the side effect (error logging) after the rejection is confirmed.
+      expect(mockLoggerInstance.error).toHaveBeenCalledWith(
+        expect.objectContaining({
+          err: expect.any(Error),
+          attemptsMade: 1,
+        }),
+        'Weekly analytics job failed.',
+      );
+    });
+  });
+});
--- a/src/services/analyticsService.server.ts
+++ b/src/services/analyticsService.server.ts
@@ -0,0 +1,79 @@
+// src/services/analyticsService.server.ts
+import type { Job } from 'bullmq';
+import { logger as globalLogger } from './logger.server';
+import type { AnalyticsJobData, WeeklyAnalyticsJobData } from '../types/job-data';
+
+/**
+ * A service class to encapsulate business logic for analytics-related background jobs.
+ */
+export class AnalyticsService {
+  /**
+   * Processes a job to generate a daily analytics report.
+   * This is currently a mock implementation.
+   * @param job The BullMQ job object.
+   */
+  async processDailyReportJob(job: Job<AnalyticsJobData>) {
+    const { reportDate } = job.data;
+    const logger = globalLogger.child({
+      jobId: job.id,
+      jobName: job.name,
+      reportDate,
+    });
+
+    logger.info(`Picked up daily analytics job.`);
+
+    try {
+      // This is mock logic, but we keep it in the service
+      if (reportDate === 'FAIL') {
+        throw new Error('This is a test failure for the analytics job.');
+      }
+      // Simulate work
+      await new Promise((resolve) => setTimeout(resolve, 10000));
+      logger.info(`Successfully generated report for ${reportDate}.`);
+      return { status: 'success', reportDate };
+    } catch (error) {
+      const wrappedError = error instanceof Error ? error : new Error(String(error));
+      logger.error(
+        {
+          err: wrappedError,
+          attemptsMade: job.attemptsMade,
+        },
+        `Daily analytics job failed.`,
+      );
+      throw wrappedError;
+    }
+  }
+
+  /**
+   * Processes a job to generate a weekly analytics report.
+   * This is currently a mock implementation.
+   * @param job The BullMQ job object.
+   */
+  async processWeeklyReportJob(job: Job<WeeklyAnalyticsJobData>) {
+    const { reportYear, reportWeek } = job.data;
+    const logger = globalLogger.child({
+      jobId: job.id,
+      jobName: job.name,
+      reportYear,
+      reportWeek,
+    });
+
+    logger.info(`Picked up weekly analytics job.`);
+
+    try {
+      // Mock logic
+      await new Promise((resolve) => setTimeout(resolve, 30000));
+      logger.info(`Successfully generated weekly report for week ${reportWeek}, ${reportYear}.`);
+      return { status: 'success', reportYear, reportWeek };
+    } catch (error) {
+      const wrappedError = error instanceof Error ? error : new Error(String(error));
+      logger.error(
+        { err: wrappedError, attemptsMade: job.attemptsMade },
+        `Weekly analytics job failed.`,
+      );
+      throw wrappedError;
+    }
+  }
+}
+
+export const analyticsService = new AnalyticsService();
--- a/src/services/apiClient.test.ts
+++ b/src/services/apiClient.test.ts
@@ -7,6 +7,17 @@ import { http, HttpResponse } from 'msw';
 vi.unmock('./apiClient');

 import * as apiClient from './apiClient';
+import {
+  createMockAddressPayload,
+  createMockBudget,
+  createMockLoginPayload,
+  createMockProfileUpdatePayload,
+  createMockRecipeCommentPayload,
+  createMockRegisterUserPayload,
+  createMockSearchQueryPayload,
+  createMockShoppingListItemPayload,
+  createMockWatchedItemPayload,
+} from '../tests/utils/mockFactories';

 // Mock the logger to keep test output clean and verifiable.
 vi.mock('./logger', () => ({
@@ -229,33 +240,6 @@ describe('API Client', () => {
    });
  });

-  describe('Analytics API Functions', () => {
-    it('trackFlyerItemInteraction should log a warning on failure', async () => {
-      const { logger } = await import('./logger.client');
-      const apiError = new Error('Network failed');
-      vi.mocked(global.fetch).mockRejectedValue(apiError);
-
-      // We can now await this properly because we added 'return' in apiClient.ts
-      await apiClient.trackFlyerItemInteraction(123, 'click');
-      expect(logger.warn).toHaveBeenCalledWith('Failed to track flyer item interaction', {
-        error: apiError,
-      });
-    });
-
-    it('logSearchQuery should log a warning on failure', async () => {
-      const { logger } = await import('./logger.client');
-      const apiError = new Error('Network failed');
-      vi.mocked(global.fetch).mockRejectedValue(apiError);
-
-      await apiClient.logSearchQuery({
-        query_text: 'test',
-        result_count: 0,
-        was_successful: false,
-      });
-      expect(logger.warn).toHaveBeenCalledWith('Failed to log search query', { error: apiError });
-    });
-  });
-
  describe('apiFetch (with FormData)', () => {
    it('should handle FormData correctly by not setting Content-Type', async () => {
      localStorage.setItem('authToken', 'form-data-token');
@@ -317,10 +301,11 @@ describe('API Client', () => {
    });

    it('addWatchedItem should send a POST request with the correct body', async () => {
-      await apiClient.addWatchedItem('Apples', 'Produce');
+      const watchedItemData = createMockWatchedItemPayload({ itemName: 'Apples', category: 'Produce' });
+      await apiClient.addWatchedItem(watchedItemData.itemName, watchedItemData.category);

      expect(capturedUrl?.pathname).toBe('/api/users/watched-items');
-      expect(capturedBody).toEqual({ itemName: 'Apples', category: 'Produce' });
+      expect(capturedBody).toEqual(watchedItemData);
    });

    it('removeWatchedItem should send a DELETE request to the correct URL', async () => {
@@ -337,12 +322,12 @@ describe('API Client', () => {
    });

    it('createBudget should send a POST request with budget data', async () => {
-      const budgetData = {
+      const budgetData = createMockBudget({
        name: 'Groceries',
        amount_cents: 50000,
-        period: 'monthly' as const,
+        period: 'monthly',
        start_date: '2024-01-01',
-      };
+      });
      await apiClient.createBudget(budgetData);

      expect(capturedUrl?.pathname).toBe('/api/budgets');
@@ -461,7 +446,7 @@ describe('API Client', () => {

    it('addShoppingListItem should send a POST request with item data', async () => {
      const listId = 42;
-      const itemData = { customItemName: 'Paper Towels' };
+      const itemData = createMockShoppingListItemPayload({ customItemName: 'Paper Towels' });
      await apiClient.addShoppingListItem(listId, itemData);

      expect(capturedUrl?.pathname).toBe(`/api/users/shopping-lists/${listId}/items`);
@@ -547,7 +532,7 @@ describe('API Client', () => {

    it('addRecipeComment should send a POST request with content and optional parentId', async () => {
      const recipeId = 456;
-      const commentData = { content: 'This is a reply', parentCommentId: 789 };
+      const commentData = createMockRecipeCommentPayload({ content: 'This is a reply', parentCommentId: 789 });
      await apiClient.addRecipeComment(recipeId, commentData.content, commentData.parentCommentId);
      expect(capturedUrl?.pathname).toBe(`/api/recipes/${recipeId}/comments`);
      expect(capturedBody).toEqual(commentData);
@@ -563,7 +548,7 @@ describe('API Client', () => {
  describe('User Profile and Settings API Functions', () => {
    it('updateUserProfile should send a PUT request with profile data', async () => {
      localStorage.setItem('authToken', 'user-settings-token');
-      const profileData = { full_name: 'John Doe' };
+      const profileData = createMockProfileUpdatePayload({ full_name: 'John Doe' });
      await apiClient.updateUserProfile(profileData, { tokenOverride: 'override-token' });
      expect(capturedUrl?.pathname).toBe('/api/users/profile');
      expect(capturedBody).toEqual(profileData);
@@ -619,14 +604,14 @@ describe('API Client', () => {
    });

    it('registerUser should send a POST request with user data', async () => {
-      await apiClient.registerUser('test@example.com', 'password123', 'Test User');
-      expect(capturedUrl?.pathname).toBe('/api/auth/register');
-      expect(capturedBody).toEqual({
+      const userData = createMockRegisterUserPayload({
        email: 'test@example.com',
        password: 'password123',
        full_name: 'Test User',
-        avatar_url: undefined,
      });
+      await apiClient.registerUser(userData.email, userData.password, userData.full_name);
+      expect(capturedUrl?.pathname).toBe('/api/auth/register');
+      expect(capturedBody).toEqual(userData);
    });

    it('deleteUserAccount should send a DELETE request with the confirmation password', async () => {
@@ -654,7 +639,7 @@ describe('API Client', () => {
    });

    it('updateUserAddress should send a PUT request with address data', async () => {
-      const addressData = { address_line_1: '123 Main St', city: 'Anytown' };
+      const addressData = createMockAddressPayload({ address_line_1: '123 Main St', city: 'Anytown' });
      await apiClient.updateUserAddress(addressData);
      expect(capturedUrl?.pathname).toBe('/api/users/profile/address');
      expect(capturedBody).toEqual(addressData);
@@ -890,6 +875,11 @@ describe('API Client', () => {
      expect(capturedUrl?.pathname).toBe('/api/admin/corrections');
    });

+    it('getFlyersForReview should call the correct endpoint', async () => {
+      await apiClient.getFlyersForReview();
+      expect(capturedUrl?.pathname).toBe('/api/admin/review/flyers');
+    });
+
    it('rejectCorrection should send a POST request to the correct URL', async () => {
      const correctionId = 46;
      await apiClient.rejectCorrection(correctionId);
@@ -942,53 +932,49 @@ describe('API Client', () => {
    });

    it('logSearchQuery should send a POST request with query data', async () => {
-      const queryData = { query_text: 'apples', result_count: 10, was_successful: true };
+      const queryData = createMockSearchQueryPayload({ query_text: 'apples', result_count: 10, was_successful: true });
      await apiClient.logSearchQuery(queryData);
      expect(capturedUrl?.pathname).toBe('/api/search/log');
      expect(capturedBody).toEqual(queryData);
    });

    it('trackFlyerItemInteraction should log a warning on failure', async () => {
-      const { logger } = await import('./logger.client');
      const apiError = new Error('Network failed');
      vi.mocked(global.fetch).mockRejectedValue(apiError);
+      const { logger } = await import('./logger.client');

      // We can now await this properly because we added 'return' in apiClient.ts
      await apiClient.trackFlyerItemInteraction(123, 'click');
      expect(logger.warn).toHaveBeenCalledWith('Failed to track flyer item interaction', {
        error: apiError,
      });
-
-      expect(logger.warn).toHaveBeenCalledWith('Failed to track flyer item interaction', {
-        error: apiError,
-      });
    });

    it('logSearchQuery should log a warning on failure', async () => {
-      const { logger } = await import('./logger.client');
      const apiError = new Error('Network failed');
      vi.mocked(global.fetch).mockRejectedValue(apiError);
+      const { logger } = await import('./logger.client');

-      await apiClient.logSearchQuery({
+      const queryData = createMockSearchQueryPayload({
        query_text: 'test',
        result_count: 0,
        was_successful: false,
      });
-      expect(logger.warn).toHaveBeenCalledWith('Failed to log search query', { error: apiError });
-
+      await apiClient.logSearchQuery(queryData);
      expect(logger.warn).toHaveBeenCalledWith('Failed to log search query', { error: apiError });
    });
  });

  describe('Authentication API Functions', () => {
    it('loginUser should send a POST request with credentials', async () => {
-      await apiClient.loginUser('test@example.com', 'password123', true);
-      expect(capturedUrl?.pathname).toBe('/api/auth/login');
-      expect(capturedBody).toEqual({
+      const loginData = createMockLoginPayload({
        email: 'test@example.com',
        password: 'password123',
        rememberMe: true,
      });
+      await apiClient.loginUser(loginData.email, loginData.password, loginData.rememberMe);
+      expect(capturedUrl?.pathname).toBe('/api/auth/login');
+      expect(capturedBody).toEqual(loginData);
    });
  });

--- a/src/services/apiClient.ts
+++ b/src/services/apiClient.ts
--- a/src/services/authService.test.ts
+++ b/src/services/authService.test.ts
@@ -0,0 +1,339 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import type { UserProfile } from '../types';
+import type * as jsonwebtoken from 'jsonwebtoken';
+
+describe('AuthService', () => {
+  let authService: typeof import('./authService').authService;
+  let bcrypt: typeof import('bcrypt');
+  let jwt: typeof jsonwebtoken & { default: typeof jsonwebtoken };
+  let userRepo: typeof import('./db/index.db').userRepo;
+  let adminRepo: typeof import('./db/index.db').adminRepo;
+  let logger: typeof import('./logger.server').logger;
+  let sendPasswordResetEmail: typeof import('./emailService.server').sendPasswordResetEmail;
+  let UniqueConstraintError: typeof import('./db/errors.db').UniqueConstraintError;
+
+  const reqLog = {}; // Mock request logger object
+  const mockUser = {
+    user_id: 'user-123',
+    email: 'test@example.com',
+    password_hash: 'hashed-password',
+  };
+  const mockUserProfile: UserProfile = {
+    user: mockUser,
+    role: 'user',
+  } as unknown as UserProfile;
+
+  beforeEach(async () => {
+    vi.clearAllMocks();
+    vi.resetModules();
+
+    // Set environment variables before any modules are imported
+    process.env.JWT_SECRET = 'test-secret';
+    process.env.FRONTEND_URL = 'http://localhost:3000';
+
+    // Mock all dependencies before dynamically importing the service
+    // Core modules like bcrypt, jsonwebtoken, and crypto are now mocked globally in tests-setup-unit.ts
+    vi.mock('bcrypt');
+    vi.mock('./db/index.db', () => ({
+      userRepo: {
+        createUser: vi.fn(),
+        saveRefreshToken: vi.fn(),
+        findUserByEmail: vi.fn(),
+        createPasswordResetToken: vi.fn(),
+        getValidResetTokens: vi.fn(),
+        updateUserPassword: vi.fn(),
+        deleteResetToken: vi.fn(),
+        findUserByRefreshToken: vi.fn(),
+        findUserProfileById: vi.fn(),
+        deleteRefreshToken: vi.fn(),
+      },
+      adminRepo: {
+        logActivity: vi.fn(),
+      },
+    }));
+    vi.mock('./logger.server', () => ({
+      logger: { info: vi.fn(), error: vi.fn(), warn: vi.fn(), debug: vi.fn() },
+    }));
+    vi.mock('./emailService.server', () => ({
+      sendPasswordResetEmail: vi.fn(),
+    }));
+    vi.mock('./db/connection.db', () => ({ getPool: vi.fn() }));
+    vi.mock('../utils/authUtils', () => ({ validatePasswordStrength: vi.fn() }));
+
+    // Dynamically import modules to get the mocked versions and the service instance
+    authService = (await import('./authService')).authService;
+    bcrypt = await import('bcrypt');
+    jwt = (await import('jsonwebtoken')) as typeof jwt;
+    const dbModule = await import('./db/index.db');
+    userRepo = dbModule.userRepo;
+    adminRepo = dbModule.adminRepo;
+    logger = (await import('./logger.server')).logger;
+    sendPasswordResetEmail = (await import('./emailService.server')).sendPasswordResetEmail;
+    UniqueConstraintError = (await import('./db/errors.db')).UniqueConstraintError;
+  });
+
+  describe('registerUser', () => {
+    it('should successfully register a new user', async () => {
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'hashed-password');
+      vi.mocked(userRepo.createUser).mockResolvedValue(mockUserProfile);
+
+      const result = await authService.registerUser(
+        'test@example.com',
+        'password123',
+        'Test User',
+        undefined,
+        reqLog,
+      );
+
+      expect(bcrypt.hash).toHaveBeenCalledWith('password123', 10);
+      expect(userRepo.createUser).toHaveBeenCalledWith(
+        'test@example.com',
+        'hashed-password',
+        { full_name: 'Test User', avatar_url: undefined },
+        reqLog,
+      );
+      expect(adminRepo.logActivity).toHaveBeenCalledWith(
+        expect.objectContaining({
+          action: 'user_registered',
+          userId: 'user-123',
+        }),
+        reqLog,
+      );
+      expect(result).toEqual(mockUserProfile);
+    });
+
+    it('should throw UniqueConstraintError if email already exists', async () => {
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'hashed-password');
+      const error = new UniqueConstraintError('Email exists');
+      vi.mocked(userRepo.createUser).mockRejectedValue(error);
+
+      await expect(
+        authService.registerUser('test@example.com', 'password123', undefined, undefined, reqLog),
+      ).rejects.toThrow(UniqueConstraintError);
+
+      expect(logger.error).not.toHaveBeenCalled(); // Should not log expected unique constraint errors as system errors
+    });
+
+    it('should log and throw other errors', async () => {
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'hashed-password');
+      const error = new Error('Database failed');
+      vi.mocked(userRepo.createUser).mockRejectedValue(error);
+
+      await expect(
+        authService.registerUser('test@example.com', 'password123', undefined, undefined, reqLog),
+      ).rejects.toThrow('Database failed');
+
+      expect(logger.error).toHaveBeenCalled();
+    });
+  });
+
+  describe('registerAndLoginUser', () => {
+    it('should register user and return tokens', async () => {
+      // Mock registerUser logic (since we can't easily spy on the same class instance method without prototype spying, we rely on the underlying calls)
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'hashed-password');
+      vi.mocked(userRepo.createUser).mockResolvedValue(mockUserProfile);
+      // FIX: The global mock for jsonwebtoken provides a `default` export.
+      // The code under test (`authService`) uses `import jwt from 'jsonwebtoken'`, so it gets the default export.
+      // We must mock `jwt.default.sign` to affect the code under test.
+      vi.mocked(jwt.default.sign).mockImplementation(() => 'access-token');
+
+      const result = await authService.registerAndLoginUser(
+        'test@example.com',
+        'password123',
+        'Test User',
+        undefined,
+        reqLog,
+      );
+
+      expect(result).toEqual({
+        newUserProfile: mockUserProfile,
+        accessToken: 'access-token',
+        refreshToken: 'mocked_random_id',
+      });
+      expect(userRepo.saveRefreshToken).toHaveBeenCalledWith(
+        'user-123',
+        'mocked_random_id',
+        reqLog,
+      );
+    });
+  });
+
+  describe('generateAuthTokens', () => {
+    it('should generate access and refresh tokens', () => {
+      // FIX: The global mock for jsonwebtoken provides a `default` export.
+      // The code under test (`authService`) uses `import jwt from 'jsonwebtoken'`, so it gets the default export.
+      // We must mock `jwt.default.sign` to affect the code under test.
+      vi.mocked(jwt.default.sign).mockImplementation(() => 'access-token');
+
+      const result = authService.generateAuthTokens(mockUserProfile);
+
+      expect(vi.mocked(jwt.default.sign)).toHaveBeenCalledWith(
+        {
+          user_id: 'user-123',
+          email: 'test@example.com',
+          role: 'user',
+        },
+        'test-secret',
+        { expiresIn: '15m' },
+      );
+      expect(result).toEqual({
+        accessToken: 'access-token',
+        refreshToken: 'mocked_random_id',
+      });
+    });
+  });
+
+  describe('saveRefreshToken', () => {
+    it('should save refresh token to db', async () => {
+      await authService.saveRefreshToken('user-123', 'token', reqLog);
+      expect(userRepo.saveRefreshToken).toHaveBeenCalledWith('user-123', 'token', reqLog);
+    });
+
+    it('should log and throw error on failure', async () => {
+      const error = new Error('DB Error');
+      vi.mocked(userRepo.saveRefreshToken).mockRejectedValue(error);
+
+      await expect(authService.saveRefreshToken('user-123', 'token', reqLog)).rejects.toThrow(
+        'DB Error',
+      );
+      expect(logger.error).toHaveBeenCalledWith(
+        expect.objectContaining({ error }),
+        expect.stringContaining('Failed to save refresh token'),
+      );
+    });
+  });
+
+  describe('resetPassword', () => {
+    it('should process password reset for existing user', async () => {
+      vi.mocked(userRepo.findUserByEmail).mockResolvedValue(mockUser as any);
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'hashed-token');
+
+      const result = await authService.resetPassword('test@example.com', reqLog);
+
+      expect(userRepo.createPasswordResetToken).toHaveBeenCalledWith(
+        'user-123',
+        'hashed-token',
+        expect.any(Date),
+        reqLog,
+      );
+      expect(sendPasswordResetEmail).toHaveBeenCalledWith(
+        'test@example.com',
+        expect.stringContaining('/reset-password/mocked_random_id'),
+        reqLog,
+      );
+      expect(result).toBe('mocked_random_id');
+    });
+
+    it('should log warning and return undefined for non-existent user', async () => {
+      vi.mocked(userRepo.findUserByEmail).mockResolvedValue(undefined);
+
+      const result = await authService.resetPassword('unknown@example.com', reqLog);
+
+      expect(logger.warn).toHaveBeenCalledWith(
+        expect.stringContaining('Password reset requested for non-existent email'),
+      );
+      expect(sendPasswordResetEmail).not.toHaveBeenCalled();
+      expect(result).toBeUndefined();
+    });
+
+    it('should log error and throw on failure', async () => {
+      const error = new Error('DB Error');
+      vi.mocked(userRepo.findUserByEmail).mockRejectedValue(error);
+
+      await expect(authService.resetPassword('test@example.com', reqLog)).rejects.toThrow(
+        'DB Error',
+      );
+      expect(logger.error).toHaveBeenCalled();
+    });
+  });
+
+  describe('updatePassword', () => {
+    it('should update password if token is valid', async () => {
+      const mockTokenRecord = {
+        user_id: 'user-123',
+        token_hash: 'hashed-token',
+      };
+      vi.mocked(userRepo.getValidResetTokens).mockResolvedValue([mockTokenRecord] as any);
+      vi.mocked(bcrypt.compare).mockImplementation(async () => true); // Match found
+      vi.mocked(bcrypt.hash).mockImplementation(async () => 'new-hashed-password');
+
+      const result = await authService.updatePassword('valid-token', 'newPassword', reqLog);
+
+      expect(userRepo.updateUserPassword).toHaveBeenCalledWith(
+        'user-123',
+        'new-hashed-password',
+        reqLog,
+      );
+      expect(userRepo.deleteResetToken).toHaveBeenCalledWith('hashed-token', reqLog);
+      expect(adminRepo.logActivity).toHaveBeenCalledWith(
+        expect.objectContaining({ action: 'password_reset' }),
+        reqLog,
+      );
+      expect(result).toBe(true);
+    });
+
+    it('should return null if token is invalid or not found', async () => {
+      vi.mocked(userRepo.getValidResetTokens).mockResolvedValue([]);
+
+      const result = await authService.updatePassword('invalid-token', 'newPassword', reqLog);
+
+      expect(userRepo.updateUserPassword).not.toHaveBeenCalled();
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('getUserByRefreshToken', () => {
+    it('should return user profile if token exists', async () => {
+      vi.mocked(userRepo.findUserByRefreshToken).mockResolvedValue({ user_id: 'user-123' } as any);
+      vi.mocked(userRepo.findUserProfileById).mockResolvedValue(mockUserProfile);
+
+      const result = await authService.getUserByRefreshToken('valid-token', reqLog);
+
+      expect(result).toEqual(mockUserProfile);
+    });
+
+    it('should return null if token not found', async () => {
+      vi.mocked(userRepo.findUserByRefreshToken).mockResolvedValue(undefined);
+
+      const result = await authService.getUserByRefreshToken('invalid-token', reqLog);
+
+      expect(result).toBeNull();
+    });
+  });
+
+  describe('logout', () => {
+    it('should delete refresh token', async () => {
+      await authService.logout('token', reqLog);
+      expect(userRepo.deleteRefreshToken).toHaveBeenCalledWith('token', reqLog);
+    });
+
+    it('should log and throw on error', async () => {
+      const error = new Error('DB Error');
+      vi.mocked(userRepo.deleteRefreshToken).mockRejectedValue(error);
+
+      await expect(authService.logout('token', reqLog)).rejects.toThrow('DB Error');
+      expect(logger.error).toHaveBeenCalled();
+    });
+  });
+
+  describe('refreshAccessToken', () => {
+    it('should return new access token if user found', async () => {
+      vi.mocked(userRepo.findUserByRefreshToken).mockResolvedValue({ user_id: 'user-123' } as any);
+      vi.mocked(userRepo.findUserProfileById).mockResolvedValue(mockUserProfile);
+      // FIX: The global mock for jsonwebtoken provides a `default` export.
+      // The code under test (`authService`) uses `import jwt from 'jsonwebtoken'`, so it gets the default export.
+      // We must mock `jwt.default.sign` to affect the code under test.
+      vi.mocked(jwt.default.sign).mockImplementation(() => 'new-access-token');
+
+      const result = await authService.refreshAccessToken('valid-token', reqLog);
+
+      expect(result).toEqual({ accessToken: 'new-access-token' });
+    });
+
+    it('should return null if user not found', async () => {
+      vi.mocked(userRepo.findUserByRefreshToken).mockResolvedValue(undefined);
+      const result = await authService.refreshAccessToken('invalid-token', reqLog);
+      expect(result).toBeNull();
+    });
+  });
+});
--- a/src/services/authService.ts
+++ b/src/services/authService.ts
@@ -0,0 +1,221 @@
+// src/services/authService.ts
+import * as bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
+import { userRepo, adminRepo } from './db/index.db';
+import { UniqueConstraintError } from './db/errors.db';
+import { getPool } from './db/connection.db';
+import { logger } from './logger.server';
+import { sendPasswordResetEmail } from './emailService.server';
+import type { UserProfile } from '../types';
+import { validatePasswordStrength } from '../utils/authUtils';
+
+const JWT_SECRET = process.env.JWT_SECRET!;
+
+class AuthService {
+  async registerUser(
+    email: string,
+    password: string,
+    fullName: string | undefined,
+    avatarUrl: string | undefined,
+    reqLog: any,
+  ) {
+    try {
+      const saltRounds = 10;
+      const hashedPassword = await bcrypt.hash(password, saltRounds);
+      logger.info(`Hashing password for new user: ${email}`);
+
+      // The createUser method in UserRepository now handles its own transaction.
+      const newUser = await userRepo.createUser(
+        email,
+        hashedPassword,
+        { full_name: fullName, avatar_url: avatarUrl },
+        reqLog,
+      );
+
+      const userEmail = newUser.user.email;
+      const userId = newUser.user.user_id;
+      logger.info(`Successfully created new user in DB: ${userEmail} (ID: ${userId})`);
+
+      // Use the new standardized logging function
+      await adminRepo.logActivity(
+        {
+          userId: newUser.user.user_id,
+          action: 'user_registered',
+          displayText: `${userEmail} has registered.`,
+          icon: 'user-plus',
+        },
+        reqLog,
+      );
+
+      return newUser;
+    } catch (error: unknown) {
+      if (error instanceof UniqueConstraintError) {
+        // If the email is a duplicate, return a 409 Conflict status.
+        throw error;
+      }
+      logger.error({ error }, `User registration route failed for email: ${email}.`);
+      // Pass the error to the centralized handler
+      throw error;
+    }
+  }
+
+  async registerAndLoginUser(
+    email: string,
+    password: string,
+    fullName: string | undefined,
+    avatarUrl: string | undefined,
+    reqLog: any,
+  ): Promise<{ newUserProfile: UserProfile; accessToken: string; refreshToken: string }> {
+    const newUserProfile = await this.registerUser(
+      email,
+      password,
+      fullName,
+      avatarUrl,
+      reqLog,
+    );
+    const { accessToken, refreshToken } = await this.handleSuccessfulLogin(newUserProfile, reqLog);
+    return { newUserProfile, accessToken, refreshToken };
+  }
+
+  generateAuthTokens(userProfile: UserProfile) {
+    const payload = {
+      user_id: userProfile.user.user_id,
+      email: userProfile.user.email,
+      role: userProfile.role,
+    };
+    const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
+    const refreshToken = crypto.randomBytes(64).toString('hex');
+
+    return { accessToken, refreshToken };
+  }
+
+  async saveRefreshToken(userId: string, refreshToken: string, reqLog: any) {
+    try {
+      await userRepo.saveRefreshToken(userId, refreshToken, reqLog);
+    } catch (tokenErr) {
+      logger.error(
+        { error: tokenErr },
+        `Failed to save refresh token during login for user: ${userId}`,
+      );
+      throw tokenErr;
+    }
+  }
+
+  async handleSuccessfulLogin(userProfile: UserProfile, reqLog: any) {
+    const { accessToken, refreshToken } = this.generateAuthTokens(userProfile);
+    await this.saveRefreshToken(userProfile.user.user_id, refreshToken, reqLog);
+    return { accessToken, refreshToken };
+  }
+
+  async resetPassword(email: string, reqLog: any) {
+    try {
+      logger.debug(`[API /forgot-password] Received request for email: ${email}`);
+      const user = await userRepo.findUserByEmail(email, reqLog);
+      let token: string | undefined;
+      logger.debug(
+        { user: user ? { user_id: user.user_id, email: user.email } : 'NOT FOUND' },
+        `[API /forgot-password] Database search result for ${email}:`,
+      );
+
+      if (user) {
+        token = crypto.randomBytes(32).toString('hex');
+        const saltRounds = 10;
+        const tokenHash = await bcrypt.hash(token, saltRounds);
+        const expiresAt = new Date(Date.now() + 3600000); // 1 hour
+
+        await userRepo.createPasswordResetToken(user.user_id, tokenHash, expiresAt, reqLog);
+
+        const resetLink = `${process.env.FRONTEND_URL}/reset-password/${token}`;
+
+        try {
+          await sendPasswordResetEmail(email, resetLink, reqLog);
+        } catch (emailError) {
+          logger.error({ emailError }, `Email send failure during password reset for user`);
+        }
+      } else {
+        logger.warn(`Password reset requested for non-existent email: ${email}`);
+      }
+
+      return token;
+    } catch (error) {
+      logger.error({ error }, `An error occurred during /forgot-password for email: ${email}`);
+      throw error;
+    }
+  }
+
+  async updatePassword(token: string, newPassword: string, reqLog: any) {
+    try {
+      const validTokens = await userRepo.getValidResetTokens(reqLog);
+      let tokenRecord;
+      for (const record of validTokens) {
+        const isMatch = await bcrypt.compare(token, record.token_hash);
+        if (isMatch) {
+          tokenRecord = record;
+          break;
+        }
+      }
+
+      if (!tokenRecord) {
+        return null;
+      }
+
+      const saltRounds = 10;
+      const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
+
+      await userRepo.updateUserPassword(tokenRecord.user_id, hashedPassword, reqLog);
+      await userRepo.deleteResetToken(tokenRecord.token_hash, reqLog);
+
+      // Log this security event after a successful password reset.
+      await adminRepo.logActivity(
+        {
+          userId: tokenRecord.user_id,
+          action: 'password_reset',
+          displayText: `User ID ${tokenRecord.user_id} has reset their password.`,
+          icon: 'key',
+          details: { source_ip: null },
+        },
+        reqLog,
+      );
+
+      return true;
+    } catch (error) {
+      logger.error({ error }, `An error occurred during password reset.`);
+      throw error;
+    }
+  }
+
+  async getUserByRefreshToken(refreshToken: string, reqLog: any) {
+    try {
+      const basicUser = await userRepo.findUserByRefreshToken(refreshToken, reqLog);
+      if (!basicUser) {
+        return null;
+      }
+      const userProfile = await userRepo.findUserProfileById(basicUser.user_id, reqLog);
+      return userProfile;
+    } catch (error) {
+      logger.error({ error }, 'An error occurred during /refresh-token.');
+      throw error;
+    }
+  }
+
+  async logout(refreshToken: string, reqLog: any) {
+    try {
+      await userRepo.deleteRefreshToken(refreshToken, reqLog);
+    } catch (err: any) {
+      logger.error({ error: err }, 'Failed to delete refresh token from DB during logout.');
+      throw err;
+    }
+  }
+
+  async refreshAccessToken(refreshToken: string, reqLog: any): Promise<{ accessToken: string } | null> {
+    const user = await this.getUserByRefreshToken(refreshToken, reqLog);
+    if (!user) {
+      return null;
+    }
+    const { accessToken } = this.generateAuthTokens(user);
+    return { accessToken };
+  }
+}
+
+export const authService = new AuthService();
--- a/src/services/backgroundJobService.test.ts
+++ b/src/services/backgroundJobService.test.ts
@@ -335,8 +335,14 @@ describe('Background Job Service', () => {
      // Use fake timers to control promise resolution
      vi.useFakeTimers();

+      // Create a controllable promise
+      let resolveRun!: () => void;
+      const runPromise = new Promise<void>((resolve) => {
+        resolveRun = resolve;
+      });
+
      // Make the first call hang indefinitely
-      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(new Promise(() => {}));
+      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(runPromise);

      startBackgroundJobs(
        mockBackgroundJobService,
@@ -352,12 +358,60 @@ describe('Background Job Service', () => {
      // Trigger it a second time immediately
      const secondCall = dailyDealCheckCallback();

+      // Resolve the first call so the test can finish
+      resolveRun();
+
      await Promise.all([firstCall, secondCall]);

      // The service method should only have been called once
      expect(mockBackgroundJobService.runDailyDealCheck).toHaveBeenCalledTimes(1);
    });

+    it('should handle unhandled rejections in the daily deal check cron wrapper', async () => {
+      // Use fake timers to control promise resolution
+      vi.useFakeTimers();
+
+      // Create a controllable promise
+      let resolveRun!: () => void;
+      const runPromise = new Promise<void>((resolve) => {
+        resolveRun = resolve;
+      });
+
+      // Make the first call hang indefinitely to keep the lock active
+      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(runPromise);
+
+      // Make logger.warn throw an error. This is outside the main try/catch in the cron job.
+      const warnError = new Error('Logger warn failed');
+      vi.mocked(globalMockLogger.warn).mockImplementationOnce(() => {
+        throw warnError;
+      });
+
+      startBackgroundJobs(
+        mockBackgroundJobService,
+        mockAnalyticsQueue,
+        mockWeeklyAnalyticsQueue,
+        mockTokenCleanupQueue,
+        globalMockLogger,
+      );
+      const dailyDealCheckCallback = mockCronSchedule.mock.calls[0][1];
+
+      // Trigger the job once, it will hang and set the lock. Then trigger it a second time
+      // to enter the `if (isDailyDealCheckRunning)` block and call the throwing logger.warn.
+      const firstCall = dailyDealCheckCallback();
+      const secondCall = dailyDealCheckCallback();
+
+      // Resolve the first call so the test can finish
+      resolveRun();
+
+      await Promise.allSettled([firstCall, secondCall]);
+
+      // The outer catch block should have been called with the error from logger.warn
+      expect(globalMockLogger.error).toHaveBeenCalledWith(
+        { err: warnError },
+        '[BackgroundJob] Unhandled rejection in daily deal check cron wrapper.',
+      );
+    });
+
    it('should enqueue an analytics job when the second cron job function is executed', async () => {
      startBackgroundJobs(
        mockBackgroundJobService,
@@ -421,6 +475,31 @@ describe('Background Job Service', () => {
      );
    });

+    it('should handle unhandled rejections in the analytics report cron wrapper', async () => {
+      const infoError = new Error('Logger info failed');
+      startBackgroundJobs(
+        mockBackgroundJobService,
+        mockAnalyticsQueue,
+        mockWeeklyAnalyticsQueue,
+        mockTokenCleanupQueue,
+        globalMockLogger,
+      );
+
+      // Make logger.info throw, which is outside the try/catch in the cron job.
+      const infoSpy = vi.spyOn(globalMockLogger, 'info').mockImplementation(() => {
+        throw infoError;
+      });
+
+      const analyticsJobCallback = mockCronSchedule.mock.calls[1][1];
+      await analyticsJobCallback();
+
+      expect(globalMockLogger.error).toHaveBeenCalledWith(
+        { err: infoError }, // The implementation uses `err` key here
+        '[BackgroundJob] Unhandled rejection in analytics report cron wrapper.',
+      );
+      infoSpy.mockRestore();
+    });
+
    it('should enqueue a weekly analytics job when the third cron job function is executed', async () => {
      startBackgroundJobs(
        mockBackgroundJobService,
@@ -483,6 +562,30 @@ describe('Background Job Service', () => {
      );
    });

+    it('should handle unhandled rejections in the weekly analytics report cron wrapper', async () => {
+      const infoError = new Error('Logger info failed');
+      startBackgroundJobs(
+        mockBackgroundJobService,
+        mockAnalyticsQueue,
+        mockWeeklyAnalyticsQueue,
+        mockTokenCleanupQueue,
+        globalMockLogger,
+      );
+
+      const infoSpy = vi.spyOn(globalMockLogger, 'info').mockImplementation(() => {
+        throw infoError;
+      });
+
+      const weeklyAnalyticsJobCallback = mockCronSchedule.mock.calls[2][1];
+      await weeklyAnalyticsJobCallback();
+
+      expect(globalMockLogger.error).toHaveBeenCalledWith(
+        { err: infoError },
+        '[BackgroundJob] Unhandled rejection in weekly analytics report cron wrapper.',
+      );
+      infoSpy.mockRestore();
+    });
+
    it('should enqueue a token cleanup job when the fourth cron job function is executed', async () => {
      startBackgroundJobs(
        mockBackgroundJobService,
@@ -542,6 +645,30 @@ describe('Background Job Service', () => {
      );
    });

+    it('should handle unhandled rejections in the token cleanup cron wrapper', async () => {
+      const infoError = new Error('Logger info failed');
+      startBackgroundJobs(
+        mockBackgroundJobService,
+        mockAnalyticsQueue,
+        mockWeeklyAnalyticsQueue,
+        mockTokenCleanupQueue,
+        globalMockLogger,
+      );
+
+      const infoSpy = vi.spyOn(globalMockLogger, 'info').mockImplementation(() => {
+        throw infoError;
+      });
+
+      const tokenCleanupCallback = mockCronSchedule.mock.calls[3][1];
+      await tokenCleanupCallback();
+
+      expect(globalMockLogger.error).toHaveBeenCalledWith(
+        { err: infoError },
+        '[BackgroundJob] Unhandled rejection in token cleanup cron wrapper.',
+      );
+      infoSpy.mockRestore();
+    });
+
    it('should log a critical error if scheduling fails', () => {
      mockCronSchedule.mockImplementation(() => {
        throw new Error('Scheduling failed');
--- a/src/services/backgroundJobService.ts
+++ b/src/services/backgroundJobService.ts
@@ -7,6 +7,7 @@ import { getSimpleWeekAndYear } from '../utils/dateUtils';
 // Import types for repositories from their source files
 import type { PersonalizationRepository } from './db/personalization.db';
 import type { NotificationRepository } from './db/notification.db';
+import { analyticsQueue, weeklyAnalyticsQueue } from './queueService.server';

 interface EmailJobData {
  to: string;
@@ -23,6 +24,24 @@ export class BackgroundJobService {
    private logger: Logger,
  ) {}

+  public async triggerAnalyticsReport(): Promise<string> {
+    const reportDate = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
+    const jobId = `manual-report-${reportDate}-${Date.now()}`;
+    const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
+    return job.id!;
+  }
+
+  public async triggerWeeklyAnalyticsReport(): Promise<string> {
+    const { year: reportYear, week: reportWeek } = getSimpleWeekAndYear();
+    const jobId = `manual-weekly-report-${reportYear}-${reportWeek}-${Date.now()}`;
+    const job = await weeklyAnalyticsQueue.add(
+      'generate-weekly-report',
+      { reportYear, reportWeek },
+      { jobId },
+    );
+    return job.id!;
+  }
+
  /**
   * Prepares the data for an email notification job based on a user's deals.
   * @param user The user to whom the email will be sent.
@@ -212,7 +231,7 @@ export function startBackgroundJobs(
      })().catch((error: unknown) => {
        // This catch is for unhandled promise rejections from the async wrapper itself.
        logger.error(
-          { error },
+          { err: error },
          '[BackgroundJob] Unhandled rejection in daily deal check cron wrapper.',
        );
        isDailyDealCheckRunning = false;
--- a/src/services/brandService.test.ts
+++ b/src/services/brandService.test.ts
@@ -0,0 +1,51 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { brandService } from './brandService';
+import * as db from './db/index.db';
+import type { Logger } from 'pino';
+
+// Mock dependencies
+vi.mock('./db/index.db', () => ({
+  adminRepo: {
+    updateBrandLogo: vi.fn(),
+  },
+}));
+
+describe('BrandService', () => {
+  const mockLogger = {} as Logger;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('updateBrandLogo', () => {
+    it('should update brand logo and return the new URL', async () => {
+      const brandId = 123;
+      const mockFile = {
+        filename: 'test-logo.jpg',
+      } as Express.Multer.File;
+
+      vi.mocked(db.adminRepo.updateBrandLogo).mockResolvedValue(undefined);
+
+      const result = await brandService.updateBrandLogo(brandId, mockFile, mockLogger);
+
+      expect(result).toBe('/flyer-images/test-logo.jpg');
+      expect(db.adminRepo.updateBrandLogo).toHaveBeenCalledWith(
+        brandId,
+        '/flyer-images/test-logo.jpg',
+        mockLogger,
+      );
+    });
+
+    it('should throw error if database update fails', async () => {
+      const brandId = 123;
+      const mockFile = {
+        filename: 'test-logo.jpg',
+      } as Express.Multer.File;
+      const dbError = new Error('DB Error');
+
+      vi.mocked(db.adminRepo.updateBrandLogo).mockRejectedValue(dbError);
+
+      await expect(brandService.updateBrandLogo(brandId, mockFile, mockLogger)).rejects.toThrow('DB Error');
+    });
+  });
+});
--- a/src/services/brandService.ts
+++ b/src/services/brandService.ts
@@ -0,0 +1,13 @@
+// src/services/brandService.ts
+import * as db from './db/index.db';
+import type { Logger } from 'pino';
+
+class BrandService {
+  async updateBrandLogo(brandId: number, file: Express.Multer.File, logger: Logger): Promise<string> {
+    const logoUrl = `/flyer-images/${file.filename}`;
+    await db.adminRepo.updateBrandLogo(brandId, logoUrl, logger);
+    return logoUrl;
+  }
+}
+
+export const brandService = new BrandService();
--- a/src/services/db/address.db.test.ts
+++ b/src/services/db/address.db.test.ts
@@ -1,14 +1,9 @@
 // src/services/db/address.db.test.ts
 import { describe, it, expect, vi, beforeEach } from 'vitest';
-import type { Pool } from 'pg';
-import { mockPoolInstance } from '../../tests/setup/tests-setup-unit';
 import { AddressRepository } from './address.db';
 import type { Address } from '../../types';
 import { UniqueConstraintError, NotFoundError } from './errors.db';

-// Un-mock the module we are testing
-vi.unmock('./address.db');
-
 // Mock dependencies
 vi.mock('../logger.server', () => ({
  logger: { info: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
@@ -17,10 +12,13 @@ import { logger as mockLogger } from '../logger.server';

 describe('Address DB Service', () => {
  let addressRepo: AddressRepository;
+  const mockDb = {
+    query: vi.fn(),
+  };

  beforeEach(() => {
    vi.clearAllMocks();
-    addressRepo = new AddressRepository(mockPoolInstance as unknown as Pool);
+    addressRepo = new AddressRepository(mockDb);
  });

  describe('getAddressById', () => {
@@ -35,19 +33,19 @@ describe('Address DB Service', () => {
        created_at: new Date().toISOString(),
        updated_at: new Date().toISOString(),
      };
-      mockPoolInstance.query.mockResolvedValue({ rows: [mockAddress] });
+      mockDb.query.mockResolvedValue({ rows: [mockAddress], rowCount: 1 });

      const result = await addressRepo.getAddressById(1, mockLogger);

      expect(result).toEqual(mockAddress);
-      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+      expect(mockDb.query).toHaveBeenCalledWith(
        'SELECT * FROM public.addresses WHERE address_id = $1',
        [1],
      );
    });

    it('should throw NotFoundError if no address is found', async () => {
-      mockPoolInstance.query.mockResolvedValue({ rowCount: 0, rows: [] });
+      mockDb.query.mockResolvedValue({ rowCount: 0, rows: [] });
      await expect(addressRepo.getAddressById(999, mockLogger)).rejects.toThrow(NotFoundError);
      await expect(addressRepo.getAddressById(999, mockLogger)).rejects.toThrow(
        'Address with ID 999 not found.',
@@ -56,7 +54,7 @@ describe('Address DB Service', () => {

    it('should throw an error if the database query fails', async () => {
      const dbError = new Error('DB Error');
-      mockPoolInstance.query.mockRejectedValue(dbError);
+      mockDb.query.mockRejectedValue(dbError);

      await expect(addressRepo.getAddressById(1, mockLogger)).rejects.toThrow(
        'Failed to retrieve address.',
@@ -71,12 +69,12 @@ describe('Address DB Service', () => {
  describe('upsertAddress', () => {
    it('should INSERT a new address when no address_id is provided', async () => {
      const newAddressData = { address_line_1: '456 New Ave', city: 'Newville' };
-      mockPoolInstance.query.mockResolvedValue({ rows: [{ address_id: 2 }] });
+      mockDb.query.mockResolvedValue({ rows: [{ address_id: 2 }] });

      const result = await addressRepo.upsertAddress(newAddressData, mockLogger);

      expect(result).toBe(2);
-      const [query, values] = mockPoolInstance.query.mock.calls[0];
+      const [query, values] = mockDb.query.mock.calls[0];
      expect(query).toContain('INSERT INTO public.addresses');
      expect(query).toContain('ON CONFLICT (address_id) DO UPDATE');
      expect(values).toEqual(['456 New Ave', 'Newville']);
@@ -84,64 +82,47 @@ describe('Address DB Service', () => {

    it('should UPDATE an existing address when an address_id is provided', async () => {
      const existingAddressData = { address_id: 1, address_line_1: '789 Old Rd', city: 'Oldtown' };
-      mockPoolInstance.query.mockResolvedValue({ rows: [{ address_id: 1 }] });
+      mockDb.query.mockResolvedValue({ rows: [{ address_id: 1 }] });

      const result = await addressRepo.upsertAddress(existingAddressData, mockLogger);

      expect(result).toBe(1);
-      const [query, values] = mockPoolInstance.query.mock.calls[0];
+      const [query, values] = mockDb.query.mock.calls[0];
      expect(query).toContain('INSERT INTO public.addresses');
      expect(query).toContain('ON CONFLICT (address_id) DO UPDATE');
-      // The values array should now include the address_id at the beginning
      expect(values).toEqual([1, '789 Old Rd', 'Oldtown']);
    });

-    it('should throw a generic error on INSERT failure', async () => {
-      const newAddressData = { address_line_1: '456 New Ave', city: 'Newville' };
-      const dbError = new Error('DB Error');
-      mockPoolInstance.query.mockRejectedValue(dbError);
+    it('should throw UniqueConstraintError on unique constraint violation', async () => {
+      const addressData = { address_line_1: '123 Duplicate St' };
+      const dbError = new Error('duplicate key value violates unique constraint');
+      (dbError as any).code = '23505';
+      mockDb.query.mockRejectedValue(dbError);

-      await expect(addressRepo.upsertAddress(newAddressData, mockLogger)).rejects.toThrow(
-        'Failed to upsert address.',
-      );
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, address: newAddressData },
-        'Database error in upsertAddress',
-      );
-    });
-
-    it('should throw a generic error on UPDATE failure', async () => {
-      const existingAddressData = { address_id: 1, address_line_1: '789 Old Rd', city: 'Oldtown' };
-      const dbError = new Error('DB Error');
-      mockPoolInstance.query.mockRejectedValue(dbError);
-
-      await expect(addressRepo.upsertAddress(existingAddressData, mockLogger)).rejects.toThrow(
-        'Failed to upsert address.',
-      );
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, address: existingAddressData },
-        'Database error in upsertAddress',
-      );
-    });
-
-    it('should throw UniqueConstraintError on duplicate address insert', async () => {
-      const newAddressData = { address_line_1: '123 Main St', city: 'Anytown' };
-      const dbError = new Error('duplicate key value violates unique constraint') as Error & {
-        code: string;
-      };
-      dbError.code = '23505';
-      mockPoolInstance.query.mockRejectedValue(dbError);
-
-      await expect(addressRepo.upsertAddress(newAddressData, mockLogger)).rejects.toThrow(
+      await expect(addressRepo.upsertAddress(addressData, mockLogger)).rejects.toThrow(
        UniqueConstraintError,
      );
-      await expect(addressRepo.upsertAddress(newAddressData, mockLogger)).rejects.toThrow(
+      await expect(addressRepo.upsertAddress(addressData, mockLogger)).rejects.toThrow(
        'An identical address already exists.',
      );
      expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, address: newAddressData },
+        { err: dbError, address: addressData },
+        'Database error in upsertAddress',
+      );
+    });
+
+    it('should throw a generic error if the database query fails for other reasons', async () => {
+      const addressData = { address_line_1: '789 Failure Rd' };
+      const dbError = new Error('DB Connection Error');
+      mockDb.query.mockRejectedValue(dbError);
+
+      await expect(addressRepo.upsertAddress(addressData, mockLogger)).rejects.toThrow(
+        'Failed to upsert address.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, address: addressData },
        'Database error in upsertAddress',
      );
    });
  });
-});
+});
--- a/Show More
+++ b/Show More