feat(staff): Add dependency injection and enforce merchant_id from authentication token

- Add AsyncIOMotorDatabase and AsyncSession dependency injection to all staff endpoints
- Inject get_database and get_postgres_session dependencies into router handlers
- Refactor StaffService to accept db and pg_session as constructor parameters
- Enforce merchant_id from authentication token in create_staff endpoint
- Add merchant_id validation to get_staff_by_code and get_staff_by_id endpoints
- Add merchant_id enforcement to update_staff endpoint with payload sanitization
- Update list_staff to use service instance with injected dependencies
- Add security checks to prevent merchant_id tampering across all endpoints
- Update docstrings to clarify merchant_id is taken from token and cannot be overridden
- Refactor sync service to support dependency injection pattern
- Update staff schema to align with merchant access control requirements

app/staff/controllers/router.py

@@ -5,6 +5,8 @@ Consolidated POS staff management.
 from typing import Optional, List
 from fastapi import APIRouter, HTTPException, Query, status, Header, Depends
 import logging
+from motor.core import AgnosticDatabase as AsyncIOMotorDatabase
+from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.dependencies.auth import TokenUser
 from app.dependencies.pos_permissions import require_pos_permission
@@ -17,6 +19,8 @@ from app.staff.schemas.staff_schema import (
     StaffListResponse
 )
 from app.staff.services.staff_service import StaffService
+from app.nosql import get_database
+from app.sql import get_postgres_session
 
 logger = logging.getLogger(__name__)
 
@@ -35,13 +39,14 @@ router = APIRouter(
 )
 async def create_staff(
     payload: StaffCreateSchema,
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "create"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "create")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ) -> StaffResponseSchema:
     """
     Create a new staff member.
     
     **Required fields:**
-    - merchant_id: Store/merchant identifier (optional - taken from token if not provided)
     - name: Full name
     - role: Position (e.g., Stylist, Cashier, Manager)
     - contact: Phone and email
@@ -52,17 +57,20 @@ async def create_staff(
     - working_hours: Weekly schedule
     - photo_url: Profile photo URL (HTTPS only)
     - notes: Additional information
+    
+    **Security Note:**
+    merchant_id is automatically taken from authentication token and cannot be overridden.
     """
-    # Use merchant_id from token if not provided in request
-    merchant_id = payload.merchant_id
-    if merchant_id is None:
-        if not current_user.merchant_id:
-            raise HTTPException(status_code=400, detail="merchant_id must be provided in request or token")
-        merchant_id = current_user.merchant_id
+    # SECURITY: Always use merchant_id from token, ignore any UI-provided value
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
     
-    # Update payload with resolved merchant_id
-    payload.merchant_id = merchant_id
-    return await StaffService.create_staff(payload)
+    # Force merchant_id from token (ignore any UI-provided value)
+    payload.merchant_id = current_user.merchant_id
+    
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    return await service.create_staff(payload)
 
 
 @router.post(
@@ -72,7 +80,9 @@ async def create_staff(
 )
 async def list_staff(
     req: StaffListRequest,
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ):
     """
     List staff members with optional filters, pagination, and projection support.
@@ -88,7 +98,9 @@ async def list_staff(
     if not current_user.merchant_id:
         raise HTTPException(status_code=400, detail="merchant_id must be available in token")
     
-    staff_list, total = await StaffService.list_staff(
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    staff_list, total = await service.list_staff(
         merchant_id=current_user.merchant_id,
         designation=req.designation,
         manager_id=req.manager_id,
@@ -124,12 +136,21 @@ async def list_staff(
 )
 async def get_staff_by_code(
     staff_code: str,
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ) -> StaffResponseSchema:
     """
     Get staff member by their unique staff code (case-insensitive).
+    Only returns staff belonging to the authenticated merchant.
     """
-    staff = await StaffService.get_staff_by_code(staff_code)
+    # SECURITY: Ensure merchant_id is available in token
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
+    
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    staff = await service.get_staff_by_code(staff_code, current_user.merchant_id)
     if not staff:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
@@ -145,12 +166,21 @@ async def get_staff_by_code(
 )
 async def get_staff(
     staff_id: str,
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "view")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ) -> StaffResponseSchema:
     """
     Get detailed information about a specific staff member by ID.
+    Only returns staff belonging to the authenticated merchant.
     """
-    staff = await StaffService.get_staff_by_id(staff_id)
+    # SECURITY: Ensure merchant_id is available in token
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
+    
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    staff = await service.get_staff_by_id(staff_id, current_user.merchant_id)
     if not staff:
         raise HTTPException(
             status_code=status.HTTP_404_NOT_FOUND,
@@ -168,19 +198,36 @@ async def update_staff(
     staff_id: str,
     payload: StaffUpdateSchema,
     x_user_id: Optional[str] = Header(None, description="User ID making the update"),
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "update"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "update")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ) -> StaffResponseSchema:
     """
     Update staff member information.
     
     All fields are optional - only provided fields will be updated.
+    Only allows updating staff belonging to the authenticated merchant.
     
     **Validations:**
+    - Staff must belong to authenticated merchant
     - Email uniqueness (if changing email)
     - Phone uniqueness (if changing phone)
     - Manager validation (if changing manager)
+    
+    **Security Note:**
+    merchant_id cannot be changed and is enforced from authentication token.
     """
-    return await StaffService.update_staff(staff_id, payload, x_user_id)
+    # SECURITY: Ensure merchant_id is available in token
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
+    
+    # SECURITY: Remove any merchant_id from payload to prevent tampering
+    if hasattr(payload, 'merchant_id'):
+        payload.merchant_id = None
+    
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    return await service.update_staff(staff_id, payload, current_user.merchant_id, x_user_id)
 
 
 @router.patch(
@@ -192,12 +239,15 @@ async def update_staff_status(
     staff_id: str,
     new_status: str,
     x_user_id: Optional[str] = Header(None, description="User ID making the update"),
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "update"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "update")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ) -> StaffResponseSchema:
     """
     Update staff status.
     
     Convenience endpoint for status changes (e.g., onboarding → active, active → suspended).
+    Only allows updating staff belonging to the authenticated merchant.
     
     **Status Transitions:**
     - onboarding → active (activation)
@@ -205,8 +255,14 @@ async def update_staff_status(
     - active → suspended (disciplinary)
     - active/inactive/suspended → terminated (termination)
     """
+    # SECURITY: Ensure merchant_id is available in token
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
+    
     update_payload = StaffUpdateSchema(status=new_status)
-    return await StaffService.update_staff(staff_id, update_payload, x_user_id)
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    return await service.update_staff(staff_id, update_payload, current_user.merchant_id, x_user_id)
 
 
 @router.delete(
@@ -216,11 +272,20 @@ async def update_staff_status(
 async def delete_staff(
     staff_id: str,
     x_user_id: Optional[str] = Header(None, description="User ID performing the deletion"),
-    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "delete"))
+    current_user: TokenUser = Depends(require_pos_permission("retail_staff", "delete")),
+    db: AsyncIOMotorDatabase = Depends(get_database),
+    pg_session: AsyncSession = Depends(get_postgres_session)
 ):
     """
     Delete a staff member (soft delete - sets status to inactive/terminated).
+    Only allows deleting staff belonging to the authenticated merchant.
     
     Cannot delete staff with active direct reports.
     """
-    return await StaffService.delete_staff(staff_id, x_user_id)
+    # SECURITY: Ensure merchant_id is available in token
+    if not current_user.merchant_id:
+        raise HTTPException(status_code=400, detail="merchant_id must be available in authentication token")
+    
+    # Create service instance with dependencies
+    service = StaffService(db, pg_session)
+    return await service.delete_staff(staff_id, current_user.merchant_id, x_user_id)

app/staff/schemas/staff_schema.py

@@ -35,7 +35,7 @@ class WorkingHoursSchema(BaseModel):
 
 class StaffCreateSchema(BaseModel):
     """Schema for creating a new staff member."""
-    merchant_id: Optional[str] = Field(None, description="Merchant/store identifier", min_length=3, max_length=50)
+    # NOTE: merchant_id is automatically set from authentication token and cannot be provided via API
     name: str = Field(..., description="Staff member name", min_length=1, max_length=100)
     role: str = Field(..., description="Role/position", min_length=1, max_length=50)
     staff_code: Optional[str] = Field(None, description="Unique staff code (optional)", max_length=20)
@@ -46,6 +46,9 @@ class StaffCreateSchema(BaseModel):
     photo_url: Optional[str] = Field(None, description="Profile photo URL")
     notes: Optional[str] = Field(None, description="Additional notes", max_length=500)
     
+    # Internal field set by service layer from token
+    merchant_id: Optional[str] = Field(None, exclude=True, description="Internal field - set from authentication token")
+    
     @field_validator('photo_url')
     @classmethod
     def validate_photo_url(cls, v):

app/staff/services/staff_service.py

@@ -8,54 +8,17 @@ from fastapi import HTTPException
 from fastapi import status as http_status
 import logging
 import secrets
-from sqlalchemy import text
+from sqlalchemy.ext.asyncio import AsyncSession
 
 from app.nosql import get_database
-from app.sql import get_postgres_session
 from app.constants.collections import POS_STAFF_COLLECTION
 from app.staff.models.staff_model import StaffModel
 from app.staff.schemas.staff_schema import StaffCreateSchema, StaffUpdateSchema, StaffResponseSchema
+from app.sync.staff.sync_service import StaffSyncService
 
 logger = logging.getLogger(__name__)
 
 
-
-
-async def sync_staff_to_postgres(staff_id: str, merchant_id: str, staff_name: str):
-    """
-    Sync staff data to PostgreSQL trans.pos_staff_ref table.
-    
-    Args:
-        staff_id: Staff UUID
-        merchant_id: Merchant UUID  
-        staff_name: Staff member name
-    """
-    try:
-        async with get_postgres_session() as session:
-            if session is None:
-                logger.warning("PostgreSQL not available, skipping staff sync")
-                return
-            
-            query = text("""
-                INSERT INTO trans.pos_staff_ref (staff_id, merchant_id, staff_name, created_at, updated_at)
-                VALUES (:staff_id, :merchant_id, :staff_name, NOW(), NOW())
-                ON CONFLICT (staff_id) 
-                DO UPDATE SET 
-                    staff_name = EXCLUDED.staff_name,
-                    updated_at = NOW()
-            """)
-            
-            await session.execute(query, {
-                "staff_id": staff_id,
-                "merchant_id": merchant_id,
-                "staff_name": staff_name
-            })
-            await session.commit()
-            logger.info(f"Synced staff {staff_id} to trans.pos_staff_ref")
-            
-    except Exception as e:
-        logger.error(f"Failed to sync staff {staff_id} to PostgreSQL: {e}")
-        # Don't raise - PostgreSQL sync is secondary to MongoDB
 def generate_staff_id() -> str:
     """Generate a unique staff ID."""
     return f"staff_{secrets.token_urlsafe(16)}"
@@ -63,9 +26,14 @@ def generate_staff_id() -> str:
 
 class StaffService:
     """Service class for staff operations."""
+    
+    def __init__(self, db, pg_session: AsyncSession = None):
+        self.db = db
+        self.collection = db[POS_STAFF_COLLECTION]
+        self.pg_session = pg_session
+        self.sync_service = StaffSyncService(pg_session) if pg_session else None
 
-    @staticmethod
-    async def create_staff(payload: StaffCreateSchema) -> StaffResponseSchema:
+    async def create_staff(self, payload: StaffCreateSchema) -> StaffResponseSchema:
         """
         Create a new staff member.
         
@@ -86,15 +54,30 @@ class StaffService:
             staff_data["created_at"] = now
             staff_data["updated_at"] = now
             
-            # Insert into database
-            await get_database()[POS_STAFF_COLLECTION].insert_one(staff_data)
+            # Insert into MongoDB
+            await self.collection.insert_one(staff_data)
             
-            # Sync to PostgreSQL trans.pos_staff_ref
-            await sync_staff_to_postgres(
-                staff_id=staff_id,
-                merchant_id=payload.merchant_id,
-                staff_name=payload.name
-            )
+            # Sync to PostgreSQL trans.pos_staff_ref if sync service is available
+            if self.sync_service:
+                try:
+                    # Prepare sync data
+                    sync_data = {
+                        "staff_id": staff_id,
+                        "merchant_id": payload.merchant_id,
+                        "name": payload.name,
+                        "phone": payload.contact.phone if payload.contact else None,
+                        "email": payload.contact.email if payload.contact else None,
+                        "role": payload.role,
+                        "status": payload.status if hasattr(payload, 'status') else "active",
+                        "created_at": now,
+                        "updated_at": now
+                    }
+                    
+                    await self.sync_service.create_staff_ref(sync_data)
+                    logger.info(f"Staff synced to PostgreSQL: {staff_id}")
+                except Exception as sync_error:
+                    logger.error(f"Failed to sync staff to PostgreSQL: {sync_error}")
+                    # Don't raise - PostgreSQL sync is secondary to MongoDB
             
             logger.info(f"Created staff {staff_id} for merchant {payload.merchant_id}")
             
@@ -108,11 +91,20 @@ class StaffService:
                 detail=f"Error creating staff: {str(e)}"
             )
 
-    @staticmethod
-    async def get_staff_by_id(staff_id: str) -> Optional[StaffResponseSchema]:
-        """Get staff by ID."""
+    async def get_staff_by_id(self, staff_id: str, merchant_id: str) -> Optional[StaffResponseSchema]:
+        """
+        Get staff by ID, ensuring it belongs to the specified merchant.
+        
+        Args:
+            staff_id: Staff ID to retrieve
+            merchant_id: Merchant ID from authentication token
+        """
         try:
-            staff = await get_database()[POS_STAFF_COLLECTION].find_one({"staff_id": staff_id})
+            # SECURITY: Query with both staff_id AND merchant_id
+            staff = await self.collection.find_one({
+                "staff_id": staff_id,
+                "merchant_id": merchant_id
+            })
             if not staff:
                 return None
             
@@ -159,11 +151,20 @@ class StaffService:
                 detail="Error retrieving staff"
             )
 
-    @staticmethod
-    async def get_staff_by_code(staff_code: str) -> Optional[StaffResponseSchema]:
-        """Get staff by staff code."""
+    async def get_staff_by_code(self, staff_code: str, merchant_id: str) -> Optional[StaffResponseSchema]:
+        """
+        Get staff by staff code, ensuring it belongs to the specified merchant.
+        
+        Args:
+            staff_code: Staff code to search for
+            merchant_id: Merchant ID from authentication token
+        """
         try:
-            staff = await get_database()[POS_STAFF_COLLECTION].find_one({"staff_code": staff_code.upper()})
+            # SECURITY: Query with both staff_code AND merchant_id
+            staff = await self.collection.find_one({
+                "staff_code": staff_code.upper(),
+                "merchant_id": merchant_id
+            })
             if not staff:
                 return None
             
@@ -210,24 +211,27 @@ class StaffService:
                 detail="Error retrieving staff"
             )
 
-    @staticmethod
     async def update_staff(
+        self,
         staff_id: str,
         payload: StaffUpdateSchema,
+        merchant_id: str,
         x_user_id: Optional[str] = None
     ) -> StaffResponseSchema:
         """
-        Update staff information.
+        Update staff information, ensuring it belongs to the specified merchant.
         
         Args:
             staff_id: Staff ID to update
             payload: Update data
+            merchant_id: Merchant ID from authentication token
+            x_user_id: User ID making the update
             
         Returns:
             Updated staff response
         """
-        # Check staff exists
-        existing = await StaffService.get_staff_by_id(staff_id)
+        # SECURITY: Check staff exists and belongs to merchant
+        existing = await self.get_staff_by_id(staff_id, merchant_id)
         if not existing:
             raise HTTPException(
                 status_code=http_status.HTTP_404_NOT_FOUND,
@@ -246,20 +250,33 @@ class StaffService:
         update_data["updated_at"] = datetime.utcnow()
 
         try:
-            # Update in database
-            result = await get_database()[POS_STAFF_COLLECTION].update_one(
-                {"staff_id": staff_id},
+            # SECURITY: Update only for the specific merchant
+            result = await self.collection.update_one(
+                {"staff_id": staff_id, "merchant_id": merchant_id},
                 {"$set": update_data}
             )
-            updated_staff = await StaffService.get_staff_by_id(staff_id)
+            updated_staff = await self.get_staff_by_id(staff_id, merchant_id)
 
-            # Sync to PostgreSQL if name was updated
-            if updated_staff and "name" in update_data:
-                await sync_staff_to_postgres(
-                    staff_id=staff_id,
-                    merchant_id=updated_staff.merchant_id,
-                    staff_name=updated_staff.name
-                )
+            # Sync to PostgreSQL if sync service is available and relevant fields were updated
+            if self.sync_service and updated_staff and any(field in update_data for field in ["name", "contact", "role", "status"]):
+                try:
+                    # Prepare sync data
+                    sync_data = {
+                        "staff_id": staff_id,
+                        "merchant_id": updated_staff.merchant_id,
+                        "name": updated_staff.name,
+                        "phone": updated_staff.contact.phone if updated_staff.contact else None,
+                        "email": updated_staff.contact.email if updated_staff.contact else None,
+                        "role": updated_staff.role,
+                        "status": updated_staff.status,
+                        "updated_at": datetime.utcnow()
+                    }
+                    
+                    await self.sync_service.update_staff_ref(staff_id, sync_data)
+                    logger.info(f"Staff update synced to PostgreSQL: {staff_id}")
+                except Exception as sync_error:
+                    logger.error(f"Failed to sync staff update to PostgreSQL: {sync_error}")
+                    # Don't raise - PostgreSQL sync is secondary to MongoDB
 
             if result.modified_count == 0:
                 logger.warning(f"No changes made to staff {staff_id}")
@@ -275,8 +292,8 @@ class StaffService:
                 detail=f"Error updating staff: {str(e)}"
             )
 
-    @staticmethod
     async def list_staff(
+        self,
         merchant_id: Optional[str] = None,
         designation: Optional[str] = None,
         manager_id: Optional[str] = None,
@@ -327,10 +344,10 @@ class StaffService:
                 projection_dict["_id"] = 0
 
             # Get total count
-            total = await get_database()[POS_STAFF_COLLECTION].count_documents(query)
+            total = await self.collection.count_documents(query)
 
             # Fetch staff
-            cursor = get_database()[POS_STAFF_COLLECTION].find(query, projection_dict).skip(skip).limit(limit)
+            cursor = self.collection.find(query, projection_dict).skip(skip).limit(limit)
             staff_list = await cursor.to_list(length=limit)
             
             # Return raw dict if projection used, model otherwise
@@ -384,9 +401,10 @@ class StaffService:
                 detail="Error listing staff"
             )
 
-    @staticmethod
     async def delete_staff(
+        self,
         staff_id: str,
+        merchant_id: str,
         x_user_id: Optional[str] = None
     ) -> Dict[str, str]:
         """
@@ -394,12 +412,14 @@ class StaffService:
         
         Args:
             staff_id: Staff ID to delete
+            merchant_id: Merchant ID from authentication token
+            x_user_id: User ID performing the deletion
             
         Returns:
             Success message
         """
-        # Check staff exists
-        existing = await StaffService.get_staff_by_id(staff_id)
+        # SECURITY: Check staff exists and belongs to merchant
+        existing = await self.get_staff_by_id(staff_id, merchant_id)
         if not existing:
             raise HTTPException(
                 status_code=http_status.HTTP_404_NOT_FOUND,
@@ -407,9 +427,9 @@ class StaffService:
             )
 
         try:
-            # Soft delete - set status to inactive
-            await get_database()[POS_STAFF_COLLECTION].update_one(
-                {"staff_id": staff_id},
+            # SECURITY: Soft delete only for the specific merchant
+            await self.collection.update_one(
+                {"staff_id": staff_id, "merchant_id": merchant_id},
                 {
                     "$set": {
                         "status": "inactive",
@@ -418,6 +438,15 @@ class StaffService:
                 }
             )
             
+            # Sync status to PostgreSQL if sync service is available
+            if self.sync_service:
+                try:
+                    await self.sync_service.sync_staff_status(staff_id, "inactive")
+                    logger.info(f"Staff deletion synced to PostgreSQL: {staff_id}")
+                except Exception as sync_error:
+                    logger.error(f"Failed to sync staff deletion to PostgreSQL: {sync_error}")
+                    # Don't raise - PostgreSQL sync is secondary to MongoDB
+            
             logger.info(f"Deleted staff {staff_id}")
             return {"message": f"Staff {staff_id} deleted successfully"}
             

app/sync/models.py

@@ -27,7 +27,7 @@ class CustomerRef(Base):
 
 class StaffRef(Base):
     """PostgreSQL reference table for staff"""
-    __tablename__ = "staff_ref"
+    __tablename__ = "pos_staff_ref"
     __table_args__ = {"schema": "trans"}
 
     staff_id = Column(String, primary_key=True)

app/sync/staff/sync_service.py

@@ -30,7 +30,7 @@ class StaffSyncService:
                 SELECT 1 
                 FROM information_schema.tables 
                 WHERE table_schema = 'trans' 
-                  AND table_name = 'staff_ref'
+                  AND table_name = 'pos_staff_ref'
                 LIMIT 1
             """)
             result = await self.pg_session.execute(check_query)
@@ -39,7 +39,7 @@ class StaffSyncService:
             if not exists:
                 # Create table
                 create_table_sql = """
-                CREATE TABLE trans.staff_ref (
+                CREATE TABLE trans.pos_staff_ref (
                     staff_id VARCHAR PRIMARY KEY,
                     merchant_id VARCHAR NOT NULL,
                     name VARCHAR(150) NOT NULL,
@@ -52,12 +52,12 @@ class StaffSyncService:
                     updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
                 );
                 
-                CREATE INDEX idx_staff_ref_merchant_id ON trans.staff_ref(merchant_id);
-                CREATE INDEX idx_staff_ref_status ON trans.staff_ref(status);
+                CREATE INDEX idx_pos_staff_ref_merchant_id ON trans.pos_staff_ref(merchant_id);
+                CREATE INDEX idx_pos_staff_ref_status ON trans.pos_staff_ref(status);
                 """
                 await self.pg_session.execute(text(create_table_sql))
                 await self.pg_session.commit()
-                logger.info("✅ Created staff_ref table in trans schema")
+                logger.info("✅ Created pos_staff_ref table in trans schema")
                 
         except Exception as e:
             logger.warning(f"Schema/table creation failed (may already exist): {e}")