Initial commit — RetailTalk backend for HuggingFace Spaces

.gitignore

@@ -0,0 +1,57 @@
+# ========================
+# Secrets
+# ========================
+.env
+.env.local
+.env.*.local
+
+# ========================
+# Large model weights — stored in HuggingFace Model Hub instead
+# Downloaded at Docker build time via download_models.py
+# ========================
+backend/trained_model/intent_classifier/model.pt
+backend/trained_model/slot_extractor/model.pt
+backend/trained_model/ranker/model.safetensors
+backend/trained_model/pytorch_model.bin
+checkpoint.pt
+*.pth
+*.onnx
+*.h5
+
+# ========================
+# Python
+# ========================
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.egg-info/
+dist/
+build/
+venv/
+.venv/
+env/
+
+# ========================
+# IDE & OS
+# ========================
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+Thumbs.db
+.DS_Store
+
+# ========================
+# Logs
+# ========================
+*.log
+
+# ========================
+# Not needed for HF Space deployment
+# ========================
+frontend/
+database/
+backend/test_*.py
+backend/Dockerfile

Dockerfile

@@ -0,0 +1,34 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install CPU-only PyTorch first (prevents pip from pulling GPU version)
+RUN pip install --no-cache-dir torch --index-url https://download.pytorch.org/whl/cpu
+
+# Install Python dependencies
+COPY backend/requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy backend application code
+COPY backend/ ./backend/
+
+# Download large model weights from HuggingFace Model Hub
+# HF_TOKEN is passed as a build secret from Space settings
+ARG HF_TOKEN
+ENV HF_TOKEN=${HF_TOKEN}
+RUN python backend/download_models.py
+
+# HuggingFace Spaces runs as non-root user — fix permissions
+RUN chmod -R 777 /app
+
+WORKDIR /app/backend
+
+# HuggingFace Spaces requires port 7860
+EXPOSE 7860
+
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "7860"]

README.md

@@ -0,0 +1,19 @@
+---
+title: RetailTalk
+emoji: 🛍️
+colorFrom: blue
+colorTo: indigo
+sdk: docker
+pinned: false
+---
+
+# RetailTalk Backend
+
+FastAPI backend for RetailTalk — an NLP-powered e-commerce product search engine.
+
+## Models included
+- BERT multilingual embeddings
+- Intent classifier
+- Slot extractor (NER)
+- CrossEncoder ranker
+- ESCI classifier (Exact/Substitute/Complement/Irrelevant)

backend/.env.example

@@ -0,0 +1,17 @@
+# Copy these to HuggingFace Space Secrets (Settings > Variables and Secrets)
+# Never commit the actual .env file
+
+SUPABASE_URL=https://your-project.supabase.co
+SUPABASE_KEY=your-anon-public-key
+SUPABASE_SERVICE_KEY=your-service-role-key
+DATABASE_URL=postgresql://postgres:your-password@db.your-project.supabase.co:5432/postgres
+
+JWT_SECRET=change-this-to-a-random-secure-string
+
+# Model paths inside container (defaults already set in config.py — no need to change)
+# CLASSIFIER_MODEL_PATH=trained_model/pytorch_model.bin
+# RANKER_MODEL_PATH=trained_model/ranker
+# INTENT_MODEL_PATH=trained_model/intent_classifier
+# SLOT_MODEL_PATH=trained_model/slot_extractor
+
+DEBUG=false

backend/config.py

@@ -0,0 +1,47 @@
+"""
+Application configuration — loads settings from environment variables.
+Set these in your HuggingFace Space secrets (Settings > Variables and Secrets).
+"""
+
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+# Supabase
+SUPABASE_URL = os.getenv("SUPABASE_URL", "")
+SUPABASE_KEY = os.getenv("SUPABASE_KEY", "")
+SUPABASE_SERVICE_KEY = os.getenv("SUPABASE_SERVICE_KEY", "")
+
+# Database (direct connection for pgvector queries)
+DATABASE_URL = os.getenv("DATABASE_URL", "")
+
+# JWT Auth
+JWT_SECRET = os.getenv("JWT_SECRET", "change-this-in-production")
+JWT_ALGORITHM = "HS256"
+JWT_EXPIRATION_HOURS = 24
+
+# ML Models — all paths relative to /app/backend inside the container
+BERT_MODEL_NAME = os.getenv("BERT_MODEL_NAME", "bert-base-multilingual-uncased")
+CLASSIFIER_MODEL_PATH = os.getenv("CLASSIFIER_MODEL_PATH", "trained_model/pytorch_model.bin")
+RANKER_MODEL_PATH = os.getenv("RANKER_MODEL_PATH", "trained_model/ranker")
+INTENT_MODEL_PATH = os.getenv("INTENT_MODEL_PATH", "trained_model/intent_classifier")
+SLOT_MODEL_PATH = os.getenv("SLOT_MODEL_PATH", "trained_model/slot_extractor")
+
+BERT_MAX_LENGTH = 256
+BERT_EMBEDDING_DIM = 768
+INTENT_MAX_LENGTH = int(os.getenv("INTENT_MAX_LENGTH", "128"))
+SLOT_MAX_LENGTH = int(os.getenv("SLOT_MAX_LENGTH", "128"))
+
+# Score blending weights (must sum to 1.0)
+RANKER_WEIGHT = float(os.getenv("RANKER_WEIGHT", "0.4"))
+CLASSIFIER_WEIGHT = float(os.getenv("CLASSIFIER_WEIGHT", "0.25"))
+SIMILARITY_WEIGHT = float(os.getenv("SIMILARITY_WEIGHT", "0.35"))
+
+# Search
+SEARCH_TOP_K_CANDIDATES = 50
+SEARCH_MAX_RESULTS = 20
+
+# App
+APP_NAME = "RetailTalk"
+DEBUG = os.getenv("DEBUG", "false").lower() == "true"

backend/database.py

@@ -0,0 +1,191 @@
+"""
+Database connection helpers for Supabase.
+Uses psycopg (v3) for direct PostgreSQL/pgvector queries (search),
+and supabase-py for standard CRUD operations.
+"""
+
+import psycopg
+from psycopg.rows import dict_row
+import numpy as np
+from supabase import create_client, Client
+from config import SUPABASE_URL, SUPABASE_KEY, DATABASE_URL
+
+# --- Supabase Client (for CRUD operations) ---
+
+_supabase_client: Client = None
+
+
+def get_supabase() -> Client:
+    """Get or create the Supabase client for standard CRUD operations."""
+    global _supabase_client
+    if _supabase_client is None:
+        _supabase_client = create_client(SUPABASE_URL, SUPABASE_KEY)
+    return _supabase_client
+
+
+# --- Direct PostgreSQL connection (for pgvector queries) ---
+
+def get_db_connection():
+    """Create a new psycopg3 connection for pgvector queries."""
+    conn = psycopg.connect(DATABASE_URL, row_factory=dict_row)
+    return conn
+
+
+def close_db_pool():
+    """Placeholder for shutdown compatibility."""
+    pass
+
+
+# --- Helper: embedding <-> database conversion ---
+
+def embedding_to_pgvector(embedding: np.ndarray) -> str:
+    """Convert a numpy embedding to pgvector string format: '[0.1,0.2,...]'"""
+    return "[" + ",".join(f"{x:.8f}" for x in embedding.tolist()) + "]"
+
+
+def pgvector_to_embedding(pgvector_str: str) -> np.ndarray:
+    """Convert a pgvector string back to numpy array."""
+    values = pgvector_str.strip("[]").split(",")
+    return np.array([float(v) for v in values], dtype=np.float32)
+
+
+# --- pgvector similarity search ---
+
+def search_similar_products(query_embedding: np.ndarray, top_k: int = 50):
+    """
+    Find the top_k most similar products to the query embedding
+    using pgvector cosine similarity search.
+    Returns list of dicts with product info + embedding.
+    """
+    conn = get_db_connection()
+    embedding_str = embedding_to_pgvector(query_embedding)
+    
+    query = """
+        SELECT
+            id, seller_id, title, description, price, stock, images,
+            embedding::text as embedding_text,
+            1 - (embedding <=> %s::vector) as similarity
+        FROM products
+        WHERE is_active = true AND status = 'approved' AND stock > 0 AND embedding IS NOT NULL
+        ORDER BY embedding <=> %s::vector
+        LIMIT %s
+    """
+    
+    try:
+        with conn.cursor() as cur:
+            cur.execute(query, (embedding_str, embedding_str, top_k))
+            rows = cur.fetchall()
+    finally:
+        conn.close()
+
+    results = []
+    for row in rows:
+        results.append({
+            "id": str(row["id"]),
+            "seller_id": str(row["seller_id"]),
+            "title": row["title"],
+            "description": row["description"],
+            "price": float(row["price"]),
+            "stock": int(row["stock"]),
+            "images": row["images"] or [],
+            "embedding": pgvector_to_embedding(row["embedding_text"]),
+            "similarity": float(row["similarity"]),
+        })
+
+    return results
+
+
+def search_similar_products_filtered(
+    query_embedding: np.ndarray,
+    top_k: int = 50,
+    price_min: float = None,
+    price_max: float = None,
+    brand: str = None,
+    color: str = None,
+):
+    """
+    Find the top_k most similar products with optional structured filters.
+    Extends search_similar_products with WHERE clauses from query rewriting.
+    """
+    conn = get_db_connection()
+    embedding_str = embedding_to_pgvector(query_embedding)
+    
+    # Build dynamic WHERE clause
+    conditions = ["is_active = true", "status = 'approved'", "stock > 0", "embedding IS NOT NULL"]
+    filter_params = []
+
+    if price_min is not None:
+        conditions.append(f"price > %s")
+        filter_params.append(price_min)
+
+    if price_max is not None:
+        conditions.append(f"price < %s")
+        filter_params.append(price_max)
+
+    if brand:
+        conditions.append(f"(title ILIKE %s OR description ILIKE %s)")
+        filter_params.append(f"%{brand}%")
+        filter_params.append(f"%{brand}%")
+
+    if color:
+        conditions.append(f"(title ILIKE %s OR description ILIKE %s)")
+        filter_params.append(f"%{color}%")
+        filter_params.append(f"%{color}%")
+
+    where_clause = " AND ".join(conditions)
+
+    # Params must match SQL placeholder order:
+    # 1) embedding for SELECT similarity, 2) filter params for WHERE,
+    # 3) embedding for ORDER BY, 4) top_k for LIMIT
+    params = [embedding_str] + filter_params + [embedding_str, top_k]
+
+    query = f"""
+        SELECT
+            id, seller_id, title, description, price, stock, images,
+            embedding::text as embedding_text,
+            1 - (embedding <=> %s::vector) as similarity
+        FROM products
+        WHERE {where_clause}
+        ORDER BY embedding <=> %s::vector
+        LIMIT %s
+    """
+
+    try:
+        with conn.cursor() as cur:
+            cur.execute(query, tuple(params))
+            rows = cur.fetchall()
+    finally:
+        conn.close()
+
+    results = []
+    for row in rows:
+        results.append({
+            "id": str(row["id"]),
+            "seller_id": str(row["seller_id"]),
+            "title": row["title"],
+            "description": row["description"],
+            "price": float(row["price"]),
+            "stock": int(row["stock"]),
+            "images": row["images"] or [],
+            "embedding": pgvector_to_embedding(row["embedding_text"]),
+            "similarity": float(row["similarity"]),
+        })
+
+    return results
+
+
+def store_product_embedding(product_id: str, embedding: np.ndarray):
+    """Store/update the BERT embedding for a product."""
+    conn = get_db_connection()
+    embedding_str = embedding_to_pgvector(embedding)
+    
+    query = """
+        UPDATE products SET embedding = %s::vector WHERE id = %s
+    """
+    
+    try:
+        with conn.cursor() as cur:
+            cur.execute(query, (embedding_str, product_id))
+        conn.commit()
+    finally:
+        conn.close()

backend/download_models.py

@@ -0,0 +1,37 @@
+"""
+Downloads large model weights from HuggingFace Model Hub at build time.
+Run once during Docker build — weights are baked into the image.
+Requires HF_TOKEN env var if the model repo is private.
+"""
+
+import os
+from huggingface_hub import hf_hub_download
+
+REPO_ID = "dashm/retailtalk-models"
+TOKEN = os.getenv("HF_TOKEN", None)
+
+files = [
+    ("trained_model/intent_classifier/model.pt",  "intent_classifier/model.pt"),
+    ("trained_model/slot_extractor/model.pt",      "slot_extractor/model.pt"),
+    ("trained_model/ranker/model.safetensors",     "ranker/model.safetensors"),
+    ("trained_model/pytorch_model.bin",            "pytorch_model.bin"),
+]
+
+base_dir = os.path.dirname(os.path.abspath(__file__))
+
+for local_rel, hub_filename in files:
+    local_path = os.path.join(base_dir, local_rel)
+    if os.path.exists(local_path):
+        print(f"[skip] {local_rel} already exists")
+        continue
+    print(f"[download] {hub_filename} -> {local_rel}")
+    os.makedirs(os.path.dirname(local_path), exist_ok=True)
+    hf_hub_download(
+        repo_id=REPO_ID,
+        filename=hub_filename,
+        local_dir=os.path.join(base_dir, "trained_model"),
+        token=TOKEN,
+    )
+    print(f"[done] {local_rel}")
+
+print("[OK] All models downloaded.")

backend/main.py

@@ -0,0 +1,110 @@
+"""
+RetailTalk — FastAPI Backend Entry Point
+
+This is the main file that starts the API server.
+Run with: uvicorn main:app --reload
+"""
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from contextlib import asynccontextmanager
+
+from config import APP_NAME, DEBUG
+from database import close_db_pool
+from routes import auth, products, search, transactions, admin, insights, contacts, cart, delivery, manager, restock, wishlist
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Startup and shutdown events."""
+    # --- Startup ---
+    print(f"[START] Starting {APP_NAME} backend...")
+
+    # Load ML models
+    from models.bert_service import bert_service
+    from models.classifier import classifier_service
+    from models.ranker import ranker_service
+    from models.intent_service import intent_service
+    from models.slot_service import slot_service
+    from models.query_rewriter import query_rewriter
+
+    print("[ML] Loading BERT model...")
+    bert_service.load()
+    print("[ML] Loading classifier model...")
+    classifier_service.load()
+    print("[ML] Loading ranker model (optional)...")
+    ranker_service.load()
+    print("[ML] Loading intent classifier (optional)...")
+    intent_service.load()
+    print("[ML] Loading slot extractor (optional)...")
+    slot_service.load()
+
+    # Initialize query rewriter with loaded services
+    query_rewriter.init(intent_service, slot_service)
+    print("[ML] Query rewriter initialized")
+
+    print(f"[OK] {APP_NAME} backend ready!")
+
+    yield
+
+    # --- Shutdown ---
+    print("[STOP] Shutting down...")
+    close_db_pool()
+
+
+# Create FastAPI app
+app = FastAPI(
+    title=f"{APP_NAME} API",
+    description=(
+        "An NLP for querying e-commerce product. "
+        "Uses BERT embeddings + CrossEncoder ranking + QueryProductClassifier to "
+        "find, rank, and classify product search results "
+        "as Exact / Substitute / Complement / Irrelevant."
+    ),
+    version="1.0.0",
+    lifespan=lifespan,
+)
+
+# CORS — allow frontend to call the API
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=["*"],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+# Register route groups
+app.include_router(auth.router)
+app.include_router(products.router)
+app.include_router(search.router)
+app.include_router(transactions.router)
+app.include_router(admin.router)
+app.include_router(insights.router)
+app.include_router(contacts.router)
+app.include_router(cart.router)
+app.include_router(delivery.router)
+app.include_router(manager.router)
+app.include_router(restock.router)
+app.include_router(wishlist.router)
+
+
+@app.get("/", tags=["Health"])
+async def root():
+    """Health check endpoint."""
+    from models.bert_service import bert_service
+    from models.classifier import classifier_service
+    from models.ranker import ranker_service
+    from models.intent_service import intent_service
+    from models.slot_service import slot_service
+    return {
+        "app": APP_NAME,
+        "status": "running",
+        "ml_status": {
+            "bert": "loaded" if bert_service._loaded else "not loaded",
+            "classifier": "loaded" if classifier_service._loaded else "not loaded",
+            "ranker": "loaded" if ranker_service._loaded else "not loaded",
+            "intent": "loaded" if intent_service._loaded else "not loaded",
+            "slot": "loaded" if slot_service._loaded else "not loaded",
+        },
+    }
+

backend/models/bert_service.py

@@ -0,0 +1,106 @@
+"""
+BERT Embedding Service — computes text embeddings using a pretrained BERT model.
+Loaded once at startup, reused for all requests.
+"""
+
+import torch
+import torch.nn.functional as F
+import numpy as np
+from transformers import BertModel, BertTokenizer
+from config import BERT_MODEL_NAME, BERT_MAX_LENGTH
+
+
+class BertEmbeddingService:
+    """Singleton service that computes BERT embeddings for text."""
+
+    def __init__(self):
+        self.model = None
+        self.tokenizer = None
+        self.device = None
+        self._loaded = False
+
+    def load(self):
+        """Load the BERT model and tokenizer. Call once at app startup."""
+        if self._loaded:
+            return
+
+        print(f"[BertService] Loading BERT model: {BERT_MODEL_NAME}...")
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+        self.model = BertModel.from_pretrained(BERT_MODEL_NAME)
+        self.tokenizer = BertTokenizer.from_pretrained(BERT_MODEL_NAME)
+        self.model.to(self.device)
+        self.model.eval()
+        self._loaded = True
+        print(f"[BertService] Model loaded on {self.device}")
+
+    def _pool_summary(self, last_hidden_states, pool_op="max"):
+        """Pool the BERT output into a single vector per input."""
+        num_features = last_hidden_states.size()[1]
+        hidden_p = last_hidden_states.permute(0, 2, 1)
+        pool_fn = F.max_pool1d if pool_op == "max" else F.avg_pool1d
+        return pool_fn(hidden_p, kernel_size=num_features).squeeze(-1)
+
+    def compute_embedding(self, text: str) -> np.ndarray:
+        """
+        Compute a single BERT embedding for the given text.
+        Returns a numpy array of shape (768,).
+        """
+        if not self._loaded:
+            raise RuntimeError("BertService not loaded. Call load() first.")
+
+        # Tokenize
+        tokens = self.tokenizer(
+            text,
+            padding="max_length",
+            truncation=True,
+            max_length=BERT_MAX_LENGTH,
+            return_attention_mask=True,
+            return_tensors="pt",
+        )
+
+        # Move to device
+        inputs = {
+            "input_ids": tokens["input_ids"].to(self.device),
+            "attention_mask": tokens["attention_mask"].to(self.device),
+            "token_type_ids": tokens["token_type_ids"].to(self.device),
+        }
+
+        # Forward pass
+        with torch.no_grad():
+            output = self.model(**inputs)
+            embedding = self._pool_summary(output[0])
+
+        return embedding.detach().cpu().numpy().squeeze(0)  # shape: (768,)
+
+    def compute_embeddings_batch(self, texts: list[str]) -> np.ndarray:
+        """
+        Compute BERT embeddings for a batch of texts.
+        Returns numpy array of shape (N, 768).
+        """
+        if not self._loaded:
+            raise RuntimeError("BertService not loaded. Call load() first.")
+
+        tokens = self.tokenizer(
+            texts,
+            padding="max_length",
+            truncation=True,
+            max_length=BERT_MAX_LENGTH,
+            return_attention_mask=True,
+            return_tensors="pt",
+        )
+
+        inputs = {
+            "input_ids": tokens["input_ids"].to(self.device),
+            "attention_mask": tokens["attention_mask"].to(self.device),
+            "token_type_ids": tokens["token_type_ids"].to(self.device),
+        }
+
+        with torch.no_grad():
+            output = self.model(**inputs)
+            embeddings = self._pool_summary(output[0])
+
+        return embeddings.detach().cpu().numpy()  # shape: (N, 768)
+
+
+# Global singleton instance
+bert_service = BertEmbeddingService()

backend/models/classifier.py

@@ -0,0 +1,153 @@
+"""
+Classifier Service — loads the trained QueryProductClassifier model
+and classifies (query, product) pairs into E/S/C/I labels.
+"""
+
+import os
+import torch
+import torch.nn as nn
+import numpy as np
+from config import CLASSIFIER_MODEL_PATH, BERT_EMBEDDING_DIM
+
+
+class QueryProductClassifier(nn.Module):
+    """
+    Feed-forward classifier that takes concatenated query + product embeddings
+    and classifies into E/S/C/I categories.
+    This is a copy of the trained model architecture from the ESCI project.
+    Must stay in sync with classification_identification/query_product/classifier_model.py
+    """
+
+    def __init__(self, size_pretrained=768, dense_hidden_dim=256, num_dense_layers=2, num_labels=4, dropout_rate=0.1):
+        super(QueryProductClassifier, self).__init__()
+        self.num_labels = 1 if num_labels <= 2 else num_labels
+        self.size_pretrained = size_pretrained * 2  # query + product concatenated
+        fc_layers = []
+        prev_dim = self.size_pretrained
+        self.dropout_embedding = nn.Dropout(dropout_rate)
+        for _ in range(num_dense_layers):
+            fc_layers.append(nn.Linear(prev_dim, dense_hidden_dim, bias=True))
+            fc_layers.append(nn.BatchNorm1d(dense_hidden_dim))
+            fc_layers.append(nn.ReLU())
+            fc_layers.append(nn.Dropout(dropout_rate))
+            prev_dim = dense_hidden_dim
+        fc_layers.append(nn.Linear(prev_dim, self.num_labels))
+        self.fc = nn.Sequential(*fc_layers)
+
+    def forward(self, query_embedding, product_embedding):
+        embedding = torch.cat((query_embedding, product_embedding), 1)
+        embedding = self.dropout_embedding(embedding)
+        logits = self.fc(embedding).squeeze(-1)
+        return logits
+
+
+# Label mapping
+CLASS_ID_TO_LABEL = {
+    0: "Exact",
+    1: "Substitute",
+    2: "Complement",
+    3: "Irrelevant",
+}
+
+# Priority for sorting (lower = more relevant = shown first)
+LABEL_PRIORITY = {
+    "Exact": 0,
+    "Substitute": 1,
+    "Complement": 2,
+    "Irrelevant": 3,
+}
+
+
+class ClassifierService:
+    """Singleton service that classifies query-product pairs."""
+
+    def __init__(self):
+        self.model = None
+        self.device = None
+        self._loaded = False
+
+    def load(self):
+        """Load the trained classifier model. Call once at app startup."""
+        if self._loaded:
+            return
+
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+
+        model_path = CLASSIFIER_MODEL_PATH
+        if not os.path.exists(model_path):
+            print(f"[ClassifierService] WARNING: Model file not found at {model_path}")
+            print("[ClassifierService] Search will use similarity-only ranking (no E/S/C/I classification)")
+            return
+
+        print(f"[ClassifierService] Loading classifier from {model_path}...")
+        self.model = QueryProductClassifier(
+            size_pretrained=BERT_EMBEDDING_DIM,
+            num_labels=4,
+        )
+        self.model.load_state_dict(torch.load(model_path, map_location=self.device))
+        self.model.to(self.device)
+        self.model.eval()
+        self._loaded = True
+        print(f"[ClassifierService] Classifier loaded on {self.device}")
+
+    def classify(self, query_embedding: np.ndarray, product_embedding: np.ndarray) -> dict:
+        """
+        Classify a single (query, product) pair.
+        Returns: {"label": "Exact", "confidence": 0.92, "class_id": 0}
+        """
+        if not self._loaded:
+            return {"label": "Unknown", "confidence": 0.0, "class_id": -1}
+
+        q = torch.tensor(query_embedding).float().unsqueeze(0).to(self.device)
+        p = torch.tensor(product_embedding).float().unsqueeze(0).to(self.device)
+
+        with torch.no_grad():
+            logits = self.model(q, p)
+            probabilities = torch.softmax(logits, dim=1)
+            class_id = torch.argmax(probabilities, dim=1).item()
+            confidence = probabilities[0][class_id].item()
+
+        return {
+            "label": CLASS_ID_TO_LABEL[class_id],
+            "confidence": round(confidence, 4),
+            "class_id": class_id,
+        }
+
+    def classify_batch(self, query_embedding: np.ndarray, product_embeddings: np.ndarray) -> list[dict]:
+        """
+        Classify a query against multiple products at once.
+        query_embedding: shape (768,)
+        product_embeddings: shape (N, 768)
+        Returns list of classification dicts.
+        """
+        if not self._loaded:
+            return [{"label": "Unknown", "confidence": 0.0, "class_id": -1}] * len(product_embeddings)
+
+        n = product_embeddings.shape[0]
+        # Repeat query embedding N times to match batch
+        q = torch.tensor(np.tile(query_embedding, (n, 1))).float().to(self.device)
+        p = torch.tensor(product_embeddings).float().to(self.device)
+
+        with torch.no_grad():
+            logits = self.model(q, p)
+            probabilities = torch.softmax(logits, dim=1)
+            class_ids = torch.argmax(probabilities, dim=1).cpu().numpy()
+            confidences = probabilities.max(dim=1).values.cpu().numpy()
+
+        all_probs = probabilities.cpu().numpy()
+
+        results = []
+        for i in range(n):
+            results.append({
+                "label": CLASS_ID_TO_LABEL[int(class_ids[i])],
+                "confidence": round(float(confidences[i]), 4),
+                "class_id": int(class_ids[i]),
+                "exact_prob": round(float(all_probs[i][0]), 4),
+                "substitute_prob": round(float(all_probs[i][1]), 4),
+                "complement_prob": round(float(all_probs[i][2]), 4),
+                "irrelevant_prob": round(float(all_probs[i][3]), 4),
+            })
+        return results
+
+# Global singleton instance
+classifier_service = ClassifierService()

backend/models/intent_service.py

@@ -0,0 +1,148 @@
+"""
+Intent Classification Service — runs the trained IntentClassifier model
+for real-time inference on user queries.
+
+Loaded once at startup, reused for all search requests.
+Intents: single_search, multi_search, filtered_search, free_form (multi-label)
+"""
+
+import os
+import json
+import torch
+import torch.nn as nn
+import numpy as np
+from transformers import BertModel, BertTokenizer
+from config import INTENT_MODEL_PATH, BERT_MODEL_NAME, INTENT_MAX_LENGTH
+
+
+class IntentClassifier(nn.Module):
+    """
+    BERT + classification head for multi-label intent classification.
+    Must match the architecture used during training.
+    """
+
+    def __init__(self, bert_model_name="bert-base-multilingual-uncased", num_intents=4):
+        super().__init__()
+        self.bert = BertModel.from_pretrained(bert_model_name)
+        self.dropout = nn.Dropout(0.3)
+        self.fc1 = nn.Linear(768, 256)
+        self.relu = nn.ReLU()
+        self.fc2 = nn.Linear(256, num_intents)
+
+    def forward(self, input_ids, attention_mask):
+        outputs = self.bert(input_ids=input_ids, attention_mask=attention_mask)
+        cls_output = outputs.last_hidden_state[:, 0, :]  # [CLS] token
+        x = self.dropout(cls_output)
+        x = self.relu(self.fc1(x))
+        x = self.dropout(x)
+        logits = self.fc2(x)
+        return logits
+
+
+class IntentService:
+    """Singleton service for intent classification at inference time."""
+
+    def __init__(self):
+        self.model = None
+        self.tokenizer = None
+        self.device = None
+        self.label_names = []
+        self._loaded = False
+
+    def load(self):
+        """Load the trained intent classifier. Call once at app startup."""
+        if self._loaded:
+            return
+
+        model_dir = INTENT_MODEL_PATH
+
+        model_path = os.path.join(model_dir, "model.pt")
+        label_map_path = os.path.join(model_dir, "label_map.json")
+        config_path = os.path.join(model_dir, "config.json")
+
+        if not os.path.exists(model_path):
+            print(f"[IntentService] WARNING: Model not found at {model_path}")
+            print("[IntentService] Intent classification will be unavailable.")
+            return
+
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+
+        # Load config for label names
+        if os.path.exists(config_path):
+            with open(config_path, "r") as f:
+                config = json.load(f)
+            self.label_names = config.get("label_names", [])
+            num_intents = config.get("num_intents", 4)
+        elif os.path.exists(label_map_path):
+            with open(label_map_path, "r") as f:
+                label_map = json.load(f)
+            self.label_names = sorted(label_map.keys(), key=lambda k: label_map[k])
+            num_intents = len(self.label_names)
+        else:
+            self.label_names = ["single_search", "multi_search", "filtered_search", "free_form"]
+            num_intents = 4
+
+        print(f"[IntentService] Loading intent classifier ({num_intents} intents)...")
+        self.model = IntentClassifier(
+            bert_model_name=BERT_MODEL_NAME,
+            num_intents=num_intents,
+        )
+
+        checkpoint = torch.load(model_path, map_location=self.device, weights_only=False)
+        self.model.load_state_dict(checkpoint["model_state_dict"])
+        self.model.to(self.device)
+        self.model.eval()
+
+        self.tokenizer = BertTokenizer.from_pretrained(BERT_MODEL_NAME)
+        self._loaded = True
+        print(f"[IntentService] Intent classifier loaded on {self.device}")
+        print(f"[IntentService] Labels: {self.label_names}")
+
+    def predict(self, query: str, threshold: float = 0.5) -> dict:
+        """
+        Classify a query's intents (multi-label).
+
+        Returns:
+            {
+                "intents": ["single_search", "filtered_search"],
+                "probabilities": {
+                    "single_search": 0.92,
+                    "multi_search": 0.03,
+                    "filtered_search": 0.87,
+                    "free_form": 0.01
+                }
+            }
+        """
+        if not self._loaded:
+            return {"intents": [], "probabilities": {}}
+
+        tokens = self.tokenizer(
+            query,
+            padding="max_length",
+            truncation=True,
+            max_length=INTENT_MAX_LENGTH,
+            return_tensors="pt",
+        )
+
+        input_ids = tokens["input_ids"].to(self.device)
+        attention_mask = tokens["attention_mask"].to(self.device)
+
+        with torch.no_grad():
+            logits = self.model(input_ids, attention_mask)
+            probs = torch.sigmoid(logits).cpu().numpy()[0]
+
+        probabilities = {
+            name: round(float(probs[i]), 4) for i, name in enumerate(self.label_names)
+        }
+        active_intents = [
+            name for i, name in enumerate(self.label_names) if probs[i] > threshold
+        ]
+
+        return {
+            "intents": active_intents,
+            "probabilities": probabilities,
+        }
+
+
+# Global singleton
+intent_service = IntentService()

backend/models/query_rewriter.py

@@ -0,0 +1,456 @@
+"""
+Query Rewriter — transforms raw user queries into structured search inputs
+using intent classification and slot extraction.
+
+Takes:  raw query + intents + extracted slots
+Returns: rewritten search text + structured filters + metadata
+"""
+
+import re
+from dataclasses import dataclass, field
+from typing import Optional
+
+
+@dataclass
+class SearchGroup:
+    """A single search sub-query with its own text and filters."""
+    search_text: str
+    filters: dict = field(default_factory=dict)
+
+
+@dataclass
+class RewrittenQuery:
+    """Output of the query rewriter."""
+    search_text: str           # Cleaned query for BERT embedding + keyword matching
+    filters: dict              # Structured filters for Supabase WHERE clauses
+    original_query: str        # The raw user input
+    intents: list = field(default_factory=list)   # Detected intents
+    slots: dict = field(default_factory=dict)     # All extracted slots
+    is_rewritten: bool = False  # Whether any rewriting was applied
+    search_groups: list = field(default_factory=list)  # List[SearchGroup] for compound queries
+
+
+# Slot types that represent product names (included in search text)
+PRODUCT_SLOTS = {"PRODUCT1", "PRODUCT2"}
+
+# Slot types that become Supabase filters (excluded from search text)
+FILTER_SLOTS = {"PRICE_MIN", "PRICE_MAX", "PRICE_MOD", "BRAND", "COLOR",
+                "SIZE", "RATING_MIN", "RATING_MOD"}
+
+# Modifier words to strip from search text (common non-product words)
+MODIFIER_WORDS = {
+    "under", "below", "less", "than", "above", "over", "more",
+    "at", "least", "most", "around", "between", "and",
+    "cheaper", "cheapest", "expensive",
+    "budget", "affordable", "cheap", "pricey",
+    "minimum", "maximum", "max", "min",
+    "rating", "rated", "stars", "star",
+    "i", "want", "need", "looking", "for", "find", "show", "me",
+    "the", "a", "an", "of", "with", "in", "na", "ng", "ang", "yung",
+    "paano", "saan", "ano", "may", "gusto", "ko", "hanap",
+    "magkano", "pesos", "peso", "php",
+}
+
+
+# Conjunction patterns for compound query splitting
+COMPOUND_CONJUNCTIONS = [
+    r'\s+and\s+',
+    r'\s+at\s+saka\s+',
+    r'\s+tapos\s+',
+    r'\s+tsaka\s+',
+    r'\s+pati\s+(na\s+)?',
+]
+
+
+def split_compound_query(query: str) -> list[str]:
+    """
+    Split a compound query on conjunctions ('and', 'at saka', etc.)
+    into separate product searches.
+
+    "party items less than 300 and shoes for kids less 200"
+    -> ["party items less than 300", "shoes for kids less 200"]
+
+    "peanut butter and jelly under 200"
+    -> ["peanut butter", "jelly under 200"]
+    """
+    for conj in COMPOUND_CONJUNCTIONS:
+        parts = re.split(conj, query, flags=re.IGNORECASE)
+        if len(parts) >= 2:
+            cleaned = [p.strip() for p in parts if p and p.strip()]
+            if len(cleaned) >= 2:
+                return cleaned
+    return [query]
+
+
+def split_sentences(query: str) -> list[str]:
+    """
+    Split a multi-sentence or compound query into individual sub-queries.
+    1. Splits on . ? ! followed by whitespace (standard sentence splitting).
+    2. Splits on commas that act as product separators.
+    3. Then splits each sentence on conjunctions ('and', 'at saka').
+    """
+    # Split on sentence-ending punctuation: . followed by space+letter (avoids
+    # decimals like "3.5"), or ? / ! at end/followed by whitespace.
+    parts = re.split(r'\.(?=\s+[A-Za-z])|[?!](?:\s+|$)', query)
+    sentences = [s.strip().rstrip('.!?') for s in parts if s and s.strip()]
+    sentences = [s for s in sentences if s]
+    if not sentences:
+        sentences = [query.strip()]
+
+    # Split on commas — treat commas as product separators
+    comma_parts = []
+    for sent in sentences:
+        csv = [p.strip() for p in sent.split(',') if p and p.strip()]
+        comma_parts.extend(csv if len(csv) >= 2 else [sent])
+
+    # Compound query splitting on each part (handles 'and')
+    all_parts = []
+    for part in comma_parts:
+        compound_parts = split_compound_query(part)
+        all_parts.extend(compound_parts)
+
+    return all_parts if all_parts else [query.strip()]
+
+
+def _merge_rewritten_queries(
+    sub_queries: list[RewrittenQuery],
+    original_query: str,
+) -> RewrittenQuery:
+    """Merge multiple per-sentence RewrittenQuery results into one."""
+    if len(sub_queries) == 1:
+        rq = sub_queries[0]
+        rq.search_groups = [SearchGroup(search_text=rq.search_text, filters=rq.filters)]
+        return rq
+
+    # Union of all intents (deduplicated, preserving order)
+    merged_intents = list(dict.fromkeys(
+        intent for rq in sub_queries for intent in rq.intents
+    ))
+
+    # Each sub-query that originated from a separator (dot, comma, 'and') represents
+    # a distinct product search — always keep them as independent search groups.
+    # We only collapse to a single group when all sub-queries share the same search
+    # text (i.e., splitting produced no meaningful separation).
+    distinct_texts = len({rq.search_text for rq in sub_queries}) > 1
+
+    if distinct_texts:
+        # ── COMPOUND QUERY ──
+        # Each sub-query becomes its own SearchGroup with independent filters.
+        search_groups = [
+            SearchGroup(search_text=rq.search_text, filters=rq.filters)
+            for rq in sub_queries
+        ]
+        merged_slots = {}
+        product_idx = 1
+        for rq in sub_queries:
+            for key, value in rq.slots.items():
+                if key in ("PRODUCT1", "PRODUCT2"):
+                    slot_key = f"PRODUCT{product_idx}"
+                    if slot_key not in merged_slots:
+                        merged_slots[slot_key] = value
+                        product_idx += 1
+                elif key not in merged_slots:
+                    merged_slots[key] = value
+        search_text = " | ".join(g.search_text for g in search_groups)
+        return RewrittenQuery(
+            search_text=search_text,
+            filters={},
+            original_query=original_query,
+            intents=merged_intents,
+            slots=merged_slots,
+            is_rewritten=True,
+            search_groups=search_groups,
+        )
+
+    # ── SINGLE GROUP (original merge behavior) ──
+    merged_slots = {}
+    for rq in sub_queries:
+        for key, value in rq.slots.items():
+            if key in ("PRODUCT1", "PRODUCT2"):
+                if "PRODUCT1" not in merged_slots:
+                    merged_slots["PRODUCT1"] = value
+                elif "PRODUCT2" not in merged_slots:
+                    merged_slots["PRODUCT2"] = value
+            elif key not in merged_slots:
+                merged_slots[key] = value
+
+    merged_filters = {}
+    for rq in sub_queries:
+        for key, value in rq.filters.items():
+            if key not in merged_filters:
+                merged_filters[key] = value
+            elif key == "price_min":
+                merged_filters[key] = max(merged_filters[key], value)
+            elif key == "price_max":
+                merged_filters[key] = min(merged_filters[key], value)
+            elif key == "rating_min":
+                merged_filters[key] = max(merged_filters[key], value)
+
+    seen = set()
+    search_parts = []
+    for rq in sub_queries:
+        for word in rq.search_text.split():
+            lower = word.lower()
+            if lower not in seen:
+                seen.add(lower)
+                search_parts.append(word)
+    search_text = " ".join(search_parts)
+
+    return RewrittenQuery(
+        search_text=search_text,
+        filters=merged_filters,
+        original_query=original_query,
+        intents=merged_intents,
+        slots=merged_slots,
+        is_rewritten=any(rq.is_rewritten for rq in sub_queries),
+        search_groups=[SearchGroup(search_text=search_text, filters=merged_filters)],
+    )
+
+
+def _parse_price(value: str) -> Optional[float]:
+    """Try to parse a numeric value from a price slot."""
+    clean = re.sub(r"[^\d.]", "", value)
+    try:
+        return float(clean)
+    except ValueError:
+        return None
+
+
+def _detect_price_direction(query: str) -> Optional[str]:
+    """
+    Detect whether the user's price intent is a minimum or maximum
+    based on modifier words in the raw query.
+
+    Returns "min", "max", or None if ambiguous.
+    """
+    q = query.lower()
+    # Patterns that indicate a MINIMUM price ("more than X", "above X", etc.)
+    min_patterns = [
+        r"\bmore\s+than\b", r"\babove\b", r"\bover\b", r"\bat\s+least\b",
+        r"\bhigher\s+than\b", r"\bstarting\b", r"\bfrom\b",
+        r"\bexpensive\b", r"\bpricey\b",
+        # Filipino
+        r"\bhigit\s+sa\b", r"\bmula\s+sa\b",
+    ]
+    # Patterns that indicate a MAXIMUM price ("less than X", "under X", etc.)
+    max_patterns = [
+        r"\bless\s+than\b", r"\bunder\b", r"\bbelow\b", r"\bat\s+most\b",
+        r"\bcheaper\s+than\b", r"\bbudget\b", r"\bcheap\b", r"\baffordable\b",
+        # Filipino
+        r"\bmura\b", r"\bmababa\b",
+    ]
+    for pat in min_patterns:
+        if re.search(pat, q):
+            return "min"
+    for pat in max_patterns:
+        if re.search(pat, q):
+            return "max"
+    return None
+
+
+def rewrite(query: str, intents: list[str], slots: dict) -> RewrittenQuery:
+    """
+    Rewrite a user query based on detected intents and extracted slots.
+
+    Logic:
+    - For free_form queries (and no other intents): pass through as-is
+    - For filtered_search: extract filter slots into structured filters,
+      build search text from product slots only
+    - For single_search / multi_search: build search text from product slots,
+      include brand/color in search text too
+    """
+
+    # Default: use original query as-is
+    result = RewrittenQuery(
+        search_text=query.strip(),
+        filters={},
+        original_query=query.strip(),
+        intents=intents,
+        slots=slots,
+    )
+
+    # If no intents or slots were extracted, return original query
+    if not intents and not slots:
+        return result
+
+    # Free-form intent with no product slots: pass through as-is
+    # (e.g., "pano magluto ng adobo" — not a product search)
+    if "free_form" in intents and len(intents) == 1 and not slots:
+        return result
+
+    # --- Correct price slot direction ---
+    # The NER model may tag the price value as PRICE_MAX when the user
+    # actually means "more than X" (a minimum), or vice versa.
+    # Use modifier words in the raw query to fix this.
+    direction = _detect_price_direction(query)
+
+    has_min = "PRICE_MIN" in slots
+    has_max = "PRICE_MAX" in slots
+
+    if direction == "min" and has_max and not has_min:
+        # NER said PRICE_MAX but user said "more than" → swap to PRICE_MIN
+        slots["PRICE_MIN"] = slots.pop("PRICE_MAX")
+    elif direction == "max" and has_min and not has_max:
+        # NER said PRICE_MIN but user said "under" → swap to PRICE_MAX
+        slots["PRICE_MAX"] = slots.pop("PRICE_MIN")
+
+    # --- Regex fallback: extract price if NER missed it ---
+    # Covers patterns like "less than 30", "under 500", "more than 100", etc.
+    if direction is not None and "PRICE_MIN" not in slots and "PRICE_MAX" not in slots:
+        price_match = re.search(r'(\d+(?:\.\d+)?)', query)
+        if price_match:
+            price_val = price_match.group(1)
+            if direction == "max":
+                slots["PRICE_MAX"] = price_val
+                print(f"[QueryRewriter] Regex fallback: PRICE_MAX={price_val} (from '{query}')")
+            elif direction == "min":
+                slots["PRICE_MIN"] = price_val
+                print(f"[QueryRewriter] Regex fallback: PRICE_MIN={price_val} (from '{query}')")
+
+    # --- Build structured filters from slots ---
+    filters = {}
+
+    price_max = slots.get("PRICE_MAX")
+    if price_max:
+        parsed = _parse_price(price_max)
+        if parsed is not None:
+            filters["price_max"] = parsed
+
+    price_min = slots.get("PRICE_MIN")
+    if price_min:
+        parsed = _parse_price(price_min)
+        if parsed is not None:
+            filters["price_min"] = parsed
+
+    brand = slots.get("BRAND")
+    if brand:
+        filters["brand"] = brand.strip()
+
+    color = slots.get("COLOR")
+    if color:
+        filters["color"] = color.strip()
+
+    size = slots.get("SIZE")
+    if size:
+        filters["size"] = size.strip()
+
+    rating_min = slots.get("RATING_MIN")
+    if rating_min:
+        parsed = _parse_price(rating_min)
+        if parsed is not None:
+            filters["rating_min"] = parsed
+
+    # --- Build search text ---
+    search_parts = []
+
+    # Include product names
+    for slot_type in ["PRODUCT1", "PRODUCT2"]:
+        if slot_type in slots:
+            search_parts.append(slots[slot_type].strip())
+
+    # Include brand in search text (helps BERT + keyword matching)
+    if brand:
+        search_parts.insert(0, brand.strip())
+
+    # Include color in search text (helps keyword matching)
+    if color:
+        search_parts.insert(0, color.strip())
+
+    # If we have product-related slots, use them as the search text
+    if search_parts:
+        search_text = " ".join(search_parts)
+    else:
+        # No product slots found — clean the original query
+        # Remove modifier words and price values
+        words = query.strip().split()
+        cleaned = [
+            w for w in words
+            if w.lower() not in MODIFIER_WORDS
+            and not re.match(r"^\d+$", w)
+        ]
+        search_text = " ".join(cleaned) if cleaned else query.strip()
+
+    result.search_text = search_text
+    result.filters = filters
+    result.is_rewritten = bool(filters) or (search_text != query.strip())
+
+    return result
+
+
+class QueryRewriterService:
+    """
+    Orchestrates intent classification + slot extraction + query rewriting.
+    This is the main entry point called from the search route.
+    """
+
+    def __init__(self):
+        self._intent_service = None
+        self._slot_service = None
+
+    def init(self, intent_service, slot_service):
+        """Initialize with references to the intent and slot services."""
+        self._intent_service = intent_service
+        self._slot_service = slot_service
+
+    def process(self, query: str) -> RewrittenQuery:
+        """
+        Full query rewriting pipeline with multi-sentence support:
+        1. Split query into sentences
+        2. Process each sentence (intent + slot + rewrite)
+        3. Merge results into a single RewrittenQuery
+
+        Returns RewrittenQuery with search_text, filters, intents, and slots.
+        """
+        sentences = split_sentences(query)
+
+        if len(sentences) == 1:
+            # Single sentence: no splitting overhead
+            result = self._process_single(sentences[0])
+            result.original_query = query.strip()
+            result.search_groups = [SearchGroup(search_text=result.search_text, filters=result.filters)]
+            self._log(query, result)
+            return result
+
+        # Multiple sentences: process each independently, then merge
+        sub_results = [self._process_single(s) for s in sentences]
+        merged = _merge_rewritten_queries(sub_results, original_query=query.strip())
+
+        if merged.is_rewritten:
+            print(f"[QueryRewriter] '{query}' -> '{merged.search_text}'")
+            print(f"[QueryRewriter]   Sentences: {sentences}")
+            print(f"[QueryRewriter]   Intents: {merged.intents}")
+            print(f"[QueryRewriter]   Slots:   {merged.slots}")
+            print(f"[QueryRewriter]   Filters: {merged.filters}")
+
+        return merged
+
+    def _process_single(self, sentence: str) -> RewrittenQuery:
+        """Process a single sentence through intent + slot + rewrite."""
+        # Step 1: Classify intents
+        intent_result = {"intents": [], "probabilities": {}}
+        if self._intent_service and self._intent_service._loaded:
+            intent_result = self._intent_service.predict(sentence)
+
+        # Step 2: Extract slots
+        slot_result = {"slots": {}, "tagged_tokens": []}
+        if self._slot_service and self._slot_service._loaded:
+            slot_result = self._slot_service.extract(sentence)
+
+        # Step 3: Rewrite
+        return rewrite(
+            query=sentence,
+            intents=intent_result["intents"],
+            slots=slot_result["slots"],
+        )
+
+    def _log(self, query: str, result: RewrittenQuery):
+        """Log rewriting details for debugging."""
+        if result.is_rewritten:
+            print(f"[QueryRewriter] '{query}' -> '{result.search_text}'")
+            print(f"[QueryRewriter]   Intents: {result.intents}")
+            print(f"[QueryRewriter]   Slots:   {result.slots}")
+            print(f"[QueryRewriter]   Filters: {result.filters}")
+
+
+# Global singleton
+query_rewriter = QueryRewriterService()

backend/models/ranker.py

@@ -0,0 +1,86 @@
+"""
+Ranker Service — loads the trained CrossEncoder model and scores
+(query, product_title) pairs for relevance ranking.
+Loaded once at startup, reused for all requests.
+"""
+
+import os
+import torch
+import numpy as np
+from transformers import AutoModelForSequenceClassification, AutoTokenizer
+from config import RANKER_MODEL_PATH
+
+
+class RankerService:
+    """Singleton service that scores query-product relevance using a CrossEncoder."""
+
+    def __init__(self):
+        self.model = None
+        self.tokenizer = None
+        self.device = None
+        self._loaded = False
+
+    def load(self):
+        """Load the trained CrossEncoder model and tokenizer. Call once at app startup."""
+        if self._loaded:
+            return
+
+        model_path = RANKER_MODEL_PATH
+        if not os.path.exists(model_path):
+            print(f"[RankerService] WARNING: Model not found at {model_path}")
+            print("[RankerService] Search will use classification-only ranking (no CrossEncoder re-ranking)")
+            return
+
+        print(f"[RankerService] Loading CrossEncoder from {model_path}...")
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+        self.model = AutoModelForSequenceClassification.from_pretrained(model_path).to(self.device)
+        self.tokenizer = AutoTokenizer.from_pretrained(model_path)
+        self.model.eval()
+        self._loaded = True
+        print(f"[RankerService] CrossEncoder loaded on {self.device}")
+
+    def rank(self, query: str, product_titles: list[str], batch_size: int = 64) -> np.ndarray:
+        """
+        Score a query against multiple product titles using the CrossEncoder.
+        Returns a numpy array of relevance scores, shape (N,).
+        Higher score = more relevant.
+        """
+        if not self._loaded:
+            # Return neutral scores if model not loaded
+            return np.zeros(len(product_titles))
+
+        n = len(product_titles)
+        scores = np.zeros(n)
+
+        with torch.no_grad():
+            for i in range(0, n, batch_size):
+                j = min(i + batch_size, n)
+                batch_titles = product_titles[i:j]
+                batch_queries = [query] * len(batch_titles)
+
+                features = self.tokenizer(
+                    batch_queries,
+                    batch_titles,
+                    padding=True,
+                    truncation=True,
+                    return_tensors="pt",
+                ).to(self.device)
+
+                logits = self.model(**features).logits
+                scores[i:j] = logits.squeeze(-1).cpu().numpy()
+
+        return scores
+
+    def normalize_scores(self, scores: np.ndarray) -> np.ndarray:
+        """Normalize scores to [0, 1] range using min-max normalization."""
+        if len(scores) == 0:
+            return scores
+        min_s = scores.min()
+        max_s = scores.max()
+        if max_s - min_s < 1e-8:
+            return np.ones_like(scores)  # All same score → all 1.0
+        return (scores - min_s) / (max_s - min_s)
+
+
+# Global singleton instance
+ranker_service = RankerService()

backend/models/slot_service.py

@@ -0,0 +1,236 @@
+"""
+Slot Extraction Service — runs the trained SlotExtractor (NER) model
+for real-time inference on user queries.
+
+Loaded once at startup, reused for all search requests.
+Extracts: PRODUCT1, PRODUCT2, BRAND, COLOR, PRICE_MIN, PRICE_MAX,
+          PRICE_MOD, RATING_MIN, RATING_MOD, CONN, SIZE, etc.
+"""
+
+import os
+import json
+import torch
+import torch.nn as nn
+import numpy as np
+from transformers import BertModel, BertTokenizerFast
+from config import SLOT_MODEL_PATH, BERT_MODEL_NAME, SLOT_MAX_LENGTH
+
+
+class SlotExtractor(nn.Module):
+    """
+    BERT + token-level classification head for NER/slot extraction.
+    Must match the architecture used during training.
+    """
+
+    def __init__(self, bert_model_name="bert-base-multilingual-uncased", num_tags=20):
+        super().__init__()
+        self.bert = BertModel.from_pretrained(bert_model_name)
+        self.dropout = nn.Dropout(0.3)
+        self.classifier = nn.Linear(768, num_tags)
+
+    def forward(self, input_ids, attention_mask):
+        outputs = self.bert(input_ids=input_ids, attention_mask=attention_mask)
+        sequence_output = outputs.last_hidden_state
+        sequence_output = self.dropout(sequence_output)
+        logits = self.classifier(sequence_output)
+        return logits
+
+
+class SlotService:
+    """Singleton service for slot/entity extraction at inference time."""
+
+    def __init__(self):
+        self.model = None
+        self.tokenizer = None
+        self.device = None
+        self.tag2id = {}
+        self.id2tag = {}
+        self._loaded = False
+
+    def load(self):
+        """Load the trained slot extractor. Call once at app startup."""
+        if self._loaded:
+            return
+
+        model_dir = SLOT_MODEL_PATH
+
+        model_path = os.path.join(model_dir, "model.pt")
+        tag_map_path = os.path.join(model_dir, "tag_map.json")
+        config_path = os.path.join(model_dir, "config.json")
+
+        if not os.path.exists(model_path):
+            print(f"[SlotService] WARNING: Model not found at {model_path}")
+            print("[SlotService] Slot extraction will be unavailable.")
+            return
+
+        self.device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
+
+        # Load tag map
+        if os.path.exists(tag_map_path):
+            with open(tag_map_path, "r") as f:
+                self.tag2id = json.load(f)
+        elif os.path.exists(config_path):
+            with open(config_path, "r") as f:
+                config = json.load(f)
+            tag_names = config.get("tag_names", [])
+            self.tag2id = {tag: i for i, tag in enumerate(tag_names)}
+        else:
+            print("[SlotService] WARNING: No tag_map.json or config.json found")
+            return
+
+        self.id2tag = {v: k for k, v in self.tag2id.items()}
+        num_tags = len(self.tag2id)
+
+        print(f"[SlotService] Loading slot extractor ({num_tags} tags)...")
+        self.model = SlotExtractor(
+            bert_model_name=BERT_MODEL_NAME,
+            num_tags=num_tags,
+        )
+
+        checkpoint = torch.load(model_path, map_location=self.device, weights_only=False)
+        self.model.load_state_dict(checkpoint["model_state_dict"])
+        self.model.to(self.device)
+        self.model.eval()
+
+        self.tokenizer = BertTokenizerFast.from_pretrained(BERT_MODEL_NAME)
+        self._loaded = True
+        print(f"[SlotService] Slot extractor loaded on {self.device}")
+        print(f"[SlotService] Tags: {sorted(self.tag2id.keys())}")
+
+    def extract(self, query: str) -> dict:
+        """
+        Extract slots/entities from a query using BIO tagging.
+
+        Returns:
+            {
+                "slots": {
+                    "PRODUCT1": "shoes",
+                    "BRAND": "Nike",
+                    "COLOR": "blue",
+                    "PRICE_MAX": "3000"
+                },
+                "tagged_tokens": [
+                    ("blue", "B-COLOR"),
+                    ("Nike", "B-BRAND"),
+                    ("shoes", "B-PRODUCT1"),
+                    ("under", "B-PRICE_MOD"),
+                    ("3000", "B-PRICE_MAX")
+                ]
+            }
+        """
+        if not self._loaded:
+            return {"slots": {}, "tagged_tokens": []}
+
+        # Tokenize
+        words = query.split()
+        encoding = self.tokenizer(
+            words,
+            is_split_into_words=True,
+            padding="max_length",
+            truncation=True,
+            max_length=SLOT_MAX_LENGTH,
+            return_tensors="pt",
+        )
+
+        input_ids = encoding["input_ids"].to(self.device)
+        attention_mask = encoding["attention_mask"].to(self.device)
+        word_ids = encoding.word_ids(batch_index=0)
+
+        # Predict
+        with torch.no_grad():
+            logits = self.model(input_ids, attention_mask)
+            preds = torch.argmax(logits, dim=-1).cpu().numpy()[0]
+
+        # Decode: map subword predictions back to words
+        # Only take the first subword prediction for each word
+        word_tags = {}
+        for token_idx, word_idx in enumerate(word_ids):
+            if word_idx is None:
+                continue  # [CLS], [SEP], [PAD]
+            if word_idx not in word_tags:
+                tag_id = int(preds[token_idx])
+                word_tags[word_idx] = self.id2tag.get(tag_id, "O")
+
+        # Build tagged tokens list
+        tagged_tokens = []
+        for word_idx, word in enumerate(words):
+            tag = word_tags.get(word_idx, "O")
+            tagged_tokens.append((word, tag))
+
+        # Merge BIO tags into slot dict
+        slots = self._merge_bio_tags(words, tagged_tokens)
+
+        return {
+            "slots": slots,
+            "tagged_tokens": tagged_tokens,
+        }
+
+    def _merge_bio_tags(self, words: list, tagged_tokens: list) -> dict:
+        """
+        Merge BIO-tagged tokens into a slot dictionary.
+
+        Example:
+            [("blue", "B-COLOR"), ("Nike", "B-BRAND"), ("running", "B-PRODUCT1"),
+             ("shoes", "I-PRODUCT1")]
+            -> {"COLOR": "blue", "BRAND": "Nike", "PRODUCT1": "running shoes"}
+        """
+        slots = {}
+        current_entity = None
+        current_tokens = []
+
+        for word, tag in tagged_tokens:
+            if tag.startswith("B-"):
+                # Save previous entity
+                if current_entity and current_tokens:
+                    slot_key = current_entity
+                    slot_value = " ".join(current_tokens)
+                    # Handle multiple entities of same type (e.g., PRODUCT1, PRODUCT2)
+                    if slot_key in slots:
+                        slots[slot_key] += " " + slot_value
+                    else:
+                        slots[slot_key] = slot_value
+
+                current_entity = tag[2:]  # Strip "B-"
+                current_tokens = [word]
+
+            elif tag.startswith("I-"):
+                entity_type = tag[2:]
+                if entity_type == current_entity:
+                    current_tokens.append(word)
+                else:
+                    # Mismatched I-tag: save current, start new
+                    if current_entity and current_tokens:
+                        slot_key = current_entity
+                        slot_value = " ".join(current_tokens)
+                        if slot_key in slots:
+                            slots[slot_key] += " " + slot_value
+                        else:
+                            slots[slot_key] = slot_value
+                    current_entity = entity_type
+                    current_tokens = [word]
+            else:
+                # O tag: save current entity
+                if current_entity and current_tokens:
+                    slot_key = current_entity
+                    slot_value = " ".join(current_tokens)
+                    if slot_key in slots:
+                        slots[slot_key] += " " + slot_value
+                    else:
+                        slots[slot_key] = slot_value
+                current_entity = None
+                current_tokens = []
+
+        # Save last entity
+        if current_entity and current_tokens:
+            slot_key = current_entity
+            slot_value = " ".join(current_tokens)
+            if slot_key in slots:
+                slots[slot_key] += " " + slot_value
+            else:
+                slots[slot_key] = slot_value
+
+        return slots
+
+
+# Global singleton
+slot_service = SlotService()

backend/requirements.txt

@@ -0,0 +1,26 @@
+# SmartShop Backend - Python Dependencies
+
+# Web framework
+fastapi==0.115.0
+uvicorn[standard]==0.30.6
+python-dotenv==1.0.1
+
+# Database
+supabase==2.7.2
+psycopg[binary]==3.3.2
+
+# ML / AI
+torch>=2.0.0
+transformers>=4.30.0
+numpy>=1.24.0
+
+# Auth
+PyJWT==2.9.0
+bcrypt==4.2.0
+python-multipart==0.0.9
+
+# CORS & other
+pydantic[email]==2.9.0
+
+# HuggingFace Hub (for downloading model weights at build time)
+huggingface_hub>=0.24.0

backend/routes/admin.py

@@ -0,0 +1,2273 @@
+"""
+Admin routes — dashboard, user management, reports, product management.
+Only accessible by admin users (role='admin').
+"""
+
+from fastapi import APIRouter, HTTPException, Depends, Query
+from pydantic import BaseModel
+from typing import Optional
+from database import get_supabase
+from routes.auth import get_current_user
+from datetime import datetime, timedelta, timezone
+
+router = APIRouter(prefix="/admin", tags=["Admin"])
+
+
+# --- Helpers ---
+
+async def require_admin(current_user: dict = Depends(get_current_user)):
+    """Dependency that ensures the current user is an admin."""
+    sb = get_supabase()
+    result = sb.table("users").select("role").eq("id", current_user["sub"]).execute()
+    if not result.data or result.data[0].get("role") != "admin":
+        raise HTTPException(status_code=403, detail="Admin access required")
+    return current_user
+
+
+# --- Request/Response Models ---
+
+class AdminUserResponse(BaseModel):
+    id: str
+    email: str
+    full_name: str
+    role: str
+    is_banned: bool
+    balance: float
+    created_at: str
+    department_id: Optional[str] = None
+    department_name: Optional[str] = None
+
+
+class BanRequest(BaseModel):
+    is_banned: bool
+
+
+class UpdateDepartmentRequest(BaseModel):
+    department_id: Optional[str] = None  # None means remove from department
+
+
+class DashboardResponse(BaseModel):
+    total_users: int
+    total_products: int
+    total_orders: int
+    total_transaction_orders: int = 0
+    total_revenue: float
+    total_sales_volume: float
+    total_admin_earnings: float = 0
+    total_buyers: int = 0
+    total_departments: int = 0
+    total_managers: int = 0
+    total_staff: int = 0
+
+
+class TransactionDetail(BaseModel):
+    id: str
+    buyer_name: str
+    seller_name: str
+    product_title: str
+    quantity: int
+    amount: float
+    seller_amount: float
+    admin_commission: float
+    delivery_fee: float = 0
+    status: str
+    purchase_type: str = "delivery"
+    product_images: list = []
+    created_at: str
+
+
+class DailyIncome(BaseModel):
+    date: str
+    income: float
+    transactions: int
+
+
+class TopSeller(BaseModel):
+    seller_id: str
+    seller_name: str
+    total_sales: float
+    transaction_count: int
+
+
+class TopProduct(BaseModel):
+    product_id: str
+    product_title: str
+    times_sold: int
+    total_revenue: float
+
+
+class ReportsResponse(BaseModel):
+    total_revenue: float
+    total_sales_volume: float
+    total_orders: int
+    avg_transaction_value: float
+    daily_income: list[DailyIncome]
+    top_sellers: list[TopSeller]
+    top_products: list[TopProduct]
+    monthly_income: list[DailyIncome]
+
+
+class AdminProductResponse(BaseModel):
+    id: str
+    seller_id: str
+    seller_name: str
+    title: str
+    description: str
+    price: float
+    stock: int
+    images: list[str]
+    is_active: bool
+    created_at: str
+    department_id: Optional[str] = None
+    department_name: Optional[str] = None
+
+
+class AdminUpdateProductRequest(BaseModel):
+    title: Optional[str] = None
+    price: Optional[float] = None
+    stock: Optional[int] = None
+    is_active: Optional[bool] = None
+
+
+# --- Routes ---
+
+@router.get("/dashboard", response_model=DashboardResponse)
+async def admin_dashboard(admin: dict = Depends(require_admin)):
+    """Get admin dashboard stats."""
+    sb = get_supabase()
+
+    users = sb.table("users").select("id", count="exact").execute()
+    products = sb.table("products").select("id", count="exact").eq("is_active", True).execute()
+    txns = sb.table("product_transactions").select("amount").in_("status", ["completed", "delivered"]).execute()
+    all_txns = sb.table("product_transactions").select("id", count="exact").execute()
+
+    total_volume = sum(float(t.get("amount", 0)) for t in txns.data) if txns.data else 0
+
+    # Admin earnings = total credited to admin from successful transactions
+    earnings = sb.table("admin_earnings").select("amount").execute()
+    total_admin_earnings = sum(float(e["amount"]) for e in (earnings.data or []))
+
+    # Role counts
+    buyers_count = sb.table("users").select("id", count="exact").eq("role", "buyer").execute()
+    managers_count = sb.table("users").select("id", count="exact").eq("role", "manager").execute()
+    staff_count = sb.table("users").select("id", count="exact").eq("role", "seller").execute()
+    departments_count = sb.table("departments").select("id", count="exact").execute()
+
+    return DashboardResponse(
+        total_users=users.count or 0,
+        total_products=products.count or 0,
+        total_orders=len(txns.data) if txns.data else 0,
+        total_transaction_orders=all_txns.count or 0,
+        total_revenue=round(total_volume, 2),
+        total_sales_volume=round(total_volume, 2),
+        total_admin_earnings=round(total_admin_earnings, 2),
+        total_buyers=buyers_count.count or 0,
+        total_departments=departments_count.count or 0,
+        total_managers=managers_count.count or 0,
+        total_staff=staff_count.count or 0,
+    )
+
+
+@router.get("/users", response_model=list[AdminUserResponse])
+async def list_users(
+    search: str = Query("", description="Search by name or email"),
+    role: str = Query("", description="Filter by role (buyer, seller, manager, delivery)"),
+    department_id: str = Query("", description="Filter by department ID"),
+    admin: dict = Depends(require_admin),
+):
+    """List all users. Supports search, role filter, and department filter."""
+    sb = get_supabase()
+
+    query = sb.table("users").select("*")
+
+    if search:
+        query = query.or_(f"full_name.ilike.%{search}%,email.ilike.%{search}%")
+    if role:
+        query = query.eq("role", role)
+    if department_id:
+        query = query.eq("department_id", department_id)
+
+    users = query.order("created_at", desc=True).execute()
+
+    # Get department names for users with department_id
+    dept_ids = set(u.get("department_id") for u in (users.data or []) if u.get("department_id"))
+    dept_names = {}
+    if dept_ids:
+        depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+
+    result = []
+    for u in users.data:
+        result.append(AdminUserResponse(
+            id=u["id"],
+            email=u["email"],
+            full_name=u["full_name"],
+            role=u["role"],
+            is_banned=u.get("is_banned", False),
+            balance=0.0,
+            created_at=u["created_at"],
+            department_id=u.get("department_id"),
+            department_name=dept_names.get(u.get("department_id", ""), None),
+        ))
+    return result
+
+
+@router.put("/users/{user_id}/ban")
+async def ban_user(user_id: str, req: BanRequest, admin: dict = Depends(require_admin)):
+    """Ban or unban a user. Admins cannot be banned."""
+    sb = get_supabase()
+
+    target = sb.table("users").select("role").eq("id", user_id).execute()
+    if not target.data:
+        raise HTTPException(status_code=404, detail="User not found")
+    if target.data[0].get("role") == "admin":
+        raise HTTPException(status_code=400, detail="Cannot ban an admin account")
+
+    sb.table("users").update({"is_banned": req.is_banned}).eq("id", user_id).execute()
+    return {"message": f"User {'banned' if req.is_banned else 'unbanned'} successfully"}
+
+
+@router.put("/users/{user_id}/department")
+async def update_user_department(user_id: str, req: UpdateDepartmentRequest, admin: dict = Depends(require_admin)):
+    """Assign or remove a user from a department/store. Only for seller and manager roles."""
+    sb = get_supabase()
+
+    target = sb.table("users").select("id, role, department_id").eq("id", user_id).execute()
+    if not target.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user = target.data[0]
+    if user["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=400, detail="Only staff (seller) and manager users can be assigned to a store")
+
+    if req.department_id:
+        dept = sb.table("departments").select("id, manager_id").eq("id", req.department_id).execute()
+        if not dept.data:
+            raise HTTPException(status_code=404, detail="Store not found")
+        # If assigning a manager, ensure the department doesn't already have a different manager
+        if user["role"] == "manager" and dept.data[0].get("manager_id") and dept.data[0]["manager_id"] != user_id:
+            raise HTTPException(status_code=400, detail="This store already has a manager assigned")
+
+    # Remove from old department if was a manager there
+    if user["role"] == "manager" and user.get("department_id"):
+        sb.table("departments").update({"manager_id": None}).eq("manager_id", user_id).execute()
+
+    # Update user's department
+    sb.table("users").update({"department_id": req.department_id}).eq("id", user_id).execute()
+
+    # If assigning a manager to a new department, set them as the department's manager
+    if user["role"] == "manager" and req.department_id:
+        sb.table("departments").update({"manager_id": user_id}).eq("id", req.department_id).execute()
+
+    if req.department_id:
+        return {"message": "User assigned to store successfully"}
+    return {"message": "User removed from store successfully"}
+
+
+@router.delete("/users/{user_id}")
+async def delete_user(user_id: str, admin: dict = Depends(require_admin)):
+    """Permanently delete a user and all their associated data."""
+    sb = get_supabase()
+
+    target = sb.table("users").select("role, id").eq("id", user_id).execute()
+    if not target.data:
+        raise HTTPException(status_code=404, detail="User not found")
+    if target.data[0].get("role") == "admin":
+        raise HTTPException(status_code=400, detail="Cannot delete an admin account")
+    if user_id == admin["sub"]:
+        raise HTTPException(status_code=400, detail="Cannot delete your own account")
+
+    # Delete only non-financial personal data.
+    # Financial records (product_transactions, delivery_earnings, salary_payments,
+    # admin_withdrawals, products) are preserved — their user FKs are set to NULL
+    # automatically via ON DELETE SET NULL (migration_v10).
+    sb.table("wishlist_items").delete().eq("buyer_id", user_id).execute()
+    sb.table("cart_items").delete().eq("buyer_id", user_id).execute()
+    sb.table("stored_value").delete().eq("user_id", user_id).execute()
+    sb.table("user_balances").delete().eq("user_id", user_id).execute()
+    sb.table("user_contacts").delete().eq("user_id", user_id).execute()
+
+    # Finally delete the user — DB cascades/nullifies all remaining FK references
+    sb.table("users").delete().eq("id", user_id).execute()
+
+    return {"message": "User permanently deleted"}
+
+
+@router.get("/transactions", response_model=list[TransactionDetail])
+async def list_transactions(
+    search: str = Query("", description="Search by buyer or seller name"),
+    txn_type: str = Query("", description="Filter by purchase_type (delivery/walk-in)"),
+    status: str = Query("", description="Filter by transaction status"),
+    date_range: str = Query("", description="day, week, month, or specific"),
+    specific_date: str = Query("", description="YYYY-MM-DD if date_range is specific"),
+    admin: dict = Depends(require_admin),
+):
+    """List all product transactions with search and filters support."""
+    sb = get_supabase()
+
+    q = sb.table("product_transactions").select(
+        "*, products(title, images)"
+    ).order("created_at", desc=True)
+
+    if txn_type:
+        q = q.eq("purchase_type", txn_type)
+    if status:
+        q = q.eq("status", status)
+
+    # Basic date filters locally since we fetch all matching
+    txns = q.execute()
+
+    if not txns.data:
+        return []
+
+    # Local date filtering
+    filtered_data = []
+    from datetime import datetime, timedelta
+    
+    today = datetime.now()
+    if date_range == "day":
+        start = today.replace(hour=0, minute=0, second=0, microsecond=0)
+    elif date_range == "week":
+        start = today - timedelta(days=today.weekday())
+        start = start.replace(hour=0, minute=0, second=0, microsecond=0)
+    elif date_range == "month":
+        start = today.replace(day=1, hour=0, minute=0, second=0, microsecond=0)
+    elif date_range == "specific" and specific_date:
+        try:
+            start = datetime.strptime(specific_date, "%Y-%m-%d")
+        except:
+            start = None
+    else:
+        start = None
+
+    for t in txns.data:
+        try:
+            dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00")).replace(tzinfo=None)
+            if start:
+                if date_range == "specific":
+                    # For specific date, must match exactly the day
+                    if dt.date() != start.date():
+                        continue
+                else:
+                    if dt < start:
+                        continue
+            filtered_data.append(t)
+        except:
+            filtered_data.append(t)
+
+    txns.data = filtered_data
+
+    # Get all user IDs we need names for
+    user_ids = set()
+    for t in txns.data:
+        user_ids.add(t["buyer_id"])
+        user_ids.add(t["seller_id"])
+
+    users_result = sb.table("users").select("id, full_name, department_id").in_("id", list(user_ids)).execute()
+    user_map = {u["id"]: u for u in users_result.data} if users_result.data else {}
+
+    # Batch-lookup department names for sellers with department_id
+    dept_ids = set()
+    for u in (users_result.data or []):
+        if u.get("department_id"):
+            dept_ids.add(u["department_id"])
+
+    dept_names = {}
+    if dept_ids:
+        depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+
+    def get_display_name(user_id):
+        u = user_map.get(user_id)
+        if not u:
+            return "Unknown"
+        dept_id = u.get("department_id")
+        if dept_id and dept_id in dept_names:
+            return dept_names[dept_id]
+        return u.get("full_name", "Unknown")
+
+    results = []
+    for t in txns.data:
+        buyer_name = user_map.get(t["buyer_id"], {}).get("full_name", "Unknown")
+        seller_name = get_display_name(t["seller_id"])
+        product_title = ""
+        if t.get("products"):
+            product_title = t["products"].get("title", "") if isinstance(t["products"], dict) else ""
+
+        if search:
+            search_lower = search.lower()
+            if (search_lower not in buyer_name.lower() and
+                search_lower not in seller_name.lower() and
+                search_lower not in product_title.lower()):
+                continue
+
+        product_images = []
+        if t.get("products") and isinstance(t["products"], dict):
+            product_images = t["products"].get("images", []) or []
+
+        results.append(TransactionDetail(
+            id=t["id"],
+            buyer_name=buyer_name,
+            seller_name=seller_name,
+            product_title=product_title,
+            quantity=int(t.get("quantity", 1)),
+            amount=float(t["amount"]),
+            seller_amount=float(t.get("seller_amount", 0)),
+            admin_commission=float(t.get("admin_commission", 0)),
+            delivery_fee=float(t.get("delivery_fee", 0)),
+            status=t["status"],
+            purchase_type=t.get("purchase_type", "delivery"),
+            product_images=product_images,
+            created_at=t["created_at"],
+        ))
+
+    return results
+
+
+@router.get("/reports", response_model=ReportsResponse)
+async def admin_reports(admin: dict = Depends(require_admin)):
+    """Detailed admin reports with data for graphs."""
+    sb = get_supabase()
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title)"
+    ).in_("status", ["completed", "delivered"]).order("created_at", desc=True).execute()
+
+    if not txns.data:
+        return ReportsResponse(
+            total_revenue=0, total_sales_volume=0, total_orders=0,
+            avg_transaction_value=0, daily_income=[], top_sellers=[],
+            top_products=[], monthly_income=[],
+        )
+
+    seller_ids = set(t["seller_id"] for t in txns.data)
+    users_result = sb.table("users").select("id, full_name, department_id").in_("id", list(seller_ids)).execute()
+    user_map = {u["id"]: u for u in users_result.data} if users_result.data else {}
+
+    # Batch-lookup department names
+    dept_ids = set()
+    for u in (users_result.data or []):
+        if u.get("department_id"):
+            dept_ids.add(u["department_id"])
+
+    dept_names = {}
+    if dept_ids:
+        depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+
+    def get_seller_display_name(seller_id):
+        u = user_map.get(seller_id)
+        if not u:
+            return "Unknown"
+        dept_id = u.get("department_id")
+        if dept_id and dept_id in dept_names:
+            return dept_names[dept_id]
+        return u.get("full_name", "Unknown")
+
+    # Admin income comes from admin_earnings (credited on successful transactions)
+    earnings_data = sb.table("admin_earnings").select("amount, created_at").order("created_at", desc=True).execute()
+
+    total_income = 0
+    daily_data = {}
+    monthly_data = {}
+    for e in (earnings_data.data or []):
+        e_amount = float(e["amount"])
+        total_income += e_amount
+        try:
+            dt = datetime.fromisoformat(e["created_at"].replace("Z", "+00:00"))
+            day_key = dt.strftime("%Y-%m-%d")
+            month_key = dt.strftime("%Y-%m")
+        except Exception:
+            day_key = e["created_at"][:10]
+            month_key = e["created_at"][:7]
+
+        if day_key not in daily_data:
+            daily_data[day_key] = {"income": 0, "count": 0}
+        daily_data[day_key]["income"] += e_amount
+        daily_data[day_key]["count"] += 1
+
+        if month_key not in monthly_data:
+            monthly_data[month_key] = {"income": 0, "count": 0}
+        monthly_data[month_key]["income"] += e_amount
+        monthly_data[month_key]["count"] += 1
+
+    # Sales volume and top sellers/products from transactions
+    total_volume = 0
+    seller_data = {}
+    product_data = {}
+
+    for t in txns.data:
+        amount = float(t["amount"])
+        total_volume += amount
+
+        sid = t["seller_id"]
+        if sid not in seller_data:
+            seller_data[sid] = {"name": get_seller_display_name(sid), "total": 0, "count": 0}
+        seller_data[sid]["total"] += amount
+        seller_data[sid]["count"] += 1
+
+        pid = t["product_id"]
+        ptitle = ""
+        if t.get("products"):
+            ptitle = t["products"].get("title", "") if isinstance(t["products"], dict) else ""
+        if pid not in product_data:
+            product_data[pid] = {"title": ptitle, "count": 0, "revenue": 0}
+        product_data[pid]["count"] += 1
+        product_data[pid]["revenue"] += amount
+
+    daily_income = sorted([
+        DailyIncome(date=k, income=round(v["income"], 2), transactions=v["count"])
+        for k, v in daily_data.items()
+    ], key=lambda x: x.date, reverse=True)[:30]
+
+    monthly_income = sorted([
+        DailyIncome(date=k, income=round(v["income"], 2), transactions=v["count"])
+        for k, v in monthly_data.items()
+    ], key=lambda x: x.date, reverse=True)[:12]
+
+    top_sellers = sorted([
+        TopSeller(seller_id=k, seller_name=v["name"], total_sales=round(v["total"], 2), transaction_count=v["count"])
+        for k, v in seller_data.items()
+    ], key=lambda x: x.total_sales, reverse=True)[:10]
+
+    top_products = sorted([
+        TopProduct(product_id=k, product_title=v["title"], times_sold=v["count"], total_revenue=round(v["revenue"], 2))
+        for k, v in product_data.items()
+    ], key=lambda x: x.total_revenue, reverse=True)[:10]
+
+    avg_val = total_volume / len(txns.data) if txns.data else 0
+
+    return ReportsResponse(
+        total_revenue=round(total_income, 2),
+        total_sales_volume=round(total_volume, 2),
+        total_orders=len(txns.data),
+        avg_transaction_value=round(avg_val, 2),
+        daily_income=daily_income,
+        top_sellers=top_sellers,
+        top_products=top_products,
+        monthly_income=monthly_income,
+    )
+
+
+# --- Product Management ---
+
+@router.get("/products", response_model=list[AdminProductResponse])
+async def list_admin_products(
+    search: str = Query("", description="Search by product title"),
+    admin: dict = Depends(require_admin),
+):
+    """List all products for admin management."""
+    sb = get_supabase()
+
+    if search:
+        products = sb.table("products").select("*, users!products_seller_id_fkey(full_name, department_id)").eq(
+            "is_active", True
+        ).ilike("title", f"%{search}%").order("created_at", desc=True).limit(200).execute()
+    else:
+        products = sb.table("products").select("*, users!products_seller_id_fkey(full_name, department_id)").eq(
+            "is_active", True
+        ).order("created_at", desc=True).limit(200).execute()
+
+    # Batch-lookup department names
+    dept_ids = set()
+    for p in products.data:
+        user_info = p.get("users") or {}
+        dept_id = user_info.get("department_id")
+        if dept_id:
+            dept_ids.add(dept_id)
+
+    dept_names = {}
+    if dept_ids:
+        depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+
+    results = []
+    for p in products.data:
+        user_info = p.get("users") or {}
+        dept_id = user_info.get("department_id")
+        if dept_id and dept_id in dept_names:
+            seller_name = dept_names[dept_id]
+        else:
+            seller_name = user_info.get("full_name", "")
+
+        results.append(AdminProductResponse(
+            id=p["id"],
+            seller_id=p["seller_id"],
+            seller_name=seller_name,
+            title=p["title"],
+            description=p.get("description", ""),
+            price=float(p["price"]),
+            stock=int(p.get("stock", 0)),
+            images=p.get("images") or [],
+            is_active=p["is_active"],
+            created_at=p["created_at"],
+            department_id=dept_id,
+            department_name=dept_names.get(dept_id) if dept_id else None,
+        ))
+    return results
+
+
+@router.put("/products/{product_id}", response_model=AdminProductResponse)
+async def admin_update_product(
+    product_id: str,
+    req: AdminUpdateProductRequest,
+    admin: dict = Depends(require_admin),
+):
+    """Admin can update product title, price, stock, and active status."""
+    sb = get_supabase()
+
+    existing = sb.table("products").select("id").eq("id", product_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    update_data = {k: v for k, v in req.model_dump().items() if v is not None}
+    if not update_data:
+        raise HTTPException(status_code=400, detail="No fields to update")
+
+    result = sb.table("products").update(update_data).eq("id", product_id).execute()
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to update product")
+
+    # Re-fetch with seller name
+    p_result = sb.table("products").select("*, users!products_seller_id_fkey(full_name, department_id)").eq("id", product_id).execute()
+    p = p_result.data[0]
+
+    user_info = p.get("users") or {}
+    dept_id = user_info.get("department_id")
+    seller_name = user_info.get("full_name", "")
+    if dept_id:
+        dept_resp = sb.table("departments").select("name").eq("id", dept_id).execute()
+        if dept_resp.data:
+            seller_name = dept_resp.data[0]["name"]
+
+    return AdminProductResponse(
+        id=p["id"],
+        seller_id=p["seller_id"],
+        seller_name=seller_name,
+        title=p["title"],
+        description=p.get("description", ""),
+        price=float(p["price"]),
+        stock=int(p.get("stock", 0)),
+        images=p.get("images") or [],
+        is_active=p["is_active"],
+        created_at=p["created_at"],
+        department_id=dept_id,
+        department_name=seller_name if dept_id else None,
+    )
+
+
+# --- User Detail (Clickable Panel) ---
+
+@router.get("/users/{user_id}/detail")
+async def get_user_detail(user_id: str, admin: dict = Depends(require_admin)):
+    """Get full user detail for admin slide panel: report, history, transactions."""
+    sb = get_supabase()
+
+    # 1. User info
+    user_resp = sb.table("users").select("*, user_balances(balance), user_contacts(contact_number)").eq("id", user_id).execute()
+    if not user_resp.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    u = user_resp.data[0]
+    bal = 0.0
+    if u.get("user_balances"):
+        if isinstance(u["user_balances"], list) and len(u["user_balances"]) > 0:
+            bal = float(u["user_balances"][0].get("balance", 0))
+        elif isinstance(u["user_balances"], dict):
+            bal = float(u["user_balances"].get("balance", 0))
+
+    contact = ""
+    if u.get("user_contacts"):
+        if isinstance(u["user_contacts"], list) and len(u["user_contacts"]) > 0:
+            contact = u["user_contacts"][0].get("contact_number", "")
+        elif isinstance(u["user_contacts"], dict):
+            contact = u["user_contacts"].get("contact_number", "")
+
+    # 2. Transactions — for sellers, also fetch by assigned_staff_id for full coverage
+    bought = sb.table("product_transactions").select("*, products(title, images)").eq("buyer_id", user_id).order("created_at", desc=True).limit(50).execute()
+    sold = sb.table("product_transactions").select("*, products(title, images)").eq("seller_id", user_id).order("created_at", desc=True).limit(50).execute()
+    delivered = sb.table("product_transactions").select("*, products(title, images)").eq("delivery_user_id", user_id).order("created_at", desc=True).limit(50).execute()
+
+    # For sellers, also fetch transactions assigned to them
+    assigned_txns_data = []
+    if u["role"] == "seller":
+        try:
+            assigned = sb.table("product_transactions").select("*, products(title, images)").eq(
+                "assigned_staff_id", user_id
+            ).order("created_at", desc=True).limit(100).execute()
+            assigned_txns_data = assigned.data or []
+        except Exception:
+            assigned_txns_data = []
+
+    # Merge and deduplicate
+    all_txns = (bought.data or []) + (sold.data or []) + (delivered.data or []) + assigned_txns_data
+    seen = set()
+    transactions = []
+    raw_txns = []  # Keep raw data for seller infographics
+    for t in all_txns:
+        if t["id"] not in seen:
+            seen.add(t["id"])
+            raw_txns.append(t)
+            transactions.append({
+                "id": t["id"],
+                "product_title": (t.get("products") or {}).get("title", ""),
+                "amount": float(t["amount"]),
+                "quantity": int(t.get("quantity", 1)),
+                "status": t["status"],
+                "role_in_txn": "buyer" if t["buyer_id"] == user_id else ("seller" if t["seller_id"] == user_id else "delivery"),
+                "created_at": t["created_at"],
+            })
+    transactions.sort(key=lambda x: x["created_at"], reverse=True)
+    raw_txns.sort(key=lambda x: x["created_at"], reverse=True)
+
+    # 3. Report: daily/weekly/monthly breakdown
+    daily_data = {}
+    monthly_data = {}
+    today_str = datetime.now(timezone.utc).strftime("%Y-%m-%d")
+    completed_statuses = ("completed", "delivered")
+
+    # Seller-specific counters
+    completed_count = 0
+    total_items = 0
+    today_tasks = 0
+    delivery_items_today = 0
+    products_handled = {}
+
+    for t in raw_txns:
+        amt = float(t["amount"])
+        qty = int(t.get("quantity", 1))
+        status = t["status"]
+        purchase_type = t.get("purchase_type", "delivery")
+        is_completed = status in completed_statuses
+
+        try:
+            dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+            day_key = dt.strftime("%Y-%m-%d")
+            month_key = dt.strftime("%Y-%m")
+        except Exception:
+            day_key = t["created_at"][:10]
+            month_key = t["created_at"][:7]
+
+        if day_key not in daily_data:
+            daily_data[day_key] = {"amount": 0, "count": 0, "delivery_items": 0}
+        daily_data[day_key]["amount"] += amt
+        daily_data[day_key]["count"] += 1
+        if is_completed:
+            daily_data[day_key]["delivery_items"] += qty
+
+        if month_key not in monthly_data:
+            monthly_data[month_key] = {"amount": 0, "count": 0}
+        monthly_data[month_key]["amount"] += amt
+        monthly_data[month_key]["count"] += 1
+
+        # Seller-specific metrics
+        if u["role"] == "seller" and is_completed:
+            completed_count += 1
+            total_items += qty
+            if day_key == today_str:
+                today_tasks += 1
+                delivery_items_today += qty
+
+            # Track recent products handled
+            pid = t["product_id"]
+            prod_info = t.get("products") or {}
+            if pid not in products_handled:
+                products_handled[pid] = {
+                    "product_id": pid,
+                    "product_title": prod_info.get("title", ""),
+                    "product_image": ((prod_info.get("images") or [""])[0]) if prod_info.get("images") else "",
+                    "quantity_processed": 0,
+                    "last_handled": t["created_at"],
+                    "purchase_type": purchase_type,
+                }
+            products_handled[pid]["quantity_processed"] += qty
+
+    daily = sorted(
+        [{"date": k, "amount": round(v["amount"], 2), "count": v["count"],
+          "delivery_items": v["delivery_items"]}
+         for k, v in daily_data.items()],
+        key=lambda x: x["date"], reverse=True
+    )[:30]
+
+    monthly = sorted(
+        [{"date": k, "amount": round(v["amount"], 2), "count": v["count"]} for k, v in monthly_data.items()],
+        key=lambda x: x["date"], reverse=True
+    )[:12]
+
+    recent_products_handled = sorted(
+        products_handled.values(), key=lambda x: x["last_handled"], reverse=True
+    )[:20] if u["role"] == "seller" else []
+
+    # 4. SVF history
+    svf = sb.table("stored_value").select("*").eq("user_id", user_id).order("created_at", desc=True).limit(50).execute()
+
+    # 5. Seller products (if user is a seller)
+    seller_products = []
+    if u["role"] == "seller":
+        prods = sb.table("products").select("id, title, price, stock, images, is_active, created_at").eq("seller_id", user_id).order("created_at", desc=True).limit(50).execute()
+        seller_products = [
+            {
+                "id": p["id"],
+                "title": p["title"],
+                "price": float(p["price"]),
+                "stock": int(p.get("stock", 0)),
+                "image_url": (p.get("images") or [""])[0] if p.get("images") else "",
+                "is_active": p["is_active"],
+                "created_at": p["created_at"],
+            }
+            for p in (prods.data or [])
+        ]
+
+    return {
+        "user": {
+            "id": u["id"],
+            "email": u["email"],
+            "full_name": u["full_name"],
+            "role": u["role"],
+            "is_banned": u.get("is_banned", False),
+            "balance": bal,
+            "contact_number": contact,
+            "created_at": u["created_at"],
+        },
+        "report": {
+            "total_transactions": len(transactions),
+            "total_amount": round(sum(t["amount"] for t in transactions), 2),
+            "total_completed_tasks": completed_count,
+            "total_items_processed": total_items,
+            "tasks_completed_today": today_tasks,
+            "delivery_items_today": delivery_items_today,
+            "daily": daily,
+            "monthly": monthly,
+        },
+        "transactions": transactions[:50],
+        "seller_products": seller_products,
+        "recent_products_handled": recent_products_handled,
+        "svf_history": [
+            {
+                "id": s["id"],
+                "type": s["transaction_type"],
+                "amount": float(s["amount"]),
+                "created_at": s["created_at"],
+            }
+            for s in (svf.data or [])
+        ],
+    }
+
+
+# --- Admin: Product approval (pending / approved / unapproved) ---
+
+@router.get("/pending-products")
+async def admin_get_pending_products(admin: dict = Depends(require_admin)):
+    """Get all products with status 'pending', with seller info."""
+    sb = get_supabase()
+    prods = sb.table("products").select("*").eq("status", "pending").order("created_at", desc=True).execute()
+
+    results = []
+    for p in (prods.data or []):
+        seller = sb.table("users").select("full_name, email, department_id").eq("id", p["seller_id"]).execute()
+        seller_info = seller.data[0] if seller.data else {}
+
+        seller_name = seller_info.get("full_name", "Unknown")
+        dept_id = seller_info.get("department_id")
+        if dept_id:
+            dept_resp = sb.table("departments").select("name").eq("id", dept_id).execute()
+            if dept_resp.data:
+                seller_name = dept_resp.data[0]["name"]
+
+        results.append({
+            "id": p["id"],
+            "title": p["title"],
+            "description": p.get("description", ""),
+            "price": float(p["price"]),
+            "stock": p["stock"],
+            "images": p.get("images", []),
+            "seller_id": p["seller_id"],
+            "seller_name": seller_name,
+            "seller_email": seller_info.get("email", ""),
+            "status": p["status"],
+            "created_at": p["created_at"],
+        })
+
+    return results
+
+
+@router.put("/products/{product_id}/approve")
+async def admin_approve_product(
+    product_id: str,
+    admin: dict = Depends(require_admin),
+):
+    """Approve a product (pending → approved) so it can be listed and sold."""
+    sb = get_supabase()
+
+    prod = sb.table("products").select("status").eq("id", product_id).execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["status"] != "pending":
+        raise HTTPException(status_code=400, detail=f"Can only approve products with status 'pending'. Current: {prod.data[0]['status']}")
+
+    sb.table("products").update({"status": "approved"}).eq("id", product_id).execute()
+    return {"message": "Product approved"}
+
+
+@router.put("/products/{product_id}/unapprove")
+async def admin_unapprove_product(
+    product_id: str,
+    admin: dict = Depends(require_admin),
+):
+    """Unapprove a product (pending → unapproved)."""
+    sb = get_supabase()
+
+    prod = sb.table("products").select("status").eq("id", product_id).execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["status"] != "pending":
+        raise HTTPException(status_code=400, detail=f"Can only unapprove products with status 'pending'. Current: {prod.data[0]['status']}")
+
+    sb.table("products").update({"status": "unapproved"}).eq("id", product_id).execute()
+    return {"message": "Product unapproved"}
+
+
+# --- Delivery User Registration ---
+
+class DeliveryRegisterRequest(BaseModel):
+    full_name: str
+    email: str
+    password: str
+    contact_number: str
+
+
+@router.post("/delivery/register")
+async def admin_register_delivery(
+    req: DeliveryRegisterRequest,
+    admin: dict = Depends(require_admin),
+):
+    """Admin-only: register a new delivery user with unique name, email, and contact."""
+    import bcrypt
+    import traceback
+
+    try:
+        sb = get_supabase()
+
+        # Check unique email
+        existing_email = sb.table("users").select("id").eq("email", req.email).execute()
+        if existing_email.data:
+            raise HTTPException(status_code=400, detail="Email already registered")
+
+        # Check unique full_name
+        existing_name = sb.table("users").select("id").eq("full_name", req.full_name).execute()
+        if existing_name.data:
+            raise HTTPException(status_code=400, detail="Full name already taken")
+
+        # Check unique contact_number
+        existing_contact = sb.table("user_contacts").select("user_id").eq("contact_number", req.contact_number).execute()
+        if existing_contact.data:
+            raise HTTPException(status_code=400, detail="Contact number already registered")
+
+        # Hash password
+        password_hash = bcrypt.hashpw(req.password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+        # Create user with delivery role
+        result = sb.table("users").insert({
+            "email": req.email,
+            "password_hash": password_hash,
+            "full_name": req.full_name,
+            "role": "delivery",
+            "is_banned": False,
+        }).execute()
+
+        if not result.data:
+            raise HTTPException(status_code=500, detail="Failed to create delivery user")
+
+        user = result.data[0]
+
+        # Create balance
+        sb.table("user_balances").insert({"user_id": user["id"], "balance": 0.00}).execute()
+
+        # Create contact
+        sb.table("user_contacts").insert({"user_id": user["id"], "contact_number": req.contact_number}).execute()
+
+        return {
+            "message": "Delivery user registered successfully",
+            "user": {
+                "id": user["id"],
+                "full_name": user["full_name"],
+                "email": user["email"],
+                "role": "delivery",
+                "contact_number": req.contact_number,
+            },
+        }
+
+    except HTTPException:
+        raise  # Re-raise HTTP exceptions as-is
+    except Exception as e:
+        print(f"[DeliveryRegister] ERROR: {e}")
+        traceback.print_exc()
+        raise HTTPException(status_code=500, detail=f"Registration failed: {str(e)}")
+
+
+# --- Department CRUD ---
+
+class DepartmentCreateRequest(BaseModel):
+    name: str
+    description: str = ""
+
+
+class DepartmentUpdateRequest(BaseModel):
+    name: Optional[str] = None
+    description: Optional[str] = None
+
+
+@router.post("/departments")
+async def create_department(req: DepartmentCreateRequest, admin: dict = Depends(require_admin)):
+    """Create a new department."""
+    sb = get_supabase()
+
+    existing = sb.table("departments").select("id").eq("name", req.name).execute()
+    if existing.data:
+        raise HTTPException(status_code=400, detail="Department name already exists")
+
+    result = sb.table("departments").insert({
+        "name": req.name,
+        "description": req.description,
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create department")
+
+    return {"message": "Department created", "department": result.data[0]}
+
+
+@router.get("/departments")
+async def list_departments(admin: dict = Depends(require_admin)):
+    """List all departments with manager info and staff count."""
+    sb = get_supabase()
+
+    depts = sb.table("departments").select("*").order("created_at", desc=True).execute()
+
+    results = []
+    for d in (depts.data or []):
+        # Get manager name
+        manager_name = ""
+        if d.get("manager_id"):
+            mgr = sb.table("users").select("full_name").eq("id", d["manager_id"]).execute()
+            if mgr.data:
+                manager_name = mgr.data[0]["full_name"]
+
+        # Staff count
+        staff = sb.table("users").select("id", count="exact").eq("department_id", d["id"]).eq("role", "seller").execute()
+
+        # Products count (via staff + manager)
+        staff_ids_result = sb.table("users").select("id").eq("department_id", d["id"]).eq("role", "seller").execute()
+        staff_ids = [s["id"] for s in (staff_ids_result.data or [])]
+        # Include manager's own products/transactions
+        if d.get("manager_id") and d["manager_id"] not in staff_ids:
+            staff_ids.append(d["manager_id"])
+
+        product_count = 0
+        low_stock_count = 0
+        if staff_ids:
+            prods = sb.table("products").select("id, stock").in_("seller_id", staff_ids).eq("is_active", True).execute()
+            product_count = len(prods.data) if prods.data else 0
+            low_stock_count = sum(1 for p in (prods.data or []) if int(p.get("stock", 0)) < 5)
+
+        # Revenue and order counts from completed transactions
+        total_revenue = 0
+        total_orders = 0
+        delivery_orders = 0
+        if staff_ids:
+            txns = sb.table("product_transactions").select(
+                "seller_amount"
+            ).in_("seller_id", staff_ids).in_("status", ["delivered", "completed"]).execute()
+            for t in (txns.data or []):
+                total_revenue += float(t.get("seller_amount", 0))
+                total_orders += 1
+                delivery_orders += 1
+
+        results.append({
+            "id": d["id"],
+            "name": d["name"],
+            "description": d.get("description", ""),
+            "manager_id": d.get("manager_id"),
+            "manager_name": manager_name,
+            "staff_count": staff.count or 0,
+            "product_count": product_count,
+            "low_stock_count": low_stock_count,
+            "total_revenue": round(total_revenue, 2),
+            "total_orders": total_orders,
+            "delivery_orders": delivery_orders,
+            "created_at": d["created_at"],
+        })
+
+    return results
+
+
+@router.get("/departments/{dept_id}")
+async def get_department_detail(dept_id: str, admin: dict = Depends(require_admin)):
+    """Get detailed department info with sales data for graphs."""
+    sb = get_supabase()
+
+    dept = sb.table("departments").select("*").eq("id", dept_id).execute()
+    if not dept.data:
+        raise HTTPException(status_code=404, detail="Department not found")
+
+    d = dept.data[0]
+
+    # Manager info
+    manager_name = ""
+    if d.get("manager_id"):
+        mgr = sb.table("users").select("full_name, email").eq("id", d["manager_id"]).execute()
+        if mgr.data:
+            manager_name = mgr.data[0]["full_name"]
+
+    # Staff in department
+    staff_result = sb.table("users").select("id, full_name, email, is_banned, created_at").eq(
+        "department_id", dept_id
+    ).eq("role", "seller").order("created_at", desc=True).execute()
+    staff_ids = [s["id"] for s in (staff_result.data or [])]
+    # Include manager's own products/transactions
+    if d.get("manager_id") and d["manager_id"] not in staff_ids:
+        staff_ids.append(d["manager_id"])
+
+    # Products with revenue data
+    product_count = 0
+    low_stock_count = 0
+    department_products = []
+    if staff_ids:
+        prods = sb.table("products").select("id, title, images, price, stock, is_active").in_("seller_id", staff_ids).eq("is_active", True).execute()
+        product_count = len(prods.data) if prods.data else 0
+        low_stock_count = sum(1 for p in (prods.data or []) if int(p.get("stock", 0)) < 5)
+
+        # Get revenue per product from completed transactions
+        if prods.data:
+            prod_ids = [p["id"] for p in prods.data]
+            prod_txns = sb.table("product_transactions").select(
+                "product_id, amount"
+            ).in_("product_id", prod_ids).in_("status", ["delivered", "completed"]).execute()
+            prod_revenue = {}
+            for pt in (prod_txns.data or []):
+                pid = pt["product_id"]
+                prod_revenue[pid] = prod_revenue.get(pid, 0) + float(pt["amount"])
+
+            for p in prods.data:
+                department_products.append({
+                    "id": p["id"],
+                    "title": p["title"],
+                    "images": p.get("images", []),
+                    "price": float(p["price"]),
+                    "stock": int(p.get("stock", 0)),
+                    "total_revenue": round(prod_revenue.get(p["id"], 0), 2),
+                })
+            # Sort by revenue descending
+            department_products.sort(key=lambda x: x["total_revenue"], reverse=True)
+
+    # Pending restock requests for this department (include in-delivery)
+    pending_restocks = []
+    restock_result = sb.table("restock_requests").select(
+        "*, products(title, images, stock)"
+    ).eq("department_id", dept_id).in_("status", ["pending_manager", "approved_manager", "accepted_delivery", "in_transit"]).order("created_at", desc=True).limit(20).execute()
+    if restock_result.data:
+        rs_staff_ids = set(r["staff_id"] for r in restock_result.data)
+        # Also collect delivery user IDs
+        rs_delivery_ids = set(r["delivery_user_id"] for r in restock_result.data if r.get("delivery_user_id"))
+        all_user_ids = rs_staff_ids | rs_delivery_ids
+        rs_users = sb.table("users").select("id, full_name, role").in_("id", list(all_user_ids)).execute() if all_user_ids else None
+        rs_user_map = {u["id"]: {"name": u["full_name"], "role": u.get("role", "")} for u in (rs_users.data or [])} if rs_users else {}
+        for r in restock_result.data:
+            prod_info = r.get("products") or {}
+            requester = rs_user_map.get(r["staff_id"], {"name": "Unknown", "role": ""})
+            delivery_info = rs_user_map.get(r.get("delivery_user_id", ""), {"name": "", "role": ""})
+            pending_restocks.append({
+                "id": r["id"],
+                "product_title": prod_info.get("title", ""),
+                "product_images": prod_info.get("images", []),
+                "current_stock": int(prod_info.get("stock", 0)),
+                "requested_quantity": r["requested_quantity"],
+                "approved_quantity": r.get("approved_quantity"),
+                "status": r["status"],
+                "requested_by": requester["name"],
+                "requested_by_role": requester["role"],
+                "delivery_user_name": delivery_info["name"],
+                "created_at": r["created_at"],
+            })
+
+    # Transaction data for sales graphs
+    daily_sales = {}
+    weekly_sales = {}
+    monthly_sales = {}
+    delivery_earnings = {}
+    total_revenue = 0
+    total_orders = 0
+    delivery_order_count = 0
+
+    if staff_ids:
+        txns = sb.table("product_transactions").select(
+            "amount, seller_amount, created_at"
+        ).in_("seller_id", staff_ids).in_("status", ["delivered", "completed"]).execute()
+
+        for t in (txns.data or []):
+            amt = float(t.get("seller_amount", 0))
+            total_revenue += amt
+            total_orders += 1
+            delivery_order_count += 1
+
+            try:
+                dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+                day_key = dt.strftime("%Y-%m-%d")
+                week_start = dt - timedelta(days=dt.weekday())
+                week_key = week_start.strftime("%Y-%m-%d")
+                month_key = dt.strftime("%Y-%m")
+            except Exception:
+                day_key = t["created_at"][:10]
+                week_key = t["created_at"][:10]
+                month_key = t["created_at"][:7]
+
+            for data, key in [(daily_sales, day_key), (weekly_sales, week_key), (monthly_sales, month_key)]:
+                if key not in data:
+                    data[key] = {"amount": 0, "count": 0}
+                data[key]["amount"] += amt
+                data[key]["count"] += 1
+
+            # Delivery earnings breakdown by month
+            if month_key not in delivery_earnings:
+                delivery_earnings[month_key] = {"amount": 0, "count": 0}
+            delivery_earnings[month_key]["amount"] += amt
+            delivery_earnings[month_key]["count"] += 1
+
+    def to_list(data):
+        return sorted(
+            [{"date": k, "amount": round(v["amount"], 2), "count": v["count"]} for k, v in data.items()],
+            key=lambda x: x["date"], reverse=True
+        )[:30]
+
+    return {
+        "department": {
+            "id": d["id"],
+            "name": d["name"],
+            "description": d.get("description", ""),
+            "manager_id": d.get("manager_id"),
+            "manager_name": manager_name,
+            "created_at": d["created_at"],
+        },
+        "staff": staff_result.data or [],
+        "total_staff": len(staff_result.data or []),
+        "total_products": product_count,
+        "low_stock_count": low_stock_count,
+        "products": department_products,
+        "pending_restocks": pending_restocks,
+        "total_revenue": round(total_revenue, 2),
+        "total_orders": total_orders,
+        "delivery_orders": delivery_order_count,
+        "daily_sales": to_list(daily_sales),
+        "weekly_sales": to_list(weekly_sales),
+        "monthly_sales": to_list(monthly_sales),
+        "delivery_earnings": to_list(delivery_earnings),
+    }
+
+
+@router.put("/departments/{dept_id}")
+async def update_department(dept_id: str, req: DepartmentUpdateRequest, admin: dict = Depends(require_admin)):
+    """Update a department's name or description."""
+    sb = get_supabase()
+
+    existing = sb.table("departments").select("id").eq("id", dept_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Department not found")
+
+    update_data = {k: v for k, v in req.model_dump().items() if v is not None}
+    if not update_data:
+        raise HTTPException(status_code=400, detail="No fields to update")
+
+    sb.table("departments").update(update_data).eq("id", dept_id).execute()
+    return {"message": "Department updated"}
+
+
+@router.delete("/departments/{dept_id}")
+async def delete_department(dept_id: str, admin: dict = Depends(require_admin)):
+    """Delete a department only if no staff or manager are still assigned."""
+    sb = get_supabase()
+    dept = sb.table("departments").select("id, name, manager_id").eq("id", dept_id).execute()
+    if not dept.data:
+        raise HTTPException(status_code=404, detail="Department not found")
+
+    # Check if any staff (sellers) are still assigned
+    staff = sb.table("users").select("id").eq("department_id", dept_id).execute()
+    if staff.data:
+        raise HTTPException(
+            status_code=400,
+            detail="Cannot delete this store while staff or managers are still assigned. Remove all members first."
+        )
+
+    sb.table("departments").delete().eq("id", dept_id).execute()
+    return {"message": f"Store '{dept.data[0]['name']}' deleted"}
+
+
+# --- Admin Delete Product ---
+
+@router.delete("/products/{product_id}")
+async def admin_delete_product(product_id: str, admin: dict = Depends(require_admin)):
+    """Soft-delete a product (set is_active=False). Admin can delete any product regardless of ownership."""
+    sb = get_supabase()
+    existing = sb.table("products").select("id, title").eq("id", product_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+    sb.table("products").update({"is_active": False}).eq("id", product_id).execute()
+    return {"message": "Product deleted successfully"}
+
+
+# --- Admin Create Product for Department ---
+
+class AdminCreateProductRequest(BaseModel):
+    title: str
+    description: str = ""
+    price: float
+    images: list = []
+
+
+@router.post("/departments/{dept_id}/products")
+async def admin_create_product_for_dept(
+    dept_id: str, req: AdminCreateProductRequest, admin: dict = Depends(require_admin)
+):
+    """Admin creates a product for a specific department/store with stock=0 and auto-approved."""
+    from models.bert_service import bert_service
+    from database import store_product_embedding
+
+    sb = get_supabase()
+
+    # Verify department exists
+    dept = sb.table("departments").select("id, manager_id, name").eq("id", dept_id).execute()
+    if not dept.data:
+        raise HTTPException(status_code=404, detail="Department not found")
+
+    # Validate fields
+    if not req.title or not req.title.strip():
+        raise HTTPException(status_code=400, detail="Product title is required")
+    if req.price <= 0:
+        raise HTTPException(status_code=400, detail="Price must be greater than 0")
+    if not req.images or len(req.images) == 0:
+        raise HTTPException(status_code=400, detail="At least one product image is required")
+    if len(req.images) > 5:
+        raise HTTPException(status_code=400, detail="Maximum 5 images allowed")
+
+    # Use the department's manager as the seller_id so the product belongs to the store.
+    # Fall back to admin if the department has no manager assigned yet.
+    manager_id = dept.data[0].get("manager_id")
+    seller_id = manager_id if manager_id else admin["sub"]
+
+    result = sb.table("products").insert({
+        "seller_id": seller_id,
+        "title": req.title.strip(),
+        "description": (req.description or "").strip(),
+        "price": req.price,
+        "stock": 0,
+        "images": req.images,
+        "status": "approved",
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create product")
+
+    product = result.data[0]
+
+    # Compute BERT embedding
+    try:
+        if bert_service._loaded:
+            embedding = bert_service.compute_embedding(req.title)
+            store_product_embedding(product["id"], embedding)
+    except Exception as e:
+        print(f"[Admin] Warning: Failed to compute embedding: {e}")
+
+    return {
+        "message": f"Product created for {dept.data[0]['name']}",
+        "product": {
+            "id": product["id"],
+            "title": product["title"],
+            "price": float(product["price"]),
+            "stock": 0,
+            "status": "approved",
+        },
+    }
+
+
+# --- Manager Registration ---
+
+class ManagerRegisterRequest(BaseModel):
+    full_name: str
+    email: str
+    password: str
+    contact_number: str = ""
+    department_id: str
+
+
+@router.post("/managers/register")
+async def admin_register_manager(req: ManagerRegisterRequest, admin: dict = Depends(require_admin)):
+    """Admin-only: register a new manager and assign to a department."""
+    import bcrypt
+    import traceback
+
+    try:
+        sb = get_supabase()
+
+        # Verify department exists
+        dept = sb.table("departments").select("id, manager_id").eq("id", req.department_id).execute()
+        if not dept.data:
+            raise HTTPException(status_code=404, detail="Department not found")
+
+        if dept.data[0].get("manager_id"):
+            raise HTTPException(status_code=400, detail="This department already has a manager assigned")
+
+        # Check unique email
+        existing_email = sb.table("users").select("id").eq("email", req.email).execute()
+        if existing_email.data:
+            raise HTTPException(status_code=400, detail="Email already registered")
+
+        # Check unique full_name
+        existing_name = sb.table("users").select("id").eq("full_name", req.full_name).execute()
+        if existing_name.data:
+            raise HTTPException(status_code=400, detail="Full name already taken")
+
+        # Hash password
+        password_hash = bcrypt.hashpw(req.password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+        # Create user with manager role
+        result = sb.table("users").insert({
+            "email": req.email,
+            "password_hash": password_hash,
+            "full_name": req.full_name,
+            "role": "manager",
+            "is_banned": False,
+            "department_id": req.department_id,
+        }).execute()
+
+        if not result.data:
+            raise HTTPException(status_code=500, detail="Failed to create manager")
+
+        user = result.data[0]
+
+        # Create contact if provided
+        if req.contact_number:
+            sb.table("user_contacts").insert({"user_id": user["id"], "contact_number": req.contact_number}).execute()
+
+        # Assign manager to department
+        sb.table("departments").update({"manager_id": user["id"]}).eq("id", req.department_id).execute()
+
+        return {
+            "message": "Manager registered and assigned to department",
+            "user": {
+                "id": user["id"],
+                "full_name": user["full_name"],
+                "email": user["email"],
+                "role": "manager",
+                "department_id": req.department_id,
+            },
+        }
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        print(f"[ManagerRegister] ERROR: {e}")
+        traceback.print_exc()
+        raise HTTPException(status_code=500, detail=f"Registration failed: {str(e)}")
+
+
+# --- Product Removal Approval ---
+
+@router.get("/pending-removals")
+async def admin_get_pending_removals(admin: dict = Depends(require_admin)):
+    """Get all products with status 'pending_removal'."""
+    sb = get_supabase()
+    prods = sb.table("products").select("*").eq("status", "pending_removal").order("removal_requested_at", desc=True).execute()
+
+    results = []
+    for p in (prods.data or []):
+        seller = sb.table("users").select("full_name, email, department_id").eq("id", p["seller_id"]).execute()
+        seller_info = seller.data[0] if seller.data else {}
+
+        seller_name = seller_info.get("full_name", "Unknown")
+        dept_id = seller_info.get("department_id")
+        dept_name = ""
+        if dept_id:
+            dept_resp = sb.table("departments").select("name").eq("id", dept_id).execute()
+            if dept_resp.data:
+                dept_name = dept_resp.data[0]["name"]
+                seller_name = dept_name
+
+        requester_name = ""
+        if p.get("removal_requested_by"):
+            req_user = sb.table("users").select("full_name").eq("id", p["removal_requested_by"]).execute()
+            if req_user.data:
+                requester_name = req_user.data[0]["full_name"]
+
+        results.append({
+            "id": p["id"],
+            "title": p["title"],
+            "description": p.get("description", ""),
+            "price": float(p["price"]),
+            "stock": p["stock"],
+            "images": p.get("images", []),
+            "seller_id": p["seller_id"],
+            "seller_name": seller_name,
+            "department_name": dept_name,
+            "status": p["status"],
+            "removal_requested_by": p.get("removal_requested_by"),
+            "requester_name": requester_name,
+            "removal_requested_at": p.get("removal_requested_at"),
+            "created_at": p["created_at"],
+        })
+
+    return results
+
+
+@router.put("/products/{product_id}/approve-removal")
+async def admin_approve_removal(product_id: str, admin: dict = Depends(require_admin)):
+    """Approve a product removal request. Deactivates the product."""
+    sb = get_supabase()
+
+    prod = sb.table("products").select("status").eq("id", product_id).execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["status"] != "pending_removal":
+        raise HTTPException(status_code=400, detail="Product is not pending removal")
+
+    sb.table("products").update({
+        "is_active": False,
+        "status": "unapproved",
+    }).eq("id", product_id).execute()
+
+    return {"message": "Product removal approved. Product has been deactivated."}
+
+
+@router.put("/products/{product_id}/reject-removal")
+async def admin_reject_removal(product_id: str, admin: dict = Depends(require_admin)):
+    """Reject a product removal request. Product returns to approved status."""
+    sb = get_supabase()
+
+    prod = sb.table("products").select("status").eq("id", product_id).execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["status"] != "pending_removal":
+        raise HTTPException(status_code=400, detail="Product is not pending removal")
+
+    sb.table("products").update({
+        "status": "approved",
+        "removal_requested_by": None,
+        "removal_requested_at": None,
+    }).eq("id", product_id).execute()
+
+    return {"message": "Product removal rejected. Product remains active."}
+
+
+# --- Deliveries Management ---
+
+class DeliveryStatsDay(BaseModel):
+    date: str
+    count: int
+
+class Deliveryman(BaseModel):
+    user_id: str
+    full_name: str
+    email: str
+    contact_number: str = ""
+    total_deliveries: int = 0
+    avg_delivery_time: Optional[float] = None
+    completed_count: int = 0
+
+class DeliveriesStatsResponse(BaseModel):
+    total_deliveries: int
+    avg_delivery_time: Optional[float]
+    deliveries_by_day: list[DeliveryStatsDay]
+    deliveries_by_week: list[DeliveryStatsDay]
+    deliveries_by_month: list[DeliveryStatsDay]
+    deliverymen: list[Deliveryman]
+
+
+@router.get("/deliveries/stats", response_model=DeliveriesStatsResponse)
+async def get_deliveries_stats(admin: dict = Depends(require_admin)):
+    """Get all deliveries stats including avg delivery time and breakdown by deliveryman."""
+    sb = get_supabase()
+
+    # Get all delivery transactions (filter out empty delivery_user_id locally)
+    all_txns = sb.table("product_transactions").select(
+        "*"
+    ).order("created_at", desc=False).execute()
+    
+    if all_txns.data:
+        txns_data = [t for t in all_txns.data if t.get("delivery_user_id")]
+    else:
+        txns_data = []
+        
+    class AttrDict:
+        def __init__(self, d):
+            self.data = d
+    txns = AttrDict(txns_data)
+
+    if not txns.data:
+        return DeliveriesStatsResponse(
+            total_deliveries=0,
+            avg_delivery_time=None,
+            deliveries_by_day=[],
+            deliveries_by_week=[],
+            deliveries_by_month=[],
+            deliverymen=[]
+        )
+
+    # Get deliveryman contact info
+    deliveryman_ids = list(set(t["delivery_user_id"] for t in txns.data if t["delivery_user_id"]))
+    contacts = {}
+    if deliveryman_ids:
+        contacts_result = sb.table("user_contacts").select("user_id, contact_number").in_("user_id", deliveryman_ids).execute()
+        contacts = {c["user_id"]: c["contact_number"] for c in (contacts_result.data or [])}
+
+    # Get user details for deliverymen
+    user_details = {}
+    if deliveryman_ids:
+        users_result = sb.table("users").select("id, full_name, email").in_("id", deliveryman_ids).execute()
+        user_details = {u["id"]: u for u in (users_result.data or [])}
+
+    # Calculate stats
+    delivery_times = []
+    deliveries_by_date = {}
+    deliveries_by_week = {}
+    deliveries_by_month = {}
+    deliverymen_map = {}
+
+    for t in txns.data:
+        delivery_user_id = t.get("delivery_user_id")
+        if not delivery_user_id:
+            continue
+
+        # Initialize deliveryman entry
+        if delivery_user_id not in deliverymen_map:
+            user_info = user_details.get(delivery_user_id, {})
+            deliverymen_map[delivery_user_id] = {
+                "user_id": delivery_user_id,
+                "full_name": user_info.get("full_name", "Unknown"),
+                "email": user_info.get("email", ""),
+                "contact_number": contacts.get(delivery_user_id, ""),
+                "total_deliveries": 0,
+                "completed_count": 0,
+                "delivery_times": []
+            }
+
+        deliverymen_map[delivery_user_id]["total_deliveries"] += 1
+
+        # Track delivery time if status is delivered
+        if t.get("status") == "delivered":
+            deliverymen_map[delivery_user_id]["completed_count"] += 1
+            created = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+            if t.get("updated_at"):
+                updated = datetime.fromisoformat(t["updated_at"].replace("Z", "+00:00"))
+                time_diff = (updated - created).total_seconds() / 3600  # hours
+                deliverymen_map[delivery_user_id]["delivery_times"].append(time_diff)
+                delivery_times.append(time_diff)
+
+        # Count by date
+        created_date = t["created_at"].split("T")[0]
+        deliveries_by_date[created_date] = deliveries_by_date.get(created_date, 0) + 1
+
+        # Count by week (ISO week)
+        created = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+        week_key = created.strftime("%Y-W%U")
+        deliveries_by_week[week_key] = deliveries_by_week.get(week_key, 0) + 1
+
+        # Count by month
+        month_key = created.strftime("%Y-%m")
+        deliveries_by_month[month_key] = deliveries_by_month.get(month_key, 0) + 1
+
+    # Calculate average delivery time
+    avg_delivery_time = sum(delivery_times) / len(delivery_times) if delivery_times else None
+
+    # Format deliveries breakdown
+    days_list = [{"date": date, "count": count} for date, count in sorted(deliveries_by_date.items())]
+    weeks_list = [{"date": week, "count": count} for week, count in sorted(deliveries_by_week.items())]
+    months_list = [{"date": month, "count": count} for month, count in sorted(deliveries_by_month.items())]
+
+    # Build deliverymen list
+    deliverymen_list = []
+    for user_id, data in deliverymen_map.items():
+        avg_time = sum(data["delivery_times"]) / len(data["delivery_times"]) if data["delivery_times"] else None
+        deliverymen_list.append(Deliveryman(
+            user_id=user_id,
+            full_name=data["full_name"],
+            email=data["email"],
+            contact_number=data["contact_number"],
+            total_deliveries=data["total_deliveries"],
+            avg_delivery_time=avg_time,
+            completed_count=data["completed_count"]
+        ))
+
+    return DeliveriesStatsResponse(
+        total_deliveries=len(txns.data),
+        avg_delivery_time=avg_delivery_time,
+        deliveries_by_day=days_list,
+        deliveries_by_week=weeks_list,
+        deliveries_by_month=months_list,
+        deliverymen=deliverymen_list
+    )
+
+
+# --- Admin Restock Request ---
+
+class AdminRestockRequestCreate(BaseModel):
+    product_id: str
+    requested_quantity: int
+    notes: str = ""
+
+
+@router.post("/restock-request")
+async def admin_create_restock_request(req: AdminRestockRequestCreate, admin: dict = Depends(require_admin)):
+    """
+    Admin creates a restock request that bypasses manager approval.
+    Status is set directly to 'approved_manager' so delivery can pick it up.
+    """
+    sb = get_supabase()
+    admin_id = admin["sub"]
+
+    if req.requested_quantity < 1:
+        raise HTTPException(status_code=400, detail="Quantity must be at least 1")
+
+    # Get the product and its department
+    product = sb.table("products").select("id, seller_id, title").eq("id", req.product_id).execute()
+    if not product.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    # Get seller's department_id
+    seller_id = product.data[0]["seller_id"]
+    seller = sb.table("users").select("department_id").eq("id", seller_id).execute()
+    department_id = seller.data[0].get("department_id") if seller.data else None
+
+    if not department_id:
+        raise HTTPException(status_code=400, detail="Product does not belong to a department")
+
+    # Get admin name
+    admin_user = sb.table("users").select("full_name").eq("id", admin_id).execute()
+    admin_name = admin_user.data[0]["full_name"] if admin_user.data else "Admin"
+
+    now = datetime.now(timezone.utc).isoformat()
+
+    # Create restock request with status 'approved_manager' (bypasses manager)
+    result = sb.table("restock_requests").insert({
+        "staff_id": admin_id,
+        "department_id": department_id,
+        "product_id": req.product_id,
+        "requested_quantity": req.requested_quantity,
+        "approved_quantity": req.requested_quantity,
+        "notes": req.notes,
+        "status": "approved_manager",
+        "manager_approved_at": now,
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create restock request")
+
+    return {
+        "message": f"Restock request created by {admin_name} and marked as To Be Delivered",
+        "request": result.data[0],
+        "requested_by": admin_name,
+    }
+
+
+@router.get("/restock-requests")
+async def admin_get_restock_requests(
+    department_id: str = Query("", description="Filter by department ID"),
+    status: str = Query("", description="Filter by status"),
+    admin: dict = Depends(require_admin),
+):
+    """Get restock requests, optionally filtered by department and status."""
+    sb = get_supabase()
+
+    query = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).order("created_at", desc=True).limit(100)
+
+    if department_id:
+        query = query.eq("department_id", department_id)
+    if status:
+        query = query.eq("status", status)
+
+    requests = query.execute()
+
+    # Get staff names
+    staff_ids = set()
+    for r in (requests.data or []):
+        staff_ids.add(r["staff_id"])
+
+    staff_names = {}
+    if staff_ids:
+        users_result = sb.table("users").select("id, full_name, role").in_("id", list(staff_ids)).execute()
+        staff_names = {u["id"]: {"name": u["full_name"], "role": u.get("role", "")} for u in (users_result.data or [])}
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        staff_info = staff_names.get(r["staff_id"], {"name": "Unknown", "role": ""})
+        results.append({
+            "id": r["id"],
+            "product_id": r["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "current_stock": int(prod.get("stock", 0)),
+            "requested_quantity": r["requested_quantity"],
+            "approved_quantity": r.get("approved_quantity"),
+            "notes": r.get("notes", ""),
+            "requested_by": staff_info["name"],
+            "requested_by_role": staff_info["role"],
+            "status": r["status"],
+            "created_at": r["created_at"],
+        })
+
+    return results
+
+
+# --- Salary Management ---
+
+class SetSalaryRequest(BaseModel):
+    salary: float
+
+
+class PayIndividualRequest(BaseModel):
+    recipient_id: str
+    amount: float
+
+
+class PayGroupRequest(BaseModel):
+    amount_per_person: Optional[float] = None  # If None, uses each person's fixed salary
+
+
+@router.get("/salaries")
+async def admin_get_salaries(admin: dict = Depends(require_admin)):
+    """Get salary overview: all departments with managers, staff, their salaries, and payment history."""
+    sb = get_supabase()
+    admin_id = admin["sub"]
+
+    # Admin balance
+    admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+    admin_balance = float(admin_bal.data[0]["balance"]) if admin_bal.data else 0.0
+
+    # Get all departments
+    depts = sb.table("departments").select("id, name, manager_id").execute()
+    dept_list = depts.data or []
+
+    # Get all managers and staff (sellers)
+    managers = sb.table("users").select("id, full_name, email, role, department_id, salary").eq("role", "manager").execute()
+    staff = sb.table("users").select("id, full_name, email, role, department_id, salary").eq("role", "seller").execute()
+
+    manager_map = {}
+    for m in (managers.data or []):
+        manager_map[m["id"]] = m
+
+    # Build per-department data
+    now = datetime.now(timezone.utc)
+    current_month = now.strftime("%Y-%m")
+
+    # Get salary payments for current month
+    payments_this_month = sb.table("salary_payments").select("*").eq("payment_month", current_month).order("created_at", desc=True).execute()
+    payments_data = payments_this_month.data or []
+
+    # Build paid amounts per recipient this month
+    paid_this_month = {}
+    for p in payments_data:
+        rid = p["recipient_id"]
+        paid_this_month[rid] = paid_this_month.get(rid, 0) + float(p["amount"])
+
+    # Build department list
+    departments_result = []
+    total_salaries = 0.0
+
+    for dept in dept_list:
+        dept_managers = []
+        dept_staff = []
+
+        # Find manager for this dept
+        if dept.get("manager_id") and dept["manager_id"] in manager_map:
+            mgr = manager_map[dept["manager_id"]]
+            salary_val = float(mgr.get("salary", 0))
+            paid_val = paid_this_month.get(mgr["id"], 0)
+            dept_managers.append({
+                "id": mgr["id"],
+                "full_name": mgr["full_name"],
+                "email": mgr["email"],
+                "role": "manager",
+                "salary": salary_val,
+                "paid_this_month": paid_val,
+                "remaining": max(salary_val - paid_val, 0),
+            })
+            total_salaries += max(salary_val - paid_val, 0)
+
+        # Find staff for this dept
+        for s in (staff.data or []):
+            if s.get("department_id") == dept["id"]:
+                salary_val = float(s.get("salary", 0))
+                paid_val = paid_this_month.get(s["id"], 0)
+                dept_staff.append({
+                    "id": s["id"],
+                    "full_name": s["full_name"],
+                    "email": s["email"],
+                    "role": "seller",
+                    "salary": salary_val,
+                    "paid_this_month": paid_val,
+                    "remaining": max(salary_val - paid_val, 0),
+                })
+                total_salaries += max(salary_val - paid_val, 0)
+
+        dept_total = sum(m["remaining"] for m in dept_managers) + sum(s["remaining"] for s in dept_staff)
+
+        departments_result.append({
+            "id": dept["id"],
+            "name": dept["name"],
+            "managers": dept_managers,
+            "staff": dept_staff,
+            "total_remaining": dept_total,
+        })
+
+    # Next pay date: 1st of next month
+    if now.month == 12:
+        next_pay = datetime(now.year + 1, 1, 1)
+    else:
+        next_pay = datetime(now.year, now.month + 1, 1)
+
+    # Recent payment history (last 50)
+    recent_payments = sb.table("salary_payments").select("*").order("created_at", desc=True).limit(50).execute()
+    # Get recipient names
+    recipient_ids = set(p["recipient_id"] for p in (recent_payments.data or []))
+    recipient_names = {}
+    if recipient_ids:
+        rn = sb.table("users").select("id, full_name").in_("id", list(recipient_ids)).execute()
+        recipient_names = {u["id"]: u["full_name"] for u in (rn.data or [])}
+
+    payment_history = []
+    for p in (recent_payments.data or []):
+        payment_history.append({
+            "id": p["id"],
+            "recipient_id": p["recipient_id"],
+            "recipient_name": recipient_names.get(p["recipient_id"], "Unknown"),
+            "amount": float(p["amount"]),
+            "payment_month": p["payment_month"],
+            "notes": p.get("notes", ""),
+            "created_at": p["created_at"],
+        })
+
+    return {
+        "admin_balance": admin_balance,
+        "total_salaries_remaining": round(total_salaries, 2),
+        "current_month": current_month,
+        "next_pay_date": next_pay.strftime("%B %d, %Y"),
+        "departments": departments_result,
+        "payment_history": payment_history,
+    }
+
+
+@router.put("/salaries/set/{user_id}")
+async def admin_set_salary(user_id: str, req: SetSalaryRequest, admin: dict = Depends(require_admin)):
+    """Set or update the fixed salary for a staff member or manager."""
+    if req.salary < 0:
+        raise HTTPException(status_code=400, detail="Salary cannot be negative")
+
+    sb = get_supabase()
+
+    # Verify user exists and is staff or manager
+    user = sb.table("users").select("id, role").eq("id", user_id).execute()
+    if not user.data:
+        raise HTTPException(status_code=404, detail="User not found")
+    if user.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=400, detail="Can only set salary for staff or managers")
+
+    sb.table("users").update({"salary": req.salary}).eq("id", user_id).execute()
+
+    return {"message": f"Salary updated to PHP {req.salary:.2f}"}
+
+
+@router.post("/salaries/pay-all")
+async def admin_pay_all_salaries(admin: dict = Depends(require_admin)):
+    """Pay all staff and managers their remaining salary for the current month."""
+    sb = get_supabase()
+    admin_id = admin["sub"]
+
+    now = datetime.now(timezone.utc)
+    current_month = now.strftime("%Y-%m")
+
+    # Get admin balance
+    admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+    if not admin_bal.data:
+        raise HTTPException(status_code=400, detail="Admin balance not found")
+    admin_balance = float(admin_bal.data[0]["balance"])
+
+    # Get all managers and staff with salary > 0
+    recipients = sb.table("users").select("id, full_name, role, department_id, salary").in_(
+        "role", ["seller", "manager"]
+    ).execute()
+
+    if not recipients.data:
+        raise HTTPException(status_code=400, detail="No staff or managers found")
+
+    # Get payments already made this month
+    payments = sb.table("salary_payments").select("recipient_id, amount").eq("payment_month", current_month).execute()
+    paid_map = {}
+    for p in (payments.data or []):
+        rid = p["recipient_id"]
+        paid_map[rid] = paid_map.get(rid, 0) + float(p["amount"])
+
+    # Calculate remaining for each
+    to_pay = []
+    total_needed = 0
+    for r in recipients.data:
+        salary = float(r.get("salary", 0))
+        if salary <= 0:
+            continue
+        paid = paid_map.get(r["id"], 0)
+        remaining = max(salary - paid, 0)
+        if remaining > 0:
+            to_pay.append({"user": r, "amount": remaining})
+            total_needed += remaining
+
+    if not to_pay:
+        raise HTTPException(status_code=400, detail="No remaining salaries to pay this month")
+
+    if admin_balance < total_needed:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Insufficient balance. Need PHP {total_needed:.2f}, have PHP {admin_balance:.2f}"
+        )
+
+    # Deduct from admin
+    new_admin_balance = admin_balance - total_needed
+    sb.table("user_balances").update({"balance": new_admin_balance}).eq("user_id", admin_id).execute()
+
+    # Credit each recipient and record payments
+    paid_count = 0
+    for item in to_pay:
+        user = item["user"]
+        amount = item["amount"]
+
+        # Credit recipient balance
+        rec_bal = sb.table("user_balances").select("balance").eq("user_id", user["id"]).execute()
+        if rec_bal.data:
+            new_bal = float(rec_bal.data[0]["balance"]) + amount
+            sb.table("user_balances").update({"balance": new_bal}).eq("user_id", user["id"]).execute()
+        else:
+            sb.table("user_balances").insert({"user_id": user["id"], "balance": amount}).execute()
+
+        # Record salary payment
+        sb.table("salary_payments").insert({
+            "admin_id": admin_id,
+            "recipient_id": user["id"],
+            "department_id": user.get("department_id"),
+            "amount": amount,
+            "payment_month": current_month,
+            "notes": "Bulk pay all",
+        }).execute()
+
+        # Record in SVF history for recipient
+        sb.table("stored_value").insert({
+            "user_id": user["id"],
+            "transaction_type": "deposit",
+            "amount": amount,
+        }).execute()
+
+        paid_count += 1
+
+    # Record admin withdrawal in SVF
+    sb.table("stored_value").insert({
+        "user_id": admin_id,
+        "transaction_type": "withdrawal",
+        "amount": total_needed,
+    }).execute()
+
+    return {
+        "message": f"Successfully paid {paid_count} people a total of PHP {total_needed:.2f}",
+        "total_paid": total_needed,
+        "recipients_count": paid_count,
+        "new_admin_balance": new_admin_balance,
+    }
+
+
+@router.post("/salaries/pay-store/{department_id}")
+async def admin_pay_store_salaries(department_id: str, admin: dict = Depends(require_admin)):
+    """Pay all remaining salaries for a specific store/department."""
+    sb = get_supabase()
+    admin_id = admin["sub"]
+
+    now = datetime.now(timezone.utc)
+    current_month = now.strftime("%Y-%m")
+
+    # Verify department exists
+    dept = sb.table("departments").select("id, name, manager_id").eq("id", department_id).execute()
+    if not dept.data:
+        raise HTTPException(status_code=404, detail="Department not found")
+
+    # Get admin balance
+    admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+    if not admin_bal.data:
+        raise HTTPException(status_code=400, detail="Admin balance not found")
+    admin_balance = float(admin_bal.data[0]["balance"])
+
+    # Get staff in this department
+    staff = sb.table("users").select("id, full_name, role, department_id, salary").eq(
+        "department_id", department_id
+    ).in_("role", ["seller", "manager"]).execute()
+
+    # Also include manager via departments.manager_id
+    manager_id = dept.data[0].get("manager_id")
+    all_recipients = list(staff.data or [])
+    if manager_id:
+        mgr = sb.table("users").select("id, full_name, role, department_id, salary").eq("id", manager_id).execute()
+        if mgr.data:
+            existing_ids = {r["id"] for r in all_recipients}
+            if mgr.data[0]["id"] not in existing_ids:
+                all_recipients.append(mgr.data[0])
+
+    if not all_recipients:
+        raise HTTPException(status_code=400, detail="No staff or managers in this department")
+
+    # Get existing payments this month
+    recipient_ids = [r["id"] for r in all_recipients]
+    payments = sb.table("salary_payments").select("recipient_id, amount").eq(
+        "payment_month", current_month
+    ).in_("recipient_id", recipient_ids).execute()
+
+    paid_map = {}
+    for p in (payments.data or []):
+        rid = p["recipient_id"]
+        paid_map[rid] = paid_map.get(rid, 0) + float(p["amount"])
+
+    to_pay = []
+    total_needed = 0
+    for r in all_recipients:
+        salary = float(r.get("salary", 0))
+        if salary <= 0:
+            continue
+        paid = paid_map.get(r["id"], 0)
+        remaining = max(salary - paid, 0)
+        if remaining > 0:
+            to_pay.append({"user": r, "amount": remaining})
+            total_needed += remaining
+
+    if not to_pay:
+        raise HTTPException(status_code=400, detail="No remaining salaries to pay in this department")
+
+    if admin_balance < total_needed:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Insufficient balance. Need PHP {total_needed:.2f}, have PHP {admin_balance:.2f}"
+        )
+
+    # Deduct from admin
+    new_admin_balance = admin_balance - total_needed
+    sb.table("user_balances").update({"balance": new_admin_balance}).eq("user_id", admin_id).execute()
+
+    paid_count = 0
+    for item in to_pay:
+        user = item["user"]
+        amount = item["amount"]
+
+        rec_bal = sb.table("user_balances").select("balance").eq("user_id", user["id"]).execute()
+        if rec_bal.data:
+            new_bal = float(rec_bal.data[0]["balance"]) + amount
+            sb.table("user_balances").update({"balance": new_bal}).eq("user_id", user["id"]).execute()
+        else:
+            sb.table("user_balances").insert({"user_id": user["id"], "balance": amount}).execute()
+
+        sb.table("salary_payments").insert({
+            "admin_id": admin_id,
+            "recipient_id": user["id"],
+            "department_id": department_id,
+            "amount": amount,
+            "payment_month": current_month,
+            "notes": f"Store pay: {dept.data[0]['name']}",
+        }).execute()
+
+        sb.table("stored_value").insert({
+            "user_id": user["id"],
+            "transaction_type": "deposit",
+            "amount": amount,
+        }).execute()
+
+        paid_count += 1
+
+    sb.table("stored_value").insert({
+        "user_id": admin_id,
+        "transaction_type": "withdrawal",
+        "amount": total_needed,
+    }).execute()
+
+    return {
+        "message": f"Paid {paid_count} people in {dept.data[0]['name']} — PHP {total_needed:.2f}",
+        "total_paid": total_needed,
+        "recipients_count": paid_count,
+        "new_admin_balance": new_admin_balance,
+    }
+
+
+@router.post("/salaries/pay-individual")
+async def admin_pay_individual(req: PayIndividualRequest, admin: dict = Depends(require_admin)):
+    """Pay a specific amount to a specific staff member or manager."""
+    if req.amount <= 0:
+        raise HTTPException(status_code=400, detail="Amount must be greater than 0")
+
+    sb = get_supabase()
+    admin_id = admin["sub"]
+
+    now = datetime.now(timezone.utc)
+    current_month = now.strftime("%Y-%m")
+
+    # Verify recipient
+    recipient = sb.table("users").select("id, full_name, role, department_id, salary").eq("id", req.recipient_id).execute()
+    if not recipient.data:
+        raise HTTPException(status_code=404, detail="Recipient not found")
+    if recipient.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=400, detail="Can only pay staff or managers")
+
+    # Get admin balance
+    admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+    if not admin_bal.data:
+        raise HTTPException(status_code=400, detail="Admin balance not found")
+    admin_balance = float(admin_bal.data[0]["balance"])
+
+    if admin_balance < req.amount:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Insufficient balance. Need PHP {req.amount:.2f}, have PHP {admin_balance:.2f}"
+        )
+
+    # Deduct from admin
+    new_admin_balance = admin_balance - req.amount
+    sb.table("user_balances").update({"balance": new_admin_balance}).eq("user_id", admin_id).execute()
+
+    # Credit recipient
+    rec_bal = sb.table("user_balances").select("balance").eq("user_id", req.recipient_id).execute()
+    if rec_bal.data:
+        new_bal = float(rec_bal.data[0]["balance"]) + req.amount
+        sb.table("user_balances").update({"balance": new_bal}).eq("user_id", req.recipient_id).execute()
+    else:
+        sb.table("user_balances").insert({"user_id": req.recipient_id, "balance": req.amount}).execute()
+
+    # Record payment
+    sb.table("salary_payments").insert({
+        "admin_id": admin_id,
+        "recipient_id": req.recipient_id,
+        "department_id": recipient.data[0].get("department_id"),
+        "amount": req.amount,
+        "payment_month": current_month,
+        "notes": f"Individual payment to {recipient.data[0]['full_name']}",
+    }).execute()
+
+    # SVF records
+    sb.table("stored_value").insert({
+        "user_id": req.recipient_id,
+        "transaction_type": "deposit",
+        "amount": req.amount,
+    }).execute()
+
+    sb.table("stored_value").insert({
+        "user_id": admin_id,
+        "transaction_type": "withdrawal",
+        "amount": req.amount,
+    }).execute()
+
+    return {
+        "message": f"Paid PHP {req.amount:.2f} to {recipient.data[0]['full_name']}",
+        "new_admin_balance": new_admin_balance,
+    }

backend/routes/auth.py

@@ -0,0 +1,339 @@
+"""
+Authentication routes — register, login, get current user.
+Uses JWT tokens and bcrypt password hashing.
+Roles: buyer, seller, admin
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from pydantic import BaseModel
+from datetime import datetime, timedelta, timezone
+import bcrypt
+import jwt
+from database import get_supabase
+from config import JWT_SECRET, JWT_ALGORITHM, JWT_EXPIRATION_HOURS
+
+router = APIRouter(prefix="/auth", tags=["Authentication"])
+security = HTTPBearer()
+
+
+# --- Request/Response Models ---
+
+class RegisterRequest(BaseModel):
+    email: str
+    password: str
+    full_name: str
+    role: str = "buyer"  # buyer or seller only
+
+
+class LoginRequest(BaseModel):
+    email: str
+    password: str
+
+
+class UserResponse(BaseModel):
+    id: str
+    email: str
+    full_name: str
+    role: str
+    is_banned: bool = False
+    created_at: str
+    department_id: str = ""
+    manager_id: str = ""
+
+
+class TokenResponse(BaseModel):
+    access_token: str
+    token_type: str = "bearer"
+    user: UserResponse
+
+
+# --- JWT Helpers ---
+
+def create_token(user_id: str, email: str, role: str = "buyer") -> str:
+    payload = {
+        "sub": user_id,
+        "email": email,
+        "role": role,
+        "exp": datetime.now(timezone.utc) + timedelta(hours=JWT_EXPIRATION_HOURS),
+        "iat": datetime.now(timezone.utc),
+    }
+    return jwt.encode(payload, JWT_SECRET, algorithm=JWT_ALGORITHM)
+
+
+def verify_token(credentials: HTTPAuthorizationCredentials = Depends(security)) -> dict:
+    """Dependency that verifies JWT token and returns the payload."""
+    try:
+        payload = jwt.decode(credentials.credentials, JWT_SECRET, algorithms=[JWT_ALGORITHM])
+        return payload
+    except jwt.ExpiredSignatureError:
+        raise HTTPException(status_code=401, detail="Token expired")
+    except jwt.InvalidTokenError:
+        raise HTTPException(status_code=401, detail="Invalid token")
+
+
+# Dependency alias for use in other routes
+get_current_user = verify_token
+
+
+# --- Routes ---
+
+@router.post("/register", response_model=TokenResponse)
+async def register(req: RegisterRequest):
+    """Register a new user account. Role must be 'buyer' or 'seller'."""
+    # Validate role
+    if req.role not in ("buyer", "seller", "delivery"):
+        raise HTTPException(status_code=400, detail="Role must be 'buyer', 'seller', or 'delivery'")
+
+    sb = get_supabase()
+
+    # Check if email already exists
+    existing = sb.table("users").select("id").eq("email", req.email).execute()
+    if existing.data:
+        raise HTTPException(status_code=400, detail="Email already registered")
+
+    # Hash password
+    password_hash = bcrypt.hashpw(req.password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+    # Create user
+    result = sb.table("users").insert({
+        "email": req.email,
+        "password_hash": password_hash,
+        "full_name": req.full_name,
+        "role": req.role,
+        "is_banned": False,
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create user")
+
+    user = result.data[0]
+
+    # Create initial balance (0.00)
+    sb.table("user_balances").insert({
+        "user_id": user["id"],
+        "balance": 0.00,
+    }).execute()
+
+    # Generate token
+    token = create_token(user["id"], user["email"], role=user["role"])
+
+    return TokenResponse(
+        access_token=token,
+        user=UserResponse(
+            id=user["id"],
+            email=user["email"],
+            full_name=user["full_name"],
+            role=user["role"],
+            is_banned=False,
+            created_at=user["created_at"],
+        ),
+    )
+
+
+@router.post("/login", response_model=TokenResponse)
+async def login(req: LoginRequest):
+    """Login with email and password."""
+    sb = get_supabase()
+
+    result = sb.table("users").select("*").eq("email", req.email).execute()
+    if not result.data:
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    user = result.data[0]
+
+    # Block admin accounts from using the main login — they must use /auth/admin/login
+    if user.get("role") == "admin":
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    # Check if user is banned
+    if user.get("is_banned"):
+        raise HTTPException(status_code=403, detail="Your account has been banned. Contact admin for support.")
+
+    # Verify password
+    if not bcrypt.checkpw(req.password.encode("utf-8"), user["password_hash"].encode("utf-8")):
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    token = create_token(user["id"], user["email"], role=user["role"])
+
+    return TokenResponse(
+        access_token=token,
+        user=UserResponse(
+            id=user["id"],
+            email=user["email"],
+            full_name=user["full_name"],
+            role=user["role"],
+            is_banned=user.get("is_banned", False),
+            created_at=user["created_at"],
+            department_id=user.get("department_id") or "",
+            manager_id=user.get("manager_id") or "",
+        ),
+    )
+
+
+# Admin login endpoint
+@router.post("/admin/login", response_model=TokenResponse)
+async def admin_login(req: LoginRequest):
+    """Login as admin. Only users with role='admin' can login here."""
+    sb = get_supabase()
+
+    result = sb.table("users").select("*").eq("email", req.email).execute()
+    if not result.data:
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    user = result.data[0]
+
+    if user.get("role") != "admin":
+        raise HTTPException(status_code=403, detail="This account is not an admin")
+
+    if not bcrypt.checkpw(req.password.encode("utf-8"), user["password_hash"].encode("utf-8")):
+        raise HTTPException(status_code=401, detail="Invalid email or password")
+
+    token = create_token(user["id"], user["email"], role="admin")
+
+    return TokenResponse(
+        access_token=token,
+        user=UserResponse(
+            id=user["id"],
+            email=user["email"],
+            full_name=user["full_name"],
+            role="admin",
+            is_banned=user.get("is_banned", False),
+            created_at=user["created_at"],
+        ),
+    )
+
+
+# Admin registration (only if no admin exists yet)
+@router.post("/admin/register", response_model=TokenResponse)
+async def admin_register(req: RegisterRequest):
+    """Register as admin. Only works if no admin exists yet."""
+    sb = get_supabase()
+
+    # Check if an admin already exists
+    existing_admin = sb.table("users").select("id").eq("role", "admin").execute()
+    if existing_admin.data:
+        raise HTTPException(status_code=400, detail="Admin account already exists. Contact the existing admin.")
+
+    # Check if email already exists
+    existing = sb.table("users").select("id").eq("email", req.email).execute()
+    if existing.data:
+        raise HTTPException(status_code=400, detail="Email already registered")
+
+    password_hash = bcrypt.hashpw(req.password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+    result = sb.table("users").insert({
+        "email": req.email,
+        "password_hash": password_hash,
+        "full_name": req.full_name,
+        "role": "admin",
+        "is_banned": False,
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create admin account")
+
+    user = result.data[0]
+
+    sb.table("user_balances").insert({
+        "user_id": user["id"],
+        "balance": 0.00,
+    }).execute()
+
+    token = create_token(user["id"], user["email"], role="admin")
+
+    return TokenResponse(
+        access_token=token,
+        user=UserResponse(
+            id=user["id"],
+            email=user["email"],
+            full_name=user["full_name"],
+            role="admin",
+            is_banned=False,
+            created_at=user["created_at"],
+        ),
+    )
+
+
+@router.get("/me", response_model=UserResponse)
+async def get_me(current_user: dict = Depends(get_current_user)):
+    """Get the current logged-in user's profile."""
+    sb = get_supabase()
+    result = sb.table("users").select("*").eq("id", current_user["sub"]).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user = result.data[0]
+    return UserResponse(
+        id=user["id"],
+        email=user["email"],
+        full_name=user["full_name"],
+        role=user["role"],
+        is_banned=user.get("is_banned", False),
+        created_at=user["created_at"],
+        department_id=user.get("department_id") or "",
+        manager_id=user.get("manager_id") or "",
+    )
+
+
+@router.get("/profile")
+async def get_profile(current_user: dict = Depends(get_current_user)):
+    """Get full user profile including balance and contact info."""
+    sb = get_supabase()
+    user = sb.table("users").select("*").eq("id", current_user["sub"]).execute()
+    if not user.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    u = user.data[0]
+
+    # Get balance
+    bal = sb.table("user_balances").select("balance").eq("user_id", current_user["sub"]).execute()
+    balance = float(bal.data[0]["balance"]) if bal.data else 0.0
+
+    # Get contact
+    contact = sb.table("user_contacts").select("contact_number").eq("user_id", current_user["sub"]).execute()
+    contact_number = contact.data[0]["contact_number"] if contact.data else ""
+
+    return {
+        "id": u["id"],
+        "email": u["email"],
+        "full_name": u["full_name"],
+        "role": u["role"],
+        "balance": balance,
+        "contact_number": contact_number,
+        "department_id": u.get("department_id") or "",
+        "manager_id": u.get("manager_id") or "",
+        "created_at": u["created_at"],
+    }
+
+
+class ProfileUpdateRequest(BaseModel):
+    full_name: str = None
+    email: str = None
+    contact_number: str = None
+
+
+@router.put("/profile")
+async def update_profile(req: ProfileUpdateRequest, current_user: dict = Depends(get_current_user)):
+    """Update the current user's profile."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    updates = {}
+    if req.full_name:
+        updates["full_name"] = req.full_name
+    if req.email:
+        updates["email"] = req.email
+
+    if updates:
+        sb.table("users").update(updates).eq("id", user_id).execute()
+
+    if req.contact_number is not None:
+        existing = sb.table("user_contacts").select("user_id").eq("user_id", user_id).execute()
+        if existing.data:
+            sb.table("user_contacts").update({"contact_number": req.contact_number}).eq("user_id", user_id).execute()
+        else:
+            sb.table("user_contacts").insert({"user_id": user_id, "contact_number": req.contact_number}).execute()
+
+    return {"message": "Profile updated successfully"}

backend/routes/cart.py

@@ -0,0 +1,391 @@
+"""
+Cart routes — shopping cart for buyers.
+One flat ₱90 delivery fee per unique department/store (per group).
+Checkout creates one transaction per cart item, grouped by group_id per department.
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel
+from typing import Optional
+import uuid
+from database import get_supabase
+from routes.auth import get_current_user
+
+router = APIRouter(prefix="/cart", tags=["Cart"])
+
+DELIVERY_FEE_PER_DEPARTMENT = 90.00
+
+
+class AddToCartRequest(BaseModel):
+    product_id: str
+    quantity: int = 1
+
+
+class UpdateCartRequest(BaseModel):
+    product_id: str
+    quantity: int
+
+
+class CartItemResponse(BaseModel):
+    id: str
+    product_id: str
+    title: str
+    description: str
+    price: float
+    quantity: int
+    subtotal: float
+    seller_id: str
+    seller_name: str
+    image_url: str
+
+
+class CartResponse(BaseModel):
+    items: list[CartItemResponse]
+    departments_count: int
+    delivery_fee_per_department: float
+    total_delivery_fee: float
+    products_total: float
+    grand_total: float
+
+
+# --- Routes ---
+
+@router.get("/", response_model=CartResponse)
+async def get_cart(current_user: dict = Depends(get_current_user)):
+    """Get the current buyer's cart with delivery fee breakdown."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    cart_data = sb.table("cart_items").select(
+        "*, products(id, title, description, price, seller_id, images, stock)"
+    ).eq("buyer_id", user_id).order("created_at", desc=False).execute()
+
+    items = []
+    department_ids = set()
+    independent_sellers = set()
+    products_total = 0.0
+    seller_name_cache = {}
+    seller_dept_cache = {}
+
+    for c in (cart_data.data or []):
+        prod = c.get("products")
+        if not prod:
+            continue
+
+        price = float(prod["price"])
+        qty = int(c["quantity"])
+        subtotal = price * qty
+        products_total += subtotal
+
+        # Look up seller name and department (cached)
+        sid = prod["seller_id"]
+        if sid not in seller_name_cache:
+            seller_resp = sb.table("users").select("full_name, department_id").eq("id", sid).execute()
+            if seller_resp.data:
+                full_name = seller_resp.data[0]["full_name"]
+                dept_id_val = seller_resp.data[0].get("department_id")
+                seller_dept_cache[sid] = dept_id_val
+                if dept_id_val:
+                    dept_resp = sb.table("departments").select("name").eq("id", dept_id_val).execute()
+                    if dept_resp.data:
+                        seller_name_cache[sid] = dept_resp.data[0]["name"]
+                    else:
+                        seller_name_cache[sid] = full_name
+                else:
+                    seller_name_cache[sid] = full_name
+            else:
+                seller_name_cache[sid] = "Seller"
+                seller_dept_cache[sid] = None
+        seller_name = seller_name_cache[sid]
+
+        # Track unique departments (independent sellers each count as one unit)
+        dept_id = seller_dept_cache.get(sid)
+        if dept_id:
+            department_ids.add(dept_id)
+        else:
+            independent_sellers.add(sid)
+
+        images = prod.get("images") or []
+
+        items.append(CartItemResponse(
+            id=c["id"],
+            product_id=prod["id"],
+            title=prod["title"],
+            description=prod.get("description", ""),
+            price=price,
+            quantity=qty,
+            subtotal=round(subtotal, 2),
+            seller_id=prod["seller_id"],
+            seller_name=seller_name,
+            image_url=images[0] if images else "",
+        ))
+
+    # Delivery fee per unique department (independent sellers each count as one unit)
+    delivery_units = len(department_ids) + len(independent_sellers)
+    total_delivery = delivery_units * DELIVERY_FEE_PER_DEPARTMENT
+
+    return CartResponse(
+        items=items,
+        departments_count=delivery_units,
+        delivery_fee_per_department=DELIVERY_FEE_PER_DEPARTMENT,
+        total_delivery_fee=total_delivery,
+        products_total=round(products_total, 2),
+        grand_total=round(products_total + total_delivery, 2),
+    )
+
+
+
+@router.post("/add")
+async def add_to_cart(req: AddToCartRequest, current_user: dict = Depends(get_current_user)):
+    """Add a product to cart (or increment quantity if already there)."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    if req.quantity < 1:
+        raise HTTPException(status_code=400, detail="Quantity must be at least 1")
+
+    # Verify product exists and is active
+    prod = sb.table("products").select("id, stock, seller_id").eq("id", req.product_id).eq("is_active", True).eq("status", "approved").execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["seller_id"] == user_id:
+        raise HTTPException(status_code=400, detail="Cannot add your own product to cart")
+
+    # Check if already in cart
+    existing = sb.table("cart_items").select("id, quantity").eq("buyer_id", user_id).eq("product_id", req.product_id).execute()
+    if existing.data:
+        new_qty = existing.data[0]["quantity"] + req.quantity
+        if new_qty > prod.data[0]["stock"]:
+            raise HTTPException(status_code=400, detail=f"Not enough stock. Available: {prod.data[0]['stock']}")
+        sb.table("cart_items").update({"quantity": new_qty}).eq("id", existing.data[0]["id"]).execute()
+        return {"message": f"Cart updated. Quantity: {new_qty}"}
+    else:
+        if req.quantity > prod.data[0]["stock"]:
+            raise HTTPException(status_code=400, detail=f"Not enough stock. Available: {prod.data[0]['stock']}")
+        sb.table("cart_items").insert({
+            "buyer_id": user_id,
+            "product_id": req.product_id,
+            "quantity": req.quantity,
+        }).execute()
+        return {"message": "Added to cart"}
+
+
+@router.put("/update")
+async def update_cart_item(req: UpdateCartRequest, current_user: dict = Depends(get_current_user)):
+    """Update quantity of a cart item."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    if req.quantity < 1:
+        raise HTTPException(status_code=400, detail="Quantity must be at least 1")
+
+    existing = sb.table("cart_items").select("id").eq("buyer_id", user_id).eq("product_id", req.product_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Item not in cart")
+
+    sb.table("cart_items").update({"quantity": req.quantity}).eq("id", existing.data[0]["id"]).execute()
+    return {"message": f"Quantity updated to {req.quantity}"}
+
+
+@router.delete("/remove/{product_id}")
+async def remove_from_cart(product_id: str, current_user: dict = Depends(get_current_user)):
+    """Remove a product from cart."""
+    sb = get_supabase()
+    sb.table("cart_items").delete().eq("buyer_id", current_user["sub"]).eq("product_id", product_id).execute()
+    return {"message": "Removed from cart"}
+
+
+@router.delete("/clear")
+async def clear_cart(current_user: dict = Depends(get_current_user)):
+    """Clear entire cart."""
+    sb = get_supabase()
+    sb.table("cart_items").delete().eq("buyer_id", current_user["sub"]).execute()
+    return {"message": "Cart cleared"}
+
+
+class CheckoutRequest(BaseModel):
+    pass  # Kept for backwards-compat; all orders are delivery now
+
+
+@router.post("/checkout")
+async def checkout_cart(req: CheckoutRequest = CheckoutRequest(), current_user: dict = Depends(get_current_user)):
+    """
+    Checkout all items in cart.
+    - Delivery: ₱90 delivery fee per unique department (one group per department).
+    - All items in the same department share a group_id.
+    - The first item in each department group carries the delivery fee; rest are ₱0.
+    """
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # 1. Check user is buyer
+    user_result = sb.table("users").select("role, is_banned").eq("id", user_id).execute()
+    if not user_result.data:
+        raise HTTPException(status_code=404, detail="User not found")
+    if user_result.data[0].get("is_banned"):
+        raise HTTPException(status_code=403, detail="Your account has been banned")
+    if user_result.data[0]["role"] == "admin":
+        raise HTTPException(status_code=403, detail="Admin accounts cannot purchase products")
+    if user_result.data[0]["role"] != "buyer":
+        raise HTTPException(status_code=403, detail="Only buyers can checkout")
+
+    # 2. Check contact number and delivery address
+    contact = sb.table("user_contacts").select("contact_number, delivery_address").eq("user_id", user_id).execute()
+    if not contact.data:
+        raise HTTPException(status_code=400, detail="Please add your contact number before placing an order")
+
+    delivery_address = (contact.data[0].get("delivery_address") or "").strip()
+    if not delivery_address:
+        raise HTTPException(status_code=400, detail="Please set your delivery address before placing a delivery order")
+
+    # 3. Get cart items with product info
+    cart_data = sb.table("cart_items").select(
+        "*, products(id, title, price, seller_id, stock)"
+    ).eq("buyer_id", user_id).execute()
+
+    if not cart_data.data or len(cart_data.data) == 0:
+        raise HTTPException(status_code=400, detail="Your cart is empty")
+
+    # 4. Validate stock and calculate totals
+    items = []
+    products_total = 0.0
+    seller_dept_cache = {}
+
+    for c in cart_data.data:
+        prod = c.get("products")
+        if not prod:
+            continue
+
+        if c["quantity"] > prod["stock"]:
+            raise HTTPException(
+                status_code=400,
+                detail=f"Not enough stock for '{prod['title']}'. Available: {prod['stock']}, in cart: {c['quantity']}"
+            )
+
+        price = float(prod["price"])
+        subtotal = price * c["quantity"]
+        products_total += subtotal
+
+        # Look up seller's department (cached)
+        sid = prod["seller_id"]
+        if sid not in seller_dept_cache:
+            seller_info = sb.table("users").select("department_id").eq("id", sid).execute()
+            seller_dept_cache[sid] = seller_info.data[0].get("department_id") if seller_info.data else None
+
+        dept_id = seller_dept_cache[sid]
+        # Use department_id as delivery unit key, or seller_id for independent sellers
+        delivery_unit = dept_id if dept_id else f"ind_{sid}"
+
+        items.append({
+            "cart_id": c["id"],
+            "product_id": prod["id"],
+            "seller_id": prod["seller_id"],
+            "title": prod["title"],
+            "quantity": c["quantity"],
+            "price": price,
+            "subtotal": subtotal,
+            "delivery_unit": delivery_unit,
+        })
+
+    # One group_id per delivery unit — generated fresh for this checkout
+    delivery_units = set(i["delivery_unit"] for i in items)
+    group_id_map = {unit: str(uuid.uuid4()) for unit in delivery_units}
+
+    total_delivery = len(delivery_units) * DELIVERY_FEE_PER_DEPARTMENT
+
+    # Assign full ₱90 to first item per delivery unit; ₱0 to the rest
+    delivery_fee_per_item = {}
+    seen_units: set = set()
+    for item in items:
+        unit = item["delivery_unit"]
+        if unit not in seen_units:
+            delivery_fee_per_item[item["product_id"]] = DELIVERY_FEE_PER_DEPARTMENT
+            seen_units.add(unit)
+        else:
+            delivery_fee_per_item[item["product_id"]] = 0.0
+
+    grand_total = products_total + total_delivery
+
+    # 5. Check balance
+    balance_result = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if not balance_result.data:
+        raise HTTPException(status_code=400, detail="No balance found. Top up your wallet first.")
+
+    buyer_balance = float(balance_result.data[0]["balance"])
+    if buyer_balance < grand_total:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Insufficient balance. You have PHP {buyer_balance:.2f}, total is PHP {grand_total:.2f}"
+        )
+
+    # 6. Process each item — create transactions and decrement stock
+    transaction_ids = []
+
+    for item in items:
+        amount = item["subtotal"]
+        d_fee = delivery_fee_per_item.get(item["product_id"], 0)
+        seller_amount = amount
+        admin_commission = 0.0
+        group_id = group_id_map[item["delivery_unit"]]
+
+        # Create transaction
+        txn = sb.table("product_transactions").insert({
+            "buyer_id": user_id,
+            "seller_id": item["seller_id"],
+            "product_id": item["product_id"],
+            "quantity": item["quantity"],
+            "amount": amount,
+            "seller_amount": seller_amount,
+            "admin_commission": admin_commission,
+            "delivery_fee": d_fee,
+            "delivery_address": delivery_address,
+            "purchase_type": "delivery",
+            "status": "pending",
+            "group_id": group_id,
+        }).execute()
+
+        if txn.data:
+            transaction_ids.append(txn.data[0]["id"])
+
+        # Decrement stock
+        prod_result = sb.table("products").select("stock").eq("id", item["product_id"]).execute()
+        if prod_result.data:
+            new_stock = int(prod_result.data[0]["stock"]) - item["quantity"]
+            sb.table("products").update({"stock": new_stock}).eq("id", item["product_id"]).execute()
+
+    # 7. Deduct from buyer (money held until transaction completes)
+    new_balance = buyer_balance - grand_total
+    sb.table("user_balances").update({"balance": new_balance}).eq("user_id", user_id).execute()
+
+    # Log the cart checkout as a single purchase entry in wallet history
+    try:
+        sb.table("stored_value").insert({
+            "user_id": user_id,
+            "transaction_type": "purchase",
+            "amount": grand_total,
+            "metadata": {
+                "order_type": "cart_checkout",
+                "item_count": len(items),
+                "departments": len(delivery_units),
+                "products_total": round(products_total, 2),
+                "delivery_fee": total_delivery,
+                "transaction_ids": [str(tid) for tid in transaction_ids],
+                "group_ids": list(group_id_map.values()),
+            },
+        }).execute()
+    except Exception:
+        pass  # Log failure must not block cart clearing
+
+    # 8. Clear cart
+    sb.table("cart_items").delete().eq("buyer_id", user_id).execute()
+
+    return {
+        "message": "Order placed successfully!",
+        "transaction_ids": transaction_ids,
+        "group_ids": list(group_id_map.values()),
+        "products_total": round(products_total, 2),
+        "delivery_fee": total_delivery,
+        "grand_total": round(grand_total, 2),
+        "new_balance": round(new_balance, 2),
+    }

backend/routes/contacts.py

@@ -0,0 +1,66 @@
+"""
+Contact routes — manage user contact numbers.
+Required for buyers (before checkout) and delivery users (before accepting deliveries).
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel
+from typing import Optional
+from database import get_supabase
+from routes.auth import get_current_user
+
+router = APIRouter(prefix="/contacts", tags=["Contacts"])
+
+
+class ContactRequest(BaseModel):
+    contact_number: str
+    delivery_address: Optional[str] = None
+
+
+class ContactResponse(BaseModel):
+    user_id: str
+    contact_number: str
+    delivery_address: str = ""
+
+
+@router.get("/me", response_model=ContactResponse)
+async def get_my_contact(current_user: dict = Depends(get_current_user)):
+    """Get the current user's contact number and delivery address."""
+    sb = get_supabase()
+    result = sb.table("user_contacts").select("*").eq("user_id", current_user["sub"]).execute()
+    if not result.data:
+        raise HTTPException(status_code=404, detail="No contact number set")
+    row = result.data[0]
+    return ContactResponse(
+        user_id=row["user_id"],
+        contact_number=row["contact_number"],
+        delivery_address=row.get("delivery_address", ""),
+    )
+
+
+@router.put("/me", response_model=ContactResponse)
+async def set_my_contact(req: ContactRequest, current_user: dict = Depends(get_current_user)):
+    """Set or update the current user's contact number and delivery address."""
+    if not req.contact_number or len(req.contact_number.strip()) < 7:
+        raise HTTPException(status_code=400, detail="Please enter a valid contact number")
+
+    sb = get_supabase()
+    user_id = current_user["sub"]
+    clean_number = req.contact_number.strip()
+    address = (req.delivery_address or "").strip()
+
+    # Upsert: try update first, then insert if not found
+    existing = sb.table("user_contacts").select("user_id").eq("user_id", user_id).execute()
+    if existing.data:
+        sb.table("user_contacts").update({
+            "contact_number": clean_number,
+            "delivery_address": address,
+        }).eq("user_id", user_id).execute()
+    else:
+        sb.table("user_contacts").insert({
+            "user_id": user_id,
+            "contact_number": clean_number,
+            "delivery_address": address,
+        }).execute()
+
+    return ContactResponse(user_id=user_id, contact_number=clean_number, delivery_address=address)

backend/routes/delivery.py

@@ -0,0 +1,601 @@
+"""
+Delivery routes — delivery user dashboard.
+Available pickups, pick group, update group status, earnings, history.
+Max 5 active delivery GROUPS enforced.
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel
+from typing import Optional
+from database import get_supabase
+from routes.auth import get_current_user
+from datetime import datetime, timedelta, timezone
+
+router = APIRouter(prefix="/delivery", tags=["Delivery"])
+
+MAX_ACTIVE_DELIVERIES = 5
+DELIVERY_FEE = 90.00
+
+
+# --- Helpers ---
+
+async def require_delivery(current_user: dict = Depends(get_current_user)):
+    """Ensure the current user is a delivery user."""
+    if current_user.get("role") != "delivery":
+        sb = get_supabase()
+        result = sb.table("users").select("role").eq("id", current_user["sub"]).execute()
+        if not result.data or result.data[0]["role"] != "delivery":
+            raise HTTPException(status_code=403, detail="Delivery user access required")
+    return current_user
+
+
+# --- Response Models ---
+
+class AvailableOrderResponse(BaseModel):
+    group_id: str
+    buyer_name: str
+    buyer_contact: str = ""
+    seller_name: str
+    delivery_address: str = ""
+    delivery_fee: float
+    total_amount: float
+    status: str
+    created_at: str
+    items: list = []
+
+
+class DeliveryHistoryItem(BaseModel):
+    group_id: str
+    buyer_name: str
+    buyer_contact: str
+    seller_name: str
+    delivery_address: str = ""
+    delivery_fee: float
+    total_amount: float
+    status: str
+    created_at: str
+    items: list = []
+
+
+class EarningsDay(BaseModel):
+    date: str
+    amount: float
+    count: int
+
+
+class TransactionHistoryItem(BaseModel):
+    type: str
+    date: str
+    amount: float
+
+
+class EarningsResponse(BaseModel):
+    total_earnings: float
+    total_deliveries: int
+    wallet_balance: float
+    daily: list[EarningsDay]
+    weekly: list[EarningsDay]
+    monthly: list[EarningsDay]
+    daily_delivery_count: list[EarningsDay]
+    weekly_delivery_count: list[EarningsDay]
+    monthly_delivery_count: list[EarningsDay]
+    history: list[TransactionHistoryItem] = []
+
+
+class StatusUpdateRequest(BaseModel):
+    status: str  # 'delivered' or 'undelivered'
+
+
+class WithdrawRequest(BaseModel):
+    amount: float
+
+
+# --- Helper: build grouped order response ---
+
+def _build_groups(txns_data, user_names, buyer_contacts):
+    """Group transactions by group_id into delivery box structures."""
+    groups = {}
+    for t in txns_data:
+        gid = t.get("group_id") or t["id"]
+        prod = t.get("products") or {}
+        if gid not in groups:
+            groups[gid] = {
+                "group_id": gid,
+                "buyer_id": t["buyer_id"],
+                "buyer_name": user_names.get(t["buyer_id"], "Unknown"),
+                "buyer_contact": buyer_contacts.get(t["buyer_id"], "N/A"),
+                "seller_id": t["seller_id"],
+                "seller_name": user_names.get(t["seller_id"], "Unknown"),
+                "delivery_address": t.get("delivery_address", ""),
+                "delivery_fee": DELIVERY_FEE,
+                "total_amount": 0.0,
+                "status": t["status"],
+                "created_at": t["created_at"],
+                "items": [],
+            }
+        groups[gid]["items"].append({
+            "transaction_id": t["id"],
+            "product_id": t["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_price": float(prod.get("price", 0)),
+            "product_images": prod.get("images", []),
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t["amount"]),
+        })
+        groups[gid]["total_amount"] += float(t["amount"])
+    return list(groups.values())
+
+
+# --- Routes ---
+
+@router.get("/available", response_model=list[AvailableOrderResponse])
+async def get_available_orders(delivery_user: dict = Depends(require_delivery)):
+    """Get order GROUPS with all items approved, ready for pickup."""
+    sb = get_supabase()
+
+    # Fetch all approved transactions not yet assigned to a delivery user
+    txns = sb.table("product_transactions").select(
+        "*, products(title, price, images)"
+    ).eq("status", "approved").is_("delivery_user_id", "null").order("created_at", desc=False).limit(200).execute()
+
+    if not txns.data:
+        return []
+
+    # Build user lookups
+    user_ids = set()
+    for t in txns.data:
+        user_ids.add(t["buyer_id"])
+        user_ids.add(t["seller_id"])
+
+    users_result = sb.table("users").select("id, full_name").in_("id", list(user_ids)).execute()
+    user_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    buyer_ids = list(set(t["buyer_id"] for t in txns.data))
+    contacts_result = sb.table("user_contacts").select("user_id, contact_number").in_("user_id", buyer_ids).execute()
+    buyer_contacts = {c["user_id"]: c["contact_number"] for c in (contacts_result.data or [])}
+
+    # Group and filter: only show groups where ALL items are approved
+    raw_groups = {}
+    for t in txns.data:
+        gid = t.get("group_id") or t["id"]
+        if gid not in raw_groups:
+            raw_groups[gid] = {"txns": [], "all_approved": True}
+        raw_groups[gid]["txns"].append(t)
+
+    # Also check if any transaction in this group has a non-approved status (leftover pending items)
+    result_groups = []
+    for gid, gdata in raw_groups.items():
+        group_txns = gdata["txns"]
+        # Check for any pending items in the same group (e.g. buyer added another item just now)
+        pending_check = sb.table("product_transactions").select("id", count="exact").eq(
+            "group_id", gid
+        ).eq("status", "pending").execute()
+        if (pending_check.count or 0) > 0:
+            continue  # Skip — group still has pending items
+
+        # Build item list
+        buyer_id = group_txns[0]["buyer_id"]
+        seller_id = group_txns[0]["seller_id"]
+        items = []
+        total_amount = 0.0
+        for t in group_txns:
+            prod = t.get("products") or {}
+            items.append({
+                "transaction_id": t["id"],
+                "product_id": t["product_id"],
+                "product_title": prod.get("title", ""),
+                "product_price": float(prod.get("price", 0)),
+                "product_images": prod.get("images", []),
+                "quantity": int(t.get("quantity", 1)),
+                "amount": float(t["amount"]),
+            })
+            total_amount += float(t["amount"])
+
+        result_groups.append(AvailableOrderResponse(
+            group_id=gid,
+            buyer_name=user_names.get(buyer_id, "Unknown"),
+            buyer_contact=buyer_contacts.get(buyer_id, "N/A"),
+            seller_name=user_names.get(seller_id, "Unknown"),
+            delivery_address=group_txns[0].get("delivery_address", ""),
+            delivery_fee=DELIVERY_FEE,
+            total_amount=round(total_amount, 2),
+            status="approved",
+            created_at=group_txns[0]["created_at"],
+            items=items,
+        ))
+
+    return result_groups
+
+
+@router.get("/active", response_model=list[AvailableOrderResponse])
+async def get_active_deliveries(delivery_user: dict = Depends(require_delivery)):
+    """Get delivery user's current active delivery groups (status='ondeliver')."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title, price, images)"
+    ).eq("delivery_user_id", user_id).eq("status", "ondeliver").order("created_at", desc=False).execute()
+
+    if not txns.data:
+        return []
+
+    user_ids = set()
+    for t in txns.data:
+        user_ids.add(t["buyer_id"])
+        user_ids.add(t["seller_id"])
+
+    users_result = sb.table("users").select("id, full_name").in_("id", list(user_ids)).execute()
+    user_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    buyer_ids = list(set(t["buyer_id"] for t in txns.data))
+    contacts_result = sb.table("user_contacts").select("user_id, contact_number").in_("user_id", buyer_ids).execute()
+    buyer_contacts = {c["user_id"]: c["contact_number"] for c in (contacts_result.data or [])}
+
+    groups = {}
+    for t in txns.data:
+        gid = t.get("group_id") or t["id"]
+        prod = t.get("products") or {}
+        if gid not in groups:
+            groups[gid] = {
+                "group_id": gid,
+                "buyer_name": user_names.get(t["buyer_id"], "Unknown"),
+                "buyer_contact": buyer_contacts.get(t["buyer_id"], "N/A"),
+                "seller_name": user_names.get(t["seller_id"], "Unknown"),
+                "delivery_address": t.get("delivery_address", ""),
+                "delivery_fee": DELIVERY_FEE,
+                "total_amount": 0.0,
+                "status": "ondeliver",
+                "created_at": t["created_at"],
+                "items": [],
+            }
+        groups[gid]["items"].append({
+            "transaction_id": t["id"],
+            "product_id": t["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_price": float(prod.get("price", 0)),
+            "product_images": prod.get("images", []),
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t["amount"]),
+        })
+        groups[gid]["total_amount"] += float(t["amount"])
+
+    return [
+        AvailableOrderResponse(**g)
+        for g in groups.values()
+    ]
+
+
+@router.post("/pick/{group_id}")
+async def pick_order(group_id: str, delivery_user: dict = Depends(require_delivery)):
+    """Pick an entire group for delivery. Max 5 active groups."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    # Check contact number
+    contact = sb.table("user_contacts").select("contact_number").eq("user_id", user_id).execute()
+    if not contact.data:
+        raise HTTPException(status_code=400, detail="Please add your contact number before accepting deliveries")
+
+    # Count active delivery GROUPS (not individual transactions)
+    active_groups_result = sb.table("product_transactions").select("id, group_id").eq(
+        "delivery_user_id", user_id
+    ).eq("status", "ondeliver").execute()
+    active_group_ids = set(
+        t.get("group_id") or t["id"]
+        for t in (active_groups_result.data or [])
+    )
+    if len(active_group_ids) >= MAX_ACTIVE_DELIVERIES:
+        raise HTTPException(
+            status_code=400,
+            detail=f"You already have {MAX_ACTIVE_DELIVERIES} active delivery groups. Complete some before picking more."
+        )
+
+    # Verify all transactions in the group are approved and unassigned
+    used_fallback = False
+    group_txns = sb.table("product_transactions").select("*").eq(
+        "group_id", group_id
+    ).execute()
+
+    if not group_txns.data:
+        # Fallback: treat as single transaction_id
+        group_txns = sb.table("product_transactions").select("*").eq(
+            "id", group_id
+        ).execute()
+        used_fallback = True
+
+    if not group_txns.data:
+        raise HTTPException(status_code=404, detail="Order group not found")
+
+    for t in group_txns.data:
+        if t["status"] != "approved":
+            raise HTTPException(status_code=400, detail=f"Order group is not fully approved yet (status: {t['status']})")
+        if t.get("delivery_user_id"):
+            raise HTTPException(status_code=400, detail="This order group is already assigned to another delivery user")
+
+    # Assign all transactions in group to delivery user
+    if used_fallback:
+        sb.table("product_transactions").update({
+            "delivery_user_id": user_id,
+            "status": "ondeliver",
+        }).eq("id", group_id).execute()
+    else:
+        sb.table("product_transactions").update({
+            "delivery_user_id": user_id,
+            "status": "ondeliver",
+        }).eq("group_id", group_id).execute()
+
+    return {"message": "Order group picked up! Deliver all items to the buyer."}
+
+
+@router.put("/status/{group_id}")
+async def update_delivery_status(
+    group_id: str,
+    req: StatusUpdateRequest,
+    delivery_user: dict = Depends(require_delivery),
+):
+    """Update delivery status to 'delivered' or 'undelivered' for an entire group."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    if req.status not in ("delivered", "undelivered"):
+        raise HTTPException(status_code=400, detail="Status must be 'delivered' or 'undelivered'")
+
+    # Verify this group belongs to this delivery user
+    used_fallback = False
+    group_txns = sb.table("product_transactions").select("*").eq(
+        "group_id", group_id
+    ).eq("delivery_user_id", user_id).eq("status", "ondeliver").execute()
+
+    # Fallback: treat as single transaction_id
+    if not group_txns.data:
+        group_txns = sb.table("product_transactions").select("*").eq(
+            "id", group_id
+        ).eq("delivery_user_id", user_id).eq("status", "ondeliver").execute()
+        used_fallback = True
+
+    if not group_txns.data:
+        raise HTTPException(status_code=404, detail="Order group not found or not assigned to you")
+
+    # Update all transactions in group
+    if used_fallback:
+        sb.table("product_transactions").update({"status": req.status}).eq("id", group_id).eq("delivery_user_id", user_id).execute()
+    else:
+        sb.table("product_transactions").update({"status": req.status}).eq("group_id", group_id).eq("delivery_user_id", user_id).execute()
+
+    buyer_id = group_txns.data[0]["buyer_id"]
+    representative_txn_id = group_txns.data[0]["id"]
+
+    if req.status == "undelivered":
+        # Refund buyer: sum of all amounts + delivery fee
+        total_refund = sum(
+            float(t.get("amount", 0)) + float(t.get("delivery_fee", 0))
+            for t in group_txns.data
+        )
+        buyer_bal = sb.table("user_balances").select("balance").eq("user_id", buyer_id).execute()
+        if buyer_bal.data:
+            new_buyer_bal = float(buyer_bal.data[0]["balance"]) + total_refund
+            sb.table("user_balances").update({"balance": new_buyer_bal}).eq("user_id", buyer_id).execute()
+
+        # Log refund
+        sb.table("stored_value").insert({
+            "user_id": buyer_id,
+            "transaction_type": "deposit",
+            "amount": total_refund,
+        }).execute()
+
+        # Restore product stock for each item
+        for t in group_txns.data:
+            product = sb.table("products").select("stock").eq("id", t["product_id"]).execute()
+            if product.data:
+                current_stock = int(product.data[0].get("stock", 0))
+                new_stock = current_stock + int(t.get("quantity", 1))
+                sb.table("products").update({"stock": new_stock}).eq("id", t["product_id"]).execute()
+
+    if req.status == "delivered":
+        # Delivery fee: ₱90 flat per group goes to delivery user
+        sb.table("delivery_earnings").insert({
+            "delivery_user_id": user_id,
+            "transaction_id": representative_txn_id,
+            "amount": DELIVERY_FEE,
+        }).execute()
+        del_bal = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+        if del_bal.data:
+            new_del_bal = float(del_bal.data[0]["balance"]) + DELIVERY_FEE
+            sb.table("user_balances").update({"balance": new_del_bal}).eq("user_id", user_id).execute()
+
+        # Admin gets the total product amount for all items in the group
+        total_product_amount = sum(float(t.get("amount", 0)) for t in group_txns.data)
+        sb.table("admin_earnings").insert({
+            "transaction_id": representative_txn_id,
+            "amount": total_product_amount,
+        }).execute()
+        admin_user = sb.table("users").select("id").eq("role", "admin").limit(1).execute()
+        if admin_user.data:
+            admin_id = admin_user.data[0]["id"]
+            admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+            if admin_bal.data:
+                new_admin_bal = float(admin_bal.data[0]["balance"]) + total_product_amount
+                sb.table("user_balances").update({"balance": new_admin_bal}).eq("user_id", admin_id).execute()
+
+    status_msg = "delivered" if req.status == "delivered" else "marked as undelivered"
+    return {"message": f"Order group {status_msg} successfully!"}
+
+
+@router.get("/earnings", response_model=EarningsResponse)
+async def get_earnings(delivery_user: dict = Depends(require_delivery)):
+    """Get delivery earnings with daily/weekly/monthly breakdowns for graphs."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    # Get all earnings
+    earnings = sb.table("delivery_earnings").select("*").eq(
+        "delivery_user_id", user_id
+    ).order("created_at", desc=True).execute()
+
+    # Get wallet balance
+    bal = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    wallet_balance = float(bal.data[0]["balance"]) if bal.data else 0.0
+
+    all_data = earnings.data or []
+    total_earnings = sum(float(e["amount"]) for e in all_data)
+    total_deliveries = len(all_data)
+
+    # Build time-series data
+    daily_data = {}
+    weekly_data = {}
+    monthly_data = {}
+
+    for e in all_data:
+        try:
+            dt = datetime.fromisoformat(e["created_at"].replace("Z", "+00:00"))
+            day_key = dt.strftime("%Y-%m-%d")
+            week_start = dt - timedelta(days=dt.weekday())
+            week_key = week_start.strftime("%Y-%m-%d")
+            month_key = dt.strftime("%Y-%m")
+        except Exception:
+            day_key = e["created_at"][:10]
+            week_key = e["created_at"][:10]
+            month_key = e["created_at"][:7]
+
+        amt = float(e["amount"])
+
+        if day_key not in daily_data:
+            daily_data[day_key] = {"amount": 0, "count": 0}
+        daily_data[day_key]["amount"] += amt
+        daily_data[day_key]["count"] += 1
+
+        if week_key not in weekly_data:
+            weekly_data[week_key] = {"amount": 0, "count": 0}
+        weekly_data[week_key]["amount"] += amt
+        weekly_data[week_key]["count"] += 1
+
+        if month_key not in monthly_data:
+            monthly_data[month_key] = {"amount": 0, "count": 0}
+        monthly_data[month_key]["amount"] += amt
+        monthly_data[month_key]["count"] += 1
+
+    def to_list(data):
+        return sorted(
+            [EarningsDay(date=k, amount=round(v["amount"], 2), count=v["count"]) for k, v in data.items()],
+            key=lambda x: x.date, reverse=True
+        )[:30]
+
+    withdrawals = sb.table("stored_value").select("*").eq("user_id", user_id).execute()
+    hist = []
+    for e in all_data:
+        hist.append(TransactionHistoryItem(
+            type="Delivery Fee",
+            date=e["created_at"],
+            amount=float(e["amount"])
+        ))
+    for w in withdrawals.data or []:
+        if w.get("amount"):
+            # A withdrawal is a deduction from the delivery wallet
+            ttype = w.get("transaction_type", "Withdrawal").capitalize()
+            hist.append(TransactionHistoryItem(
+                type=ttype,
+                date=w["created_at"],
+                amount=abs(float(w["amount"]))
+            ))
+    hist.sort(key=lambda x: x.date, reverse=True)
+
+    return EarningsResponse(
+        total_earnings=round(total_earnings, 2),
+        total_deliveries=total_deliveries,
+        wallet_balance=round(wallet_balance, 2),
+        daily=to_list(daily_data),
+        weekly=to_list(weekly_data),
+        monthly=to_list(monthly_data),
+        daily_delivery_count=to_list(daily_data),
+        weekly_delivery_count=to_list(weekly_data),
+        monthly_delivery_count=to_list(monthly_data),
+        history=hist
+    )
+
+
+@router.get("/history", response_model=list[DeliveryHistoryItem])
+async def get_delivery_history(delivery_user: dict = Depends(require_delivery)):
+    """Get delivery history grouped by group_id."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title, price, images)"
+    ).eq("delivery_user_id", user_id).in_(
+        "status", ["delivered", "undelivered", "ondeliver"]
+    ).order("created_at", desc=True).limit(200).execute()
+
+    if not txns.data:
+        return []
+
+    user_ids = set()
+    for t in txns.data:
+        user_ids.add(t["buyer_id"])
+        user_ids.add(t["seller_id"])
+
+    users_result = sb.table("users").select("id, full_name").in_("id", list(user_ids)).execute()
+    user_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    contacts_result = sb.table("user_contacts").select("user_id, contact_number").in_(
+        "user_id", list(user_ids)
+    ).execute()
+    user_contacts = {c["user_id"]: c["contact_number"] for c in (contacts_result.data or [])}
+
+    groups = {}
+    for t in txns.data:
+        gid = t.get("group_id") or t["id"]
+        prod = t.get("products") or {}
+        if gid not in groups:
+            groups[gid] = {
+                "group_id": gid,
+                "buyer_name": user_names.get(t["buyer_id"], "Unknown"),
+                "buyer_contact": user_contacts.get(t["buyer_id"], "N/A"),
+                "seller_name": user_names.get(t["seller_id"], "Unknown"),
+                "delivery_address": t.get("delivery_address", ""),
+                "delivery_fee": DELIVERY_FEE,
+                "total_amount": 0.0,
+                "status": t["status"],
+                "created_at": t["created_at"],
+                "items": [],
+            }
+        groups[gid]["items"].append({
+            "transaction_id": t["id"],
+            "product_title": prod.get("title", ""),
+            "product_price": float(prod.get("price", 0)),
+            "product_images": prod.get("images", []),
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t["amount"]),
+        })
+        groups[gid]["total_amount"] += float(t["amount"])
+
+    return [DeliveryHistoryItem(**g) for g in groups.values()]
+
+
+@router.post("/withdraw")
+async def withdraw_earnings(req: WithdrawRequest, delivery_user: dict = Depends(require_delivery)):
+    """Withdraw earnings from delivery wallet."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    if req.amount <= 0:
+        raise HTTPException(status_code=400, detail="Amount must be positive")
+
+    bal = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if not bal.data:
+        raise HTTPException(status_code=404, detail="Balance not found")
+
+    current = float(bal.data[0]["balance"])
+    if current < req.amount:
+        raise HTTPException(status_code=400, detail="Insufficient balance")
+
+    new_bal = current - req.amount
+    sb.table("user_balances").update({"balance": new_bal}).eq("user_id", user_id).execute()
+
+    sb.table("stored_value").insert({
+        "user_id": user_id,
+        "transaction_type": "withdrawal",
+        "amount": req.amount,
+    }).execute()
+
+    return {"message": f"Withdrew PHP {req.amount:.2f}", "balance": round(new_bal, 2)}

backend/routes/insights.py

@@ -0,0 +1,175 @@
+"""
+Insights routes — dynamic AI insights built from transactions and search prompts.
+"""
+
+from fastapi import APIRouter, Depends, HTTPException
+from pydantic import BaseModel
+from collections import Counter
+import re
+from database import get_supabase
+from routes.auth import get_current_user
+
+router = APIRouter(prefix="/insights", tags=["Insights"])
+
+class PromptRequest(BaseModel):
+    prompt: str
+
+
+@router.post("/prompts")
+async def log_prompt(req: PromptRequest, current_user: dict = Depends(get_current_user)):
+    """Logs a search prompt for the user."""
+    sb = get_supabase()
+    sb.table("user_prompts").insert({
+        "user_id": current_user["sub"],
+        "prompt_text": req.prompt
+    }).execute()
+    return {"status": "ok"}
+
+
+@router.get("/seller")
+async def get_seller_insights(current_user: dict = Depends(get_current_user)):
+    """Dynamic NLP Insights for Seller Dashboard using global search prompts."""
+    if current_user.get("role") != "seller" and current_user.get("role") != "admin":
+        # Note: Depending on rules, we might allow admin to see this too
+        # But we'll enforce just basic checking here.
+        pass
+
+    sb = get_supabase()
+    
+    # Fetch all prompts globally (to see market trends)
+    prompts_resp = sb.table("user_prompts").select("prompt_text").execute()
+    prompts = [p["prompt_text"] for p in prompts_resp.data] if prompts_resp.data else []
+
+    # 1. Zero-Result / Market Gap Analytics (Simulated via frequency/trends)
+    # Since we can't truly know if they were zero-result at the time of query, 
+    # we'll find top queries and label them as "Market Opportunities"
+    query_counts = Counter(prompts)
+    top_queries = query_counts.most_common(5)
+    
+    zero_result_queries = []
+    for q, count in top_queries:
+        insight = "High demand — consider sourcing inventory" if count > 5 else "Niche market opportunity"
+        trend = "rising" if count > 2 else "stable"
+        zero_result_queries.append({
+            "query": q,
+            "count": count,
+            "insight": insight,
+            "trend": trend
+        })
+
+    # 2. Keyword Heatmap
+    words = []
+    for p in prompts:
+        # Simple tokenization
+        tokens = re.findall(r'\b\w+\b', p.lower())
+        # Filter short words
+        tokens = [t for t in tokens if len(t) > 3]
+        words.extend(tokens)
+        
+    word_counts = Counter(words)
+    top_words = word_counts.most_common(12)
+    
+    keyword_heatmap = []
+    colors = ['#10b981', '#6366f1', '#f59e0b', '#ef4444', '#8b5cf6', '#14b8a6', '#f97316', '#ec4899', '#06b6d4', '#84cc16']
+    for i, (word, count) in enumerate(top_words):
+        # Calculate a weight from 40 to 95
+        max_c = top_words[0][1] if top_words else 1
+        weight = 40 + (count / max_c) * 55
+        color = colors[i % len(colors)]
+        keyword_heatmap.append({
+            "word": word.capitalize(),
+            "weight": int(weight),
+            "color": color
+        })
+
+    # 3. Sentiment Analytics
+    # In a full system we'd run a sentiment model on reviews/messages.
+    # We will return static demo info for sentiment since we don't have reviews yet.
+    sentiment_data = {
+        "positive": 75,
+        "neutral": 15,
+        "negative": 10,
+        "topPositive": ['Great quality overall', 'Fast shipping noted', 'Exactly as described'],
+        "topNegative": ['Waiting on tracking', 'Size mismatch reported'],
+    }
+
+    return {
+        "zero_result_queries": zero_result_queries,
+        "keyword_heatmap": keyword_heatmap,
+        "sentiment_data": sentiment_data
+    }
+
+
+@router.get("/buyer/recommendations")
+async def get_buyer_recommendations(current_user: dict = Depends(get_current_user)):
+    """Dynamic Recommendations based on the buyer's past search history."""
+    sb = get_supabase()
+
+    # 1. Fetch user's recent prompts
+    prompts_resp = (
+        sb.table("user_prompts")
+        .select("prompt_text")
+        .eq("user_id", current_user["sub"])
+        .order("created_at", desc=True)
+        .limit(10)
+        .execute()
+    )
+
+    if not prompts_resp.data:
+        # Fallback: return popular/recent products for new users
+        fallback_resp = (
+            sb.table("products")
+            .select("*, users!products_seller_id_fkey(full_name)")
+            .eq("is_active", True)
+            .gt("stock", 0)
+            .order("created_at", desc=True)
+            .limit(6)
+            .execute()
+        )
+        products = fallback_resp.data if fallback_resp.data else []
+        # Attach seller_name for frontend
+        for p in products:
+            user_info = p.pop("users", None)
+            p["seller_name"] = user_info["full_name"] if user_info else "Seller"
+        return {"recommendations": products, "based_on": "popular"}
+
+    # 2. Deduplicate and take the 3 most recent unique search queries
+    seen = set()
+    unique_prompts = []
+    for p in prompts_resp.data:
+        text = p["prompt_text"].strip().lower()
+        if text not in seen:
+            seen.add(text)
+            unique_prompts.append(p["prompt_text"].strip())
+        if len(unique_prompts) >= 3:
+            break
+
+    # 3. Build OR filter across all unique queries
+    or_parts = []
+    for q in unique_prompts:
+        safe_q = q.replace("%", "").replace("_", "")
+        or_parts.append(f"title.ilike.%{safe_q}%")
+        or_parts.append(f"description.ilike.%{safe_q}%")
+    or_filter = ",".join(or_parts)
+
+    recs_resp = (
+        sb.table("products")
+        .select("*, users!products_seller_id_fkey(full_name)")
+        .or_(or_filter)
+        .eq("is_active", True)
+        .gt("stock", 0)
+        .limit(6)
+        .execute()
+    )
+
+    products = recs_resp.data if recs_resp.data else []
+
+    # Attach seller_name for frontend
+    for p in products:
+        user_info = p.pop("users", None)
+        p["seller_name"] = user_info["full_name"] if user_info else "Seller"
+
+    return {
+        "recommendations": products,
+        "based_on": unique_prompts[0] if unique_prompts else "popular",
+    }

backend/routes/manager.py

@@ -0,0 +1,745 @@
+"""
+Manager routes — department management, staff CRUD, restock approval.
+Only accessible by manager users (role='manager').
+"""
+
+from fastapi import APIRouter, HTTPException, Depends, Query
+from pydantic import BaseModel
+from typing import Optional
+from database import get_supabase
+from routes.auth import get_current_user
+from datetime import datetime, timedelta, timezone
+
+router = APIRouter(prefix="/manager", tags=["Manager"])
+
+
+# --- Helpers ---
+
+async def require_manager(current_user: dict = Depends(get_current_user)):
+    """Dependency that ensures the current user is a manager."""
+    sb = get_supabase()
+    result = sb.table("users").select("role, department_id").eq("id", current_user["sub"]).execute()
+    if not result.data or result.data[0].get("role") != "manager":
+        raise HTTPException(status_code=403, detail="Manager access required")
+    current_user["department_id"] = result.data[0].get("department_id")
+    return current_user
+
+
+# --- Request/Response Models ---
+
+class StaffRegisterRequest(BaseModel):
+    full_name: str
+    email: str
+    password: str
+    contact_number: str = ""
+
+
+class RestockApproveRequest(BaseModel):
+    approved_quantity: Optional[int] = None
+    manager_notes: str = ""
+
+
+class RestockRejectRequest(BaseModel):
+    manager_notes: str = ""
+
+
+# --- Routes ---
+
+@router.get("/dashboard")
+async def manager_dashboard(manager: dict = Depends(require_manager)):
+    """Get manager dashboard stats for their department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Department info
+    dept = sb.table("departments").select("*").eq("id", dept_id).execute()
+    dept_info = dept.data[0] if dept.data else {}
+
+    # Staff count
+    staff = sb.table("users").select("id", count="exact").eq("department_id", dept_id).eq("role", "seller").execute()
+
+    # Products in department (via staff + manager themselves)
+    staff_ids_result = sb.table("users").select("id").eq("department_id", dept_id).eq("role", "seller").execute()
+    staff_ids = [s["id"] for s in (staff_ids_result.data or [])]
+    manager_id = manager["sub"]
+    if manager_id not in staff_ids:
+        staff_ids.append(manager_id)
+
+    total_products = 0
+    total_revenue = 0
+    daily_sales = {}
+    weekly_sales = {}
+    monthly_sales = {}
+
+    if staff_ids:
+        products = sb.table("products").select("id", count="exact").in_("seller_id", staff_ids).execute()
+        total_products = products.count or 0
+
+        # Revenue from transactions
+        txns = sb.table("product_transactions").select("amount, seller_amount, created_at, purchase_type").in_(
+            "seller_id", staff_ids
+        ).in_("status", ["delivered", "completed"]).execute()
+
+        for t in (txns.data or []):
+            amt = float(t.get("seller_amount", 0))
+            total_revenue += amt
+
+            try:
+                dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+                day_key = dt.strftime("%Y-%m-%d")
+                week_start = dt - timedelta(days=dt.weekday())
+                week_key = week_start.strftime("%Y-%m-%d")
+                month_key = dt.strftime("%Y-%m")
+            except Exception:
+                day_key = t["created_at"][:10]
+                week_key = t["created_at"][:10]
+                month_key = t["created_at"][:7]
+
+            for data, key in [(daily_sales, day_key), (weekly_sales, week_key), (monthly_sales, month_key)]:
+                if key not in data:
+                    data[key] = {"amount": 0, "count": 0}
+                data[key]["amount"] += amt
+                data[key]["count"] += 1
+
+    def to_list(data):
+        return sorted(
+            [{"date": k, "amount": round(v["amount"], 2), "count": v["count"]} for k, v in data.items()],
+            key=lambda x: x["date"], reverse=True
+        )[:30]
+
+    # Pending restock requests
+    pending_restocks = sb.table("restock_requests").select("id", count="exact").eq(
+        "department_id", dept_id
+    ).eq("status", "pending_manager").execute()
+
+    return {
+        "department": dept_info,
+        "total_staff": staff.count or 0,
+        "total_products": total_products,
+        "total_revenue": round(total_revenue, 2),
+        "pending_restocks": pending_restocks.count or 0,
+        "daily_sales": to_list(daily_sales),
+        "weekly_sales": to_list(weekly_sales),
+        "monthly_sales": to_list(monthly_sales),
+    }
+
+
+@router.get("/staff")
+async def list_staff(
+    search: str = Query("", description="Search by name or email"),
+    manager: dict = Depends(require_manager),
+):
+    """List all staff in the manager's department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    query = sb.table("users").select("*").eq(
+        "department_id", dept_id
+    ).eq("role", "seller")
+
+    if search:
+        query = query.or_(f"full_name.ilike.%{search}%,email.ilike.%{search}%")
+
+    result = query.order("created_at", desc=True).execute()
+
+    all_staff_ids = [u["id"] for u in (result.data or [])]
+
+    # Batch-fetch completed transaction stats for all staff
+    staff_stats = {}
+    if all_staff_ids:
+        today_str = datetime.now(timezone.utc).strftime("%Y-%m-%d")
+        completed_statuses = ["completed", "delivered"]
+
+        # Fetch completed transactions for all staff (assigned or legacy seller_id)
+        txns = sb.table("product_transactions").select(
+            "assigned_staff_id, seller_id, status, quantity, purchase_type, created_at"
+        ).in_("status", completed_statuses).execute()
+
+        for t in (txns.data or []):
+            # Determine which staff this belongs to
+            staff_id = t.get("assigned_staff_id") or t.get("seller_id")
+            if staff_id not in all_staff_ids:
+                continue
+
+            if staff_id not in staff_stats:
+                staff_stats[staff_id] = {
+                    "total_completed_tasks": 0,
+                    "tasks_completed_today": 0,
+                    "delivery_items_today": 0,
+                }
+            stats = staff_stats[staff_id]
+            qty = int(t.get("quantity", 1))
+            stats["total_completed_tasks"] += 1
+
+            try:
+                dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+                day_key = dt.strftime("%Y-%m-%d")
+            except Exception:
+                day_key = t["created_at"][:10]
+
+            if day_key == today_str:
+                stats["tasks_completed_today"] += 1
+                stats["delivery_items_today"] += qty
+
+    staff_list = []
+    for u in (result.data or []):
+        uid = u["id"]
+        s = staff_stats.get(uid, {})
+        staff_list.append({
+            "id": uid,
+            "email": u["email"],
+            "full_name": u["full_name"],
+            "role": u["role"],
+            "is_banned": u.get("is_banned", False),
+            "created_at": u["created_at"],
+            "total_completed_tasks": s.get("total_completed_tasks", 0),
+            "tasks_completed_today": s.get("tasks_completed_today", 0),
+            "delivery_items_today": s.get("delivery_items_today", 0),
+        })
+
+    return staff_list
+
+
+@router.post("/staff/register")
+async def register_staff(req: StaffRegisterRequest, manager: dict = Depends(require_manager)):
+    """Manager creates a new staff (seller) account in their department."""
+    import bcrypt
+    import traceback
+
+    try:
+        sb = get_supabase()
+        dept_id = manager.get("department_id")
+        manager_id = manager["sub"]
+
+        if not dept_id:
+            raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+        # Check unique email
+        existing_email = sb.table("users").select("id").eq("email", req.email).execute()
+        if existing_email.data:
+            raise HTTPException(status_code=400, detail="Email already registered")
+
+        # Check unique full_name
+        existing_name = sb.table("users").select("id").eq("full_name", req.full_name).execute()
+        if existing_name.data:
+            raise HTTPException(status_code=400, detail="Full name already taken")
+
+        # Check unique contact_number if provided
+        if req.contact_number:
+            existing_contact = sb.table("user_contacts").select("user_id").eq("contact_number", req.contact_number).execute()
+            if existing_contact.data:
+                raise HTTPException(status_code=400, detail="Contact number already registered")
+
+        # Hash password
+        password_hash = bcrypt.hashpw(req.password.encode("utf-8"), bcrypt.gensalt()).decode("utf-8")
+
+        # Create user with seller role and department assignment
+        result = sb.table("users").insert({
+            "email": req.email,
+            "password_hash": password_hash,
+            "full_name": req.full_name,
+            "role": "seller",
+            "is_banned": False,
+            "department_id": dept_id,
+            "manager_id": manager_id,
+        }).execute()
+
+        if not result.data:
+            raise HTTPException(status_code=500, detail="Failed to create staff user")
+
+        user = result.data[0]
+
+        # Create contact if provided
+        if req.contact_number:
+            sb.table("user_contacts").insert({"user_id": user["id"], "contact_number": req.contact_number}).execute()
+
+        return {
+            "message": "Staff registered successfully",
+            "user": {
+                "id": user["id"],
+                "full_name": user["full_name"],
+                "email": user["email"],
+                "role": "seller",
+                "department_id": dept_id,
+                "contact_number": req.contact_number,
+            },
+        }
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        print(f"[StaffRegister] ERROR: {e}")
+        traceback.print_exc()
+        raise HTTPException(status_code=500, detail=f"Registration failed: {str(e)}")
+
+
+@router.get("/staff/{user_id}/detail")
+async def get_staff_detail(user_id: str, manager: dict = Depends(require_manager)):
+    """Get detailed info about a staff member in the manager's department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    # Verify staff belongs to manager's department
+    user_resp = sb.table("users").select("*, user_contacts(contact_number)").eq("id", user_id).execute()
+    if not user_resp.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    u = user_resp.data[0]
+    if u.get("department_id") != dept_id:
+        raise HTTPException(status_code=403, detail="This user is not in your department")
+
+    contact = ""
+    if u.get("user_contacts"):
+        if isinstance(u["user_contacts"], list) and len(u["user_contacts"]) > 0:
+            contact = u["user_contacts"][0].get("contact_number", "")
+        elif isinstance(u["user_contacts"], dict):
+            contact = u["user_contacts"].get("contact_number", "")
+
+    # Transactions — use assigned_staff_id for accuracy, fallback to seller_id for legacy
+    assigned_txns = sb.table("product_transactions").select("*, products(title, images)").eq(
+        "assigned_staff_id", user_id
+    ).order("created_at", desc=True).limit(100).execute()
+
+    legacy_txns = sb.table("product_transactions").select("*, products(title, images)").eq(
+        "seller_id", user_id
+    ).is_("assigned_staff_id", "null").order("created_at", desc=True).limit(100).execute()
+
+    # Merge and deduplicate
+    seen_ids = set()
+    all_txns = []
+    for t in (assigned_txns.data or []) + (legacy_txns.data or []):
+        if t["id"] not in seen_ids:
+            seen_ids.add(t["id"])
+            all_txns.append(t)
+    all_txns.sort(key=lambda x: x["created_at"], reverse=True)
+
+    today_str = datetime.now(timezone.utc).strftime("%Y-%m-%d")
+    completed_statuses = ("completed", "delivered")
+
+    daily_data = {}
+    monthly_data = {}
+    completed_count = 0
+    total_items = 0
+    today_tasks = 0
+    delivery_items_today = 0
+    products_handled = {}
+
+    for t in all_txns:
+        amt = float(t["amount"])
+        qty = int(t.get("quantity", 1))
+        status = t["status"]
+        purchase_type = t.get("purchase_type", "delivery")
+        is_completed = status in completed_statuses
+
+        try:
+            dt = datetime.fromisoformat(t["created_at"].replace("Z", "+00:00"))
+            day_key = dt.strftime("%Y-%m-%d")
+            month_key = dt.strftime("%Y-%m")
+        except Exception:
+            day_key = t["created_at"][:10]
+            month_key = t["created_at"][:7]
+
+        # Daily data with delivery breakdown
+        if day_key not in daily_data:
+            daily_data[day_key] = {"amount": 0, "count": 0, "delivery_items": 0}
+        daily_data[day_key]["amount"] += amt
+        daily_data[day_key]["count"] += 1
+        if is_completed:
+            daily_data[day_key]["delivery_items"] += qty
+
+        # Monthly data
+        if month_key not in monthly_data:
+            monthly_data[month_key] = {"amount": 0, "count": 0}
+        monthly_data[month_key]["amount"] += amt
+        monthly_data[month_key]["count"] += 1
+
+        # Completion metrics
+        if is_completed:
+            completed_count += 1
+            total_items += qty
+            if day_key == today_str:
+                today_tasks += 1
+                delivery_items_today += qty
+
+            # Track recent products handled
+            pid = t["product_id"]
+            prod_info = t.get("products") or {}
+            if pid not in products_handled:
+                products_handled[pid] = {
+                    "product_id": pid,
+                    "product_title": prod_info.get("title", ""),
+                    "product_image": ((prod_info.get("images") or [""])[0]) if prod_info.get("images") else "",
+                    "quantity_processed": 0,
+                    "last_handled": t["created_at"],
+                    "purchase_type": purchase_type,
+                }
+            products_handled[pid]["quantity_processed"] += qty
+
+    daily = sorted(
+        [{"date": k, "amount": round(v["amount"], 2), "count": v["count"],
+          "delivery_items": v["delivery_items"]}
+         for k, v in daily_data.items()],
+        key=lambda x: x["date"], reverse=True
+    )[:30]
+
+    monthly = sorted(
+        [{"date": k, "amount": round(v["amount"], 2), "count": v["count"]} for k, v in monthly_data.items()],
+        key=lambda x: x["date"], reverse=True
+    )[:12]
+
+    recent_products_handled = sorted(
+        products_handled.values(), key=lambda x: x["last_handled"], reverse=True
+    )[:20]
+
+    # Products
+    prods = sb.table("products").select("id, title, price, stock, images, is_active, created_at").eq("seller_id", user_id).order("created_at", desc=True).limit(50).execute()
+    products = [
+        {
+            "id": p["id"],
+            "title": p["title"],
+            "price": float(p["price"]),
+            "stock": int(p.get("stock", 0)),
+            "image_url": (p.get("images") or [""])[0] if p.get("images") else "",
+            "is_active": p["is_active"],
+            "created_at": p["created_at"],
+        }
+        for p in (prods.data or [])
+    ]
+
+    return {
+        "user": {
+            "id": u["id"],
+            "email": u["email"],
+            "full_name": u["full_name"],
+            "role": u["role"],
+            "is_banned": u.get("is_banned", False),
+            "contact_number": contact,
+            "created_at": u["created_at"],
+        },
+        "report": {
+            "total_transactions": len(all_txns),
+            "total_amount": round(sum(float(t["amount"]) for t in all_txns), 2),
+            "total_completed_tasks": completed_count,
+            "total_items_processed": total_items,
+            "tasks_completed_today": today_tasks,
+            "delivery_items_today": delivery_items_today,
+            "daily": daily,
+            "monthly": monthly,
+        },
+        "products": products,
+        "recent_products_handled": recent_products_handled,
+    }
+
+
+# --- Restock Approval ---
+
+@router.get("/restock-requests")
+async def get_restock_requests(
+    status: str = Query("pending_manager", description="Filter by status"),
+    manager: dict = Depends(require_manager),
+):
+    """Get restock requests for the manager's department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    query = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).eq("department_id", dept_id)
+
+    if status:
+        query = query.eq("status", status)
+
+    requests = query.order("created_at", desc=True).execute()
+
+    # Get staff names
+    staff_ids = set(r["staff_id"] for r in (requests.data or []))
+    staff_names = {}
+    if staff_ids:
+        users_result = sb.table("users").select("id, full_name").in_("id", list(staff_ids)).execute()
+        staff_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        results.append({
+            "id": r["id"],
+            "staff_id": r["staff_id"],
+            "staff_name": staff_names.get(r["staff_id"], "Unknown"),
+            "product_id": r["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "product_price": float(prod.get("price", 0)),
+            "current_stock": int(prod.get("stock", 0)),
+            "requested_quantity": r["requested_quantity"],
+            "approved_quantity": r.get("approved_quantity"),
+            "notes": r.get("notes", ""),
+            "manager_notes": r.get("manager_notes", ""),
+            "status": r["status"],
+            "created_at": r["created_at"],
+        })
+
+    return results
+
+
+@router.put("/restock-requests/{request_id}/approve")
+async def approve_restock(
+    request_id: str,
+    req: RestockApproveRequest,
+    manager: dict = Depends(require_manager),
+):
+    """Approve a restock request. Moves to deliveryman queue."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    # Verify request belongs to department and is pending
+    restock = sb.table("restock_requests").select("*").eq("id", request_id).eq(
+        "department_id", dept_id
+    ).eq("status", "pending_manager").execute()
+
+    if not restock.data:
+        raise HTTPException(status_code=404, detail="Restock request not found or already processed")
+
+    update_data = {
+        "status": "approved_manager",
+        "manager_approved_at": datetime.now(timezone.utc).isoformat(),
+        "manager_notes": req.manager_notes,
+    }
+
+    if req.approved_quantity is not None:
+        update_data["approved_quantity"] = req.approved_quantity
+    else:
+        update_data["approved_quantity"] = restock.data[0]["requested_quantity"]
+
+    sb.table("restock_requests").update(update_data).eq("id", request_id).execute()
+
+    return {"message": "Restock request approved and moved to delivery queue"}
+
+
+@router.put("/restock-requests/{request_id}/reject")
+async def reject_restock(
+    request_id: str,
+    req: RestockRejectRequest,
+    manager: dict = Depends(require_manager),
+):
+    """Reject a restock request."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    restock = sb.table("restock_requests").select("*").eq("id", request_id).eq(
+        "department_id", dept_id
+    ).eq("status", "pending_manager").execute()
+
+    if not restock.data:
+        raise HTTPException(status_code=404, detail="Restock request not found or already processed")
+
+    sb.table("restock_requests").update({
+        "status": "rejected_manager",
+        "manager_notes": req.manager_notes,
+    }).eq("id", request_id).execute()
+
+    return {"message": "Restock request rejected"}
+
+
+# --- Department Products & Transactions ---
+
+@router.get("/products")
+async def list_department_products(
+    search: str = Query("", description="Search by product title"),
+    manager: dict = Depends(require_manager),
+):
+    """List all products from staff in the manager's department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Get all staff in department + the manager themselves (managers create products)
+    staff_result = sb.table("users").select("id, full_name").eq("department_id", dept_id).eq("role", "seller").execute()
+    staff_ids = [s["id"] for s in (staff_result.data or [])]
+    staff_names = {s["id"]: s["full_name"] for s in (staff_result.data or [])}
+
+    # Include manager's own products (managers create products with their own ID as seller_id)
+    manager_id = manager["sub"]
+    if manager_id not in staff_ids:
+        staff_ids.append(manager_id)
+        # Get manager's name for display
+        mgr_user = sb.table("users").select("full_name").eq("id", manager_id).execute()
+        if mgr_user.data:
+            staff_names[manager_id] = mgr_user.data[0]["full_name"]
+
+    if not staff_ids:
+        return []
+
+    query = sb.table("products").select("*").in_("seller_id", staff_ids).order("created_at", desc=True)
+
+    if search:
+        query = query.ilike("title", f"%{search}%")
+
+    result = query.execute()
+
+    return [
+        {
+            "id": p["id"],
+            "title": p["title"],
+            "description": p.get("description", ""),
+            "price": float(p["price"]),
+            "stock": int(p.get("stock", 0)),
+            "images": p.get("images") or [],
+            "is_active": p.get("is_active", True),
+            "status": p.get("status", "pending"),
+            "seller_id": p["seller_id"],
+            "seller_name": staff_names.get(p["seller_id"], "Unknown"),
+            "created_at": p["created_at"],
+        }
+        for p in (result.data or [])
+    ]
+
+
+@router.get("/transactions")
+async def list_department_transactions(
+    search: str = Query("", description="Search by buyer or product"),
+    manager: dict = Depends(require_manager),
+):
+    """List all transactions from staff in the manager's department."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Get all staff in department + manager themselves
+    staff_result = sb.table("users").select("id, full_name").eq("department_id", dept_id).eq("role", "seller").execute()
+    staff_ids = [s["id"] for s in (staff_result.data or [])]
+
+    # Include manager's own ID (managers can create products with their own seller_id)
+    manager_id = manager["sub"]
+    if manager_id not in staff_ids:
+        staff_ids.append(manager_id)
+
+    if not staff_ids:
+        return []
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title)"
+    ).in_("seller_id", staff_ids).order("created_at", desc=True).limit(100).execute()
+
+    # Get buyer names
+    buyer_ids = set(t.get("buyer_id") for t in (txns.data or []) if t.get("buyer_id"))
+    all_user_ids = buyer_ids | set(staff_ids)
+    user_names = {}
+    if all_user_ids:
+        users_result = sb.table("users").select("id, full_name").in_("id", list(all_user_ids)).execute()
+        user_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    results = []
+    for t in (txns.data or []):
+        product_title = (t.get("products") or {}).get("title", "Unknown")
+        if search and search.lower() not in product_title.lower() and search.lower() not in user_names.get(t.get("buyer_id"), "").lower():
+            continue
+        results.append({
+            "id": t["id"],
+            "buyer_name": user_names.get(t.get("buyer_id"), "Unknown"),
+            "seller_name": user_names.get(t.get("seller_id"), "Unknown"),
+            "product_title": product_title,
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t.get("amount", 0)),
+            "seller_amount": float(t.get("seller_amount", 0)),
+            "delivery_fee": float(t.get("delivery_fee", 0)),
+            "purchase_type": t.get("purchase_type", "delivery"),
+            "status": t.get("status", ""),
+            "created_at": t["created_at"],
+        })
+
+    return results
+
+
+# --- Staff Removal ---
+
+@router.delete("/staff/{user_id}/remove")
+async def remove_staff(user_id: str, manager: dict = Depends(require_manager)):
+    """Remove a staff member from the manager's department.
+    This unassigns them from the department (sets department_id and manager_id to null).
+    """
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+    manager_id = manager["sub"]
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Prevent manager from removing themselves
+    if user_id == manager_id:
+        raise HTTPException(status_code=400, detail="You cannot remove yourself from the department")
+
+    # Verify user exists and belongs to this manager's department
+    user_resp = sb.table("users").select("id, role, department_id, full_name").eq("id", user_id).execute()
+    if not user_resp.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user = user_resp.data[0]
+    if user.get("department_id") != dept_id:
+        raise HTTPException(status_code=403, detail="This user is not in your department")
+
+    if user.get("role") != "seller":
+        raise HTTPException(status_code=400, detail="Can only remove staff (seller) members")
+
+    # Delete only non-financial personal data.
+    # Financial records are preserved — their user FKs are set to NULL
+    # automatically via ON DELETE SET NULL (migration_v10).
+    sb.table("wishlist_items").delete().eq("buyer_id", user_id).execute()
+    sb.table("cart_items").delete().eq("buyer_id", user_id).execute()
+    sb.table("stored_value").delete().eq("user_id", user_id).execute()
+    sb.table("user_balances").delete().eq("user_id", user_id).execute()
+    sb.table("user_contacts").delete().eq("user_id", user_id).execute()
+
+    # Permanently delete the user — DB cascades/nullifies all remaining FK references
+    sb.table("users").delete().eq("id", user_id).execute()
+
+    return {"message": f"Staff member '{user['full_name']}' has been permanently deleted"}
+
+
+# --- Product Removal Request ---
+
+@router.post("/products/{product_id}/request-removal")
+async def request_product_removal(product_id: str, manager: dict = Depends(require_manager)):
+    """Manager requests removal of a product. Sets status to 'pending_removal' for admin approval."""
+    sb = get_supabase()
+    dept_id = manager.get("department_id")
+    manager_id = manager["sub"]
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Get all staff IDs in this department + manager
+    staff_result = sb.table("users").select("id").eq("department_id", dept_id).eq("role", "seller").execute()
+    staff_ids = [s["id"] for s in (staff_result.data or [])]
+    if manager_id not in staff_ids:
+        staff_ids.append(manager_id)
+
+    prod = sb.table("products").select("id, status, seller_id").eq("id", product_id).execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["seller_id"] not in staff_ids:
+        raise HTTPException(status_code=403, detail="Product does not belong to your department")
+
+    if prod.data[0]["status"] != "approved":
+        raise HTTPException(status_code=400, detail="Only approved products can be requested for removal")
+
+    sb.table("products").update({
+        "status": "pending_removal",
+        "removal_requested_by": manager_id,
+        "removal_requested_at": datetime.now(timezone.utc).isoformat(),
+    }).eq("id", product_id).execute()
+
+    return {"message": "Product removal requested. Awaiting admin approval."}

backend/routes/products.py

@@ -0,0 +1,341 @@
+"""
+Product routes — create, list, update, delete products.
+When a product is created, its BERT embedding is computed and stored.
+"""
+
+from fastapi import APIRouter, HTTPException, Depends, UploadFile, File, Form
+from pydantic import BaseModel
+from typing import Optional
+import uuid
+import base64
+
+from database import get_supabase, store_product_embedding
+from models.bert_service import bert_service
+from routes.auth import get_current_user
+from config import SUPABASE_URL
+
+router = APIRouter(prefix="/products", tags=["Products"])
+
+
+# --- Request/Response Models ---
+
+class CreateProductRequest(BaseModel):
+    title: str
+    description: str = ""
+    price: float
+    stock: int = 1
+    images: list[str] = []  # Array of image URLs or data URIs
+    tracking_number: Optional[str] = None  # Parcel tracking number
+
+
+class UpdateProductRequest(BaseModel):
+    title: Optional[str] = None
+    description: Optional[str] = None
+    price: Optional[float] = None
+    stock: Optional[int] = None
+    images: Optional[list[str]] = None
+    is_active: Optional[bool] = None
+    tracking_number: Optional[str] = None
+
+
+class ProductResponse(BaseModel):
+    id: str
+    seller_id: str
+    title: str
+    description: str
+    price: float
+    stock: int = 0
+    images: list[str] = []
+    tracking_number: Optional[str] = None
+    is_active: bool
+    status: str = "pending"
+    created_at: str
+    seller_name: Optional[str] = None
+
+
+def build_product_response(p, seller_name=""):
+    """Helper to build ProductResponse from DB row."""
+    return ProductResponse(
+        id=p["id"],
+        seller_id=p["seller_id"],
+        title=p["title"],
+        description=p["description"] or "",
+        price=float(p["price"]),
+        stock=int(p.get("stock", 0)),
+        images=p.get("images") or [],
+        tracking_number=p.get("tracking_number"),
+        is_active=p["is_active"],
+        status=p.get("status", "pending"),
+        created_at=p["created_at"],
+        seller_name=seller_name,
+    )
+
+
+# --- Image Upload Endpoint ---
+
+@router.post("/upload-image")
+async def upload_image(
+    file: UploadFile = File(...),
+    current_user: dict = Depends(get_current_user),
+):
+    """Upload a product image to Supabase Storage. Returns the public URL."""
+    sb = get_supabase()
+
+    # Validate file type
+    allowed = {"image/jpeg", "image/png", "image/webp", "image/gif"}
+    if file.content_type not in allowed:
+        raise HTTPException(status_code=400, detail=f"File type {file.content_type} not allowed. Use JPEG, PNG, WebP, or GIF.")
+
+    # Validate file size (max 5MB)
+    contents = await file.read()
+    if len(contents) > 5 * 1024 * 1024:
+        raise HTTPException(status_code=400, detail="File too large. Max 5MB.")
+
+    # Generate unique filename
+    ext = file.filename.split(".")[-1] if "." in file.filename else "jpg"
+    filename = f"{current_user['sub']}/{uuid.uuid4().hex}.{ext}"
+
+    # Upload to Supabase Storage
+    try:
+        sb.storage.from_("product-images").upload(
+            filename,
+            contents,
+            file_options={"content-type": file.content_type},
+        )
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=f"Failed to upload image: {str(e)}")
+
+    # Get public URL
+    public_url = f"{SUPABASE_URL}/storage/v1/object/public/product-images/{filename}"
+
+    return {"url": public_url, "filename": filename}
+
+
+# --- Routes ---
+
+@router.post("/", response_model=ProductResponse)
+async def create_product(req: CreateProductRequest, current_user: dict = Depends(get_current_user)):
+    """
+    Create a new product listing.
+    Automatically computes BERT embedding if the model is loaded.
+    """
+    sb = get_supabase()
+
+    # Verify user is a manager (only managers can create products)
+    user_result = sb.table("users").select("role, department_id").eq("id", current_user["sub"]).execute()
+    if not user_result.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user_role = user_result.data[0]["role"]
+    if user_role != "manager":
+        raise HTTPException(status_code=403, detail="Only managers can create products")
+
+    # Validate required fields
+    if not req.title or not req.title.strip():
+        raise HTTPException(status_code=400, detail="Product title is required")
+    if req.price <= 0:
+        raise HTTPException(status_code=400, detail="Price must be greater than 0")
+    if req.stock < 1:
+        raise HTTPException(status_code=400, detail="Stock must be at least 1")
+    if not req.images or len(req.images) == 0:
+        raise HTTPException(status_code=400, detail="At least one product image is required")
+    if len(req.images) > 5:
+        raise HTTPException(status_code=400, detail="Maximum 5 images allowed")
+
+    # Insert the product
+    result = sb.table("products").insert({
+        "seller_id": current_user["sub"],
+        "title": req.title.strip(),
+        "description": req.description.strip(),
+        "price": req.price,
+        "stock": req.stock,
+        "images": req.images,
+        "tracking_number": req.tracking_number,
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create product")
+
+    product = result.data[0]
+
+    # Compute and store BERT embedding (if model loaded)
+    try:
+        if bert_service._loaded:
+            embedding = bert_service.compute_embedding(req.title)
+            store_product_embedding(product["id"], embedding)
+            print(f"[Products] Embedding computed for product: {product['id']}")
+    except Exception as e:
+        print(f"[Products] Warning: Failed to compute embedding: {e}")
+
+    return build_product_response(product)
+
+
+@router.post("/backfill-embeddings")
+async def backfill_embeddings():
+    """
+    Compute and store BERT embeddings for all products that are missing them.
+    Use this after adding products directly to the database.
+    """
+    if not bert_service._loaded:
+        raise HTTPException(status_code=503, detail="BERT model not loaded. Cannot compute embeddings.")
+
+    sb = get_supabase()
+    # Fetch all products without embeddings
+    result = sb.table("products").select("id, title").is_("embedding", "null").execute()
+
+    if not result.data:
+        return {"message": "All products already have embeddings.", "updated": 0}
+
+    updated = 0
+    errors = []
+    for p in result.data:
+        try:
+            embedding = bert_service.compute_embedding(p["title"])
+            store_product_embedding(p["id"], embedding)
+            updated += 1
+            print(f"[Backfill] Embedded: {p['id']} — {p['title']}")
+        except Exception as e:
+            errors.append({"id": p["id"], "title": p["title"], "error": str(e)})
+            print(f"[Backfill] Failed: {p['id']} — {e}")
+
+    return {
+        "message": f"Backfill complete. {updated}/{len(result.data)} products updated.",
+        "updated": updated,
+        "total": len(result.data),
+        "errors": errors,
+    }
+
+
+@router.get("/", response_model=list[ProductResponse])
+async def list_products(limit: int = 50, offset: int = 0):
+    """List all active products with stock > 0 (public, no auth required)."""
+    sb = get_supabase()
+    result = (
+        sb.table("products")
+        .select("*, users!products_seller_id_fkey(full_name, department_id)")
+        .eq("is_active", True)
+        .eq("status", "approved")
+        .gt("stock", 0)
+        .order("created_at", desc=True)
+        .range(offset, offset + limit - 1)
+        .execute()
+    )
+
+    # Collect department IDs to batch-lookup department names
+    dept_ids = set()
+    for p in result.data:
+        user_info = p.get("users") or {}
+        dept_id = user_info.get("department_id")
+        if dept_id:
+            dept_ids.add(dept_id)
+
+    dept_names = {}
+    if dept_ids:
+        depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+
+    products = []
+    for p in result.data:
+        user_info = p.get("users") or {}
+        dept_id = user_info.get("department_id")
+        if dept_id and dept_id in dept_names:
+            seller_name = dept_names[dept_id]
+        else:
+            seller_name = user_info.get("full_name", "")
+        products.append(build_product_response(p, seller_name))
+    return products
+
+
+@router.get("/my", response_model=list[ProductResponse])
+async def list_my_products(current_user: dict = Depends(get_current_user)):
+    """List products owned by the current user or their department (includes all, even out of stock)."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Check if user is a seller in a department — if so, also include products from their manager
+    user_info = sb.table("users").select("role, department_id, manager_id").eq("id", user_id).execute()
+    seller_ids = [user_id]
+
+    if user_info.data and user_info.data[0].get("department_id"):
+        dept_id = user_info.data[0]["department_id"]
+        # Find the manager of this department (they create products for the department)
+        dept = sb.table("departments").select("manager_id").eq("id", dept_id).execute()
+        if dept.data and dept.data[0].get("manager_id"):
+            manager_id = dept.data[0]["manager_id"]
+            if manager_id not in seller_ids:
+                seller_ids.append(manager_id)
+
+    result = sb.table("products").select("*").in_("seller_id", seller_ids).order("created_at", desc=True).execute()
+
+    return [build_product_response(p) for p in result.data]
+
+
+@router.get("/{product_id}", response_model=ProductResponse)
+async def get_product(product_id: str):
+    """Get a single product by ID (public)."""
+    sb = get_supabase()
+    result = sb.table("products").select("*, users!products_seller_id_fkey(full_name, department_id)").eq("id", product_id).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    p = result.data[0]
+    user_info = p.get("users") or {}
+    dept_id = user_info.get("department_id")
+    seller_name = user_info.get("full_name", "")
+    if dept_id:
+        dept_resp = sb.table("departments").select("name").eq("id", dept_id).execute()
+        if dept_resp.data:
+            seller_name = dept_resp.data[0]["name"]
+    return build_product_response(p, seller_name)
+
+
+@router.put("/{product_id}", response_model=ProductResponse)
+async def update_product(product_id: str, req: UpdateProductRequest, current_user: dict = Depends(get_current_user)):
+    """Update a product. Only the owner can update."""
+    sb = get_supabase()
+
+    # Verify ownership
+    existing = sb.table("products").select("seller_id").eq("id", product_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+    if existing.data[0]["seller_id"] != current_user["sub"]:
+        raise HTTPException(status_code=403, detail="Not your product")
+
+    # Build update dict (only non-None fields)
+    update_data = {k: v for k, v in req.model_dump().items() if v is not None}
+    if not update_data:
+        raise HTTPException(status_code=400, detail="No fields to update")
+
+    # Validate images limit
+    if req.images is not None and len(req.images) > 5:
+        raise HTTPException(status_code=400, detail="Maximum 5 images allowed")
+
+    result = sb.table("products").update(update_data).eq("id", product_id).execute()
+    p = result.data[0]
+
+    # Re-compute embedding if title changed
+    if req.title:
+        try:
+            if bert_service._loaded:
+                embedding = bert_service.compute_embedding(req.title)
+                store_product_embedding(product_id, embedding)
+        except Exception as e:
+            print(f"[Products] Warning: Failed to recompute embedding: {e}")
+
+    return build_product_response(p)
+
+
+@router.delete("/{product_id}")
+async def delete_product(product_id: str, current_user: dict = Depends(get_current_user)):
+    """Soft-delete a product (set is_active=False). Only the owner can delete."""
+    sb = get_supabase()
+
+    existing = sb.table("products").select("seller_id").eq("id", product_id).execute()
+    if not existing.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+    if existing.data[0]["seller_id"] != current_user["sub"]:
+        raise HTTPException(status_code=403, detail="Not your product")
+
+    sb.table("products").update({"is_active": False}).eq("id", product_id).execute()
+    return {"message": "Product deleted successfully"}

backend/routes/restock.py

@@ -0,0 +1,402 @@
+"""
+Restock routes — staff requests, delivery queue, fulfillment.
+Workflow: Staff Request → Manager Approval → Deliveryman Queue → Delivery → Stock Update
+"""
+
+from fastapi import APIRouter, HTTPException, Depends, Query
+from pydantic import BaseModel
+from typing import Optional
+from database import get_supabase
+from routes.auth import get_current_user
+from datetime import datetime, timezone
+
+router = APIRouter(prefix="/restock", tags=["Restock"])
+
+
+# --- Helpers ---
+
+async def require_seller(current_user: dict = Depends(get_current_user)):
+    """Ensure the current user is a seller (staff)."""
+    sb = get_supabase()
+    result = sb.table("users").select("role, department_id").eq("id", current_user["sub"]).execute()
+    if not result.data or result.data[0].get("role") != "seller":
+        raise HTTPException(status_code=403, detail="Staff/seller access required")
+    current_user["department_id"] = result.data[0].get("department_id")
+    return current_user
+
+
+async def require_delivery(current_user: dict = Depends(get_current_user)):
+    """Ensure the current user is a delivery user."""
+    sb = get_supabase()
+    result = sb.table("users").select("role").eq("id", current_user["sub"]).execute()
+    if not result.data or result.data[0].get("role") != "delivery":
+        raise HTTPException(status_code=403, detail="Delivery user access required")
+    return current_user
+
+
+# --- Request Models ---
+
+class RestockRequestCreate(BaseModel):
+    product_id: str
+    requested_quantity: int
+    notes: str = ""
+
+
+class DeliveryModifyRequest(BaseModel):
+    delivery_notes: str = ""
+
+
+# --- Staff Routes ---
+
+@router.post("/request")
+async def create_restock_request(req: RestockRequestCreate, seller: dict = Depends(require_seller)):
+    """Staff creates a restock request for one of their products."""
+    sb = get_supabase()
+    user_id = seller["sub"]
+    dept_id = seller.get("department_id")
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="You are not assigned to a department. Only department staff can request restocks.")
+
+    if req.requested_quantity < 1:
+        raise HTTPException(status_code=400, detail="Quantity must be at least 1")
+
+    # Verify product belongs to this seller or their department
+    product = sb.table("products").select("id, seller_id").eq("id", req.product_id).execute()
+    if not product.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+    product_seller_id = product.data[0]["seller_id"]
+    if product_seller_id != user_id:
+        # Allow if the product belongs to the seller's department manager
+        allowed = False
+        if dept_id:
+            dept = sb.table("departments").select("manager_id").eq("id", dept_id).execute()
+            if dept.data and dept.data[0].get("manager_id") == product_seller_id:
+                allowed = True
+        if not allowed:
+            raise HTTPException(status_code=403, detail="You can only request restock for products in your department")
+
+    # Create restock request
+    result = sb.table("restock_requests").insert({
+        "staff_id": user_id,
+        "department_id": dept_id,
+        "product_id": req.product_id,
+        "requested_quantity": req.requested_quantity,
+        "notes": req.notes,
+        "status": "pending_manager",
+    }).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=500, detail="Failed to create restock request")
+
+    return {"message": "Restock request submitted for manager approval", "request": result.data[0]}
+
+
+@router.get("/my-requests")
+async def get_my_requests(seller: dict = Depends(require_seller)):
+    """List all restock requests created by this staff member."""
+    sb = get_supabase()
+    user_id = seller["sub"]
+
+    requests = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).eq("staff_id", user_id).order("created_at", desc=True).limit(50).execute()
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        results.append({
+            "id": r["id"],
+            "product_id": r["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "current_stock": int(prod.get("stock", 0)),
+            "requested_quantity": r["requested_quantity"],
+            "approved_quantity": r.get("approved_quantity"),
+            "notes": r.get("notes", ""),
+            "manager_notes": r.get("manager_notes", ""),
+            "delivery_notes": r.get("delivery_notes", ""),
+            "status": r["status"],
+            "created_at": r["created_at"],
+        })
+
+    return results
+
+
+# --- Delivery Routes ---
+
+@router.get("/delivery-queue")
+async def get_delivery_queue(delivery_user: dict = Depends(require_delivery)):
+    """Get restock requests approved by managers, ready for delivery pickup."""
+    sb = get_supabase()
+
+    requests = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).eq("status", "approved_manager").is_("delivery_user_id", "null").order("manager_approved_at", desc=False).limit(50).execute()
+
+    # Get staff names and department names
+    staff_ids = set()
+    dept_ids = set()
+    for r in (requests.data or []):
+        staff_ids.add(r["staff_id"])
+        dept_ids.add(r["department_id"])
+
+    staff_names = {}
+    if staff_ids:
+        users_result = sb.table("users").select("id, full_name").in_("id", list(staff_ids)).execute()
+        staff_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    dept_names = {}
+    if dept_ids:
+        depts_result = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts_result.data or [])}
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        qty = r.get("approved_quantity") or r["requested_quantity"]
+        results.append({
+            "id": r["id"],
+            "staff_id": r["staff_id"],
+            "staff_name": staff_names.get(r["staff_id"], "Unknown"),
+            "department_id": r["department_id"],
+            "department_name": dept_names.get(r["department_id"], "Unknown"),
+            "product_id": r["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "quantity": qty,
+            "notes": r.get("notes", ""),
+            "manager_notes": r.get("manager_notes", ""),
+            "status": r["status"],
+            "manager_approved_at": r.get("manager_approved_at", ""),
+            "created_at": r["created_at"],
+        })
+
+    return results
+
+
+@router.post("/{request_id}/accept")
+async def accept_restock_delivery(request_id: str, delivery_user: dict = Depends(require_delivery)):
+    """Deliveryman accepts a restock request."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    # Verify request is available
+    restock = sb.table("restock_requests").select("*").eq("id", request_id).eq("status", "approved_manager").execute()
+    if not restock.data:
+        raise HTTPException(status_code=404, detail="Restock request not found or not available")
+
+    if restock.data[0].get("delivery_user_id"):
+        raise HTTPException(status_code=400, detail="This request is already assigned to another delivery user")
+
+    sb.table("restock_requests").update({
+        "status": "accepted_delivery",
+        "delivery_user_id": user_id,
+        "delivery_accepted_at": datetime.now(timezone.utc).isoformat(),
+    }).eq("id", request_id).execute()
+
+    return {"message": "Restock delivery accepted"}
+
+
+@router.put("/{request_id}/modify")
+async def modify_restock_delivery(
+    request_id: str,
+    req: DeliveryModifyRequest,
+    delivery_user: dict = Depends(require_delivery),
+):
+    """Deliveryman modifies delivery notes on a restock request."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    restock = sb.table("restock_requests").select("*").eq("id", request_id).eq(
+        "delivery_user_id", user_id
+    ).in_("status", ["accepted_delivery", "in_transit"]).execute()
+
+    if not restock.data:
+        raise HTTPException(status_code=404, detail="Restock request not found or not assigned to you")
+
+    sb.table("restock_requests").update({
+        "delivery_notes": req.delivery_notes,
+    }).eq("id", request_id).execute()
+
+    return {"message": "Delivery notes updated"}
+
+
+@router.put("/{request_id}/deliver")
+async def complete_restock_delivery(request_id: str, delivery_user: dict = Depends(require_delivery)):
+    """Mark restock as delivered and increment product stock. Deduct ₱90 delivery fee from admin."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    RESTOCK_DELIVERY_FEE = 90.00
+
+    restock = sb.table("restock_requests").select("*").eq("id", request_id).eq(
+        "delivery_user_id", user_id
+    ).in_("status", ["accepted_delivery", "in_transit"]).execute()
+
+    if not restock.data:
+        raise HTTPException(status_code=404, detail="Restock request not found or not assigned to you")
+
+    r = restock.data[0]
+    qty = r.get("approved_quantity") or r["requested_quantity"]
+
+    # Get product info for metadata
+    product = sb.table("products").select("stock, title").eq("id", r["product_id"]).execute()
+    product_title = product.data[0].get("title", "Product") if product.data else "Product"
+
+    # Increment product stock
+    if product.data:
+        new_stock = int(product.data[0]["stock"]) + qty
+        sb.table("products").update({"stock": new_stock}).eq("id", r["product_id"]).execute()
+
+    # Update restock request
+    sb.table("restock_requests").update({
+        "status": "delivered",
+        "delivered_at": datetime.now(timezone.utc).isoformat(),
+    }).eq("id", request_id).execute()
+
+    # Get delivery person name
+    delivery_user_info = sb.table("users").select("full_name").eq("id", user_id).execute()
+    delivery_name = delivery_user_info.data[0]["full_name"] if delivery_user_info.data else "Deliveryman"
+
+    # Get admin user
+    admin_user = sb.table("users").select("id").eq("role", "admin").limit(1).execute()
+    if admin_user.data:
+        admin_id = admin_user.data[0]["id"]
+
+        # Deduct ₱90 from admin balance
+        admin_bal = sb.table("user_balances").select("balance").eq("user_id", admin_id).execute()
+        if admin_bal.data:
+            new_admin_bal = float(admin_bal.data[0]["balance"]) - RESTOCK_DELIVERY_FEE
+            sb.table("user_balances").update({"balance": new_admin_bal}).eq("user_id", admin_id).execute()
+
+        # Record admin SVF deduction with metadata
+        sb.table("stored_value").insert({
+            "user_id": admin_id,
+            "transaction_type": "restock_payment",
+            "amount": RESTOCK_DELIVERY_FEE,
+            "metadata": {
+                "restock_request_id": request_id,
+                "product_title": product_title,
+                "quantity": qty,
+                "delivery_user_name": delivery_name,
+                "delivery_user_id": user_id,
+            },
+        }).execute()
+
+    # Credit ₱90 to delivery person's balance
+    del_bal = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if del_bal.data:
+        new_del_bal = float(del_bal.data[0]["balance"]) + RESTOCK_DELIVERY_FEE
+        sb.table("user_balances").update({"balance": new_del_bal}).eq("user_id", user_id).execute()
+
+    # Record delivery person SVF deposit
+    sb.table("stored_value").insert({
+        "user_id": user_id,
+        "transaction_type": "restock_earning",
+        "amount": RESTOCK_DELIVERY_FEE,
+        "metadata": {
+            "restock_request_id": request_id,
+            "product_title": product_title,
+            "quantity": qty,
+        },
+    }).execute()
+
+    return {"message": f"Restock delivered. {qty} units added to product stock. ₱{RESTOCK_DELIVERY_FEE:.2f} delivery fee processed."}
+
+
+@router.get("/delivery-history")
+async def get_restock_delivery_history(delivery_user: dict = Depends(require_delivery)):
+    """Get deliveryman's completed restock delivery history."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    requests = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).eq("delivery_user_id", user_id).in_(
+        "status", ["delivered", "accepted_delivery", "in_transit"]
+    ).order("delivered_at", desc=True).limit(100).execute()
+
+    staff_ids = set()
+    dept_ids = set()
+    for r in (requests.data or []):
+        staff_ids.add(r["staff_id"])
+        dept_ids.add(r["department_id"])
+
+    staff_names = {}
+    if staff_ids:
+        users_result = sb.table("users").select("id, full_name").in_("id", list(staff_ids)).execute()
+        staff_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    dept_names = {}
+    if dept_ids:
+        depts_result = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts_result.data or [])}
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        qty = r.get("approved_quantity") or r["requested_quantity"]
+        results.append({
+            "id": r["id"],
+            "staff_name": staff_names.get(r["staff_id"], "Unknown"),
+            "department_name": dept_names.get(r["department_id"], "Unknown"),
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "quantity": qty,
+            "notes": r.get("notes", ""),
+            "delivery_notes": r.get("delivery_notes", ""),
+            "status": r["status"],
+            "delivered_at": r.get("delivered_at", ""),
+            "created_at": r["created_at"],
+        })
+
+    return results
+
+
+@router.get("/active-deliveries")
+async def get_active_restock_deliveries(delivery_user: dict = Depends(require_delivery)):
+    """Get deliveryman's active restock deliveries."""
+    sb = get_supabase()
+    user_id = delivery_user["sub"]
+
+    requests = sb.table("restock_requests").select(
+        "*, products(title, price, stock, images)"
+    ).eq("delivery_user_id", user_id).in_(
+        "status", ["accepted_delivery", "in_transit"]
+    ).order("delivery_accepted_at", desc=False).execute()
+
+    # Get staff names and department names
+    staff_ids = set()
+    dept_ids = set()
+    for r in (requests.data or []):
+        staff_ids.add(r["staff_id"])
+        dept_ids.add(r["department_id"])
+
+    staff_names = {}
+    if staff_ids:
+        users_result = sb.table("users").select("id, full_name").in_("id", list(staff_ids)).execute()
+        staff_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    dept_names = {}
+    if dept_ids:
+        depts_result = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+        dept_names = {d["id"]: d["name"] for d in (depts_result.data or [])}
+
+    results = []
+    for r in (requests.data or []):
+        prod = r.get("products") or {}
+        qty = r.get("approved_quantity") or r["requested_quantity"]
+        results.append({
+            "id": r["id"],
+            "staff_name": staff_names.get(r["staff_id"], "Unknown"),
+            "department_name": dept_names.get(r["department_id"], "Unknown"),
+            "product_title": prod.get("title", ""),
+            "product_images": prod.get("images", []),
+            "quantity": qty,
+            "delivery_notes": r.get("delivery_notes", ""),
+            "status": r["status"],
+            "delivery_accepted_at": r.get("delivery_accepted_at", ""),
+        })
+
+    return results

backend/routes/search.py

@@ -0,0 +1,417 @@
+"""
+Search route — the CORE of the thesis.
+
+Architecture (from README.md):
+                      User Query: "I want an affordable dress"
+                                |
+                ================|================
+                |               |               |
+        [Intent Class.]   [Slot/Entity     [BERT Embedding]
+                |          Extraction]          |
+                v               |              v
+          intent:purchase       v         768-dim vector
+                        {                      |
+                         category: "dress"     |
+                         price: "affordable"   |
+                        }                      |
+                ================|===============|
+                               |               |
+                        [Query Rewriting]      |
+                        "dress" + filters      |
+                               |               |
+                ===============|================
+                |              |               |
+        [Supabase Filter] [pgvector      [CrossEncoder
+         price <= budget   Similarity]    Ranker]
+                |              |               |
+                ===============|================
+                               |
+                       [ESCI Classifier]
+                        E / S / C / I
+                               |
+                       [Score Blending]
+                       0.5*R + 0.3*C + 0.2*S
+                               |
+                       Final Ranked Results
+
+Pipeline Stages:
+1. BERT Embedding: Query → 768-dimensional vector
+2. pgvector Similarity: Top-50 candidates via cosine similarity
+3. CrossEncoder Re-Ranking: Pairwise relevance scoring
+4. ESCI Classifier: E/S/C/I classification with softmax probabilities
+5. Score Blending: 0.5×Ranker + 0.3×Classifier + 0.2×Similarity
+"""
+
+from fastapi import APIRouter, Query, HTTPException, UploadFile, File
+from pydantic import BaseModel
+from typing import Optional
+import traceback
+import tempfile
+import os
+import numpy as np
+
+from models.bert_service import bert_service
+from models.classifier import classifier_service, LABEL_PRIORITY
+from models.ranker import ranker_service
+from models.query_rewriter import query_rewriter
+from database import search_similar_products, search_similar_products_filtered, get_supabase
+from config import (
+    SEARCH_TOP_K_CANDIDATES,
+    SEARCH_MAX_RESULTS,
+    RANKER_WEIGHT,
+    CLASSIFIER_WEIGHT,
+    SIMILARITY_WEIGHT,
+)
+
+router = APIRouter(prefix="/search", tags=["Search"])
+
+
+# =============================================================================
+#  Response Models
+# =============================================================================
+
+class SearchResultItem(BaseModel):
+    id: str
+    title: str
+    description: str
+    price: float
+    stock: int = 0
+    image_url: str
+    seller_id: str
+    # Scoring components
+    similarity: float = 0.0          # pgvector cosine similarity (0-1)
+    ranker_score: float = 0.0        # CrossEncoder relevance score (0-1, normalized)
+    relevance_score: float = 0.0     # Final blended score: 0.5*R + 0.3*C + 0.2*S
+    # ESCI classification
+    relevance_label: str = "Exact"   # E/S/C/I classification
+    relevance_confidence: float = 1.0
+    exact_prob: float = 0.0
+    substitute_prob: float = 0.0
+    complement_prob: float = 0.0
+    irrelevant_prob: float = 0.0
+
+
+class SearchResponse(BaseModel):
+    query: str
+    total_results: int
+    results: list[SearchResultItem]
+    message: str = ""
+    # Query Rewriting metadata (from Intent + Slot extraction)
+    rewritten_query: str = ""
+    detected_intents: list[str] = []
+    extracted_slots: dict = {}
+    applied_filters: dict = {}
+    search_groups: list[dict] = []   # [{search_text, filters}, ...] for compound queries
+
+
+# =============================================================================
+#  Helper Functions
+# =============================================================================
+
+def _first_image(images_field) -> str:
+    """Extract the first image URL from a product's images field."""
+    images = images_field or []
+    if isinstance(images, str):
+        return images
+    if isinstance(images, list) and len(images) > 0:
+        return images[0]
+    return ""
+
+
+def _compute_blended_score(
+    ranker_score: float,
+    classifier_priority: float,
+    similarity: float,
+    w_ranker: float = RANKER_WEIGHT,
+    w_classifier: float = CLASSIFIER_WEIGHT,
+    w_similarity: float = SIMILARITY_WEIGHT,
+) -> float:
+    """
+    Score Blending formula from README:
+    relevance_score = 0.4×R + 0.25×C + 0.35×S
+
+    Where:
+    - R = Ranker score (CrossEncoder, normalized 0-1)
+    - C = Classifier priority (E=1.0, S=0.67, C=0.33, I=0.0)
+    - S = Similarity (pgvector cosine similarity, 0-1)
+    """
+    return (
+        w_ranker * ranker_score +
+        w_classifier * classifier_priority +
+        w_similarity * similarity
+    )
+
+
+def _label_to_priority_weight(label: str) -> float:
+    """
+    Convert ESCI label to priority weight for score blending.
+    E=1.0, S=0.67, C=0.33, I=0.0
+    """
+    priority = LABEL_PRIORITY.get(label, 3)  # Default to Irrelevant (3)
+    return (3 - priority) / 3
+
+
+def _run_search_pipeline(
+    search_text: str,
+    filters: dict,
+    original_query: str,
+    max_candidates: int,
+    include_complements: bool,
+    include_substitutes: bool,
+    show_all: bool,
+) -> list[SearchResultItem]:
+    """
+    Core search pipeline for a single search group.
+    Stages: BERT Embedding -> pgvector -> CrossEncoder -> ESCI -> Score Blending
+    """
+    query_embedding = bert_service.compute_embedding(search_text)
+
+    if filters:
+        raw_candidates = search_similar_products_filtered(
+            query_embedding, top_k=max_candidates,
+            price_min=filters.get("price_min"), price_max=filters.get("price_max"),
+            brand=filters.get("brand"), color=filters.get("color"),
+        )
+    else:
+        raw_candidates = search_similar_products(query_embedding, top_k=max_candidates)
+
+    print(f"[Search]   '{search_text}': {len(raw_candidates)} raw candidates")
+
+    # Hard post-filter: enforce price constraints even if pgvector missed them
+    # (safety net for cases where the DB filter didn't apply, e.g. no-filter branch)
+    if filters.get("price_max") is not None:
+        raw_candidates = [c for c in raw_candidates if float(c["price"]) <= filters["price_max"]]
+    if filters.get("price_min") is not None:
+        raw_candidates = [c for c in raw_candidates if float(c["price"]) >= filters["price_min"]]
+
+    MIN_SIMILARITY_THRESHOLD = 0.20
+    candidates = raw_candidates if show_all else [c for c in raw_candidates if c["similarity"] >= MIN_SIMILARITY_THRESHOLD]
+    if not candidates:
+        return []
+
+    product_titles = [c["title"] for c in candidates]
+    if ranker_service._loaded:
+        raw_ranker_scores = ranker_service.rank(original_query, product_titles)
+        ranker_scores = ranker_service.normalize_scores(raw_ranker_scores)
+    else:
+        ranker_scores = [c["similarity"] for c in candidates]
+
+    product_embeddings = np.array([c["embedding"] for c in candidates])
+    if classifier_service._loaded:
+        classifications = classifier_service.classify_batch(query_embedding, product_embeddings)
+    else:
+        classifications = [{"label": "Exact", "confidence": 1.0, "class_id": 0,
+            "exact_prob": 1.0, "substitute_prob": 0.0, "complement_prob": 0.0, "irrelevant_prob": 0.0}
+            for _ in candidates]
+
+    if ranker_service._loaded:
+        w_r, w_c, w_s = 0.55, 0.05, 0.40
+    else:
+        w_r, w_c, w_s = 0.0, 0.05, 0.95
+
+    MIN_RELEVANCE_SCORE = 0.75
+    scored = []
+    for idx, (cand, cls) in enumerate(zip(candidates, classifications)):
+        label = cls["label"]
+        r_score = float(ranker_scores[idx])
+        sim = float(cand["similarity"])
+        rel = _compute_blended_score(r_score, _label_to_priority_weight(label), sim, w_r, w_c, w_s)
+        # All labels (including Exact) must meet the minimum relevance threshold.
+        # Irrelevant products are shown only if they score >= 0.75; otherwise dropped.
+        if not show_all and rel < MIN_RELEVANCE_SCORE:
+            continue
+        if not show_all and label == "Substitute" and not include_substitutes:
+            continue
+        if not show_all and label == "Complement" and not include_complements:
+            continue
+        scored.append(SearchResultItem(
+            id=str(cand["id"]), title=cand["title"],
+            description=cand.get("description") or "",
+            price=float(cand["price"]),
+            stock=int(cand.get("stock", 0)),
+            image_url=_first_image(cand.get("images")),
+            seller_id=str(cand["seller_id"]),
+            similarity=round(sim, 4), ranker_score=round(r_score, 4),
+            relevance_score=round(rel, 4), relevance_label=label,
+            relevance_confidence=round(cls["confidence"], 4),
+            exact_prob=round(cls.get("exact_prob", 0.0), 4),
+            substitute_prob=round(cls.get("substitute_prob", 0.0), 4),
+            complement_prob=round(cls.get("complement_prob", 0.0), 4),
+            irrelevant_prob=round(cls.get("irrelevant_prob", 0.0), 4),
+        ))
+    return scored
+
+
+# =============================================================================
+#  Main Search Route
+# =============================================================================
+
+@router.get("/", response_model=SearchResponse)
+async def search_products(
+    q: str = Query(..., min_length=1, max_length=500, description="Search query text"),
+    max_results: int = Query(default=SEARCH_MAX_RESULTS, ge=1, le=100),
+    include_complements: bool = Query(default=True, description="Include Complement results"),
+    include_substitutes: bool = Query(default=True, description="Include Substitute results"),
+    show_all: bool = Query(default=False, description="Show all products without threshold filtering (admin mode)"),
+):
+    """
+    Product Search with compound query support.
+    Splits compound queries (e.g. 'shoes under 300 and bags under 500')
+    into independent search groups, each with its own filters.
+    """
+    try:
+        rewritten = query_rewriter.process(q)
+
+        print(f"[Search] Original query: '{q}'")
+        print(f"[Search] Intents: {rewritten.intents}")
+        print(f"[Search] Slots: {rewritten.slots}")
+        print(f"[Search] Search groups: {len(rewritten.search_groups)}")
+        for i, g in enumerate(rewritten.search_groups):
+            print(f"[Search]   Group {i+1}: '{g.search_text}' | Filters: {g.filters}")
+
+        if not bert_service._loaded:
+            return await _fallback_text_search(q, rewritten, max_results)
+
+        # Run pipeline for each search group
+        all_results = []
+        for group in rewritten.search_groups:
+            group_results = _run_search_pipeline(
+                search_text=group.search_text,
+                filters=group.filters,
+                original_query=q,
+                max_candidates=SEARCH_TOP_K_CANDIDATES,
+                include_complements=include_complements,
+                include_substitutes=include_substitutes,
+                show_all=show_all,
+            )
+            all_results.extend(group_results)
+
+        # Deduplicate by product id (keep highest relevance score)
+        seen = {}
+        for r in all_results:
+            if r.id not in seen or r.relevance_score > seen[r.id].relevance_score:
+                seen[r.id] = r
+
+        final_results = sorted(seen.values(), key=lambda r: r.relevance_score, reverse=True)[:max_results]
+        print(f"[Search] Final results: {len(final_results)} (from {len(rewritten.search_groups)} group(s))")
+
+        return SearchResponse(
+            query=q,
+            total_results=len(final_results),
+            results=final_results,
+            message="" if final_results else "No products found matching your query.",
+            rewritten_query=rewritten.search_text,
+            detected_intents=rewritten.intents,
+            extracted_slots=rewritten.slots,
+            applied_filters=rewritten.search_groups[0].filters if len(rewritten.search_groups) == 1 else {},
+            search_groups=[{"search_text": g.search_text, "filters": g.filters} for g in rewritten.search_groups],
+        )
+
+    except HTTPException:
+        raise
+    except Exception as e:
+        print(f"[Search] ERROR: {e}")
+        traceback.print_exc()
+        raise HTTPException(status_code=500, detail=f"Search failed: {str(e)}")
+
+
+# =============================================================================
+#  Fallback: Text-only search when ML models are not loaded
+# =============================================================================
+
+async def _fallback_text_search(
+    original_query: str,
+    rewritten,
+    max_results: int,
+) -> SearchResponse:
+    """Simple ILIKE text search fallback when ML models are not available."""
+    sb = get_supabase()
+    all_results = []
+
+    for group in rewritten.search_groups:
+        qb = sb.table("products").select("*").eq("is_active", True).eq("status", "approved").gt("stock", 0)
+        qb = qb.or_(f"title.ilike.%{group.search_text}%,description.ilike.%{group.search_text}%")
+        if "price_max" in group.filters:
+            qb = qb.lte("price", group.filters["price_max"])
+        if "price_min" in group.filters:
+            qb = qb.gte("price", group.filters["price_min"])
+        response = qb.limit(max_results).execute()
+
+        for p in response.data:
+            all_results.append(SearchResultItem(
+                id=str(p["id"]), title=p["title"],
+                description=p.get("description") or "",
+                price=float(p["price"]),
+                image_url=_first_image(p.get("images")),
+                seller_id=str(p["seller_id"]),
+                similarity=1.0, ranker_score=0.0, relevance_score=1.0,
+                relevance_label="Exact", relevance_confidence=1.0,
+                exact_prob=1.0, substitute_prob=0.0, complement_prob=0.0, irrelevant_prob=0.0,
+            ))
+
+    # Deduplicate
+    seen = {}
+    for r in all_results:
+        if r.id not in seen or r.relevance_score > seen[r.id].relevance_score:
+            seen[r.id] = r
+    results = sorted(seen.values(), key=lambda r: r.relevance_score, reverse=True)[:max_results]
+
+    return SearchResponse(
+        query=original_query,
+        total_results=len(results),
+        results=results,
+        message="" if results else "No products found.",
+        rewritten_query=rewritten.search_text,
+        detected_intents=rewritten.intents,
+        extracted_slots=rewritten.slots,
+        applied_filters=rewritten.search_groups[0].filters if len(rewritten.search_groups) == 1 else {},
+        search_groups=[{"search_text": g.search_text, "filters": g.filters} for g in rewritten.search_groups],
+    )
+
+
+# =============================================================================
+#  Voice Transcription Endpoint
+# =============================================================================
+
+@router.post("/transcribe")
+async def transcribe_audio(audio: UploadFile = File(...)):
+    """
+    Accept an audio file (webm from MediaRecorder) and return transcribed text.
+    Uses SpeechRecognition + pydub for cross-browser voice search support.
+    """
+    tmp_webm = None
+    tmp_wav = None
+    try:
+        import speech_recognition as sr
+        from pydub import AudioSegment
+
+        # Save uploaded audio to temp file
+        tmp_webm = tempfile.NamedTemporaryFile(delete=False, suffix=".webm")
+        content = await audio.read()
+        tmp_webm.write(content)
+        tmp_webm.close()
+
+        # Convert webm → wav
+        tmp_wav_path = tmp_webm.name.replace(".webm", ".wav")
+        audio_segment = AudioSegment.from_file(tmp_webm.name, format="webm")
+        audio_segment.export(tmp_wav_path, format="wav")
+        tmp_wav = tmp_wav_path
+
+        # Transcribe using Google Speech Recognition
+        recognizer = sr.Recognizer()
+        with sr.AudioFile(tmp_wav) as source:
+            audio_data = recognizer.record(source)
+
+        transcript = recognizer.recognize_google(audio_data)
+        return {"transcript": transcript}
+
+    except ImportError:
+        return {"error": "Speech recognition libraries not installed. Run: pip install SpeechRecognition pydub"}
+    except Exception as e:
+        print(f"[Transcribe] Error: {e}")
+        return {"error": f"Transcription failed: {str(e)}"}
+    finally:
+        if tmp_webm and os.path.exists(tmp_webm.name):
+            os.unlink(tmp_webm.name)
+        if tmp_wav and os.path.exists(tmp_wav):
+            os.unlink(tmp_wav)

backend/routes/transactions.py

@@ -0,0 +1,955 @@
+"""
+Transaction routes — buy products, view transaction history, manage balance.
+Buyer's money is held on purchase (pending). On successful delivery/completion,
+the product amount is credited to the admin. Buyer can cancel with conditions.
+Supports quantity (buyer selects how many to buy).
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel
+from typing import Optional
+import uuid
+from datetime import datetime, timezone, timedelta
+from database import get_supabase
+from routes.auth import get_current_user
+
+router = APIRouter(prefix="/transactions", tags=["Transactions"])
+
+DELIVERY_FEE = 90.00
+
+
+# --- Request/Response Models ---
+
+class BuyRequest(BaseModel):
+    product_id: str
+    quantity: int = 1  # How many items to buy
+
+
+class TopUpRequest(BaseModel):
+    amount: float
+
+
+class WithdrawRequest(BaseModel):
+    amount: float
+
+
+class TransactionResponse(BaseModel):
+    id: str
+    buyer_id: str
+    seller_id: str
+    product_id: str
+    product_title: str
+    amount: float
+    quantity: int = 1
+    seller_amount: float
+    admin_commission: float
+    delivery_fee: float = 0
+    status: str
+    purchase_type: str = "delivery"
+    delivery_user_id: str = ""
+    delivery_user_name: str = ""
+    delivery_user_contact: str = ""
+    seller_name: str = ""
+    buyer_name: str = ""
+    assigned_staff_id: str = ""
+    assigned_staff_name: str = ""
+    delivery_address: str = ""
+    product_images: list = []
+    group_id: str = ""
+    created_at: str
+
+
+class BalanceResponse(BaseModel):
+    user_id: str
+    balance: float
+
+
+class SVFEntry(BaseModel):
+    id: str
+    user_id: str
+    transaction_type: str
+    amount: float
+    metadata: Optional[dict] = None
+    created_at: str
+
+
+# --- Routes ---
+
+@router.post("/buy", response_model=TransactionResponse)
+async def buy_product(req: BuyRequest, current_user: dict = Depends(get_current_user)):
+    """
+    Buy a product. 100% of product revenue goes to the department balance.
+    Buyer can select quantity. Stock is decremented.
+    """
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    if req.quantity < 1:
+        raise HTTPException(status_code=400, detail="Quantity must be at least 1")
+
+    # 1. Check user isn't banned
+    user_result = sb.table("users").select("role, is_banned").eq("id", user_id).execute()
+    if not user_result.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user_data = user_result.data[0]
+    if user_data.get("is_banned"):
+        raise HTTPException(status_code=403, detail="Your account has been banned")
+
+    user_role = user_data["role"]
+    if user_role == "admin":
+        raise HTTPException(status_code=403, detail="Admin accounts cannot purchase products")
+    if user_role != "buyer":
+        raise HTTPException(status_code=403, detail="Only buyers can purchase products")
+
+    # Always delivery orders
+
+    # For delivery orders, get buyer's delivery address
+    delivery_address = ""
+    contact = sb.table("user_contacts").select("contact_number, delivery_address").eq("user_id", user_id).execute()
+    if not contact.data:
+        raise HTTPException(status_code=400, detail="Please add your contact number and delivery address before placing a delivery order")
+    delivery_address = (contact.data[0].get("delivery_address") or "").strip()
+    if not delivery_address:
+        raise HTTPException(status_code=400, detail="Please set your delivery address before placing a delivery order")
+
+    # 2. Get product
+    product_result = sb.table("products").select("*").eq("id", req.product_id).eq("is_active", True).eq("status", "approved").execute()
+    if not product_result.data:
+        raise HTTPException(status_code=404, detail="Product not found or not available")
+
+    product = product_result.data[0]
+
+    # 3. Can't buy your own product
+    if product["seller_id"] == user_id:
+        raise HTTPException(status_code=400, detail="Cannot buy your own product")
+
+    # 4. Check stock
+    current_stock = int(product.get("stock", 0))
+    if current_stock <= 0:
+        raise HTTPException(status_code=400, detail="Product is out of stock")
+    if req.quantity > current_stock:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Not enough stock. Available: {current_stock}, requested: {req.quantity}",
+        )
+
+    # 5. Check buyer balance
+    balance_result = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if not balance_result.data:
+        raise HTTPException(status_code=400, detail="No balance found. Top up your wallet first.")
+
+    buyer_balance = float(balance_result.data[0]["balance"])
+    unit_price = float(product["price"])
+    total_price = unit_price * req.quantity
+
+    # --- Group detection: find an open group for this buyer+store within 1 hour ---
+    seller_id = product["seller_id"]
+    # Determine the delivery unit (department or seller)
+    seller_info = sb.table("users").select("department_id").eq("id", seller_id).execute()
+    seller_dept_id = seller_info.data[0].get("department_id") if seller_info.data else None
+
+    existing_group_id = None
+    delivery_fee = 90.00  # Default: new group
+
+    # Look for an active group for this buyer within the same store/department in the last hour.
+    # An open group has NO transaction in ondeliver/delivered/undelivered/cancelled state.
+    one_hour_ago = (datetime.now(timezone.utc) - timedelta(hours=1)).isoformat()
+
+    if seller_dept_id:
+        # Get all sellers in the same department
+        dept_sellers = sb.table("users").select("id").eq("department_id", seller_dept_id).execute()
+        dept_seller_ids = [s["id"] for s in (dept_sellers.data or [])]
+        # Find recent pending/approved transactions for this buyer from department sellers
+        recent = sb.table("product_transactions").select("group_id, status").eq(
+            "buyer_id", user_id
+        ).in_("seller_id", dept_seller_ids).in_(
+            "status", ["pending", "approved"]
+        ).gte("created_at", one_hour_ago).not_.is_("group_id", "null").execute()
+    else:
+        recent = sb.table("product_transactions").select("group_id, status").eq(
+            "buyer_id", user_id
+        ).eq("seller_id", seller_id).in_(
+            "status", ["pending", "approved"]
+        ).gte("created_at", one_hour_ago).not_.is_("group_id", "null").execute()
+
+    if recent.data:
+        # Collect candidate group ids
+        candidate_groups = set(r["group_id"] for r in recent.data if r.get("group_id"))
+        # Filter out any group that has a picked-up/done transaction
+        for gid in candidate_groups:
+            bad = sb.table("product_transactions").select("id", count="exact").eq(
+                "group_id", gid
+            ).in_("status", ["ondeliver", "delivered", "undelivered", "cancelled"]).execute()
+            if (bad.count or 0) == 0:
+                existing_group_id = gid
+                delivery_fee = 0.0  # Joining existing group — no extra delivery fee
+                break
+
+    group_id = existing_group_id if existing_group_id else str(uuid.uuid4())
+    grand_total = total_price + delivery_fee
+
+    if buyer_balance < grand_total:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Insufficient balance. You have PHP {buyer_balance:.2f}, total cost is PHP {grand_total:.2f}",
+        )
+
+    # 6. Amounts
+    seller_amount = total_price
+    admin_commission = 0.0
+
+    # 7. Deduct from buyer
+    new_buyer_balance = buyer_balance - grand_total
+    sb.table("user_balances").update({"balance": new_buyer_balance}).eq("user_id", user_id).execute()
+
+    # Log the purchase deduction in stored_value so it appears in wallet history
+    sb.table("stored_value").insert({
+        "user_id": user_id,
+        "transaction_type": "purchase",
+        "amount": grand_total,
+        "metadata": {
+            "product_id": req.product_id,
+            "product_title": product["title"],
+            "quantity": req.quantity,
+            "product_amount": total_price,
+            "delivery_fee": delivery_fee,
+            "group_id": group_id,
+            "joined_existing_group": existing_group_id is not None,
+        },
+    }).execute()
+
+    # 8. Decrement stock
+    new_stock = current_stock - req.quantity
+    sb.table("products").update({"stock": new_stock}).eq("id", req.product_id).execute()
+
+    # 9. Create product_transaction record
+    txn_result = sb.table("product_transactions").insert({
+        "buyer_id": user_id,
+        "seller_id": product["seller_id"],
+        "product_id": req.product_id,
+        "quantity": req.quantity,
+        "amount": total_price,
+        "seller_amount": seller_amount,
+        "admin_commission": admin_commission,
+        "delivery_fee": delivery_fee,
+        "delivery_address": delivery_address,
+        "purchase_type": "delivery",
+        "status": "pending",
+        "group_id": group_id,
+    }).execute()
+
+    if not txn_result.data:
+        raise HTTPException(status_code=500, detail="Failed to create transaction")
+
+    txn = txn_result.data[0]
+    return TransactionResponse(
+        id=txn["id"],
+        buyer_id=txn["buyer_id"],
+        seller_id=txn["seller_id"],
+        product_id=txn["product_id"],
+        product_title=product["title"],
+        amount=float(txn["amount"]),
+        quantity=int(txn.get("quantity", 1)),
+        seller_amount=float(txn.get("seller_amount", 0)),
+        admin_commission=float(txn.get("admin_commission", 0)),
+        delivery_fee=float(txn.get("delivery_fee", 0)),
+        status=txn["status"],
+        purchase_type=txn.get("purchase_type", "delivery"),
+        delivery_user_id=txn.get("delivery_user_id") or "",
+        group_id=txn.get("group_id") or "",
+        created_at=txn["created_at"],
+    )
+
+
+@router.get("/history", response_model=list[TransactionResponse])
+async def get_transaction_history(current_user: dict = Depends(get_current_user)):
+    """Get all transactions for the current user (as buyer or seller).
+    For sellers/managers in a department, includes all department transactions."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    bought = sb.table("product_transactions").select("*, products(title, images)").eq("buyer_id", user_id).order("created_at", desc=True).execute()
+    sold = sb.table("product_transactions").select("*, products(title, images)").eq("seller_id", user_id).order("created_at", desc=True).execute()
+
+    all_txns = (bought.data or []) + (sold.data or [])
+
+    # For sellers/managers in a department, also include department-wide transactions
+    user_info = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if user_info.data and user_info.data[0].get("role") in ("seller", "manager") and user_info.data[0].get("department_id"):
+        dept_id = user_info.data[0]["department_id"]
+        dept_staff = sb.table("users").select("id").eq("department_id", dept_id).execute()
+        dept_ids = [s["id"] for s in (dept_staff.data or [])]
+        # Also include the department manager
+        dept_info = sb.table("departments").select("manager_id").eq("id", dept_id).execute()
+        if dept_info.data and dept_info.data[0].get("manager_id"):
+            mgr_id = dept_info.data[0]["manager_id"]
+            if mgr_id not in dept_ids:
+                dept_ids.append(mgr_id)
+        if dept_ids:
+            dept_txns = sb.table("product_transactions").select("*, products(title, images)").in_(
+                "seller_id", dept_ids
+            ).order("created_at", desc=True).execute()
+            all_txns += (dept_txns.data or [])
+    seen = set()
+    unique_txns = []
+    for t in all_txns:
+        if t["id"] not in seen:
+            seen.add(t["id"])
+            unique_txns.append(t)
+
+    unique_txns.sort(key=lambda t: t["created_at"], reverse=True)
+
+    # Get delivery user info
+    delivery_ids = set(t.get("delivery_user_id") for t in unique_txns if t.get("delivery_user_id"))
+    delivery_names = {}
+    delivery_contacts = {}
+    if delivery_ids:
+        d_users = sb.table("users").select("id, full_name").in_("id", list(delivery_ids)).execute()
+        delivery_names = {u["id"]: u["full_name"] for u in (d_users.data or [])}
+        d_contacts = sb.table("user_contacts").select("user_id, contact_number").in_("user_id", list(delivery_ids)).execute()
+        delivery_contacts = {c["user_id"]: c["contact_number"] for c in (d_contacts.data or [])}
+
+    # Get seller names (use department name if seller belongs to a department)
+    seller_ids = set(t.get("seller_id") for t in unique_txns if t.get("seller_id"))
+    seller_names = {}
+    if seller_ids:
+        s_users = sb.table("users").select("id, full_name, department_id").in_("id", list(seller_ids)).execute()
+        # Batch-lookup department names
+        dept_ids = set(u.get("department_id") for u in (s_users.data or []) if u.get("department_id"))
+        dept_names = {}
+        if dept_ids:
+            depts = sb.table("departments").select("id, name").in_("id", list(dept_ids)).execute()
+            dept_names = {d["id"]: d["name"] for d in (depts.data or [])}
+        for u in (s_users.data or []):
+            dept_id = u.get("department_id")
+            if dept_id and dept_id in dept_names:
+                seller_names[u["id"]] = dept_names[dept_id]
+            else:
+                seller_names[u["id"]] = u["full_name"]
+
+    # Get buyer names
+    buyer_ids = set(t.get("buyer_id") for t in unique_txns if t.get("buyer_id"))
+    buyer_names = {}
+    if buyer_ids:
+        b_users = sb.table("users").select("id, full_name").in_("id", list(buyer_ids)).execute()
+        buyer_names = {u["id"]: u["full_name"] for u in (b_users.data or [])}
+
+    # Get assigned staff names
+    assigned_ids = set(t.get("assigned_staff_id") for t in unique_txns if t.get("assigned_staff_id"))
+    assigned_names = {}
+    if assigned_ids:
+        a_users = sb.table("users").select("id, full_name").in_("id", list(assigned_ids)).execute()
+        assigned_names = {u["id"]: u["full_name"] for u in (a_users.data or [])}
+
+    return [
+        TransactionResponse(
+            id=t["id"],
+            buyer_id=t["buyer_id"],
+            seller_id=t["seller_id"],
+            product_id=t["product_id"],
+            product_title=t.get("products", {}).get("title", "") if t.get("products") else "",
+            product_images=t.get("products", {}).get("images", []) if t.get("products") else [],
+            amount=float(t["amount"]),
+            quantity=int(t.get("quantity", 1)),
+            seller_amount=float(t.get("seller_amount", 0)),
+            admin_commission=float(t.get("admin_commission", 0)),
+            delivery_fee=float(t.get("delivery_fee", 0)),
+            status=t["status"],
+            purchase_type=t.get("purchase_type", "delivery"),
+            delivery_user_id=t.get("delivery_user_id") or "",
+            delivery_user_name=delivery_names.get(t.get("delivery_user_id", ""), ""),
+            delivery_user_contact=delivery_contacts.get(t.get("delivery_user_id", ""), ""),
+            seller_name=seller_names.get(t.get("seller_id", ""), ""),
+            buyer_name=buyer_names.get(t.get("buyer_id", ""), ""),
+            assigned_staff_id=t.get("assigned_staff_id") or "",
+            assigned_staff_name=assigned_names.get(t.get("assigned_staff_id", ""), ""),
+            delivery_address=t.get("delivery_address", ""),
+            group_id=t.get("group_id") or "",
+            created_at=t["created_at"],
+        )
+        for t in unique_txns
+    ]
+
+
+@router.get("/balance", response_model=BalanceResponse)
+async def get_balance(current_user: dict = Depends(get_current_user)):
+    """Get the current user's balance."""
+    sb = get_supabase()
+    result = sb.table("user_balances").select("*").eq("user_id", current_user["sub"]).execute()
+
+    if not result.data:
+        raise HTTPException(status_code=404, detail="Balance not found")
+
+    return BalanceResponse(
+        user_id=result.data[0]["user_id"],
+        balance=float(result.data[0]["balance"]),
+    )
+
+
+@router.post("/topup", response_model=BalanceResponse)
+async def topup_balance(req: TopUpRequest, current_user: dict = Depends(get_current_user)):
+    """Add funds to the current user's balance."""
+    if req.amount <= 0:
+        raise HTTPException(status_code=400, detail="Amount must be positive")
+
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    result = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if not result.data:
+        raise HTTPException(status_code=404, detail="Balance not found")
+
+    new_balance = float(result.data[0]["balance"]) + req.amount
+    sb.table("user_balances").update({"balance": new_balance}).eq("user_id", user_id).execute()
+
+    # Record SVF deposit
+    sb.table("stored_value").insert({
+        "user_id": user_id,
+        "transaction_type": "deposit",
+        "amount": req.amount,
+    }).execute()
+
+    return BalanceResponse(user_id=user_id, balance=new_balance)
+
+
+@router.post("/withdraw", response_model=BalanceResponse)
+async def withdraw_balance(req: WithdrawRequest, current_user: dict = Depends(get_current_user)):
+    """Withdraw funds from the current user's balance."""
+    if req.amount <= 0:
+        raise HTTPException(status_code=400, detail="Amount must be positive")
+
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    result = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+    if not result.data:
+        raise HTTPException(status_code=404, detail="Balance not found")
+
+    current_balance = float(result.data[0]["balance"])
+    if current_balance < req.amount:
+        raise HTTPException(status_code=400, detail="Insufficient balance")
+
+    new_balance = current_balance - req.amount
+    sb.table("user_balances").update({"balance": new_balance}).eq("user_id", user_id).execute()
+
+    # Record SVF withdrawal
+    sb.table("stored_value").insert({
+        "user_id": user_id,
+        "transaction_type": "withdrawal",
+        "amount": req.amount,
+    }).execute()
+
+    return BalanceResponse(user_id=user_id, balance=new_balance)
+
+
+@router.get("/svf-history", response_model=list[SVFEntry])
+async def get_svf_history(current_user: dict = Depends(get_current_user)):
+    """Get stored value facility history for the current user."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    result = sb.table("stored_value").select("*").eq("user_id", user_id).order("created_at", desc=True).limit(100).execute()
+
+    return [
+        SVFEntry(
+            id=row["id"],
+            user_id=row["user_id"],
+            transaction_type=row["transaction_type"],
+            amount=float(row["amount"]),
+            metadata=row.get("metadata"),
+            created_at=row["created_at"],
+        )
+        for row in (result.data or [])
+    ]
+
+ 
+
+# --- Delivery Order Management (Staff/Manager) ---
+
+class DeliveryOrderStatusUpdate(BaseModel):
+    status: str  # 'approved' (ready for pickup)
+
+
+@router.get("/staff/delivery-orders")
+async def get_staff_delivery_orders(current_user: dict = Depends(get_current_user)):
+    """Get delivery orders grouped by group_id for all staff in the same department/store."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Verify seller role and get department
+    user = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if not user.data or user.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=403, detail="Only sellers/managers can view delivery orders")
+
+    dept_id = user.data[0].get("department_id")
+
+    # Get all staff in the same department so orders are visible to all store staff
+    if dept_id:
+        staff = sb.table("users").select("id").eq("department_id", dept_id).execute()
+        seller_ids = [s["id"] for s in (staff.data or [])]
+        if user_id not in seller_ids:
+            seller_ids.append(user_id)
+    else:
+        seller_ids = [user_id]
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title, price, images)"
+    ).in_("seller_id", seller_ids).in_(
+        "status", ["pending", "approved", "ondeliver"]
+    ).order("created_at", desc=False).execute()
+
+    if not txns.data:
+        return []
+
+    buyer_ids = set(t["buyer_id"] for t in txns.data)
+    assigned_ids = set(t["assigned_staff_id"] for t in txns.data if t.get("assigned_staff_id"))
+    all_user_ids = buyer_ids | assigned_ids
+    users_lookup = sb.table("users").select("id, full_name").in_("id", list(all_user_ids)).execute()
+    user_names = {u["id"]: u["full_name"] for u in (users_lookup.data or [])}
+
+    # Group transactions by group_id
+    groups = {}
+    for t in txns.data:
+        gid = t.get("group_id") or t["id"]  # fallback: ungrouped orders use own id
+        prod = t.get("products") or {}
+        if gid not in groups:
+            groups[gid] = {
+                "group_id": gid,
+                "buyer_id": t["buyer_id"],
+                "buyer_name": user_names.get(t["buyer_id"], "Unknown"),
+                "delivery_address": t.get("delivery_address", ""),
+                "status": t["status"],
+                "assigned_staff_id": t.get("assigned_staff_id"),
+                "assigned_staff_name": user_names.get(t.get("assigned_staff_id", ""), ""),
+                "created_at": t["created_at"],
+                "delivery_fee": 90.0,  # flat per group
+                "items": [],
+                "total_amount": 0.0,
+            }
+        groups[gid]["items"].append({
+            "id": t["id"],
+            "product_id": t["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_price": float(prod.get("price", 0)),
+            "product_images": prod.get("images", []),
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t["amount"]),
+            "status": t["status"],
+        })
+        groups[gid]["total_amount"] += float(t["amount"])
+        # Group status: escalate to worst (ondeliver > approved > pending)
+        current_group_status = groups[gid]["status"]
+        t_status = t["status"]
+        status_priority = {"pending": 0, "approved": 1, "ondeliver": 2}
+        if status_priority.get(t_status, 0) > status_priority.get(current_group_status, 0):
+            groups[gid]["status"] = t_status
+
+    return list(groups.values())
+
+
+@router.put("/staff/delivery-orders/{group_id}/status")
+async def update_delivery_order_status(
+    group_id: str,
+    req: DeliveryOrderStatusUpdate,
+    current_user: dict = Depends(get_current_user),
+):
+    """Staff approves all pending transactions in a group (delivery box)."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    if req.status != "approved":
+        raise HTTPException(status_code=400, detail="Status must be 'approved'")
+
+    # Verify staff role and get department
+    user = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if not user.data or user.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=403, detail="Access denied")
+
+    dept_id = user.data[0].get("department_id")
+    user_role = user.data[0]["role"]
+
+    # Get all pending transactions in this group
+    group_txns = sb.table("product_transactions").select("*").eq(
+        "group_id", group_id
+    ).eq("status", "pending").execute()
+
+    if not group_txns.data:
+        raise HTTPException(status_code=404, detail="No pending orders found in this group")
+
+    # Verify at least one transaction belongs to this department/seller
+    seller_id = group_txns.data[0]["seller_id"]
+    if dept_id:
+        seller_info = sb.table("users").select("department_id").eq("id", seller_id).execute()
+        if not seller_info.data or seller_info.data[0].get("department_id") != dept_id:
+            raise HTTPException(status_code=403, detail="Order does not belong to your department")
+    else:
+        if seller_id != user_id:
+            raise HTTPException(status_code=403, detail="Order does not belong to you")
+
+    # Approve all pending transactions in the group
+    update_data = {"status": "approved", "assigned_staff_id": user_id}
+    sb.table("product_transactions").update(update_data).eq("group_id", group_id).eq("status", "pending").execute()
+
+    return {"message": f"All orders in group approved and ready for delivery pickup"}
+
+
+@router.get("/manager/delivery-orders")
+async def get_manager_delivery_orders(current_user: dict = Depends(get_current_user)):
+    """Get grouped delivery orders for all products in the manager's department."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Get manager's department
+    user = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if not user.data:
+        raise HTTPException(status_code=404, detail="User not found")
+
+    user_data = user.data[0]
+    if user_data["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=403, detail="Access denied")
+
+    dept_id = user_data.get("department_id")
+
+    # Fallback: look up department via departments.manager_id
+    if not dept_id:
+        dept_lookup = sb.table("departments").select("id").eq("manager_id", user_id).limit(1).execute()
+        if dept_lookup.data:
+            dept_id = dept_lookup.data[0]["id"]
+
+    # Get all sellers in this department (or just this seller if no department)
+    if dept_id:
+        staff = sb.table("users").select("id").eq("department_id", dept_id).execute()
+        seller_ids = [s["id"] for s in (staff.data or [])]
+        if user_id not in seller_ids:
+            seller_ids.append(user_id)
+    else:
+        seller_ids = [user_id]
+
+    if not seller_ids:
+        return []
+
+    txns = sb.table("product_transactions").select(
+        "*, products(title, price, images)"
+    ).in_("seller_id", seller_ids).in_(
+        "status", ["pending", "approved", "ondeliver"]
+    ).order("created_at", desc=False).execute()
+
+    if not txns.data:
+        return []
+
+    buyer_ids = set(t["buyer_id"] for t in txns.data)
+    assigned_ids = set(t["assigned_staff_id"] for t in txns.data if t.get("assigned_staff_id"))
+    all_user_ids = buyer_ids | set(t["seller_id"] for t in txns.data) | assigned_ids
+    users_result = sb.table("users").select("id, full_name").in_("id", list(all_user_ids)).execute()
+    user_names = {u["id"]: u["full_name"] for u in (users_result.data or [])}
+
+    # Group transactions by group_id
+    groups = {}
+    for t in txns.data:
+        gid = t.get("group_id") or t["id"]
+        prod = t.get("products") or {}
+        if gid not in groups:
+            groups[gid] = {
+                "group_id": gid,
+                "buyer_id": t["buyer_id"],
+                "buyer_name": user_names.get(t["buyer_id"], "Unknown"),
+                "seller_name": user_names.get(t["seller_id"], "Unknown"),
+                "delivery_address": t.get("delivery_address", ""),
+                "status": t["status"],
+                "assigned_staff_id": t.get("assigned_staff_id"),
+                "assigned_staff_name": user_names.get(t.get("assigned_staff_id", ""), ""),
+                "created_at": t["created_at"],
+                "delivery_fee": 90.0,
+                "items": [],
+                "total_amount": 0.0,
+            }
+        groups[gid]["items"].append({
+            "id": t["id"],
+            "product_id": t["product_id"],
+            "product_title": prod.get("title", ""),
+            "product_price": float(prod.get("price", 0)),
+            "product_images": prod.get("images", []),
+            "quantity": int(t.get("quantity", 1)),
+            "amount": float(t["amount"]),
+            "status": t["status"],
+        })
+        groups[gid]["total_amount"] += float(t["amount"])
+        status_priority = {"pending": 0, "approved": 1, "ondeliver": 2}
+        if status_priority.get(t["status"], 0) > status_priority.get(groups[gid]["status"], 0):
+            groups[gid]["status"] = t["status"]
+
+    return list(groups.values())
+
+
+@router.put("/manager/delivery-orders/{group_id}/status")
+async def manager_update_delivery_order_status(
+    group_id: str,
+    req: DeliveryOrderStatusUpdate,
+    current_user: dict = Depends(get_current_user),
+):
+    """Manager approves all pending transactions in a group."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    if req.status != "approved":
+        raise HTTPException(status_code=400, detail="Status must be 'approved'")
+
+    # Get manager's department
+    user = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if not user.data or user.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=403, detail="Access denied")
+
+    dept_id = user.data[0].get("department_id")
+
+    # Fallback: look up department via departments.manager_id
+    if not dept_id:
+        dept_lookup = sb.table("departments").select("id").eq("manager_id", user_id).limit(1).execute()
+        if dept_lookup.data:
+            dept_id = dept_lookup.data[0]["id"]
+
+    # Get all pending transactions in this group
+    group_txns = sb.table("product_transactions").select("*").eq(
+        "group_id", group_id
+    ).eq("status", "pending").execute()
+
+    if not group_txns.data:
+        raise HTTPException(status_code=404, detail="No pending orders found in this group")
+
+    seller_id = group_txns.data[0]["seller_id"]
+    if dept_id:
+        seller_info = sb.table("users").select("department_id").eq("id", seller_id).execute()
+        if not seller_info.data or seller_info.data[0].get("department_id") != dept_id:
+            raise HTTPException(status_code=403, detail="Order does not belong to your department")
+    else:
+        if seller_id != user_id:
+            raise HTTPException(status_code=403, detail="Order does not belong to you")
+
+    # Approve all pending transactions in the group
+    update_data = {"status": "approved", "assigned_staff_id": user_id}
+    sb.table("product_transactions").update(update_data).eq("group_id", group_id).eq("status", "pending").execute()
+
+    return {"message": "All orders in group approved for delivery pickup"}
+
+
+# --- Manager Reassign Order ---
+
+class ReassignOrderRequest(BaseModel):
+    staff_id: str
+
+
+@router.put("/manager/reassign/{transaction_id}")
+async def manager_reassign_order(
+    transaction_id: str,
+    req: ReassignOrderRequest,
+    current_user: dict = Depends(get_current_user),
+):
+    """Manager reassigns an order to a specific staff member."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Verify manager role
+    user = sb.table("users").select("role, department_id").eq("id", user_id).execute()
+    if not user.data or user.data[0]["role"] != "manager":
+        raise HTTPException(status_code=403, detail="Only managers can reassign orders")
+
+    dept_id = user.data[0].get("department_id")
+    if not dept_id:
+        dept_lookup = sb.table("departments").select("id").eq("manager_id", user_id).limit(1).execute()
+        if dept_lookup.data:
+            dept_id = dept_lookup.data[0]["id"]
+
+    if not dept_id:
+        raise HTTPException(status_code=400, detail="Manager is not assigned to a department")
+
+    # Verify target staff belongs to same department
+    target_staff = sb.table("users").select("id, department_id, full_name").eq("id", req.staff_id).execute()
+    if not target_staff.data:
+        raise HTTPException(status_code=404, detail="Staff member not found")
+    if target_staff.data[0].get("department_id") != dept_id:
+        raise HTTPException(status_code=403, detail="Staff member is not in your department")
+
+    # Verify transaction exists and belongs to department
+    txn = sb.table("product_transactions").select("*").eq("id", transaction_id).execute()
+    if not txn.data:
+        raise HTTPException(status_code=404, detail="Transaction not found")
+
+    seller_id = txn.data[0]["seller_id"]
+    seller_info = sb.table("users").select("department_id").eq("id", seller_id).execute()
+    if not seller_info.data or seller_info.data[0].get("department_id") != dept_id:
+        raise HTTPException(status_code=403, detail="Order does not belong to your department")
+
+    sb.table("product_transactions").update({
+        "assigned_staff_id": req.staff_id,
+    }).eq("id", transaction_id).execute()
+
+    staff_name = target_staff.data[0]["full_name"]
+    return {"message": f"Order reassigned to {staff_name}"}
+
+
+# --- Buyer Order Cancellation ---
+
+CANCELLATION_FEE = 50.00
+
+
+@router.put("/buyer/cancel/{group_id}")
+async def buyer_cancel_order(
+    group_id: str,
+    current_user: dict = Depends(get_current_user),
+):
+    """
+    Buyer cancels all orders in a group (delivery box).
+    - Free cancel if pending/approved (not yet picked up).
+    - ₱50 cancellation fee if ondeliver; fee goes to delivery user.
+    """
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Get all transactions in this group that belong to this buyer
+    group_txns = sb.table("product_transactions").select("*").eq(
+        "group_id", group_id
+    ).eq("buyer_id", user_id).execute()
+
+    # Fallback: try treating group_id as a single transaction_id for backwards compat
+    if not group_txns.data:
+        group_txns = sb.table("product_transactions").select("*").eq(
+            "id", group_id
+        ).eq("buyer_id", user_id).execute()
+
+    if not group_txns.data:
+        raise HTTPException(status_code=404, detail="Order not found")
+
+    # Determine group status (worst-case: ondeliver beats approved/pending)
+    status_priority = {"pending": 0, "approved": 1, "ondeliver": 2}
+    group_status = max((t["status"] for t in group_txns.data if t["status"] in status_priority), key=lambda s: status_priority.get(s, 0))
+
+    # Cancellable only if pending, approved, or ondeliver
+    if group_status not in ("pending", "approved", "ondeliver"):
+        raise HTTPException(status_code=400, detail=f"Cannot cancel order group with status '{group_status}'.")
+
+    # Total refundable amount = sum of all item amounts + the delivery fee (from primary txn)
+    total_product_amount = sum(float(t.get("amount", 0)) for t in group_txns.data)
+    total_delivery_fee = sum(float(t.get("delivery_fee", 0)) for t in group_txns.data)
+    grand_total = total_product_amount + total_delivery_fee
+
+    if group_status in ("pending", "approved"):
+        refund_amount = grand_total
+        fee_to_delivery = 0.0
+    else:  # ondeliver
+        fee_to_delivery = CANCELLATION_FEE
+        refund_amount = grand_total - fee_to_delivery
+
+    # 1. Cancel all transactions in the group
+    sb.table("product_transactions").update({"status": "cancelled"}).eq("group_id", group_id).eq("buyer_id", user_id).execute()
+
+    # 2. Refund buyer
+    if refund_amount > 0:
+        buyer_bal = sb.table("user_balances").select("balance").eq("user_id", user_id).execute()
+        if buyer_bal.data:
+            new_bal = float(buyer_bal.data[0]["balance"]) + refund_amount
+            sb.table("user_balances").update({"balance": new_bal}).eq("user_id", user_id).execute()
+
+    # 3. Pay cancellation fee to delivery user (if mid-delivery cancel)
+    delivery_user_id = next((t.get("delivery_user_id") for t in group_txns.data if t.get("delivery_user_id")), None)
+    representative_txn_id = group_txns.data[0]["id"]
+
+    if fee_to_delivery > 0 and delivery_user_id:
+        del_bal = sb.table("user_balances").select("balance").eq("user_id", delivery_user_id).execute()
+        if del_bal.data:
+            new_del_bal = float(del_bal.data[0]["balance"]) + fee_to_delivery
+            sb.table("user_balances").update({"balance": new_del_bal}).eq("user_id", delivery_user_id).execute()
+
+        # Log in delivery_earnings for earnings history
+        sb.table("delivery_earnings").insert({
+            "delivery_user_id": delivery_user_id,
+            "transaction_id": representative_txn_id,
+            "amount": fee_to_delivery,
+        }).execute()
+
+    # 4. Restore product stock for all cancelled items
+    for t in group_txns.data:
+        prod = sb.table("products").select("stock").eq("id", t["product_id"]).execute()
+        if prod.data:
+            new_stock = int(prod.data[0]["stock"]) + int(t.get("quantity", 1))
+            sb.table("products").update({"stock": new_stock}).eq("id", t["product_id"]).execute()
+
+    fee_msg = f" A cancellation fee of PHP {fee_to_delivery:.2f} was deducted." if fee_to_delivery > 0 else ""
+    return {
+        "message": f"All orders in group cancelled. PHP {refund_amount:.2f} refunded to your wallet.{fee_msg}",
+        "refund_amount": refund_amount,
+        "cancellation_fee": fee_to_delivery,
+    }
+
+
+# --- Salary History (for staff/managers) ---
+
+@router.get("/salary-history")
+async def get_salary_history(current_user: dict = Depends(get_current_user)):
+    """Get salary payment history for the current user (staff or manager)."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Verify role
+    user = sb.table("users").select("role, salary").eq("id", user_id).execute()
+    if not user.data:
+        raise HTTPException(status_code=404, detail="User not found")
+    if user.data[0]["role"] not in ("seller", "manager"):
+        raise HTTPException(status_code=403, detail="Only staff and managers can view salary history")
+
+    fixed_salary = float(user.data[0].get("salary", 0))
+
+    # Get all salary payments for this user
+    payments = sb.table("salary_payments").select("*").eq(
+        "recipient_id", user_id
+    ).order("created_at", desc=True).limit(100).execute()
+
+    # Current month paid
+    from datetime import datetime, timezone
+    now = datetime.now(timezone.utc)
+    current_month = now.strftime("%Y-%m")
+    paid_this_month = sum(
+        float(p["amount"]) for p in (payments.data or []) if p["payment_month"] == current_month
+    )
+
+    total_all_time = sum(float(p["amount"]) for p in (payments.data or []))
+
+    # Build salary deposit entries
+    salary_entries = []
+    for p in (payments.data or []):
+        salary_entries.append({
+            "id": p["id"],
+            "type": "salary_deposit",
+            "amount": float(p["amount"]),
+            "payment_month": p.get("payment_month", ""),
+            "notes": p.get("notes", "Salary payment"),
+            "created_at": p["created_at"],
+        })
+
+    # Get SVF withdrawal history for this user
+    svf = sb.table("stored_value").select("*").eq("user_id", user_id).eq(
+        "transaction_type", "withdrawal"
+    ).order("created_at", desc=True).limit(100).execute()
+
+    withdrawal_entries = []
+    for w in (svf.data or []):
+        withdrawal_entries.append({
+            "id": w["id"],
+            "type": "withdrawal",
+            "amount": float(w["amount"]),
+            "payment_month": "",
+            "notes": "Salary withdrawal",
+            "created_at": w["created_at"],
+        })
+
+    # Merge and sort by date descending
+    all_transactions = salary_entries + withdrawal_entries
+    all_transactions.sort(key=lambda x: x["created_at"], reverse=True)
+
+    return {
+        "fixed_salary": fixed_salary,
+        "paid_this_month": round(paid_this_month, 2),
+        "remaining_this_month": round(max(fixed_salary - paid_this_month, 0), 2),
+        "total_all_time": round(total_all_time, 2),
+        "current_month": current_month,
+        "history": all_transactions,
+    }

backend/routes/wishlist.py

@@ -0,0 +1,362 @@
+"""
+Wishlist routes — buyers can save products to their wishlist.
+Also includes seller-facing and admin-facing report endpoints for wishlist analytics.
+"""
+
+from fastapi import APIRouter, HTTPException, Depends
+from pydantic import BaseModel
+from database import get_supabase
+from routes.auth import get_current_user
+
+router = APIRouter(prefix="/wishlist", tags=["Wishlist"])
+
+
+class AddWishlistRequest(BaseModel):
+    product_id: str
+
+
+class WishlistItemResponse(BaseModel):
+    id: str
+    product_id: str
+    title: str
+    description: str
+    price: float
+    stock: int
+    seller_id: str
+    seller_name: str
+    image_url: str
+    created_at: str
+
+
+# --- Routes ---
+
+@router.get("/", response_model=list[WishlistItemResponse])
+async def get_wishlist(current_user: dict = Depends(get_current_user)):
+    """Get the current buyer's wishlist with product details."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    wishlist_data = sb.table("wishlist_items").select(
+        "*, products(id, title, description, price, seller_id, images, stock)"
+    ).eq("buyer_id", user_id).order("created_at", desc=True).execute()
+
+    items = []
+    seller_name_cache = {}
+
+    for w in (wishlist_data.data or []):
+        prod = w.get("products")
+        if not prod:
+            continue
+
+        sid = prod["seller_id"]
+        if sid not in seller_name_cache:
+            seller_resp = sb.table("users").select("full_name, department_id").eq("id", sid).execute()
+            if seller_resp.data:
+                full_name = seller_resp.data[0]["full_name"]
+                dept_id = seller_resp.data[0].get("department_id")
+                if dept_id:
+                    dept_resp = sb.table("departments").select("name").eq("id", dept_id).execute()
+                    if dept_resp.data:
+                        seller_name_cache[sid] = dept_resp.data[0]["name"]
+                    else:
+                        seller_name_cache[sid] = full_name
+                else:
+                    seller_name_cache[sid] = full_name
+            else:
+                seller_name_cache[sid] = "Seller"
+
+        images = prod.get("images") or []
+
+        items.append(WishlistItemResponse(
+            id=w["id"],
+            product_id=prod["id"],
+            title=prod["title"],
+            description=prod.get("description", ""),
+            price=float(prod["price"]),
+            stock=int(prod.get("stock", 0)),
+            seller_id=prod["seller_id"],
+            seller_name=seller_name_cache[sid],
+            image_url=images[0] if images else "",
+            created_at=w["created_at"],
+        ))
+
+    return items
+
+
+@router.post("/add")
+async def add_to_wishlist(req: AddWishlistRequest, current_user: dict = Depends(get_current_user)):
+    """Add a product to the buyer's wishlist."""
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Verify product exists and is active
+    prod = sb.table("products").select("id, seller_id").eq("id", req.product_id).eq("is_active", True).eq("status", "approved").execute()
+    if not prod.data:
+        raise HTTPException(status_code=404, detail="Product not found")
+
+    if prod.data[0]["seller_id"] == user_id:
+        raise HTTPException(status_code=400, detail="Cannot add your own product to wishlist")
+
+    # Check if already in wishlist
+    existing = sb.table("wishlist_items").select("id").eq("buyer_id", user_id).eq("product_id", req.product_id).execute()
+    if existing.data:
+        raise HTTPException(status_code=400, detail="Product already in wishlist")
+
+    sb.table("wishlist_items").insert({
+        "buyer_id": user_id,
+        "product_id": req.product_id,
+    }).execute()
+
+    return {"message": "Added to wishlist"}
+
+
+@router.delete("/remove/{product_id}")
+async def remove_from_wishlist(product_id: str, current_user: dict = Depends(get_current_user)):
+    """Remove a product from the buyer's wishlist."""
+    sb = get_supabase()
+    sb.table("wishlist_items").delete().eq("buyer_id", current_user["sub"]).eq("product_id", product_id).execute()
+    return {"message": "Removed from wishlist"}
+
+
+@router.get("/check/{product_id}")
+async def check_wishlist(product_id: str, current_user: dict = Depends(get_current_user)):
+    """Check if a product is in the buyer's wishlist."""
+    sb = get_supabase()
+    existing = sb.table("wishlist_items").select("id").eq("buyer_id", current_user["sub"]).eq("product_id", product_id).execute()
+    return {"in_wishlist": bool(existing.data)}
+
+
+@router.get("/seller-report")
+async def get_seller_wishlist_report(current_user: dict = Depends(get_current_user)):
+    """
+    Seller-facing wishlist report.
+    Returns wishlist counts for the seller's products and a wishlist-to-product ratio.
+    """
+    sb = get_supabase()
+    user_id = current_user["sub"]
+
+    # Build list of seller IDs (same logic as /products/my — includes department manager)
+    seller_ids = [user_id]
+    user_info = sb.table("users").select("role, department_id, manager_id").eq("id", user_id).execute()
+    if user_info.data and user_info.data[0].get("department_id"):
+        dept_id = user_info.data[0]["department_id"]
+        dept = sb.table("departments").select("manager_id").eq("id", dept_id).execute()
+        if dept.data and dept.data[0].get("manager_id"):
+            manager_id = dept.data[0]["manager_id"]
+            if manager_id not in seller_ids:
+                seller_ids.append(manager_id)
+    # If user is a manager, also include products from their department sellers
+    if user_info.data and user_info.data[0].get("role") == "manager":
+        dept_id = user_info.data[0].get("department_id")
+        if dept_id:
+            dept_users = sb.table("users").select("id").eq("department_id", dept_id).eq("role", "seller").execute()
+            for du in (dept_users.data or []):
+                if du["id"] not in seller_ids:
+                    seller_ids.append(du["id"])
+
+    # Get all products for these seller IDs
+    products = sb.table("products").select("id, title, images, stock").in_("seller_id", seller_ids).execute()
+    if not products.data:
+        return {
+            "total_products": 0,
+            "total_wishlists": 0,
+            "unique_buyers": 0,
+            "wishlist_per_product": 0,
+            "products": [],
+            "buyers": [],
+        }
+
+    product_ids = [p["id"] for p in products.data]
+
+    # Get all wishlist items for these products (include buyer_id and created_at)
+    wishlist_data = sb.table("wishlist_items").select("product_id, buyer_id, created_at").in_("product_id", product_ids).execute()
+
+    # Count wishlists per product
+    wishlist_counts = {}
+    # Track unique buyers
+    buyer_ids = set()
+    buyer_product_counts = {}
+    for w in (wishlist_data.data or []):
+        pid = w["product_id"]
+        bid = w["buyer_id"]
+        wishlist_counts[pid] = wishlist_counts.get(pid, 0) + 1
+        buyer_ids.add(bid)
+        buyer_product_counts[bid] = buyer_product_counts.get(bid, 0) + 1
+
+    total_wishlists = sum(wishlist_counts.values())
+    total_products = len(products.data)
+    unique_buyers = len(buyer_ids)
+
+    # Fetch buyer names
+    buyers_list = []
+    if buyer_ids:
+        buyer_data = sb.table("users").select("id, full_name, email").in_("id", list(buyer_ids)).execute()
+        buyer_map = {b["id"]: b for b in (buyer_data.data or [])}
+        for bid in buyer_ids:
+            b = buyer_map.get(bid, {})
+            buyers_list.append({
+                "buyer_id": bid,
+                "buyer_name": b.get("full_name", "Unknown"),
+                "buyer_email": b.get("email", ""),
+                "wishlist_count": buyer_product_counts.get(bid, 0),
+            })
+        buyers_list.sort(key=lambda x: x["wishlist_count"], reverse=True)
+
+    product_details = []
+    for p in products.data:
+        count = wishlist_counts.get(p["id"], 0)
+        images = p.get("images") or []
+        product_details.append({
+            "product_id": p["id"],
+            "title": p["title"],
+            "image_url": images[0] if images else "",
+            "wishlist_count": count,
+            "stock": int(p.get("stock") or 0),
+        })
+
+    # Sort by wishlist count descending
+    product_details.sort(key=lambda x: x["wishlist_count"], reverse=True)
+
+    return {
+        "total_products": total_products,
+        "total_wishlists": total_wishlists,
+        "unique_buyers": unique_buyers,
+        "wishlist_per_product": round(total_wishlists / total_products, 2) if total_products > 0 else 0,
+        "products": product_details,
+        "buyers": buyers_list,
+    }
+
+
+@router.get("/admin-report")
+async def get_admin_wishlist_report(current_user: dict = Depends(get_current_user)):
+    """
+    Admin-facing platform-wide wishlist report.
+    Returns wishlists across all stores, top products, top buyers, per-store breakdown,
+    and recent activity.
+    """
+    if current_user.get("role") != "admin":
+        raise HTTPException(status_code=403, detail="Admin access required")
+
+    sb = get_supabase()
+
+    # Get ALL wishlist items with product + buyer info
+    wishlist_data = sb.table("wishlist_items").select(
+        "id, product_id, buyer_id, created_at"
+    ).order("created_at", desc=True).execute()
+    all_items = wishlist_data.data or []
+
+    if not all_items:
+        return {
+            "total_wishlists": 0,
+            "unique_buyers": 0,
+            "total_products_wishlisted": 0,
+            "wishlists_per_product": 0,
+            "top_products": [],
+            "top_buyers": [],
+            "by_store": [],
+            "recent_activity": [],
+        }
+
+    # Collect unique IDs
+    product_ids = list({w["product_id"] for w in all_items})
+    buyer_ids = list({w["buyer_id"] for w in all_items})
+
+    # Fetch product details
+    products_data = sb.table("products").select("id, title, images, seller_id").in_("id", product_ids).execute()
+    product_map = {p["id"]: p for p in (products_data.data or [])}
+
+    # Fetch buyer details
+    buyer_data = sb.table("users").select("id, full_name, email").in_("id", buyer_ids).execute()
+    buyer_map = {b["id"]: b for b in (buyer_data.data or [])}
+
+    # Fetch seller -> department mapping for store names
+    seller_ids = list({p["seller_id"] for p in (products_data.data or [])})
+    seller_data = sb.table("users").select("id, full_name, department_id").in_("id", seller_ids).execute()
+    seller_map = {s["id"]: s for s in (seller_data.data or [])}
+
+    dept_ids = list({s.get("department_id") for s in (seller_data.data or []) if s.get("department_id")})
+    dept_map = {}
+    if dept_ids:
+        dept_data = sb.table("departments").select("id, name").in_("id", dept_ids).execute()
+        dept_map = {d["id"]: d["name"] for d in (dept_data.data or [])}
+
+    def get_store_name(seller_id):
+        seller = seller_map.get(seller_id, {})
+        dept_id = seller.get("department_id")
+        if dept_id and dept_id in dept_map:
+            return dept_map[dept_id]
+        return seller.get("full_name", "Unknown")
+
+    # --- Counts ---
+    product_counts = {}
+    buyer_counts = {}
+    store_counts = {}
+
+    for w in all_items:
+        pid = w["product_id"]
+        bid = w["buyer_id"]
+        product_counts[pid] = product_counts.get(pid, 0) + 1
+        buyer_counts[bid] = buyer_counts.get(bid, 0) + 1
+
+        prod = product_map.get(pid)
+        if prod:
+            store = get_store_name(prod["seller_id"])
+            store_counts[store] = store_counts.get(store, 0) + 1
+
+    # --- Top Products ---
+    top_products = []
+    for pid, count in sorted(product_counts.items(), key=lambda x: x[1], reverse=True)[:10]:
+        prod = product_map.get(pid, {})
+        images = prod.get("images") or []
+        top_products.append({
+            "product_id": pid,
+            "title": prod.get("title", "Unknown"),
+            "image_url": images[0] if images else "",
+            "store": get_store_name(prod.get("seller_id", "")),
+            "wishlist_count": count,
+        })
+
+    # --- Top Buyers ---
+    top_buyers = []
+    for bid, count in sorted(buyer_counts.items(), key=lambda x: x[1], reverse=True)[:10]:
+        b = buyer_map.get(bid, {})
+        top_buyers.append({
+            "buyer_id": bid,
+            "buyer_name": b.get("full_name", "Unknown"),
+            "buyer_email": b.get("email", ""),
+            "wishlist_count": count,
+        })
+
+    # --- By Store ---
+    by_store = [
+        {"store": store, "wishlist_count": count}
+        for store, count in sorted(store_counts.items(), key=lambda x: x[1], reverse=True)
+    ]
+
+    # --- Recent Activity (last 20) ---
+    recent_activity = []
+    for w in all_items[:20]:
+        prod = product_map.get(w["product_id"], {})
+        buyer = buyer_map.get(w["buyer_id"], {})
+        images = prod.get("images") or []
+        recent_activity.append({
+            "buyer_name": buyer.get("full_name", "Unknown"),
+            "product_title": prod.get("title", "Unknown"),
+            "product_image": images[0] if images else "",
+            "store": get_store_name(prod.get("seller_id", "")),
+            "created_at": w["created_at"],
+        })
+
+    total_wishlists = len(all_items)
+    unique_products = len(product_counts)
+
+    return {
+        "total_wishlists": total_wishlists,
+        "unique_buyers": len(buyer_counts),
+        "total_products_wishlisted": unique_products,
+        "wishlists_per_product": round(total_wishlists / unique_products, 2) if unique_products > 0 else 0,
+        "top_products": top_products,
+        "top_buyers": top_buyers,
+        "by_store": by_store,
+        "recent_activity": recent_activity,
+    }

backend/trained_model/intent_classifier/config.json

@@ -0,0 +1,30 @@
+{
+  "bert_model": "bert-base-multilingual-uncased",
+  "max_length": 128,
+  "num_intents": 4,
+  "label_names": [
+    "single_search",
+    "multi_search",
+    "filtered_search",
+    "free_form"
+  ],
+  "best_f1": 0.9704016456031906,
+  "training_time_seconds": 28256.4,
+  "dataset": "c:\\Moi\\Thesis\\Code\\RetailTalkFolder\\shopping_queries_dataset\\IntentDataset_cleaned.xlsx",
+  "dataset_size": 9819,
+  "train_size": 8346,
+  "val_size": 1473,
+  "final_metrics": {
+    "exact_match_accuracy": 0.9111,
+    "hamming_loss": 0.0246,
+    "bleu_score": 0.0657,
+    "micro_precision": 0.9758,
+    "micro_recall": 0.9761,
+    "micro_f1": 0.9759,
+    "macro_precision": 0.9696,
+    "macro_recall": 0.9712,
+    "macro_f1": 0.9704,
+    "weighted_f1": 0.9758,
+    "samples_f1": 0.9668
+  }
+}

backend/trained_model/intent_classifier/label_map.json

@@ -0,0 +1,6 @@
+{
+  "single_search": 0,
+  "multi_search": 1,
+  "filtered_search": 2,
+  "free_form": 3
+}

backend/trained_model/ranker/config.json

@@ -0,0 +1,32 @@
+{
+  "architectures": [
+    "BertForSequenceClassification"
+  ],
+  "attention_probs_dropout_prob": 0.1,
+  "classifier_dropout": null,
+  "dtype": "float32",
+  "gradient_checkpointing": false,
+  "hidden_act": "gelu",
+  "hidden_dropout_prob": 0.1,
+  "hidden_size": 384,
+  "id2label": {
+    "0": "LABEL_0"
+  },
+  "initializer_range": 0.02,
+  "intermediate_size": 1536,
+  "label2id": {
+    "LABEL_0": 0
+  },
+  "layer_norm_eps": 1e-12,
+  "max_position_embeddings": 512,
+  "model_type": "bert",
+  "num_attention_heads": 12,
+  "num_hidden_layers": 12,
+  "pad_token_id": 0,
+  "position_embedding_type": "absolute",
+  "sbert_ce_default_activation_function": "torch.nn.modules.linear.Identity",
+  "transformers_version": "4.57.6",
+  "type_vocab_size": 2,
+  "use_cache": true,
+  "vocab_size": 30522
+}

backend/trained_model/ranker/special_tokens_map.json

@@ -0,0 +1,37 @@
+{
+  "cls_token": {
+    "content": "[CLS]",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "mask_token": {
+    "content": "[MASK]",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "pad_token": {
+    "content": "[PAD]",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "sep_token": {
+    "content": "[SEP]",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  },
+  "unk_token": {
+    "content": "[UNK]",
+    "lstrip": false,
+    "normalized": false,
+    "rstrip": false,
+    "single_word": false
+  }
+}

backend/trained_model/ranker/tokenizer_config.json

@@ -0,0 +1,58 @@
+{
+  "added_tokens_decoder": {
+    "0": {
+      "content": "[PAD]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "100": {
+      "content": "[UNK]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "101": {
+      "content": "[CLS]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "102": {
+      "content": "[SEP]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    },
+    "103": {
+      "content": "[MASK]",
+      "lstrip": false,
+      "normalized": false,
+      "rstrip": false,
+      "single_word": false,
+      "special": true
+    }
+  },
+  "clean_up_tokenization_spaces": true,
+  "cls_token": "[CLS]",
+  "do_basic_tokenize": true,
+  "do_lower_case": true,
+  "extra_special_tokens": {},
+  "mask_token": "[MASK]",
+  "model_max_length": 512,
+  "never_split": null,
+  "pad_token": "[PAD]",
+  "sep_token": "[SEP]",
+  "strip_accents": null,
+  "tokenize_chinese_chars": true,
+  "tokenizer_class": "BertTokenizer",
+  "unk_token": "[UNK]"
+}

backend/trained_model/slot_extractor/config.json

@@ -0,0 +1,50 @@
+{
+  "bert_model": "bert-base-multilingual-uncased",
+  "max_length": 64,
+  "num_tags": 21,
+  "tag_names": [
+    "B-BRAND",
+    "B-COLOR",
+    "B-CONN",
+    "B-MATERIAL",
+    "B-PRICE_MAX",
+    "B-PRICE_MIN",
+    "B-PRICE_MOD",
+    "B-PRODUCT1",
+    "B-PRODUCT2",
+    "B-RATING_MIN",
+    "B-RATING_MOD",
+    "B-SIZE",
+    "I-BRAND",
+    "I-COLOR",
+    "I-MATERIAL",
+    "I-PRICE_MOD",
+    "I-PRODUCT1",
+    "I-PRODUCT2",
+    "I-RATING_MOD",
+    "I-SIZE",
+    "O"
+  ],
+  "best_micro_f1": 0.9360687022900763,
+  "training_time_seconds": 13681.3,
+  "dataset": "shopping_queries_dataset/slotannotationdataset_cleaned.xlsx",
+  "dataset_size": 5379,
+  "train_size": 4572,
+  "val_size": 807,
+  "final_token_metrics": {
+    "accuracy": 0.9389,
+    "bleu_score": 0.8819,
+    "micro_precision": 0.9264,
+    "micro_recall": 0.9385,
+    "micro_f1": 0.9324,
+    "macro_precision": 0.8037,
+    "macro_recall": 0.8294,
+    "macro_f1": 0.8134,
+    "weighted_f1": 0.9329
+  },
+  "final_entity_metrics": {
+    "precision": 0.9193,
+    "recall": 0.9363,
+    "f1": 0.9277
+  }
+}

backend/trained_model/slot_extractor/tag_map.json

@@ -0,0 +1,23 @@
+{
+  "B-BRAND": 0,
+  "B-COLOR": 1,
+  "B-CONN": 2,
+  "B-MATERIAL": 3,
+  "B-PRICE_MAX": 4,
+  "B-PRICE_MIN": 5,
+  "B-PRICE_MOD": 6,
+  "B-PRODUCT1": 7,
+  "B-PRODUCT2": 8,
+  "B-RATING_MIN": 9,
+  "B-RATING_MOD": 10,
+  "B-SIZE": 11,
+  "I-BRAND": 12,
+  "I-COLOR": 13,
+  "I-MATERIAL": 14,
+  "I-PRICE_MOD": 15,
+  "I-PRODUCT1": 16,
+  "I-PRODUCT2": 17,
+  "I-RATING_MOD": 18,
+  "I-SIZE": 19,
+  "O": 20
+}