ci: Bump version to 0.2.27 [skip ci]

fix unit tests
ci: Bump version to 0.2.26 [skip ci]
2025-12-30 05:09:16 +05:00 · 2025-12-29 16:08:49 -08:00 · 2025-12-30 04:38:22 +05:00 · 2025-12-29 15:37:51 -08:00 · 2025-12-30 04:15:41 +05:00 · 2025-12-29 15:14:44 -08:00
34 changed files with 1480 additions and 1093 deletions
--- a/.gitea/workflows/deploy-to-test.yml
+++ b/.gitea/workflows/deploy-to-test.yml
@@ -127,7 +127,7 @@ jobs:

          # --- Increase Node.js memory limit to prevent heap out of memory errors ---
          # This is crucial for memory-intensive tasks like running tests and coverage.
-          NODE_OPTIONS: '--max-old-space-size=8192'
+          NODE_OPTIONS: '--max-old-space-size=8192 --trace-warnings --unhandled-rejections=strict'

        run: |
          # Fail-fast check to ensure secrets are configured in Gitea for testing.
@@ -376,7 +376,7 @@ jobs:

          # Application Secrets
          FRONTEND_URL: 'https://flyer-crawler-test.projectium.com'
-          JWT_SECRET: ${{ secrets.JWT_SECRET_TEST }}
+          JWT_SECRET: ${{ secrets.JWT_SECRET }}
          GEMINI_API_KEY: ${{ secrets.VITE_GOOGLE_GENAI_API_KEY_TEST }}
          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}

--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "flyer-crawler",
-  "version": "0.2.20",
+  "version": "0.2.27",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "flyer-crawler",
-      "version": "0.2.20",
+      "version": "0.2.27",
      "dependencies": {
        "@bull-board/api": "^6.14.2",
        "@bull-board/express": "^6.14.2",
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "flyer-crawler",
  "private": true,
-  "version": "0.2.20",
+  "version": "0.2.27",
  "type": "module",
  "scripts": {
    "dev": "concurrently \"npm:start:dev\" \"vite\"",
--- a/src/routes/admin.jobs.routes.test.ts
+++ b/src/routes/admin.jobs.routes.test.ts
@@ -11,6 +11,8 @@ import { createTestApp } from '../tests/utils/createTestApp';
 vi.mock('../services/backgroundJobService', () => ({
  backgroundJobService: {
    runDailyDealCheck: vi.fn(),
+    triggerAnalyticsReport: vi.fn(),
+    triggerWeeklyAnalyticsReport: vi.fn(),
  },
 }));

@@ -142,22 +144,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/analytics-report', () => {
    it('should trigger the analytics report job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-report-job-123' } as Job;
-      vi.mocked(analyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockResolvedValue('manual-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/analytics-report');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Analytics report generation job has been enqueued');
-      expect(analyticsQueue.add).toHaveBeenCalledWith(
-        'generate-daily-report',
-        expect.objectContaining({ reportDate: expect.any(String) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the analytics job fails', async () => {
-      vi.mocked(analyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/analytics-report');
      expect(response.status).toBe(500);
    });
@@ -165,22 +162,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/weekly-analytics', () => {
    it('should trigger the weekly analytics job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-weekly-report-job-123' } as Job;
-      vi.mocked(weeklyAnalyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockResolvedValue('manual-weekly-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Successfully enqueued weekly analytics job');
-      expect(weeklyAnalyticsQueue.add).toHaveBeenCalledWith(
-        'generate-weekly-report',
-        expect.objectContaining({ reportYear: expect.any(Number), reportWeek: expect.any(Number) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerWeeklyAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the weekly analytics job fails', async () => {
-      vi.mocked(weeklyAnalyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');
      expect(response.status).toBe(500);
    });
@@ -242,15 +234,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
      expect(response.status).toBe(400);
    });

-    it('should return 404 if the queue name is valid but not in the retry map', async () => {
-      const queueName = 'weekly-analytics-reporting'; // This is in the Zod enum but not the queueMap
+    it('should return 404 if the job ID is not found in the weekly-analytics-reporting queue', async () => {
+      const queueName = 'weekly-analytics-reporting';
      const jobId = 'some-job-id';

+      // Ensure getJob returns undefined (not found)
+      vi.mocked(weeklyAnalyticsQueue.getJob).mockResolvedValue(undefined);
+
      const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);

-      // The route throws a NotFoundError, which the error handler should convert to a 404.
      expect(response.status).toBe(404);
-      expect(response.body.message).toBe(`Queue 'weekly-analytics-reporting' not found.`);
+      expect(response.body.message).toBe(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
    });

    it('should return 404 if the job ID is not found in the queue', async () => {
--- a/src/routes/admin.routes.ts
+++ b/src/routes/admin.routes.ts
@@ -20,49 +20,25 @@ import { validateRequest } from '../middleware/validation.middleware';
 import { createBullBoard } from '@bull-board/api';
 import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
 import { ExpressAdapter } from '@bull-board/express';
-
-import type { Queue } from 'bullmq';
 import { backgroundJobService } from '../services/backgroundJobService';
-import {
-  flyerQueue,
-  emailQueue,
-  analyticsQueue,
-  cleanupQueue,
-  weeklyAnalyticsQueue,
-} from '../services/queueService.server'; // Import your queues
-import {
-  analyticsWorker,
-  cleanupWorker,
-  emailWorker,
-  flyerWorker,
-  weeklyAnalyticsWorker,
-} from '../services/workers.server';
+import { flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue } from '../services/queueService.server';
 import { getSimpleWeekAndYear } from '../utils/dateUtils';
 import {
  requiredString,
  numericIdParam,
  uuidParamSchema,
  optionalNumeric,
+  optionalString,
 } from '../utils/zodUtils';
-import { logger } from '../services/logger.server';
-import fs from 'node:fs/promises';
-
-/**
- * Safely deletes a file from the filesystem, ignoring errors if the file doesn't exist.
- * @param file The multer file object to delete.
- */
-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.unlink(file.path);
-  } catch (err) {
-    logger.warn({ err, filePath: file.path }, 'Failed to clean up uploaded logo file.');
-  }
-};
+import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
+import { monitoringService } from '../services/monitoringService.server';
+import { userService } from '../services/userService';
+import { cleanupUploadedFile } from '../utils/fileUtils';
+import { brandService } from '../services/brandService';

 const updateCorrectionSchema = numericIdParam('id').extend({
  body: z.object({
-    suggested_value: requiredString('A new suggested_value is required.'),
+    suggested_value: z.string().trim().min(1, 'A new suggested_value is required.'),
  }),
 });

@@ -100,10 +76,12 @@ const jobRetrySchema = z.object({
      'file-cleanup',
      'weekly-analytics-reporting',
    ]),
-    jobId: requiredString('A valid Job ID is required.'),
+    jobId: z.string().trim().min(1, 'A valid Job ID is required.'),
  }),
 });

+const emptySchema = z.object({});
+
 const router = Router();

 const upload = createUploadMiddleware({ storageType: 'flyer' });
@@ -138,7 +116,7 @@ router.use(passport.authenticate('jwt', { session: false }), isAdmin);

 // --- Admin Routes ---

-router.get('/corrections', async (req, res, next: NextFunction) => {
+router.get('/corrections', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const corrections = await db.adminRepo.getSuggestedCorrections(req.log);
    res.json(corrections);
@@ -148,7 +126,7 @@ router.get('/corrections', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/review/flyers', async (req, res, next: NextFunction) => {
+router.get('/review/flyers', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    req.log.debug('Fetching flyers for review via adminRepo');
    const flyers = await db.adminRepo.getFlyersForReview(req.log);
@@ -160,7 +138,7 @@ router.get('/review/flyers', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/brands', async (req, res, next: NextFunction) => {
+router.get('/brands', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const brands = await db.flyerRepo.getAllBrands(req.log);
    res.json(brands);
@@ -170,7 +148,7 @@ router.get('/brands', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats', async (req, res, next: NextFunction) => {
+router.get('/stats', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const stats = await db.adminRepo.getApplicationStats(req.log);
    res.json(stats);
@@ -180,7 +158,7 @@ router.get('/stats', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats/daily', async (req, res, next: NextFunction) => {
+router.get('/stats/daily', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const dailyStats = await db.adminRepo.getDailyStatsForLast30Days(req.log);
    res.json(dailyStats);
@@ -264,7 +242,6 @@ router.post(
  upload.single('logoImage'),
  requireFileUpload('logoImage'),
  async (req: Request, res: Response, next: NextFunction) => {
-    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
    try {
      // Although requireFileUpload middleware should ensure the file exists,
@@ -272,9 +249,8 @@ router.post(
      if (!req.file) {
        throw new ValidationError([], 'Logo image file is missing.');
      }
-      // The storage path is 'flyer-images', so the URL should reflect that for consistency.
-      const logoUrl = `/flyer-images/${req.file.filename}`;
-      await db.adminRepo.updateBrandLogo(params.id, logoUrl, req.log);
+
+      const logoUrl = await brandService.updateBrandLogo(params.id, req.file, req.log);

      logger.info({ brandId: params.id, logoUrl }, `Brand logo updated for brand ID: ${params.id}`);
      res.status(200).json({ message: 'Brand logo updated successfully.', logoUrl });
@@ -288,7 +264,7 @@ router.post(
  },
 );

-router.get('/unmatched-items', async (req, res, next: NextFunction) => {
+router.get('/unmatched-items', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const items = await db.adminRepo.getUnmatchedFlyerItems(req.log);
    res.json(items);
@@ -358,7 +334,7 @@ router.put(
  },
 );

-router.get('/users', async (req, res, next: NextFunction) => {
+router.get('/users', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const users = await db.adminRepo.getAllUsers(req.log);
    res.json(users);
@@ -373,14 +349,11 @@ router.get(
  validateRequest(activityLogSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    // Apply ADR-003 pattern for type safety.
-    // We explicitly coerce query params here because the validation middleware might not
-    // replace req.query with the coerced values in all environments.
-    const query = req.query as unknown as { limit?: string; offset?: string };
-    const limit = query.limit ? Number(query.limit) : 50;
-    const offset = query.offset ? Number(query.offset) : 0;
+    // We parse the query here to apply Zod's coercions (string to number) and defaults.
+    const { limit, offset } = activityLogSchema.shape.query.parse(req.query);

    try {
-      const logs = await db.adminRepo.getActivityLog(limit, offset, req.log);
+      const logs = await db.adminRepo.getActivityLog(limit!, offset!, req.log);
      res.json(logs);
    } catch (error) {
      logger.error({ error }, 'Error fetching activity log');
@@ -429,10 +402,7 @@ router.delete(
    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof uuidParamSchema>>;
    try {
-      if (userProfile.user.user_id === params.id) {
-        throw new ValidationError([], 'Admins cannot delete their own account.');
-      }
-      await db.userRepo.deleteUserById(params.id, req.log);
+      await userService.deleteUserAsAdmin(userProfile.user.user_id, params.id, req.log);
      res.status(204).send();
    } catch (error) {
      logger.error({ error }, 'Error deleting user');
@@ -447,6 +417,7 @@ router.delete(
 */
 router.post(
  '/trigger/daily-deal-check',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -474,6 +445,7 @@ router.post(
 */
 router.post(
  '/trigger/analytics-report',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -481,14 +453,9 @@ router.post(
    );

    try {
-      const reportDate = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
-      // Use a unique job ID for manual triggers to distinguish them from scheduled jobs.
-      const jobId = `manual-report-${reportDate}-${Date.now()}`;
-
-      const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
-
+      const jobId = await backgroundJobService.triggerAnalyticsReport();
      res.status(202).json({
-        message: `Analytics report generation job has been enqueued successfully. Job ID: ${job.id}`,
+        message: `Analytics report generation job has been enqueued successfully. Job ID: ${jobId}`,
      });
    } catch (error) {
      logger.error({ error }, '[Admin] Failed to enqueue analytics report job.');
@@ -529,7 +496,10 @@ router.post(
 * POST /api/admin/trigger/failing-job - Enqueue a test job designed to fail.
 * This is for testing the retry mechanism and Bull Board UI.
 */
-router.post('/trigger/failing-job', async (req: Request, res: Response, next: NextFunction) => {
+router.post(
+  '/trigger/failing-job',
+  validateRequest(emptySchema),
+  async (req: Request, res: Response, next: NextFunction) => {
  const userProfile = req.user as UserProfile;
  logger.info(
    `[Admin] Manual trigger for a failing job received from user: ${userProfile.user.user_id}`,
@@ -545,7 +515,8 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
    logger.error({ error }, 'Error enqueuing failing job');
    next(error);
  }
-});
+}
+);

 /**
 * POST /api/admin/system/clear-geocode-cache - Clears the Redis cache for geocoded addresses.
@@ -553,6 +524,7 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
 */
 router.post(
  '/system/clear-geocode-cache',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -575,44 +547,23 @@ router.post(
 * GET /api/admin/workers/status - Get the current running status of all BullMQ workers.
 * This is useful for a system health dashboard to see if any workers have crashed.
 */
-router.get('/workers/status', async (req: Request, res: Response) => {
-  const workers = [flyerWorker, emailWorker, analyticsWorker, cleanupWorker, weeklyAnalyticsWorker];
-
-  const workerStatuses = await Promise.all(
-    workers.map(async (worker) => {
-      return {
-        name: worker.name,
-        isRunning: worker.isRunning(),
-      };
-    }),
-  );
-
-  res.json(workerStatuses);
+router.get('/workers/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const workerStatuses = await monitoringService.getWorkerStatuses();
+    res.json(workerStatuses);
+  } catch (error) {
+    logger.error({ error }, 'Error fetching worker statuses');
+    next(error);
+  }
 });

 /**
 * GET /api/admin/queues/status - Get job counts for all BullMQ queues.
 * This is useful for monitoring the health and backlog of background jobs.
 */
-router.get('/queues/status', async (req: Request, res: Response, next: NextFunction) => {
+router.get('/queues/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
  try {
-    const queues = [flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue];
-
-    const queueStatuses = await Promise.all(
-      queues.map(async (queue) => {
-        return {
-          name: queue.name,
-          counts: await queue.getJobCounts(
-            'waiting',
-            'active',
-            'completed',
-            'failed',
-            'delayed',
-            'paused',
-          ),
-        };
-      }),
-    );
+    const queueStatuses = await monitoringService.getQueueStatuses();
    res.json(queueStatuses);
  } catch (error) {
    logger.error({ error }, 'Error fetching queue statuses');
@@ -632,35 +583,11 @@ router.post(
      params: { queueName, jobId },
    } = req as unknown as z.infer<typeof jobRetrySchema>;

-    const queueMap: { [key: string]: Queue } = {
-      'flyer-processing': flyerQueue,
-      'email-sending': emailQueue,
-      'analytics-reporting': analyticsQueue,
-      'file-cleanup': cleanupQueue,
-    };
-
-    const queue = queueMap[queueName];
-
-    if (!queue) {
-      // Throw a NotFoundError to be handled by the central error handler.
-      throw new NotFoundError(`Queue '${queueName}' not found.`);
-    }
-
    try {
-      const job = await queue.getJob(jobId);
-      if (!job)
-        throw new NotFoundError(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
-
-      const jobState = await job.getState();
-      if (jobState !== 'failed')
-        throw new ValidationError(
-          [],
-          `Job is not in a 'failed' state. Current state: ${jobState}.`,
-        ); // This was a duplicate, fixed.
-
-      await job.retry();
-      logger.info(
-        `[Admin] User ${userProfile.user.user_id} manually retried job ${jobId} in queue ${queueName}.`,
+      await monitoringService.retryFailedJob(
+        queueName,
+        jobId,
+        userProfile.user.user_id,
      );
      res.status(200).json({ message: `Job ${jobId} has been successfully marked for retry.` });
    } catch (error) {
@@ -675,6 +602,7 @@ router.post(
 */
 router.post(
  '/trigger/weekly-analytics',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile; // This was a duplicate, fixed.
    logger.info(
@@ -682,19 +610,10 @@ router.post(
    );

    try {
-      const { year: reportYear, week: reportWeek } = getSimpleWeekAndYear();
-      const { weeklyAnalyticsQueue } = await import('../services/queueService.server');
-      const job = await weeklyAnalyticsQueue.add(
-        'generate-weekly-report',
-        { reportYear, reportWeek },
-        {
-          jobId: `manual-weekly-report-${reportYear}-${reportWeek}-${Date.now()}`, // Add timestamp to avoid ID conflict
-        },
-      );
-
+      const jobId = await backgroundJobService.triggerWeeklyAnalyticsReport();
      res
        .status(202)
-        .json({ message: 'Successfully enqueued weekly analytics job.', jobId: job.id });
+        .json({ message: 'Successfully enqueued weekly analytics job.', jobId });
    } catch (error) {
      logger.error({ error }, 'Error enqueuing weekly analytics job');
      next(error);
@@ -705,4 +624,5 @@ router.post(
 /* Catches errors from multer (e.g., file size, file filter) */
 router.use(handleMulterError);

+
 export default router;
--- a/src/routes/ai.routes.test.ts
+++ b/src/routes/ai.routes.test.ts
@@ -13,14 +13,21 @@ import {
 import * as aiService from '../services/aiService.server';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
+import { ValidationError } from '../services/db/errors.db';

 // Mock the AI service methods to avoid making real AI calls
-vi.mock('../services/aiService.server', () => ({
-  aiService: {
-    extractTextFromImageArea: vi.fn(),
-    planTripWithMaps: vi.fn(), // Added this missing mock
-  },
-}));
+vi.mock('../services/aiService.server', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('../services/aiService.server')>();
+  return {
+    ...actual,
+    aiService: {
+      extractTextFromImageArea: vi.fn(),
+      planTripWithMaps: vi.fn(),
+      enqueueFlyerProcessing: vi.fn(),
+      processLegacyFlyerUpload: vi.fn(),
+    },
+  };
+});

 const { mockedDb } = vi.hoisted(() => ({
  mockedDb: {
@@ -30,6 +37,9 @@ const { mockedDb } = vi.hoisted(() => ({
    adminRepo: {
      logActivity: vi.fn(),
    },
+    personalizationRepo: {
+      getAllMasterItems: vi.fn(),
+    },
    // This function is a standalone export, not part of a repo
    createFlyerAndItems: vi.fn(),
  },
@@ -40,6 +50,7 @@ vi.mock('../services/db/flyer.db', () => ({ createFlyerAndItems: mockedDb.create
 vi.mock('../services/db/index.db', () => ({
  flyerRepo: mockedDb.flyerRepo,
  adminRepo: mockedDb.adminRepo,
+  personalizationRepo: mockedDb.personalizationRepo,
 }));

 // Mock the queue service
@@ -136,26 +147,27 @@ describe('AI Routes (/api/ai)', () => {

  describe('POST /upload-and-process', () => {
    const imagePath = path.resolve(__dirname, '../tests/assets/test-flyer-image.jpg');
+    // A valid SHA-256 checksum is 64 hex characters.
+    const validChecksum = 'a'.repeat(64);

    it('should enqueue a job and return 202 on success', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-123' } as unknown as Job);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-123' } as unknown as Job);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(202);
      expect(response.body.message).toBe('Flyer accepted for processing.');
      expect(response.body.jobId).toBe('job-123');
-      expect(flyerQueue.add).toHaveBeenCalledWith('process-flyer', expect.any(Object));
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
    });

    it('should return 400 if no file is provided', async () => {
      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'some-checksum');
+        .field('checksum', validChecksum);

      expect(response.status).toBe(400);
      expect(response.body.message).toBe('A flyer file (PDF or image) is required.');
@@ -172,13 +184,12 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 409 if flyer checksum already exists', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(
-        createMockFlyer({ flyer_id: 99 }),
-      );
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValue(duplicateError);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'duplicate-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(409);
@@ -186,12 +197,11 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 500 if enqueuing the job fails', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockRejectedValueOnce(new Error('Redis connection failed'));
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValueOnce(new Error('Redis connection failed'));

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(500);
@@ -209,19 +219,20 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUser,
      });
-
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-456' } as unknown as Job);
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-456' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'auth-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(flyerQueue.add).toHaveBeenCalled();
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userId).toBe('auth-user-1');
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      // Check the userProfile argument (3rd argument)
+      expect(callArgs[2]?.user.user_id).toBe('auth-user-1');
    });

    it('should pass user profile address to the job when authenticated user has an address', async () => {
@@ -243,17 +254,20 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUserWithAddress,
      });
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-789' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'addr-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userProfileAddress).toBe(
-        '123 Pacific St, Anytown, BC, V8T 1A1, CA',
-      );
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      // The service handles address extraction from profile, so we just verify the profile was passed
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      expect(callArgs[2]?.address?.address_line_1).toBe('123 Pacific St');
    });

    it('should clean up the uploaded file if validation fails (e.g., missing checksum)', async () => {
@@ -316,9 +330,7 @@ describe('AI Routes (/api/ai)', () => {
        flyer_id: 1,
        file_name: mockDataPayload.originalFileName,
      });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined); // No duplicate
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
-      vi.mocked(mockedDb.adminRepo.logActivity).mockResolvedValue();
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);

      // Act
      const response = await supertest(app)
@@ -329,13 +341,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('Flyer processed and saved successfully.');
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that the legacy endpoint correctly sets the status to 'needs_review'
-      expect(vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0]).toEqual(
-        expect.objectContaining({
-          status: 'needs_review',
-        }),
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should return 400 if no flyer image is provided', async () => {
@@ -347,8 +353,8 @@ describe('AI Routes (/api/ai)', () => {

    it('should return 409 Conflict and delete the uploaded file if flyer checksum already exists', async () => {
      // Arrange
-      const mockExistingFlyer = createMockFlyer({ flyer_id: 99 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(mockExistingFlyer); // Duplicate found
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(duplicateError);
      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);

      // Act
@@ -360,7 +366,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(409);
      expect(response.body.message).toBe('This flyer has already been processed.');
-      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled();
+      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled(); // Should not be called if service throws
      // Assert that the file was deleted
      expect(unlinkSpy).toHaveBeenCalledTimes(1);
      // The filename is predictable in the test environment because of the multer config in ai.routes.ts
@@ -375,12 +381,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { store_name: 'Partial Store' }, // no items key
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 2,
-        file_name: partialPayload.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 2 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -388,19 +389,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that the legacy endpoint correctly sets the status to 'needs_review'
-      expect(vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0]).toEqual(
-        expect.objectContaining({
-          status: 'needs_review',
-        }),
-      );
-      // verify the items array passed to DB was an empty array
-      const callArgs = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0]?.[1];
-      expect(callArgs).toBeDefined();
-      expect(Array.isArray(callArgs)).toBe(true);
-      // use non-null assertion for the runtime-checked variable so TypeScript is satisfied
-      expect(callArgs!.length).toBe(0);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should fallback to a safe store name when store_name is missing', async () => {
@@ -410,12 +399,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { items: [] }, // store_name missing
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 3,
-        file_name: payloadNoStore.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 3 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -423,25 +407,11 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that the legacy endpoint correctly sets the status to 'needs_review'
-      expect(vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0]).toEqual(
-        expect.objectContaining({
-          status: 'needs_review',
-        }),
-      );
-      // verify the flyerData.store_name passed to DB was the fallback string
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store');
-      // Also verify the warning was logged
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle a generic error during flyer creation', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockRejectedValueOnce(
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValueOnce(
        new Error('DB transaction failed'),
      );

@@ -464,8 +434,7 @@ describe('AI Routes (/api/ai)', () => {

    beforeEach(() => {
      const mockFlyer = createMockFlyer({ flyer_id: 1 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);
    });

    it('should handle payload where "data" field is an object, not stringified JSON', async () => {
@@ -475,7 +444,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

   it('should handle payload where extractedData is null', async () => {
@@ -491,14 +460,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is a string', async () => {
@@ -514,14 +476,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is at the root of the body', async () => {
@@ -535,9 +490,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201); // This test was failing with 500, the fix is in ai.routes.ts
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toBe('Root Store');
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should default item quantity to 1 if missing', async () => {
@@ -556,9 +509,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const itemsArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][1];
-      expect(itemsArg[0].quantity).toBe(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });
  });

@@ -567,7 +518,10 @@ describe('AI Routes (/api/ai)', () => {

    it('should handle malformed JSON in data field and return 400', async () => {
      const malformedDataString = '{"checksum":'; // Invalid JSON
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
+      
+      // Since the service parses the data, we mock it to throw a ValidationError when parsing fails
+      // or when it detects the malformed input.
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -578,11 +532,8 @@ describe('AI Routes (/api/ai)', () => {
      // The handler then fails the checksum validation.
      expect(response.status).toBe(400);
      expect(response.body.message).toBe('Checksum is required.');
-      // It should log the critical error during parsing.
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        expect.objectContaining({ error: expect.any(Error) }),
-        '[API /ai/flyers/process] Unexpected error while parsing request body',
-      );
+      // Note: The logging expectation was removed because if the service throws a ValidationError, 
+      // the route handler passes it to the global error handler, which might log differently or not as a "critical error during parsing" in the route itself.
    });

    it('should return 400 if checksum is missing from legacy payload', async () => {
@@ -592,6 +543,9 @@ describe('AI Routes (/api/ai)', () => {
      };
      // Spy on fs.promises.unlink to verify file cleanup
      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);
+      
+      // Mock the service to throw a ValidationError because the checksum is missing
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
--- a/src/routes/ai.routes.ts
+++ b/src/routes/ai.routes.ts
@@ -1,40 +1,32 @@
 // src/routes/ai.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import path from 'path';
-import fs from 'node:fs';
 import { z } from 'zod';
 import passport from './passport.routes';
 import { optionalAuth } from './passport.routes';
-import * as db from '../services/db/index.db';
-import { createFlyerAndItems } from '../services/db/flyer.db';
-import * as aiService from '../services/aiService.server'; // Correctly import server-side AI service
+import { aiService, DuplicateFlyerError } from '../services/aiService.server';
 import {
  createUploadMiddleware,
  handleMulterError,
 } from '../middleware/multer.middleware';
-import { generateFlyerIcon } from '../utils/imageProcessor';
 import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
-import { UserProfile, ExtractedCoreData, ExtractedFlyerItem, FlyerInsert } from '../types';
-import { flyerQueue } from '../services/queueService.server';
+import { UserProfile } from '../types'; // This was a duplicate, fixed.
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString } from '../utils/zodUtils';
+import { cleanupUploadedFile, cleanupUploadedFiles } from '../utils/fileUtils';
+import { monitoringService } from '../services/monitoringService.server';

 const router = Router();

-interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
-  checksum?: string;
-  originalFileName?: string;
-  extractedData?: Partial<ExtractedCoreData>;
-  data?: FlyerProcessPayload; // For nested data structures
-}
-
 // --- Zod Schemas for AI Routes (as per ADR-003) ---

 const uploadAndProcessSchema = z.object({
  body: z.object({
-    checksum: requiredString('File checksum is required.'),
-    // Potential improvement: If checksum is always a specific format (e.g., SHA-256),
-    // you could add `.length(64).regex(/^[a-f0-9]+$/)` for stricter validation.
+    // Stricter validation for SHA-256 checksum. It must be a 64-character hexadecimal string.
+    checksum: requiredString('File checksum is required.').pipe(
+      z.string()
+        .length(64, 'Checksum must be 64 characters long.')
+        .regex(/^[a-f0-9]+$/, 'Checksum must be a valid hexadecimal string.'),
+    ),
  }),
 });

@@ -52,22 +44,6 @@ const errMsg = (e: unknown) => {
  return String(e || 'An unknown error occurred.');
 };

-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.promises.unlink(file.path);
-  } catch (err) {
-    // Ignore cleanup errors (e.g. file already deleted)
-  }
-};
-
-const cleanupUploadedFiles = async (files?: Express.Multer.File[]) => {
-  if (!files || !Array.isArray(files)) return;
-  // Use Promise.all to run cleanups in parallel for efficiency,
-  // as cleanupUploadedFile is designed to not throw errors.
-  await Promise.all(files.map((file) => cleanupUploadedFile(file)));
-};
-
 const cropAreaObjectSchema = z.object({
  x: z.number(),
  y: z.number(),
@@ -103,13 +79,20 @@ const rescanAreaSchema = z.object({

 const flyerItemForAnalysisSchema = z
  .object({
-    item: z.string().nullish(),
-    name: z.string().nullish(),
+    // Sanitize item and name by trimming whitespace.
+    // The transform ensures that null/undefined values are preserved
+    // while trimming any actual string values.
+    item: z.string().nullish().transform(val => (val ? val.trim() : val)),
+    name: z.string().nullish().transform(val => (val ? val.trim() : val)),
  })
+  // Using .passthrough() allows extra properties on the item object.
+  // If the intent is to strictly enforce only 'item' and 'name' (and other known properties),
+  // consider using .strict() instead for tighter security and data integrity.
  .passthrough()
  .refine(
    (data) =>
-      (data.item && data.item.trim().length > 0) || (data.name && data.name.trim().length > 0),
+      // After the transform, the values are already trimmed.
+      (data.item && data.item.length > 0) || (data.name && data.name.length > 0),
    {
      message: "Item identifier is required (either 'item' or 'name').",
    },
@@ -129,6 +112,8 @@ const comparePricesSchema = z.object({

 const planTripSchema = z.object({
  body: z.object({
+    // Consider if this array should be non-empty. If a trip plan requires at least one item,
+    // you could add `.nonempty('At least one item is required to plan a trip.')`
    items: z.array(flyerItemForAnalysisSchema),
    store: z.object({ name: requiredString('Store name is required.') }),
    userLocation: z.object({
@@ -187,57 +172,24 @@ router.post(
  async (req, res, next: NextFunction) => {
    try {
      // Manually validate the request body. This will throw if validation fails.
-      uploadAndProcessSchema.parse({ body: req.body });
+      const { body } = uploadAndProcessSchema.parse({ body: req.body });

      if (!req.file) {
        return res.status(400).json({ message: 'A flyer file (PDF or image) is required.' });
      }

      logger.debug(
-        { filename: req.file.originalname, size: req.file.size, checksum: req.body?.checksum },
+        { filename: req.file.originalname, size: req.file.size, checksum: body.checksum },
        'Handling /upload-and-process',
      );

-      const { checksum } = req.body;
-      // Check for duplicate flyer using checksum before even creating a job
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        // Use 409 Conflict for duplicates
-        return res.status(409).json({
-          message: 'This flyer has already been processed.',
-          flyerId: existingFlyer.flyer_id,
-        });
-      }
-
      const userProfile = req.user as UserProfile | undefined;
-      // Construct a user address string from their profile if they are logged in.
-      let userProfileAddress: string | undefined = undefined;
-      if (userProfile?.address) {
-        userProfileAddress = [
-          userProfile.address.address_line_1,
-          userProfile.address.address_line_2,
-          userProfile.address.city,
-          userProfile.address.province_state,
-          userProfile.address.postal_code,
-          userProfile.address.country,
-        ]
-          .filter(Boolean)
-          .join(', ');
-      }
-
-      // Add job to the queue
-      const job = await flyerQueue.add('process-flyer', {
-        filePath: req.file.path,
-        originalFileName: req.file.originalname,
-        checksum: checksum,
-        userId: userProfile?.user.user_id,
-        submitterIp: req.ip, // Capture the submitter's IP address
-        userProfileAddress: userProfileAddress, // Pass the user's profile address
-      });
-
-      logger.info(
-        `Enqueued flyer for processing. File: ${req.file.originalname}, Job ID: ${job.id}`,
+      const job = await aiService.enqueueFlyerProcessing(
+        req.file,
+        body.checksum,
+        userProfile,
+        req.ip ?? 'unknown',
+        req.log,
      );

      // Respond immediately to the client with 202 Accepted
@@ -246,9 +198,11 @@ router.post(
        jobId: job.id,
      });
    } catch (error) {
-      // If any error occurs (including validation), ensure the uploaded file is cleaned up.
      await cleanupUploadedFile(req.file);
-      // Pass the error to the global error handler.
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${req.body?.checksum}`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -265,18 +219,11 @@ router.get(
    const {
      params: { jobId },
    } = req as unknown as JobIdRequest;
+
    try {
-      const job = await flyerQueue.getJob(jobId);
-      if (!job) {
-        // Adhere to ADR-001 by throwing a specific error to be handled centrally.
-        return res.status(404).json({ message: 'Job not found.' });
-      }
-      const state = await job.getState();
-      const progress = job.progress;
-      const returnValue = job.returnvalue;
-      const failedReason = job.failedReason;
-      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${state}`);
-      res.json({ id: job.id, state, progress, returnValue, failedReason });
+      const jobStatus = await monitoringService.getFlyerJobStatus(jobId); // This was a duplicate, fixed.
+      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${jobStatus.state}`);
+      res.json(jobStatus);
    } catch (error) {
      next(error);
    }
@@ -298,186 +245,22 @@ router.post(
        return res.status(400).json({ message: 'Flyer image file is required.' });
      }

-      // Diagnostic & tolerant parsing for flyers/process
-      logger.debug(
-        { keys: Object.keys(req.body || {}) },
-        '[API /ai/flyers/process] Processing legacy upload',
-      );
-      logger.debug({ filePresent: !!req.file }, '[API /ai/flyers/process] file present:');
-
-      // Try several ways to obtain the payload so we are tolerant to client variations.
-      let parsed: FlyerProcessPayload = {};
-      let extractedData: Partial<ExtractedCoreData> | null | undefined = {};
-      try {
-        // If the client sent a top-level `data` field (stringified JSON), parse it.
-        if (req.body && (req.body.data || req.body.extractedData)) {
-          const raw = req.body.data ?? req.body.extractedData;
-          logger.debug(
-            { type: typeof raw, length: raw?.length ?? 0 },
-            '[API /ai/flyers/process] raw extractedData',
-          );
-          try {
-            parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse raw extractedData; falling back to direct assign',
-            );
-            parsed = (
-              typeof raw === 'string' ? JSON.parse(String(raw).slice(0, 2000)) : raw
-            ) as FlyerProcessPayload;
-          }
-          // If parsed itself contains an `extractedData` field, use that, otherwise assume parsed is the extractedData
-          extractedData = 'extractedData' in parsed ? parsed.extractedData : (parsed as Partial<ExtractedCoreData>);
-        } else {
-          // No explicit `data` field found. Attempt to interpret req.body as an object (Express may have parsed multipart fields differently).
-          try {
-            parsed = typeof req.body === 'string' ? JSON.parse(req.body) : req.body;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse req.body; using empty object',
-            );
-            parsed = (req.body as FlyerProcessPayload) || {};
-          }
-          // extractedData might be nested under `data` or `extractedData`, or the body itself may be the extracted data.
-          if (parsed.data) {
-            try {
-              const inner = typeof parsed.data === 'string' ? JSON.parse(parsed.data) : parsed.data;
-              extractedData = inner.extractedData ?? inner;
-            } catch (err) {
-              logger.warn(
-                { error: errMsg(err) },
-                '[API /ai/flyers/process] Failed to parse parsed.data; falling back',
-              );
-              extractedData = parsed.data as unknown as Partial<ExtractedCoreData>;
-            }
-          } else if (parsed.extractedData) {
-            extractedData = parsed.extractedData;
-          } else {
-            // Assume the body itself is the extracted data if it looks like it (has items or store_name keys)
-            if ('items' in parsed || 'store_name' in parsed || 'valid_from' in parsed) {
-              extractedData = parsed as Partial<ExtractedCoreData>;
-            } else {
-              extractedData = {};
-            }
-          }
-        }
-      } catch (err) {
-        logger.error(
-          { error: err },
-          '[API /ai/flyers/process] Unexpected error while parsing request body',
-        );
-        parsed = {};
-        extractedData = {};
-      }
-
-      // Pull common metadata fields (checksum, originalFileName) from whichever shape we parsed.
-      const checksum = parsed.checksum ?? parsed?.data?.checksum ?? '';
-
-      if (!checksum) {
-        await cleanupUploadedFile(req.file);
-        return res.status(400).json({ message: 'Checksum is required.' });
-      }
-
-      const originalFileName =
-        parsed.originalFileName ?? parsed?.data?.originalFileName ?? req.file.originalname;
      const userProfile = req.user as UserProfile | undefined;

-      // Validate extractedData to avoid database errors (e.g., null store_name)
-      if (!extractedData || typeof extractedData !== 'object') {
-        logger.warn(
-          { bodyData: parsed },
-          'Missing extractedData in /api/ai/flyers/process payload.',
-        );
-        // Don't fail hard here; proceed with empty items and fallback store name so the upload can be saved for manual review.
-        extractedData = {};
-      }
-
-      // Transform the extracted items into the format required for database insertion.
-      // This adds default values for fields like `view_count` and `click_count`
-      // and makes this legacy endpoint consistent with the newer FlyerDataTransformer service.
-      const rawItems = extractedData.items ?? [];
-      const itemsArray = Array.isArray(rawItems)
-        ? rawItems
-        : typeof rawItems === 'string'
-          ? JSON.parse(rawItems)
-          : [];
-      const itemsForDb = itemsArray.map((item: Partial<ExtractedFlyerItem>) => ({
-        ...item,
-        master_item_id: item.master_item_id === null ? undefined : item.master_item_id,
-        quantity: item.quantity ?? 1, // Default to 1 to satisfy DB constraint
-        view_count: 0,
-        click_count: 0,
-        updated_at: new Date().toISOString(),
-      }));
-
-      // Ensure we have a valid store name; the DB requires a non-null store name.
-      const storeName =
-        extractedData.store_name && String(extractedData.store_name).trim().length > 0
-          ? String(extractedData.store_name)
-          : 'Unknown Store (auto)';
-      if (storeName.startsWith('Unknown')) {
-        logger.warn(
-          'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-        );
-      }
-
-      // 1. Check for duplicate flyer using checksum
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        await cleanupUploadedFile(req.file);
-        return res.status(409).json({ message: 'This flyer has already been processed.' });
-      }
-
-      // Generate a 64x64 icon from the uploaded flyer image.
-      const iconsDir = path.join(path.dirname(req.file.path), 'icons');
-      const iconFileName = await generateFlyerIcon(req.file.path, iconsDir, req.log);
-      const iconUrl = `/flyer-images/icons/${iconFileName}`;
-
-      // 2. Prepare flyer data for insertion
-      const flyerData: FlyerInsert = {
-        file_name: originalFileName,
-        image_url: `/flyer-images/${req.file.filename}`, // Store the full URL path
-        icon_url: iconUrl,
-        checksum: checksum,
-        // Use normalized store name (fallback applied above).
-        store_name: storeName,
-        valid_from: extractedData.valid_from ?? null,
-        valid_to: extractedData.valid_to ?? null,
-        store_address: extractedData.store_address ?? null,
-        item_count: 0, // Set default to 0; the trigger will update it.
-        // Set a safe default status for this legacy endpoint. The new flow uses the transformer to determine this.
-        status: 'needs_review',
-        uploaded_by: userProfile?.user.user_id, // Associate with user if logged in
-      };
-
-      // 3. Create flyer and its items in a transaction
-      const { flyer: newFlyer, items: newItems } = await createFlyerAndItems(
-        flyerData,
-        itemsForDb,
-        req.log,
-      );
-
-      logger.info(
-        `Successfully processed and saved new flyer: ${newFlyer.file_name} (ID: ${newFlyer.flyer_id}) with ${newItems.length} items.`,
-      );
-
-      // Log this significant event
-      await db.adminRepo.logActivity(
-        {
-          userId: userProfile?.user.user_id,
-          action: 'flyer_processed',
-          displayText: `Processed a new flyer for ${flyerData.store_name}.`,
-          details: { flyerId: newFlyer.flyer_id, storeName: flyerData.store_name },
-        },
+      const newFlyer = await aiService.processLegacyFlyerUpload(
+        req.file,
+        req.body,
+        userProfile,
        req.log,
      );

      res.status(201).json({ message: 'Flyer processed and saved successfully.', flyer: newFlyer });
    } catch (error) {
      await cleanupUploadedFile(req.file);
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked.`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -616,7 +399,7 @@ router.post(
    try {
      const { items, store, userLocation } = req.body;
      logger.debug({ itemCount: items.length, storeName: store.name }, 'Trip planning requested.');
-      const result = await aiService.aiService.planTripWithMaps(items, store, userLocation);
+      const result = await aiService.planTripWithMaps(items, store, userLocation);
      res.status(200).json(result);
    } catch (error) {
      logger.error({ error: errMsg(error) }, 'Error in /api/ai/plan-trip endpoint:');
@@ -676,7 +459,7 @@ router.post(
        'Rescan area requested',
      );

-      const result = await aiService.aiService.extractTextFromImageArea(
+      const result = await aiService.extractTextFromImageArea(
        path,
        mimetype,
        cropArea,
--- a/src/routes/auth.routes.test.ts
+++ b/src/routes/auth.routes.test.ts
@@ -2,13 +2,8 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
 import { Request, Response, NextFunction } from 'express';
-import cookieParser from 'cookie-parser';
-import * as bcrypt from 'bcrypt';
-import jwt from 'jsonwebtoken';
-import {
-  createMockUserProfile,
-  createMockUserWithPasswordHash,
-} from '../tests/utils/mockFactories';
+import cookieParser from 'cookie-parser'; // This was a duplicate, fixed.
+import { createMockUserProfile } from '../tests/utils/mockFactories';

 // --- FIX: Hoist passport mocks to be available for vi.mock ---
 const passportMocks = vi.hoisted(() => {
@@ -69,45 +64,20 @@ vi.mock('./passport.routes', () => ({
  optionalAuth: vi.fn((req: Request, res: Response, next: NextFunction) => next()),
 }));

-// Mock the DB connection pool to control transactional behavior
-const { mockPool } = vi.hoisted(() => {
-  const client = {
-    query: vi.fn(),
-    release: vi.fn(),
-  };
+// Mock the authService, which is now the primary dependency of the routes.
+const { mockedAuthService } = vi.hoisted(() => {
  return {
-    mockPool: {
-      connect: vi.fn(() => Promise.resolve(client)),
+    mockedAuthService: {
+      registerAndLoginUser: vi.fn(),
+      handleSuccessfulLogin: vi.fn(),
+      resetPassword: vi.fn(),
+      updatePassword: vi.fn(),
+      refreshAccessToken: vi.fn(),
+      logout: vi.fn(),
    },
-    mockClient: client,
  };
 });
-// Mock the Service Layer directly.
-// We use async import inside the factory to properly hoist the UniqueConstraintError class usage.
-vi.mock('../services/db/index.db', async () => {
-  const { UniqueConstraintError } = await import('../services/db/errors.db');
-  return {
-    userRepo: {
-      findUserByEmail: vi.fn(),
-      createUser: vi.fn(),
-      saveRefreshToken: vi.fn(),
-      createPasswordResetToken: vi.fn(),
-      getValidResetTokens: vi.fn(),
-      updateUserPassword: vi.fn(),
-      deleteResetToken: vi.fn(),
-      findUserByRefreshToken: vi.fn(),
-      deleteRefreshToken: vi.fn(),
-    },
-    adminRepo: {
-      logActivity: vi.fn(),
-    },
-    UniqueConstraintError: UniqueConstraintError,
-  };
-});
-
-vi.mock('../services/db/connection.db', () => ({
-  getPool: () => mockPool,
-}));
+vi.mock('../services/authService', () => ({ authService: mockedAuthService }));

 // Mock the logger
 vi.mock('../services/logger.server', async () => ({
@@ -120,15 +90,8 @@ vi.mock('../services/emailService.server', () => ({
  sendPasswordResetEmail: vi.fn(),
 }));

-// Mock bcrypt
-vi.mock('bcrypt', async (importOriginal) => {
-  const actual = await importOriginal<typeof bcrypt>();
-  return { ...actual, compare: vi.fn() };
-});
-
 // Import the router AFTER mocks are established
 import authRouter from './auth.routes';
-import * as db from '../services/db/index.db'; // This was a duplicate, fixed.

 import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks

@@ -176,13 +139,11 @@ describe('Auth Routes (/api/auth)', () => {
        user: { user_id: 'new-user-id', email: newUserEmail },
        full_name: 'Test User',
      });
-
-      // FIX: Mock the method on the imported singleton instance `userRepo` directly,
-      // as this is what the route handler uses. Spying on the prototype does not
-      // affect this already-created instance.
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/register').send({
@@ -190,22 +151,29 @@ describe('Auth Routes (/api/auth)', () => {
        password: strongPassword,
        full_name: 'Test User',
      });
-
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('User registered successfully!');
      expect(response.body.userprofile.user.email).toBe(newUserEmail);
      expect(response.body.token).toBeTypeOf('string'); // This was a duplicate, fixed.
-      expect(db.userRepo.createUser).toHaveBeenCalled();
+      expect(mockedAuthService.registerAndLoginUser).toHaveBeenCalledWith(
+        newUserEmail,
+        strongPassword,
+        'Test User',
+        undefined, // avatar_url
+        mockLogger,
+      );
    });

    it('should set a refresh token cookie on successful registration', async () => {
      const mockNewUser = createMockUserProfile({
        user: { user_id: 'new-user-id', email: 'cookie@test.com' },
      });
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      const response = await supertest(app).post('/api/auth/register').send({
        email: 'cookie@test.com',
@@ -235,15 +203,14 @@ describe('Auth Routes (/api/auth)', () => {
      expect(errorMessages).toMatch(/Password is too weak/i);
    });

-    it('should reject registration if the email already exists', async () => {
+    it('should reject registration if the auth service throws UniqueConstraintError', async () => {
      // Create an error object that includes the 'code' property for simulating a PG unique violation.
      // This is more type-safe than casting to 'any'.
      const dbError = new UniqueConstraintError(
        'User with that email already exists.',
      ) as UniqueConstraintError & { code: string };
      dbError.code = '23505';
-
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -251,12 +218,11 @@ describe('Auth Routes (/api/auth)', () => {

      expect(response.status).toBe(409); // 409 Conflict
      expect(response.body.message).toBe('User with that email already exists.');
-      expect(db.userRepo.createUser).toHaveBeenCalled();
    });

    it('should return 500 if a generic database error occurs during registration', async () => {
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -289,7 +255,10 @@ describe('Auth Routes (/api/auth)', () => {
    it('should successfully log in a user and return a token and cookie', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -309,25 +278,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.headers['set-cookie']).toBeDefined();
    });

-    it('should contain the correct payload in the JWT token', async () => {
-      // Arrange
-      const loginCredentials = { email: 'payload.test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-
-      // Act
-      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
-
-      // Assert
-      expect(response.status).toBe(200);
-      const token = response.body.token;
-      expect(token).toBeTypeOf('string');
-
-      const decodedPayload = jwt.decode(token) as { user_id: string; email: string; role: string };
-      expect(decodedPayload.user_id).toBe('user-123');
-      expect(decodedPayload.email).toBe(loginCredentials.email);
-      expect(decodedPayload.role).toBe('user'); // Default role from mock factory
-    });
-
    it('should reject login for incorrect credentials', async () => {
      const response = await supertest(app)
        .post('/api/auth/login')
@@ -359,7 +309,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should return 500 if saving the refresh token fails', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockRejectedValue(new Error('DB write failed'));
+      mockedAuthService.handleSuccessfulLogin.mockRejectedValue(new Error('DB write failed'));

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -401,7 +351,10 @@ describe('Auth Routes (/api/auth)', () => {
        password: 'password123',
        rememberMe: true,
      };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'remember-access-token',
+        refreshToken: 'remember-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -416,10 +369,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /forgot-password', () => {
    it('should send a reset link if the user exists', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue('mock-reset-token');

      // Act
      const response = await supertest(app)
@@ -433,7 +383,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return a generic success message even if the user does not exist', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue(undefined);

      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -444,7 +394,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 500 if the database call fails', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockRejectedValue(new Error('DB connection failed'));
+      mockedAuthService.resetPassword.mockRejectedValue(new Error('DB connection failed'));
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
        .send({ email: 'any@test.com' });
@@ -452,25 +402,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(500);
    });

-    it('should still return 200 OK if the email service fails', async () => {
-      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
-      // Mock the email service to fail
-      const { sendPasswordResetEmail } = await import('../services/emailService.server');
-      vi.mocked(sendPasswordResetEmail).mockRejectedValue(new Error('SMTP server down'));
-
-      // Act
-      const response = await supertest(app)
-        .post('/api/auth/forgot-password')
-        .send({ email: 'test@test.com' });
-
-      // Assert: The route should not fail even if the email does.
-      expect(response.status).toBe(200);
-    });
-
    it('should return 400 for an invalid email format', async () => {
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -483,16 +414,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /reset-password', () => {
    it('should reset the password with a valid token and strong password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]); // This was a duplicate, fixed.
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never); // Token matches
-      vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
-      vi.mocked(db.userRepo.deleteResetToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.updatePassword.mockResolvedValue(true);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -503,7 +425,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should reject with an invalid or expired token', async () => {
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([]); // No valid tokens found
+      mockedAuthService.updatePassword.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -513,31 +435,8 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.body.message).toBe('Invalid or expired password reset token.');
    });

-    it('should reject if token does not match any valid tokens in DB', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(false as never); // Token does not match
-
-      const response = await supertest(app)
-        .post('/api/auth/reset-password')
-        .send({ token: 'wrong-token', newPassword: 'a-Very-Strong-Password-123!' });
-
-      expect(response.status).toBe(400);
-      expect(response.body.message).toBe('Invalid or expired password reset token.');
-    });
-
    it('should return 400 for a weak new password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+      // No need to mock the service here as validation runs first

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -557,11 +456,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /refresh-token', () => {
    it('should issue a new access token with a valid refresh token cookie', async () => {
-      const mockUser = createMockUserWithPasswordHash({
-        user_id: 'user-123',
-        email: 'test@test.com',
-      });
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(mockUser);
+      mockedAuthService.refreshAccessToken.mockResolvedValue({ accessToken: 'new-access-token' });

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -578,8 +473,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 403 if refresh token is invalid', async () => {
-      // Mock finding no user for this token, which should trigger the 403 logic
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(undefined as any);
+      mockedAuthService.refreshAccessToken.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -590,7 +484,7 @@ describe('Auth Routes (/api/auth)', () => {

    it('should return 500 if the database call fails', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockRejectedValue(new Error('DB Error'));
+      mockedAuthService.refreshAccessToken.mockRejectedValue(new Error('DB Error'));

      // Act
      const response = await supertest(app)
@@ -604,7 +498,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /logout', () => {
    it('should clear the refresh token cookie and return a success message', async () => {
      // Arrange
-      vi.mocked(db.userRepo.deleteRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.logout.mockResolvedValue(undefined);

      // Act
      const response = await supertest(app)
@@ -627,7 +521,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should still return 200 OK even if deleting the refresh token from DB fails', async () => {
      // Arrange
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.deleteRefreshToken).mockRejectedValue(dbError);
+      mockedAuthService.logout.mockRejectedValue(dbError);
      const { logger } = await import('../services/logger.server');

      // Act
@@ -639,7 +533,7 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(200);
      expect(logger.error).toHaveBeenCalledWith(
        expect.objectContaining({ error: dbError }),
-        'Failed to delete refresh token from DB during logout.',
+        'Logout token invalidation failed in background.',
      );
    });

--- a/src/routes/auth.routes.ts
+++ b/src/routes/auth.routes.ts
@@ -1,26 +1,18 @@
 // src/routes/auth.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import * as bcrypt from 'bcrypt';
 import { z } from 'zod';
-import jwt from 'jsonwebtoken';
-import crypto from 'crypto';
 import rateLimit from 'express-rate-limit';
-
 import passport from './passport.routes';
-import { userRepo, adminRepo } from '../services/db/index.db';
-import { UniqueConstraintError } from '../services/db/errors.db';
-import { getPool } from '../services/db/connection.db';
+import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks
 import { logger } from '../services/logger.server';
-import { sendPasswordResetEmail } from '../services/emailService.server';
 import { validateRequest } from '../middleware/validation.middleware';
 import type { UserProfile } from '../types';
 import { validatePasswordStrength } from '../utils/authUtils';
 import { requiredString } from '../utils/zodUtils';

+import { authService } from '../services/authService';
 const router = Router();

-const JWT_SECRET = process.env.JWT_SECRET!;
-
 // Conditionally disable rate limiting for the test environment
 const isTestEnv = process.env.NODE_ENV === 'test';

@@ -45,21 +37,27 @@ const resetPasswordLimiter = rateLimit({

 const registerSchema = z.object({
  body: z.object({
-    email: z.string().email('A valid email is required.'),
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
    password: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
        if (!strength.isValid) ctx.addIssue({ code: 'custom', message: strength.feedback });
      }),
-    full_name: z.string().optional(),
-    avatar_url: z.string().url().optional(),
+    // Sanitize optional string inputs.
+    full_name: z.string().trim().optional(),
+    avatar_url: z.string().trim().url().optional(),
  }),
 });

 const forgotPasswordSchema = z.object({
-  body: z.object({ email: z.string().email('A valid email is required.') }),
+  body: z.object({
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
+  }),
 });

 const resetPasswordSchema = z.object({
@@ -67,6 +65,7 @@ const resetPasswordSchema = z.object({
    token: requiredString('Token is required.'),
    newPassword: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -88,39 +87,14 @@ router.post(
    } = req as unknown as RegisterRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(password, saltRounds);
-      logger.info(`Hashing password for new user: ${email}`);
-
-      // The createUser method in UserRepository now handles its own transaction.
-      const newUser = await userRepo.createUser(
+      const { newUserProfile, accessToken, refreshToken } = await authService.registerAndLoginUser(
        email,
-        hashedPassword,
-        { full_name, avatar_url },
+        password,
+        full_name,
+        avatar_url,
        req.log,
      );

-      const userEmail = newUser.user.email;
-      const userId = newUser.user.user_id;
-      logger.info(`Successfully created new user in DB: ${userEmail} (ID: ${userId})`);
-
-      // Use the new standardized logging function
-      await adminRepo.logActivity(
-        {
-          userId: newUser.user.user_id,
-          action: 'user_registered',
-          displayText: `${userEmail} has registered.`,
-          icon: 'user-plus',
-        },
-        req.log,
-      );
-
-      const payload = { user_id: newUser.user.user_id, email: userEmail };
-      const token = jwt.sign(payload, JWT_SECRET, { expiresIn: '1h' });
-
-      const refreshToken = crypto.randomBytes(64).toString('hex');
-      await userRepo.saveRefreshToken(newUser.user.user_id, refreshToken, req.log);
-
      res.cookie('refreshToken', refreshToken, {
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
@@ -128,7 +102,7 @@ router.post(
      });
      return res
        .status(201)
-        .json({ message: 'User registered successfully!', userprofile: newUser, token });
+        .json({ message: 'User registered successfully!', userprofile: newUserProfile, token: accessToken });
    } catch (error: unknown) {
      if (error instanceof UniqueConstraintError) {
        // If the email is a duplicate, return a 409 Conflict status.
@@ -154,17 +128,6 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
      if (user) req.log.debug({ user }, '[API /login] Passport user object:'); // Log the user object passport returns
      if (user) req.log.info({ user }, '[API /login] Passport reported USER FOUND.');

-      try {
-        const allUsersInDb = await getPool().query(
-          'SELECT u.user_id, u.email, p.role FROM public.users u JOIN public.profiles p ON u.user_id = p.user_id',
-        );
-        req.log.debug('[API /login] Current users in DB from SERVER perspective:');
-        console.table(allUsersInDb.rows);
-      } catch (dbError) {
-        req.log.error({ dbError }, '[API /login] Could not query users table for debugging.');
-      }
-      // --- END DEBUG LOGGING ---
-      const { rememberMe } = req.body;
      if (err) {
        req.log.error(
          { error: err },
@@ -176,33 +139,24 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
        return res.status(401).json({ message: info.message || 'Login failed' });
      }

-      const userProfile = user as UserProfile;
-      const payload = {
-        user_id: userProfile.user.user_id,
-        email: userProfile.user.email,
-        role: userProfile.role,
-      };
-      const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
      try {
-        const refreshToken = crypto.randomBytes(64).toString('hex');
-        await userRepo.saveRefreshToken(userProfile.user.user_id, refreshToken, req.log);
+        const { rememberMe } = req.body;
+        const userProfile = user as UserProfile;
+        const { accessToken, refreshToken } = await authService.handleSuccessfulLogin(userProfile, req.log);
        req.log.info(`JWT and refresh token issued for user: ${userProfile.user.email}`);

        const cookieOptions = {
          httpOnly: true,
          secure: process.env.NODE_ENV === 'production',
-          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined,
+          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined, // 30 days
        };

        res.cookie('refreshToken', refreshToken, cookieOptions);
        // Return the full user profile object on login to avoid a second fetch on the client.
        return res.json({ userprofile: userProfile, token: accessToken });
      } catch (tokenErr) {
-        req.log.error(
-          { error: tokenErr },
-          `Failed to save refresh token during login for user: ${userProfile.user.email}`,
-        );
+        const email = (user as UserProfile)?.user?.email || req.body.email;
+        req.log.error({ error: tokenErr }, `Failed to process login for user: ${email}`);
        return next(tokenErr);
      }
    },
@@ -221,38 +175,14 @@ router.post(
    } = req as unknown as ForgotPasswordRequest;

    try {
-      req.log.debug(`[API /forgot-password] Received request for email: ${email}`);
-      const user = await userRepo.findUserByEmail(email, req.log);
-      let token: string | undefined;
-      req.log.debug(
-        { user: user ? { user_id: user.user_id, email: user.email } : 'NOT FOUND' },
-        `[API /forgot-password] Database search result for ${email}:`,
-      );
-
-      if (user) {
-        token = crypto.randomBytes(32).toString('hex');
-        const saltRounds = 10;
-        const tokenHash = await bcrypt.hash(token, saltRounds);
-        const expiresAt = new Date(Date.now() + 3600000); // 1 hour
-
-        await userRepo.createPasswordResetToken(user.user_id, tokenHash, expiresAt, req.log);
-
-        const resetLink = `${process.env.FRONTEND_URL}/reset-password/${token}`;
-
-        try {
-          await sendPasswordResetEmail(email, resetLink, req.log);
-        } catch (emailError) {
-          req.log.error({ emailError }, `Email send failure during password reset for user`);
-        }
-      } else {
-        req.log.warn(`Password reset requested for non-existent email: ${email}`);
-      }
+      // The service handles finding the user, creating the token, and sending the email.
+      const token = await authService.resetPassword(email, req.log);

      // For testability, return the token in the response only in the test environment.
      const responsePayload: { message: string; token?: string } = {
        message: 'If an account with that email exists, a password reset link has been sent.',
      };
-      if (process.env.NODE_ENV === 'test' && user) responsePayload.token = token;
+      if (process.env.NODE_ENV === 'test' && token) responsePayload.token = token;
      res.status(200).json(responsePayload);
    } catch (error) {
      req.log.error({ error }, `An error occurred during /forgot-password for email: ${email}`);
@@ -273,38 +203,12 @@ router.post(
    } = req as unknown as ResetPasswordRequest;

    try {
-      const validTokens = await userRepo.getValidResetTokens(req.log);
-      let tokenRecord;
-      for (const record of validTokens) {
-        const isMatch = await bcrypt.compare(token, record.token_hash);
-        if (isMatch) {
-          tokenRecord = record;
-          break;
-        }
-      }
+      const resetSuccessful = await authService.updatePassword(token, newPassword, req.log);

-      if (!tokenRecord) {
+      if (!resetSuccessful) {
        return res.status(400).json({ message: 'Invalid or expired password reset token.' });
      }

-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
-
-      await userRepo.updateUserPassword(tokenRecord.user_id, hashedPassword, req.log);
-      await userRepo.deleteResetToken(tokenRecord.token_hash, req.log);
-
-      // Log this security event after a successful password reset.
-      await adminRepo.logActivity(
-        {
-          userId: tokenRecord.user_id,
-          action: 'password_reset',
-          displayText: `User ID ${tokenRecord.user_id} has reset their password.`,
-          icon: 'key',
-          details: { source_ip: req.ip ?? null },
-        },
-        req.log,
-      );
-
      res.status(200).json({ message: 'Password has been reset successfully.' });
    } catch (error) {
      req.log.error({ error }, `An error occurred during password reset.`);
@@ -321,15 +225,11 @@ router.post('/refresh-token', async (req: Request, res: Response, next: NextFunc
  }

  try {
-    const user = await userRepo.findUserByRefreshToken(refreshToken, req.log);
-    if (!user) {
+    const result = await authService.refreshAccessToken(refreshToken, req.log);
+    if (!result) {
      return res.status(403).json({ message: 'Invalid or expired refresh token.' });
    }
-
-    const payload = { user_id: user.user_id, email: user.email };
-    const newAccessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
-    res.json({ token: newAccessToken });
+    res.json({ token: result.accessToken });
  } catch (error) {
    req.log.error({ error }, 'An error occurred during /refresh-token.');
    next(error);
@@ -346,8 +246,8 @@ router.post('/logout', async (req: Request, res: Response) => {
  if (refreshToken) {
    // Invalidate the token in the database so it cannot be used again.
    // We don't need to wait for this to finish to respond to the user.
-    userRepo.deleteRefreshToken(refreshToken, req.log).catch((err: Error) => {
-      req.log.error({ error: err }, 'Failed to delete refresh token from DB during logout.');
+    authService.logout(refreshToken, req.log).catch((err: Error) => {
+      req.log.error({ error: err }, 'Logout token invalidation failed in background.');
    });
  }
  // Instruct the browser to clear the cookie by setting its expiration to the past.
--- a/src/routes/gamification.routes.ts
+++ b/src/routes/gamification.routes.ts
@@ -1,11 +1,10 @@
 // src/routes/gamification.routes.ts
 import express, { NextFunction } from 'express';
 import { z } from 'zod';
-import passport, { isAdmin } from './passport.routes';
-import { gamificationRepo } from '../services/db/index.db';
+import passport, { isAdmin } from './passport.routes'; // Correctly imported
+import { gamificationService } from '../services/gamificationService';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
-import { ForeignKeyConstraintError } from '../services/db/errors.db';
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString, optionalNumeric } from '../utils/zodUtils';

@@ -14,10 +13,12 @@ const adminGamificationRouter = express.Router(); // Create a new router for adm

 // --- Zod Schemas for Gamification Routes (as per ADR-003) ---

+const leaderboardQuerySchema = z.object({
+  limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
+});
+
 const leaderboardSchema = z.object({
-  query: z.object({
-    limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
-  }),
+  query: leaderboardQuerySchema,
 });

 const awardAchievementSchema = z.object({
@@ -35,7 +36,7 @@ const awardAchievementSchema = z.object({
 */
 router.get('/', async (req, res, next: NextFunction) => {
  try {
-    const achievements = await gamificationRepo.getAllAchievements(req.log);
+    const achievements = await gamificationService.getAllAchievements(req.log);
    res.json(achievements);
  } catch (error) {
    logger.error({ error }, 'Error fetching all achievements in /api/achievements:');
@@ -51,14 +52,11 @@ router.get(
  '/leaderboard',
  validateRequest(leaderboardSchema),
  async (req, res, next: NextFunction): Promise<void> => {
-    // Apply ADR-003 pattern for type safety.
-    // Explicitly coerce query params to ensure numbers are passed to the repo,
-    // as validateRequest might not replace req.query in all test environments.
-    const query = req.query as unknown as { limit?: string };
-    const limit = query.limit ? Number(query.limit) : 10;
-
    try {
-      const leaderboard = await gamificationRepo.getLeaderboard(limit, req.log);
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
+      const { limit } = leaderboardQuerySchema.parse(req.query);
+      const leaderboard = await gamificationService.getLeaderboard(limit!, req.log);
      res.json(leaderboard);
    } catch (error) {
      logger.error({ error }, 'Error fetching leaderboard:');
@@ -79,7 +77,7 @@ router.get(
  async (req, res, next: NextFunction): Promise<void> => {
    const userProfile = req.user as UserProfile;
    try {
-      const userAchievements = await gamificationRepo.getUserAchievements(
+      const userAchievements = await gamificationService.getUserAchievements(
        userProfile.user.user_id,
        req.log,
      );
@@ -111,21 +109,13 @@ adminGamificationRouter.post(
    type AwardAchievementRequest = z.infer<typeof awardAchievementSchema>;
    const { body } = req as unknown as AwardAchievementRequest;
    try {
-      await gamificationRepo.awardAchievement(body.userId, body.achievementName, req.log);
+      await gamificationService.awardAchievement(body.userId, body.achievementName, req.log);
      res
        .status(200)
        .json({
          message: `Successfully awarded '${body.achievementName}' to user ${body.userId}.`,
        });
    } catch (error) {
-      if (error instanceof ForeignKeyConstraintError) {
-        res.status(400).json({ message: error.message });
-        return;
-      }
-      logger.error(
-        { error, userId: body.userId, achievementName: body.achievementName },
-        'Error awarding achievement via admin endpoint:',
-      );
      next(error);
    }
  },
--- a/src/routes/stats.routes.ts
+++ b/src/routes/stats.routes.ts
@@ -28,10 +28,9 @@ router.get(
  validateRequest(mostFrequentSalesSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
-      // Parse req.query to ensure coercion (string -> number) and defaults are applied.
-      // Even though validateRequest checks validity, it may not mutate req.query with the parsed result.
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
      const { days, limit } = statsQuerySchema.parse(req.query);
-
      const items = await db.adminRepo.getMostFrequentSaleItems(days!, limit!, req.log);
      res.json(items);
    } catch (error) {
--- a/src/routes/system.routes.test.ts
+++ b/src/routes/system.routes.test.ts
@@ -6,6 +6,32 @@ import { exec, type ExecException, type ExecOptions } from 'child_process';
 import { geocodingService } from '../services/geocodingService.server';
 import { createTestApp } from '../tests/utils/createTestApp';

+// FIX: Mock util.promisify to correctly handle child_process.exec's (err, stdout, stderr) signature.
+// This is required because the standard util.promisify relies on internal symbols on the real exec function,
+// which are missing on our Vitest mock. Without this, promisify(mockExec) drops the stdout/stderr arguments.
+vi.mock('util', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('util')>();
+  return {
+    ...actual,
+    default: actual,
+    promisify: (fn: Function) => {
+      return (...args: any[]) => {
+        return new Promise((resolve, reject) => {
+          fn(...args, (err: Error | null, stdout: unknown, stderr: unknown) => {
+            if (err) {
+              // Attach stdout/stderr to the error object to mimic child_process.exec behavior
+              Object.assign(err, { stdout, stderr });
+              reject(err);
+            } else {
+              resolve({ stdout, stderr });
+            }
+          });
+        });
+      };
+    },
+  };
+});
+
 // FIX: Use the simple factory pattern for child_process to avoid default export issues
 vi.mock('child_process', () => {
  const mockExec = vi.fn((command, callback) => {
--- a/src/routes/system.routes.ts
+++ b/src/routes/system.routes.ts
@@ -1,11 +1,11 @@
 // src/routes/system.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import { exec } from 'child_process';
-import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { geocodingService } from '../services/geocodingService.server';
 import { validateRequest } from '../middleware/validation.middleware';
+import { z } from 'zod';
 import { requiredString } from '../utils/zodUtils';
+import { systemService } from '../services/systemService';

 const router = Router();

@@ -25,39 +25,13 @@ const emptySchema = z.object({});
 router.get(
  '/pm2-status',
  validateRequest(emptySchema),
-  (req: Request, res: Response, next: NextFunction) => {
-    // The name 'flyer-crawler-api' comes from your ecosystem.config.cjs file.
-    exec('pm2 describe flyer-crawler-api', (error, stdout, stderr) => {
-      if (error) {
-        // 'pm2 describe' exits with an error if the process is not found.
-        // We can treat this as a "fail" status for our check.
-        if (stdout && stdout.includes("doesn't exist")) {
-          logger.warn('[API /pm2-status] PM2 process "flyer-crawler-api" not found.');
-          return res.json({
-            success: false,
-            message: 'Application process is not running under PM2.',
-          });
-        }
-        logger.error(
-          { error: stderr || error.message },
-          '[API /pm2-status] Error executing pm2 describe:',
-        );
-        return next(error);
-      }
-
-      // Check if there was output to stderr, even if the exit code was 0 (success).
-      if (stderr && stderr.trim().length > 0) {
-        logger.error({ stderr }, '[API /pm2-status] PM2 executed but produced stderr:');
-        return next(new Error(`PM2 command produced an error: ${stderr}`));
-      }
-
-      // If the command succeeds, we can parse stdout to check the status.
-      const isOnline = /│ status\s+│ online\s+│/m.test(stdout);
-      const message = isOnline
-        ? 'Application is online and running under PM2.'
-        : 'Application process exists but is not online.';
-      res.json({ success: isOnline, message });
-    });
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const status = await systemService.getPm2Status();
+      res.json(status);
+    } catch (error) {
+      next(error);
+    }
  },
 );

--- a/src/routes/user.routes.test.ts
+++ b/src/routes/user.routes.test.ts
@@ -2,7 +2,6 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
 import express from 'express';
-import * as bcrypt from 'bcrypt';
 import fs from 'node:fs/promises';
 import {
  createMockUserProfile,
@@ -17,10 +16,11 @@ import {
  createMockAddress,
 } from '../tests/utils/mockFactories';
 import { Appliance, Notification, DietaryRestriction } from '../types';
-import { ForeignKeyConstraintError, NotFoundError } from '../services/db/errors.db';
+import { ForeignKeyConstraintError, NotFoundError, ValidationError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
 import { logger } from '../services/logger.server';
+import { userService } from '../services/userService';

 // 1. Mock the Service Layer directly.
 // The user.routes.ts file imports from '.../db/index.db'. We need to mock that module.
@@ -29,9 +29,6 @@ vi.mock('../services/db/index.db', () => ({
  userRepo: {
    findUserProfileById: vi.fn(),
    updateUserProfile: vi.fn(),
-    updateUserPassword: vi.fn(),
-    findUserWithPasswordHashById: vi.fn(),
-    deleteUserById: vi.fn(),
    updateUserPreferences: vi.fn(),
  },
  personalizationRepo: {
@@ -70,22 +67,14 @@ vi.mock('../services/db/index.db', () => ({
 // Mock userService
 vi.mock('../services/userService', () => ({
  userService: {
+    updateUserAvatar: vi.fn(),
+    updateUserPassword: vi.fn(),
+    deleteUserAccount: vi.fn(),
+    getUserAddress: vi.fn(),
    upsertUserAddress: vi.fn(),
  },
 }));

-// 2. Mock bcrypt.
-// We return an object that satisfies both default and named imports to be safe.
-vi.mock('bcrypt', () => {
-  const hash = vi.fn();
-  const compare = vi.fn();
-  return {
-    default: { hash, compare },
-    hash,
-    compare,
-  };
-});
-
 // Mock the logger
 vi.mock('../services/logger.server', async () => ({
  // Use async import to avoid hoisting issues with mockLogger
@@ -94,7 +83,6 @@ vi.mock('../services/logger.server', async () => ({

 // Import the router and other modules AFTER mocks are established
 import userRouter from './user.routes';
-import { userService } from '../services/userService'; // Import for checking calls
 // Import the mocked db module to control its functions in tests
 import * as db from '../services/db/index.db';

@@ -599,20 +587,17 @@ describe('User Routes (/api/users)', () => {

    describe('PUT /profile/password', () => {
      it('should update the password successfully with a strong password', async () => {
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
+        vi.mocked(userService.updateUserPassword).mockResolvedValue(undefined);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
-
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Password updated successfully.');
      });

      it('should return 500 on a generic database error', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserPassword).mockRejectedValue(dbError);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
@@ -624,7 +609,6 @@ describe('User Routes (/api/users)', () => {
      });

      it('should return 400 for a weak password', async () => {
-        // Use a password long enough to pass .min(8) but weak enough to fail strength check
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'password123' });
@@ -636,70 +620,38 @@ describe('User Routes (/api/users)', () => {

    describe('DELETE /account', () => {
      it('should delete the account with the correct password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(db.userRepo.deleteUserById).mockResolvedValue(undefined);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+        vi.mocked(userService.deleteUserAccount).mockResolvedValue(undefined);
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Account deleted successfully.');
+        expect(userService.deleteUserAccount).toHaveBeenCalledWith('user-123', 'correct-password', expectLogger);
      });

-      it('should return 403 for an incorrect password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(false as never);
+      it('should return 400 for an incorrect password', async () => {
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new ValidationError([], 'Incorrect password.'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'wrong-password' });

-        expect(response.status).toBe(403);
+        expect(response.status).toBe(400);
        expect(response.body.message).toBe('Incorrect password.');
      });

      it('should return 404 if the user to delete is not found', async () => {
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockRejectedValue(
-          new NotFoundError('User not found or password not set.'),
-        );
-        const response = await supertest(app)
-          .delete('/api/users/account')
-          .send({ password: 'any-password' });
-        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
-      });
-
-      it('should return 404 if user is an OAuth user without a password', async () => {
-        // Simulate an OAuth user who has no password_hash set.
-        const userWithoutHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: null,
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithoutHash);
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new NotFoundError('User not found.'));

        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'any-password' });

        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
+        expect(response.body.message).toBe('User not found.');
      });

      it('should return 500 on a generic database error', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
-        vi.mocked(db.userRepo.deleteUserById).mockRejectedValue(new Error('DB Connection Failed'));
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new Error('DB Connection Failed'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
@@ -980,7 +932,7 @@ describe('User Routes (/api/users)', () => {
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
        const mockAddress = createMockAddress({ address_id: 1, address_line_1: '123 Main St' });
-        vi.mocked(db.addressRepo.getAddressById).mockResolvedValue(mockAddress);
+        vi.mocked(userService.getUserAddress).mockResolvedValue(mockAddress);
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(200);
        expect(response.body).toEqual(mockAddress);
@@ -992,7 +944,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(new Error('DB Error'));
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new Error('DB Error'));
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(500);
      });
@@ -1005,13 +957,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('GET /addresses/:addressId should return 403 if address does not belong to user', async () => {
-        const appWithDifferentUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: 999 },
-        });
-        const response = await supertest(appWithDifferentUser).get('/api/users/addresses/1');
-        expect(response.status).toBe(403);
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new ValidationError([], 'Forbidden'));
+        const response = await supertest(app).get('/api/users/addresses/2'); // Requesting address 2
+        expect(response.status).toBe(400); // ValidationError maps to 400 by default in the test error handler
+        expect(response.body.message).toBe('Forbidden');
      });

      it('GET /addresses/:addressId should return 404 if address not found', async () => {
@@ -1020,7 +969,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(
+        vi.mocked(userService.getUserAddress).mockRejectedValue(
          new NotFoundError('Address not found.'),
        );
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
@@ -1029,19 +978,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('PUT /profile/address should call upsertAddress and updateUserProfile if needed', async () => {
-        const appWithUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: null },
-        }); // User has no address yet
        const addressData = { address_line_1: '123 New St' };
-        vi.mocked(db.addressRepo.upsertAddress).mockResolvedValue(5); // New address ID is 5
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue({
-          ...mockUserProfile,
-          address_id: 5,
-        });
+        vi.mocked(userService.upsertUserAddress).mockResolvedValue(5);

-        const response = await supertest(appWithUser)
+        const response = await supertest(app)
          .put('/api/users/profile/address')
          .send(addressData);

@@ -1073,11 +1013,11 @@ describe('User Routes (/api/users)', () => {

    describe('POST /profile/avatar', () => {
      it('should upload an avatar and update the user profile', async () => {
-        const mockUpdatedProfile = {
+        const mockUpdatedProfile = createMockUserProfile({
          ...mockUserProfile,
          avatar_url: '/uploads/avatars/new-avatar.png',
-        };
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue(mockUpdatedProfile);
+        });
+        vi.mocked(userService.updateUserAvatar).mockResolvedValue(mockUpdatedProfile);

        // Create a dummy file path for supertest to attach
        const dummyImagePath = 'test-avatar.png';
@@ -1087,17 +1027,17 @@ describe('User Routes (/api/users)', () => {
          .attach('avatar', Buffer.from('dummy-image-content'), dummyImagePath);

        expect(response.status).toBe(200);
-        expect(response.body.avatar_url).toContain('/uploads/avatars/');
-        expect(db.userRepo.updateUserProfile).toHaveBeenCalledWith(
+        expect(response.body.avatar_url).toContain('/uploads/avatars/'); // This was a duplicate, fixed.
+        expect(userService.updateUserAvatar).toHaveBeenCalledWith(
          mockUserProfile.user.user_id,
-          { avatar_url: expect.any(String) },
+          expect.any(Object),
          expectLogger,
        );
      });

      it('should return 500 if updating the profile fails after upload', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
        const dummyImagePath = 'test-avatar.png';
        const response = await supertest(app)
          .post('/api/users/profile/avatar')
@@ -1141,7 +1081,7 @@ describe('User Routes (/api/users)', () => {
        const unlinkSpy = vi.spyOn(fs, 'unlink').mockResolvedValue(undefined);

        const dbError = new Error('DB Connection Failed');
-        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
        const dummyImagePath = 'test-avatar.png';

        const response = await supertest(app)
--- a/src/routes/user.routes.ts
+++ b/src/routes/user.routes.ts
@@ -2,8 +2,6 @@
 import express, { Request, Response, NextFunction } from 'express';
 import passport from './passport.routes';
 import multer from 'multer'; // Keep for MulterError type check
-import fs from 'node:fs/promises';
-import * as bcrypt from 'bcrypt'; // This was a duplicate, fixed.
 import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
@@ -22,19 +20,7 @@ import {
  optionalBoolean,
 } from '../utils/zodUtils';
 import * as db from '../services/db/index.db';
-
-/**
- * Safely deletes a file from the filesystem, ignoring errors if the file doesn't exist.
- * @param file The multer file object to delete.
- */
-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.unlink(file.path);
-  } catch (err) {
-    logger.warn({ err, filePath: file.path }, 'Failed to clean up uploaded avatar file.');
-  }
-};
+import { cleanupUploadedFile } from '../utils/fileUtils';

 const router = express.Router();

@@ -50,6 +36,7 @@ const updatePasswordSchema = z.object({
  body: z.object({
    newPassword: z
      .string()
+      .trim() // Trim whitespace from password input.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -58,6 +45,9 @@ const updatePasswordSchema = z.object({
  }),
 });

+// The `requiredString` utility (modified in `zodUtils.ts`) now handles trimming,
+// so no changes are needed here, but we are confirming that password trimming
+// is now implicitly handled for this schema.
 const deleteAccountSchema = z.object({
  body: z.object({ password: requiredString("Field 'password' is required.") }),
 });
@@ -103,14 +93,10 @@ router.post(
  async (req: Request, res: Response, next: NextFunction) => {
    // The try-catch block was already correct here.
    try {
+      // The `requireFileUpload` middleware is not used here, so we must check for `req.file`.
      if (!req.file) return res.status(400).json({ message: 'No avatar file uploaded.' });
      const userProfile = req.user as UserProfile;
-      const avatarUrl = `/uploads/avatars/${req.file.filename}`;
-      const updatedProfile = await db.userRepo.updateUserProfile(
-        userProfile.user.user_id,
-        { avatar_url: avatarUrl },
-        req.log,
-      );
+      const updatedProfile = await userService.updateUserAvatar(userProfile.user.user_id, req.file, req.log);
      res.json(updatedProfile);
    } catch (error) {
      // If an error occurs after the file has been uploaded (e.g., DB error),
@@ -257,9 +243,7 @@ router.put(
    const { body } = req as unknown as UpdatePasswordRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(body.newPassword, saltRounds);
-      await db.userRepo.updateUserPassword(userProfile.user.user_id, hashedPassword, req.log);
+      await userService.updateUserPassword(userProfile.user.user_id, body.newPassword, req.log);
      res.status(200).json({ message: 'Password updated successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] PUT /api/users/profile/password - ERROR`);
@@ -282,20 +266,7 @@ router.delete(
    const { body } = req as unknown as DeleteAccountRequest;

    try {
-      const userWithHash = await db.userRepo.findUserWithPasswordHashById(
-        userProfile.user.user_id,
-        req.log,
-      );
-      if (!userWithHash || !userWithHash.password_hash) {
-        return res.status(404).json({ message: 'User not found or password not set.' });
-      }
-
-      const isMatch = await bcrypt.compare(body.password, userWithHash.password_hash);
-      if (!isMatch) {
-        return res.status(403).json({ message: 'Incorrect password.' });
-      }
-
-      await db.userRepo.deleteUserById(userProfile.user.user_id, req.log);
+      await userService.deleteUserAccount(userProfile.user.user_id, body.password, req.log);
      res.status(200).json({ message: 'Account deleted successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] DELETE /api/users/account - ERROR`);
@@ -485,7 +456,11 @@ const addShoppingListItemSchema = shoppingListIdSchema.extend({
  body: z
    .object({
      masterItemId: z.number().int().positive().optional(),
-      customItemName: z.string().min(1, 'customItemName cannot be empty if provided').optional(),
+      customItemName: z
+        .string()
+        .trim()
+        .min(1, 'customItemName cannot be empty if provided')
+        .optional(),
    })
    .refine((data) => data.masterItemId || data.customItemName, {
      message: 'Either masterItemId or customItemName must be provided.',
@@ -711,13 +686,7 @@ router.get(
    const { params } = req as unknown as GetAddressRequest;
    try {
      const addressId = params.addressId;
-      // Security check: Ensure the requested addressId matches the one on the user's profile.
-      if (userProfile.address_id !== addressId) {
-        return res
-          .status(403)
-          .json({ message: 'Forbidden: You can only access your own address.' });
-      }
-      const address = await db.addressRepo.getAddressById(addressId, req.log); // This will throw NotFoundError if not found
+      const address = await userService.getUserAddress(userProfile, addressId, req.log);
      res.json(address);
    } catch (error) {
      logger.error({ error }, 'Error fetching user address');
@@ -732,12 +701,12 @@ router.get(
 const updateUserAddressSchema = z.object({
  body: z
    .object({
-      address_line_1: z.string().optional(),
-      address_line_2: z.string().optional(),
-      city: z.string().optional(),
-      province_state: z.string().optional(),
-      postal_code: z.string().optional(),
-      country: z.string().optional(),
+      address_line_1: z.string().trim().optional(),
+      address_line_2: z.string().trim().optional(),
+      city: z.string().trim().optional(),
+      province_state: z.string().trim().optional(),
+      postal_code: z.string().trim().optional(),
+      country: z.string().trim().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, {
      message: 'At least one address field must be provided.',
@@ -797,13 +766,13 @@ router.delete(
 const updateRecipeSchema = recipeIdSchema.extend({
  body: z
    .object({
-      name: z.string().optional(),
-      description: z.string().optional(),
-      instructions: z.string().optional(),
+      name: z.string().trim().optional(),
+      description: z.string().trim().optional(),
+      instructions: z.string().trim().optional(),
      prep_time_minutes: z.number().int().optional(),
      cook_time_minutes: z.number().int().optional(),
      servings: z.number().int().optional(),
-      photo_url: z.string().url().optional(),
+      photo_url: z.string().trim().url().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, { message: 'No fields provided to update.' }),
 });
--- a/src/services/aiService.server.ts
+++ b/src/services/aiService.server.ts
@@ -10,7 +10,23 @@ import fsPromises from 'node:fs/promises';
 import type { Logger } from 'pino';
 import { z } from 'zod';
 import { pRateLimit } from 'p-ratelimit';
-import type { FlyerItem, MasterGroceryItem, ExtractedFlyerItem } from '../types';
+import type {
+  FlyerItem,
+  MasterGroceryItem,
+  ExtractedFlyerItem,
+  UserProfile,
+  ExtractedCoreData,
+  FlyerInsert,
+  Flyer,
+} from '../types';
+import { FlyerProcessingError } from './processingErrors';
+import * as db from './db/index.db';
+import { flyerQueue } from './queueService.server';
+import type { Job } from 'bullmq';
+import { createFlyerAndItems } from './db/flyer.db';
+import { generateFlyerIcon } from '../utils/imageProcessor';
+import path from 'path';
+import { ValidationError } from './db/errors.db';

 // Helper for consistent required string validation (handles missing/null/empty)
 const requiredString = (message: string) =>
@@ -34,6 +50,21 @@ export const AiFlyerDataSchema = z.object({
  items: z.array(ExtractedFlyerItemSchema),
 });

+interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
+  checksum?: string;
+  originalFileName?: string;
+  extractedData?: Partial<ExtractedCoreData>;
+  data?: FlyerProcessPayload; // For nested data structures
+}
+
+// Helper to safely extract an error message from unknown `catch` values.
+const errMsg = (e: unknown) => {
+  if (e instanceof Error) return e.message;
+  if (typeof e === 'object' && e !== null && 'message' in e)
+    return String((e as { message: unknown }).message);
+  return String(e || 'An unknown error occurred.');
+};
+
 /**
 * Defines the contract for a file system utility. This interface allows for
 * dependency injection, making the AIService testable without hitting the real file system.
@@ -67,6 +98,12 @@ type RawFlyerItem = {
  master_item_id?: number | null | undefined;
 };

+export class DuplicateFlyerError extends FlyerProcessingError {
+  constructor(message: string, public flyerId: number) {
+    super(message, 'DUPLICATE_FLYER', message);
+  }
+}
+
 export class AIService {
  private aiClient: IAiClient;
  private fs: IFileSystem;
@@ -690,6 +727,187 @@ export class AIService {
      }
      */
  }
+
+
+async enqueueFlyerProcessing(
+    file: Express.Multer.File,
+    checksum: string,
+    userProfile: UserProfile | undefined,
+    submitterIp: string,
+    logger: Logger,
+  ): Promise<Job> {
+    // 1. Check for duplicate flyer
+    const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, logger);
+    if (existingFlyer) {
+      // Throw a specific error for the route to handle
+      throw new DuplicateFlyerError(
+        'This flyer has already been processed.',
+        existingFlyer.flyer_id,
+      );
+    }
+
+    // 2. Construct user address string
+    let userProfileAddress: string | undefined = undefined;
+    if (userProfile?.address) {
+      userProfileAddress = [
+        userProfile.address.address_line_1,
+        userProfile.address.address_line_2,
+        userProfile.address.city,
+        userProfile.address.province_state,
+        userProfile.address.postal_code,
+        userProfile.address.country,
+      ]
+        .filter(Boolean)
+        .join(', ');
+    }
+
+    // 3. Add job to the queue
+    const job = await flyerQueue.add('process-flyer', {
+      filePath: file.path,
+      originalFileName: file.originalname,
+      checksum: checksum,
+      userId: userProfile?.user.user_id,
+      submitterIp: submitterIp,
+      userProfileAddress: userProfileAddress,
+    });
+
+    logger.info(
+      `Enqueued flyer for processing. File: ${file.originalname}, Job ID: ${job.id}`,
+    );
+
+    return job;
+  }
+
+  private _parseLegacyPayload(
+    body: any,
+    logger: Logger,
+  ): { parsed: FlyerProcessPayload; extractedData: Partial<ExtractedCoreData> | null | undefined } {
+    let parsed: FlyerProcessPayload = {};
+    let extractedData: Partial<ExtractedCoreData> | null | undefined = {};
+    try {
+      if (body && (body.data || body.extractedData)) {
+        const raw = body.data ?? body.extractedData;
+        try {
+          parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
+        } catch (err) {
+          logger.warn(
+            { error: errMsg(err) },
+            '[AIService] Failed to JSON.parse raw extractedData; falling back to direct assign',
+          );
+          parsed = (
+            typeof raw === 'string' ? JSON.parse(String(raw).slice(0, 2000)) : raw
+          ) as FlyerProcessPayload;
+        }
+        extractedData = 'extractedData' in parsed ? parsed.extractedData : (parsed as Partial<ExtractedCoreData>);
+      } else {
+        try {
+          parsed = typeof body === 'string' ? JSON.parse(body) : body;
+        } catch (err) {
+          logger.warn(
+            { error: errMsg(err) },
+            '[AIService] Failed to JSON.parse req.body; using empty object',
+          );
+          parsed = (body as FlyerProcessPayload) || {};
+        }
+        if (parsed.data) {
+          try {
+            const inner = typeof parsed.data === 'string' ? JSON.parse(parsed.data) : parsed.data;
+            extractedData = inner.extractedData ?? inner;
+          } catch (err) {
+            logger.warn({ error: errMsg(err) }, '[AIService] Failed to parse parsed.data; falling back');
+            extractedData = parsed.data as unknown as Partial<ExtractedCoreData>;
+          }
+        } else if (parsed.extractedData) {
+          extractedData = parsed.extractedData;
+        } else {
+          if ('items' in parsed || 'store_name' in parsed || 'valid_from' in parsed) {
+            extractedData = parsed as Partial<ExtractedCoreData>;
+          } else {
+            extractedData = {};
+          }
+        }
+      }
+    } catch (err) {
+      logger.error({ error: err }, '[AIService] Unexpected error while parsing legacy request body');
+      parsed = {};
+      extractedData = {};
+    }
+    return { parsed, extractedData };
+  }
+
+  async processLegacyFlyerUpload(
+    file: Express.Multer.File,
+    body: any,
+    userProfile: UserProfile | undefined,
+    logger: Logger,
+  ): Promise<Flyer> {
+    const { parsed, extractedData: initialExtractedData } = this._parseLegacyPayload(body, logger);
+    let extractedData = initialExtractedData;
+
+    const checksum = parsed.checksum ?? parsed?.data?.checksum ?? '';
+    if (!checksum) {
+      throw new ValidationError([], 'Checksum is required.');
+    }
+
+    const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, logger);
+    if (existingFlyer) {
+      throw new DuplicateFlyerError('This flyer has already been processed.', existingFlyer.flyer_id);
+    }
+
+    const originalFileName = parsed.originalFileName ?? parsed?.data?.originalFileName ?? file.originalname;
+
+    if (!extractedData || typeof extractedData !== 'object') {
+      logger.warn({ bodyData: parsed }, 'Missing extractedData in legacy payload.');
+      extractedData = {};
+    }
+
+    const rawItems = extractedData.items ?? [];
+    const itemsArray = Array.isArray(rawItems) ? rawItems : typeof rawItems === 'string' ? JSON.parse(rawItems) : [];
+    const itemsForDb = itemsArray.map((item: Partial<ExtractedFlyerItem>) => ({
+      ...item,
+      master_item_id: item.master_item_id === null ? undefined : item.master_item_id,
+      quantity: item.quantity ?? 1,
+      view_count: 0,
+      click_count: 0,
+      updated_at: new Date().toISOString(),
+    }));
+
+    const storeName = extractedData.store_name && String(extractedData.store_name).trim().length > 0 ? String(extractedData.store_name) : 'Unknown Store (auto)';
+    if (storeName.startsWith('Unknown')) {
+      logger.warn('extractedData.store_name missing; using fallback store name.');
+    }
+
+    const iconsDir = path.join(path.dirname(file.path), 'icons');
+    const iconFileName = await generateFlyerIcon(file.path, iconsDir, logger);
+    const iconUrl = `/flyer-images/icons/${iconFileName}`;
+
+    const flyerData: FlyerInsert = {
+      file_name: originalFileName,
+      image_url: `/flyer-images/${file.filename}`,
+      icon_url: iconUrl,
+      checksum: checksum,
+      store_name: storeName,
+      valid_from: extractedData.valid_from ?? null,
+      valid_to: extractedData.valid_to ?? null,
+      store_address: extractedData.store_address ?? null,
+      item_count: 0,
+      status: 'needs_review',
+      uploaded_by: userProfile?.user.user_id,
+    };
+
+    const { flyer: newFlyer, items: newItems } = await createFlyerAndItems(flyerData, itemsForDb, logger);
+
+    logger.info(`Successfully processed legacy flyer: ${newFlyer.file_name} (ID: ${newFlyer.flyer_id}) with ${newItems.length} items.`);
+
+    await db.adminRepo.logActivity({
+      userId: userProfile?.user.user_id,
+      action: 'flyer_processed',
+      displayText: `Processed a new flyer for ${flyerData.store_name}.`,
+      details: { flyerId: newFlyer.flyer_id, storeName: flyerData.store_name },
+    }, logger);
+
+    return newFlyer;
+  }
 }

 // Export a singleton instance of the service for use throughout the application.
--- a/src/services/authService.ts
+++ b/src/services/authService.ts
@@ -0,0 +1,221 @@
+// src/services/authService.ts
+import * as bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+import crypto from 'crypto';
+import { userRepo, adminRepo } from './db/index.db';
+import { UniqueConstraintError } from './db/errors.db';
+import { getPool } from './db/connection.db';
+import { logger } from './logger.server';
+import { sendPasswordResetEmail } from './emailService.server';
+import type { UserProfile } from '../types';
+import { validatePasswordStrength } from '../utils/authUtils';
+
+const JWT_SECRET = process.env.JWT_SECRET!;
+
+class AuthService {
+  async registerUser(
+    email: string,
+    password: string,
+    fullName: string | undefined,
+    avatarUrl: string | undefined,
+    reqLog: any,
+  ) {
+    try {
+      const saltRounds = 10;
+      const hashedPassword = await bcrypt.hash(password, saltRounds);
+      logger.info(`Hashing password for new user: ${email}`);
+
+      // The createUser method in UserRepository now handles its own transaction.
+      const newUser = await userRepo.createUser(
+        email,
+        hashedPassword,
+        { full_name: fullName, avatar_url: avatarUrl },
+        reqLog,
+      );
+
+      const userEmail = newUser.user.email;
+      const userId = newUser.user.user_id;
+      logger.info(`Successfully created new user in DB: ${userEmail} (ID: ${userId})`);
+
+      // Use the new standardized logging function
+      await adminRepo.logActivity(
+        {
+          userId: newUser.user.user_id,
+          action: 'user_registered',
+          displayText: `${userEmail} has registered.`,
+          icon: 'user-plus',
+        },
+        reqLog,
+      );
+
+      return newUser;
+    } catch (error: unknown) {
+      if (error instanceof UniqueConstraintError) {
+        // If the email is a duplicate, return a 409 Conflict status.
+        throw error;
+      }
+      logger.error({ error }, `User registration route failed for email: ${email}.`);
+      // Pass the error to the centralized handler
+      throw error;
+    }
+  }
+
+  async registerAndLoginUser(
+    email: string,
+    password: string,
+    fullName: string | undefined,
+    avatarUrl: string | undefined,
+    reqLog: any,
+  ): Promise<{ newUserProfile: UserProfile; accessToken: string; refreshToken: string }> {
+    const newUserProfile = await this.registerUser(
+      email,
+      password,
+      fullName,
+      avatarUrl,
+      reqLog,
+    );
+    const { accessToken, refreshToken } = await this.handleSuccessfulLogin(newUserProfile, reqLog);
+    return { newUserProfile, accessToken, refreshToken };
+  }
+
+  generateAuthTokens(userProfile: UserProfile) {
+    const payload = {
+      user_id: userProfile.user.user_id,
+      email: userProfile.user.email,
+      role: userProfile.role,
+    };
+    const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
+    const refreshToken = crypto.randomBytes(64).toString('hex');
+
+    return { accessToken, refreshToken };
+  }
+
+  async saveRefreshToken(userId: string, refreshToken: string, reqLog: any) {
+    try {
+      await userRepo.saveRefreshToken(userId, refreshToken, reqLog);
+    } catch (tokenErr) {
+      logger.error(
+        { error: tokenErr },
+        `Failed to save refresh token during login for user: ${userId}`,
+      );
+      throw tokenErr;
+    }
+  }
+
+  async handleSuccessfulLogin(userProfile: UserProfile, reqLog: any) {
+    const { accessToken, refreshToken } = this.generateAuthTokens(userProfile);
+    await this.saveRefreshToken(userProfile.user.user_id, refreshToken, reqLog);
+    return { accessToken, refreshToken };
+  }
+
+  async resetPassword(email: string, reqLog: any) {
+    try {
+      logger.debug(`[API /forgot-password] Received request for email: ${email}`);
+      const user = await userRepo.findUserByEmail(email, reqLog);
+      let token: string | undefined;
+      logger.debug(
+        { user: user ? { user_id: user.user_id, email: user.email } : 'NOT FOUND' },
+        `[API /forgot-password] Database search result for ${email}:`,
+      );
+
+      if (user) {
+        token = crypto.randomBytes(32).toString('hex');
+        const saltRounds = 10;
+        const tokenHash = await bcrypt.hash(token, saltRounds);
+        const expiresAt = new Date(Date.now() + 3600000); // 1 hour
+
+        await userRepo.createPasswordResetToken(user.user_id, tokenHash, expiresAt, reqLog);
+
+        const resetLink = `${process.env.FRONTEND_URL}/reset-password/${token}`;
+
+        try {
+          await sendPasswordResetEmail(email, resetLink, reqLog);
+        } catch (emailError) {
+          logger.error({ emailError }, `Email send failure during password reset for user`);
+        }
+      } else {
+        logger.warn(`Password reset requested for non-existent email: ${email}`);
+      }
+
+      return token;
+    } catch (error) {
+      logger.error({ error }, `An error occurred during /forgot-password for email: ${email}`);
+      throw error;
+    }
+  }
+
+  async updatePassword(token: string, newPassword: string, reqLog: any) {
+    try {
+      const validTokens = await userRepo.getValidResetTokens(reqLog);
+      let tokenRecord;
+      for (const record of validTokens) {
+        const isMatch = await bcrypt.compare(token, record.token_hash);
+        if (isMatch) {
+          tokenRecord = record;
+          break;
+        }
+      }
+
+      if (!tokenRecord) {
+        return null;
+      }
+
+      const saltRounds = 10;
+      const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
+
+      await userRepo.updateUserPassword(tokenRecord.user_id, hashedPassword, reqLog);
+      await userRepo.deleteResetToken(tokenRecord.token_hash, reqLog);
+
+      // Log this security event after a successful password reset.
+      await adminRepo.logActivity(
+        {
+          userId: tokenRecord.user_id,
+          action: 'password_reset',
+          displayText: `User ID ${tokenRecord.user_id} has reset their password.`,
+          icon: 'key',
+          details: { source_ip: null },
+        },
+        reqLog,
+      );
+
+      return true;
+    } catch (error) {
+      logger.error({ error }, `An error occurred during password reset.`);
+      throw error;
+    }
+  }
+
+  async getUserByRefreshToken(refreshToken: string, reqLog: any) {
+    try {
+      const basicUser = await userRepo.findUserByRefreshToken(refreshToken, reqLog);
+      if (!basicUser) {
+        return null;
+      }
+      const userProfile = await userRepo.findUserProfileById(basicUser.user_id, reqLog);
+      return userProfile;
+    } catch (error) {
+      logger.error({ error }, 'An error occurred during /refresh-token.');
+      throw error;
+    }
+  }
+
+  async logout(refreshToken: string, reqLog: any) {
+    try {
+      await userRepo.deleteRefreshToken(refreshToken, reqLog);
+    } catch (err: any) {
+      logger.error({ error: err }, 'Failed to delete refresh token from DB during logout.');
+      throw err;
+    }
+  }
+
+  async refreshAccessToken(refreshToken: string, reqLog: any): Promise<{ accessToken: string } | null> {
+    const user = await this.getUserByRefreshToken(refreshToken, reqLog);
+    if (!user) {
+      return null;
+    }
+    const { accessToken } = this.generateAuthTokens(user);
+    return { accessToken };
+  }
+}
+
+export const authService = new AuthService();
--- a/src/services/backgroundJobService.test.ts
+++ b/src/services/backgroundJobService.test.ts
@@ -335,8 +335,14 @@ describe('Background Job Service', () => {
      // Use fake timers to control promise resolution
      vi.useFakeTimers();

+      // Create a controllable promise
+      let resolveRun!: () => void;
+      const runPromise = new Promise<void>((resolve) => {
+        resolveRun = resolve;
+      });
+
      // Make the first call hang indefinitely
-      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(new Promise(() => {}));
+      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(runPromise);

      startBackgroundJobs(
        mockBackgroundJobService,
@@ -352,6 +358,9 @@ describe('Background Job Service', () => {
      // Trigger it a second time immediately
      const secondCall = dailyDealCheckCallback();

+      // Resolve the first call so the test can finish
+      resolveRun();
+
      await Promise.all([firstCall, secondCall]);

      // The service method should only have been called once
@@ -362,12 +371,18 @@ describe('Background Job Service', () => {
      // Use fake timers to control promise resolution
      vi.useFakeTimers();

+      // Create a controllable promise
+      let resolveRun!: () => void;
+      const runPromise = new Promise<void>((resolve) => {
+        resolveRun = resolve;
+      });
+
      // Make the first call hang indefinitely to keep the lock active
-      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(new Promise(() => {}));
+      vi.mocked(mockBackgroundJobService.runDailyDealCheck).mockReturnValue(runPromise);

      // Make logger.warn throw an error. This is outside the main try/catch in the cron job.
      const warnError = new Error('Logger warn failed');
-      vi.mocked(globalMockLogger.warn).mockImplementation(() => {
+      vi.mocked(globalMockLogger.warn).mockImplementationOnce(() => {
        throw warnError;
      });

@@ -382,7 +397,13 @@ describe('Background Job Service', () => {

      // Trigger the job once, it will hang and set the lock. Then trigger it a second time
      // to enter the `if (isDailyDealCheckRunning)` block and call the throwing logger.warn.
-      await Promise.allSettled([dailyDealCheckCallback(), dailyDealCheckCallback()]);
+      const firstCall = dailyDealCheckCallback();
+      const secondCall = dailyDealCheckCallback();
+
+      // Resolve the first call so the test can finish
+      resolveRun();
+
+      await Promise.allSettled([firstCall, secondCall]);

      // The outer catch block should have been called with the error from logger.warn
      expect(globalMockLogger.error).toHaveBeenCalledWith(
--- a/src/services/backgroundJobService.ts
+++ b/src/services/backgroundJobService.ts
@@ -7,6 +7,7 @@ import { getSimpleWeekAndYear } from '../utils/dateUtils';
 // Import types for repositories from their source files
 import type { PersonalizationRepository } from './db/personalization.db';
 import type { NotificationRepository } from './db/notification.db';
+import { analyticsQueue, weeklyAnalyticsQueue } from './queueService.server';

 interface EmailJobData {
  to: string;
@@ -23,6 +24,24 @@ export class BackgroundJobService {
    private logger: Logger,
  ) {}

+  public async triggerAnalyticsReport(): Promise<string> {
+    const reportDate = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
+    const jobId = `manual-report-${reportDate}-${Date.now()}`;
+    const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
+    return job.id!;
+  }
+
+  public async triggerWeeklyAnalyticsReport(): Promise<string> {
+    const { year: reportYear, week: reportWeek } = getSimpleWeekAndYear();
+    const jobId = `manual-weekly-report-${reportYear}-${reportWeek}-${Date.now()}`;
+    const job = await weeklyAnalyticsQueue.add(
+      'generate-weekly-report',
+      { reportYear, reportWeek },
+      { jobId },
+    );
+    return job.id!;
+  }
+
  /**
   * Prepares the data for an email notification job based on a user's deals.
   * @param user The user to whom the email will be sent.
--- a/src/services/brandService.ts
+++ b/src/services/brandService.ts
@@ -0,0 +1,13 @@
+// src/services/brandService.ts
+import * as db from './db/index.db';
+import type { Logger } from 'pino';
+
+class BrandService {
+  async updateBrandLogo(brandId: number, file: Express.Multer.File, logger: Logger): Promise<string> {
+    const logoUrl = `/flyer-images/${file.filename}`;
+    await db.adminRepo.updateBrandLogo(brandId, logoUrl, logger);
+    return logoUrl;
+  }
+}
+
+export const brandService = new BrandService();
--- a/src/services/db/flyer.db.test.ts
+++ b/src/services/db/flyer.db.test.ts
@@ -37,15 +37,9 @@ import { withTransaction } from './connection.db';

 describe('Flyer DB Service', () => {
  let flyerRepo: FlyerRepository;
-  const mockDb = {
-    query: vi.fn(),
-  };

  beforeEach(() => {
    vi.clearAllMocks();
-    mockDb.query.mockReset()
-
-    flyerRepo = new FlyerRepository(mockDb);
    //In a transaction, `pool.connect()` returns a client. That client has a `release` method.
    // For these tests, we simulate this by having `connect` resolve to the pool instance itself,
    // and we ensure the `release` method is mocked on that instance.
@@ -57,10 +51,10 @@ describe('Flyer DB Service', () => {

  describe('findOrCreateStore', () => {
    it('should find an existing store and return its ID', async () => {
-      mockDb.query.mockResolvedValue({ rows: [{ store_id: 1 }] });
+      mockPoolInstance.query.mockResolvedValue({ rows: [{ store_id: 1 }] });
      const result = await flyerRepo.findOrCreateStore('Existing Store', mockLogger);
      expect(result).toBe(1);
-      expect(mockDb.query).toHaveBeenCalledWith(
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
        expect.stringContaining('SELECT store_id FROM public.stores WHERE name = $1'),
        ['Existing Store'],
      );
@@ -72,7 +66,7 @@ describe('Flyer DB Service', () => {
        .mockResolvedValueOnce({ rows: [{ store_id: 2 }] })
      const result = await flyerRepo.findOrCreateStore('New Store', mockLogger);
      expect(result).toBe(2);
-      expect(mockDb.query).toHaveBeenCalledWith(
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
        expect.stringContaining('INSERT INTO public.stores (name) VALUES ($1) RETURNING store_id'),
        ['New Store'],
      );
--- a/src/services/db/gamification.db.test.ts
+++ b/src/services/db/gamification.db.test.ts
@@ -87,7 +87,7 @@ describe('Gamification DB Service', () => {

      const result = await gamificationRepo.getUserAchievements('user-123', mockLogger);
      
-      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+      expect(mockDb.query).toHaveBeenCalledWith(
        expect.stringContaining('FROM public.user_achievements ua'),
        ['user-123'],
      );
@@ -157,8 +157,8 @@ describe('Gamification DB Service', () => {
      mockDb.query.mockResolvedValue({ rows: mockLeaderboard });

      const result = await gamificationRepo.getLeaderboard(10, mockLogger);
-      expect(mockPoolInstance.query).toHaveBeenCalledTimes(1);
-      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+      expect(mockDb.query).toHaveBeenCalledTimes(1);
+      expect(mockDb.query).toHaveBeenCalledWith(
        expect.stringContaining('RANK() OVER (ORDER BY points DESC)'),
        [10],
      );
--- a/src/services/flyerAiProcessor.server.test.ts
+++ b/src/services/flyerAiProcessor.server.test.ts
@@ -5,7 +5,7 @@ import { AiDataValidationError } from './processingErrors';
 import { logger } from './logger.server';
 import type { AIService } from './aiService.server';
 import type { PersonalizationRepository } from './db/personalization.db';
-import type { FlyerJobData } from './queues.server';
+import type { FlyerJobData } from '../types/job-data';

 vi.mock('./logger.server', () => ({
  logger: {
--- a/src/services/flyerFileHandler.server.test.ts
+++ b/src/services/flyerFileHandler.server.test.ts
@@ -6,7 +6,7 @@ import sharp from 'sharp';
 import { FlyerFileHandler, ICommandExecutor, IFileSystem } from './flyerFileHandler.server';
 import { PdfConversionError, UnsupportedFileTypeError } from './processingErrors';
 import { logger } from './logger.server';
-import type { FlyerJobData } from './queues.server';
+import type { FlyerJobData } from '../types/job-data';

 // Mock dependencies
 vi.mock('sharp', () => {
--- a/src/services/flyerProcessingService.server.test.ts
+++ b/src/services/flyerProcessingService.server.test.ts
@@ -249,6 +249,12 @@ describe('FlyerProcessingService', () => {
      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'UNKNOWN_ERROR',
        message: 'AI model exploded',
+        stages: [
+          { name: 'Preparing Inputs', status: 'completed', critical: true, detail: '1 page(s) ready for AI.' },
+          { name: 'Extracting Data with AI', status: 'failed', critical: true, detail: 'AI model exploded' },
+          { name: 'Transforming AI Data', status: 'skipped', critical: true },
+          { name: 'Saving to Database', status: 'skipped', critical: true },
+        ],
      }); // This was a duplicate, fixed.
      expect(mockCleanupQueue.add).not.toHaveBeenCalled();
      expect(logger.warn).toHaveBeenCalledWith(
@@ -268,6 +274,12 @@ describe('FlyerProcessingService', () => {
      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'QUOTA_EXCEEDED',
        message: 'An AI quota has been exceeded. Please try again later.',
+        stages: [
+          { name: 'Preparing Inputs', status: 'completed', critical: true, detail: '1 page(s) ready for AI.' },
+          { name: 'Extracting Data with AI', status: 'failed', critical: true, detail: 'An AI quota has been exceeded. Please try again later.' },
+          { name: 'Transforming AI Data', status: 'skipped', critical: true },
+          { name: 'Saving to Database', status: 'skipped', critical: true },
+        ],
      });
      expect(mockCleanupQueue.add).not.toHaveBeenCalled();
      expect(logger.warn).toHaveBeenCalledWith(
@@ -290,8 +302,8 @@ describe('FlyerProcessingService', () => {
          'The uploaded PDF could not be processed. It might be blank, corrupt, or password-protected.', // This was a duplicate, fixed.
        stderr: 'pdftocairo error',
        stages: [
-          { name: 'Preparing Inputs', status: 'failed', critical: true, detail: 'Validating and preparing file...' },
-          { name: 'Extracting Data with AI', status: 'skipped', critical: true },
+          { name: 'Preparing Inputs', status: 'failed', critical: true, detail: 'The uploaded PDF could not be processed. It might be blank, corrupt, or password-protected.' },
+          { name: 'Extracting Data with AI', status: 'skipped', critical: true, detail: 'Communicating with AI model...' },
          { name: 'Transforming AI Data', status: 'skipped', critical: true },
          { name: 'Saving to Database', status: 'skipped', critical: true },
        ],
@@ -312,7 +324,14 @@ describe('FlyerProcessingService', () => {

      // Verify the specific error handling logic in the catch block
      expect(logger.error).toHaveBeenCalledWith(
-        { err: validationError, validationErrors: {}, rawData: {} },
+        {
+          err: validationError,
+          errorCode: 'AI_VALIDATION_FAILED',
+          message: "The AI couldn't read the flyer's format. Please try a clearer image or a different flyer.",
+          validationErrors: {},
+          rawData: {},
+          stages: expect.any(Array), // Stages will be dynamically generated
+        },
        'AI Data Validation failed.',
      );
      // Use `toHaveBeenLastCalledWith` to check only the final error payload.
@@ -325,7 +344,7 @@ describe('FlyerProcessingService', () => {
        rawData: {},
        stages: [
          { name: 'Preparing Inputs', status: 'completed', critical: true, detail: '1 page(s) ready for AI.' },
-          { name: 'Extracting Data with AI', status: 'failed', critical: true, detail: 'Communicating with AI model...' },
+          { name: 'Extracting Data with AI', status: 'failed', critical: true, detail: "The AI couldn't read the flyer's format. Please try a clearer image or a different flyer." },
          { name: 'Transforming AI Data', status: 'skipped', critical: true },
          { name: 'Saving to Database', status: 'skipped', critical: true },
        ],
@@ -368,6 +387,12 @@ describe('FlyerProcessingService', () => {
      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'UNKNOWN_ERROR',
        message: 'Database transaction failed',
+        stages: [
+          { name: 'Preparing Inputs', status: 'completed', critical: true, detail: '1 page(s) ready for AI.' },
+          { name: 'Extracting Data with AI', status: 'completed', critical: true },
+          { name: 'Transforming AI Data', status: 'completed', critical: true },
+          { name: 'Saving to Database', status: 'failed', critical: true, detail: 'Database transaction failed' },
+        ],
      }); // This was a duplicate, fixed.
      expect(mockCleanupQueue.add).not.toHaveBeenCalled();
      expect(logger.warn).toHaveBeenCalledWith(
@@ -388,6 +413,12 @@ describe('FlyerProcessingService', () => {
      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'UNSUPPORTED_FILE_TYPE',
        message: 'Unsupported file type: .txt. Supported types are PDF, JPG, PNG, WEBP, HEIC, HEIF, GIF, TIFF, SVG, BMP.',
+        stages: [
+          { name: 'Preparing Inputs', status: 'failed', critical: true, detail: 'Unsupported file type: .txt. Supported types are PDF, JPG, PNG, WEBP, HEIC, HEIF, GIF, TIFF, SVG, BMP.' },
+          { name: 'Extracting Data with AI', status: 'skipped', critical: true, detail: 'Communicating with AI model...' },
+          { name: 'Transforming AI Data', status: 'skipped', critical: true },
+          { name: 'Saving to Database', status: 'skipped', critical: true },
+        ],
      });
      expect(mockCleanupQueue.add).not.toHaveBeenCalled();
      expect(logger.warn).toHaveBeenCalledWith(
@@ -409,6 +440,12 @@ describe('FlyerProcessingService', () => {
      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'UNKNOWN_ERROR',
        message: 'Icon generation failed.',
+        stages: [
+          { name: 'Preparing Inputs', status: 'completed', critical: true, detail: '1 page(s) ready for AI.' },
+          { name: 'Extracting Data with AI', status: 'completed', critical: true },
+          { name: 'Transforming AI Data', status: 'failed', critical: true, detail: 'Icon generation failed.' },
+          { name: 'Saving to Database', status: 'skipped', critical: true },
+        ],
      }); // This was a duplicate, fixed.
      expect(mockCleanupQueue.add).not.toHaveBeenCalled();
      expect(logger.warn).toHaveBeenCalledWith(
@@ -424,13 +461,14 @@ describe('FlyerProcessingService', () => {
      const quotaError = new Error('RESOURCE_EXHAUSTED');
      const privateMethod = (service as any)._reportErrorAndThrow;

-      await expect(privateMethod(quotaError, job, logger)).rejects.toThrow(
+      await expect(privateMethod(quotaError, job, logger, [])).rejects.toThrow(
        UnrecoverableError,
      );

      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'QUOTA_EXCEEDED',
        message: 'An AI quota has been exceeded. Please try again later.',
+        stages: [],
      });
    });

@@ -444,7 +482,7 @@ describe('FlyerProcessingService', () => {
      );
      const privateMethod = (service as any)._reportErrorAndThrow;

-      await expect(privateMethod(validationError, job, logger)).rejects.toThrow(
+      await expect(privateMethod(validationError, job, logger, [])).rejects.toThrow(
        validationError,
      );

@@ -455,6 +493,7 @@ describe('FlyerProcessingService', () => {
          "The AI couldn't read the flyer's format. Please try a clearer image or a different flyer.",
        validationErrors: { foo: 'bar' },
        rawData: { raw: 'data' },
+        stages: [],
      });
    });

@@ -464,11 +503,12 @@ describe('FlyerProcessingService', () => {
      const genericError = new Error('A standard failure');
      const privateMethod = (service as any)._reportErrorAndThrow;

-      await expect(privateMethod(genericError, job, logger)).rejects.toThrow(genericError);
+      await expect(privateMethod(genericError, job, logger, [])).rejects.toThrow(genericError);

      expect(job.updateProgress).toHaveBeenCalledWith({
        errorCode: 'UNKNOWN_ERROR',
        message: 'A standard failure', // This was a duplicate, fixed.
+        stages: [],
      });
    });

@@ -478,7 +518,7 @@ describe('FlyerProcessingService', () => {
      const nonError = 'just a string error';
      const privateMethod = (service as any)._reportErrorAndThrow;

-      await expect(privateMethod(nonError, job, logger)).rejects.toThrow('just a string error');
+      await expect(privateMethod(nonError, job, logger, [])).rejects.toThrow('just a string error');
    });
  });

--- a/src/services/flyerProcessingService.server.ts
+++ b/src/services/flyerProcessingService.server.ts
@@ -8,10 +8,23 @@ import type * as Db from './db/index.db';
 import type { AdminRepository } from './db/admin.db';
 import { FlyerDataTransformer } from './flyerDataTransformer';
 import type { FlyerJobData, CleanupJobData } from '../types/job-data';
-import { FlyerProcessingError } from './processingErrors';
+import {
+  FlyerProcessingError,
+  PdfConversionError,
+  AiDataValidationError,
+  UnsupportedFileTypeError,
+} from './processingErrors';
 import { createFlyerAndItems } from './db/flyer.db';
 import { logger as globalLogger } from './logger.server';

+// Define ProcessingStage locally as it's not exported from the types file.
+export type ProcessingStage = {
+  name: string;
+  status: 'pending' | 'in-progress' | 'completed' | 'failed' | 'skipped';
+  critical: boolean;
+  detail?: string;
+};
+
 /**
 * This service orchestrates the entire flyer processing workflow. It's responsible for
 * coordinating various sub-services (file handling, AI processing, data transformation,
@@ -42,27 +55,43 @@ export class FlyerProcessingService {
    const logger = globalLogger.child({ jobId: job.id, jobName: job.name, ...job.data });
    logger.info('Picked up flyer processing job.');

+    const stages: ProcessingStage[] = [
+      { name: 'Preparing Inputs', status: 'pending', critical: true, detail: 'Validating and preparing file...' },
+      { name: 'Extracting Data with AI', status: 'pending', critical: true, detail: 'Communicating with AI model...' },
+      { name: 'Transforming AI Data', status: 'pending', critical: true },
+      { name: 'Saving to Database', status: 'pending', critical: true },
+    ];
+
    // Keep track of all created file paths for eventual cleanup.
    const allFilePaths: string[] = [job.data.filePath];

    try {
      // Stage 1: Prepare Inputs (e.g., convert PDF to images)
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'in-progress', critical: true, detail: 'Validating and preparing file...' }] });
+      stages[0].status = 'in-progress';
+      await job.updateProgress({ stages });
+
      const { imagePaths, createdImagePaths } = await this.fileHandler.prepareImageInputs(
        job.data.filePath,
        job,
        logger,
      );
      allFilePaths.push(...createdImagePaths);
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }] });
+      stages[0].status = 'completed';
+      stages[0].detail = `${imagePaths.length} page(s) ready for AI.`;
+      await job.updateProgress({ stages });

      // Stage 2: Extract Data with AI
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'in-progress', critical: true, detail: 'Communicating with AI model...' }] });
+      stages[1].status = 'in-progress';
+      await job.updateProgress({ stages });
+
      const aiResult = await this.aiProcessor.extractAndValidateData(imagePaths, job.data, logger);
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'completed', critical: true }] });
+      stages[1].status = 'completed';
+      await job.updateProgress({ stages });

      // Stage 3: Transform AI Data into DB format
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'completed', critical: true }, { name: 'Transforming AI Data', status: 'in-progress', critical: true }] });
+      stages[2].status = 'in-progress';
+      await job.updateProgress({ stages });
+
      const { flyerData, itemsForDb } = await this.transformer.transform(
        aiResult,
        imagePaths,
@@ -71,12 +100,16 @@ export class FlyerProcessingService {
        job.data.userId,
        logger,
      );
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'completed', critical: true }, { name: 'Transforming AI Data', status: 'completed', critical: true }] });
+      stages[2].status = 'completed';
+      await job.updateProgress({ stages });

      // Stage 4: Save to Database
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'completed', critical: true }, { name: 'Transforming AI Data', status: 'completed', critical: true }, { name: 'Saving to Database', status: 'in-progress', critical: true }] });
+      stages[3].status = 'in-progress';
+      await job.updateProgress({ stages });
+
      const { flyer } = await createFlyerAndItems(flyerData, itemsForDb, logger);
-      await job.updateProgress({ stages: [{ name: 'Preparing Inputs', status: 'completed', critical: true, detail: `${imagePaths.length} page(s) ready for AI.` }, { name: 'Extracting Data with AI', status: 'completed', critical: true }, { name: 'Transforming AI Data', status: 'completed', critical: true }, { name: 'Saving to Database', status: 'completed', critical: true }] });
+      stages[3].status = 'completed';
+      await job.updateProgress({ stages });

      // Stage 5: Log Activity
      await this.db.adminRepo.logActivity(
@@ -101,7 +134,7 @@ export class FlyerProcessingService {
    } catch (error) {
      logger.warn('Job failed. Temporary files will NOT be cleaned up to allow for manual inspection.');
      // This private method handles error reporting and re-throwing.
-      await this._reportErrorAndThrow(error, job, logger);
+      await this._reportErrorAndThrow(error, job, logger, stages);
      // This line is technically unreachable because the above method always throws,
      // but it's required to satisfy TypeScript's control flow analysis.
      throw error;
@@ -158,22 +191,93 @@ export class FlyerProcessingService {
   * @param job The BullMQ job instance.
   * @param logger The logger instance.
   */
-  private async _reportErrorAndThrow(error: unknown, job: Job, logger: Logger): Promise<never> {
+  private async _reportErrorAndThrow(
+    error: unknown,
+    job: Job,
+    logger: Logger,
+    initialStages: ProcessingStage[],
+  ): Promise<never> {
    const normalizedError = error instanceof Error ? error : new Error(String(error));
    let errorPayload: { errorCode: string; message: string; [key: string]: any };
+    let stagesToReport: ProcessingStage[] = [...initialStages]; // Create a mutable copy

    if (normalizedError instanceof FlyerProcessingError) {
      errorPayload = normalizedError.toErrorPayload();
-      logger.error({ err: normalizedError, ...errorPayload }, `A known processing error occurred: ${normalizedError.name}`);
    } else {
      const message = normalizedError.message || 'An unknown error occurred.';
      errorPayload = { errorCode: 'UNKNOWN_ERROR', message };
-      logger.error({ err: normalizedError }, `An unknown error occurred: ${message}`);
+    }
+
+    // Determine which stage failed
+    let errorStageIndex = -1;
+
+    // 1. Try to map specific error codes/messages to stages
+    if (errorPayload.errorCode === 'PDF_CONVERSION_FAILED' || errorPayload.errorCode === 'UNSUPPORTED_FILE_TYPE') {
+      errorStageIndex = stagesToReport.findIndex(s => s.name === 'Preparing Inputs');
+    } else if (errorPayload.errorCode === 'AI_VALIDATION_FAILED') {
+      errorStageIndex = stagesToReport.findIndex(s => s.name === 'Extracting Data with AI');
+    } else if (errorPayload.message.includes('Icon generation failed')) {
+      errorStageIndex = stagesToReport.findIndex(s => s.name === 'Transforming AI Data');
+    } else if (errorPayload.message.includes('Database transaction failed')) {
+      errorStageIndex = stagesToReport.findIndex(s => s.name === 'Saving to Database');
+    }
+
+    // 2. If not mapped, find the currently running stage
+    if (errorStageIndex === -1) {
+      errorStageIndex = stagesToReport.findIndex(s => s.status === 'in-progress');
+    }
+
+    // 3. Fallback to the last stage
+    if (errorStageIndex === -1 && stagesToReport.length > 0) {
+      errorStageIndex = stagesToReport.length - 1;
+    }
+
+    // Update stages
+    if (errorStageIndex !== -1) {
+      stagesToReport[errorStageIndex] = {
+        ...stagesToReport[errorStageIndex],
+        status: 'failed',
+        detail: errorPayload.message, // Use the user-friendly message as detail
+      };
+      // Mark subsequent critical stages as skipped
+      for (let i = errorStageIndex + 1; i < stagesToReport.length; i++) {
+        if (stagesToReport[i].critical) {
+          stagesToReport[i] = { ...stagesToReport[i], status: 'skipped' };
+        }
+      }
+    }
+
+    errorPayload.stages = stagesToReport;
+
+    // Logging logic
+    if (normalizedError instanceof FlyerProcessingError) {
+      const logDetails: Record<string, any> = { err: normalizedError };
+      if (normalizedError instanceof AiDataValidationError) {
+        logDetails.validationErrors = normalizedError.validationErrors;
+        logDetails.rawData = normalizedError.rawData;
+      }
+      // Also include stderr for PdfConversionError in logs
+      if (normalizedError instanceof PdfConversionError) {
+        logDetails.stderr = normalizedError.stderr;
+      }
+      // Include the errorPayload details in the log, but avoid duplicating err, validationErrors, rawData
+      Object.assign(logDetails, errorPayload);
+      // Remove the duplicated err property if it was assigned by Object.assign
+      if ('err' in logDetails && logDetails.err === normalizedError) {
+        // This check prevents accidental deletion if 'err' was a legitimate property of errorPayload
+        delete logDetails.err;
+      }
+      // Ensure the original error object is always passed as 'err' for consistency in logging
+      logDetails.err = normalizedError;
+
+      logger.error(logDetails, `A known processing error occurred: ${normalizedError.name}`);
+    } else {
+      logger.error({ err: normalizedError, ...errorPayload }, `An unknown error occurred: ${errorPayload.message}`);
    }

    // Check for specific error messages that indicate a non-retriable failure, like quota exhaustion.
    if (errorPayload.message.toLowerCase().includes('quota') || errorPayload.message.toLowerCase().includes('resource_exhausted')) {
-      const unrecoverablePayload = { errorCode: 'QUOTA_EXCEEDED', message: 'An AI quota has been exceeded. Please try again later.' };
+      const unrecoverablePayload = { errorCode: 'QUOTA_EXCEEDED', message: 'An AI quota has been exceeded. Please try again later.', stages: errorPayload.stages };
      await job.updateProgress(unrecoverablePayload);
      throw new UnrecoverableError(unrecoverablePayload.message);
    }
--- a/src/services/gamificationService.ts
+++ b/src/services/gamificationService.ts
@@ -0,0 +1,79 @@
+// src/services/gamificationService.ts
+
+import { gamificationRepo } from './db/index.db';
+import { ForeignKeyConstraintError } from './db/errors.db';
+import type { Logger } from 'pino';
+
+class GamificationService {
+  /**
+   * Awards a specific achievement to a user.
+   * @param userId The ID of the user to award the achievement.
+   * @param achievementName The name of the achievement to award.
+   * @param log The logger instance.
+   */
+  async awardAchievement(userId: string, achievementName: string, log: Logger): Promise<void> {
+    try {
+      await gamificationRepo.awardAchievement(userId, achievementName, log);
+    } catch (error) {
+      if (error instanceof ForeignKeyConstraintError) {
+        throw error;
+      }
+      log.error(
+        { error, userId, achievementName },
+        'Error awarding achievement via admin endpoint:',
+      );
+      throw error;
+    }
+  }
+
+  /**
+   * Retrieves the master list of all available achievements.
+   * @param log The logger instance.
+   */
+  async getAllAchievements(log: Logger) {
+    try {
+      return await gamificationRepo.getAllAchievements(log);
+    } catch (error) {
+      log.error({ error }, 'Error in getAllAchievements service method');
+      throw error;
+    }
+  }
+
+  /**
+   * Retrieves the public leaderboard of top users by points.
+   * @param limit The number of users to fetch.
+   * @param log The logger instance.
+   */
+  async getLeaderboard(limit: number, log: Logger) {
+    // The test failures point to an issue in the underlying repository method,
+    // where the database query is not being executed. This service method is a simple
+    // pass-through, so the root cause is likely in `gamification.db.ts`.
+    // Adding robust error handling here is a good practice regardless.
+    try {
+      return await gamificationRepo.getLeaderboard(limit, log);
+    } catch (error) {
+      log.error({ error, limit }, 'Error fetching leaderboard in service method.');
+      throw error;
+    }
+  }
+
+  /**
+   * Retrieves all achievements earned by a specific user.
+   * @param userId The ID of the user.
+   * @param log The logger instance.
+   */
+  async getUserAchievements(userId: string, log: Logger) {
+    // The test failures point to an issue in the underlying repository method,
+    // where the database query is not being executed. This service method is a simple
+    // pass-through, so the root cause is likely in `gamification.db.ts`.
+    // Adding robust error handling here is a good practice regardless.
+    try {
+      return await gamificationRepo.getUserAchievements(userId, log);
+    } catch (error) {
+      log.error({ error, userId }, 'Error fetching user achievements in service method.');
+      throw error;
+    }
+  }
+}
+
+export const gamificationService = new GamificationService();
--- a/src/services/monitoringService.server.ts
+++ b/src/services/monitoringService.server.ts
@@ -0,0 +1,111 @@
+// src/services/monitoringService.server.ts
+import {
+  flyerQueue,
+  emailQueue,
+  analyticsQueue,
+  cleanupQueue,
+  weeklyAnalyticsQueue,
+} from './queueService.server';
+import {
+  analyticsWorker,
+  cleanupWorker,
+  emailWorker,
+  flyerWorker,
+  weeklyAnalyticsWorker,
+} from './workers.server';
+import type { Job, Queue } from 'bullmq';
+import { NotFoundError, ValidationError } from './db/errors.db';
+import { logger } from './logger.server';
+
+class MonitoringService {
+  /**
+   * Retrieves the current running status of all registered BullMQ workers.
+   * @returns A promise that resolves to an array of worker statuses.
+   */
+  async getWorkerStatuses() {
+    const workers = [flyerWorker, emailWorker, analyticsWorker, cleanupWorker, weeklyAnalyticsWorker];
+    return Promise.all(
+      workers.map(async (worker) => ({
+        name: worker.name,
+        isRunning: worker.isRunning(),
+      })),
+    );
+  }
+
+  /**
+   * Retrieves job counts for all registered BullMQ queues.
+   * @returns A promise that resolves to an array of queue statuses.
+   */
+  async getQueueStatuses() {
+    const queues = [flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue];
+    return Promise.all(
+      queues.map(async (queue) => ({
+        name: queue.name,
+        counts: await queue.getJobCounts(
+          'waiting',
+          'active',
+          'completed',
+          'failed',
+          'delayed',
+          'paused',
+        ),
+      })),
+    );
+  }
+
+  /**
+   * Retries a specific failed job in a given queue.
+   * @param queueName The name of the queue.
+   * @param jobId The ID of the job to retry.
+   * @param userId The ID of the user initiating the retry.
+   */
+  async retryFailedJob(queueName: string, jobId: string, userId: string) {
+    const queueMap: { [key: string]: Queue } = {
+      'flyer-processing': flyerQueue,
+      'email-sending': emailQueue,
+      'analytics-reporting': analyticsQueue,
+      'file-cleanup': cleanupQueue,
+      'weekly-analytics-reporting': weeklyAnalyticsQueue, // This was a duplicate, fixed.
+    };
+
+    const queue = queueMap[queueName];
+    if (!queue) {
+      throw new NotFoundError(`Queue '${queueName}' not found.`);
+    }
+
+    const job = await queue.getJob(jobId);
+    if (!job) {
+      throw new NotFoundError(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
+    }
+
+    const jobState = await job.getState();
+    if (jobState !== 'failed') {
+      throw new ValidationError(
+        [],
+        `Job is not in a 'failed' state. Current state: ${jobState}.`,
+      );
+    }
+
+    await job.retry();
+    logger.info(`[Admin] User ${userId} manually retried job ${jobId} in queue ${queueName}.`);
+  }
+
+  /**
+   * Retrieves the status of a single job from the flyer processing queue.
+   * @param jobId The ID of the job to retrieve.
+   * @returns A promise that resolves to a simplified job status object.
+   */
+  async getFlyerJobStatus(jobId: string): Promise<{ id: string; state: string; progress: number | object | string | boolean; returnValue: any; failedReason: string | null; }> {
+    const job = await flyerQueue.getJob(jobId);
+    if (!job) {
+      throw new NotFoundError('Job not found.');
+    }
+    const state = await job.getState();
+    const progress = job.progress;
+    const returnValue = job.returnvalue;
+    const failedReason = job.failedReason;
+    return { id: job.id!, state, progress, returnValue, failedReason };
+  }
+}
+
+export const monitoringService = new MonitoringService();
--- a/src/services/systemService.ts
+++ b/src/services/systemService.ts
@@ -0,0 +1,43 @@
+// src/services/systemService.ts
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { logger } from './logger.server';
+
+const execAsync = promisify(exec);
+
+class SystemService {
+  async getPm2Status(): Promise<{ success: boolean; message: string }> {
+    try {
+      const { stdout, stderr } = await execAsync('pm2 describe flyer-crawler-api');
+
+      // If the command runs but produces output on stderr, treat it as an error.
+      // This handles cases where pm2 might issue warnings but still exit 0.
+      if (stderr) {
+        throw new Error(`PM2 command produced an error: ${stderr}`);
+      }
+
+      const isOnline = /│\s*status\s*│\s*online\s*│/m.test(stdout);
+      const message = isOnline
+        ? 'Application is online and running under PM2.'
+        : 'Application process exists but is not online.';
+      return { success: isOnline, message };
+    } catch (error: any) {
+      // If the command fails (non-zero exit code), check if it's because the process doesn't exist.
+      // This is a normal "not found" case, not a system error.
+      // The error message can be in stdout or stderr depending on the pm2 version.
+      const output = error.stdout || error.stderr || '';
+      if (output.includes("doesn't exist")) {
+        logger.warn('[SystemService] PM2 process "flyer-crawler-api" not found.');
+        return {
+          success: false,
+          message: 'Application process is not running under PM2.',
+        };
+      }
+      // For any other error, log it and re-throw to be handled as a 500.
+      logger.error({ error: error.stderr || error.message }, '[SystemService] Error executing pm2 describe:');
+      throw error;
+    }
+  }
+}
+
+export const systemService = new SystemService();
--- a/src/services/userService.ts
+++ b/src/services/userService.ts
@@ -1,12 +1,14 @@
 // src/services/userService.ts
 import * as db from './db/index.db';
 import type { Job } from 'bullmq';
+import * as bcrypt from 'bcrypt';
 import type { Logger } from 'pino';
 import { AddressRepository } from './db/address.db';
 import { UserRepository } from './db/user.db';
-import type { Address, UserProfile } from '../types';
+import type { Address, Profile, UserProfile } from '../types';
+import { ValidationError, NotFoundError } from './db/errors.db';
 import { logger as globalLogger } from './logger.server';
-import type { TokenCleanupJobData } from './queues.server';
+import type { TokenCleanupJobData } from '../types/job-data';

 /**
 * Encapsulates user-related business logic that may involve multiple repository calls.
@@ -76,6 +78,90 @@ class UserService {
      throw wrappedError;
    }
  }
+
+  /**
+   * Updates a user's avatar, creating the URL and updating the profile.
+   * @param userId The ID of the user to update.
+   * @param file The uploaded avatar file.
+   * @param logger The logger instance.
+   * @returns The updated user profile.
+   */
+  async updateUserAvatar(userId: string, file: Express.Multer.File, logger: Logger): Promise<Profile> {
+    const avatarUrl = `/uploads/avatars/${file.filename}`;
+    return db.userRepo.updateUserProfile(
+      userId,
+      { avatar_url: avatarUrl },
+      logger,
+    );
+  }
+  /**
+   * Updates a user's password after hashing it.
+   * @param userId The ID of the user to update.
+   * @param newPassword The new plaintext password.
+   * @param logger The logger instance.
+   */
+  async updateUserPassword(userId: string, newPassword: string, logger: Logger): Promise<void> {
+    const saltRounds = 10;
+    const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
+    await db.userRepo.updateUserPassword(userId, hashedPassword, logger);
+  }
+
+  /**
+   * Deletes a user's account after verifying their password.
+   * @param userId The ID of the user to delete.
+   * @param password The user's current password for verification.
+   * @param logger The logger instance.
+   */
+  async deleteUserAccount(userId: string, password: string, logger: Logger): Promise<void> {
+    const userWithHash = await db.userRepo.findUserWithPasswordHashById(userId, logger);
+    if (!userWithHash || !userWithHash.password_hash) {
+      // This case should be rare for a logged-in user but is a good safeguard.
+      throw new NotFoundError('User not found or password not set.');
+    }
+
+    const isMatch = await bcrypt.compare(password, userWithHash.password_hash);
+    if (!isMatch) {
+      // Use ValidationError for a 400-level response in the route
+      throw new ValidationError([], 'Incorrect password.');
+    }
+
+    await db.userRepo.deleteUserById(userId, logger);
+  }
+
+  /**
+   * Fetches a user's address, ensuring the user is authorized to view it.
+   * @param userProfile The profile of the user making the request.
+   * @param addressId The ID of the address being requested.
+   * @param logger The logger instance.
+   * @returns The address object.
+   */
+  async getUserAddress(
+    userProfile: UserProfile,
+    addressId: number,
+    logger: Logger,
+  ): Promise<Address> {
+    // Security check: Ensure the requested addressId matches the one on the user's profile.
+    if (userProfile.address_id !== addressId) {
+      // Use ValidationError to trigger a 403 Forbidden response in the route handler.
+      throw new ValidationError([], 'Forbidden: You can only access your own address.');
+    }
+    // The repo method will throw a NotFoundError if the address doesn't exist.
+    return db.addressRepo.getAddressById(addressId, logger);
+  }
+
+  /**
+   * Encapsulates the business logic for an admin deleting another user's account.
+   * This includes preventing an admin from deleting their own account.
+   * @param deleterId The ID of the admin performing the deletion.
+   * @param userToDeleteId The ID of the user to be deleted.
+   * @param log The logger instance.
+   */
+  public async deleteUserAsAdmin(deleterId: string, userToDeleteId: string, log: Logger) {
+    if (deleterId === userToDeleteId) {
+      throw new ValidationError([], 'Admins cannot delete their own account.');
+    }
+    await db.userRepo.deleteUserById(userToDeleteId, log);
+  }
 }

 export const userService = new UserService();
--- a/src/services/worker.test.ts
+++ b/src/services/worker.test.ts
@@ -158,6 +158,10 @@ describe('Worker Entry Point', () => {
      expect(rejectionHandler).toBeDefined();
      const testReason = 'Promise rejected';
      const testPromise = Promise.reject(testReason);
+      // We must handle this rejection in the test to prevent Vitest/Node from flagging it as unhandled
+      testPromise.catch((err) => {
+        console.log('Handled expected test rejection to prevent test runner error:', err);
+      });

      // Act
      rejectionHandler(testReason, testPromise);
--- a/src/utils/fileUtils.ts
+++ b/src/utils/fileUtils.ts
@@ -0,0 +1,26 @@
+// src/utils/fileUtils.ts
+import fs from 'node:fs/promises';
+import { logger } from '../services/logger.server';
+
+/**
+ * Safely deletes a file from the filesystem, ignoring errors if the file doesn't exist.
+ * @param file The multer file object to delete.
+ */
+export const cleanupUploadedFile = async (file?: Express.Multer.File) => {
+  if (!file) return;
+  try {
+    await fs.unlink(file.path);
+  } catch (err) {
+    logger.warn({ err, filePath: file.path }, 'Failed to clean up uploaded file.');
+  }
+};
+
+/**
+ * Safely deletes multiple files from the filesystem.
+ * @param files An array of multer file objects to delete.
+ */
+export const cleanupUploadedFiles = async (files?: Express.Multer.File[]) => {
+  if (!files || !Array.isArray(files)) return;
+  // Use Promise.all to run cleanups in parallel for efficiency.
+  await Promise.all(files.map((file) => cleanupUploadedFile(file)));
+};
--- a/src/utils/zodUtils.test.ts
+++ b/src/utils/zodUtils.test.ts
@@ -7,6 +7,7 @@ import {
  optionalBoolean,
  optionalNumeric,
  optionalDate,
+  optionalString,
 } from './zodUtils';

 describe('Zod Utilities', () => {
@@ -46,11 +47,20 @@ describe('Zod Utilities', () => {
      }
    });

-    it('should pass for a string containing only whitespace', () => {
+    it('should fail for a string containing only whitespace', () => {
      const result = schema.safeParse('   ');
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.issues[0].message).toBe(customMessage);
+      }
+    });
+
+    it('should trim whitespace from a valid string', () => {
+      const result = schema.safeParse('  hello world  ');
      expect(result.success).toBe(true);
      if (result.success) {
-        expect(result.data).toBe('   ');
+        // The .trim() in the schema should remove leading/trailing whitespace.
+        expect(result.data).toBe('hello world');
      }
    });

@@ -59,7 +69,9 @@ describe('Zod Utilities', () => {
      expect(result.success).toBe(false);
      if (!result.success) {
        // z.string() will throw its own error message before min(1) is checked.
-        expect(result.error.issues[0].message).toBe('Invalid input: expected string, received number');
+        expect(result.error.issues[0].message).toBe(
+          'Invalid input: expected string, received number',
+        );
      }
    });

@@ -67,7 +79,9 @@ describe('Zod Utilities', () => {
      const result = schema.safeParse({ a: 1 });
      expect(result.success).toBe(false);
      if (!result.success) {
-        expect(result.error.issues[0].message).toBe('Invalid input: expected string, received object');
+        expect(result.error.issues[0].message).toBe(
+          'Invalid input: expected string, received object',
+        );
      }
    });
  });
@@ -223,9 +237,7 @@ describe('Zod Utilities', () => {
      expect(schema.safeParse('123').success).toBe(true);
      const floatResult = schema.safeParse('123.45');
      expect(floatResult.success).toBe(false);
-      if (!floatResult.success) {
-        expect(floatResult.error.issues[0].message).toBe('Invalid input: expected int, received number');
-      }
+      if (!floatResult.success) expect(floatResult.error.issues[0].message).toBe('Invalid input: expected int, received number');
    });

    it('should enforce positive constraint', () => {
@@ -384,4 +396,49 @@ describe('Zod Utilities', () => {
    });
  });

+  describe('optionalString', () => {
+    const schema = optionalString();
+
+    it('should pass for a valid string', () => {
+      const result = schema.safeParse('hello');
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe('hello');
+      }
+    });
+
+    it('should pass for an empty string', () => {
+      const result = schema.safeParse('');
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBe('');
+      }
+    });
+
+    it('should pass for undefined and return undefined', () => {
+      const result = schema.safeParse(undefined);
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBeUndefined();
+      }
+    });
+
+    it('should pass for null and return undefined', () => {
+      const result = schema.safeParse(null);
+      expect(result.success).toBe(true);
+      if (result.success) {
+        expect(result.data).toBeUndefined();
+      }
+    });
+
+    it('should fail for a non-string value like a number', () => {
+      const result = schema.safeParse(123);
+      expect(result.success).toBe(false);
+      if (!result.success) {
+        expect(result.error.issues[0].message).toBe(
+          'Invalid input: expected string, received number',
+        );
+      }
+    });
+  });
 });
--- a/src/utils/zodUtils.ts
+++ b/src/utils/zodUtils.ts
@@ -11,8 +11,8 @@ export const requiredString = (message: string) =>
    // If the value is null or undefined, preprocess it to an empty string.
    // This ensures that the subsequent `.min(1)` check will catch missing required fields.
    (val) => val ?? '',
-    // Now, validate that the (potentially preprocessed) value is a string with at least 1 character.
-    z.string().min(1, message),
+    // Now, validate that the (potentially preprocessed) value is a string that, after trimming, has at least 1 character.
+    z.string().trim().min(1, message),
  );

 /**
@@ -113,4 +113,12 @@ export const optionalBoolean = (
  }

  return schema;
-};
+};
+
+/**
+ * Creates a Zod schema for an optional string.
+ * Treats null as undefined so it can be properly handled as optional.
+ * @returns A Zod schema for an optional string.
+ */
+export const optionalString = () =>
+  z.preprocess((val) => (val === null ? undefined : val), z.string().optional());
Author	SHA1	Message	Date
Gitea Actions	7f665f5117	ci: Bump version to 0.2.27 [skip ci]	2025-12-30 05:09:16 +05:00
Torben Sorensen	2782a8fb3b	fix unit tests All checks were successful Deploy to Test Environment / deploy-to-test (push) Successful in 13m3s Details	2025-12-29 16:08:49 -08:00
Gitea Actions	c182ef6d30	ci: Bump version to 0.2.26 [skip ci]	2025-12-30 04:38:22 +05:00
Torben Sorensen	fdb3b76cbd	fix unit tests All checks were successful Deploy to Test Environment / deploy-to-test (push) Successful in 12m59s Details	2025-12-29 15:37:51 -08:00
Gitea Actions	01e7c843cb	ci: Bump version to 0.2.25 [skip ci]	2025-12-30 04:15:41 +05:00
Torben Sorensen	a0dbefbfa0	fix unit tests All checks were successful Deploy to Test Environment / deploy-to-test (push) Successful in 13m4s Details	2025-12-29 15:14:44 -08:00
Gitea Actions	ab3fc318a0	ci: Bump version to 0.2.24 [skip ci]	2025-12-30 02:44:22 +05:00
Torben Sorensen	e658b35e43	ffs All checks were successful Deploy to Test Environment / deploy-to-test (push) Successful in 13m3s Details	2025-12-29 13:43:41 -08:00
Gitea Actions	67e106162a	ci: Bump version to 0.2.23 [skip ci]	2025-12-30 02:35:43 +05:00
Torben Sorensen	b7f3182fd6	clean up routes All checks were successful Deploy to Test Environment / deploy-to-test (push) Successful in 4m24s Details	2025-12-29 13:34:26 -08:00
Gitea Actions	ac60072d88	ci: Bump version to 0.2.22 [skip ci]	2025-12-29 12:09:21 +05:00
Torben Sorensen	9390f38bf6	maybe a few too many fixes Some checks failed Deploy to Test Environment / deploy-to-test (push) Failing after 8m45s Details	2025-12-28 23:08:40 -08:00
Gitea Actions	236d5518c9	ci: Bump version to 0.2.21 [skip ci]	2025-12-29 11:45:13 +05:00
Torben Sorensen	fd52a79a72	fixin Some checks failed Deploy to Test Environment / deploy-to-test (push) Failing after 42s Details	2025-12-28 22:38:26 -08:00