ci: Bump version to 0.7.20 [skip ci]

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "flyer-crawler",
-  "version": "0.7.6",
+  "version": "0.7.20",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "flyer-crawler",
-      "version": "0.7.6",
+      "version": "0.7.20",
       "dependencies": {
         "@bull-board/api": "^6.14.2",
         "@bull-board/express": "^6.14.2",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "flyer-crawler",
   "private": true,
-  "version": "0.7.6",
+  "version": "0.7.20",
   "type": "module",
   "scripts": {
     "dev": "concurrently \"npm:start:dev\" \"vite\"",

sql/master_schema_rollup.sql

@@ -1248,7 +1248,8 @@ INSERT INTO public.achievements (name, description, icon, points_value) VALUES
 ('List Sharer', 'Share a shopping list with another user for the first time.', 'list', 20),
 ('First Favorite', 'Mark a recipe as one of your favorites.', 'heart', 5),
 ('First Fork', 'Make a personal copy of a public recipe.', 'git-fork', 10),
-('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15)
+('First Budget Created', 'Create your first budget to track spending.', 'piggy-bank', 15),
+('First-Upload', 'Upload your first flyer.', 'upload-cloud', 25)
 ON CONFLICT (name) DO NOTHING;
 
 -- ============================================================================
@@ -2557,16 +2558,21 @@ DROP FUNCTION IF EXISTS public.log_new_flyer();
 CREATE OR REPLACE FUNCTION public.log_new_flyer()
 RETURNS TRIGGER AS $$
 BEGIN
-    INSERT INTO public.activity_log (action, display_text, icon, details)
+    -- If the flyer was uploaded by a registered user, award the 'First-Upload' achievement.
+    -- The award_achievement function handles checking if the user already has it.
+    IF NEW.uploaded_by IS NOT NULL THEN
+        PERFORM public.award_achievement(NEW.uploaded_by, 'First-Upload');
+    END IF;
+
+    INSERT INTO public.activity_log (user_id, action, display_text, icon, details)
     VALUES (
+        NEW.uploaded_by, -- Log the user who uploaded it
         'flyer_uploaded',
         'A new flyer for ' || (SELECT name FROM public.stores WHERE store_id = NEW.store_id) || ' has been uploaded.',
         'file-text',
         jsonb_build_object(
             'flyer_id', NEW.flyer_id,
-            'store_name', (SELECT name FROM public.stores WHERE store_id = NEW.store_id),
-            'valid_from', to_char(NEW.valid_from, 'YYYY-MM-DD'),
-            'valid_to', to_char(NEW.valid_to, 'YYYY-MM-DD')
+            'store_name', (SELECT name FROM public.stores WHERE store_id = NEW.store_id)
         )
     );
     RETURN NEW;

src/db/seed.ts

@@ -111,7 +111,7 @@ async function main() {
 
     const flyerQuery = `
         INSERT INTO public.flyers (file_name, image_url, checksum, store_id, valid_from, valid_to)
-        VALUES ('safeway-flyer.jpg', '/sample-assets/safeway-flyer.jpg', 'sample-checksum-123', ${storeMap.get('Safeway')}, $1, $2)
+        VALUES ('safeway-flyer.jpg', 'https://example.com/flyer-images/safeway-flyer.jpg', 'a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0a0', ${storeMap.get('Safeway')}, $1, $2)
         RETURNING flyer_id;
     `;
     const flyerRes = await client.query<{ flyer_id: number }>(flyerQuery, [

src/routes/user.routes.test.ts

@@ -482,6 +482,12 @@ describe('User Routes (/api/users)', () => {
 
         expect(response.status).toBe(201);
         expect(response.body).toEqual(mockAddedItem);
+        expect(db.shoppingRepo.addShoppingListItem).toHaveBeenCalledWith(
+          listId,
+          mockUserProfile.user.user_id,
+          itemData,
+          expectLogger,
+        );
       });
 
       it('should return 400 on foreign key error when adding an item', async () => {
@@ -519,6 +525,12 @@ describe('User Routes (/api/users)', () => {
 
         expect(response.status).toBe(200);
         expect(response.body).toEqual(mockUpdatedItem);
+        expect(db.shoppingRepo.updateShoppingListItem).toHaveBeenCalledWith(
+          itemId,
+          mockUserProfile.user.user_id,
+          updates,
+          expectLogger,
+        );
       });
 
       it('should return 404 if item to update is not found', async () => {
@@ -554,6 +566,11 @@ describe('User Routes (/api/users)', () => {
           vi.mocked(db.shoppingRepo.removeShoppingListItem).mockResolvedValue(undefined);
           const response = await supertest(app).delete('/api/users/shopping-lists/items/101');
           expect(response.status).toBe(204);
+          expect(db.shoppingRepo.removeShoppingListItem).toHaveBeenCalledWith(
+            101,
+            mockUserProfile.user.user_id,
+            expectLogger,
+          );
         });
 
         it('should return 404 if item to delete is not found', async () => {

src/routes/user.routes.ts

@@ -478,10 +478,16 @@ router.post(
   validateRequest(addShoppingListItemSchema),
   async (req, res, next: NextFunction) => {
     logger.debug(`[ROUTE] POST /api/users/shopping-lists/:listId/items - ENTER`);
+    const userProfile = req.user as UserProfile;
     // Apply ADR-003 pattern for type safety
     const { params, body } = req as unknown as AddShoppingListItemRequest;
     try {
-      const newItem = await db.shoppingRepo.addShoppingListItem(params.listId, body, req.log);
+      const newItem = await db.shoppingRepo.addShoppingListItem(
+        params.listId,
+        userProfile.user.user_id,
+        body,
+        req.log,
+      );
       res.status(201).json(newItem);
     } catch (error) {
       if (error instanceof ForeignKeyConstraintError) {
@@ -512,11 +518,13 @@ router.put(
   validateRequest(updateShoppingListItemSchema),
   async (req, res, next: NextFunction) => {
     logger.debug(`[ROUTE] PUT /api/users/shopping-lists/items/:itemId - ENTER`);
+    const userProfile = req.user as UserProfile;
     // Apply ADR-003 pattern for type safety
     const { params, body } = req as unknown as UpdateShoppingListItemRequest;
     try {
       const updatedItem = await db.shoppingRepo.updateShoppingListItem(
         params.itemId,
+        userProfile.user.user_id,
         body,
         req.log,
       );
@@ -541,10 +549,11 @@ router.delete(
   validateRequest(shoppingListItemIdSchema),
   async (req, res, next: NextFunction) => {
     logger.debug(`[ROUTE] DELETE /api/users/shopping-lists/items/:itemId - ENTER`);
+    const userProfile = req.user as UserProfile;
     // Apply ADR-003 pattern for type safety
     const { params } = req as unknown as DeleteShoppingListItemRequest;
     try {
-      await db.shoppingRepo.removeShoppingListItem(params.itemId, req.log);
+      await db.shoppingRepo.removeShoppingListItem(params.itemId, userProfile.user.user_id, req.log);
       res.status(204).send();
     } catch (error: unknown) {
       logger.error(

src/services/apiClient.test.ts

@@ -933,7 +933,7 @@ describe('API Client', () => {
 
     it('logSearchQuery should send a POST request with query data', async () => {
       const queryData = createMockSearchQueryPayload({ query_text: 'apples', result_count: 10, was_successful: true });
-      await apiClient.logSearchQuery(queryData);
+      await apiClient.logSearchQuery(queryData as any);
       expect(capturedUrl?.pathname).toBe('/api/search/log');
       expect(capturedBody).toEqual(queryData);
     });
@@ -960,7 +960,7 @@ describe('API Client', () => {
         result_count: 0,
         was_successful: false,
       });
-      await apiClient.logSearchQuery(queryData);
+      await apiClient.logSearchQuery(queryData as any);
       expect(logger.warn).toHaveBeenCalledWith('Failed to log search query', { error: apiError });
     });
   });

src/services/db/admin.db.test.ts

@@ -203,7 +203,11 @@ describe('Admin DB Service', () => {
         .mockRejectedValueOnce(new Error('DB Read Error'));
 
       // The Promise.all should reject, and the function should re-throw the error
-      await expect(adminRepo.getApplicationStats(mockLogger)).rejects.toThrow('DB Read Error');
+      // The handleDbError function wraps the original error in a new one with a default message,
+      // so we should test for that specific message.
+      await expect(adminRepo.getApplicationStats(mockLogger)).rejects.toThrow(
+        'Failed to retrieve application statistics.',
+      );
       expect(mockLogger.error).toHaveBeenCalledWith(
         { err: expect.any(Error) },
         'Database error in getApplicationStats',
@@ -277,7 +281,7 @@ describe('Admin DB Service', () => {
         'Failed to get most frequent sale items.',
       );
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError },
+        { err: dbError, days: 30, limit: 10 },
         'Database error in getMostFrequentSaleItems',
       );
     });
@@ -688,7 +692,9 @@ describe('Admin DB Service', () => {
     it('should re-throw a generic error if the database query fails for other reasons', async () => {
       const dbError = new Error('DB Error');
       mockDb.query.mockRejectedValue(dbError);
-      await expect(adminRepo.updateUserRole('1', 'admin', mockLogger)).rejects.toThrow('DB Error');
+      await expect(adminRepo.updateUserRole('1', 'admin', mockLogger)).rejects.toThrow(
+        'Failed to update user role.',
+      );
       expect(mockLogger.error).toHaveBeenCalledWith(
         { err: dbError, userId: '1', role: 'admin' },
         'Database error in updateUserRole',

src/services/db/admin.db.ts

@@ -41,6 +41,7 @@ export class AdminRepository {
         sc.correction_type,
         sc.suggested_value,
         sc.status,
+        sc.updated_at,
         sc.created_at,
         fi.item as flyer_item_name,
         fi.price_display as flyer_item_price_display,
@@ -308,6 +309,7 @@ export class AdminRepository {
       SELECT
         ufi.unmatched_flyer_item_id,
         ufi.status,
+        ufi.updated_at,
         ufi.created_at,
         fi.flyer_item_id as flyer_item_id,
         fi.item as flyer_item_name,

src/services/db/budget.db.test.ts

@@ -249,6 +249,17 @@ describe('Budget DB Service', () => {
       expect(result).toEqual(mockUpdatedBudget);
     });
 
+    it('should prevent a user from updating a budget they do not own', async () => {
+      // Arrange: Mock the query to return 0 rows affected
+      mockDb.query.mockResolvedValue({ rows: [], rowCount: 0 });
+
+      // Act & Assert: Attempt to update with a different user ID should throw an error.
+      await expect(
+        budgetRepo.updateBudget(1, 'another-user', { name: 'Updated Groceries' }, mockLogger),
+      ).rejects.toThrow('Budget not found or user does not have permission to update.');
+    });
+
+
     it('should throw an error if no rows are updated', async () => {
       // Arrange: Mock the query to return 0 rows affected
       mockDb.query.mockResolvedValue({ rows: [], rowCount: 0 });

src/services/db/conversion.db.test.ts

@@ -0,0 +1,160 @@
+// src/services/db/conversion.db.test.ts
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { mockPoolInstance } from '../../tests/setup/tests-setup-unit';
+import { getPool } from './connection.db';
+import { conversionRepo } from './conversion.db';
+import { NotFoundError } from './errors.db';
+import type { UnitConversion } from '../../types';
+
+// Un-mock the module we are testing
+vi.unmock('./conversion.db');
+
+// Mock dependencies
+vi.mock('./connection.db', () => ({
+  getPool: vi.fn(),
+}));
+
+vi.mock('../logger.server', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+}));
+
+import { logger as mockLogger } from '../logger.server';
+
+describe('Conversion DB Service', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Make getPool return our mock instance for each test
+    vi.mocked(getPool).mockReturnValue(mockPoolInstance as any);
+  });
+
+  describe('getConversions', () => {
+    it('should return all conversions if no filters are provided', async () => {
+      const mockConversions: UnitConversion[] = [
+        {
+          unit_conversion_id: 1,
+          master_item_id: 1,
+          from_unit: 'g',
+          to_unit: 'kg',
+          factor: 0.001,
+          created_at: new Date().toISOString(),
+          updated_at: new Date().toISOString(),
+        },
+      ];
+      mockPoolInstance.query.mockResolvedValue({ rows: mockConversions });
+
+      const result = await conversionRepo.getConversions({}, mockLogger);
+
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+        expect.stringContaining('SELECT * FROM public.unit_conversions'),
+        expect.any(Array),
+      );
+      // Check that WHERE clause is not present for master_item_id
+      expect(mockPoolInstance.query.mock.calls[0][0]).not.toContain('WHERE master_item_id');
+      expect(result).toEqual(mockConversions);
+    });
+
+    it('should filter by masterItemId', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rows: [] });
+
+      await conversionRepo.getConversions({ masterItemId: 123 }, mockLogger);
+
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+        expect.stringContaining('WHERE master_item_id = $1'),
+        [123],
+      );
+    });
+
+    it('should throw an error if the database query fails', async () => {
+      const dbError = new Error('DB Error');
+      mockPoolInstance.query.mockRejectedValue(dbError);
+
+      await expect(conversionRepo.getConversions({}, mockLogger)).rejects.toThrow(
+        'Failed to retrieve unit conversions.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, filters: {} },
+        'Database error in getConversions',
+      );
+    });
+  });
+
+  describe('createConversion', () => {
+    const newConversion = {
+      master_item_id: 1,
+      from_unit: 'cup',
+      to_unit: 'ml',
+      factor: 236.588,
+    };
+
+    it('should insert a new conversion and return it', async () => {
+      const mockCreatedConversion: UnitConversion = {
+        unit_conversion_id: 1,
+        ...newConversion,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+      };
+      mockPoolInstance.query.mockResolvedValue({ rows: [mockCreatedConversion] });
+
+      const result = await conversionRepo.createConversion(newConversion, mockLogger);
+
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+        expect.stringContaining('INSERT INTO public.unit_conversions'),
+        [1, 'cup', 'ml', 236.588],
+      );
+      expect(result).toEqual(mockCreatedConversion);
+    });
+
+    it('should throw an error if the database query fails', async () => {
+      const dbError = new Error('DB Error');
+      mockPoolInstance.query.mockRejectedValue(dbError);
+
+      await expect(conversionRepo.createConversion(newConversion, mockLogger)).rejects.toThrow(
+        'Failed to create unit conversion.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, conversionData: newConversion },
+        'Database error in createConversion',
+      );
+    });
+  });
+
+  describe('deleteConversion', () => {
+    it('should delete a conversion if found', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rowCount: 1 });
+
+      await conversionRepo.deleteConversion(1, mockLogger);
+
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+        'DELETE FROM public.unit_conversions WHERE unit_conversion_id = $1',
+        [1],
+      );
+    });
+
+    it('should throw NotFoundError if conversion is not found', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rowCount: 0 });
+
+      await expect(conversionRepo.deleteConversion(999, mockLogger)).rejects.toThrow(NotFoundError);
+      await expect(conversionRepo.deleteConversion(999, mockLogger)).rejects.toThrow(
+        'Unit conversion with ID 999 not found.',
+      );
+    });
+
+    it('should throw an error if the database query fails', async () => {
+      const dbError = new Error('DB Error');
+      mockPoolInstance.query.mockRejectedValue(dbError);
+
+      await expect(conversionRepo.deleteConversion(1, mockLogger)).rejects.toThrow(
+        'Failed to delete unit conversion.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, conversionId: 1 },
+        'Database error in deleteConversion',
+      );
+    });
+  });
+});

src/services/db/deals.db.test.ts

@@ -82,15 +82,15 @@ describe('Deals DB Service', () => {
       expect(result).toEqual([]);
     });
 
-    it('should re-throw the error if the database query fails', async () => {
+    it('should throw a generic error if the database query fails', async () => {
       const dbError = new Error('DB Connection Error');
       mockDb.query.mockRejectedValue(dbError);
 
       await expect(dealsRepo.findBestPricesForWatchedItems('user-1', mockLogger)).rejects.toThrow(
-        dbError,
+        'Failed to find best prices for watched items.',
       );
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError },
+        { err: dbError, userId: 'user-1' },
         'Database error in findBestPricesForWatchedItems',
       );
     });

src/services/db/flyer.db.test.ts

@@ -274,7 +274,7 @@ describe('Flyer DB Service', () => {
         ForeignKeyConstraintError,
       );
       await expect(flyerRepo.insertFlyerItems(999, itemsData, mockLogger)).rejects.toThrow(
-        'The specified flyer does not exist.',
+        'The specified flyer, category, master item, or product does not exist.',
       );
       expect(mockLogger.error).toHaveBeenCalledWith(
         { err: dbError, flyerId: 999 },
@@ -285,10 +285,10 @@ describe('Flyer DB Service', () => {
     it('should throw a generic error if the database query fails', async () => {
       const dbError = new Error('DB Connection Error');
       mockPoolInstance.query.mockRejectedValue(dbError);
-      // The implementation now re-throws the original error, so we should expect that.
+      // The implementation wraps the error using handleDbError
       await expect(
         flyerRepo.insertFlyerItems(1, [{ item: 'Test' } as FlyerItemInsert], mockLogger),
-      ).rejects.toThrow(dbError);
+      ).rejects.toThrow('An unknown error occurred while inserting flyer items.');
       expect(mockLogger.error).toHaveBeenCalledWith(
         { err: dbError, flyerId: 1 },
         'Database error in insertFlyerItems',
@@ -691,11 +691,7 @@ describe('Flyer DB Service', () => {
       );
 
       await expect(flyerRepo.deleteFlyer(999, mockLogger)).rejects.toThrow(
-        'Failed to delete flyer.',
-      );
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: expect.any(NotFoundError), flyerId: 999 },
-        'Database transaction error in deleteFlyer',
+        'Flyer with ID 999 not found.',
       );
     });
 

src/services/db/flyer.db.ts

@@ -97,16 +97,23 @@ export class FlyerRepository {
         flyerData.store_address, // $8
         flyerData.status, // $9
         flyerData.item_count, // $10
-        flyerData.uploaded_by, // $11
+        flyerData.uploaded_by ?? null, // $11
       ];
 
       const result = await this.db.query<Flyer>(query, values);
       return result.rows[0];
     } catch (error) {
+      const isChecksumError =
+        error instanceof Error && error.message.includes('flyers_checksum_check');
+
       handleDbError(error, logger, 'Database error in insertFlyer', { flyerData }, {
         uniqueMessage: 'A flyer with this checksum already exists.',
         fkMessage: 'The specified user or store for this flyer does not exist.',
-        checkMessage: 'Invalid status provided for flyer.',
+        // Provide a more specific message for the checksum constraint violation,
+        // which is a common issue during seeding or testing with placeholder data.
+        checkMessage: isChecksumError
+          ? 'The provided checksum is invalid or does not meet format requirements (e.g., must be a 64-character SHA-256 hash).'
+          : 'Invalid status provided for flyer.',
         defaultMessage: 'Failed to insert flyer into database.',
       });
     }
@@ -173,7 +180,7 @@ export class FlyerRepository {
   async getAllBrands(logger: Logger): Promise<Brand[]> {
     try {
       const query = `
-        SELECT s.store_id as brand_id, s.name, s.logo_url
+        SELECT s.store_id as brand_id, s.name, s.logo_url, s.created_at, s.updated_at
         FROM public.stores s
         ORDER BY s.name;
       `;

src/services/db/gamification.db.ts

@@ -50,7 +50,8 @@ export class GamificationRepository {
           a.name,
           a.description,
           a.icon,
-          a.points_value
+          a.points_value,
+          a.created_at
         FROM public.user_achievements ua
         JOIN public.achievements a ON ua.achievement_id = a.achievement_id
         WHERE ua.user_id = $1

src/services/db/notification.db.test.ts

@@ -195,7 +195,7 @@ describe('Notification DB Service', () => {
         notificationRepo.createBulkNotifications(notificationsToCreate, mockLogger),
       ).rejects.toThrow(ForeignKeyConstraintError);
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError },
+        { err: dbError, notifications: notificationsToCreate },
         'Database error in createBulkNotifications',
       );
     });
@@ -208,7 +208,7 @@ describe('Notification DB Service', () => {
         notificationRepo.createBulkNotifications(notificationsToCreate, mockLogger),
       ).rejects.toThrow('Failed to create bulk notifications.');
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError },
+        { err: dbError, notifications: notificationsToCreate },
         'Database error in createBulkNotifications',
       );
     });
@@ -264,6 +264,16 @@ describe('Notification DB Service', () => {
     });
   });
 
+  describe('markNotificationAsRead - Ownership Check', () => {
+    it('should not mark a notification as read if the user does not own it', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rowCount: 0 });
+
+      await expect(notificationRepo.markNotificationAsRead(1, 'wrong-user', mockLogger)).rejects.toThrow(
+        'Notification not found or user does not have permission.',
+      );
+    });
+  });
+
   describe('markAllNotificationsAsRead', () => {
     it('should execute an UPDATE query to mark all notifications as read for a user', async () => {
       mockPoolInstance.query.mockResolvedValue({ rowCount: 3 });

src/services/db/personalization.db.test.ts

@@ -5,7 +5,7 @@ import type { Pool, PoolClient } from 'pg';
 import { withTransaction } from './connection.db';
 import { PersonalizationRepository } from './personalization.db';
 import type { MasterGroceryItem, UserAppliance, DietaryRestriction, Appliance } from '../../types';
-import { createMockMasterGroceryItem } from '../../tests/utils/mockFactories';
+import { createMockMasterGroceryItem, createMockUserAppliance } from '../../tests/utils/mockFactories';
 
 // Un-mock the module we are testing to ensure we use the real implementation.
 vi.unmock('./personalization.db');
@@ -46,9 +46,6 @@ describe('Personalization DB Service', () => {
 
   describe('getAllMasterItems', () => {
     it('should execute the correct query and return master items', async () => {
-      console.log(
-        '[TEST DEBUG] Running test: getAllMasterItems > should execute the correct query',
-      );
       const mockItems: MasterGroceryItem[] = [
         createMockMasterGroceryItem({ master_grocery_item_id: 1, name: 'Apples' }),
       ];
@@ -64,8 +61,6 @@ describe('Personalization DB Service', () => {
         LEFT JOIN public.categories c ON mgi.category_id = c.category_id
         ORDER BY mgi.name ASC`;
 
-      console.log('[TEST DEBUG] mockQuery calls:', JSON.stringify(mockQuery.mock.calls, null, 2));
-
       // The query string in the implementation has a lot of whitespace from the template literal.
       // This updated expectation matches the new query exactly.
       expect(mockQuery).toHaveBeenCalledWith(expectedQuery);
@@ -649,8 +644,8 @@ describe('Personalization DB Service', () => {
   describe('setUserAppliances', () => {
     it('should execute a transaction to set appliances', async () => {
       const mockNewAppliances: UserAppliance[] = [
-        { user_id: 'user-123', appliance_id: 1 },
-        { user_id: 'user-123', appliance_id: 2 },
+        createMockUserAppliance({ user_id: 'user-123', appliance_id: 1 }),
+        createMockUserAppliance({ user_id: 'user-123', appliance_id: 2 }),
       ];
       const mockClientQuery = vi.fn();
       vi.mocked(withTransaction).mockImplementation(async (callback) => {

src/services/db/reaction.db.test.ts

@@ -0,0 +1,225 @@
+// src/services/db/reaction.db.test.ts
+import { describe, it, expect, vi, beforeEach, Mock } from 'vitest';
+import type { Pool, PoolClient } from 'pg';
+import { ReactionRepository } from './reaction.db';
+import { mockPoolInstance } from '../../tests/setup/tests-setup-unit';
+import { withTransaction } from './connection.db';
+import { ForeignKeyConstraintError } from './errors.db';
+import type { UserReaction } from '../../types';
+
+// Un-mock the module we are testing
+vi.unmock('./reaction.db');
+
+// Mock dependencies
+vi.mock('../logger.server', () => ({
+  logger: {
+    info: vi.fn(),
+    warn: vi.fn(),
+    error: vi.fn(),
+    debug: vi.fn(),
+  },
+}));
+import { logger as mockLogger } from '../logger.server';
+
+vi.mock('./connection.db', async (importOriginal) => {
+  const actual = await importOriginal<typeof import('./connection.db')>();
+  return { ...actual, withTransaction: vi.fn() };
+});
+
+describe('Reaction DB Service', () => {
+  let reactionRepo: ReactionRepository;
+  const mockDb = {
+    query: vi.fn(),
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    reactionRepo = new ReactionRepository(mockDb);
+  });
+
+  describe('getReactions', () => {
+    it('should build a query with no filters', async () => {
+      mockDb.query.mockResolvedValue({ rows: [] });
+      await reactionRepo.getReactions({}, mockLogger);
+      expect(mockDb.query).toHaveBeenCalledWith(
+        'SELECT * FROM public.user_reactions WHERE 1=1 ORDER BY created_at DESC',
+        [],
+      );
+    });
+
+    it('should build a query with a userId filter', async () => {
+      mockDb.query.mockResolvedValue({ rows: [] });
+      await reactionRepo.getReactions({ userId: 'user-1' }, mockLogger);
+      expect(mockDb.query).toHaveBeenCalledWith(
+        'SELECT * FROM public.user_reactions WHERE 1=1 AND user_id = $1 ORDER BY created_at DESC',
+        ['user-1'],
+      );
+    });
+
+    it('should build a query with all filters', async () => {
+      mockDb.query.mockResolvedValue({ rows: [] });
+      await reactionRepo.getReactions(
+        { userId: 'user-1', entityType: 'recipe', entityId: '123' },
+        mockLogger,
+      );
+      expect(mockDb.query).toHaveBeenCalledWith(
+        'SELECT * FROM public.user_reactions WHERE 1=1 AND user_id = $1 AND entity_type = $2 AND entity_id = $3 ORDER BY created_at DESC',
+        ['user-1', 'recipe', '123'],
+      );
+    });
+
+    it('should return an array of reactions on success', async () => {
+      const mockReactions: UserReaction[] = [
+        {
+          reaction_id: 1,
+          user_id: 'user-1',
+          entity_type: 'recipe',
+          entity_id: '123',
+          reaction_type: 'like',
+          created_at: new Date().toISOString(),
+          updated_at: new Date().toISOString(),
+        },
+      ];
+      mockDb.query.mockResolvedValue({ rows: mockReactions });
+      const result = await reactionRepo.getReactions({}, mockLogger);
+      expect(result).toEqual(mockReactions);
+    });
+
+    it('should throw an error if the database query fails', async () => {
+      const dbError = new Error('DB Error');
+      mockDb.query.mockRejectedValue(dbError);
+      await expect(reactionRepo.getReactions({}, mockLogger)).rejects.toThrow(
+        'Failed to retrieve user reactions.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, filters: {} },
+        'Database error in getReactions',
+      );
+    });
+  });
+
+  describe('toggleReaction', () => {
+    const reactionData = {
+      user_id: 'user-1',
+      entity_type: 'recipe',
+      entity_id: '123',
+      reaction_type: 'like',
+    };
+
+    it('should remove an existing reaction and return null', async () => {
+      const mockClient = { query: vi.fn() };
+      // Mock DELETE returning 1 row, indicating a reaction was deleted
+      (mockClient.query as Mock).mockResolvedValueOnce({ rowCount: 1 });
+
+      vi.mocked(withTransaction).mockImplementation(async (callback) => {
+        return callback(mockClient as unknown as PoolClient);
+      });
+
+      const result = await reactionRepo.toggleReaction(reactionData, mockLogger);
+
+      expect(result).toBeNull();
+      expect(mockClient.query).toHaveBeenCalledWith(
+        'DELETE FROM public.user_reactions WHERE user_id = $1 AND entity_type = $2 AND entity_id = $3 AND reaction_type = $4',
+        ['user-1', 'recipe', '123', 'like'],
+      );
+      // Ensure INSERT was not called
+      expect(mockClient.query).toHaveBeenCalledTimes(1);
+    });
+
+    it('should add a new reaction and return it if it does not exist', async () => {
+      const mockClient = { query: vi.fn() };
+      const mockCreatedReaction: UserReaction = {
+        reaction_id: 1,
+        ...reactionData,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+      };
+
+      // Mock DELETE returning 0 rows, then mock INSERT returning the new reaction
+      (mockClient.query as Mock)
+        .mockResolvedValueOnce({ rowCount: 0 }) // DELETE
+        .mockResolvedValueOnce({ rows: [mockCreatedReaction] }); // INSERT
+
+      vi.mocked(withTransaction).mockImplementation(async (callback) => {
+        return callback(mockClient as unknown as PoolClient);
+      });
+
+      const result = await reactionRepo.toggleReaction(reactionData, mockLogger);
+
+      expect(result).toEqual(mockCreatedReaction);
+      expect(mockClient.query).toHaveBeenCalledTimes(2);
+      expect(mockClient.query).toHaveBeenCalledWith(
+        'INSERT INTO public.user_reactions (user_id, entity_type, entity_id, reaction_type) VALUES ($1, $2, $3, $4) RETURNING *',
+        ['user-1', 'recipe', '123', 'like'],
+      );
+    });
+
+    it('should throw ForeignKeyConstraintError if user or entity does not exist', async () => {
+      const dbError = new Error('violates foreign key constraint');
+      (dbError as Error & { code: string }).code = '23503';
+
+      vi.mocked(withTransaction).mockImplementation(async (callback) => {
+        const mockClient = { query: vi.fn().mockRejectedValue(dbError) };
+        await expect(callback(mockClient as unknown as PoolClient)).rejects.toThrow(dbError);
+        throw dbError;
+      });
+
+      await expect(reactionRepo.toggleReaction(reactionData, mockLogger)).rejects.toThrow(
+        ForeignKeyConstraintError,
+      );
+      await expect(reactionRepo.toggleReaction(reactionData, mockLogger)).rejects.toThrow(
+        'The specified user or entity does not exist.',
+      );
+    });
+
+    it('should throw a generic error if the transaction fails', async () => {
+      const dbError = new Error('Transaction failed');
+      vi.mocked(withTransaction).mockRejectedValue(dbError);
+
+      await expect(reactionRepo.toggleReaction(reactionData, mockLogger)).rejects.toThrow(
+        'Failed to toggle user reaction.',
+      );
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, reactionData },
+        'Database error in toggleReaction',
+      );
+    });
+  });
+
+  describe('getReactionSummary', () => {
+    it('should return a summary of reactions for an entity', async () => {
+      const mockSummary = [
+        { reaction_type: 'like', count: 5 },
+        { reaction_type: 'heart', count: 2 },
+      ];
+      // This method uses getPool() directly, so we mock the main instance
+      mockPoolInstance.query.mockResolvedValue({ rows: mockSummary });
+
+      const result = await reactionRepo.getReactionSummary('recipe', '123', mockLogger);
+
+      expect(result).toEqual(mockSummary);
+      expect(mockPoolInstance.query).toHaveBeenCalledWith(
+        expect.stringContaining('GROUP BY reaction_type'),
+        ['recipe', '123'],
+      );
+    });
+
+    it('should return an empty array if there are no reactions', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rows: [] });
+      const result = await reactionRepo.getReactionSummary('recipe', '456', mockLogger);
+      expect(result).toEqual([]);
+    });
+
+    it('should throw an error if the database query fails', async () => {
+      const dbError = new Error('DB Error');
+      mockPoolInstance.query.mockRejectedValue(dbError);
+      await expect(
+        reactionRepo.getReactionSummary('recipe', '123', mockLogger),
+      ).rejects.toThrow('Failed to retrieve reaction summary.');
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        { err: dbError, entityType: 'recipe', entityId: '123' },
+        'Database error in getReactionSummary',
+      );
+    });
+  });
+});

src/services/db/recipe.db.test.ts

@@ -268,6 +268,17 @@ describe('Recipe DB Service', () => {
       );
     });
   });
+   describe('deleteRecipe - Ownership Check', () => {
+    it('should not delete recipe if the user does not own it and is not an admin', async () => {
+      mockQuery.mockResolvedValue({ rowCount: 0 });
+
+      await expect(recipeRepo.deleteRecipe(1, 'wrong-user', false, mockLogger)).rejects.toThrow(
+        'Recipe not found or user does not have permission to delete.',
+      );
+    });
+
+  });
+
 
   describe('updateRecipe', () => {
     it('should execute an UPDATE query with the correct fields', async () => {
@@ -382,6 +393,7 @@ describe('Recipe DB Service', () => {
         content: 'Great!',
         status: 'visible',
         created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
       };
       mockQuery.mockResolvedValue({ rows: [mockComment] });
 
@@ -441,10 +453,6 @@ describe('Recipe DB Service', () => {
       await expect(recipeRepo.forkRecipe('user-123', 1, mockLogger)).rejects.toThrow(
         'Recipe is not public and cannot be forked.',
       );
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, userId: 'user-123', originalRecipeId: 1 },
-        'Database error in forkRecipe',
-      );
     });
 
     it('should throw a generic error if the database query fails', async () => {

src/services/db/recipe.db.ts

@@ -239,6 +239,10 @@ export class RecipeRepository {
       }
       return res.rows[0];
     } catch (error) {
+      // Explicitly re-throw the "No fields" error before it gets caught by the generic handler.
+      if (error instanceof Error && error.message === 'No fields provided to update.') {
+        throw error;
+      }
       handleDbError(error, logger, 'Database error in updateRecipe', { recipeId, userId, updates }, {
         defaultMessage: 'Failed to update recipe.',
       });
@@ -255,8 +259,20 @@ export class RecipeRepository {
       const query = `
         SELECT
           r.*,
-          COALESCE(json_agg(DISTINCT jsonb_build_object('recipe_ingredient_id', ri.recipe_ingredient_id, 'master_item_name', mgi.name, 'quantity', ri.quantity, 'unit', ri.unit)) FILTER (WHERE ri.recipe_ingredient_id IS NOT NULL), '[]') AS ingredients,
-          COALESCE(json_agg(DISTINCT jsonb_build_object('tag_id', t.tag_id, 'name', t.name)) FILTER (WHERE t.tag_id IS NOT NULL), '[]') AS tags
+          COALESCE(json_agg(DISTINCT jsonb_build_object(
+            'recipe_ingredient_id', ri.recipe_ingredient_id,
+            'master_item_name', mgi.name,
+            'quantity', ri.quantity,
+            'unit', ri.unit,
+            'created_at', ri.created_at,
+            'updated_at', ri.updated_at
+            )) FILTER (WHERE ri.recipe_ingredient_id IS NOT NULL), '[]') AS ingredients,
+          COALESCE(json_agg(DISTINCT jsonb_build_object(
+            'tag_id', t.tag_id,
+            'name', t.name,
+            'created_at', t.created_at,
+            'updated_at', t.updated_at
+            )) FILTER (WHERE t.tag_id IS NOT NULL), '[]') AS tags
         FROM public.recipes r
         LEFT JOIN public.recipe_ingredients ri ON r.recipe_id = ri.recipe_id
         LEFT JOIN public.master_grocery_items mgi ON ri.master_item_id = mgi.master_grocery_item_id

src/services/db/shopping.db.test.ts

@@ -166,7 +166,7 @@ describe('Shopping DB Service', () => {
     it('should throw an error if no rows are deleted (list not found or wrong user)', async () => {
       mockPoolInstance.query.mockResolvedValue({ rowCount: 0, rows: [], command: 'DELETE' });
       await expect(shoppingRepo.deleteShoppingList(999, 'user-1', mockLogger)).rejects.toThrow(
-        'Failed to delete shopping list.',
+        'Shopping list not found or user does not have permission to delete.',
       );
     });
 
@@ -190,13 +190,14 @@ describe('Shopping DB Service', () => {
 
       const result = await shoppingRepo.addShoppingListItem(
         1,
+        'user-1',
         { customItemName: 'Custom Item' },
         mockLogger,
       );
 
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('INSERT INTO public.shopping_list_items'),
-        [1, null, 'Custom Item'],
+        [1, null, 'Custom Item', 'user-1'],
       );
       expect(result).toEqual(mockItem);
     });
@@ -205,11 +206,11 @@ describe('Shopping DB Service', () => {
       const mockItem = createMockShoppingListItem({ master_item_id: 123 });
       mockPoolInstance.query.mockResolvedValue({ rows: [mockItem] });
 
-      const result = await shoppingRepo.addShoppingListItem(1, { masterItemId: 123 }, mockLogger);
+      const result = await shoppingRepo.addShoppingListItem(1, 'user-1', { masterItemId: 123 }, mockLogger);
 
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('INSERT INTO public.shopping_list_items'),
-        [1, 123, null],
+        [1, 123, null, 'user-1'],
       );
       expect(result).toEqual(mockItem);
     });
@@ -223,19 +224,20 @@ describe('Shopping DB Service', () => {
 
       const result = await shoppingRepo.addShoppingListItem(
         1,
+        'user-1',
         { masterItemId: 123, customItemName: 'Organic Apples' },
         mockLogger,
       );
 
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('INSERT INTO public.shopping_list_items'),
-        [1, 123, 'Organic Apples'],
+        [1, 123, 'Organic Apples', 'user-1'],
       );
       expect(result).toEqual(mockItem);
     });
 
     it('should throw an error if both masterItemId and customItemName are missing', async () => {
-      await expect(shoppingRepo.addShoppingListItem(1, {}, mockLogger)).rejects.toThrow(
+      await expect(shoppingRepo.addShoppingListItem(1, 'user-1', {}, mockLogger)).rejects.toThrow(
         'Either masterItemId or customItemName must be provided.',
       );
     });
@@ -244,19 +246,19 @@ describe('Shopping DB Service', () => {
       const dbError = new Error('violates foreign key constraint');
       (dbError as Error & { code: string }).code = '23503';
       mockPoolInstance.query.mockRejectedValue(dbError);
-      await expect(
-        shoppingRepo.addShoppingListItem(999, { masterItemId: 999 }, mockLogger),
-      ).rejects.toThrow('Referenced list or item does not exist.');
+      await expect(shoppingRepo.addShoppingListItem(999, 'user-1', { masterItemId: 999 }, mockLogger)).rejects.toThrow(
+        'Referenced list or item does not exist.',
+      );
     });
 
     it('should throw a generic error if the database query fails', async () => {
       const dbError = new Error('DB Connection Error');
       mockPoolInstance.query.mockRejectedValue(dbError);
       await expect(
-        shoppingRepo.addShoppingListItem(1, { customItemName: 'Test' }, mockLogger),
+        shoppingRepo.addShoppingListItem(1, 'user-1', { customItemName: 'Test' }, mockLogger),
       ).rejects.toThrow('Failed to add item to shopping list.');
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, listId: 1, item: { customItemName: 'Test' } },
+        { err: dbError, listId: 1, userId: 'user-1', item: { customItemName: 'Test' } },
         'Database error in addShoppingListItem',
       );
     });
@@ -269,13 +271,14 @@ describe('Shopping DB Service', () => {
 
       const result = await shoppingRepo.updateShoppingListItem(
         1,
+        'user-1',
         { is_purchased: true },
         mockLogger,
       );
 
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
-        'UPDATE public.shopping_list_items SET is_purchased = $1 WHERE shopping_list_item_id = $2 RETURNING *',
-        [true, 1],
+        expect.stringContaining('UPDATE public.shopping_list_items sli'),
+        [true, 1, 'user-1'],
       );
       expect(result).toEqual(mockItem);
     });
@@ -285,11 +288,11 @@ describe('Shopping DB Service', () => {
       const mockItem = createMockShoppingListItem({ shopping_list_item_id: 1, ...updates });
       mockPoolInstance.query.mockResolvedValue({ rows: [mockItem], rowCount: 1 });
 
-      const result = await shoppingRepo.updateShoppingListItem(1, updates, mockLogger);
+      const result = await shoppingRepo.updateShoppingListItem(1, 'user-1', updates, mockLogger);
 
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
-        'UPDATE public.shopping_list_items SET quantity = $1, is_purchased = $2, notes = $3 WHERE shopping_list_item_id = $4 RETURNING *',
-        [updates.quantity, updates.is_purchased, updates.notes, 1],
+        expect.stringContaining('UPDATE public.shopping_list_items sli'),
+        [updates.quantity, updates.is_purchased, updates.notes, 1, 'user-1'],
       );
       expect(result).toEqual(mockItem);
     });
@@ -297,13 +300,13 @@ describe('Shopping DB Service', () => {
     it('should throw an error if the item to update is not found', async () => {
       mockPoolInstance.query.mockResolvedValue({ rowCount: 0, rows: [], command: 'UPDATE' });
       await expect(
-        shoppingRepo.updateShoppingListItem(999, { quantity: 5 }, mockLogger),
+        shoppingRepo.updateShoppingListItem(999, 'user-1', { quantity: 5 }, mockLogger),
       ).rejects.toThrow('Shopping list item not found.');
     });
 
     it('should throw an error if no valid fields are provided to update', async () => {
       // The function should throw before even querying the database.
-      await expect(shoppingRepo.updateShoppingListItem(1, {}, mockLogger)).rejects.toThrow(
+      await expect(shoppingRepo.updateShoppingListItem(1, 'user-1', {}, mockLogger)).rejects.toThrow(
         'No valid fields to update.',
       );
     });
@@ -312,44 +315,65 @@ describe('Shopping DB Service', () => {
       const dbError = new Error('DB Connection Error');
       mockPoolInstance.query.mockRejectedValue(dbError);
       await expect(
-        shoppingRepo.updateShoppingListItem(1, { is_purchased: true }, mockLogger),
+        shoppingRepo.updateShoppingListItem(1, 'user-1', { is_purchased: true }, mockLogger),
       ).rejects.toThrow('Failed to update shopping list item.');
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, itemId: 1, updates: { is_purchased: true } },
+        { err: dbError, itemId: 1, userId: 'user-1', updates: { is_purchased: true } },
         'Database error in updateShoppingListItem',
       );
     });
   });
 
+  describe('updateShoppingListItem - Ownership Check', () => {
+    it('should not update an item if the user does not own the shopping list', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rowCount: 0 });
+
+      await expect(
+        shoppingRepo.updateShoppingListItem(1, 'wrong-user', { is_purchased: true }, mockLogger),
+      ).rejects.toThrow('Shopping list item not found.');
+    });
+  });
+
+
   describe('removeShoppingListItem', () => {
     it('should delete an item if rowCount is 1', async () => {
       mockPoolInstance.query.mockResolvedValue({ rowCount: 1, rows: [], command: 'DELETE' });
-      await expect(shoppingRepo.removeShoppingListItem(1, mockLogger)).resolves.toBeUndefined();
+      await expect(shoppingRepo.removeShoppingListItem(1, 'user-1', mockLogger)).resolves.toBeUndefined();
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
-        'DELETE FROM public.shopping_list_items WHERE shopping_list_item_id = $1',
-        [1],
+        expect.stringContaining('DELETE FROM public.shopping_list_items sli'),
+        [1, 'user-1'],
       );
     });
 
     it('should throw an error if no rows are deleted (item not found)', async () => {
       mockPoolInstance.query.mockResolvedValue({ rowCount: 0, rows: [], command: 'DELETE' });
-      await expect(shoppingRepo.removeShoppingListItem(999, mockLogger)).rejects.toThrow(
-        'Shopping list item not found.',
+      await expect(shoppingRepo.removeShoppingListItem(999, 'user-1', mockLogger)).rejects.toThrow(
+        'Shopping list item not found or user does not have permission.',
       );
     });
 
     it('should throw a generic error if the database query fails', async () => {
       const dbError = new Error('DB Connection Error');
       mockPoolInstance.query.mockRejectedValue(dbError);
-      await expect(shoppingRepo.removeShoppingListItem(1, mockLogger)).rejects.toThrow(
+      await expect(shoppingRepo.removeShoppingListItem(1, 'user-1', mockLogger)).rejects.toThrow(
         'Failed to remove item from shopping list.',
       );
       expect(mockLogger.error).toHaveBeenCalledWith(
-        { err: dbError, itemId: 1 },
+        { err: dbError, itemId: 1, userId: 'user-1' },
         'Database error in removeShoppingListItem',
       );
     });
   });
+  describe('removeShoppingListItem - Ownership Check', () => {
+    it('should not remove an item if the user does not own the shopping list', async () => {
+      mockPoolInstance.query.mockResolvedValue({ rowCount: 0 });
+
+      await expect(shoppingRepo.removeShoppingListItem(1, 'wrong-user', mockLogger)).rejects.toThrow(
+        'Shopping list item not found or user does not have permission.',
+      );
+    });
+  });
+
 
   describe('completeShoppingList', () => {
     it('should call the complete_shopping_list database function', async () => {

src/services/db/shopping.db.ts

@@ -29,8 +29,7 @@ export class ShoppingRepository {
   async getShoppingLists(userId: string, logger: Logger): Promise<ShoppingList[]> {
     try {
       const query = `
-              SELECT
-                  sl.shopping_list_id, sl.name, sl.created_at,
+        SELECT sl.shopping_list_id, sl.name, sl.created_at, sl.updated_at,
                   COALESCE(json_agg(
                       json_build_object(
                           'shopping_list_item_id', sli.shopping_list_item_id,
@@ -40,6 +39,7 @@ export class ShoppingRepository {
                           'quantity', sli.quantity,
                           'is_purchased', sli.is_purchased,
                           'added_at', sli.added_at,
+                          'updated_at', sli.updated_at,
                           'master_item', json_build_object('name', mgi.name)
                       )
                   ) FILTER (WHERE sli.shopping_list_item_id IS NOT NULL), '[]'::json) as items
@@ -68,7 +68,7 @@ export class ShoppingRepository {
   async createShoppingList(userId: string, name: string, logger: Logger): Promise<ShoppingList> {
     try {
       const res = await this.db.query<ShoppingList>(
-        'INSERT INTO public.shopping_lists (user_id, name) VALUES ($1, $2) RETURNING shopping_list_id, user_id, name, created_at',
+        'INSERT INTO public.shopping_lists (user_id, name) VALUES ($1, $2) RETURNING shopping_list_id, user_id, name, created_at, updated_at',
         [userId, name],
       );
       return { ...res.rows[0], items: [] };
@@ -89,8 +89,7 @@ export class ShoppingRepository {
   async getShoppingListById(listId: number, userId: string, logger: Logger): Promise<ShoppingList> {
     try {
       const query = `
-        SELECT
-          sl.shopping_list_id, sl.name, sl.created_at,
+        SELECT sl.shopping_list_id, sl.name, sl.created_at, sl.updated_at,
           COALESCE(json_agg(
             json_build_object(
               'shopping_list_item_id', sli.shopping_list_item_id,
@@ -100,6 +99,7 @@ export class ShoppingRepository {
               'quantity', sli.quantity,
               'is_purchased', sli.is_purchased,
               'added_at', sli.added_at,
+              'updated_at', sli.updated_at,
               'master_item', json_build_object('name', mgi.name)
             )
           ) FILTER (WHERE sli.shopping_list_item_id IS NOT NULL), '[]'::json) as items
@@ -156,6 +156,7 @@ export class ShoppingRepository {
    */
   async addShoppingListItem(
     listId: number,
+    userId: string,
     item: { masterItemId?: number; customItemName?: string },
     logger: Logger,
   ): Promise<ShoppingListItem> {
@@ -165,13 +166,29 @@ export class ShoppingRepository {
     }
 
     try {
-      const res = await this.db.query<ShoppingListItem>(
-        'INSERT INTO public.shopping_list_items (shopping_list_id, master_item_id, custom_item_name) VALUES ($1, $2, $3) RETURNING *',
-        [listId, item.masterItemId ?? null, item.customItemName ?? null],
-      );
+      const query = `
+        INSERT INTO public.shopping_list_items (shopping_list_id, master_item_id, custom_item_name)
+        SELECT $1, $2, $3
+        WHERE EXISTS (
+          SELECT 1 FROM public.shopping_lists WHERE shopping_list_id = $1 AND user_id = $4
+        )
+        RETURNING *;
+      `;
+      const res = await this.db.query<ShoppingListItem>(query, [
+        listId,
+        item.masterItemId ?? null,
+        item.customItemName ?? null,
+        userId,
+      ]);
+
+      if (res.rowCount === 0) {
+        throw new NotFoundError('Shopping list not found or user does not have permission.');
+      }
+
       return res.rows[0];
     } catch (error) {
-      handleDbError(error, logger, 'Database error in addShoppingListItem', { listId, item }, {
+      if (error instanceof NotFoundError) throw error;
+      handleDbError(error, logger, 'Database error in addShoppingListItem', { listId, userId, item }, {
         fkMessage: 'Referenced list or item does not exist.',
         checkMessage: 'Shopping list item must have a master item or a custom name.',
         defaultMessage: 'Failed to add item to shopping list.',
@@ -183,19 +200,23 @@ export class ShoppingRepository {
    * Removes an item from a shopping list.
    * @param itemId The ID of the shopping list item to remove.
    */
-  async removeShoppingListItem(itemId: number, logger: Logger): Promise<void> {
+  async removeShoppingListItem(itemId: number, userId: string, logger: Logger): Promise<void> {
     try {
-      const res = await this.db.query(
-        'DELETE FROM public.shopping_list_items WHERE shopping_list_item_id = $1',
-        [itemId],
-      );
-      // The patch requested this specific error handling.
+      const query = `
+        DELETE FROM public.shopping_list_items sli
+        WHERE sli.shopping_list_item_id = $1
+          AND EXISTS (
+            SELECT 1 FROM public.shopping_lists sl
+            WHERE sl.shopping_list_id = sli.shopping_list_id AND sl.user_id = $2
+          );
+      `;
+      const res = await this.db.query(query, [itemId, userId]);
       if (res.rowCount === 0) {
-        throw new NotFoundError('Shopping list item not found.');
+        throw new NotFoundError('Shopping list item not found or user does not have permission.');
       }
     } catch (error) {
       if (error instanceof NotFoundError) throw error;
-      handleDbError(error, logger, 'Database error in removeShoppingListItem', { itemId }, {
+      handleDbError(error, logger, 'Database error in removeShoppingListItem', { itemId, userId }, {
         defaultMessage: 'Failed to remove item from shopping list.',
       });
     }
@@ -312,6 +333,7 @@ export class ShoppingRepository {
    */
   async updateShoppingListItem(
     itemId: number,
+    userId: string,
     updates: Partial<ShoppingListItem>,
     logger: Logger,
   ): Promise<ShoppingListItem> {
@@ -341,10 +363,19 @@ export class ShoppingRepository {
       }
 
       values.push(itemId);
-      const query = `UPDATE public.shopping_list_items SET ${setClauses.join(', ')} WHERE shopping_list_item_id = $${valueIndex} RETURNING *`;
+      values.push(userId);
+
+      const query = `
+        UPDATE public.shopping_list_items sli
+        SET ${setClauses.join(', ')}
+        FROM public.shopping_lists sl
+        WHERE sli.shopping_list_item_id = $${valueIndex}
+          AND sli.shopping_list_id = sl.shopping_list_id
+          AND sl.user_id = $${valueIndex + 1}
+        RETURNING sli.*;
+      `;
 
       const res = await this.db.query<ShoppingListItem>(query, values);
-      // The patch requested this specific error handling.
       if (res.rowCount === 0) {
         throw new NotFoundError('Shopping list item not found.');
       }
@@ -357,7 +388,7 @@ export class ShoppingRepository {
       ) {
         throw error;
       }
-      handleDbError(error, logger, 'Database error in updateShoppingListItem', { itemId, updates }, {
+      handleDbError(error, logger, 'Database error in updateShoppingListItem', { itemId, userId, updates }, {
         defaultMessage: 'Failed to update shopping list item.',
       });
     }
@@ -399,13 +430,15 @@ export class ShoppingRepository {
     try {
       const query = `
               SELECT
-                  st.shopping_trip_id, st.user_id, st.shopping_list_id, st.completed_at, st.total_spent_cents,
+                  st.shopping_trip_id, st.user_id, st.shopping_list_id, st.completed_at, st.total_spent_cents, st.updated_at,
                   COALESCE(
                       json_agg(
                           json_build_object(
                               'shopping_trip_item_id', sti.shopping_trip_item_id,
                               'master_item_id', sti.master_item_id,
                               'custom_item_name', sti.custom_item_name,
+                              'created_at', sti.created_at,
+                              'updated_at', sti.updated_at,
                               'quantity', sti.quantity,
                               'price_paid_cents', sti.price_paid_cents,
                               'master_item_name', mgi.name
@@ -462,7 +495,14 @@ export class ShoppingRepository {
     receiptId: number,
     items: Omit<
       ReceiptItem,
-      'receipt_item_id' | 'receipt_id' | 'status' | 'master_item_id' | 'product_id' | 'quantity'
+      | 'receipt_item_id'
+      | 'receipt_id'
+      | 'status'
+      | 'master_item_id'
+      | 'product_id'
+      | 'quantity'
+      | 'created_at'
+      | 'updated_at'
     >[],
     logger: Logger,
   ): Promise<void> {

src/services/db/user.db.test.ts

@@ -25,9 +25,9 @@ import { withTransaction } from './connection.db';
 import { UserRepository, exportUserData } from './user.db';
 
 import { mockPoolInstance } from '../../tests/setup/tests-setup-unit';
-import { createMockUserProfile } from '../../tests/utils/mockFactories';
+import { createMockUserProfile, createMockUser } from '../../tests/utils/mockFactories';
 import { UniqueConstraintError, ForeignKeyConstraintError, NotFoundError } from './errors.db';
-import type { Profile, ActivityLogItem, SearchQuery, UserProfile } from '../../types';
+import type { Profile, ActivityLogItem, SearchQuery, UserProfile, User } from '../../types';
 
 // Mock other db services that are used by functions in user.db.ts
 // Update mocks to put methods on prototype so spyOn works in exportUserData tests
@@ -70,7 +70,12 @@ describe('User DB Service', () => {
 
   describe('findUserByEmail', () => {
     it('should execute the correct query and return a user', async () => {
-      const mockUser = { user_id: '123', email: 'test@example.com' };
+      const mockUser = {
+        user_id: '123',
+        email: 'test@example.com',
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+      };
       mockPoolInstance.query.mockResolvedValue({ rows: [mockUser] });
 
       const result = await userRepo.findUserByEmail('test@example.com', mockLogger);
@@ -107,8 +112,12 @@ describe('User DB Service', () => {
 
   describe('createUser', () => {
     it('should execute a transaction to create a user and profile', async () => {
-      const mockUser = { user_id: 'new-user-id', email: 'new@example.com' };
-      const now = new Date().toISOString();
+      const mockUser = {
+        user_id: 'new-user-id',
+        email: 'new@example.com',
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+      };
       // This is the flat structure returned by the DB query inside createUser
       const mockDbProfile = {
         user_id: 'new-user-id',
@@ -118,24 +127,31 @@ describe('User DB Service', () => {
         avatar_url: null,
         points: 0,
         preferences: null,
-        created_at: now,
-        updated_at: now,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+        user_created_at: new Date().toISOString(),
+        user_updated_at: new Date().toISOString(),
       };
       // This is the nested structure the function is expected to return
       const expectedProfile: UserProfile = {
-        user: { user_id: 'new-user-id', email: 'new@example.com' },
+        user: {
+          user_id: mockDbProfile.user_id,
+          email: mockDbProfile.email,
+          created_at: mockDbProfile.user_created_at,
+          updated_at: mockDbProfile.user_updated_at,
+        },
         full_name: 'New User',
         avatar_url: null,
         role: 'user',
         points: 0,
         preferences: null,
-        created_at: now,
-        updated_at: now,
+        created_at: mockDbProfile.created_at,
+        updated_at: mockDbProfile.updated_at,
       };
 
-      vi.mocked(withTransaction).mockImplementation(async (callback) => {
-        const mockClient = { query: vi.fn() };
-        mockClient.query
+      vi.mocked(withTransaction).mockImplementation(async (callback: any) => {
+        const mockClient = { query: vi.fn(), release: vi.fn() };
+        (mockClient.query as Mock)
           .mockResolvedValueOnce({ rows: [] }) // set_config
           .mockResolvedValueOnce({ rows: [mockUser] }) // INSERT user
           .mockResolvedValueOnce({ rows: [mockDbProfile] }); // SELECT profile
@@ -149,16 +165,11 @@ describe('User DB Service', () => {
         mockLogger,
       );
 
-      console.log(
-        '[TEST DEBUG] createUser - Result from function:',
-        JSON.stringify(result, null, 2),
-      );
-      console.log(
-        '[TEST DEBUG] createUser - Expected result:',
-        JSON.stringify(expectedProfile, null, 2),
-      );
-
       // Use objectContaining because the real implementation might have other DB-generated fields.
+      // We can't do a deep equality check on the user object because the mock factory will generate different timestamps.
+      expect(result.user.user_id).toEqual(expectedProfile.user.user_id);
+      expect(result.full_name).toEqual(expectedProfile.full_name);
+      // eslint-disable-next-line @typescript-eslint/no-unused-vars
       expect(result).toEqual(expect.objectContaining(expectedProfile));
       expect(withTransaction).toHaveBeenCalledTimes(1);
     });
@@ -222,9 +233,7 @@ describe('User DB Service', () => {
       }
 
       expect(withTransaction).toHaveBeenCalledTimes(1);
-      expect(mockLogger.warn).toHaveBeenCalledWith(
-        `Attempted to create a user with an existing email: exists@example.com`,
-      );
+      expect(mockLogger.warn).toHaveBeenCalledWith(`Attempted to create a user with an existing email: exists@example.com`);
     });
 
     it('should throw an error if profile is not found after user creation', async () => {
@@ -255,8 +264,7 @@ describe('User DB Service', () => {
 
   describe('findUserWithProfileByEmail', () => {
     it('should query for a user and their profile by email', async () => {
-      const now = new Date().toISOString();
-      const mockDbResult = {
+      const mockDbResult: any = {
         user_id: '123',
         email: 'test@example.com',
         password_hash: 'hash',
@@ -268,9 +276,11 @@ describe('User DB Service', () => {
         role: 'user' as const,
         points: 0,
         preferences: null,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
+        user_created_at: new Date().toISOString(),
+        user_updated_at: new Date().toISOString(),
         address_id: null,
-        created_at: now,
-        updated_at: now,
       };
       mockPoolInstance.query.mockResolvedValue({ rows: [mockDbResult] });
 
@@ -281,9 +291,12 @@ describe('User DB Service', () => {
         points: 0,
         preferences: null,
         address_id: null,
-        created_at: now,
-        updated_at: now,
-        user: { user_id: '123', email: 'test@example.com' },
+        user: {
+          user_id: '123',
+          email: 'test@example.com',
+          created_at: expect.any(String),
+          updated_at: expect.any(String),
+        },
         password_hash: 'hash',
         failed_login_attempts: 0,
         last_failed_login: null,
@@ -292,15 +305,6 @@ describe('User DB Service', () => {
 
       const result = await userRepo.findUserWithProfileByEmail('test@example.com', mockLogger);
 
-      console.log(
-        '[TEST DEBUG] findUserWithProfileByEmail - Result from function:',
-        JSON.stringify(result, null, 2),
-      );
-      console.log(
-        '[TEST DEBUG] findUserWithProfileByEmail - Expected result:',
-        JSON.stringify(expectedResult, null, 2),
-      );
-
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('JOIN public.profiles'),
         ['test@example.com'],
@@ -329,7 +333,11 @@ describe('User DB Service', () => {
 
   describe('findUserById', () => {
     it('should query for a user by their ID', async () => {
-      mockPoolInstance.query.mockResolvedValue({ rows: [{ user_id: '123' }], rowCount: 1 });
+      const mockUser = createMockUser({ user_id: '123' });
+      mockPoolInstance.query.mockResolvedValue({
+        rows: [mockUser],
+        rowCount: 1,
+      });
       await userRepo.findUserById('123', mockLogger);
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('FROM public.users WHERE user_id = $1'),
@@ -359,13 +367,16 @@ describe('User DB Service', () => {
 
   describe('findUserWithPasswordHashById', () => {
     it('should query for a user and their password hash by ID', async () => {
+      const mockUser = createMockUser({ user_id: '123' });
+      const mockUserWithHash = { ...mockUser, password_hash: 'hash' };
+
       mockPoolInstance.query.mockResolvedValue({
-        rows: [{ user_id: '123', password_hash: 'hash' }],
+        rows: [mockUserWithHash],
         rowCount: 1,
       });
       await userRepo.findUserWithPasswordHashById('123', mockLogger);
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
-        expect.stringContaining('SELECT user_id, email, password_hash'),
+        expect.stringContaining('SELECT user_id, email, password_hash, created_at, updated_at'),
         ['123'],
       );
     });
@@ -395,7 +406,11 @@ describe('User DB Service', () => {
 
   describe('findUserProfileById', () => {
     it('should query for a user profile by user ID', async () => {
-      mockPoolInstance.query.mockResolvedValue({ rows: [{ user_id: '123' }] });
+      const mockProfile = createMockUserProfile({
+        user: createMockUser({ user_id: '123' }),
+      });
+      // The query returns a user object inside, so we need to mock that structure.
+      mockPoolInstance.query.mockResolvedValue({ rows: [mockProfile] });
       await userRepo.findUserProfileById('123', mockLogger);
       // The actual query uses 'p.user_id' due to the join alias
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
@@ -426,7 +441,7 @@ describe('User DB Service', () => {
 
   describe('updateUserProfile', () => {
     it('should execute an UPDATE query for the user profile', async () => {
-      const mockProfile: Profile = {
+      const mockProfile: any = {
         full_name: 'Updated Name',
         role: 'user',
         points: 0,
@@ -444,7 +459,7 @@ describe('User DB Service', () => {
     });
 
     it('should execute an UPDATE query for avatar_url', async () => {
-      const mockProfile: Profile = {
+      const mockProfile: any = {
         avatar_url: 'new-avatar.png',
         role: 'user',
         points: 0,
@@ -462,7 +477,7 @@ describe('User DB Service', () => {
     });
 
     it('should execute an UPDATE query for address_id', async () => {
-      const mockProfile: Profile = {
+      const mockProfile: any = {
         address_id: 99,
         role: 'user',
         points: 0,
@@ -480,8 +495,8 @@ describe('User DB Service', () => {
     });
 
     it('should fetch the current profile if no update fields are provided', async () => {
-      const mockProfile: Profile = createMockUserProfile({
-        user: { user_id: '123', email: '123@example.com' },
+      const mockProfile: UserProfile = createMockUserProfile({
+        user: createMockUser({ user_id: '123', email: '123@example.com' }),
         full_name: 'Current Name',
       });
       // FIX: Instead of mocking `mockResolvedValue` on the instance method which might fail if not spied correctly,
@@ -520,7 +535,7 @@ describe('User DB Service', () => {
 
   describe('updateUserPreferences', () => {
     it('should execute an UPDATE query for user preferences', async () => {
-      mockPoolInstance.query.mockResolvedValue({ rows: [{}] });
+      mockPoolInstance.query.mockResolvedValue({ rows: [createMockUserProfile()] });
       await userRepo.updateUserPreferences('123', { darkMode: true }, mockLogger);
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining("SET preferences = COALESCE(preferences, '{}'::jsonb) || $1"),
@@ -616,7 +631,11 @@ describe('User DB Service', () => {
 
   describe('findUserByRefreshToken', () => {
     it('should query for a user by their refresh token', async () => {
-      mockPoolInstance.query.mockResolvedValue({ rows: [{ user_id: '123' }], rowCount: 1 });
+      const mockUser = createMockUser({ user_id: '123' });
+      mockPoolInstance.query.mockResolvedValue({
+        rows: [mockUser],
+        rowCount: 1,
+      });
       await userRepo.findUserByRefreshToken('a-token', mockLogger);
       expect(mockPoolInstance.query).toHaveBeenCalledWith(
         expect.stringContaining('WHERE refresh_token = $1'),
@@ -788,7 +807,7 @@ describe('User DB Service', () => {
 
       const findProfileSpy = vi.spyOn(UserRepository.prototype, 'findUserProfileById');
       findProfileSpy.mockResolvedValue(
-        createMockUserProfile({ user: { user_id: '123', email: '123@example.com' } }),
+        createMockUserProfile({ user: createMockUser({ user_id: '123', email: '123@example.com' }) }),
       );
       const getWatchedItemsSpy = vi.spyOn(PersonalizationRepository.prototype, 'getWatchedItems');
       getWatchedItemsSpy.mockResolvedValue([]);
@@ -815,9 +834,7 @@ describe('User DB Service', () => {
       );
 
       // Act & Assert: The outer function catches the NotFoundError and re-throws it.
-      await expect(exportUserData('123', mockLogger)).rejects.toThrow(
-        'Failed to export user data.',
-      );
+      await expect(exportUserData('123', mockLogger)).rejects.toThrow('Profile not found');
       expect(withTransaction).toHaveBeenCalledTimes(1);
     });
 
@@ -898,8 +915,8 @@ describe('User DB Service', () => {
           user_id: 'following-1',
           action: 'recipe_created',
           display_text: 'Created a new recipe',
-          created_at: new Date().toISOString(),
           details: { recipe_id: 1, recipe_name: 'Test Recipe' },
+          created_at: new Date().toISOString(),
           updated_at: new Date().toISOString(),
         },
       ];
@@ -935,16 +952,17 @@ describe('User DB Service', () => {
 
   describe('logSearchQuery', () => {
     it('should execute an INSERT query and return the new search query log', async () => {
-      const queryData: Omit<SearchQuery, 'search_query_id' | 'created_at'> = {
+      const queryData: Omit<SearchQuery, 'search_query_id' | 'created_at' | 'updated_at'> = {
         user_id: 'user-123',
         query_text: 'best chicken recipes',
         result_count: 5,
         was_successful: true,
       };
-      const mockLoggedQuery: SearchQuery = {
+      const mockLoggedQuery: any = {
         search_query_id: 1,
-        created_at: new Date().toISOString(),
         ...queryData,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
       };
       mockPoolInstance.query.mockResolvedValue({ rows: [mockLoggedQuery] });
 
@@ -966,8 +984,9 @@ describe('User DB Service', () => {
       };
       const mockLoggedQuery: SearchQuery = {
         search_query_id: 2,
-        created_at: new Date().toISOString(),
         ...queryData,
+        created_at: new Date().toISOString(),
+        updated_at: new Date().toISOString(),
       };
       mockPoolInstance.query.mockResolvedValue({ rows: [mockLoggedQuery] });
 

src/services/db/user.db.ts

@@ -2,7 +2,7 @@
 import { Pool, PoolClient } from 'pg';
 import { getPool } from './connection.db';
 import type { Logger } from 'pino';
-import { NotFoundError, handleDbError } from './errors.db';
+import { NotFoundError, handleDbError, UniqueConstraintError } from './errors.db';
 import {
   Profile,
   MasterGroceryItem,
@@ -10,6 +10,7 @@ import {
   ActivityLogItem,
   UserProfile,
   SearchQuery,
+  User,
 } from '../../types';
 import { ShoppingRepository } from './shopping.db';
 import { PersonalizationRepository } from './personalization.db';
@@ -26,6 +27,8 @@ interface DbUser {
   refresh_token?: string | null;
   failed_login_attempts: number;
   last_failed_login: string | null; // This will be a date string from the DB
+  created_at: string;
+  updated_at: string;
 }
 
 export class UserRepository {
@@ -43,7 +46,7 @@ export class UserRepository {
     logger.debug({ email }, `[DB findUserByEmail] Searching for user.`);
     try {
       const res = await this.db.query<DbUser>(
-        'SELECT user_id, email, password_hash, refresh_token, failed_login_attempts, last_failed_login FROM public.users WHERE email = $1',
+        'SELECT user_id, email, password_hash, refresh_token, failed_login_attempts, last_failed_login, created_at, updated_at FROM public.users WHERE email = $1',
         [email],
       );
       const userFound = res.rows[0];
@@ -91,7 +94,7 @@ export class UserRepository {
 
       // After the trigger has run, fetch the complete profile data.
       const profileQuery = `
-        SELECT u.user_id, u.email, p.full_name, p.avatar_url, p.role, p.points, p.preferences, p.created_at, p.updated_at
+        SELECT u.user_id, u.email, u.created_at as user_created_at, u.updated_at as user_updated_at, p.full_name, p.avatar_url, p.role, p.points, p.preferences, p.created_at, p.updated_at
         FROM public.users u
         JOIN public.profiles p ON u.user_id = p.user_id
         WHERE u.user_id = $1;
@@ -109,6 +112,8 @@ export class UserRepository {
         user: {
           user_id: flatProfile.user_id,
           email: flatProfile.email,
+          created_at: flatProfile.user_created_at,
+          updated_at: flatProfile.user_updated_at,
         },
         full_name: flatProfile.full_name,
         avatar_url: flatProfile.avatar_url,
@@ -122,6 +127,12 @@ export class UserRepository {
       logger.debug({ user: fullUserProfile }, `[DB createUser] Fetched full profile for new user:`);
       return fullUserProfile;
     }).catch((error) => {
+      // Specific handling for unique constraint violation on user creation
+      if (error instanceof Error && 'code' in error && (error as any).code === '23505') {
+        logger.warn(`Attempted to create a user with an existing email: ${email}`);
+        throw new UniqueConstraintError('A user with this email address already exists.');
+      }
+      // Fallback to generic handler for all other errors
       handleDbError(error, logger, 'Error during createUser transaction', { email }, {
         uniqueMessage: 'A user with this email address already exists.',
         defaultMessage: 'Failed to create user in database.',
@@ -142,15 +153,17 @@ export class UserRepository {
     logger.debug({ email }, `[DB findUserWithProfileByEmail] Searching for user.`);
     try {
       const query = `
-        SELECT 
-          u.user_id, u.email, u.password_hash, u.refresh_token, u.failed_login_attempts, u.last_failed_login,
+        SELECT
+          u.user_id, u.email, u.created_at as user_created_at, u.updated_at as user_updated_at, u.password_hash, u.refresh_token, u.failed_login_attempts, u.last_failed_login,
           p.full_name, p.avatar_url, p.role, p.points, p.preferences, p.address_id,
           p.created_at, p.updated_at
         FROM public.users u
         JOIN public.profiles p ON u.user_id = p.user_id
         WHERE u.email = $1;
       `;
-      const res = await this.db.query<DbUser & Profile>(query, [email]);
+      const res = await this.db.query<
+        DbUser & Profile & { user_created_at: string; user_updated_at: string }
+      >(query, [email]);
       const flatUser = res.rows[0];
 
       if (!flatUser) {
@@ -170,6 +183,8 @@ export class UserRepository {
         user: {
           user_id: flatUser.user_id,
           email: flatUser.email,
+          created_at: flatUser.user_created_at,
+          updated_at: flatUser.user_updated_at,
         },
         password_hash: flatUser.password_hash,
         failed_login_attempts: flatUser.failed_login_attempts,
@@ -191,10 +206,10 @@ export class UserRepository {
    * @returns A promise that resolves to the user object (id, email) or undefined if not found.
    */
   // prettier-ignore
-  async findUserById(userId: string, logger: Logger): Promise<{ user_id: string; email: string; }> {
+  async findUserById(userId: string, logger: Logger): Promise<User> {
     try {
-      const res = await this.db.query<{ user_id: string; email: string }>(
-        'SELECT user_id, email FROM public.users WHERE user_id = $1',
+      const res = await this.db.query<User>(
+        'SELECT user_id, email, created_at, updated_at FROM public.users WHERE user_id = $1',
         [userId]
       );
       if (res.rowCount === 0) {
@@ -216,10 +231,10 @@ export class UserRepository {
    * @returns A promise that resolves to the user object (id, email, password_hash) or undefined if not found.
    */
   // prettier-ignore
-  async findUserWithPasswordHashById(userId: string, logger: Logger): Promise<{ user_id: string; email: string; password_hash: string | null }> {
+  async findUserWithPasswordHashById(userId: string, logger: Logger): Promise<User & { password_hash: string | null }> {
     try {
-      const res = await this.db.query<{ user_id: string; email: string; password_hash: string | null }>(
-        'SELECT user_id, email, password_hash FROM public.users WHERE user_id = $1',
+      const res = await this.db.query<User & { password_hash: string | null }>(
+        'SELECT user_id, email, password_hash, created_at, updated_at FROM public.users WHERE user_id = $1',
         [userId]
       );
       if ((res.rowCount ?? 0) === 0) {
@@ -247,7 +262,9 @@ export class UserRepository {
            p.created_at, p.updated_at,
            json_build_object(
              'user_id', u.user_id,
-             'email', u.email
+             'email', u.email,
+             'created_at', u.created_at,
+             'updated_at', u.updated_at
            ) as user,
            CASE
              WHEN a.address_id IS NOT NULL THEN json_build_object(
@@ -420,10 +437,10 @@ export class UserRepository {
   async findUserByRefreshToken(
     refreshToken: string,
     logger: Logger,
-  ): Promise<{ user_id: string; email: string } | undefined> {
+  ): Promise<User | undefined> {
     try {
-      const res = await this.db.query<{ user_id: string; email: string }>(
-        'SELECT user_id, email FROM public.users WHERE refresh_token = $1',
+      const res = await this.db.query<User>(
+        'SELECT user_id, email, created_at, updated_at FROM public.users WHERE refresh_token = $1',
         [refreshToken],
       );
       if ((res.rowCount ?? 0) === 0) {
@@ -605,7 +622,7 @@ export class UserRepository {
    * @returns A promise that resolves to the created SearchQuery object.
    */
   async logSearchQuery(
-    queryData: Omit<SearchQuery, 'search_query_id' | 'created_at'>,
+    queryData: Omit<SearchQuery, 'search_query_id' | 'created_at' | 'updated_at'>,
     logger: Logger,
   ): Promise<SearchQuery> {
     const { user_id, query_text, result_count, was_successful } = queryData;

src/tests/integration/admin.integration.test.ts

@@ -164,8 +164,10 @@ describe('Admin API Routes Integration Tests', () => {
     beforeEach(async () => {
       const flyerRes = await getPool().query(
         `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum) 
-         VALUES ($1, 'admin-test.jpg', 'http://test.com/img.jpg', 1, $2) RETURNING flyer_id`,
-        [testStoreId, `checksum-${Date.now()}-${Math.random()}`],
+         VALUES ($1, 'admin-test.jpg', 'https://example.com/flyer-images/asdmin-test.jpg', 1, $2) RETURNING flyer_id`,
+        // The checksum must be a unique 64-character string to satisfy the DB constraint.
+        // We generate a dynamic string and pad it to 64 characters.
+        [testStoreId, `checksum-${Date.now()}-${Math.random()}`.padEnd(64, '0')],
       );
       const flyerId = flyerRes.rows[0].flyer_id;
 

src/tests/integration/flyer-processing.integration.test.ts

@@ -80,7 +80,7 @@ describe('Flyer Processing Background Job Integration Test', () => {
 
     // Act 2: Poll for the job status until it completes.
     let jobStatus;
-    const maxRetries = 30; // Poll for up to 90 seconds (30 * 3s)
+    const maxRetries = 60; // Poll for up to 180 seconds (60 * 3s)
     for (let i = 0; i < maxRetries; i++) {
       console.log(`Polling attempt ${i + 1}...`);
       await new Promise((resolve) => setTimeout(resolve, 3000)); // Wait 3 seconds between polls
@@ -149,12 +149,12 @@ describe('Flyer Processing Background Job Integration Test', () => {
 
     // Act & Assert
     await runBackgroundProcessingTest(authUser, token);
-  }, 120000); // Increase timeout to 120 seconds for this long-running test
+  }, 240000); // Increase timeout to 240 seconds for this long-running test
 
   it('should successfully process a flyer for an ANONYMOUS user via the background queue', async () => {
     // Act & Assert: Call the test helper without a user or token.
     await runBackgroundProcessingTest();
-  }, 120000); // Increase timeout to 120 seconds for this long-running test
+  }, 240000); // Increase timeout to 240 seconds for this long-running test
 
   it(
     'should strip EXIF data from uploaded JPEG images during processing',
@@ -238,7 +238,7 @@ describe('Flyer Processing Background Job Integration Test', () => {
       expect(exifResult.tags).toEqual({});
       expect(exifResult.tags.Software).toBeUndefined();
     },
-    120000,
+    240000,
   );
 
   it(
@@ -322,6 +322,6 @@ describe('Flyer Processing Background Job Integration Test', () => {
       // The `exif` property should be undefined after the fix.
       expect(savedImageMetadata.exif).toBeUndefined();
     },
-    120000,
+    240000,
   );
 });

src/tests/integration/flyer.integration.test.ts

@@ -25,8 +25,8 @@ describe('Public Flyer API Routes Integration Tests', () => {
 
     const flyerRes = await getPool().query(
       `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum) 
-       VALUES ($1, 'integration-test.jpg', 'http://test.com/img.jpg', 1, $2) RETURNING flyer_id`,
-      [storeId, `checksum-${Date.now()}`],
+       VALUES ($1, 'integration-test.jpg', 'https://example.com/flyer-images/integration-test.jpg', 1, $2) RETURNING flyer_id`,
+      [storeId, `${Date.now().toString(16)}`.padEnd(64, '0')],
     );
     createdFlyerId = flyerRes.rows[0].flyer_id;
 

src/tests/integration/gamification.integration.test.ts

@@ -81,12 +81,17 @@ describe('Gamification Flow Integration Test', () => {
           break;
         }
       }
+    if (!jobStatus) {
+      console.error('[DEBUG] Gamification test job timed out: No job status received.');
+      throw new Error('Gamification test job timed out: No job status received.');
+    }
 
       // --- Assert 1: Verify the job completed successfully ---
       if (jobStatus?.state === 'failed') {
         console.error('[DEBUG] Gamification test job failed:', jobStatus.failedReason);
       }
       expect(jobStatus?.state).toBe('completed');
+
       const flyerId = jobStatus?.returnValue?.flyerId;
       expect(flyerId).toBeTypeOf('number');
       createdFlyerIds.push(flyerId); // Track for cleanup

src/tests/integration/price.integration.test.ts

@@ -35,22 +35,22 @@ describe('Price History API Integration Test (/api/price-history)', () => {
     // 3. Create two flyers with different dates
     const flyerRes1 = await pool.query(
       `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum, valid_from) 
-       VALUES ($1, 'price-test-1.jpg', 'http://test.com/price-1.jpg', 1, $2, '2025-01-01') RETURNING flyer_id`,
-      [storeId, `checksum-price-1-${Date.now()}`],
+       VALUES ($1, 'price-test-1.jpg', 'https://example.com/flyer-images/price-test-1.jpg', 1, $2, '2025-01-01') RETURNING flyer_id`,
+      [storeId, `${Date.now().toString(16)}1`.padEnd(64, '0')],
     );
     flyerId1 = flyerRes1.rows[0].flyer_id;
 
     const flyerRes2 = await pool.query(
       `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum, valid_from) 
-       VALUES ($1, 'price-test-2.jpg', 'http://test.com/price-2.jpg', 1, $2, '2025-01-08') RETURNING flyer_id`,
-      [storeId, `checksum-price-2-${Date.now()}`],
+       VALUES ($1, 'price-test-2.jpg', 'https://example.com/flyer-images/price-test-2.jpg', 1, $2, '2025-01-08') RETURNING flyer_id`,
+      [storeId, `${Date.now().toString(16)}2`.padEnd(64, '0')],
     );
     flyerId2 = flyerRes2.rows[0].flyer_id; // This was a duplicate, fixed.
 
     const flyerRes3 = await pool.query(
       `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum, valid_from) 
-       VALUES ($1, 'price-test-3.jpg', 'http://test.com/price-3.jpg', 1, $2, '2025-01-15') RETURNING flyer_id`,
-      [storeId, `checksum-price-3-${Date.now()}`],
+       VALUES ($1, 'price-test-3.jpg', '/flyer-images/price-test-3.jpg', 1, $2, '2025-01-15') RETURNING flyer_id`,
+      [storeId, `${Date.now().toString(16)}3`.padEnd(64, '0')],
     );
     flyerId3 = flyerRes3.rows[0].flyer_id;
 

src/tests/integration/public.routes.integration.test.ts

@@ -78,8 +78,8 @@ describe('Public API Routes Integration Tests', () => {
     testStoreId = storeRes.rows[0].store_id;
     const flyerRes = await pool.query(
       `INSERT INTO public.flyers (store_id, file_name, image_url, item_count, checksum) 
-       VALUES ($1, 'public-routes-test.jpg', 'http://test.com/public-routes.jpg', 1, $2) RETURNING *`,
-      [testStoreId, `checksum-public-routes-${Date.now()}`],
+       VALUES ($1, 'public-routes-test.jpg', 'https://example.com/flyer-images/public-routes-test.jpg', 1, $2) RETURNING *`,
+      [testStoreId, `${Date.now().toString(16)}`.padEnd(64, '0')],
     );
     testFlyer = flyerRes.rows[0];
 

src/tests/utils/mockFactories.ts

@@ -93,6 +93,8 @@ export const createMockUser = (overrides: Partial<User> = {}): User => {
   const defaultUser: User = {
     user_id: userId,
     email: `${userId}@example.com`,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultUser, ...overrides };
@@ -107,7 +109,7 @@ export const createMockUser = (overrides: Partial<User> = {}): User => {
  * @returns A complete and type-safe UserProfile object.
  */
 export const createMockUserProfile = (
-  overrides: Partial<UserProfile & { user: Partial<User> }> = {},
+  overrides: Partial<Omit<UserProfile, 'user'>> & { user?: Partial<User> } = {},
 ): UserProfile => {
   // The user object is the source of truth for user_id and email.
   const user = createMockUser(overrides.user);
@@ -119,10 +121,10 @@ export const createMockUserProfile = (
     avatar_url: null,
     preferences: {},
     address_id: null,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     created_by: null,
     address: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
     user,
   };
 
@@ -143,11 +145,11 @@ export const createMockStore = (overrides: Partial<Store> = {}): Store => {
 
   const defaultStore: Store = {
     store_id: storeId,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     name: 'Mock Store',
     logo_url: null,
     created_by: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultStore, ...overrides };
@@ -167,12 +169,11 @@ export const createMockFlyer = (
   const flyerId = overrides.flyer_id ?? getNextId();
 
   // Ensure the store_id is consistent between the flyer and the nested store object
-  const storeOverrides = overrides.store || {};
-  if (overrides.store_id && !storeOverrides.store_id) {
-    storeOverrides.store_id = overrides.store_id;
-  }
-
-  const store = createMockStore(storeOverrides);
+  const store = createMockStore({
+    ...overrides.store,
+    // Prioritize the top-level store_id if provided
+    store_id: overrides.store_id ?? overrides.store?.store_id,
+  });
 
   // Determine the final file_name to generate dependent properties from.
   const fileName = overrides.file_name ?? `flyer-${flyerId}.jpg`;
@@ -190,8 +191,6 @@ export const createMockFlyer = (
 
   const defaultFlyer: Flyer = {
     flyer_id: flyerId,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     file_name: fileName,
     image_url: `/flyer-images/${fileName}`,
     icon_url: `/flyer-images/icons/icon-${fileName.replace(/\.[^/.]+$/, '.webp')}`,
@@ -203,6 +202,8 @@ export const createMockFlyer = (
     status: 'processed',
     item_count: 50,
     uploaded_by: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
     store,
   };
 
@@ -244,12 +245,12 @@ export const createMockBrand = (overrides: Partial<Brand> = {}): Brand => {
 
   const defaultBrand: Brand = {
     brand_id: brandId,
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     name: `Brand ${brandId}`,
     logo_url: null,
     store_id: null,
     store_name: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultBrand, ...overrides };
@@ -266,6 +267,8 @@ export const createMockCategory = (overrides: Partial<Category> = {}): Category
   const defaultCategory: Category = {
     category_id: categoryId,
     name: `Category ${categoryId}`,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultCategory, ...overrides };
@@ -319,7 +322,6 @@ export const createMockFlyerItem = (
   const defaultItem: FlyerItem = {
     flyer_item_id: flyerItemId,
     flyer_id: flyerId,
-    created_at: new Date().toISOString(),
     item: 'Mock Item',
     price_display: '$1.99',
     price_in_cents: 199,
@@ -327,6 +329,7 @@ export const createMockFlyerItem = (
     quantity: 'each',
     view_count: 0,
     click_count: 0,
+    created_at: new Date().toISOString(),
     updated_at: new Date().toISOString(),
   };
 
@@ -358,11 +361,11 @@ export const createMockRecipe = (
     rating_count: 50,
     fork_count: 10,
     status: 'public',
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     prep_time_minutes: 15,
     cook_time_minutes: 30,
     servings: 4,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const {
@@ -412,6 +415,8 @@ export const createMockRecipeIngredient = (
     master_item_id: masterItemId,
     quantity: 1,
     unit: 'cup',
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const { master_item: _, ...itemOverrides } = overrides;
@@ -432,6 +437,7 @@ export const createMockRecipeComment = (overrides: Partial<RecipeComment> = {}):
     content: 'This is a mock comment.',
     status: 'visible',
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
     user_full_name: 'Mock User', // This was correct
     user_avatar_url: undefined,
   };
@@ -452,6 +458,8 @@ export const createMockPlannedMeal = (overrides: Partial<PlannedMeal> = {}): Pla
     plan_date: new Date().toISOString().split('T')[0],
     meal_type: 'dinner',
     servings_to_cook: 4,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultMeal, ...overrides };
@@ -476,6 +484,7 @@ export const createMockMenuPlan = (
     start_date: new Date().toISOString().split('T')[0],
     end_date: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString().split('T')[0],
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const { planned_meals: mealsOverrides, ...planOverrides } = overrides;
@@ -661,23 +670,22 @@ export const createMockMasterGroceryItem = (
   overrides: Partial<MasterGroceryItem> & { category?: Partial<Category> } = {},
 ): MasterGroceryItem => {
   // Ensure category_id is consistent between the item and the nested category object
-  const categoryOverrides = overrides.category || {};
-  if (overrides.category_id && !categoryOverrides.category_id) {
-    categoryOverrides.category_id = overrides.category_id;
-  }
-
-  const category = createMockCategory(categoryOverrides);
+  const category = createMockCategory({
+    ...overrides.category,
+    // Prioritize the top-level category_id if provided
+    category_id: overrides.category_id ?? overrides.category?.category_id,
+  });
 
   const defaultItem: MasterGroceryItem = {
     master_grocery_item_id: getNextId(),
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     name: 'Mock Master Item',
     category_id: category.category_id,
     category_name: category.name,
     is_allergen: false,
     allergy_info: null,
     created_by: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const { category: _, ...itemOverrides } = overrides;
@@ -729,9 +737,9 @@ export const createMockShoppingList = (
     shopping_list_id: shoppingListId,
     user_id: `user-${getNextId()}`,
     name: 'My Mock List',
+    items: [],
     created_at: new Date().toISOString(),
     updated_at: new Date().toISOString(),
-    items: [],
   };
 
   if (overrides.items) {
@@ -767,15 +775,12 @@ export const createMockShoppingListItem = (
     shopping_list_id: shoppingListId,
     custom_item_name: 'Mock Shopping List Item',
     quantity: 1,
-    is_purchased: false,
+    is_purchased: false, // This was correct
     added_at: new Date().toISOString(),
     updated_at: new Date().toISOString(),
+    master_item_id: masterItemId,
   };
 
-  if (masterItemId) {
-    defaultItem.master_item_id = masterItemId;
-  }
-
   const { master_item: masterItemOverride, ...itemOverrides } = overrides;
   const result = { ...defaultItem, ...itemOverrides };
 
@@ -805,6 +810,8 @@ export const createMockShoppingTripItem = (
     master_item_name: masterItemId ? (overrides.master_item?.name ?? 'Mock Master Item') : null,
     quantity: 1,
     price_paid_cents: 199,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const { master_item: _, ...itemOverrides } = overrides;
@@ -829,6 +836,7 @@ export const createMockShoppingTrip = (
     completed_at: new Date().toISOString(),
     total_spent_cents: 0,
     items: [],
+    updated_at: new Date().toISOString(),
   };
 
   const { items: itemsOverrides, ...tripOverrides } = overrides;
@@ -864,6 +872,8 @@ export const createMockReceiptItem = (overrides: Partial<ReceiptItem> = {}): Rec
     master_item_id: null,
     product_id: null,
     status: 'unmatched',
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultItem, ...overrides };
@@ -888,8 +898,9 @@ export const createMockReceipt = (
     total_amount_cents: null,
     status: 'pending',
     raw_text: null,
-    created_at: new Date().toISOString(),
     processed_at: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   const { items: itemsOverrides, ...receiptOverrides } = overrides;
@@ -916,6 +927,8 @@ export const createMockDietaryRestriction = (
     dietary_restriction_id: 1,
     name: 'Vegetarian',
     type: 'diet',
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
     ...overrides,
   };
 };
@@ -955,6 +968,8 @@ export const createMockItemPriceHistory = (
     max_price_in_cents: 399,
     avg_price_in_cents: 299,
     data_points_count: 10,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultHistory, ...overrides };
 };
@@ -1008,6 +1023,7 @@ export const createMockRecipeCollection = (
     name: 'My Favorite Recipes',
     description: 'A collection of mock recipes.',
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultCollection, ...overrides };
 };
@@ -1027,6 +1043,7 @@ export const createMockSharedShoppingList = (
     shared_with_user_id: `user-${getNextId()}`,
     permission_level: 'view',
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultSharedList, ...overrides };
 };
@@ -1118,6 +1135,7 @@ export const createMockUserAlert = (overrides: Partial<UserAlert> = {}): UserAle
     threshold_value: 499,
     is_active: true,
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultAlert, ...overrides };
 };
@@ -1140,6 +1158,7 @@ export const createMockUserSubmittedPrice = (
     upvotes: 0,
     downvotes: 0,
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultPrice, ...overrides };
 };
@@ -1157,6 +1176,7 @@ export const createMockRecipeRating = (overrides: Partial<RecipeRating> = {}): R
     rating: 5,
     comment: 'Great recipe!',
     created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultRating, ...overrides };
 };
@@ -1171,6 +1191,8 @@ export const createMockTag = (overrides: Partial<Tag> = {}): Tag => {
   const defaultTag: Tag = {
     tag_id: tagId,
     name: `Tag ${tagId}`,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultTag, ...overrides };
 };
@@ -1188,6 +1210,8 @@ export const createMockPantryLocation = (
     pantry_location_id: locationId,
     user_id: `user-${getNextId()}`,
     name: `Location ${locationId}`,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
   return { ...defaultLocation, ...overrides };
 };
@@ -1228,6 +1252,7 @@ export const createMockUserDietaryRestriction = (
   const defaultUserRestriction: UserDietaryRestriction = {
     user_id: userId,
     restriction_id: restrictionId,
+    created_at: new Date().toISOString(),
   };
 
   return { ...defaultUserRestriction, ...overrides };
@@ -1245,12 +1270,14 @@ export const createMockUserAppliance = (
   const userId = overrides.user_id ?? overrides.user?.user_id ?? `user-${getNextId()}`;
   const applianceId = overrides.appliance_id ?? overrides.appliance?.appliance_id ?? getNextId();
 
-  const defaultUserAppliance: UserAppliance = {
+  const defaultUserAppliance = {
     user_id: userId,
     appliance_id: applianceId,
+    created_at: new Date().toISOString(),
   };
 
-  return { ...defaultUserAppliance, ...overrides };
+  // The 'as UserAppliance' cast is necessary because TypeScript can't guarantee that the spread of a Partial<T> results in a complete T.
+  return { ...defaultUserAppliance, ...overrides } as UserAppliance;
 };
 
 /**
@@ -1266,13 +1293,13 @@ export const createMockAddress = (overrides: Partial<Address> = {}): Address =>
     province_state: 'BC',
     postal_code: 'V8T 1A1',
     country: 'CA',
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     // Optional fields
     address_line_2: null,
     latitude: null,
     longitude: null,
     location: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultAddress, ...overrides };
@@ -1309,8 +1336,6 @@ export const createMockUserWithPasswordHash = (
  */
 export const createMockProfile = (overrides: Partial<Profile> = {}): Profile => {
   const defaultProfile: Profile = {
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     full_name: 'Mock Profile User',
     avatar_url: null,
     address_id: null,
@@ -1319,6 +1344,8 @@ export const createMockProfile = (overrides: Partial<Profile> = {}): Profile =>
     preferences: {},
     created_by: null,
     updated_by: null,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultProfile, ...overrides };
@@ -1376,14 +1403,14 @@ export const createMockUnmatchedFlyerItem = (
   const defaultItem: UnmatchedFlyerItem = {
     unmatched_flyer_item_id: getNextId(),
     status: 'pending',
-    created_at: new Date().toISOString(),
-    updated_at: new Date().toISOString(),
     reviewed_at: null,
     flyer_item_id: getNextId(),
     flyer_item_name: 'Mystery Product',
     price_display: '$?.??',
     flyer_id: getNextId(),
     store_name: 'Random Store',
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
   };
 
   return { ...defaultItem, ...overrides };
@@ -1400,10 +1427,10 @@ export const createMockAdminUserView = (overrides: Partial<AdminUserView> = {}):
   const defaultUserView: AdminUserView = {
     user_id: userId,
     email: `${userId}@example.com`,
-    created_at: new Date().toISOString(),
     role: 'user',
     full_name: 'Mock User',
     avatar_url: null,
+    created_at: new Date().toISOString(),
   };
 
   return { ...defaultUserView, ...overrides };
@@ -1450,6 +1477,8 @@ export const createMockAppliance = (overrides: Partial<Appliance> = {}): Applian
   return {
     appliance_id: 1,
     name: 'Oven',
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
     ...overrides,
   };
 };
@@ -1482,7 +1511,7 @@ export const createMockAddressPayload = (overrides: Partial<Address> = {}): Part
   ...overrides,
 });
 
-export const createMockSearchQueryPayload = (overrides: Partial<Omit<SearchQuery, 'search_query_id' | 'id' | 'created_at' | 'user_id'>> = {}): Omit<SearchQuery, 'search_query_id' | 'id' | 'created_at' | 'user_id'> => ({
+export const createMockSearchQueryPayload = (overrides: Partial<Omit<SearchQuery, 'search_query_id' | 'created_at' | 'updated_at' | 'user_id'>> = {}): Omit<SearchQuery, 'search_query_id' | 'created_at' | 'updated_at' | 'user_id'> => ({
   query_text: 'mock search',
   result_count: 5,
   was_successful: true,

src/types.ts

@@ -1,31 +1,31 @@
 // src/types.ts
 export interface Store {
-  store_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly store_id: number;
   name: string;
   logo_url?: string | null;
-  created_by?: string | null;
+  readonly created_by?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export type FlyerStatus = 'processed' | 'needs_review' | 'archived';
 
 export interface Flyer {
-  flyer_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly flyer_id: number;
   file_name: string;
   image_url: string;
   icon_url?: string | null; // URL for the 64x64 icon version of the flyer
-  checksum?: string;
-  store_id?: number;
+  readonly checksum?: string;
+  readonly store_id?: number;
   valid_from?: string | null;
   valid_to?: string | null;
   store_address?: string | null;
   status: FlyerStatus;
   item_count: number;
-  uploaded_by?: string | null; // UUID of the user who uploaded it, can be null for anonymous uploads
+  readonly uploaded_by?: string | null; // UUID of the user who uploaded it, can be null for anonymous uploads
   store?: Store;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
@@ -67,64 +67,64 @@ export interface UnitPrice {
 }
 
 export interface FlyerItem {
-  flyer_item_id: number;
-  flyer_id: number;
-  created_at: string;
+  readonly flyer_item_id: number;
+  readonly flyer_id: number;
   item: string;
   price_display: string;
   price_in_cents?: number | null;
   quantity?: string;
   quantity_num?: number | null;
-  master_item_id?: number;
+  master_item_id?: number; // Can be updated by admin correction
   master_item_name?: string | null;
-  category_id?: number | null;
+  category_id?: number | null; // Can be updated by admin correction
   category_name?: string | null;
   unit_price?: UnitPrice | null;
-  product_id?: number | null;
-  view_count: number;
-  click_count: number;
-  updated_at: string;
+  product_id?: number | null; // Can be updated by admin correction
+  readonly view_count: number;
+  readonly click_count: number;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface MasterGroceryItem {
-  master_grocery_item_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly master_grocery_item_id: number;
   name: string;
-  category_id?: number | null;
+  category_id?: number | null; // Can be updated by admin
   category_name?: string | null;
   is_allergen?: boolean;
   allergy_info?: unknown | null; // JSONB
-  created_by?: string | null;
+  readonly created_by?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Category {
-  category_id: number;
+  readonly category_id: number;
   name: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Brand {
-  brand_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly brand_id: number;
   name: string;
   logo_url?: string | null;
-  store_id?: number | null;
+  readonly store_id?: number | null;
   store_name?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Product {
-  product_id: number;
-  created_at: string;
-  updated_at: string;
-  master_item_id: number;
-  brand_id?: number | null;
+  readonly product_id: number;
+  readonly master_item_id: number;
+  readonly brand_id?: number | null;
   name: string;
   description?: string | null;
   size?: string | null;
   upc_code?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface DealItem {
@@ -139,8 +139,10 @@ export interface DealItem {
 
 // User-specific types
 export interface User {
-  user_id: string; // UUID
+  readonly user_id: string; // UUID
   email: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
@@ -149,27 +151,25 @@ export interface User {
  */
 export interface UserWithPasswordHash extends User {
   password_hash: string | null;
-  failed_login_attempts: number;
-  last_failed_login: string | null; // TIMESTAMPTZ
-  last_login_at?: string | null; // TIMESTAMPTZ
-  last_login_ip?: string | null;
-  created_at: string;
-  updated_at: string;
+  readonly failed_login_attempts: number;
+  readonly last_failed_login: string | null; // TIMESTAMPTZ
+  readonly last_login_at?: string | null; // TIMESTAMPTZ
+  readonly last_login_ip?: string | null;
 }
 export interface Profile {
-  created_at: string;
-  updated_at: string;
   full_name?: string | null;
   avatar_url?: string | null;
-  address_id?: number | null;
-  points: number;
-  role: 'admin' | 'user';
+  address_id?: number | null; // Can be updated
+  readonly points: number;
+  readonly role: 'admin' | 'user';
   preferences?: {
     darkMode?: boolean;
     unitSystem?: 'metric' | 'imperial';
   } | null;
-  created_by?: string | null;
-  updated_by?: string | null;
+  readonly created_by?: string | null;
+  readonly updated_by?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
@@ -183,16 +183,16 @@ export type UserProfile = Profile & {
 };
 
 export interface SuggestedCorrection {
-  suggested_correction_id: number;
-  flyer_item_id: number;
-  user_id: string;
+  readonly suggested_correction_id: number;
+  readonly flyer_item_id: number;
+  readonly user_id: string;
   correction_type: string;
   suggested_value: string;
   status: 'pending' | 'approved' | 'rejected';
-  created_at: string;
-  updated_at: string;
-  reviewed_at?: string | null;
+  readonly reviewed_at?: string | null;
   reviewed_notes?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
   // Joined data
   user_email?: string;
   flyer_item_name?: string;
@@ -212,44 +212,44 @@ export interface UserDataExport {
 }
 
 export interface UserAlert {
-  user_alert_id: number;
-  user_watched_item_id: number;
+  readonly user_alert_id: number;
+  readonly user_watched_item_id: number;
   alert_type: 'PRICE_BELOW' | 'PERCENT_OFF_AVERAGE';
   threshold_value: number;
   is_active: boolean;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Notification {
-  notification_id: number;
-  user_id: string; // UUID
+  readonly notification_id: number;
+  readonly user_id: string; // UUID
   content: string;
   link_url?: string | null;
   is_read: boolean;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ShoppingList {
-  shopping_list_id: number;
-  user_id: string; // UUID
+  readonly shopping_list_id: number;
+  readonly user_id: string; // UUID
   name: string;
-  created_at: string;
-  updated_at: string;
   items: ShoppingListItem[]; // Nested items
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ShoppingListItem {
-  shopping_list_item_id: number;
-  shopping_list_id: number;
-  master_item_id?: number | null;
+  readonly shopping_list_item_id: number;
+  readonly shopping_list_id: number;
+  readonly master_item_id?: number | null;
   custom_item_name?: string | null;
   quantity: number;
   is_purchased: boolean;
   notes?: string | null;
-  added_at: string;
-  updated_at: string;
+  readonly added_at: string;
+  readonly updated_at: string;
   // Joined data for display
   master_item?: {
     name: string;
@@ -257,29 +257,29 @@ export interface ShoppingListItem {
 }
 
 export interface UserSubmittedPrice {
-  user_submitted_price_id: number;
-  user_id: string; // UUID
-  master_item_id: number;
-  store_id: number;
+  readonly user_submitted_price_id: number;
+  readonly user_id: string; // UUID
+  readonly master_item_id: number;
+  readonly store_id: number;
   price_in_cents: number;
   photo_url?: string | null;
-  upvotes: number;
-  downvotes: number;
-  created_at: string;
-  updated_at: string;
+  readonly upvotes: number;
+  readonly downvotes: number;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ItemPriceHistory {
-  item_price_history_id: number;
-  master_item_id: number;
+  readonly item_price_history_id: number;
+  readonly master_item_id: number;
   summary_date: string; // DATE
-  store_location_id?: number | null;
+  readonly store_location_id?: number | null;
   min_price_in_cents?: number | null;
   max_price_in_cents?: number | null;
   avg_price_in_cents?: number | null;
   data_points_count: number;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
@@ -293,17 +293,17 @@ export interface HistoricalPriceDataPoint {
 }
 
 export interface MasterItemAlias {
-  master_item_alias_id: number;
-  master_item_id: number;
+  readonly master_item_alias_id: number;
+  readonly master_item_id: number;
   alias: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Recipe {
-  recipe_id: number;
-  user_id?: string | null; // UUID
-  original_recipe_id?: number | null;
+  readonly recipe_id: number;
+  readonly user_id?: string | null; // UUID
+  readonly original_recipe_id?: number | null;
   name: string;
   description?: string | null;
   instructions?: string | null;
@@ -315,216 +315,207 @@ export interface Recipe {
   protein_grams?: number | null;
   fat_grams?: number | null;
   carb_grams?: number | null;
-  avg_rating: number;
+  readonly avg_rating: number;
   status: 'private' | 'pending_review' | 'public' | 'rejected';
-  rating_count: number;
-  fork_count: number;
-  created_at: string;
-  updated_at: string;
+  readonly rating_count: number;
+  readonly fork_count: number;
   comments?: RecipeComment[];
   ingredients?: RecipeIngredient[];
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface RecipeIngredient {
-  recipe_ingredient_id: number;
-  recipe_id: number;
-  master_item_id: number;
+  readonly recipe_ingredient_id: number;
+  readonly recipe_id: number;
+  readonly master_item_id: number;
   quantity: number;
   unit: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface RecipeIngredientSubstitution {
-  recipe_ingredient_substitution_id: number;
-  recipe_ingredient_id: number;
-  substitute_master_item_id: number;
+  readonly recipe_ingredient_substitution_id: number;
+  readonly recipe_ingredient_id: number;
+  readonly substitute_master_item_id: number;
   notes?: string | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Tag {
-  tag_id: number;
+  readonly tag_id: number;
   name: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface RecipeTag {
   recipe_id: number;
   tag_id: number;
-  created_at: string;
-  updated_at: string;
 }
 
 export interface RecipeRating {
-  recipe_rating_id: number;
-  recipe_id: number;
-  user_id: string; // UUID
+  readonly recipe_rating_id: number;
+  readonly recipe_id: number;
+  readonly user_id: string; // UUID
   rating: number;
   comment?: string | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface RecipeComment {
-  recipe_comment_id: number;
-  recipe_id: number;
-  user_id: string; // UUID
-  parent_comment_id?: number | null;
+  readonly recipe_comment_id: number;
+  readonly recipe_id: number;
+  readonly user_id: string; // UUID
+  readonly parent_comment_id?: number | null;
   content: string;
   status: 'visible' | 'hidden' | 'reported';
-  created_at: string;
-  updated_at?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
   user_full_name?: string; // Joined data
   user_avatar_url?: string; // Joined data
 }
 
 export interface MenuPlan {
-  menu_plan_id: number;
-  user_id: string; // UUID
+  readonly menu_plan_id: number;
+  readonly user_id: string; // UUID
   name: string;
   start_date: string; // DATE
   end_date: string; // DATE
-  created_at: string;
-  updated_at: string;
   planned_meals?: PlannedMeal[];
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface SharedMenuPlan {
-  shared_menu_plan_id: number;
-  menu_plan_id: number;
-  shared_by_user_id: string; // UUID
-  shared_with_user_id: string; // UUID
+  readonly shared_menu_plan_id: number;
+  readonly menu_plan_id: number;
+  readonly shared_by_user_id: string; // UUID
+  readonly shared_with_user_id: string; // UUID
   permission_level: 'view' | 'edit';
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface PlannedMeal {
-  planned_meal_id: number;
-  menu_plan_id: number;
-  recipe_id: number;
+  readonly planned_meal_id: number;
+  readonly menu_plan_id: number;
+  readonly recipe_id: number;
   plan_date: string; // DATE
   meal_type: string;
   servings_to_cook?: number | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface PantryItem {
-  pantry_item_id: number;
-  user_id: string; // UUID
-  master_item_id: number;
+  readonly pantry_item_id: number;
+  readonly user_id: string; // UUID
+  readonly master_item_id: number;
   quantity: number;
   unit?: string | null;
   best_before_date?: string | null; // DATE
   pantry_location_id?: number | null;
-  notification_sent_at?: string | null; // TIMESTAMPTZ
-  updated_at: string;
+  readonly notification_sent_at?: string | null; // TIMESTAMPTZ
+  readonly updated_at: string;
 }
 
 export interface UserItemAlias {
-  user_item_alias_id: number;
-  user_id: string; // UUID
-  master_item_id: number;
+  readonly user_item_alias_id: number;
+  readonly user_id: string; // UUID
+  readonly master_item_id: number;
   alias: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface FavoriteRecipe {
-  user_id: string; // UUID
-  recipe_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly user_id: string; // UUID
+  readonly recipe_id: number;
+  readonly created_at: string;
 }
 
 export interface FavoriteStore {
-  user_id: string; // UUID
-  store_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly user_id: string; // UUID
+  readonly store_id: number;
+  readonly created_at: string;
 }
 
 export interface RecipeCollection {
-  recipe_collection_id: number;
-  user_id: string; // UUID
+  readonly recipe_collection_id: number;
+  readonly user_id: string; // UUID
   name: string;
   description?: string | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface RecipeCollectionItem {
-  collection_id: number;
-  recipe_id: number;
-  added_at: string;
-  updated_at: string;
+  readonly collection_id: number;
+  readonly recipe_id: number;
+  readonly added_at: string;
 }
 
 export interface SharedShoppingList {
-  shared_shopping_list_id: number;
-  shopping_list_id: number;
-  shared_by_user_id: string; // UUID
-  shared_with_user_id: string; // UUID
+  readonly shared_shopping_list_id: number;
+  readonly shopping_list_id: number;
+  readonly shared_by_user_id: string; // UUID
+  readonly shared_with_user_id: string; // UUID
   permission_level: 'view' | 'edit';
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface SharedRecipeCollection {
-  shared_collection_id: number;
-  recipe_collection_id: number;
-  shared_by_user_id: string; // UUID
-  shared_with_user_id: string; // UUID
+  readonly shared_collection_id: number;
+  readonly recipe_collection_id: number;
+  readonly shared_by_user_id: string; // UUID
+  readonly shared_with_user_id: string; // UUID
   permission_level: 'view' | 'edit';
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface DietaryRestriction {
-  dietary_restriction_id: number;
+  readonly dietary_restriction_id: number;
   name: string;
   type: 'diet' | 'allergy';
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface UserDietaryRestriction {
-  user_id: string; // UUID
-  restriction_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly user_id: string; // UUID
+  readonly restriction_id: number;
+  readonly created_at: string;
 }
 
 export interface Appliance {
-  appliance_id: number;
+  readonly appliance_id: number;
   name: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface UserAppliance {
-  user_id: string; // UUID
-  appliance_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly user_id: string; // UUID
+  readonly appliance_id: number;
+  readonly created_at: string;
 }
 
 export interface RecipeAppliance {
-  recipe_id: number;
-  appliance_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly recipe_id: number;
+  readonly appliance_id: number;
+  readonly created_at: string;
 }
 
 export interface UserFollow {
-  follower_id: string; // UUID
-  following_id: string; // UUID
-  created_at: string;
-  updated_at: string;
+  readonly follower_id: string; // UUID
+  readonly following_id: string; // UUID
+  readonly created_at: string;
 }
 /**
  * The list of possible actions for an activity log.
@@ -543,13 +534,13 @@ export type ActivityLogAction =
  * Base interface for all log items, containing common properties.
  */
 interface ActivityLogItemBase {
-  activity_log_id: number;
-  user_id: string | null;
+  readonly activity_log_id: number;
+  readonly user_id: string | null;
   action: string;
   display_text: string;
-  created_at: string;
-  updated_at: string;
   icon?: string | null;
+  readonly created_at: string;
+  readonly updated_at: string;
   // Joined data for display in feeds
   user_full_name?: string;
   user_avatar_url?: string;
@@ -608,77 +599,77 @@ export type ActivityLogItem =
   | ListSharedLog;
 
 export interface PantryLocation {
-  pantry_location_id: number;
-  user_id: string; // UUID
+  readonly pantry_location_id: number;
+  readonly user_id: string; // UUID
   name: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface SearchQuery {
-  search_query_id: number;
-  user_id?: string | null; // UUID
+  readonly search_query_id: number;
+  readonly user_id?: string | null; // UUID
   query_text: string;
   result_count?: number | null;
   was_successful?: boolean | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ShoppingTripItem {
-  shopping_trip_item_id: number;
-  shopping_trip_id: number;
-  master_item_id?: number | null;
+  readonly shopping_trip_item_id: number;
+  readonly shopping_trip_id: number;
+  readonly master_item_id?: number | null;
   custom_item_name?: string | null;
   quantity: number;
   price_paid_cents?: number | null;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
   // Joined data for display
   master_item_name?: string | null;
 }
 
 export interface ShoppingTrip {
-  shopping_trip_id: number;
-  user_id: string; // UUID
-  shopping_list_id?: number | null;
-  completed_at: string;
+  readonly shopping_trip_id: number;
+  readonly user_id: string; // UUID
+  readonly shopping_list_id?: number | null;
+  readonly completed_at: string;
   total_spent_cents?: number | null;
-  updated_at: string;
   items: ShoppingTripItem[]; // Nested items
+  readonly updated_at: string;
 }
 
 export interface Receipt {
-  receipt_id: number;
-  user_id: string; // UUID
+  readonly receipt_id: number;
+  readonly user_id: string; // UUID
   store_id?: number | null;
   receipt_image_url: string;
   transaction_date?: string | null;
   total_amount_cents?: number | null;
   status: 'pending' | 'processing' | 'completed' | 'failed';
   raw_text?: string | null;
-  created_at: string;
-  processed_at?: string | null;
-  updated_at: string;
+  readonly processed_at?: string | null;
   items?: ReceiptItem[];
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ReceiptItem {
-  receipt_item_id: number;
-  receipt_id: number;
+  readonly receipt_item_id: number;
+  readonly receipt_id: number;
   raw_item_description: string;
   quantity: number;
   price_paid_cents: number;
-  master_item_id?: number | null;
-  product_id?: number | null;
+  master_item_id?: number | null; // Can be updated by admin correction
+  product_id?: number | null; // Can be updated by admin correction
   status: 'unmatched' | 'matched' | 'needs_review' | 'ignored';
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface ReceiptDeal {
-  receipt_item_id: number;
-  master_item_id: number;
+  readonly receipt_item_id: number;
+  readonly master_item_id: number;
   item_name: string;
   price_paid_cents: number;
   current_best_price_in_cents: number;
@@ -697,15 +688,15 @@ export interface GeoJSONPoint {
 }
 
 export interface StoreLocation {
-  store_location_id: number;
-  store_id?: number | null;
-  address_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly store_location_id: number;
+  readonly store_id?: number | null;
+  readonly address_id: number;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface Address {
-  address_id: number;
+  readonly address_id: number;
   address_line_1: string;
   address_line_2?: string | null;
   city: string;
@@ -714,16 +705,16 @@ export interface Address {
   country: string;
   latitude?: number | null;
   longitude?: number | null;
-  location?: GeoJSONPoint | null;
-  created_at: string;
-  updated_at: string;
+  readonly location?: GeoJSONPoint | null;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface FlyerLocation {
-  flyer_id: number;
-  store_location_id: number;
-  created_at: string;
-  updated_at: string;
+  readonly flyer_id: number;
+  readonly store_location_id: number;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export enum AnalysisType {
@@ -933,30 +924,30 @@ export interface MenuPlanShoppingListItem {
  * Returned by `getUnmatchedFlyerItems`.
  */
 export interface UnmatchedFlyerItem {
-  unmatched_flyer_item_id: number;
+  readonly unmatched_flyer_item_id: number;
   status: 'pending' | 'resolved' | 'ignored'; // 'resolved' is used instead of 'reviewed' from the DB for clarity
-  created_at: string; // Date string
-  updated_at: string;
-  reviewed_at?: string | null;
-  flyer_item_id: number;
+  readonly reviewed_at?: string | null;
+  readonly flyer_item_id: number;
   flyer_item_name: string;
   price_display: string;
   flyer_id: number;
   store_name: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
  * Represents a user-defined budget for tracking grocery spending.
  */
 export interface Budget {
-  budget_id: number;
-  user_id: string; // UUID
+  readonly budget_id: number;
+  readonly user_id: string; // UUID
   name: string;
   amount_cents: number;
   period: 'weekly' | 'monthly';
   start_date: string; // DATE
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 /**
@@ -973,21 +964,21 @@ export interface SpendingByCategory {
  * Represents a single defined achievement in the system.
  */
 export interface Achievement {
-  achievement_id: number;
+  readonly achievement_id: number;
   name: string;
   description: string;
   icon?: string | null;
   points_value: number;
-  created_at: string;
+  readonly created_at: string;
 }
 
 /**
  * Represents an achievement that has been awarded to a user.
  */
 export interface UserAchievement {
-  user_id: string; // UUID
-  achievement_id: number;
-  achieved_at: string; // TIMESTAMPTZ
+  readonly user_id: string; // UUID
+  readonly achievement_id: number;
+  readonly achieved_at: string; // TIMESTAMPTZ
 }
 
 /**
@@ -995,11 +986,11 @@ export interface UserAchievement {
  * Returned by the `getLeaderboard` database function.
  */
 export interface LeaderboardUser {
-  user_id: string;
+  readonly user_id: string;
   full_name: string | null;
   avatar_url: string | null;
   points: number;
-  rank: string; // RANK() returns a bigint, which the pg driver returns as a string.
+  readonly rank: string; // RANK() returns a bigint, which the pg driver returns as a string.
 }
 
 /**
@@ -1007,12 +998,12 @@ export interface LeaderboardUser {
  * This is a public-facing type and does not include sensitive fields.
  */
 export interface AdminUserView {
-  user_id: string;
+  readonly user_id: string;
   email: string;
-  created_at: string;
   role: 'admin' | 'user';
   full_name: string | null;
   avatar_url: string | null;
+  readonly created_at: string;
 }
 
 export interface PriceHistoryData {
@@ -1022,21 +1013,21 @@ export interface PriceHistoryData {
 }
 
 export interface UserReaction {
-  reaction_id: number;
-  user_id: string; // UUID
-  entity_type: string;
-  entity_id: string;
+  readonly reaction_id: number;
+  readonly user_id: string; // UUID
+  readonly entity_type: string;
+  readonly entity_id: string;
   reaction_type: string;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }
 
 export interface UnitConversion {
-  unit_conversion_id: number;
-  master_item_id: number;
+  readonly unit_conversion_id: number;
+  readonly master_item_id: number;
   from_unit: string;
   to_unit: string;
   factor: number;
-  created_at: string;
-  updated_at: string;
+  readonly created_at: string;
+  readonly updated_at: string;
 }