ci: Bump version to 0.9.2 [skip ci]

remove refresh_token as it really should not be stored
ci: Bump version to 0.9.1 [skip ci]
2026-01-03 07:07:42 +05:00 · 2026-01-02 18:07:08 -08:00 · 2026-01-03 07:01:27 +05:00 · 2026-01-02 17:56:18 -08:00 · 2026-01-02 17:55:22 -08:00 · 2026-01-03 05:50:23 +05:00
201 changed files with 13401 additions and 5938 deletions
--- a/.gitea/workflows/deploy-to-prod.yml
+++ b/.gitea/workflows/deploy-to-prod.yml
@@ -158,7 +158,7 @@ jobs:
            else
              echo "Version mismatch (Running: $RUNNING_VERSION -> Deployed: $NEW_VERSION) or app not running. Reloading PM2..."
            fi
-            pm2 startOrReload ecosystem.config.cjs --env production && pm2 save
+            pm2 startOrReload ecosystem.config.cjs --env production --update-env && pm2 save
            echo "Production backend server reloaded successfully."
          else
            echo "Version $NEW_VERSION is already running. Skipping PM2 reload."
@@ -185,7 +185,17 @@ jobs:
      - name: Show PM2 Environment for Production
        run: |
          echo "--- Displaying recent PM2 logs for flyer-crawler-api ---"
-          sleep 5
-          pm2 describe flyer-crawler-api || echo "Could not find production pm2 process."
-          pm2 logs flyer-crawler-api --lines 20 --nostream || echo "Could not find production pm2 process."
-          pm2 env flyer-crawler-api || echo "Could not find production pm2 process."
+          sleep 5 # Wait a few seconds for the app to start and log its output.
+
+          # Resolve the PM2 ID dynamically to ensure we target the correct process
+          PM2_ID=$(pm2 jlist | node -e "try { const list = JSON.parse(require('fs').readFileSync(0, 'utf-8')); const app = list.find(p => p.name === 'flyer-crawler-api'); console.log(app ? app.pm2_env.pm_id : ''); } catch(e) { console.log(''); }")
+
+          if [ -n "$PM2_ID" ]; then
+            echo "Found process ID: $PM2_ID"
+            pm2 describe "$PM2_ID" || echo "Failed to describe process $PM2_ID"
+            pm2 logs "$PM2_ID" --lines 20 --nostream || echo "Failed to get logs for $PM2_ID"
+            pm2 env "$PM2_ID" || echo "Failed to get env for $PM2_ID"
+          else
+            echo "Could not find process 'flyer-crawler-api' in pm2 list."
+            pm2 list # Fallback to listing everything to help debug
+          fi
--- a/.gitea/workflows/deploy-to-test.yml
+++ b/.gitea/workflows/deploy-to-test.yml
@@ -127,7 +127,7 @@ jobs:

          # --- Increase Node.js memory limit to prevent heap out of memory errors ---
          # This is crucial for memory-intensive tasks like running tests and coverage.
-          NODE_OPTIONS: '--max-old-space-size=8192'
+          NODE_OPTIONS: '--max-old-space-size=8192 --trace-warnings --unhandled-rejections=strict'

        run: |
          # Fail-fast check to ensure secrets are configured in Gitea for testing.
@@ -151,6 +151,9 @@ jobs:
            --coverage.exclude='src/db/**' \
            --coverage.exclude='src/lib/**' \
            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
            --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only --no-file-parallelism || true

          echo "--- Running Integration Tests ---"
@@ -162,6 +165,9 @@ jobs:
            --coverage.exclude='src/db/**' \
            --coverage.exclude='src/lib/**' \
            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
            --reporter=verbose --includeTaskLocation --testTimeout=10000 --silent=passed-only || true

          echo "--- Running E2E Tests ---"
@@ -175,6 +181,9 @@ jobs:
            --coverage.exclude='src/db/**' \
            --coverage.exclude='src/lib/**' \
            --coverage.exclude='src/types/**' \
+            --coverage.exclude='**/index.tsx' \
+            --coverage.exclude='**/vite-env.d.ts' \
+            --coverage.exclude='**/vitest.setup.ts' \
            --reporter=verbose --no-file-parallelism || true

          # Re-enable secret masking for subsequent steps.
@@ -246,7 +255,10 @@ jobs:
            --temp-dir "$NYC_SOURCE_DIR" \
            --exclude "**/*.test.ts" \
            --exclude "**/tests/**" \
-            --exclude "**/mocks/**"
+            --exclude "**/mocks/**" \
+            --exclude "**/index.tsx" \
+            --exclude "**/vite-env.d.ts" \
+            --exclude "**/vitest.setup.ts"

          # Re-enable secret masking for subsequent steps.
          echo "::secret-masking::"
@@ -259,16 +271,6 @@ jobs:
        if: always() # This step runs even if the previous test or coverage steps failed.
        run: echo "Skipping test artifact cleanup on runner; this is handled on the server."

-      - name: Deploy Coverage Report to Public URL
-        if: always()
-        run: |
-          TARGET_DIR="/var/www/flyer-crawler-test.projectium.com/coverage"
-          echo "Deploying HTML coverage report to $TARGET_DIR..."
-          mkdir -p "$TARGET_DIR"
-          rm -rf "$TARGET_DIR"/*
-          cp -r .coverage/* "$TARGET_DIR/"
-          echo "✅ Coverage report deployed to https://flyer-crawler-test.projectium.com/coverage"
-
      - name: Archive Code Coverage Report
        # This action saves the generated HTML coverage report as a downloadable artifact.
        uses: actions/upload-artifact@v3
@@ -358,6 +360,17 @@ jobs:
          rsync -avz dist/ "$APP_PATH"
          echo "Application deployment complete."

+      - name: Deploy Coverage Report to Public URL
+        if: always()
+        run: |
+          TARGET_DIR="/var/www/flyer-crawler-test.projectium.com/coverage"
+          echo "Deploying HTML coverage report to $TARGET_DIR..."
+          mkdir -p "$TARGET_DIR"
+          rm -rf "$TARGET_DIR"/*
+          # The merged nyc report is generated in the .coverage directory. We copy its contents.
+          cp -r .coverage/* "$TARGET_DIR/"
+          echo "✅ Coverage report deployed to https://flyer-crawler-test.projectium.com/coverage"
+
      - name: Install Backend Dependencies and Restart Test Server
        env:
          # --- Test Secrets Injection ---
@@ -376,7 +389,7 @@ jobs:

          # Application Secrets
          FRONTEND_URL: 'https://flyer-crawler-test.projectium.com'
-          JWT_SECRET: ${{ secrets.JWT_SECRET_TEST }}
+          JWT_SECRET: ${{ secrets.JWT_SECRET }}
          GEMINI_API_KEY: ${{ secrets.VITE_GOOGLE_GENAI_API_KEY_TEST }}
          GOOGLE_MAPS_API_KEY: ${{ secrets.GOOGLE_MAPS_API_KEY }}

@@ -390,8 +403,15 @@ jobs:

        run: |
          # Fail-fast check to ensure secrets are configured in Gitea.
-          if [ -z "$DB_HOST" ] || [ -z "$DB_USER" ] || [ -z "$DB_PASSWORD" ] || [ -z "$DB_NAME" ]; then
-            echo "ERROR: One or more test database secrets (DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE_TEST) are not set in Gitea repository settings."
+          MISSING_SECRETS=""
+          if [ -z "$DB_HOST" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_HOST"; fi
+          if [ -z "$DB_USER" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_USER"; fi
+          if [ -z "$DB_PASSWORD" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_PASSWORD"; fi
+          if [ -z "$DB_NAME" ]; then MISSING_SECRETS="${MISSING_SECRETS} DB_NAME"; fi
+          if [ -z "$JWT_SECRET" ]; then MISSING_SECRETS="${MISSING_SECRETS} JWT_SECRET"; fi
+
+          if [ ! -z "$MISSING_SECRETS" ]; then
+            echo "ERROR: The following required secrets are missing in Gitea:${MISSING_SECRETS}"
            exit 1
          fi

@@ -406,7 +426,7 @@ jobs:
          # Use `startOrReload` with the ecosystem file. This is the standard, idempotent way to deploy.
          # It will START the process if it's not running, or RELOAD it if it is.
          # We also add `&& pm2 save` to persist the process list across server reboots.
-          pm2 startOrReload ecosystem.config.cjs --env test && pm2 save
+          pm2 startOrReload ecosystem.config.cjs --env test --update-env && pm2 save
          echo "Test backend server reloaded successfully."

          # After a successful deployment, update the schema hash in the database.
@@ -441,7 +461,17 @@ jobs:
        run: |
          echo "--- Displaying recent PM2 logs for flyer-crawler-api-test ---"
          # After a reload, the server restarts. We'll show the last 20 lines of the log to see the startup messages.
-          sleep 5 # Wait a few seconds for the app to start and log its output.
-          pm2 describe flyer-crawler-api-test || echo "Could not find test pm2 process."
-          pm2 logs flyer-crawler-api-test --lines 20 --nostream || echo "Could not find test pm2 process."
-          pm2 env flyer-crawler-api-test || echo "Could not find test pm2 process."
+          sleep 5
+
+          # Resolve the PM2 ID dynamically to ensure we target the correct process
+          PM2_ID=$(pm2 jlist | node -e "try { const list = JSON.parse(require('fs').readFileSync(0, 'utf-8')); const app = list.find(p => p.name === 'flyer-crawler-api-test'); console.log(app ? app.pm2_env.pm_id : ''); } catch(e) { console.log(''); }")
+
+          if [ -n "$PM2_ID" ]; then
+            echo "Found process ID: $PM2_ID"
+            pm2 describe "$PM2_ID" || echo "Failed to describe process $PM2_ID"
+            pm2 logs "$PM2_ID" --lines 20 --nostream || echo "Failed to get logs for $PM2_ID"
+            pm2 env "$PM2_ID" || echo "Failed to get env for $PM2_ID"
+          else
+            echo "Could not find process 'flyer-crawler-api-test' in pm2 list."
+            pm2 list # Fallback to listing everything to help debug
+          fi
--- a/.gitea/workflows/manual-deploy-major.yml
+++ b/.gitea/workflows/manual-deploy-major.yml
@@ -157,7 +157,7 @@ jobs:
            else
              echo "Version mismatch (Running: $RUNNING_VERSION -> Deployed: $NEW_VERSION) or app not running. Reloading PM2..."
            fi
-            pm2 startOrReload ecosystem.config.cjs --env production && pm2 save
+            pm2 startOrReload ecosystem.config.cjs --env production --update-env && pm2 save
            echo "Production backend server reloaded successfully."
          else
            echo "Version $NEW_VERSION is already running. Skipping PM2 reload."
--- a/ecosystem.config.cjs
+++ b/ecosystem.config.cjs
@@ -3,23 +3,39 @@
 // It allows us to define all the settings for our application in one place.
 // The .cjs extension is required because the project's package.json has "type": "module".

+// --- Environment Variable Validation ---
+const requiredSecrets = ['DB_HOST', 'JWT_SECRET', 'GEMINI_API_KEY'];
+const missingSecrets = requiredSecrets.filter(key => !process.env[key]);
+
+if (missingSecrets.length > 0) {
+  console.warn('\n[ecosystem.config.cjs] ⚠️  WARNING: The following environment variables are MISSING in the shell:');
+  missingSecrets.forEach(key => console.warn(`   - ${key}`));
+  console.warn('[ecosystem.config.cjs] The application may crash if these are required for startup.\n');
+  process.exit(1); // Fail fast so PM2 doesn't attempt to start a broken app
+} else {
+  console.log('[ecosystem.config.cjs] ✅ Critical environment variables are present.');
+}
+
 module.exports = {
  apps: [
    {
      // --- API Server ---
-      // The name is now dynamically set based on the environment.
-      // This is a common pattern but requires you to call pm2 with the correct name.
-      // The deploy script handles this by using 'flyer-crawler-api' for prod and 'flyer-crawler-api-test' for test.
      name: 'flyer-crawler-api',
+      // Note: The process names below are referenced in .gitea/workflows/ for status checks.
      script: './node_modules/.bin/tsx',
-      args: 'server.ts', // tsx will execute this file
-      max_memory_restart: '500M', // Restart if memory usage exceeds 500MB
+      args: 'server.ts',
+      max_memory_restart: '500M',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
-        NODE_ENV: 'production', // Set the Node.js environment to production
+        NODE_ENV: 'production',
        name: 'flyer-crawler-api',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -39,10 +55,9 @@ module.exports = {
      },
      // Test Environment Settings
      env_test: {
-        NODE_ENV: 'test', // Set to 'test' to match the environment purpose and disable pino-pretty
+        NODE_ENV: 'test',
        name: 'flyer-crawler-api-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -66,7 +81,6 @@ module.exports = {
        name: 'flyer-crawler-api-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -89,14 +103,19 @@ module.exports = {
      // --- General Worker ---
      name: 'flyer-crawler-worker',
      script: './node_modules/.bin/tsx',
-      args: 'src/services/worker.ts', // tsx will execute this file
-      max_memory_restart: '1G', // Restart if memory usage exceeds 1GB
+      args: 'src/services/worker.ts',
+      max_memory_restart: '1G',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
        NODE_ENV: 'production',
        name: 'flyer-crawler-worker',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -119,7 +138,6 @@ module.exports = {
        NODE_ENV: 'test',
        name: 'flyer-crawler-worker-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -143,7 +161,6 @@ module.exports = {
        name: 'flyer-crawler-worker-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -166,14 +183,19 @@ module.exports = {
      // --- Analytics Worker ---
      name: 'flyer-crawler-analytics-worker',
      script: './node_modules/.bin/tsx',
-      args: 'src/services/worker.ts', // tsx will execute this file
-      max_memory_restart: '1G', // Restart if memory usage exceeds 1GB
+      args: 'src/services/worker.ts',
+      max_memory_restart: '1G',
+      
+      // Restart Logic
+      max_restarts: 40,
+      exp_backoff_restart_delay: 100,
+      min_uptime: '10s',
+
      // Production Environment Settings
      env_production: {
        NODE_ENV: 'production',
        name: 'flyer-crawler-analytics-worker',
        cwd: '/var/www/flyer-crawler.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -196,7 +218,6 @@ module.exports = {
        NODE_ENV: 'test',
        name: 'flyer-crawler-analytics-worker-test',
        cwd: '/var/www/flyer-crawler-test.projectium.com',
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
@@ -220,7 +241,6 @@ module.exports = {
        name: 'flyer-crawler-analytics-worker-dev',
        watch: true,
        ignore_watch: ['node_modules', 'logs', '*.log', 'flyer-images', '.git'],
-        // Inherit secrets from the deployment environment
        DB_HOST: process.env.DB_HOST,
        DB_USER: process.env.DB_USER,
        DB_PASSWORD: process.env.DB_PASSWORD,
--- a/notes-to-ai4.txt
+++ b/notes-to-ai4.txt
@@ -13,6 +13,15 @@ RULES:



+latest refacter
+
+Refactor `RecipeSuggester.test.tsx` to use `renderWithProviders`.
+Create a new test file for `StatCard.tsx` to verify its props and rendering.
+
+
+
+while assuming that master_schema_rollup.sql is the "ultimate source of truth", issues can happen and it may not have been properly 
+updated - look for differences between these files


 UPC SCANNING !
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "flyer-crawler",
-  "version": "0.2.9",
+  "version": "0.9.2",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "flyer-crawler",
-      "version": "0.2.9",
+      "version": "0.9.2",
      "dependencies": {
        "@bull-board/api": "^6.14.2",
        "@bull-board/express": "^6.14.2",
@@ -18,6 +18,7 @@
        "connect-timeout": "^1.9.1",
        "cookie-parser": "^1.4.7",
        "date-fns": "^4.1.0",
+        "exif-parser": "^0.1.12",
        "express": "^5.1.0",
        "express-list-endpoints": "^7.1.1",
        "express-rate-limit": "^8.2.1",
@@ -35,6 +36,7 @@
        "passport-local": "^1.0.0",
        "pdfjs-dist": "^5.4.394",
        "pg": "^8.16.3",
+        "piexifjs": "^1.0.6",
        "pino": "^10.1.0",
        "react": "^19.2.0",
        "react-dom": "^19.2.0",
@@ -66,6 +68,7 @@
        "@types/passport-jwt": "^4.0.1",
        "@types/passport-local": "^1.0.38",
        "@types/pg": "^8.15.6",
+        "@types/piexifjs": "^1.0.0",
        "@types/pino": "^7.0.4",
        "@types/react": "^19.2.7",
        "@types/react-dom": "^19.2.3",
@@ -5435,6 +5438,13 @@
        "pg-types": "^2.2.0"
      }
    },
+    "node_modules/@types/piexifjs": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@types/piexifjs/-/piexifjs-1.0.0.tgz",
+      "integrity": "sha512-PPiGeCkmkZQgYjvqtjD3kp4OkbCox2vEFVuK4DaLVOIazJLAXk+/ujbizkIPH5CN4AnN9Clo5ckzUlaj3+SzCA==",
+      "dev": true,
+      "license": "MIT"
+    },
    "node_modules/@types/pino": {
      "version": "7.0.4",
      "resolved": "https://registry.npmjs.org/@types/pino/-/pino-7.0.4.tgz",
@@ -8965,6 +8975,11 @@
        "bare-events": "^2.7.0"
      }
    },
+    "node_modules/exif-parser": {
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/exif-parser/-/exif-parser-0.1.12.tgz",
+      "integrity": "sha512-c2bQfLNbMzLPmzQuOr8fy0csy84WmwnER81W88DzTp9CYNPJ6yzOj2EZAh9pywYpqHnshVLHQJ8WzldAyfY+Iw=="
+    },
    "node_modules/expect-type": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
@@ -13363,6 +13378,12 @@
        "url": "https://github.com/sponsors/jonschlinkert"
      }
    },
+    "node_modules/piexifjs": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/piexifjs/-/piexifjs-1.0.6.tgz",
+      "integrity": "sha512-0wVyH0cKohzBQ5Gi2V1BuxYpxWfxF3cSqfFXfPIpl5tl9XLS5z4ogqhUCD20AbHi0h9aJkqXNJnkVev6gwh2ag==",
+      "license": "MIT"
+    },
    "node_modules/pino": {
      "version": "10.1.0",
      "resolved": "https://registry.npmjs.org/pino/-/pino-10.1.0.tgz",
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "flyer-crawler",
  "private": true,
-  "version": "0.2.9",
+  "version": "0.9.2",
  "type": "module",
  "scripts": {
    "dev": "concurrently \"npm:start:dev\" \"vite\"",
@@ -37,6 +37,7 @@
    "connect-timeout": "^1.9.1",
    "cookie-parser": "^1.4.7",
    "date-fns": "^4.1.0",
+    "exif-parser": "^0.1.12",
    "express": "^5.1.0",
    "express-list-endpoints": "^7.1.1",
    "express-rate-limit": "^8.2.1",
@@ -54,6 +55,7 @@
    "passport-local": "^1.0.0",
    "pdfjs-dist": "^5.4.394",
    "pg": "^8.16.3",
+    "piexifjs": "^1.0.6",
    "pino": "^10.1.0",
    "react": "^19.2.0",
    "react-dom": "^19.2.0",
@@ -85,6 +87,7 @@
    "@types/passport-jwt": "^4.0.1",
    "@types/passport-local": "^1.0.38",
    "@types/pg": "^8.15.6",
+    "@types/piexifjs": "^1.0.0",
    "@types/pino": "^7.0.4",
    "@types/react": "^19.2.7",
    "@types/react-dom": "^19.2.3",
--- a/sql/Initial_triggers_and_functions.sql
+++ b/sql/Initial_triggers_and_functions.sql
@@ -1,477 +1,8 @@
 -- sql/Initial_triggers_and_functions.sql
 -- This file contains all trigger functions and trigger definitions for the database.

-- 1. Set up the trigger to automatically create a profile when a new user signs up.
-- This function is called by a trigger on the `public.users` table.
-DROP FUNCTION IF EXISTS public.handle_new_user();
-
-- It creates a corresponding profile and a default shopping list for the new user.
-- It now accepts full_name and avatar_url from the user's metadata.
-CREATE OR REPLACE FUNCTION public.handle_new_user()
-RETURNS TRIGGER AS $$
-DECLARE
-  new_profile_id UUID;
-  user_meta_data JSONB;
-BEGIN
-  -- The user's metadata (full_name, avatar_url) is passed via a temporary session variable.
-  user_meta_data := current_setting('my_app.user_metadata', true)::JSONB;
-
-  INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
-  VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
-  RETURNING user_id INTO new_profile_id;
-
-  -- Also create a default shopping list for the new user.
-  INSERT INTO public.shopping_lists (user_id, name)
-  VALUES (new.user_id, 'Main Shopping List');
-
-  -- Log the new user event
-  INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
-  VALUES (new.user_id, 'user_registered', 
-          COALESCE(user_meta_data->>'full_name', new.email) || ' has registered.',
-          'user-plus', 
-          jsonb_build_object('email', new.email)
-  );
-  
-  RETURN new;
-END;
-$$ LANGUAGE plpgsql;
-
-- This trigger calls the function after a new user is created.
-DROP TRIGGER IF EXISTS on_auth_user_created ON public.users;
-CREATE TRIGGER on_auth_user_created
-  AFTER INSERT ON public.users
-  FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
-
-- 2. Create a reusable function to automatically update 'updated_at' columns.
-DROP FUNCTION IF EXISTS public.handle_updated_at();
-
-CREATE OR REPLACE FUNCTION public.handle_updated_at()
-RETURNS TRIGGER AS $$
-BEGIN
-  NEW.updated_at = now();
-  RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Dynamically apply the 'handle_updated_at' trigger to all tables in the public schema
-- that have an 'updated_at' column. This is more maintainable than creating a separate
-- trigger for each table.
-DO $$
-DECLARE
-    t_name TEXT;
-BEGIN
-    FOR t_name IN
-        SELECT table_name
-        FROM information_schema.columns
-        WHERE table_schema = 'public' AND column_name = 'updated_at'
-    LOOP
-        EXECUTE format('DROP TRIGGER IF EXISTS on_%s_updated ON public.%I;
-                        CREATE TRIGGER on_%s_updated
-                        BEFORE UPDATE ON public.%I
-                        FOR EACH ROW EXECUTE FUNCTION public.handle_updated_at();',
-                        t_name, t_name, t_name, t_name);
-    END LOOP;
-END;
-$$;
-
-- 3. Create a trigger function to populate the item_price_history table on insert.
-DROP FUNCTION IF EXISTS public.update_price_history_on_flyer_item_insert();
-
-CREATE OR REPLACE FUNCTION public.update_price_history_on_flyer_item_insert()
-RETURNS TRIGGER AS $$
-DECLARE
-    flyer_valid_from DATE;
-    flyer_valid_to DATE;
-    current_summary_date DATE;
-    flyer_location_id BIGINT;
-BEGIN
-    -- If the item could not be matched, add it to the unmatched queue for review.
-    IF NEW.master_item_id IS NULL THEN
-        INSERT INTO public.unmatched_flyer_items (flyer_item_id)
-        VALUES (NEW.flyer_item_id)
-        ON CONFLICT (flyer_item_id) DO NOTHING;
-    END IF;
-
-    -- Only run if the new flyer item is linked to a master item and has a price.
-    IF NEW.master_item_id IS NULL OR NEW.price_in_cents IS NULL THEN
-        RETURN NEW;
-    END IF;
-
-    -- Get the validity dates of the flyer and the store_id.
-    SELECT valid_from, valid_to INTO flyer_valid_from, flyer_valid_to
-    FROM public.flyers
-    WHERE flyer_id = NEW.flyer_id;
-
-    -- This single, set-based query is much more performant than looping.
-    -- It generates all date/location pairs and inserts/updates them in one operation.
-    INSERT INTO public.item_price_history (master_item_id, summary_date, store_location_id, min_price_in_cents, max_price_in_cents, avg_price_in_cents, data_points_count)
-    SELECT
-        NEW.master_item_id,
-        d.day,
-        fl.store_location_id,
-        NEW.price_in_cents,
-        NEW.price_in_cents,
-        NEW.price_in_cents,
-        1
-    FROM public.flyer_locations fl
-    CROSS JOIN generate_series(flyer_valid_from, flyer_valid_to, '1 day'::interval) AS d(day)
-    WHERE fl.flyer_id = NEW.flyer_id
-    ON CONFLICT (master_item_id, summary_date, store_location_id)
-    DO UPDATE SET
-        min_price_in_cents = LEAST(item_price_history.min_price_in_cents, EXCLUDED.min_price_in_cents),
-        max_price_in_cents = GREATEST(item_price_history.max_price_in_cents, EXCLUDED.max_price_in_cents),
-        avg_price_in_cents = ROUND(((item_price_history.avg_price_in_cents * item_price_history.data_points_count) + EXCLUDED.avg_price_in_cents) / (item_price_history.data_points_count + 1.0)),
-        data_points_count = item_price_history.data_points_count + 1;
-
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Create the trigger on the flyer_items table for insert.
-DROP TRIGGER IF EXISTS trigger_update_price_history ON public.flyer_items;
-CREATE TRIGGER trigger_update_price_history
-  AFTER INSERT ON public.flyer_items
-  FOR EACH ROW EXECUTE FUNCTION public.update_price_history_on_flyer_item_insert();
-
-- 4. Create a trigger function to recalculate price history when a flyer item is deleted.
-DROP FUNCTION IF EXISTS public.recalculate_price_history_on_flyer_item_delete();
-
-CREATE OR REPLACE FUNCTION public.recalculate_price_history_on_flyer_item_delete()
-RETURNS TRIGGER AS $$
-DECLARE
-    affected_dates RECORD;
-BEGIN
-    -- Only run if the deleted item was linked to a master item and had a price.
-    IF OLD.master_item_id IS NULL OR OLD.price_in_cents IS NULL THEN
-        RETURN OLD;
-    END IF;
-
-    -- This single, set-based query is much more performant than looping.
-    -- It recalculates aggregates for all affected dates and locations at once.
-    WITH affected_days_and_locations AS (
-        -- 1. Get all date/location pairs affected by the deleted item's flyer.
-        SELECT DISTINCT
-            generate_series(f.valid_from, f.valid_to, '1 day'::interval)::date AS summary_date,
-            fl.store_location_id
-        FROM public.flyers f
-        JOIN public.flyer_locations fl ON f.flyer_id = fl.flyer_id
-        WHERE f.flyer_id = OLD.flyer_id
-    ),
-    new_aggregates AS (
-        -- 2. For each affected date/location, recalculate the aggregates from all other relevant flyer items.
-        SELECT
-            adl.summary_date,
-            adl.store_location_id,
-            MIN(fi.price_in_cents) AS min_price,
-            MAX(fi.price_in_cents) AS max_price,
-            ROUND(AVG(fi.price_in_cents))::int AS avg_price,
-            COUNT(fi.flyer_item_id)::int AS data_points
-        FROM affected_days_and_locations adl
-        LEFT JOIN public.flyer_items fi ON fi.master_item_id = OLD.master_item_id AND fi.price_in_cents IS NOT NULL
-        LEFT JOIN public.flyers f ON fi.flyer_id = f.flyer_id AND adl.summary_date BETWEEN f.valid_from AND f.valid_to
-        LEFT JOIN public.flyer_locations fl ON fi.flyer_id = fl.flyer_id AND adl.store_location_id = fl.store_location_id
-        WHERE fl.flyer_id IS NOT NULL -- Ensure the join was successful
-        GROUP BY adl.summary_date, adl.store_location_id
-    )
-    -- 3. Update the history table with the new aggregates.
-    UPDATE public.item_price_history iph
-    SET
-        min_price_in_cents = na.min_price,
-        max_price_in_cents = na.max_price,
-        avg_price_in_cents = na.avg_price,
-        data_points_count = na.data_points
-    FROM new_aggregates na
-    WHERE iph.master_item_id = OLD.master_item_id
-      AND iph.summary_date = na.summary_date
-      AND iph.store_location_id = na.store_location_id;
-
-    -- 4. Delete any history records that no longer have any data points.
-    DELETE FROM public.item_price_history iph
-    WHERE iph.master_item_id = OLD.master_item_id
-      AND NOT EXISTS (
-          SELECT 1 FROM new_aggregates na
-          WHERE na.summary_date = iph.summary_date AND na.store_location_id = iph.store_location_id
-      );
-
-    RETURN OLD;
-END;
-$$ LANGUAGE plpgsql;
-
-- Create the trigger on the flyer_items table for DELETE operations.
-DROP TRIGGER IF EXISTS trigger_recalculate_price_history_on_delete ON public.flyer_items;
-CREATE TRIGGER trigger_recalculate_price_history_on_delete
-  AFTER DELETE ON public.flyer_items
-  FOR EACH ROW EXECUTE FUNCTION public.recalculate_price_history_on_flyer_item_delete();
-
-- 5. Trigger function to update the average rating on the recipes table.
-DROP FUNCTION IF EXISTS public.update_recipe_rating_aggregates();
-
-CREATE OR REPLACE FUNCTION public.update_recipe_rating_aggregates()
-RETURNS TRIGGER AS $$
-BEGIN
-    UPDATE public.recipes
-    SET
-        avg_rating = (
-            SELECT AVG(rating)
-            FROM public.recipe_ratings
-            WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id) -- This is correct, no change needed
-        ),
-        rating_count = (
-            SELECT COUNT(*)
-            FROM public.recipe_ratings
-            WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id) -- This is correct, no change needed
-        )
-    WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id);
-
-    RETURN NULL; -- The result is ignored since this is an AFTER trigger.
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the function after any change to recipe_ratings.
-DROP TRIGGER IF EXISTS on_recipe_rating_change ON public.recipe_ratings;
-CREATE TRIGGER on_recipe_rating_change
-  AFTER INSERT OR UPDATE OR DELETE ON public.recipe_ratings
-  FOR EACH ROW EXECUTE FUNCTION public.update_recipe_rating_aggregates();
-
-- 6. Trigger function to log the creation of a new recipe.
-DROP FUNCTION IF EXISTS public.log_new_recipe();
-
-CREATE OR REPLACE FUNCTION public.log_new_recipe()
-RETURNS TRIGGER AS $$
-BEGIN
-    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
-    VALUES (
-        NEW.user_id,
-        'recipe_created',
-        (SELECT full_name FROM public.profiles WHERE user_id = NEW.user_id) || ' created a new recipe: ' || NEW.name,
-        'chef-hat',
-        jsonb_build_object('recipe_id', NEW.recipe_id, 'recipe_name', NEW.name)
-    );
-
-    -- Award 'First Recipe' achievement if it's their first one.
-    PERFORM public.award_achievement(NEW.user_id, 'First Recipe');
-
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the function after a new recipe is inserted.
-DROP TRIGGER IF EXISTS on_new_recipe_created ON public.recipes;
-CREATE TRIGGER on_new_recipe_created
-  AFTER INSERT ON public.recipes
-  FOR EACH ROW
-  WHEN (NEW.user_id IS NOT NULL) -- Only log activity for user-created recipes.
-  EXECUTE FUNCTION public.log_new_recipe();
-
-- 7a. Trigger function to update the item_count on the flyers table.
-DROP FUNCTION IF EXISTS public.update_flyer_item_count();
-
-CREATE OR REPLACE FUNCTION public.update_flyer_item_count()
-RETURNS TRIGGER AS $$
-BEGIN
-    IF (TG_OP = 'INSERT') THEN
-        UPDATE public.flyers SET item_count = item_count + 1 WHERE flyer_id = NEW.flyer_id;
-    ELSIF (TG_OP = 'DELETE') THEN
-        UPDATE public.flyers SET item_count = item_count - 1 WHERE flyer_id = OLD.flyer_id;
-    END IF;
-    RETURN NULL; -- The result is ignored since this is an AFTER trigger.
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the function after any change to flyer_items.
-- This ensures the item_count on the parent flyer is always accurate.
-DROP TRIGGER IF EXISTS on_flyer_item_change ON public.flyer_items;
-CREATE TRIGGER on_flyer_item_change
-  AFTER INSERT OR DELETE ON public.flyer_items
-  FOR EACH ROW EXECUTE FUNCTION public.update_flyer_item_count();
-
-- 7. Trigger function to log the creation of a new flyer.
-DROP FUNCTION IF EXISTS public.log_new_flyer();
-
-CREATE OR REPLACE FUNCTION public.log_new_flyer()
-RETURNS TRIGGER AS $$
-BEGIN
-    INSERT INTO public.activity_log (action, display_text, icon, details)
-    VALUES (
-        'flyer_uploaded',
-        'A new flyer for ' || (SELECT name FROM public.stores WHERE store_id = NEW.store_id) || ' has been uploaded.',
-        'file-text',
-        jsonb_build_object(
-            'flyer_id', NEW.flyer_id,
-            'store_name', (SELECT name FROM public.stores WHERE store_id = NEW.store_id),
-            'valid_from', to_char(NEW.valid_from, 'YYYY-MM-DD'),
-            'valid_to', to_char(NEW.valid_to, 'YYYY-MM-DD')
-        )
-    );
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the function after a new flyer is inserted.
-DROP TRIGGER IF EXISTS on_new_flyer_created ON public.flyers;
-CREATE TRIGGER on_new_flyer_created
-  AFTER INSERT ON public.flyers
-  FOR EACH ROW EXECUTE FUNCTION public.log_new_flyer();
-
-- 8. Trigger function to log when a user favorites a recipe.
-DROP FUNCTION IF EXISTS public.log_new_favorite_recipe();
-
-CREATE OR REPLACE FUNCTION public.log_new_favorite_recipe()
-RETURNS TRIGGER AS $$
-BEGIN
-    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
-    VALUES (
-        NEW.user_id,
-        'recipe_favorited',
-        (SELECT full_name FROM public.profiles WHERE user_id = NEW.user_id) || ' favorited the recipe: ' || (SELECT name FROM public.recipes WHERE recipe_id = NEW.recipe_id),
-        'heart',
-        jsonb_build_object(            
-            'recipe_id', NEW.recipe_id
-        )
-    );
-
-    -- Award 'First Favorite' achievement.
-    PERFORM public.award_achievement(NEW.user_id, 'First Favorite');
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the function after a recipe is favorited.
-DROP TRIGGER IF EXISTS on_new_favorite_recipe ON public.favorite_recipes;
-CREATE TRIGGER on_new_favorite_recipe
-  AFTER INSERT ON public.favorite_recipes
-  FOR EACH ROW EXECUTE FUNCTION public.log_new_favorite_recipe();
-
-- 9. Trigger function to log when a user shares a shopping list.
-DROP FUNCTION IF EXISTS public.log_new_list_share();
-
-CREATE OR REPLACE FUNCTION public.log_new_list_share()
-RETURNS TRIGGER AS $$
-BEGIN
-    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
-    VALUES (
-        NEW.shared_by_user_id,
-        'list_shared',
-        (SELECT full_name FROM public.profiles WHERE user_id = NEW.shared_by_user_id) || ' shared a shopping list.',
-        'share-2',
-        jsonb_build_object(
-            'shopping_list_id', NEW.shopping_list_id,
-            'list_name', (SELECT name FROM public.shopping_lists WHERE shopping_list_id = NEW.shopping_list_id),
-            'shared_with_user_id', NEW.shared_with_user_id
-        )
-    );
-
-    -- Award 'List Sharer' achievement.
-    PERFORM public.award_achievement(NEW.shared_by_user_id, 'List Sharer');
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-        
-- Trigger to call the function after a shopping list is shared.
-DROP TRIGGER IF EXISTS on_new_list_share ON public.shared_shopping_lists;
-CREATE TRIGGER on_new_list_share
-  AFTER INSERT ON public.shared_shopping_lists
-  FOR EACH ROW EXECUTE FUNCTION public.log_new_list_share();
-
-- 9a. Trigger function to log when a user shares a recipe collection.
-DROP FUNCTION IF EXISTS public.log_new_recipe_collection_share();
-
-CREATE OR REPLACE FUNCTION public.log_new_recipe_collection_share()
-RETURNS TRIGGER AS $$
-BEGIN
-    -- Log the activity
-    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
-    VALUES (
-        NEW.shared_by_user_id, 'recipe_collection_shared',
-        (SELECT full_name FROM public.profiles WHERE user_id = NEW.shared_by_user_id) || ' shared a recipe collection.',
-        'book',
-        jsonb_build_object('collection_id', NEW.recipe_collection_id, 'shared_with_user_id', NEW.shared_with_user_id)
-    );
-
-    -- Award 'Recipe Sharer' achievement.
-    PERFORM public.award_achievement(NEW.shared_by_user_id, 'Recipe Sharer');
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-DROP TRIGGER IF EXISTS on_new_recipe_collection_share ON public.shared_recipe_collections;
-CREATE TRIGGER on_new_recipe_collection_share
-  AFTER INSERT ON public.shared_recipe_collections
-  FOR EACH ROW EXECUTE FUNCTION public.log_new_recipe_collection_share();
-
-- 10. Trigger function to geocode a store location's address.
-- This function is designed to be extensible. In a production environment,
-- you would replace the placeholder with a call to an external geocoding service
-- (e.g., using the `http` extension or a `plpythonu` function) to convert
-- the address into geographic coordinates.
-DROP FUNCTION IF EXISTS public.geocode_store_location();
-
-CREATE OR REPLACE FUNCTION public.geocode_store_location()
-RETURNS TRIGGER AS $$
-DECLARE
-    full_address TEXT;
-BEGIN
-    -- Only proceed if the address has actually changed.
-    IF TG_OP = 'INSERT' OR (TG_OP = 'UPDATE' AND NEW.address IS DISTINCT FROM OLD.address) THEN
-        -- Concatenate address parts into a single string for the geocoder.
-        full_address := CONCAT_WS(', ', NEW.address, NEW.city, NEW.province_state, NEW.postal_code);
-
-        -- ======================================================================
-        -- Placeholder for Geocoding API Call
-        -- ======================================================================
-        -- In a real application, you would call a geocoding service here.
-        -- For example, using the `http` extension:
-        --
-        -- DECLARE
-        --   response http_get;
-        --   lat NUMERIC;
-        --   lon NUMERIC;
-        -- BEGIN
-        --   SELECT * INTO response FROM http_get('https://api.geocodingservice.com/geocode?address=' || url_encode(full_address));
-        --   lat := (response.content::jsonb)->'results'->0->'geometry'->'location'->'lat';
-        --   lon := (response.content::jsonb)->'results'->0->'geometry'->'location'->'lng';
-        --   NEW.location := ST_SetSRID(ST_MakePoint(lon, lat), 4326)::geography;
-        -- END;
-        --
-        -- For now, this function does nothing, but the trigger is in place.
-        -- If you manually provide lat/lon, you could parse them here.
-        -- For this example, we will assume the `location` might be set manually
-        -- or by a separate batch process.
-        -- ======================================================================
-    END IF;
-
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-- Trigger to call the geocoding function.
-DROP TRIGGER IF EXISTS on_store_location_address_change ON public.store_locations;
-CREATE TRIGGER on_store_location_address_change
-  BEFORE INSERT OR UPDATE ON public.store_locations
-  FOR EACH ROW EXECUTE FUNCTION public.geocode_store_location();
-
-- 11. Trigger function to increment the fork_count on the original recipe.
-DROP FUNCTION IF EXISTS public.increment_recipe_fork_count();
-
-CREATE OR REPLACE FUNCTION public.increment_recipe_fork_count()
-RETURNS TRIGGER AS $$
-BEGIN
-    -- Only run if the recipe is a fork (original_recipe_id is not null).
-    IF NEW.original_recipe_id IS NOT NULL THEN
-        UPDATE public.recipes SET fork_count = fork_count + 1 WHERE recipe_id = NEW.original_recipe_id;
-        -- Award 'First Fork' achievement.
-        PERFORM public.award_achievement(NEW.user_id, 'First Fork');
-    END IF;
-    RETURN NEW;
-END;
-$$ LANGUAGE plpgsql;
-
-DROP TRIGGER IF EXISTS on_recipe_fork ON public.recipes;
-CREATE TRIGGER on_recipe_fork
-  AFTER INSERT ON public.recipes
-  FOR EACH ROW EXECUTE FUNCTION public.increment_recipe_fork_count();
 -- ============================================================================
-- PART 6: DATABASE FUNCTIONS
+-- PART 3: DATABASE FUNCTIONS
 -- ============================================================================
  -- Function to find the best current sale price for a user's watched items.
 DROP FUNCTION IF EXISTS public.get_best_sale_prices_for_user(UUID);
@@ -1336,8 +867,7 @@ AS $$
        'list_shared'
        -- 'new_recipe_rating' could be added here later
    )
-  ORDER BY
-    al.created_at DESC
+  ORDER BY al.created_at DESC, al.display_text, al.icon
  LIMIT p_limit
  OFFSET p_offset;
 $$;
@@ -1554,11 +1084,11 @@ RETURNS TABLE(
    user_id uuid,
    email text,
    full_name text,
-    master_item_id integer,
+    master_item_id bigint,
    item_name text,
    best_price_in_cents integer,
    store_name text,
-    flyer_id integer,
+    flyer_id bigint,
    valid_to date
 ) AS $$
 BEGIN
@@ -1569,11 +1099,12 @@ BEGIN
        SELECT
            fi.master_item_id,
            fi.price_in_cents,
-            f.store_name,
+            s.name as store_name,
            f.flyer_id,
            f.valid_to
        FROM public.flyer_items fi
        JOIN public.flyers f ON fi.flyer_id = f.flyer_id
+        JOIN public.stores s ON f.store_id = s.store_id
        WHERE
            fi.master_item_id IS NOT NULL
            AND fi.price_in_cents IS NOT NULL
@@ -1616,3 +1147,472 @@ BEGIN
        bp.price_rank = 1;
 END;
 $$ LANGUAGE plpgsql;
+
+-- ============================================================================
+-- PART 4: TRIGGERS
+-- ============================================================================
+
+-- 1. Trigger to automatically create a profile when a new user signs up.
+-- This function is called by a trigger on the `public.users` table.
+DROP FUNCTION IF EXISTS public.handle_new_user();
+
+-- It creates a corresponding profile and a default shopping list for the new user.
+-- It now accepts full_name and avatar_url from the user's metadata.
+CREATE OR REPLACE FUNCTION public.handle_new_user()
+RETURNS TRIGGER AS $$
+DECLARE
+  new_profile_id UUID;
+  user_meta_data JSONB;
+BEGIN
+  -- The user's metadata (full_name, avatar_url) is passed via a temporary session variable.
+  user_meta_data := current_setting('my_app.user_metadata', true)::JSONB;
+
+  INSERT INTO public.profiles (user_id, role, full_name, avatar_url)
+  VALUES (new.user_id, 'user', user_meta_data->>'full_name', user_meta_data->>'avatar_url')
+  RETURNING user_id INTO new_profile_id;
+
+  -- Also create a default shopping list for the new user.
+  INSERT INTO public.shopping_lists (user_id, name)
+  VALUES (new.user_id, 'Main Shopping List');
+
+  -- Log the new user event
+  INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+  VALUES (new.user_id, 'user_registered', 
+          COALESCE(user_meta_data->>'full_name', new.email) || ' has registered.',
+          'user-plus', 
+          jsonb_build_object('email', new.email)
+  );
+  
+  RETURN new;
+END;
+$$ LANGUAGE plpgsql;
+
+-- This trigger calls the function after a new user is created.
+DROP TRIGGER IF EXISTS on_auth_user_created ON public.users;
+CREATE TRIGGER on_auth_user_created
+  AFTER INSERT ON public.users
+  FOR EACH ROW EXECUTE FUNCTION public.handle_new_user();
+
+-- 2. Create a reusable function to automatically update 'updated_at' columns.
+DROP FUNCTION IF EXISTS public.handle_updated_at();
+
+CREATE OR REPLACE FUNCTION public.handle_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at = now();
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Dynamically apply the 'handle_updated_at' trigger to all tables in the public schema
+-- that have an 'updated_at' column. This is more maintainable than creating a separate
+-- trigger for each table.
+DO $$
+DECLARE
+    t_name TEXT;
+BEGIN
+    FOR t_name IN
+        SELECT table_name
+        FROM information_schema.columns
+        WHERE table_schema = 'public' AND column_name = 'updated_at'
+    LOOP
+        EXECUTE format('DROP TRIGGER IF EXISTS on_%s_updated ON public.%I;
+                        CREATE TRIGGER on_%s_updated
+                        BEFORE UPDATE ON public.%I
+                        FOR EACH ROW EXECUTE FUNCTION public.handle_updated_at();',
+                        t_name, t_name, t_name, t_name);
+    END LOOP;
+END;
+$$;
+
+-- 3. Create a trigger function to populate the item_price_history table on insert.
+DROP FUNCTION IF EXISTS public.update_price_history_on_flyer_item_insert();
+
+CREATE OR REPLACE FUNCTION public.update_price_history_on_flyer_item_insert()
+RETURNS TRIGGER AS $$
+DECLARE
+    flyer_valid_from DATE;
+    flyer_valid_to DATE;
+    current_summary_date DATE;
+    flyer_location_id BIGINT;
+BEGIN
+    -- If the item could not be matched, add it to the unmatched queue for review.
+    IF NEW.master_item_id IS NULL THEN
+        INSERT INTO public.unmatched_flyer_items (flyer_item_id)
+        VALUES (NEW.flyer_item_id)
+        ON CONFLICT (flyer_item_id) DO NOTHING;
+    END IF;
+
+    -- Only run if the new flyer item is linked to a master item and has a price.
+    IF NEW.master_item_id IS NULL OR NEW.price_in_cents IS NULL THEN
+        RETURN NEW;
+    END IF;
+
+    -- Get the validity dates of the flyer and the store_id.
+    SELECT valid_from, valid_to INTO flyer_valid_from, flyer_valid_to
+    FROM public.flyers
+    WHERE flyer_id = NEW.flyer_id;
+
+    -- This single, set-based query is much more performant than looping.
+    -- It generates all date/location pairs and inserts/updates them in one operation.
+    INSERT INTO public.item_price_history (master_item_id, summary_date, store_location_id, min_price_in_cents, max_price_in_cents, avg_price_in_cents, data_points_count)
+    SELECT
+        NEW.master_item_id,
+        d.day,
+        fl.store_location_id,
+        NEW.price_in_cents,
+        NEW.price_in_cents,
+        NEW.price_in_cents,
+        1
+    FROM public.flyer_locations fl
+    CROSS JOIN generate_series(flyer_valid_from, flyer_valid_to, '1 day'::interval) AS d(day)
+    WHERE fl.flyer_id = NEW.flyer_id
+    ON CONFLICT (master_item_id, summary_date, store_location_id)
+    DO UPDATE SET
+        min_price_in_cents = LEAST(item_price_history.min_price_in_cents, EXCLUDED.min_price_in_cents),
+        max_price_in_cents = GREATEST(item_price_history.max_price_in_cents, EXCLUDED.max_price_in_cents),
+        avg_price_in_cents = ROUND(((item_price_history.avg_price_in_cents * item_price_history.data_points_count) + EXCLUDED.avg_price_in_cents) / (item_price_history.data_points_count + 1.0)),
+        data_points_count = item_price_history.data_points_count + 1;
+
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Create the trigger on the flyer_items table for insert.
+DROP TRIGGER IF EXISTS trigger_update_price_history ON public.flyer_items;
+CREATE TRIGGER trigger_update_price_history
+  AFTER INSERT ON public.flyer_items
+  FOR EACH ROW EXECUTE FUNCTION public.update_price_history_on_flyer_item_insert();
+
+-- 4. Create a trigger function to recalculate price history when a flyer item is deleted.
+DROP FUNCTION IF EXISTS public.recalculate_price_history_on_flyer_item_delete();
+
+CREATE OR REPLACE FUNCTION public.recalculate_price_history_on_flyer_item_delete()
+RETURNS TRIGGER AS $$
+DECLARE
+    affected_dates RECORD;
+BEGIN
+    -- Only run if the deleted item was linked to a master item and had a price.
+    IF OLD.master_item_id IS NULL OR OLD.price_in_cents IS NULL THEN
+        RETURN OLD;
+    END IF;
+
+    -- This single, set-based query is much more performant than looping.
+    -- It recalculates aggregates for all affected dates and locations at once.
+    WITH affected_days_and_locations AS (
+        -- 1. Get all date/location pairs affected by the deleted item's flyer.
+        SELECT DISTINCT
+            generate_series(f.valid_from, f.valid_to, '1 day'::interval)::date AS summary_date,
+            fl.store_location_id
+        FROM public.flyers f
+        JOIN public.flyer_locations fl ON f.flyer_id = fl.flyer_id
+        WHERE f.flyer_id = OLD.flyer_id
+    ),
+    new_aggregates AS (
+        -- 2. For each affected date/location, recalculate the aggregates from all other relevant flyer items.
+        SELECT
+            adl.summary_date,
+            adl.store_location_id,
+            MIN(fi.price_in_cents) AS min_price,
+            MAX(fi.price_in_cents) AS max_price,
+            ROUND(AVG(fi.price_in_cents))::int AS avg_price,
+            COUNT(fi.flyer_item_id)::int AS data_points
+        FROM affected_days_and_locations adl
+        LEFT JOIN public.flyer_items fi ON fi.master_item_id = OLD.master_item_id AND fi.price_in_cents IS NOT NULL
+        LEFT JOIN public.flyers f ON fi.flyer_id = f.flyer_id AND adl.summary_date BETWEEN f.valid_from AND f.valid_to
+        LEFT JOIN public.flyer_locations fl ON fi.flyer_id = fl.flyer_id AND adl.store_location_id = fl.store_location_id
+        WHERE fl.flyer_id IS NOT NULL -- Ensure the join was successful
+        GROUP BY adl.summary_date, adl.store_location_id
+    )
+    -- 3. Update the history table with the new aggregates.
+    UPDATE public.item_price_history iph
+    SET
+        min_price_in_cents = na.min_price,
+        max_price_in_cents = na.max_price,
+        avg_price_in_cents = na.avg_price,
+        data_points_count = na.data_points
+    FROM new_aggregates na
+    WHERE iph.master_item_id = OLD.master_item_id
+      AND iph.summary_date = na.summary_date
+      AND iph.store_location_id = na.store_location_id;
+
+    -- 4. Delete any history records that no longer have any data points.
+    DELETE FROM public.item_price_history iph
+    WHERE iph.master_item_id = OLD.master_item_id
+      AND NOT EXISTS (
+          SELECT 1 FROM new_aggregates na
+          WHERE na.summary_date = iph.summary_date AND na.store_location_id = iph.store_location_id
+      );
+
+    RETURN OLD;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Create the trigger on the flyer_items table for DELETE operations.
+DROP TRIGGER IF EXISTS trigger_recalculate_price_history_on_delete ON public.flyer_items;
+CREATE TRIGGER trigger_recalculate_price_history_on_delete
+  AFTER DELETE ON public.flyer_items
+  FOR EACH ROW EXECUTE FUNCTION public.recalculate_price_history_on_flyer_item_delete();
+
+-- 5. Trigger function to update the average rating on the recipes table.
+DROP FUNCTION IF EXISTS public.update_recipe_rating_aggregates();
+
+CREATE OR REPLACE FUNCTION public.update_recipe_rating_aggregates()
+RETURNS TRIGGER AS $$
+BEGIN
+    UPDATE public.recipes
+    SET
+        avg_rating = (
+            SELECT AVG(rating)
+            FROM public.recipe_ratings
+            WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id) -- This is correct, no change needed
+        ),
+        rating_count = (
+            SELECT COUNT(*)
+            FROM public.recipe_ratings
+            WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id) -- This is correct, no change needed
+        )
+    WHERE recipe_id = COALESCE(NEW.recipe_id, OLD.recipe_id);
+
+    RETURN NULL; -- The result is ignored since this is an AFTER trigger.
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to call the function after any change to recipe_ratings.
+DROP TRIGGER IF EXISTS on_recipe_rating_change ON public.recipe_ratings;
+CREATE TRIGGER on_recipe_rating_change
+  AFTER INSERT OR UPDATE OR DELETE ON public.recipe_ratings
+  FOR EACH ROW EXECUTE FUNCTION public.update_recipe_rating_aggregates();
+
+-- 6. Trigger function to log the creation of a new recipe.
+DROP FUNCTION IF EXISTS public.log_new_recipe();
+
+CREATE OR REPLACE FUNCTION public.log_new_recipe()
+RETURNS TRIGGER AS $$
+BEGIN
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+    VALUES (
+        NEW.user_id,
+        'recipe_created',
+        (SELECT full_name FROM public.profiles WHERE user_id = NEW.user_id) || ' created a new recipe: ' || NEW.name,
+        'chef-hat',
+        jsonb_build_object('recipe_id', NEW.recipe_id, 'recipe_name', NEW.name)
+    );
+
+    -- Award 'First Recipe' achievement if it's their first one.
+    PERFORM public.award_achievement(NEW.user_id, 'First Recipe');
+
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to call the function after a new recipe is inserted.
+DROP TRIGGER IF EXISTS on_new_recipe_created ON public.recipes;
+CREATE TRIGGER on_new_recipe_created
+  AFTER INSERT ON public.recipes
+  FOR EACH ROW
+  WHEN (NEW.user_id IS NOT NULL) -- Only log activity for user-created recipes.
+  EXECUTE FUNCTION public.log_new_recipe();
+
+-- 7a. Trigger function to update the item_count on the flyers table.
+DROP FUNCTION IF EXISTS public.update_flyer_item_count();
+
+CREATE OR REPLACE FUNCTION public.update_flyer_item_count()
+RETURNS TRIGGER AS $$
+BEGIN
+    IF (TG_OP = 'INSERT') THEN
+        UPDATE public.flyers SET item_count = item_count + 1 WHERE flyer_id = NEW.flyer_id;
+    ELSIF (TG_OP = 'DELETE') THEN
+        UPDATE public.flyers SET item_count = item_count - 1 WHERE flyer_id = OLD.flyer_id;
+    END IF;
+    RETURN NULL; -- The result is ignored since this is an AFTER trigger.
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to call the function after any change to flyer_items.
+-- This ensures the item_count on the parent flyer is always accurate.
+DROP TRIGGER IF EXISTS on_flyer_item_change ON public.flyer_items;
+CREATE TRIGGER on_flyer_item_change
+  AFTER INSERT OR DELETE ON public.flyer_items
+  FOR EACH ROW EXECUTE FUNCTION public.update_flyer_item_count();
+
+-- 7. Trigger function to log the creation of a new flyer.
+DROP FUNCTION IF EXISTS public.log_new_flyer();
+
+CREATE OR REPLACE FUNCTION public.log_new_flyer()
+RETURNS TRIGGER AS $$
+BEGIN
+    -- If the flyer was uploaded by a registered user, award the 'First-Upload' achievement.
+    -- The award_achievement function handles checking if the user already has it.
+    IF NEW.uploaded_by IS NOT NULL THEN
+        PERFORM public.award_achievement(NEW.uploaded_by, 'First-Upload');
+    END IF;
+
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+    VALUES (
+        NEW.uploaded_by, -- Log the user who uploaded it
+        'flyer_uploaded',
+        'A new flyer for ' || (SELECT name FROM public.stores WHERE store_id = NEW.store_id) || ' has been uploaded.',
+        'file-text',
+        jsonb_build_object(
+            'flyer_id', NEW.flyer_id,
+            'store_name', (SELECT name FROM public.stores WHERE store_id = NEW.store_id),
+            'valid_from', to_char(NEW.valid_from, 'YYYY-MM-DD'),
+            'valid_to', to_char(NEW.valid_to, 'YYYY-MM-DD')
+        )
+    );
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to call the function after a new flyer is inserted.
+DROP TRIGGER IF EXISTS on_new_flyer_created ON public.flyers;
+CREATE TRIGGER on_new_flyer_created
+  AFTER INSERT ON public.flyers
+  FOR EACH ROW EXECUTE FUNCTION public.log_new_flyer();
+
+-- 8. Trigger function to log when a user favorites a recipe.
+DROP FUNCTION IF EXISTS public.log_new_favorite_recipe();
+
+CREATE OR REPLACE FUNCTION public.log_new_favorite_recipe()
+RETURNS TRIGGER AS $$
+BEGIN
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+    VALUES (
+        NEW.user_id,
+        'recipe_favorited',
+        (SELECT full_name FROM public.profiles WHERE user_id = NEW.user_id) || ' favorited the recipe: ' || (SELECT name FROM public.recipes WHERE recipe_id = NEW.recipe_id),
+        'heart',
+        jsonb_build_object(            
+            'recipe_id', NEW.recipe_id
+        )
+    );
+
+    -- Award 'First Favorite' achievement.
+    PERFORM public.award_achievement(NEW.user_id, 'First Favorite');
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- Trigger to call the function after a recipe is favorited.
+DROP TRIGGER IF EXISTS on_new_favorite_recipe ON public.favorite_recipes;
+CREATE TRIGGER on_new_favorite_recipe
+  AFTER INSERT ON public.favorite_recipes
+  FOR EACH ROW EXECUTE FUNCTION public.log_new_favorite_recipe();
+
+-- 9. Trigger function to log when a user shares a shopping list.
+DROP FUNCTION IF EXISTS public.log_new_list_share();
+
+CREATE OR REPLACE FUNCTION public.log_new_list_share()
+RETURNS TRIGGER AS $$
+BEGIN
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+    VALUES (
+        NEW.shared_by_user_id,
+        'list_shared',
+        (SELECT full_name FROM public.profiles WHERE user_id = NEW.shared_by_user_id) || ' shared a shopping list.',
+        'share-2',
+        jsonb_build_object(
+            'shopping_list_id', NEW.shopping_list_id,
+            'list_name', (SELECT name FROM public.shopping_lists WHERE shopping_list_id = NEW.shopping_list_id),
+            'shared_with_user_id', NEW.shared_with_user_id
+        )
+    );
+
+    -- Award 'List Sharer' achievement.
+    PERFORM public.award_achievement(NEW.shared_by_user_id, 'List Sharer');
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+        
+-- Trigger to call the function after a shopping list is shared.
+DROP TRIGGER IF EXISTS on_new_list_share ON public.shared_shopping_lists;
+CREATE TRIGGER on_new_list_share
+  AFTER INSERT ON public.shared_shopping_lists
+  FOR EACH ROW EXECUTE FUNCTION public.log_new_list_share();
+
+-- 9a. Trigger function to log when a user shares a recipe collection.
+DROP FUNCTION IF EXISTS public.log_new_recipe_collection_share();
+
+CREATE OR REPLACE FUNCTION public.log_new_recipe_collection_share()
+RETURNS TRIGGER AS $$
+BEGIN
+    -- Log the activity
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
+    VALUES (
+        NEW.shared_by_user_id, 'recipe_collection_shared',
+        (SELECT full_name FROM public.profiles WHERE user_id = NEW.shared_by_user_id) || ' shared a recipe collection.',
+        'book',
+        jsonb_build_object('collection_id', NEW.recipe_collection_id, 'shared_with_user_id', NEW.shared_with_user_id)
+    );
+
+    -- Award 'Recipe Sharer' achievement.
+    PERFORM public.award_achievement(NEW.shared_by_user_id, 'Recipe Sharer');
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+DROP TRIGGER IF EXISTS on_new_recipe_collection_share ON public.shared_recipe_collections;
+CREATE TRIGGER on_new_recipe_collection_share
+  AFTER INSERT ON public.shared_recipe_collections
+  FOR EACH ROW EXECUTE FUNCTION public.log_new_recipe_collection_share();
+
+-- 10. Trigger function to geocode a store location's address.
+-- This function is triggered when an address is inserted or updated, and is
+-- designed to be extensible for external geocoding services to populate the
+-- latitude, longitude, and location fields.
+DROP FUNCTION IF EXISTS public.geocode_address();
+
+CREATE OR REPLACE FUNCTION public.geocode_address()
+RETURNS TRIGGER AS $$
+DECLARE
+    full_address TEXT;
+BEGIN
+    -- Only proceed if an address component has actually changed.
+    IF TG_OP = 'INSERT' OR (TG_OP = 'UPDATE' AND (
+        NEW.address_line_1 IS DISTINCT FROM OLD.address_line_1 OR
+        NEW.address_line_2 IS DISTINCT FROM OLD.address_line_2 OR
+        NEW.city IS DISTINCT FROM OLD.city OR
+        NEW.province_state IS DISTINCT FROM OLD.province_state OR
+        NEW.postal_code IS DISTINCT FROM OLD.postal_code OR
+        NEW.country IS DISTINCT FROM OLD.country
+    )) THEN
+        -- Concatenate address parts into a single string for the geocoder.
+        full_address := CONCAT_WS(', ', NEW.address_line_1, NEW.address_line_2, NEW.city, NEW.province_state, NEW.postal_code, NEW.country);
+
+        -- Placeholder for Geocoding API Call
+        -- In a real application, you would call a service here and update NEW.latitude, NEW.longitude, and NEW.location.
+        -- e.g., NEW.latitude := result.lat; NEW.longitude := result.lon;
+        -- NEW.location := ST_SetSRID(ST_MakePoint(NEW.longitude, NEW.latitude), 4326);
+    END IF;
+
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- This trigger calls the geocoding function when an address changes.
+DROP TRIGGER IF EXISTS on_address_change_geocode ON public.addresses;
+CREATE TRIGGER on_address_change_geocode
+  BEFORE INSERT OR UPDATE ON public.addresses
+  FOR EACH ROW EXECUTE FUNCTION public.geocode_address();
+
+-- 11. Trigger function to increment the fork_count on the original recipe.
+DROP FUNCTION IF EXISTS public.increment_recipe_fork_count();
+
+CREATE OR REPLACE FUNCTION public.increment_recipe_fork_count()
+RETURNS TRIGGER AS $$
+BEGIN
+    -- Only run if the recipe is a fork (original_recipe_id is not null).
+    IF NEW.original_recipe_id IS NOT NULL THEN
+        UPDATE public.recipes SET fork_count = fork_count + 1 WHERE recipe_id = NEW.original_recipe_id;
+        -- Award 'First Fork' achievement.
+        PERFORM public.award_achievement(NEW.user_id, 'First Fork');
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+DROP TRIGGER IF EXISTS on_recipe_fork ON public.recipes;
+CREATE TRIGGER on_recipe_fork
+  AFTER INSERT ON public.recipes
+  FOR EACH ROW EXECUTE FUNCTION public.increment_recipe_fork_count();
--- a/sql/initial_data.sql
+++ b/sql/initial_data.sql
@@ -265,5 +265,6 @@ INSERT INTO public.achievements (name, description, icon, points_value) VALUES
 ('List Sharer', 'Share a shopping list with another user for the first time.', 'list', 20),
 ('First Favorite', 'Mark a recipe as one of your favorites.', 'heart', 5),
 ('First Fork', 'Make a personal copy of a public recipe.', 'git-fork', 10),
-('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15)
+('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15),
+('First-Upload', 'Upload your first flyer.', 'upload-cloud', 25)
 ON CONFLICT (name) DO NOTHING;
--- a/sql/initial_schema.sql
+++ b/sql/initial_schema.sql
@@ -8,16 +8,23 @@
 CREATE TABLE IF NOT EXISTS public.addresses (
    address_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    address_line_1 TEXT NOT NULL UNIQUE,
-    address_line_2 TEXT,
    city TEXT NOT NULL,
    province_state TEXT NOT NULL,
    postal_code TEXT NOT NULL,
    country TEXT NOT NULL,
+    address_line_2 TEXT,
    latitude NUMERIC(9, 6),
    longitude NUMERIC(9, 6),
    location GEOGRAPHY(Point, 4326),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT addresses_address_line_1_check CHECK (TRIM(address_line_1) <> ''),
+    CONSTRAINT addresses_city_check CHECK (TRIM(city) <> ''),
+    CONSTRAINT addresses_province_state_check CHECK (TRIM(province_state) <> ''),
+    CONSTRAINT addresses_postal_code_check CHECK (TRIM(postal_code) <> ''),
+    CONSTRAINT addresses_country_check CHECK (TRIM(country) <> ''),
+    CONSTRAINT addresses_latitude_check CHECK (latitude >= -90 AND latitude <= 90),
+    CONSTRAINT addresses_longitude_check CHECK (longitude >= -180 AND longitude <= 180)
 );
 COMMENT ON TABLE public.addresses IS 'A centralized table for storing all physical addresses for users and stores.';
 COMMENT ON COLUMN public.addresses.latitude IS 'The geographic latitude.';
@@ -31,12 +38,14 @@ CREATE TABLE IF NOT EXISTS public.users (
    email TEXT NOT NULL UNIQUE,
    password_hash TEXT,
    refresh_token TEXT,
-    failed_login_attempts INTEGER DEFAULT 0,
+    failed_login_attempts INTEGER DEFAULT 0 CHECK (failed_login_attempts >= 0),
    last_failed_login TIMESTAMPTZ,
    last_login_at TIMESTAMPTZ,
    last_login_ip TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT users_email_check CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'),
+    CONSTRAINT users_password_hash_check CHECK (password_hash IS NULL OR TRIM(password_hash) <> '')
 );
 COMMENT ON TABLE public.users IS 'Stores user authentication information.';
 COMMENT ON COLUMN public.users.refresh_token IS 'Stores the long-lived refresh token for re-authentication.';
@@ -59,10 +68,13 @@ CREATE TABLE IF NOT EXISTS public.activity_log (
    icon TEXT,
    details JSONB,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT activity_log_action_check CHECK (TRIM(action) <> ''),
+    CONSTRAINT activity_log_display_text_check CHECK (TRIM(display_text) <> '')
 );
 COMMENT ON TABLE public.activity_log IS 'Logs key user and system actions for auditing and display in an activity feed.';
-CREATE INDEX IF NOT EXISTS idx_activity_log_user_id ON public.activity_log(user_id);
+-- This composite index is more efficient for user-specific activity feeds ordered by date.
+CREATE INDEX IF NOT EXISTS idx_activity_log_user_id_created_at ON public.activity_log(user_id, created_at DESC);

 -- 3. for public user profiles.
 -- This table is linked to the users table and stores non-sensitive user data.
@@ -72,16 +84,20 @@ CREATE TABLE IF NOT EXISTS public.profiles (
  full_name TEXT,
  avatar_url TEXT,
  address_id BIGINT REFERENCES public.addresses(address_id) ON DELETE SET NULL,
+  points INTEGER DEFAULT 0 NOT NULL CHECK (points >= 0),
  preferences JSONB,
  role TEXT CHECK (role IN ('admin', 'user')),
-  points INTEGER DEFAULT 0 NOT NULL,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT profiles_full_name_check CHECK (full_name IS NULL OR TRIM(full_name) <> ''),
+  CONSTRAINT profiles_avatar_url_check CHECK (avatar_url IS NULL OR avatar_url ~* '^https://?.*'),
  created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
  updated_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
 );
 COMMENT ON TABLE public.profiles IS 'Stores public-facing user data, linked to the public.users table.';
 COMMENT ON COLUMN public.profiles.address_id IS 'A foreign key to the user''s primary address in the `addresses` table.';
+-- This index is crucial for the gamification leaderboard feature.
+CREATE INDEX IF NOT EXISTS idx_profiles_points_leaderboard ON public.profiles (points DESC, full_name ASC);
 COMMENT ON COLUMN public.profiles.points IS 'A simple integer column to store a user''s total accumulated points from achievements.';

 -- 4. The 'stores' table for normalized store data.
@@ -91,6 +107,8 @@ CREATE TABLE IF NOT EXISTS public.stores (
  logo_url TEXT,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT stores_name_check CHECK (TRIM(name) <> ''),
+  CONSTRAINT stores_logo_url_check CHECK (logo_url IS NULL OR logo_url ~* '^https://?.*'),
  created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
 );
 COMMENT ON TABLE public.stores IS 'Stores metadata for grocery store chains (e.g., Safeway, Kroger).';
@@ -100,7 +118,8 @@ CREATE TABLE IF NOT EXISTS public.categories (
  category_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
  name TEXT NOT NULL UNIQUE,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT categories_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.categories IS 'Stores a predefined list of grocery item categories (e.g., ''Fruits & Vegetables'', ''Dairy & Eggs'').';

@@ -115,10 +134,16 @@ CREATE TABLE IF NOT EXISTS public.flyers (
  valid_from DATE,
  valid_to DATE,
  store_address TEXT,
-  item_count INTEGER DEFAULT 0 NOT NULL,
+  status TEXT DEFAULT 'processed' NOT NULL CHECK (status IN ('processed', 'needs_review', 'archived')),
+  item_count INTEGER DEFAULT 0 NOT NULL CHECK (item_count >= 0),
  uploaded_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT flyers_valid_dates_check CHECK (valid_to >= valid_from),
+  CONSTRAINT flyers_file_name_check CHECK (TRIM(file_name) <> ''),
+  CONSTRAINT flyers_image_url_check CHECK (image_url ~* '^https://?.*'),
+  CONSTRAINT flyers_icon_url_check CHECK (icon_url IS NULL OR icon_url ~* '^https://?.*'),
+  CONSTRAINT flyers_checksum_check CHECK (checksum IS NULL OR length(checksum) = 64)
 );
 COMMENT ON TABLE public.flyers IS 'Stores metadata for each processed flyer, linking it to a store and its validity period.';
 CREATE INDEX IF NOT EXISTS idx_flyers_store_id ON public.flyers(store_id);
@@ -130,9 +155,11 @@ COMMENT ON COLUMN public.flyers.store_id IS 'Foreign key linking this flyer to a
 COMMENT ON COLUMN public.flyers.valid_from IS 'The start date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.valid_to IS 'The end date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.store_address IS 'The physical store address if it was successfully extracted from the flyer image.';
+COMMENT ON COLUMN public.flyers.status IS 'The processing status of the flyer, e.g., if it needs manual review.';
 COMMENT ON COLUMN public.flyers.item_count IS 'A cached count of the number of items in this flyer, maintained by a trigger.';
 COMMENT ON COLUMN public.flyers.uploaded_by IS 'The user who uploaded the flyer. Can be null for anonymous or system uploads.';

+CREATE INDEX IF NOT EXISTS idx_flyers_status ON public.flyers(status);
 CREATE INDEX IF NOT EXISTS idx_flyers_created_at ON public.flyers (created_at DESC);
 CREATE INDEX IF NOT EXISTS idx_flyers_valid_to_file_name ON public.flyers (valid_to DESC, file_name ASC);
 -- 7. The 'master_grocery_items' table. This is the master dictionary.
@@ -144,7 +171,8 @@ CREATE TABLE IF NOT EXISTS public.master_grocery_items (
    allergy_info JSONB,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
+    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
+    CONSTRAINT master_grocery_items_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.master_grocery_items IS 'The master dictionary of canonical grocery items. Each item has a unique name and is linked to a category.';
 CREATE INDEX IF NOT EXISTS idx_master_grocery_items_category_id ON public.master_grocery_items(category_id);
@@ -169,7 +197,9 @@ CREATE TABLE IF NOT EXISTS public.brands (
    logo_url TEXT,
    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE SET NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT brands_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT brands_logo_url_check CHECK (logo_url IS NULL OR logo_url ~* '^https://?.*')
 );
 COMMENT ON TABLE public.brands IS 'Stores brand names like "Coca-Cola", "Maple Leaf", or "Kraft".';
 COMMENT ON COLUMN public.brands.store_id IS 'If this is a store-specific brand (e.g., President''s Choice), this links to the parent store.';
@@ -184,7 +214,9 @@ CREATE TABLE IF NOT EXISTS public.products (
    size TEXT,
    upc_code TEXT UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT products_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT products_upc_code_check CHECK (upc_code IS NULL OR upc_code ~ '^[0-9]{8,14}$')
 );
 COMMENT ON TABLE public.products IS 'Represents a specific, sellable product, combining a generic item with a brand and size.';
 COMMENT ON COLUMN public.products.upc_code IS 'Universal Product Code, if available, for exact product matching.';
@@ -200,18 +232,22 @@ CREATE TABLE IF NOT EXISTS public.flyer_items (
  flyer_id BIGINT REFERENCES public.flyers(flyer_id) ON DELETE CASCADE,
  item TEXT NOT NULL,
  price_display TEXT NOT NULL,
-  price_in_cents INTEGER,
+  price_in_cents INTEGER CHECK (price_in_cents IS NULL OR price_in_cents >= 0),
  quantity_num NUMERIC,
  quantity TEXT NOT NULL,
  category_id BIGINT REFERENCES public.categories(category_id) ON DELETE SET NULL,  
  category_name TEXT,
  unit_price JSONB,
-  view_count INTEGER DEFAULT 0 NOT NULL,
-  click_count INTEGER DEFAULT 0 NOT NULL,
+  view_count INTEGER DEFAULT 0 NOT NULL CHECK (view_count >= 0),
+  click_count INTEGER DEFAULT 0 NOT NULL CHECK (click_count >= 0),
  master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
  product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT flyer_items_item_check CHECK (TRIM(item) <> ''),
+  CONSTRAINT flyer_items_price_display_check CHECK (TRIM(price_display) <> ''),
+  CONSTRAINT flyer_items_quantity_check CHECK (TRIM(quantity) <> ''),
+  CONSTRAINT flyer_items_category_name_check CHECK (category_name IS NULL OR TRIM(category_name) <> '')
 );
 COMMENT ON TABLE public.flyer_items IS 'Stores individual items extracted from a specific flyer.';
 COMMENT ON COLUMN public.flyer_items.flyer_id IS 'Foreign key linking this item to its parent flyer in the `flyers` table.';
@@ -230,6 +266,8 @@ CREATE INDEX IF NOT EXISTS idx_flyer_items_master_item_id ON public.flyer_items(
 CREATE INDEX IF NOT EXISTS idx_flyer_items_category_id ON public.flyer_items(category_id);
 CREATE INDEX IF NOT EXISTS idx_flyer_items_product_id ON public.flyer_items(product_id);
 -- Add a GIN index to the 'item' column for fast fuzzy text searching.
+-- This partial index is optimized for queries that find the best price for an item.
+CREATE INDEX IF NOT EXISTS idx_flyer_items_master_item_price ON public.flyer_items (master_item_id, price_in_cents ASC) WHERE price_in_cents IS NOT NULL;
 -- This requires the pg_trgm extension.
 CREATE INDEX IF NOT EXISTS flyer_items_item_trgm_idx ON public.flyer_items USING GIN (item gin_trgm_ops);

@@ -238,7 +276,7 @@ CREATE TABLE IF NOT EXISTS public.user_alerts (
    user_alert_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    user_watched_item_id BIGINT NOT NULL REFERENCES public.user_watched_items(user_watched_item_id) ON DELETE CASCADE,
    alert_type TEXT NOT NULL CHECK (alert_type IN ('PRICE_BELOW', 'PERCENT_OFF_AVERAGE')),
-    threshold_value NUMERIC NOT NULL,
+    threshold_value NUMERIC NOT NULL CHECK (threshold_value > 0),
    is_active BOOLEAN DEFAULT true NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
@@ -256,7 +294,8 @@ CREATE TABLE IF NOT EXISTS public.notifications (
    link_url TEXT,
    is_read BOOLEAN DEFAULT false NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT notifications_content_check CHECK (TRIM(content) <> '')
 );
 COMMENT ON TABLE public.notifications IS 'A central log of notifications generated for users, such as price alerts.';
 COMMENT ON COLUMN public.notifications.content IS 'The notification message displayed to the user.';
@@ -269,8 +308,8 @@ CREATE TABLE IF NOT EXISTS public.store_locations (
    store_location_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE CASCADE,
    address_id BIGINT NOT NULL REFERENCES public.addresses(address_id) ON DELETE CASCADE,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    UNIQUE(store_id, address_id),
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
 );
 COMMENT ON TABLE public.store_locations IS 'Stores physical locations of stores with geographic data for proximity searches.';
@@ -282,13 +321,14 @@ CREATE TABLE IF NOT EXISTS public.item_price_history (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    summary_date DATE NOT NULL,
    store_location_id BIGINT REFERENCES public.store_locations(store_location_id) ON DELETE CASCADE,
-    min_price_in_cents INTEGER,
-    max_price_in_cents INTEGER,
-    avg_price_in_cents INTEGER,
-    data_points_count INTEGER DEFAULT 0 NOT NULL,
+    min_price_in_cents INTEGER CHECK (min_price_in_cents IS NULL OR min_price_in_cents >= 0),
+    max_price_in_cents INTEGER CHECK (max_price_in_cents IS NULL OR max_price_in_cents >= 0),
+    avg_price_in_cents INTEGER CHECK (avg_price_in_cents IS NULL OR avg_price_in_cents >= 0),
+    data_points_count INTEGER DEFAULT 0 NOT NULL CHECK (data_points_count >= 0),
    UNIQUE(master_item_id, summary_date, store_location_id),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT item_price_history_price_order_check CHECK (min_price_in_cents <= max_price_in_cents)
 );
 COMMENT ON TABLE public.item_price_history IS 'Serves as a summary table to speed up charting and analytics.';
 COMMENT ON COLUMN public.item_price_history.summary_date IS 'The date for which the price data is summarized.';
@@ -305,7 +345,8 @@ CREATE TABLE IF NOT EXISTS public.master_item_aliases (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    alias TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT master_item_aliases_alias_check CHECK (TRIM(alias) <> '')
 );
 COMMENT ON TABLE public.master_item_aliases IS 'Stores synonyms or alternative names for master items to improve matching.';
 COMMENT ON COLUMN public.master_item_aliases.alias IS 'An alternative name, e.g., "Ground Chuck" for the master item "Ground Beef".';
@@ -317,7 +358,8 @@ CREATE TABLE IF NOT EXISTS public.shopping_lists (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    name TEXT NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT shopping_lists_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.shopping_lists IS 'Stores user-created shopping lists, e.g., "Weekly Groceries".';
 CREATE INDEX IF NOT EXISTS idx_shopping_lists_user_id ON public.shopping_lists(user_id);
@@ -328,12 +370,13 @@ CREATE TABLE IF NOT EXISTS public.shopping_list_items (
    shopping_list_id BIGINT NOT NULL REFERENCES public.shopping_lists(shopping_list_id) ON DELETE CASCADE,
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    custom_item_name TEXT,
-    quantity NUMERIC DEFAULT 1 NOT NULL,
+    quantity NUMERIC DEFAULT 1 NOT NULL CHECK (quantity > 0),
    is_purchased BOOLEAN DEFAULT false NOT NULL,
    notes TEXT,
    added_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    CONSTRAINT must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL)
+    CONSTRAINT must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL),
+    CONSTRAINT shopping_list_items_custom_item_name_check CHECK (custom_item_name IS NULL OR TRIM(custom_item_name) <> '')
 );
 COMMENT ON TABLE public.shopping_list_items IS 'Contains individual items for a specific shopping list.';
 COMMENT ON COLUMN public.shopping_list_items.custom_item_name IS 'For items not in the master list, e.g., "Grandma''s special spice mix".';
@@ -341,7 +384,6 @@ COMMENT ON COLUMN public.shopping_list_items.is_purchased IS 'Lets users check i
 CREATE INDEX IF NOT EXISTS idx_shopping_list_items_shopping_list_id ON public.shopping_list_items(shopping_list_id);
 CREATE INDEX IF NOT EXISTS idx_shopping_list_items_master_item_id ON public.shopping_list_items(master_item_id);

-- 17. Manage shared access to shopping lists.
 CREATE TABLE IF NOT EXISTS public.shared_shopping_lists (
    shared_shopping_list_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    shopping_list_id BIGINT NOT NULL REFERENCES public.shopping_lists(shopping_list_id) ON DELETE CASCADE,
@@ -366,6 +408,7 @@ CREATE TABLE IF NOT EXISTS public.menu_plans (
    end_date DATE NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT menu_plans_name_check CHECK (TRIM(name) <> ''),
    CONSTRAINT date_range_check CHECK (end_date >= start_date)
 );
 COMMENT ON TABLE public.menu_plans IS 'Represents a user''s meal plan for a specific period, e.g., "Week of Oct 23".';
@@ -394,11 +437,13 @@ CREATE TABLE IF NOT EXISTS public.suggested_corrections (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    correction_type TEXT NOT NULL,
    suggested_value TEXT NOT NULL,
-    status TEXT DEFAULT 'pending' NOT NULL,
+    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'approved', 'rejected')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    reviewed_notes TEXT,
    reviewed_at TIMESTAMPTZ,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT suggested_corrections_correction_type_check CHECK (TRIM(correction_type) <> ''),
+    CONSTRAINT suggested_corrections_suggested_value_check CHECK (TRIM(suggested_value) <> '')
 );
 COMMENT ON TABLE public.suggested_corrections IS 'A queue for user-submitted data corrections, enabling crowdsourced data quality improvements.';
 COMMENT ON COLUMN public.suggested_corrections.correction_type IS 'The type of error the user is reporting.';
@@ -414,12 +459,13 @@ CREATE TABLE IF NOT EXISTS public.user_submitted_prices (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    store_id BIGINT NOT NULL REFERENCES public.stores(store_id) ON DELETE CASCADE,
-    price_in_cents INTEGER NOT NULL,
+    price_in_cents INTEGER NOT NULL CHECK (price_in_cents > 0),
    photo_url TEXT,
-    upvotes INTEGER DEFAULT 0 NOT NULL,
-    downvotes INTEGER DEFAULT 0 NOT NULL,
+    upvotes INTEGER DEFAULT 0 NOT NULL CHECK (upvotes >= 0),
+    downvotes INTEGER DEFAULT 0 NOT NULL CHECK (downvotes >= 0),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT user_submitted_prices_photo_url_check CHECK (photo_url IS NULL OR photo_url ~* '^https://?.*')
 );
 COMMENT ON TABLE public.user_submitted_prices IS 'Stores item prices submitted by users directly from physical stores.';
 COMMENT ON COLUMN public.user_submitted_prices.photo_url IS 'URL to user-submitted photo evidence of the price.';
@@ -461,20 +507,22 @@ CREATE TABLE IF NOT EXISTS public.recipes (
    name TEXT NOT NULL,
    description TEXT,
    instructions TEXT,
-    prep_time_minutes INTEGER,
-    cook_time_minutes INTEGER,
-    servings INTEGER,
+    prep_time_minutes INTEGER CHECK (prep_time_minutes IS NULL OR prep_time_minutes >= 0),
+    cook_time_minutes INTEGER CHECK (cook_time_minutes IS NULL OR cook_time_minutes >= 0),
+    servings INTEGER CHECK (servings IS NULL OR servings > 0),
    photo_url TEXT,
    calories_per_serving INTEGER,
    protein_grams NUMERIC,
    fat_grams NUMERIC,
    carb_grams NUMERIC,
-    avg_rating NUMERIC(2,1) DEFAULT 0.0 NOT NULL,
-    status TEXT DEFAULT 'private' NOT NULL CHECK (status IN ('private', 'pending_review', 'public', 'rejected')),
-    rating_count INTEGER DEFAULT 0 NOT NULL,
-    fork_count INTEGER DEFAULT 0 NOT NULL,
+    avg_rating NUMERIC(2,1) DEFAULT 0.0 NOT NULL CHECK (avg_rating >= 0.0 AND avg_rating <= 5.0),
+    status TEXT DEFAULT 'private' NOT NULL CHECK (status IN ('private', 'pending_review', 'public', 'rejected')),    
+    rating_count INTEGER DEFAULT 0 NOT NULL CHECK (rating_count >= 0),
+    fork_count INTEGER DEFAULT 0 NOT NULL CHECK (fork_count >= 0),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipes_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT recipes_photo_url_check CHECK (photo_url IS NULL OR photo_url ~* '^https://?.*')
 );
 COMMENT ON TABLE public.recipes IS 'Stores recipes that can be used to generate shopping lists.';
 COMMENT ON COLUMN public.recipes.servings IS 'The number of servings this recipe yields.';
@@ -485,11 +533,11 @@ COMMENT ON COLUMN public.recipes.calories_per_serving IS 'Optional nutritional i
 COMMENT ON COLUMN public.recipes.protein_grams IS 'Optional nutritional information.';
 COMMENT ON COLUMN public.recipes.fat_grams IS 'Optional nutritional information.';
 COMMENT ON COLUMN public.recipes.carb_grams IS 'Optional nutritional information.';
-COMMENT ON COLUMN public.recipes.fork_count IS 'To track how many times a public recipe has been "forked" or copied by other users.';
 CREATE INDEX IF NOT EXISTS idx_recipes_user_id ON public.recipes(user_id);
 CREATE INDEX IF NOT EXISTS idx_recipes_original_recipe_id ON public.recipes(original_recipe_id);
 -- Add a partial unique index to ensure system-wide recipes (user_id IS NULL) have unique names.
-- This allows different users to have recipes with the same name.
+-- This index helps speed up sorting for recipe recommendations.
+CREATE INDEX IF NOT EXISTS idx_recipes_rating_sort ON public.recipes (avg_rating DESC, rating_count DESC);
 CREATE UNIQUE INDEX IF NOT EXISTS idx_recipes_unique_system_recipe_name ON public.recipes(name) WHERE user_id IS NULL;

 -- 27. For ingredients required for each recipe.
@@ -497,10 +545,11 @@ CREATE TABLE IF NOT EXISTS public.recipe_ingredients (
    recipe_ingredient_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    recipe_id BIGINT NOT NULL REFERENCES public.recipes(recipe_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity > 0),
    unit TEXT NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_ingredients_unit_check CHECK (TRIM(unit) <> '')
 );
 COMMENT ON TABLE public.recipe_ingredients IS 'Defines the ingredients and quantities needed for a recipe.';
 COMMENT ON COLUMN public.recipe_ingredients.unit IS 'e.g., "cups", "tbsp", "g", "each".';
@@ -526,7 +575,8 @@ CREATE TABLE IF NOT EXISTS public.tags (
    tag_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT tags_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.tags IS 'Stores tags for categorizing recipes, e.g., "Vegetarian", "Quick & Easy".';

@@ -540,6 +590,7 @@ CREATE TABLE IF NOT EXISTS public.recipe_tags (
 );
 COMMENT ON TABLE public.recipe_tags IS 'A linking table to associate multiple tags with a single recipe.';
 CREATE INDEX IF NOT EXISTS idx_recipe_tags_recipe_id ON public.recipe_tags(recipe_id);
+-- This index is crucial for functions that find recipes based on tags.
 CREATE INDEX IF NOT EXISTS idx_recipe_tags_tag_id ON public.recipe_tags(tag_id);

 -- 31. Store a predefined list of kitchen appliances.
@@ -547,7 +598,8 @@ CREATE TABLE IF NOT EXISTS public.appliances (
    appliance_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT appliances_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.appliances IS 'A predefined list of kitchen appliances (e.g., Air Fryer, Instant Pot).';

@@ -587,7 +639,8 @@ CREATE TABLE IF NOT EXISTS public.recipe_comments (
    content TEXT NOT NULL,
    status TEXT DEFAULT 'visible' NOT NULL CHECK (status IN ('visible', 'hidden', 'reported')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_comments_content_check CHECK (TRIM(content) <> '')
 );
 COMMENT ON TABLE public.recipe_comments IS 'Allows for threaded discussions and comments on recipes.';
 COMMENT ON COLUMN public.recipe_comments.parent_comment_id IS 'For threaded comments.';
@@ -602,6 +655,7 @@ CREATE TABLE IF NOT EXISTS public.pantry_locations (
    name TEXT NOT NULL,    
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT pantry_locations_name_check CHECK (TRIM(name) <> ''),
    UNIQUE(user_id, name)
 );
 COMMENT ON TABLE public.pantry_locations IS 'User-defined locations for organizing pantry items (e.g., "Fridge", "Freezer", "Spice Rack").';
@@ -615,8 +669,9 @@ CREATE TABLE IF NOT EXISTS public.planned_meals (
    plan_date DATE NOT NULL,
    meal_type TEXT NOT NULL,
    servings_to_cook INTEGER,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT planned_meals_meal_type_check CHECK (TRIM(meal_type) <> '')
 );
 COMMENT ON TABLE public.planned_meals IS 'Assigns a recipe to a specific day and meal type within a user''s menu plan.';
 COMMENT ON COLUMN public.planned_meals.meal_type IS 'The designated meal for the recipe, e.g., ''Breakfast'', ''Lunch'', ''Dinner''.';
@@ -628,7 +683,7 @@ CREATE TABLE IF NOT EXISTS public.pantry_items (
    pantry_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity >= 0),
    unit TEXT,
    best_before_date DATE,
    pantry_location_id BIGINT REFERENCES public.pantry_locations(pantry_location_id) ON DELETE SET NULL,
@@ -637,7 +692,6 @@ CREATE TABLE IF NOT EXISTS public.pantry_items (
    UNIQUE(user_id, master_item_id, unit)
 );
 COMMENT ON TABLE public.pantry_items IS 'Tracks a user''s personal inventory of grocery items to enable smart shopping lists.';
-COMMENT ON COLUMN public.pantry_items.quantity IS 'The current amount of the item. Convention: use grams for weight, mL for volume where applicable.';
 COMMENT ON COLUMN public.pantry_items.pantry_location_id IS 'Links the item to a user-defined location like "Fridge" or "Freezer".';
 COMMENT ON COLUMN public.pantry_items.unit IS 'e.g., ''g'', ''ml'', ''items''. Should align with recipe_ingredients.unit and quantity convention.';
 CREATE INDEX IF NOT EXISTS idx_pantry_items_user_id ON public.pantry_items(user_id);
@@ -651,7 +705,8 @@ CREATE TABLE IF NOT EXISTS public.password_reset_tokens (
    token_hash TEXT NOT NULL UNIQUE,
    expires_at TIMESTAMPTZ NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT password_reset_tokens_token_hash_check CHECK (TRIM(token_hash) <> '')
 );
 COMMENT ON TABLE public.password_reset_tokens IS 'Stores secure, single-use tokens for password reset requests.';
 COMMENT ON COLUMN public.password_reset_tokens.token_hash IS 'A bcrypt hash of the reset token sent to the user.';
@@ -666,10 +721,13 @@ CREATE TABLE IF NOT EXISTS public.unit_conversions (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    from_unit TEXT NOT NULL,
    to_unit TEXT NOT NULL,
-    factor NUMERIC NOT NULL,
+    factor NUMERIC NOT NULL CHECK (factor > 0),
    UNIQUE(master_item_id, from_unit, to_unit),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT unit_conversions_from_unit_check CHECK (TRIM(from_unit) <> ''),
+    CONSTRAINT unit_conversions_to_unit_check CHECK (TRIM(to_unit) <> ''),
+    CONSTRAINT unit_conversions_units_check CHECK (from_unit <> to_unit)
 );
 COMMENT ON TABLE public.unit_conversions IS 'Stores item-specific unit conversion factors (e.g., grams of flour to cups).';
 COMMENT ON COLUMN public.unit_conversions.factor IS 'The multiplication factor to convert from_unit to to_unit.';
@@ -683,7 +741,8 @@ CREATE TABLE IF NOT EXISTS public.user_item_aliases (
    alias TEXT NOT NULL,
    UNIQUE(user_id, alias),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT user_item_aliases_alias_check CHECK (TRIM(alias) <> '')
 );
 COMMENT ON TABLE public.user_item_aliases IS 'Allows users to create personal aliases for grocery items (e.g., "Dad''s Cereal").';
 CREATE INDEX IF NOT EXISTS idx_user_item_aliases_user_id ON public.user_item_aliases(user_id);
@@ -720,7 +779,8 @@ CREATE TABLE IF NOT EXISTS public.recipe_collections (
    name TEXT NOT NULL,
    description TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_collections_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.recipe_collections IS 'Allows users to create personal collections of recipes (e.g., "Holiday Baking").';
 CREATE INDEX IF NOT EXISTS idx_recipe_collections_user_id ON public.recipe_collections(user_id);
@@ -745,8 +805,11 @@ CREATE TABLE IF NOT EXISTS public.shared_recipe_collections (
    shared_with_user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    permission_level TEXT NOT NULL CHECK (permission_level IN ('view', 'edit')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    UNIQUE(recipe_collection_id, shared_with_user_id)
 );
+-- This index is crucial for efficiently finding all collections shared with a specific user.
+CREATE INDEX IF NOT EXISTS idx_shared_recipe_collections_shared_with ON public.shared_recipe_collections(shared_with_user_id);

 -- 45. Log user search queries for analysis.
 CREATE TABLE IF NOT EXISTS public.search_queries (
@@ -756,7 +819,8 @@ CREATE TABLE IF NOT EXISTS public.search_queries (
    result_count INTEGER,
    was_successful BOOLEAN,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT search_queries_query_text_check CHECK (TRIM(query_text) <> '')
 );
 COMMENT ON TABLE public.search_queries IS 'Logs user search queries to analyze search effectiveness and identify gaps in data.';
 COMMENT ON COLUMN public.search_queries.was_successful IS 'Indicates if the user interacted with a search result.';
@@ -782,10 +846,11 @@ CREATE TABLE IF NOT EXISTS public.shopping_trip_items (
    shopping_trip_id BIGINT NOT NULL REFERENCES public.shopping_trips(shopping_trip_id) ON DELETE CASCADE,
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
    custom_item_name TEXT,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity > 0),
    price_paid_cents INTEGER,    
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT shopping_trip_items_custom_item_name_check CHECK (custom_item_name IS NULL OR TRIM(custom_item_name) <> ''),
    CONSTRAINT trip_must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL)
 );
 COMMENT ON TABLE public.shopping_trip_items IS 'A historical log of items purchased during a shopping trip.';
@@ -799,7 +864,8 @@ CREATE TABLE IF NOT EXISTS public.dietary_restrictions (
    name TEXT NOT NULL UNIQUE,
    type TEXT NOT NULL CHECK (type IN ('diet', 'allergy')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT dietary_restrictions_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.dietary_restrictions IS 'A predefined list of common diets (e.g., Vegan) and allergies (e.g., Nut Allergy).';

@@ -812,6 +878,7 @@ CREATE TABLE IF NOT EXISTS public.user_dietary_restrictions (
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
 );
 COMMENT ON TABLE public.user_dietary_restrictions IS 'Connects users to their selected dietary needs and allergies.';
+-- This index is crucial for functions that filter recipes based on user diets/allergies.
 CREATE INDEX IF NOT EXISTS idx_user_dietary_restrictions_user_id ON public.user_dietary_restrictions(user_id);
 CREATE INDEX IF NOT EXISTS idx_user_dietary_restrictions_restriction_id ON public.user_dietary_restrictions(restriction_id);

@@ -837,6 +904,7 @@ CREATE TABLE IF NOT EXISTS public.user_follows (
    CONSTRAINT cant_follow_self CHECK (follower_id <> following_id)
 );
 COMMENT ON TABLE public.user_follows IS 'Stores user following relationships to build a social graph.';
+-- This index is crucial for efficiently generating a user's activity feed.
 CREATE INDEX IF NOT EXISTS idx_user_follows_follower_id ON public.user_follows(follower_id);
 CREATE INDEX IF NOT EXISTS idx_user_follows_following_id ON public.user_follows(following_id);

@@ -847,12 +915,13 @@ CREATE TABLE IF NOT EXISTS public.receipts (
    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE CASCADE,
    receipt_image_url TEXT NOT NULL,
    transaction_date TIMESTAMPTZ,
-    total_amount_cents INTEGER,
+    total_amount_cents INTEGER CHECK (total_amount_cents IS NULL OR total_amount_cents >= 0),
    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'processing', 'completed', 'failed')),
    raw_text TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    processed_at TIMESTAMPTZ,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    processed_at TIMESTAMPTZ,    
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT receipts_receipt_image_url_check CHECK (receipt_image_url ~* '^https://?.*')
 );
 COMMENT ON TABLE public.receipts IS 'Stores uploaded user receipts for purchase tracking and analysis.';
 CREATE INDEX IF NOT EXISTS idx_receipts_user_id ON public.receipts(user_id);
@@ -863,13 +932,14 @@ CREATE TABLE IF NOT EXISTS public.receipt_items (
    receipt_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    receipt_id BIGINT NOT NULL REFERENCES public.receipts(receipt_id) ON DELETE CASCADE,
    raw_item_description TEXT NOT NULL,
-    quantity NUMERIC DEFAULT 1 NOT NULL,
-    price_paid_cents INTEGER NOT NULL,
+    quantity NUMERIC DEFAULT 1 NOT NULL CHECK (quantity > 0),
+    price_paid_cents INTEGER NOT NULL CHECK (price_paid_cents >= 0),
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
    product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
    status TEXT DEFAULT 'unmatched' NOT NULL CHECK (status IN ('unmatched', 'matched', 'needs_review', 'ignored')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT receipt_items_raw_item_description_check CHECK (TRIM(raw_item_description) <> '')
 );
 COMMENT ON TABLE public.receipt_items IS 'Stores individual line items extracted from a user receipt.';
 CREATE INDEX IF NOT EXISTS idx_receipt_items_receipt_id ON public.receipt_items(receipt_id);
@@ -882,7 +952,6 @@ CREATE TABLE IF NOT EXISTS public.schema_info (
    deployed_at TIMESTAMPTZ DEFAULT now() NOT NULL
 );
 COMMENT ON TABLE public.schema_info IS 'Stores metadata about the deployed schema, such as a hash of the schema file, to detect changes.';
-COMMENT ON COLUMN public.schema_info.environment IS 'The deployment environment (e.g., ''development'', ''test'', ''production'').';
 COMMENT ON COLUMN public.schema_info.schema_hash IS 'A SHA-256 hash of the master_schema_rollup.sql file at the time of deployment.';

 -- 55. Store user reactions to various entities (e.g., recipes, comments).
@@ -903,14 +972,31 @@ COMMENT ON COLUMN public.user_reactions.reaction_type IS 'The type of reaction (
 CREATE INDEX IF NOT EXISTS idx_user_reactions_user_id ON public.user_reactions(user_id);
 CREATE INDEX IF NOT EXISTS idx_user_reactions_entity ON public.user_reactions(entity_type, entity_id);

+-- 56. Store user-defined budgets for spending analysis.
+CREATE TABLE IF NOT EXISTS public.budgets (
+    budget_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
+    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
+    name TEXT NOT NULL,
+    amount_cents INTEGER NOT NULL CHECK (amount_cents > 0),
+    period TEXT NOT NULL CHECK (period IN ('weekly', 'monthly')),
+    start_date DATE NOT NULL,
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT budgets_name_check CHECK (TRIM(name) <> '')
+);
+COMMENT ON TABLE public.budgets IS 'Allows users to set weekly or monthly grocery budgets for spending tracking.';
+CREATE INDEX IF NOT EXISTS idx_budgets_user_id ON public.budgets(user_id);
+
 -- 57. Static table defining available achievements for gamification.
 CREATE TABLE IF NOT EXISTS public.achievements (
    achievement_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    description TEXT NOT NULL,
    icon TEXT,
-    points_value INTEGER NOT NULL DEFAULT 0,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    points_value INTEGER NOT NULL DEFAULT 0 CHECK (points_value >= 0),    
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT achievements_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT achievements_description_check CHECK (TRIM(description) <> '')
 );
 COMMENT ON TABLE public.achievements IS 'A static table defining the available achievements users can earn.';

@@ -926,16 +1012,3 @@ CREATE INDEX IF NOT EXISTS idx_user_achievements_user_id ON public.user_achievem
 CREATE INDEX IF NOT EXISTS idx_user_achievements_achievement_id ON public.user_achievements(achievement_id);


-- 56. Store user-defined budgets for spending analysis.
-CREATE TABLE IF NOT EXISTS public.budgets (
-    budget_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
-    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
-    name TEXT NOT NULL,
-    amount_cents INTEGER NOT NULL,
-    period TEXT NOT NULL CHECK (period IN ('weekly', 'monthly')),
-    start_date DATE NOT NULL,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
-);
-COMMENT ON TABLE public.budgets IS 'Allows users to set weekly or monthly grocery budgets for spending tracking.';
-CREATE INDEX IF NOT EXISTS idx_budgets_user_id ON public.budgets(user_id);
--- a/sql/master_schema_rollup.sql
+++ b/sql/master_schema_rollup.sql
@@ -23,16 +23,23 @@
 CREATE TABLE IF NOT EXISTS public.addresses (
    address_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    address_line_1 TEXT NOT NULL UNIQUE,
-    address_line_2 TEXT,
    city TEXT NOT NULL,
    province_state TEXT NOT NULL,
    postal_code TEXT NOT NULL,
    country TEXT NOT NULL,
+    address_line_2 TEXT,
    latitude NUMERIC(9, 6),
    longitude NUMERIC(9, 6),
    location GEOGRAPHY(Point, 4326),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT addresses_address_line_1_check CHECK (TRIM(address_line_1) <> ''),
+    CONSTRAINT addresses_city_check CHECK (TRIM(city) <> ''),
+    CONSTRAINT addresses_province_state_check CHECK (TRIM(province_state) <> ''),
+    CONSTRAINT addresses_postal_code_check CHECK (TRIM(postal_code) <> ''),
+    CONSTRAINT addresses_country_check CHECK (TRIM(country) <> ''),
+    CONSTRAINT addresses_latitude_check CHECK (latitude >= -90 AND latitude <= 90),
+    CONSTRAINT addresses_longitude_check CHECK (longitude >= -180 AND longitude <= 180)
 );
 COMMENT ON TABLE public.addresses IS 'A centralized table for storing all physical addresses for users and stores.';
 COMMENT ON COLUMN public.addresses.latitude IS 'The geographic latitude.';
@@ -45,14 +52,16 @@ CREATE INDEX IF NOT EXISTS addresses_location_idx ON public.addresses USING GIST
 CREATE TABLE IF NOT EXISTS public.users (
    user_id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
    email TEXT NOT NULL UNIQUE,
-    password_hash TEXT,
+    password_hash TEXT,    
    refresh_token TEXT,
-    failed_login_attempts INTEGER DEFAULT 0,
+    failed_login_attempts INTEGER DEFAULT 0 CHECK (failed_login_attempts >= 0),
    last_failed_login TIMESTAMPTZ,
    last_login_at TIMESTAMPTZ,
    last_login_ip TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT users_email_check CHECK (email ~* '^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}$'),
+    CONSTRAINT users_password_hash_check CHECK (password_hash IS NULL OR TRIM(password_hash) <> '')
 );
 COMMENT ON TABLE public.users IS 'Stores user authentication information.';
 COMMENT ON COLUMN public.users.refresh_token IS 'Stores the long-lived refresh token for re-authentication.';
@@ -74,11 +83,14 @@ CREATE TABLE IF NOT EXISTS public.activity_log (
    display_text TEXT NOT NULL,
    icon TEXT,
    details JSONB,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT activity_log_action_check CHECK (TRIM(action) <> ''),
+    CONSTRAINT activity_log_display_text_check CHECK (TRIM(display_text) <> '')
 );
 COMMENT ON TABLE public.activity_log IS 'Logs key user and system actions for auditing and display in an activity feed.';
-CREATE INDEX IF NOT EXISTS idx_activity_log_user_id ON public.activity_log(user_id);
+-- This composite index is more efficient for user-specific activity feeds ordered by date.
+CREATE INDEX IF NOT EXISTS idx_activity_log_user_id_created_at ON public.activity_log(user_id, created_at DESC);

 -- 3. for public user profiles.
 -- This table is linked to the users table and stores non-sensitive user data.
@@ -88,16 +100,20 @@ CREATE TABLE IF NOT EXISTS public.profiles (
    full_name TEXT,
    avatar_url TEXT,
    address_id BIGINT REFERENCES public.addresses(address_id) ON DELETE SET NULL,
-    points INTEGER DEFAULT 0 NOT NULL,
+    points INTEGER DEFAULT 0 NOT NULL CHECK (points >= 0),
    preferences JSONB,
-    role TEXT CHECK (role IN ('admin', 'user')),
+    role TEXT NOT NULL CHECK (role IN ('admin', 'user')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
+    CONSTRAINT profiles_full_name_check CHECK (full_name IS NULL OR TRIM(full_name) <> ''),
+    CONSTRAINT profiles_avatar_url_check CHECK (avatar_url IS NULL OR avatar_url ~* '^https?://.*'),
+    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,    
    updated_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
 );
 COMMENT ON TABLE public.profiles IS 'Stores public-facing user data, linked to the public.users table.';
 COMMENT ON COLUMN public.profiles.address_id IS 'A foreign key to the user''s primary address in the `addresses` table.';
+-- This index is crucial for the gamification leaderboard feature.
+CREATE INDEX IF NOT EXISTS idx_profiles_points_leaderboard ON public.profiles (points DESC, full_name ASC);
 COMMENT ON COLUMN public.profiles.points IS 'A simple integer column to store a user''s total accumulated points from achievements.';

 -- 4. The 'stores' table for normalized store data.
@@ -107,7 +123,9 @@ CREATE TABLE IF NOT EXISTS public.stores (
    logo_url TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
+    CONSTRAINT stores_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT stores_logo_url_check CHECK (logo_url IS NULL OR logo_url ~* '^https?://.*'),
+    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL    
 );
 COMMENT ON TABLE public.stores IS 'Stores metadata for grocery store chains (e.g., Safeway, Kroger).';

@@ -116,7 +134,8 @@ CREATE TABLE IF NOT EXISTS public.categories (
    category_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT categories_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.categories IS 'Stores a predefined list of grocery item categories (e.g., ''Fruits & Vegetables'', ''Dairy & Eggs'').';

@@ -125,16 +144,22 @@ CREATE TABLE IF NOT EXISTS public.flyers (
    flyer_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    file_name TEXT NOT NULL,
    image_url TEXT NOT NULL,
-    icon_url TEXT,
-  checksum TEXT UNIQUE,  
-  store_id BIGINT REFERENCES public.stores(store_id) ON DELETE CASCADE,
+    icon_url TEXT NOT NULL,
+    checksum TEXT UNIQUE,  
+    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE CASCADE,
    valid_from DATE,
    valid_to DATE,
    store_address TEXT,
-    item_count INTEGER DEFAULT 0 NOT NULL,
+    status TEXT DEFAULT 'processed' NOT NULL CHECK (status IN ('processed', 'needs_review', 'archived')),
+    item_count INTEGER DEFAULT 0 NOT NULL CHECK (item_count >= 0),
    uploaded_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT flyers_valid_dates_check CHECK (valid_to >= valid_from),
+    CONSTRAINT flyers_file_name_check CHECK (TRIM(file_name) <> ''),
+    CONSTRAINT flyers_image_url_check CHECK (image_url ~* '^https?://.*'),
+    CONSTRAINT flyers_icon_url_check CHECK (icon_url ~* '^https?://.*'),
+    CONSTRAINT flyers_checksum_check CHECK (checksum IS NULL OR length(checksum) = 64)
 );
 COMMENT ON TABLE public.flyers IS 'Stores metadata for each processed flyer, linking it to a store and its validity period.';
 CREATE INDEX IF NOT EXISTS idx_flyers_store_id ON public.flyers(store_id);
@@ -146,9 +171,11 @@ COMMENT ON COLUMN public.flyers.store_id IS 'Foreign key linking this flyer to a
 COMMENT ON COLUMN public.flyers.valid_from IS 'The start date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.valid_to IS 'The end date of the sale period for this flyer, extracted by the AI.';
 COMMENT ON COLUMN public.flyers.store_address IS 'The physical store address if it was successfully extracted from the flyer image.';
+COMMENT ON COLUMN public.flyers.status IS 'The processing status of the flyer, e.g., if it needs manual review.';
 COMMENT ON COLUMN public.flyers.item_count IS 'A cached count of the number of items in this flyer, maintained by a trigger.';
 COMMENT ON COLUMN public.flyers.uploaded_by IS 'The user who uploaded the flyer. Can be null for anonymous or system uploads.';

+CREATE INDEX IF NOT EXISTS idx_flyers_status ON public.flyers(status);
 CREATE INDEX IF NOT EXISTS idx_flyers_created_at ON public.flyers (created_at DESC);
 CREATE INDEX IF NOT EXISTS idx_flyers_valid_to_file_name ON public.flyers (valid_to DESC, file_name ASC);
 -- 7. The 'master_grocery_items' table. This is the master dictionary.
@@ -160,7 +187,8 @@ CREATE TABLE IF NOT EXISTS public.master_grocery_items (
    allergy_info JSONB,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL
+    created_by UUID REFERENCES public.users(user_id) ON DELETE SET NULL,
+    CONSTRAINT master_grocery_items_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.master_grocery_items IS 'The master dictionary of canonical grocery items. Each item has a unique name and is linked to a category.';
 CREATE INDEX IF NOT EXISTS idx_master_grocery_items_category_id ON public.master_grocery_items(category_id);
@@ -185,7 +213,9 @@ CREATE TABLE IF NOT EXISTS public.brands (
    logo_url TEXT,
    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE SET NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT brands_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT brands_logo_url_check CHECK (logo_url IS NULL OR logo_url ~* '^https?://.*')
 );
 COMMENT ON TABLE public.brands IS 'Stores brand names like "Coca-Cola", "Maple Leaf", or "Kraft".';
 COMMENT ON COLUMN public.brands.store_id IS 'If this is a store-specific brand (e.g., President''s Choice), this links to the parent store.';
@@ -200,7 +230,9 @@ CREATE TABLE IF NOT EXISTS public.products (
    size TEXT,
    upc_code TEXT UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT products_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT products_upc_code_check CHECK (upc_code IS NULL OR upc_code ~ '^[0-9]{8,14}$')
 );
 COMMENT ON TABLE public.products IS 'Represents a specific, sellable product, combining a generic item with a brand and size.';
 COMMENT ON COLUMN public.products.upc_code IS 'Universal Product Code, if available, for exact product matching.';
@@ -216,18 +248,22 @@ CREATE TABLE IF NOT EXISTS public.flyer_items (
  flyer_id BIGINT REFERENCES public.flyers(flyer_id) ON DELETE CASCADE,
  item TEXT NOT NULL,
  price_display TEXT NOT NULL,
-  price_in_cents INTEGER,
+  price_in_cents INTEGER CHECK (price_in_cents IS NULL OR price_in_cents >= 0),
  quantity_num NUMERIC,
  quantity TEXT NOT NULL,
  category_id BIGINT REFERENCES public.categories(category_id) ON DELETE SET NULL,  
  category_name TEXT,
  unit_price JSONB,
-  view_count INTEGER DEFAULT 0 NOT NULL,
-  click_count INTEGER DEFAULT 0 NOT NULL,
+  view_count INTEGER DEFAULT 0 NOT NULL CHECK (view_count >= 0),
+  click_count INTEGER DEFAULT 0 NOT NULL CHECK (click_count >= 0),
  master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
  product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
  created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+  updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+  CONSTRAINT flyer_items_item_check CHECK (TRIM(item) <> ''),
+  CONSTRAINT flyer_items_price_display_check CHECK (TRIM(price_display) <> ''),
+  CONSTRAINT flyer_items_quantity_check CHECK (TRIM(quantity) <> ''),
+  CONSTRAINT flyer_items_category_name_check CHECK (category_name IS NULL OR TRIM(category_name) <> '')
 );
 COMMENT ON TABLE public.flyer_items IS 'Stores individual items extracted from a specific flyer.';
 COMMENT ON COLUMN public.flyer_items.flyer_id IS 'Foreign key linking this item to its parent flyer in the `flyers` table.';
@@ -246,6 +282,8 @@ CREATE INDEX IF NOT EXISTS idx_flyer_items_master_item_id ON public.flyer_items(
 CREATE INDEX IF NOT EXISTS idx_flyer_items_category_id ON public.flyer_items(category_id);
 CREATE INDEX IF NOT EXISTS idx_flyer_items_product_id ON public.flyer_items(product_id);
 -- Add a GIN index to the 'item' column for fast fuzzy text searching.
+-- This partial index is optimized for queries that find the best price for an item.
+CREATE INDEX IF NOT EXISTS idx_flyer_items_master_item_price ON public.flyer_items (master_item_id, price_in_cents ASC) WHERE price_in_cents IS NOT NULL;
 -- This requires the pg_trgm extension.
 CREATE INDEX IF NOT EXISTS flyer_items_item_trgm_idx ON public.flyer_items USING GIN (item gin_trgm_ops);

@@ -254,7 +292,7 @@ CREATE TABLE IF NOT EXISTS public.user_alerts (
    user_alert_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    user_watched_item_id BIGINT NOT NULL REFERENCES public.user_watched_items(user_watched_item_id) ON DELETE CASCADE,
    alert_type TEXT NOT NULL CHECK (alert_type IN ('PRICE_BELOW', 'PERCENT_OFF_AVERAGE')),
-    threshold_value NUMERIC NOT NULL,
+    threshold_value NUMERIC NOT NULL CHECK (threshold_value > 0),
    is_active BOOLEAN DEFAULT true NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
@@ -272,7 +310,8 @@ CREATE TABLE IF NOT EXISTS public.notifications (
    link_url TEXT,
    is_read BOOLEAN DEFAULT false NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT notifications_content_check CHECK (TRIM(content) <> '')
 );
 COMMENT ON TABLE public.notifications IS 'A central log of notifications generated for users, such as price alerts.';
 COMMENT ON COLUMN public.notifications.content IS 'The notification message displayed to the user.';
@@ -298,13 +337,14 @@ CREATE TABLE IF NOT EXISTS public.item_price_history (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    summary_date DATE NOT NULL,
    store_location_id BIGINT REFERENCES public.store_locations(store_location_id) ON DELETE CASCADE,
-    min_price_in_cents INTEGER,
-    max_price_in_cents INTEGER,
-    avg_price_in_cents INTEGER,
-    data_points_count INTEGER DEFAULT 0 NOT NULL,
+    min_price_in_cents INTEGER CHECK (min_price_in_cents IS NULL OR min_price_in_cents >= 0),
+    max_price_in_cents INTEGER CHECK (max_price_in_cents IS NULL OR max_price_in_cents >= 0),
+    avg_price_in_cents INTEGER CHECK (avg_price_in_cents IS NULL OR avg_price_in_cents >= 0),
+    data_points_count INTEGER DEFAULT 0 NOT NULL CHECK (data_points_count >= 0),
    UNIQUE(master_item_id, summary_date, store_location_id),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT item_price_history_price_order_check CHECK (min_price_in_cents <= max_price_in_cents)
 );
 COMMENT ON TABLE public.item_price_history IS 'Serves as a summary table to speed up charting and analytics.';
 COMMENT ON COLUMN public.item_price_history.summary_date IS 'The date for which the price data is summarized.';
@@ -321,7 +361,8 @@ CREATE TABLE IF NOT EXISTS public.master_item_aliases (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    alias TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT master_item_aliases_alias_check CHECK (TRIM(alias) <> '')
 );
 COMMENT ON TABLE public.master_item_aliases IS 'Stores synonyms or alternative names for master items to improve matching.';
 COMMENT ON COLUMN public.master_item_aliases.alias IS 'An alternative name, e.g., "Ground Chuck" for the master item "Ground Beef".';
@@ -333,7 +374,8 @@ CREATE TABLE IF NOT EXISTS public.shopping_lists (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    name TEXT NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT shopping_lists_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.shopping_lists IS 'Stores user-created shopping lists, e.g., "Weekly Groceries".';
 CREATE INDEX IF NOT EXISTS idx_shopping_lists_user_id ON public.shopping_lists(user_id);
@@ -344,12 +386,13 @@ CREATE TABLE IF NOT EXISTS public.shopping_list_items (
    shopping_list_id BIGINT NOT NULL REFERENCES public.shopping_lists(shopping_list_id) ON DELETE CASCADE,
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    custom_item_name TEXT,
-    quantity NUMERIC DEFAULT 1 NOT NULL,
+    quantity NUMERIC DEFAULT 1 NOT NULL CHECK (quantity > 0),
    is_purchased BOOLEAN DEFAULT false NOT NULL,
    notes TEXT,
    added_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    CONSTRAINT must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL)
+    CONSTRAINT must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL),
+    CONSTRAINT shopping_list_items_custom_item_name_check CHECK (custom_item_name IS NULL OR TRIM(custom_item_name) <> '')
 );
 COMMENT ON TABLE public.shopping_list_items IS 'Contains individual items for a specific shopping list.';
 COMMENT ON COLUMN public.shopping_list_items.custom_item_name IS 'For items not in the master list, e.g., "Grandma''s special spice mix".';
@@ -381,7 +424,8 @@ CREATE TABLE IF NOT EXISTS public.menu_plans (
    start_date DATE NOT NULL,
    end_date DATE NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    CONSTRAINT menu_plans_name_check CHECK (TRIM(name) <> ''),
    CONSTRAINT date_range_check CHECK (end_date >= start_date)
 );
 COMMENT ON TABLE public.menu_plans IS 'Represents a user''s meal plan for a specific period, e.g., "Week of Oct 23".';
@@ -410,11 +454,13 @@ CREATE TABLE IF NOT EXISTS public.suggested_corrections (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    correction_type TEXT NOT NULL,
    suggested_value TEXT NOT NULL,
-    status TEXT DEFAULT 'pending' NOT NULL,
+    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'approved', 'rejected')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    reviewed_notes TEXT,
    reviewed_at TIMESTAMPTZ,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT suggested_corrections_correction_type_check CHECK (TRIM(correction_type) <> ''),
+    CONSTRAINT suggested_corrections_suggested_value_check CHECK (TRIM(suggested_value) <> '')
 );
 COMMENT ON TABLE public.suggested_corrections IS 'A queue for user-submitted data corrections, enabling crowdsourced data quality improvements.';
 COMMENT ON COLUMN public.suggested_corrections.correction_type IS 'The type of error the user is reporting.';
@@ -430,12 +476,13 @@ CREATE TABLE IF NOT EXISTS public.user_submitted_prices (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    store_id BIGINT NOT NULL REFERENCES public.stores(store_id) ON DELETE CASCADE,
-    price_in_cents INTEGER NOT NULL,
+    price_in_cents INTEGER NOT NULL CHECK (price_in_cents > 0),
    photo_url TEXT,
-    upvotes INTEGER DEFAULT 0 NOT NULL,
-    downvotes INTEGER DEFAULT 0 NOT NULL,
+    upvotes INTEGER DEFAULT 0 NOT NULL CHECK (upvotes >= 0),
+    downvotes INTEGER DEFAULT 0 NOT NULL CHECK (downvotes >= 0),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT user_submitted_prices_photo_url_check CHECK (photo_url IS NULL OR photo_url ~* '^https?://.*')
 );
 COMMENT ON TABLE public.user_submitted_prices IS 'Stores item prices submitted by users directly from physical stores.';
 COMMENT ON COLUMN public.user_submitted_prices.photo_url IS 'URL to user-submitted photo evidence of the price.';
@@ -446,7 +493,8 @@ CREATE INDEX IF NOT EXISTS idx_user_submitted_prices_master_item_id ON public.us
 -- 22. Log flyer items that could not be automatically matched to a master item.
 CREATE TABLE IF NOT EXISTS public.unmatched_flyer_items (
    unmatched_flyer_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
-    flyer_item_id BIGINT NOT NULL REFERENCES public.flyer_items(flyer_item_id) ON DELETE CASCADE,    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'resolved', 'ignored')),
+    flyer_item_id BIGINT NOT NULL REFERENCES public.flyer_items(flyer_item_id) ON DELETE CASCADE,    
+    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'resolved', 'ignored')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    reviewed_at TIMESTAMPTZ,
    UNIQUE(flyer_item_id),
@@ -476,20 +524,22 @@ CREATE TABLE IF NOT EXISTS public.recipes (
    name TEXT NOT NULL,
    description TEXT,
    instructions TEXT,
-    prep_time_minutes INTEGER,
-    cook_time_minutes INTEGER,
-    servings INTEGER,
+    prep_time_minutes INTEGER CHECK (prep_time_minutes IS NULL OR prep_time_minutes >= 0),
+    cook_time_minutes INTEGER CHECK (cook_time_minutes IS NULL OR cook_time_minutes >= 0),
+    servings INTEGER CHECK (servings IS NULL OR servings > 0),
    photo_url TEXT,
    calories_per_serving INTEGER,
    protein_grams NUMERIC,
    fat_grams NUMERIC,
    carb_grams NUMERIC,
-    avg_rating NUMERIC(2,1) DEFAULT 0.0 NOT NULL,
+    avg_rating NUMERIC(2,1) DEFAULT 0.0 NOT NULL CHECK (avg_rating >= 0.0 AND avg_rating <= 5.0),    
    status TEXT DEFAULT 'private' NOT NULL CHECK (status IN ('private', 'pending_review', 'public', 'rejected')),
-    rating_count INTEGER DEFAULT 0 NOT NULL,
-    fork_count INTEGER DEFAULT 0 NOT NULL,
+    rating_count INTEGER DEFAULT 0 NOT NULL CHECK (rating_count >= 0),
+    fork_count INTEGER DEFAULT 0 NOT NULL CHECK (fork_count >= 0),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipes_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT recipes_photo_url_check CHECK (photo_url IS NULL OR photo_url ~* '^https?://.*')
 );
 COMMENT ON TABLE public.recipes IS 'Stores recipes that can be used to generate shopping lists.';
 COMMENT ON COLUMN public.recipes.servings IS 'The number of servings this recipe yields.';
@@ -504,6 +554,8 @@ CREATE INDEX IF NOT EXISTS idx_recipes_user_id ON public.recipes(user_id);
 CREATE INDEX IF NOT EXISTS idx_recipes_original_recipe_id ON public.recipes(original_recipe_id);
 -- Add a partial unique index to ensure system-wide recipes (user_id IS NULL) have unique names.
 -- This allows different users to have recipes with the same name.
+-- This index helps speed up sorting for recipe recommendations.
+CREATE INDEX IF NOT EXISTS idx_recipes_rating_sort ON public.recipes (avg_rating DESC, rating_count DESC);
 CREATE UNIQUE INDEX IF NOT EXISTS idx_recipes_unique_system_recipe_name ON public.recipes(name) WHERE user_id IS NULL;

 -- 27. For ingredients required for each recipe.
@@ -511,10 +563,11 @@ CREATE TABLE IF NOT EXISTS public.recipe_ingredients (
    recipe_ingredient_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    recipe_id BIGINT NOT NULL REFERENCES public.recipes(recipe_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity > 0),
    unit TEXT NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_ingredients_unit_check CHECK (TRIM(unit) <> '')
 );
 COMMENT ON TABLE public.recipe_ingredients IS 'Defines the ingredients and quantities needed for a recipe.';
 COMMENT ON COLUMN public.recipe_ingredients.unit IS 'e.g., "cups", "tbsp", "g", "each".';
@@ -541,7 +594,8 @@ CREATE TABLE IF NOT EXISTS public.tags (
    tag_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT tags_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.tags IS 'Stores tags for categorizing recipes, e.g., "Vegetarian", "Quick & Easy".';

@@ -563,7 +617,8 @@ CREATE TABLE IF NOT EXISTS public.appliances (
    appliance_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    name TEXT NOT NULL UNIQUE,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT appliances_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.appliances IS 'A predefined list of kitchen appliances (e.g., Air Fryer, Instant Pot).';

@@ -603,7 +658,8 @@ CREATE TABLE IF NOT EXISTS public.recipe_comments (
    content TEXT NOT NULL,
    status TEXT DEFAULT 'visible' NOT NULL CHECK (status IN ('visible', 'hidden', 'reported')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_comments_content_check CHECK (TRIM(content) <> '')
 );
 COMMENT ON TABLE public.recipe_comments IS 'Allows for threaded discussions and comments on recipes.';
 COMMENT ON COLUMN public.recipe_comments.parent_comment_id IS 'For threaded comments.';
@@ -617,7 +673,8 @@ CREATE TABLE IF NOT EXISTS public.pantry_locations (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    name TEXT NOT NULL,    
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    CONSTRAINT pantry_locations_name_check CHECK (TRIM(name) <> ''),
    UNIQUE(user_id, name)
 );
 COMMENT ON TABLE public.pantry_locations IS 'User-defined locations for organizing pantry items (e.g., "Fridge", "Freezer", "Spice Rack").';
@@ -631,8 +688,9 @@ CREATE TABLE IF NOT EXISTS public.planned_meals (
    plan_date DATE NOT NULL,    
    meal_type TEXT NOT NULL,
    servings_to_cook INTEGER,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,    
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT planned_meals_meal_type_check CHECK (TRIM(meal_type) <> '')
 );
 COMMENT ON TABLE public.planned_meals IS 'Assigns a recipe to a specific day and meal type within a user''s menu plan.';
 COMMENT ON COLUMN public.planned_meals.meal_type IS 'The designated meal for the recipe, e.g., ''Breakfast'', ''Lunch'', ''Dinner''.';
@@ -644,7 +702,7 @@ CREATE TABLE IF NOT EXISTS public.pantry_items (
    pantry_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity >= 0),
    unit TEXT,
    best_before_date DATE,
    pantry_location_id BIGINT REFERENCES public.pantry_locations(pantry_location_id) ON DELETE SET NULL,
@@ -667,7 +725,8 @@ CREATE TABLE IF NOT EXISTS public.password_reset_tokens (
    token_hash TEXT NOT NULL UNIQUE,
    expires_at TIMESTAMPTZ NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT password_reset_tokens_token_hash_check CHECK (TRIM(token_hash) <> '')
 );
 COMMENT ON TABLE public.password_reset_tokens IS 'Stores secure, single-use tokens for password reset requests.';
 COMMENT ON COLUMN public.password_reset_tokens.token_hash IS 'A bcrypt hash of the reset token sent to the user.';
@@ -682,10 +741,13 @@ CREATE TABLE IF NOT EXISTS public.unit_conversions (
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    from_unit TEXT NOT NULL,
    to_unit TEXT NOT NULL,
-    factor NUMERIC NOT NULL,
-    UNIQUE(master_item_id, from_unit, to_unit),
+    factor NUMERIC NOT NULL CHECK (factor > 0),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    UNIQUE(master_item_id, from_unit, to_unit),
+    CONSTRAINT unit_conversions_from_unit_check CHECK (TRIM(from_unit) <> ''),
+    CONSTRAINT unit_conversions_to_unit_check CHECK (TRIM(to_unit) <> ''),
+    CONSTRAINT unit_conversions_units_check CHECK (from_unit <> to_unit)
 );
 COMMENT ON TABLE public.unit_conversions IS 'Stores item-specific unit conversion factors (e.g., grams of flour to cups).';
 COMMENT ON COLUMN public.unit_conversions.factor IS 'The multiplication factor to convert from_unit to to_unit.';
@@ -697,9 +759,10 @@ CREATE TABLE IF NOT EXISTS public.user_item_aliases (
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    master_item_id BIGINT NOT NULL REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE CASCADE,
    alias TEXT NOT NULL,
-    UNIQUE(user_id, alias),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    UNIQUE(user_id, alias),
+    CONSTRAINT user_item_aliases_alias_check CHECK (TRIM(alias) <> '')
 );
 COMMENT ON TABLE public.user_item_aliases IS 'Allows users to create personal aliases for grocery items (e.g., "Dad''s Cereal").';
 CREATE INDEX IF NOT EXISTS idx_user_item_aliases_user_id ON public.user_item_aliases(user_id);
@@ -736,7 +799,8 @@ CREATE TABLE IF NOT EXISTS public.recipe_collections (
    name TEXT NOT NULL,
    description TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT recipe_collections_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.recipe_collections IS 'Allows users to create personal collections of recipes (e.g., "Holiday Baking").';
 CREATE INDEX IF NOT EXISTS idx_recipe_collections_user_id ON public.recipe_collections(user_id);
@@ -761,8 +825,11 @@ CREATE TABLE IF NOT EXISTS public.shared_recipe_collections (
    shared_with_user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    permission_level TEXT NOT NULL CHECK (permission_level IN ('view', 'edit')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    UNIQUE(recipe_collection_id, shared_with_user_id)
 );
+-- This index is crucial for efficiently finding all collections shared with a specific user.
+CREATE INDEX IF NOT EXISTS idx_shared_recipe_collections_shared_with ON public.shared_recipe_collections(shared_with_user_id);

 -- 45. Log user search queries for analysis.
 CREATE TABLE IF NOT EXISTS public.search_queries (
@@ -772,7 +839,8 @@ CREATE TABLE IF NOT EXISTS public.search_queries (
    result_count INTEGER,
    was_successful BOOLEAN,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT search_queries_query_text_check CHECK (TRIM(query_text) <> '')
 );
 COMMENT ON TABLE public.search_queries IS 'Logs user search queries to analyze search effectiveness and identify gaps in data.';
 COMMENT ON COLUMN public.search_queries.was_successful IS 'Indicates if the user interacted with a search result.';
@@ -798,10 +866,11 @@ CREATE TABLE IF NOT EXISTS public.shopping_trip_items (
    shopping_trip_id BIGINT NOT NULL REFERENCES public.shopping_trips(shopping_trip_id) ON DELETE CASCADE,
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
    custom_item_name TEXT,
-    quantity NUMERIC NOT NULL,
+    quantity NUMERIC NOT NULL CHECK (quantity > 0),
    price_paid_cents INTEGER,    
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT shopping_trip_items_custom_item_name_check CHECK (custom_item_name IS NULL OR TRIM(custom_item_name) <> ''),
    CONSTRAINT trip_must_have_item_identifier CHECK (master_item_id IS NOT NULL OR custom_item_name IS NOT NULL)
 );
 COMMENT ON TABLE public.shopping_trip_items IS 'A historical log of items purchased during a shopping trip.';
@@ -815,7 +884,8 @@ CREATE TABLE IF NOT EXISTS public.dietary_restrictions (
    name TEXT NOT NULL UNIQUE,
    type TEXT NOT NULL CHECK (type IN ('diet', 'allergy')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT dietary_restrictions_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.dietary_restrictions IS 'A predefined list of common diets (e.g., Vegan) and allergies (e.g., Nut Allergy).';

@@ -865,11 +935,12 @@ CREATE TABLE IF NOT EXISTS public.receipts (
    store_id BIGINT REFERENCES public.stores(store_id) ON DELETE CASCADE,
    receipt_image_url TEXT NOT NULL,
    transaction_date TIMESTAMPTZ,
-    total_amount_cents INTEGER,
+    total_amount_cents INTEGER CHECK (total_amount_cents IS NULL OR total_amount_cents >= 0),
    status TEXT DEFAULT 'pending' NOT NULL CHECK (status IN ('pending', 'processing', 'completed', 'failed')),
    raw_text TEXT,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    processed_at TIMESTAMPTZ,
+    processed_at TIMESTAMPTZ,    
+    CONSTRAINT receipts_receipt_image_url_check CHECK (receipt_image_url ~* '^https?://.*'),
    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
 );
 COMMENT ON TABLE public.receipts IS 'Stores uploaded user receipts for purchase tracking and analysis.';
@@ -881,13 +952,14 @@ CREATE TABLE IF NOT EXISTS public.receipt_items (
    receipt_item_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    receipt_id BIGINT NOT NULL REFERENCES public.receipts(receipt_id) ON DELETE CASCADE,
    raw_item_description TEXT NOT NULL,
-    quantity NUMERIC DEFAULT 1 NOT NULL,
-    price_paid_cents INTEGER NOT NULL,
+    quantity NUMERIC DEFAULT 1 NOT NULL CHECK (quantity > 0),
+    price_paid_cents INTEGER NOT NULL CHECK (price_paid_cents >= 0),
    master_item_id BIGINT REFERENCES public.master_grocery_items(master_grocery_item_id) ON DELETE SET NULL,
    product_id BIGINT REFERENCES public.products(product_id) ON DELETE SET NULL,
    status TEXT DEFAULT 'unmatched' NOT NULL CHECK (status IN ('unmatched', 'matched', 'needs_review', 'ignored')),
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT receipt_items_raw_item_description_check CHECK (TRIM(raw_item_description) <> '')
 );
 COMMENT ON TABLE public.receipt_items IS 'Stores individual line items extracted from a user receipt.';
 CREATE INDEX IF NOT EXISTS idx_receipt_items_receipt_id ON public.receipt_items(receipt_id);
@@ -926,11 +998,12 @@ CREATE TABLE IF NOT EXISTS public.budgets (
    budget_id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
    user_id UUID NOT NULL REFERENCES public.users(user_id) ON DELETE CASCADE,
    name TEXT NOT NULL,
-    amount_cents INTEGER NOT NULL,
+    amount_cents INTEGER NOT NULL CHECK (amount_cents > 0),
    period TEXT NOT NULL CHECK (period IN ('weekly', 'monthly')),
    start_date DATE NOT NULL,
    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
-    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    updated_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT budgets_name_check CHECK (TRIM(name) <> '')
 );
 COMMENT ON TABLE public.budgets IS 'Allows users to set weekly or monthly grocery budgets for spending tracking.';
 CREATE INDEX IF NOT EXISTS idx_budgets_user_id ON public.budgets(user_id);
@@ -941,8 +1014,10 @@ CREATE TABLE IF NOT EXISTS public.achievements (
    name TEXT NOT NULL UNIQUE,
    description TEXT NOT NULL,
    icon TEXT,
-    points_value INTEGER NOT NULL DEFAULT 0,
-    created_at TIMESTAMPTZ DEFAULT now() NOT NULL
+    points_value INTEGER NOT NULL DEFAULT 0 CHECK (points_value >= 0),
+    created_at TIMESTAMPTZ DEFAULT now() NOT NULL,
+    CONSTRAINT achievements_name_check CHECK (TRIM(name) <> ''),
+    CONSTRAINT achievements_description_check CHECK (TRIM(description) <> '')
 );
 COMMENT ON TABLE public.achievements IS 'A static table defining the available achievements users can earn.';

@@ -1038,6 +1113,7 @@ DECLARE
    ground_beef_id BIGINT; pasta_item_id BIGINT; tomatoes_id BIGINT; onions_id BIGINT; garlic_id BIGINT;
    bell_peppers_id BIGINT; carrots_id BIGINT; soy_sauce_id BIGINT;
    soda_item_id BIGINT; turkey_item_id BIGINT; bread_item_id BIGINT; cheese_item_id BIGINT;
+    chicken_thighs_id BIGINT; paper_towels_id BIGINT; toilet_paper_id BIGINT;

    -- Tag IDs
    quick_easy_tag BIGINT; healthy_tag BIGINT; chicken_tag BIGINT;
@@ -1089,6 +1165,9 @@ BEGIN
    SELECT mgi.master_grocery_item_id INTO turkey_item_id FROM public.master_grocery_items mgi WHERE mgi.name = 'turkey';
    SELECT mgi.master_grocery_item_id INTO bread_item_id FROM public.master_grocery_items mgi WHERE mgi.name = 'bread';
    SELECT mgi.master_grocery_item_id INTO cheese_item_id FROM public.master_grocery_items mgi WHERE mgi.name = 'cheese';
+    SELECT mgi.master_grocery_item_id INTO chicken_thighs_id FROM public.master_grocery_items mgi WHERE mgi.name = 'chicken thighs';
+    SELECT mgi.master_grocery_item_id INTO paper_towels_id FROM public.master_grocery_items mgi WHERE mgi.name = 'paper towels';
+    SELECT mgi.master_grocery_item_id INTO toilet_paper_id FROM public.master_grocery_items mgi WHERE mgi.name = 'toilet paper';

    -- Insert ingredients for each recipe
    INSERT INTO public.recipe_ingredients (recipe_id, master_item_id, quantity, unit) VALUES
@@ -1125,6 +1204,17 @@ BEGIN
    (bolognese_recipe_id, family_tag), (bolognese_recipe_id, beef_tag), (bolognese_recipe_id, weeknight_tag),
    (stir_fry_recipe_id, quick_easy_tag), (stir_fry_recipe_id, healthy_tag), (stir_fry_recipe_id, vegetarian_tag)
    ON CONFLICT (recipe_id, tag_id) DO NOTHING;
+
+    INSERT INTO public.master_item_aliases (master_item_id, alias) VALUES
+    (ground_beef_id, 'ground chuck'), (ground_beef_id, 'lean ground beef'), 
+    (ground_beef_id, 'extra lean ground beef'), (ground_beef_id, 'hamburger meat'),
+    (chicken_breast_id, 'boneless skinless chicken breast'), (chicken_breast_id, 'chicken cutlets'),
+    (chicken_thighs_id, 'boneless skinless chicken thighs'), (chicken_thighs_id, 'bone-in chicken thighs'),
+    (bell_peppers_id, 'red pepper'), (bell_peppers_id, 'green pepper'), (bell_peppers_id, 'yellow pepper'), (bell_peppers_id, 'orange pepper'),
+    (soda_item_id, 'pop'), (soda_item_id, 'soft drink'), (soda_item_id, 'coke'), (soda_item_id, 'pepsi'),
+    (paper_towels_id, 'paper towel'),
+    (toilet_paper_id, 'bathroom tissue'), (toilet_paper_id, 'toilet tissue')
+    ON CONFLICT (alias) DO NOTHING;
 END $$;

 -- Pre-populate the unit_conversions table with common cooking conversions.
@@ -1173,7 +1263,8 @@ INSERT INTO public.achievements (name, description, icon, points_value) VALUES
 ('List Sharer', 'Share a shopping list with another user for the first time.', 'list', 20),
 ('First Favorite', 'Mark a recipe as one of your favorites.', 'heart', 5),
 ('First Fork', 'Make a personal copy of a public recipe.', 'git-fork', 10),
-('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15)
+('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15),
+('First-Upload', 'Upload your first flyer.', 'upload-cloud', 25)
 ON CONFLICT (name) DO NOTHING;

 -- ============================================================================
@@ -2039,6 +2130,61 @@ AS $$
  ORDER BY potential_savings_cents DESC;
 $$;

+-- Function to get a user's spending breakdown by category for a given date range.
+DROP FUNCTION IF EXISTS public.get_spending_by_category(UUID, DATE, DATE);
+
+CREATE OR REPLACE FUNCTION public.get_spending_by_category(p_user_id UUID, p_start_date DATE, p_end_date DATE)
+RETURNS TABLE (
+    category_id BIGINT,
+    category_name TEXT,
+    total_spent_cents BIGINT
+)
+LANGUAGE sql
+STABLE
+SECURITY INVOKER
+AS $$
+  WITH all_purchases AS (
+    -- CTE 1: Combine purchases from completed shopping trips.
+    -- We only consider items that have a price paid.
+    SELECT
+      sti.master_item_id,
+      sti.price_paid_cents
+    FROM public.shopping_trip_items sti
+    JOIN public.shopping_trips st ON sti.shopping_trip_id = st.shopping_trip_id
+    WHERE st.user_id = p_user_id
+      AND st.completed_at::date BETWEEN p_start_date AND p_end_date
+      AND sti.price_paid_cents IS NOT NULL
+
+    UNION ALL
+
+    -- CTE 2: Combine purchases from processed receipts.
+    SELECT
+      ri.master_item_id,
+      ri.price_paid_cents
+    FROM public.receipt_items ri
+    JOIN public.receipts r ON ri.receipt_id = r.receipt_id
+    WHERE r.user_id = p_user_id
+      AND r.transaction_date::date BETWEEN p_start_date AND p_end_date
+      AND ri.master_item_id IS NOT NULL -- Only include items matched to a master item
+  )
+  -- Final Aggregation: Group all combined purchases by category and sum the spending.
+  SELECT
+    c.category_id,
+    c.name AS category_name,
+    SUM(ap.price_paid_cents)::BIGINT AS total_spent_cents
+  FROM all_purchases ap
+  -- Join with master_grocery_items to get the category_id for each purchase.
+  JOIN public.master_grocery_items mgi ON ap.master_item_id = mgi.master_grocery_item_id
+  -- Join with categories to get the category name for display.
+  JOIN public.categories c ON mgi.category_id = c.category_id
+  GROUP BY
+    c.category_id, c.name
+  HAVING
+    SUM(ap.price_paid_cents) > 0
+  ORDER BY
+    total_spent_cents DESC;
+$$;
+
 -- Function to approve a suggested correction and apply it.
 DROP FUNCTION IF EXISTS public.approve_correction(BIGINT);

@@ -2482,8 +2628,15 @@ DROP FUNCTION IF EXISTS public.log_new_flyer();
 CREATE OR REPLACE FUNCTION public.log_new_flyer()
 RETURNS TRIGGER AS $$
 BEGIN
-    INSERT INTO public.activity_log (action, display_text, icon, details)
+    -- If the flyer was uploaded by a registered user, award the 'First-Upload' achievement.
+    -- The award_achievement function handles checking if the user already has it.
+    IF NEW.uploaded_by IS NOT NULL THEN
+        PERFORM public.award_achievement(NEW.uploaded_by, 'First-Upload');
+    END IF;
+
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
    VALUES (
+        NEW.uploaded_by, -- Log the user who uploaded it
        'flyer_uploaded',
        'A new flyer for ' || (SELECT name FROM public.stores WHERE store_id = NEW.store_id) || ' has been uploaded.',
        'file-text',
@@ -2541,6 +2694,7 @@ BEGIN
        (SELECT full_name FROM public.profiles WHERE user_id = NEW.shared_by_user_id) || ' shared a shopping list.',
        'share-2',
        jsonb_build_object(
+            'shopping_list_id', NEW.shopping_list_id,
            'list_name', (SELECT name FROM public.shopping_lists WHERE shopping_list_id = NEW.shopping_list_id),
            'shared_with_user_id', NEW.shared_with_user_id
        )
@@ -2588,6 +2742,66 @@ CREATE TRIGGER on_new_recipe_collection_share
  AFTER INSERT ON public.shared_recipe_collections
  FOR EACH ROW EXECUTE FUNCTION public.log_new_recipe_collection_share();

+-- 10. Trigger function to geocode a store location's address.
+-- This function is triggered when an address is inserted or updated, and is
+-- designed to be extensible for external geocoding services to populate the
+-- latitude, longitude, and location fields.
+DROP FUNCTION IF EXISTS public.geocode_address();
+
+CREATE OR REPLACE FUNCTION public.geocode_address()
+RETURNS TRIGGER AS $$
+DECLARE
+    full_address TEXT;
+BEGIN
+    -- Only proceed if an address component has actually changed.
+    IF TG_OP = 'INSERT' OR (TG_OP = 'UPDATE' AND (
+        NEW.address_line_1 IS DISTINCT FROM OLD.address_line_1 OR
+        NEW.address_line_2 IS DISTINCT FROM OLD.address_line_2 OR
+        NEW.city IS DISTINCT FROM OLD.city OR
+        NEW.province_state IS DISTINCT FROM OLD.province_state OR
+        NEW.postal_code IS DISTINCT FROM OLD.postal_code OR
+        NEW.country IS DISTINCT FROM OLD.country
+    )) THEN
+        -- Concatenate address parts into a single string for the geocoder.
+        full_address := CONCAT_WS(', ', NEW.address_line_1, NEW.address_line_2, NEW.city, NEW.province_state, NEW.postal_code, NEW.country);
+
+        -- Placeholder for Geocoding API Call.
+        -- In a real application, you would call a service here and update NEW.latitude, NEW.longitude, and NEW.location.
+        -- e.g., NEW.latitude := result.lat; NEW.longitude := result.lon;
+        -- NEW.location := ST_SetSRID(ST_MakePoint(NEW.longitude, NEW.latitude), 4326);
+    END IF;
+
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+-- This trigger calls the geocoding function when an address changes.
+DROP TRIGGER IF EXISTS on_address_change_geocode ON public.addresses;
+CREATE TRIGGER on_address_change_geocode
+  BEFORE INSERT OR UPDATE ON public.addresses
+  FOR EACH ROW EXECUTE FUNCTION public.geocode_address();
+
+-- 11. Trigger function to increment the fork_count on the original recipe.
+DROP FUNCTION IF EXISTS public.increment_recipe_fork_count();
+
+CREATE OR REPLACE FUNCTION public.increment_recipe_fork_count()
+RETURNS TRIGGER AS $$
+BEGIN
+    -- Only run if the recipe is a fork (original_recipe_id is not null).
+    IF NEW.original_recipe_id IS NOT NULL THEN
+        UPDATE public.recipes SET fork_count = fork_count + 1 WHERE recipe_id = NEW.original_recipe_id;
+        -- Award 'First Fork' achievement.
+        PERFORM public.award_achievement(NEW.user_id, 'First Fork');
+    END IF;
+    RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+DROP TRIGGER IF EXISTS on_recipe_fork ON public.recipes;
+CREATE TRIGGER on_recipe_fork
+  AFTER INSERT ON public.recipes
+  FOR EACH ROW EXECUTE FUNCTION public.increment_recipe_fork_count();
+
 -- =================================================================
 -- Function: get_best_sale_prices_for_all_users()
 -- Description: Retrieves the best sale price for every item on every user's watchlist.
@@ -2598,13 +2812,14 @@ CREATE TRIGGER on_new_recipe_collection_share
 CREATE OR REPLACE FUNCTION public.get_best_sale_prices_for_all_users()
 RETURNS TABLE(
    user_id uuid,
+
    email text,
    full_name text,
-    master_item_id integer,
+    master_item_id bigint,
    item_name text,
    best_price_in_cents integer,
    store_name text,
-    flyer_id integer,
+    flyer_id bigint,
    valid_to date
 ) AS $$
 BEGIN
@@ -2612,22 +2827,27 @@ BEGIN
    WITH
    -- Step 1: Find all flyer items that are currently on sale and have a valid price.
    current_sales AS (
+
        SELECT
            fi.master_item_id,
            fi.price_in_cents,
-            f.store_name,
+            s.name as store_name,
            f.flyer_id,
            f.valid_to
        FROM public.flyer_items fi
        JOIN public.flyers f ON fi.flyer_id = f.flyer_id
+        JOIN public.stores s ON f.store_id = s.store_id
        WHERE
+
            fi.master_item_id IS NOT NULL
            AND fi.price_in_cents IS NOT NULL
            AND f.valid_to >= CURRENT_DATE
    ),
    -- Step 2: For each master item, find its absolute best (lowest) price across all current sales.
    -- We use a window function to rank the sales for each item by price.
+
    best_prices AS (
+
        SELECT
            cs.master_item_id,
            cs.price_in_cents AS best_price_in_cents,
@@ -2640,6 +2860,7 @@ BEGIN
    )
    -- Step 3: Join the best-priced items with the user watchlist and user details.
    SELECT
+
        u.user_id,
        u.email,
        p.full_name,
@@ -2659,6 +2880,7 @@ BEGIN
    JOIN public.master_grocery_items mgi ON bp.master_item_id = mgi.master_grocery_item_id
    WHERE
        -- Only include the items that are at their absolute best price (rank = 1).
+
        bp.price_rank = 1;
 END;
 $$ LANGUAGE plpgsql;
--- a/src/App.tsx
+++ b/src/App.tsx
@@ -13,6 +13,7 @@ import { AdminPage } from './pages/admin/AdminPage';
 import { AdminRoute } from './components/AdminRoute';
 import { CorrectionsPage } from './pages/admin/CorrectionsPage';
 import { AdminStatsPage } from './pages/admin/AdminStatsPage';
+import { FlyerReviewPage } from './pages/admin/FlyerReviewPage';
 import { ResetPasswordPage } from './pages/ResetPasswordPage';
 import { VoiceLabPage } from './pages/VoiceLabPage';
 import { FlyerCorrectionTool } from './components/FlyerCorrectionTool';
@@ -228,6 +229,7 @@ function App() {
          <Route path="/admin" element={<AdminPage />} />
          <Route path="/admin/corrections" element={<CorrectionsPage />} />
          <Route path="/admin/stats" element={<AdminStatsPage />} />
+          <Route path="/admin/flyer-review" element={<FlyerReviewPage />} />
          <Route path="/admin/voice-lab" element={<VoiceLabPage />} />
        </Route>
        <Route path="/reset-password/:token" element={<ResetPasswordPage />} />
--- a/src/components/AchievementsList.test.tsx
+++ b/src/components/AchievementsList.test.tsx
@@ -1,9 +1,10 @@
 // src/components/AchievementsList.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect } from 'vitest';
 import { AchievementsList } from './AchievementsList';
 import { createMockUserAchievement } from '../tests/utils/mockFactories';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('AchievementsList', () => {
  it('should render the list of achievements with correct details', () => {
@@ -24,7 +25,7 @@ describe('AchievementsList', () => {
      createMockUserAchievement({ achievement_id: 3, name: 'Unknown Achievement', icon: 'star' }), // This icon is not in the component's map
    ];

-    render(<AchievementsList achievements={mockAchievements} />);
+    renderWithProviders(<AchievementsList achievements={mockAchievements} />);

    expect(screen.getByRole('heading', { name: /achievements/i })).toBeInTheDocument();

@@ -44,7 +45,7 @@ describe('AchievementsList', () => {
  });

  it('should render a message when there are no achievements', () => {
-    render(<AchievementsList achievements={[]} />);
+    renderWithProviders(<AchievementsList achievements={[]} />);
    expect(
      screen.getByText('No achievements earned yet. Keep exploring to unlock them!'),
    ).toBeInTheDocument();
--- a/src/components/AdminRoute.test.tsx
+++ b/src/components/AdminRoute.test.tsx
@@ -1,11 +1,12 @@
 // src/components/AdminRoute.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
-import { describe, it, expect } from 'vitest';
-import { MemoryRouter, Routes, Route } from 'react-router-dom';
+import { screen } from '@testing-library/react';
+import { describe, it, expect, vi } from 'vitest';
+import { Routes, Route } from 'react-router-dom';
 import { AdminRoute } from './AdminRoute';
 import type { Profile } from '../types';
 import { createMockProfile } from '../tests/utils/mockFactories';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Unmock the component to test the real implementation
 vi.unmock('./AdminRoute');
@@ -14,15 +15,14 @@ const AdminContent = () => <div>Admin Page Content</div>;
 const HomePage = () => <div>Home Page</div>;

 const renderWithRouter = (profile: Profile | null, initialPath: string) => {
-  render(
-    <MemoryRouter initialEntries={[initialPath]}>
-      <Routes>
-        <Route path="/" element={<HomePage />} />
-        <Route path="/admin" element={<AdminRoute profile={profile} />}>
-          <Route index element={<AdminContent />} />
-        </Route>
-      </Routes>
-    </MemoryRouter>,
+  renderWithProviders(
+    <Routes>
+      <Route path="/" element={<HomePage />} />
+      <Route path="/admin" element={<AdminRoute profile={profile} />}>
+        <Route index element={<AdminContent />} />
+      </Route>
+    </Routes>,
+    { initialEntries: [initialPath] },
  );
 };

--- a/src/components/AnonymousUserBanner.test.tsx
+++ b/src/components/AnonymousUserBanner.test.tsx
@@ -1,8 +1,9 @@
 // src/components/AnonymousUserBanner.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi } from 'vitest';
 import { AnonymousUserBanner } from './AnonymousUserBanner';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Mock the icon to ensure it is rendered correctly
 vi.mock('./icons/InformationCircleIcon', () => ({
@@ -14,7 +15,7 @@ vi.mock('./icons/InformationCircleIcon', () => ({
 describe('AnonymousUserBanner', () => {
  it('should render the banner with the correct text content and accessibility role', () => {
    const mockOnOpenProfile = vi.fn();
-    render(<AnonymousUserBanner onOpenProfile={mockOnOpenProfile} />);
+    renderWithProviders(<AnonymousUserBanner onOpenProfile={mockOnOpenProfile} />);

    // Check for accessibility role
    expect(screen.getByRole('alert')).toBeInTheDocument();
@@ -30,7 +31,7 @@ describe('AnonymousUserBanner', () => {

  it('should call onOpenProfile when the "sign up or log in" button is clicked', () => {
    const mockOnOpenProfile = vi.fn();
-    render(<AnonymousUserBanner onOpenProfile={mockOnOpenProfile} />);
+    renderWithProviders(<AnonymousUserBanner onOpenProfile={mockOnOpenProfile} />);

    const loginButton = screen.getByRole('button', { name: /sign up or log in/i });
    fireEvent.click(loginButton);
--- a/src/components/AppGuard.test.tsx
+++ b/src/components/AppGuard.test.tsx
@@ -1,12 +1,15 @@
 // src/components/AppGuard.test.tsx
 import React from 'react';
-import { render, screen, waitFor } from '@testing-library/react';
+import { screen, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { AppGuard } from './AppGuard';
 import { useAppInitialization } from '../hooks/useAppInitialization';
+import * as apiClient from '../services/apiClient';
 import { useModal } from '../hooks/useModal';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Mock dependencies
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
 vi.mock('../hooks/useAppInitialization');
 vi.mock('../hooks/useModal');
 vi.mock('./WhatsNewModal', () => ({
@@ -19,6 +22,7 @@ vi.mock('../config', () => ({
  },
 }));

+const mockedApiClient = vi.mocked(apiClient);
 const mockedUseAppInitialization = vi.mocked(useAppInitialization);
 const mockedUseModal = vi.mocked(useModal);

@@ -38,7 +42,7 @@ describe('AppGuard', () => {
  });

  it('should render children', () => {
-    render(
+    renderWithProviders(
      <AppGuard>
        <div>Child Content</div>
      </AppGuard>,
@@ -51,7 +55,7 @@ describe('AppGuard', () => {
      ...mockedUseModal(),
      isModalOpen: (modalId) => modalId === 'whatsNew',
    });
-    render(
+    renderWithProviders(
      <AppGuard>
        <div>Child</div>
      </AppGuard>,
@@ -64,7 +68,7 @@ describe('AppGuard', () => {
      isDarkMode: true,
      unitSystem: 'imperial',
    });
-    render(
+    renderWithProviders(
      <AppGuard>
        <div>Child</div>
      </AppGuard>,
@@ -78,7 +82,7 @@ describe('AppGuard', () => {
  });

  it('should set light mode styles for toaster', async () => {
-    render(
+    renderWithProviders(
      <AppGuard>
        <div>Child</div>
      </AppGuard>,
--- a/src/components/ConfirmationModal.test.tsx
+++ b/src/components/ConfirmationModal.test.tsx
@@ -1,8 +1,9 @@
 // src/components/ConfirmationModal.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { ConfirmationModal } from './ConfirmationModal';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('ConfirmationModal (in components)', () => {
  const mockOnClose = vi.fn();
@@ -21,12 +22,12 @@ describe('ConfirmationModal (in components)', () => {
  });

  it('should not render when isOpen is false', () => {
-    const { container } = render(<ConfirmationModal {...defaultProps} isOpen={false} />);
+    const { container } = renderWithProviders(<ConfirmationModal {...defaultProps} isOpen={false} />);
    expect(container.firstChild).toBeNull();
  });

  it('should render correctly when isOpen is true', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    expect(screen.getByRole('heading', { name: 'Confirm Action' })).toBeInTheDocument();
    expect(screen.getByText('Are you sure you want to do this?')).toBeInTheDocument();
    expect(screen.getByRole('button', { name: 'Confirm' })).toBeInTheDocument();
@@ -34,38 +35,38 @@ describe('ConfirmationModal (in components)', () => {
  });

  it('should call onConfirm when the confirm button is clicked', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    fireEvent.click(screen.getByRole('button', { name: 'Confirm' }));
    expect(mockOnConfirm).toHaveBeenCalledTimes(1);
  });

  it('should call onClose when the cancel button is clicked', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    fireEvent.click(screen.getByRole('button', { name: 'Cancel' }));
    expect(mockOnClose).toHaveBeenCalledTimes(1);
  });

  it('should call onClose when the close icon is clicked', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    fireEvent.click(screen.getByLabelText('Close confirmation modal'));
    expect(mockOnClose).toHaveBeenCalledTimes(1);
  });

  it('should call onClose when the overlay is clicked', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    // The overlay is the parent of the modal content div
    fireEvent.click(screen.getByRole('dialog'));
    expect(mockOnClose).toHaveBeenCalledTimes(1);
  });

  it('should not call onClose when clicking inside the modal content', () => {
-    render(<ConfirmationModal {...defaultProps} />);
+    renderWithProviders(<ConfirmationModal {...defaultProps} />);
    fireEvent.click(screen.getByText('Are you sure you want to do this?'));
    expect(mockOnClose).not.toHaveBeenCalled();
  });

  it('should render custom button text and classes', () => {
-    render(
+    renderWithProviders(
      <ConfirmationModal
        {...defaultProps}
        confirmButtonText="Yes, Delete"
--- a/src/components/DarkModeToggle.test.tsx
+++ b/src/components/DarkModeToggle.test.tsx
@@ -1,8 +1,9 @@
 // src/components/DarkModeToggle.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { DarkModeToggle } from './DarkModeToggle';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Mock the icon components to isolate the toggle's logic
 vi.mock('./icons/SunIcon', () => ({
@@ -20,7 +21,7 @@ describe('DarkModeToggle', () => {
  });

  it('should render in light mode state', () => {
-    render(<DarkModeToggle isDarkMode={false} onToggle={mockOnToggle} />);
+    renderWithProviders(<DarkModeToggle isDarkMode={false} onToggle={mockOnToggle} />);

    const checkbox = screen.getByRole('checkbox');
    expect(checkbox).not.toBeChecked();
@@ -29,7 +30,7 @@ describe('DarkModeToggle', () => {
  });

  it('should render in dark mode state', () => {
-    render(<DarkModeToggle isDarkMode={true} onToggle={mockOnToggle} />);
+    renderWithProviders(<DarkModeToggle isDarkMode={true} onToggle={mockOnToggle} />);

    const checkbox = screen.getByRole('checkbox');
    expect(checkbox).toBeChecked();
@@ -38,7 +39,7 @@ describe('DarkModeToggle', () => {
  });

  it('should call onToggle when the label is clicked', () => {
-    render(<DarkModeToggle isDarkMode={false} onToggle={mockOnToggle} />);
+    renderWithProviders(<DarkModeToggle isDarkMode={false} onToggle={mockOnToggle} />);

    // Clicking the label triggers the checkbox change
    const label = screen.getByTitle('Switch to Dark Mode');
--- a/src/components/Dashboard.test.tsx
+++ b/src/components/Dashboard.test.tsx
@@ -0,0 +1,67 @@
+// src/components/Dashboard.test.tsx
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { screen } from '@testing-library/react';
+import { Dashboard } from './Dashboard';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';
+
+// Mock child components to isolate Dashboard logic
+// Note: The Dashboard component imports these using '../components/RecipeSuggester'
+// which resolves to the same file as './RecipeSuggester' when inside src/components.
+vi.mock('./RecipeSuggester', () => ({
+  RecipeSuggester: () => <div data-testid="recipe-suggester-mock">Recipe Suggester</div>,
+}));
+
+vi.mock('./FlyerCountDisplay', () => ({
+  FlyerCountDisplay: () => <div data-testid="flyer-count-display-mock">Flyer Count Display</div>,
+}));
+
+vi.mock('./Leaderboard', () => ({
+  Leaderboard: () => <div data-testid="leaderboard-mock">Leaderboard</div>,
+}));
+
+describe('Dashboard Component', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('renders the dashboard title', () => {
+    console.log('TEST: Verifying dashboard title render');
+    renderWithProviders(<Dashboard />);
+    expect(screen.getByRole('heading', { name: /dashboard/i, level: 1 })).toBeInTheDocument();
+  });
+
+  it('renders the RecipeSuggester widget', () => {
+    console.log('TEST: Verifying RecipeSuggester presence');
+    renderWithProviders(<Dashboard />);
+    expect(screen.getByTestId('recipe-suggester-mock')).toBeInTheDocument();
+  });
+
+  it('renders the FlyerCountDisplay widget within the "Your Flyers" section', () => {
+    console.log('TEST: Verifying FlyerCountDisplay presence and section title');
+    renderWithProviders(<Dashboard />);
+
+    // Check for the section heading
+    expect(screen.getByRole('heading', { name: /your flyers/i, level: 2 })).toBeInTheDocument();
+
+    // Check for the component
+    expect(screen.getByTestId('flyer-count-display-mock')).toBeInTheDocument();
+  });
+
+  it('renders the Leaderboard widget in the sidebar area', () => {
+    console.log('TEST: Verifying Leaderboard presence');
+    renderWithProviders(<Dashboard />);
+    expect(screen.getByTestId('leaderboard-mock')).toBeInTheDocument();
+  });
+
+  it('renders with the correct grid layout classes', () => {
+    console.log('TEST: Verifying layout classes');
+    const { container } = renderWithProviders(<Dashboard />);
+
+    // The main grid container
+    const gridContainer = container.querySelector('.grid');
+    expect(gridContainer).toBeInTheDocument();
+    expect(gridContainer).toHaveClass('grid-cols-1');
+    expect(gridContainer).toHaveClass('lg:grid-cols-3');
+    expect(gridContainer).toHaveClass('gap-6');
+  });
+});
--- a/src/components/Dashboard.tsx
+++ b/src/components/Dashboard.tsx
@@ -0,0 +1,33 @@
+import React from 'react';
+import { RecipeSuggester } from '../components/RecipeSuggester';
+import { FlyerCountDisplay } from '../components/FlyerCountDisplay';
+import { Leaderboard } from '../components/Leaderboard';
+
+export const Dashboard: React.FC = () => {
+  return (
+    <div className="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-8">
+      <h1 className="text-2xl font-bold text-gray-900 dark:text-white mb-6">Dashboard</h1>
+      
+      <div className="grid grid-cols-1 lg:grid-cols-3 gap-6">
+        {/* Main Content Area */}
+        <div className="lg:col-span-2 space-y-6">
+          {/* Recipe Suggester Section */}
+          <RecipeSuggester />
+
+          {/* Other Dashboard Widgets */}
+          <div className="bg-white dark:bg-gray-800 shadow rounded-lg p-6">
+            <h2 className="text-lg font-medium text-gray-900 dark:text-white mb-4">Your Flyers</h2>
+            <FlyerCountDisplay />
+          </div>
+        </div>
+
+        {/* Sidebar Area */}
+        <div className="space-y-6">
+          <Leaderboard />
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default Dashboard;
--- a/src/components/ErrorDisplay.test.tsx
+++ b/src/components/ErrorDisplay.test.tsx
@@ -1,24 +1,25 @@
 // src/components/ErrorDisplay.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect } from 'vitest';
 import { ErrorDisplay } from './ErrorDisplay';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('ErrorDisplay (in components)', () => {
  it('should not render when the message is empty', () => {
-    const { container } = render(<ErrorDisplay message="" />);
+    const { container } = renderWithProviders(<ErrorDisplay message="" />);
    expect(container.firstChild).toBeNull();
  });

  it('should not render when the message is null', () => {
    // The component expects a string, but we test for nullish values as a safeguard.
-    const { container } = render(<ErrorDisplay message={null as unknown as string} />);
+    const { container } = renderWithProviders(<ErrorDisplay message={null as unknown as string} />);
    expect(container.firstChild).toBeNull();
  });

  it('should render the error message when provided', () => {
    const errorMessage = 'Something went terribly wrong.';
-    render(<ErrorDisplay message={errorMessage} />);
+    renderWithProviders(<ErrorDisplay message={errorMessage} />);

    const alert = screen.getByRole('alert');
    expect(alert).toBeInTheDocument();
--- a/src/components/FlyerCorrectionTool.test.tsx
+++ b/src/components/FlyerCorrectionTool.test.tsx
@@ -1,24 +1,18 @@
 // src/components/FlyerCorrectionTool.test.tsx
 import React from 'react';
-import { render, screen, fireEvent, waitFor, act } from '@testing-library/react';
+import { screen, fireEvent, waitFor, act } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
 import { FlyerCorrectionTool } from './FlyerCorrectionTool';
 import * as aiApiClient from '../services/aiApiClient';
 import { notifyError, notifySuccess } from '../services/notificationService';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Unmock the component to test the real implementation
 vi.unmock('./FlyerCorrectionTool');

-// Mock dependencies
-vi.mock('../services/aiApiClient');
-vi.mock('../services/notificationService');
-vi.mock('../services/logger', () => ({
-  logger: {
-    error: vi.fn(),
-  },
-}));
-
-const mockedAiApiClient = aiApiClient as Mocked<typeof aiApiClient>;
+// The aiApiClient, notificationService, and logger are mocked globally.
+// We can get a typed reference to the aiApiClient for individual test overrides.
+const mockedAiApiClient = vi.mocked(aiApiClient);
 const mockedNotifySuccess = notifySuccess as Mocked<typeof notifySuccess>;
 const mockedNotifyError = notifyError as Mocked<typeof notifyError>;

@@ -54,12 +48,12 @@ describe('FlyerCorrectionTool', () => {
  });

  it('should not render when isOpen is false', () => {
-    const { container } = render(<FlyerCorrectionTool {...defaultProps} isOpen={false} />);
+    const { container } = renderWithProviders(<FlyerCorrectionTool {...defaultProps} isOpen={false} />);
    expect(container.firstChild).toBeNull();
  });

  it('should render correctly when isOpen is true', () => {
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);
    expect(screen.getByRole('heading', { name: /flyer correction tool/i })).toBeInTheDocument();
    expect(screen.getByAltText('Flyer for correction')).toBeInTheDocument();
    expect(screen.getByRole('button', { name: /extract store name/i })).toBeInTheDocument();
@@ -67,7 +61,7 @@ describe('FlyerCorrectionTool', () => {
  });

  it('should call onClose when the close button is clicked', () => {
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);
    // Use the specific aria-label defined in the component to find the close button
    const closeButton = screen.getByLabelText(/close correction tool/i);
    fireEvent.click(closeButton);
@@ -75,13 +69,13 @@ describe('FlyerCorrectionTool', () => {
  });

  it('should have disabled extraction buttons initially', () => {
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);
    expect(screen.getByRole('button', { name: /extract store name/i })).toBeDisabled();
    expect(screen.getByRole('button', { name: /extract sale dates/i })).toBeDisabled();
  });

  it('should enable extraction buttons after a selection is made', () => {
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);
    const canvas = screen.getByRole('dialog').querySelector('canvas')!;

    // Simulate drawing a rectangle
@@ -94,7 +88,7 @@ describe('FlyerCorrectionTool', () => {
  });

  it('should stop drawing when the mouse leaves the canvas', () => {
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);
    const canvas = screen.getByRole('dialog').querySelector('canvas')!;

    fireEvent.mouseDown(canvas, { clientX: 10, clientY: 10 });
@@ -114,7 +108,7 @@ describe('FlyerCorrectionTool', () => {
    });
    mockedAiApiClient.rescanImageArea.mockReturnValue(rescanPromise);

-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);

    // Wait for the image fetch to complete to ensure 'imageFile' state is populated
    console.log('--- [TEST LOG] ---: Awaiting image fetch inside component...');
@@ -192,7 +186,7 @@ describe('FlyerCorrectionTool', () => {
    // Mock fetch to reject
    global.fetch = vi.fn(() => Promise.reject(new Error('Network error'))) as Mocked<typeof fetch>;

-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);

    await waitFor(() => {
      expect(mockedNotifyError).toHaveBeenCalledWith('Could not load the image for correction.');
@@ -211,7 +205,7 @@ describe('FlyerCorrectionTool', () => {
      return new Promise(() => {});
    }) as Mocked<typeof fetch>;

-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);

    const canvas = screen.getByRole('dialog').querySelector('canvas')!;

@@ -238,7 +232,7 @@ describe('FlyerCorrectionTool', () => {
  it('should handle non-standard API errors during rescan', async () => {
    console.log('TEST: Starting "should handle non-standard API errors during rescan"');
    mockedAiApiClient.rescanImageArea.mockRejectedValue('A plain string error');
-    render(<FlyerCorrectionTool {...defaultProps} />);
+    renderWithProviders(<FlyerCorrectionTool {...defaultProps} />);

    // Wait for image fetch to ensure imageFile is set before we interact
    await waitFor(() => expect(global.fetch).toHaveBeenCalled());
--- a/src/components/FlyerCountDisplay.test.tsx
+++ b/src/components/FlyerCountDisplay.test.tsx
@@ -1,11 +1,12 @@
 // src/components/FlyerCountDisplay.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { FlyerCountDisplay } from './FlyerCountDisplay';
 import { useFlyers } from '../hooks/useFlyers';
 import type { Flyer } from '../types';
 import { createMockFlyer } from '../tests/utils/mockFactories';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Mock the dependencies
 vi.mock('../hooks/useFlyers');
@@ -32,7 +33,7 @@ describe('FlyerCountDisplay', () => {
    });

    // Act: Render the component.
-    render(<FlyerCountDisplay />);
+    renderWithProviders(<FlyerCountDisplay />);

    // Assert: Check that the loading spinner is visible.
    expect(screen.getByTestId('loading-spinner')).toBeInTheDocument();
@@ -53,7 +54,7 @@ describe('FlyerCountDisplay', () => {
    });

    // Act
-    render(<FlyerCountDisplay />);
+    renderWithProviders(<FlyerCountDisplay />);

    // Assert: Check that the error message is displayed.
    expect(screen.getByRole('alert')).toHaveTextContent(errorMessage);
@@ -73,7 +74,7 @@ describe('FlyerCountDisplay', () => {
    });

    // Act
-    render(<FlyerCountDisplay />);
+    renderWithProviders(<FlyerCountDisplay />);

    // Assert: Check that the correct count is displayed.
    const countDisplay = screen.getByTestId('flyer-count');
--- a/src/components/Footer.test.tsx
+++ b/src/components/Footer.test.tsx
@@ -1,8 +1,9 @@
 // src/components/Footer.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { Footer } from './Footer';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('Footer', () => {
  beforeEach(() => {
@@ -21,7 +22,7 @@ describe('Footer', () => {
    vi.setSystemTime(mockDate);

    // Act: Render the component
-    render(<Footer />);
+    renderWithProviders(<Footer />);

    // Assert: Check that the rendered text includes the mocked year
    expect(screen.getByText('Copyright 2025-2025')).toBeInTheDocument();
@@ -29,7 +30,7 @@ describe('Footer', () => {

  it('should display the correct year when it changes', () => {
    vi.setSystemTime(new Date('2030-01-01T00:00:00Z'));
-    render(<Footer />);
+    renderWithProviders(<Footer />);
    expect(screen.getByText('Copyright 2025-2030')).toBeInTheDocument();
  });
 });
--- a/src/components/Header.test.tsx
+++ b/src/components/Header.test.tsx
@@ -1,11 +1,11 @@
 // src/components/Header.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { MemoryRouter } from 'react-router-dom';
 import { Header } from './Header';
 import type { UserProfile } from '../types';
 import { createMockUserProfile } from '../tests/utils/mockFactories';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Unmock the component to test the real implementation
 vi.unmock('./Header');
@@ -34,12 +34,8 @@ const defaultProps = {
 };

 // Helper to render with router context
-const renderWithRouter = (props: Partial<React.ComponentProps<typeof Header>>) => {
-  return render(
-    <MemoryRouter>
-      <Header {...defaultProps} {...props} />
-    </MemoryRouter>,
-  );
+const renderHeader = (props: Partial<React.ComponentProps<typeof Header>>) => {
+  return renderWithProviders(<Header {...defaultProps} {...props} />);
 };

 describe('Header', () => {
@@ -48,30 +44,30 @@ describe('Header', () => {
  });

  it('should render the application title', () => {
-    renderWithRouter({});
+    renderHeader({});
    expect(screen.getByRole('heading', { name: /flyer crawler/i })).toBeInTheDocument();
  });

  it('should display unit system and theme mode', () => {
-    renderWithRouter({ isDarkMode: true, unitSystem: 'metric' });
+    renderHeader({ isDarkMode: true, unitSystem: 'metric' });
    expect(screen.getByText(/metric/i)).toBeInTheDocument();
    expect(screen.getByText(/dark mode/i)).toBeInTheDocument();
  });

  describe('When user is logged out', () => {
    it('should show a Login button', () => {
-      renderWithRouter({ userProfile: null, authStatus: 'SIGNED_OUT' });
+      renderHeader({ userProfile: null, authStatus: 'SIGNED_OUT' });
      expect(screen.getByRole('button', { name: /login/i })).toBeInTheDocument();
    });

    it('should call onOpenProfile when Login button is clicked', () => {
-      renderWithRouter({ userProfile: null, authStatus: 'SIGNED_OUT' });
+      renderHeader({ userProfile: null, authStatus: 'SIGNED_OUT' });
      fireEvent.click(screen.getByRole('button', { name: /login/i }));
      expect(mockOnOpenProfile).toHaveBeenCalledTimes(1);
    });

    it('should not show user-specific buttons', () => {
-      renderWithRouter({ userProfile: null, authStatus: 'SIGNED_OUT' });
+      renderHeader({ userProfile: null, authStatus: 'SIGNED_OUT' });
      expect(screen.queryByLabelText(/open voice assistant/i)).not.toBeInTheDocument();
      expect(screen.queryByLabelText(/open my account settings/i)).not.toBeInTheDocument();
      expect(screen.queryByRole('button', { name: /logout/i })).not.toBeInTheDocument();
@@ -80,29 +76,29 @@ describe('Header', () => {

  describe('When user is authenticated', () => {
    it('should display the user email', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
      expect(screen.getByText(mockUserProfile.user.email)).toBeInTheDocument();
    });

    it('should display "Guest" for anonymous users', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'SIGNED_OUT' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'SIGNED_OUT' });
      expect(screen.getByText(/guest/i)).toBeInTheDocument();
    });

    it('should call onOpenVoiceAssistant when microphone icon is clicked', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
      fireEvent.click(screen.getByLabelText(/open voice assistant/i));
      expect(mockOnOpenVoiceAssistant).toHaveBeenCalledTimes(1);
    });

    it('should call onOpenProfile when cog icon is clicked', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
      fireEvent.click(screen.getByLabelText(/open my account settings/i));
      expect(mockOnOpenProfile).toHaveBeenCalledTimes(1);
    });

    it('should call onSignOut when Logout button is clicked', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
      fireEvent.click(screen.getByRole('button', { name: /logout/i }));
      expect(mockOnSignOut).toHaveBeenCalledTimes(1);
    });
@@ -110,14 +106,14 @@ describe('Header', () => {

  describe('Admin user', () => {
    it('should show the Admin Area link for admin users', () => {
-      renderWithRouter({ userProfile: mockAdminProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockAdminProfile, authStatus: 'AUTHENTICATED' });
      const adminLink = screen.getByTitle(/admin area/i);
      expect(adminLink).toBeInTheDocument();
      expect(adminLink.closest('a')).toHaveAttribute('href', '/admin');
    });

    it('should not show the Admin Area link for non-admin users', () => {
-      renderWithRouter({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
+      renderHeader({ userProfile: mockUserProfile, authStatus: 'AUTHENTICATED' });
      expect(screen.queryByTitle(/admin area/i)).not.toBeInTheDocument();
    });
  });
--- a/src/components/Leaderboard.test.tsx
+++ b/src/components/Leaderboard.test.tsx
@@ -1,21 +1,17 @@
 // src/components/Leaderboard.test.tsx
 import React from 'react';
-import { render, screen, waitFor } from '@testing-library/react';
+import { screen, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
 import Leaderboard from './Leaderboard';
 import * as apiClient from '../services/apiClient';
 import { LeaderboardUser } from '../types';
 import { createMockLeaderboardUser } from '../tests/utils/mockFactories';
 import { createMockLogger } from '../tests/utils/mockLogger';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

-// Mock the apiClient
-vi.mock('../services/apiClient'); // This was correct
-const mockedApiClient = apiClient as Mocked<typeof apiClient>;
-
-// Mock the logger
-vi.mock('../services/logger', () => ({
-  logger: createMockLogger(),
-}));
+// The apiClient and logger are mocked globally.
+// We can get a typed reference to the apiClient for individual test overrides.
+const mockedApiClient = vi.mocked(apiClient);

 // Mock lucide-react icons to prevent rendering errors in the test environment
 vi.mock('lucide-react', () => ({
@@ -45,13 +41,13 @@ describe('Leaderboard', () => {
  it('should display a loading message initially', () => {
    // Mock a pending promise that never resolves to keep it in the loading state
    mockedApiClient.fetchLeaderboard.mockReturnValue(new Promise(() => {}));
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);
    expect(screen.getByText('Loading Leaderboard...')).toBeInTheDocument();
  });

  it('should display an error message if the API call fails', async () => {
    mockedApiClient.fetchLeaderboard.mockResolvedValue(new Response(null, { status: 500 }));
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      expect(screen.getByRole('alert')).toBeInTheDocument();
@@ -62,7 +58,7 @@ describe('Leaderboard', () => {
  it('should display a generic error for unknown error types', async () => {
    const unknownError = 'A string error';
    mockedApiClient.fetchLeaderboard.mockRejectedValue(unknownError);
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      expect(screen.getByRole('alert')).toBeInTheDocument();
@@ -72,7 +68,7 @@ describe('Leaderboard', () => {

  it('should display a message when the leaderboard is empty', async () => {
    mockedApiClient.fetchLeaderboard.mockResolvedValue(new Response(JSON.stringify([])));
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      expect(
@@ -85,7 +81,7 @@ describe('Leaderboard', () => {
    mockedApiClient.fetchLeaderboard.mockResolvedValue(
      new Response(JSON.stringify(mockLeaderboardData)),
    );
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      expect(screen.getByRole('heading', { name: 'Top Users' })).toBeInTheDocument();
@@ -110,7 +106,7 @@ describe('Leaderboard', () => {
    mockedApiClient.fetchLeaderboard.mockResolvedValue(
      new Response(JSON.stringify(mockLeaderboardData)),
    );
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      // Rank 1, 2, and 3 should have a crown icon
@@ -129,7 +125,7 @@ describe('Leaderboard', () => {
    mockedApiClient.fetchLeaderboard.mockResolvedValue(
      new Response(JSON.stringify(dataWithMissingNames)),
    );
-    render(<Leaderboard />);
+    renderWithProviders(<Leaderboard />);

    await waitFor(() => {
      // Check for fallback name
--- a/src/components/LoadingSpinner.test.tsx
+++ b/src/components/LoadingSpinner.test.tsx
@@ -1,19 +1,19 @@
 // src/components/LoadingSpinner.test.tsx
 import React from 'react';
-import { render } from '@testing-library/react';
 import { describe, it, expect } from 'vitest';
 import { LoadingSpinner } from './LoadingSpinner';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('LoadingSpinner (in components)', () => {
  it('should render the SVG with animation classes', () => {
-    const { container } = render(<LoadingSpinner />);
+    const { container } = renderWithProviders(<LoadingSpinner />);
    const svgElement = container.querySelector('svg');
    expect(svgElement).toBeInTheDocument();
    expect(svgElement).toHaveClass('animate-spin');
  });

  it('should contain the correct SVG paths for the spinner graphic', () => {
-    const { container } = render(<LoadingSpinner />);
+    const { container } = renderWithProviders(<LoadingSpinner />);
    const circle = container.querySelector('circle');
    const path = container.querySelector('path');
    expect(circle).toBeInTheDocument();
--- a/src/components/MapView.test.tsx
+++ b/src/components/MapView.test.tsx
@@ -1,9 +1,10 @@
 // src/components/MapView.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { MapView } from './MapView';
 import config from '../config';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Create a type-safe mocked version of the config for easier manipulation
 const mockedConfig = vi.mocked(config);
@@ -40,14 +41,14 @@ describe('MapView', () => {

  describe('when API key is not configured', () => {
    it('should render a disabled message', () => {
-      render(<MapView {...defaultProps} />);
+      renderWithProviders(<MapView {...defaultProps} />);
      expect(
        screen.getByText('Map view is disabled: API key is not configured.'),
      ).toBeInTheDocument();
    });

    it('should not render the iframe', () => {
-      render(<MapView {...defaultProps} />);
+      renderWithProviders(<MapView {...defaultProps} />);
      // Use queryByTitle because iframes don't have a default "iframe" role
      expect(screen.queryByTitle('Map view')).not.toBeInTheDocument();
    });
@@ -62,7 +63,7 @@ describe('MapView', () => {
    });

    it('should render the iframe with the correct src URL', () => {
-      render(<MapView {...defaultProps} />);
+      renderWithProviders(<MapView {...defaultProps} />);

      // Use getByTitle to access the iframe
      const iframe = screen.getByTitle('Map view');
--- a/src/components/PasswordInput.test.tsx
+++ b/src/components/PasswordInput.test.tsx
@@ -1,8 +1,9 @@
 // src/components/PasswordInput.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi } from 'vitest';
 import { PasswordInput } from './PasswordInput';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';
 // Mock the child PasswordStrengthIndicator component to isolate the test (relative to new location)
 vi.mock('./PasswordStrengthIndicator', () => ({
  PasswordStrengthIndicator: ({ password }: { password?: string }) => (
@@ -12,13 +13,13 @@ vi.mock('./PasswordStrengthIndicator', () => ({

 describe('PasswordInput (in auth feature)', () => {
  it('should render as a password input by default', () => {
-    render(<PasswordInput placeholder="Enter password" />);
+    renderWithProviders(<PasswordInput placeholder="Enter password" />);
    const input = screen.getByPlaceholderText('Enter password');
    expect(input).toHaveAttribute('type', 'password');
  });

  it('should toggle input type between password and text when the eye icon is clicked', () => {
-    render(<PasswordInput placeholder="Enter password" />);
+    renderWithProviders(<PasswordInput placeholder="Enter password" />);
    const input = screen.getByPlaceholderText('Enter password');
    const toggleButton = screen.getByRole('button', { name: /show password/i });

@@ -38,7 +39,7 @@ describe('PasswordInput (in auth feature)', () => {

  it('should pass through standard input attributes', () => {
    const handleChange = vi.fn();
-    render(
+    renderWithProviders(
      <PasswordInput
        value="test"
        onChange={handleChange}
@@ -56,38 +57,38 @@ describe('PasswordInput (in auth feature)', () => {
  });

  it('should not show strength indicator by default', () => {
-    render(<PasswordInput value="some-password" onChange={() => {}} />);
+    renderWithProviders(<PasswordInput value="some-password" onChange={() => {}} />);
    expect(screen.queryByTestId('strength-indicator')).not.toBeInTheDocument();
  });

  it('should show strength indicator when showStrength is true and there is a value', () => {
-    render(<PasswordInput value="some-password" showStrength onChange={() => {}} />);
+    renderWithProviders(<PasswordInput value="some-password" showStrength onChange={() => {}} />);
    const indicator = screen.getByTestId('strength-indicator');
    expect(indicator).toBeInTheDocument();
    expect(indicator).toHaveTextContent('Strength for: some-password');
  });

  it('should not show strength indicator when showStrength is true but value is empty', () => {
-    render(<PasswordInput value="" showStrength onChange={() => {}} />);
+    renderWithProviders(<PasswordInput value="" showStrength onChange={() => {}} />);
    expect(screen.queryByTestId('strength-indicator')).not.toBeInTheDocument();
  });

  it('should handle undefined className gracefully', () => {
-    render(<PasswordInput placeholder="No class" />);
+    renderWithProviders(<PasswordInput placeholder="No class" />);
    const input = screen.getByPlaceholderText('No class');
    expect(input.className).not.toContain('undefined');
    expect(input.className).toContain('block w-full');
  });

  it('should not show strength indicator if value is undefined', () => {
-    render(<PasswordInput showStrength onChange={() => {}} />);
+    renderWithProviders(<PasswordInput showStrength onChange={() => {}} />);
    expect(screen.queryByTestId('strength-indicator')).not.toBeInTheDocument();
  });

  it('should not show strength indicator if value is not a string', () => {
    // Force a non-string value to test the typeof check
    const props = { value: 12345, showStrength: true, onChange: () => {} } as any;
-    render(<PasswordInput {...props} />);
+    renderWithProviders(<PasswordInput {...props} />);
    expect(screen.queryByTestId('strength-indicator')).not.toBeInTheDocument();
  });
 });
--- a/src/components/PasswordStrengthIndicator.test.tsx
+++ b/src/components/PasswordStrengthIndicator.test.tsx
@@ -1,8 +1,9 @@
 // src/pages/admin/components/PasswordStrengthIndicator.test.tsx
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect, vi, type Mock } from 'vitest';
 import { PasswordStrengthIndicator } from './PasswordStrengthIndicator';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';
 import zxcvbn from 'zxcvbn';

 // Mock the zxcvbn library to control its output for testing
@@ -11,7 +12,7 @@ vi.mock('zxcvbn');
 describe('PasswordStrengthIndicator', () => {
  it('should render 5 gray bars when no password is provided', () => {
    (zxcvbn as Mock).mockReturnValue({ score: -1, feedback: { warning: '', suggestions: [] } });
-    const { container } = render(<PasswordStrengthIndicator password="" />);
+    const { container } = renderWithProviders(<PasswordStrengthIndicator password="" />);
    const bars = container.querySelectorAll('.h-1\\.5');
    expect(bars).toHaveLength(5);
    bars.forEach((bar) => {
@@ -28,7 +29,7 @@ describe('PasswordStrengthIndicator', () => {
    { score: 4, label: 'Strong', color: 'bg-green-500', bars: 5 },
  ])('should render correctly for score $score ($label)', ({ score, label, color, bars }) => {
    (zxcvbn as Mock).mockReturnValue({ score, feedback: { warning: '', suggestions: [] } });
-    const { container } = render(<PasswordStrengthIndicator password="some-password" />);
+    const { container } = renderWithProviders(<PasswordStrengthIndicator password="some-password" />);

    // Check the label
    expect(screen.getByText(label)).toBeInTheDocument();
@@ -54,7 +55,7 @@ describe('PasswordStrengthIndicator', () => {
        suggestions: [],
      },
    });
-    render(<PasswordStrengthIndicator password="password" />);
+    renderWithProviders(<PasswordStrengthIndicator password="password" />);
    expect(screen.getByText(/this is a very common password/i)).toBeInTheDocument();
  });

@@ -66,7 +67,7 @@ describe('PasswordStrengthIndicator', () => {
        suggestions: ['Add another word or two'],
      },
    });
-    render(<PasswordStrengthIndicator password="pass" />);
+    renderWithProviders(<PasswordStrengthIndicator password="pass" />);
    expect(screen.getByText(/add another word or two/i)).toBeInTheDocument();
  });

@@ -75,14 +76,14 @@ describe('PasswordStrengthIndicator', () => {
      score: 1,
      feedback: { warning: 'A warning here', suggestions: ['A suggestion here'] },
    });
-    render(<PasswordStrengthIndicator password="password" />);
+    renderWithProviders(<PasswordStrengthIndicator password="password" />);
    expect(screen.getByText(/a warning here/i)).toBeInTheDocument();
    expect(screen.queryByText(/a suggestion here/i)).not.toBeInTheDocument();
  });

  it('should use default empty string if password prop is undefined', () => {
    (zxcvbn as Mock).mockReturnValue({ score: 0, feedback: { warning: '', suggestions: [] } });
-    const { container } = render(<PasswordStrengthIndicator />);
+    const { container } = renderWithProviders(<PasswordStrengthIndicator />);
    const bars = container.querySelectorAll('.h-1\\.5');
    expect(bars).toHaveLength(5);
    bars.forEach((bar) => {
@@ -94,7 +95,7 @@ describe('PasswordStrengthIndicator', () => {
  it('should handle out-of-range scores gracefully (defensive)', () => {
    // Mock a score that isn't 0-4 to hit default switch cases
    (zxcvbn as Mock).mockReturnValue({ score: 99, feedback: { warning: '', suggestions: [] } });
-    const { container } = render(<PasswordStrengthIndicator password="test" />);
+    const { container } = renderWithProviders(<PasswordStrengthIndicator password="test" />);

    // Check bars - should hit default case in getBarColor which returns gray
    const bars = container.querySelectorAll('.h-1\\.5');
--- a/src/components/RecipeSuggester.test.tsx
+++ b/src/components/RecipeSuggester.test.tsx
@@ -0,0 +1,156 @@
+// src/components/RecipeSuggester.test.tsx
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { screen, waitFor } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import { RecipeSuggester } from './RecipeSuggester'; // This should be after mocks
+import * as apiClient from '../services/apiClient';
+import { logger } from '../services/logger.client';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';
+import '@testing-library/jest-dom';
+
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
+// We can get a typed reference to it for individual test overrides.
+const mockedApiClient = vi.mocked(apiClient);
+
+describe('RecipeSuggester Component', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Reset console logs if needed, or just keep them for debug visibility
+  });
+
+  it('renders correctly with initial state', () => {
+    console.log('TEST: Verifying initial render state');
+    renderWithProviders(<RecipeSuggester />);
+
+    expect(screen.getByText('Get a Recipe Suggestion')).toBeInTheDocument();
+    expect(screen.getByLabelText(/Ingredients:/i)).toBeInTheDocument();
+    expect(screen.getByRole('button', { name: /Suggest a Recipe/i })).toBeInTheDocument();
+    expect(screen.queryByText('Getting suggestion...')).not.toBeInTheDocument();
+  });
+
+  it('shows validation error if no ingredients are entered', async () => {
+    console.log('TEST: Verifying validation for empty input');
+    const user = userEvent.setup();
+    renderWithProviders(<RecipeSuggester />);
+
+    const button = screen.getByRole('button', { name: /Suggest a Recipe/i });
+    await user.click(button);
+
+    expect(await screen.findByText('Please enter at least one ingredient.')).toBeInTheDocument();
+    expect(mockedApiClient.suggestRecipe).not.toHaveBeenCalled();
+    console.log('TEST: Validation error displayed correctly');
+  });
+
+  it('calls suggestRecipe and displays suggestion on success', async () => {
+    console.log('TEST: Verifying successful recipe suggestion flow');
+    const user = userEvent.setup();
+    renderWithProviders(<RecipeSuggester />);
+
+    const input = screen.getByLabelText(/Ingredients:/i);
+    await user.type(input, 'chicken, rice');
+
+    // Mock successful API response
+    const mockSuggestion = 'Here is a nice Chicken and Rice recipe...';
+    // Add a delay to ensure the loading state is visible during the test
+    mockedApiClient.suggestRecipe.mockImplementation(async () => {
+      await new Promise((resolve) => setTimeout(resolve, 50));
+      return { ok: true, json: async () => ({ suggestion: mockSuggestion }) } as Response;
+    });
+
+    const button = screen.getByRole('button', { name: /Suggest a Recipe/i });
+    await user.click(button);
+
+    // Check loading state
+    expect(screen.getByRole('button')).toBeDisabled();
+    expect(screen.getByText('Getting suggestion...')).toBeInTheDocument();
+
+    await waitFor(() => {
+      expect(screen.getByText(mockSuggestion)).toBeInTheDocument();
+    });
+
+    expect(mockedApiClient.suggestRecipe).toHaveBeenCalledWith(['chicken', 'rice']);
+    console.log('TEST: Suggestion displayed and API called with correct args');
+  });
+
+  it('handles API errors (non-200 response) gracefully', async () => {
+    console.log('TEST: Verifying API error handling (400/500 responses)');
+    const user = userEvent.setup();
+    renderWithProviders(<RecipeSuggester />);
+
+    const input = screen.getByLabelText(/Ingredients:/i);
+    await user.type(input, 'rocks');
+
+    // Mock API failure response
+    const errorMessage = 'Invalid ingredients provided.';
+    mockedApiClient.suggestRecipe.mockResolvedValue({
+      ok: false,
+      json: async () => ({ message: errorMessage }),
+    } as Response);
+
+    const button = screen.getByRole('button', { name: /Suggest a Recipe/i });
+    await user.click(button);
+
+    await waitFor(() => {
+      expect(screen.getByText(errorMessage)).toBeInTheDocument();
+    });
+
+    // Ensure loading state is reset
+    expect(screen.getByRole('button', { name: /Suggest a Recipe/i })).toBeEnabled();
+    console.log('TEST: API error message displayed to user');
+  });
+
+  it('handles network exceptions and logs them', async () => {
+    console.log('TEST: Verifying network exception handling');
+    const user = userEvent.setup();
+    renderWithProviders(<RecipeSuggester />);
+
+    const input = screen.getByLabelText(/Ingredients:/i);
+    await user.type(input, 'beef');
+
+    // Mock network error
+    const networkError = new Error('Network Error');
+    mockedApiClient.suggestRecipe.mockRejectedValue(networkError);
+
+    const button = screen.getByRole('button', { name: /Suggest a Recipe/i });
+    await user.click(button);
+
+    await waitFor(() => {
+      expect(screen.getByText('Network Error')).toBeInTheDocument();
+    });
+
+    expect(logger.error).toHaveBeenCalledWith(
+      { error: networkError },
+      'Failed to fetch recipe suggestion.'
+    );
+    console.log('TEST: Network error caught and logged');
+  });
+
+  it('clears previous errors when submitting again', async () => {
+    console.log('TEST: Verifying error clearing on re-submit');
+    const user = userEvent.setup();
+    renderWithProviders(<RecipeSuggester />);
+
+    // Trigger validation error first
+    const button = screen.getByRole('button', { name: /Suggest a Recipe/i });
+    await user.click(button);
+    expect(screen.getByText('Please enter at least one ingredient.')).toBeInTheDocument();
+
+    // Now type something to clear it (state change doesn't clear it, submit does)
+    const input = screen.getByLabelText(/Ingredients:/i);
+    await user.type(input, 'tofu');
+
+    // Mock success for the second click
+    mockedApiClient.suggestRecipe.mockResolvedValue({
+      ok: true,
+      json: async () => ({ suggestion: 'Tofu Stir Fry' }),
+    } as Response);
+
+    await user.click(button);
+
+    await waitFor(() => {
+      expect(screen.queryByText('Please enter at least one ingredient.')).not.toBeInTheDocument();
+      expect(screen.getByText('Tofu Stir Fry')).toBeInTheDocument();
+    });
+    console.log('TEST: Previous error cleared successfully');
+  });
+});
--- a/src/components/RecipeSuggester.tsx
+++ b/src/components/RecipeSuggester.tsx
@@ -0,0 +1,80 @@
+// src/components/RecipeSuggester.tsx
+import React, { useState, useCallback } from 'react';
+import { suggestRecipe } from '../services/apiClient';
+import { logger } from '../services/logger.client';
+
+export const RecipeSuggester: React.FC = () => {
+  const [ingredients, setIngredients] = useState<string>('');
+  const [suggestion, setSuggestion] = useState<string | null>(null);
+  const [isLoading, setIsLoading] = useState<boolean>(false);
+  const [error, setError] = useState<string | null>(null);
+
+  const handleSubmit = useCallback(async (event: React.FormEvent<HTMLFormElement>) => {
+    event.preventDefault();
+    setIsLoading(true);
+    setError(null);
+    setSuggestion(null);
+
+    const ingredientList = ingredients.split(',').map(item => item.trim()).filter(Boolean);
+
+    if (ingredientList.length === 0) {
+      setError('Please enter at least one ingredient.');
+      setIsLoading(false);
+      return;
+    }
+
+    try {
+      const response = await suggestRecipe(ingredientList);
+      const data = await response.json();
+
+      if (!response.ok) {
+        throw new Error(data.message || 'Failed to get suggestion.');
+      }
+
+      setSuggestion(data.suggestion);
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : 'An unknown error occurred.';
+      logger.error({ error: err }, 'Failed to fetch recipe suggestion.');
+      setError(errorMessage);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [ingredients]);
+
+  return (
+    <div className="bg-white dark:bg-gray-800 shadow rounded-lg p-6">
+      <h2 className="text-xl font-semibold text-gray-900 dark:text-white mb-2">Get a Recipe Suggestion</h2>
+      <p className="text-gray-600 dark:text-gray-400 mb-4">Enter some ingredients you have, separated by commas.</p>
+      <form onSubmit={handleSubmit}>
+        <div className="mb-4">
+          <label htmlFor="ingredients-input" className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Ingredients:</label>
+          <input
+            id="ingredients-input"
+            type="text"
+            value={ingredients}
+            onChange={(e) => setIngredients(e.target.value)}
+            placeholder="e.g., chicken, rice, broccoli"
+            disabled={isLoading}
+            className="block w-full rounded-md border-gray-300 shadow-sm focus:border-blue-500 focus:ring-blue-500 dark:bg-gray-700 dark:border-gray-600 dark:text-white sm:text-sm p-2 border"
+          />
+        </div>
+        <button type="submit" disabled={isLoading} className="w-full flex justify-center py-2 px-4 border border-transparent rounded-md shadow-sm text-sm font-medium text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 disabled:opacity-50 transition-colors">
+          {isLoading ? 'Getting suggestion...' : 'Suggest a Recipe'}
+        </button>
+      </form>
+
+      {error && (
+        <div className="mt-4 p-4 bg-red-50 dark:bg-red-900/50 text-red-700 dark:text-red-200 rounded-md text-sm">{error}</div>
+      )}
+
+      {suggestion && (
+        <div className="mt-6 bg-gray-50 dark:bg-gray-700/50 rounded-lg p-4 border border-gray-200 dark:border-gray-600">
+          <div className="prose dark:prose-invert max-w-none">
+            <h5 className="text-lg font-medium text-gray-900 dark:text-white mb-2">Recipe Suggestion</h5>
+            <p className="text-gray-700 dark:text-gray-300 whitespace-pre-wrap">{suggestion}</p>
+          </div>
+        </div>
+      )}
+    </div>
+  );
+};
--- a/src/components/StatCard.test.tsx
+++ b/src/components/StatCard.test.tsx
@@ -0,0 +1,34 @@
+// src/components/StatCard.test.tsx
+import React from 'react';
+import { screen } from '@testing-library/react';
+import { describe, it, expect } from 'vitest';
+import { StatCard } from './StatCard';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';
+import '@testing-library/jest-dom';
+
+describe('StatCard', () => {
+  it('renders title and value correctly', () => {
+    renderWithProviders(
+      <StatCard
+        title="Total Users"
+        value="1,234"
+        icon={<div data-testid="mock-icon">Icon</div>}
+      />,
+    );
+
+    expect(screen.getByText('Total Users')).toBeInTheDocument();
+    expect(screen.getByText('1,234')).toBeInTheDocument();
+  });
+
+  it('renders the icon', () => {
+    renderWithProviders(
+      <StatCard
+        title="Total Users"
+        value="1,234"
+        icon={<div data-testid="mock-icon">Icon</div>}
+      />,
+    );
+
+    expect(screen.getByTestId('mock-icon')).toBeInTheDocument();
+  });
+});
--- a/src/components/StatCard.tsx
+++ b/src/components/StatCard.tsx
@@ -0,0 +1,32 @@
+// src/components/StatCard.tsx
+import React, { ReactNode } from 'react';
+
+interface StatCardProps {
+  title: string;
+  value: string;
+  icon: ReactNode;
+}
+
+export const StatCard: React.FC<StatCardProps> = ({ title, value, icon }) => {
+  return (
+    <div className="bg-white dark:bg-gray-800 overflow-hidden shadow rounded-lg">
+      <div className="p-5">
+        <div className="flex items-center">
+          <div className="flex-shrink-0">
+            <div className="flex items-center justify-center h-12 w-12 rounded-md bg-blue-500 text-white">
+              {icon}
+            </div>
+          </div>
+          <div className="ml-5 w-0 flex-1">
+            <dl>
+              <dt className="text-sm font-medium text-gray-500 dark:text-gray-400 truncate">{title}</dt>
+              <dd>
+                <div className="text-lg font-medium text-gray-900 dark:text-white">{value}</div>
+              </dd>
+            </dl>
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+};
--- a/src/components/UnitSystemToggle.test.tsx
+++ b/src/components/UnitSystemToggle.test.tsx
@@ -1,8 +1,9 @@
 // src/components/UnitSystemToggle.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { UnitSystemToggle } from './UnitSystemToggle';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('UnitSystemToggle', () => {
  const mockOnToggle = vi.fn();
@@ -12,7 +13,7 @@ describe('UnitSystemToggle', () => {
  });

  it('should render correctly for imperial system', () => {
-    render(<UnitSystemToggle currentSystem="imperial" onToggle={mockOnToggle} />);
+    renderWithProviders(<UnitSystemToggle currentSystem="imperial" onToggle={mockOnToggle} />);

    const checkbox = screen.getByRole('checkbox');
    expect(checkbox).toBeChecked();
@@ -23,7 +24,7 @@ describe('UnitSystemToggle', () => {
  });

  it('should render correctly for metric system', () => {
-    render(<UnitSystemToggle currentSystem="metric" onToggle={mockOnToggle} />);
+    renderWithProviders(<UnitSystemToggle currentSystem="metric" onToggle={mockOnToggle} />);

    const checkbox = screen.getByRole('checkbox');
    expect(checkbox).not.toBeChecked();
@@ -34,7 +35,7 @@ describe('UnitSystemToggle', () => {
  });

  it('should call onToggle when the toggle is clicked', () => {
-    render(<UnitSystemToggle currentSystem="metric" onToggle={mockOnToggle} />);
+    renderWithProviders(<UnitSystemToggle currentSystem="metric" onToggle={mockOnToggle} />);
    fireEvent.click(screen.getByRole('checkbox'));
    expect(mockOnToggle).toHaveBeenCalledTimes(1);
  });
--- a/src/components/UserMenuSkeleton.test.tsx
+++ b/src/components/UserMenuSkeleton.test.tsx
@@ -1,34 +1,34 @@
 // src/components/UserMenuSkeleton.test.tsx
 import React from 'react';
-import { render } from '@testing-library/react';
 import { describe, it, expect } from 'vitest';
 import { UserMenuSkeleton } from './UserMenuSkeleton';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 describe('UserMenuSkeleton', () => {
  it('should render without crashing', () => {
-    const { container } = render(<UserMenuSkeleton />);
+    const { container } = renderWithProviders(<UserMenuSkeleton />);
    expect(container.firstChild).toBeInTheDocument();
  });

  it('should have the main container with pulse animation', () => {
-    const { container } = render(<UserMenuSkeleton />);
+    const { container } = renderWithProviders(<UserMenuSkeleton />);
    expect(container.firstChild).toHaveClass('animate-pulse');
  });

  it('should render two child placeholder elements', () => {
-    const { container } = render(<UserMenuSkeleton />);
+    const { container } = renderWithProviders(<UserMenuSkeleton />);
    expect(container.firstChild?.childNodes.length).toBe(2);
  });

  it('should render a rectangular placeholder with correct styles', () => {
-    const { container } = render(<UserMenuSkeleton />);
+    const { container } = renderWithProviders(<UserMenuSkeleton />);
    expect(container.querySelector('.rounded-md')).toHaveClass(
      'h-8 w-24 bg-gray-200 dark:bg-gray-700',
    );
  });

  it('should render a circular placeholder with correct styles', () => {
-    const { container } = render(<UserMenuSkeleton />);
+    const { container } = renderWithProviders(<UserMenuSkeleton />);
    expect(container.querySelector('.rounded-full')).toHaveClass(
      'h-10 w-10 bg-gray-200 dark:bg-gray-700',
    );
--- a/src/components/WhatsNewModal.test.tsx
+++ b/src/components/WhatsNewModal.test.tsx
@@ -1,8 +1,9 @@
 // src/components/WhatsNewModal.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { WhatsNewModal } from './WhatsNewModal';
+import { renderWithProviders } from '../tests/utils/renderWithProviders';

 // Unmock the component to test the real implementation
 vi.unmock('./WhatsNewModal');
@@ -21,13 +22,13 @@ describe('WhatsNewModal', () => {
  });

  it('should not render when isOpen is false', () => {
-    const { container } = render(<WhatsNewModal {...defaultProps} isOpen={false} />);
+    const { container } = renderWithProviders(<WhatsNewModal {...defaultProps} isOpen={false} />);
    // The component returns null, so the container should be empty.
    expect(container.firstChild).toBeNull();
  });

  it('should render correctly when isOpen is true', () => {
-    render(<WhatsNewModal {...defaultProps} />);
+    renderWithProviders(<WhatsNewModal {...defaultProps} />);

    expect(screen.getByRole('heading', { name: /what's new/i })).toBeInTheDocument();
    expect(screen.getByText(`Version: ${defaultProps.version}`)).toBeInTheDocument();
@@ -36,13 +37,13 @@ describe('WhatsNewModal', () => {
  });

  it('should call onClose when the "Got it!" button is clicked', () => {
-    render(<WhatsNewModal {...defaultProps} />);
+    renderWithProviders(<WhatsNewModal {...defaultProps} />);
    fireEvent.click(screen.getByRole('button', { name: /got it/i }));
    expect(mockOnClose).toHaveBeenCalledTimes(1);
  });

  it('should call onClose when the close icon button is clicked', () => {
-    render(<WhatsNewModal {...defaultProps} />);
+    renderWithProviders(<WhatsNewModal {...defaultProps} />);
    // The close button is an SVG icon inside a button, best queried by its aria-label.
    const closeButton = screen.getByRole('button', { name: /close/i });
    fireEvent.click(closeButton);
@@ -50,7 +51,7 @@ describe('WhatsNewModal', () => {
  });

  it('should call onClose when clicking on the overlay', () => {
-    render(<WhatsNewModal {...defaultProps} />);
+    renderWithProviders(<WhatsNewModal {...defaultProps} />);
    // The overlay is the root div with the background color.
    const overlay = screen.getByRole('dialog').parentElement;
    fireEvent.click(overlay!);
@@ -58,7 +59,7 @@ describe('WhatsNewModal', () => {
  });

  it('should not call onClose when clicking inside the modal content', () => {
-    render(<WhatsNewModal {...defaultProps} />);
+    renderWithProviders(<WhatsNewModal {...defaultProps} />);
    fireEvent.click(screen.getByText(defaultProps.commitMessage));
    expect(mockOnClose).not.toHaveBeenCalled();
  });
--- a/src/components/icons/DocumentMagnifyingGlassIcon.tsx
+++ b/src/components/icons/DocumentMagnifyingGlassIcon.tsx
@@ -0,0 +1,18 @@
+import React from 'react';
+
+export const DocumentMagnifyingGlassIcon: React.FC<React.SVGProps<SVGSVGElement>> = (props) => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    fill="none"
+    viewBox="0 0 24 24"
+    strokeWidth={1.5}
+    stroke="currentColor"
+    {...props}
+  >
+    <path
+      strokeLinecap="round"
+      strokeLinejoin="round"
+      d="M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m5.231 13.481L15 17.25m-4.5 4.5L6.75 21.75m0 0L2.25 17.25m4.5 4.5v-4.5m13.5-3V9A2.25 2.25 0 0 0 16.5 6.75h-9A2.25 2.25 0 0 0 5.25 9v9.75m14.25-10.5a2.25 2.25 0 0 0-2.25-2.25H5.25a2.25 2.25 0 0 0-2.25 2.25v10.5a2.25 2.25 0 0 0 2.25 225h5.25"
+    />
+  </svg>
+);
--- a/src/db/seed.ts
+++ b/src/db/seed.ts
@@ -111,7 +111,7 @@ async function main() {

    const flyerQuery = `
        INSERT INTO public.flyers (file_name, image_url, checksum, store_id, valid_from, valid_to)
-        VALUES ('safeway-flyer.jpg', '/sample-assets/safeway-flyer.jpg', 'sample-checksum-123', ${storeMap.get('Safeway')}, $1, $2)
+        VALUES ('safeway-flyer.jpg', 'https://example.com/flyer-images/safeway-flyer.jpg', 'a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0', ${storeMap.get('Safeway')}, $1, $2)
        RETURNING flyer_id;
    `;
    const flyerRes = await client.query<{ flyer_id: number }>(flyerQuery, [
--- a/src/features/flyer/FlyerList.test.tsx
+++ b/src/features/flyer/FlyerList.test.tsx
@@ -1,7 +1,7 @@
 // src/features/flyer/FlyerList.test.tsx
 import React from 'react';
 import { render, screen, fireEvent, waitFor } from '@testing-library/react';
-import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach, type Mocked } from 'vitest';
 import { FlyerList } from './FlyerList';
 import { formatShortDate } from './dateUtils';
 import type { Flyer, UserProfile } from '../../types';
@@ -257,6 +257,73 @@ describe('FlyerList', () => {
    });
  });

+  describe('Expiration Status Logic', () => {
+    beforeEach(() => {
+      vi.useFakeTimers();
+    });
+
+    afterEach(() => {
+      vi.useRealTimers();
+    });
+
+    it('should show "Expired" for past dates', () => {
+      // Flyer 1 valid_to is 2023-10-11
+      vi.setSystemTime(new Date('2023-10-12T12:00:00Z'));
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expired')).toBeInTheDocument();
+      expect(screen.getByText('• Expired')).toHaveClass('text-red-500');
+    });
+
+    it('should show "Expires today" when valid_to is today', () => {
+      vi.setSystemTime(new Date('2023-10-11T12:00:00Z'));
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires today')).toBeInTheDocument();
+      expect(screen.getByText('• Expires today')).toHaveClass('text-orange-500');
+    });
+
+    it('should show "Expires in X days" (orange) for <= 3 days', () => {
+      vi.setSystemTime(new Date('2023-10-09T12:00:00Z')); // 2 days left
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires in 2 days')).toBeInTheDocument();
+      expect(screen.getByText('• Expires in 2 days')).toHaveClass('text-orange-500');
+    });
+
+    it('should show "Expires in X days" (green) for > 3 days', () => {
+      vi.setSystemTime(new Date('2023-10-05T12:00:00Z')); // 6 days left
+      render(
+        <FlyerList
+          flyers={[mockFlyers[0]]}
+          onFlyerSelect={mockOnFlyerSelect}
+          selectedFlyerId={null}
+          profile={mockProfile}
+        />,
+      );
+      expect(screen.getByText('• Expires in 6 days')).toBeInTheDocument();
+      expect(screen.getByText('• Expires in 6 days')).toHaveClass('text-green-600');
+    });
+  });
+
  describe('Admin Functionality', () => {
    const adminProfile: UserProfile = createMockUserProfile({
      user: { user_id: 'admin-1', email: 'admin@example.com' },
--- a/src/features/flyer/FlyerUploader.test.tsx
+++ b/src/features/flyer/FlyerUploader.test.tsx
@@ -9,12 +9,21 @@ import { useNavigate, MemoryRouter } from 'react-router-dom';
 import { QueryClient, QueryClientProvider, onlineManager } from '@tanstack/react-query';

 // Mock dependencies
-vi.mock('../../services/aiApiClient');
+vi.mock('../../services/aiApiClient', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('../../services/aiApiClient')>();
+  return {
+    ...actual,
+    uploadAndProcessFlyer: vi.fn(),
+    getJobStatus: vi.fn(),
+  };
+});
 vi.mock('../../services/logger.client', () => ({
  // Keep the original logger.info/error but also spy on it for test assertions if needed
  logger: {
    info: vi.fn((...args) => console.log('[LOGGER.INFO]', ...args)),
    error: vi.fn((...args) => console.error('[LOGGER.ERROR]', ...args)),
+    warn: vi.fn((...args) => console.warn('[LOGGER.WARN]', ...args)),
+    debug: vi.fn((...args) => console.debug('[LOGGER.DEBUG]', ...args)),
  },
 }));
 vi.mock('../../utils/checksum', () => ({
@@ -223,14 +232,10 @@ describe('FlyerUploader', () => {
  it('should handle a failed job', async () => {
    console.log('--- [TEST LOG] ---: 1. Setting up mocks for a failed job.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-fail' });
-    mockedAiApiClient.getJobStatus.mockResolvedValue({
-      state: 'failed',
-      progress: {
-        errorCode: 'UNKNOWN_ERROR',
-        message: 'AI model exploded',
-      },
-      failedReason: 'This is the raw error message.', // The UI should prefer the progress message.
-    });
+    // The getJobStatus function throws a specific error when the job fails,
+    // which is then caught by react-query and placed in the `error` state.
+    const jobFailedError = new aiApiClientModule.JobFailedError('AI model exploded', 'UNKNOWN_ERROR');
+    mockedAiApiClient.getJobStatus.mockRejectedValue(jobFailedError);

    console.log('--- [TEST LOG] ---: 2. Rendering and uploading.');
    renderComponent();
@@ -243,7 +248,8 @@ describe('FlyerUploader', () => {

    try {
      console.log('--- [TEST LOG] ---: 4. AWAITING failure message...');
-      expect(await screen.findByText(/Processing failed: AI model exploded/i)).toBeInTheDocument();
+      // The UI should now display the error from the `pollError` state, which includes the "Polling failed" prefix.
+      expect(await screen.findByText(/Polling failed: AI model exploded/i)).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 5. SUCCESS: Failure message found.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 5. ERROR: findByText for failure message timed out.');
@@ -257,18 +263,17 @@ describe('FlyerUploader', () => {
  });

  it('should clear the polling timeout when a job fails', async () => {
-    const clearTimeoutSpy = vi.spyOn(global, 'clearTimeout');
    console.log('--- [TEST LOG] ---: 1. Setting up mocks for failed job timeout clearance.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-fail-timeout' });

    // We need at least one 'active' response to establish a timeout loop so we have something to clear
+    // The second call should be a rejection, as this is how getJobStatus signals a failure.
    mockedAiApiClient.getJobStatus
-      .mockResolvedValueOnce({ state: 'active', progress: { message: 'Working...' } })
      .mockResolvedValueOnce({
-        state: 'failed',
-        progress: { errorCode: 'UNKNOWN_ERROR', message: 'Fatal Error' },
-        failedReason: 'Fatal Error',
-      });
+        state: 'active',
+        progress: { message: 'Working...' },
+      } as aiApiClientModule.JobStatus)
+      .mockRejectedValueOnce(new aiApiClientModule.JobFailedError('Fatal Error', 'UNKNOWN_ERROR'));

    renderComponent();
    const file = new File(['content'], 'flyer.pdf', { type: 'application/pdf' });
@@ -280,24 +285,13 @@ describe('FlyerUploader', () => {
    await screen.findByText('Working...');

    // Wait for the failure UI
-    await waitFor(() => expect(screen.getByText(/Processing failed: Fatal Error/i)).toBeInTheDocument(), { timeout: 4000 });
-
-    // Verify clearTimeout was called
-    expect(clearTimeoutSpy).toHaveBeenCalled();
-
-    // Verify no further polling occurs
-    const callsBefore = mockedAiApiClient.getJobStatus.mock.calls.length;
-    // Wait for a duration longer than the polling interval
-    await act(() => new Promise((r) => setTimeout(r, 4000)));
-    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(callsBefore);
-
-    clearTimeoutSpy.mockRestore();
+    await waitFor(() => expect(screen.getByText(/Polling failed: Fatal Error/i)).toBeInTheDocument(), { timeout: 4000 });
  });

-  it('should clear the polling timeout when the component unmounts', async () => {
-    const clearTimeoutSpy = vi.spyOn(global, 'clearTimeout');
-    console.log('--- [TEST LOG] ---: 1. Setting up mocks for unmount timeout clearance.');
+  it('should stop polling for job status when the component unmounts', async () => {
+    console.log('--- [TEST LOG] ---: 1. Setting up mocks for unmount polling stop.');
    mockedAiApiClient.uploadAndProcessFlyer.mockResolvedValue({ jobId: 'job-unmount' });
+    // Mock getJobStatus to always return 'active' to keep polling
    mockedAiApiClient.getJobStatus.mockResolvedValue({
      state: 'active',
      progress: { message: 'Polling...' },
@@ -309,26 +303,38 @@ describe('FlyerUploader', () => {

    fireEvent.change(input, { target: { files: [file] } });

-    // Wait for the first poll to complete and the UI to show the polling state
+    // Wait for the first poll to complete and UI to update
    await screen.findByText('Polling...');

-    // Now that we are in a polling state (and a timeout is set), unmount the component
-    console.log('--- [TEST LOG] ---: 2. Unmounting component to trigger cleanup effect.');
+    // Wait for exactly one call to be sure polling has started.
+    await waitFor(() => {
+      expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(1);
+    });
+    console.log('--- [TEST LOG] ---: 2. First poll confirmed.');
+
+    // Record the number of calls before unmounting.
+    const callsBeforeUnmount = mockedAiApiClient.getJobStatus.mock.calls.length;
+
+    // Now unmount the component, which should stop the polling.
+    console.log('--- [TEST LOG] ---: 3. Unmounting component.');
    unmount();

-    // Verify that the cleanup function in the useEffect hook was called
-    expect(clearTimeoutSpy).toHaveBeenCalled();
-    console.log('--- [TEST LOG] ---: 3. clearTimeout confirmed.');
+    // Wait for a duration longer than the polling interval (3s) to see if more calls are made.
+    console.log('--- [TEST LOG] ---: 4. Waiting for 4 seconds to check for further polling.');
+    await act(() => new Promise((resolve) => setTimeout(resolve, 4000)));

-    clearTimeoutSpy.mockRestore();
+    // Verify that getJobStatus was not called again after unmounting.
+    console.log('--- [TEST LOG] ---: 5. Asserting no new polls occurred.');
+    expect(mockedAiApiClient.getJobStatus).toHaveBeenCalledTimes(callsBeforeUnmount);
  });

  it('should handle a duplicate flyer error (409)', async () => {
    console.log('--- [TEST LOG] ---: 1. Setting up mock for 409 duplicate error.');
-    // The API client now throws a structured error for non-2xx responses.
+    // The API client throws a structured error, which useFlyerUploader now parses
+    // to set both the errorMessage and the duplicateFlyerId.
    mockedAiApiClient.uploadAndProcessFlyer.mockRejectedValue({
      status: 409,
-      body: { flyerId: 99, message: 'Duplicate' },
+      body: { flyerId: 99, message: 'This flyer has already been processed.' },
  });

    console.log('--- [TEST LOG] ---: 2. Rendering and uploading.');
@@ -342,9 +348,10 @@ describe('FlyerUploader', () => {

    try {
      console.log('--- [TEST LOG] ---: 4. AWAITING duplicate flyer message...');
-      expect(
-        await screen.findByText(/This flyer has already been processed/i),
-      ).toBeInTheDocument();
+      // With the fix, the duplicate error message and the link are combined into a single paragraph.
+      // We now look for this combined message.
+      const errorMessage = await screen.findByText(/This flyer has already been processed. You can view it here:/i);
+      expect(errorMessage).toBeInTheDocument();
      console.log('--- [TEST LOG] ---: 5. SUCCESS: Duplicate message found.');
    } catch (error) {
      console.error('--- [TEST LOG] ---: 5. ERROR: findByText for duplicate message timed out.');
--- a/src/features/flyer/FlyerUploader.tsx
+++ b/src/features/flyer/FlyerUploader.tsx
@@ -30,6 +30,12 @@ export const FlyerUploader: React.FC<FlyerUploaderProps> = ({ onProcessingComple
    if (statusMessage) logger.info(`FlyerUploader Status: ${statusMessage}`);
  }, [statusMessage]);

+  useEffect(() => {
+    if (errorMessage) {
+      logger.error(`[FlyerUploader] Error encountered: ${errorMessage}`, { duplicateFlyerId });
+    }
+  }, [errorMessage, duplicateFlyerId]);
+
  // Handle completion and navigation
  useEffect(() => {
    if (processingState === 'completed' && flyerId) {
@@ -94,14 +100,15 @@ export const FlyerUploader: React.FC<FlyerUploaderProps> = ({ onProcessingComple

          {errorMessage && (
            <div className="text-red-600 dark:text-red-400 font-semibold p-4 bg-red-100 dark:bg-red-900/30 rounded-md">
-              <p>{errorMessage}</p>
-              {duplicateFlyerId && (
+              {duplicateFlyerId ? (
                <p>
-                  This flyer has already been processed. You can view it here:{' '}
+                  {errorMessage} You can view it here:{' '}
                  <Link to={`/flyers/${duplicateFlyerId}`} className="text-blue-500 underline" data-discover="true">
                    Flyer #{duplicateFlyerId}
                  </Link>
                </p>
+              ) : (
+                <p>{errorMessage}</p>
              )}
            </div>
          )}
--- a/src/features/shopping/ShoppingList.test.tsx
+++ b/src/features/shopping/ShoppingList.test.tsx
@@ -236,6 +236,24 @@ describe('ShoppingListComponent (in shopping feature)', () => {
    alertSpy.mockRestore();
  });

+  it('should show a generic alert if reading aloud fails with a non-Error object', async () => {
+    const alertSpy = vi.spyOn(window, 'alert').mockImplementation(() => {});
+    vi.spyOn(aiApiClient, 'generateSpeechFromText').mockRejectedValue('A string error');
+
+    render(<ShoppingListComponent {...defaultProps} />);
+    const readAloudButton = screen.getByTitle(/read list aloud/i);
+
+    fireEvent.click(readAloudButton);
+
+    await waitFor(() => {
+      expect(alertSpy).toHaveBeenCalledWith(
+        'Could not read list aloud: An unknown error occurred while generating audio.',
+      );
+    });
+
+    alertSpy.mockRestore();
+  });
+
  it('should handle interactions with purchased items', () => {
    render(<ShoppingListComponent {...defaultProps} />);

--- a/src/features/shopping/ShoppingList.tsx
+++ b/src/features/shopping/ShoppingList.tsx
@@ -1,5 +1,5 @@
 // src/features/shopping/ShoppingList.tsx
-import React, { useState, useMemo, useCallback, useEffect } from 'react';
+import React, { useState, useMemo, useCallback } from 'react';
 import type { ShoppingList, ShoppingListItem, User } from '../../types';
 import { UserIcon } from '../../components/icons/UserIcon';
 import { ListBulletIcon } from '../../components/icons/ListBulletIcon';
@@ -56,28 +56,6 @@ export const ShoppingListComponent: React.FC<ShoppingListComponentProps> = ({
    return { neededItems, purchasedItems };
  }, [activeList]);

-  useEffect(() => {
-    if (activeList) {
-      console.log('ShoppingList Debug: Active List:', activeList.name);
-      console.log(
-        'ShoppingList Debug: Needed Items:',
-        neededItems.map((i) => ({
-          id: i.shopping_list_item_id,
-          name: i.custom_item_name || i.master_item?.name,
-          raw: i,
-        })),
-      );
-      console.log(
-        'ShoppingList Debug: Purchased Items:',
-        purchasedItems.map((i) => ({
-          id: i.shopping_list_item_id,
-          name: i.custom_item_name || i.master_item?.name,
-          raw: i,
-        })),
-      );
-    }
-  }, [activeList, neededItems, purchasedItems]);
-
  const handleCreateList = async () => {
    const name = prompt('Enter a name for your new shopping list:');
    if (name && name.trim()) {
--- a/src/features/shopping/WatchedItemsList.test.tsx
+++ b/src/features/shopping/WatchedItemsList.test.tsx
@@ -164,6 +164,15 @@ describe('WatchedItemsList (in shopping feature)', () => {
    expect(itemsDesc[1]).toHaveTextContent('Eggs');
    expect(itemsDesc[2]).toHaveTextContent('Bread');
    expect(itemsDesc[3]).toHaveTextContent('Apples');
+
+    // Click again to sort ascending
+    fireEvent.click(sortButton);
+
+    const itemsAscAgain = screen.getAllByRole('listitem');
+    expect(itemsAscAgain[0]).toHaveTextContent('Apples');
+    expect(itemsAscAgain[1]).toHaveTextContent('Bread');
+    expect(itemsAscAgain[2]).toHaveTextContent('Eggs');
+    expect(itemsAscAgain[3]).toHaveTextContent('Milk');
  });

  it('should call onAddItemToList when plus icon is clicked', () => {
@@ -222,6 +231,18 @@ describe('WatchedItemsList (in shopping feature)', () => {
      fireEvent.change(nameInput, { target: { value: 'Grapes' } });
      expect(addButton).toBeDisabled();
    });
+
+    it('should not submit if form is submitted with invalid data', () => {
+      render(<WatchedItemsList {...defaultProps} />);
+      const nameInput = screen.getByPlaceholderText(/add item/i);
+      const form = nameInput.closest('form')!;
+      const categorySelect = screen.getByDisplayValue('Select a category');
+      fireEvent.change(categorySelect, { target: { value: 'Dairy & Eggs' } });
+
+      fireEvent.change(nameInput, { target: { value: '   ' } });
+      fireEvent.submit(form);
+      expect(mockOnAddItem).not.toHaveBeenCalled();
+    });
  });

  describe('Error Handling', () => {
--- a/src/hooks/useActiveDeals.test.tsx
+++ b/src/hooks/useActiveDeals.test.tsx
@@ -12,12 +12,7 @@ import {
 } from '../tests/utils/mockFactories';
 import { mockUseFlyers, mockUseUserData } from '../tests/setup/mockHooks';

-// Explicitly mock apiClient to ensure stable spies are used
-vi.mock('../services/apiClient', () => ({
-  countFlyerItemsForFlyers: vi.fn(),
-  fetchFlyerItemsForFlyers: vi.fn(),
-}));
-
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
 // Mock the hooks to avoid Missing Context errors
 vi.mock('./useFlyers', () => ({
  useFlyers: () => mockUseFlyers(),
@@ -30,14 +25,6 @@ vi.mock('../hooks/useUserData', () => ({
 // The apiClient is globally mocked in our test setup, so we just need to cast it
 const mockedApiClient = vi.mocked(apiClient);

-// Mock the logger to prevent console noise
-vi.mock('../services/logger.client', () => ({
-  logger: {
-    error: vi.fn(),
-    info: vi.fn(), // Added to prevent crashes on abort logging
-  },
-}));
-
 // Set a consistent "today" for testing flyer validity to make tests deterministic
 const TODAY = new Date('2024-01-15T12:00:00.000Z');

--- a/src/hooks/useApi.ts
+++ b/src/hooks/useApi.ts
@@ -3,6 +3,7 @@ import { useState, useCallback, useRef, useEffect } from 'react';
 import { logger } from '../services/logger.client';
 import { notifyError } from '../services/notificationService';

+
 /**
 * A custom React hook to simplify API calls, including loading and error states.
 * It is designed to work with apiClient functions that return a `Promise<Response>`.
@@ -26,8 +27,17 @@ export function useApi<T, TArgs extends unknown[]>(
  const [isRefetching, setIsRefetching] = useState<boolean>(false);
  const [error, setError] = useState<Error | null>(null);
  const hasBeenExecuted = useRef(false);
+  const lastErrorMessageRef = useRef<string | null>(null);
  const abortControllerRef = useRef<AbortController>(new AbortController());

+  // Use a ref to track the latest apiFunction. This allows us to keep `execute` stable
+  // even if `apiFunction` is recreated on every render (common with inline arrow functions).
+  const apiFunctionRef = useRef(apiFunction);
+
+  useEffect(() => {
+    apiFunctionRef.current = apiFunction;
+  }, [apiFunction]);
+
  // This effect ensures that when the component using the hook unmounts,
  // any in-flight request is cancelled.
  useEffect(() => {
@@ -52,12 +62,13 @@ export function useApi<T, TArgs extends unknown[]>(
    async (...args: TArgs): Promise<T | null> => {
      setLoading(true);
      setError(null);
+      lastErrorMessageRef.current = null;
      if (hasBeenExecuted.current) {
        setIsRefetching(true);
      }

      try {
-        const response = await apiFunction(...args, abortControllerRef.current.signal);
+        const response = await apiFunctionRef.current(...args, abortControllerRef.current.signal);

        if (!response.ok) {
          // Attempt to parse a JSON error response. This is aligned with ADR-003,
@@ -96,7 +107,17 @@ export function useApi<T, TArgs extends unknown[]>(
        }
        return result;
      } catch (e) {
-        const err = e instanceof Error ? e : new Error('An unknown error occurred.');
+        let err: Error;
+        if (e instanceof Error) {
+          err = e;
+        } else if (typeof e === 'object' && e !== null && 'status' in e) {
+          // Handle structured errors (e.g. { status: 409, body: { ... } })
+          const structuredError = e as { status: number; body?: { message?: string } };
+          const message = structuredError.body?.message || `Request failed with status ${structuredError.status}`;
+          err = new Error(message);
+        } else {
+          err = new Error('An unknown error occurred.');
+        }
        // If the error is an AbortError, it's an intentional cancellation, so we don't set an error state.
        if (err.name === 'AbortError') {
          logger.info('API request was cancelled.', { functionName: apiFunction.name });
@@ -106,7 +127,13 @@ export function useApi<T, TArgs extends unknown[]>(
          error: err.message,
          functionName: apiFunction.name,
        });
-        setError(err);
+        // Only set a new error object if the message is different from the last one.
+        // This prevents creating new object references for the same error (e.g. repeated timeouts)
+        // and helps break infinite loops in components that depend on the `error` object.
+        if (err.message !== lastErrorMessageRef.current) {
+          setError(err);
+          lastErrorMessageRef.current = err.message;
+        }
        notifyError(err.message); // Optionally notify the user automatically.
        return null; // Return null on failure.
      } finally {
@@ -114,7 +141,7 @@ export function useApi<T, TArgs extends unknown[]>(
        setIsRefetching(false);
      }
    },
-    [apiFunction],
+    [], // execute is now stable because it uses apiFunctionRef
  ); // abortControllerRef is stable

  return { execute, loading, isRefetching, error, data, reset };
--- a/src/hooks/useAppInitialization.test.tsx
+++ b/src/hooks/useAppInitialization.test.tsx
@@ -61,7 +61,7 @@ describe('useAppInitialization Hook', () => {
    // Mock localStorage
    Object.defineProperty(window, 'localStorage', {
      value: {
-        getItem: vi.fn(),
+        getItem: vi.fn().mockReturnValue(null),
        setItem: vi.fn(),
        removeItem: vi.fn(),
        clear: vi.fn(),
@@ -74,6 +74,7 @@ describe('useAppInitialization Hook', () => {
        matches: false, // default to light mode
      })),
      writable: true,
+      configurable: true,
    });
  });

--- a/src/hooks/useAuth.test.tsx
+++ b/src/hooks/useAuth.test.tsx
@@ -11,21 +11,9 @@ import { createMockUserProfile } from '../tests/utils/mockFactories';
 import { logger } from '../services/logger.client';

 // Mock the dependencies
-vi.mock('../services/apiClient', () => ({
-  // Mock other functions if needed
-  getAuthenticatedUserProfile: vi.fn(),
-}));
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
 vi.mock('../services/tokenStorage');

-// Mock the logger to spy on its methods
-vi.mock('../services/logger.client', () => ({
-  logger: {
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-
 const mockedApiClient = vi.mocked(apiClient);
 const mockedTokenStorage = vi.mocked(tokenStorage);

--- a/src/hooks/useFlyerItems.test.ts
+++ b/src/hooks/useFlyerItems.test.ts
@@ -3,12 +3,11 @@ import { renderHook } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { useFlyerItems } from './useFlyerItems';
 import { useApiOnMount } from './useApiOnMount';
-import { createMockFlyer, createMockFlyerItem } from '../tests/utils/mockFactories';
 import * as apiClient from '../services/apiClient';
+import { createMockFlyer, createMockFlyerItem } from '../tests/utils/mockFactories';

 // Mock the underlying useApiOnMount hook to isolate the useFlyerItems hook's logic.
 vi.mock('./useApiOnMount');
-vi.mock('../services/apiClient');

 const mockedUseApiOnMount = vi.mocked(useApiOnMount);

@@ -61,7 +60,6 @@ describe('useFlyerItems Hook', () => {
    expect(result.current.flyerItems).toEqual([]);
    expect(result.current.isLoading).toBe(false);
    expect(result.current.error).toBeNull();
-
    // Assert: Check that useApiOnMount was called with `enabled: false`.
    expect(mockedUseApiOnMount).toHaveBeenCalledWith(
      expect.any(Function), // the wrapped fetcher function
@@ -171,11 +169,11 @@ describe('useFlyerItems Hook', () => {

      const wrappedFetcher = mockedUseApiOnMount.mock.calls[0][0];
      const mockResponse = new Response();
-      vi.mocked(apiClient.fetchFlyerItems).mockResolvedValue(mockResponse);
-
+      const mockedApiClient = vi.mocked(apiClient);
+      mockedApiClient.fetchFlyerItems.mockResolvedValue(mockResponse);
      const response = await wrappedFetcher(123);

-      expect(apiClient.fetchFlyerItems).toHaveBeenCalledWith(123);
+      expect(mockedApiClient.fetchFlyerItems).toHaveBeenCalledWith(123);
      expect(response).toBe(mockResponse);
    });
  });
--- a/src/hooks/useFlyerUploader.ts
+++ b/src/hooks/useFlyerUploader.ts
@@ -1,6 +1,6 @@
 // src/hooks/useFlyerUploader.ts
 // src/hooks/useFlyerUploader.ts
-import { useState, useCallback } from 'react';
+import { useState, useCallback, useMemo } from 'react';
 import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
 import {
  uploadAndProcessFlyer,
@@ -14,6 +14,28 @@ import type { ProcessingStage } from '../types';

 export type ProcessingState = 'idle' | 'uploading' | 'polling' | 'completed' | 'error';

+// Define a type for the structured error thrown by the API client
+interface ApiError {
+  status: number;
+  body: {
+    message: string;
+    flyerId?: number;
+  };
+}
+
+// Type guard to check if an error is a structured API error
+function isApiError(error: unknown): error is ApiError {
+  return (
+    typeof error === 'object' &&
+    error !== null &&
+    'status' in error &&
+    typeof (error as { status: unknown }).status === 'number' &&
+    'body' in error &&
+    typeof (error as { body: unknown }).body === 'object' &&
+    (error as { body: unknown }).body !== null &&
+    'message' in ((error as { body: unknown }).body as object)
+  );
+}
 export const useFlyerUploader = () => {
  const queryClient = useQueryClient();
  const [jobId, setJobId] = useState<string | null>(null);
@@ -44,11 +66,16 @@ export const useFlyerUploader = () => {
    enabled: !!jobId,
    // Polling logic: react-query handles the interval
    refetchInterval: (query) => {
-      const data = query.state.data;
+      const data = query.state.data as JobStatus | undefined;
      // Stop polling if the job is completed or has failed
      if (data?.state === 'completed' || data?.state === 'failed') {
        return false;
      }
+      // Also stop polling if the query itself has errored (e.g. network error, or JobFailedError thrown from getJobStatus)
+      if (query.state.status === 'error') {
+        logger.warn('[useFlyerUploader] Polling stopped due to query error state.');
+        return false;
+      }
      // Otherwise, poll every 3 seconds
      return 3000;
    },
@@ -76,40 +103,57 @@ export const useFlyerUploader = () => {
    queryClient.removeQueries({ queryKey: ['jobStatus'] });
  }, [uploadMutation, queryClient]);

-  // Consolidate state for the UI from the react-query hooks
-  const processingState = ((): ProcessingState => {
-    if (uploadMutation.isPending) return 'uploading';
-    if (jobStatus && (jobStatus.state === 'active' || jobStatus.state === 'waiting'))
-      return 'polling';
-    if (jobStatus?.state === 'completed') {
-      // If the job is complete but didn't return a flyerId, it's an error state.
-      if (!jobStatus.returnValue?.flyerId) {
-        return 'error';
+  // Consolidate state derivation for the UI from the react-query hooks using useMemo.
+  // This improves performance by memoizing the derived state and makes the logic easier to follow.
+  const { processingState, errorMessage, duplicateFlyerId, flyerId, statusMessage } = useMemo(() => {
+    // The order of these checks is critical. Errors must be checked first to override
+    // any stale `jobStatus` from a previous successful poll.
+    const state: ProcessingState = (() => {
+      if (uploadMutation.isError || pollError) return 'error';
+      if (uploadMutation.isPending) return 'uploading';
+      if (jobStatus && (jobStatus.state === 'active' || jobStatus.state === 'waiting'))
+        return 'polling';
+      if (jobStatus?.state === 'completed') {
+        if (!jobStatus.returnValue?.flyerId) return 'error';
+        return 'completed';
      }
-      return 'completed';
-    }
-    if (uploadMutation.isError || jobStatus?.state === 'failed' || pollError) return 'error';
-    return 'idle';
-  })();
+      return 'idle';
+    })();

-  const getErrorMessage = () => {
-    const uploadError = uploadMutation.error as any;
-    if (uploadMutation.isError) {
-      return uploadError?.body?.message || uploadError?.message || 'Upload failed.';
-    }
-    if (pollError) return `Polling failed: ${pollError.message}`;
-    if (jobStatus?.state === 'failed') {
-      return `Processing failed: ${jobStatus.progress?.message || jobStatus.failedReason}`;
-    }
-    if (jobStatus?.state === 'completed' && !jobStatus.returnValue?.flyerId) {
-      return 'Job completed but did not return a flyer ID.';
-    }
-    return null;
-  };
+    let msg: string | null = null;
+    let dupId: number | null = null;

-  const errorMessage = getErrorMessage();
-  const duplicateFlyerId = (uploadMutation.error as any)?.body?.flyerId ?? null;
-  const flyerId = jobStatus?.state === 'completed' ? jobStatus.returnValue?.flyerId : null;
+    if (state === 'error') {
+      if (uploadMutation.isError) {
+        const uploadError = uploadMutation.error;
+        if (isApiError(uploadError)) {
+          msg = uploadError.body.message;
+          // Specifically handle 409 Conflict for duplicate flyers
+          if (uploadError.status === 409) {
+            dupId = uploadError.body.flyerId ?? null;
+          }
+        } else if (uploadError instanceof Error) {
+          msg = uploadError.message;
+        } else {
+          msg = 'An unknown upload error occurred.';
+        }
+      } else if (pollError) {
+        msg = `Polling failed: ${pollError.message}`;
+      } else if (jobStatus?.state === 'failed') {
+        msg = `Processing failed: ${jobStatus.progress?.message || jobStatus.failedReason || 'Unknown reason'}`;
+      } else if (jobStatus?.state === 'completed' && !jobStatus.returnValue?.flyerId) {
+        msg = 'Job completed but did not return a flyer ID.';
+      }
+    }
+
+    return {
+      processingState: state,
+      errorMessage: msg,
+      duplicateFlyerId: dupId,
+      flyerId: jobStatus?.state === 'completed' ? jobStatus.returnValue?.flyerId ?? null : null,
+      statusMessage: uploadMutation.isPending ? 'Uploading file...' : jobStatus?.progress?.message,
+    };
+  }, [uploadMutation, jobStatus, pollError]);

  return {
    processingState,
--- a/src/hooks/useInfiniteQuery.ts
+++ b/src/hooks/useInfiniteQuery.ts
@@ -47,6 +47,7 @@ export function useInfiniteQuery<T>(

  // Use a ref to store the cursor for the next page.
  const nextCursorRef = useRef<number | string | null | undefined>(initialCursor);
+  const lastErrorMessageRef = useRef<string | null>(null);

  const fetchPage = useCallback(
    async (cursor?: number | string | null) => {
@@ -59,6 +60,7 @@ export function useInfiniteQuery<T>(
        setIsFetchingNextPage(true);
      }
      setError(null);
+      lastErrorMessageRef.current = null;

      try {
        const response = await apiFunction(cursor);
@@ -99,7 +101,10 @@ export function useInfiniteQuery<T>(
          error: err.message,
          functionName: apiFunction.name,
        });
-        setError(err);
+        if (err.message !== lastErrorMessageRef.current) {
+          setError(err);
+          lastErrorMessageRef.current = err.message;
+        }
        notifyError(err.message);
      } finally {
        setIsLoading(false);
@@ -125,6 +130,7 @@ export function useInfiniteQuery<T>(
  // Function to be called by the UI to refetch the entire query from the beginning.
  const refetch = useCallback(() => {
    setIsRefetching(true);
+    lastErrorMessageRef.current = null;
    setData([]);
    fetchPage(initialCursor);
  }, [fetchPage, initialCursor]);
--- a/src/hooks/useShoppingLists.test.tsx
+++ b/src/hooks/useShoppingLists.test.tsx
@@ -29,7 +29,6 @@ type MockApiResult = {
 vi.mock('./useApi');
 vi.mock('../hooks/useAuth');
 vi.mock('../hooks/useUserData');
-vi.mock('../services/apiClient');

 // The apiClient is globally mocked in our test setup, so we just need to cast it
 const mockedUseApi = vi.mocked(useApi);
@@ -495,6 +494,22 @@ describe('useShoppingLists Hook', () => {
      expect(currentLists[0].items).toHaveLength(1); // Length should remain 1
      console.log('  LOG: SUCCESS! Duplicate was not added and API was not called.');
    });
+
+    it('should log an error and not call the API if the listId does not exist', async () => {
+      const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      const { result } = renderHook(() => useShoppingLists());
+
+      await act(async () => {
+        // Call with a non-existent list ID (mock lists have IDs 1 and 2)
+        await result.current.addItemToList(999, { customItemName: 'Wont be added' });
+      });
+
+      // The API should not have been called because the list was not found.
+      expect(mockAddItemApi).not.toHaveBeenCalled();
+      expect(consoleErrorSpy).toHaveBeenCalledWith('useShoppingLists: List with ID 999 not found.');
+
+      consoleErrorSpy.mockRestore();
+    });
  });

  describe('updateItemInList', () => {
@@ -656,24 +671,14 @@ describe('useShoppingLists Hook', () => {
      },
      {
        name: 'updateItemInList',
-        action: (hook: any) => {
-          act(() => {
-            hook.setActiveListId(1);
-          });
-          return hook.updateItemInList(101, { is_purchased: true });
-        },
+        action: (hook: any) => hook.updateItemInList(101, { is_purchased: true }),
        apiMock: mockUpdateItemApi,
        mockIndex: 3,
        errorMessage: 'Update failed',
      },
      {
        name: 'removeItemFromList',
-        action: (hook: any) => {
-          act(() => {
-            hook.setActiveListId(1);
-          });
-          return hook.removeItemFromList(101);
-        },
+        action: (hook: any) => hook.removeItemFromList(101),
        apiMock: mockRemoveItemApi,
        mockIndex: 4,
        errorMessage: 'Removal failed',
@@ -681,6 +686,17 @@ describe('useShoppingLists Hook', () => {
    ])(
      'should set an error for $name if the API call fails',
      async ({ action, apiMock, mockIndex, errorMessage }) => {
+        // Setup a default list so activeListId is set automatically
+        const mockList = createMockShoppingList({ shopping_list_id: 1, name: 'List 1' });
+        mockedUseUserData.mockReturnValue({
+          shoppingLists: [mockList],
+          setShoppingLists: mockSetShoppingLists,
+          watchedItems: [],
+          setWatchedItems: vi.fn(),
+          isLoading: false,
+          error: null,
+        });
+
        const apiMocksWithError = [...defaultApiMocks];
        apiMocksWithError[mockIndex] = {
          ...apiMocksWithError[mockIndex],
@@ -689,11 +705,25 @@ describe('useShoppingLists Hook', () => {
        setupApiMocks(apiMocksWithError);
        apiMock.mockRejectedValue(new Error(errorMessage));

+        // Spy on console.error to ensure the catch block is executed for logging
+        const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+
        const { result } = renderHook(() => useShoppingLists());
+
+        // Wait for the effect to set the active list ID
+        await waitFor(() => expect(result.current.activeListId).toBe(1));
+
        await act(async () => {
          await action(result.current);
        });
-        await waitFor(() => expect(result.current.error).toBe(errorMessage));
+
+        await waitFor(() => {
+          expect(result.current.error).toBe(errorMessage);
+          // Verify that our custom logging within the catch block was called
+          expect(consoleErrorSpy).toHaveBeenCalled();
+        });
+
+        consoleErrorSpy.mockRestore();
      },
    );
  });
--- a/src/hooks/useWatchedItems.test.tsx
+++ b/src/hooks/useWatchedItems.test.tsx
@@ -17,7 +17,6 @@ import {
 vi.mock('./useApi');
 vi.mock('../hooks/useAuth');
 vi.mock('../hooks/useUserData');
-vi.mock('../services/apiClient');

 // The apiClient is globally mocked in our test setup, so we just need to cast it
 const mockedUseApi = vi.mocked(useApi);
--- a/src/middleware/errorHandler.test.ts
+++ b/src/middleware/errorHandler.test.ts
@@ -113,13 +113,14 @@ describe('errorHandler Middleware', () => {
    expect(response.body.message).toBe('A generic server error occurred.');
    expect(response.body.stack).toBeDefined();
    expect(response.body.errorId).toEqual(expect.any(String));
+    console.log('[DEBUG] errorHandler.test.ts: Received 500 error response with ID:', response.body.errorId);
    expect(mockLogger.error).toHaveBeenCalledWith(
      expect.objectContaining({
        err: expect.any(Error),
        errorId: expect.any(String),
        req: expect.objectContaining({ method: 'GET', url: '/generic-error' }),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
    expect(consoleErrorSpy).toHaveBeenCalledWith(
      expect.stringMatching(/--- \[TEST\] UNHANDLED ERROR \(ID: \w+\) ---/),
@@ -226,7 +227,7 @@ describe('errorHandler Middleware', () => {
        errorId: expect.any(String),
        req: expect.objectContaining({ method: 'GET', url: '/db-error-500' }),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
    expect(consoleErrorSpy).toHaveBeenCalledWith(
      expect.stringMatching(/--- \[TEST\] UNHANDLED ERROR \(ID: \w+\) ---/),
--- a/src/middleware/multer.middleware.test.ts
+++ b/src/middleware/multer.middleware.test.ts
@@ -1,5 +1,10 @@
 // src/middleware/multer.middleware.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterEach, Mock } from 'vitest';
+import multer from 'multer';
+import type { Request, Response, NextFunction } from 'express';
+import { createUploadMiddleware, handleMulterError } from './multer.middleware';
+import { createMockUserProfile } from '../tests/utils/mockFactories';
+import { ValidationError } from '../services/db/errors.db';

 // 1. Hoist the mocks so they can be referenced inside vi.mock factories.
 const mocks = vi.hoisted(() => ({
@@ -26,13 +31,41 @@ vi.mock('../services/logger.server', () => ({
 }));

 // 4. Mock multer to prevent it from doing anything during import.
-vi.mock('multer', () => ({
-  default: vi.fn(() => ({
-    single: vi.fn(),
-    array: vi.fn(),
-  })),
-  diskStorage: vi.fn(),
-}));
+vi.mock('multer', () => {
+  const diskStorage = vi.fn((options) => options);
+  // A more realistic mock for MulterError that maps error codes to messages,
+  // similar to how the actual multer library works.
+  class MulterError extends Error {
+    code: string;
+    field?: string;
+
+    constructor(code: string, field?: string) {
+      const messages: { [key: string]: string } = {
+        LIMIT_FILE_SIZE: 'File too large',
+        LIMIT_UNEXPECTED_FILE: 'Unexpected file',
+        // Add other codes as needed for tests
+      };
+      const message = messages[code] || code;
+      super(message);
+      this.code = code;
+      this.name = 'MulterError';
+      if (field) {
+        this.field = field;
+      }
+    }
+  }
+  const multer = vi.fn(() => ({
+    single: vi.fn().mockImplementation(() => (req: any, res: any, next: any) => next()),
+    array: vi.fn().mockImplementation(() => (req: any, res: any, next: any) => next()),
+  }));
+  (multer as any).diskStorage = diskStorage;
+  (multer as any).MulterError = MulterError;
+  return {
+    default: multer,
+    diskStorage,
+    MulterError,
+  };
+});

 describe('Multer Middleware Directory Creation', () => {
  beforeEach(() => {
@@ -71,4 +104,166 @@ describe('Multer Middleware Directory Creation', () => {
      'Failed to create multer storage directories on startup.',
    );
  });
+});
+
+describe('createUploadMiddleware', () => {
+  const mockFile = { originalname: 'test.png' } as Express.Multer.File;
+  const mockUser = createMockUserProfile({ user: { user_id: 'user-123', email: 'test@user.com' } });
+  let originalNodeEnv: string | undefined;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    originalNodeEnv = process.env.NODE_ENV;
+  });
+
+  afterEach(() => {
+    process.env.NODE_ENV = originalNodeEnv;
+  });
+
+  describe('Avatar Storage', () => {
+    it('should generate a unique filename for an authenticated user', () => {
+      process.env.NODE_ENV = 'production';
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = { user: mockUser } as unknown as Request;
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, expect.stringContaining('user-123-'));
+      expect(cb).toHaveBeenCalledWith(null, expect.stringContaining('.png'));
+    });
+
+    it('should call the callback with an error for an unauthenticated user', () => {
+      // This test covers line 37
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request; // No user on request
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(
+        new Error('User not authenticated for avatar upload'),
+        expect.any(String),
+      );
+    });
+
+    it('should use a predictable filename in test environment', () => {
+      process.env.NODE_ENV = 'test';
+      createUploadMiddleware({ storageType: 'avatar' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = { user: mockUser } as unknown as Request;
+
+      storageOptions.filename!(mockReq, mockFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, 'test-avatar.png');
+    });
+  });
+
+  describe('Flyer Storage', () => {
+    it('should generate a unique, sanitized filename in production environment', () => {
+      process.env.NODE_ENV = 'production';
+      const mockFlyerFile = {
+        fieldname: 'flyerFile',
+        originalname: 'My Flyer (Special!).pdf',
+      } as Express.Multer.File;
+      createUploadMiddleware({ storageType: 'flyer' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request;
+
+      storageOptions.filename!(mockReq, mockFlyerFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(
+        null,
+        expect.stringMatching(/^flyerFile-\d+-\d+-my-flyer-special\.pdf$/i),
+      );
+    });
+
+    it('should generate a predictable filename in test environment', () => {
+      // This test covers lines 43-46
+      process.env.NODE_ENV = 'test';
+      const mockFlyerFile = {
+        fieldname: 'flyerFile',
+        originalname: 'test-flyer.jpg',
+      } as Express.Multer.File;
+      createUploadMiddleware({ storageType: 'flyer' });
+      const storageOptions = vi.mocked(multer.diskStorage).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockReq = {} as Request;
+
+      storageOptions.filename!(mockReq, mockFlyerFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, 'flyerFile-test-flyer-image.jpg');
+    });
+  });
+
+  describe('Image File Filter', () => {
+    it('should accept files with an image mimetype', () => {
+      createUploadMiddleware({ storageType: 'flyer', fileFilter: 'image' });
+      const multerOptions = vi.mocked(multer).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockImageFile = { mimetype: 'image/png' } as Express.Multer.File;
+
+      multerOptions!.fileFilter!({} as Request, mockImageFile, cb);
+
+      expect(cb).toHaveBeenCalledWith(null, true);
+    });
+
+    it('should reject files without an image mimetype', () => {
+      createUploadMiddleware({ storageType: 'flyer', fileFilter: 'image' });
+      const multerOptions = vi.mocked(multer).mock.calls[0][0];
+      const cb = vi.fn();
+      const mockTextFile = { mimetype: 'text/plain' } as Express.Multer.File;
+
+      multerOptions!.fileFilter!({} as Request, { ...mockTextFile, fieldname: 'test' }, cb);
+
+      const error = (cb as Mock).mock.calls[0][0];
+      expect(error).toBeInstanceOf(ValidationError);
+      expect(error.validationErrors[0].message).toBe('Only image files are allowed!');
+    });
+  });
+});
+
+describe('handleMulterError Middleware', () => {
+  let mockRequest: Partial<Request>;
+  let mockResponse: Partial<Response>;
+  let mockNext: NextFunction;
+
+  beforeEach(() => {
+    mockRequest = {};
+    mockResponse = {
+      status: vi.fn().mockReturnThis(),
+      json: vi.fn(),
+    };
+    mockNext = vi.fn();
+  });
+
+  it('should handle a MulterError (e.g., file too large)', () => {
+    const err = new multer.MulterError('LIMIT_FILE_SIZE');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    expect(mockResponse.status).toHaveBeenCalledWith(400);
+    expect(mockResponse.json).toHaveBeenCalledWith({
+      message: 'File upload error: File too large',
+    });
+    expect(mockNext).not.toHaveBeenCalled();
+  });
+
+  it('should pass on a ValidationError to the next handler', () => {
+    const err = new ValidationError([], 'Only image files are allowed!');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    // It should now pass the error to the global error handler
+    expect(mockNext).toHaveBeenCalledWith(err);
+    expect(mockResponse.status).not.toHaveBeenCalled();
+    expect(mockResponse.json).not.toHaveBeenCalled();
+  });
+
+  it('should pass on non-multer errors to the next error handler', () => {
+    const err = new Error('A generic error');
+    handleMulterError(err, mockRequest as Request, mockResponse as Response, mockNext);
+    expect(mockNext).toHaveBeenCalledWith(err);
+    expect(mockResponse.status).not.toHaveBeenCalled();
+  });
 });
--- a/src/middleware/multer.middleware.ts
+++ b/src/middleware/multer.middleware.ts
@@ -5,6 +5,7 @@ import fs from 'node:fs/promises';
 import { Request, Response, NextFunction } from 'express';
 import { UserProfile } from '../types';
 import { sanitizeFilename } from '../utils/stringUtils';
+import { ValidationError } from '../services/db/errors.db';
 import { logger } from '../services/logger.server';

 export const flyerStoragePath =
@@ -69,8 +70,9 @@ const imageFileFilter = (req: Request, file: Express.Multer.File, cb: multer.Fil
    cb(null, true);
  } else {
    // Reject the file with a specific error that can be caught by a middleware.
-    const err = new Error('Only image files are allowed!');
-    cb(err);
+    const validationIssue = { path: ['file', file.fieldname], message: 'Only image files are allowed!' };
+    const err = new ValidationError([validationIssue], 'Only image files are allowed!');
+    cb(err as Error); // Cast to Error to satisfy multer's type, though ValidationError extends Error.
  }
 };

@@ -114,9 +116,6 @@ export const handleMulterError = (
  if (err instanceof multer.MulterError) {
    // A Multer error occurred when uploading (e.g., file too large).
    return res.status(400).json({ message: `File upload error: ${err.message}` });
-  } else if (err && err.message === 'Only image files are allowed!') {
-    // A custom error from our fileFilter.
-    return res.status(400).json({ message: err.message });
  }
  // If it's not a multer error, pass it on.
  next(err);
--- a/src/pages/MyDealsPage.test.tsx
+++ b/src/pages/MyDealsPage.test.tsx
@@ -1,25 +1,15 @@
-// src/components/MyDealsPage.test.tsx
+// src/pages/MyDealsPage.test.tsx
 import React from 'react';
 import { render, screen, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
 import MyDealsPage from './MyDealsPage';
 import * as apiClient from '../services/apiClient';
-import { WatchedItemDeal } from '../types';
+import type { WatchedItemDeal } from '../types';
 import { logger } from '../services/logger.client';
 import { createMockWatchedItemDeal } from '../tests/utils/mockFactories';

-// Mock the apiClient. The component now directly uses `fetchBestSalePrices`.
-// By mocking the entire module, we can control the behavior of `fetchBestSalePrices`
-// for our tests.
-vi.mock('../services/apiClient');
-const mockedApiClient = apiClient as Mocked<typeof apiClient>;
-
-// Mock the logger
-vi.mock('../services/logger.client', () => ({
-  logger: {
-    error: vi.fn(),
-  },
-}));
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
+const mockedApiClient = vi.mocked(apiClient);

 // Mock lucide-react icons to prevent rendering errors in the test environment
 vi.mock('lucide-react', () => ({
--- a/src/pages/ResetPasswordPage.test.tsx
+++ b/src/pages/ResetPasswordPage.test.tsx
@@ -10,13 +10,7 @@ import { logger } from '../services/logger.client';
 // The apiClient and logger are now mocked globally.
 const mockedApiClient = vi.mocked(apiClient);

-vi.mock('../services/logger.client', () => ({
-  logger: {
-    info: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-
+// The logger is mocked globally.
 // Helper function to render the component within a router context
 const renderWithRouter = (token: string) => {
  return render(
--- a/src/pages/UserProfilePage.test.tsx
+++ b/src/pages/UserProfilePage.test.tsx
@@ -11,16 +11,8 @@ import {
  createMockUser,
 } from '../tests/utils/mockFactories';

-// Mock dependencies
-vi.mock('../services/apiClient'); // This was correct
-vi.mock('../services/logger.client', () => ({
-  logger: {
-    info: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-vi.mock('../services/notificationService');
-vi.mock('../services/aiApiClient'); // Mock aiApiClient as it's used in the component
+// The apiClient, logger, notificationService, and aiApiClient are all mocked globally.
+// We can get a typed reference to the notificationService for individual test overrides.
 const mockedNotificationService = vi.mocked(await import('../services/notificationService'));
 vi.mock('../components/AchievementsList', () => ({
  AchievementsList: ({ achievements }: { achievements: (UserAchievement & Achievement)[] }) => (
@@ -28,7 +20,7 @@ vi.mock('../components/AchievementsList', () => ({
  ),
 }));

-const mockedApiClient = apiClient as Mocked<typeof apiClient>;
+const mockedApiClient = vi.mocked(apiClient);

 // --- Mock Data ---
 const mockProfile: UserProfile = createMockUserProfile({
--- a/src/pages/VoiceLabPage.test.tsx
+++ b/src/pages/VoiceLabPage.test.tsx
@@ -10,21 +10,10 @@ import { logger } from '../services/logger.client';
 // Extensive logging for debugging
 const LOG_PREFIX = '[TEST DEBUG]';

-vi.mock('../services/notificationService');
-
-// 1. Mock the module to replace its exports with mock functions.
-vi.mock('../services/aiApiClient');
-// 2. Get a typed reference to the mocked module to control its functions in tests.
+// The aiApiClient, notificationService, and logger are mocked globally.
+// We can get a typed reference to the aiApiClient for individual test overrides.
 const mockedAiApiClient = vi.mocked(aiApiClient);

-// Mock the logger
-vi.mock('../services/logger.client', () => ({
-  logger: {
-    info: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-
 // Define mock at module level so it can be referenced in the implementation
 const mockAudioPlay = vi.fn(() => {
  console.log(`${LOG_PREFIX} mockAudioPlay executed`);
--- a/src/pages/admin/AdminPage.tsx
+++ b/src/pages/admin/AdminPage.tsx
@@ -4,6 +4,7 @@ import { SystemCheck } from './components/SystemCheck';
 import { Link } from 'react-router-dom';
 import { ShieldExclamationIcon } from '../../components/icons/ShieldExclamationIcon';
 import { ChartBarIcon } from '../../components/icons/ChartBarIcon';
+import { DocumentMagnifyingGlassIcon } from '../../components/icons/DocumentMagnifyingGlassIcon';

 export const AdminPage: React.FC = () => {
  // The onReady prop for SystemCheck is present to allow for future UI changes,
@@ -39,6 +40,13 @@ export const AdminPage: React.FC = () => {
              <ChartBarIcon className="w-6 h-6 mr-3 text-brand-primary" />
              <span className="font-semibold">View Statistics</span>
            </Link>
+            <Link
+              to="/admin/flyer-review"
+              className="flex items-center p-3 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-700/50 transition-colors"
+            >
+              <DocumentMagnifyingGlassIcon className="w-6 h-6 mr-3 text-brand-primary" />
+              <span className="font-semibold">Flyer Review Queue</span>
+            </Link>
          </div>
        </div>
        <SystemCheck />
--- a/src/pages/admin/AdminStatsPage.test.tsx
+++ b/src/pages/admin/AdminStatsPage.test.tsx
@@ -7,13 +7,13 @@ import { AdminStatsPage } from './AdminStatsPage';
 import * as apiClient from '../../services/apiClient';
 import type { AppStats } from '../../services/apiClient';
 import { createMockAppStats } from '../../tests/utils/mockFactories';
-import { StatCard } from './components/StatCard';
+import { StatCard } from '../../components/StatCard';

 // The apiClient and logger are now mocked globally via src/tests/setup/tests-setup-unit.ts.
 const mockedApiClient = vi.mocked(apiClient);

 // Mock the child StatCard component to use the shared mock and allow spying
-vi.mock('./components/StatCard', async () => {
+vi.mock('../../components/StatCard', async () => {
  const { MockStatCard } = await import('../../tests/utils/componentMocks');
  return { StatCard: vi.fn(MockStatCard) };
 });
--- a/src/pages/admin/AdminStatsPage.tsx
+++ b/src/pages/admin/AdminStatsPage.tsx
@@ -10,7 +10,7 @@ import { DocumentDuplicateIcon } from '../../components/icons/DocumentDuplicateI
 import { BuildingStorefrontIcon } from '../../components/icons/BuildingStorefrontIcon';
 import { BellAlertIcon } from '../../components/icons/BellAlertIcon';
 import { BookOpenIcon } from '../../components/icons/BookOpenIcon';
-import { StatCard } from './components/StatCard';
+import { StatCard } from '../../components/StatCard';

 export const AdminStatsPage: React.FC = () => {
  const [stats, setStats] = useState<AppStats | null>(null);
--- a/src/pages/admin/FlyerReviewPage.test.tsx
+++ b/src/pages/admin/FlyerReviewPage.test.tsx
@@ -0,0 +1,172 @@
+// src/pages/admin/FlyerReviewPage.test.tsx
+import { render, screen, waitFor, within } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { FlyerReviewPage } from './FlyerReviewPage';
+import { MemoryRouter } from 'react-router-dom';
+import * as apiClient from '../../services/apiClient';
+import { logger } from '../../services/logger.client';
+
+// The apiClient and logger are mocked globally.
+// We can get a typed reference to the apiClient for individual test overrides.
+const mockedApiClient = vi.mocked(apiClient);
+
+// Mock LoadingSpinner to simplify DOM and avoid potential issues
+vi.mock('../../components/LoadingSpinner', () => ({
+  LoadingSpinner: () => <div data-testid="loading-spinner">Loading...</div>,
+}));
+
+describe('FlyerReviewPage', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('renders loading spinner initially', () => {
+    // Mock a promise that doesn't resolve immediately to check loading state
+    mockedApiClient.getFlyersForReview.mockReturnValue(new Promise(() => {}));
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    expect(screen.getByRole('status', { name: /loading flyers for review/i })).toBeInTheDocument();
+  });
+
+  it('renders empty state when no flyers are returned', async () => {
+    mockedApiClient.getFlyersForReview.mockResolvedValue({
+      ok: true,
+      json: async () => [],
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText(/the review queue is empty/i)).toBeInTheDocument();
+  });
+
+  it('renders a list of flyers when API returns data', async () => {
+    const mockFlyers = [
+      {
+        flyer_id: 1,
+        file_name: 'flyer1.jpg',
+        created_at: '2023-01-01T00:00:00Z',
+        store: { name: 'Store A' },
+        icon_url: 'icon1.jpg',
+      },
+      {
+        flyer_id: 2,
+        file_name: 'flyer2.jpg',
+        created_at: '2023-01-02T00:00:00Z',
+        store: { name: 'Store B' },
+        icon_url: 'icon2.jpg',
+      },
+      {
+        flyer_id: 3,
+        file_name: 'flyer3.jpg',
+        created_at: '2023-01-03T00:00:00Z',
+        store: null,
+        icon_url: null,
+      },
+    ];
+
+    mockedApiClient.getFlyersForReview.mockResolvedValue({
+      ok: true,
+      json: async () => mockFlyers,
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Store A')).toBeInTheDocument();
+    expect(screen.getByText('flyer1.jpg')).toBeInTheDocument();
+    expect(screen.getByText('Store B')).toBeInTheDocument();
+    expect(screen.getByText('flyer2.jpg')).toBeInTheDocument();
+
+    // Test fallback for null store and icon_url
+    expect(screen.getByText('Unknown Store')).toBeInTheDocument();
+    expect(screen.getByText('flyer3.jpg')).toBeInTheDocument();
+    const unknownStoreItem = screen.getByText('Unknown Store').closest('li');
+    const unknownStoreImage = within(unknownStoreItem!).getByRole('img');
+    expect(unknownStoreImage).not.toHaveAttribute('src');
+    expect(unknownStoreImage).not.toHaveAttribute('alt');
+  });
+
+  it('renders error message when API response is not ok', async () => {
+    mockedApiClient.getFlyersForReview.mockResolvedValue({
+      ok: false,
+      json: async () => ({ message: 'Server error' }),
+    } as Response);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Server error')).toBeInTheDocument();
+    expect(logger.error).toHaveBeenCalledWith(
+      expect.objectContaining({ err: expect.any(Error) }),
+      'Failed to fetch flyers for review'
+    );
+  });
+
+  it('renders error message when API throws an error', async () => {
+    const networkError = new Error('Network error');
+    mockedApiClient.getFlyersForReview.mockRejectedValue(networkError);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>
+    );
+
+    await waitFor(() => {
+      expect(screen.queryByRole('status')).not.toBeInTheDocument();
+    });
+
+    expect(screen.getByText('Network error')).toBeInTheDocument();
+    expect(logger.error).toHaveBeenCalledWith(
+      { err: networkError },
+      'Failed to fetch flyers for review'
+    );
+  });
+
+  it('renders a generic error for non-Error rejections', async () => {
+    const nonErrorRejection = { message: 'This is not an Error object' };
+    mockedApiClient.getFlyersForReview.mockRejectedValue(nonErrorRejection);
+
+    render(
+      <MemoryRouter>
+        <FlyerReviewPage />
+      </MemoryRouter>,
+    );
+
+    await waitFor(() => {
+      expect(screen.getByText('An unknown error occurred while fetching data.')).toBeInTheDocument();
+    });
+
+    expect(logger.error).toHaveBeenCalledWith(
+      { err: nonErrorRejection },
+      'Failed to fetch flyers for review',
+    );
+  });
+});
--- a/src/pages/admin/FlyerReviewPage.tsx
+++ b/src/pages/admin/FlyerReviewPage.tsx
@@ -0,0 +1,93 @@
+// src/pages/admin/FlyerReviewPage.tsx
+import React, { useEffect, useState } from 'react';
+import { Link } from 'react-router-dom';
+import { getFlyersForReview } from '../../services/apiClient';
+import { logger } from '../../services/logger.client';
+import type { Flyer } from '../../types';
+import { LoadingSpinner } from '../../components/LoadingSpinner';
+import { format } from 'date-fns';
+
+export const FlyerReviewPage: React.FC = () => {
+  const [flyers, setFlyers] = useState<Flyer[]>([]);
+  const [isLoading, setIsLoading] = useState(true);
+  const [error, setError] = useState<string | null>(null);
+
+  useEffect(() => {
+    const fetchFlyers = async () => {
+      setIsLoading(true);
+      setError(null);
+      try {
+        const response = await getFlyersForReview();
+        if (!response.ok) {
+          throw new Error((await response.json()).message || 'Failed to fetch flyers for review.');
+        }
+        setFlyers(await response.json());
+      } catch (err) {
+        const errorMessage =
+          err instanceof Error ? err.message : 'An unknown error occurred while fetching data.';
+        logger.error({ err }, 'Failed to fetch flyers for review');
+        setError(errorMessage);
+      } finally {
+        setIsLoading(false);
+      }
+    };
+
+    fetchFlyers();
+  }, []);
+
+  return (
+    <div className="max-w-7xl mx-auto py-8 px-4">
+      <div className="mb-8">
+        <Link to="/admin" className="text-brand-primary hover:underline">
+          &larr; Back to Admin Dashboard
+        </Link>
+        <h1 className="text-3xl font-bold text-gray-800 dark:text-white mt-2">
+          Flyer Review Queue
+        </h1>
+        <p className="text-gray-500 dark:text-gray-400">
+          Review flyers that were processed with low confidence by the AI.
+        </p>
+      </div>
+
+      {isLoading && (
+        <div
+          role="status"
+          aria-label="Loading flyers for review"
+          className="flex justify-center items-center h-64"
+        >
+          <LoadingSpinner />
+        </div>
+      )}
+      {error && (
+        <div className="text-red-500 bg-red-100 dark:bg-red-900/20 p-4 rounded-lg">{error}</div>
+      )}
+
+      {!isLoading && !error && (
+        <div className="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 overflow-hidden">
+          <ul className="divide-y divide-gray-200 dark:divide-gray-700">
+            {flyers.length === 0 ? (
+              <li className="p-6 text-center text-gray-500">
+                The review queue is empty. Great job!
+              </li>
+            ) : (
+              flyers.map((flyer) => (
+                <li key={flyer.flyer_id} className="p-4 hover:bg-gray-50 dark:hover:bg-gray-700/50">
+                  <Link to={`/flyers/${flyer.flyer_id}`} className="flex items-center space-x-4">
+                    <img src={flyer.icon_url || undefined} alt={flyer.store?.name} className="w-12 h-12 rounded-md object-cover" />
+                    <div className="flex-1">
+                      <p className="font-semibold text-gray-800 dark:text-white">{flyer.store?.name || 'Unknown Store'}</p>
+                      <p className="text-sm text-gray-500 dark:text-gray-400">{flyer.file_name}</p>
+                    </div>
+                    <div className="text-right text-sm text-gray-500 dark:text-gray-400">
+                      <p>Uploaded: {format(new Date(flyer.created_at), 'MMM d, yyyy')}</p>
+                    </div>
+                  </Link>
+                </li>
+              ))
+            )}
+          </ul>
+        </div>
+      )}
+    </div>
+  );
+};
--- a/src/pages/admin/components/AddressForm.test.tsx
+++ b/src/pages/admin/components/AddressForm.test.tsx
@@ -1,9 +1,10 @@
 // src/pages/admin/components/AddressForm.test.tsx
 import React from 'react';
-import { render, screen, fireEvent } from '@testing-library/react';
+import { screen, fireEvent } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import { AddressForm } from './AddressForm';
 import { createMockAddress } from '../../../tests/utils/mockFactories';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

 // Mock child components and icons to isolate the form's logic
 vi.mock('lucide-react', () => ({
@@ -30,7 +31,7 @@ describe('AddressForm', () => {
  });

  it('should render all address fields correctly', () => {
-    render(<AddressForm {...defaultProps} />);
+    renderWithProviders(<AddressForm {...defaultProps} />);

    expect(screen.getByRole('heading', { name: /home address/i })).toBeInTheDocument();
    expect(screen.getByLabelText(/address line 1/i)).toBeInTheDocument();
@@ -48,7 +49,7 @@ describe('AddressForm', () => {
      city: 'Anytown',
      country: 'Canada',
    });
-    render(<AddressForm {...defaultProps} address={fullAddress} />);
+    renderWithProviders(<AddressForm {...defaultProps} address={fullAddress} />);

    expect(screen.getByLabelText(/address line 1/i)).toHaveValue('123 Main St');
    expect(screen.getByLabelText(/city/i)).toHaveValue('Anytown');
@@ -56,7 +57,7 @@ describe('AddressForm', () => {
  });

  it('should call onAddressChange with the correct field and value for all inputs', () => {
-    render(<AddressForm {...defaultProps} />);
+    renderWithProviders(<AddressForm {...defaultProps} />);

    const inputs = [
      { label: /address line 1/i, name: 'address_line_1', value: '123 St' },
@@ -75,7 +76,7 @@ describe('AddressForm', () => {
  });

  it('should call onGeocode when the "Re-Geocode" button is clicked', () => {
-    render(<AddressForm {...defaultProps} />);
+    renderWithProviders(<AddressForm {...defaultProps} />);

    const geocodeButton = screen.getByRole('button', { name: /re-geocode/i });
    fireEvent.click(geocodeButton);
@@ -84,14 +85,14 @@ describe('AddressForm', () => {
  });

  it('should show MapPinIcon when not geocoding', () => {
-    render(<AddressForm {...defaultProps} isGeocoding={false} />);
+    renderWithProviders(<AddressForm {...defaultProps} isGeocoding={false} />);
    expect(screen.getByTestId('map-pin-icon')).toBeInTheDocument();
    expect(screen.queryByTestId('loading-spinner')).not.toBeInTheDocument();
  });

  describe('when isGeocoding is true', () => {
    it('should disable the button and show a loading spinner', () => {
-      render(<AddressForm {...defaultProps} isGeocoding={true} />);
+      renderWithProviders(<AddressForm {...defaultProps} isGeocoding={true} />);

      const geocodeButton = screen.getByRole('button', { name: /re-geocode/i });
      expect(geocodeButton).toBeDisabled();
--- a/src/pages/admin/components/AdminBrandManager.test.tsx
+++ b/src/pages/admin/components/AdminBrandManager.test.tsx
@@ -1,11 +1,12 @@
 // src/pages/admin/components/AdminBrandManager.test.tsx
 import React from 'react';
-import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+import { screen, fireEvent, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import toast from 'react-hot-toast';
 import { AdminBrandManager } from './AdminBrandManager';
 import * as apiClient from '../../../services/apiClient';
 import { createMockBrand } from '../../../tests/utils/mockFactories';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

 // After mocking, we can get a type-safe mocked version of the module.
 // This allows us to use .mockResolvedValue, .mockRejectedValue, etc. on the functions.
@@ -34,7 +35,7 @@ describe('AdminBrandManager', () => {
    mockedApiClient.fetchAllBrands.mockReturnValue(new Promise(() => {}));

    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);

    console.log('TEST ASSERTION: Checking for the loading text.');
    expect(screen.getByText('Loading brands...')).toBeInTheDocument();
@@ -49,7 +50,7 @@ describe('AdminBrandManager', () => {
    mockedApiClient.fetchAllBrands.mockRejectedValue(new Error('Network Error'));

    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);

    console.log('TEST ASSERTION: Waiting for error message to be displayed.');
    await waitFor(() => {
@@ -69,7 +70,7 @@ describe('AdminBrandManager', () => {
    );

    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);

    console.log('TEST ASSERTION: Waiting for brand list to render.');
    await waitFor(() => {
@@ -98,7 +99,7 @@ describe('AdminBrandManager', () => {
    mockedToast.loading.mockReturnValue('toast-1');

    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    console.log('TEST ACTION: Waiting for initial brands to render.');
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

@@ -135,7 +136,7 @@ describe('AdminBrandManager', () => {
    mockedApiClient.uploadBrandLogo.mockRejectedValue('A string error');
    mockedToast.loading.mockReturnValue('toast-non-error');

-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

    const file = new File(['logo'], 'logo.png', { type: 'image/png' });
@@ -162,7 +163,7 @@ describe('AdminBrandManager', () => {
    mockedToast.loading.mockReturnValue('toast-2');

    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    console.log('TEST ACTION: Waiting for initial brands to render.');
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

@@ -189,7 +190,7 @@ describe('AdminBrandManager', () => {
      async () => new Response(JSON.stringify(mockBrands), { status: 200 }),
    );
    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    console.log('TEST ACTION: Waiting for initial brands to render.');
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

@@ -217,7 +218,7 @@ describe('AdminBrandManager', () => {
      async () => new Response(JSON.stringify(mockBrands), { status: 200 }),
    );
    console.log('TEST ACTION: Rendering AdminBrandManager component.');
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    console.log('TEST ACTION: Waiting for initial brands to render.');
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

@@ -247,7 +248,7 @@ describe('AdminBrandManager', () => {
    );
    mockedToast.loading.mockReturnValue('toast-3');

-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

    const file = new File(['logo'], 'logo.png', { type: 'image/png' });
@@ -270,7 +271,7 @@ describe('AdminBrandManager', () => {
    mockedApiClient.fetchAllBrands.mockImplementation(
      async () => new Response(JSON.stringify(mockBrands), { status: 200 }),
    );
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    console.log('TEST ACTION: Waiting for initial brands to render.');
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

@@ -291,7 +292,7 @@ describe('AdminBrandManager', () => {
    mockedApiClient.fetchAllBrands.mockImplementation(
      async () => new Response(JSON.stringify([]), { status: 200 }),
    );
-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);

    await waitFor(() => {
      expect(screen.getByRole('heading', { name: /brand management/i })).toBeInTheDocument();
@@ -309,7 +310,7 @@ describe('AdminBrandManager', () => {
    );
    mockedToast.loading.mockReturnValue('toast-fallback');

-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

    const file = new File(['logo'], 'logo.png', { type: 'image/png' });
@@ -333,7 +334,7 @@ describe('AdminBrandManager', () => {
    );
    mockedToast.loading.mockReturnValue('toast-opt');

-    render(<AdminBrandManager />);
+    renderWithProviders(<AdminBrandManager />);
    await waitFor(() => expect(screen.getByText('No Frills')).toBeInTheDocument());

    // Brand 1: No Frills (initially null logo)
--- a/src/pages/admin/components/AuthView.test.tsx
+++ b/src/pages/admin/components/AuthView.test.tsx
@@ -1,11 +1,12 @@
 // src/pages/admin/components/AuthView.test.tsx
 import React from 'react';
-import { render, screen, fireEvent, waitFor, act } from '@testing-library/react';
+import { screen, fireEvent, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mock } from 'vitest';
 import { AuthView } from './AuthView';
 import * as apiClient from '../../../services/apiClient';
 import { notifySuccess, notifyError } from '../../../services/notificationService';
 import { createMockUserProfile } from '../../../tests/utils/mockFactories';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

 const mockedApiClient = vi.mocked(apiClient, true);

@@ -46,7 +47,7 @@ describe('AuthView', () => {

  describe('Initial Render and Login', () => {
    it('should render the Sign In form by default', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      expect(screen.getByRole('heading', { name: /sign in/i })).toBeInTheDocument();
      expect(screen.getByLabelText(/email address/i)).toBeInTheDocument();
      expect(screen.getByLabelText(/^password$/i)).toBeInTheDocument();
@@ -54,7 +55,7 @@ describe('AuthView', () => {
    });

    it('should allow typing in email and password fields', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      const emailInput = screen.getByLabelText(/email address/i);
      const passwordInput = screen.getByLabelText(/^password$/i);

@@ -66,7 +67,7 @@ describe('AuthView', () => {
    });

    it('should call loginUser and onLoginSuccess on successful login', async () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.change(screen.getByLabelText(/email address/i), {
        target: { value: 'test@example.com' },
      });
@@ -94,7 +95,7 @@ describe('AuthView', () => {

    it('should display an error on failed login', async () => {
      (mockedApiClient.loginUser as Mock).mockRejectedValueOnce(new Error('Invalid credentials'));
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.submit(screen.getByTestId('auth-form'));

      await waitFor(() => {
@@ -107,7 +108,7 @@ describe('AuthView', () => {
      (mockedApiClient.loginUser as Mock).mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Unauthorized' }), { status: 401 }),
      );
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.submit(screen.getByTestId('auth-form'));

      await waitFor(() => {
@@ -120,7 +121,7 @@ describe('AuthView', () => {

  describe('Registration', () => {
    it('should switch to the registration form', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));

      expect(screen.getByRole('heading', { name: /create an account/i })).toBeInTheDocument();
@@ -129,7 +130,7 @@ describe('AuthView', () => {
    });

    it('should call registerUser on successful registration', async () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));

      fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: 'Test User' } });
@@ -157,7 +158,7 @@ describe('AuthView', () => {
    });

    it('should allow registration without providing a full name', async () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));

      // Do not fill in the full name, which is marked as optional
@@ -184,7 +185,7 @@ describe('AuthView', () => {
      (mockedApiClient.registerUser as Mock).mockRejectedValueOnce(
        new Error('Email already exists'),
      );
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));
      fireEvent.submit(screen.getByTestId('auth-form'));

@@ -197,7 +198,7 @@ describe('AuthView', () => {
      (mockedApiClient.registerUser as Mock).mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'User exists' }), { status: 409 }),
      );
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));
      fireEvent.submit(screen.getByTestId('auth-form'));

@@ -209,7 +210,7 @@ describe('AuthView', () => {

  describe('Forgot Password', () => {
    it('should switch to the reset password form', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));

      expect(screen.getByRole('heading', { name: /reset password/i })).toBeInTheDocument();
@@ -217,7 +218,7 @@ describe('AuthView', () => {
    });

    it('should call requestPasswordReset and show success message', async () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));

      fireEvent.change(screen.getByLabelText(/email address/i), {
@@ -238,7 +239,7 @@ describe('AuthView', () => {
      (mockedApiClient.requestPasswordReset as Mock).mockRejectedValueOnce(
        new Error('User not found'),
      );
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));
      fireEvent.submit(screen.getByTestId('reset-password-form'));

@@ -251,7 +252,7 @@ describe('AuthView', () => {
      (mockedApiClient.requestPasswordReset as Mock).mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Rate limit exceeded' }), { status: 429 }),
      );
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));
      fireEvent.submit(screen.getByTestId('reset-password-form'));

@@ -261,7 +262,7 @@ describe('AuthView', () => {
    });

    it('should switch back to sign in from forgot password', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));
      fireEvent.click(screen.getByRole('button', { name: /back to sign in/i }));

@@ -287,13 +288,13 @@ describe('AuthView', () => {
    });

    it('should set window.location.href for Google OAuth', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /sign in with google/i }));
      expect(window.location.href).toBe('/api/auth/google');
    });

    it('should set window.location.href for GitHub OAuth', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      fireEvent.click(screen.getByRole('button', { name: /sign in with github/i }));
      expect(window.location.href).toBe('/api/auth/github');
    });
@@ -301,7 +302,7 @@ describe('AuthView', () => {

  describe('UI Logic and Loading States', () => {
    it('should toggle "Remember me" checkbox', () => {
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);
      const rememberMeCheckbox = screen.getByRole('checkbox', { name: /remember me/i });

      expect(rememberMeCheckbox).not.toBeChecked();
@@ -316,7 +317,7 @@ describe('AuthView', () => {
    it('should show loading state during login submission', async () => {
      // Mock a promise that doesn't resolve immediately
      (mockedApiClient.loginUser as Mock).mockReturnValue(new Promise(() => {}));
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);

      fireEvent.change(screen.getByLabelText(/email address/i), {
        target: { value: 'test@example.com' },
@@ -341,7 +342,7 @@ describe('AuthView', () => {

    it('should show loading state during password reset submission', async () => {
      (mockedApiClient.requestPasswordReset as Mock).mockReturnValue(new Promise(() => {}));
-      render(<AuthView {...defaultProps} />);
+      renderWithProviders(<AuthView {...defaultProps} />);

      fireEvent.click(screen.getByRole('button', { name: /forgot password\?/i }));

@@ -362,7 +363,7 @@ describe('AuthView', () => {
  it('should show loading state during registration submission', async () => {
    // Mock a promise that doesn't resolve immediately
    (mockedApiClient.registerUser as Mock).mockReturnValue(new Promise(() => {}));
-    render(<AuthView {...defaultProps} />);
+    renderWithProviders(<AuthView {...defaultProps} />);

    // Switch to registration view
    fireEvent.click(screen.getByRole('button', { name: /don't have an account\? register/i }));
--- a/src/pages/admin/components/CorrectionRow.test.tsx
+++ b/src/pages/admin/components/CorrectionRow.test.tsx
@@ -1,7 +1,7 @@
 // src/pages/admin/components/CorrectionRow.test.tsx
 import React from 'react';
 import ReactDOM from 'react-dom';
-import { render, screen, fireEvent, waitFor } from '@testing-library/react';
+import { screen, fireEvent, waitFor } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
 import { CorrectionRow } from './CorrectionRow';
 import * as apiClient from '../../../services/apiClient';
@@ -10,15 +10,11 @@ import {
  createMockMasterGroceryItem,
  createMockCategory,
 } from '../../../tests/utils/mockFactories';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

-// Cast the mocked module to its mocked type to retain type safety and autocompletion.
-// The apiClient is now mocked globally via src/tests/setup/tests-setup-unit.ts.
-const mockedApiClient = apiClient as Mocked<typeof apiClient>;
-
-// Mock the logger
-vi.mock('../../../services/logger', () => ({
-  logger: { info: vi.fn(), error: vi.fn() },
-}));
+// The apiClient and logger are mocked globally.
+// We can get a typed reference to the apiClient for individual test overrides.
+const mockedApiClient = vi.mocked(apiClient);

 // Mock the ConfirmationModal to test its props and interactions
 // The ConfirmationModal is now in a different directory.
@@ -80,7 +76,7 @@ const defaultProps = {

 // Helper to render the component inside a table structure
 const renderInTable = (props = defaultProps) => {
-  return render(
+  return renderWithProviders(
    <table>
      <tbody>
        <CorrectionRow {...props} />
--- a/src/pages/admin/components/ProfileManager.test.tsx
+++ b/src/pages/admin/components/ProfileManager.test.tsx
@@ -21,25 +21,10 @@ vi.mock('../../../components/PasswordInput', () => ({
  PasswordInput: (props: any) => <input {...props} data-testid="password-input" />,
 }));

+// The apiClient, notificationService, react-hot-toast, and logger are all mocked globally.
+// We can get a typed reference to the apiClient for individual test overrides.
 const mockedApiClient = vi.mocked(apiClient, true);

-vi.mock('../../../services/notificationService');
-vi.mock('react-hot-toast', () => ({
-  __esModule: true,
-  default: {
-    success: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-vi.mock('../../../services/logger.client', () => ({
-  logger: {
-    debug: vi.fn(),
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-  },
-}));
-
 const mockOnClose = vi.fn();
 const mockOnLoginSuccess = vi.fn();
 const mockOnSignOut = vi.fn();
@@ -883,6 +868,12 @@ describe('ProfileManager', () => {
      });
    });

+    it('should not render auth views when the user is already authenticated', () => {
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      expect(screen.queryByText('Sign In')).not.toBeInTheDocument();
+      expect(screen.queryByText('Create an Account')).not.toBeInTheDocument();
+    });
+
    it('should log warning if address fetch returns null', async () => {
      console.log('[TEST DEBUG] Running: should log warning if address fetch returns null');
      const loggerSpy = vi.spyOn(logger.logger, 'warn');
@@ -905,5 +896,113 @@ describe('ProfileManager', () => {
        );
      });
    });
+
+    it('should handle updating the user profile and address with empty strings', async () => {
+      mockedApiClient.updateUserProfile.mockImplementation(async (data) =>
+        new Response(JSON.stringify({ ...authenticatedProfile, ...data })),
+      );
+      mockedApiClient.updateUserAddress.mockImplementation(async (data) =>
+        new Response(JSON.stringify({ ...mockAddress, ...data })),
+      );
+
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+
+      await waitFor(() => {
+        expect(screen.getByLabelText(/full name/i)).toHaveValue(authenticatedProfile.full_name);
+      });
+      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
+
+      fireEvent.change(screen.getByLabelText(/full name/i), { target: { value: '' } });
+      fireEvent.change(screen.getByLabelText(/city/i), { target: { value: '' } });
+
+      const saveButton = screen.getByRole('button', { name: /save profile/i });
+      fireEvent.click(saveButton);
+
+      await waitFor(() => {
+        expect(mockedApiClient.updateUserProfile).toHaveBeenCalledWith(
+          { full_name: '', avatar_url: authenticatedProfile.avatar_url },
+          expect.objectContaining({ signal: expect.anything() }),
+        );
+        expect(mockedApiClient.updateUserAddress).toHaveBeenCalledWith(
+          expect.objectContaining({ city: '' }),
+          expect.objectContaining({ signal: expect.anything() }),
+        );
+        expect(mockOnProfileUpdate).toHaveBeenCalledWith(
+          expect.objectContaining({ full_name: '' })
+        );
+        expect(notifySuccess).toHaveBeenCalledWith('Profile updated successfully!');
+      });
+    });
+
+    it('should correctly clear the form when userProfile.address_id is null', async () => {
+      const profileNoAddress = { ...authenticatedProfile, address_id: null };
+      render(
+        <ProfileManager
+          {...defaultAuthenticatedProps}
+          userProfile={profileNoAddress as any} // Forcefully override the type to simulate address_id: null
+        />,
+      );
+
+      await waitFor(() => {
+        expect(screen.getByLabelText(/address line 1/i)).toHaveValue('');
+        expect(screen.getByLabelText(/city/i)).toHaveValue('');
+        expect(screen.getByLabelText(/province \/ state/i)).toHaveValue('');
+        expect(screen.getByLabelText(/postal \/ zip code/i)).toHaveValue('');
+        expect(screen.getByLabelText(/country/i)).toHaveValue('');
+      });
+    });
+
+    it('should show error notification when manual geocoding fails', async () => {
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
+
+      (mockedApiClient.geocodeAddress as Mock).mockRejectedValue(new Error('Geocoding failed'));
+
+      fireEvent.click(screen.getByRole('button', { name: /re-geocode/i }));
+
+      await waitFor(() => {
+        expect(notifyError).toHaveBeenCalledWith('Geocoding failed');
+      });
+    });
+
+    it('should show error notification when auto-geocoding fails', async () => {
+      vi.useFakeTimers();
+      // FIX: Mock getUserAddress to return an address *without* coordinates.
+      // This is the condition required to trigger the auto-geocoding logic.
+      const addressWithoutCoords = { ...mockAddress, latitude: undefined, longitude: undefined };
+      mockedApiClient.getUserAddress.mockResolvedValue(
+        new Response(JSON.stringify(addressWithoutCoords)),
+      );
+
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+
+      // Wait for initial load
+      await act(async () => {
+        await vi.runAllTimersAsync();
+      });
+
+      (mockedApiClient.geocodeAddress as Mock).mockRejectedValue(new Error('Auto-geocode error'));
+
+      fireEvent.change(screen.getByLabelText(/city/i), { target: { value: 'ErrorCity' } });
+
+      await act(async () => {
+        await vi.runAllTimersAsync();
+      });
+
+      expect(notifyError).toHaveBeenCalledWith('Auto-geocode error');
+    });
+
+    it('should handle permission denied error during geocoding', async () => {
+      render(<ProfileManager {...defaultAuthenticatedProps} />);
+      await waitFor(() => expect(screen.getByLabelText(/city/i)).toHaveValue(mockAddress.city));
+
+      (mockedApiClient.geocodeAddress as Mock).mockRejectedValue(new Error('Permission denied'));
+
+      fireEvent.click(screen.getByRole('button', { name: /re-geocode/i }));
+
+      await waitFor(() => {
+        expect(notifyError).toHaveBeenCalledWith('Permission denied');
+      });
+    });
  });
 });
--- a/src/pages/admin/components/StatCard.test.tsx
+++ b/src/pages/admin/components/StatCard.test.tsx
@@ -1,18 +1,19 @@
 import React from 'react';
-import { render, screen } from '@testing-library/react';
+import { screen } from '@testing-library/react';
 import { describe, it, expect } from 'vitest';
 import { StatCard } from './StatCard';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

 describe('StatCard', () => {
  it('should render the title and value correctly', () => {
-    render(<StatCard title="Test Stat" value="1,234" icon={<div data-testid="icon" />} />);
+    renderWithProviders(<StatCard title="Test Stat" value="1,234" icon={<div data-testid="icon" />} />);

    expect(screen.getByText('Test Stat')).toBeInTheDocument();
    expect(screen.getByText('1,234')).toBeInTheDocument();
  });

  it('should render the icon', () => {
-    render(
+    renderWithProviders(
      <StatCard title="Test Stat" value={100} icon={<div data-testid="test-icon">Icon</div>} />,
    );

--- a/src/pages/admin/components/SystemCheck.test.tsx
+++ b/src/pages/admin/components/SystemCheck.test.tsx
@@ -1,47 +1,18 @@
 // src/pages/admin/components/SystemCheck.test.tsx
 import React from 'react';
-import { render, screen, waitFor, cleanup, fireEvent, act } from '@testing-library/react';
+import { screen, waitFor, cleanup, fireEvent, act } from '@testing-library/react';
 import { describe, it, expect, vi, beforeEach, afterEach, type Mock } from 'vitest';
 import { SystemCheck } from './SystemCheck';
 import * as apiClient from '../../../services/apiClient';
 import toast from 'react-hot-toast';
 import { createMockUser } from '../../../tests/utils/mockFactories';
+import { renderWithProviders } from '../../../tests/utils/renderWithProviders';

-// Mock the entire apiClient module to ensure all exports are defined.
-// This is the primary fix for the error: [vitest] No "..." export is defined on the mock.
-vi.mock('../../../services/apiClient', () => ({
-  pingBackend: vi.fn(),
-  checkStorage: vi.fn(),
-  checkDbPoolHealth: vi.fn(),
-  checkPm2Status: vi.fn(),
-  checkRedisHealth: vi.fn(),
-  checkDbSchema: vi.fn(),
-  loginUser: vi.fn(),
-  triggerFailingJob: vi.fn(),
-  clearGeocodeCache: vi.fn(),
-}));
-
-// Get a type-safe mocked version of the apiClient module.
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
+// We can get a type-safe mocked version of the module to override functions for specific tests.
 const mockedApiClient = vi.mocked(apiClient);

-// Correct the relative path to the logger module.
-vi.mock('../../../services/logger', () => ({
-  logger: {
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-    debug: vi.fn(),
-  },
-}));
-
-// Mock toast to check for notifications
-vi.mock('react-hot-toast', () => ({
-  __esModule: true,
-  default: {
-    success: vi.fn(),
-    error: vi.fn(),
-  },
-}));
+// The logger and react-hot-toast are mocked globally.

 describe('SystemCheck', () => {
  // Store original env variable
@@ -100,7 +71,7 @@ describe('SystemCheck', () => {

  it('should render initial idle state and then run checks automatically on mount', async () => {
    setGeminiApiKey('mock-api-key');
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    // Initially, all checks should be in 'running' state due to auto-run
    // However, the API key check is synchronous and resolves immediately.
@@ -126,7 +97,7 @@ describe('SystemCheck', () => {

  it('should show API key as failed if GEMINI_API_KEY is not set', async () => {
    setGeminiApiKey(undefined);
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    // Wait for the specific error message to appear.
    expect(
@@ -139,7 +110,7 @@ describe('SystemCheck', () => {
  it('should show backend connection as failed if pingBackend fails', async () => {
    setGeminiApiKey('mock-api-key');
    (mockedApiClient.pingBackend as Mock).mockRejectedValueOnce(new Error('Network error'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('Network error')).toBeInTheDocument();
@@ -164,7 +135,7 @@ describe('SystemCheck', () => {
        new Response(JSON.stringify({ success: false, message: 'PM2 process not found' })),
      ),
    );
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('PM2 process not found')).toBeInTheDocument();
@@ -174,7 +145,7 @@ describe('SystemCheck', () => {
  it('should show database pool check as failed if checkDbPoolHealth fails', async () => {
    setGeminiApiKey('mock-api-key'); // This was missing
    mockedApiClient.checkDbPoolHealth.mockRejectedValueOnce(new Error('DB connection refused'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('DB connection refused')).toBeInTheDocument();
@@ -184,7 +155,7 @@ describe('SystemCheck', () => {
  it('should show Redis check as failed if checkRedisHealth fails', async () => {
    setGeminiApiKey('mock-api-key');
    mockedApiClient.checkRedisHealth.mockRejectedValueOnce(new Error('Redis connection refused'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('Redis connection refused')).toBeInTheDocument();
@@ -197,7 +168,7 @@ describe('SystemCheck', () => {
    mockedApiClient.checkDbPoolHealth.mockImplementationOnce(() =>
      Promise.reject(new Error('DB connection refused')),
    );
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      // Verify the specific "skipped" messages for DB-dependent checks
@@ -214,7 +185,7 @@ describe('SystemCheck', () => {
    mockedApiClient.checkDbSchema.mockImplementationOnce(() =>
      Promise.resolve(new Response(JSON.stringify({ success: false, message: 'Schema mismatch' }))),
    );
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('Schema mismatch')).toBeInTheDocument();
@@ -224,7 +195,7 @@ describe('SystemCheck', () => {
  it('should show seeded user check as failed if loginUser fails', async () => {
    setGeminiApiKey('mock-api-key');
    mockedApiClient.loginUser.mockRejectedValueOnce(new Error('Incorrect email or password'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(
@@ -236,7 +207,7 @@ describe('SystemCheck', () => {
  it('should show a generic failure message for other login errors', async () => {
    setGeminiApiKey('mock-api-key');
    mockedApiClient.loginUser.mockRejectedValueOnce(new Error('Server is on fire'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('Failed: Server is on fire')).toBeInTheDocument();
@@ -246,7 +217,7 @@ describe('SystemCheck', () => {
  it('should show storage directory check as failed if checkStorage fails', async () => {
    setGeminiApiKey('mock-api-key');
    mockedApiClient.checkStorage.mockRejectedValueOnce(new Error('Storage not writable'));
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      expect(screen.getByText('Storage not writable')).toBeInTheDocument();
@@ -262,7 +233,7 @@ describe('SystemCheck', () => {
    });
    mockedApiClient.pingBackend.mockImplementation(() => mockPromise);

-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    // The button text changes to "Running Checks..."
    const runningButton = screen.getByRole('button', { name: /running checks/i });
@@ -283,7 +254,7 @@ describe('SystemCheck', () => {

  it('should re-run checks when the "Re-run Checks" button is clicked', async () => {
    setGeminiApiKey('mock-api-key');
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    // Wait for initial auto-run to complete
    await waitFor(() => expect(screen.getByText(/finished in/i)).toBeInTheDocument());
@@ -328,7 +299,7 @@ describe('SystemCheck', () => {
    mockedApiClient.checkDbSchema.mockImplementationOnce(() =>
      Promise.resolve(new Response(JSON.stringify({ success: false, message: 'Schema mismatch' }))),
    );
-    const { container } = render(<SystemCheck />);
+    const { container } = renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      // Instead of test-ids, we check for the result: the icon's color class.
@@ -344,7 +315,7 @@ describe('SystemCheck', () => {

  it('should display elapsed time after checks complete', async () => {
    setGeminiApiKey('mock-api-key');
-    render(<SystemCheck />);
+    renderWithProviders(<SystemCheck />);

    await waitFor(() => {
      const elapsedTimeText = screen.getByText(/finished in \d+\.\d{2} seconds\./i);
@@ -357,7 +328,7 @@ describe('SystemCheck', () => {

  describe('Integration: Job Queue Retries', () => {
    it('should call triggerFailingJob and show a success toast', async () => {
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      const triggerButton = screen.getByRole('button', { name: /trigger failing job/i });
      fireEvent.click(triggerButton);

@@ -374,7 +345,7 @@ describe('SystemCheck', () => {
      });
      mockedApiClient.triggerFailingJob.mockImplementation(() => mockPromise);

-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      const triggerButton = screen.getByRole('button', { name: /trigger failing job/i });
      fireEvent.click(triggerButton);

@@ -390,7 +361,7 @@ describe('SystemCheck', () => {

    it('should show an error toast if triggering the job fails', async () => {
      mockedApiClient.triggerFailingJob.mockRejectedValueOnce(new Error('Queue is down'));
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      const triggerButton = screen.getByRole('button', { name: /trigger failing job/i });
      fireEvent.click(triggerButton);

@@ -403,7 +374,7 @@ describe('SystemCheck', () => {
      mockedApiClient.triggerFailingJob.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Server error' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      const triggerButton = screen.getByRole('button', { name: /trigger failing job/i });
      fireEvent.click(triggerButton);

@@ -420,7 +391,7 @@ describe('SystemCheck', () => {
    });

    it('should call clearGeocodeCache and show a success toast', async () => {
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      // Wait for checks to run and Redis to be OK
      await waitFor(() => expect(screen.getByText('Redis OK')).toBeInTheDocument());

@@ -435,7 +406,7 @@ describe('SystemCheck', () => {

    it('should show an error toast if clearing the cache fails', async () => {
      mockedApiClient.clearGeocodeCache.mockRejectedValueOnce(new Error('Redis is busy'));
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      await waitFor(() => expect(screen.getByText('Redis OK')).toBeInTheDocument());
      fireEvent.click(screen.getByRole('button', { name: /clear geocode cache/i }));
      await waitFor(() => expect(vi.mocked(toast).error).toHaveBeenCalledWith('Redis is busy'));
@@ -443,7 +414,7 @@ describe('SystemCheck', () => {

    it('should not call clearGeocodeCache if user cancels confirmation', async () => {
      vi.spyOn(window, 'confirm').mockReturnValue(false);
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      await waitFor(() => expect(screen.getByText('Redis OK')).toBeInTheDocument());

      const clearButton = screen.getByRole('button', { name: /clear geocode cache/i });
@@ -456,7 +427,7 @@ describe('SystemCheck', () => {
      mockedApiClient.clearGeocodeCache.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Cache clear failed' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);
      await waitFor(() => expect(screen.getByText('Redis OK')).toBeInTheDocument());

      fireEvent.click(screen.getByRole('button', { name: /clear geocode cache/i }));
@@ -470,7 +441,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkRedisHealth.mockResolvedValueOnce(
        new Response(JSON.stringify({ success: false, message: 'Redis down' })),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => expect(screen.getByText('Redis down')).toBeInTheDocument());

@@ -486,7 +457,7 @@ describe('SystemCheck', () => {
      mockedApiClient.pingBackend.mockResolvedValueOnce(
        new Response('unexpected response', { status: 200 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(
@@ -499,7 +470,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkStorage.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Permission denied' }), { status: 403 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('Permission denied')).toBeInTheDocument();
@@ -511,7 +482,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkDbSchema.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Schema check failed 500' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('Schema check failed 500')).toBeInTheDocument();
@@ -523,7 +494,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkDbPoolHealth.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'DB Pool check failed 500' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('DB Pool check failed 500')).toBeInTheDocument();
@@ -535,7 +506,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkPm2Status.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'PM2 check failed 500' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('PM2 check failed 500')).toBeInTheDocument();
@@ -547,7 +518,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkRedisHealth.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Redis check failed 500' }), { status: 500 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('Redis check failed 500')).toBeInTheDocument();
@@ -559,7 +530,7 @@ describe('SystemCheck', () => {
      mockedApiClient.checkRedisHealth.mockResolvedValueOnce(
        new Response(JSON.stringify({ success: false, message: 'Redis is down' })),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('Redis is down')).toBeInTheDocument();
@@ -571,7 +542,7 @@ describe('SystemCheck', () => {
      mockedApiClient.loginUser.mockResolvedValueOnce(
        new Response(JSON.stringify({ message: 'Invalid credentials' }), { status: 401 }),
      );
-      render(<SystemCheck />);
+      renderWithProviders(<SystemCheck />);

      await waitFor(() => {
        expect(screen.getByText('Failed: Invalid credentials')).toBeInTheDocument();
--- a/src/providers/ApiProvider.test.tsx
+++ b/src/providers/ApiProvider.test.tsx
@@ -6,14 +6,8 @@ import { ApiProvider } from './ApiProvider';
 import { ApiContext } from '../contexts/ApiContext';
 import * as apiClient from '../services/apiClient';

-// Mock the apiClient module.
-// Since ApiProvider and ApiContext import * as apiClient, mocking it ensures
-// we control the reference identity and can verify it's being passed correctly.
-vi.mock('../services/apiClient', () => ({
-  fetchFlyers: vi.fn(),
-  fetchMasterItems: vi.fn(),
-  // Add other mocked methods as needed for the shape to be valid-ish
-}));
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
+// This test verifies that the ApiProvider correctly provides this mocked module.

 describe('ApiProvider & ApiContext', () => {
  const TestConsumer = () => {
--- a/src/providers/AppProviders.test.tsx
+++ b/src/providers/AppProviders.test.tsx
@@ -0,0 +1,72 @@
+// src/providers/AppProviders.test.tsx
+import React from 'react';
+import { render, screen } from '@testing-library/react';
+import { describe, it, expect, vi } from 'vitest';
+import { AppProviders } from './AppProviders';
+
+// Mock all the providers to avoid their side effects and isolate AppProviders logic.
+// We render a simple div with a data-testid for each to verify nesting.
+vi.mock('./ModalProvider', () => ({
+  ModalProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="modal-provider">{children}</div>
+  ),
+}));
+
+vi.mock('./AuthProvider', () => ({
+  AuthProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="auth-provider">{children}</div>
+  ),
+}));
+
+vi.mock('./FlyersProvider', () => ({
+  FlyersProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="flyers-provider">{children}</div>
+  ),
+}));
+
+vi.mock('./MasterItemsProvider', () => ({
+  MasterItemsProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="master-items-provider">{children}</div>
+  ),
+}));
+
+vi.mock('./UserDataProvider', () => ({
+  UserDataProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="user-data-provider">{children}</div>
+  ),
+}));
+
+describe('AppProviders', () => {
+  it('renders children correctly', () => {
+    render(
+      <AppProviders>
+        <div data-testid="test-child">Test Child</div>
+      </AppProviders>,
+    );
+
+    expect(screen.getByTestId('test-child')).toBeInTheDocument();
+    expect(screen.getByText('Test Child')).toBeInTheDocument();
+  });
+
+  it('renders providers in the correct nesting order', () => {
+    render(
+      <AppProviders>
+        <div data-testid="test-child">Test Child</div>
+      </AppProviders>,
+    );
+
+    const modalProvider = screen.getByTestId('modal-provider');
+    const authProvider = screen.getByTestId('auth-provider');
+    const flyersProvider = screen.getByTestId('flyers-provider');
+    const masterItemsProvider = screen.getByTestId('master-items-provider');
+    const userDataProvider = screen.getByTestId('user-data-provider');
+    const child = screen.getByTestId('test-child');
+
+    // Verify nesting structure: Modal -> Auth -> Flyers -> MasterItems -> UserData -> Child
+    expect(modalProvider).toContainElement(authProvider);
+    expect(authProvider).toContainElement(flyersProvider);
+    expect(flyersProvider).toContainElement(masterItemsProvider);
+    expect(masterItemsProvider).toContainElement(userDataProvider);
+    expect(userDataProvider).toContainElement(child);
+  });
+});
--- a/src/providers/AuthProvider.test.tsx
+++ b/src/providers/AuthProvider.test.tsx
@@ -0,0 +1,245 @@
+// src/providers/AuthProvider.test.tsx
+import React, { useContext, useState } from 'react';
+import { render, screen, waitFor, fireEvent, act } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach, type Mocked } from 'vitest';
+import { AuthProvider } from './AuthProvider';
+import { AuthContext } from '../contexts/AuthContext';
+import * as tokenStorage from '../services/tokenStorage';
+import { createMockUserProfile } from '../tests/utils/mockFactories';
+import * as apiClient from '../services/apiClient';
+
+// Mocks
+// The apiClient is mocked globally in `src/tests/setup/globalApiMock.ts`.
+vi.mock('../services/tokenStorage');
+vi.mock('../services/logger.client', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+}));
+
+const mockedApiClient = vi.mocked(apiClient);
+const mockedTokenStorage = tokenStorage as Mocked<typeof tokenStorage>;
+
+const mockProfile = createMockUserProfile({
+  user: { user_id: 'user-123', email: 'test@example.com' },
+});
+
+// A simple consumer component to access and display context values
+const TestConsumer = () => {
+  const context = useContext(AuthContext);
+  const [error, setError] = useState<string | null>(null);
+  if (!context) {
+    return <div>No Context</div>;
+  }
+
+  const handleLoginWithoutProfile = async () => {
+    try {
+      await context.login('test-token-no-profile');
+    } catch (e) {
+      setError(e instanceof Error ? e.message : String(e));
+    }
+  };
+
+  return (
+    <div>
+      <div data-testid="auth-status">{context.authStatus}</div>
+      <div data-testid="user-email">{context.userProfile?.user.email ?? 'No User'}</div>
+      <div data-testid="is-loading">{context.isLoading.toString()}</div>
+      {error && <div data-testid="error-display">{error}</div>}
+      <button onClick={() => context.login('test-token', mockProfile)}>Login with Profile</button>
+      <button onClick={handleLoginWithoutProfile}>Login without Profile</button>
+      <button onClick={context.logout}>Logout</button>
+      <button onClick={() => context.updateProfile({ full_name: 'Updated Name' })}>
+        Update Profile
+      </button>
+    </div>
+  );
+};
+
+const renderWithProvider = () => {
+  return render(
+    <AuthProvider>
+      <TestConsumer />
+    </AuthProvider>,
+  );
+};
+
+describe('AuthProvider', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('should start in "Determining..." state and transition to "SIGNED_OUT" if no token exists', async () => {
+    mockedTokenStorage.getToken.mockReturnValue(null);
+    renderWithProvider();
+
+    // The transition happens synchronously in the effect when no token is present,
+    // so 'Determining...' might be skipped or flashed too quickly for the test runner.
+    // We check that it settles correctly.
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+      expect(screen.getByTestId('is-loading')).toHaveTextContent('false');
+    });
+
+    expect(mockedApiClient.getAuthenticatedUserProfile).not.toHaveBeenCalled();
+  });
+
+  it('should transition to "AUTHENTICATED" if a valid token exists', async () => {
+    mockedTokenStorage.getToken.mockReturnValue('valid-token');
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue(
+      new Response(JSON.stringify(mockProfile)),
+    );
+
+    renderWithProvider();
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED');
+      expect(screen.getByTestId('user-email')).toHaveTextContent('test@example.com');
+      expect(screen.getByTestId('is-loading')).toHaveTextContent('false');
+    });
+
+    expect(mockedApiClient.getAuthenticatedUserProfile).toHaveBeenCalledTimes(1);
+  });
+
+  it('should handle token validation failure by signing out', async () => {
+    mockedTokenStorage.getToken.mockReturnValue('invalid-token');
+    mockedApiClient.getAuthenticatedUserProfile.mockRejectedValue(new Error('Invalid Token'));
+
+    renderWithProvider();
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+    });
+
+    expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+  });
+
+  it('should handle a valid token that returns no profile by signing out', async () => {
+    // This test covers lines 51-55
+    mockedTokenStorage.getToken.mockReturnValue('valid-token-no-profile');
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue(
+      new Response(JSON.stringify(null)),
+    );
+
+    renderWithProvider();
+
+    expect(screen.getByTestId('auth-status')).toHaveTextContent('Determining...');
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+    });
+
+    expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+    expect(screen.getByTestId('user-email')).toHaveTextContent('No User');
+    expect(screen.getByTestId('is-loading')).toHaveTextContent('false');
+  });
+
+  it('should log in a user with provided profile data', async () => {
+    mockedTokenStorage.getToken.mockReturnValue(null);
+    renderWithProvider();
+    await waitFor(() => expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT'));
+
+    const loginButton = screen.getByRole('button', { name: 'Login with Profile' });
+    await act(async () => {
+      fireEvent.click(loginButton);
+    });
+
+    expect(mockedTokenStorage.setToken).toHaveBeenCalledWith('test-token');
+    expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED');
+    expect(screen.getByTestId('user-email')).toHaveTextContent('test@example.com');
+    // API should not be called if profile is provided
+    expect(mockedApiClient.getAuthenticatedUserProfile).not.toHaveBeenCalled();
+  });
+
+  it('should log in a user and fetch profile if not provided', async () => {
+    mockedTokenStorage.getToken.mockReturnValue(null);
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue(
+      new Response(JSON.stringify(mockProfile)),
+    );
+    renderWithProvider();
+    await waitFor(() => expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT'));
+
+    const loginButton = screen.getByRole('button', { name: 'Login without Profile' });
+    await act(async () => {
+      fireEvent.click(loginButton);
+    });
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED');
+      expect(screen.getByTestId('user-email')).toHaveTextContent('test@example.com');
+    });
+
+    expect(mockedTokenStorage.setToken).toHaveBeenCalledWith('test-token-no-profile');
+    expect(mockedApiClient.getAuthenticatedUserProfile).toHaveBeenCalledTimes(1);
+  });
+
+  it('should throw an error and log out if profile fetch fails after login', async () => {
+    // This test covers lines 109-111
+    mockedTokenStorage.getToken.mockReturnValue(null);
+    const fetchError = new Error('API is down');
+    mockedApiClient.getAuthenticatedUserProfile.mockRejectedValue(fetchError);
+
+    renderWithProvider();
+
+    await waitFor(() => {
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+    });
+
+    const loginButton = screen.getByRole('button', { name: 'Login without Profile' });
+
+    // Click the button that triggers the failing login
+    fireEvent.click(loginButton);
+
+    // After the error is thrown, the state should be rolled back
+    await waitFor(() => {
+      // The error is now caught and displayed by the TestConsumer
+      expect(screen.getByTestId('error-display')).toHaveTextContent(
+        'Login succeeded, but failed to fetch your data: Received null or undefined profile from API.',
+      );
+
+      expect(mockedTokenStorage.setToken).toHaveBeenCalledWith('test-token-no-profile');
+      expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+    });
+  });
+
+  it('should log out the user', async () => {
+    mockedTokenStorage.getToken.mockReturnValue('valid-token');
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue(
+      new Response(JSON.stringify(mockProfile)),
+    );
+    renderWithProvider();
+    await waitFor(() => expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED'));
+
+    const logoutButton = screen.getByRole('button', { name: 'Logout' });
+    fireEvent.click(logoutButton);
+
+    expect(screen.getByTestId('auth-status')).toHaveTextContent('SIGNED_OUT');
+    expect(screen.getByTestId('user-email')).toHaveTextContent('No User');
+    expect(mockedTokenStorage.removeToken).toHaveBeenCalled();
+  });
+
+  it('should update the user profile', async () => {
+    mockedTokenStorage.getToken.mockReturnValue('valid-token');
+    mockedApiClient.getAuthenticatedUserProfile.mockResolvedValue(
+      new Response(JSON.stringify(mockProfile)),
+    );
+    renderWithProvider();
+    await waitFor(() => expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED'));
+
+    const updateButton = screen.getByRole('button', { name: 'Update Profile' });
+    fireEvent.click(updateButton);
+
+    await waitFor(() => {
+      // The profile object is internal, so we can't directly check it.
+      // A good proxy is to see if a component that uses it would re-render.
+      // Since our consumer doesn't display the name, we just confirm the function was called.
+      // In a real app, we'd check the updated UI element.
+      expect(screen.getByTestId('auth-status')).toHaveTextContent('AUTHENTICATED');
+    });
+  });
+});
--- a/src/providers/AuthProvider.tsx
+++ b/src/providers/AuthProvider.tsx
@@ -15,7 +15,7 @@ export const AuthProvider: React.FC<{ children: ReactNode }> = ({ children }) =>
  // FIX: Stabilize the apiFunction passed to useApi.
  // By wrapping this in useCallback, we ensure the same function instance is passed to
  // useApi on every render. This prevents the `execute` function returned by `useApi`
-  // from being recreated, which in turn breaks the infinite re-render loop in the useEffect below.
+  // from being recreated, which in turn breaks the infinite re-render loop in the useEffect.
  const getProfileCallback = useCallback(() => apiClient.getAuthenticatedUserProfile(), []);

  const { execute: checkTokenApi } = useApi<UserProfile, []>(getProfileCallback);
--- a/src/providers/FlyersProvider.tsx
+++ b/src/providers/FlyersProvider.tsx
@@ -4,17 +4,21 @@ import { FlyersContext, FlyersContextType } from '../contexts/FlyersContext';
 import type { Flyer } from '../types';
 import * as apiClient from '../services/apiClient';
 import { useInfiniteQuery } from '../hooks/useInfiniteQuery';
+import { useCallback } from 'react';

 export const FlyersProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
+  // Memoize the fetch function to ensure stability for the useInfiniteQuery hook.
+  const fetchFlyersFn = useCallback(apiClient.fetchFlyers, []);
+
  const {
    data: flyers,
-    isLoading: isLoadingFlyers,
+    isLoading: isLoadingFlyers,    
    error: flyersError,
    fetchNextPage: fetchNextFlyersPage,
    hasNextPage: hasNextFlyersPage,
    refetch: refetchFlyers,
    isRefetching: isRefetchingFlyers,
-  } = useInfiniteQuery<Flyer>(apiClient.fetchFlyers);
+  } = useInfiniteQuery<Flyer>(fetchFlyersFn);

  const value: FlyersContextType = {
    flyers: flyers || [],
@@ -26,5 +30,5 @@ export const FlyersProvider: React.FC<{ children: ReactNode }> = ({ children })
    refetchFlyers,
  };

-  return <FlyersContext.Provider value={value}>{children}</FlyersContext.Provider>;
+ return <FlyersContext.Provider value={value}>{children}</FlyersContext.Provider>;
 };
--- a/src/providers/MasterItemsProvider.tsx
+++ b/src/providers/MasterItemsProvider.tsx
@@ -1,14 +1,22 @@
 // src/providers/MasterItemsProvider.tsx
-import React, { ReactNode, useMemo } from 'react';
+import React, { ReactNode, useMemo, useEffect, useCallback } from 'react';
 import { MasterItemsContext } from '../contexts/MasterItemsContext';
 import type { MasterGroceryItem } from '../types';
 import * as apiClient from '../services/apiClient';
 import { useApiOnMount } from '../hooks/useApiOnMount';
+import { logger } from '../services/logger.client';

 export const MasterItemsProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
-  const { data, loading, error } = useApiOnMount<MasterGroceryItem[], []>(() =>
-    apiClient.fetchMasterItems(),
-  );
+  // LOGGING: Check if the provider is unmounting/remounting repeatedly
+  useEffect(() => {
+    logger.debug('MasterItemsProvider: MOUNTED');
+    return () => logger.debug('MasterItemsProvider: UNMOUNTED');
+  }, []);
+
+  // Memoize the fetch function to ensure stability for the useApiOnMount hook.
+  const fetchFn = useCallback(() => apiClient.fetchMasterItems(), []);
+
+  const { data, loading, error } = useApiOnMount<MasterGroceryItem[], []>(fetchFn);

  const value = useMemo(
    () => ({
--- a/src/providers/UserDataProvider.tsx
+++ b/src/providers/UserDataProvider.tsx
@@ -1,5 +1,6 @@
 // src/providers/UserDataProvider.tsx
-import React, { useState, useEffect, useMemo, ReactNode } from 'react';
+import { logger } from '../services/logger.client';
+import React, { useState, useEffect, useMemo, ReactNode, useCallback } from 'react';
 import { UserDataContext } from '../contexts/UserDataContext';
 import type { MasterGroceryItem, ShoppingList } from '../types';
 import * as apiClient from '../services/apiClient';
@@ -9,18 +10,25 @@ import { useAuth } from '../hooks/useAuth';
 export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }) => {
  const { userProfile } = useAuth();

+  // Wrap the API calls in useCallback to prevent unnecessary re-renders.
+  const fetchWatchedItemsFn = useCallback(
+    () => apiClient.fetchWatchedItems(),
+    [],
+  );
+  const fetchShoppingListsFn = useCallback(() => apiClient.fetchShoppingLists(), []);
+
  const {
    data: watchedItemsData,
    loading: isLoadingWatched,
    error: watchedItemsError,
-  } = useApiOnMount<MasterGroceryItem[], []>(() => apiClient.fetchWatchedItems(), [userProfile], {
+  } = useApiOnMount<MasterGroceryItem[], []>(fetchWatchedItemsFn, [userProfile], {
    enabled: !!userProfile,
  });
  const {
    data: shoppingListsData,
-    loading: isLoadingShoppingLists,
+    loading: isLoadingShoppingLists,    
    error: shoppingListsError,
-  } = useApiOnMount<ShoppingList[], []>(() => apiClient.fetchShoppingLists(), [userProfile], {
+  } = useApiOnMount<ShoppingList[], []>(fetchShoppingListsFn, [userProfile], {
    enabled: !!userProfile,
  });

@@ -32,7 +40,7 @@ export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }
  useEffect(() => {
    // When the user logs out (user becomes null), immediately clear all user-specific data.
    // This also serves to clear out old data when a new user logs in, before their new data arrives.
-    if (!userProfile) {
+ if (!userProfile) {
      setWatchedItems([]);
      setShoppingLists([]);
      return;
@@ -60,7 +68,7 @@ export const UserDataProvider: React.FC<{ children: ReactNode }> = ({ children }
      watchedItemsError,
      shoppingListsError,
    ],
-  );
+ );

  return <UserDataContext.Provider value={value}>{children}</UserDataContext.Provider>;
 };
--- a/src/routes/admin.content.routes.test.ts
+++ b/src/routes/admin.content.routes.test.ts
@@ -1,12 +1,14 @@
 // src/routes/admin.content.routes.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterAll } from 'vitest';
 import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
+import path from 'path';
 import {
  createMockUserProfile,
  createMockSuggestedCorrection,
  createMockBrand,
  createMockRecipe,
+  createMockFlyer,
  createMockRecipeComment,
  createMockUnmatchedFlyerItem,
 } from '../tests/utils/mockFactories';
@@ -14,6 +16,7 @@ import type { SuggestedCorrection, Brand, UserProfile, UnmatchedFlyerItem } from
 import { NotFoundError } from '../services/db/errors.db'; // This can stay, it's a type/class not a module with side effects.
 import fs from 'node:fs/promises';
 import { createTestApp } from '../tests/utils/createTestApp';
+import { cleanupFiles } from '../tests/utils/cleanupFiles';

 // Mock the file upload middleware to allow testing the controller's internal check
 vi.mock('../middleware/fileUpload.middleware', () => ({
@@ -38,9 +41,11 @@ const { mockedDb } = vi.hoisted(() => {
        rejectCorrection: vi.fn(),
        updateSuggestedCorrection: vi.fn(),
        getUnmatchedFlyerItems: vi.fn(),
+        getFlyersForReview: vi.fn(), // Added for flyer review tests
        updateRecipeStatus: vi.fn(),
        updateRecipeCommentStatus: vi.fn(),
        updateBrandLogo: vi.fn(),
+        getApplicationStats: vi.fn(),
      },
      flyerRepo: {
        getAllBrands: vi.fn(),
@@ -73,10 +78,12 @@ vi.mock('node:fs/promises', () => ({
  // Named exports
  writeFile: vi.fn().mockResolvedValue(undefined),
  unlink: vi.fn().mockResolvedValue(undefined),
+  mkdir: vi.fn().mockResolvedValue(undefined),
  // FIX: Add default export to handle `import fs from ...` syntax.
  default: {
    writeFile: vi.fn().mockResolvedValue(undefined),
    unlink: vi.fn().mockResolvedValue(undefined),
+    mkdir: vi.fn().mockResolvedValue(undefined),
  },
 }));
 vi.mock('../services/backgroundJobService');
@@ -135,6 +142,26 @@ describe('Admin Content Management Routes (/api/admin)', () => {
    vi.clearAllMocks();
  });

+  afterAll(async () => {
+    // Safeguard to clean up any logo files created during tests.
+    const uploadDir = path.resolve(__dirname, '../../../flyer-images');
+    try {
+      const allFiles = await fs.readdir(uploadDir);
+      // Files are named like 'logoImage-timestamp-original.ext'
+      const testFiles = allFiles
+        .filter((f) => f.startsWith('logoImage-'))
+        .map((f) => path.join(uploadDir, f));
+
+      if (testFiles.length > 0) {
+        await cleanupFiles(testFiles);
+      }
+    } catch (error) {
+      if (error instanceof Error && (error as NodeJS.ErrnoException).code !== 'ENOENT') {
+        console.error('Error during admin content test file cleanup:', error);
+      }
+    }
+  });
+
  describe('Corrections Routes', () => {
    it('GET /corrections should return corrections data', async () => {
      const mockCorrections: SuggestedCorrection[] = [
@@ -225,6 +252,39 @@ describe('Admin Content Management Routes (/api/admin)', () => {
    });
  });

+  describe('Flyer Review Routes', () => {
+    it('GET /review/flyers should return flyers for review', async () => {
+      const mockFlyers = [
+        createMockFlyer({ flyer_id: 1, status: 'needs_review' }),
+        createMockFlyer({ flyer_id: 2, status: 'needs_review' }),
+      ];
+      vi.mocked(mockedDb.adminRepo.getFlyersForReview).mockResolvedValue(mockFlyers);
+      const response = await supertest(app).get('/api/admin/review/flyers');
+      expect(response.status).toBe(200);
+      expect(response.body).toEqual(mockFlyers);
+      expect(vi.mocked(mockedDb.adminRepo.getFlyersForReview)).toHaveBeenCalledWith(
+        expect.anything(),
+      );
+    });
+
+    it('GET /review/flyers should return 500 on DB error', async () => {
+      vi.mocked(mockedDb.adminRepo.getFlyersForReview).mockRejectedValue(new Error('DB Error'));
+      const response = await supertest(app).get('/api/admin/review/flyers');
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('DB Error');
+    });
+  });
+
+  describe('Stats Routes', () => {
+    // This test covers the error path for GET /stats
+    it('GET /stats should return 500 on DB error', async () => {
+      vi.mocked(mockedDb.adminRepo.getApplicationStats).mockRejectedValue(new Error('DB Error'));
+      const response = await supertest(app).get('/api/admin/stats');
+      expect(response.status).toBe(500);
+      expect(response.body.message).toBe('DB Error');
+    });
+  });
+
  describe('Brand Routes', () => {
    it('GET /brands should return a list of all brands', async () => {
      const mockBrands: Brand[] = [createMockBrand({ brand_id: 1, name: 'Brand A' })];
@@ -282,6 +342,16 @@ describe('Admin Content Management Routes (/api/admin)', () => {
      expect(fs.unlink).toHaveBeenCalledWith(expect.stringContaining('logoImage-'));
    });

+    it('POST /brands/:id/logo should return 400 if a non-image file is uploaded', async () => {
+      const brandId = 55;
+      const response = await supertest(app)
+        .post(`/api/admin/brands/${brandId}/logo`)
+        .attach('logoImage', Buffer.from('this is not an image'), 'document.txt');
+      expect(response.status).toBe(400);
+      // This message comes from the handleMulterError middleware for the imageFileFilter
+      expect(response.body.message).toBe('Only image files are allowed!');
+    });
+
    it('POST /brands/:id/logo should return 400 for an invalid brand ID', async () => {
      const response = await supertest(app)
        .post('/api/admin/brands/abc/logo')
--- a/src/routes/admin.jobs.routes.test.ts
+++ b/src/routes/admin.jobs.routes.test.ts
@@ -11,6 +11,8 @@ import { createTestApp } from '../tests/utils/createTestApp';
 vi.mock('../services/backgroundJobService', () => ({
  backgroundJobService: {
    runDailyDealCheck: vi.fn(),
+    triggerAnalyticsReport: vi.fn(),
+    triggerWeeklyAnalyticsReport: vi.fn(),
  },
 }));

@@ -142,22 +144,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/analytics-report', () => {
    it('should trigger the analytics report job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-report-job-123' } as Job;
-      vi.mocked(analyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockResolvedValue('manual-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/analytics-report');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Analytics report generation job has been enqueued');
-      expect(analyticsQueue.add).toHaveBeenCalledWith(
-        'generate-daily-report',
-        expect.objectContaining({ reportDate: expect.any(String) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the analytics job fails', async () => {
-      vi.mocked(analyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/analytics-report');
      expect(response.status).toBe(500);
    });
@@ -165,22 +162,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {

  describe('POST /trigger/weekly-analytics', () => {
    it('should trigger the weekly analytics job and return 202 Accepted', async () => {
-      const mockJob = { id: 'manual-weekly-report-job-123' } as Job;
-      vi.mocked(weeklyAnalyticsQueue.add).mockResolvedValue(mockJob);
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockResolvedValue('manual-weekly-report-job-123');

      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');

      expect(response.status).toBe(202);
      expect(response.body.message).toContain('Successfully enqueued weekly analytics job');
-      expect(weeklyAnalyticsQueue.add).toHaveBeenCalledWith(
-        'generate-weekly-report',
-        expect.objectContaining({ reportYear: expect.any(Number), reportWeek: expect.any(Number) }),
-        expect.any(Object),
-      );
+      expect(backgroundJobService.triggerWeeklyAnalyticsReport).toHaveBeenCalledTimes(1);
    });

    it('should return 500 if enqueuing the weekly analytics job fails', async () => {
-      vi.mocked(weeklyAnalyticsQueue.add).mockRejectedValue(new Error('Queue error'));
+      vi.mocked(backgroundJobService.triggerWeeklyAnalyticsReport).mockRejectedValue(new Error('Queue error'));
      const response = await supertest(app).post('/api/admin/trigger/weekly-analytics');
      expect(response.status).toBe(500);
    });
@@ -242,15 +234,17 @@ describe('Admin Job Trigger Routes (/api/admin/trigger)', () => {
      expect(response.status).toBe(400);
    });

-    it('should return 404 if the queue name is valid but not in the retry map', async () => {
-      const queueName = 'weekly-analytics-reporting'; // This is in the Zod enum but not the queueMap
+    it('should return 404 if the job ID is not found in the weekly-analytics-reporting queue', async () => {
+      const queueName = 'weekly-analytics-reporting';
      const jobId = 'some-job-id';

+      // Ensure getJob returns undefined (not found)
+      vi.mocked(weeklyAnalyticsQueue.getJob).mockResolvedValue(undefined);
+
      const response = await supertest(app).post(`/api/admin/jobs/${queueName}/${jobId}/retry`);

-      // The route throws a NotFoundError, which the error handler should convert to a 404.
      expect(response.status).toBe(404);
-      expect(response.body.message).toBe(`Queue 'weekly-analytics-reporting' not found.`);
+      expect(response.body.message).toBe(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
    });

    it('should return 404 if the job ID is not found in the queue', async () => {
--- a/src/routes/admin.routes.ts
+++ b/src/routes/admin.routes.ts
@@ -20,49 +20,25 @@ import { validateRequest } from '../middleware/validation.middleware';
 import { createBullBoard } from '@bull-board/api';
 import { BullMQAdapter } from '@bull-board/api/bullMQAdapter';
 import { ExpressAdapter } from '@bull-board/express';
-
-import type { Queue } from 'bullmq';
 import { backgroundJobService } from '../services/backgroundJobService';
-import {
-  flyerQueue,
-  emailQueue,
-  analyticsQueue,
-  cleanupQueue,
-  weeklyAnalyticsQueue,
-} from '../services/queueService.server'; // Import your queues
-import {
-  analyticsWorker,
-  cleanupWorker,
-  emailWorker,
-  flyerWorker,
-  weeklyAnalyticsWorker,
-} from '../services/workers.server';
+import { flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue } from '../services/queueService.server';
 import { getSimpleWeekAndYear } from '../utils/dateUtils';
 import {
  requiredString,
  numericIdParam,
  uuidParamSchema,
  optionalNumeric,
+  optionalString,
 } from '../utils/zodUtils';
-import { logger } from '../services/logger.server';
-import fs from 'node:fs/promises';
-
-/**
- * Safely deletes a file from the filesystem, ignoring errors if the file doesn't exist.
- * @param file The multer file object to delete.
- */
-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.unlink(file.path);
-  } catch (err) {
-    logger.warn({ err, filePath: file.path }, 'Failed to clean up uploaded logo file.');
-  }
-};
+import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
+import { monitoringService } from '../services/monitoringService.server';
+import { userService } from '../services/userService';
+import { cleanupUploadedFile } from '../utils/fileUtils';
+import { brandService } from '../services/brandService';

 const updateCorrectionSchema = numericIdParam('id').extend({
  body: z.object({
-    suggested_value: requiredString('A new suggested_value is required.'),
+    suggested_value: z.string().trim().min(1, 'A new suggested_value is required.'),
  }),
 });

@@ -100,13 +76,19 @@ const jobRetrySchema = z.object({
      'file-cleanup',
      'weekly-analytics-reporting',
    ]),
-    jobId: requiredString('A valid Job ID is required.'),
+    jobId: z.string().trim().min(1, 'A valid Job ID is required.'),
  }),
 });

+const emptySchema = z.object({});
+
 const router = Router();

-const upload = createUploadMiddleware({ storageType: 'flyer' });
+const brandLogoUpload = createUploadMiddleware({
+  storageType: 'flyer', // Using flyer storage path is acceptable for brand logos.
+  fileSize: 2 * 1024 * 1024, // 2MB limit for logos
+  fileFilter: 'image',
+});

 // --- Bull Board (Job Queue UI) Setup ---
 const serverAdapter = new ExpressAdapter();
@@ -138,7 +120,7 @@ router.use(passport.authenticate('jwt', { session: false }), isAdmin);

 // --- Admin Routes ---

-router.get('/corrections', async (req, res, next: NextFunction) => {
+router.get('/corrections', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const corrections = await db.adminRepo.getSuggestedCorrections(req.log);
    res.json(corrections);
@@ -148,7 +130,19 @@ router.get('/corrections', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/brands', async (req, res, next: NextFunction) => {
+router.get('/review/flyers', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
+  try {
+    req.log.debug('Fetching flyers for review via adminRepo');
+    const flyers = await db.adminRepo.getFlyersForReview(req.log);
+    req.log.info({ count: Array.isArray(flyers) ? flyers.length : 'unknown' }, 'Successfully fetched flyers for review');
+    res.json(flyers);
+  } catch (error) {
+    logger.error({ error }, 'Error fetching flyers for review');
+    next(error);
+  }
+});
+
+router.get('/brands', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const brands = await db.flyerRepo.getAllBrands(req.log);
    res.json(brands);
@@ -158,7 +152,7 @@ router.get('/brands', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats', async (req, res, next: NextFunction) => {
+router.get('/stats', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const stats = await db.adminRepo.getApplicationStats(req.log);
    res.json(stats);
@@ -168,7 +162,7 @@ router.get('/stats', async (req, res, next: NextFunction) => {
  }
 });

-router.get('/stats/daily', async (req, res, next: NextFunction) => {
+router.get('/stats/daily', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const dailyStats = await db.adminRepo.getDailyStatsForLast30Days(req.log);
    res.json(dailyStats);
@@ -249,10 +243,9 @@ router.put(
 router.post(
  '/brands/:id/logo',
  validateRequest(numericIdParam('id')),
-  upload.single('logoImage'),
+  brandLogoUpload.single('logoImage'),
  requireFileUpload('logoImage'),
  async (req: Request, res: Response, next: NextFunction) => {
-    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof numericIdParam>>;
    try {
      // Although requireFileUpload middleware should ensure the file exists,
@@ -260,9 +253,8 @@ router.post(
      if (!req.file) {
        throw new ValidationError([], 'Logo image file is missing.');
      }
-      // The storage path is 'flyer-images', so the URL should reflect that for consistency.
-      const logoUrl = `/flyer-images/${req.file.filename}`;
-      await db.adminRepo.updateBrandLogo(params.id, logoUrl, req.log);
+
+      const logoUrl = await brandService.updateBrandLogo(params.id, req.file, req.log);

      logger.info({ brandId: params.id, logoUrl }, `Brand logo updated for brand ID: ${params.id}`);
      res.status(200).json({ message: 'Brand logo updated successfully.', logoUrl });
@@ -276,7 +268,7 @@ router.post(
  },
 );

-router.get('/unmatched-items', async (req, res, next: NextFunction) => {
+router.get('/unmatched-items', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const items = await db.adminRepo.getUnmatchedFlyerItems(req.log);
    res.json(items);
@@ -346,7 +338,7 @@ router.put(
  },
 );

-router.get('/users', async (req, res, next: NextFunction) => {
+router.get('/users', validateRequest(emptySchema), async (req, res, next: NextFunction) => {
  try {
    const users = await db.adminRepo.getAllUsers(req.log);
    res.json(users);
@@ -361,14 +353,11 @@ router.get(
  validateRequest(activityLogSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    // Apply ADR-003 pattern for type safety.
-    // We explicitly coerce query params here because the validation middleware might not
-    // replace req.query with the coerced values in all environments.
-    const query = req.query as unknown as { limit?: string; offset?: string };
-    const limit = query.limit ? Number(query.limit) : 50;
-    const offset = query.offset ? Number(query.offset) : 0;
+    // We parse the query here to apply Zod's coercions (string to number) and defaults.
+    const { limit, offset } = activityLogSchema.shape.query.parse(req.query);

    try {
-      const logs = await db.adminRepo.getActivityLog(limit, offset, req.log);
+      const logs = await db.adminRepo.getActivityLog(limit!, offset!, req.log);
      res.json(logs);
    } catch (error) {
      logger.error({ error }, 'Error fetching activity log');
@@ -417,10 +406,7 @@ router.delete(
    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as z.infer<ReturnType<typeof uuidParamSchema>>;
    try {
-      if (userProfile.user.user_id === params.id) {
-        throw new ValidationError([], 'Admins cannot delete their own account.');
-      }
-      await db.userRepo.deleteUserById(params.id, req.log);
+      await userService.deleteUserAsAdmin(userProfile.user.user_id, params.id, req.log);
      res.status(204).send();
    } catch (error) {
      logger.error({ error }, 'Error deleting user');
@@ -435,6 +421,7 @@ router.delete(
 */
 router.post(
  '/trigger/daily-deal-check',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -462,6 +449,7 @@ router.post(
 */
 router.post(
  '/trigger/analytics-report',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -469,14 +457,9 @@ router.post(
    );

    try {
-      const reportDate = new Date().toISOString().split('T')[0]; // YYYY-MM-DD
-      // Use a unique job ID for manual triggers to distinguish them from scheduled jobs.
-      const jobId = `manual-report-${reportDate}-${Date.now()}`;
-
-      const job = await analyticsQueue.add('generate-daily-report', { reportDate }, { jobId });
-
+      const jobId = await backgroundJobService.triggerAnalyticsReport();
      res.status(202).json({
-        message: `Analytics report generation job has been enqueued successfully. Job ID: ${job.id}`,
+        message: `Analytics report generation job has been enqueued successfully. Job ID: ${jobId}`,
      });
    } catch (error) {
      logger.error({ error }, '[Admin] Failed to enqueue analytics report job.');
@@ -517,7 +500,10 @@ router.post(
 * POST /api/admin/trigger/failing-job - Enqueue a test job designed to fail.
 * This is for testing the retry mechanism and Bull Board UI.
 */
-router.post('/trigger/failing-job', async (req: Request, res: Response, next: NextFunction) => {
+router.post(
+  '/trigger/failing-job',
+  validateRequest(emptySchema),
+  async (req: Request, res: Response, next: NextFunction) => {
  const userProfile = req.user as UserProfile;
  logger.info(
    `[Admin] Manual trigger for a failing job received from user: ${userProfile.user.user_id}`,
@@ -533,7 +519,8 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
    logger.error({ error }, 'Error enqueuing failing job');
    next(error);
  }
-});
+}
+);

 /**
 * POST /api/admin/system/clear-geocode-cache - Clears the Redis cache for geocoded addresses.
@@ -541,6 +528,7 @@ router.post('/trigger/failing-job', async (req: Request, res: Response, next: Ne
 */
 router.post(
  '/system/clear-geocode-cache',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile;
    logger.info(
@@ -563,44 +551,23 @@ router.post(
 * GET /api/admin/workers/status - Get the current running status of all BullMQ workers.
 * This is useful for a system health dashboard to see if any workers have crashed.
 */
-router.get('/workers/status', async (req: Request, res: Response) => {
-  const workers = [flyerWorker, emailWorker, analyticsWorker, cleanupWorker, weeklyAnalyticsWorker];
-
-  const workerStatuses = await Promise.all(
-    workers.map(async (worker) => {
-      return {
-        name: worker.name,
-        isRunning: worker.isRunning(),
-      };
-    }),
-  );
-
-  res.json(workerStatuses);
+router.get('/workers/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const workerStatuses = await monitoringService.getWorkerStatuses();
+    res.json(workerStatuses);
+  } catch (error) {
+    logger.error({ error }, 'Error fetching worker statuses');
+    next(error);
+  }
 });

 /**
 * GET /api/admin/queues/status - Get job counts for all BullMQ queues.
 * This is useful for monitoring the health and backlog of background jobs.
 */
-router.get('/queues/status', async (req: Request, res: Response, next: NextFunction) => {
+router.get('/queues/status', validateRequest(emptySchema), async (req: Request, res: Response, next: NextFunction) => {
  try {
-    const queues = [flyerQueue, emailQueue, analyticsQueue, cleanupQueue, weeklyAnalyticsQueue];
-
-    const queueStatuses = await Promise.all(
-      queues.map(async (queue) => {
-        return {
-          name: queue.name,
-          counts: await queue.getJobCounts(
-            'waiting',
-            'active',
-            'completed',
-            'failed',
-            'delayed',
-            'paused',
-          ),
-        };
-      }),
-    );
+    const queueStatuses = await monitoringService.getQueueStatuses();
    res.json(queueStatuses);
  } catch (error) {
    logger.error({ error }, 'Error fetching queue statuses');
@@ -620,35 +587,11 @@ router.post(
      params: { queueName, jobId },
    } = req as unknown as z.infer<typeof jobRetrySchema>;

-    const queueMap: { [key: string]: Queue } = {
-      'flyer-processing': flyerQueue,
-      'email-sending': emailQueue,
-      'analytics-reporting': analyticsQueue,
-      'file-cleanup': cleanupQueue,
-    };
-
-    const queue = queueMap[queueName];
-
-    if (!queue) {
-      // Throw a NotFoundError to be handled by the central error handler.
-      throw new NotFoundError(`Queue '${queueName}' not found.`);
-    }
-
    try {
-      const job = await queue.getJob(jobId);
-      if (!job)
-        throw new NotFoundError(`Job with ID '${jobId}' not found in queue '${queueName}'.`);
-
-      const jobState = await job.getState();
-      if (jobState !== 'failed')
-        throw new ValidationError(
-          [],
-          `Job is not in a 'failed' state. Current state: ${jobState}.`,
-        ); // This was a duplicate, fixed.
-
-      await job.retry();
-      logger.info(
-        `[Admin] User ${userProfile.user.user_id} manually retried job ${jobId} in queue ${queueName}.`,
+      await monitoringService.retryFailedJob(
+        queueName,
+        jobId,
+        userProfile.user.user_id,
      );
      res.status(200).json({ message: `Job ${jobId} has been successfully marked for retry.` });
    } catch (error) {
@@ -663,6 +606,7 @@ router.post(
 */
 router.post(
  '/trigger/weekly-analytics',
+  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    const userProfile = req.user as UserProfile; // This was a duplicate, fixed.
    logger.info(
@@ -670,19 +614,10 @@ router.post(
    );

    try {
-      const { year: reportYear, week: reportWeek } = getSimpleWeekAndYear();
-      const { weeklyAnalyticsQueue } = await import('../services/queueService.server');
-      const job = await weeklyAnalyticsQueue.add(
-        'generate-weekly-report',
-        { reportYear, reportWeek },
-        {
-          jobId: `manual-weekly-report-${reportYear}-${reportWeek}-${Date.now()}`, // Add timestamp to avoid ID conflict
-        },
-      );
-
+      const jobId = await backgroundJobService.triggerWeeklyAnalyticsReport();
      res
        .status(202)
-        .json({ message: 'Successfully enqueued weekly analytics job.', jobId: job.id });
+        .json({ message: 'Successfully enqueued weekly analytics job.', jobId });
    } catch (error) {
      logger.error({ error }, 'Error enqueuing weekly analytics job');
      next(error);
@@ -693,4 +628,5 @@ router.post(
 /* Catches errors from multer (e.g., file size, file filter) */
 router.use(handleMulterError);

+
 export default router;
--- a/src/routes/admin.users.routes.test.ts
+++ b/src/routes/admin.users.routes.test.ts
@@ -4,7 +4,7 @@ import supertest from 'supertest';
 import type { Request, Response, NextFunction } from 'express';
 import { createMockUserProfile, createMockAdminUserView } from '../tests/utils/mockFactories';
 import type { UserProfile, Profile } from '../types';
-import { NotFoundError } from '../services/db/errors.db';
+import { NotFoundError, ValidationError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';

 vi.mock('../services/db/index.db', () => ({
@@ -22,6 +22,12 @@ vi.mock('../services/db/index.db', () => ({
  notificationRepo: {},
 }));

+vi.mock('../services/userService', () => ({
+  userService: {
+    deleteUserAsAdmin: vi.fn(),
+  },
+}));
+
 // Mock other dependencies that are not directly tested but are part of the adminRouter setup
 vi.mock('../services/db/flyer.db');
 vi.mock('../services/db/recipe.db');
@@ -53,6 +59,7 @@ import adminRouter from './admin.routes';

 // Import the mocked repos to control them in tests
 import { adminRepo, userRepo } from '../services/db/index.db';
+import { userService } from '../services/userService';

 // Mock the passport middleware
 vi.mock('./passport.routes', () => ({
@@ -191,22 +198,27 @@ describe('Admin User Management Routes (/api/admin/users)', () => {
    it('should successfully delete a user', async () => {
      const targetId = '123e4567-e89b-12d3-a456-426614174999';
      vi.mocked(userRepo.deleteUserById).mockResolvedValue(undefined);
+      vi.mocked(userService.deleteUserAsAdmin).mockResolvedValue(undefined);
      const response = await supertest(app).delete(`/api/admin/users/${targetId}`);
      expect(response.status).toBe(204);
-      expect(userRepo.deleteUserById).toHaveBeenCalledWith(targetId, expect.any(Object));
+      expect(userService.deleteUserAsAdmin).toHaveBeenCalledWith(adminId, targetId, expect.any(Object));
    });

    it('should prevent an admin from deleting their own account', async () => {
+      const validationError = new ValidationError([], 'Admins cannot delete their own account.');
+      vi.mocked(userService.deleteUserAsAdmin).mockRejectedValue(validationError);
      const response = await supertest(app).delete(`/api/admin/users/${adminId}`);
      expect(response.status).toBe(400);
      expect(response.body.message).toMatch(/Admins cannot delete their own account/);
      expect(userRepo.deleteUserById).not.toHaveBeenCalled();
+      expect(userService.deleteUserAsAdmin).toHaveBeenCalledWith(adminId, adminId, expect.any(Object));
    });

    it('should return 500 on a generic database error', async () => {
      const targetId = '123e4567-e89b-12d3-a456-426614174999';
      const dbError = new Error('DB Error');
      vi.mocked(userRepo.deleteUserById).mockRejectedValue(dbError);
+      vi.mocked(userService.deleteUserAsAdmin).mockRejectedValue(dbError);
      const response = await supertest(app).delete(`/api/admin/users/${targetId}`);
      expect(response.status).toBe(500);
    });
--- a/src/routes/ai.routes.test.ts
+++ b/src/routes/ai.routes.test.ts
@@ -13,14 +13,21 @@ import {
 import * as aiService from '../services/aiService.server';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
+import { ValidationError } from '../services/db/errors.db';

 // Mock the AI service methods to avoid making real AI calls
-vi.mock('../services/aiService.server', () => ({
-  aiService: {
-    extractTextFromImageArea: vi.fn(),
-    planTripWithMaps: vi.fn(), // Added this missing mock
-  },
-}));
+vi.mock('../services/aiService.server', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('../services/aiService.server')>();
+  return {
+    ...actual,
+    aiService: {
+      extractTextFromImageArea: vi.fn(),
+      planTripWithMaps: vi.fn(),
+      enqueueFlyerProcessing: vi.fn(),
+      processLegacyFlyerUpload: vi.fn(),
+    },
+  };
+});

 const { mockedDb } = vi.hoisted(() => ({
  mockedDb: {
@@ -30,6 +37,9 @@ const { mockedDb } = vi.hoisted(() => ({
    adminRepo: {
      logActivity: vi.fn(),
    },
+    personalizationRepo: {
+      getAllMasterItems: vi.fn(),
+    },
    // This function is a standalone export, not part of a repo
    createFlyerAndItems: vi.fn(),
  },
@@ -40,6 +50,7 @@ vi.mock('../services/db/flyer.db', () => ({ createFlyerAndItems: mockedDb.create
 vi.mock('../services/db/index.db', () => ({
  flyerRepo: mockedDb.flyerRepo,
  adminRepo: mockedDb.adminRepo,
+  personalizationRepo: mockedDb.personalizationRepo,
 }));

 // Mock the queue service
@@ -136,26 +147,27 @@ describe('AI Routes (/api/ai)', () => {

  describe('POST /upload-and-process', () => {
    const imagePath = path.resolve(__dirname, '../tests/assets/test-flyer-image.jpg');
+    // A valid SHA-256 checksum is 64 hex characters.
+    const validChecksum = 'a'.repeat(64);

    it('should enqueue a job and return 202 on success', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-123' } as unknown as Job);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-123' } as unknown as Job);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(202);
      expect(response.body.message).toBe('Flyer accepted for processing.');
      expect(response.body.jobId).toBe('job-123');
-      expect(flyerQueue.add).toHaveBeenCalledWith('process-flyer', expect.any(Object));
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
    });

    it('should return 400 if no file is provided', async () => {
      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'some-checksum');
+        .field('checksum', validChecksum);

      expect(response.status).toBe(400);
      expect(response.body.message).toBe('A flyer file (PDF or image) is required.');
@@ -172,13 +184,12 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 409 if flyer checksum already exists', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(
-        createMockFlyer({ flyer_id: 99 }),
-      );
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValue(duplicateError);

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'duplicate-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(409);
@@ -186,12 +197,11 @@ describe('AI Routes (/api/ai)', () => {
    });

    it('should return 500 if enqueuing the job fails', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockRejectedValueOnce(new Error('Redis connection failed'));
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockRejectedValueOnce(new Error('Redis connection failed'));

      const response = await supertest(app)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'new-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      expect(response.status).toBe(500);
@@ -209,19 +219,20 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUser,
      });
-
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(flyerQueue.add).mockResolvedValue({ id: 'job-456' } as unknown as Job);
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-456' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'auth-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(flyerQueue.add).toHaveBeenCalled();
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userId).toBe('auth-user-1');
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      // Check the userProfile argument (3rd argument)
+      expect(callArgs[2]?.user.user_id).toBe('auth-user-1');
    });

    it('should pass user profile address to the job when authenticated user has an address', async () => {
@@ -243,17 +254,20 @@ describe('AI Routes (/api/ai)', () => {
        basePath: '/api/ai',
        authenticatedUser: mockUserWithAddress,
      });
+      
+      vi.mocked(aiService.aiService.enqueueFlyerProcessing).mockResolvedValue({ id: 'job-789' } as unknown as Job);

      // Act
      await supertest(authenticatedApp)
        .post('/api/ai/upload-and-process')
-        .field('checksum', 'addr-checksum')
+        .field('checksum', validChecksum)
        .attach('flyerFile', imagePath);

      // Assert
-      expect(vi.mocked(flyerQueue.add).mock.calls[0][1].userProfileAddress).toBe(
-        '123 Pacific St, Anytown, BC, V8T 1A1, CA',
-      );
+      expect(aiService.aiService.enqueueFlyerProcessing).toHaveBeenCalled();
+      // The service handles address extraction from profile, so we just verify the profile was passed
+      const callArgs = vi.mocked(aiService.aiService.enqueueFlyerProcessing).mock.calls[0];
+      expect(callArgs[2]?.address?.address_line_1).toBe('123 Pacific St');
    });

    it('should clean up the uploaded file if validation fails (e.g., missing checksum)', async () => {
@@ -316,9 +330,7 @@ describe('AI Routes (/api/ai)', () => {
        flyer_id: 1,
        file_name: mockDataPayload.originalFileName,
      });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined); // No duplicate
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
-      vi.mocked(mockedDb.adminRepo.logActivity).mockResolvedValue();
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);

      // Act
      const response = await supertest(app)
@@ -329,7 +341,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('Flyer processed and saved successfully.');
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should return 400 if no flyer image is provided', async () => {
@@ -341,8 +353,8 @@ describe('AI Routes (/api/ai)', () => {

    it('should return 409 Conflict and delete the uploaded file if flyer checksum already exists', async () => {
      // Arrange
-      const mockExistingFlyer = createMockFlyer({ flyer_id: 99 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(mockExistingFlyer); // Duplicate found
+      const duplicateError = new aiService.DuplicateFlyerError('This flyer has already been processed.', 99);
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(duplicateError);
      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);

      // Act
@@ -354,7 +366,7 @@ describe('AI Routes (/api/ai)', () => {
      // Assert
      expect(response.status).toBe(409);
      expect(response.body.message).toBe('This flyer has already been processed.');
-      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled();
+      expect(mockedDb.createFlyerAndItems).not.toHaveBeenCalled(); // Should not be called if service throws
      // Assert that the file was deleted
      expect(unlinkSpy).toHaveBeenCalledTimes(1);
      // The filename is predictable in the test environment because of the multer config in ai.routes.ts
@@ -369,12 +381,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { store_name: 'Partial Store' }, // no items key
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 2,
-        file_name: partialPayload.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 2 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -382,13 +389,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // verify the items array passed to DB was an empty array
-      const callArgs = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0]?.[1];
-      expect(callArgs).toBeDefined();
-      expect(Array.isArray(callArgs)).toBe(true);
-      // use non-null assertion for the runtime-checked variable so TypeScript is satisfied
-      expect(callArgs!.length).toBe(0);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should fallback to a safe store name when store_name is missing', async () => {
@@ -398,12 +399,7 @@ describe('AI Routes (/api/ai)', () => {
        extractedData: { items: [] }, // store_name missing
      };

-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      const mockFlyer = createMockFlyer({
-        flyer_id: 3,
-        file_name: payloadNoStore.originalFileName,
-      });
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(createMockFlyer({ flyer_id: 3 }));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -411,19 +407,11 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // verify the flyerData.store_name passed to DB was the fallback string
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store');
-      // Also verify the warning was logged
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle a generic error during flyer creation', async () => {
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockRejectedValueOnce(
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValueOnce(
        new Error('DB transaction failed'),
      );

@@ -446,8 +434,7 @@ describe('AI Routes (/api/ai)', () => {

    beforeEach(() => {
      const mockFlyer = createMockFlyer({ flyer_id: 1 });
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
-      vi.mocked(mockedDb.createFlyerAndItems).mockResolvedValue({ flyer: mockFlyer, items: [] });
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockResolvedValue(mockFlyer);
    });

    it('should handle payload where "data" field is an object, not stringified JSON', async () => {
@@ -457,7 +444,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

   it('should handle payload where extractedData is null', async () => {
@@ -473,14 +460,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is a string', async () => {
@@ -496,14 +476,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      // Verify that extractedData was correctly defaulted to an empty object
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toContain('Unknown Store'); // Fallback should be used
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        { bodyData: expect.any(Object) },
-        'Missing extractedData in /api/ai/flyers/process payload.',
-      );
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should handle payload where extractedData is at the root of the body', async () => {
@@ -517,9 +490,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201); // This test was failing with 500, the fix is in ai.routes.ts
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const flyerDataArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][0];
-      expect(flyerDataArg.store_name).toBe('Root Store');
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });

    it('should default item quantity to 1 if missing', async () => {
@@ -538,9 +509,7 @@ describe('AI Routes (/api/ai)', () => {
        .attach('flyerImage', imagePath);

      expect(response.status).toBe(201);
-      expect(mockedDb.createFlyerAndItems).toHaveBeenCalledTimes(1);
-      const itemsArg = vi.mocked(mockedDb.createFlyerAndItems).mock.calls[0][1];
-      expect(itemsArg[0].quantity).toBe(1);
+      expect(aiService.aiService.processLegacyFlyerUpload).toHaveBeenCalledTimes(1);
    });
  });

@@ -549,7 +518,10 @@ describe('AI Routes (/api/ai)', () => {

    it('should handle malformed JSON in data field and return 400', async () => {
      const malformedDataString = '{"checksum":'; // Invalid JSON
-      vi.mocked(mockedDb.flyerRepo.findFlyerByChecksum).mockResolvedValue(undefined);
+      
+      // Since the service parses the data, we mock it to throw a ValidationError when parsing fails
+      // or when it detects the malformed input.
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
@@ -560,11 +532,8 @@ describe('AI Routes (/api/ai)', () => {
      // The handler then fails the checksum validation.
      expect(response.status).toBe(400);
      expect(response.body.message).toBe('Checksum is required.');
-      // It should log the critical error during parsing.
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        expect.objectContaining({ error: expect.any(Error) }),
-        '[API /ai/flyers/process] Unexpected error while parsing request body',
-      );
+      // Note: The logging expectation was removed because if the service throws a ValidationError, 
+      // the route handler passes it to the global error handler, which might log differently or not as a "critical error during parsing" in the route itself.
    });

    it('should return 400 if checksum is missing from legacy payload', async () => {
@@ -574,6 +543,9 @@ describe('AI Routes (/api/ai)', () => {
      };
      // Spy on fs.promises.unlink to verify file cleanup
      const unlinkSpy = vi.spyOn(fs.promises, 'unlink').mockResolvedValue(undefined);
+      
+      // Mock the service to throw a ValidationError because the checksum is missing
+      vi.mocked(aiService.aiService.processLegacyFlyerUpload).mockRejectedValue(new ValidationError([], 'Checksum is required.'));

      const response = await supertest(app)
        .post('/api/ai/flyers/process')
--- a/src/routes/ai.routes.ts
+++ b/src/routes/ai.routes.ts
@@ -1,40 +1,32 @@
 // src/routes/ai.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import path from 'path';
-import fs from 'node:fs';
 import { z } from 'zod';
 import passport from './passport.routes';
 import { optionalAuth } from './passport.routes';
-import * as db from '../services/db/index.db';
-import { createFlyerAndItems } from '../services/db/flyer.db';
-import * as aiService from '../services/aiService.server'; // Correctly import server-side AI service
+import { aiService, DuplicateFlyerError } from '../services/aiService.server';
 import {
  createUploadMiddleware,
  handleMulterError,
 } from '../middleware/multer.middleware';
-import { generateFlyerIcon } from '../utils/imageProcessor';
-import { logger } from '../services/logger.server';
-import { UserProfile, ExtractedCoreData, ExtractedFlyerItem } from '../types';
-import { flyerQueue } from '../services/queueService.server';
+import { logger } from '../services/logger.server'; // This was a duplicate, fixed.
+import { UserProfile } from '../types'; // This was a duplicate, fixed.
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString } from '../utils/zodUtils';
+import { cleanupUploadedFile, cleanupUploadedFiles } from '../utils/fileUtils';
+import { monitoringService } from '../services/monitoringService.server';

 const router = Router();

-interface FlyerProcessPayload extends Partial<ExtractedCoreData> {
-  checksum?: string;
-  originalFileName?: string;
-  extractedData?: Partial<ExtractedCoreData>;
-  data?: FlyerProcessPayload; // For nested data structures
-}
-
 // --- Zod Schemas for AI Routes (as per ADR-003) ---

 const uploadAndProcessSchema = z.object({
  body: z.object({
-    checksum: requiredString('File checksum is required.'),
-    // Potential improvement: If checksum is always a specific format (e.g., SHA-256),
-    // you could add `.length(64).regex(/^[a-f0-9]+$/)` for stricter validation.
+    // Stricter validation for SHA-256 checksum. It must be a 64-character hexadecimal string.
+    checksum: requiredString('File checksum is required.').pipe(
+      z.string()
+        .length(64, 'Checksum must be 64 characters long.')
+        .regex(/^[a-f0-9]+$/, 'Checksum must be a valid hexadecimal string.'),
+    ),
  }),
 });

@@ -52,22 +44,6 @@ const errMsg = (e: unknown) => {
  return String(e || 'An unknown error occurred.');
 };

-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.promises.unlink(file.path);
-  } catch (err) {
-    // Ignore cleanup errors (e.g. file already deleted)
-  }
-};
-
-const cleanupUploadedFiles = async (files?: Express.Multer.File[]) => {
-  if (!files || !Array.isArray(files)) return;
-  // Use Promise.all to run cleanups in parallel for efficiency,
-  // as cleanupUploadedFile is designed to not throw errors.
-  await Promise.all(files.map((file) => cleanupUploadedFile(file)));
-};
-
 const cropAreaObjectSchema = z.object({
  x: z.number(),
  y: z.number(),
@@ -103,13 +79,20 @@ const rescanAreaSchema = z.object({

 const flyerItemForAnalysisSchema = z
  .object({
-    item: z.string().nullish(),
-    name: z.string().nullish(),
+    // Sanitize item and name by trimming whitespace.
+    // The transform ensures that null/undefined values are preserved
+    // while trimming any actual string values.
+    item: z.string().nullish().transform(val => (val ? val.trim() : val)),
+    name: z.string().nullish().transform(val => (val ? val.trim() : val)),
  })
+  // Using .passthrough() allows extra properties on the item object.
+  // If the intent is to strictly enforce only 'item' and 'name' (and other known properties),
+  // consider using .strict() instead for tighter security and data integrity.
  .passthrough()
  .refine(
    (data) =>
-      (data.item && data.item.trim().length > 0) || (data.name && data.name.trim().length > 0),
+      // After the transform, the values are already trimmed.
+      (data.item && data.item.length > 0) || (data.name && data.name.length > 0),
    {
      message: "Item identifier is required (either 'item' or 'name').",
    },
@@ -129,6 +112,8 @@ const comparePricesSchema = z.object({

 const planTripSchema = z.object({
  body: z.object({
+    // Consider if this array should be non-empty. If a trip plan requires at least one item,
+    // you could add `.nonempty('At least one item is required to plan a trip.')`
    items: z.array(flyerItemForAnalysisSchema),
    store: z.object({ name: requiredString('Store name is required.') }),
    userLocation: z.object({
@@ -187,57 +172,24 @@ router.post(
  async (req, res, next: NextFunction) => {
    try {
      // Manually validate the request body. This will throw if validation fails.
-      uploadAndProcessSchema.parse({ body: req.body });
+      const { body } = uploadAndProcessSchema.parse({ body: req.body });

      if (!req.file) {
        return res.status(400).json({ message: 'A flyer file (PDF or image) is required.' });
      }

      logger.debug(
-        { filename: req.file.originalname, size: req.file.size, checksum: req.body?.checksum },
+        { filename: req.file.originalname, size: req.file.size, checksum: body.checksum },
        'Handling /upload-and-process',
      );

-      const { checksum } = req.body;
-      // Check for duplicate flyer using checksum before even creating a job
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        // Use 409 Conflict for duplicates
-        return res.status(409).json({
-          message: 'This flyer has already been processed.',
-          flyerId: existingFlyer.flyer_id,
-        });
-      }
-
      const userProfile = req.user as UserProfile | undefined;
-      // Construct a user address string from their profile if they are logged in.
-      let userProfileAddress: string | undefined = undefined;
-      if (userProfile?.address) {
-        userProfileAddress = [
-          userProfile.address.address_line_1,
-          userProfile.address.address_line_2,
-          userProfile.address.city,
-          userProfile.address.province_state,
-          userProfile.address.postal_code,
-          userProfile.address.country,
-        ]
-          .filter(Boolean)
-          .join(', ');
-      }
-
-      // Add job to the queue
-      const job = await flyerQueue.add('process-flyer', {
-        filePath: req.file.path,
-        originalFileName: req.file.originalname,
-        checksum: checksum,
-        userId: userProfile?.user.user_id,
-        submitterIp: req.ip, // Capture the submitter's IP address
-        userProfileAddress: userProfileAddress, // Pass the user's profile address
-      });
-
-      logger.info(
-        `Enqueued flyer for processing. File: ${req.file.originalname}, Job ID: ${job.id}`,
+      const job = await aiService.enqueueFlyerProcessing(
+        req.file,
+        body.checksum,
+        userProfile,
+        req.ip ?? 'unknown',
+        req.log,
      );

      // Respond immediately to the client with 202 Accepted
@@ -246,9 +198,11 @@ router.post(
        jobId: job.id,
      });
    } catch (error) {
-      // If any error occurs (including validation), ensure the uploaded file is cleaned up.
      await cleanupUploadedFile(req.file);
-      // Pass the error to the global error handler.
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${req.body?.checksum}`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -265,18 +219,11 @@ router.get(
    const {
      params: { jobId },
    } = req as unknown as JobIdRequest;
+
    try {
-      const job = await flyerQueue.getJob(jobId);
-      if (!job) {
-        // Adhere to ADR-001 by throwing a specific error to be handled centrally.
-        return res.status(404).json({ message: 'Job not found.' });
-      }
-      const state = await job.getState();
-      const progress = job.progress;
-      const returnValue = job.returnvalue;
-      const failedReason = job.failedReason;
-      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${state}`);
-      res.json({ id: job.id, state, progress, returnValue, failedReason });
+      const jobStatus = await monitoringService.getFlyerJobStatus(jobId); // This was a duplicate, fixed.
+      logger.debug(`[API /ai/jobs] Status check for job ${jobId}: ${jobStatus.state}`);
+      res.json(jobStatus);
    } catch (error) {
      next(error);
    }
@@ -298,184 +245,22 @@ router.post(
        return res.status(400).json({ message: 'Flyer image file is required.' });
      }

-      // Diagnostic & tolerant parsing for flyers/process
-      logger.debug(
-        { keys: Object.keys(req.body || {}) },
-        '[API /ai/flyers/process] Processing legacy upload',
-      );
-      logger.debug({ filePresent: !!req.file }, '[API /ai/flyers/process] file present:');
-
-      // Try several ways to obtain the payload so we are tolerant to client variations.
-      let parsed: FlyerProcessPayload = {};
-      let extractedData: Partial<ExtractedCoreData> | null | undefined = {};
-      try {
-        // If the client sent a top-level `data` field (stringified JSON), parse it.
-        if (req.body && (req.body.data || req.body.extractedData)) {
-          const raw = req.body.data ?? req.body.extractedData;
-          logger.debug(
-            { type: typeof raw, length: raw?.length ?? 0 },
-            '[API /ai/flyers/process] raw extractedData',
-          );
-          try {
-            parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse raw extractedData; falling back to direct assign',
-            );
-            parsed = (
-              typeof raw === 'string' ? JSON.parse(String(raw).slice(0, 2000)) : raw
-            ) as FlyerProcessPayload;
-          }
-          // If parsed itself contains an `extractedData` field, use that, otherwise assume parsed is the extractedData
-          extractedData = 'extractedData' in parsed ? parsed.extractedData : (parsed as Partial<ExtractedCoreData>);
-        } else {
-          // No explicit `data` field found. Attempt to interpret req.body as an object (Express may have parsed multipart fields differently).
-          try {
-            parsed = typeof req.body === 'string' ? JSON.parse(req.body) : req.body;
-          } catch (err) {
-            logger.warn(
-              { error: errMsg(err) },
-              '[API /ai/flyers/process] Failed to JSON.parse req.body; using empty object',
-            );
-            parsed = (req.body as FlyerProcessPayload) || {};
-          }
-          // extractedData might be nested under `data` or `extractedData`, or the body itself may be the extracted data.
-          if (parsed.data) {
-            try {
-              const inner = typeof parsed.data === 'string' ? JSON.parse(parsed.data) : parsed.data;
-              extractedData = inner.extractedData ?? inner;
-            } catch (err) {
-              logger.warn(
-                { error: errMsg(err) },
-                '[API /ai/flyers/process] Failed to parse parsed.data; falling back',
-              );
-              extractedData = parsed.data as unknown as Partial<ExtractedCoreData>;
-            }
-          } else if (parsed.extractedData) {
-            extractedData = parsed.extractedData;
-          } else {
-            // Assume the body itself is the extracted data if it looks like it (has items or store_name keys)
-            if ('items' in parsed || 'store_name' in parsed || 'valid_from' in parsed) {
-              extractedData = parsed as Partial<ExtractedCoreData>;
-            } else {
-              extractedData = {};
-            }
-          }
-        }
-      } catch (err) {
-        logger.error(
-          { error: err },
-          '[API /ai/flyers/process] Unexpected error while parsing request body',
-        );
-        parsed = {};
-        extractedData = {};
-      }
-
-      // Pull common metadata fields (checksum, originalFileName) from whichever shape we parsed.
-      const checksum = parsed.checksum ?? parsed?.data?.checksum ?? '';
-
-      if (!checksum) {
-        await cleanupUploadedFile(req.file);
-        return res.status(400).json({ message: 'Checksum is required.' });
-      }
-
-      const originalFileName =
-        parsed.originalFileName ?? parsed?.data?.originalFileName ?? req.file.originalname;
      const userProfile = req.user as UserProfile | undefined;

-      // Validate extractedData to avoid database errors (e.g., null store_name)
-      if (!extractedData || typeof extractedData !== 'object') {
-        logger.warn(
-          { bodyData: parsed },
-          'Missing extractedData in /api/ai/flyers/process payload.',
-        );
-        // Don't fail hard here; proceed with empty items and fallback store name so the upload can be saved for manual review.
-        extractedData = {};
-      }
-
-      // Transform the extracted items into the format required for database insertion.
-      // This adds default values for fields like `view_count` and `click_count`
-      // and makes this legacy endpoint consistent with the newer FlyerDataTransformer service.
-      const rawItems = extractedData.items ?? [];
-      const itemsArray = Array.isArray(rawItems)
-        ? rawItems
-        : typeof rawItems === 'string'
-          ? JSON.parse(rawItems)
-          : [];
-      const itemsForDb = itemsArray.map((item: Partial<ExtractedFlyerItem>) => ({
-        ...item,
-        master_item_id: item.master_item_id === null ? undefined : item.master_item_id,
-        quantity: item.quantity ?? 1, // Default to 1 to satisfy DB constraint
-        view_count: 0,
-        click_count: 0,
-        updated_at: new Date().toISOString(),
-      }));
-
-      // Ensure we have a valid store name; the DB requires a non-null store name.
-      const storeName =
-        extractedData.store_name && String(extractedData.store_name).trim().length > 0
-          ? String(extractedData.store_name)
-          : 'Unknown Store (auto)';
-      if (storeName.startsWith('Unknown')) {
-        logger.warn(
-          'extractedData.store_name missing; using fallback store name to avoid DB constraint error.',
-        );
-      }
-
-      // 1. Check for duplicate flyer using checksum
-      const existingFlyer = await db.flyerRepo.findFlyerByChecksum(checksum, req.log);
-      if (existingFlyer) {
-        logger.warn(`Duplicate flyer upload attempt blocked for checksum: ${checksum}`);
-        await cleanupUploadedFile(req.file);
-        return res.status(409).json({ message: 'This flyer has already been processed.' });
-      }
-
-      // Generate a 64x64 icon from the uploaded flyer image.
-      const iconsDir = path.join(path.dirname(req.file.path), 'icons');
-      const iconFileName = await generateFlyerIcon(req.file.path, iconsDir, req.log);
-      const iconUrl = `/flyer-images/icons/${iconFileName}`;
-
-      // 2. Prepare flyer data for insertion
-      const flyerData = {
-        file_name: originalFileName,
-        image_url: `/flyer-images/${req.file.filename}`, // Store the full URL path
-        icon_url: iconUrl,
-        checksum: checksum,
-        // Use normalized store name (fallback applied above).
-        store_name: storeName,
-        valid_from: extractedData.valid_from ?? null,
-        valid_to: extractedData.valid_to ?? null,
-        store_address: extractedData.store_address ?? null,
-        item_count: 0, // Set default to 0; the trigger will update it.
-        uploaded_by: userProfile?.user.user_id, // Associate with user if logged in
-      };
-
-      // 3. Create flyer and its items in a transaction
-      const { flyer: newFlyer, items: newItems } = await createFlyerAndItems(
-        flyerData,
-        itemsForDb,
-        req.log,
-      );
-
-      logger.info(
-        `Successfully processed and saved new flyer: ${newFlyer.file_name} (ID: ${newFlyer.flyer_id}) with ${newItems.length} items.`,
-      );
-
-      // Log this significant event
-      await db.adminRepo.logActivity(
-        {
-          userId: userProfile?.user.user_id,
-          action: 'flyer_processed',
-          displayText: `Processed a new flyer for ${flyerData.store_name}.`,
-          details: { flyerId: newFlyer.flyer_id, storeName: flyerData.store_name },
-        },
+      const newFlyer = await aiService.processLegacyFlyerUpload(
+        req.file,
+        req.body,
+        userProfile,
        req.log,
      );

      res.status(201).json({ message: 'Flyer processed and saved successfully.', flyer: newFlyer });
    } catch (error) {
      await cleanupUploadedFile(req.file);
+      if (error instanceof DuplicateFlyerError) {
+        logger.warn(`Duplicate flyer upload attempt blocked.`);
+        return res.status(409).json({ message: error.message, flyerId: error.flyerId });
+      }
      next(error);
    }
  },
@@ -614,7 +399,7 @@ router.post(
    try {
      const { items, store, userLocation } = req.body;
      logger.debug({ itemCount: items.length, storeName: store.name }, 'Trip planning requested.');
-      const result = await aiService.aiService.planTripWithMaps(items, store, userLocation);
+      const result = await aiService.planTripWithMaps(items, store, userLocation);
      res.status(200).json(result);
    } catch (error) {
      logger.error({ error: errMsg(error) }, 'Error in /api/ai/plan-trip endpoint:');
@@ -674,7 +459,7 @@ router.post(
        'Rescan area requested',
      );

-      const result = await aiService.aiService.extractTextFromImageArea(
+      const result = await aiService.extractTextFromImageArea(
        path,
        mimetype,
        cropArea,
--- a/src/routes/auth.routes.test.ts
+++ b/src/routes/auth.routes.test.ts
@@ -2,13 +2,8 @@
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
 import { Request, Response, NextFunction } from 'express';
-import cookieParser from 'cookie-parser';
-import * as bcrypt from 'bcrypt';
-import jwt from 'jsonwebtoken';
-import {
-  createMockUserProfile,
-  createMockUserWithPasswordHash,
-} from '../tests/utils/mockFactories';
+import cookieParser from 'cookie-parser'; // This was a duplicate, fixed.
+import { createMockUserProfile } from '../tests/utils/mockFactories';

 // --- FIX: Hoist passport mocks to be available for vi.mock ---
 const passportMocks = vi.hoisted(() => {
@@ -69,45 +64,20 @@ vi.mock('./passport.routes', () => ({
  optionalAuth: vi.fn((req: Request, res: Response, next: NextFunction) => next()),
 }));

-// Mock the DB connection pool to control transactional behavior
-const { mockPool } = vi.hoisted(() => {
-  const client = {
-    query: vi.fn(),
-    release: vi.fn(),
-  };
+// Mock the authService, which is now the primary dependency of the routes.
+const { mockedAuthService } = vi.hoisted(() => {
  return {
-    mockPool: {
-      connect: vi.fn(() => Promise.resolve(client)),
+    mockedAuthService: {
+      registerAndLoginUser: vi.fn(),
+      handleSuccessfulLogin: vi.fn(),
+      resetPassword: vi.fn(),
+      updatePassword: vi.fn(),
+      refreshAccessToken: vi.fn(),
+      logout: vi.fn(),
    },
-    mockClient: client,
  };
 });
-// Mock the Service Layer directly.
-// We use async import inside the factory to properly hoist the UniqueConstraintError class usage.
-vi.mock('../services/db/index.db', async () => {
-  const { UniqueConstraintError } = await import('../services/db/errors.db');
-  return {
-    userRepo: {
-      findUserByEmail: vi.fn(),
-      createUser: vi.fn(),
-      saveRefreshToken: vi.fn(),
-      createPasswordResetToken: vi.fn(),
-      getValidResetTokens: vi.fn(),
-      updateUserPassword: vi.fn(),
-      deleteResetToken: vi.fn(),
-      findUserByRefreshToken: vi.fn(),
-      deleteRefreshToken: vi.fn(),
-    },
-    adminRepo: {
-      logActivity: vi.fn(),
-    },
-    UniqueConstraintError: UniqueConstraintError,
-  };
-});
-
-vi.mock('../services/db/connection.db', () => ({
-  getPool: () => mockPool,
-}));
+vi.mock('../services/authService', () => ({ authService: mockedAuthService }));

 // Mock the logger
 vi.mock('../services/logger.server', async () => ({
@@ -120,15 +90,8 @@ vi.mock('../services/emailService.server', () => ({
  sendPasswordResetEmail: vi.fn(),
 }));

-// Mock bcrypt
-vi.mock('bcrypt', async (importOriginal) => {
-  const actual = await importOriginal<typeof bcrypt>();
-  return { ...actual, compare: vi.fn() };
-});
-
 // Import the router AFTER mocks are established
 import authRouter from './auth.routes';
-import * as db from '../services/db/index.db'; // This was a duplicate, fixed.

 import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks

@@ -176,13 +139,11 @@ describe('Auth Routes (/api/auth)', () => {
        user: { user_id: 'new-user-id', email: newUserEmail },
        full_name: 'Test User',
      });
-
-      // FIX: Mock the method on the imported singleton instance `userRepo` directly,
-      // as this is what the route handler uses. Spying on the prototype does not
-      // affect this already-created instance.
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/register').send({
@@ -190,22 +151,61 @@ describe('Auth Routes (/api/auth)', () => {
        password: strongPassword,
        full_name: 'Test User',
      });
-
      // Assert
      expect(response.status).toBe(201);
      expect(response.body.message).toBe('User registered successfully!');
      expect(response.body.userprofile.user.email).toBe(newUserEmail);
      expect(response.body.token).toBeTypeOf('string'); // This was a duplicate, fixed.
-      expect(db.userRepo.createUser).toHaveBeenCalled();
+      expect(mockedAuthService.registerAndLoginUser).toHaveBeenCalledWith(
+        newUserEmail,
+        strongPassword,
+        'Test User',
+        undefined, // avatar_url
+        mockLogger,
+      );
+    });
+
+    it('should allow registration with an empty string for avatar_url', async () => {
+      // Arrange
+      const email = 'avatar-user@test.com';
+      const mockNewUser = createMockUserProfile({
+        user: { user_id: 'avatar-user-id', email },
+      });
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'avatar-access-token',
+        refreshToken: 'avatar-refresh-token',
+      });
+
+      // Act
+      const response = await supertest(app).post('/api/auth/register').send({
+        email,
+        password: strongPassword,
+        full_name: 'Avatar User',
+        avatar_url: '', // Send an empty string
+      });
+
+      // Assert
+      expect(response.status).toBe(201);
+      expect(response.body.message).toBe('User registered successfully!');
+      expect(mockedAuthService.registerAndLoginUser).toHaveBeenCalledWith(
+        email,
+        strongPassword,
+        'Avatar User',
+        undefined, // The preprocess step in the Zod schema should convert '' to undefined
+        mockLogger,
+      );
    });

    it('should set a refresh token cookie on successful registration', async () => {
      const mockNewUser = createMockUserProfile({
        user: { user_id: 'new-user-id', email: 'cookie@test.com' },
      });
-      vi.mocked(db.userRepo.createUser).mockResolvedValue(mockNewUser);
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.registerAndLoginUser.mockResolvedValue({
+        newUserProfile: mockNewUser,
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      const response = await supertest(app).post('/api/auth/register').send({
        email: 'cookie@test.com',
@@ -235,15 +235,14 @@ describe('Auth Routes (/api/auth)', () => {
      expect(errorMessages).toMatch(/Password is too weak/i);
    });

-    it('should reject registration if the email already exists', async () => {
+    it('should reject registration if the auth service throws UniqueConstraintError', async () => {
      // Create an error object that includes the 'code' property for simulating a PG unique violation.
      // This is more type-safe than casting to 'any'.
      const dbError = new UniqueConstraintError(
        'User with that email already exists.',
      ) as UniqueConstraintError & { code: string };
      dbError.code = '23505';
-
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -251,12 +250,11 @@ describe('Auth Routes (/api/auth)', () => {

      expect(response.status).toBe(409); // 409 Conflict
      expect(response.body.message).toBe('User with that email already exists.');
-      expect(db.userRepo.createUser).toHaveBeenCalled();
    });

    it('should return 500 if a generic database error occurs during registration', async () => {
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.createUser).mockRejectedValue(dbError);
+      mockedAuthService.registerAndLoginUser.mockRejectedValue(dbError);

      const response = await supertest(app)
        .post('/api/auth/register')
@@ -289,7 +287,10 @@ describe('Auth Routes (/api/auth)', () => {
    it('should successfully log in a user and return a token and cookie', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'new-access-token',
+        refreshToken: 'new-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -309,25 +310,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.headers['set-cookie']).toBeDefined();
    });

-    it('should contain the correct payload in the JWT token', async () => {
-      // Arrange
-      const loginCredentials = { email: 'payload.test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
-
-      // Act
-      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
-
-      // Assert
-      expect(response.status).toBe(200);
-      const token = response.body.token;
-      expect(token).toBeTypeOf('string');
-
-      const decodedPayload = jwt.decode(token) as { user_id: string; email: string; role: string };
-      expect(decodedPayload.user_id).toBe('user-123');
-      expect(decodedPayload.email).toBe(loginCredentials.email);
-      expect(decodedPayload.role).toBe('user'); // Default role from mock factory
-    });
-
    it('should reject login for incorrect credentials', async () => {
      const response = await supertest(app)
        .post('/api/auth/login')
@@ -359,7 +341,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should return 500 if saving the refresh token fails', async () => {
      // Arrange:
      const loginCredentials = { email: 'test@test.com', password: 'password123' };
-      vi.mocked(db.userRepo.saveRefreshToken).mockRejectedValue(new Error('DB write failed'));
+      mockedAuthService.handleSuccessfulLogin.mockRejectedValue(new Error('DB write failed'));

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -401,7 +383,10 @@ describe('Auth Routes (/api/auth)', () => {
        password: 'password123',
        rememberMe: true,
      };
-      vi.mocked(db.userRepo.saveRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.handleSuccessfulLogin.mockResolvedValue({
+        accessToken: 'remember-access-token',
+        refreshToken: 'remember-refresh-token',
+      });

      // Act
      const response = await supertest(app).post('/api/auth/login').send(loginCredentials);
@@ -416,10 +401,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /forgot-password', () => {
    it('should send a reset link if the user exists', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue('mock-reset-token');

      // Act
      const response = await supertest(app)
@@ -433,7 +415,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return a generic success message even if the user does not exist', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(undefined);
+      mockedAuthService.resetPassword.mockResolvedValue(undefined);

      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -444,7 +426,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 500 if the database call fails', async () => {
-      vi.mocked(db.userRepo.findUserByEmail).mockRejectedValue(new Error('DB connection failed'));
+      mockedAuthService.resetPassword.mockRejectedValue(new Error('DB connection failed'));
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
        .send({ email: 'any@test.com' });
@@ -452,25 +434,6 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(500);
    });

-    it('should still return 200 OK if the email service fails', async () => {
-      // Arrange
-      vi.mocked(db.userRepo.findUserByEmail).mockResolvedValue(
-        createMockUserWithPasswordHash({ user_id: 'user-123', email: 'test@test.com' }),
-      );
-      vi.mocked(db.userRepo.createPasswordResetToken).mockResolvedValue(undefined);
-      // Mock the email service to fail
-      const { sendPasswordResetEmail } = await import('../services/emailService.server');
-      vi.mocked(sendPasswordResetEmail).mockRejectedValue(new Error('SMTP server down'));
-
-      // Act
-      const response = await supertest(app)
-        .post('/api/auth/forgot-password')
-        .send({ email: 'test@test.com' });
-
-      // Assert: The route should not fail even if the email does.
-      expect(response.status).toBe(200);
-    });
-
    it('should return 400 for an invalid email format', async () => {
      const response = await supertest(app)
        .post('/api/auth/forgot-password')
@@ -483,16 +446,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /reset-password', () => {
    it('should reset the password with a valid token and strong password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]); // This was a duplicate, fixed.
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never); // Token matches
-      vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
-      vi.mocked(db.userRepo.deleteResetToken).mockResolvedValue(undefined);
-      vi.mocked(db.adminRepo.logActivity).mockResolvedValue(undefined);
+      mockedAuthService.updatePassword.mockResolvedValue(true);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -503,7 +457,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should reject with an invalid or expired token', async () => {
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([]); // No valid tokens found
+      mockedAuthService.updatePassword.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -513,31 +467,8 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.body.message).toBe('Invalid or expired password reset token.');
    });

-    it('should reject if token does not match any valid tokens in DB', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(false as never); // Token does not match
-
-      const response = await supertest(app)
-        .post('/api/auth/reset-password')
-        .send({ token: 'wrong-token', newPassword: 'a-Very-Strong-Password-123!' });
-
-      expect(response.status).toBe(400);
-      expect(response.body.message).toBe('Invalid or expired password reset token.');
-    });
-
    it('should return 400 for a weak new password', async () => {
-      const tokenRecord = {
-        user_id: 'user-123',
-        token_hash: 'hashed-token',
-        expires_at: new Date(Date.now() + 3600000),
-      };
-      vi.mocked(db.userRepo.getValidResetTokens).mockResolvedValue([tokenRecord]);
-      vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+      // No need to mock the service here as validation runs first

      const response = await supertest(app)
        .post('/api/auth/reset-password')
@@ -557,11 +488,7 @@ describe('Auth Routes (/api/auth)', () => {

  describe('POST /refresh-token', () => {
    it('should issue a new access token with a valid refresh token cookie', async () => {
-      const mockUser = createMockUserWithPasswordHash({
-        user_id: 'user-123',
-        email: 'test@test.com',
-      });
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(mockUser);
+      mockedAuthService.refreshAccessToken.mockResolvedValue({ accessToken: 'new-access-token' });

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -578,8 +505,7 @@ describe('Auth Routes (/api/auth)', () => {
    });

    it('should return 403 if refresh token is invalid', async () => {
-      // Mock finding no user for this token, which should trigger the 403 logic
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockResolvedValue(undefined as any);
+      mockedAuthService.refreshAccessToken.mockResolvedValue(null);

      const response = await supertest(app)
        .post('/api/auth/refresh-token')
@@ -590,7 +516,7 @@ describe('Auth Routes (/api/auth)', () => {

    it('should return 500 if the database call fails', async () => {
      // Arrange
-      vi.mocked(db.userRepo.findUserByRefreshToken).mockRejectedValue(new Error('DB Error'));
+      mockedAuthService.refreshAccessToken.mockRejectedValue(new Error('DB Error'));

      // Act
      const response = await supertest(app)
@@ -604,7 +530,7 @@ describe('Auth Routes (/api/auth)', () => {
  describe('POST /logout', () => {
    it('should clear the refresh token cookie and return a success message', async () => {
      // Arrange
-      vi.mocked(db.userRepo.deleteRefreshToken).mockResolvedValue(undefined);
+      mockedAuthService.logout.mockResolvedValue(undefined);

      // Act
      const response = await supertest(app)
@@ -627,7 +553,7 @@ describe('Auth Routes (/api/auth)', () => {
    it('should still return 200 OK even if deleting the refresh token from DB fails', async () => {
      // Arrange
      const dbError = new Error('DB connection lost');
-      vi.mocked(db.userRepo.deleteRefreshToken).mockRejectedValue(dbError);
+      mockedAuthService.logout.mockRejectedValue(dbError);
      const { logger } = await import('../services/logger.server');

      // Act
@@ -639,7 +565,7 @@ describe('Auth Routes (/api/auth)', () => {
      expect(response.status).toBe(200);
      expect(logger.error).toHaveBeenCalledWith(
        expect.objectContaining({ error: dbError }),
-        'Failed to delete refresh token from DB during logout.',
+        'Logout token invalidation failed in background.',
      );
    });

--- a/src/routes/auth.routes.ts
+++ b/src/routes/auth.routes.ts
@@ -1,26 +1,18 @@
 // src/routes/auth.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import * as bcrypt from 'bcrypt';
 import { z } from 'zod';
-import jwt from 'jsonwebtoken';
-import crypto from 'crypto';
 import rateLimit from 'express-rate-limit';
-
 import passport from './passport.routes';
-import { userRepo, adminRepo } from '../services/db/index.db';
-import { UniqueConstraintError } from '../services/db/errors.db';
-import { getPool } from '../services/db/connection.db';
+import { UniqueConstraintError } from '../services/db/errors.db'; // Import actual class for instanceof checks
 import { logger } from '../services/logger.server';
-import { sendPasswordResetEmail } from '../services/emailService.server';
 import { validateRequest } from '../middleware/validation.middleware';
 import type { UserProfile } from '../types';
 import { validatePasswordStrength } from '../utils/authUtils';
 import { requiredString } from '../utils/zodUtils';

+import { authService } from '../services/authService';
 const router = Router();

-const JWT_SECRET = process.env.JWT_SECRET!;
-
 // Conditionally disable rate limiting for the test environment
 const isTestEnv = process.env.NODE_ENV === 'test';

@@ -31,7 +23,9 @@ const forgotPasswordLimiter = rateLimit({
  message: 'Too many password reset requests from this IP, please try again after 15 minutes.',
  standardHeaders: true,
  legacyHeaders: false,
-  skip: () => isTestEnv, // Skip this middleware if in test environment
+  // Do not skip in test environment so we can write integration tests for it.
+  // The limiter uses an in-memory store by default, so counts are reset when the test server restarts.
+  // skip: () => isTestEnv,
 });

 const resetPasswordLimiter = rateLimit({
@@ -45,21 +39,31 @@ const resetPasswordLimiter = rateLimit({

 const registerSchema = z.object({
  body: z.object({
-    email: z.string().email('A valid email is required.'),
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
    password: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
        if (!strength.isValid) ctx.addIssue({ code: 'custom', message: strength.feedback });
      }),
-    full_name: z.string().optional(),
-    avatar_url: z.string().url().optional(),
+    // Sanitize optional string inputs.
+    full_name: z.string().trim().optional(),
+    // Allow empty string or valid URL. If empty string is received, convert to undefined.
+    avatar_url: z.preprocess(
+      (val) => (val === '' ? undefined : val),
+      z.string().trim().url().optional(),
+    ),
  }),
 });

 const forgotPasswordSchema = z.object({
-  body: z.object({ email: z.string().email('A valid email is required.') }),
+  body: z.object({
+    // Sanitize email by trimming and converting to lowercase.
+    email: z.string().trim().toLowerCase().email('A valid email is required.'),
+  }),
 });

 const resetPasswordSchema = z.object({
@@ -67,6 +71,7 @@ const resetPasswordSchema = z.object({
    token: requiredString('Token is required.'),
    newPassword: z
      .string()
+      .trim() // Prevent leading/trailing whitespace in passwords.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -88,39 +93,14 @@ router.post(
    } = req as unknown as RegisterRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(password, saltRounds);
-      logger.info(`Hashing password for new user: ${email}`);
-
-      // The createUser method in UserRepository now handles its own transaction.
-      const newUser = await userRepo.createUser(
+      const { newUserProfile, accessToken, refreshToken } = await authService.registerAndLoginUser(
        email,
-        hashedPassword,
-        { full_name, avatar_url },
+        password,
+        full_name,
+        avatar_url,
        req.log,
      );

-      const userEmail = newUser.user.email;
-      const userId = newUser.user.user_id;
-      logger.info(`Successfully created new user in DB: ${userEmail} (ID: ${userId})`);
-
-      // Use the new standardized logging function
-      await adminRepo.logActivity(
-        {
-          userId: newUser.user.user_id,
-          action: 'user_registered',
-          displayText: `${userEmail} has registered.`,
-          icon: 'user-plus',
-        },
-        req.log,
-      );
-
-      const payload = { user_id: newUser.user.user_id, email: userEmail };
-      const token = jwt.sign(payload, JWT_SECRET, { expiresIn: '1h' });
-
-      const refreshToken = crypto.randomBytes(64).toString('hex');
-      await userRepo.saveRefreshToken(newUser.user.user_id, refreshToken, req.log);
-
      res.cookie('refreshToken', refreshToken, {
        httpOnly: true,
        secure: process.env.NODE_ENV === 'production',
@@ -128,7 +108,7 @@ router.post(
      });
      return res
        .status(201)
-        .json({ message: 'User registered successfully!', userprofile: newUser, token });
+        .json({ message: 'User registered successfully!', userprofile: newUserProfile, token: accessToken });
    } catch (error: unknown) {
      if (error instanceof UniqueConstraintError) {
        // If the email is a duplicate, return a 409 Conflict status.
@@ -154,17 +134,6 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
      if (user) req.log.debug({ user }, '[API /login] Passport user object:'); // Log the user object passport returns
      if (user) req.log.info({ user }, '[API /login] Passport reported USER FOUND.');

-      try {
-        const allUsersInDb = await getPool().query(
-          'SELECT u.user_id, u.email, p.role FROM public.users u JOIN public.profiles p ON u.user_id = p.user_id',
-        );
-        req.log.debug('[API /login] Current users in DB from SERVER perspective:');
-        console.table(allUsersInDb.rows);
-      } catch (dbError) {
-        req.log.error({ dbError }, '[API /login] Could not query users table for debugging.');
-      }
-      // --- END DEBUG LOGGING ---
-      const { rememberMe } = req.body;
      if (err) {
        req.log.error(
          { error: err },
@@ -176,33 +145,24 @@ router.post('/login', (req: Request, res: Response, next: NextFunction) => {
        return res.status(401).json({ message: info.message || 'Login failed' });
      }

-      const userProfile = user as UserProfile;
-      const payload = {
-        user_id: userProfile.user.user_id,
-        email: userProfile.user.email,
-        role: userProfile.role,
-      };
-      const accessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
      try {
-        const refreshToken = crypto.randomBytes(64).toString('hex');
-        await userRepo.saveRefreshToken(userProfile.user.user_id, refreshToken, req.log);
+        const { rememberMe } = req.body;
+        const userProfile = user as UserProfile;
+        const { accessToken, refreshToken } = await authService.handleSuccessfulLogin(userProfile, req.log);
        req.log.info(`JWT and refresh token issued for user: ${userProfile.user.email}`);

        const cookieOptions = {
          httpOnly: true,
          secure: process.env.NODE_ENV === 'production',
-          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined,
+          maxAge: rememberMe ? 30 * 24 * 60 * 60 * 1000 : undefined, // 30 days
        };

        res.cookie('refreshToken', refreshToken, cookieOptions);
        // Return the full user profile object on login to avoid a second fetch on the client.
        return res.json({ userprofile: userProfile, token: accessToken });
      } catch (tokenErr) {
-        req.log.error(
-          { error: tokenErr },
-          `Failed to save refresh token during login for user: ${userProfile.user.email}`,
-        );
+        const email = (user as UserProfile)?.user?.email || req.body.email;
+        req.log.error({ error: tokenErr }, `Failed to process login for user: ${email}`);
        return next(tokenErr);
      }
    },
@@ -221,38 +181,14 @@ router.post(
    } = req as unknown as ForgotPasswordRequest;

    try {
-      req.log.debug(`[API /forgot-password] Received request for email: ${email}`);
-      const user = await userRepo.findUserByEmail(email, req.log);
-      let token: string | undefined;
-      req.log.debug(
-        { user: user ? { user_id: user.user_id, email: user.email } : 'NOT FOUND' },
-        `[API /forgot-password] Database search result for ${email}:`,
-      );
-
-      if (user) {
-        token = crypto.randomBytes(32).toString('hex');
-        const saltRounds = 10;
-        const tokenHash = await bcrypt.hash(token, saltRounds);
-        const expiresAt = new Date(Date.now() + 3600000); // 1 hour
-
-        await userRepo.createPasswordResetToken(user.user_id, tokenHash, expiresAt, req.log);
-
-        const resetLink = `${process.env.FRONTEND_URL}/reset-password/${token}`;
-
-        try {
-          await sendPasswordResetEmail(email, resetLink, req.log);
-        } catch (emailError) {
-          req.log.error({ emailError }, `Email send failure during password reset for user`);
-        }
-      } else {
-        req.log.warn(`Password reset requested for non-existent email: ${email}`);
-      }
+      // The service handles finding the user, creating the token, and sending the email.
+      const token = await authService.resetPassword(email, req.log);

      // For testability, return the token in the response only in the test environment.
      const responsePayload: { message: string; token?: string } = {
        message: 'If an account with that email exists, a password reset link has been sent.',
      };
-      if (process.env.NODE_ENV === 'test' && user) responsePayload.token = token;
+      if (process.env.NODE_ENV === 'test' && token) responsePayload.token = token;
      res.status(200).json(responsePayload);
    } catch (error) {
      req.log.error({ error }, `An error occurred during /forgot-password for email: ${email}`);
@@ -273,38 +209,12 @@ router.post(
    } = req as unknown as ResetPasswordRequest;

    try {
-      const validTokens = await userRepo.getValidResetTokens(req.log);
-      let tokenRecord;
-      for (const record of validTokens) {
-        const isMatch = await bcrypt.compare(token, record.token_hash);
-        if (isMatch) {
-          tokenRecord = record;
-          break;
-        }
-      }
+      const resetSuccessful = await authService.updatePassword(token, newPassword, req.log);

-      if (!tokenRecord) {
+      if (!resetSuccessful) {
        return res.status(400).json({ message: 'Invalid or expired password reset token.' });
      }

-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(newPassword, saltRounds);
-
-      await userRepo.updateUserPassword(tokenRecord.user_id, hashedPassword, req.log);
-      await userRepo.deleteResetToken(tokenRecord.token_hash, req.log);
-
-      // Log this security event after a successful password reset.
-      await adminRepo.logActivity(
-        {
-          userId: tokenRecord.user_id,
-          action: 'password_reset',
-          displayText: `User ID ${tokenRecord.user_id} has reset their password.`,
-          icon: 'key',
-          details: { source_ip: req.ip ?? null },
-        },
-        req.log,
-      );
-
      res.status(200).json({ message: 'Password has been reset successfully.' });
    } catch (error) {
      req.log.error({ error }, `An error occurred during password reset.`);
@@ -321,15 +231,11 @@ router.post('/refresh-token', async (req: Request, res: Response, next: NextFunc
  }

  try {
-    const user = await userRepo.findUserByRefreshToken(refreshToken, req.log);
-    if (!user) {
+    const result = await authService.refreshAccessToken(refreshToken, req.log);
+    if (!result) {
      return res.status(403).json({ message: 'Invalid or expired refresh token.' });
    }
-
-    const payload = { user_id: user.user_id, email: user.email };
-    const newAccessToken = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
-
-    res.json({ token: newAccessToken });
+    res.json({ token: result.accessToken });
  } catch (error) {
    req.log.error({ error }, 'An error occurred during /refresh-token.');
    next(error);
@@ -346,8 +252,8 @@ router.post('/logout', async (req: Request, res: Response) => {
  if (refreshToken) {
    // Invalidate the token in the database so it cannot be used again.
    // We don't need to wait for this to finish to respond to the user.
-    userRepo.deleteRefreshToken(refreshToken, req.log).catch((err: Error) => {
-      req.log.error({ error: err }, 'Failed to delete refresh token from DB during logout.');
+    authService.logout(refreshToken, req.log).catch((err: Error) => {
+      req.log.error({ error: err }, 'Logout token invalidation failed in background.');
    });
  }
  // Instruct the browser to clear the cookie by setting its expiration to the past.
--- a/src/routes/gamification.routes.ts
+++ b/src/routes/gamification.routes.ts
@@ -1,11 +1,10 @@
 // src/routes/gamification.routes.ts
 import express, { NextFunction } from 'express';
 import { z } from 'zod';
-import passport, { isAdmin } from './passport.routes';
-import { gamificationRepo } from '../services/db/index.db';
+import passport, { isAdmin } from './passport.routes'; // Correctly imported
+import { gamificationService } from '../services/gamificationService';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
-import { ForeignKeyConstraintError } from '../services/db/errors.db';
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString, optionalNumeric } from '../utils/zodUtils';

@@ -14,10 +13,12 @@ const adminGamificationRouter = express.Router(); // Create a new router for adm

 // --- Zod Schemas for Gamification Routes (as per ADR-003) ---

+const leaderboardQuerySchema = z.object({
+  limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
+});
+
 const leaderboardSchema = z.object({
-  query: z.object({
-    limit: optionalNumeric({ default: 10, integer: true, positive: true, max: 50 }),
-  }),
+  query: leaderboardQuerySchema,
 });

 const awardAchievementSchema = z.object({
@@ -35,7 +36,7 @@ const awardAchievementSchema = z.object({
 */
 router.get('/', async (req, res, next: NextFunction) => {
  try {
-    const achievements = await gamificationRepo.getAllAchievements(req.log);
+    const achievements = await gamificationService.getAllAchievements(req.log);
    res.json(achievements);
  } catch (error) {
    logger.error({ error }, 'Error fetching all achievements in /api/achievements:');
@@ -51,14 +52,11 @@ router.get(
  '/leaderboard',
  validateRequest(leaderboardSchema),
  async (req, res, next: NextFunction): Promise<void> => {
-    // Apply ADR-003 pattern for type safety.
-    // Explicitly coerce query params to ensure numbers are passed to the repo,
-    // as validateRequest might not replace req.query in all test environments.
-    const query = req.query as unknown as { limit?: string };
-    const limit = query.limit ? Number(query.limit) : 10;
-
    try {
-      const leaderboard = await gamificationRepo.getLeaderboard(limit, req.log);
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
+      const { limit } = leaderboardQuerySchema.parse(req.query);
+      const leaderboard = await gamificationService.getLeaderboard(limit!, req.log);
      res.json(leaderboard);
    } catch (error) {
      logger.error({ error }, 'Error fetching leaderboard:');
@@ -79,7 +77,7 @@ router.get(
  async (req, res, next: NextFunction): Promise<void> => {
    const userProfile = req.user as UserProfile;
    try {
-      const userAchievements = await gamificationRepo.getUserAchievements(
+      const userAchievements = await gamificationService.getUserAchievements(
        userProfile.user.user_id,
        req.log,
      );
@@ -111,21 +109,13 @@ adminGamificationRouter.post(
    type AwardAchievementRequest = z.infer<typeof awardAchievementSchema>;
    const { body } = req as unknown as AwardAchievementRequest;
    try {
-      await gamificationRepo.awardAchievement(body.userId, body.achievementName, req.log);
+      await gamificationService.awardAchievement(body.userId, body.achievementName, req.log);
      res
        .status(200)
        .json({
          message: `Successfully awarded '${body.achievementName}' to user ${body.userId}.`,
        });
    } catch (error) {
-      if (error instanceof ForeignKeyConstraintError) {
-        res.status(400).json({ message: error.message });
-        return;
-      }
-      logger.error(
-        { error, userId: body.userId, achievementName: body.achievementName },
-        'Error awarding achievement via admin endpoint:',
-      );
      next(error);
    }
  },
--- a/src/routes/health.routes.test.ts
+++ b/src/routes/health.routes.test.ts
@@ -164,11 +164,12 @@ describe('Health Routes (/api/health)', () => {
      expect(response.body.message).toBe('DB connection failed'); // This is the message from the original error
      expect(response.body.stack).toBeDefined();
      expect(response.body.errorId).toEqual(expect.any(String));
+      console.log('[DEBUG] health.routes.test.ts: Verifying logger.error for DB schema check failure');
      expect(mockLogger.error).toHaveBeenCalledWith(
        expect.objectContaining({
          err: expect.any(Error),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });

@@ -186,7 +187,7 @@ describe('Health Routes (/api/health)', () => {
        expect.objectContaining({
          err: expect.objectContaining({ message: 'DB connection failed' }),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });
  });
@@ -220,7 +221,7 @@ describe('Health Routes (/api/health)', () => {
        expect.objectContaining({
          err: expect.any(Error),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });

@@ -239,7 +240,7 @@ describe('Health Routes (/api/health)', () => {
        expect.objectContaining({
          err: expect.any(Error),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });
  });
@@ -300,7 +301,7 @@ describe('Health Routes (/api/health)', () => {
      expect.objectContaining({
        err: expect.any(Error),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
  });

@@ -321,7 +322,7 @@ describe('Health Routes (/api/health)', () => {
      expect.objectContaining({
        err: expect.objectContaining({ message: 'Pool is not initialized' }),
      }),
-      expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+      expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
    );
  });

@@ -336,11 +337,12 @@ describe('Health Routes (/api/health)', () => {
      expect(response.body.message).toBe('Connection timed out');
      expect(response.body.stack).toBeDefined();
      expect(response.body.errorId).toEqual(expect.any(String));
+      console.log('[DEBUG] health.routes.test.ts: Checking if logger.error was called with the correct pattern');
      expect(mockLogger.error).toHaveBeenCalledWith(
        expect.objectContaining({
          err: expect.any(Error),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });

@@ -357,7 +359,7 @@ describe('Health Routes (/api/health)', () => {
        expect.objectContaining({
          err: expect.any(Error),
        }),
-        expect.stringMatching(/Unhandled API Error \(ID: \w+\)/),
+        expect.stringMatching(/Unhandled API Error \(ID: [\w-]+\)/),
      );
    });
  });
--- a/src/routes/passport.routes.test.ts
+++ b/src/routes/passport.routes.test.ts
@@ -482,8 +482,8 @@ describe('Passport Configuration', () => {
      const mockReq: Partial<Request> = {
        // An object that is not a valid UserProfile (e.g., missing 'role')
        user: {
-          user_id: 'invalid-user-id',
-        } as any,
+          user: { user_id: 'invalid-user-id' }, // Missing 'role' property
+        } as unknown as UserProfile, // Cast to UserProfile to satisfy req.user type, but it's intentionally malformed
      };

      // Act
--- a/src/routes/passport.routes.ts
+++ b/src/routes/passport.routes.ts
@@ -260,6 +260,13 @@ const jwtOptions = {
  secretOrKey: JWT_SECRET,
 };

+// --- DEBUG LOGGING FOR JWT SECRET ---
+if (!JWT_SECRET) {
+  logger.fatal('[Passport] CRITICAL: JWT_SECRET is missing or empty in environment variables! JwtStrategy will fail.');
+} else {
+  logger.info(`[Passport] JWT_SECRET loaded successfully (length: ${JWT_SECRET.length}).`);
+}
+
 passport.use(
  new JwtStrategy(jwtOptions, async (jwt_payload, done) => {
    logger.debug(
--- a/src/routes/personalization.routes.ts
+++ b/src/routes/personalization.routes.ts
@@ -19,6 +19,12 @@ router.get(
  validateRequest(emptySchema),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
+      // LOGGING: Track how often this heavy DB call is actually made vs served from cache
+      req.log.info('Fetching master items list from database...');
+
+      // Optimization: This list changes rarely. Instruct clients to cache it for 1 hour (3600s).
+      res.set('Cache-Control', 'public, max-age=3600');
+
      const masterItems = await db.personalizationRepo.getAllMasterItems(req.log);
      res.json(masterItems);
    } catch (error) {
--- a/src/routes/reactions.routes.ts
+++ b/src/routes/reactions.routes.ts
@@ -0,0 +1,109 @@
+import { Router, Request, Response, NextFunction } from 'express';
+import { z } from 'zod';
+import { reactionRepo } from '../services/db/index.db';
+import { validateRequest } from '../middleware/validation.middleware';
+import passport from './passport.routes';
+import { requiredString } from '../utils/zodUtils';
+import { UserProfile } from '../types';
+
+const router = Router();
+
+// --- Zod Schemas for Reaction Routes ---
+
+const getReactionsSchema = z.object({
+  query: z.object({
+    userId: z.string().uuid().optional(),
+    entityType: z.string().optional(),
+    entityId: z.string().optional(),
+  }),
+});
+
+const toggleReactionSchema = z.object({
+  body: z.object({
+    entity_type: requiredString('entity_type is required.'),
+    entity_id: requiredString('entity_id is required.'),
+    reaction_type: requiredString('reaction_type is required.'),
+  }),
+});
+
+const getReactionSummarySchema = z.object({
+  query: z.object({
+    entityType: requiredString('entityType is required.'),
+    entityId: requiredString('entityId is required.'),
+  }),
+});
+
+// --- Routes ---
+
+/**
+ * GET /api/reactions - Fetches user reactions based on query filters.
+ * Supports filtering by userId, entityType, and entityId.
+ * This is a public endpoint.
+ */
+router.get(
+  '/',
+  validateRequest(getReactionsSchema),
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const { query } = getReactionsSchema.parse({ query: req.query });
+      const reactions = await reactionRepo.getReactions(query, req.log);
+      res.json(reactions);
+    } catch (error) {
+      req.log.error({ error }, 'Error fetching user reactions');
+      next(error);
+    }
+  },
+);
+
+/**
+ * GET /api/reactions/summary - Fetches a summary of reactions for a specific entity.
+ * Example: /api/reactions/summary?entityType=recipe&entityId=123
+ * This is a public endpoint.
+ */
+router.get(
+  '/summary',
+  validateRequest(getReactionSummarySchema),
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const { query } = getReactionSummarySchema.parse({ query: req.query });
+      const summary = await reactionRepo.getReactionSummary(query.entityType, query.entityId, req.log);
+      res.json(summary);
+    } catch (error) {
+      req.log.error({ error }, 'Error fetching reaction summary');
+      next(error);
+    }
+  },
+);
+
+/**
+ * POST /api/reactions/toggle - Toggles a user's reaction to an entity.
+ * This is a protected endpoint.
+ */
+router.post(
+  '/toggle',
+  passport.authenticate('jwt', { session: false }),
+  validateRequest(toggleReactionSchema),
+  async (req: Request, res: Response, next: NextFunction) => {
+    const userProfile = req.user as UserProfile;
+    type ToggleReactionRequest = z.infer<typeof toggleReactionSchema>;
+    const { body } = req as unknown as ToggleReactionRequest;
+
+    try {
+      const reactionData = {
+        user_id: userProfile.user.user_id,
+        ...body,
+      };
+      const result = await reactionRepo.toggleReaction(reactionData, req.log);
+      if (result) {
+        res.status(201).json({ message: 'Reaction added.', reaction: result });
+      } else {
+        res.status(200).json({ message: 'Reaction removed.' });
+      }
+    } catch (error) {
+      req.log.error({ error, body }, 'Error toggling user reaction');
+      next(error);
+    }
+  },
+);
+
+export default router;
--- a/src/routes/recipe.routes.ts
+++ b/src/routes/recipe.routes.ts
@@ -2,6 +2,8 @@
 import { Router } from 'express';
 import { z } from 'zod';
 import * as db from '../services/db/index.db';
+import { aiService } from '../services/aiService.server';
+import passport from './passport.routes';
 import { validateRequest } from '../middleware/validation.middleware';
 import { requiredString, numericIdParam, optionalNumeric } from '../utils/zodUtils';

@@ -28,6 +30,12 @@ const byIngredientAndTagSchema = z.object({

 const recipeIdParamsSchema = numericIdParam('recipeId');

+const suggestRecipeSchema = z.object({
+  body: z.object({
+    ingredients: z.array(z.string().min(1)).nonempty('At least one ingredient is required.'),
+  }),
+});
+
 /**
 * GET /api/recipes/by-sale-percentage - Get recipes based on the percentage of their ingredients on sale.
 */
@@ -121,4 +129,31 @@ router.get('/:recipeId', validateRequest(recipeIdParamsSchema), async (req, res,
  }
 });

+/**
+ * POST /api/recipes/suggest - Generates a simple recipe suggestion from a list of ingredients.
+ * This is a protected endpoint.
+ */
+router.post(
+  '/suggest',
+  passport.authenticate('jwt', { session: false }),
+  validateRequest(suggestRecipeSchema),
+  async (req, res, next) => {
+    try {
+      const { body } = req as unknown as z.infer<typeof suggestRecipeSchema>;
+      const suggestion = await aiService.generateRecipeSuggestion(body.ingredients, req.log);
+
+      if (!suggestion) {
+        return res
+          .status(503)
+          .json({ message: 'AI service is currently unavailable or failed to generate a suggestion.' });
+      }
+
+      res.json({ suggestion });
+    } catch (error) {
+      req.log.error({ error }, 'Error generating recipe suggestion');
+      next(error);
+    }
+  },
+);
+
 export default router;
--- a/src/routes/stats.routes.ts
+++ b/src/routes/stats.routes.ts
@@ -28,10 +28,9 @@ router.get(
  validateRequest(mostFrequentSalesSchema),
  async (req: Request, res: Response, next: NextFunction) => {
    try {
-      // Parse req.query to ensure coercion (string -> number) and defaults are applied.
-      // Even though validateRequest checks validity, it may not mutate req.query with the parsed result.
+      // The `validateRequest` middleware ensures `req.query` is valid.
+      // We parse it here to apply Zod's coercions (string to number) and defaults.
      const { days, limit } = statsQuerySchema.parse(req.query);
-
      const items = await db.adminRepo.getMostFrequentSaleItems(days!, limit!, req.log);
      res.json(items);
    } catch (error) {
--- a/src/routes/system.routes.test.ts
+++ b/src/routes/system.routes.test.ts
@@ -1,26 +1,15 @@
 // src/routes/system.routes.test.ts
 import { describe, it, expect, vi, beforeEach } from 'vitest';
 import supertest from 'supertest';
-import systemRouter from './system.routes'; // This was a duplicate, fixed.
-import { exec, type ExecException, type ExecOptions } from 'child_process';
-import { geocodingService } from '../services/geocodingService.server';
 import { createTestApp } from '../tests/utils/createTestApp';

-// FIX: Use the simple factory pattern for child_process to avoid default export issues
-vi.mock('child_process', () => {
-  const mockExec = vi.fn((command, callback) => {
-    if (typeof callback === 'function') {
-      callback(null, 'PM2 OK', '');
-    }
-    return { unref: () => {} };
-  });
-
-  return {
-    default: { exec: mockExec },
-    exec: mockExec,
-  };
-});
-
+// 1. Mock the Service Layer
+// This decouples the route test from the service's implementation details.
+vi.mock('../services/systemService', () => ({
+  systemService: {
+    getPm2Status: vi.fn(),
+  },
+}));
 // 2. Mock Geocoding
 vi.mock('../services/geocodingService.server', () => ({
  geocodingService: {
@@ -39,44 +28,25 @@ vi.mock('../services/logger.server', () => ({
  },
 }));

+// Import the router AFTER all mocks are defined to ensure systemService picks up the mocked util.promisify
+import { systemService } from '../services/systemService';
+import systemRouter from './system.routes';
+import { geocodingService } from '../services/geocodingService.server';
+
 describe('System Routes (/api/system)', () => {
  const app = createTestApp({ router: systemRouter, basePath: '/api/system' });

  beforeEach(() => {
-    // We cast here to get type-safe access to mock functions like .mockImplementation
    vi.clearAllMocks();
  });

  describe('GET /pm2-status', () => {
    it('should return success: true when pm2 process is online', async () => {
      // Arrange: Simulate a successful `pm2 describe` output for an online process.
-      const pm2OnlineOutput = `
-        ┌─ PM2 info ────────────────┐
-        │ status    │ online    │
-        └───────────┴───────────┘
-      `;
-
-      type ExecCallback = (error: ExecException | null, stdout: string, stderr: string) => void;
-
-      // A robust mock for `exec` that handles its multiple overloads.
-      // This avoids the complex and error-prone `...args` signature.
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?: ExecOptions | ExecCallback | null,
-          callback?: ExecCallback | null,
-        ) => {
-          // The actual callback can be the second or third argument.
-          const actualCallback = (
-            typeof options === 'function' ? options : callback
-          ) as ExecCallback;
-          if (actualCallback) {
-            actualCallback(null, pm2OnlineOutput, '');
-          }
-          // Return a minimal object that satisfies the ChildProcess type for .unref()
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: true,
+        message: 'Application is online and running under PM2.',
+      });

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
@@ -90,28 +60,10 @@ describe('System Routes (/api/system)', () => {
    });

    it('should return success: false when pm2 process is stopped or errored', async () => {
-      const pm2StoppedOutput = `│ status    │ stopped   │`;
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(null, pm2StoppedOutput, '');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: false,
+        message: 'Application process exists but is not online.',
+      });

      const response = await supertest(app).get('/api/system/pm2-status');

@@ -122,33 +74,10 @@ describe('System Routes (/api/system)', () => {

    it('should return success: false when pm2 process does not exist', async () => {
      // Arrange: Simulate `pm2 describe` failing because the process isn't found.
-      const processNotFoundOutput =
-        "[PM2][ERROR] Process or Namespace flyer-crawler-api doesn't exist";
-      const processNotFoundError = new Error(
-        'Command failed: pm2 describe flyer-crawler-api',
-      ) as ExecException;
-      processNotFoundError.code = 1;
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(processNotFoundError, processNotFoundOutput, '');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      vi.mocked(systemService.getPm2Status).mockResolvedValue({
+        success: false,
+        message: 'Application process is not running under PM2.',
+      });

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
@@ -163,55 +92,17 @@ describe('System Routes (/api/system)', () => {

    it('should return 500 if pm2 command produces stderr output', async () => {
      // Arrange: Simulate a successful exit code but with content in stderr.
-      const stderrOutput = 'A non-fatal warning occurred.';
-
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(null, 'Some stdout', stderrOutput);
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      const serviceError = new Error('PM2 command produced an error: A non-fatal warning occurred.');
+      vi.mocked(systemService.getPm2Status).mockRejectedValue(serviceError);

      const response = await supertest(app).get('/api/system/pm2-status');
      expect(response.status).toBe(500);
-      expect(response.body.message).toBe(`PM2 command produced an error: ${stderrOutput}`);
+      expect(response.body.message).toBe(serviceError.message);
    });

    it('should return 500 on a generic exec error', async () => {
-      vi.mocked(exec).mockImplementation(
-        (
-          command: string,
-          options?:
-            | ExecOptions
-            | ((error: ExecException | null, stdout: string, stderr: string) => void)
-            | null,
-          callback?: ((error: ExecException | null, stdout: string, stderr: string) => void) | null,
-        ) => {
-          const actualCallback = (typeof options === 'function' ? options : callback) as (
-            error: ExecException | null,
-            stdout: string,
-            stderr: string,
-          ) => void;
-          if (actualCallback) {
-            actualCallback(new Error('System error') as ExecException, '', 'stderr output');
-          }
-          return { unref: () => {} } as ReturnType<typeof exec>;
-        },
-      );
+      const serviceError = new Error('System error');
+      vi.mocked(systemService.getPm2Status).mockRejectedValue(serviceError);

      // Act
      const response = await supertest(app).get('/api/system/pm2-status');
--- a/src/routes/system.routes.ts
+++ b/src/routes/system.routes.ts
@@ -1,11 +1,11 @@
 // src/routes/system.routes.ts
 import { Router, Request, Response, NextFunction } from 'express';
-import { exec } from 'child_process';
-import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { geocodingService } from '../services/geocodingService.server';
 import { validateRequest } from '../middleware/validation.middleware';
+import { z } from 'zod';
 import { requiredString } from '../utils/zodUtils';
+import { systemService } from '../services/systemService';

 const router = Router();

@@ -25,39 +25,13 @@ const emptySchema = z.object({});
 router.get(
  '/pm2-status',
  validateRequest(emptySchema),
-  (req: Request, res: Response, next: NextFunction) => {
-    // The name 'flyer-crawler-api' comes from your ecosystem.config.cjs file.
-    exec('pm2 describe flyer-crawler-api', (error, stdout, stderr) => {
-      if (error) {
-        // 'pm2 describe' exits with an error if the process is not found.
-        // We can treat this as a "fail" status for our check.
-        if (stdout && stdout.includes("doesn't exist")) {
-          logger.warn('[API /pm2-status] PM2 process "flyer-crawler-api" not found.');
-          return res.json({
-            success: false,
-            message: 'Application process is not running under PM2.',
-          });
-        }
-        logger.error(
-          { error: stderr || error.message },
-          '[API /pm2-status] Error executing pm2 describe:',
-        );
-        return next(error);
-      }
-
-      // Check if there was output to stderr, even if the exit code was 0 (success).
-      if (stderr && stderr.trim().length > 0) {
-        logger.error({ stderr }, '[API /pm2-status] PM2 executed but produced stderr:');
-        return next(new Error(`PM2 command produced an error: ${stderr}`));
-      }
-
-      // If the command succeeds, we can parse stdout to check the status.
-      const isOnline = /│ status\s+│ online\s+│/m.test(stdout);
-      const message = isOnline
-        ? 'Application is online and running under PM2.'
-        : 'Application process exists but is not online.';
-      res.json({ success: isOnline, message });
-    });
+  async (req: Request, res: Response, next: NextFunction) => {
+    try {
+      const status = await systemService.getPm2Status();
+      res.json(status);
+    } catch (error) {
+      next(error);
+    }
  },
 );

--- a/src/routes/user.routes.test.ts
+++ b/src/routes/user.routes.test.ts
@@ -1,8 +1,8 @@
 // src/routes/user.routes.test.ts
-import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { describe, it, expect, vi, beforeEach, afterAll } from 'vitest';
 import supertest from 'supertest';
 import express from 'express';
-import * as bcrypt from 'bcrypt';
+import path from 'path';
 import fs from 'node:fs/promises';
 import {
  createMockUserProfile,
@@ -17,10 +17,12 @@ import {
  createMockAddress,
 } from '../tests/utils/mockFactories';
 import { Appliance, Notification, DietaryRestriction } from '../types';
-import { ForeignKeyConstraintError, NotFoundError } from '../services/db/errors.db';
+import { ForeignKeyConstraintError, NotFoundError, ValidationError } from '../services/db/errors.db';
 import { createTestApp } from '../tests/utils/createTestApp';
 import { mockLogger } from '../tests/utils/mockLogger';
+import { cleanupFiles } from '../tests/utils/cleanupFiles';
 import { logger } from '../services/logger.server';
+import { userService } from '../services/userService';

 // 1. Mock the Service Layer directly.
 // The user.routes.ts file imports from '.../db/index.db'. We need to mock that module.
@@ -29,9 +31,6 @@ vi.mock('../services/db/index.db', () => ({
  userRepo: {
    findUserProfileById: vi.fn(),
    updateUserProfile: vi.fn(),
-    updateUserPassword: vi.fn(),
-    findUserWithPasswordHashById: vi.fn(),
-    deleteUserById: vi.fn(),
    updateUserPreferences: vi.fn(),
  },
  personalizationRepo: {
@@ -70,22 +69,14 @@ vi.mock('../services/db/index.db', () => ({
 // Mock userService
 vi.mock('../services/userService', () => ({
  userService: {
+    updateUserAvatar: vi.fn(),
+    updateUserPassword: vi.fn(),
+    deleteUserAccount: vi.fn(),
+    getUserAddress: vi.fn(),
    upsertUserAddress: vi.fn(),
  },
 }));

-// 2. Mock bcrypt.
-// We return an object that satisfies both default and named imports to be safe.
-vi.mock('bcrypt', () => {
-  const hash = vi.fn();
-  const compare = vi.fn();
-  return {
-    default: { hash, compare },
-    hash,
-    compare,
-  };
-});
-
 // Mock the logger
 vi.mock('../services/logger.server', async () => ({
  // Use async import to avoid hoisting issues with mockLogger
@@ -94,7 +85,6 @@ vi.mock('../services/logger.server', async () => ({

 // Import the router and other modules AFTER mocks are established
 import userRouter from './user.routes';
-import { userService } from '../services/userService'; // Import for checking calls
 // Import the mocked db module to control its functions in tests
 import * as db from '../services/db/index.db';

@@ -178,6 +168,26 @@ describe('User Routes (/api/users)', () => {
    beforeEach(() => {
      // All tests in this block will use the authenticated app
    });
+
+    afterAll(async () => {
+      // Safeguard to clean up any avatar files created during tests.
+      const uploadDir = path.resolve(__dirname, '../../../uploads/avatars');
+      try {
+        const allFiles = await fs.readdir(uploadDir);
+        // Files are named like 'avatar-user-123-timestamp.ext'
+        const testFiles = allFiles
+          .filter((f) => f.startsWith(`avatar-${mockUserProfile.user.user_id}`))
+          .map((f) => path.join(uploadDir, f));
+
+        if (testFiles.length > 0) {
+          await cleanupFiles(testFiles);
+        }
+      } catch (error) {
+        if (error instanceof Error && (error as NodeJS.ErrnoException).code !== 'ENOENT') {
+          console.error('Error during user routes test file cleanup:', error);
+        }
+      }
+    });
    describe('GET /profile', () => {
      it('should return the full user profile', async () => {
        vi.mocked(db.userRepo.findUserProfileById).mockResolvedValue(mockUserProfile);
@@ -472,6 +482,12 @@ describe('User Routes (/api/users)', () => {

        expect(response.status).toBe(201);
        expect(response.body).toEqual(mockAddedItem);
+        expect(db.shoppingRepo.addShoppingListItem).toHaveBeenCalledWith(
+          listId,
+          mockUserProfile.user.user_id,
+          itemData,
+          expectLogger,
+        );
      });

      it('should return 400 on foreign key error when adding an item', async () => {
@@ -509,6 +525,12 @@ describe('User Routes (/api/users)', () => {

        expect(response.status).toBe(200);
        expect(response.body).toEqual(mockUpdatedItem);
+        expect(db.shoppingRepo.updateShoppingListItem).toHaveBeenCalledWith(
+          itemId,
+          mockUserProfile.user.user_id,
+          updates,
+          expectLogger,
+        );
      });

      it('should return 404 if item to update is not found', async () => {
@@ -544,6 +566,11 @@ describe('User Routes (/api/users)', () => {
          vi.mocked(db.shoppingRepo.removeShoppingListItem).mockResolvedValue(undefined);
          const response = await supertest(app).delete('/api/users/shopping-lists/items/101');
          expect(response.status).toBe(204);
+          expect(db.shoppingRepo.removeShoppingListItem).toHaveBeenCalledWith(
+            101,
+            mockUserProfile.user.user_id,
+            expectLogger,
+          );
        });

        it('should return 404 if item to delete is not found', async () => {
@@ -575,6 +602,27 @@ describe('User Routes (/api/users)', () => {
        expect(response.body).toEqual(updatedProfile);
      });

+      it('should allow updating the profile with an empty string for avatar_url', async () => {
+        // Arrange
+        const profileUpdates = { avatar_url: '' };
+        // The service should receive `undefined` after Zod preprocessing
+        const updatedProfile = createMockUserProfile({ ...mockUserProfile, avatar_url: undefined });
+        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue(updatedProfile);
+
+        // Act
+        const response = await supertest(app).put('/api/users/profile').send(profileUpdates);
+
+        // Assert
+        expect(response.status).toBe(200);
+        expect(response.body).toEqual(updatedProfile);
+        // Verify that the Zod schema preprocessed the empty string to undefined
+        expect(db.userRepo.updateUserProfile).toHaveBeenCalledWith(
+          mockUserProfile.user.user_id,
+          { avatar_url: undefined },
+          expectLogger,
+        );
+      });
+
      it('should return 500 on a generic database error', async () => {
        const dbError = new Error('DB Connection Failed');
        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
@@ -599,20 +647,17 @@ describe('User Routes (/api/users)', () => {

    describe('PUT /profile/password', () => {
      it('should update the password successfully with a strong password', async () => {
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockResolvedValue(undefined);
+        vi.mocked(userService.updateUserPassword).mockResolvedValue(undefined);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
-
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Password updated successfully.');
      });

      it('should return 500 on a generic database error', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(bcrypt.hash).mockResolvedValue('hashed-password' as never);
-        vi.mocked(db.userRepo.updateUserPassword).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserPassword).mockRejectedValue(dbError);
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'a-Very-Strong-Password-456!' });
@@ -624,7 +669,6 @@ describe('User Routes (/api/users)', () => {
      });

      it('should return 400 for a weak password', async () => {
-        // Use a password long enough to pass .min(8) but weak enough to fail strength check
        const response = await supertest(app)
          .put('/api/users/profile/password')
          .send({ newPassword: 'password123' });
@@ -636,70 +680,38 @@ describe('User Routes (/api/users)', () => {

    describe('DELETE /account', () => {
      it('should delete the account with the correct password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(db.userRepo.deleteUserById).mockResolvedValue(undefined);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
+        vi.mocked(userService.deleteUserAccount).mockResolvedValue(undefined);
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
        expect(response.status).toBe(200);
        expect(response.body.message).toBe('Account deleted successfully.');
+        expect(userService.deleteUserAccount).toHaveBeenCalledWith('user-123', 'correct-password', expectLogger);
      });

-      it('should return 403 for an incorrect password', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(false as never);
+      it('should return 400 for an incorrect password', async () => {
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new ValidationError([], 'Incorrect password.'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'wrong-password' });

-        expect(response.status).toBe(403);
+        expect(response.status).toBe(400);
        expect(response.body.message).toBe('Incorrect password.');
      });

      it('should return 404 if the user to delete is not found', async () => {
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockRejectedValue(
-          new NotFoundError('User not found or password not set.'),
-        );
-        const response = await supertest(app)
-          .delete('/api/users/account')
-          .send({ password: 'any-password' });
-        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
-      });
-
-      it('should return 404 if user is an OAuth user without a password', async () => {
-        // Simulate an OAuth user who has no password_hash set.
-        const userWithoutHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: null,
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithoutHash);
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new NotFoundError('User not found.'));

        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'any-password' });

        expect(response.status).toBe(404);
-        expect(response.body.message).toBe('User not found or password not set.');
+        expect(response.body.message).toBe('User not found.');
      });

      it('should return 500 on a generic database error', async () => {
-        const userWithHash = createMockUserWithPasswordHash({
-          ...mockUserProfile.user,
-          password_hash: 'hashed-password',
-        });
-        vi.mocked(db.userRepo.findUserWithPasswordHashById).mockResolvedValue(userWithHash);
-        vi.mocked(bcrypt.compare).mockResolvedValue(true as never);
-        vi.mocked(db.userRepo.deleteUserById).mockRejectedValue(new Error('DB Connection Failed'));
+        vi.mocked(userService.deleteUserAccount).mockRejectedValue(new Error('DB Connection Failed'));
        const response = await supertest(app)
          .delete('/api/users/account')
          .send({ password: 'correct-password' });
@@ -980,7 +992,7 @@ describe('User Routes (/api/users)', () => {
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
        const mockAddress = createMockAddress({ address_id: 1, address_line_1: '123 Main St' });
-        vi.mocked(db.addressRepo.getAddressById).mockResolvedValue(mockAddress);
+        vi.mocked(userService.getUserAddress).mockResolvedValue(mockAddress);
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(200);
        expect(response.body).toEqual(mockAddress);
@@ -992,7 +1004,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(new Error('DB Error'));
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new Error('DB Error'));
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
        expect(response.status).toBe(500);
      });
@@ -1005,13 +1017,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('GET /addresses/:addressId should return 403 if address does not belong to user', async () => {
-        const appWithDifferentUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: 999 },
-        });
-        const response = await supertest(appWithDifferentUser).get('/api/users/addresses/1');
-        expect(response.status).toBe(403);
+        vi.mocked(userService.getUserAddress).mockRejectedValue(new ValidationError([], 'Forbidden'));
+        const response = await supertest(app).get('/api/users/addresses/2'); // Requesting address 2
+        expect(response.status).toBe(400); // ValidationError maps to 400 by default in the test error handler
+        expect(response.body.message).toBe('Forbidden');
      });

      it('GET /addresses/:addressId should return 404 if address not found', async () => {
@@ -1020,7 +1029,7 @@ describe('User Routes (/api/users)', () => {
          basePath,
          authenticatedUser: { ...mockUserProfile, address_id: 1 },
        });
-        vi.mocked(db.addressRepo.getAddressById).mockRejectedValue(
+        vi.mocked(userService.getUserAddress).mockRejectedValue(
          new NotFoundError('Address not found.'),
        );
        const response = await supertest(appWithUser).get('/api/users/addresses/1');
@@ -1029,19 +1038,10 @@ describe('User Routes (/api/users)', () => {
      });

      it('PUT /profile/address should call upsertAddress and updateUserProfile if needed', async () => {
-        const appWithUser = createTestApp({
-          router: userRouter,
-          basePath,
-          authenticatedUser: { ...mockUserProfile, address_id: null },
-        }); // User has no address yet
        const addressData = { address_line_1: '123 New St' };
-        vi.mocked(db.addressRepo.upsertAddress).mockResolvedValue(5); // New address ID is 5
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue({
-          ...mockUserProfile,
-          address_id: 5,
-        });
+        vi.mocked(userService.upsertUserAddress).mockResolvedValue(5);

-        const response = await supertest(appWithUser)
+        const response = await supertest(app)
          .put('/api/users/profile/address')
          .send(addressData);

@@ -1073,11 +1073,11 @@ describe('User Routes (/api/users)', () => {

    describe('POST /profile/avatar', () => {
      it('should upload an avatar and update the user profile', async () => {
-        const mockUpdatedProfile = {
+        const mockUpdatedProfile = createMockUserProfile({
          ...mockUserProfile,
          avatar_url: '/uploads/avatars/new-avatar.png',
-        };
-        vi.mocked(db.userRepo.updateUserProfile).mockResolvedValue(mockUpdatedProfile);
+        });
+        vi.mocked(userService.updateUserAvatar).mockResolvedValue(mockUpdatedProfile);

        // Create a dummy file path for supertest to attach
        const dummyImagePath = 'test-avatar.png';
@@ -1087,17 +1087,17 @@ describe('User Routes (/api/users)', () => {
          .attach('avatar', Buffer.from('dummy-image-content'), dummyImagePath);

        expect(response.status).toBe(200);
-        expect(response.body.avatar_url).toContain('/uploads/avatars/');
-        expect(db.userRepo.updateUserProfile).toHaveBeenCalledWith(
+        expect(response.body.avatar_url).toContain('/uploads/avatars/'); // This was a duplicate, fixed.
+        expect(userService.updateUserAvatar).toHaveBeenCalledWith(
          mockUserProfile.user.user_id,
-          { avatar_url: expect.any(String) },
+          expect.any(Object),
          expectLogger,
        );
      });

      it('should return 500 if updating the profile fails after upload', async () => {
        const dbError = new Error('DB Connection Failed');
-        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
        const dummyImagePath = 'test-avatar.png';
        const response = await supertest(app)
          .post('/api/users/profile/avatar')
@@ -1141,7 +1141,7 @@ describe('User Routes (/api/users)', () => {
        const unlinkSpy = vi.spyOn(fs, 'unlink').mockResolvedValue(undefined);

        const dbError = new Error('DB Connection Failed');
-        vi.mocked(db.userRepo.updateUserProfile).mockRejectedValue(dbError);
+        vi.mocked(userService.updateUserAvatar).mockRejectedValue(dbError);
        const dummyImagePath = 'test-avatar.png';

        const response = await supertest(app)
--- a/src/routes/user.routes.ts
+++ b/src/routes/user.routes.ts
@@ -2,8 +2,6 @@
 import express, { Request, Response, NextFunction } from 'express';
 import passport from './passport.routes';
 import multer from 'multer'; // Keep for MulterError type check
-import fs from 'node:fs/promises';
-import * as bcrypt from 'bcrypt'; // This was a duplicate, fixed.
 import { z } from 'zod';
 import { logger } from '../services/logger.server';
 import { UserProfile } from '../types';
@@ -22,25 +20,19 @@ import {
  optionalBoolean,
 } from '../utils/zodUtils';
 import * as db from '../services/db/index.db';
-
-/**
- * Safely deletes a file from the filesystem, ignoring errors if the file doesn't exist.
- * @param file The multer file object to delete.
- */
-const cleanupUploadedFile = async (file?: Express.Multer.File) => {
-  if (!file) return;
-  try {
-    await fs.unlink(file.path);
-  } catch (err) {
-    logger.warn({ err, filePath: file.path }, 'Failed to clean up uploaded avatar file.');
-  }
-};
+import { cleanupUploadedFile } from '../utils/fileUtils';

 const router = express.Router();

 const updateProfileSchema = z.object({
  body: z
-    .object({ full_name: z.string().optional(), avatar_url: z.string().url().optional() })
+    .object({
+      full_name: z.string().optional(),
+      avatar_url: z.preprocess(
+        (val) => (val === '' ? undefined : val),
+        z.string().trim().url().optional(),
+      ),
+    })
    .refine((data) => Object.keys(data).length > 0, {
      message: 'At least one field to update must be provided.',
    }),
@@ -50,6 +42,7 @@ const updatePasswordSchema = z.object({
  body: z.object({
    newPassword: z
      .string()
+      .trim() // Trim whitespace from password input.
      .min(8, 'Password must be at least 8 characters long.')
      .superRefine((password, ctx) => {
        const strength = validatePasswordStrength(password);
@@ -58,6 +51,9 @@ const updatePasswordSchema = z.object({
  }),
 });

+// The `requiredString` utility (modified in `zodUtils.ts`) now handles trimming,
+// so no changes are needed here, but we are confirming that password trimming
+// is now implicitly handled for this schema.
 const deleteAccountSchema = z.object({
  body: z.object({ password: requiredString("Field 'password' is required.") }),
 });
@@ -103,14 +99,10 @@ router.post(
  async (req: Request, res: Response, next: NextFunction) => {
    // The try-catch block was already correct here.
    try {
+      // The `requireFileUpload` middleware is not used here, so we must check for `req.file`.
      if (!req.file) return res.status(400).json({ message: 'No avatar file uploaded.' });
      const userProfile = req.user as UserProfile;
-      const avatarUrl = `/uploads/avatars/${req.file.filename}`;
-      const updatedProfile = await db.userRepo.updateUserProfile(
-        userProfile.user.user_id,
-        { avatar_url: avatarUrl },
-        req.log,
-      );
+      const updatedProfile = await userService.updateUserAvatar(userProfile.user.user_id, req.file, req.log);
      res.json(updatedProfile);
    } catch (error) {
      // If an error occurs after the file has been uploaded (e.g., DB error),
@@ -257,9 +249,7 @@ router.put(
    const { body } = req as unknown as UpdatePasswordRequest;

    try {
-      const saltRounds = 10;
-      const hashedPassword = await bcrypt.hash(body.newPassword, saltRounds);
-      await db.userRepo.updateUserPassword(userProfile.user.user_id, hashedPassword, req.log);
+      await userService.updateUserPassword(userProfile.user.user_id, body.newPassword, req.log);
      res.status(200).json({ message: 'Password updated successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] PUT /api/users/profile/password - ERROR`);
@@ -282,20 +272,7 @@ router.delete(
    const { body } = req as unknown as DeleteAccountRequest;

    try {
-      const userWithHash = await db.userRepo.findUserWithPasswordHashById(
-        userProfile.user.user_id,
-        req.log,
-      );
-      if (!userWithHash || !userWithHash.password_hash) {
-        return res.status(404).json({ message: 'User not found or password not set.' });
-      }
-
-      const isMatch = await bcrypt.compare(body.password, userWithHash.password_hash);
-      if (!isMatch) {
-        return res.status(403).json({ message: 'Incorrect password.' });
-      }
-
-      await db.userRepo.deleteUserById(userProfile.user.user_id, req.log);
+      await userService.deleteUserAccount(userProfile.user.user_id, body.password, req.log);
      res.status(200).json({ message: 'Account deleted successfully.' });
    } catch (error) {
      logger.error({ error }, `[ROUTE] DELETE /api/users/account - ERROR`);
@@ -485,7 +462,11 @@ const addShoppingListItemSchema = shoppingListIdSchema.extend({
  body: z
    .object({
      masterItemId: z.number().int().positive().optional(),
-      customItemName: z.string().min(1, 'customItemName cannot be empty if provided').optional(),
+      customItemName: z
+        .string()
+        .trim()
+        .min(1, 'customItemName cannot be empty if provided')
+        .optional(),
    })
    .refine((data) => data.masterItemId || data.customItemName, {
      message: 'Either masterItemId or customItemName must be provided.',
@@ -497,10 +478,16 @@ router.post(
  validateRequest(addShoppingListItemSchema),
  async (req, res, next: NextFunction) => {
    logger.debug(`[ROUTE] POST /api/users/shopping-lists/:listId/items - ENTER`);
+    const userProfile = req.user as UserProfile;
    // Apply ADR-003 pattern for type safety
    const { params, body } = req as unknown as AddShoppingListItemRequest;
    try {
-      const newItem = await db.shoppingRepo.addShoppingListItem(params.listId, body, req.log);
+      const newItem = await db.shoppingRepo.addShoppingListItem(
+        params.listId,
+        userProfile.user.user_id,
+        body,
+        req.log,
+      );
      res.status(201).json(newItem);
    } catch (error) {
      if (error instanceof ForeignKeyConstraintError) {
@@ -531,11 +518,13 @@ router.put(
  validateRequest(updateShoppingListItemSchema),
  async (req, res, next: NextFunction) => {
    logger.debug(`[ROUTE] PUT /api/users/shopping-lists/items/:itemId - ENTER`);
+    const userProfile = req.user as UserProfile;
    // Apply ADR-003 pattern for type safety
    const { params, body } = req as unknown as UpdateShoppingListItemRequest;
    try {
      const updatedItem = await db.shoppingRepo.updateShoppingListItem(
        params.itemId,
+        userProfile.user.user_id,
        body,
        req.log,
      );
@@ -560,10 +549,11 @@ router.delete(
  validateRequest(shoppingListItemIdSchema),
  async (req, res, next: NextFunction) => {
    logger.debug(`[ROUTE] DELETE /api/users/shopping-lists/items/:itemId - ENTER`);
+    const userProfile = req.user as UserProfile;
    // Apply ADR-003 pattern for type safety
    const { params } = req as unknown as DeleteShoppingListItemRequest;
    try {
-      await db.shoppingRepo.removeShoppingListItem(params.itemId, req.log);
+      await db.shoppingRepo.removeShoppingListItem(params.itemId, userProfile.user.user_id, req.log);
      res.status(204).send();
    } catch (error: unknown) {
      logger.error(
@@ -711,13 +701,7 @@ router.get(
    const { params } = req as unknown as GetAddressRequest;
    try {
      const addressId = params.addressId;
-      // Security check: Ensure the requested addressId matches the one on the user's profile.
-      if (userProfile.address_id !== addressId) {
-        return res
-          .status(403)
-          .json({ message: 'Forbidden: You can only access your own address.' });
-      }
-      const address = await db.addressRepo.getAddressById(addressId, req.log); // This will throw NotFoundError if not found
+      const address = await userService.getUserAddress(userProfile, addressId, req.log);
      res.json(address);
    } catch (error) {
      logger.error({ error }, 'Error fetching user address');
@@ -732,12 +716,12 @@ router.get(
 const updateUserAddressSchema = z.object({
  body: z
    .object({
-      address_line_1: z.string().optional(),
-      address_line_2: z.string().optional(),
-      city: z.string().optional(),
-      province_state: z.string().optional(),
-      postal_code: z.string().optional(),
-      country: z.string().optional(),
+      address_line_1: z.string().trim().optional(),
+      address_line_2: z.string().trim().optional(),
+      city: z.string().trim().optional(),
+      province_state: z.string().trim().optional(),
+      postal_code: z.string().trim().optional(),
+      country: z.string().trim().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, {
      message: 'At least one address field must be provided.',
@@ -797,13 +781,13 @@ router.delete(
 const updateRecipeSchema = recipeIdSchema.extend({
  body: z
    .object({
-      name: z.string().optional(),
-      description: z.string().optional(),
-      instructions: z.string().optional(),
+      name: z.string().trim().optional(),
+      description: z.string().trim().optional(),
+      instructions: z.string().trim().optional(),
      prep_time_minutes: z.number().int().optional(),
      cook_time_minutes: z.number().int().optional(),
      servings: z.number().int().optional(),
-      photo_url: z.string().url().optional(),
+      photo_url: z.string().trim().url().optional(),
    })
    .refine((data) => Object.keys(data).length > 0, { message: 'No fields provided to update.' }),
 });
--- a/Show More
+++ b/Show More