refactor(auth): Migrate from employees to staff module and consolidate constants

- Remove auth router, auth logs, and role models from auth module
- Delete employees module and migrate functionality to staff module
- Add constants module with collections and employee types definitions
- Create catalogues router for product catalogue management
- Update database initialization to support new module structure
- Refactor authentication dependencies to work with new staff module
- Update main application router configuration for new module layout
- Consolidate employee-related schemas and models under staff namespace
- Simplify role management by removing dedicated role model
- Update test files to reflect new module organization and naming conventions

app/auth/controllers/router.py

@@ -1,457 +0,0 @@
-"""
-Authentication router for system users.
-Provides login, logout, and token management endpoints.
-"""
-from datetime import timedelta
-from typing import Optional, List, Dict
-from fastapi import APIRouter, Depends, HTTPException, status, Body
-# Removed OAuth2PasswordRequestForm due to compatibility issues
-from pydantic import BaseModel, EmailStr
-
-from app.system_users.services.service import SystemUserService
-from app.dependencies.auth import get_system_user_service, get_current_user
-from app.system_users.models.model import SystemUserModel
-# from insightfy_utils.logging import get_logger  # TODO: Uncomment when package is available
-import logging
-
-# logger = get_logger(__name__)  # TODO: Uncomment when insightfy_utils is available
-logger = logging.getLogger(__name__)
-
-router = APIRouter(prefix="/auth", tags=["Authentication"])
-
-
-def _get_accessible_widgets(user_role) -> List[Dict]:
-    """Generate accessible widgets based on user role."""
-    # Base widgets available to all roles - Supply Chain focused
-    base_widgets = [
-        {
-            "widget_id": "wid_orders_count_001",
-            "widget_type": "kpi",
-            "title": "Orders Count", 
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_pending_orders_001",
-            "widget_type": "kpi",
-            "title": "Pending Orders",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_stock_level_001",
-            "widget_type": "kpi", 
-            "title": "Stock Level",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_supplier_count_001",
-            "widget_type": "kpi",
-            "title": "Active Suppliers",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_inventory_status_001",
-            "widget_type": "chart",
-            "title": "Inventory Status",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_order_trend_12m_001",
-            "widget_type": "chart",
-            "title": "Order Trend (12-mo)",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_supplier_performance_001", 
-            "widget_type": "chart",
-            "title": "Supplier Performance",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_top_5_products_001",
-            "widget_type": "chart",
-            "title": "Top 5 Products by Volume", 
-            "accessible": True
-        }
-    ]
-    
-    # Advanced widgets for managers and above - Supply Chain focused
-    advanced_widgets = [
-        {
-            "widget_id": "wid_goods_receipt_rate_001",
-            "widget_type": "kpi",
-            "title": "Goods Receipt Rate (30d)",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_stock_turnover_001",
-            "widget_type": "kpi", 
-            "title": "Stock Turnover Rate",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_recent_orders_001",
-            "widget_type": "table",
-            "title": "Recent Orders",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_recent_grn_001",
-            "widget_type": "table", 
-            "title": "Recent Goods Receipts",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_low_stock_items_001",
-            "widget_type": "table",
-            "title": "Low Stock Items",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_top_suppliers_001",
-            "widget_type": "table",
-            "title": "Top Suppliers (30 Days)",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_cancelled_orders_001",
-            "widget_type": "table",
-            "title": "Cancelled Orders", 
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_expiring_stock_001",
-            "widget_type": "table",
-            "title": "Expiring Stock (Next 30 Days)",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_product_reorder_list_001",
-            "widget_type": "table",
-            "title": "Products Needing Reorder",
-            "accessible": True
-        },
-        {
-            "widget_id": "wid_supplier_delivery_performance_001",
-            "widget_type": "table",
-            "title": "Supplier Delivery Performance",
-            "accessible": True
-        }
-    ]
-    
-    # Return widgets based on role
-    if user_role.value in ["super_admin", "admin"]:
-        return base_widgets + advanced_widgets
-    elif user_role.value in ["manager"]:
-        return base_widgets + advanced_widgets[:6]  # Limited advanced widgets
-    else:
-        return base_widgets  # Basic widgets only
-
-
-class LoginRequest(BaseModel):
-    """Login request model."""
-    email_or_phone: str  # Can be email, phone number, or username
-    password: str
-
-
-class LoginResponse(BaseModel):
-    """Login response model."""
-    access_token: str
-    refresh_token: str
-    token_type: str = "bearer"
-    expires_in: int = 1800  # 30 minutes
-    user: dict
-    access_menu: dict
-    warnings: Optional[str] = None
-
-
-class TokenRefreshRequest(BaseModel):
-    """Token refresh request."""
-    refresh_token: str
-
-
-@router.post("/login", response_model=LoginResponse)
-async def login(
-    login_data: LoginRequest,
-    user_service: SystemUserService = Depends(get_system_user_service)
-):
-    """
-    Authenticate user and return JWT tokens.
-    
-    - **email_or_phone**: User email, phone number, or username
-    - **password**: User password
-    """
-    try:
-        # Authenticate user
-        user, message = await user_service.authenticate_user(
-            login_data.email_or_phone,
-            login_data.password
-        )
-        
-        if not user:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail=message,
-                headers={"WWW-Authenticate": "Bearer"}
-            )
-        
-        # Create tokens
-        access_token_expires = timedelta(minutes=30)
-        access_token = user_service.create_access_token(
-            data={"sub": user.user_id, "username": user.username, "role": user.role.value, "merchant_id": user.merchant_id},
-            expires_delta=access_token_expires
-        )
-        
-        refresh_token = user_service.create_refresh_token(
-            data={"sub": user.user_id, "username": user.username}
-        )
-        
-        # Flatten permissions to dot notation
-        flattened_permissions = []
-        for module, actions in user.permissions.items():
-            for action in actions:
-                flattened_permissions.append(f"{module}.{action}")
-        
-        # Generate accessible widgets based on user role
-        accessible_widgets = _get_accessible_widgets(user.role)
-        
-        # Return user info without sensitive data
-        user_info = {
-            "user_id": user.user_id,
-            "username": user.username,
-            "email": user.email,
-            "first_name": user.first_name,
-            "last_name": user.last_name,
-            "role": user.role.value,
-            "permissions": user.permissions,
-            "status": user.status.value,
-            "last_login_at": user.last_login_at,
-            "merchant_info": user.metadata.get("merchant_id") if user.metadata else None
-        }
-        
-        # Access menu structure
-        access_menu = {
-            "permissions": flattened_permissions,
-            "accessible_widgets": accessible_widgets
-        }
-        
-        logger.info(f"User logged in successfully: {user.username}")
-        
-        return LoginResponse(
-            access_token=access_token,
-            refresh_token=refresh_token,
-            user=user_info,
-            access_menu=access_menu,
-            warnings=None
-        )
-        
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Login error: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Authentication failed"
-        )
-
-
-class OAuth2LoginRequest(BaseModel):
-    """OAuth2 compatible login request."""
-    username: str  # Can be email or phone
-    password: str
-    grant_type: str = "password"
-
-
-@router.post("/login-form")
-async def login_form(
-    form_data: OAuth2LoginRequest,
-    user_service: SystemUserService = Depends(get_system_user_service)
-):
-    """
-    OAuth2 compatible login endpoint for form-based authentication.
-    """
-    try:
-        # Authenticate user
-        user, message = await user_service.authenticate_user(
-            form_data.username,  # Can be email or phone
-            form_data.password
-        )
-        
-        if not user:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail=message,
-                headers={"WWW-Authenticate": "Bearer"}
-            )
-        
-        # Create access token
-        access_token_expires = timedelta(minutes=30)
-        access_token = user_service.create_access_token(
-            data={"sub": user.user_id, "username": user.username, "role": user.role.value, "merchant_id": user.merchant_id},
-            expires_delta=access_token_expires
-        )
-        
-        return {
-            "access_token": access_token,
-            "token_type": "bearer"
-        }
-        
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Form login error: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Authentication failed"
-        )
-
-
-@router.post("/refresh")
-async def refresh_token(
-    refresh_data: TokenRefreshRequest,
-    user_service: SystemUserService = Depends(get_system_user_service)
-):
-    """
-    Refresh access token using refresh token.
-    """
-    try:
-        # Verify refresh token
-        payload = user_service.verify_token(refresh_data.refresh_token, "refresh")
-        if payload is None:
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="Invalid refresh token"
-            )
-        
-        user_id = payload.get("sub")
-        username = payload.get("username")
-        
-        # Get user to verify they still exist and are active
-        user = await user_service.get_user_by_id(user_id)
-        if not user or user.status.value != "active":
-            raise HTTPException(
-                status_code=status.HTTP_401_UNAUTHORIZED,
-                detail="User not found or inactive"
-            )
-        
-        # Create new access token
-        access_token_expires = timedelta(minutes=30)
-        access_token = user_service.create_access_token(
-            data={"sub": user_id, "username": username, "role": user.role.value, "merchant_id": user.merchant_id},
-            expires_delta=access_token_expires
-        )
-        
-        return {
-            "access_token": access_token,
-            "token_type": "bearer",
-            "expires_in": 1800
-        }
-        
-    except HTTPException:
-        raise
-    except Exception as e:
-        logger.error(f"Token refresh error: {e}")
-        raise HTTPException(
-            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="Token refresh failed"
-        )
-
-
-@router.get("/me")
-async def get_current_user_info(
-    current_user: SystemUserModel = Depends(get_current_user)
-):
-    """
-    Get current user information.
-    """
-    return {
-        "user_id": current_user.user_id,
-        "username": current_user.username,
-        "email": current_user.email,
-        "first_name": current_user.first_name,
-        "last_name": current_user.last_name,
-        "role": current_user.role.value,
-        "permissions": current_user.permissions,
-        "status": current_user.status.value,
-        "last_login_at": current_user.last_login_at,
-        "timezone": current_user.timezone,
-        "language": current_user.language,
-        "merchant_info": current_user.metadata.get("merchant_id") if current_user.metadata else None
-    }
-
-
-@router.post("/logout")
-async def logout(
-    current_user: SystemUserModel = Depends(get_current_user)
-):
-    """
-    Logout current user.
-    Note: In a production environment, you would want to blacklist the token.
-    """
-    logger.info(f"User logged out: {current_user.username}")
-    return {"message": "Successfully logged out"}
-
-
-@router.post("/test-login")
-async def test_login():
-    """
-    Test endpoint to verify authentication system is working.
-    Returns sample login credentials.
-    """
-    return {
-        "message": "Authentication system is ready",
-        "test_credentials": [
-            {
-                "type": "Super Admin",
-                "email": "superadmin@cuatrolabs.com",
-                "password": "SuperAdmin@123",
-                "description": "Full system access"
-            },
-            {
-                "type": "Company Admin", 
-                "email": "admin@cuatrolabs.com",
-                "password": "CompanyAdmin@123",
-                "description": "Company-wide management"
-            },
-            {
-                "type": "CNF Manager",
-                "email": "north.manager@cuatrolabs.com",
-                "password": "CNFManager@123", 
-                "description": "Regional CNF operations"
-            }
-        ]
-    }
-
-
-@router.get("/access-roles")
-async def get_access_roles(
-    user_service: SystemUserService = Depends(get_system_user_service)
-):
-    """
-    Get available access roles and their permissions structure.
-    
-    Returns the complete role hierarchy with grouped permissions.
-    """
-    try:
-        # Get roles from database
-        roles = await user_service.get_all_roles()
-        
-        return {
-            "message": "Access roles with grouped permissions structure",
-            "total_roles": len(roles),
-            "roles": [
-                {
-                    "role_id": role.get("role_id"),
-                    "role_name": role.get("role_name"),
-                    "description": role.get("description"),
-                    "permissions": role.get("permissions", {}),
-                    "is_active": role.get("is_active", True)
-                }
-                for role in roles
-            ]
-        }
-    except Exception as e:
-        logger.error(f"Error fetching access roles: {e}")
-        return {
-            "message": "Error fetching access roles",
-            "error": str(e)
-        }

app/auth/models/auth_log_model.py

@@ -1,35 +0,0 @@
-"""
-Authentication log model for SCM microservice.
-Tracks authentication events for security auditing.
-"""
-from datetime import datetime
-from typing import Optional, Dict
-from pydantic import BaseModel, Field
-
-
-class AuthLogModel(BaseModel):
-    """Authentication log data model"""
-    event_type: str = Field(..., description="Type of authentication event")
-    merchant_id: Optional[str] = Field(None, description="Merchant identifier")
-    associate_id: Optional[str] = Field(None, description="Employee identifier")
-    identifier: str = Field(..., description="Email or mobile used")
-    ip_address: Optional[str] = Field(None, description="Client IP address")
-    user_agent: Optional[str] = Field(None, description="Client user agent")
-    timestamp: datetime = Field(default_factory=datetime.utcnow)
-    result: str = Field(..., description="Event result (success/failure)")
-    failure_reason: Optional[str] = Field(None, description="Reason for failure")
-    metadata: Dict = Field(default_factory=dict, description="Additional context")
-    
-    class Config:
-        json_schema_extra = {
-            "example": {
-                "event_type": "login_attempt",
-                "merchant_id": "SALON_US_NYC_001",
-                "associate_id": "SALON_US_NYC_001_e001",
-                "identifier": "jane@glamoursalon.com",
-                "ip_address": "192.168.1.100",
-                "user_agent": "Mozilla/5.0...",
-                "result": "success",
-                "metadata": {}
-            }
-        }

app/auth/models/role_model.py

@@ -1,47 +0,0 @@
-"""
-Role model for SCM microservice.
-Represents a role with permissions within a merchant.
-"""
-from datetime import datetime
-from typing import Dict, List, Optional
-from pydantic import BaseModel, Field
-
-
-class RoleModel(BaseModel):
-    """Role data model"""
-    role_id: str = Field(..., description="Role identifier")
-    merchant_id: str = Field(..., description="Merchant identifier")
-    name: str = Field(..., description="Role name")
-    description: Optional[str] = Field(None, description="Role description")
-    permissions: Dict[str, List[str]] = Field(
-        default_factory=dict,
-        description="Module-based permissions mapping"
-    )
-    scope: Dict = Field(
-        default_factory=lambda: {"global": True, "branches": []},
-        description="Role scope configuration"
-    )
-    created_at: datetime = Field(default_factory=datetime.utcnow)
-    updated_at: Optional[datetime] = None
-    created_by: str = Field(default="system")
-    archived: bool = Field(default=False)
-    
-    class Config:
-        json_schema_extra = {
-            "example": {
-                "role_id": "admin",
-                "merchant_id": "SALON_US_NYC_001",
-                "name": "Administrator",
-                "description": "Full access to all system features",
-                "permissions": {
-                    "inventory": ["create", "read", "update", "delete"],
-                    "orders": ["create", "read", "update", "delete"],
-                    "reports": ["read"]
-                },
-                "scope": {
-                    "global": True,
-                    "branches": []
-                },
-                "archived": False
-            }
-        }

app/catalogues/controllers/router.py

@@ -0,0 +1,111 @@
+"""
+Catalogues API router - FastAPI endpoints for product catalogues.
+"""
+from typing import Optional, List
+from fastapi import APIRouter, HTTPException, Query, status
+import logging
+
+logger = logging.getLogger(__name__)
+
+router = APIRouter(
+    prefix="/catalogues",
+    tags=["catalogues"],
+    responses={404: {"description": "Not found"}},
+)
+
+
+@router.get(
+    "",
+    summary="List catalogues",
+    description="Get a list of all product catalogues"
+)
+async def list_catalogues(
+    skip: int = Query(0, ge=0, description="Number of records to skip"),
+    limit: int = Query(100, ge=1, le=1000, description="Maximum number of records to return")
+):
+    """
+    List all catalogues with pagination.
+    """
+    logger.info(f"Listing catalogues with skip={skip}, limit={limit}")
+    
+    # TODO: Implement catalogue listing from database
+    return {
+        "message": "Catalogues endpoint - coming soon",
+        "catalogues": [],
+        "total": 0,
+        "skip": skip,
+        "limit": limit
+    }
+
+
+@router.get(
+    "/{catalogue_id}",
+    summary="Get catalogue by ID",
+    description="Get a specific catalogue by its ID"
+)
+async def get_catalogue(catalogue_id: str):
+    """
+    Get a catalogue by ID.
+    """
+    logger.info(f"Getting catalogue {catalogue_id}")
+    
+    # TODO: Implement catalogue retrieval from database
+    raise HTTPException(
+        status_code=status.HTTP_501_NOT_IMPLEMENTED,
+        detail="Catalogue retrieval not yet implemented"
+    )
+
+
+@router.post(
+    "",
+    status_code=status.HTTP_201_CREATED,
+    summary="Create a new catalogue",
+    description="Create a new product catalogue"
+)
+async def create_catalogue():
+    """
+    Create a new catalogue.
+    """
+    logger.info("Creating new catalogue")
+    
+    # TODO: Implement catalogue creation
+    raise HTTPException(
+        status_code=status.HTTP_501_NOT_IMPLEMENTED,
+        detail="Catalogue creation not yet implemented"
+    )
+
+
+@router.put(
+    "/{catalogue_id}",
+    summary="Update catalogue",
+    description="Update an existing catalogue"
+)
+async def update_catalogue(catalogue_id: str):
+    """
+    Update a catalogue.
+    """
+    logger.info(f"Updating catalogue {catalogue_id}")
+    
+    # TODO: Implement catalogue update
+    raise HTTPException(
+        status_code=status.HTTP_501_NOT_IMPLEMENTED,
+        detail="Catalogue update not yet implemented"
+    )
+
+
+@router.delete(
+    "/{catalogue_id}",
+    summary="Delete catalogue",
+    description="Delete a catalogue"
+)
+async def delete_catalogue(catalogue_id: str):
+    """
+    Delete a catalogue.
+    """
+    logger.info(f"Deleting catalogue {catalogue_id}")
+    
+    # TODO: Implement catalogue deletion
+    raise HTTPException(
+        status_code=status.HTTP_501_NOT_IMPLEMENTED,
+        detail="Catalogue deletion not yet implemented"
+    )

app/constants/__init__.py

@@ -0,0 +1 @@
+"""Constants module for POS microservice."""

app/constants/collections.py

@@ -0,0 +1,21 @@
+"""
+MongoDB collection names for POS microservice.
+"""
+
+# System Users collection (shared with Auth/SCM services)
+AUTH_SYSTEM_USERS_COLLECTION = "scm_system_users"
+AUTH_ACCESS_ROLES_COLLECTION = "scm_access_roles"
+AUTH_AUTH_LOGS_COLLECTION = "scm_auth_logs"
+
+# POS-specific collections
+POS_SALES_COLLECTION = "pos_sales"
+POS_INVENTORY_COLLECTION = "pos_inventory"
+POS_CUSTOMERS_COLLECTION = "pos_customers"
+POS_PRODUCTS_COLLECTION = "pos_products"
+POS_TRANSACTIONS_COLLECTION = "pos_transactions"
+POS_PAYMENTS_COLLECTION = "pos_payments"
+POS_RECEIPTS_COLLECTION = "pos_receipts"
+
+# SCM collection names (for cross-service access)
+SCM_ACCESS_ROLES_COLLECTION = "scm_access_roles"
+SCM_EMPLOYEES_COLLECTION = "scm_employees"

app/constants/employee_types.py

@@ -0,0 +1,99 @@
+"""
+Employee/Staff-related constants and enumerations.
+"""
+
+from enum import Enum
+
+
+class Designation(str, Enum):
+    """Staff designation/role types."""
+    RSM = "RSM"  # Regional Sales Manager
+    ASM = "ASM"  # Area Sales Manager
+    BDE = "BDE"  # Business Development Executive
+    HEAD_TRAINER = "Head_Trainer"
+    TRAINER = "Trainer"
+    HR = "HR"
+    FINANCE = "Finance"
+    ADMIN = "Admin"
+    FIELD_SALES = "Field_Sales"
+    CASHIER = "Cashier"  # POS specific
+    STORE_MANAGER = "Store_Manager"  # POS specific
+    SALES_ASSOCIATE = "Sales_Associate"  # POS specific
+
+
+class stafftatus(str, Enum):
+    """Staff status types."""
+    ONBOARDING = "onboarding"
+    ACTIVE = "active"
+    INACTIVE = "inactive"
+    SUSPENDED = "suspended"
+    TERMINATED = "terminated"
+
+
+class LocationPrecision(str, Enum):
+    """Location tracking precision levels."""
+    HIGH = "HIGH"
+    MEDIUM = "MEDIUM"
+    LOW = "LOW"
+
+
+class IDDocumentType(str, Enum):
+    """Identity document types."""
+    PAN = "PAN"
+    AADHAAR = "AADHAAR"
+    DRIVING_LICENSE = "DRIVING_LICENSE"
+    PASSPORT = "PASSPORT"
+    OTHER = "OTHER"
+
+
+class DevicePlatform(str, Enum):
+    """Mobile device platforms."""
+    ANDROID = "Android"
+    IOS = "iOS"
+    WEB = "Web"
+
+
+# Hierarchy rules for manager validation
+MANAGER_ALLOWED_DESIGNATIONS = {
+    Designation.ASM: [Designation.RSM],
+    Designation.BDE: [Designation.ASM, Designation.RSM],
+    Designation.TRAINER: [Designation.ASM, Designation.RSM, Designation.HEAD_TRAINER],
+    Designation.FIELD_SALES: [Designation.ASM, Designation.RSM, Designation.BDE],
+    Designation.CASHIER: [Designation.STORE_MANAGER],
+    Designation.SALES_ASSOCIATE: [Designation.STORE_MANAGER],
+}
+
+# Designations that require a manager
+MANAGER_REQUIRED_DESIGNATIONS = [
+    Designation.ASM,
+    Designation.BDE,
+    Designation.TRAINER,
+    Designation.FIELD_SALES,
+    Designation.CASHIER,
+    Designation.SALES_ASSOCIATE,
+]
+
+# Designations that require 2FA by default
+TWO_FA_REQUIRED_DESIGNATIONS = [
+    Designation.ADMIN,
+    Designation.FINANCE,
+    Designation.HR,
+    Designation.STORE_MANAGER,
+]
+
+# Default location retention period (days)
+DEFAULT_LOCATION_RETENTION_DAYS = 90
+MAX_LOCATION_RETENTION_DAYS = 180
+
+# Age constraints
+MIN_AGE_YEARS = 18
+MAX_FUTURE_DOJ_DAYS = 30
+
+# Validation regex patterns
+EMPLOYEE_CODE_PATTERN = r"^[A-Z0-9\-_]{3,20}$"
+PHONE_E164_PATTERN = r"^\+?[1-9]\d{7,14}$"
+PAN_PATTERN = r"^[A-Z]{5}[0-9]{4}[A-Z]$"
+AADHAAR_PATTERN = r"^\d{12}$"
+
+# Collection name
+SCM_staff_COLLECTION = "pos_staff"

app/db_init.py

@@ -40,7 +40,7 @@ async def initialize_database():
         
         # Add other collection initializations here as needed
         # await initialize_merchants_database(db)
-        # await initialize_employees_database(db)
+        # await initialize_staff_database(db)
         # await initialize_orders_database(db)
         
         logger.info("Database initialization completed successfully")

app/dependencies/auth.py

@@ -1,33 +1,52 @@
 """
 Authentication dependencies for FastAPI.
+Simplified token validation without system_users dependency.
+POS microservice validates tokens issued by auth-ms but doesn't manage users.
 """
-from typing import Optional
+from typing import Optional, Dict, Any
 from datetime import datetime
 from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-from app.system_users.models.model import SystemUserModel
-from app.system_users.services.service import SystemUserService
-from app.nosql import get_database
+from jose import JWTError, jwt
+from pydantic import BaseModel
+from app.core.config import settings
 
 security = HTTPBearer()
 
 
-def get_system_user_service() -> SystemUserService:
+class TokenUser(BaseModel):
+    """Lightweight user model from JWT token payload."""
+    user_id: str
+    username: str
+    role: str
+    merchant_id: Optional[str] = None
+    permissions: Dict[str, Any] = {}
+
+
+def verify_token(token: str) -> Optional[Dict[str, Any]]:
     """
-    Dependency to get SystemUserService instance.
+    Verify JWT token from auth microservice.
     
+    Args:
+        token: JWT token string
+        
     Returns:
-        SystemUserService: Service instance with database connection
+        Token payload dict if valid, None otherwise
     """
-    # get_database() returns AsyncIOMotorDatabase directly, no await needed
-    db = get_database()
-    return SystemUserService(db)
+    try:
+        payload = jwt.decode(
+            token,
+            settings.SECRET_KEY,
+            algorithms=[settings.ALGORITHM]
+        )
+        return payload
+    except JWTError:
+        return None
 
 
 async def get_current_user(
-    credentials: HTTPAuthorizationCredentials = Depends(security),
-    user_service: SystemUserService = Depends(get_system_user_service)
-) -> SystemUserModel:
+    credentials: HTTPAuthorizationCredentials = Depends(security)
+) -> TokenUser:
     """Get current authenticated user from JWT token."""
     
     credentials_exception = HTTPException(
@@ -38,44 +57,42 @@ async def get_current_user(
     
     try:
         # Verify token
-        payload = user_service.verify_token(credentials.credentials, "access")
+        payload = verify_token(credentials.credentials)
         if payload is None:
             raise credentials_exception
         
         user_id: str = payload.get("sub")
-        if user_id is None:
+        username: str = payload.get("username")
+        role: str = payload.get("role", "user")
+        merchant_id: str = payload.get("merchant_id")
+        
+        if user_id is None or username is None:
             raise credentials_exception
+        
+        return TokenUser(
+            user_id=user_id,
+            username=username,
+            role=role,
+            merchant_id=merchant_id,
+            permissions=payload.get("permissions", {})
+        )
             
     except Exception:
         raise credentials_exception
-    
-    # Get user from database
-    user = await user_service.get_user_by_id(user_id)
-    if user is None:
-        raise credentials_exception
-    
-    # Check if user is active
-    if user.status.value != "active":
-        raise HTTPException(
-            status_code=status.HTTP_403_FORBIDDEN,
-            detail="User account is not active"
-        )
-    
-    return user
 
 
 async def get_current_active_user(
-    current_user: SystemUserModel = Depends(get_current_user)
-) -> SystemUserModel:
+    current_user: TokenUser = Depends(get_current_user)
+) -> TokenUser:
     """Get current active user (alias for get_current_user for clarity)."""
     return current_user
 
 
 async def require_admin_role(
-    current_user: SystemUserModel = Depends(get_current_user)
-) -> SystemUserModel:
+    current_user: TokenUser = Depends(get_current_user)
+) -> TokenUser:
     """Require admin or super_admin role."""
-    if not current_user.is_admin():
+    if current_user.role not in ["admin", "super_admin"]:
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail="Admin privileges required"
@@ -84,10 +101,10 @@ async def require_admin_role(
 
 
 async def require_super_admin_role(
-    current_user: SystemUserModel = Depends(get_current_user)
-) -> SystemUserModel:
+    current_user: TokenUser = Depends(get_current_user)
+) -> TokenUser:
     """Require super_admin role."""
-    if not current_user.is_super_admin():
+    if current_user.role != "super_admin":
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
             detail="Super admin privileges required"
@@ -98,9 +115,9 @@ async def require_super_admin_role(
 def require_permission(permission: str):
     """Dependency factory to require specific permission."""
     async def permission_checker(
-        current_user: SystemUserModel = Depends(get_current_user)
-    ) -> SystemUserModel:
-        if permission not in current_user.permissions and not current_user.is_admin():
+        current_user: TokenUser = Depends(get_current_user)
+    ) -> TokenUser:
+        if permission not in current_user.permissions and current_user.role not in ["admin", "super_admin"]:
             raise HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,
                 detail=f"Permission '{permission}' required"
@@ -111,9 +128,8 @@ def require_permission(permission: str):
 
 
 async def get_optional_user(
-    credentials: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False)),
-    user_service: SystemUserService = Depends(get_system_user_service)
-) -> Optional[SystemUserModel]:
+    credentials: Optional[HTTPAuthorizationCredentials] = Depends(HTTPBearer(auto_error=False))
+) -> Optional[TokenUser]:
     """Get current user if token is provided, otherwise return None."""
     
     if credentials is None:
@@ -121,20 +137,25 @@ async def get_optional_user(
     
     try:
         # Verify token
-        payload = user_service.verify_token(credentials.credentials, "access")
+        payload = verify_token(credentials.credentials)
         if payload is None:
             return None
         
         user_id: str = payload.get("sub")
-        if user_id is None:
-            return None
-            
-        # Get user from database
-        user = await user_service.get_user_by_id(user_id)
-        if user is None or user.status.value != "active":
+        username: str = payload.get("username")
+        role: str = payload.get("role", "user")
+        merchant_id: str = payload.get("merchant_id")
+        
+        if user_id is None or username is None:
             return None
         
-        return user
+        return TokenUser(
+            user_id=user_id,
+            username=username,
+            role=role,
+            merchant_id=merchant_id,
+            permissions=payload.get("permissions", {})
+        )
         
     except Exception:
         return None

app/main.py

@@ -9,10 +9,10 @@ import logging  # TODO: Uncomment when package is available
 from app.core.config import settings
 
 from app.nosql import connect_to_mongo, close_mongo_connection
-from app.auth.controllers.router import router as auth_router
+from app.staff.controllers.router import router as staff_router
+from app.catalogues.controllers.router import router as catalogues_router
 
 # # logger = get_logger(__name__)  # TODO: Uncomment when insightfy_utils is available
-logger = logging.getLogger(__name__)  # TODO: Uncomment when insightfy_utils is available
 logger = logging.getLogger(__name__)
 logging.basicConfig(level=logging.INFO)
 
@@ -63,14 +63,16 @@ async def health_check():
     }
 
 
-# Include routers
-app.include_router(auth_router)
+app.include_router(staff_router, prefix="/api/v1")
+app.include_router(catalogues_router, prefix="/api/v1")
 
 # TODO: Add other POS-specific routers as they are implemented:
-# app.include_router(sales_router)
-# app.include_router(inventory_router)  
-# app.include_router(customer_router)
-# app.include_router(product_router)
+# app.include_router(sales_router, prefix="/api/v1")
+# app.include_router(inventory_router, prefix="/api/v1")
+# app.include_router(customer_router, prefix="/api/v1")
+# app.include_router(product_router, prefix="/api/v1")
+# app.include_router(payment_router, prefix="/api/v1")
+# app.include_router(report_router, prefix="/api/v1"r)
 # app.include_router(payment_router)
 # app.include_router(report_router)
 

app/{employees → staff}/controllers/router.py

@@ -6,16 +6,16 @@ from fastapi import APIRouter, HTTPException, Query, Header, status
 # from insightfy_utils.logging import get_logger  # TODO: Uncomment when package is available
 import logging
 
-from app.constants.employee_types import Designation, EmployeeStatus
-from app.employees.schemas.schema import EmployeeCreate, EmployeeUpdate, EmployeeResponse
-from app.employees.services.service import EmployeeService
+from app.constants.employee_types import Designation, stafftatus
+from app.staff.schemas.schema import EmployeeCreate, EmployeeUpdate, EmployeeResponse
+from app.staff.services.service import staffervice
 
 # logger = get_logger(__name__)  # TODO: Uncomment when insightfy_utils is available
 logger = logging.getLogger(__name__)
 
 router = APIRouter(
-    prefix="/employees",
-    tags=["employees"],
+    prefix="/staff",
+    tags=["staff"],
     responses={404: {"description": "Not found"}},
 )
 
@@ -28,7 +28,7 @@ router = APIRouter(
     description="""
     Create a new employee with comprehensive validation:
     - Validates employee code uniqueness
-    - Ensures email and phone uniqueness among active employees
+    - Ensures email and phone uniqueness among active staff
     - Enforces manager hierarchy rules
     - Validates age requirements (minimum 18 years)
     - Validates DOB/DOJ consistency
@@ -41,9 +41,9 @@ async def create_employee(payload: EmployeeCreate) -> EmployeeResponse:
     Create a new employee.
     
     **Business Rules:**
-    - Employee code must be unique across all employees
-    - Email must be unique among active employees
-    - Phone must be unique among active employees
+    - Employee code must be unique across all staff
+    - Email must be unique among active staff
+    - Phone must be unique among active staff
     - Employee must be at least 18 years old
     - DOJ cannot be more than 30 days in the future
     - ASM must have an RSM manager
@@ -63,7 +63,7 @@ async def create_employee(payload: EmployeeCreate) -> EmployeeResponse:
     - Background tracking requires location_tracking_consent
     - Requires mobile app access (has_mobile_app=True)
     """
-    return await EmployeeService.create_employee(payload)
+    return await staffervice.create_employee(payload)
 
 
 @router.get(
@@ -85,7 +85,7 @@ async def get_employee(user_id: str) -> EmployeeResponse:
     Raises:
         404: Employee not found
     """
-    return await EmployeeService.get_employee(user_id)
+    return await staffervice.get_employee(user_id)
 
 
 @router.get(
@@ -107,7 +107,7 @@ async def get_employee_by_code(employee_code: str) -> EmployeeResponse:
     Raises:
         404: Employee not found
     """
-    return await EmployeeService.get_employee_by_code(employee_code)
+    return await staffervice.get_employee_by_code(employee_code)
 
 
 @router.put(
@@ -141,16 +141,16 @@ async def update_employee(
     - Phone uniqueness (if changing phone)
     - Manager validation (if changing manager)
     """
-    return await EmployeeService.update_employee(user_id, payload, x_user_id)
+    return await staffervice.update_employee(user_id, payload, x_user_id)
 
 
 @router.get(
     "",
     response_model=List[EmployeeResponse],
-    summary="List employees",
-    description="List employees with optional filters and pagination"
+    summary="List staff",
+    description="List staff with optional filters and pagination"
 )
-async def list_employees(
+async def list_staff(
     designation: Optional[Designation] = Query(
         None,
         description="Filter by designation/role"
@@ -159,7 +159,7 @@ async def list_employees(
         None,
         description="Filter by manager's user_id (direct reports)"
     ),
-    status_filter: Optional[EmployeeStatus] = Query(
+    status_filter: Optional[stafftatus] = Query(
         None,
         alias="status",
         description="Filter by employee status"
@@ -181,7 +181,7 @@ async def list_employees(
     )
 ) -> List[EmployeeResponse]:
     """
-    List employees with filters.
+    List staff with filters.
     
     **Query Parameters:**
     - `designation`: Filter by role (RSM, ASM, BDE, Trainer, etc.)
@@ -192,9 +192,9 @@ async def list_employees(
     - `limit`: Page size (default: 100, max: 500)
     
     Returns:
-        List of employees matching the filters
+        List of staff matching the filters
     """
-    return await EmployeeService.list_employees(
+    return await staffervice.list_staff(
         designation=designation,
         manager_id=manager_id,
         status_filter=status_filter,
@@ -216,7 +216,7 @@ async def delete_employee(
     """
     Delete an employee (soft delete).
     
-    Sets employee status to 'terminated'. Cannot delete employees with active direct reports.
+    Sets employee status to 'terminated'. Cannot delete staff with active direct reports.
     
     Args:
         user_id: Employee user_id to delete
@@ -229,7 +229,7 @@ async def delete_employee(
         404: Employee not found
         400: Employee has active direct reports
     """
-    return await EmployeeService.delete_employee(user_id, x_user_id)
+    return await staffervice.delete_employee(user_id, x_user_id)
 
 
 @router.get(
@@ -240,7 +240,7 @@ async def delete_employee(
 )
 async def get_employee_reports(
     user_id: str,
-    status_filter: Optional[EmployeeStatus] = Query(
+    status_filter: Optional[stafftatus] = Query(
         None,
         alias="status",
         description="Filter by report status"
@@ -260,12 +260,12 @@ async def get_employee_reports(
         limit: Page size
         
     Returns:
-        List of direct report employees
+        List of direct report staff
     """
     # First verify employee exists
-    await EmployeeService.get_employee(user_id)
+    await staffervice.get_employee(user_id)
     
-    return await EmployeeService.list_employees(
+    return await staffervice.list_staff(
         manager_id=user_id,
         status_filter=status_filter,
         skip=skip,
@@ -288,7 +288,7 @@ async def get_employee_hierarchy(user_id: str):
         user_id: Employee user_id
         
     Returns:
-        List of employees from top manager to current employee
+        List of staff from top manager to current employee
     """
     hierarchy = []
     current_id = user_id
@@ -297,7 +297,7 @@ async def get_employee_hierarchy(user_id: str):
     # Traverse up the hierarchy
     while current_id and current_id not in visited:
         visited.add(current_id)
-        employee_data = await EmployeeService.get_employee(current_id)
+        employee_data = await staffervice.get_employee(current_id)
         hierarchy.insert(0, employee_data)  # Insert at beginning to maintain order
         current_id = employee_data.manager_id
     
@@ -316,7 +316,7 @@ async def get_employee_hierarchy(user_id: str):
 )
 async def update_employee_status(
     user_id: str,
-    new_status: EmployeeStatus,
+    new_status: stafftatus,
     x_user_id: str = Header(..., description="User ID making the update")
 ) -> EmployeeResponse:
     """
@@ -339,7 +339,7 @@ async def update_employee_status(
     - active/inactive/suspended → terminated (termination)
     """
     update_payload = EmployeeUpdate(status=new_status)
-    return await EmployeeService.update_employee(user_id, update_payload, x_user_id)
+    return await staffervice.update_employee(user_id, update_payload, x_user_id)
 
 
 @router.patch(
@@ -378,7 +378,7 @@ async def update_location_consent(
     - Consent timestamp is automatically recorded
     """
     from datetime import datetime
-    from app.employees.schemas.schema import LocationSettingsSchema
+    from app.staff.schemas.schema import LocationSettingsSchema
     
     location_settings = LocationSettingsSchema(
         location_tracking_consent=location_tracking_consent,
@@ -389,4 +389,4 @@ async def update_location_consent(
     )
     
     update_payload = EmployeeUpdate(location_settings=location_settings)
-    return await EmployeeService.update_employee(user_id, update_payload, x_user_id)
+    return await staffervice.update_employee(user_id, update_payload, x_user_id)

app/{employees → staff}/models/model.py

@@ -8,7 +8,7 @@ from pydantic import BaseModel, Field
 
 from app.constants.employee_types import (
     Designation,
-    EmployeeStatus,
+    stafftatus,
     LocationPrecision,
     DevicePlatform,
     DEFAULT_LOCATION_RETENTION_DAYS
@@ -128,8 +128,8 @@ class EmployeeModel(BaseModel):
     emergency_contact: EmergencyContactModel = Field(..., description="Emergency contact information")
     
     # Status
-    status: EmployeeStatus = Field(
-        default=EmployeeStatus.ONBOARDING,
+    status: stafftatus = Field(
+        default=stafftatus.ONBOARDING,
         description="Employee status"
     )
     

app/{employees → staff}/schemas/schema.py

@@ -8,7 +8,7 @@ import re
 
 from app.constants.employee_types import (
     Designation,
-    EmployeeStatus,
+    stafftatus,
     LocationPrecision,
     IDDocumentType,
     DevicePlatform,
@@ -250,8 +250,8 @@ class EmployeeCreate(BaseModel):
     emergency_contact: EmergencyContactSchema = Field(..., description="Emergency contact information")
     
     # Status
-    status: EmployeeStatus = Field(
-        default=EmployeeStatus.ONBOARDING,
+    status: stafftatus = Field(
+        default=stafftatus.ONBOARDING,
         description="Employee status"
     )
     
@@ -414,7 +414,7 @@ class EmployeeUpdate(BaseModel):
     photo_url: Optional[str] = None
     id_docs: Optional[List[IDDocumentSchema]] = None
     emergency_contact: Optional[EmergencyContactSchema] = None
-    status: Optional[EmployeeStatus] = None
+    status: Optional[stafftatus] = None
     app_access: Optional[AppAccessSchema] = None
     location_settings: Optional[LocationSettingsSchema] = None
     metadata: Optional[Dict[str, Any]] = None
@@ -463,7 +463,7 @@ class EmployeeResponse(BaseModel):
     photo_url: Optional[str]
     id_docs: Optional[List[Dict[str, Any]]]
     emergency_contact: Dict[str, Any]
-    status: EmployeeStatus
+    status: stafftatus
     app_access: Dict[str, Any]
     location_settings: Dict[str, Any]
     created_by: str

app/{employees → staff}/services/service.py

@@ -9,16 +9,16 @@ import logging
 import secrets
 
 from app.nosql import get_database
-from app.constants.collections import SCM_EMPLOYEES_COLLECTION
+from app.constants.collections import SCM_staff_COLLECTION
 from app.constants.employee_types import (
     Designation,
-    EmployeeStatus,
+    stafftatus,
     MANAGER_ALLOWED_DESIGNATIONS,
     MANAGER_REQUIRED_DESIGNATIONS,
     TWO_FA_REQUIRED_DESIGNATIONS,
 )
-from app.employees.models.model import EmployeeModel
-from app.employees.schemas.schema import EmployeeCreate, EmployeeUpdate, EmployeeResponse
+from app.staff.models.model import EmployeeModel
+from app.staff.schemas.schema import EmployeeCreate, EmployeeUpdate, EmployeeResponse
 
 # logger = get_logger(__name__)  # TODO: Uncomment when insightfy_utils is available
 logger = logging.getLogger(__name__)
@@ -32,7 +32,7 @@ def generate_user_id() -> str:
     return f"usr_{secrets.token_urlsafe(16)}"
 
 
-class EmployeeService:
+class staffervice:
     """Service class for employee operations"""
 
     @staticmethod
@@ -47,7 +47,7 @@ class EmployeeService:
             Employee document or None if not found
         """
         try:
-            employee = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one({"user_id": user_id})
+            employee = await get_database()[SCM_staff_COLLECTION].find_one({"user_id": user_id})
             return employee
         except Exception as e:
             logger.error(f"Error fetching employee {user_id}", exc_info=e)
@@ -59,7 +59,7 @@ class EmployeeService:
     @staticmethod
     async def is_employee_code_unique(code: str) -> bool:
         """
-        Check if employee_code is unique across all employees.
+        Check if employee_code is unique across all staff.
         
         Args:
             code: Employee code to check
@@ -68,7 +68,7 @@ class EmployeeService:
             True if unique, False otherwise
         """
         try:
-            existing = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one(
+            existing = await get_database()[SCM_staff_COLLECTION].find_one(
                 {"employee_code": code.upper()}
             )
             return existing is None
@@ -82,7 +82,7 @@ class EmployeeService:
     @staticmethod
     async def is_email_unique(email: str, exclude_user_id: Optional[str] = None) -> bool:
         """
-        Check if email is unique among active employees.
+        Check if email is unique among active staff.
         
         Args:
             email: Email to check
@@ -95,16 +95,16 @@ class EmployeeService:
             query = {
                 "email": email.lower(),
                 "status": {"$in": [
-                    EmployeeStatus.ACTIVE.value,
-                    EmployeeStatus.ONBOARDING.value,
-                    EmployeeStatus.INACTIVE.value,
-                    EmployeeStatus.SUSPENDED.value
+                    stafftatus.ACTIVE.value,
+                    stafftatus.ONBOARDING.value,
+                    stafftatus.INACTIVE.value,
+                    stafftatus.SUSPENDED.value
                 ]}
             }
             if exclude_user_id:
                 query["user_id"] = {"$ne": exclude_user_id}
             
-            existing = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one(query)
+            existing = await get_database()[SCM_staff_COLLECTION].find_one(query)
             return existing is None
         except Exception as e:
             logger.error(f"Error checking email uniqueness", exc_info=e)
@@ -116,7 +116,7 @@ class EmployeeService:
     @staticmethod
     async def is_phone_unique(phone: str, exclude_user_id: Optional[str] = None) -> bool:
         """
-        Check if phone number is unique among active employees.
+        Check if phone number is unique among active staff.
         
         Args:
             phone: Phone number to check
@@ -129,16 +129,16 @@ class EmployeeService:
             query = {
                 "phone": phone,
                 "status": {"$in": [
-                    EmployeeStatus.ACTIVE.value,
-                    EmployeeStatus.ONBOARDING.value,
-                    EmployeeStatus.INACTIVE.value,
-                    EmployeeStatus.SUSPENDED.value
+                    stafftatus.ACTIVE.value,
+                    stafftatus.ONBOARDING.value,
+                    stafftatus.INACTIVE.value,
+                    stafftatus.SUSPENDED.value
                 ]}
             }
             if exclude_user_id:
                 query["user_id"] = {"$ne": exclude_user_id}
             
-            existing = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one(query)
+            existing = await get_database()[SCM_staff_COLLECTION].find_one(query)
             return existing is None
         except Exception as e:
             logger.error(f"Error checking phone uniqueness", exc_info=e)
@@ -166,7 +166,7 @@ class EmployeeService:
             HTTPException if validation fails
         """
         # Get manager
-        manager = await EmployeeService.get_employee_by_id(manager_id)
+        manager = await staffervice.get_employee_by_id(manager_id)
         if not manager:
             raise HTTPException(
                 status_code=status.HTTP_400_BAD_REQUEST,
@@ -174,7 +174,7 @@ class EmployeeService:
             )
 
         # Manager must be active
-        if manager.get("status") != EmployeeStatus.ACTIVE.value:
+        if manager.get("status") != stafftatus.ACTIVE.value:
             raise HTTPException(
                 status_code=status.HTTP_400_BAD_REQUEST,
                 detail="manager must have active status"
@@ -212,7 +212,7 @@ class EmployeeService:
         user_id = payload.user_id or generate_user_id()
         
         # 2) Check employee_code uniqueness
-        code_unique = await EmployeeService.is_employee_code_unique(payload.employee_code)
+        code_unique = await staffervice.is_employee_code_unique(payload.employee_code)
         if not code_unique:
             raise HTTPException(
                 status_code=status.HTTP_400_BAD_REQUEST,
@@ -220,7 +220,7 @@ class EmployeeService:
             )
 
         # 3) Check email uniqueness
-        email_unique = await EmployeeService.is_email_unique(payload.email)
+        email_unique = await staffervice.is_email_unique(payload.email)
         if not email_unique:
             raise HTTPException(
                 status_code=status.HTTP_400_BAD_REQUEST,
@@ -228,7 +228,7 @@ class EmployeeService:
             )
 
         # 4) Check phone uniqueness
-        phone_unique = await EmployeeService.is_phone_unique(payload.phone)
+        phone_unique = await staffervice.is_phone_unique(payload.phone)
         if not phone_unique:
             raise HTTPException(
                 status_code=status.HTTP_400_BAD_REQUEST,
@@ -237,7 +237,7 @@ class EmployeeService:
 
         # 5) Validate manager if provided
         if payload.manager_id:
-            await EmployeeService.validate_manager(
+            await staffervice.validate_manager(
                 payload.manager_id,
                 payload.designation
             )
@@ -281,7 +281,7 @@ class EmployeeService:
             if "id_docs" in employee_dict and employee_dict["id_docs"]:
                 employee_dict["id_docs"] = [dict(doc) for doc in employee_dict["id_docs"]]
             
-            await get_database()[SCM_EMPLOYEES_COLLECTION].insert_one(employee_dict)
+            await get_database()[SCM_staff_COLLECTION].insert_one(employee_dict)
             
             logger.info(
                 f"Created employee {user_id}",
@@ -324,7 +324,7 @@ class EmployeeService:
             HTTPException if employee not found or update fails
         """
         # Check employee exists
-        existing = await EmployeeService.get_employee_by_id(user_id)
+        existing = await staffervice.get_employee_by_id(user_id)
         if not existing:
             raise HTTPException(
                 status_code=status.HTTP_404_NOT_FOUND,
@@ -341,7 +341,7 @@ class EmployeeService:
 
         # Validate email uniqueness if being updated
         if "email" in update_data:
-            email_unique = await EmployeeService.is_email_unique(
+            email_unique = await staffervice.is_email_unique(
                 update_data["email"],
                 exclude_user_id=user_id
             )
@@ -353,7 +353,7 @@ class EmployeeService:
 
         # Validate phone uniqueness if being updated
         if "phone" in update_data:
-            phone_unique = await EmployeeService.is_phone_unique(
+            phone_unique = await staffervice.is_phone_unique(
                 update_data["phone"],
                 exclude_user_id=user_id
             )
@@ -366,7 +366,7 @@ class EmployeeService:
         # Validate manager if being updated
         if "manager_id" in update_data and update_data["manager_id"]:
             designation = update_data.get("designation") or existing.get("designation")
-            await EmployeeService.validate_manager(
+            await staffervice.validate_manager(
                 update_data["manager_id"],
                 Designation(designation)
             )
@@ -393,7 +393,7 @@ class EmployeeService:
                 update_data["id_docs"] = [dict(doc) for doc in update_data["id_docs"]]
             
             # Update in database
-            result = await get_database()[SCM_EMPLOYEES_COLLECTION].update_one(
+            result = await get_database()[SCM_staff_COLLECTION].update_one(
                 {"user_id": user_id},
                 {"$set": update_data}
             )
@@ -402,7 +402,7 @@ class EmployeeService:
                 logger.warning(f"No changes made to employee {user_id}")
 
             # Fetch updated employee
-            updated_employee = await EmployeeService.get_employee_by_id(user_id)
+            updated_employee = await staffervice.get_employee_by_id(user_id)
             
             logger.info(
                 f"Updated employee {user_id}",
@@ -436,7 +436,7 @@ class EmployeeService:
         Raises:
             HTTPException if not found
         """
-        employee = await EmployeeService.get_employee_by_id(user_id)
+        employee = await staffervice.get_employee_by_id(user_id)
         if not employee:
             raise HTTPException(
                 status_code=status.HTTP_404_NOT_FOUND,
@@ -459,7 +459,7 @@ class EmployeeService:
             HTTPException if not found
         """
         try:
-            employee = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one(
+            employee = await get_database()[SCM_staff_COLLECTION].find_one(
                 {"employee_code": employee_code.upper()}
             )
             if not employee:
@@ -478,16 +478,16 @@ class EmployeeService:
             )
 
     @staticmethod
-    async def list_employees(
+    async def list_staff(
         designation: Optional[Designation] = None,
         manager_id: Optional[str] = None,
-        status_filter: Optional[EmployeeStatus] = None,
+        status_filter: Optional[stafftatus] = None,
         region: Optional[str] = None,
         skip: int = 0,
         limit: int = 100
     ) -> List[EmployeeResponse]:
         """
-        List employees with optional filters.
+        List staff with optional filters.
         
         Args:
             designation: Filter by designation
@@ -512,17 +512,17 @@ class EmployeeService:
             if region:
                 query["region"] = region
 
-            # Fetch employees
-            cursor = get_database()[SCM_EMPLOYEES_COLLECTION].find(query).skip(skip).limit(limit)
-            employees = await cursor.to_list(length=limit)
+            # Fetch staff
+            cursor = get_database()[SCM_staff_COLLECTION].find(query).skip(skip).limit(limit)
+            staff = await cursor.to_list(length=limit)
             
-            return [EmployeeResponse(**emp) for emp in employees]
+            return [EmployeeResponse(**emp) for emp in staff]
             
         except Exception as e:
-            logger.error("Error listing employees", exc_info=e)
+            logger.error("Error listing staff", exc_info=e)
             raise HTTPException(
                 status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                detail="Error listing employees"
+                detail="Error listing staff"
             )
 
     @staticmethod
@@ -541,7 +541,7 @@ class EmployeeService:
             HTTPException if not found or has active reports
         """
         # Check employee exists
-        employee = await EmployeeService.get_employee_by_id(user_id)
+        employee = await staffervice.get_employee_by_id(user_id)
         if not employee:
             raise HTTPException(
                 status_code=status.HTTP_404_NOT_FOUND,
@@ -549,11 +549,11 @@ class EmployeeService:
             )
 
         # Check for active direct reports
-        active_reports = await get_database()[SCM_EMPLOYEES_COLLECTION].find_one({
+        active_reports = await get_database()[SCM_staff_COLLECTION].find_one({
             "manager_id": user_id,
             "status": {"$in": [
-                EmployeeStatus.ACTIVE.value,
-                EmployeeStatus.ONBOARDING.value
+                stafftatus.ACTIVE.value,
+                stafftatus.ONBOARDING.value
             ]}
         })
         
@@ -566,11 +566,11 @@ class EmployeeService:
 
         try:
             # Soft delete - set status to terminated
-            await get_database()[SCM_EMPLOYEES_COLLECTION].update_one(
+            await get_database()[SCM_staff_COLLECTION].update_one(
                 {"user_id": user_id},
                 {
                     "$set": {
-                        "status": EmployeeStatus.TERMINATED.value,
+                        "status": stafftatus.TERMINATED.value,
                         "updated_at": datetime.utcnow().isoformat(),
                         "updated_by": deleted_by
                     }

app/utils/db_init.py

@@ -7,7 +7,7 @@ import logging
 from app.nosql import get_database
 from app.constants.collections import (
     SCM_MERCHANTS_COLLECTION,
-    SCM_EMPLOYEES_COLLECTION,
+    SCM_staff_COLLECTION,
     SCM_ROLES_COLLECTION,
     SCM_AUTH_LOGS_COLLECTION,
     SCM_SALES_ORDERS_COLLECTION,
@@ -34,16 +34,16 @@ async def create_indexes():
         await get_database()[SCM_MERCHANTS_COLLECTION].create_index("contact_email")
         logger.info(f"Created indexes for {SCM_MERCHANTS_COLLECTION}")
         
-        # Employees collection indexes
-        await get_database()[SCM_EMPLOYEES_COLLECTION].create_index("associate_id", unique=True)
-        await get_database()[SCM_EMPLOYEES_COLLECTION].create_index("email", unique=True)
-        await get_database()[SCM_EMPLOYEES_COLLECTION].create_index("mobile", unique=True)
-        await get_database()[SCM_EMPLOYEES_COLLECTION].create_index("merchant_id")
-        await get_database()[SCM_EMPLOYEES_COLLECTION].create_index([
+        # staff collection indexes
+        await get_database()[SCM_staff_COLLECTION].create_index("associate_id", unique=True)
+        await get_database()[SCM_staff_COLLECTION].create_index("email", unique=True)
+        await get_database()[SCM_staff_COLLECTION].create_index("mobile", unique=True)
+        await get_database()[SCM_staff_COLLECTION].create_index("merchant_id")
+        await get_database()[SCM_staff_COLLECTION].create_index([
             ("merchant_id", 1),
             ("role_id", 1)
         ])
-        logger.info(f"Created indexes for {SCM_EMPLOYEES_COLLECTION}")
+        logger.info(f"Created indexes for {SCM_staff_COLLECTION}")
         
         # Roles collection indexes
         await get_database()[SCM_ROLES_COLLECTION].create_index([
@@ -100,7 +100,7 @@ async def drop_indexes():
         logger.warning("Dropping all database indexes")
         
         await get_database()[SCM_MERCHANTS_COLLECTION].drop_indexes()
-        await get_database()[SCM_EMPLOYEES_COLLECTION].drop_indexes()
+        await get_database()[SCM_staff_COLLECTION].drop_indexes()
         await get_database()[SCM_ROLES_COLLECTION].drop_indexes()
         await get_database()[SCM_AUTH_LOGS_COLLECTION].drop_indexes()
         await get_database()[SCM_SALES_ORDERS_COLLECTION].drop_indexes()

tests/test_employee_schemas.py

@@ -15,7 +15,7 @@ from app.schemas.employee_schema import (
 )
 from app.constants.employee_types import (
     Designation,
-    EmployeeStatus,
+    stafftatus,
     LocationPrecision,
     IDDocumentType,
 )
@@ -200,7 +200,7 @@ class TestEmployeeCreate:
         assert "E.164" in str(exc_info.value)
     
     def test_age_validation_too_young(self):
-        """Test that employees under 18 are rejected"""
+        """Test that staff under 18 are rejected"""
         data = self.get_valid_employee_data()
         data["dob"] = date.today() - timedelta(days=17*365)  # 17 years old
         with pytest.raises(ValidationError) as exc_info:
@@ -315,10 +315,10 @@ class TestEmployeeUpdate:
         """Test partial update with only some fields"""
         update = EmployeeUpdate(
             first_name="Updated Name",
-            status=EmployeeStatus.ACTIVE
+            status=stafftatus.ACTIVE
         )
         assert update.first_name == "Updated Name"
-        assert update.status == EmployeeStatus.ACTIVE
+        assert update.status == stafftatus.ACTIVE
         assert update.email is None  # Not provided
     
     def test_email_normalization(self):

tests/test_properties_data_models.py

@@ -4,7 +4,7 @@ Feature: scm-authentication
 """
 import pytest
 from hypothesis import given, strategies as st, settings
-from app.constants.collections import SCM_MERCHANTS_COLLECTION, SCM_EMPLOYEES_COLLECTION
+from app.constants.collections import SCM_MERCHANTS_COLLECTION, SCM_staff_COLLECTION
 
 
 # Strategies for generating test data
@@ -35,14 +35,14 @@ async def test_property_associate_id_uniqueness_per_merchant(
     """
     Feature: scm-authentication, Property 8: Associate ID uniqueness per merchant
     
-    For any two employees within the same merchant, their associate_ids should be unique.
+    For any two staff within the same merchant, their associate_ids should be unique.
     Validates: Requirements 1.1
     """
     # Skip if merchant_ids are the same (we want to test within same merchant)
     if merchant_id1 == merchant_id2:
         return
     
-    # Create two employees with different associate_ids in the same merchant
+    # Create two staff with different associate_ids in the same merchant
     employee1 = {
         "associate_id": f"{merchant_id1}_e001",
         "merchant_id": merchant_id1,
@@ -63,17 +63,17 @@ async def test_property_associate_id_uniqueness_per_merchant(
         "merchant_type": "salon"
     }
     
-    # Insert both employees
-    await test_db[SCM_EMPLOYEES_COLLECTION].insert_one(employee1)
-    await test_db[SCM_EMPLOYEES_COLLECTION].insert_one(employee2)
+    # Insert both staff
+    await test_db[SCM_staff_COLLECTION].insert_one(employee1)
+    await test_db[SCM_staff_COLLECTION].insert_one(employee2)
     
     # Verify both exist
-    count = await test_db[SCM_EMPLOYEES_COLLECTION].count_documents({"merchant_id": merchant_id1})
+    count = await test_db[SCM_staff_COLLECTION].count_documents({"merchant_id": merchant_id1})
     assert count == 2
     
     # Verify associate_ids are unique
-    employees = await test_db[SCM_EMPLOYEES_COLLECTION].find({"merchant_id": merchant_id1}).to_list(None)
-    associate_ids = [emp["associate_id"] for emp in employees]
+    staff = await test_db[SCM_staff_COLLECTION].find({"merchant_id": merchant_id1}).to_list(None)
+    associate_ids = [emp["associate_id"] for emp in staff]
     assert len(associate_ids) == len(set(associate_ids)), "Associate IDs must be unique within a merchant"