Add validation report for AquaBarrier project implementation

- Comprehensive assessment of stored procedure integration and architecture
- Highlights strengths in API design, data models, and pagination
- Identifies areas for improvement including customer entity implementation and authentication
- Provides immediate action items and compliance scorecard for future development

.gitignore

@@ -0,0 +1,34 @@
+# Python
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.env
+
+# Alembic
+app/db/migrations/versions/
+
+# VSCode
+.vscode/
+
+# Docker
+app/docker/*.log
+app/docker/mssql_data/
+
+# Test & Coverage
+.coverage
+htmlcov/
+*.sqlite3
+
+# OS
+.DS_Store
+
+# Logs
+*.log
+
+# Node
+node_modules/
+
+# Others
+*.swp
+*.bak

DATABASE_CHANGES_CONSOLIDATED.sql

@@ -0,0 +1,322 @@
+-- ============================================================================
+-- DATABASE CHANGES - Consolidated Script
+-- Date: 30 November 2025
+-- Purpose: Performance optimization for AquaBarrier project management API
+-- ============================================================================
+
+-- ============================================================================
+-- PART 1: ADD TIMESTAMP COLUMNS TO PROJECTS TABLE
+-- ============================================================================
+-- Purpose: Support dashboard metrics and track record lifecycle
+-- Impact: Enables "New Projects" filtering in dashboard
+-- ============================================================================
+
+-- Add CreatedDate column (if not exists)
+IF NOT EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+               WHERE TABLE_NAME = 'Projects' AND COLUMN_NAME = 'CreatedDate')
+BEGIN
+    ALTER TABLE [dbo].[Projects] ADD [CreatedDate] [datetime2](7) NULL DEFAULT (getutcdate());
+    PRINT 'Added CreatedDate column to Projects table';
+END
+ELSE
+    PRINT 'CreatedDate already exists in Projects table';
+GO
+
+-- Add ModifiedDate column (if not exists)
+IF NOT EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+               WHERE TABLE_NAME = 'Projects' AND COLUMN_NAME = 'ModifiedDate')
+BEGIN
+    ALTER TABLE [dbo].[Projects] ADD [ModifiedDate] [datetime2](7) NULL DEFAULT (getutcdate());
+    PRINT 'Added ModifiedDate column to Projects table';
+END
+ELSE
+    PRINT 'ModifiedDate already exists in Projects table';
+GO
+
+-- Backfill CreatedDate with current date for existing records (if NULL)
+UPDATE [dbo].[Projects]
+SET [CreatedDate] = GETUTCDATE()
+WHERE [CreatedDate] IS NULL;
+PRINT 'Backfilled CreatedDate for ' + CAST(@@ROWCOUNT AS varchar) + ' existing Projects';
+GO
+
+-- ============================================================================
+-- PART 2: CREATE PERFORMANCE INDEXES
+-- ============================================================================
+-- Purpose: Optimize query performance for project and customer endpoints
+-- Impact: Reduces query execution time from 5+ seconds to sub-second
+-- ============================================================================
+
+-- Index for dashboard metrics filtering by CreatedDate
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Projects_CreatedDate' AND object_id = OBJECT_ID('dbo.Projects'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Projects_CreatedDate] ON [dbo].[Projects]
+    (
+        [CreatedDate] ASC
+    )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+           DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, 
+           ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Projects_CreatedDate';
+END
+ELSE
+    PRINT 'Index IX_Projects_CreatedDate already exists';
+GO
+
+-- Index for Bidders ProjectNo lookups (if not exists)
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_ProjectNo' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_ProjectNo] ON [dbo].[Bidders]
+    (
+        [ProjNo] ASC
+    )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+           DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, 
+           ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Bidders_ProjectNo';
+END
+ELSE
+    PRINT 'Index IX_Bidders_ProjectNo already exists';
+GO
+
+-- Index for Bidders Id (keyset pagination)
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_Id' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_Id] ON [dbo].[Bidders]
+    (
+        [Id] ASC
+    )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+           DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, 
+           ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Bidders_Id';
+END
+ELSE
+    PRINT 'Index IX_Bidders_Id already exists';
+GO
+
+-- Index for Bidders CustId lookups
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_CustId' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_CustId] ON [dbo].[Bidders]
+    (
+        [CustId] ASC
+    )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+           DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, 
+           ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Bidders_CustId';
+END
+ELSE
+    PRINT 'Index IX_Bidders_CustId already exists';
+GO
+
+-- Index for Customers CustomerID lookups
+IF EXISTS (SELECT 1 FROM sys.indexes 
+           WHERE name = 'IX_Customers_CustomerID' AND object_id = OBJECT_ID('dbo.Customers'))
+BEGIN
+    DROP INDEX [IX_Customers_CustomerID] ON [dbo].[Customers];
+    PRINT 'Dropped existing IX_Customers_CustomerID to recreate with INCLUDE(CompanyName)';
+END
+GO
+
+CREATE NONCLUSTERED INDEX [IX_Customers_CustomerID] ON [dbo].[Customers]
+(
+    [CustomerID] ASC
+)
+INCLUDE ([CompanyName])
+WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+      DROP_EXISTING = OFF, ONLINE = ON, ALLOW_ROW_LOCKS = ON, 
+      ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+PRINT 'Created index IX_Customers_CustomerID with INCLUDE(CompanyName)';
+GO
+
+-- Composite index to optimize keyset pagination and project bidders fetch
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_ProjNo_Id' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_ProjNo_Id] ON [dbo].[Bidders]
+    (
+        [ProjNo] ASC,
+        [Id] ASC
+    )
+    INCLUDE ([CustId])
+    WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+          DROP_EXISTING = OFF, ONLINE = ON, ALLOW_ROW_LOCKS = ON, 
+          ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Bidders_ProjNo_Id';
+END
+ELSE
+    PRINT 'Index IX_Bidders_ProjNo_Id already exists';
+GO
+
+-- Composite index to support ORDER BY [Primary] DESC, Id for offset pagination
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_ProjNo_Primary_Id' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_ProjNo_Primary_Id] ON [dbo].[Bidders]
+    (
+        [ProjNo] ASC,
+        [Primary] DESC,
+        [Id] ASC
+    )
+    INCLUDE (
+        [CustId], [Quote], [DateLastContact], [DateFollowup],
+        [CustType], [EmailAddress], [ReplacementCost], [Enabled]
+    )
+    WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+          DROP_EXISTING = OFF, ONLINE = ON, ALLOW_ROW_LOCKS = ON, 
+          ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Created index IX_Bidders_ProjNo_Primary_Id';
+END
+ELSE
+    PRINT 'Index IX_Bidders_ProjNo_Primary_Id already exists';
+GO
+
+-- ============================================================================
+-- PART 3: OPTIONAL - MIGRATE Bidders.CustId FROM nvarchar(15) TO int
+-- ============================================================================
+-- Purpose: Eliminate CAST() in JOIN clause for better index usage
+-- Impact: Removes type conversion overhead, allows index seek on Customers
+-- WARNING: This is a breaking schema change - test thoroughly before applying
+-- Status: OPTIONAL - Only apply if type mismatch is causing performance issues
+-- ============================================================================
+
+/*
+-- Uncomment this section to perform the migration
+
+-- Step 1: Add new int column
+IF NOT EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+               WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId_New')
+BEGIN
+    ALTER TABLE [dbo].[Bidders] ADD [CustId_New] [int] NULL;
+    PRINT 'Added CustId_New column';
+END
+GO
+
+-- Step 2: Migrate data
+UPDATE [dbo].[Bidders] 
+SET [CustId_New] = CAST([CustId] AS int) 
+WHERE ISNUMERIC([CustId]) = 1 
+  AND [CustId_New] IS NULL;
+PRINT 'Migrated ' + CAST(@@ROWCOUNT AS varchar) + ' rows to CustId_New';
+GO
+
+-- Step 3: Drop index on old column
+IF EXISTS (SELECT 1 FROM sys.indexes 
+           WHERE name = 'IX_Bidders_CustId' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    DROP INDEX [IX_Bidders_CustId] ON [dbo].[Bidders];
+    PRINT 'Dropped index IX_Bidders_CustId';
+END
+GO
+
+-- Step 4: Drop old nvarchar column
+IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+           WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId' AND DATA_TYPE = 'nvarchar')
+BEGIN
+    ALTER TABLE [dbo].[Bidders] DROP COLUMN [CustId];
+    PRINT 'Dropped old nvarchar CustId column';
+END
+GO
+
+-- Step 5: Rename new column
+IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+           WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId_New')
+   AND NOT EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+                   WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId')
+BEGIN
+    EXEC sp_rename 'dbo.Bidders.CustId_New', 'CustId', 'COLUMN';
+    PRINT 'Renamed CustId_New to CustId';
+END
+GO
+
+-- Step 6: Set NOT NULL constraint
+IF EXISTS (SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS 
+           WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId' 
+           AND DATA_TYPE = 'int' AND IS_NULLABLE = 'YES')
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM [dbo].[Bidders] WHERE [CustId] IS NULL)
+    BEGIN
+        ALTER TABLE [dbo].[Bidders] ALTER COLUMN [CustId] [int] NOT NULL;
+        PRINT 'Set CustId to NOT NULL';
+    END
+    ELSE
+    BEGIN
+        PRINT 'WARNING: NULL values exist in CustId, cannot set NOT NULL';
+    END
+END
+GO
+
+-- Step 7: Recreate index on new int column
+IF NOT EXISTS (SELECT 1 FROM sys.indexes 
+               WHERE name = 'IX_Bidders_CustId' AND object_id = OBJECT_ID('dbo.Bidders'))
+BEGIN
+    CREATE NONCLUSTERED INDEX [IX_Bidders_CustId] ON [dbo].[Bidders]
+    (
+        [CustId] ASC
+    )WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, 
+           DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, 
+           ALLOW_PAGE_LOCKS = ON, OPTIMIZE_FOR_SEQUENTIAL_KEY = OFF) ON [PRIMARY];
+    PRINT 'Recreated index IX_Bidders_CustId on int column';
+END
+GO
+*/
+
+-- ============================================================================
+-- VERIFICATION QUERIES
+-- ============================================================================
+
+PRINT '';
+PRINT '============================================================================';
+PRINT 'VERIFICATION RESULTS';
+PRINT '============================================================================';
+
+-- Verify Projects timestamp columns
+SELECT 'Projects Timestamp Columns' AS CheckType;
+SELECT 
+    COLUMN_NAME,
+    DATA_TYPE,
+    IS_NULLABLE,
+    COLUMN_DEFAULT
+FROM INFORMATION_SCHEMA.COLUMNS
+WHERE TABLE_NAME = 'Projects' 
+  AND COLUMN_NAME IN ('CreatedDate', 'ModifiedDate')
+ORDER BY COLUMN_NAME;
+
+-- Verify all indexes exist
+SELECT 'Performance Indexes' AS CheckType;
+SELECT 
+    t.name AS TableName,
+    i.name AS IndexName,
+    c.name AS ColumnName,
+    ty.name AS DataType
+FROM sys.indexes i
+JOIN sys.index_columns ic ON i.object_id = ic.object_id AND i.index_id = ic.index_id
+JOIN sys.columns c ON ic.object_id = c.object_id AND ic.column_id = c.column_id
+JOIN sys.types ty ON c.user_type_id = ty.user_type_id
+JOIN sys.tables t ON i.object_id = t.object_id
+WHERE i.name IN (
+    'IX_Projects_CreatedDate',
+    'IX_Bidders_ProjectNo',
+    'IX_Bidders_Id',
+    'IX_Bidders_CustId',
+    'IX_Customers_CustomerID'
+)
+ORDER BY t.name, i.name;
+
+-- Verify Bidders.CustId data type
+SELECT 'Bidders.CustId Data Type' AS CheckType;
+SELECT 
+    COLUMN_NAME,
+    DATA_TYPE,
+    CHARACTER_MAXIMUM_LENGTH,
+    IS_NULLABLE
+FROM INFORMATION_SCHEMA.COLUMNS
+WHERE TABLE_NAME = 'Bidders' AND COLUMN_NAME = 'CustId';
+
+PRINT '';
+PRINT '============================================================================';
+PRINT 'DATABASE CHANGES COMPLETE';
+PRINT '============================================================================';
+GO

Dockerfile

@@ -0,0 +1,25 @@
+# Use a lightweight and stable Python 3.11 base image (Bullseye)
+FROM python:3.11-slim-bullseye AS base
+
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PATH="/home/user/.local/bin:$PATH"
+
+RUN apt-get update && apt-get install -y \
+    openssl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m -u 1000 user
+USER user
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+
+EXPOSE 7860
+
+CMD ["uvicorn", "app.app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "4", "--log-level", "info"]

QUERY_TIMING.md

@@ -0,0 +1,215 @@
+# Query Timing and Performance Monitoring
+
+This application includes comprehensive query timing and performance monitoring capabilities to help identify slow database queries and API endpoints.
+
+## Features
+
+### 1. Automatic Query Timing
+
+All database queries are automatically timed using SQLAlchemy event listeners. Query execution times are logged with different severity levels:
+
+- **DEBUG** (< 500ms): Normal queries
+- **INFO** (500ms - 1s): Medium-duration queries  
+- **WARNING** (> 1s): Slow queries that may need optimization
+
+**Configuration:**
+
+The query timing logger is configured in `app/core/logging.py`. To change the verbosity:
+
+```python
+# In app/core/logging.py, modify:
+query_logger.setLevel(logging.INFO)   # Shows medium/slow queries (default)
+query_logger.setLevel(logging.DEBUG)  # Shows ALL queries
+query_logger.setLevel(logging.WARNING) # Shows only slow queries
+```
+
+**Log Output Example:**
+
+```
+2025-11-17 10:30:45 WARNING sqlalchemy.query.timing SLOW QUERY (1.234s): SELECT * FROM Projects WHERE Status = 5 ORDER BY ProjectNo...
+2025-11-17 10:30:46 INFO sqlalchemy.query.timing Query took 0.678s: SELECT COUNT(*) FROM Customers WHERE CustomerID IS NOT NULL
+```
+
+### 2. Request-Level Timing
+
+All HTTP requests are timed via middleware. Processing times are logged and included in response headers:
+
+- **Response Header:** `X-Process-Time` contains the total processing time in seconds
+- **Logging Levels:**
+  - DEBUG (< 1s): Fast requests
+  - INFO (1s - 2s): Medium requests
+  - WARNING (> 2s): Slow requests
+
+**Log Output Example:**
+
+```
+2025-11-17 10:30:45 WARNING app.request.timing SLOW REQUEST (2.456s): GET /api/v1/projects/ - Status 200
+2025-11-17 10:30:46 INFO app.request.timing Request took 1.123s: GET /api/v1/dashboard/widgets/info - Status 200
+```
+
+**Client Usage:**
+
+Check the `X-Process-Time` header in API responses:
+
+```bash
+curl -v http://localhost:8124/api/v1/projects/
+# Response includes: X-Process-Time: 0.234
+```
+
+### 3. Manual Timing Utilities
+
+For timing specific operations in your code, use the utilities in `app/core/timing.py`:
+
+#### Context Manager
+
+```python
+from app.core.timing import timer
+
+# Time a specific code block
+with timer("Complex calculation"):
+    result = perform_complex_operation()
+```
+
+#### Function Decorator
+
+```python
+from app.core.timing import timed
+
+@timed("Processing customer data")
+def process_customers(data):
+    # ... your code ...
+    return result
+```
+
+#### Manual Timer
+
+```python
+from app.core.timing import QueryTimer
+
+qt = QueryTimer()
+qt.start("Custom query operation")
+result = db.execute(some_complex_query)
+elapsed = qt.stop()  # Returns elapsed time in seconds
+```
+
+## Viewing Query Timings
+
+### Development Mode
+
+When running the application with `uvicorn`, query timings are logged to stdout:
+
+```bash
+uvicorn app.app:app --reload --port 8124
+```
+
+### Production Recommendations
+
+For production deployments:
+
+1. **Set appropriate log levels** to avoid excessive logging:
+   ```python
+   # Only log slow queries
+   query_logger.setLevel(logging.WARNING)
+   ```
+
+2. **Use structured logging** with JSON format for easier parsing:
+   ```python
+   import json
+   import logging
+   
+   class JSONFormatter(logging.Formatter):
+       def format(self, record):
+           return json.dumps({
+               'timestamp': self.formatTime(record),
+               'level': record.levelname,
+               'logger': record.name,
+               'message': record.getMessage()
+           })
+   ```
+
+3. **Aggregate metrics** using tools like:
+   - Prometheus + Grafana
+   - Datadog
+   - New Relic
+   - Application Insights
+
+## Performance Thresholds
+
+Current thresholds are configured as:
+
+| Threshold | Query Time | Request Time | Level |
+|-----------|-----------|--------------|-------|
+| Fast      | < 500ms   | < 1s         | DEBUG |
+| Medium    | 500ms-1s  | 1s-2s        | INFO  |
+| Slow      | > 1s      | > 2s         | WARNING |
+
+To adjust thresholds, modify the event listeners in `app/db/session.py` and middleware in `app/app.py`.
+
+## Troubleshooting Slow Queries
+
+When slow queries are detected:
+
+1. **Check the query structure** - Look for missing indexes or inefficient joins
+2. **Review query parameters** - Ensure proper filtering to reduce result sets
+3. **Analyze execution plans** - Use SQL Server's execution plan analyzer
+4. **Consider caching** - For frequently-accessed data that changes infrequently
+5. **Optimize database** - Update statistics, rebuild indexes, etc.
+
+### Example: Identifying Slow Queries
+
+```bash
+# Run your API and monitor logs
+uvicorn app.app:app --reload --port 8124
+
+# In another terminal, make requests
+curl http://localhost:8124/api/v1/projects/?page=1&page_size=100
+
+# Check logs for warnings
+# Output might show:
+# WARNING sqlalchemy.query.timing SLOW QUERY (1.456s): SELECT ... FROM Projects ...
+```
+
+## Integration with Monitoring Tools
+
+### Adding Metrics Export
+
+You can extend the timing functionality to export metrics:
+
+```python
+# Example: Export to Prometheus
+from prometheus_client import Histogram
+
+query_duration = Histogram('db_query_duration_seconds', 'Database query duration')
+
+@event.listens_for(Engine, "after_cursor_execute")
+def after_cursor_execute(conn, cursor, statement, parameters, context, executemany):
+    total_time = time.time() - conn.info['query_start_time'].pop(-1)
+    query_duration.observe(total_time)
+    # ... existing logging code ...
+```
+
+## Best Practices
+
+1. **Monitor regularly** - Review slow query logs weekly
+2. **Set alerts** - Configure alerts for queries exceeding thresholds
+3. **Baseline performance** - Establish normal query times for comparison
+4. **Test at scale** - Performance test with production-like data volumes
+5. **Index optimization** - Ensure proper indexes exist for frequent queries
+6. **Connection pooling** - Verify proper pool configuration in `session.py`
+
+## Environment Variables
+
+Control logging behavior via environment variables:
+
+```bash
+# Set in .env or environment
+LOG_LEVEL=DEBUG  # Shows all query timings
+LOG_LEVEL=INFO   # Shows medium and slow queries (default)
+LOG_LEVEL=WARNING # Shows only slow queries
+```
+
+## Additional Resources
+
+- [SQLAlchemy Performance Tips](https://docs.sqlalchemy.org/en/14/faq/performance.html)
+- [FastAPI Performance](https://fastapi.tiangolo.com/deployment/concepts/)
+- [SQL Server Query Performance](https://docs.microsoft.com/en-us/sql/relational-databases/performance/performance-monitoring-and-tuning-tools)

QUICKSTART_TIMING.md

@@ -0,0 +1,140 @@
+# Quick Start: Query Timing
+
+## ✅ What Was Added
+
+Query timing and performance monitoring is now active in your application. All database queries and API requests are automatically timed and logged.
+
+## 🚀 How to Use
+
+### 1. Start Your Application
+```bash
+uvicorn app.app:app --reload --port 8124
+```
+
+### 2. Watch the Logs
+You'll automatically see timing information:
+
+**Query Timing:**
+```
+2025-11-17 10:30:45 INFO sqlalchemy.query.timing Query took 0.678s: SELECT * FROM Projects WHERE Status = 5...
+2025-11-17 10:30:46 WARNING sqlalchemy.query.timing SLOW QUERY (1.234s): SELECT COUNT(*) FROM Customers...
+```
+
+**Request Timing:**
+```
+2025-11-17 10:30:47 INFO app.request.timing Request took 1.123s: GET /api/v1/dashboard/widgets/info - Status 200
+2025-11-17 10:30:48 WARNING app.request.timing SLOW REQUEST (2.456s): GET /api/v1/projects/ - Status 200
+```
+
+### 3. Check Response Headers
+Every API response includes timing:
+```bash
+curl -v http://localhost:8124/api/v1/projects/
+# Look for: X-Process-Time: 0.234
+```
+
+## 📊 Timing Thresholds
+
+### Database Queries
+- 🟢 **DEBUG** (< 500ms): Fast queries - normal
+- 🟡 **INFO** (500ms-1s): Medium queries - monitor
+- 🔴 **WARNING** (>1s): Slow queries - needs attention
+
+### API Requests  
+- 🟢 **DEBUG** (< 1s): Fast requests - normal
+- 🟡 **INFO** (1s-2s): Medium requests - monitor
+- 🔴 **WARNING** (>2s): Slow requests - needs optimization
+
+## ⚙️ Configuration
+
+### See All Queries
+Edit `app/core/logging.py`:
+```python
+query_logger.setLevel(logging.DEBUG)  # Show all queries
+```
+
+### See Only Slow Queries
+```python
+query_logger.setLevel(logging.WARNING)  # Show only slow queries
+```
+
+### Default (Recommended)
+```python
+query_logger.setLevel(logging.INFO)  # Show medium and slow queries
+```
+
+## 🔧 Manual Timing in Code
+
+Add timing to specific operations:
+
+```python
+from app.core.timing import timer
+
+# Time a code block
+with timer("Complex calculation"):
+    result = perform_calculation()
+
+# Or use a decorator
+from app.core.timing import timed
+
+@timed("Data processing")
+def process_data(data):
+    # ... your code ...
+    return result
+```
+
+## 🧪 Test the Feature
+
+### Run the Demo
+```bash
+.venv/bin/python examples/query_timing_demo.py
+```
+
+### Test with Live API
+```bash
+.venv/bin/python test_query_timing.py
+```
+(Make sure your application is running first!)
+
+## 📖 Full Documentation
+
+- **Comprehensive Guide**: `QUERY_TIMING.md`
+- **Implementation Details**: `IMPLEMENTATION_SUMMARY.md`
+- **Code Examples**: `examples/query_timing_demo.py`
+
+## 🎯 What to Look For
+
+1. **Slow Queries**: Look for WARNING logs with "SLOW QUERY"
+2. **Slow Endpoints**: Look for WARNING logs with "SLOW REQUEST"
+3. **Response Headers**: Check X-Process-Time in API responses
+4. **Pattern Analysis**: Track which endpoints are consistently slow
+
+## 💡 Next Steps
+
+1. ✅ Run your application normally
+2. ✅ Monitor logs for slow operations
+3. ✅ Identify bottlenecks from WARNING messages
+4. ✅ Optimize slow queries and endpoints
+5. ✅ Set up alerts for production monitoring
+
+## 🐛 Troubleshooting
+
+**Not seeing timing logs?**
+- Check that your app is running with `uvicorn`
+- Verify LOG_LEVEL is set to INFO or DEBUG
+- Look for logs with "sqlalchemy.query.timing" or "app.request.timing"
+
+**Want to disable timing?**
+- Set query_logger level to ERROR in `app/core/logging.py`
+- Comment out the event listeners in `app/db/session.py`
+
+## ✨ Benefits
+
+- 🎯 **Zero Code Changes**: Works automatically with all existing queries
+- 📊 **Actionable Data**: Clear indicators of what needs optimization
+- 🔍 **Production Ready**: Minimal overhead, can be tuned per environment
+- 📈 **Scalable**: Ready to integrate with monitoring tools (Prometheus, Datadog, etc.)
+
+---
+
+**That's it!** Your application now automatically tracks and logs query performance. Just run it and watch the logs! 🚀

README 2.md

@@ -0,0 +1,511 @@
+---
+title: Aqua Barrier
+emoji: 👀
+colorFrom: yellow
+colorTo: green
+sdk: docker
+pinned: false
+short_description: AB MPI services
+---
+
+# AquaBarrier Core API
+
+A comprehensive FastAPI-based web service for managing customers, projects, employees, bidders, distributors, and related business entities for the AquaBarrier MPI (Modular Project Interface) platform.
+
+## Overview
+
+**AquaBarrier Core API** is a production-ready REST API built with FastAPI and SQLAlchemy, designed to handle complex business logic for managing barriers, projects, customer relationships, and organizational data. The application uses SQL Server as its primary database and follows modern Python best practices with type hints, async operations, and comprehensive testing.
+
+### Key Features
+- **Multi-module Architecture**: Organized controllers, services, and repositories for clean separation of concerns
+- **JWT Authentication**: Secure token-based authentication with role-based access control
+- **Comprehensive APIs**: 10+ resource modules including customers, projects, employees, bidders, distributors, and more
+- **Database ORM**: SQLAlchemy 2.0+ with async support and database migrations via Alembic
+- **Request Timing**: Built-in middleware for performance monitoring and slow request detection
+- **CORS Support**: Configured for cross-origin requests
+- **API Documentation**: Auto-generated OpenAPI (Swagger) and ReDoc documentation
+
+---
+
+## Project Structure
+
+```
+ab-ms-core/
+├── app/                              # Main application package
+│   ├── app.py                        # FastAPI application entry point
+│   ├── Dockerfile                    # Container configuration
+│   ├── Makefile                      # Development commands
+│   ├── controllers/                  # API route handlers
+│   │   ├── auth.py                   # Authentication endpoints
+│   │   ├── customers.py              # Customer management
+│   │   ├── projects.py               # Project management
+│   │   ├── employees.py              # Employee management
+│   │   ├── bidders.py                # Bidder management
+│   │   ├── distributors.py           # Distributor management
+│   │   ├── dashboard.py              # Dashboard metrics
+│   │   ├── reports.py                # Reporting endpoints
+│   │   ├── reference.py              # Reference data
+│   │   └── notes.py                  # Notes management
+│   ├── services/                     # Business logic layer
+│   │   ├── customer_service.py       # Customer operations
+│   │   ├── project_service.py        # Project operations
+│   │   ├── auth_service.py           # Authentication logic
+│   │   ├── bidder_service.py         # Bidder operations
+│   │   ├── employee_service.py       # Employee operations
+│   │   ├── reference_service.py      # Reference operations
+│   │   ├── barrier_size_service.py   # Barrier size operations
+│   │   └── [other services...]       # Additional business logic
+│   ├── db/                           # Database layer
+│   │   ├── models/                   # SQLAlchemy ORM models
+│   │   │   ├── customer.py           # Customer model
+│   │   │   ├── project.py            # Project model
+│   │   │   ├── employee.py           # Employee model
+│   │   │   ├── bidder.py             # Bidder model
+│   │   │   ├── barrier_size.py       # Barrier size model
+│   │   │   ├── distributor.py        # Distributor model
+│   │   │   ├── contact.py            # Contact model
+│   │   │   ├── address.py            # Address model
+│   │   │   └── [other models...]     # Additional models
+│   │   ├── repositories/             # Data access layer
+│   │   │   ├── customer_repo.py      # Customer queries
+│   │   │   ├── customer_sp_repo.py   # Customer stored procedures
+│   │   │   ├── project_repo.py       # Project queries
+│   │   │   ├── bidder_repo.py        # Bidder queries
+│   │   │   └── [other repos...]      # Additional repositories
+│   │   ├── migrations/               # Alembic database migrations
+│   │   ├── base.py                   # SQLAlchemy base configuration
+│   │   └── session.py                # Database session management
+│   ├── schemas/                      # Pydantic request/response models
+│   │   ├── customer.py               # Customer schemas
+│   │   ├── project.py                # Project schemas
+│   │   ├── employee.py               # Employee schemas
+│   │   ├── auth.py                   # Auth schemas
+│   │   ├── bidder.py                 # Bidder schemas
+│   │   └── [other schemas...]        # Additional schemas
+│   ├── core/                         # Core utilities
+│   │   ├── config.py                 # Settings and configuration
+│   │   ├── dependencies.py           # Dependency injection
+│   │   ├── security.py               # Security utilities
+│   │   ├── exceptions.py             # Custom exceptions
+│   │   ├── logging.py                # Logging configuration
+│   │   └── timing.py                 # Performance timing utilities
+│   └── tests/                        # Unit tests
+│       └── unit/                     # Unit test suite
+├── tests/                            # Integration and functional tests
+├── docker/                           # Docker configuration
+│   └── docker-compose.yml            # Container orchestration
+├── pyproject.toml                    # Project metadata and dependencies
+├── requirements.txt                  # Python dependencies
+└── [Test files and examples]         # Demo and test scripts
+```
+
+---
+
+## Technology Stack
+
+- **Framework**: FastAPI 0.100.0+ (modern async Python web framework)
+- **Database**: SQL Server with ODBC Driver 18
+- **ORM**: SQLAlchemy 2.0+ (async-first ORM)
+- **Authentication**: JWT tokens with PyJWT
+- **Password Hashing**: Passlib with bcrypt
+- **Validation**: Pydantic 2.0+ (with email support)
+- **Migrations**: Alembic (database version control)
+- **Testing**: Pytest with async support
+- **Code Quality**: Ruff (linting), MyPy (type checking)
+- **Server**: Uvicorn (ASGI server)
+- **Runtime**: Python 3.13+
+
+---
+
+## Getting Started
+
+### Prerequisites
+- **Python 3.13+**
+- **Docker & Docker Compose** (for containerized setup)
+- **SQL Server** (local or remote)
+- **Git**
+
+### Setup & Installation
+
+#### Option 1: Using Docker Compose (Recommended)
+
+```bash
+# Clone the repository
+git clone <repository-url>
+cd ab-ms-core
+
+# Navigate to the app directory
+cd app
+
+# Start the application with database
+make start
+# or manually:
+docker-compose -f docker/docker-compose.yml up --build
+```
+
+The application will be available at:
+- **API**: `http://localhost:8000`
+- **Swagger UI**: `http://localhost:8000/docs`
+- **ReDoc**: `http://localhost:8000/redoc`
+
+#### Option 2: Local Development Setup
+
+1. **Install Python Dependencies**
+```bash
+pip install -r requirements.txt
+```
+
+2. **Set up Environment Variables**
+Create a `.env` file in the root directory:
+```env
+SQLSERVER_HOST=localhost
+SQLSERVER_PORT=1433
+SQLSERVER_USER=sa
+SQLSERVER_PASSWORD=YourStrong!Passw0rd
+SQLSERVER_DB=aquabarrier
+SECRET_KEY=your-secret-key-here
+CORS_ORIGINS=http://localhost:3000,http://localhost:8080
+LOG_LEVEL=INFO
+```
+
+3. **Start the Application**
+```bash
+# From the root directory
+uvicorn app.app:app --reload --host 0.0.0.0 --port 8000
+
+# With debug logging
+uvicorn app.app:app --reload --port 8000 --log-level debug
+```
+
+The API will be available at `http://localhost:8000`
+
+---
+
+## Common Commands
+
+### Development Commands
+```bash
+# Run database migrations
+make migrate
+# or
+alembic upgrade head
+
+# Create a new migration
+alembic revision --autogenerate -m "Description of changes"
+
+# Run linting
+make lint
+# or
+ruff check app/
+
+# Run type checking
+make typecheck
+# or
+mypy app/
+
+# Run tests
+make test
+# or
+pytest app/tests/unit -v
+
+# Stop running containers
+make stop
+# or
+docker-compose -f docker/docker-compose.yml down
+```
+
+### Code Quality
+```bash
+# Format code (using Ruff)
+ruff format app/
+
+# Check for unused imports
+ruff check --select F401 app/
+
+# Full type checking
+mypy app/ --strict
+```
+
+---
+
+## API Endpoints Overview
+
+### Authentication (`/api/v1/auth`)
+- `POST /login` - User login with credentials
+- `POST /refresh` - Refresh access token
+- `POST /logout` - User logout
+
+### Customers (`/api/v1/customers`)
+- `GET /` - List all customers (with pagination)
+- `GET /{id}` - Get customer details
+- `POST /` - Create new customer
+- `PUT /{id}` - Update customer
+- `DELETE /{id}` - Delete customer
+- `GET /{id}/projects` - Get customer's projects
+- `GET /{id}/contacts` - Get customer's contacts
+
+### Projects (`/api/v1/projects`)
+- `GET /` - List all projects
+- `GET /{id}` - Get project details
+- `POST /` - Create new project
+- `PUT /{id}` - Update project
+- `DELETE /{id}` - Delete project
+
+### Employees (`/api/v1/employees`)
+- `GET /` - List all employees
+- `GET /{id}` - Get employee details
+- `POST /` - Create new employee
+- `PUT /{id}` - Update employee
+
+### Bidders (`/api/v1/bidders`)
+- `GET /` - List all bidders
+- `GET /{id}` - Get bidder details
+- `POST /` - Create new bidder
+- `PUT /{id}` - Update bidder
+
+### Distributors (`/api/v1/distributors`)
+- `GET /` - List all distributors
+- `GET /{id}` - Get distributor details
+- `POST /` - Create new distributor
+
+### Reports (`/api/v1/reports`)
+- `GET /` - Generate reports
+- `GET /{report-type}` - Get specific report type
+
+### Reference Data (`/api/v1/reference`)
+- `GET /states` - List all states
+- `GET /countries` - List all countries
+- `GET /barrier-sizes` - List all barrier sizes
+
+### Dashboard (`/api/v1/dashboard`)
+- `GET /stats` - Get dashboard statistics
+- `GET /metrics` - Get performance metrics
+
+---
+
+## Database Models
+
+### Core Entities
+
+**Customer**
+- CustomerID (PK)
+- CompanyName, Address, City, PostalCode
+- StateID, CountryID
+- CompanyTypeID, LeadGeneratedFromID
+- PriorityID, FollowupDate
+- RentalType (default: 'AB')
+- Enabled status
+
+**Project**
+- ProjectID (PK)
+- CustomerID (FK)
+- ProjectName, Description
+- Status, Priority
+- StartDate, EndDate
+- Budget information
+
+**Employee**
+- EmployeeID (PK)
+- FirstName, LastName, Email
+- Phone, Department
+- Status information
+
+**Bidder**
+- BidderID (PK)
+- BidderName, ContactInfo
+- Associated barrier sizes
+
+**Barrier Size**
+- BarrierSizeID (PK)
+- Description, Dimensions
+- Capacity information
+
+**Contact**
+- ContactID (PK)
+- CustomerID (FK)
+- ContactName, Email, Phone
+
+**Address**
+- AddressID (PK)
+- CustomerID/ContactID (FK)
+- Street, City, State, PostalCode
+
+---
+
+## Development Workflow
+
+### 1. **Access API Documentation**
+   - **Swagger UI**: `http://localhost:8000/docs` - Interactive API testing
+   - **ReDoc**: `http://localhost:8000/redoc` - Beautiful API documentation
+
+### 2. **Database Connection**
+   - **Host**: `localhost` (or your SQL Server host)
+   - **Port**: `31433` (Docker) or `1433` (Local MSSQL)
+   - **Database**: `aquabarrier`
+   - **Driver**: ODBC Driver 18 for SQL Server
+
+### 3. **Authentication Flow**
+   - Login via `/api/v1/auth/login` with username/password
+   - Receive JWT access token (15-minute expiration)
+   - Use token in Authorization header: `Bearer <token>`
+   - Refresh token endpoint for extended sessions (7-day expiration)
+
+### 4. **Adding New Features**
+   1. Create/update model in `app/db/models/`
+   2. Create schema in `app/schemas/`
+   3. Create repository in `app/db/repositories/`
+   4. Create service in `app/services/`
+   5. Create controller in `app/controllers/`
+   6. Add tests in `app/tests/unit/`
+   7. Create migration: `alembic revision --autogenerate -m "description"`
+
+### 5. **Testing**
+   - Unit tests in `app/tests/unit/`
+   - Use pytest fixtures in `conftest.py`
+   - Run with: `pytest app/tests/unit -v`
+   - Test coverage analysis available
+
+---
+
+## Performance Features
+
+### Request Timing Middleware
+- Automatically logs request processing time
+- Slow request threshold: 2.0 seconds (warning level)
+- Provides visibility into API performance bottlenecks
+
+### Database Optimization
+- Connection pooling via SQLAlchemy
+- Indexed queries on primary keys
+- Stored procedure support for complex operations
+- Async database operations for better throughput
+
+---
+
+## Environment Configuration
+
+The application uses environment variables (`.env` file) for configuration:
+
+```env
+# Application
+APP_NAME=AquaBarrier Core API
+API_V1_STR=/api/v1
+SECRET_KEY=your-secret-key-minimum-32-characters
+
+# JWT Settings
+JWT_ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=15
+REFRESH_TOKEN_EXPIRE_DAYS=7
+
+# SQL Server Connection
+SQLSERVER_HOST=localhost
+SQLSERVER_PORT=1433
+SQLSERVER_USER=sa
+SQLSERVER_PASSWORD=YourStrong!Passw0rd
+SQLSERVER_DB=aquabarrier
+SQLSERVER_DRIVER=ODBC Driver 18 for SQL Server
+
+# API Settings
+CORS_ORIGINS=*
+
+# Logging
+LOG_LEVEL=INFO
+```
+
+---
+
+## Troubleshooting
+
+### Connection Issues
+- Verify SQL Server is running and accessible
+- Check `.env` file has correct credentials
+- Ensure ODBC Driver 18 is installed: `pip install pyodbc`
+
+### Migration Issues
+- Run: `alembic upgrade head`
+- Check `app/db/migrations/` for migration files
+- Review `alembic.ini` configuration
+
+### Port Already in Use
+```bash
+# Find process using port 8000
+lsof -i :8000
+# Kill process
+kill -9 <PID>
+```
+
+### Docker Issues
+```bash
+# View logs
+docker-compose logs -f
+
+# Rebuild containers
+docker-compose down
+docker-compose up --build
+```
+
+---
+
+## Testing
+
+### Run All Tests
+```bash
+pytest app/tests/unit -v
+```
+
+### Run Specific Test File
+```bash
+pytest app/tests/unit/test_customers.py -v
+```
+
+### Run with Coverage
+```bash
+pytest app/tests/unit --cov=app --cov-report=html
+```
+
+### Available Test Files
+- `test_address_repository.py` - Address data access tests
+- `test_customer_service.py` - Customer business logic tests
+- `test_api.py` - API endpoint tests
+- `test_barrier_*.py` - Barrier size operation tests
+- `test_reference_*.py` - Reference data tests
+
+---
+
+## Project Status
+
+- ✅ Core API structure established
+- ✅ All main entity modules implemented
+- ✅ Database migrations configured
+- ✅ Authentication system in place
+- ✅ Comprehensive test suite
+- ✅ Docker containerization
+- ✅ API documentation
+
+---
+
+## Contributing
+
+1. Create a feature branch
+2. Make changes following the existing code structure
+3. Add tests for new functionality
+4. Run linting and type checking
+5. Submit a pull request
+
+---
+
+## License
+
+[Add your license here]
+
+---
+
+## Support
+
+For issues, questions, or contributions, please contact the development team or open an issue in the repository.
+   - Username: `sa`
+   - Password: `YourStrong!Passw0rd`
+
+3. **Logs**
+   - Docker logs: `docker-compose -f docker/docker-compose.yml logs -f app`
+

app/Dockerfile

@@ -0,0 +1,25 @@
+# Use a lightweight and stable Python 3.11 base image (Bullseye)
+FROM python:3.11-slim-bullseye AS base
+
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PATH="/home/user/.local/bin:$PATH"
+
+RUN apt-get update && apt-get install -y \
+    openssl \
+    ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m -u 1000 user
+USER user
+WORKDIR /app
+
+COPY --chown=user ./requirements.txt requirements.txt
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir --upgrade -r requirements.txt
+
+COPY --chown=user . /app
+
+EXPOSE 7860
+
+CMD ["uvicorn", "app.app:app", "--host", "0.0.0.0", "--port", "7860", "--workers", "4", "--log-level", "info"]

app/Makefile

@@ -0,0 +1,14 @@
+start:
+	docker-compose up --build
+stop:
+	docker-compose down
+migrate:
+	alembic upgrade head
+lint:
+	ruff app/
+typecheck:
+	mypy app/
+test:
+	pytest app/tests/unit
+	test-integration:
+	pytest app/tests/integration

app/README.md

@@ -0,0 +1,55 @@
+---
+title: AquaBarrier Core API
+emoji: 📊
+colorFrom: yellow
+colorTo: blue
+sdk: docker
+pinned: false
+short_description: Core Management Services
+---
+
+Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+
+
+
+# AquaBarrier Core API
+
+## Overview
+Production-ready FastAPI backend for customer/project management, dashboard, and reporting. Uses SQL Server, JWT auth, Docker, Alembic, and more.
+
+## Quickstart
+1. Copy `.env` and adjust secrets.
+2. `docker-compose up --build`
+3. Visit [http://localhost:8000/docs](http://localhost:8000/docs)
+
+## Main Endpoints
+- Auth: `/api/v1/auth/register`, `/api/v1/auth/login`, `/api/v1/auth/refresh`, `/api/v1/auth/logout`
+- Customers: `/api/v1/customers` CRUD
+- Projects: `/api/v1/projects` CRUD
+- Dashboard: `/api/v1/dashboard/summary`, `/api/v1/dashboard/customer/{id}/overview`
+- Reports: `/api/v1/reports/projects`
+
+## Migrations
+- Alembic scripts in `app/db/migrations`
+- Run migrations: `make migrate`
+
+## Testing
+- Unit: `pytest app/tests/unit`
+- Integration: `pytest app/tests/integration`
+
+## Lint & Type Check
+- `ruff app/`
+- `mypy app/`
+
+## Production Run
+- Uvicorn: `uvicorn app.app:app --host 0.0.0.0 --port 8000`
+- Gunicorn: `gunicorn -k uvicorn.workers.UvicornWorker app.app:app`
+
+## Environment Variables
+See `.env` for all required variables.
+
+## Seed Data
+- Add admin/sample data: `python app/seed.py`
+
+## CI/CD
+- Example GitHub Actions pipeline included.

app/app.py

@@ -0,0 +1,98 @@
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from app.core.config import settings
+from app.core.logging import setup_logging
+from app.controllers.auth import router as auth_router
+from app.controllers.customers import router as customers_router
+from app.controllers.projects import router as projects_router
+from app.controllers.dashboard import router as dashboard_router
+from app.controllers.reports import router as reports_router
+from app.controllers.employees import router as employees_router
+from app.controllers.reference import router as reference_router
+from app.controllers.bidders import router as bidders_router
+from app.controllers.distributors import router as distributors_router
+from app.controllers.notes import router as notes_router
+import logging
+import time
+# addresses router removed; address endpoints now live under customers.py
+
+setup_logging(settings.LOG_LEVEL)
+
+app = FastAPI(title=settings.APP_NAME)
+
+# Request timing logger
+request_logger = logging.getLogger("app.request.timing")
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=[settings.CORS_ORIGINS],
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+
+@app.middleware("http")
+async def request_timing_middleware(request: Request, call_next):
+    """Track and log request processing time."""
+    start_time = time.time()
+    
+    response = await call_next(request)
+    
+    process_time = time.time() - start_time
+    
+    # Log with different levels based on processing time
+    path = request.url.path
+    method = request.method
+    status = response.status_code
+    
+    if process_time > 2.0:  # Slow request threshold: 2 seconds
+        request_logger.warning(
+            f"SLOW REQUEST ({process_time:.3f}s): {method} {path} - Status {status}"
+        )
+    elif process_time > 1.0:  # Medium request threshold: 1 second
+        request_logger.info(
+            f"Request took {process_time:.3f}s: {method} {path} - Status {status}"
+        )
+    else:
+        request_logger.debug(
+            f"Request took {process_time:.3f}s: {method} {path} - Status {status}"
+        )
+    
+    # Add timing header to response
+    response.headers["X-Process-Time"] = f"{process_time:.3f}"
+    
+    return response
+
+
+@app.middleware("http")
+async def remove_content_type_for_no_content(request, call_next):
+    """Remove Content-Type header on 204 No Content responses.
+
+    Some clients/tools prefer a bare 204 with no Content-Type header. FastAPI
+    will normally include the header; this middleware strips it when the
+    response has no content.
+    """
+    response = await call_next(request)
+    try:
+        if response.status_code == 204:
+            # Some Response classes store headers in response.headers (MutableHeaders)
+            # Remove Content-Type if present so responses are truly empty.
+            if "content-type" in response.headers:
+                del response.headers["content-type"]
+    except Exception:
+        # Be conservative: don't let middleware failures break the request.
+        pass
+
+    return response
+
+app.include_router(auth_router)
+app.include_router(customers_router)
+app.include_router(projects_router)
+app.include_router(dashboard_router)
+app.include_router(reports_router)
+app.include_router(employees_router)
+app.include_router(reference_router)
+app.include_router(bidders_router)
+app.include_router(notes_router)
+# addresses router removed; address endpoints now included in customers_router

app/controllers/auth.py

@@ -0,0 +1,86 @@
+from fastapi import APIRouter, Depends, status, HTTPException
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.auth_service import AuthService
+from app.schemas.user import UserCreate
+from app.schemas.auth import (
+    LoginRequest, UserLoginRequest, EmployeeLoginRequest,
+    TokenResponse, UserTokenResponse, EmployeeTokenResponse,
+    RefreshTokenRequest, RefreshTokenResponse, CurrentUser
+)
+from app.core.dependencies import get_current_user, get_current_user_optional
+from app.core.exceptions import AuthException
+import logging
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/v1/auth", tags=["authentication"])
+
+ 
+@router.post("/login")
+def login(login_request: LoginRequest, db: Session = Depends(get_db)):
+    """
+    Universal login endpoint
+    
+    Supports both user (email) and employee (EmployeeID) authentication.
+    - Set auth_type to "user" for email-based login
+    - Set auth_type to "employee" for EmployeeID-based login  
+    - Set auth_type to "auto" (default) to auto-detect based on username format
+    """
+    service = AuthService(db)
+    try:
+        result = service.authenticate_user(
+            login_request.username, 
+            login_request.password
+        )
+        return result
+    except AuthException as e:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+
+@router.post("/refresh", response_model=RefreshTokenResponse)
+def refresh_access_token(refresh_request: RefreshTokenRequest, db: Session = Depends(get_db)):
+    """
+    Refresh access token
+    
+    Generate a new access token using a valid refresh token.
+    """
+    service = AuthService(db)
+    try:
+        result = service.refresh_token(refresh_request.refresh_token)
+        return RefreshTokenResponse(**result)
+    except AuthException as e:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail=str(e))
+
+@router.get("/me", response_model=CurrentUser)
+def get_me(current_user: CurrentUser = Depends(get_current_user)):
+    """
+    Get current user information
+    
+    Returns details about the currently authenticated user or employee.
+    """
+    return current_user
+
+@router.post("/logout")
+def logout():
+    """
+    Logout endpoint
+    
+    Since JWTs are stateless, logout is handled on the client side by discarding tokens.
+    This endpoint exists for API completeness and could be extended to maintain
+    a blacklist of revoked tokens if needed.
+    """
+    return {"message": "Successfully logged out"}
+
+@router.get("/validate")
+def validate_token(current_user: CurrentUser = Depends(get_current_user_optional)):
+    """
+    Token validation endpoint
+    
+    Validates if the provided token is valid and returns user information.
+    Returns null if no token or invalid token.
+    """
+    if current_user:
+        return {"valid": True, "user": current_user}
+    else:
+        return {"valid": False, "user": None}

app/controllers/bidders.py

@@ -0,0 +1,695 @@
+from fastapi import APIRouter, Depends, status, Query, HTTPException
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.bidder_service import BidderService
+from app.core.exceptions import NotFoundException
+from app.schemas.bidder import BidderCreate, BidderOut
+from app.schemas.paginated_response import PaginatedResponse
+from app.schemas.barrier_size import (
+    BarrierSizesCreate,
+    BarrierSizesUpdate,
+    BarrierSizesUpdateWithAssociation,
+    BarrierSizesOut,
+)
+from app.schemas.bidders_barrier_sizes import BidderBarrierSizeDetail
+from app.schemas.bidder_contact import BidderContactDetail
+from app.services import barrier_size_service
+from typing import Optional, List
+import logging
+
+logger = logging.getLogger(__name__)
+
+# Common query parameter descriptions
+PAGE_DESC = "Page number (1-indexed)"
+PAGE_SIZE_DESC = "Number of items per page"
+ORDER_BY_DESC = "Field to order by"
+ORDER_DIR_DESC = "Order direction (asc|desc)"
+PROJ_NO_DESC = "Project number (required)"
+
+router = APIRouter(prefix="/api/v1/bidders", tags=["bidders"])
+
+@router.get(
+    "/",
+    response_model=PaginatedResponse[BidderOut],
+    summary="List bidders by project",
+    response_description="Paginated list of bidders for a specific project"
+)
+def list_bidders(
+    proj_no: str = Query(..., description=PROJ_NO_DESC),
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all bidders for a specific project with pagination and ordering"""
+    try:
+        logger.info(f"Listing bidders for project {proj_no}: page={page}, page_size={page_size}")
+        bidder_service = BidderService(db)
+        result = bidder_service.get_by_project_no(
+            proj_no=proj_no,
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} bidders for project {proj_no}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing bidders for project {proj_no}: {e}")
+        return PaginatedResponse[BidderOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/project/{proj_no}",
+    response_model=PaginatedResponse[BidderOut],
+    summary="List bidders by project path parameter",
+    response_description="Paginated list of bidders for a specific project"
+)
+def list_bidders_by_project(
+    proj_no: str,
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all bidders for a specific project with pagination and ordering (using path parameter)"""
+    try:
+        logger.info(f"Listing bidders for project {proj_no}: page={page}, page_size={page_size}")
+        bidder_service = BidderService(db)
+        result = bidder_service.get_by_project_no(
+            proj_no=proj_no, 
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} bidders for project {proj_no}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing bidders for project {proj_no}: {e}")
+        return PaginatedResponse[BidderOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/customer/{cust_id}",
+    response_model=PaginatedResponse[BidderOut],
+    summary="List bidders by customer",
+    response_description="Paginated list of bidders for a specific customer"
+)
+def list_bidders_by_customer(
+    cust_id: int,
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all bidders for a specific customer with pagination and ordering"""
+    try:
+        logger.info(f"Listing bidders for customer {cust_id}: page={page}, page_size={page_size}")
+        bidder_service = BidderService(db)
+        result = bidder_service.get_by_customer_id(
+            cust_id=cust_id, 
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} bidders for customer {cust_id}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing bidders for customer {cust_id}: {e}")
+        return PaginatedResponse[BidderOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/all",
+    response_model=PaginatedResponse[BidderOut],
+    summary="List all bidders",
+    response_description="Paginated list of all bidders without any filters"
+)
+def list_all_bidders(
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all bidders with pagination and ordering"""
+    try:
+        logger.info(f"Listing all bidders: page={page}, page_size={page_size}")
+        bidder_service = BidderService(db)
+        result = bidder_service.list(
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_direction=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} bidders")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing all bidders: {e}")
+        return PaginatedResponse[BidderOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+# BarrierSizes endpoints - Must be defined BEFORE the generic /{bidder_id} route
+
+
+
+@router.post(
+    "/barrier-sizes",
+    response_model=BarrierSizesOut,
+    status_code=status.HTTP_201_CREATED,
+    summary="Create a new barrier size and associate with bidder",
+    response_description="Created barrier size with bidder association"
+)
+def create_barrier_size(
+    obj_in: BarrierSizesCreate,
+    db: Session = Depends(get_db)
+):
+    """Create a new barrier size entry and associate it with a bidder"""
+    try:
+        logger.info(f"Creating new barrier size for bidder {obj_in.bidder_id}")
+        
+        # TODO: Add bidder validation once we confirm bidder exists in database
+        # For now, skip validation to test the basic functionality
+        
+        result = barrier_size_service.create(db, obj_in)
+        logger.info(f"Successfully created barrier size {result.Id} for bidder {obj_in.bidder_id}")
+        return result
+    except Exception as e:
+        logger.error(f"Error creating barrier size: {e}")
+        import traceback
+        traceback.print_exc()  # Print full traceback for debugging
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to create barrier size: {str(e)}"
+        )
+
+
+
+@router.get(
+    "/barrier-sizes/all",
+    response_model=List[BarrierSizesOut],
+    summary="Get all barrier sizes (for debugging)",
+    response_description="List of all barrier sizes in the system"
+)
+def get_all_barrier_sizes(db: Session = Depends(get_db)):
+    """Get all barrier sizes in the system (for debugging purposes)"""
+    try:
+        barrier_sizes = barrier_size_service.get_all(db, skip=0, limit=50)
+        logger.info(f"Found {len(barrier_sizes)} barrier sizes in database")
+        return barrier_sizes
+    except Exception as e:
+        logger.error(f"Error getting all barrier sizes: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to get barrier sizes"
+        )
+
+@router.get(
+    "/barrier-sizes/{barrier_size_id}",
+    response_model=BarrierSizesOut,
+    summary="Get a specific barrier size by ID (for debugging)",
+    response_description="Specific barrier size details"
+)
+def get_barrier_size_by_id(barrier_size_id: int, db: Session = Depends(get_db)):
+    """Get a specific barrier size by ID (for debugging purposes)"""
+    try:
+        barrier_size = barrier_size_service.get(db, barrier_size_id)
+        if not barrier_size:
+            raise HTTPException(status_code=404, detail=f"Barrier size {barrier_size_id} not found")
+        return barrier_size
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error getting barrier size {barrier_size_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to get barrier size"
+        )
+
+@router.get(
+    "/{bidder_id}/barrier-sizes",
+    response_model=List[BidderBarrierSizeDetail],
+    summary="Get barrier sizes associated with a bidder",
+    response_description="List of barrier sizes with full details including InventoryId and InstallAdvisorFees"
+)
+def get_bidder_barrier_sizes(bidder_id: int, db: Session = Depends(get_db)):
+    """Get all barrier sizes associated with a specific bidder"""
+    try:
+        barrier_sizes = barrier_size_service.get_by_bidder(db, bidder_id)
+        return barrier_sizes  # Return empty list if no barrier sizes found
+    except Exception as e:
+        logger.error(f"Error getting barrier sizes for bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to get barrier sizes for bidder"
+        )
+
+@router.get(
+    "/{bidder_id}/contacts",
+    response_model=List[BidderContactDetail],
+    summary="Get contacts associated with a bidder",
+    response_description="List of contacts associated with the bidder with full contact details"
+)
+def get_bidder_contacts(bidder_id: int, db: Session = Depends(get_db)):
+    """Get all contacts associated with a specific bidder"""
+    try:
+        bidder_service = BidderService(db)
+        # First verify bidder exists
+        bidder = bidder_service.get(bidder_id)
+        
+        # Get contacts using the repository method that already exists
+        contacts = bidder_service.repo.get_bidder_contacts_raw(bidder_id)
+        
+        # Map to schema
+        contact_details = []
+        for contact in contacts:
+            contact_details.append(BidderContactDetail(
+                id=contact.get('Id'),
+                contact_id=contact.get('ContactId'),
+                bidder_id=contact.get('BidderId'),
+                enabled=contact.get('Enabled', True),
+                first_name=contact.get('FirstName'),
+                last_name=contact.get('LastName'),
+                title=contact.get('Title'),
+                email_address=contact.get('EmailAddress'),
+                work_phone=contact.get('WorkPhone'),
+                mobile_phone=contact.get('MobilePhone')
+            ))
+        
+        return contact_details
+    except NotFoundException:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Bidder {bidder_id} not found"
+        )
+    except Exception as e:
+        logger.error(f"Error getting contacts for bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to get contacts for bidder"
+        )
+
+@router.post(
+    "/{bidder_id}/contacts",
+    response_model=List[dict],
+    status_code=status.HTTP_201_CREATED,
+    summary="Associate contacts with a bidder",
+    response_description="List of created BidderContact associations"
+)
+def add_bidder_contacts(
+    bidder_id: int,
+    contact_ids: List[int],
+    db: Session = Depends(get_db)
+):
+    """Associate multiple contacts with a bidder"""
+    try:
+        bidder_service = BidderService(db)
+        # First verify bidder exists
+        bidder = bidder_service.get(bidder_id)
+        
+        # Create the associations
+        created_associations = bidder_service.repo.create_bidder_contacts(bidder_id, contact_ids)
+        
+        logger.info(f"Successfully associated {len(contact_ids)} contacts with bidder {bidder_id}")
+        return created_associations
+        
+    except NotFoundException:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Bidder {bidder_id} not found"
+        )
+    except Exception as e:
+        logger.error(f"Error associating contacts with bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to associate contacts with bidder"
+        )
+
+ 
+
+@router.put(
+    "/barrier-sizes/{id}",
+    response_model=BarrierSizesOut,
+    summary="Update a barrier size (BarrierSizes table only)",
+    response_description="Updated barrier size"
+)
+def update_barrier_size(
+    id: int,
+    barrier_update: BarrierSizesUpdate,
+    db: Session = Depends(get_db)
+):
+    """
+    Update an existing barrier size in the BarrierSizes table only.
+    
+    This endpoint directly updates the BarrierSizes table without checking or modifying 
+    the BiddersBarrierSizes association table.
+    
+    Only updates the fields that are provided (non-None values) in the JSON body.
+    
+    Request body example:
+    {
+        "Height": 10.5,
+        "Width": 8.0,
+        "Lenght": 12.0,
+        "CableUnits": 5,
+        "Price": 1500.00,
+        "IsStandard": true
+    }
+    
+    All fields in the request body are optional.
+    """
+    try:
+        logger.info(f"Updating barrier size {id} (BarrierSizes table only)")
+        
+        # Direct update using the barrier size service
+        updated_barrier = barrier_size_service.update(db, id, barrier_update)
+        
+        if not updated_barrier:
+            raise HTTPException(
+                status_code=404, 
+                detail=f"Barrier size {id} not found in BarrierSizes table"
+            )
+            
+        logger.info(f"Successfully updated barrier size {id}")
+        return updated_barrier
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error updating barrier size {id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to update barrier size"
+        )
+
+@router.put(
+    "/barrier-sizes/{id}/with-association",
+    response_model=dict,
+    summary="Update a barrier size with bidder association",
+    response_description="Updated barrier size and bidder association"
+)
+def update_barrier_size_with_association(
+    id: int,
+    barrier_update: BarrierSizesUpdateWithAssociation,
+    db: Session = Depends(get_db)
+):
+    """
+    Update an existing barrier size and/or its bidder association.
+    
+    Updates both BarrierSizes table and BiddersBarrierSizes table if bidder_id is provided.
+    Only updates the fields that are provided (non-None values) in the JSON body.
+    
+    Request body example:
+    {
+        "Height": 10.5,
+        "Width": 8.0,
+        "Lenght": 12.0,
+        "CableUnits": 5,
+        "Price": 1500.00,
+        "IsStandard": true,
+        "inventory_id": 123,
+        "install_advisor_fees": 250.00,
+        "bidder_id": 456
+    }
+    
+    All fields in the request body are optional.
+    """
+    try:
+        logger.info(f"Updating barrier size {id} with associations")
+        
+        result = barrier_size_service.update_barrier_with_association(
+            db=db,
+            barrier_size_id=id,
+            height=barrier_update.Height,
+            width=barrier_update.Width,
+            length=barrier_update.Lenght,
+            cable_units=barrier_update.CableUnits,
+            price=barrier_update.Price,
+            is_standard=barrier_update.IsStandard,
+            inventory_id=barrier_update.inventory_id,
+            install_advisor_fees=barrier_update.install_advisor_fees,
+            bidder_id=barrier_update.bidder_id
+        )
+        
+        if not result:
+            raise HTTPException(
+                status_code=404, 
+                detail=f"Barrier size {id} not found. Please create the barrier size first using POST /api/v1/bidders/barrier-sizes"
+            )
+            
+        logger.info(f"Successfully updated barrier size {id} with associations")
+        return result
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error updating barrier size {id} with associations: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to update barrier size with associations"
+        )
+
+
+
+@router.delete(
+    "/barrier-sizes/by-bidder/{bidder_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Delete all barrier sizes associated with a bidder",
+    response_description="All barrier sizes and associations for the bidder deleted successfully"
+)
+def delete_barrier_sizes_by_bidder(bidder_id: int, db: Session = Depends(get_db)):
+    """
+    Delete all barrier sizes associated with a specific bidder.
+    
+    This implements the two-step SQL logic:
+    1. DELETE FROM BarrierSizes WHERE Id IN (SELECT BarrierSizeId FROM BiddersBarrierSizes WHERE BidderId = {bidder_id})
+    2. DELETE FROM BiddersBarrierSizes WHERE BidderId = {bidder_id}
+    
+    Parameters:
+    - bidder_id: The bidder ID to delete all barrier sizes for
+    """
+    try:
+        logger.info(f"Deleting all barrier sizes for bidder {bidder_id}")
+        result = barrier_size_service.delete_all_by_bidder(db, bidder_id)
+        
+        logger.info(f"Successfully deleted barrier sizes for bidder {bidder_id}: {result}")
+        return None
+    except Exception as e:
+        logger.error(f"Error deleting barrier sizes for bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to delete barrier sizes for bidder"
+        )
+
+@router.delete(
+    "/barrier-sizes/bidder/{bidder_id}/barrier/{barrier_size_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Delete barrier size by bidder and barrier size IDs",
+    response_description="Barrier size and association deleted successfully"
+)
+def delete_barrier_size_by_bidder_and_barrier(
+    bidder_id: int, 
+    barrier_size_id: int,
+    cascade: bool = Query(True, description="If true, deletes the barrier size itself if no other bidders use it"),
+    db: Session = Depends(get_db)
+):
+    """
+    Delete barrier size association and optionally the barrier size itself.
+    
+    This endpoint implements the SQL equivalent of:
+    DELETE FROM BiddersBarrierSizes WHERE BidderId={bidder_id} AND BarrierSizeId={barrier_size_id}
+    DELETE FROM BarrierSizes WHERE Id={barrier_size_id} (if cascade=true and no other associations exist)
+    
+    Parameters:
+    - bidder_id: The bidder ID to remove association for
+    - barrier_size_id: The barrier size ID to delete association for
+    - cascade: If True, also deletes the BarrierSize record if no other bidders are using it
+    """
+    try:
+        logger.info(f"Deleting barrier size association: bidder_id={bidder_id}, barrier_size_id={barrier_size_id}, cascade={cascade}")
+        result = barrier_size_service.delete_by_bidder_and_barrier_id(db, bidder_id, barrier_size_id, cascade)
+        
+        if not result["association_deleted"]:
+            raise HTTPException(
+                status_code=404, 
+                detail=f"Association not found between bidder {bidder_id} and barrier size {barrier_size_id}"
+            )
+        
+        logger.info(f"Successfully deleted barrier size association and/or barrier size: {result}")
+        return None
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting barrier size association: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to delete barrier size association"
+        )
+
+
+# Bidder endpoints - These must come AFTER the barrier-sizes routes
+
+@router.get(
+    "/{bidder_id}",
+    response_model=BidderOut,
+    summary="Get a bidder by ID",
+    response_description="Bidder details"
+)
+def get_bidder(bidder_id: int, db: Session = Depends(get_db)):
+    """Get a specific bidder by ID"""
+    try:
+        bidder_service = BidderService(db)
+        return bidder_service.get(bidder_id)
+    except Exception as e:
+        logger.error(f"Error getting bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Bidder {bidder_id} not found"
+        )
+
+
+@router.post(
+    "/",
+    response_model=BidderOut,
+    status_code=status.HTTP_201_CREATED,
+    summary="Create a new bidder",
+    response_description="Created bidder details"
+)
+def create_bidder(
+    bidder_in: BidderCreate,
+    proj_no: str = Query(..., description=PROJ_NO_DESC),
+    db: Session = Depends(get_db)
+):
+    """
+    Create a new bidder with optional contact associations.
+    
+    To associate multiple contacts with the bidder during creation,
+    include a 'contact_ids' field in the request body with a list of contact IDs.
+    The contact_ids field is OPTIONAL - if not provided, the bidder will be 
+    created without any contact associations.
+    
+    Example request body:
+    {
+        "cust_id": 1,
+        "quote": 5000.00,
+        "notes": "Project notes",
+        "email_address": "test@example.com",
+        "contact_ids": [1, 2, 3]  // OPTIONAL: List of contact IDs to associate
+    }
+    
+    This will create the bidder and automatically create entries in the 
+    BidderContact table linking the bidder to the specified contacts.
+    If contact_ids is omitted, only the bidder record is created.
+    """
+    try:
+        bidder_service = BidderService(db)
+        logger.info(f"Creating new bidder for project {proj_no}")
+        
+        # Update the bidder data with the project number
+        bidder_data = bidder_in.dict()
+        bidder_data["proj_no"] = proj_no
+        
+        result = bidder_service.create(bidder_data)
+        logger.info(f"Successfully created bidder {result.id} for project {proj_no}")
+        return result
+    except ValueError as e:
+        logger.error(f"Validation error creating bidder: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+        logger.error(f"Error creating bidder: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to create bidder"
+        )
+
+
+@router.put(
+    "/{bidder_id}",
+    response_model=BidderOut,
+    summary="Update a bidder",
+    response_description="Updated bidder details"
+)
+def update_bidder(
+    bidder_id: int,
+    bidder_in: BidderCreate,
+    proj_no: str = Query(..., description=PROJ_NO_DESC),
+    db: Session = Depends(get_db)
+):
+    """Update an existing bidder"""
+    try:
+        bidder_service = BidderService(db)
+        logger.info(f"Updating bidder {bidder_id} for project {proj_no}")
+        
+        # Update the bidder data with the project number
+        bidder_data = bidder_in.dict()
+        bidder_data["proj_no"] = proj_no
+        
+        result = bidder_service.update(bidder_id, bidder_data)
+        logger.info(f"Successfully updated bidder {bidder_id} for project {proj_no}")
+        return result
+    except ValueError as e:
+        logger.error(f"Validation error updating bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+        logger.error(f"Error updating bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to update bidder"
+        )
+
+
+@router.delete(
+    "/{bidder_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Delete a bidder",
+    response_description="Bidder deleted successfully"
+)
+def delete_bidder(
+    bidder_id: int,
+    proj_no: str = Query(..., description=PROJ_NO_DESC),
+    db: Session = Depends(get_db)
+):
+    """Delete a bidder"""
+    try:
+        bidder_service = BidderService(db)
+        logger.info(f"Deleting bidder {bidder_id} for project {proj_no}")
+        
+        # First verify the bidder belongs to the specified project
+        bidder = bidder_service.get(bidder_id)
+        if bidder.proj_no != proj_no:
+            raise ValueError(f"Bidder {bidder_id} does not belong to project {proj_no}")
+            
+        bidder_service.delete(bidder_id)
+        logger.info(f"Successfully deleted bidder {bidder_id} for project {proj_no}")
+        return None
+    except Exception as e:
+        logger.error(f"Error deleting bidder {bidder_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to delete bidder"
+        )

app/controllers/customers.py

@@ -0,0 +1,417 @@
+from fastapi import APIRouter, Depends, status, Query, HTTPException
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.customer_service import CustomerService
+from app.services.customer_list_service import CustomerListService
+from app.services.contact_service import ContactService
+from app.services.address_service import AddressService
+from app.services.project_service import ProjectService
+from app.schemas.customer import CustomerCreate, CustomerOut, CustomerUpdate
+from app.schemas.contact import ContactCreate, ContactOut
+from app.schemas.address import AddressCreate, AddressOut
+from app.schemas.project_detail import ProjectCustomerOut
+from app.schemas.paginated_response import PaginatedResponse
+from typing import List, Optional
+import logging
+import os
+from app.db.models.address import Address
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/v1/customers", tags=["customers"])
+
+
+def _customer_model_to_response(customer):
+    """Map a SQLAlchemy Customer model instance to the API response dict."""
+    if not customer:
+        return None
+    return {
+        'id': getattr(customer, 'CustomerID', None),
+        'name': getattr(customer, 'CompanyName', None),
+        'address': getattr(customer, 'Address', None),
+        'city': getattr(customer, 'City', None),
+        'postal_code': getattr(customer, 'PostalCode', None),
+        'web_address': getattr(customer, 'WebAddress', None),
+        'referral': getattr(customer, 'Referral', None),
+        'company_type_id': getattr(customer, 'CompanyTypeID', None),
+        'state_id': getattr(customer, 'StateID', None),
+        'country_id': getattr(customer, 'CountryID', None),
+        'lead_generated_from_id': getattr(customer, 'LeadGeneratedFromID', None),
+        'specific_source': getattr(customer, 'SpecificSource', None),
+        'priority_id': getattr(customer, 'PriorityID', None),
+        'followup_date': getattr(customer, 'FollowupDate', None),
+        'purchase': getattr(customer, 'Purchase', None),
+        'vendor_id': getattr(customer, 'VendorID', None),
+        'enabled': getattr(customer, 'Enabled', None),
+        'rental_type': getattr(customer, 'RentalType', None),
+    }
+
+@router.get(
+    "/",
+    response_model=PaginatedResponse[CustomerOut],
+    summary="List customers with pagination and ordering",
+    response_description="Paginated list of customers"
+)
+def list_customers(
+    page: int = Query(1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(10, ge=1, le=100, description="Number of items per page"),
+    order_by: Optional[str] = Query("CustomerID", description="Field to order by (CustomerID, CompanyName, Address, City, etc.)"),
+    order_dir: Optional[str] = Query("desc", description="Order direction (asc|desc)"),
+    name: Optional[str] = Query(None, description="Filter by customer name (wildcard search, case-insensitive)"),
+    db: Session = Depends(get_db)
+):
+    try:
+        logger.info(f"Listing customers: page={page}, page_size={page_size}, order_by={order_by}, order_dir={order_dir}, name={name}")
+        service = CustomerListService(db)
+        result = service.list_customers(page=page, page_size=page_size, order_by=order_by, order_dir=order_dir, name=name)
+        logger.info(f"Successfully retrieved customers: {len(result.items)} items")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing customers: {e}")
+        # Return empty result instead of 500 error
+        return PaginatedResponse[CustomerOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get("/{customer_id}", response_model=CustomerOut)
+def get_customer(customer_id: int, db: Session = Depends(get_db)):
+    service = CustomerService(db)
+    customer = service.get(customer_id)
+    return _customer_model_to_response(customer)
+
+@router.post("/", response_model=CustomerOut, status_code=status.HTTP_201_CREATED)
+def create_customer(customer_in: CustomerCreate, db: Session = Depends(get_db)):
+    service = CustomerService(db)
+    try:
+        customer = service.create(customer_in.dict())
+        response = _customer_model_to_response(customer)
+        return response
+    except ValueError as e:
+        logger.error(f"Validation error creating customer: {e}")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+
+@router.put("/{customer_id}", response_model=CustomerOut)
+def update_customer(customer_id: int, customer_in: CustomerUpdate, db: Session = Depends(get_db)):
+    """Update a customer. Accepts partial updates; only provided fields will be changed."""
+    service = CustomerService(db)
+    try:
+        # Only include fields explicitly set by the client to avoid Pydantic-required fields causing validation errors
+        update_data = customer_in.dict(exclude_unset=True)
+        customer = service.update(customer_id, update_data)
+        response = _customer_model_to_response(customer)
+        return response
+    except ValueError as e:
+        logger.error(f"Validation error updating customer {customer_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+
+@router.delete("/{customer_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_customer(customer_id: int, db: Session = Depends(get_db)):
+    service = CustomerService(db)
+    service.delete(customer_id)
+    return None
+
+# Address-related endpoints (moved from app/controllers/addresses.py)
+@router.get(
+    "/{customer_id}/addresses",
+    response_model=PaginatedResponse[AddressOut],
+    summary="List addresses for a customer",
+    response_description="Paginated list of addresses for a customer"
+)
+def list_addresses(
+    customer_id: int,
+    page: int = Query(1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(10, ge=1, le=100, description="Number of items per page"),
+    order_by: Optional[str] = Query("Id", description="Field to order by"),
+    order_dir: Optional[str] = Query("asc", description="Order direction (asc|desc)"),
+    db: Session = Depends(get_db)
+):
+    try:
+        service = AddressService(db)
+        result = service.list(page=page, page_size=page_size, order_by=order_by, order_dir=order_dir, customer_id=customer_id)
+        return result
+    except Exception as e:
+        logger.error(f"Error listing addresses for customer {customer_id}: {e}")
+        return PaginatedResponse[AddressOut](items=[], page=page, page_size=page_size, total=0)
+
+         
+
+
+@router.get("/{customer_id}/addresses/{address_id}", response_model=AddressOut, summary="Get address by id")
+def get_address(customer_id: int, address_id: int, db: Session = Depends(get_db)):
+    try:
+        service = AddressService(db)
+        addr = service.get(address_id)
+        if addr.customer_id != customer_id:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Address {address_id} not found for customer {customer_id}")
+        return addr
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error getting address {address_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Address {address_id} not found")
+
+
+@router.post("/{customer_id}/addresses", response_model=AddressOut, status_code=status.HTTP_201_CREATED)
+def create_address(customer_id: int, address_in: AddressCreate, db: Session = Depends(get_db)):
+    try:
+        service = AddressService(db)
+        data = address_in.dict()
+        data['customer_id'] = customer_id
+        result = service.create(data)
+        return result
+    except ValueError as e:
+        logger.error(f"Validation error creating address for customer {customer_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+    except Exception as e:
+        logger.error(f"Error creating address for customer {customer_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Failed to create address")
+
+
+@router.put("/{customer_id}/addresses/{address_id}", response_model=AddressOut)
+def update_address(customer_id: int, address_id: int, address_in: AddressCreate, db: Session = Depends(get_db)):
+    try:
+        service = AddressService(db)
+        existing = service.get(address_id)
+        if existing.customer_id != customer_id:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Address {address_id} not found for customer {customer_id}")
+
+        update_data = address_in.dict(exclude_unset=True)
+        update_data['customer_id'] = customer_id
+        result = service.update(address_id, update_data)
+        return result
+    except HTTPException:
+        raise
+    except ValueError as e:
+        logger.error(f"Validation error updating address {address_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail=str(e))
+    except Exception as e:
+        logger.error(f"Error updating address {address_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Address {address_id} not found")
+
+
+@router.delete("/{customer_id}/addresses/{address_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_address(customer_id: int, address_id: int, db: Session = Depends(get_db)):
+    try:
+        service = AddressService(db)
+        existing = service.get(address_id)
+        if existing.customer_id != customer_id:
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Address {address_id} not found for customer {customer_id}")
+
+        service.delete(address_id)
+        return None
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting address {address_id}: {e}")
+        raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Failed to delete address")
+
+# Contact-related endpoints
+@router.get(
+    "/{customer_id}/contacts",
+    response_model=PaginatedResponse[ContactOut],
+    summary="List contacts for a specific customer",
+    response_description="Paginated list of customer contacts"
+)
+def list_customer_contacts(
+    customer_id: int,
+    page: int = Query(1, ge=1, description="Page number (1-indexed)"),
+    page_size: int = Query(10, ge=1, le=100, description="Number of items per page"),
+    order_by: Optional[str] = Query("ContactID", description="Field to order by (ContactID, FirstName, LastName, etc.)"),
+    order_dir: Optional[str] = Query("asc", description="Order direction (asc|desc)"),
+    db: Session = Depends(get_db)
+):
+    """Get all contacts for a specific customer with pagination and ordering"""
+    try:
+        logger.info(f"Listing contacts for customer {customer_id}: page={page}, page_size={page_size}")
+        contact_service = ContactService(db)
+        result = contact_service.get_by_customer_id(
+            customer_id=customer_id,
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} contacts for customer {customer_id}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing contacts for customer {customer_id}: {e}")
+        return PaginatedResponse[ContactOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/{customer_id}/contacts/{contact_id}",
+    response_model=ContactOut,
+    summary="Get a specific contact for a customer",
+    response_description="Contact details"
+)
+def get_customer_contact(
+    customer_id: int,
+    contact_id: int,
+    db: Session = Depends(get_db)
+):
+    """Get a specific contact by ID (validates it belongs to the customer)"""
+    try:
+        contact_service = ContactService(db)
+        contact = contact_service.get(contact_id)
+        
+        # Verify the contact belongs to the specified customer
+        if contact.customer_id != customer_id:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Contact {contact_id} not found for customer {customer_id}"
+            )
+        
+        return contact
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error getting contact {contact_id} for customer {customer_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Contact {contact_id} not found for customer {customer_id}"
+        )
+
+@router.post(
+    "/{customer_id}/contacts",
+    response_model=ContactOut,
+    status_code=status.HTTP_201_CREATED,
+    summary="Create a new contact for a customer",
+    response_description="Created contact details"
+)
+def create_customer_contact(
+    customer_id: int,
+    contact_in: ContactCreate,
+    db: Session = Depends(get_db)
+):
+    """Create a new contact for the specified customer"""
+    try:
+        # Ensure the contact is associated with the correct customer
+        contact_data = contact_in.dict()
+        contact_data['customer_id'] = customer_id
+         
+        contact_service = ContactService(db)
+        
+        result = contact_service.create(contact_data)
+        return result
+    except ValueError as e:
+         raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+         raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to create contact"
+        )
+
+@router.put(
+    "/{customer_id}/contacts/{contact_id}",
+    response_model=ContactOut,
+    summary="Update a customer contact",
+    response_description="Updated contact details"
+)
+def update_customer_contact(
+    customer_id: int,
+    contact_id: int,
+    contact_in: ContactCreate,
+    db: Session = Depends(get_db)
+):
+    """Update an existing contact for the specified customer"""
+    try:
+        contact_service = ContactService(db)
+        
+        # First verify the contact exists and belongs to the customer
+        existing_contact = contact_service.get(contact_id)
+        if existing_contact.customer_id != customer_id:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Contact {contact_id} not found for customer {customer_id}"
+            )
+        
+        # Set the customer_id to ensure it doesn't change
+        contact_data = contact_in.dict() 
+        contact_data['customer_id'] = customer_id
+        
+        logger.info(f"Updating contact {contact_id} for customer {customer_id}")
+        result = contact_service.update(contact_id, contact_data)
+        logger.info(f"Successfully updated contact {contact_id} for customer {customer_id}")
+        return result
+    except HTTPException:
+        raise
+    except ValueError as e:
+        logger.error(f"Validation error updating contact {contact_id} for customer {customer_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+        logger.error(f"Error updating contact {contact_id} for customer {customer_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to update contact"
+        )
+
+@router.delete(
+    "/{customer_id}/contacts/{contact_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Delete a customer contact",
+    response_description="Contact deleted successfully"
+)
+def delete_customer_contact(
+    customer_id: int,
+    contact_id: int,
+    db: Session = Depends(get_db)
+):
+    """Delete a contact for the specified customer"""
+    try:
+        contact_service = ContactService(db)
+        
+        # First verify the contact exists and belongs to the customer
+        existing_contact = contact_service.get(contact_id)
+        if existing_contact.customer_id != customer_id:
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail=f"Contact {contact_id} not found for customer {customer_id}"
+            )
+        
+        logger.info(f"Deleting contact {contact_id} for customer {customer_id}")
+        contact_service.delete(contact_id)
+        logger.info(f"Successfully deleted contact {contact_id} for customer {customer_id}")
+        return None
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f"Error deleting contact {contact_id} for customer {customer_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to delete contact"
+        )
+
+# Project-related endpoints
+@router.get("/{customer_id}/projects", response_model=List[ProjectCustomerOut])
+def get_customer_projects(
+    customer_id: str,
+    page: Optional[int] = Query(1, description="Page number (1-indexed)", ge=1),
+    page_size: Optional[int] = Query(100, description="Number of records per page", ge=1, le=1000),
+    db: Session = Depends(get_db)
+):
+    """Get all projects associated with a specific customer
+    
+    Returns a paginated list of all project-bidder relationships for the specified
+    customer ID, including complete details (barrier sizes, contacts, notes) for each.
+    
+    - **customer_id**: The customer ID (CustId from Bidders table)
+    - **page**: Page number starting from 1
+    - **page_size**: Number of records per page (max 1000)
+    """
+    service = ProjectService(db)
+    return service.get_customer_projects(customer_id, page=page, page_size=page_size)
+
+

app/controllers/dashboard.py

@@ -0,0 +1,104 @@
+from fastapi import APIRouter, Depends
+from typing import List
+from datetime import datetime, timedelta
+from sqlalchemy import func, or_, and_
+from sqlalchemy.orm import Session
+from app.schemas.dashboard import InfoWidget
+from app.db.session import get_db
+from app.db.models.project import Project
+from app.core.timing import timer
+import logging
+
+router = APIRouter(prefix="/api/v1/dashboard", tags=["dashboard"])
+logger = logging.getLogger(__name__)
+
+
+@router.get("/widgets/info", response_model=List[InfoWidget], summary="Dashboard info widgets")
+def get_info_widgets(db: Session = Depends(get_db)) -> List[InfoWidget]:
+    """Return live counts for dashboard info widgets.
+
+    Definitions:
+    - Projects Executed: projects with InstallDate within the last 7 days.
+    - New Projects: projects with CreatedDate within the last 7 days.
+    - Active Projects: projects where Status = 5 (per StatusInfo mapping).
+
+    Deltas compare the last 7 days vs the prior 7-day window for the first two metrics.
+    """
+    logger.debug("Fetching dashboard info widgets")
+
+    now = datetime.utcnow()
+    current_start = now - timedelta(days=7)
+    prev_start = now - timedelta(days=14)
+    prev_end = current_start
+
+    def pct_change(curr: int, prev: int) -> float:
+        if prev is None or prev == 0:
+            return 0.0
+        return round(((curr - prev) / prev) * 100.0, 2)
+
+    # Projects Executed: InstallDate in last 7 days
+    with timer("Dashboard: Projects Executed query"):
+        executed_current = (
+            db.query(func.count(Project.project_no))
+            .filter(Project.install_date >= current_start, Project.install_date < now)
+            .scalar()
+            or 0
+        )
+        executed_prev = (
+            db.query(func.count(Project.project_no))
+            .filter(Project.install_date >= prev_start, Project.install_date < prev_end)
+            .scalar()
+            or 0
+        )
+
+    # New Projects: CreatedDate in last 7 days
+    with timer("Dashboard: New Projects query"):
+        new_current = (
+            db.query(func.count(Project.project_no))
+            .filter(Project.created_date >= current_start, Project.created_date < now)
+            .scalar()
+            or 0
+        )
+        new_prev = (
+            db.query(func.count(Project.project_no))
+            .filter(Project.created_date >= prev_start, Project.created_date < prev_end)
+            .scalar()
+            or 0
+        )
+
+    # Active Projects: Status = 5 (from StatusInfo)
+    ACTIVE_STATUS_ID = 5
+    with timer("Dashboard: Active Projects query"):
+        active_current = (
+            db.query(func.count(Project.project_no))
+            .filter(Project.status == ACTIVE_STATUS_ID)
+            .scalar()
+            or 0
+        )
+
+    widgets: List[InfoWidget] = [
+        InfoWidget(
+            label="Projects Executed",
+            value=int(executed_current),
+            subtitle="Last 7 days",
+            delta_percent=pct_change(int(executed_current), int(executed_prev)),
+            delta_from="from last week",
+        ),
+        InfoWidget(
+            label="New Projects",
+            value=int(new_current),
+            subtitle="Last 7 days",
+            delta_percent=pct_change(int(new_current), int(new_prev)),
+            delta_from="from last week",
+        ),
+        InfoWidget(
+            label="Active Projects",
+            value=int(active_current),
+            subtitle="Currently in progress",
+            # Without historical snapshots, prior active count is unknown; report 0% change.
+            delta_percent=0.0,
+            delta_from="from last week",
+        ),
+    ]
+
+    return widgets

app/controllers/distributors.py

@@ -0,0 +1,300 @@
+from fastapi import APIRouter, Depends, status, Query, HTTPException
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.distributor_service import DistributorService
+from app.schemas.distributor import DistributorCreate, DistributorOut
+from app.schemas.paginated_response import PaginatedResponse
+from typing import Optional, List
+import logging
+
+logger = logging.getLogger(__name__)
+
+# Common query parameter descriptions
+PAGE_DESC = "Page number (1-indexed)"
+PAGE_SIZE_DESC = "Number of items per page"
+ORDER_BY_DESC = "Field to order by"
+ORDER_DIR_DESC = "Order direction (asc|desc)"
+TERRITORY_DESC = "Territory/Region name"
+STATUS_DESC = "Distributor status (active|inactive|pending)"
+
+router = APIRouter(prefix="/api/v1/distributors", tags=["distributors"])
+
+@router.get(
+    "/",
+    response_model=PaginatedResponse[DistributorOut],
+    summary="List all distributors",
+    response_description="Paginated list of distributors"
+)
+def list_distributors(
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all distributors with pagination and ordering"""
+    try:
+        logger.info(f"Listing distributors: page={page}, page_size={page_size}")
+        distributor_service = DistributorService(db)
+        result = distributor_service.list(
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_direction=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} distributors")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing distributors: {e}")
+        return PaginatedResponse[DistributorOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/territory/{territory}",
+    response_model=PaginatedResponse[DistributorOut],
+    summary="List distributors by territory",
+    response_description="Paginated list of distributors for a specific territory"
+)
+def list_distributors_by_territory(
+    territory: str,
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all distributors for a specific territory with pagination and ordering"""
+    try:
+        logger.info(f"Listing distributors for territory {territory}: page={page}, page_size={page_size}")
+        distributor_service = DistributorService(db)
+        result = distributor_service.get_by_territory(
+            territory=territory,
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} distributors for territory {territory}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing distributors for territory {territory}: {e}")
+        return PaginatedResponse[DistributorOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/status/{status}",
+    response_model=PaginatedResponse[DistributorOut],
+    summary="List distributors by status",
+    response_description="Paginated list of distributors with a specific status"
+)
+def list_distributors_by_status(
+    status: str,
+    page: int = Query(1, ge=1, description=PAGE_DESC),
+    page_size: int = Query(10, ge=1, le=100, description=PAGE_SIZE_DESC),
+    order_by: Optional[str] = Query("Id", description=ORDER_BY_DESC),
+    order_dir: Optional[str] = Query("asc", description=ORDER_DIR_DESC),
+    db: Session = Depends(get_db)
+):
+    """Get all distributors with a specific status with pagination and ordering"""
+    try:
+        logger.info(f"Listing distributors with status {status}: page={page}, page_size={page_size}")
+        distributor_service = DistributorService(db)
+        result = distributor_service.get_by_status(
+            status=status,
+            page=page, 
+            page_size=page_size, 
+            order_by=order_by, 
+            order_dir=order_dir.upper()
+        )
+        logger.info(f"Successfully retrieved {len(result.items)} distributors with status {status}")
+        return result
+    except Exception as e:
+        logger.error(f"Error listing distributors with status {status}: {e}")
+        return PaginatedResponse[DistributorOut](
+            items=[],
+            page=page,
+            page_size=page_size,
+            total=0
+        )
+
+@router.get(
+    "/territories",
+    response_model=List[str],
+    summary="Get all territories",
+    response_description="List of unique territories"
+)
+def get_territories(db: Session = Depends(get_db)):
+    """Get all unique territories"""
+    try:
+        distributor_service = DistributorService(db)
+        territories = distributor_service.get_territories()
+        logger.info(f"Successfully retrieved {len(territories)} territories")
+        return territories
+    except Exception as e:
+        logger.error(f"Error getting territories: {e}")
+        return []
+
+@router.get(
+    "/{distributor_id}",
+    response_model=DistributorOut,
+    summary="Get a distributor by ID",
+    response_description="Distributor details"
+)
+def get_distributor(distributor_id: int, db: Session = Depends(get_db)):
+    """Get a specific distributor by ID"""
+    try:
+        distributor_service = DistributorService(db)
+        return distributor_service.get(distributor_id)
+    except Exception as e:
+        logger.error(f"Error getting distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail=f"Distributor {distributor_id} not found"
+        )
+
+@router.post(
+    "/",
+    response_model=DistributorOut,
+    status_code=status.HTTP_201_CREATED,
+    summary="Create a new distributor",
+    response_description="Created distributor details"
+)
+def create_distributor(
+    distributor_in: DistributorCreate,
+    db: Session = Depends(get_db)
+):
+    """Create a new distributor"""
+    try:
+        distributor_service = DistributorService(db)
+        logger.info(f"Creating new distributor: {distributor_in.company_name}")
+        
+        result = distributor_service.create(distributor_in.dict())
+        logger.info(f"Successfully created distributor {result.id}: {result.company_name}")
+        return result
+    except ValueError as e:
+        logger.error(f"Validation error creating distributor: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+        logger.error(f"Error creating distributor: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to create distributor"
+        )
+
+@router.put(
+    "/{distributor_id}",
+    response_model=DistributorOut,
+    summary="Update a distributor",
+    response_description="Updated distributor details"
+)
+def update_distributor(
+    distributor_id: int,
+    distributor_in: DistributorCreate,
+    db: Session = Depends(get_db)
+):
+    """Update an existing distributor"""
+    try:
+        distributor_service = DistributorService(db)
+        logger.info(f"Updating distributor {distributor_id}: {distributor_in.company_name}")
+        
+        result = distributor_service.update(distributor_id, distributor_in.dict())
+        logger.info(f"Successfully updated distributor {distributor_id}: {result.company_name}")
+        return result
+    except ValueError as e:
+        logger.error(f"Validation error updating distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=str(e)
+        )
+    except Exception as e:
+        logger.error(f"Error updating distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to update distributor"
+        )
+
+@router.delete(
+    "/{distributor_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Delete a distributor",
+    response_description="Distributor deleted successfully"
+)
+def delete_distributor(
+    distributor_id: int,
+    db: Session = Depends(get_db)
+):
+    """Delete a distributor"""
+    try:
+        distributor_service = DistributorService(db)
+        logger.info(f"Deleting distributor {distributor_id}")
+        
+        distributor_service.delete(distributor_id)
+        logger.info(f"Successfully deleted distributor {distributor_id}")
+        return None
+    except Exception as e:
+        logger.error(f"Error deleting distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to delete distributor"
+        )
+
+@router.post(
+    "/{distributor_id}/activate",
+    response_model=DistributorOut,
+    summary="Activate a distributor",
+    response_description="Activated distributor details"
+)
+def activate_distributor(
+    distributor_id: int,
+    db: Session = Depends(get_db)
+):
+    """Activate a distributor (set status to active)"""
+    try:
+        distributor_service = DistributorService(db)
+        logger.info(f"Activating distributor {distributor_id}")
+        
+        result = distributor_service.activate(distributor_id)
+        logger.info(f"Successfully activated distributor {distributor_id}")
+        return result
+    except Exception as e:
+        logger.error(f"Error activating distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to activate distributor"
+        )
+
+@router.post(
+    "/{distributor_id}/deactivate",
+    response_model=DistributorOut,
+    summary="Deactivate a distributor",
+    response_description="Deactivated distributor details"
+)
+def deactivate_distributor(
+    distributor_id: int,
+    db: Session = Depends(get_db)
+):
+    """Deactivate a distributor (set status to inactive)"""
+    try:
+        distributor_service = DistributorService(db)
+        logger.info(f"Deactivating distributor {distributor_id}")
+        
+        result = distributor_service.deactivate(distributor_id)
+        logger.info(f"Successfully deactivated distributor {distributor_id}")
+        return result
+    except Exception as e:
+        logger.error(f"Error deactivating distributor {distributor_id}: {e}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail="Failed to deactivate distributor"
+        )

app/controllers/employees.py

@@ -0,0 +1,102 @@
+from fastapi import APIRouter, Depends, status, Query, HTTPException
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.employee_service import EmployeeService
+from app.schemas.employee import EmployeeCreate, EmployeeOut, EmployeeUpdate
+from app.schemas.paginated_response import PaginatedResponse
+from typing import List, Optional
+import logging
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/v1/employees", tags=["employees"])
+
+@router.get("/", response_model=PaginatedResponse[EmployeeOut])
+def list_employees(
+    order_by: Optional[str] = Query("last_name", description="Field to order by"),
+    order_direction: Optional[str] = Query("asc", description="Order direction: asc or desc", regex="^(asc|desc)$"),
+    page: Optional[int] = Query(1, description="Page number (1-indexed)", ge=1),
+    page_size: Optional[int] = Query(10, description="Number of records per page", ge=1, le=100),
+    db: Session = Depends(get_db)
+):
+    """
+    Get paginated list of employees with sorting.
+    
+    - **order_by**: Field name to sort by (employee_id, last_name, first_name, etc.)
+    - **order_direction**: Sort direction (asc or desc)
+    - **page**: Page number starting from 1
+    - **page_size**: Number of records per page (max 100)
+    """
+    service = EmployeeService(db)
+    return service.list_employees(
+        order_by=order_by,
+        order_direction=order_direction,
+        page=page,
+        page_size=page_size
+    )
+
+@router.get("/{employee_id}", response_model=EmployeeOut)
+def get_employee(employee_id: str, db: Session = Depends(get_db)):
+    """
+    Get a specific employee by EmployeeID
+    
+    - **employee_id**: The unique identifier for the employee
+    """
+    service = EmployeeService(db)
+    return service.get(employee_id)
+
+@router.post("/", response_model=EmployeeOut, status_code=status.HTTP_201_CREATED)
+def create_employee(employee_in: EmployeeCreate, db: Session = Depends(get_db)):
+    """
+    Create a new employee using stored procedure
+    
+    Creates a new employee record using the spEmployeesInsert stored procedure.
+    All employee fields including personal information, contact details, and status
+    can be provided in the request body.
+    
+    Returns the created employee with the provided or generated EmployeeID.
+    """
+    service = EmployeeService(db)
+    
+    # Check if employee_id is provided and if it's unique
+    if employee_in.employee_id:
+        try:
+            # Try to get an existing employee with the same ID
+            existing_employee = service.get(employee_in.employee_id)
+            if existing_employee:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail=f"Employee with ID {employee_in.employee_id} already exists"
+                )
+        except HTTPException as e:
+            # If HTTPException was raised with status 400, re-raise it
+            if e.status_code == status.HTTP_400_BAD_REQUEST:
+                raise
+            # Otherwise, it's a 404 (not found) which is what we want
+            pass
+    
+    return service.create(employee_in.model_dump())
+
+@router.delete("/{employee_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_employee(employee_id: str, db: Session = Depends(get_db)):
+    """
+    Delete an employee
+    
+    - **employee_id**: The unique identifier for the employee to delete
+    """
+    service = EmployeeService(db)
+    service.delete(employee_id)
+    return None
+
+
+@router.put("/{employee_id}", response_model=EmployeeOut)
+def update_employee(employee_id: str, employee_in: EmployeeUpdate, db: Session = Depends(get_db)):
+    """
+    Update an existing employee with partial data.
+
+    - **employee_id**: The EmployeeID of the employee to update
+    - **employee_in**: Partial employee data to update (only provided fields are changed)
+    """
+    service = EmployeeService(db)
+    # Convert to dict and let service handle validation of provided fields
+    return service.update(employee_id, employee_in.model_dump(exclude_unset=True))

app/controllers/notes.py

@@ -0,0 +1,136 @@
+from fastapi import APIRouter, Depends, status
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.notes_service import NotesService
+from app.schemas.notes import CustomerNoteCreate, CustomerNoteOut, BidderNoteCreate, CustomerNoteUpdate, BidderNoteUpdate
+from app.schemas.project import ProjectNoteCreate, ProjectNoteOut, ProjectNoteUpdate
+from typing import List
+
+router = APIRouter(prefix="/api/v1/notes", tags=["notes"])
+
+
+@router.get("/projects/{project_no}", response_model=List[ProjectNoteOut])
+def list_project_notes(project_no: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    notes = service.list_project_notes(project_no)
+    # Map DB rows to ProjectNoteOut expected fields
+    mapped = []
+    for r in notes:
+        mapped.append({
+            'note_id': r.get('ID') or r.get('NoteID'),
+            'project_no': r.get('ProjectNo'),
+            'date': r.get('Time') or r.get('Date'),
+            'employee_id': r.get('EmployeeID'),
+            'employee_name': None,
+            'customer_id': r.get('CustomerID'),
+            'customer_name': None,
+            'notes': r.get('Notes')
+        })
+    return mapped
+
+
+@router.post("/projects/{project_no}", status_code=status.HTTP_201_CREATED)
+def create_project_note(project_no: int, note_in: ProjectNoteCreate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    note_id = service.create_project_note(project_no, note_in.model_dump())
+    return {"id": note_id}
+
+
+@router.put("/projects/{project_no}/{note_id}", response_model=ProjectNoteOut)
+def update_project_note(project_no: int, note_id: int, note_in: ProjectNoteUpdate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    updated = service.update_project_note(project_no, note_id, note_in.model_dump(exclude_unset=True))
+    # Map to response model fields
+    return {
+        'note_id': updated.get('ID') or updated.get('NoteID'),
+        'project_no': updated.get('ProjectNo'),
+        'date': updated.get('Time') or updated.get('Date'),
+        'employee_id': updated.get('EmployeeID'),
+        'employee_name': None,
+        'customer_id': updated.get('CustomerID'),
+        'customer_name': None,
+        'notes': updated.get('Notes')
+    }
+
+
+@router.delete("/projects/{project_no}/{note_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_project_note(project_no: int, note_id: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    service.delete_project_note(project_no, note_id)
+    return None
+
+
+@router.get("/customers/{customer_id}", response_model=List[CustomerNoteOut])
+def list_customer_notes(customer_id: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    notes = service.list_customer_notes(customer_id)
+    # Map DB rows to CustomerNoteOut expected fields
+    mapped = []
+    for r in notes:
+        mapped.append({
+            'note_id2': r.get('NoteID2'),
+            'note_id': r.get('NoteID'),
+            'customer_id': r.get('CustomerID'),
+            'date': r.get('Date'),
+            'employee_id': r.get('EmployeeID'),
+            'customer_type_id': r.get('CustomerTypeID'),
+            'notes': r.get('Notes')
+        })
+    return mapped
+
+
+@router.post("/customers/{customer_id}", status_code=status.HTTP_201_CREATED)
+def create_customer_note(customer_id: int, note_in: CustomerNoteCreate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    note_id = service.create_customer_note(customer_id, note_in.model_dump())
+    return {"id": note_id}
+
+
+@router.put("/customers/{customer_id}/{note_id2}", response_model=CustomerNoteOut)
+def update_customer_note(customer_id: int, note_id2: int, note_in: CustomerNoteUpdate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    updated = service.update_customer_note(customer_id, note_id2, note_in.model_dump(exclude_unset=True))
+    return {
+        'note_id2': updated.get('NoteID2'),
+        'note_id': updated.get('NoteID'),
+        'customer_id': updated.get('CustomerID'),
+        'date': updated.get('Date'),
+        'employee_id': updated.get('EmployeeID'),
+        'customer_type_id': updated.get('CustomerTypeID'),
+        'notes': updated.get('Notes')
+    }
+
+
+@router.delete("/customers/{customer_id}/{note_id2}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_customer_note(customer_id: int, note_id2: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    service.delete_customer_note(customer_id, note_id2)
+    return None
+
+
+@router.get("/bidders/{bidder_id}", response_model=List[dict])
+def list_bidder_notes(bidder_id: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    notes = service.list_bidder_notes(bidder_id)
+    return notes
+
+
+@router.post("/bidders/{bidder_id}", status_code=status.HTTP_201_CREATED)
+def create_bidder_note(bidder_id: int, note_in: BidderNoteCreate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    note_id = service.create_bidder_note(bidder_id, note_in.model_dump())
+    return {"id": note_id}
+
+
+@router.put("/bidders/{bidder_id}/{note_id}", response_model=dict)
+def update_bidder_note(bidder_id: int, note_id: int, note_in: BidderNoteUpdate, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    updated = service.update_bidder_note(bidder_id, note_id, note_in.model_dump(exclude_unset=True))
+    return updated
+
+
+@router.delete("/bidders/{bidder_id}/{note_id}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_bidder_note(bidder_id: int, note_id: int, db: Session = Depends(get_db)):
+    service = NotesService(db)
+    service.delete_bidder_note(bidder_id, note_id)
+    return None

app/controllers/projects.py

@@ -0,0 +1,131 @@
+from fastapi import APIRouter, Depends, status, Query
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.project_service import ProjectService
+from app.schemas.project import ProjectCreate, ProjectOut
+from app.schemas.project_detail import ProjectDetailOut, ProjectCustomerOut, ProjectDetailNoCustomersOut
+from app.schemas.paginated_response import PaginatedResponse
+from typing import List, Optional
+
+router = APIRouter(prefix="/api/v1/projects", tags=["projects"])
+
+@router.get("/", response_model=PaginatedResponse[ProjectOut])
+def list_projects(
+    customer_type: Optional[int] = Query(0, description="Customer type filter (0 for all types)", ge=0),
+    status: Optional[int] = Query(None, description="Status filter (None excludes status=3, pass specific value to include all)"),
+    order_by: Optional[str] = Query("project_no", description="Field to order by"),
+    order_direction: Optional[str] = Query("asc", description="Order direction: asc or desc", regex="^(asc|desc)$"),
+    page: Optional[int] = Query(1, description="Page number (1-indexed)", ge=1),
+    page_size: Optional[int] = Query(10, description="Number of records per page", ge=1, le=100),
+    db: Session = Depends(get_db)
+):
+    """
+    Get paginated list of projects with filtering and sorting.
+    
+    - **customer_type**: Filter by customer type (0 = all types)
+    - **status**: Filter by status (None = exclude status 3, pass specific value to include all)
+    - **order_by**: Field name to sort by (project_no, project_name, etc.)
+    - **order_direction**: Sort direction (asc or desc)
+    - **page**: Page number starting from 1
+    - **page_size**: Number of records per page (max 100)
+    """
+    service = ProjectService(db)
+    return service.list_projects(
+        customer_type=customer_type,
+        status=status,
+        order_by=order_by,
+        order_direction=order_direction,
+        page=page,
+        page_size=page_size
+    )
+
+@router.get("/{project_no}", response_model=ProjectDetailNoCustomersOut)
+def get_project(project_no: int, db: Session = Depends(get_db)):
+    """Get a specific project by ProjectNo without customers collection
+
+    For customer data, use `/api/v1/projects/{project_no}/customers` instead.
+    """
+    service = ProjectService(db)
+    # Use lean method that does not fetch customers or notes for performance
+    return service.get_detail_no_customers(project_no)
+
+
+@router.get(
+    "/{project_no}/customers",
+    response_model=List[ProjectCustomerOut],
+    response_model_exclude={"barrier_sizes", "contacts", "bidder_notes"}
+)
+def get_project_customers(
+    project_no: int,
+    page: Optional[int] = Query(1, description="Page number (1-indexed)", ge=1),
+    page_size: Optional[int] = Query(25, description="Number of records per page", ge=1, le=1000),
+    last_id: Optional[int] = Query(None, description="Keyset pagination anchor: last seen bidder Id"),
+    db: Session = Depends(get_db)
+):
+    """Get customers associated with a specific project (by ProjectNo)
+
+    Returns a paginated list of customers for the project. Pagination defaults
+    to page=1 and page_size=100 to avoid very large responses.
+    """
+    service = ProjectService(db)
+    # Use the dedicated service method to fetch only customers for the project
+    return service.get_customers(project_no, page=page, page_size=page_size, last_id=last_id)
+
+
+@router.get(
+    "/{project_no}/customers/{customer_id}",
+    response_model=ProjectCustomerOut,
+    response_model_exclude={"barrier_sizes", "contacts", "bidder_notes"}
+)
+def get_project_customer_detail(
+    project_no: int,
+    customer_id: str,
+    db: Session = Depends(get_db)
+):
+    """Get detailed bidder information for a specific customer on a project
+    
+    Returns the complete bidder details including barrier sizes, contacts, and notes
+    for the specified project number and customer ID combination.
+    
+    - **project_no**: The project number
+    - **customer_id**: The customer ID (CustId from Bidders table)
+    """
+    service = ProjectService(db)
+    return service.get_project_customer_detail(project_no, customer_id)
+
+@router.post("/", response_model=ProjectOut, status_code=status.HTTP_201_CREATED)
+def create_project(project_in: ProjectCreate, db: Session = Depends(get_db)):
+    """
+    Create a new project using stored procedure
+    
+    Creates a new project record using the spProjectsInsert stored procedure.
+    All project fields including billing, shipping, payment, and project details
+    can be provided in the request body.
+    
+    Returns the created project with the generated ProjectNo.
+    """
+    service = ProjectService(db)
+    return service.create(project_in.model_dump())
+
+@router.put("/{project_no}", response_model=ProjectOut)
+def update_project(project_no: int, project_in: ProjectCreate, db: Session = Depends(get_db)):
+    """
+    Update an existing project using stored procedure
+    
+    Updates an existing project record using the spProjectsUpdate stored procedure.
+    All project fields including billing, shipping, payment, and project details
+    can be updated in the request body.
+    
+    Returns the updated project data.
+    """
+    service = ProjectService(db)
+    return service.update(project_no, project_in.model_dump())
+
+@router.delete("/{project_no}", status_code=status.HTTP_204_NO_CONTENT)
+def delete_project(project_no: int, db: Session = Depends(get_db)):
+    """Delete a project"""
+    service = ProjectService(db)
+    service.delete(project_no)
+    return None
+
+

app/controllers/reference.py

@@ -0,0 +1,934 @@
+from fastapi import APIRouter, Depends, Query, status, HTTPException, Response
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.reference_service import ReferenceDataService
+from app.schemas.reference import (
+    StateOut, CountryOut, CompanyTypeOut, LeadSourceOut, PaymentTermOut,
+    PurchasePriceOut, RentalPriceOut, BarrierSizeOut, ProductApplicationOut,
+    ReferenceDataResponse, FOBOut, EstShipDateOut, EstFreightOut, StatusInfoOut, ProjectReferenceResponse, PriorityOut,
+    StateCreateIn, StateUpdateIn, CountryCreateIn, CountryUpdateIn, CompanyTypeCreateIn, CompanyTypeUpdateIn,
+    LeadSourceCreateIn, LeadSourceUpdateIn, PaymentTermCreateIn, PaymentTermUpdateIn,
+    PurchasePriceCreateIn, PurchasePriceUpdateIn, RentalPriceCreateIn, RentalPriceUpdateIn,
+    BarrierSizeCreateIn, BarrierSizeUpdateIn, ProductApplicationCreateIn, ProductApplicationUpdateIn,
+    FOBCreateIn, FOBUpdateIn, EstShipDateCreateIn, EstShipDateUpdateIn,
+    EstFreightCreateIn, EstFreightUpdateIn, StatusInfoCreateIn, StatusInfoUpdateIn,
+    PriorityCreateIn, PriorityUpdateIn, PhoneTypeOut, PhoneTypeCreateIn, PhoneTypeUpdateIn
+)
+from app.core.dependencies import get_current_user_optional
+from app.schemas.auth import CurrentUser
+from typing import List, Optional
+import logging
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(prefix="/api/v1/reference", tags=["reference-data"])
+
+@router.get("/all", response_model=ReferenceDataResponse)
+def get_all_reference_data(
+    active_only: bool = Query(True, description="Return only active records"),
+    customer_type_id: Optional[int] = Query(None, description="Filter by customer type ID"),
+    db: Session = Depends(get_db),
+    current_user: Optional[CurrentUser] = Depends(get_current_user_optional)
+):
+    """
+    Get all reference/lookup data in a single response.
+    
+    This endpoint is designed for frontend applications that need to populate
+    all dropdowns and lookup data efficiently. It includes:
+    - States/Provinces
+    - Countries
+    - Company Types
+    - Lead Sources
+    - Payment Terms
+    - Purchase Prices
+    - Rental Prices
+    - Barrier Sizes
+    - Product Applications
+    - Project Statuses
+    
+    **Note**: This endpoint is public but may have enhanced data for authenticated users.
+    """
+    service = ReferenceDataService(db)
+    return service.get_all_reference_data(active_only=active_only, customer_type_id=customer_type_id)
+
+@router.get("/states", response_model=List[StateOut])
+def get_states(
+    active_only: bool = Query(True, description="Return only active states"),
+    customer_type_id: Optional[int] = Query(None, description="Filter by customer type ID"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all states/provinces.
+    
+    Returns a list of all states and provinces available in the system.
+    """
+    service = ReferenceDataService(db)
+    return service.get_states(active_only=active_only, customer_type_id=customer_type_id)
+
+@router.get("/countries", response_model=List[CountryOut])
+def get_countries(
+    active_only: bool = Query(True, description="Return only active countries"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all countries.
+    
+    Returns a list of all countries available in the system.
+    """
+    service = ReferenceDataService(db)
+    return service.get_countries(active_only=active_only)
+
+@router.get("/company-types", response_model=List[CompanyTypeOut])
+def get_company_types(
+    active_only: bool = Query(True, description="Return only active company types"),
+    customer_type_id: Optional[int] = Query(None, description="Filter by customer type ID"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all company types.
+    
+    Returns a list of all company types used for customer classification.
+    Optionally filtered by customer_type_id.
+    """
+    service = ReferenceDataService(db)
+    return service.get_company_types(active_only=active_only, customer_type_id=customer_type_id)
+
+@router.get("/lead-sources", response_model=List[LeadSourceOut])
+def get_lead_sources(
+    active_only: bool = Query(True, description="Return only active lead sources"),
+    customer_type_id: Optional[int] = Query(None, description="Filter by customer type ID"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all lead generation sources.
+    
+    Returns a list of all sources where leads can be generated from.
+    Optionally filtered by customer_type_id.
+    """
+    service = ReferenceDataService(db)
+    return service.get_lead_sources(active_only=active_only, customer_type_id=customer_type_id)
+
+@router.get("/payment-terms", response_model=List[PaymentTermOut])
+def get_payment_terms(
+    active_only: bool = Query(True, description="Return only active payment terms"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all payment terms.
+    
+    Returns a list of all available payment terms for transactions.
+    """
+    service = ReferenceDataService(db)
+    return service.get_payment_terms(active_only=active_only)
+
+@router.get("/purchase-prices", response_model=List[PurchasePriceOut])
+def get_purchase_prices(
+    active_only: bool = Query(True, description="Return only active purchase prices"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all purchase prices.
+    
+    Returns a list of all available purchase price options.
+    """
+    service = ReferenceDataService(db)
+    return service.get_purchase_prices(active_only=active_only)
+
+@router.get("/rental-prices", response_model=List[RentalPriceOut])
+def get_rental_prices(
+    active_only: bool = Query(True, description="Return only active rental prices"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all rental prices.
+    
+    Returns a list of all available rental price options.
+    """
+    service = ReferenceDataService(db)
+    return service.get_rental_prices(active_only=active_only)
+
+
+
+@router.get("/product-applications", response_model=List[ProductApplicationOut])
+def get_product_applications(
+    active_only: bool = Query(True, description="Return only active product applications"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all product applications.
+    
+    Returns a list of all available product application types.
+    """
+    service = ReferenceDataService(db)
+    return service.get_product_applications(active_only=active_only)
+
+@router.get("/fobs", response_model=List[FOBOut])
+def get_FOB(
+    active_only: bool = Query(True, description="Return only active FOBS"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all FOBs (Free on Board terms).
+    
+    Returns a list of all available FOB terms used in shipping.
+    """
+    service = ReferenceDataService(db)
+    return service.get_fobs(active_only=active_only)
+
+
+@router.get("/est-ship-dates", response_model=List[EstShipDateOut])
+def get_est_ship_dates(
+    active_only: bool = Query(True, description="Return only active estimated ship dates"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all Estimated Ship Date options.
+    Returns a list of estimated shipping date options from the DB.
+    """
+    service = ReferenceDataService(db)
+    return service.get_est_ship_dates(active_only=active_only)
+
+
+@router.get("/est-freights", response_model=List[EstFreightOut])
+def get_est_freights(
+    active_only: bool = Query(True, description="Return only active estimated freights"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all Estimated Freight options.
+    Returns a list of estimated freight options from the DB.
+    """
+    service = ReferenceDataService(db)
+    return service.get_est_freights(active_only=active_only)
+
+
+@router.get("/status-info", response_model=List[StatusInfoOut])
+def get_status_info(
+    active_only: bool = Query(True, description="Return only active status info records"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all StatusInfo records.
+    Returns a list of project status metadata (ID, description, abbreviation).
+    """
+    service = ReferenceDataService(db)
+    return service.get_status_info(active_only=active_only)
+
+
+@router.get("/project-reference", response_model=ProjectReferenceResponse)
+def get_project_reference(
+    active_only: bool = Query(True, description="Return only active project reference records"),
+    db: Session = Depends(get_db)
+):
+    """
+    Return grouped reference data used for project creation forms.
+    Only returns the subset of reference tables needed by project forms to reduce payload.
+    """
+    service = ReferenceDataService(db)
+    return service.get_project_reference(active_only=active_only)
+
+@router.post("/clear-cache", status_code=status.HTTP_200_OK)
+def clear_reference_cache(
+    current_user: CurrentUser = Depends(get_current_user_optional),
+    db: Session = Depends(get_db)
+):
+    """
+    Clear the reference data cache.
+    
+    Forces fresh data to be loaded on the next request.
+    This endpoint may require authentication in production.
+    """
+    service = ReferenceDataService(db)
+    service.clear_cache()
+    return {"message": "Reference data cache cleared successfully"}
+
+@router.get("/priorities", response_model=List[PriorityOut])
+def get_priorities(
+    active_only: bool = Query(True, description="Return only active priorities"),
+    customer_type_id: Optional[int] = Query(None, description="Filter by customer type ID"),
+    db: Session = Depends(get_db)
+):
+    """
+    Get all priorities.
+    
+    Returns a list of all available priorities, optionally filtered by customer type.
+    """
+    service = ReferenceDataService(db)
+    return service.get_priorities(active_only=active_only, customer_type_id=customer_type_id)
+
+@router.post("/states", response_model=StateOut, status_code=status.HTTP_201_CREATED)
+def create_state(
+    data: StateCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new state/province.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_state(data)
+
+@router.put("/states/{state_id}", response_model=StateOut)
+def update_state(
+    state_id: int,
+    data: StateUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing state/province.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_state(state_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="State not found")
+    return result
+
+@router.post("/countries", response_model=CountryOut, status_code=status.HTTP_201_CREATED)
+def create_country(
+    data: CountryCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new country.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_country(data)
+
+@router.put("/countries/{country_id}", response_model=CountryOut)
+def update_country(
+    country_id: int,
+    data: CountryUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing country.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_country(country_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Country not found")
+    return result
+
+@router.post("/company-types", response_model=CompanyTypeOut, status_code=status.HTTP_201_CREATED)
+def create_company_type(
+    data: CompanyTypeCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new company type.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_company_type(data)
+
+@router.put("/company-types/{company_type_id}", response_model=CompanyTypeOut)
+def update_company_type(
+    company_type_id: int,
+    data: CompanyTypeUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing company type.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_company_type(company_type_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Company type not found")
+    return result
+
+@router.post("/lead-sources", response_model=LeadSourceOut, status_code=status.HTTP_201_CREATED)
+def create_lead_source(
+    data: LeadSourceCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new lead source.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_lead_source(data)
+
+@router.put("/lead-sources/{lead_generated_from_id}", response_model=LeadSourceOut)
+def update_lead_source(
+    lead_generated_from_id: int,
+    data: LeadSourceUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing lead source.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_lead_source(lead_generated_from_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Lead source not found")
+    return result
+
+@router.post("/payment-terms", response_model=PaymentTermOut, status_code=status.HTTP_201_CREATED)
+def create_payment_term(
+    data: PaymentTermCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new payment term.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_payment_term(data)
+
+@router.put("/payment-terms/{payment_term_id}", response_model=PaymentTermOut)
+def update_payment_term(
+    payment_term_id: int,
+    data: PaymentTermUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing payment term.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_payment_term(payment_term_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Payment term not found")
+    return result
+
+@router.post("/purchase-prices", response_model=PurchasePriceOut, status_code=status.HTTP_201_CREATED)
+def create_purchase_price(
+    data: PurchasePriceCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new purchase price.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_purchase_price(data)
+
+@router.put("/purchase-prices/{purchase_price_id}", response_model=PurchasePriceOut)
+def update_purchase_price(
+    purchase_price_id: int,
+    data: PurchasePriceUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing purchase price.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_purchase_price(purchase_price_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Purchase price not found")
+    return result
+
+@router.post("/rental-prices", response_model=RentalPriceOut, status_code=status.HTTP_201_CREATED)
+def create_rental_price(
+    data: RentalPriceCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new rental price.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_rental_price(data)
+
+@router.put("/rental-prices/{rental_price_id}", response_model=RentalPriceOut)
+def update_rental_price(
+    rental_price_id: int,
+    data: RentalPriceUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing rental price.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_rental_price(rental_price_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Rental price not found")
+    return result
+
+@router.post("/barrier-sizes", response_model=BarrierSizeOut, status_code=status.HTTP_201_CREATED)
+def create_barrier_size(
+    data: BarrierSizeCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new barrier size.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_barrier_size(data)
+
+@router.put("/barrier-sizes/{barrier_size_id}", response_model=BarrierSizeOut)
+def update_barrier_size(
+    barrier_size_id: int,
+    data: BarrierSizeUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing barrier size.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_barrier_size(barrier_size_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Barrier size not found")
+    return result
+
+@router.post("/product-applications", response_model=ProductApplicationOut, status_code=status.HTTP_201_CREATED)
+def create_product_application(
+    data: ProductApplicationCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new product application.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_product_application(data)
+
+@router.put("/product-applications/{application_id}", response_model=ProductApplicationOut)
+def update_product_application(
+    application_id: int,
+    data: ProductApplicationUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing product application.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_product_application(application_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Product application not found")
+    return result
+
+@router.post("/fobs", response_model=FOBOut, status_code=status.HTTP_201_CREATED)
+def create_fob(
+    data: FOBCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new FOB term.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_fob(data)
+
+@router.put("/fobs/{fob_id}", response_model=FOBOut)
+def update_fob(
+    fob_id: int,
+    data: FOBUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing FOB term.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_fob(fob_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="FOB not found")
+    return result
+
+@router.post("/est-ship-dates", response_model=EstShipDateOut, status_code=status.HTTP_201_CREATED)
+def create_est_ship_date(
+    data: EstShipDateCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new estimated ship date option.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_est_ship_date(data)
+
+@router.put("/est-ship-dates/{est_ship_date_id}", response_model=EstShipDateOut)
+def update_est_ship_date(
+    est_ship_date_id: int,
+    data: EstShipDateUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing estimated ship date option.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_est_ship_date(est_ship_date_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Estimated ship date not found")
+    return result
+
+@router.post("/est-freights", response_model=EstFreightOut, status_code=status.HTTP_201_CREATED)
+def create_est_freight(
+    data: EstFreightCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new estimated freight option.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_est_freight(data)
+
+@router.put("/est-freights/{est_freight_id}", response_model=EstFreightOut)
+def update_est_freight(
+    est_freight_id: int,
+    data: EstFreightUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing estimated freight option.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_est_freight(est_freight_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Estimated freight not found")
+    return result
+
+@router.post("/status-info", response_model=StatusInfoOut, status_code=status.HTTP_201_CREATED)
+def create_status_info(
+    data: StatusInfoCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new status info record.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_status_info(data)
+
+@router.put("/status-info/{status_info_id}", response_model=StatusInfoOut)
+def update_status_info(
+    status_info_id: int,
+    data: StatusInfoUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing status info record.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_status_info(status_info_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Status info not found")
+    return result
+
+@router.post("/priorities", response_model=PriorityOut, status_code=status.HTTP_201_CREATED)
+def create_priority(
+    data: PriorityCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Create a new priority.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    return service.create_priority(data)
+
+@router.put("/priorities/{priority_id}", response_model=PriorityOut)
+def update_priority(
+    priority_id: int,
+    data: PriorityUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """
+    Update an existing priority.
+    
+    Requires authentication for production use.
+    """
+    service = ReferenceDataService(db)
+    result = service.update_priority(priority_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Priority not found")
+    return result
+
+@router.delete("/states/{state_id}", status_code=204)
+def delete_state(
+    state_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a state"""
+    service = ReferenceDataService(db)
+    success = service.delete_state(state_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="State not found")
+    return Response(status_code=204)
+
+@router.delete("/countries/{country_id}", status_code=204)
+def delete_country(
+    country_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a country"""
+    service = ReferenceDataService(db)
+    success = service.delete_country(country_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Country not found")
+    return Response(status_code=204)
+
+@router.delete("/company-types/{company_type_id}", status_code=204)
+def delete_company_type(
+    company_type_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a company type"""
+    service = ReferenceDataService(db)
+    success = service.delete_company_type(company_type_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Company type not found")
+    return Response(status_code=204)
+
+@router.delete("/lead-sources/{lead_generated_from_id}", status_code=204)
+def delete_lead_source(
+    lead_generated_from_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a lead source"""
+    service = ReferenceDataService(db)
+    success = service.delete_lead_source(lead_generated_from_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Lead source not found")
+    return Response(status_code=204)
+
+@router.delete("/payment-terms/{payment_term_id}", status_code=204)
+def delete_payment_term(
+    payment_term_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a payment term"""
+    service = ReferenceDataService(db)
+    success = service.delete_payment_term(payment_term_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Payment term not found")
+    return Response(status_code=204)
+
+@router.delete("/purchase-prices/{purchase_price_id}", status_code=204)
+def delete_purchase_price(
+    purchase_price_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a purchase price"""
+    service = ReferenceDataService(db)
+    success = service.delete_purchase_price(purchase_price_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Purchase price not found")
+    return Response(status_code=204)
+
+@router.delete("/rental-prices/{rental_price_id}", status_code=204)
+def delete_rental_price(
+    rental_price_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a rental price"""
+    service = ReferenceDataService(db)
+    success = service.delete_rental_price(rental_price_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Rental price not found")
+    return Response(status_code=204)
+
+@router.delete("/barrier-sizes/{barrier_size_id}", status_code=204)
+def delete_barrier_size(
+    barrier_size_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a barrier size"""
+    service = ReferenceDataService(db)
+    success = service.delete_barrier_size(barrier_size_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Barrier size not found")
+    return Response(status_code=204)
+
+@router.delete("/product-applications/{application_id}", status_code=204)
+def delete_product_application(
+    application_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a product application"""
+    service = ReferenceDataService(db)
+    success = service.delete_product_application(application_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Product application not found")
+    return Response(status_code=204)
+
+@router.delete("/fobs/{fob_id}", status_code=204)
+def delete_fob(
+    fob_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a FOB"""
+    service = ReferenceDataService(db)
+    success = service.delete_fob(fob_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="FOB not found")
+    return Response(status_code=204)
+
+@router.delete("/est-ship-dates/{est_ship_date_id}", status_code=204)
+def delete_est_ship_date(
+    est_ship_date_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete an estimated ship date"""
+    service = ReferenceDataService(db)
+    success = service.delete_est_ship_date(est_ship_date_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Estimated ship date not found")
+    return Response(status_code=204)
+
+@router.delete("/est-freights/{est_freight_id}", status_code=204)
+def delete_est_freight(
+    est_freight_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete an estimated freight"""
+    service = ReferenceDataService(db)
+    success = service.delete_est_freight(est_freight_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Estimated freight not found")
+    return Response(status_code=204)
+
+@router.delete("/status-info/{status_info_id}", status_code=204)
+def delete_status_info(
+    status_info_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a status info"""
+    service = ReferenceDataService(db)
+    success = service.delete_status_info(status_info_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Status info not found")
+    return Response(status_code=204)
+
+@router.delete("/priorities/{priority_id}", status_code=204)
+def delete_priority(
+    priority_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a priority"""
+    service = ReferenceDataService(db)
+    success = service.delete_priority(priority_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Priority not found")
+    return Response(status_code=204)
+
+@router.get("/phone-types", response_model=List[PhoneTypeOut])
+def get_phone_types(
+    active_only: bool = Query(False, description="Return only active records"),
+    db: Session = Depends(get_db),
+    current_user: Optional[CurrentUser] = Depends(get_current_user_optional)
+):
+    """Get all phone types"""
+    service = ReferenceDataService(db)
+    return service.get_phone_types(active_only)
+
+@router.post("/phone-types", response_model=PhoneTypeOut, status_code=201)
+def create_phone_type(
+    data: PhoneTypeCreateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Create a new phone type"""
+    service = ReferenceDataService(db)
+    return service.create_phone_type(data)
+
+@router.put("/phone-types/{phone_type_id}", response_model=PhoneTypeOut)
+def update_phone_type(
+    phone_type_id: int,
+    data: PhoneTypeUpdateIn,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Update an existing phone type"""
+    service = ReferenceDataService(db)
+    result = service.update_phone_type(phone_type_id, data)
+    if not result:
+        raise HTTPException(status_code=404, detail="Phone type not found")
+    return result
+
+@router.delete("/phone-types/{phone_type_id}", status_code=204)
+def delete_phone_type(
+    phone_type_id: int,
+    db: Session = Depends(get_db),
+    current_user: CurrentUser = Depends(get_current_user_optional)
+):
+    """Delete a phone type"""
+    service = ReferenceDataService(db)
+    success = service.delete_phone_type(phone_type_id)
+    if not success:
+        raise HTTPException(status_code=404, detail="Phone type not found")
+    return Response(status_code=204)

app/controllers/reports.py

@@ -0,0 +1,26 @@
+from fastapi import APIRouter, Depends, Response
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.report_service import ReportService
+from app.schemas.report import ReportOut
+from typing import List
+import csv
+import io
+
+router = APIRouter(prefix="/api/v1/reports", tags=["reports"])
+
+@router.get("/projects", response_model=List[ReportOut])
+def get_reports(from_: str, to: str, type: str = "json", db: Session = Depends(get_db)):
+    # For demo, just return all reports
+    service = ReportService(db)
+    reports = db.query(ReportService.db.query(ReportService.db)).all()
+    if type == "csv":
+        output = io.StringIO()
+        writer = csv.writer(output)
+        writer.writerow(["id", "project_id", "type", "status", "created_at", "completed"])
+        for r in reports:
+            writer.writerow([r.id, r.project_id, r.type, r.status, r.created_at, r.completed])
+        response = Response(content=output.getvalue(), media_type="text/csv")
+        response.headers["Content-Disposition"] = "attachment; filename=reports.csv"
+        return response
+    return reports

app/core/config.py

@@ -0,0 +1,22 @@
+from pydantic_settings import BaseSettings
+from typing import Optional
+
+class Settings(BaseSettings):
+    APP_NAME: str = "AquaBarrier Core API"
+    API_V1_STR: str = "/api/v1"
+    SECRET_KEY: str
+    JWT_ALGORITHM: str = "HS256"
+    ACCESS_TOKEN_EXPIRE_MINUTES: int = 15
+    REFRESH_TOKEN_EXPIRE_DAYS: int = 7
+    SQLSERVER_USER: str
+    SQLSERVER_PASSWORD: str
+    SQLSERVER_HOST: str
+    SQLSERVER_PORT: int
+    SQLSERVER_DB: str
+    SQLSERVER_DRIVER: str = "ODBC Driver 18 for SQL Server"
+    CORS_ORIGINS: Optional[str] = "*"
+    LOG_LEVEL: str = "INFO"
+    class Config:
+        env_file = ".env"
+        env_file_encoding = "utf-8"
+settings = Settings()

app/core/dependencies.py

@@ -0,0 +1,101 @@
+from fastapi import Depends, HTTPException, status
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from sqlalchemy.orm import Session
+from app.db.session import get_db
+from app.services.auth_service import AuthService
+from app.schemas.auth import CurrentUser
+from app.core.exceptions import AuthException
+from typing import Optional
+import logging
+
+logger = logging.getLogger(__name__)
+
+security = HTTPBearer()
+
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Depends(security),
+    db: Session = Depends(get_db)
+) -> CurrentUser:
+    """
+    Dependency to get the current authenticated user from JWT token.
+    Works for both regular users and employees.
+    """
+    credentials_exception = HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+    
+    try:
+        token = credentials.credentials
+        auth_service = AuthService(db)
+        user_data = auth_service.get_current_user_from_token(token)
+        return CurrentUser(**user_data)
+    except AuthException as e:
+        logger.warning(f"Authentication failed: {e}")
+        raise credentials_exception
+    except Exception as e:
+        logger.error(f"Unexpected error in authentication: {e}")
+        raise credentials_exception
+
+async def get_current_employee(
+    current_user: CurrentUser = Depends(get_current_user)
+) -> CurrentUser:
+    """
+    Dependency that ensures the current user is an employee.
+    """
+    if current_user.user_type != "employee":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Employee access required"
+        )
+    return current_user
+
+async def get_current_regular_user(
+    current_user: CurrentUser = Depends(get_current_user)
+) -> CurrentUser:
+    """
+    Dependency that ensures the current user is a regular user (not employee).
+    """
+    if current_user.user_type != "user":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Regular user access required"
+        )
+    return current_user
+
+async def get_current_admin_employee(
+    current_user: CurrentUser = Depends(get_current_employee)
+) -> CurrentUser:
+    """
+    Dependency that ensures the current user is an admin employee.
+    Checks EmployeeType for admin privileges.
+    """
+    employee_type = current_user.token_payload.get("employee_type")
+    # Assuming EmployeeType 1 = Admin (adjust based on your business logic)
+    if employee_type != 1:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Admin privileges required"
+        )
+    return current_user
+
+# Optional dependency for routes that work with or without authentication
+async def get_current_user_optional(
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)),
+    db: Session = Depends(get_db)
+) -> Optional[CurrentUser]:
+    """
+    Optional dependency that returns user if authenticated, None otherwise.
+    Useful for routes that have different behavior for authenticated vs anonymous users.
+    """
+    if not credentials:
+        return None
+    
+    try:
+        token = credentials.credentials
+        auth_service = AuthService(db)
+        user_data = auth_service.get_current_user_from_token(token)
+        return CurrentUser(**user_data)
+    except Exception:
+        return None

app/core/exceptions.py

@@ -0,0 +1,17 @@
+from fastapi import HTTPException, status
+
+class AuthException(HTTPException):
+    def __init__(self, detail: str = "Authentication failed"):
+        super().__init__(status_code=status.HTTP_401_UNAUTHORIZED, detail=detail)
+
+class NotFoundException(HTTPException):
+    def __init__(self, detail: str = "Resource not found"):
+        super().__init__(status_code=status.HTTP_404_NOT_FOUND, detail=detail)
+
+class BadRequestException(HTTPException):
+    def __init__(self, detail: str = "Bad request"):
+        super().__init__(status_code=status.HTTP_400_BAD_REQUEST, detail=detail)
+
+class RepositoryException(HTTPException):
+    def __init__(self, detail: str = "Database operation failed"):
+        super().__init__(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=detail)

app/core/logging.py

@@ -0,0 +1,30 @@
+import logging
+import sys
+
+LOG_FORMAT = "%(asctime)s %(levelname)s %(name)s %(message)s"
+
+def setup_logging(level: str = "INFO"):
+    """Configure application logging with query timing support.
+    
+    Args:
+        level: Base logging level (INFO, DEBUG, WARNING, etc.)
+        
+    The query timing logger can be independently controlled via:
+    - INFO: Shows medium and slow queries (>500ms)
+    - DEBUG: Shows all queries with timing
+    - WARNING: Shows only slow queries (>1s)
+    """
+    logging.basicConfig(
+        level=level,
+        format=LOG_FORMAT,
+        stream=sys.stdout
+    )
+    logging.getLogger("uvicorn.access").setLevel(logging.WARNING)
+    
+    # Configure query timing logger
+    # Set to INFO to see medium/slow queries, DEBUG to see all queries
+    query_logger = logging.getLogger("sqlalchemy.query.timing")
+    query_logger.setLevel(logging.INFO)  # Change to DEBUG to see all query timings
+    
+    # Suppress SQLAlchemy's default echo to avoid duplicate logs
+    logging.getLogger("sqlalchemy.engine").setLevel(logging.WARNING)

app/core/security.py

@@ -0,0 +1,31 @@
+from passlib.context import CryptContext
+from jose import jwt, JWTError
+from datetime import datetime, timedelta
+from app.core.config import settings
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return pwd_context.verify(plain_password, hashed_password)
+
+def create_access_token(data: dict, expires_delta: timedelta = None):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES))
+    to_encode.update({"exp": expire})
+    return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.JWT_ALGORITHM)
+
+def create_refresh_token(data: dict, expires_delta: timedelta = None):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + (expires_delta or timedelta(days=settings.REFRESH_TOKEN_EXPIRE_DAYS))
+    to_encode.update({"exp": expire})
+    return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=settings.JWT_ALGORITHM)
+
+def decode_token(token: str):
+    try:
+        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[settings.JWT_ALGORITHM])
+        return payload
+    except JWTError:
+        return None

app/core/timing.py

@@ -0,0 +1,102 @@
+"""Timing utilities for performance monitoring."""
+import time
+import logging
+from contextlib import contextmanager
+from functools import wraps
+from typing import Callable, Any
+
+logger = logging.getLogger(__name__)
+
+
+@contextmanager
+def timer(operation_name: str, log_level: int = logging.INFO):
+    """Context manager for timing operations.
+    
+    Usage:
+        with timer("Database query"):
+            result = db.query(...).all()
+    
+    Args:
+        operation_name: Description of the operation being timed
+        log_level: Logging level (default: INFO)
+    """
+    start = time.time()
+    try:
+        yield
+    finally:
+        elapsed = time.time() - start
+        logger.log(log_level, f"{operation_name} took {elapsed:.3f}s")
+
+
+def timed(operation_name: str = None):
+    """Decorator to time function execution.
+    
+    Usage:
+        @timed("Processing customer data")
+        def process_customers(data):
+            ...
+    
+    Args:
+        operation_name: Description of the operation (defaults to function name)
+    """
+    def decorator(func: Callable) -> Callable:
+        name = operation_name or f"{func.__module__}.{func.__name__}"
+        
+        @wraps(func)
+        def wrapper(*args, **kwargs) -> Any:
+            start = time.time()
+            try:
+                result = func(*args, **kwargs)
+                return result
+            finally:
+                elapsed = time.time() - start
+                if elapsed > 1.0:
+                    logger.warning(f"{name} took {elapsed:.3f}s")
+                elif elapsed > 0.5:
+                    logger.info(f"{name} took {elapsed:.3f}s")
+                else:
+                    logger.debug(f"{name} took {elapsed:.3f}s")
+        
+        return wrapper
+    return decorator
+
+
+class QueryTimer:
+    """Manual query timer for tracking specific query performance.
+    
+    Usage:
+        qt = QueryTimer()
+        qt.start("Customer list query")
+        result = db.query(...).all()
+        qt.stop()
+    """
+    
+    def __init__(self):
+        self.start_time = None
+        self.operation_name = None
+        self.logger = logging.getLogger("app.query.timing")
+    
+    def start(self, operation_name: str):
+        """Start timing an operation."""
+        self.operation_name = operation_name
+        self.start_time = time.time()
+        self.logger.debug(f"Started: {operation_name}")
+    
+    def stop(self) -> float:
+        """Stop timing and log the result. Returns elapsed time."""
+        if self.start_time is None:
+            self.logger.warning("QueryTimer.stop() called without start()")
+            return 0.0
+        
+        elapsed = time.time() - self.start_time
+        
+        if elapsed > 1.0:
+            self.logger.warning(f"SLOW: {self.operation_name} took {elapsed:.3f}s")
+        elif elapsed > 0.5:
+            self.logger.info(f"{self.operation_name} took {elapsed:.3f}s")
+        else:
+            self.logger.debug(f"{self.operation_name} took {elapsed:.3f}s")
+        
+        self.start_time = None
+        self.operation_name = None
+        return elapsed

app/db/base.py

@@ -0,0 +1,14 @@
+"""Database base class compatible with multiple SQLAlchemy versions.
+
+Prefer DeclarativeBase (SQLAlchemy 2.x). If unavailable, fall back to
+declarative_base for older releases.
+"""
+try:
+    from sqlalchemy.orm import DeclarativeBase
+
+    class Base(DeclarativeBase):
+        pass
+except Exception:
+    from sqlalchemy.ext.declarative import declarative_base
+
+    Base = declarative_base()

app/db/migrations/env.py

@@ -0,0 +1,35 @@
+from logging.config import fileConfig
+from sqlalchemy import engine_from_config, pool
+from alembic import context
+import os
+import sys
+sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '../../')))
+from app.db.base import Base
+from app.db.models import user, customer, project, report
+from app.core.config import settings
+
+config = context.config
+fileConfig(config.config_file_name)
+target_metadata = Base.metadata
+
+config.set_main_option('sqlalchemy.url', (
+    f"mssql+pyodbc://{settings.SQLSERVER_USER}:{settings.SQLSERVER_PASSWORD}" 
+    f"@{settings.SQLSERVER_HOST}:{settings.SQLSERVER_PORT}/{settings.SQLSERVER_DB}?driver={settings.SQLSERVER_DRIVER.replace(' ', '+')}"
+))
+
+def run_migrations_offline():
+    context.configure(url=config.get_main_option("sqlalchemy.url"), target_metadata=target_metadata, literal_binds=True)
+    with context.begin_transaction():
+        context.run_migrations()
+
+def run_migrations_online():
+    connectable = engine_from_config(config.get_section(config.config_ini_section), prefix="sqlalchemy.", poolclass=pool.NullPool)
+    with connectable.connect() as connection:
+        context.configure(connection=connection, target_metadata=target_metadata)
+        with context.begin_transaction():
+            context.run_migrations()
+
+if context.is_offline_mode():
+    run_migrations_offline()
+else:
+    run_migrations_online()

app/db/models/__init__.py

@@ -0,0 +1,16 @@
+# Import all models to ensure they are registered with SQLAlchemy
+from .address import *
+from .barrier_size import *  # Use the main BarrierSizes model
+from .bidder import *
+from .bidder_contact import *  # Make sure BidderContact is imported
+from .bidders_barrier_sizes import *
+from .contact import *
+from .customer import *
+from .distributor import *
+from .employee import *
+from .project import *
+from .project_related import *
+# Skip reference.py to avoid BarrierSize duplicate
+# from .reference import *  # Commented out due to BarrierSizes table conflict
+from .report import *
+from .user import *