Merge pull request 'feat/ci-overhaul-20251029' (#11 ) from feat/ci-overhaul-20251029 into main

Reviewed-on: #11
Merge https://git.allucanget.biz/allucanget/calminer into feat/ci-overhaul-20251029
2025-11-02 18:13:14 +01:00 · 2025-11-02 16:29:25 +01:00 · 2025-11-02 16:29:19 +01:00 · 2025-11-02 15:59:22 +01:00 · 2025-11-02 13:40:06 +01:00 · 2025-11-02 13:09:09 +01:00
130 changed files with 4751 additions and 1651 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -10,6 +10,8 @@ venv/
 .vscode
 .git
 .gitignore
 .gitea
 .github
 .DS_Store
 dist
 build
@@ -17,5 +19,9 @@ build
 *.sqlite3
 .env
 .env.*
-.Dockerfile
+coverage/
-.dockerignore
+logs/
 backups/
 tests/e2e/artifacts/
 scripts/__pycache__/
 reports/
--- a/.gitea/workflows/build-and-push.yml
+++ b/.gitea/workflows/build-and-push.yml
@@ -1,59 +0,0 @@
 name: Build and Push Docker Image
 on:
  push:
    branches:
      - main
 jobs:
  build-and-push:
    runs-on: ubuntu-latest
    env:
      DEFAULT_BRANCH: main
      REGISTRY_ORG: allucanget
      REGISTRY_IMAGE_NAME: calminer
      REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Collect workflow metadata
        id: meta
        shell: bash
        run: |
          ref_name="${GITHUB_REF_NAME:-${GITHUB_REF##*/}}"
          event_name="${GITHUB_EVENT_NAME:-}"
          sha="${GITHUB_SHA:-}"
          if [ "$ref_name" = "${DEFAULT_BRANCH:-main}" ]; then
            echo "on_default=true" >> "$GITHUB_OUTPUT"
          else
            echo "on_default=false" >> "$GITHUB_OUTPUT"
          fi
          echo "ref_name=$ref_name" >> "$GITHUB_OUTPUT"
          echo "event_name=$event_name" >> "$GITHUB_OUTPUT"
          echo "sha=$sha" >> "$GITHUB_OUTPUT"
      - name: Set up QEMU and Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to Gitea registry
        if: ${{ steps.meta.outputs.on_default == 'true' }}
        uses: docker/login-action@v3
        continue-on-error: true
        with:
          registry: ${{ env.REGISTRY_URL }}
          username: ${{ env.REGISTRY_USERNAME }}
          password: ${{ env.REGISTRY_PASSWORD }}
      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          file: Dockerfile
          push: ${{ steps.meta.outputs.on_default == 'true' && steps.meta.outputs.event_name != 'pull_request' && (env.REGISTRY_URL != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '') }}
          tags: |
            ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_ORG }}/${{ env.REGISTRY_IMAGE_NAME }}:latest
            ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_ORG }}/${{ env.REGISTRY_IMAGE_NAME }}:${{ steps.meta.outputs.sha }}
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,74 @@
 name: CI
 on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main, develop]
 jobs:
  test:
    env:
      APT_CACHER_NG: http://192.168.88.14:3142
      DB_DRIVER: postgresql+psycopg2
      DB_HOST: 192.168.88.35
      DB_NAME: calminer_test
      DB_USER: calminer
      DB_PASSWORD: calminer_password
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:17
        env:
          POSTGRES_USER: ${ { env.DB_USER } }
          POSTGRES_PASSWORD: ${ { env.DB_PASSWORD } }
          POSTGRES_DB: ${ { env.DB_NAME } }
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      - name: Update apt-cacher-ng config
        run: |-
          echo 'Acquire::http::Proxy "{{ env.APT_CACHER_NG }}";' | tee /etc/apt/apt.conf.d/01apt-cacher-ng
          apt-get update
      - name: Update system packages
        run: apt-get upgrade -y
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements.txt
          pip install -r requirements-test.txt
      - name: Install Playwright system dependencies
        run: playwright install-deps
      - name: Install Playwright browsers
        run: playwright install
      - name: Run tests
        env:
          DATABASE_DRIVER: ${ { env.DB_DRIVER } }
          DATABASE_HOST: ${ { env.DB_HOST } }
          DATABASE_PORT: 5432
          DATABASE_USER: ${ { env.DB_USER } }
          DATABASE_PASSWORD: ${ { env.DB_PASSWORD } }
          DATABASE_NAME: ${ { env.DB_NAME } }
        run: |
          pytest tests/ --cov=.
      - name: Build Docker image
        run: |
          docker build -t calminer .
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,36 +0,0 @@
 name: Deploy to Server
 on:
  push:
    branches:
      - main
 jobs:
  deploy:
    runs-on: ubuntu-latest
    env:
      DEFAULT_BRANCH: main
      REGISTRY_ORG: allucanget
      REGISTRY_IMAGE_NAME: calminer
      REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
      REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
    steps:
      - name: SSH and deploy
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          script: |
            docker pull ${{ env.REGISTRY_URL }}/${{ env.REGISTRY_ORG }}/${{ env.REGISTRY_IMAGE_NAME }}:latest
            docker stop calminer || true
            docker rm calminer || true
            docker run -d --name calminer -p 8000:8000 \
              -e DATABASE_DRIVER=${{ secrets.DATABASE_DRIVER }} \
              -e DATABASE_HOST=${{ secrets.DATABASE_HOST }} \
              -e DATABASE_PORT=${{ secrets.DATABASE_PORT }} \
              -e DATABASE_USER=${{ secrets.DATABASE_USER }} \
              -e DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }} \
              -e DATABASE_NAME=${{ secrets.DATABASE_NAME }} \
              -e DATABASE_SCHEMA=${{ secrets.DATABASE_SCHEMA }} \
              ${{ secrets.REGISTRY_URL }}/${{ secrets.REGISTRY_USERNAME }}/calminer:latest
--- a/.gitea/workflows/test.yml
+++ b/.gitea/workflows/test.yml
@@ -1,125 +0,0 @@
 name: Run Tests
 on: [push]
 jobs:
  test:
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_DB: calminer_ci
          POSTGRES_USER: calminer
          POSTGRES_PASSWORD: secret
        ports:
          - 5432:5432
        options: >-
          --health-cmd "pg_isready -U calminer -d calminer_ci"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 10
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"
      - name: Configure apt proxy
        run: |
          set -euo pipefail
          PROXY_HOST="http://apt-cacher:3142"
          if ! curl -fsS --connect-timeout 3 "${PROXY_HOST}" >/dev/null; then
            PROXY_HOST="http://192.168.88.14:3142"
          fi
          echo "Using APT proxy ${PROXY_HOST}"
          echo "http_proxy=${PROXY_HOST}" >> "$GITHUB_ENV"
          echo "https_proxy=${PROXY_HOST}" >> "$GITHUB_ENV"
          echo "HTTP_PROXY=${PROXY_HOST}" >> "$GITHUB_ENV"
          echo "HTTPS_PROXY=${PROXY_HOST}" >> "$GITHUB_ENV"
          sudo tee /etc/apt/apt.conf.d/01proxy >/dev/null <<EOF
          Acquire::http::Proxy "${PROXY_HOST}";
          Acquire::https::Proxy "${PROXY_HOST}";
          EOF
      # - name: Cache pip
      #   uses: actions/cache@v4
      #   with:
      #     path: ~/.cache/pip
      #     key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt', 'requirements-test.txt') }}
      #     restore-keys: |
      #       ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
      #       ${{ runner.os }}-pip-
      - name: Install dependencies
        run: |
          pip install -r requirements.txt
          pip install -r requirements-test.txt
      - name: Install Playwright browsers
        run: |
          python -m playwright install --with-deps
      - name: Wait for database service
        env:
          DATABASE_DRIVER: postgresql
          DATABASE_HOST: postgres
          DATABASE_PORT: "5432"
          DATABASE_NAME: calminer_ci
          DATABASE_USER: calminer
          DATABASE_PASSWORD: secret
          DATABASE_SCHEMA: public
          DATABASE_SUPERUSER: calminer
          DATABASE_SUPERUSER_PASSWORD: secret
          DATABASE_SUPERUSER_DB: calminer_ci
        run: |
          python - <<'PY'
          import os
          import time
          import psycopg2
          dsn = (
              f"dbname={os.environ['DATABASE_SUPERUSER_DB']} "
              f"user={os.environ['DATABASE_SUPERUSER']} "
              f"password={os.environ['DATABASE_SUPERUSER_PASSWORD']} "
              f"host={os.environ['DATABASE_HOST']} "
              f"port={os.environ['DATABASE_PORT']}"
          )
          for attempt in range(30):
              try:
                  with psycopg2.connect(dsn):
                      break
              except psycopg2.OperationalError:
                  time.sleep(2)
          else:
              raise SystemExit("Postgres service did not become available")
          PY
      - name: Run database setup (dry run)
        env:
          DATABASE_DRIVER: postgresql
          DATABASE_HOST: postgres
          DATABASE_PORT: "5432"
          DATABASE_NAME: calminer_ci
          DATABASE_USER: calminer
          DATABASE_PASSWORD: secret
          DATABASE_SCHEMA: public
          DATABASE_SUPERUSER: calminer
          DATABASE_SUPERUSER_PASSWORD: secret
          DATABASE_SUPERUSER_DB: calminer_ci
        run: python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data --dry-run -v
      - name: Run database setup
        env:
          DATABASE_DRIVER: postgresql
          DATABASE_HOST: postgres
          DATABASE_PORT: "5432"
          DATABASE_NAME: calminer_ci
          DATABASE_USER: calminer
          DATABASE_PASSWORD: secret
          DATABASE_SCHEMA: public
          DATABASE_SUPERUSER: calminer
          DATABASE_SUPERUSER_PASSWORD: secret
          DATABASE_SUPERUSER_DB: calminer_ci
        run: python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data -v
      - name: Run tests
        env:
          DATABASE_URL: postgresql+psycopg2://calminer:secret@postgres:5432/calminer_ci
          DATABASE_SCHEMA: public
        run: pytest
--- a/.gitignore
+++ b/.gitignore
@@ -38,6 +38,9 @@ htmlcov/
 # Mypy cache
 .mypy_cache/
 # Linting cache
 .ruff_cache/
 # Logs
 *.log
 logs/
@@ -45,3 +48,6 @@ logs/
 # SQLite database
 *.sqlite3
 test*.db
 # Act runner files
 .runner
--- a/.prettierrc
+++ b/.prettierrc
@@ -0,0 +1,8 @@
 {
  "semi": true,
  "singleQuote": true,
  "trailingComma": "es5",
  "printWidth": 80,
  "tabWidth": 2,
  "useTabs": false
 }
--- a/128
+++ b/128
@@ -1,35 +1,111 @@
-# Multi-stage Dockerfile to keep final image small
+# syntax=docker/dockerfile:1.7
 FROM python:3.10-slim AS builder
-# Install build-time packages and Python dependencies in one layer
+ARG PYTHON_VERSION=3.11-slim
-WORKDIR /app
+ARG APT_CACHE_URL=http://192.168.88.14:3142
-COPY requirements.txt /app/requirements.txt
+
-RUN echo 'Acquire::http::Proxy "http://192.168.88.14:3142";' > /etc/apt/apt.conf.d/90proxy
+FROM python:${PYTHON_VERSION} AS builder
-RUN apt-get update \
+ARG APT_CACHE_URL
-    && apt-get install -y --no-install-recommends build-essential gcc libpq-dev \
+
-    && python -m pip install --upgrade pip \
+ENV \
-    && pip install --no-cache-dir --prefix=/install -r /app/requirements.txt \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
-    && apt-get purge -y --auto-remove build-essential gcc \
+    PIP_NO_CACHE_DIR=1 \
-    && rm -rf /var/lib/apt/lists/*
+    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1
 FROM python:3.10-slim
 WORKDIR /app
-# Copy installed packages from builder
+COPY requirements.txt ./requirements.txt
 COPY --from=builder /install /usr/local
-# Assume environment variables for DB config will be set at runtime
+RUN --mount=type=cache,target=/root/.cache/pip /bin/bash <<'EOF'
-# ENV DATABASE_HOST=your_db_host
+set -e
-# ENV DATABASE_PORT=your_db_port
+
-# ENV DATABASE_NAME=your_db_name
+python3 <<'PY'
-# ENV DATABASE_USER=your_db_user
+import os, socket, urllib.parse
-# ENV DATABASE_PASSWORD=your_db_password
+
 url = os.environ.get('APT_CACHE_URL', '').strip()
 if url:
    parsed = urllib.parse.urlparse(url)
    host = parsed.hostname
    port = parsed.port or (80 if parsed.scheme == 'http' else 443)
    if host:
        sock = socket.socket()
        sock.settimeout(1)
        try:
            sock.connect((host, port))
        except OSError:
            pass
        else:
            with open('/etc/apt/apt.conf.d/01proxy', 'w', encoding='utf-8') as fh:
                fh.write(f"Acquire::http::Proxy \"{url}\";\n")
                fh.write(f"Acquire::https::Proxy \"{url}\";\n")
        finally:
            sock.close()
 PY
 apt-get update
 apt-get install -y --no-install-recommends build-essential gcc libpq-dev
 pip install --upgrade pip
 pip wheel --no-deps --wheel-dir /wheels -r requirements.txt
 apt-get purge -y --auto-remove build-essential gcc
 rm -rf /var/lib/apt/lists/*
 EOF
 FROM python:${PYTHON_VERSION} AS runtime
 ARG APT_CACHE_URL
 ENV \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    PIP_NO_CACHE_DIR=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PATH="/home/appuser/.local/bin:${PATH}"
 WORKDIR /app
 RUN groupadd --system app && useradd --system --create-home --gid app appuser
 RUN /bin/bash <<'EOF'
 set -e
 python3 <<'PY'
 import os, socket, urllib.parse
 url = os.environ.get('APT_CACHE_URL', '').strip()
 if url:
    parsed = urllib.parse.urlparse(url)
    host = parsed.hostname
    port = parsed.port or (80 if parsed.scheme == 'http' else 443)
    if host:
        sock = socket.socket()
        sock.settimeout(1)
        try:
            sock.connect((host, port))
        except OSError:
            pass
        else:
            with open('/etc/apt/apt.conf.d/01proxy', 'w', encoding='utf-8') as fh:
                fh.write(f"Acquire::http::Proxy \"{url}\";\n")
                fh.write(f"Acquire::https::Proxy \"{url}\";\n")
        finally:
            sock.close()
 PY
 apt-get update
 apt-get install -y --no-install-recommends libpq5
 rm -rf /var/lib/apt/lists/*
 EOF
 COPY --from=builder /wheels /wheels
 COPY --from=builder /app/requirements.txt /tmp/requirements.txt
 RUN pip install --upgrade pip \
    && pip install --no-cache-dir --find-links=/wheels -r /tmp/requirements.txt \
    && rm -rf /wheels /tmp/requirements.txt
 # Copy application code
 COPY . /app
-# Expose service port
+RUN chown -R appuser:app /app
 EXPOSE 8000
-# Run the FastAPI app with uvicorn
+USER appuser
-CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]
+
 EXPOSE 8003
 CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8003", "--workers", "4"]
--- a/README.md
+++ b/README.md
@@ -6,28 +6,41 @@ Focuses on ore mining operations and covering parameters such as capital and ope
 The system is designed to help mining companies make informed decisions by simulating various scenarios and analyzing potential outcomes based on stochastic variables.
-A range of features are implemented to support these functionalities.
+## Current Features
-## Features
+> [!TIP]
 > TODO: Update this section to reflect the current feature set.
 | Feature                | Category    | Description                                                                          | Status      |
 | ---------------------- | ----------- | ------------------------------------------------------------------------------------ | ----------- |
 | Scenario Management    | Core        | Manage multiple mining scenarios with independent parameter sets and outputs.        | Done        |
 | Parameter Definition   | Core        | Define and manage various parameters for each scenario.                              | Done        |
 | Cost Tracking          | Financial   | Capture and analyze capital and operational expenditures.                            | Done        |
 | Consumption Tracking   | Operational | Record resource consumption tied to scenarios.                                       | Done        |
 | Production Output      | Operational | Store and analyze production metrics such as tonnage, recovery, and revenue drivers. | Done        |
 | Equipment Management   | Operational | Manage equipment inventories and specifications for each scenario.                   | Done        |
 | Maintenance Logging    | Operational | Log maintenance events and costs associated with equipment.                          | Started     |
 | Reporting Dashboard    | Analytics   | View aggregated statistics and visualizations for scenario outputs.                  | In Progress |
 | Monte Carlo Simulation | Analytics   | Run stochastic simulations to assess risk and variability in outcomes.               | Started     |
 | Application Settings   | Core        | Manage global application settings such as themes and currency options.              | Done        |
 ## Key UI/UX Features
 - **Scenario Management**: Manage multiple mining scenarios with independent parameter sets and outputs.
 - **Process Parameters**: Define and persist process inputs via FastAPI endpoints and template-driven forms.
 - **Cost Tracking**: Capture capital (`capex`) and operational (`opex`) expenditures per scenario.
 - **Consumption Tracking**: Record resource consumption (chemicals, fuel, water, scrap) tied to scenarios.
 - **Production Output**: Store production metrics such as tonnage, recovery, and revenue drivers.
 - **Equipment Management**: Register scenario-specific equipment inventories.
 - **Maintenance Logging**: Log maintenance events against equipment with dates and costs.
 - **Reporting Dashboard**: Surface aggregated statistics for simulation outputs with an interactive Chart.js dashboard.
 - **Unified UI Shell**: Server-rendered templates extend a shared base layout with a persistent left sidebar linking scenarios, parameters, costs, consumption, production, equipment, maintenance, simulations, and reporting views.
- **Operations Overview Dashboard**: The root route (`/`) surfaces cross-scenario KPIs, charts, and maintenance reminders with a one-click refresh backed by aggregated loaders.
+- **Modular Frontend Scripts**: Page-specific interactions in `static/js/` modules, keeping templates lean while enabling browser caching and reuse.
- **Theming Tokens**: Shared CSS variables in `static/css/main.css` centralize the UI color palette for consistent styling and rapid theme tweaks.
+
- **Modular Frontend Scripts**: Page-specific interactions now live in `static/js/` modules, keeping templates lean while enabling browser caching and reuse.
+## Planned Features
- **Monte Carlo Simulation (in progress)**: Services and routes are scaffolded for future stochastic analysis.
+
 See [Roadmap](docs/roadmap.md) for details on planned features and enhancements.
 ## Documentation & quickstart
 This repository contains detailed developer and architecture documentation in the `docs/` folder.
 ### Settings overview
 The Settings page (`/ui/settings`) lets administrators adjust global theme colors stored in the `application_setting` table. Changes are instantly applied across the UI. Environment variables prefixed with `CALMINER_THEME_` (for example, `CALMINER_THEME_COLOR_PRIMARY`) automatically override individual CSS variables and render as read-only in the form, ensuring deployment-time overrides take precedence while remaining visible to operators.
 [Quickstart](docs/quickstart.md) contains developer quickstart, migrations, testing and current status.
 Key architecture documents: see [architecture](docs/architecture/README.md) for the arc42-based architecture documentation.
@@ -40,47 +53,52 @@ The repository ships with a multi-stage `Dockerfile` that produces a slim runtim
 ### Build container
-```powershell
+```bash
-# Build the image locally
+docker build -t calminer .
 docker build -t calminer:latest .
 ```
 ### Push to registry
-```powershell
+To push the image to a registry, tag it appropriately and push:
-# Tag and push the image to your registry
+
-docker login your-registry.com -u your-username -p your-password
+```bash
-docker tag calminer:latest your-registry.com/your-namespace/calminer:latest
+docker tag calminer your-registry/calminer:latest
-docker push your-registry.com/your-namespace/calminer:latest
+docker push your-registry/calminer:latest
 ```
 ### Run container
-Expose FastAPI on <http://localhost:8000> with database configuration via granular environment variables:
+To run the container, ensure PostgreSQL is available and set environment variables:
-```powershell
+```bash
-# Provide database configuration via granular environment variables
+docker run -p 8000:8000 \
-docker run --rm -p 8000:8000 ^
+  -e DATABASE_HOST=your-postgres-host \
-  -e DATABASE_DRIVER="postgresql" ^
+  -e DATABASE_PORT=5432 \
-  -e DATABASE_HOST="db.host" ^
+  -e DATABASE_USER=calminer \
-  -e DATABASE_PORT="5432" ^
+  -e DATABASE_PASSWORD=your-password \
-  -e DATABASE_USER="calminer" ^
+  -e DATABASE_NAME=calminer_db \
-  -e DATABASE_PASSWORD="s3cret" ^
+  calminer
  -e DATABASE_NAME="calminer" ^
  -e DATABASE_SCHEMA="public" ^
  calminer:latest
 ```
-### Orchestrated Deployment
+## Development with Docker Compose
-Use `docker compose` or an orchestrator of your choice to co-locate PostgreSQL/Redis alongside the app when needed. The image expects migrations to be applied before startup.
+For local development, use `docker-compose.yml` which includes the app and PostgreSQL services.
-## CI/CD expectations
+```bash
 # Start services
 docker-compose up
 # Or run in background
 docker-compose up -d
 # Stop services
 docker-compose down
 ```
 The app will be available at `http://localhost:8000`, PostgreSQL at `localhost:5432`.
 ## CI/CD
 CalMiner uses Gitea Actions workflows stored in `.gitea/workflows/`:
- `test.yml` runs style/unit/e2e suites on every push with cached Python dependencies.
+- `ci.yml`: Runs on push and PR to main/develop branches. Sets up Python, installs dependencies, runs tests with coverage, and builds the Docker image.
 - `build-and-push.yml` builds the Docker image, reuses cached layers, and pushes to the configured registry.
 - `deploy.yml` pulls the pushed image on the target host and restarts the container.
 Pipelines assume the following secrets are provisioned in the Gitea instance: `REGISTRY_USERNAME`, `REGISTRY_PASSWORD`, `REGISTRY_URL`, `SSH_HOST`, `SSH_USERNAME`, and `SSH_PRIVATE_KEY`.
--- a/backups/.gitkeep
+++ b/backups/.gitkeep
--- a/config/database.py
+++ b/config/database.py
@@ -56,3 +56,11 @@ DATABASE_URL = _build_database_url()
 engine = create_engine(DATABASE_URL, echo=True, future=True)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 Base = declarative_base()
 def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()
--- a/config/setup_production.env.example
+++ b/config/setup_production.env.example
@@ -0,0 +1,35 @@
 # Copy this file to config/setup_production.env and replace values with production secrets
 # Container image and runtime configuration
 CALMINER_IMAGE=registry.example.com/calminer/api:latest
 CALMINER_DOMAIN=calminer.example.com
 TRAEFIK_ACME_EMAIL=ops@example.com
 CALMINER_API_PORT=8000
 UVICORN_WORKERS=4
 UVICORN_LOG_LEVEL=info
 CALMINER_NETWORK=calminer_backend
 API_LIMIT_CPUS=1.0
 API_LIMIT_MEMORY=1g
 API_RESERVATION_MEMORY=512m
 TRAEFIK_LIMIT_CPUS=0.5
 TRAEFIK_LIMIT_MEMORY=512m
 POSTGRES_LIMIT_CPUS=1.0
 POSTGRES_LIMIT_MEMORY=2g
 POSTGRES_RESERVATION_MEMORY=1g
 # Application database connection
 DATABASE_DRIVER=postgresql+psycopg2
 DATABASE_HOST=production-db.internal
 DATABASE_PORT=5432
 DATABASE_NAME=calminer
 DATABASE_USER=calminer_app
 DATABASE_PASSWORD=ChangeMe123!
 DATABASE_SCHEMA=public
 # Optional consolidated SQLAlchemy URL (overrides granular settings when set)
 # DATABASE_URL=postgresql+psycopg2://calminer_app:ChangeMe123!@production-db.internal:5432/calminer
 # Superuser credentials used by scripts/setup_database.py for migrations/seed data
 DATABASE_SUPERUSER=postgres
 DATABASE_SUPERUSER_PASSWORD=ChangeMeSuper123!
 DATABASE_SUPERUSER_DB=postgres
--- a/docker-compose.postgres.yml
+++ b/docker-compose.postgres.yml
@@ -1,23 +0,0 @@
 version: "3.9"
 services:
  postgres:
    image: postgres:16-alpine
    container_name: calminer_postgres_local
    restart: unless-stopped
    environment:
      POSTGRES_DB: calminer_local
      POSTGRES_USER: calminer
      POSTGRES_PASSWORD: secret
    ports:
      - "5433:5432"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U calminer -d calminer_local"]
      interval: 10s
      timeout: 5s
      retries: 10
    volumes:
      - postgres_data:/var/lib/postgresql/data
 volumes:
  postgres_data:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,36 @@
 version: "3.8"
 services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8003:8003"
    environment:
      - DATABASE_HOST=postgres
      - DATABASE_PORT=5432
      - DATABASE_USER=calminer
      - DATABASE_PASSWORD=calminer_password
      - DATABASE_NAME=calminer_db
      - DATABASE_DRIVER=postgresql
    depends_on:
      - postgres
    volumes:
      - ./logs:/app/logs
    restart: unless-stopped
  postgres:
    image: postgres:17
    environment:
      - POSTGRES_USER=calminer
      - POSTGRES_PASSWORD=calminer_password
      - POSTGRES_DB=calminer_db
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped
 volumes:
  postgres_data:
--- a/docs/architecture/02_architecture_constraints.md
+++ b/docs/architecture/02_architecture_constraints.md
@@ -1,66 +1,18 @@
 ---
-title: "02 — Architecture Constraints"
+title: '02 — Architecture Constraints'
-description: "Document imposed constraints: technical, organizational, regulatory, and environmental constraints that affect architecture decisions."
+description: 'Document imposed constraints: technical, organizational, regulatory, and environmental constraints that affect architecture decisions.'
-status: skeleton
+status: draft
 ---
 # 02 — Architecture Constraints
-## Technical Constraints
+## Constraints Overview
-> e.g., choice of FastAPI, PostgreSQL, SQLAlchemy, Chart.js, Jinja2 templates.
+- [Technical Constraints](02_constraints/02_01_technical_constraints.md)
-
+- [Organizational Constraints](02_constraints/02_02_organizational_constraints.md)
-The architecture of CalMiner is influenced by several technical constraints that shape its design and implementation:
+- [Regulatory Constraints](02_constraints/02_03_regulatory_constraints.md)
-
+- [Environmental Constraints](02_constraints/02_04_environmental_constraints.md)
-1. **Framework Selection**: The choice of FastAPI as the web framework imposes constraints on how the application handles requests, routing, and middleware. FastAPI's asynchronous capabilities must be leveraged appropriately to ensure optimal performance.
+- [Performance Constraints](02_constraints/02_05_performance_constraints.md)
 2. **Database Technology**: The use of PostgreSQL as the primary database system dictates the data modeling, querying capabilities, and transaction management strategies. SQLAlchemy ORM is used for database interactions, which requires adherence to its conventions and limitations.
 3. **Frontend Technologies**: The decision to use Jinja2 for server-side templating and Chart.js for data visualization influences the structure of the frontend code and the way dynamic content is rendered.
 4. **Simulation Logic**: The Monte Carlo simulation logic must be designed to efficiently handle large datasets and perform computations within the constraints of the chosen programming language (Python) and its libraries.
 ## Organizational Constraints
 > e.g., team skillsets, development workflows, CI/CD pipelines.
 Restrictions arising from organizational factors include:
 1. **Team Expertise**: The development team’s familiarity with FastAPI, SQLAlchemy, and frontend technologies like Jinja2 and Chart.js influences the architecture choices to ensure maintainability and ease of development.
 2. **Development Processes**: The adoption of Agile methodologies and CI/CD pipelines (using Gitea Actions) shapes the architecture to support continuous integration, automated testing, and deployment practices.
 3. **Collaboration Tools**: The use of specific collaboration and version control tools (e.g., Gitea) affects how code is managed, reviewed, and integrated, impacting the overall architecture and development workflow.
 4. **Documentation Standards**: The requirement for comprehensive documentation (as seen in the `docs/` folder) necessitates an architecture that is well-structured and easy to understand for both current and future team members.
 5. **Knowledge Sharing**: The need for effective knowledge sharing and onboarding processes influences the architecture to ensure that it is accessible and understandable for new team members.
 6. **Resource Availability**: The availability of hardware, software, and human resources within the organization can impose constraints on the architecture, affecting decisions related to scalability, performance, and feature implementation.
 ## Regulatory Constraints
 > e.g., data privacy laws, industry standards.
 Regulatory constraints that impact the architecture of CalMiner include:
 1. **Data Privacy Compliance**: The architecture must ensure compliance with data privacy regulations such as GDPR or CCPA, which may dictate how user data is collected, stored, and processed.
 2. **Industry Standards**: Adherence to industry-specific standards and best practices may influence the design of data models, security measures, and reporting functionalities.
 3. **Auditability**: The system may need to incorporate logging and auditing features to meet regulatory requirements, affecting the architecture of data storage and access controls.
 4. **Data Retention Policies**: Regulatory requirements regarding data retention and deletion may impose constraints on how long certain types of data can be stored, influencing database design and data lifecycle management.
 5. **Security Standards**: Compliance with security standards (e.g., ISO/IEC 27001) may necessitate the implementation of specific security measures, such as encryption, access controls, and vulnerability management, which impact the overall architecture.
 ## Environmental Constraints
 > e.g., deployment environments, cloud provider limitations.
 Environmental constraints affecting the architecture include:
 1. **Deployment Environments**: The architecture must accommodate various deployment environments (development, testing, production) with differing configurations and resource allocations.
 2. **Cloud Provider Limitations**: If deployed on a specific cloud provider, the architecture may need to align with the provider's services, limitations, and best practices, such as using managed databases or specific container orchestration tools.
 3. **Containerization**: The use of Docker for containerization imposes constraints on how the application is packaged, deployed, and scaled, influencing the architecture to ensure compatibility with container orchestration platforms.
 4. **Scalability Requirements**: The architecture must be designed to scale efficiently based on anticipated load and usage patterns, considering the limitations of the chosen infrastructure.
 ## Performance Constraints
 > e.g., response time requirements, scalability needs.
 Current performance constraints include:
 1. **Response Time Requirements**: The architecture must ensure that the system can respond to user requests within a specified time frame, which may impact design decisions related to caching, database queries, and API performance.
 2. **Scalability Needs**: The system should be able to handle increased load and user traffic without significant degradation in performance, necessitating a scalable architecture that can grow with demand.
 ## Security Constraints
--- a/docs/architecture/02_constraints/02_01_technical_constraints.md
+++ b/docs/architecture/02_constraints/02_01_technical_constraints.md
@@ -0,0 +1,16 @@
 ---
 title: '02 — Technical Constraints'
 description: 'Technical constraints that affect architecture decisions.'
 status: draft
 ---
 # Technical Constraints
 > e.g., choice of FastAPI, PostgreSQL, SQLAlchemy, Chart.js, Jinja2 templates.
 The architecture of CalMiner is influenced by several technical constraints that shape its design and implementation:
 1. **Framework Selection**: The choice of FastAPI as the web framework imposes constraints on how the application handles requests, routing, and middleware. FastAPI's asynchronous capabilities must be leveraged appropriately to ensure optimal performance.
 2. **Database Technology**: The use of PostgreSQL as the primary database system dictates the data modeling, querying capabilities, and transaction management strategies. SQLAlchemy ORM is used for database interactions, which requires adherence to its conventions and limitations.
 3. **Frontend Technologies**: The decision to use Jinja2 for server-side templating and Chart.js for data visualization influences the structure of the frontend code and the way dynamic content is rendered.
 4. **Simulation Logic**: The Monte Carlo simulation logic must be designed to efficiently handle large datasets and perform computations within the constraints of the chosen programming language (Python) and its libraries.
--- a/docs/architecture/02_constraints/02_02_organizational_constraints.md
+++ b/docs/architecture/02_constraints/02_02_organizational_constraints.md
@@ -0,0 +1,18 @@
 ---
 title: '02 — Organizational Constraints'
 description: 'Organizational constraints that affect architecture decisions.'
 status: draft
 ---
 # Organizational Constraints
 > e.g., team skillsets, development workflows, CI/CD pipelines.
 Restrictions arising from organizational factors include:
 1. **Team Expertise**: The development team’s familiarity with FastAPI, SQLAlchemy, and frontend technologies like Jinja2 and Chart.js influences the architecture choices to ensure maintainability and ease of development.
 2. **Development Processes**: The adoption of Agile methodologies and CI/CD pipelines (using Gitea Actions) shapes the architecture to support continuous integration, automated testing, and deployment practices.
 3. **Collaboration Tools**: The use of specific collaboration and version control tools (e.g., Gitea) affects how code is managed, reviewed, and integrated, impacting the overall architecture and development workflow.
 4. **Documentation Standards**: The requirement for comprehensive documentation (as seen in the `docs/` folder) necessitates an architecture that is well-structured and easy to understand for both current and future team members.
 5. **Knowledge Sharing**: The need for effective knowledge sharing and onboarding processes influences the architecture to ensure that it is accessible and understandable for new team members.
 6. **Resource Availability**: The availability of hardware, software, and human resources within the organization can impose constraints on the architecture, affecting decisions related to scalability, performance, and feature implementation.
--- a/docs/architecture/02_constraints/02_03_regulatory_constraints.md
+++ b/docs/architecture/02_constraints/02_03_regulatory_constraints.md
@@ -0,0 +1,17 @@
 ---
 title: '02 — Regulatory Constraints'
 description: 'Regulatory constraints that affect architecture decisions.'
 status: draft
 ---
 # Regulatory Constraints
 > e.g., data privacy laws, industry standards.
 Regulatory constraints that impact the architecture of CalMiner include:
 1. **Data Privacy Compliance**: The architecture must ensure compliance with data privacy regulations such as GDPR or CCPA, which may dictate how user data is collected, stored, and processed.
 2. **Industry Standards**: Adherence to industry-specific standards and best practices may influence the design of data models, security measures, and reporting functionalities.
 3. **Auditability**: The system may need to incorporate logging and auditing features to meet regulatory requirements, affecting the architecture of data storage and access controls.
 4. **Data Retention Policies**: Regulatory requirements regarding data retention and deletion may impose constraints on how long certain types of data can be stored, influencing database design and data lifecycle management.
 5. **Security Standards**: Compliance with security standards (e.g., ISO/IEC 27001) may necessitate the implementation of specific security measures, such as encryption, access controls, and vulnerability management, which impact the overall architecture.
--- a/docs/architecture/02_constraints/02_04_environmental_constraints.md
+++ b/docs/architecture/02_constraints/02_04_environmental_constraints.md
@@ -0,0 +1,16 @@
 ---
 title: '02 — Environmental Constraints'
 description: 'Environmental constraints that affect architecture decisions.'
 status: draft
 ---
 # Environmental Constraints
 > e.g., deployment environments, cloud provider limitations.
 Environmental constraints affecting the architecture include:
 1. **Deployment Environments**: The architecture must accommodate various deployment environments (development, testing, production) with differing configurations and resource allocations.
 2. **Cloud Provider Limitations**: If deployed on a specific cloud provider, the architecture may need to align with the provider's services, limitations, and best practices, such as using managed databases or specific container orchestration tools.
 3. **Containerization**: The use of Docker for containerization imposes constraints on how the application is packaged, deployed, and scaled, influencing the architecture to ensure compatibility with container orchestration platforms.
 4. **Scalability Requirements**: The architecture must be designed to scale efficiently based on anticipated load and usage patterns, considering the limitations of the chosen infrastructure.
--- a/docs/architecture/02_constraints/02_05_performance_constraints.md
+++ b/docs/architecture/02_constraints/02_05_performance_constraints.md
@@ -0,0 +1,14 @@
 ---
 title: '02 — Performance Constraints'
 description: 'Performance constraints that affect architecture decisions.'
 status: draft
 ---
 # Performance Constraints
 > e.g., response time requirements, scalability needs.
 Current performance constraints include:
 1. **Response Time Requirements**: The architecture must ensure that the system can respond to user requests within a specified time frame, which may impact design decisions related to caching, database queries, and API performance.
 2. **Scalability Needs**: The system should be able to handle increased load and user traffic without significant degradation in performance, necessitating a scalable architecture that can grow with demand.
--- a/docs/architecture/03_context_and_scope.md
+++ b/docs/architecture/03_context_and_scope.md
@@ -18,24 +18,7 @@ The CalMiner system operates within the context of mining project management, pr
 ## Scope of the Architecture
-The architecture encompasses the following key areas:
+See [Architecture Scope](03_scope/03_01_architecture_scope.md) for details.
 1. **Data Ingestion**: Mechanisms for collecting and processing data from various sources.
 2. **Data Storage**: Solutions for storing and managing historical and real-time data.
 3. **Simulation Engine**: Core algorithms and models for scenario analysis.
   3.1. **Modeling Framework**: Tools for defining and managing simulation models.
   3.2. **Parameter Management**: Systems for handling input parameters and configurations.
   3.3. **Execution Engine**: Infrastructure for running simulations and processing results.
   3.4. **Result Storage**: Systems for storing simulation outputs for analysis and reporting.
 4. **Financial Reporting**: Tools for generating reports and visualizations based on simulation outcomes.
 5. **Risk Assessment**: Frameworks for identifying and evaluating potential project risks.
 6. **Profitability Analysis**: Modules for calculating and analyzing project profitability metrics.
 7. **User Interface**: Design and implementation of the user-facing components of the system.
 8. **Security and Compliance**: Measures to ensure data security and regulatory compliance.
 9. **Scalability and Performance**: Strategies for ensuring the system can handle increasing data volumes and user loads.
 10. **Integration Points**: Interfaces for integrating with external systems and services.
 11. **Monitoring and Logging**: Systems for tracking system performance and user activity.
 12. **Maintenance and Support**: Processes for ongoing system maintenance and user support.
 ## Diagram
--- a/docs/architecture/03_scope/03_01_architecture_scope.md
+++ b/docs/architecture/03_scope/03_01_architecture_scope.md
@@ -0,0 +1,26 @@
 ---
 title: '03 — Architecture Scope'
 description: 'Key areas encompassed by the architecture.'
 status: draft
 ---
 # Architecture Scope
 The architecture encompasses the following key areas:
 1. **Data Ingestion**: Mechanisms for collecting and processing data from various sources.
 2. **Data Storage**: Solutions for storing and managing historical and real-time data.
 3. **Simulation Engine**: Core algorithms and models for scenario analysis.
   3.1. **Modeling Framework**: Tools for defining and managing simulation models.
   3.2. **Parameter Management**: Systems for handling input parameters and configurations.
   3.3. **Execution Engine**: Infrastructure for running simulations and processing results.
   3.4. **Result Storage**: Systems for storing simulation outputs for analysis and reporting.
 4. **Financial Reporting**: Tools for generating reports and visualizations based on simulation outcomes.
 5. **Risk Assessment**: Frameworks for identifying and evaluating potential project risks.
 6. **Profitability Analysis**: Modules for calculating and analyzing project profitability metrics.
 7. **User Interface**: Design and implementation of the user-facing components of the system.
 8. **Security and Compliance**: Measures to ensure data security and regulatory compliance.
 9. **Scalability and Performance**: Strategies for ensuring the system can handle increasing data volumes and user loads.
 10. **Integration Points**: Interfaces for integrating with external systems and services.
 11. **Monitoring and Logging**: Systems for tracking system performance and user activity.
 12. **Maintenance and Support**: Processes for ongoing system maintenance and user support.
--- a/docs/architecture/04_solution_strategy.md
+++ b/docs/architecture/04_solution_strategy.md
@@ -8,42 +8,9 @@ status: draft
 This section outlines the high-level solution strategy for implementing the CalMiner system, focusing on major approaches, technology choices, and trade-offs.
-## Client-Server Architecture
+## Solution Strategy Overview
- **Backend**: FastAPI serves as the backend framework, providing RESTful APIs for data management, simulation execution, and reporting. It leverages SQLAlchemy for ORM-based database interactions with PostgreSQL.
+- [Client-Server Architecture](04_strategy/04_01_client_server_architecture.md)
- **Frontend**: Server-rendered Jinja2 templates deliver dynamic HTML views, enhanced with Chart.js for interactive data visualizations. This approach balances performance and simplicity, avoiding the complexity of a full SPA.
+- [Technology Choices](04_strategy/04_02_technology_choices.md)
- **Middleware**: Custom middleware handles JSON validation to ensure data integrity before processing requests.
+- [Trade-offs](04_strategy/04_03_trade_offs.md)
-
+- [Future Considerations](04_strategy/04_04_future_considerations.md)
 ## Technology Choices
 - **FastAPI**: Chosen for its high performance, ease of use, and modern features like async support and automatic OpenAPI documentation.
 - **PostgreSQL**: Selected for its robustness, scalability, and support for complex queries, making it suitable for handling the diverse data needs of mining project management.
 - **SQLAlchemy**: Provides a flexible and powerful ORM layer, facilitating database interactions while maintaining code readability and maintainability.
 - **Chart.js**: Utilized for its simplicity and effectiveness in rendering interactive charts, enhancing the user experience on the dashboard.
 - **Jinja2**: Enables server-side rendering of HTML templates, allowing for dynamic content generation while keeping the frontend lightweight.
 - **Pydantic**: Used for data validation and serialization, ensuring that incoming request payloads conform to expected schemas.
 - **Docker**: Employed for containerization, ensuring consistent deployment across different environments and simplifying dependency management.
 - **Redis**: Used as an in-memory data store to cache frequently accessed data, improving application performance and reducing database load.
 ## Trade-offs
 - **Server-Rendered vs. SPA**: Opted for server-rendered templates over a single-page application (SPA) to reduce complexity and improve initial load times, at the cost of some interactivity.
 - **Synchronous vs. Asynchronous**: While FastAPI supports async operations, the initial implementation focuses on synchronous request handling for simplicity, with plans to introduce async features as needed.
 - **Monolithic vs. Microservices**: The initial architecture follows a monolithic approach for ease of development and deployment, with the possibility of refactoring into microservices as the system scales.
 - **In-Memory Caching**: Implementing Redis for caching introduces additional infrastructure complexity but significantly enhances performance for read-heavy operations.
 - **Database Choice**: PostgreSQL was chosen over NoSQL alternatives due to the structured nature of the data and the need for complex querying capabilities, despite potential scalability challenges.
 - **Technology Familiarity**: Selected technologies align with the team's existing skill set to minimize the learning curve and accelerate development, even if some alternatives may offer marginally better performance or features.
 - **Extensibility vs. Simplicity**: The architecture is designed to be extensible for future features (e.g., Monte Carlo simulation engine) while maintaining simplicity in the initial implementation to ensure timely delivery of core functionalities.
 ## Future Considerations
 - **Scalability**: As the user base grows, consider transitioning to a microservices architecture and implementing load balancing strategies.
 - **Asynchronous Processing**: Introduce asynchronous task queues (e.g., Celery) for long-running simulations to improve responsiveness.
 - **Enhanced Frontend**: Explore the possibility of integrating a frontend framework (e.g., React or Vue.js) for more dynamic user interactions in future iterations.
 - **Advanced Analytics**: Plan for integrating advanced analytics and machine learning capabilities to enhance simulation accuracy and reporting insights.
 - **Security Enhancements**: Implement robust authentication and authorization mechanisms to protect sensitive data and ensure compliance with industry standards.
 - **Continuous Integration/Continuous Deployment (CI/CD)**: Establish CI/CD pipelines to automate testing, building, and deployment processes for faster and more reliable releases.
 - **Monitoring and Logging**: Integrate monitoring tools (e.g., Prometheus, Grafana) and centralized logging solutions (e.g., ELK stack) to track application performance and troubleshoot issues effectively.
 - **User Feedback Loop**: Implement mechanisms for collecting user feedback to inform future development priorities and improve user experience.
 - **Documentation**: Maintain comprehensive documentation for both developers and end-users to facilitate onboarding and effective use of the system.
 - **Testing Strategy**: Develop a robust testing strategy, including unit, integration, and end-to-end tests, to ensure code quality and reliability as the system evolves.
--- a/docs/architecture/04_solution_strategy/04_01_implementation_plan_20251020.md
+++ b/docs/architecture/04_solution_strategy/04_01_implementation_plan_20251020.md
@@ -1,110 +0,0 @@
 # Implementation Plan 2025-10-20
 This file contains the implementation plan (MVP features, steps, and estimates).
 ## Project Setup
 1. Connect to PostgreSQL database with schema `calminer`.
 1. Create and activate a virtual environment and install dependencies via `requirements.txt`.
 1. Define database environment variables in `.env` (e.g., `DATABASE_DRIVER`, `DATABASE_HOST`, `DATABASE_PORT`, `DATABASE_USER`, `DATABASE_PASSWORD`, `DATABASE_NAME`, optional `DATABASE_SCHEMA`).
 1. Configure FastAPI entrypoint in `main.py` to include routers.
 ## Feature: Scenario Management
 ### Scenario Management — Steps
 1. Create `models/scenario.py` for scenario CRUD.
 1. Implement API endpoints in `routes/scenarios.py` (GET, POST, PUT, DELETE).
 1. Write unit tests in `tests/unit/test_scenario.py`.
 1. Build UI component `components/ScenarioForm.html`.
 ## Feature: Process Parameters
 ### Parameters — Steps
 1. Create `models/parameters.py` for process parameters.
 1. Implement Pydantic schemas in `routes/parameters.py`.
 1. Add validation middleware in `middleware/validation.py`.
 1. Write unit tests in `tests/unit/test_parameter.py`.
 1. Build UI component `components/ParameterInput.html`.
 ## Feature: Stochastic Variables
 ### Stochastic Variables — Steps
 1. Create `models/distribution.py` for variable distributions.
 1. Implement API routes in `routes/distributions.py`.
 1. Write Pydantic schemas and validations.
 1. Write unit tests in `tests/unit/test_distribution.py`.
 1. Build UI component `components/DistributionEditor.html`.
 ## Feature: Cost Tracking
 ### Cost Tracking — Steps
 1. Create `models/capex.py` and `models/opex.py`.
 1. Implement API routes in `routes/costs.py`.
 1. Write Pydantic schemas for CAPEX/OPEX.
 1. Write unit tests in `tests/unit/test_costs.py`.
 1. Build UI component `components/CostForm.html`.
 ## Feature: Consumption Tracking
 ### Consumption Tracking — Steps
 1. Create models for consumption: `chemical_consumption.py`, `fuel_consumption.py`, `water_consumption.py`, `scrap_consumption.py`.
 1. Implement API routes in `routes/consumption.py`.
 1. Write Pydantic schemas for consumption data.
 1. Write unit tests in `tests/unit/test_consumption.py`.
 1. Build UI component `components/ConsumptionDashboard.html`.
 ## Feature: Production Output
 ### Production Output — Steps
 1. Create `models/production_output.py`.
 1. Implement API routes in `routes/production.py`.
 1. Write Pydantic schemas for production output.
 1. Write unit tests in `tests/unit/test_production.py`.
 1. Build UI component `components/ProductionChart.html`.
 ## Feature: Equipment Management
 ### Equipment Management — Steps
 1. Create `models/equipment.py` for equipment data.
 1. Implement API routes in `routes/equipment.py`.
 1. Write Pydantic schemas for equipment.
 1. Write unit tests in `tests/unit/test_equipment.py`.
 1. Build UI component `components/EquipmentList.html`.
 ## Feature: Maintenance Logging
 ### Maintenance Logging — Steps
 1. Create `models/maintenance.py` for maintenance events.
 1. Implement API routes in `routes/maintenance.py`.
 1. Write Pydantic schemas for maintenance logs.
 1. Write unit tests in `tests/unit/test_maintenance.py`.
 1. Build UI component `components/MaintenanceLog.html`.
 ## Feature: Monte Carlo Simulation Engine
 ### Monte Carlo Engine — Steps
 1. Implement Monte Carlo logic in `services/simulation.py`.
 1. Persist results in `models/simulation_result.py`.
 1. Expose endpoint in `routes/simulations.py`.
 1. Write integration tests in `tests/unit/test_simulation.py`.
 1. Build UI component `components/SimulationRunner.html`.
 ## Feature: Reporting / Dashboard
 ### Reporting / Dashboard — Steps
 1. Implement report calculations in `services/reporting.py`.
 1. Add detailed and summary endpoints in `routes/reporting.py`.
 1. Write unit tests in `tests/unit/test_reporting.py`.
 1. Enhance UI in `components/Dashboard.html` with charts.
 See [UI and Style](../13_ui_and_style.md) for the UI template audit, layout guidance, and next steps.
--- a/docs/architecture/04_strategy/04_01_client_server_architecture.md
+++ b/docs/architecture/04_strategy/04_01_client_server_architecture.md
@@ -0,0 +1,10 @@
 ---
 title: '04.01 — Client-Server Architecture'
 description: 'Details on the client-server architecture of CalMiner.'
 ---
 # 04.01 — Client-Server Architecture
 - **Backend**: FastAPI serves as the backend framework, providing RESTful APIs for data management, simulation execution, and reporting. It leverages SQLAlchemy for ORM-based database interactions with PostgreSQL.
 - **Frontend**: Server-rendered Jinja2 templates deliver dynamic HTML views, enhanced with Chart.js for interactive data visualizations. This approach balances performance and simplicity, avoiding the complexity of a full SPA.
 - **Middleware**: Custom middleware handles JSON validation to ensure data integrity before processing requests.
--- a/docs/architecture/04_strategy/04_02_technology_choices.md
+++ b/docs/architecture/04_strategy/04_02_technology_choices.md
@@ -0,0 +1,15 @@
 ---
 title: '04.02 — Technology Choices'
 description: 'Detailed explanation of technology choices in CalMiner.'
 ---
 # 04.02 — Technology Choices
 - **FastAPI**: Chosen for its high performance, ease of use, and modern features like async support and automatic OpenAPI documentation.
 - **PostgreSQL**: Selected for its robustness, scalability, and support for complex queries, making it suitable for handling the diverse data needs of mining project management.
 - **SQLAlchemy**: Provides a flexible and powerful ORM layer, facilitating database interactions while maintaining code readability and maintainability.
 - **Chart.js**: Utilized for its simplicity and effectiveness in rendering interactive charts, enhancing the user experience on the dashboard.
 - **Jinja2**: Enables server-side rendering of HTML templates, allowing for dynamic content generation while keeping the frontend lightweight.
 - **Pydantic**: Used for data validation and serialization, ensuring that incoming request payloads conform to expected schemas.
 - **Docker**: Employed for containerization, ensuring consistent deployment across different environments and simplifying dependency management.
 - **Redis**: Used as an in-memory data store to cache frequently accessed data, improving application performance and reducing database load.
--- a/docs/architecture/04_strategy/04_03_trade_offs.md
+++ b/docs/architecture/04_strategy/04_03_trade_offs.md
@@ -0,0 +1,14 @@
 ---
 title: '04.03 — Trade-offs'
 description: 'Discussion of trade-offs made in the CalMiner architecture.'
 ---
 # 04.03 — Trade-offs
 - **Server-Rendered vs. SPA**: Opted for server-rendered templates over a single-page application (SPA) to reduce complexity and improve initial load times, at the cost of some interactivity.
 - **Synchronous vs. Asynchronous**: While FastAPI supports async operations, the initial implementation focuses on synchronous request handling for simplicity, with plans to introduce async features as needed.
 - **Monolithic vs. Microservices**: The initial architecture follows a monolithic approach for ease of development and deployment, with the possibility of refactoring into microservices as the system scales.
 - **In-Memory Caching**: Implementing Redis for caching introduces additional infrastructure complexity but significantly enhances performance for read-heavy operations.
 - **Database Choice**: PostgreSQL was chosen over NoSQL alternatives due to the structured nature of the data and the need for complex querying capabilities, despite potential scalability challenges.
 - **Technology Familiarity**: Selected technologies align with the team's existing skill set to minimize the learning curve and accelerate development, even if some alternatives may offer marginally better performance or features.
 - **Extensibility vs. Simplicity**: The architecture is designed to be extensible for future features (e.g., Monte Carlo simulation engine) while maintaining simplicity in the initial implementation to ensure timely delivery of core functionalities.
--- a/docs/architecture/04_strategy/04_04_future_considerations.md
+++ b/docs/architecture/04_strategy/04_04_future_considerations.md
@@ -0,0 +1,17 @@
 ---
 title: '04.04 — Future Considerations'
 description: 'Future considerations for the CalMiner architecture.'
 ---
 # 04.04 — Future Considerations
 - **Scalability**: As the user base grows, consider transitioning to a microservices architecture and implementing load balancing strategies.
 - **Asynchronous Processing**: Introduce asynchronous task queues (e.g., Celery) for long-running simulations to improve responsiveness.
 - **Enhanced Frontend**: Explore the possibility of integrating a frontend framework (e.g., React or Vue.js) for more dynamic user interactions in future iterations.
 - **Advanced Analytics**: Plan for integrating advanced analytics and machine learning capabilities to enhance simulation accuracy and reporting insights.
 - **Security Enhancements**: Implement robust authentication and authorization mechanisms to protect sensitive data and ensure compliance with industry standards.
 - **Continuous Integration/Continuous Deployment (CI/CD)**: Establish CI/CD pipelines to automate testing, building, and deployment processes for faster and more reliable releases.
 - **Monitoring and Logging**: Integrate monitoring tools (e.g., Prometheus, Grafana) and centralized logging solutions (e.g., ELK stack) to track application performance and troubleshoot issues effectively.
 - **User Feedback Loop**: Implement mechanisms for collecting user feedback to inform future development priorities and improve user experience.
 - **Documentation**: Maintain comprehensive documentation for both developers and end-users to facilitate onboarding and effective use of the system.
 - **Testing Strategy**: Develop a robust testing strategy, including unit, integration, and end-to-end tests, to ensure code quality and reliability as the system evolves.
--- a/docs/architecture/05_blocks/05_01_architecture_overview.md
+++ b/docs/architecture/05_blocks/05_01_architecture_overview.md
@@ -0,0 +1,13 @@
 ---
 title: '05 — Architecture Overview'
 description: "This overview complements architecture with a high-level map of CalMiner's module layout and request flow."
 status: draft
 ---
 This overview complements [architecture](README.md) with a high-level map of CalMiner's module layout and request flow.
 Refer to the detailed architecture chapters in `docs/architecture/`:
 - Module map & components: [Building Block View](../05_building_block_view.md)
 - Request flow & runtime interactions: [Runtime View](../06_runtime_view.md)
 - Simulation roadmap & strategy: [Solution Strategy](../04_solution_strategy.md)
--- a/docs/architecture/05_blocks/05_02_backend_components.md
+++ b/docs/architecture/05_blocks/05_02_backend_components.md
@@ -0,0 +1,13 @@
 ---
 title: '05 — Backend Components'
 description: 'Description of the backend components of the CalMiner application.'
 status: draft
 ---
 - **FastAPI application** (`main.py`): entry point that configures routers, middleware, and startup/shutdown events.
 - **Routers** (`routes/`): modular route handlers for scenarios, parameters, costs, consumption, production, equipment, maintenance, simulations, and reporting. Each router defines RESTful endpoints, request/response schemas, and orchestrates service calls.
  - leveraging a shared dependency module (`routes/dependencies.get_db`) for SQLAlchemy session management.
 - **Models** (`models/`): SQLAlchemy ORM models representing database tables and relationships, encapsulating domain entities like Scenario, CapEx, OpEx, Consumption, ProductionOutput, Equipment, Maintenance, and SimulationResult.
 - **Services** (`services/`): business logic layer that processes data, performs calculations, and interacts with models. Key services include reporting calculations and Monte Carlo simulation scaffolding.
  - `services/settings.py`: manages application settings backed by the `application_setting` table, including CSS variable defaults, persistence, and environment-driven overrides that surface in both the API and UI.
 - **Database** (`config/database.py`): sets up the SQLAlchemy engine and session management for PostgreSQL interactions.
--- a/docs/architecture/05_blocks/05_03_frontend_components.md
+++ b/docs/architecture/05_blocks/05_03_frontend_components.md
@@ -0,0 +1,11 @@
 ---
 title: '05 — Frontend Components'
 description: 'Description of the frontend components of the CalMiner application.'
 status: draft
 ---
 - **Templates** (`templates/`): Jinja2 templates for server-rendered HTML views, extending a shared base layout with a persistent sidebar for navigation.
 - **Static Assets** (`static/`): CSS and JavaScript files for styling and interactivity. Shared CSS variables in `static/css/main.css` define the color palette, while page-specific JS modules in `static/js/` handle dynamic behaviors.
 - **Reusable partials** (`templates/partials/components.html`): macro library that standardises select inputs, feedback/empty states, and table wrappers so pages remain consistent while keeping DOM hooks stable for existing JavaScript modules.
  - `templates/settings.html`: Settings hub that renders theme controls and environment override tables using metadata provided by `routes/ui.py`.
  - `static/js/settings.js`: applies client-side validation, form submission, and live CSS updates for theme changes, respecting environment-managed variables returned by the API.
--- a/docs/architecture/05_blocks/05_03_theming.md
+++ b/docs/architecture/05_blocks/05_03_theming.md
@@ -0,0 +1,88 @@
 # Theming
 ## Overview
 CalMiner uses a centralized theming system based on CSS custom properties (variables) to ensure consistent styling across the application. The theme is stored in the database and can be customized through environment variables or the UI settings page.
 ## Default Theme Settings
 The default theme provides a light, professional color palette suitable for business applications. The colors are defined as CSS custom properties and stored in the `application_setting` table with category "theme".
 ### Color Palette
 | CSS Variable                | Default Value            | Description              |
 | --------------------------- | ------------------------ | ------------------------ |
 | `--color-background`        | `#f4f5f7`                | Main background color    |
 | `--color-surface`           | `#ffffff`                | Surface/card background  |
 | `--color-text-primary`      | `#2a1f33`                | Primary text color       |
 | `--color-text-secondary`    | `#624769`                | Secondary text color     |
 | `--color-text-muted`        | `#64748b`                | Muted text color         |
 | `--color-text-subtle`       | `#94a3b8`                | Subtle text color        |
 | `--color-text-invert`       | `#ffffff`                | Text on dark backgrounds |
 | `--color-text-dark`         | `#0f172a`                | Dark text for contrast   |
 | `--color-text-strong`       | `#111827`                | Strong/bold text         |
 | `--color-primary`           | `#5f320d`                | Primary brand color      |
 | `--color-primary-strong`    | `#7e4c13`                | Stronger primary         |
 | `--color-primary-stronger`  | `#837c15`                | Strongest primary        |
 | `--color-accent`            | `#bff838`                | Accent/highlight color   |
 | `--color-border`            | `#e2e8f0`                | Default border color     |
 | `--color-border-strong`     | `#cbd5e1`                | Strong border color      |
 | `--color-highlight`         | `#eef2ff`                | Highlight background     |
 | `--color-panel-shadow`      | `rgba(15, 23, 42, 0.08)` | Subtle shadow            |
 | `--color-panel-shadow-deep` | `rgba(15, 23, 42, 0.12)` | Deeper shadow            |
 | `--color-surface-alt`       | `#f8fafc`                | Alternative surface      |
 | `--color-success`           | `#047857`                | Success state color      |
 | `--color-error`             | `#b91c1c`                | Error state color        |
 ## Customization
 ### Environment Variables
 Theme colors can be overridden using environment variables with the prefix `CALMINER_THEME_`. For example:
 ```bash
 export CALMINER_THEME_COLOR_BACKGROUND="#000000"
 export CALMINER_THEME_COLOR_ACCENT="#ff0000"
 ```
 The variable names are derived by:
 1. Removing the `--` prefix
 2. Converting to uppercase
 3. Replacing `-` with `_`
 4. Adding `CALMINER_THEME_` prefix
 ### Database Storage
 Settings are stored in the `application_setting` table with:
 - `category`: "theme"
 - `value_type`: "color"
 - `is_editable`: true
 ### UI Settings
 Users can modify theme colors through the settings page at `/ui/settings`.
 ## Implementation
 The theming system is implemented in:
 - `services/settings.py`: Color management and defaults
 - `routes/settings.py`: API endpoints for theme settings
 - `static/css/main.css`: CSS variable definitions
 - `templates/settings.html`: UI for theme customization
 ## Seeding
 Default theme settings are seeded during database setup using the seed script:
 ```bash
 python scripts/seed_data.py --theme
 ```
 Or as part of defaults:
 ```bash
 python scripts/seed_data.py --defaults
 ```
--- a/docs/architecture/05_blocks/05_04_middleware_utilities.md
+++ b/docs/architecture/05_blocks/05_04_middleware_utilities.md
@@ -0,0 +1,8 @@
 ---
 title: '05 — Middleware & Utilities'
 description: 'Description of the middleware and utility components of the CalMiner application.'
 status: draft
 ---
 - **Middleware** (`middleware/validation.py`): applies JSON validation before requests reach routers.
 - **Testing** (`tests/unit/`): pytest suite covering route and service behavior, including UI rendering checks and negative-path router validation tests to ensure consistent HTTP error semantics. Playwright end-to-end coverage is planned for core smoke flows (dashboard load, scenario inputs, reporting) and will attach in CI once scaffolding is completed.
--- a/docs/architecture/05_building_block_view.md
+++ b/docs/architecture/05_building_block_view.md
@@ -4,54 +4,13 @@ description: "Explain the static structure: modules, components, services and th
 status: draft
 ---
 <!-- markdownlint-disable-next-line MD025 -->
 # 05 — Building Block View
-## Architecture overview
+## Building Block Overview
-This overview complements [architecture](README.md) with a high-level map of CalMiner's module layout and request flow.
+- [Architecture Overview](05_blocks/05_01_architecture_overview.md)
-
+- [Backend Components](05_blocks/05_02_backend_components.md)
-Refer to the detailed architecture chapters in `docs/architecture/`:
+- [Frontend Components](05_blocks/05_03_frontend_components.md)
-
+- [Middleware & Utilities](05_blocks/05_04_middleware_utilities.md)
 - Module map & components: [Building Block View](05_building_block_view.md)
 - Request flow & runtime interactions: [Runtime View](06_runtime_view.md)
 - Simulation roadmap & strategy: [Solution Strategy](04_solution_strategy.md)
 ## System Components
 ### Backend
 - **FastAPI application** (`main.py`): entry point that configures routers, middleware, and startup/shutdown events.
 - **Routers** (`routes/`): modular route handlers for scenarios, parameters, costs, consumption, production, equipment, maintenance, simulations, and reporting. Each router defines RESTful endpoints, request/response schemas, and orchestrates service calls.
  - leveraging a shared dependency module (`routes/dependencies.get_db`) for SQLAlchemy session management.
 - **Models** (`models/`): SQLAlchemy ORM models representing database tables and relationships, encapsulating domain entities like Scenario, CapEx, OpEx, Consumption, ProductionOutput, Equipment, Maintenance, and SimulationResult.
 - **Services** (`services/`): business logic layer that processes data, performs calculations, and interacts with models. Key services include reporting calculations and Monte Carlo simulation scaffolding.
 - **Database** (`config/database.py`): sets up the SQLAlchemy engine and session management for PostgreSQL interactions.
 ### Frontend
 - **Templates** (`templates/`): Jinja2 templates for server-rendered HTML views, extending a shared base layout with a persistent sidebar for navigation.
 - **Static Assets** (`static/`): CSS and JavaScript files for styling and interactivity. Shared CSS variables in `static/css/main.css` define the color palette, while page-specific JS modules in `static/js/` handle dynamic behaviors.
 - **Reusable partials** (`templates/partials/components.html`): macro library that standardises select inputs, feedback/empty states, and table wrappers so pages remain consistent while keeping DOM hooks stable for existing JavaScript modules.
 ### Middleware & Utilities
 - **Middleware** (`middleware/validation.py`): applies JSON validation before requests reach routers.
 - **Testing** (`tests/unit/`): pytest suite covering route and service behavior, including UI rendering checks and negative-path router validation tests to ensure consistent HTTP error semantics. Playwright end-to-end coverage is planned for core smoke flows (dashboard load, scenario inputs, reporting) and will attach in CI once scaffolding is completed.
 ## Module Map (code)
 - `scenario.py`: central scenario entity with relationships to cost, consumption, production, equipment, maintenance, and simulation results.
 - `capex.py`, `opex.py`: financial expenditures tied to scenarios.
 - `consumption.py`, `production_output.py`: operational data tables.
 - `equipment.py`, `maintenance.py`: asset management models.
 - `simulation_result.py`: stores Monte Carlo iteration outputs.
 ## Service Layer
 - `reporting.py`: computes aggregates (count, min/max, mean, median, percentiles, standard deviation, variance, tail-risk metrics) from simulation results.
 - `simulation.py`: scaffolds Monte Carlo simulation logic (currently in-memory; persistence planned).
 - `currency.py`: handles currency normalization for cost tables.
 - `utils.py`: shared helper functions (e.g., statistical calculations).
 - `validation.py`: JSON schema validation middleware.
 - `database.py`: SQLAlchemy engine and session setup.
 - `dependencies.py`: FastAPI dependency injection for DB sessions.
--- a/docs/architecture/07_deployment/07_01_testing_ci.md
+++ b/docs/architecture/07_deployment/07_01_testing_ci.md
@@ -0,0 +1,215 @@
 # Testing, CI and Quality Assurance
 This chapter centralizes the project's testing strategy, CI configuration, and quality targets.
 ## Overview
 CalMiner uses a combination of unit, integration, and end-to-end tests to ensure quality.
 ### Frameworks
 - Backend: pytest for unit and integration tests.
 - Frontend: pytest with Playwright for E2E tests.
 - Database: pytest fixtures with psycopg2 for DB tests.
 ### Test Types
 - Unit Tests: Test individual functions/modules.
 - Integration Tests: Test API endpoints and DB interactions.
 - E2E Tests: Playwright for full user flows.
 ### CI/CD
 - Use Gitea Actions for CI/CD; workflows live under `.gitea/workflows/`.
 - `ci.yml` runs on push and pull requests to `main` and `develop` branches. It provisions a temporary PostgreSQL 15 service, sets up Python 3.11, installs dependencies from `requirements.txt` and `requirements-test.txt`, runs pytest with coverage on all tests, and builds the Docker image.
 - Run tests on pull requests to shared branches; enforce coverage target ≥80% (pytest-cov).
 ### Running Tests
 - Unit: `pytest tests/unit/`
 - E2E: `pytest tests/e2e/`
 - All: `pytest`
 ### Test Directory Structure
 Organize tests under the `tests/` directory mirroring the application structure:
 ```text
 tests/
  unit/
    test_<module>.py
  e2e/
    test_<flow>.py
  fixtures/
    conftest.py
 ```
 ### Fixtures and Test Data
 - Define reusable fixtures in `tests/fixtures/conftest.py`.
 - Use temporary in-memory databases or isolated schemas for DB tests.
 - Load sample data via fixtures for consistent test environments.
 - Leverage the `seeded_ui_data` fixture in `tests/unit/conftest.py` to populate scenarios with related cost, maintenance, and simulation records for deterministic UI route checks.
 ### E2E (Playwright) Tests
 The E2E test suite, located in `tests/e2e/`, uses Playwright to simulate user interactions in a live browser environment. These tests are designed to catch issues in the UI, frontend-backend integration, and overall application flow.
 #### Fixtures
 - `live_server`: A session-scoped fixture that launches the FastAPI application in a separate process, making it accessible to the browser.
 - `playwright_instance`, `browser`, `page`: Standard `pytest-playwright` fixtures for managing the Playwright instance, browser, and individual pages.
 #### Smoke Tests
 - UI Page Loading: `test_smoke.py` contains a parameterized test that systematically navigates to all UI routes to ensure they load without errors, have the correct title, and display a primary heading.
 - Form Submissions: Each major form in the application has a corresponding test file (e.g., `test_scenarios.py`, `test_costs.py`) that verifies: page loads, create item by filling the form, success message, and UI updates.
 ### Running E2E Tests
 To run the Playwright tests:
 ```bash
 pytest tests/e2e/
 ```
 To run headed mode:
 ```bash
 pytest tests/e2e/ --headed
 ```
 ### Mocking and Dependency Injection
 - Use `unittest.mock` to mock external dependencies.
 - Inject dependencies via function parameters or FastAPI's dependency overrides in tests.
 ### Code Coverage
 - Install `pytest-cov` to generate coverage reports.
 - Run with coverage: `pytest --cov --cov-report=term` (use `--cov-report=html` when visualizing hotspots).
 - Target 95%+ overall coverage. Focus on historically low modules: `services/simulation.py`, `services/reporting.py`, `middleware/validation.py`, and `routes/ui.py`.
 - Latest snapshot (2025-10-21): `pytest --cov=. --cov-report=term-missing` returns **91%** overall coverage.
 ### CI Integration
 `test.yml` encapsulates the steps below:
 - Check out the repository and set up Python 3.10.
 - Configure the runner's apt proxy (if available), install project dependencies (requirements + test extras), and download Playwright browsers.
 - Run `pytest` (extend with `--cov` flags when enforcing coverage).
 > The pip cache step is temporarily disabled in `test.yml` until the self-hosted cache service is exposed (see `docs/ci-cache-troubleshooting.md`).
 `build-and-push.yml` adds:
 - Registry login using repository secrets.
 - Docker image build/push with GHA cache storage (`cache-from/cache-to` set to `type=gha`).
 `deploy.yml` handles:
 - SSH into the deployment host.
 - Pull the tagged image from the registry.
 - Stop, remove, and relaunch the `calminer` container exposing port 8000.
 When adding new workflows, mirror this structure to ensure secrets, caching, and deployment steps remain aligned with the production environment.
 ## Workflow Optimization Opportunities
 ### `test.yml`
 - Run the apt-proxy setup once via a composite action or preconfigured runner image if additional matrix jobs are added.
 - Collapse dependency installation into a single `pip install -r requirements-test.txt` call (includes base requirements) once caching is restored.
 - Investigate caching or pre-baking Playwright browser binaries to eliminate >650 MB cold downloads per run.
 ### `build-and-push.yml`
 - Skip QEMU setup or explicitly constrain Buildx to linux/amd64 to reduce startup time.
 - Enable `cache-from` / `cache-to` settings (registry or `type=gha`) to reuse Docker build layers between runs.
 ### `deploy.yml`
 - Extract deployment script into a reusable shell script or compose file to minimize inline secrets and ease multi-environment scaling.
 - Add a post-deploy health check (e.g., `curl` readiness probe) before declaring success.
 ### Priority Overview
 1. Restore shared caching for Python wheels and Playwright browsers once infrastructure exposes the cache service (highest impact on runtime and bandwidth; requires coordination with CI owners).
 2. Enable Docker layer caching in `build-and-push.yml` to shorten build cycles (medium effort, immediate benefit to release workflows).
 3. Add post-deploy health verification to `deploy.yml` (low effort, improves confidence in automation).
 4. Streamline redundant setup steps in `test.yml` (medium effort once cache strategy is in place; consider composite actions or base image updates).
 ### Setup Consolidation Opportunities
 - `Run Tests` matrix jobs each execute the apt proxy configuration, pip installs, database wait, and setup scripts. A composite action or shell script wrapper could centralize these routines and parameterize target-specific behavior (unit vs e2e) to avoid copy/paste maintenance as additional jobs (lint, type check) are introduced.
 - Both the test and build workflows perform a `checkout` step; while unavoidable per workflow, shared git submodules or sparse checkout rules could be encapsulated in a composite action to keep options consistent.
 - The database setup script currently runs twice (dry-run and live) for every matrix leg. Evaluate whether the dry-run remains necessary once migrations stabilize; if retained, consider adding an environment variable toggle to skip redundant seed operations for read-only suites (e.g., lint).
 ### Proposed Shared Setup Action
 - Location: `.gitea/actions/setup-python-env/action.yml` (composite action).
 - Inputs:
  - `python-version` (default `3.10`): forwarded to `actions/setup-python`.
  - `install-playwright` (default `false`): when `true`, run `python -m playwright install --with-deps`.
  - `install-requirements` (default `requirements.txt requirements-test.txt`): space-delimited list pip installs iterate over.
  - `run-db-setup` (default `true`): toggles database wait + setup scripts.
  - `db-dry-run` (default `true`): controls whether the dry-run invocation executes.
 - Steps encapsulated:
  1. Set up Python via `actions/setup-python@v5` using provided version.
  2. Configure apt proxy via shared shell snippet (with graceful fallback when proxy offline).
  3. Iterate over requirement files and execute `pip install -r <file>`.
  4. If `install-playwright == true`, install browsers.
  5. If `run-db-setup == true`, run the wait-for-Postgres python snippet and call `scripts/setup_database.py`, honoring `db-dry-run` toggle.
 - Usage sketch (in `test.yml`):
 ```yaml
 - name: Prepare Python environment
  uses: ./.gitea/actions/setup-python-env
  with:
    install-playwright: ${{ matrix.target == 'e2e' }}
    db-dry-run: true
 ```
 - Benefits: centralizes proxy logic and dependency installs, reduces duplication across matrix jobs, and keeps future lint/type-check jobs lightweight by disabling database setup.
 - Implementation status: action available at `.gitea/actions/setup-python-env` and consumed by `test.yml`; extend to additional workflows as they adopt the shared routine.
 - Obsolete steps removed: individual apt proxy, dependency install, Playwright, and database setup commands pruned from `test.yml` once the composite action was integrated.
 ## CI Owner Coordination Notes
 ### Key Findings
 - Self-hosted runner: ASUS System Product Name chassis with AMD Ryzen 7 7700X (8 physical cores / 16 threads) and 63.2 GB usable RAM; `act_runner` configuration not overridden, so only one workflow job runs concurrently today.
 - Unit test matrix job: completes 117 pytest cases in roughly 4.1 seconds after Postgres spins up; Docker services consume ~150 MB for `postgres:16-alpine`, with minimal sustained CPU load once tests begin.
 - End-to-end matrix job: `pytest tests/e2e` averages 21‑22 seconds of execution, but a cold run downloads ~179 MB of apt packages plus ~470 MB of Playwright browser bundles (Chromium, Firefox, WebKit, FFmpeg), exceeding 650 MB network transfer and adding several gigabytes of disk writes if caches are absent.
 - Both jobs reuse existing Python package caches when available; absent a shared cache service, repeated Playwright installs remain the dominant cost driver for cold executions.
 ### Open Questions
 - Can we raise the runner concurrency above the default single job, or provision an additional runner, so the test matrix can execute without serializing queued workflows?
 - Is there a central cache or artifact service available for Python wheels and Playwright browser bundles to avoid ~650 MB downloads on cold starts?
 - Are we permitted to bake Playwright browsers into the base runner image, or should we pursue a shared cache/proxy solution instead?
 ### Outreach Draft
 ```text
 Subject: CalMiner CI parallelization support
 Hi <CI Owner>,
 We recently updated the CalMiner test workflow to fan out unit and Playwright E2E suites in parallel. While validating the change, we gathered the following:
 - Runner host: ASUS System Product Name with AMD Ryzen 7 7700X (8 cores / 16 threads), ~63 GB RAM, default `act_runner` concurrency (1 job at a time).
 - Unit job finishes in ~4.1 s once Postgres is ready; light CPU and network usage.
 - E2E job finishes in ~22 s, but a cold run pulls ~179 MB of apt packages plus ~470 MB of Playwright browser payloads (>650 MB download, several GB disk writes) because we do not have a shared cache yet.
 To move forward, could you help with the following?
 1. Confirm whether we can raise the runner concurrency limit or provision an additional runner so parallel jobs do not queue behind one another.
 2. Let us know if a central cache (Artifactory, Nexus, etc.) is available for Python wheels and Playwright browser bundles, or if we should consider baking the browsers into the runner image instead.
 3. Share any guidance on preferred caching or proxy solutions for large binary installs on self-hosted runners.
 Once we have clarity, we can finalize the parallel rollout and update the documentation accordingly.
 Thanks,
 <Your Name>
 ```
--- a/docs/architecture/07_deployment/07_02_database.md
+++ b/docs/architecture/07_deployment/07_02_database.md
@@ -0,0 +1,82 @@
 # Database Deployment
 ## Migrations & Baseline
 A consolidated baseline migration (`scripts/migrations/000_base.sql`) captures all schema changes required for a fresh installation. The script is idempotent: it creates the `currency` and `measurement_unit` reference tables, provisions the `application_setting` store for configurable UI/system options, ensures consumption and production records expose unit metadata, and enforces the foreign keys used by CAPEX and OPEX.
 Configure granular database settings in your PowerShell session before running migrations:
 ```powershell
 $env:DATABASE_DRIVER = 'postgresql'
 $env:DATABASE_HOST = 'localhost'
 $env:DATABASE_PORT = '5432'
 $env:DATABASE_USER = 'calminer'
 $env:DATABASE_PASSWORD = 's3cret'
 $env:DATABASE_NAME = 'calminer'
 $env:DATABASE_SCHEMA = 'public'
 python scripts/setup_database.py --run-migrations --seed-data --dry-run
 python scripts/setup_database.py --run-migrations --seed-data
 ```
 The dry-run invocation reports which steps would execute without making changes. The live run applies the baseline (if not already recorded in `schema_migrations`) and seeds the reference data relied upon by the UI and API.
 > ℹ️ When `--seed-data` is supplied without `--run-migrations`, the bootstrap script automatically applies any pending SQL migrations first so the `application_setting` table (and future settings-backed features) are present before seeding.
 >
 > ℹ️ The application still accepts `DATABASE_URL` as a fallback if the granular variables are not set.
 ## Database bootstrap workflow
 Provision or refresh a database instance with `scripts/setup_database.py`. Populate the required environment variables (an example lives at `config/setup_test.env.example`) and run:
 ```powershell
 # Load test credentials (PowerShell)
 Get-Content .\config\setup_test.env.example |
  ForEach-Object {
    if ($_ -and -not $_.StartsWith('#')) {
      $name, $value = $_ -split '=', 2
      Set-Item -Path Env:$name -Value $value
    }
  }
 # Dry-run to inspect the planned actions
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data --dry-run -v
 # Execute the full workflow
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data -v
 ```
 Typical log output confirms:
 - Admin and application connections succeed for the supplied credentials.
 - Database and role creation are idempotent (`already present` when rerun).
 - SQLAlchemy metadata either reports missing tables or `All tables already exist`.
 - Migrations list pending files and finish with `Applied N migrations` (a new database reports `Applied 1 migrations` for `000_base.sql`).
 After a successful run the target database contains all application tables plus `schema_migrations`, and that table records each applied migration file. New installations only record `000_base.sql`; upgraded environments retain historical entries alongside the baseline.
 ### Seeding reference data
 `scripts/seed_data.py` provides targeted control over the baseline datasets when the full setup script is not required:
 ```powershell
 python scripts/seed_data.py --currencies --units --dry-run
 python scripts/seed_data.py --currencies --units
 ```
 The seeder upserts the canonical currency catalog (`USD`, `EUR`, `CLP`, `RMB`, `GBP`, `CAD`, `AUD`) using ASCII-safe symbols (`USD$`, `EUR`, etc.) and the measurement units referenced by the UI (`tonnes`, `kilograms`, `pounds`, `liters`, `cubic_meters`, `kilowatt_hours`). The setup script invokes the same seeder when `--seed-data` is provided and verifies the expected rows afterward, warning if any are missing or inactive.
 ### Rollback guidance
 `scripts/setup_database.py` now tracks compensating actions when it creates the database or application role. If a later step fails, the script replays those rollback actions (dropping the newly created database or role and revoking grants) before exiting. Dry runs never register rollback steps and remain read-only.
 If the script reports that some rollback steps could not complete—for example because a connection cannot be established—rerun the script with `--dry-run` to confirm the desired end state and then apply the outstanding cleanup manually:
 ```powershell
 python scripts/setup_database.py --ensure-database --ensure-role --dry-run -v
 # Manual cleanup examples when automation cannot connect
 psql -d postgres -c "DROP DATABASE IF EXISTS calminer"
 psql -d postgres -c "DROP ROLE IF EXISTS calminer"
 ```
 After a failure and rollback, rerun the full setup once the environment issues are resolved.
--- a/docs/architecture/07_deployment/07_03_gitea_action_runner.md
+++ b/docs/architecture/07_deployment/07_03_gitea_action_runner.md
@@ -0,0 +1,152 @@
 # Gitea Action Runner Setup
 This guide describes how to provision, configure, and maintain self-hosted runners for CalMiner's Gitea-based CI/CD pipelines.
 ## 1. Purpose and Scope
 - Explain the role runners play in executing GitHub Actions–compatible workflows inside our private Gitea instance.
 - Define supported environments (Windows hosts running Docker for Linux containers today, Alpine or other Linux variants as future additions).
 - Provide repeatable steps so additional runners can be brought online quickly and consistently.
 ## 2. Prerequisites
 - **Hardware**: Minimum 8 vCPU, 16 GB RAM, and 50 GB free disk. For Playwright-heavy suites, plan for ≥60 GB free to absorb browser caches.
 - **Operating system**: Current runner uses Windows 11 Pro (10.0.26100, 64-bit). Linux instructions mirror the same flow; see section 7 for Alpine specifics.
 - **Container engine**: Docker Desktop (Windows) or Docker Engine (Linux) with pull access to `docker.gitea.com/runner-images` and `postgres:16-alpine`.
 - **Dependencies**: `curl`, `tar`, PowerShell 7+ (Windows), or standard GNU utilities (Linux) to unpack releases.
 - **Gitea access**: Repository admin or site admin token with permission to register self-hosted runners (`Settings → Runners → New Runner`).
 ### Current Runner Inventory (October 2025)
 - Hostname `DESKTOP-GLB3A15`; ASUS System Product Name chassis with AMD Ryzen 7 7700X (8C/16T) and ~63 GB usable RAM.
 - Windows 11 Pro 10.0.26100 (64-bit) hosting Docker containers for Ubuntu-based job images.
 - `act_runner` version `v0.2.13`; no `act_runner.yaml` present, so defaults apply (single concurrency, no custom labels beyond registration).
 - Registered against `http://192.168.88.30:3000` with labels:
  - `ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest`
  - `ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04`
  - `ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04`
 - Runner metadata stored in `.runner`; removing this file forces re-registration and should only be done intentionally.
 ## 3. Runner Installation
 ### 3.1 Download and Extract
 ```powershell
 $runnerVersion = "v0.2.13"
 $downloadUrl = "https://gitea.com/gitea/act_runner/releases/download/$runnerVersion/act_runner_${runnerVersion}_windows_amd64.zip"
 Invoke-WebRequest -Uri $downloadUrl -OutFile act_runner.zip
 Expand-Archive act_runner.zip -DestinationPath C:\Tools\act-runner -Force
 ```
 For Linux, download the `linux_amd64.tar.gz` artifact and extract with `tar -xzf` into `/opt/act-runner`.
 ### 3.2 Configure Working Directory
 ```powershell
 Set-Location C:\Tools\act-runner
 New-Item -ItemType Directory -Path logs -Force | Out-Null
 ```
 Ensure the directory is writable by the service account that will execute the runner.
 ### 3.3 Register With Gitea
 1. In Gitea, navigate to the repository or organization **Settings → Runners → New Runner**.
 2. Copy the registration token and instance URL.
 3. Execute the registration wizard:
 ```powershell
 .\act_runner.exe register --instance http://192.168.88.30:3000 --token <TOKEN> --labels "ubuntu-latest:docker://docker.gitea.com/runner-images:ubuntu-latest" "ubuntu-24.04:docker://docker.gitea.com/runner-images:ubuntu-24.04" "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
 ```
 Linux syntax is identical using `./act_runner register`.
 This command populates `.runner` with the runner ID, UUID, and labels.
 ## 4. Service Configuration
 ### 4.1 Windows Service
 Act Runner provides a built-in service helper:
 ```powershell
 .\act_runner.exe install
 .\act_runner.exe start
 ```
 The service runs under `LocalSystem` by default. Use `.\act_runner.exe install --user <DOMAIN\User> --password <Secret>` if isolation is required.
 ### 4.2 Linux systemd Unit
 Create `/etc/systemd/system/act-runner.service`:
 ```ini
 [Unit]
 Description=Gitea Act Runner
 After=docker.service
 Requires=docker.service
 [Service]
 WorkingDirectory=/opt/act-runner
 ExecStart=/opt/act-runner/act_runner daemon
 Restart=always
 RestartSec=10
 Environment="HTTP_PROXY=http://apt-cacher:3142" "HTTPS_PROXY=http://apt-cacher:3142"
 [Install]
 WantedBy=multi-user.target
 ```
 Enable and start:
 ```bash
 sudo systemctl daemon-reload
 sudo systemctl enable --now act-runner.service
 ```
 ### 4.3 Environment Variables and Proxy Settings
 - Configure `HTTP_PROXY`, `HTTPS_PROXY`, and their lowercase variants to leverage the shared apt cache (`http://apt-cacher:3142`).
 - Persist Docker registry credentials (for `docker.gitea.com`) in the service user profile using `docker login`; workflows rely on cached authentication for builds.
 - To expose pip caching once infrastructure is available, set `PIP_INDEX_URL` and `PIP_EXTRA_INDEX_URL` at the service level.
 ### 4.4 Logging
 - Windows services write to `%ProgramData%\act-runner\logs`. Redirect or forward to centralized logging if required.
 - Linux installations can leverage `journalctl -u act-runner` and logrotate rules for `/opt/act-runner/logs`.
 ## 5. Network and Security
 - **Outbound**: Allow HTTPS traffic to the Gitea instance, Docker Hub, docker.gitea.com, npm (for Playwright), PyPI, and the apt cache proxy.
 - **Inbound**: No inbound ports are required; block unsolicited traffic on internet-facing hosts.
 - **Credentials**: Store deployment SSH keys and registry credentials in Gitea secrets, not on the runner host.
 - **Least privilege**: Run the service under a dedicated account with access only to Docker and required directories.
 ## 6. Maintenance and Upgrades
 - **Version checks**: Monitor `https://gitea.com/gitea/act_runner/releases` and schedule upgrades quarterly or when security fixes drop.
 - **Upgrade procedure**: Stop the service, replace `act_runner` binary, restart. Re-registration is not required as long as `.runner` remains intact.
 - **Health checks**: Periodically validate connectivity with `act_runner exec --detect-event -W .gitea/workflows/test.yml` and inspect workflow durations to catch regressions.
 - **Cleanup**: Purge Docker images and volumes monthly (`docker system prune -af`) to reclaim disk space.
 - **Troubleshooting**: Use `act_runner diagnose` (if available in newer versions) or review logs for repeated failures; reset by stopping the service, deleting stale job containers (`docker ps -a`), and restarting.
 ## 7. Alpine-based Runner Notes
 - Install baseline packages: `apk add docker bash curl coreutils nodejs npm python3 py3-pip libstdc++`.
 - Playwright requirements: add `apk add chromium nss freetype harfbuzz ca-certificates mesa-gl` or install Playwright browsers via `npx playwright install --with-deps` using the Alpine bundle.
 - Musl vs glibc: When workflows require glibc (e.g., certain Python wheels), include `apk add gcompat` or base images on `frolvlad/alpine-glibc`.
 - Systemd alternative: Use `rc-service` or `supervisord` to manage `act_runner daemon` on Alpine since systemd is absent.
 - Storage: Mount `/var/lib/docker` to persistent storage if running inside a VM, ensuring browser downloads and layer caches survive restarts.
 ## 8. Appendix
 - **Troubleshooting checklist**:
  - Verify Docker daemon is healthy (`docker info`).
  - Confirm `.runner` file exists and lists expected labels.
  - Re-run `act_runner register` if the runner no longer appears in Gitea.
  - Check proxy endpoints are reachable before jobs start downloading dependencies.
 - **Related documentation**:
  - `docs/architecture/07_deployment/07_01_testing_ci.md` (workflow architecture and CI owner coordination).
  - `docs/ci-cache-troubleshooting.md` (pip caching status and known issues).
  - `.gitea/actions/setup-python-env/action.yml` (shared job preparation logic referenced in workflows).
--- a/docs/architecture/07_deployment_view.md
+++ b/docs/architecture/07_deployment_view.md
@@ -1,6 +1,6 @@
 ---
-title: "07 — Deployment View"
+title: '07 — Deployment View'
-description: "Describe deployment topology, infrastructure components, and environments (dev/stage/prod)."
+description: 'Describe deployment topology, infrastructure components, and environments (dev/stage/prod).'
 status: draft
 ---
@@ -15,23 +15,68 @@ The CalMiner application is deployed using a multi-tier architecture consisting
 1. **Client Layer**: This layer consists of web browsers that interact with the application through a user interface rendered by Jinja2 templates and enhanced with JavaScript (Chart.js for dashboards).
 2. **Web Application Layer**: This layer hosts the FastAPI application, which handles API requests, business logic, and serves HTML templates. It communicates with the database layer for data persistence.
 3. **Database Layer**: This layer consists of a PostgreSQL database that stores all application data, including scenarios, parameters, costs, consumption, production outputs, equipment, maintenance logs, and simulation results.
-4. **Caching Layer**: This layer uses Redis to cache frequently accessed data and improve application performance.
+
 ```mermaid
 graph TD
    A[Client Layer] --> B[Web Application Layer]
    B --> C[Database Layer]
 ```
 ## Infrastructure Components
 The infrastructure components for the application include:
 - **Web Server**: Hosts the FastAPI application and serves API endpoints.
 - **Database Server**: PostgreSQL database for persisting application data.
 - **Static File Server**: Serves static assets such as CSS, JavaScript, and image files.
 - **Reverse Proxy (optional)**: An Nginx or Apache server can be used as a reverse proxy.
 - **Containerization**: Docker images are generated via the repository `Dockerfile`, using a multi-stage build to keep the final runtime minimal.
 - **CI/CD Pipeline**: Automated pipelines (Gitea Actions) run tests, build/push Docker images, and trigger deployments.
  - **Gitea Actions Workflows**: Located under `.gitea/workflows/`, these workflows handle testing, building, pushing, and deploying the application.
  - **Gitea Action Runners**: Self-hosted runners execute the CI/CD workflows.
  - **Testing and Continuous Integration**: Automated tests ensure code quality before deployment, also documented in [Testing & CI](07_deployment/07_01_testing_ci.md.md).
 - **Docker Infrastructure**: Docker is used to containerize the application for consistent deployment across environments.
 - **Portainer**: Production deployment environment for managing Docker containers.
  - **Web Server**: Hosts the FastAPI application and serves API endpoints.
  - **Database Server**: PostgreSQL database for persisting application data.
  - **Static File Server**: Serves static assets such as CSS, JavaScript, and image files.
 - **Cloud Infrastructure (optional)**: The application can be deployed on cloud platforms.
 ```mermaid
 graph TD
    G[Git Repository] --> C[CI/CD Pipeline]
    C --> GAW[Gitea Action Workflows]
    GAW --> GAR[Gitea Action Runners]
    GAR --> T[Testing]
    GAR --> CI[Continuous Integration]
    T --> G
    CI --> G
    W[Web Server] --> DB[Database Server]
    RP[Reverse Proxy] --> W
    I((Internet)) <--> RP
    PO[Containerization] --> W
    C[CI/CD Pipeline] --> PO
    W --> S[Static File Server]
    S --> RP
    PO --> DB
    PO --> S
 ```
 ## Environments
-The application can be deployed in multiple environments to support development, testing, and production:
+The application can be deployed in multiple environments to support development, testing, and production.
 ```mermaid
 graph TD
    R[Repository] --> DEV[Development Environment]
    R[Repository] --> TEST[Testing Environment]
    R[Repository] --> PROD[Production Environment]
    DEV --> W_DEV[Web Server - Dev]
    DEV --> DB_DEV[Database Server - Dev]
    TEST --> W_TEST[Web Server - Test]
    TEST --> DB_TEST[Database Server - Test]
    PROD --> W_PROD[Web Server - Prod]
    PROD --> DB_PROD[Database Server - Prod]
 ```
 ### Development Environment
@@ -40,6 +85,14 @@ The development environment is set up for local development and testing. It incl
 - Local PostgreSQL instance (docker compose recommended, script available at `docker-compose.postgres.yml`)
 - FastAPI server running in debug mode
 `docker-compose.dev.yml` encapsulates this topology:
 - `api` service mounts the repository for live reloads (`uvicorn --reload`) and depends on the database health check.
 - `db` service uses the Debian-based `postgres:16` image with UTF-8 locale configuration and persists data in `pg_data_dev`.
 - A shared `calminer_backend` bridge network keeps traffic contained; ports 8000/5432 are published for local tooling.
 See [docs/quickstart.md](../quickstart.md#compose-driven-development-stack) for command examples and volume maintenance tips.
 ### Testing Environment
 The testing environment is set up for automated testing and quality assurance. It includes:
@@ -48,29 +101,53 @@ The testing environment is set up for automated testing and quality assurance. I
 - FastAPI server running in testing mode
 - Automated test suite (e.g., pytest) for running unit and integration tests
 `docker-compose.test.yml` provisions an ephemeral CI-like stack:
 - `tests` service builds the application image, installs `requirements-test.txt`, runs the database setup script (dry-run + apply), then executes pytest.
 - `api` service is available on port 8001 for manual verification against the test database.
 - `postgres` service seeds a disposable Postgres 16 instance with health checks and named volumes (`pg_data_test`, `pip_cache_test`).
 Typical commands mirror the CI workflow (`docker compose -f docker-compose.test.yml run --rm tests`); the [quickstart](../quickstart.md#compose-driven-test-stack) lists variations and teardown steps.
 ### Production Environment
 The production environment is set up for serving live traffic and includes:
 - Production PostgreSQL instance
 - FastAPI server running in production mode
- Load balancer (e.g., Nginx) for distributing incoming requests
+- Load balancer (Traefik) for distributing incoming requests
 - Monitoring and logging tools for tracking application performance
 #### Production docker compose topology
 - `docker-compose.prod.yml` defines the runtime topology for operator-managed deployments.
 - `api` service runs the FastAPI image with resource limits (`API_LIMIT_CPUS`, `API_LIMIT_MEMORY`) and a `/health` probe consumed by Traefik and the Compose health check.
 - `traefik` service (enabled via the `reverse-proxy` profile) terminates TLS using the ACME resolver configured by `TRAEFIK_ACME_EMAIL` and routes `CALMINER_DOMAIN` traffic to the API.
 - `postgres` service (enabled via the `local-db` profile) exists for edge deployments without managed PostgreSQL and persists data in the `pg_data_prod` volume while mounting `./backups` for operator snapshots.
 - All services join the configurable `CALMINER_NETWORK` (defaults to `calminer_backend`) to keep traffic isolated from host networks.
 Deployment workflow:
 1. Copy `config/setup_production.env.example` to `config/setup_production.env` and populate domain, registry image tag, database credentials, and resource budgets.
 2. Launch the stack with `docker compose --env-file config/setup_production.env -f docker-compose.prod.yml --profile reverse-proxy up -d` (append `--profile local-db` when hosting Postgres locally).
 3. Run database migrations and seeding using `docker compose --env-file config/setup_production.env -f docker-compose.prod.yml run --rm api python scripts/setup_database.py --run-migrations --seed-data`.
 4. Monitor container health via `docker compose -f docker-compose.prod.yml ps` or Traefik dashboards; the API health endpoint returns `{ "status": "ok" }` when ready.
 5. Shut down with `docker compose -f docker-compose.prod.yml down` (volumes persist unless `-v` is supplied).
 ## Containerized Deployment Flow
-The Docker-based deployment path aligns with the solution strategy documented in [04 — Solution Strategy](04_solution_strategy.md) and the CI practices captured in [14 — Testing & CI](14_testing_ci.md).
+The Docker-based deployment path aligns with the solution strategy documented in [Solution Strategy](04_solution_strategy.md) and the CI practices captured in [Testing & CI](07_deployment/07_01_testing_ci.md.md).
 ### Image Build
 - The multi-stage `Dockerfile` installs dependencies in a builder layer (including system compilers and Python packages) and copies only the required runtime artifacts to the final image.
 - Build arguments are minimal; database configuration is supplied at runtime via granular variables (`DATABASE_DRIVER`, `DATABASE_HOST`, `DATABASE_PORT`, `DATABASE_USER`, `DATABASE_PASSWORD`, `DATABASE_NAME`, optional `DATABASE_SCHEMA`). Secrets and configuration should be passed via environment variables or an orchestrator.
- The resulting image exposes port `8000` and starts `uvicorn main:app` (s. [README.md](../../README.md)).
+- The resulting image exposes port `8000` and starts `uvicorn main:app` (see main [README.md](../../README.md)).
 ### Runtime Environment
 - For single-node deployments, run the container alongside PostgreSQL/Redis using Docker Compose or an equivalent orchestrator.
- A reverse proxy (e.g., Nginx) terminates TLS and forwards traffic to the container on port `8000`.
+- A reverse proxy (Traefik) terminates TLS and forwards traffic to the container on port `8000`.
 - Migrations must be applied prior to rolling out a new image; automation can hook into the deploy step to run `scripts/run_migrations.py`.
 ### CI/CD Integration
@@ -80,7 +157,7 @@ The Docker-based deployment path aligns with the solution strategy documented in
 - `build-and-push.yml` logs into the container registry, rebuilds the Docker image using GitHub Actions cache-backed layers, and pushes `latest` (and additional tags as required).
 - `deploy.yml` connects to the target host via SSH, pulls the pushed tag, stops any existing container, and launches the new version.
 - Required secrets: `REGISTRY_URL`, `REGISTRY_USERNAME`, `REGISTRY_PASSWORD`, `SSH_HOST`, `SSH_USERNAME`, `SSH_PRIVATE_KEY`.
- Extend these workflows when introducing staging/blue-green deployments; keep cross-links with [14 — Testing & CI](14_testing_ci.md) up to date.
+- Extend these workflows when introducing staging/blue-green deployments; keep cross-links with [Testing & CI](07_deployment/07_01_testing_ci.md.md) up to date.
 ## Integrations and Future Work (deployment-related)
--- a/docs/architecture/08_concepts.md
+++ b/docs/architecture/08_concepts.md
@@ -55,6 +55,7 @@ See [Domain Models](08_concepts/08_01_domain_models.md) document for detailed cl
 - `production_output`: production metrics per scenario.
 - `equipment` and `maintenance`: equipment inventory and maintenance events with dates/costs.
 - `simulation_result`: staging table for future Monte Carlo outputs (not yet populated by `run_simulation`).
 - `application_setting`: centralized key/value store for UI and system configuration, supporting typed values, categories, and editability flags so administrators can manage theme variables and future global options without code changes.
 Foreign keys secure referential integrity between domain tables and their scenarios, enabling per-scenario analytics.
--- a/docs/architecture/08_concepts/08_01_security.md
+++ b/docs/architecture/08_concepts/08_01_security.md
@@ -0,0 +1,36 @@
 # User Roles and Permissions Model
 This document outlines the proposed user roles and permissions model for the CalMiner application.
 ## User Roles
 - **Admin:** Full access to all features, including user management, application settings, and all data.
 - **Analyst:** Can create, view, edit, and delete scenarios, run simulations, and view reports. Cannot modify application settings or manage users.
 - **Viewer:** Can view scenarios, simulations, and reports. Cannot create, edit, or delete anything.
 ## Permissions (examples)
 - `users:manage`: Admin only.
 - `settings:manage`: Admin only.
 - `scenarios:create`: Admin, Analyst.
 - `scenarios:view`: Admin, Analyst, Viewer.
 - `scenarios:edit`: Admin, Analyst.
 - `scenarios:delete`: Admin, Analyst.
 - `simulations:run`: Admin, Analyst.
 - `simulations:view`: Admin, Analyst, Viewer.
 - `reports:view`: Admin, Analyst, Viewer.
 ## Authentication System
 The authentication system uses JWT (JSON Web Tokens) for securing API endpoints. Users can register with a username, email, and password. Passwords are hashed using a `passlib` CryptContext for secure, configurable hashing. Upon successful login, an access token is issued, which must be included in subsequent requests for protected resources.
 ## Key Components
 - **Password Hashing:** `passlib.context.CryptContext` with `bcrypt` scheme.
 - **Token Creation & Verification:** `jose.jwt` for encoding and decoding JWTs.
 - **Authentication Flow:**
  1. User registers via `/users/register`.
  2. User logs in via `/users/login` to obtain an access token.
  3. The access token is sent in the `Authorization` header (Bearer token) for protected routes.
  4. The `get_current_user` dependency verifies the token and retrieves the authenticated user.
 - **Password Reset:** A placeholder `forgot_password` endpoint is available, and a `reset_password` endpoint allows users to set a new password with a valid token (token generation and email sending are not yet implemented).
--- a/docs/architecture/14_testing_ci.md
+++ b/docs/architecture/14_testing_ci.md
@@ -1,118 +0,0 @@
 # 14 Testing, CI and Quality Assurance
 This chapter centralizes the project's testing strategy, CI configuration, and quality targets.
 ## Overview
 CalMiner uses a combination of unit, integration, and end-to-end tests to ensure quality.
 ### Frameworks
 - Backend: pytest for unit and integration tests.
 - Frontend: pytest with Playwright for E2E tests.
 - Database: pytest fixtures with psycopg2 for DB tests.
 ### Test Types
 - Unit Tests: Test individual functions/modules.
 - Integration Tests: Test API endpoints and DB interactions.
 - E2E Tests: Playwright for full user flows.
 ### CI/CD
 - Use Gitea Actions for CI/CD; workflows live under `.gitea/workflows/`.
 - `test.yml` runs on every push, provisions a temporary Postgres 16 service, waits for readiness, executes the setup script in dry-run and live modes, installs Playwright browsers, and finally runs the full pytest suite.
 - `build-and-push.yml` builds the Docker image with `docker/build-push-action@v2`, reusing GitHub Actions cache-backed layers, and pushes to the Gitea registry.
 - `deploy.yml` connects to the target host (via `appleboy/ssh-action`) to pull the freshly pushed image and restart the container.
 - Mandatory secrets: `REGISTRY_USERNAME`, `REGISTRY_PASSWORD`, `REGISTRY_URL`, `SSH_HOST`, `SSH_USERNAME`, `SSH_PRIVATE_KEY`.
 - Run tests on pull requests to shared branches; enforce coverage target ≥80% (pytest-cov).
 ### Running Tests
 - Unit: `pytest tests/unit/`
 - E2E: `pytest tests/e2e/`
 - All: `pytest`
 ### Test Directory Structure
 Organize tests under the `tests/` directory mirroring the application structure:
 ````text
 tests/
  unit/
    test_<module>.py
  e2e/
    test_<flow>.py
  fixtures/
    conftest.py
 ```python
 ### Fixtures and Test Data
 - Define reusable fixtures in `tests/fixtures/conftest.py`.
 - Use temporary in-memory databases or isolated schemas for DB tests.
 - Load sample data via fixtures for consistent test environments.
 - Leverage the `seeded_ui_data` fixture in `tests/unit/conftest.py` to populate scenarios with related cost, maintenance, and simulation records for deterministic UI route checks.
 ### E2E (Playwright) Tests
 The E2E test suite, located in `tests/e2e/`, uses Playwright to simulate user interactions in a live browser environment. These tests are designed to catch issues in the UI, frontend-backend integration, and overall application flow.
 #### Fixtures
 - `live_server`: A session-scoped fixture that launches the FastAPI application in a separate process, making it accessible to the browser.
 - `playwright_instance`, `browser`, `page`: Standard `pytest-playwright` fixtures for managing the Playwright instance, browser, and individual pages.
 #### Smoke Tests
 - UI Page Loading: `test_smoke.py` contains a parameterized test that systematically navigates to all UI routes to ensure they load without errors, have the correct title, and display a primary heading.
 - Form Submissions: Each major form in the application has a corresponding test file (e.g., `test_scenarios.py`, `test_costs.py`) that verifies: page loads, create item by filling the form, success message, and UI updates.
 ### Running E2E Tests
 To run the Playwright tests:
 ```bash
 pytest tests/e2e/
 ````
 To run headed mode:
 ```bash
 pytest tests/e2e/ --headed
 ```
 ### Mocking and Dependency Injection
 - Use `unittest.mock` to mock external dependencies.
 - Inject dependencies via function parameters or FastAPI's dependency overrides in tests.
 ### Code Coverage
 - Install `pytest-cov` to generate coverage reports.
 - Run with coverage: `pytest --cov --cov-report=term` (use `--cov-report=html` when visualizing hotspots).
 - Target 95%+ overall coverage. Focus on historically low modules: `services/simulation.py`, `services/reporting.py`, `middleware/validation.py`, and `routes/ui.py`.
 - Latest snapshot (2025-10-21): `pytest --cov=. --cov-report=term-missing` returns **91%** overall coverage.
 ### CI Integration
 `test.yml` encapsulates the steps below:
 - Check out the repository and set up Python 3.10.
 - Configure the runner's apt proxy (if available), install project dependencies (requirements + test extras), and download Playwright browsers.
 - Run `pytest` (extend with `--cov` flags when enforcing coverage).
 > The pip cache step is temporarily disabled in `test.yml` until the self-hosted cache service is exposed (see `docs/ci-cache-troubleshooting.md`).
 `build-and-push.yml` adds:
 - Registry login using repository secrets.
 - Docker image build/push with GHA cache storage (`cache-from/cache-to` set to `type=gha`).
 `deploy.yml` handles:
 - SSH into the deployment host.
 - Pull the tagged image from the registry.
 - Stop, remove, and relaunch the `calminer` container exposing port 8000.
 When adding new workflows, mirror this structure to ensure secrets, caching, and deployment steps remain aligned with the production environment.
--- a/docs/architecture/README.md
+++ b/docs/architecture/README.md
@@ -1,6 +1,6 @@
 ---
-title: "CalMiner Architecture Documentation"
+title: 'CalMiner Architecture Documentation'
-description: "arc42-based architecture documentation for the CalMiner project"
+description: 'arc42-based architecture documentation for the CalMiner project'
 ---
 # Architecture documentation (arc42 mapping)
@@ -11,16 +11,32 @@ This folder mirrors the arc42 chapter structure (adapted to Markdown).
 - [01 Introduction and Goals](01_introduction_and_goals.md)
 - [02 Architecture Constraints](02_architecture_constraints.md)
  - [02_01 Technical Constraints](02_constraints/02_01_technical_constraints.md)
  - [02_02 Organizational Constraints](02_constraints/02_02_organizational_constraints.md)
  - [02_03 Regulatory Constraints](02_constraints/02_03_regulatory_constraints.md)
  - [02_04 Environmental Constraints](02_constraints/02_04_environmental_constraints.md)
  - [02_05 Performance Constraints](02_constraints/02_05_performance_constraints.md)
 - [03 Context and Scope](03_context_and_scope.md)
  - [03_01 Architecture Scope](03_scope/03_01_architecture_scope.md)
 - [04 Solution Strategy](04_solution_strategy.md)
  - [04_01 Client-Server Architecture](04_strategy/04_01_client_server_architecture.md)
  - [04_02 Technology Choices](04_strategy/04_02_technology_choices.md)
  - [04_03 Trade-offs](04_strategy/04_03_trade_offs.md)
  - [04_04 Future Considerations](04_strategy/04_04_future_considerations.md)
 - [05 Building Block View](05_building_block_view.md)
  - [05_01 Architecture Overview](05_blocks/05_01_architecture_overview.md)
  - [05_02 Backend Components](05_blocks/05_02_backend_components.md)
  - [05_03 Frontend Components](05_blocks/05_03_frontend_components.md)
  - [05_03 Theming](05_blocks/05_03_theming.md)
  - [05_04 Middleware & Utilities](05_blocks/05_04_middleware_utilities.md)
 - [06 Runtime View](06_runtime_view.md)
 - [07 Deployment View](07_deployment_view.md)
  - [07_01 Testing & CI](07_deployment/07_01_testing_ci.md.md)
  - [07_02 Database](07_deployment/07_02_database.md)
 - [08 Concepts](08_concepts.md)
  - [08_01 Security](08_concepts/08_01_security.md)
  - [08_02 Data Models](08_concepts/08_02_data_models.md)
 - [09 Architecture Decisions](09_architecture_decisions.md)
 - [10 Quality Requirements](10_quality_requirements.md)
 - [11 Technical Risks](11_technical_risks.md)
 - [12 Glossary](12_glossary.md)
 - [13 UI and Style](13_ui_and_style.md)
 - [14 Testing & CI](14_testing_ci.md)
 - [15 Development Setup](15_development_setup.md)
--- a/docs/architecture/15_development_setup.md
+++ b/docs/architecture/15_development_setup.md
@@ -1,50 +1,77 @@
-# 15 Development Setup Guide
+# Development Environment Setup
 This document outlines the local development environment and steps to get the project running.
 ## Prerequisites
- Python (version 3.10+)
+- Python (version 3.11+)
 - PostgreSQL (version 13+)
 - Git
 - Docker and Docker Compose (optional, for containerized development)
 ## Clone and Project Setup
-````powershell
+```powershell
 # Clone the repository
 git clone https://git.allucanget.biz/allucanget/calminer.git
 cd calminer
-```python
+```
-## Virtual Environment
+## Development with Docker Compose (Recommended)
 For a quick setup without installing PostgreSQL locally, use Docker Compose:
 ```powershell
 # Start services
 docker-compose up
 # The app will be available at http://localhost:8000
 # Database is automatically set up
 ```
 To run in background:
 ```powershell
 docker-compose up -d
 ```
 To stop:
 ```powershell
 docker-compose down
 ```
 ## Manual Development Setup
 ### Virtual Environment
 ```powershell
 # Create and activate a virtual environment
 python -m venv .venv
 .\.venv\Scripts\Activate.ps1
-```python
+```
-## Install Dependencies
+### Install Dependencies
 ```powershell
 pip install -r requirements.txt
-```python
+```
-## Database Setup
+### Database Setup
 1. Create database user:
 ```sql
 CREATE USER calminer_user WITH PASSWORD 'your_password';
-````
+```
 1. Create database:
-````sql
+```sql
 CREATE DATABASE calminer;
-```python
+```
-## Environment Variables
+### Environment Variables
 1. Copy `.env.example` to `.env` at project root.
 1. Edit `.env` to set database connection details:
@@ -57,21 +84,21 @@ DATABASE_USER=calminer_user
 DATABASE_PASSWORD=your_password
 DATABASE_NAME=calminer
 DATABASE_SCHEMA=public
-````
+```
 1. The application uses `python-dotenv` to load these variables. A legacy `DATABASE_URL` value is still accepted if the granular keys are omitted.
-## Running the Application
+### Running the Application
-````powershell
+```powershell
 # Start the FastAPI server
 uvicorn main:app --reload
-```python
+```
 ## Testing
 ```powershell
 pytest
-````
+```
 E2E tests use Playwright and a session-scoped `live_server` fixture that starts the app at `http://localhost:8001` for browser-driven tests.
--- a/docs/developer/staging_environment_setup.md
+++ b/docs/developer/staging_environment_setup.md
@@ -16,18 +16,18 @@ This guide outlines how to provision and validate the CalMiner staging database
 Populate the following environment variables before invoking the setup script. Store them in a secure location such as `config/setup_staging.env` (excluded from source control) and load them with `dotenv` or your shell profile.
-| Variable | Description |
+| Variable                      | Description                                                                               |
-| --- | --- |
+| ----------------------------- | ----------------------------------------------------------------------------------------- |
-| `DATABASE_HOST` | Staging PostgreSQL hostname or IP (for example `staging-db.internal`). |
+| `DATABASE_HOST`               | Staging PostgreSQL hostname or IP (for example `staging-db.internal`).                    |
-| `DATABASE_PORT` | Port exposed by the staging PostgreSQL service (default `5432`). |
+| `DATABASE_PORT`               | Port exposed by the staging PostgreSQL service (default `5432`).                          |
-| `DATABASE_NAME` | CalMiner staging database name (for example `calminer_staging`). |
+| `DATABASE_NAME`               | CalMiner staging database name (for example `calminer_staging`).                          |
-| `DATABASE_USER` | Application role used by the FastAPI app (for example `calminer_app`). |
+| `DATABASE_USER`               | Application role used by the FastAPI app (for example `calminer_app`).                    |
-| `DATABASE_PASSWORD` | Password for the application role. |
+| `DATABASE_PASSWORD`           | Password for the application role.                                                        |
-| `DATABASE_SCHEMA` | Optional non-public schema; omit or set to `public` otherwise. |
+| `DATABASE_SCHEMA`             | Optional non-public schema; omit or set to `public` otherwise.                            |
-| `DATABASE_SUPERUSER` | Administrative role with rights to create roles/databases (for example `calminer_admin`). |
+| `DATABASE_SUPERUSER`          | Administrative role with rights to create roles/databases (for example `calminer_admin`). |
-| `DATABASE_SUPERUSER_PASSWORD` | Password for the administrative role. |
+| `DATABASE_SUPERUSER_PASSWORD` | Password for the administrative role.                                                     |
-| `DATABASE_SUPERUSER_DB` | Database to connect to for admin tasks (default `postgres`). |
+| `DATABASE_SUPERUSER_DB`       | Database to connect to for admin tasks (default `postgres`).                              |
-| `DATABASE_ADMIN_URL` | Optional DSN that overrides the granular admin settings above. |
+| `DATABASE_ADMIN_URL`          | Optional DSN that overrides the granular admin settings above.                            |
 You may also set `DATABASE_URL` for application runtime convenience, but the setup script only requires the values listed in the table.
@@ -98,4 +98,3 @@ Run the setup script in three phases to validate idempotency and capture diagnos
 ## Next Steps
 - Keep this document updated as staging infrastructure evolves (for example, when migrating to managed services or rotating credentials).
 - Once staging validation is complete, summarize the outcome in `.github/instructions/DONE.TODO.md` and cross-link the relevant log files.
--- a/docs/architecture/13_ui_and_style.md
+++ b/docs/architecture/13_ui_and_style.md
@@ -1,8 +1,6 @@
-# 13 — UI, templates and styling
+# UI, templates and styling
-Status: migrated
+This document outlines the UI structure, template components, CSS variable conventions, and per-page data/actions for the CalMiner application.
 This chapter collects UI integration notes, reusable template components, styling audit points and per-page UI data/actions.
 ## Reusable Template Components
@@ -28,6 +26,32 @@ Import macros via:
 - **Tables**: `.table-container` wrappers need overflow handling for narrow viewports; consider `overflow-x: auto` with padding adjustments.
 - **Feedback/Empty states**: Messages use default font weight and spacing; a utility class for margin/padding would ensure consistent separation from forms or tables.
 ## CSS Variable Naming Conventions
 The project adheres to a clear and descriptive naming convention for CSS variables, primarily defined in `static/css/main.css`.
 ## Naming Structure
 Variables are prefixed based on their category:
 - `--color-`: For all color-related variables (e.g., `--color-primary`, `--color-background`, `--color-text-primary`).
 - `--space-`: For spacing and layout-related variables (e.g., `--space-sm`, `--space-md`, `--space-lg`).
 - `--font-size-`: For font size variables (e.g., `--font-size-base`, `--font-size-lg`).
 - Other specific prefixes for components or properties (e.g., `--panel-radius`, `--table-radius`).
 ## Descriptive Names
 Color names are chosen to be semantically meaningful rather than literal color values, allowing for easier theme changes. For example:
 - `--color-primary`: Represents the main brand color.
 - `--color-accent`: Represents an accent color used for highlights.
 - `--color-text-primary`: The main text color.
 - `--color-text-muted`: A lighter text color for less emphasis.
 - `--color-surface`: The background color for UI elements like cards or panels.
 - `--color-background`: The overall page background color.
 This approach ensures that the CSS variables are intuitive, maintainable, and easily adaptable for future theme customizations.
 ## Per-page data & actions
 Short reference of per-page APIs and primary actions used by templates and scripts.
@@ -76,6 +100,21 @@ Short reference of per-page APIs and primary actions used by templates and scrip
  - Data: `POST /api/reporting/summary` (accepts arrays of `{ "result": float }` objects)
  - Actions: Trigger summary refreshes and export/download actions.
 ## Navigation Structure
 The application uses a sidebar navigation menu organized into the following top-level categories:
 - **Dashboard**: Main overview page.
 - **Overview**: Sub-menu for core scenario inputs.
  - Parameters: Process parameters configuration.
  - Costs: Capital and operating costs.
  - Consumption: Resource consumption tracking.
  - Production: Production output settings.
  - Equipment: Equipment inventory (with Maintenance sub-item).
 - **Simulations**: Monte Carlo simulation runs.
 - **Analytics**: Reporting and analytics.
 - **Settings**: Administrative settings (with Themes and Currency Management sub-items).
 ## UI Template Audit (2025-10-20)
 - Existing HTML templates: `ScenarioForm.html`, `ParameterInput.html`, and `Dashboard.html` (reporting summary view).
--- a/docs/idempotency_audit.md
+++ b/docs/idempotency_audit.md
@@ -1,31 +0,0 @@
 # Setup Script Idempotency Audit (2025-10-25)
 This note captures the current evaluation of idempotent behaviour for `scripts/setup_database.py` and outlines follow-up actions.
 ## Admin Tasks
 - **ensure_database**: guarded by `SELECT 1 FROM pg_database`; re-runs safely. Failure mode: network issues or lack of privileges surface as psycopg2 errors without additional context.
 - **ensure_role**: checks `pg_roles`, creates role if missing, reapplies grants each time. Subsequent runs execute grants again but PostgreSQL tolerates repeated grants.
 - **ensure_schema**: uses `information_schema` guard and respects `--dry-run`; idempotent when schema is `public` or already present.
 ## Application Tasks
 - **initialize_schema**: relies on SQLAlchemy `create_all(checkfirst=True)`; repeatable. Dry-run output remains descriptive.
 - **run_migrations**: new baseline workflow applies `000_base.sql` once and records legacy scripts as applied. Subsequent runs detect the baseline in `schema_migrations` and skip reapplication.
 ## Seeding
 - `seed_baseline_data` seeds currencies and measurement units with upsert logic. Verification now raises on missing data, preventing silent failures.
 - Running `--seed-data` repeatedly performs `ON CONFLICT` updates, making the operation safe.
 ## Outstanding Risks
 1. Baseline migration relies on legacy files being present when first executed; if removed beforehand, old entries are never marked. (Low risk given repository state.)
 2. `ensure_database` and `ensure_role` do not wrap SQL execution errors with additional context beyond psycopg2 messages.
 3. Baseline verification assumes migrations and seeding run in the same process; manual runs of `scripts/seed_data.py` without the baseline could still fail.
 ## Recommended Actions
 - Add regression tests ensuring repeated executions of key CLI paths (`--run-migrations`, `--seed-data`) result in no-op behaviour after the first run.
 - Extend logging/error handling for admin operations to provide clearer messages on repeated failures.
 - Consider a preflight check when migrations directory lacks legacy files but baseline is pending, warning about potential drift.
--- a/docs/logging_audit.md
+++ b/docs/logging_audit.md
@@ -1,29 +0,0 @@
 # Setup Script Logging Audit (2025-10-25)
 The following observations capture current logging behaviour in `scripts/setup_database.py` and highlight areas requiring improved error handling and messaging.
 ## Connection Validation
 - `validate_admin_connection` and `validate_application_connection` log entry/exit messages and raise `RuntimeError` with context if connection fails. This coverage is sufficient.
 - `ensure_database` logs creation states but does not surface connection or SQL exceptions beyond the initial connection acquisition. When the inner `cursor.execute` calls fail, the exceptions bubble without contextual logging.
 ## Migration Runner
 - Lists pending migrations and logs each application attempt.
 - When the baseline is pending, the script logs whether it is a dry-run or live application and records legacy file marking. However, if `_apply_migration_file` raises an exception, the caller re-raises after logging the failure; there is no wrapping message guiding users toward manual cleanup.
 - Legacy migration marking happens silently (just info logs). Failures during the insert into `schema_migrations` would currently propagate without added guidance.
 ## Seeding Workflow
 - `seed_baseline_data` announces each seeding phase and skips verification in dry-run mode with a log breadcrumb.
 - `_verify_seeded_data` warns about missing currencies/units and inactive defaults but does **not** raise errors, meaning CI can pass while the database is incomplete. There is no explicit log when verification succeeds.
 - `_seed_units` logs when the `measurement_unit` table is missing, which is helpful, but the warning is the only feedback; no exception is raised.
 ## Suggested Enhancements
 1. Wrap baseline application and legacy marking in `try/except` blocks that log actionable remediation steps before re-raising.
 2. Promote seed verification failures (missing or inactive records) to exceptions so automated workflows fail fast; add success logs for clarity.
 3. Add contextual logging around currency/measurement-unit insert failures, particularly around `execute_values` calls, to aid debugging malformed data.
 4. Introduce structured logging (log codes or phases) for major steps (`CONNECT`, `MIGRATE`, `SEED`, `VERIFY`) to make scanning log files easier.
 These findings inform the remaining TODO subtasks for enhanced error handling.
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -1,241 +1,87 @@
-# Quickstart & Expanded Project Documentation
+# Developer Quickstart
-This document contains the expanded development, usage, testing, and migration guidance moved out of the top-level README for brevity.
+- [Developer Quickstart](#developer-quickstart)
  - [Development](#development)
    - [User Interface](#user-interface)
    - [Testing](#testing)
  - [Staging](#staging)
  - [Deployment](#deployment)
    - [Using Docker Compose](#using-docker-compose)
    - [Manual Docker Deployment](#manual-docker-deployment)
    - [Database Deployment \& Migrations](#database-deployment--migrations)
  - [Usage Overview](#usage-overview)
    - [Theme configuration](#theme-configuration)
  - [Where to look next](#where-to-look-next)
 This document provides a quickstart guide for developers to set up and run the CalMiner application locally.
 ## Development
-To get started locally:
+See [Development Setup](docs/developer/development_setup.md).
-```powershell
+### User Interface
 # Clone the repository
 git clone https://git.allucanget.biz/allucanget/calminer.git
 cd calminer
-# Create and activate a virtual environment
+There is a dedicated [UI and Style](docs/developer/ui_and_style.md) guide for frontend contributors.
 python -m venv .venv
 .\.venv\Scripts\Activate.ps1
-# Install dependencies
+### Testing
 pip install -r requirements.txt
-# Start the development server
+Testing is described in the [Testing CI](docs/architecture/07_deployment/07_01_testing_ci.md) document.
-uvicorn main:app --reload
+
 ## Staging
 Staging environment setup is covered in [Staging Environment Setup](docs/developer/staging_environment_setup.md).
 ## Deployment
 The application can be deployed using Docker containers.
 ### Using Docker Compose
 For production deployment, use the provided `docker-compose.yml`:
 ```bash
 docker-compose up -d
 ```
-## Docker-based setup
+This starts the FastAPI app and PostgreSQL database.
-To build and run the application using Docker instead of a local Python environment:
+### Manual Docker Deployment
-```powershell
+Build and run the container manually:
 # Build the application image (multi-stage build keeps runtime small)
 docker build -t calminer:latest .
-# Start the container on port 8000
+```bash
-docker run --rm -p 8000:8000 calminer:latest
+docker build -t calminer .
-
+docker run -d -p 8000:8000 \
-# Supply environment variables (e.g., Postgres connection)
+  -e DATABASE_HOST=your-postgres-host \
-docker run --rm -p 8000:8000 ^
+  -e DATABASE_USER=calminer \
-  -e DATABASE_DRIVER="postgresql" ^
+  -e DATABASE_PASSWORD=your-password \
-  -e DATABASE_HOST="db.host" ^
+  -e DATABASE_NAME=calminer_db \
-  -e DATABASE_PORT="5432" ^
+  calminer
  -e DATABASE_USER="calminer" ^
  -e DATABASE_PASSWORD="s3cret" ^
  -e DATABASE_NAME="calminer" ^
  -e DATABASE_SCHEMA="public" ^
  calminer:latest
 ```
-If you maintain a Postgres or Redis dependency locally, consider authoring a `docker compose` stack that pairs them with the app container. The Docker image expects the database to be reachable and migrations executed before serving traffic.
+Ensure the database is set up and migrated before running.
 ### Database Deployment & Migrations
 See the [Database Deployment & Migrations](docs/architecture/07_deployment/07_02_database_deployment_migrations.md) document for details on database deployment and migration strategies.
 ## Usage Overview
 - **Run the application**: Follow the [Development Setup](docs/developer/development_setup.md) to get the application running locally.
 - **Access the UI**: Open your web browser and navigate to `http://localhost:8000/ui` to access the user interface.
 - **API base URL**: `http://localhost:8000/api`
- Key routes include creating scenarios, parameters, costs, consumption, production, equipment, maintenance, and reporting summaries. See the `routes/` directory for full details.
+  - Key routes include creating scenarios, parameters, costs, consumption, production, equipment, maintenance, and reporting summaries. See the `routes/` directory for full details.
 - **UI base URL**: `http://localhost:8000/ui`
-## Dashboard Preview
+### Theme configuration
-1. Start the FastAPI server and navigate to `/`.
+Theming is laid out in [Theming](docs/architecture/05_03_theming.md).
 2. Review the headline metrics, scenario snapshot table, and cost/activity charts sourced from the current database state.
 3. Use the "Refresh Dashboard" button to pull freshly aggregated data via `/ui/dashboard/data` without reloading the page.
 ## Testing
 Run the unit test suite:
 ```powershell
 pytest
 ```
 E2E tests use Playwright and a session-scoped `live_server` fixture that starts the app at `http://localhost:8001` for browser-driven tests.
 ## Migrations & Baseline
 A consolidated baseline migration (`scripts/migrations/000_base.sql`) captures all schema changes required for a fresh installation. The script is idempotent: it creates the `currency` and `measurement_unit` reference tables, ensures consumption and production records expose unit metadata, and enforces the foreign keys used by CAPEX and OPEX.
 Configure granular database settings in your PowerShell session before running migrations:
 ```powershell
 $env:DATABASE_DRIVER = 'postgresql'
 $env:DATABASE_HOST = 'localhost'
 $env:DATABASE_PORT = '5432'
 $env:DATABASE_USER = 'calminer'
 $env:DATABASE_PASSWORD = 's3cret'
 $env:DATABASE_NAME = 'calminer'
 $env:DATABASE_SCHEMA = 'public'
 python scripts/setup_database.py --run-migrations --seed-data --dry-run
 python scripts/setup_database.py --run-migrations --seed-data
 ```
 The dry-run invocation reports which steps would execute without making changes. The live run applies the baseline (if not already recorded in `schema_migrations`) and seeds the reference data relied upon by the UI and API.
 > ℹ️ The application still accepts `DATABASE_URL` as a fallback if the granular variables are not set.
 ## Database bootstrap workflow
 Provision or refresh a database instance with `scripts/setup_database.py`. Populate the required environment variables (an example lives at `config/setup_test.env.example`) and run:
 ```powershell
 # Load test credentials (PowerShell)
 Get-Content .\config\setup_test.env.example |
  ForEach-Object {
    if ($_ -and -not $_.StartsWith('#')) {
      $name, $value = $_ -split '=', 2
      Set-Item -Path Env:$name -Value $value
    }
  }
 # Dry-run to inspect the planned actions
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data --dry-run -v
 # Execute the full workflow
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data -v
 ```
 Typical log output confirms:
 - Admin and application connections succeed for the supplied credentials.
 - Database and role creation are idempotent (`already present` when rerun).
 - SQLAlchemy metadata either reports missing tables or `All tables already exist`.
 - Migrations list pending files and finish with `Applied N migrations` (a new database reports `Applied 1 migrations` for `000_base.sql`).
 After a successful run the target database contains all application tables plus `schema_migrations`, and that table records each applied migration file. New installations only record `000_base.sql`; upgraded environments retain historical entries alongside the baseline.
 ### Local Postgres via Docker Compose
 For local validation without installing Postgres directly, use the provided compose file:
 ```powershell
 docker compose -f docker-compose.postgres.yml up -d
 ```
 #### Summary
 1. Start the Postgres container with `docker compose -f docker-compose.postgres.yml up -d`.
 2. Export the granular database environment variables (host `127.0.0.1`, port `5433`, database `calminer_local`, user/password `calminer`/`secret`).
 3. Run the setup script twice: first with `--dry-run` to preview actions, then without it to apply changes.
 4. When finished, stop and optionally remove the container/volume using `docker compose -f docker-compose.postgres.yml down`.
 The service exposes Postgres 16 on `localhost:5433` with database `calminer_local` and role `calminer`/`secret`. When the container is running, set the granular environment variables before invoking the setup script:
 ```powershell
 $env:DATABASE_DRIVER = 'postgresql'
 $env:DATABASE_HOST = '127.0.0.1'
 $env:DATABASE_PORT = '5433'
 $env:DATABASE_USER = 'calminer'
 $env:DATABASE_PASSWORD = 'secret'
 $env:DATABASE_NAME = 'calminer_local'
 $env:DATABASE_SCHEMA = 'public'
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data --dry-run -v
 python scripts/setup_database.py --ensure-database --ensure-role --ensure-schema --initialize-schema --run-migrations --seed-data -v
 ```
 When testing is complete, shut down the container (and optional persistent volume) with:
 ```powershell
 docker compose -f docker-compose.postgres.yml down
 docker volume rm calminer_postgres_local_postgres_data  # optional cleanup
 ```
 Document successful runs (or issues encountered) in `.github/instructions/DONE.TODO.md` for future reference.
 ### Seeding reference data
 `scripts/seed_data.py` provides targeted control over the baseline datasets when the full setup script is not required:
 ```powershell
 python scripts/seed_data.py --currencies --units --dry-run
 python scripts/seed_data.py --currencies --units
 ```
 The seeder upserts the canonical currency catalog (`USD`, `EUR`, `CLP`, `RMB`, `GBP`, `CAD`, `AUD`) using ASCII-safe symbols (`USD$`, `EUR`, etc.) and the measurement units referenced by the UI (`tonnes`, `kilograms`, `pounds`, `liters`, `cubic_meters`, `kilowatt_hours`). The setup script invokes the same seeder when `--seed-data` is provided and verifies the expected rows afterward, warning if any are missing or inactive.
 ### Rollback guidance
 `scripts/setup_database.py` now tracks compensating actions when it creates the database or application role. If a later step fails, the script replays those rollback actions (dropping the newly created database or role and revoking grants) before exiting. Dry runs never register rollback steps and remain read-only.
 If the script reports that some rollback steps could not complete—for example because a connection cannot be established—rerun the script with `--dry-run` to confirm the desired end state and then apply the outstanding cleanup manually:
 ```powershell
 python scripts/setup_database.py --ensure-database --ensure-role --dry-run -v
 # Manual cleanup examples when automation cannot connect
 psql -d postgres -c "DROP DATABASE IF EXISTS calminer"
 psql -d postgres -c "DROP ROLE IF EXISTS calminer"
 ```
 After a failure and rollback, rerun the full setup once the environment issues are resolved.
 ### CI pipeline environment
 The `.gitea/workflows/test.yml` job spins up a temporary PostgreSQL 16 container and runs the setup script twice: once with `--dry-run` to validate the plan and again without it to apply migrations and seeds. No external secrets are required; the workflow sets the following environment variables for both invocations and for pytest:
 | Variable | Value | Purpose |
 | --- | --- | --- |
 | `DATABASE_DRIVER` | `postgresql` | Signals the driver to the setup script |
 | `DATABASE_HOST` | `postgres` | Hostname of the Postgres job service container |
 | `DATABASE_PORT` | `5432` | Default service port |
 | `DATABASE_NAME` | `calminer_ci` | Target database created by the workflow |
 | `DATABASE_USER` | `calminer` | Application role used during tests |
 | `DATABASE_PASSWORD` | `secret` | Password for both admin and app role |
 | `DATABASE_SCHEMA` | `public` | Default schema for the tests |
 | `DATABASE_SUPERUSER` | `calminer` | Setup script uses the same role for admin actions |
 | `DATABASE_SUPERUSER_PASSWORD` | `secret` | Matches the Postgres service password |
 | `DATABASE_SUPERUSER_DB` | `calminer_ci` | Database to connect to for admin operations |
 The workflow also updates `DATABASE_URL` for pytest to point at the CI Postgres instance. Existing tests continue to work unchanged, since SQLAlchemy reads the URL exactly as it does locally.
 Because the workflow provisions everything inline, no repository or organization secrets need to be configured for basic CI runs. If you later move the setup step to staging or production pipelines, replace these inline values with secrets managed by the CI platform. When running on self-hosted runners behind an HTTP proxy or apt cache, ensure Playwright dependencies and OS packages inherit the same proxy settings that the workflow configures prior to installing browsers.
 ### Staging environment workflow
 Use the staging checklist in `docs/staging_environment_setup.md` when running the setup script against the shared environment. A sample variable file (`config/setup_staging.env`) records the expected inputs (host, port, admin/application roles); copy it outside the repository or load the values securely via your shell before executing the workflow.
 Recommended execution order:
 1. Dry run with `--dry-run -v` to confirm connectivity and review planned operations. Capture the output to `reports/setup_staging_dry_run.log` (or similar) for auditing.
 2. Execute the live run with the same flags minus `--dry-run` to provision the database, role grants, migrations, and seed data. Save the log as `reports/setup_staging_apply.log`.
 3. Repeat the dry run to verify idempotency and record the result (for example `reports/setup_staging_post_apply.log`).
 Record any issues in `.github/instructions/TODO.md` or `.github/instructions/DONE.TODO.md` as appropriate so the team can track follow-up actions.
 ## Database Objects
 The database contains tables such as `capex`, `opex`, `chemical_consumption`, `fuel_consumption`, `water_consumption`, `scrap_consumption`, `production_output`, `equipment_operation`, `ore_batch`, `exchange_rate`, and `simulation_result`.
 ## Current implementation status (2025-10-21)
 - Currency normalization: a `currency` table and backfill scripts exist; routes accept `currency_id` and `currency_code` for compatibility.
 - Simulation engine: scaffolding in `services/simulation.py` and `/api/simulations/run` return in-memory results; persistence to `models/simulation_result` is planned.
 - Reporting: `services/reporting.py` provides summary statistics used by `POST /api/reporting/summary`.
 - Tests & coverage: unit and E2E suites exist; recent local coverage is >90%.
 - Remaining work: authentication, persist simulation runs, CI/CD and containerization.
 ## Where to look next
 - Architecture overview & chapters: [architecture](architecture/README.md) (per-chapter files under `docs/architecture/`)
- [Testing & CI](architecture/14_testing_ci.md)
+- [Testing & CI](architecture/07_deployment/07_01_testing_ci.md.md)
- [Development setup](architecture/15_development_setup.md)
+- [Development setup](developer/development_setup.md)
 - Implementation plan & roadmap: [Solution strategy](architecture/04_solution_strategy.md)
 - Routes: [routes](../routes/)
 - Services: [services](../services/)
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -0,0 +1,37 @@
 # Roadmap
 ## Overview
 ## Scenario Enhancements
 For each scenario, the goal is to evaluate financial viability, operational efficiency, and risk factors associated with the mining project. This data is used to perform calculations, generate reports, and visualize results through charts and dashboards, enabling users to make informed decisions based on comprehensive analysis.
 ### Scenario & Data Management
 Scenarios are the core organizational unit within CalMiner, allowing users to create, manage, and analyze different mining project configurations. Each scenario encapsulates a unique set of parameters and data inputs that define the mining operation being modeled.
 #### Scenario Creation
 Users can create new scenarios by providing a unique name and description. The system will generate a new scenario with default parameters, which can be customized later.
 #### Scenario Management
 Users can manage existing scenarios by modifying their parameters, adding new data inputs, or deleting them as needed.
 #### Data Inputs
 Users can define and manage various data inputs for each scenario, including:
 - **Geological Data**: Input data related to the geological characteristics of the mining site.
 - **Operational Parameters**: Define parameters such as mining methods, equipment specifications, and workforce details.
 - **Financial Data**: Input cost structures, revenue models, and financial assumptions.
 - **Environmental Data**: Include data related to environmental impact, regulations, and sustainability practices.
 - **Technical Data**: Specify technical parameters such as ore grades, recovery rates, and processing methods.
 - **Social Data**: Incorporate social impact assessments, community engagement plans, and stakeholder analysis.
 - **Regulatory Data**: Include data related to legal and regulatory requirements, permits, and compliance measures.
 - **Market Data**: Input market conditions, commodity prices, and economic indicators that may affect the mining operation.
 - **Risk Data**: Define risk factors, probabilities, and mitigation strategies for the mining project.
 - **Logistical Data**: Include data related to transportation, supply chain management, and infrastructure requirements.
 - **Maintenance Data**: Input maintenance schedules, costs, and equipment reliability metrics.
 - **Human Resources Data**: Define workforce requirements, training programs, and labor costs.
 - **Health and Safety Data**: Include data related to workplace safety protocols, incident rates, and health programs.
--- a/docs/seed_data_plan.md
+++ b/docs/seed_data_plan.md
@@ -1,78 +0,0 @@
 # Baseline Seed Data Plan
 This document captures the datasets that should be present in a fresh CalMiner installation and the structure required to manage them through `scripts/seed_data.py`.
 ## Currency Catalog
 The `currency` table already exists and is seeded today via `scripts/seed_data.py`. The goal is to keep the canonical list in one place and ensure the default currency (USD) is always active.
 | Code | Name                | Symbol | Notes                                    |
 | ---- | ------------------- | ------ | ---------------------------------------- |
 | USD  | US Dollar           | $      | Default currency (`DEFAULT_CURRENCY_CODE`) |
 | EUR  | Euro                | EUR symbol |                                        |
 | CLP  | Chilean Peso        | $      |                                          |
 | RMB  | Chinese Yuan        | RMB symbol |                                        |
 | GBP  | British Pound       | GBP symbol |                                        |
 | CAD  | Canadian Dollar     | $      |                                          |
 | AUD  | Australian Dollar   | $      |                                          |
 Seeding behaviour:
 - Upsert by ISO code; keep existing name/symbol when updated manually.
 - Ensure `is_active` remains true for USD and defaults to true for new rows.
 - Defer to runtime validation in `routes.currencies` for enforcing default behaviour.
 ## Measurement Units
 UI routes (`routes/ui.py`) currently rely on the in-memory `MEASUREMENT_UNITS` list to populate dropdowns for consumption and production forms. To make this configurable and available to the API, introduce a dedicated `measurement_unit` table and seed it.
 Proposed schema:
 | Column        | Type           | Notes                                |
 | ------------- | -------------- | ------------------------------------ |
 | id            | SERIAL / BIGINT | Primary key.                         |
 | code          | TEXT           | Stable slug (e.g. `tonnes`). Unique. |
 | name          | TEXT           | Display label.                       |
 | symbol        | TEXT           | Short symbol (nullable).             |
 | unit_type     | TEXT           | Category (`mass`, `volume`, `energy`).|
 | is_active     | BOOLEAN        | Default `true` for soft disabling.   |
 | created_at    | TIMESTAMP      | Optional `NOW()` default.            |
 | updated_at    | TIMESTAMP      | Optional `NOW()` trigger/default.    |
 Initial seed set (mirrors existing UI list plus type categorisation):
 | Code            | Name             | Symbol | Unit Type |
 | --------------- | ---------------- | ------ | --------- |
 | tonnes          | Tonnes           | t      | mass      |
 | kilograms       | Kilograms        | kg     | mass      |
 | pounds          | Pounds           | lb     | mass      |
 | liters          | Liters           | L      | volume    |
 | cubic_meters    | Cubic Meters     | m3     | volume    |
 | kilowatt_hours  | Kilowatt Hours   | kWh    | energy    |
 Seeding behaviour:
 - Upsert rows by `code`.
 - Preserve `unit_type` and `symbol` unless explicitly changed via administration tooling.
 - Continue surfacing unit options to the UI by querying this table instead of the static constant.
 ## Default Settings
 The application expects certain defaults to exist:
 - **Default currency**: enforced by `routes.currencies._ensure_default_currency`; ensure seeds keep USD active.
 - **Fallback measurement unit**: UI currently auto-selects the first option in the list. Once units move to the database, expose an application setting to choose a fallback (future work tracked under "Application Settings management").
 ## Seeding Structure Updates
 To support the datasets above:
 1. Extend `scripts/seed_data.py` with a `SeedDataset` registry so each dataset (currencies, units, future defaults) can declare its loader/upsert function and optional dependencies.
 2. Add a `--dataset` CLI selector for targeted seeding while keeping `--all` as the default for `setup_database.py` integrations.
 3. Update `scripts/setup_database.py` to:
   - Run migration ensuring `measurement_unit` table exists.
   - Execute the unit seeder after currencies when `--seed-data` is supplied.
   - Verify post-seed counts, logging which dataset was inserted/updated.
 4. Adjust UI routes to load measurement units from the database and remove the hard-coded list once the table is available.
 This plan aligns with the TODO item for seeding initial data and lays the groundwork for consolidating migrations around a single baseline file that introduces both the schema and seed data in an idempotent manner.
--- a/main.py
+++ b/main.py
@@ -16,6 +16,8 @@ from routes.reporting import router as reporting_router
 from routes.currencies import router as currencies_router
 from routes.simulations import router as simulations_router
 from routes.maintenance import router as maintenance_router
 from routes.settings import router as settings_router
 from routes.users import router as users_router
 # Initialize database schema
 Base.metadata.create_all(bind=engine)
@@ -29,6 +31,12 @@ async def json_validation(
 ) -> Response:
    return await validate_json(request, call_next)
@app.get("/health", summary="Container health probe")
 async def health() -> dict[str, str]:
    return {"status": "ok"}
 app.mount("/static", StaticFiles(directory="static"), name="static")
 # Include API routers
@@ -43,4 +51,6 @@ app.include_router(equipment_router)
 app.include_router(maintenance_router)
 app.include_router(reporting_router)
 app.include_router(currencies_router)
 app.include_router(settings_router)
 app.include_router(ui_router)
 app.include_router(users_router)
--- a/middleware/validation.py
+++ b/middleware/validation.py
@@ -4,7 +4,10 @@ from fastapi import HTTPException, Request, Response
 MiddlewareCallNext = Callable[[Request], Awaitable[Response]]
-async def validate_json(request: Request, call_next: MiddlewareCallNext) -> Response:
+
 async def validate_json(
    request: Request, call_next: MiddlewareCallNext
 ) -> Response:
    # Only validate JSON for requests with a body
    if request.method in ("POST", "PUT", "PATCH"):
        try:
--- a/models/init.py
+++ b/models/init.py
@@ -1,5 +1,10 @@
 """
-models package initializer. Import the currency model so it's registered
+models package initializer. Import key models so they're registered
 with the shared Base.metadata when the package is imported by tests.
 """
 from . import application_setting  # noqa: F401
 from . import currency  # noqa: F401
 from . import role  # noqa: F401
 from . import user  # noqa: F401
 from . import theme_setting  # noqa: F401
--- a/models/application_setting.py
+++ b/models/application_setting.py
@@ -0,0 +1,38 @@
 from datetime import datetime
 from typing import Optional
 from sqlalchemy import Boolean, DateTime, String, Text
 from sqlalchemy.orm import Mapped, mapped_column
 from sqlalchemy.sql import func
 from config.database import Base
 class ApplicationSetting(Base):
    __tablename__ = "application_setting"
    id: Mapped[int] = mapped_column(primary_key=True, index=True)
    key: Mapped[str] = mapped_column(String(128), unique=True, nullable=False)
    value: Mapped[str] = mapped_column(Text, nullable=False)
    value_type: Mapped[str] = mapped_column(
        String(32), nullable=False, default="string"
    )
    category: Mapped[str] = mapped_column(
        String(32), nullable=False, default="general"
    )
    description: Mapped[Optional[str]] = mapped_column(Text, nullable=True)
    is_editable: Mapped[bool] = mapped_column(
        Boolean, nullable=False, default=True
    )
    created_at: Mapped[datetime] = mapped_column(
        DateTime(timezone=True), server_default=func.now(), nullable=False
    )
    updated_at: Mapped[datetime] = mapped_column(
        DateTime(timezone=True),
        server_default=func.now(),
        onupdate=func.now(),
        nullable=False,
    )
    def __repr__(self) -> str:
        return f"<ApplicationSetting key={self.key} category={self.category}>"
--- a/models/capex.py
+++ b/models/capex.py
@@ -29,8 +29,9 @@ class Capex(Base):
    @currency_code.setter
    def currency_code(self, value: str) -> None:
        # store pending code so application code or migrations can pick it up
-        setattr(self, "_currency_code_pending",
+        setattr(
-                (value or "USD").strip().upper())
+            self, "_currency_code_pending", (value or "USD").strip().upper()
        )
 # SQLAlchemy event handlers to ensure currency_id is set before insert/update
@@ -42,22 +43,27 @@ def _resolve_currency(mapper, connection, target):
        return
    code = getattr(target, "_currency_code_pending", None) or "USD"
    # Try to find existing currency id
-    row = connection.execute(text("SELECT id FROM currency WHERE code = :code"), {
+    row = connection.execute(
-                             "code": code}).fetchone()
+        text("SELECT id FROM currency WHERE code = :code"), {"code": code}
    ).fetchone()
    if row:
        cid = row[0]
    else:
        # Insert new currency and attempt to get lastrowid
        res = connection.execute(
-            text("INSERT INTO currency (code, name, symbol, is_active) VALUES (:code, :name, :symbol, :active)"),
+            text(
                "INSERT INTO currency (code, name, symbol, is_active) VALUES (:code, :name, :symbol, :active)"
            ),
            {"code": code, "name": code, "symbol": None, "active": True},
        )
        try:
            cid = res.lastrowid
        except Exception:
            # fallback: select after insert
-            cid = connection.execute(text("SELECT id FROM currency WHERE code = :code"), {
+            cid = connection.execute(
-                                     "code": code}).scalar()
+                text("SELECT id FROM currency WHERE code = :code"),
                {"code": code},
            ).scalar()
    target.currency_id = cid
--- a/models/currency.py
+++ b/models/currency.py
@@ -14,8 +14,11 @@ class Currency(Base):
    # reverse relationships (optional)
    capex_items = relationship(
-        "Capex", back_populates="currency", lazy="select")
+        "Capex", back_populates="currency", lazy="select"
    )
    opex_items = relationship("Opex", back_populates="currency", lazy="select")
    def __repr__(self):
-        return f"<Currency code={self.code} name={self.name} symbol={self.symbol}>"
+        return (
            f"<Currency code={self.code} name={self.name} symbol={self.symbol}>"
        )
--- a/models/opex.py
+++ b/models/opex.py
@@ -28,28 +28,34 @@ class Opex(Base):
    @currency_code.setter
    def currency_code(self, value: str) -> None:
-        setattr(self, "_currency_code_pending",
+        setattr(
-                (value or "USD").strip().upper())
+            self, "_currency_code_pending", (value or "USD").strip().upper()
        )
 def _resolve_currency_opex(mapper, connection, target):
    if getattr(target, "currency_id", None):
        return
    code = getattr(target, "_currency_code_pending", None) or "USD"
-    row = connection.execute(text("SELECT id FROM currency WHERE code = :code"), {
+    row = connection.execute(
-                             "code": code}).fetchone()
+        text("SELECT id FROM currency WHERE code = :code"), {"code": code}
    ).fetchone()
    if row:
        cid = row[0]
    else:
        res = connection.execute(
-            text("INSERT INTO currency (code, name, symbol, is_active) VALUES (:code, :name, :symbol, :active)"),
+            text(
                "INSERT INTO currency (code, name, symbol, is_active) VALUES (:code, :name, :symbol, :active)"
            ),
            {"code": code, "name": code, "symbol": None, "active": True},
        )
        try:
            cid = res.lastrowid
        except Exception:
-            cid = connection.execute(text("SELECT id FROM currency WHERE code = :code"), {
+            cid = connection.execute(
-                                     "code": code}).scalar()
+                text("SELECT id FROM currency WHERE code = :code"),
                {"code": code},
            ).scalar()
    target.currency_id = cid
--- a/models/parameters.py
+++ b/models/parameters.py
@@ -10,14 +10,17 @@ class Parameter(Base):
    id: Mapped[int] = mapped_column(primary_key=True, index=True)
    scenario_id: Mapped[int] = mapped_column(
-        ForeignKey("scenario.id"), nullable=False)
+        ForeignKey("scenario.id"), nullable=False
    )
    name: Mapped[str] = mapped_column(nullable=False)
    value: Mapped[float] = mapped_column(nullable=False)
    distribution_id: Mapped[Optional[int]] = mapped_column(
-        ForeignKey("distribution.id"), nullable=True)
+        ForeignKey("distribution.id"), nullable=True
    )
    distribution_type: Mapped[Optional[str]] = mapped_column(nullable=True)
    distribution_parameters: Mapped[Optional[Dict[str, Any]]] = mapped_column(
-        JSON, nullable=True)
+        JSON, nullable=True
    )
    scenario = relationship("Scenario", back_populates="parameters")
    distribution = relationship("Distribution")
--- a/models/production_output.py
+++ b/models/production_output.py
@@ -14,7 +14,8 @@ class ProductionOutput(Base):
    unit_symbol = Column(String(16), nullable=True)
    scenario = relationship(
-        "Scenario", back_populates="production_output_items")
+        "Scenario", back_populates="production_output_items"
    )
    def __repr__(self):
        return (
--- a/models/role.py
+++ b/models/role.py
@@ -0,0 +1,13 @@
 from sqlalchemy import Column, Integer, String
 from sqlalchemy.orm import relationship
 from config.database import Base
 class Role(Base):
    __tablename__ = "roles"
    id = Column(Integer, primary_key=True, index=True)
    name = Column(String, unique=True, index=True)
    users = relationship("User", back_populates="role")
--- a/models/scenario.py
+++ b/models/scenario.py
@@ -20,19 +20,16 @@ class Scenario(Base):
    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
    parameters = relationship("Parameter", back_populates="scenario")
    simulation_results = relationship(
-        SimulationResult, back_populates="scenario")
+        SimulationResult, back_populates="scenario"
-    capex_items = relationship(
+    )
-        Capex, back_populates="scenario")
+    capex_items = relationship(Capex, back_populates="scenario")
-    opex_items = relationship(
+    opex_items = relationship(Opex, back_populates="scenario")
-        Opex, back_populates="scenario")
+    consumption_items = relationship(Consumption, back_populates="scenario")
    consumption_items = relationship(
        Consumption, back_populates="scenario")
    production_output_items = relationship(
-        ProductionOutput, back_populates="scenario")
+        ProductionOutput, back_populates="scenario"
-    equipment_items = relationship(
+    )
-        Equipment, back_populates="scenario")
+    equipment_items = relationship(Equipment, back_populates="scenario")
-    maintenance_items = relationship(
+    maintenance_items = relationship(Maintenance, back_populates="scenario")
        Maintenance, back_populates="scenario")
    # relationships can be defined later
    def __repr__(self):
--- a/models/theme_setting.py
+++ b/models/theme_setting.py
@@ -0,0 +1,15 @@
 from sqlalchemy import Column, Integer, String
 from config.database import Base
 class ThemeSetting(Base):
    __tablename__ = "theme_settings"
    id = Column(Integer, primary_key=True, index=True)
    theme_name = Column(String, unique=True, index=True)
    primary_color = Column(String)
    secondary_color = Column(String)
    accent_color = Column(String)
    background_color = Column(String)
    text_color = Column(String)
--- a/models/user.py
+++ b/models/user.py
@@ -0,0 +1,23 @@
 from sqlalchemy import Column, Integer, String, ForeignKey
 from sqlalchemy.orm import relationship
 from config.database import Base
 from services.security import get_password_hash, verify_password
 class User(Base):
    __tablename__ = "users"
    id = Column(Integer, primary_key=True, index=True)
    username = Column(String, unique=True, index=True)
    email = Column(String, unique=True, index=True)
    hashed_password = Column(String)
    role_id = Column(Integer, ForeignKey("roles.id"))
    role = relationship("Role", back_populates="users")
    def set_password(self, password: str):
        self.hashed_password = get_password_hash(password)
    def check_password(self, password: str) -> bool:
        return verify_password(password, str(self.hashed_password))
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,16 @@
 [tool.black]
 line-length = 80
 target-version = ['py310']
 include = '\\.pyi?$'
 exclude = '''
 /(
  .git
  | .hg
  | .mypy_cache
  | .tox
  | .venv
  | build
  | dist
 )/
 '''
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -0,0 +1 @@
 black
--- a/requirements-test.txt
+++ b/requirements-test.txt
@@ -1,5 +1,7 @@
 playwright
 pytest
 pytest-cov
 pytest-httpx
 playwright
 pytest-playwright
 python-jose
 ruff
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,5 @@
 fastapi
 pydantic>=2.0,<3.0
 uvicorn
 sqlalchemy
 psycopg2-binary
@@ -7,3 +8,5 @@ httpx
 jinja2
 pandas
 numpy
 passlib
 python-jose
--- a/routes/consumption.py
+++ b/routes/consumption.py
@@ -36,7 +36,9 @@ class ConsumptionRead(ConsumptionBase):
    model_config = ConfigDict(from_attributes=True)
-@router.post("/", response_model=ConsumptionRead, status_code=status.HTTP_201_CREATED)
+@router.post(
    "/", response_model=ConsumptionRead, status_code=status.HTTP_201_CREATED
 )
 def create_consumption(item: ConsumptionCreate, db: Session = Depends(get_db)):
    db_item = Consumption(**item.model_dump())
    db.add(db_item)
--- a/routes/costs.py
+++ b/routes/costs.py
@@ -73,7 +73,8 @@ def create_capex(item: CapexCreate, db: Session = Depends(get_db)):
    if not cid:
        code = (payload.pop("currency_code", "USD") or "USD").strip().upper()
        currency_cls = __import__(
-            "models.currency", fromlist=["Currency"]).Currency
+            "models.currency", fromlist=["Currency"]
        ).Currency
        currency = db.query(currency_cls).filter_by(code=code).one_or_none()
        if currency is None:
            currency = currency_cls(code=code, name=code, symbol=None)
@@ -100,7 +101,8 @@ def create_opex(item: OpexCreate, db: Session = Depends(get_db)):
    if not cid:
        code = (payload.pop("currency_code", "USD") or "USD").strip().upper()
        currency_cls = __import__(
-            "models.currency", fromlist=["Currency"]).Currency
+            "models.currency", fromlist=["Currency"]
        ).Currency
        currency = db.query(currency_cls).filter_by(code=code).one_or_none()
        if currency is None:
            currency = currency_cls(code=code, name=code, symbol=None)
--- a/routes/currencies.py
+++ b/routes/currencies.py
@@ -1,4 +1,4 @@
-from typing import Dict, List, Optional
+from typing import List, Optional
 from fastapi import APIRouter, Depends, HTTPException, Query, status
 from pydantic import BaseModel, ConfigDict, Field, field_validator
@@ -97,20 +97,20 @@ def _ensure_default_currency(db: Session) -> Currency:
 def _get_currency_or_404(db: Session, code: str) -> Currency:
    normalized = code.strip().upper()
    currency = (
-        db.query(Currency)
+        db.query(Currency).filter(Currency.code == normalized).one_or_none()
        .filter(Currency.code == normalized)
        .one_or_none()
    )
    if currency is None:
        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="Currency not found")
+            status_code=status.HTTP_404_NOT_FOUND, detail="Currency not found"
        )
    return currency
@router.get("/", response_model=List[CurrencyRead])
 def list_currencies(
    include_inactive: bool = Query(
-        False, description="Include inactive currencies"),
+        False, description="Include inactive currencies"
    ),
    db: Session = Depends(get_db),
 ):
    _ensure_default_currency(db)
@@ -121,14 +121,12 @@ def list_currencies(
    return currencies
-@router.post("/", response_model=CurrencyRead, status_code=status.HTTP_201_CREATED)
+@router.post(
    "/", response_model=CurrencyRead, status_code=status.HTTP_201_CREATED
 )
 def create_currency(payload: CurrencyCreate, db: Session = Depends(get_db)):
    code = payload.code
-    existing = (
+    existing = db.query(Currency).filter(Currency.code == code).one_or_none()
        db.query(Currency)
        .filter(Currency.code == code)
        .one_or_none()
    )
    if existing is not None:
        raise HTTPException(
            status_code=status.HTTP_409_CONFLICT,
@@ -148,7 +146,9 @@ def create_currency(payload: CurrencyCreate, db: Session = Depends(get_db)):
@router.put("/{code}", response_model=CurrencyRead)
-def update_currency(code: str, payload: CurrencyUpdate, db: Session = Depends(get_db)):
+def update_currency(
    code: str, payload: CurrencyUpdate, db: Session = Depends(get_db)
 ):
    currency = _get_currency_or_404(db, code)
    if payload.name is not None:
@@ -175,7 +175,9 @@ def update_currency(code: str, payload: CurrencyUpdate, db: Session = Depends(ge
@router.patch("/{code}/activation", response_model=CurrencyRead)
-def toggle_currency_activation(code: str, body: CurrencyActivation, db: Session = Depends(get_db)):
+def toggle_currency_activation(
    code: str, body: CurrencyActivation, db: Session = Depends(get_db)
 ):
    currency = _get_currency_or_404(db, code)
    code_value = getattr(currency, "code")
    if code_value == DEFAULT_CURRENCY_CODE and body.is_active is False:
--- a/routes/distributions.py
+++ b/routes/distributions.py
@@ -22,7 +22,9 @@ class DistributionRead(DistributionCreate):
@router.post("/", response_model=DistributionRead)
-async def create_distribution(dist: DistributionCreate, db: Session = Depends(get_db)):
+async def create_distribution(
    dist: DistributionCreate, db: Session = Depends(get_db)
 ):
    db_dist = Distribution(**dist.model_dump())
    db.add(db_dist)
    db.commit()
--- a/routes/equipment.py
+++ b/routes/equipment.py
@@ -23,7 +23,9 @@ class EquipmentRead(EquipmentCreate):
@router.post("/", response_model=EquipmentRead)
-async def create_equipment(item: EquipmentCreate, db: Session = Depends(get_db)):
+async def create_equipment(
    item: EquipmentCreate, db: Session = Depends(get_db)
 ):
    db_item = Equipment(**item.model_dump())
    db.add(db_item)
    db.commit()
--- a/routes/maintenance.py
+++ b/routes/maintenance.py
@@ -34,8 +34,9 @@ class MaintenanceRead(MaintenanceBase):
 def _get_maintenance_or_404(db: Session, maintenance_id: int) -> Maintenance:
-    maintenance = db.query(Maintenance).filter(
+    maintenance = (
-        Maintenance.id == maintenance_id).first()
+        db.query(Maintenance).filter(Maintenance.id == maintenance_id).first()
    )
    if maintenance is None:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
@@ -44,8 +45,12 @@ def _get_maintenance_or_404(db: Session, maintenance_id: int) -> Maintenance:
    return maintenance
-@router.post("/", response_model=MaintenanceRead, status_code=status.HTTP_201_CREATED)
+@router.post(
-def create_maintenance(maintenance: MaintenanceCreate, db: Session = Depends(get_db)):
+    "/", response_model=MaintenanceRead, status_code=status.HTTP_201_CREATED
 )
 def create_maintenance(
    maintenance: MaintenanceCreate, db: Session = Depends(get_db)
 ):
    db_maintenance = Maintenance(**maintenance.model_dump())
    db.add(db_maintenance)
    db.commit()
@@ -54,7 +59,9 @@ def create_maintenance(maintenance: MaintenanceCreate, db: Session = Depends(get
@router.get("/", response_model=List[MaintenanceRead])
-def list_maintenance(skip: int = 0, limit: int = 100, db: Session = Depends(get_db)):
+def list_maintenance(
    skip: int = 0, limit: int = 100, db: Session = Depends(get_db)
 ):
    return db.query(Maintenance).offset(skip).limit(limit).all()
--- a/routes/parameters.py
+++ b/routes/parameters.py
@@ -30,12 +30,15 @@ class ParameterCreate(BaseModel):
            return None
        if normalized not in {"normal", "uniform", "triangular"}:
            raise ValueError(
-                "distribution_type must be normal, uniform, or triangular")
+                "distribution_type must be normal, uniform, or triangular"
            )
        return normalized
    @field_validator("distribution_parameters")
    @classmethod
-    def empty_dict_to_none(cls, value: Optional[Dict[str, Any]]) -> Optional[Dict[str, Any]]:
+    def empty_dict_to_none(
        cls, value: Optional[Dict[str, Any]]
    ) -> Optional[Dict[str, Any]]:
        if value is None:
            return None
        return value or None
@@ -45,6 +48,7 @@ class ParameterRead(ParameterCreate):
    id: int
    model_config = ConfigDict(from_attributes=True)
@router.post("/", response_model=ParameterRead)
 def create_parameter(param: ParameterCreate, db: Session = Depends(get_db)):
    scen = db.query(Scenario).filter(Scenario.id == param.scenario_id).first()
@@ -55,11 +59,15 @@ def create_parameter(param: ParameterCreate, db: Session = Depends(get_db)):
    distribution_parameters = param.distribution_parameters
    if distribution_id is not None:
-        distribution = db.query(Distribution).filter(
+        distribution = (
-            Distribution.id == distribution_id).first()
+            db.query(Distribution)
            .filter(Distribution.id == distribution_id)
            .first()
        )
        if not distribution:
            raise HTTPException(
-                status_code=404, detail="Distribution not found")
+                status_code=404, detail="Distribution not found"
            )
        distribution_type = distribution.distribution_type
        distribution_parameters = distribution.parameters or None
--- a/routes/production.py
+++ b/routes/production.py
@@ -36,8 +36,14 @@ class ProductionOutputRead(ProductionOutputBase):
    model_config = ConfigDict(from_attributes=True)
-@router.post("/", response_model=ProductionOutputRead, status_code=status.HTTP_201_CREATED)
+@router.post(
-def create_production(item: ProductionOutputCreate, db: Session = Depends(get_db)):
+    "/",
    response_model=ProductionOutputRead,
    status_code=status.HTTP_201_CREATED,
 )
 def create_production(
    item: ProductionOutputCreate, db: Session = Depends(get_db)
 ):
    db_item = ProductionOutput(**item.model_dump())
    db.add(db_item)
    db.commit()
--- a/routes/scenarios.py
+++ b/routes/scenarios.py
@@ -24,6 +24,7 @@ class ScenarioRead(ScenarioCreate):
    updated_at: Optional[datetime] = None
    model_config = ConfigDict(from_attributes=True)
@router.post("/", response_model=ScenarioRead)
 def create_scenario(scenario: ScenarioCreate, db: Session = Depends(get_db)):
    db_s = db.query(Scenario).filter(Scenario.name == scenario.name).first()
--- a/routes/settings.py
+++ b/routes/settings.py
@@ -0,0 +1,110 @@
 from typing import Dict, List
 from fastapi import APIRouter, Depends, HTTPException, status
 from pydantic import BaseModel, Field, model_validator
 from sqlalchemy.orm import Session
 from routes.dependencies import get_db
 from services.settings import (
    CSS_COLOR_DEFAULTS,
    get_css_color_settings,
    list_css_env_override_rows,
    read_css_color_env_overrides,
    update_css_color_settings,
    get_theme_settings,
    save_theme_settings,
 )
 router = APIRouter(prefix="/api/settings", tags=["Settings"])
 class CSSSettingsPayload(BaseModel):
    variables: Dict[str, str] = Field(default_factory=dict)
    @model_validator(mode="after")
    def _validate_allowed_keys(self) -> "CSSSettingsPayload":
        invalid = set(self.variables.keys()) - set(CSS_COLOR_DEFAULTS.keys())
        if invalid:
            invalid_keys = ", ".join(sorted(invalid))
            raise ValueError(
                f"Unsupported CSS variables: {invalid_keys}."
                " Accepted keys align with the default theme variables."
            )
        return self
 class EnvOverride(BaseModel):
    css_key: str
    env_var: str
    value: str
 class CSSSettingsResponse(BaseModel):
    variables: Dict[str, str]
    env_overrides: Dict[str, str] = Field(default_factory=dict)
    env_sources: List[EnvOverride] = Field(default_factory=list)
@router.get("/css", response_model=CSSSettingsResponse)
 def read_css_settings(db: Session = Depends(get_db)) -> CSSSettingsResponse:
    try:
        values = get_css_color_settings(db)
        env_overrides = read_css_color_env_overrides()
        env_sources = [
            EnvOverride(**row) for row in list_css_env_override_rows()
        ]
    except ValueError as exc:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=str(exc),
        ) from exc
    return CSSSettingsResponse(
        variables=values,
        env_overrides=env_overrides,
        env_sources=env_sources,
    )
@router.put(
    "/css", response_model=CSSSettingsResponse, status_code=status.HTTP_200_OK
 )
 def update_css_settings(
    payload: CSSSettingsPayload, db: Session = Depends(get_db)
 ) -> CSSSettingsResponse:
    try:
        values = update_css_color_settings(db, payload.variables)
        env_overrides = read_css_color_env_overrides()
        env_sources = [
            EnvOverride(**row) for row in list_css_env_override_rows()
        ]
    except ValueError as exc:
        raise HTTPException(
            status_code=status.HTTP_422_UNPROCESSABLE_CONTENT,
            detail=str(exc),
        ) from exc
    return CSSSettingsResponse(
        variables=values,
        env_overrides=env_overrides,
        env_sources=env_sources,
    )
 class ThemeSettings(BaseModel):
    theme_name: str
    primary_color: str
    secondary_color: str
    accent_color: str
    background_color: str
    text_color: str
@router.post("/theme")
 async def update_theme(theme_data: ThemeSettings, db: Session = Depends(get_db)):
    data_dict = theme_data.model_dump()
    save_theme_settings(db, data_dict)
    return {"message": "Theme updated", "theme": data_dict}
@router.get("/theme")
 async def get_theme(db: Session = Depends(get_db)):
    return get_theme_settings(db)
--- a/routes/simulations.py
+++ b/routes/simulations.py
@@ -43,7 +43,9 @@ class SimulationRunResponse(BaseModel):
    summary: Dict[str, float | int]
-def _load_parameters(db: Session, scenario_id: int) -> List[SimulationParameterInput]:
+def _load_parameters(
    db: Session, scenario_id: int
 ) -> List[SimulationParameterInput]:
    db_params = (
        db.query(Parameter)
        .filter(Parameter.scenario_id == scenario_id)
@@ -60,17 +62,19 @@ def _load_parameters(db: Session, scenario_id: int) -> List[SimulationParameterI
@router.post("/run", response_model=SimulationRunResponse)
-async def simulate(payload: SimulationRunRequest, db: Session = Depends(get_db)):
+async def simulate(
-    scenario = db.query(Scenario).filter(
+    payload: SimulationRunRequest, db: Session = Depends(get_db)
-        Scenario.id == payload.scenario_id).first()
+):
    scenario = (
        db.query(Scenario).filter(Scenario.id == payload.scenario_id).first()
    )
    if scenario is None:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Scenario not found",
        )
-    parameters = payload.parameters or _load_parameters(
+    parameters = payload.parameters or _load_parameters(db, payload.scenario_id)
        db, payload.scenario_id)
    if not parameters:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
--- a/routes/ui.py
+++ b/routes/ui.py
@@ -20,6 +20,12 @@ from routes.dependencies import get_db
 from services.reporting import generate_report
 from models.currency import Currency
 from routes.currencies import DEFAULT_CURRENCY_CODE, _ensure_default_currency
 from services.settings import (
    CSS_COLOR_DEFAULTS,
    get_css_color_settings,
    list_css_env_override_rows,
    read_css_color_env_overrides,
 )
 CURRENCY_CHOICES: list[Dict[str, Any]] = [
@@ -47,7 +53,9 @@ router = APIRouter()
 templates = Jinja2Templates(directory="templates")
-def _context(request: Request, extra: Optional[Dict[str, Any]] = None) -> Dict[str, Any]:
+def _context(
    request: Request, extra: Optional[Dict[str, Any]] = None
 ) -> Dict[str, Any]:
    payload: Dict[str, Any] = {
        "request": request,
        "current_year": datetime.now(timezone.utc).year,
@@ -92,7 +100,9 @@ def _load_scenarios(db: Session) -> Dict[str, Any]:
 def _load_parameters(db: Session) -> Dict[str, Any]:
    grouped: defaultdict[int, list[Dict[str, Any]]] = defaultdict(list)
-    for param in db.query(Parameter).order_by(Parameter.scenario_id, Parameter.id):
+    for param in db.query(Parameter).order_by(
        Parameter.scenario_id, Parameter.id
    ):
        grouped[param.scenario_id].append(
            {
                "id": param.id,
@@ -107,27 +117,20 @@ def _load_parameters(db: Session) -> Dict[str, Any]:
 def _load_costs(db: Session) -> Dict[str, Any]:
    capex_grouped: defaultdict[int, list[Dict[str, Any]]] = defaultdict(list)
-    for capex in (
+    for capex in db.query(Capex).order_by(Capex.scenario_id, Capex.id).all():
        db.query(Capex)
        .order_by(Capex.scenario_id, Capex.id)
        .all()
    ):
        capex_grouped[int(getattr(capex, "scenario_id"))].append(
            {
                "id": int(getattr(capex, "id")),
                "scenario_id": int(getattr(capex, "scenario_id")),
                "amount": float(getattr(capex, "amount", 0.0)),
                "description": getattr(capex, "description", "") or "",
-                "currency_code": getattr(capex, "currency_code", "USD") or "USD",
+                "currency_code": getattr(capex, "currency_code", "USD")
                or "USD",
            }
        )
    opex_grouped: defaultdict[int, list[Dict[str, Any]]] = defaultdict(list)
-    for opex in (
+    for opex in db.query(Opex).order_by(Opex.scenario_id, Opex.id).all():
        db.query(Opex)
        .order_by(Opex.scenario_id, Opex.id)
        .all()
    ):
        opex_grouped[int(getattr(opex, "scenario_id"))].append(
            {
                "id": int(getattr(opex, "id")),
@@ -146,9 +149,15 @@ def _load_costs(db: Session) -> Dict[str, Any]:
 def _load_currencies(db: Session) -> Dict[str, Any]:
    items: list[Dict[str, Any]] = []
-    for c in db.query(Currency).filter_by(is_active=True).order_by(Currency.code).all():
+    for c in (
        db.query(Currency)
        .filter_by(is_active=True)
        .order_by(Currency.code)
        .all()
    ):
        items.append(
-            {"id": c.code, "name": f"{c.name} ({c.code})", "symbol": c.symbol})
+            {"id": c.code, "name": f"{c.name} ({c.code})", "symbol": c.symbol}
        )
    if not items:
        items.append({"id": "USD", "name": "US Dollar (USD)", "symbol": "$"})
    return {"currency_options": items}
@@ -186,6 +195,20 @@ def _load_currency_settings(db: Session) -> Dict[str, Any]:
    }
 def _load_css_settings(db: Session) -> Dict[str, Any]:
    variables = get_css_color_settings(db)
    env_overrides = read_css_color_env_overrides()
    env_rows = list_css_env_override_rows()
    env_meta = {row["css_key"]: row for row in env_rows}
    return {
        "css_variables": variables,
        "css_defaults": CSS_COLOR_DEFAULTS,
        "css_env_overrides": env_overrides,
        "css_env_override_rows": env_rows,
        "css_env_override_meta": env_meta,
    }
 def _load_consumption(db: Session) -> Dict[str, Any]:
    grouped: defaultdict[int, list[Dict[str, Any]]] = defaultdict(list)
    for record in (
@@ -241,9 +264,7 @@ def _load_production(db: Session) -> Dict[str, Any]:
 def _load_equipment(db: Session) -> Dict[str, Any]:
    grouped: defaultdict[int, list[Dict[str, Any]]] = defaultdict(list)
    for record in (
-        db.query(Equipment)
+        db.query(Equipment).order_by(Equipment.scenario_id, Equipment.id).all()
        .order_by(Equipment.scenario_id, Equipment.id)
        .all()
    ):
        record_id = int(getattr(record, "id"))
        scenario_id = int(getattr(record, "scenario_id"))
@@ -271,8 +292,9 @@ def _load_maintenance(db: Session) -> Dict[str, Any]:
        scenario_id = int(getattr(record, "scenario_id"))
        equipment_id = int(getattr(record, "equipment_id"))
        equipment_obj = getattr(record, "equipment", None)
-        equipment_name = getattr(
+        equipment_name = (
-            equipment_obj, "name", "") if equipment_obj else ""
+            getattr(equipment_obj, "name", "") if equipment_obj else ""
        )
        maintenance_date = getattr(record, "maintenance_date", None)
        cost_value = float(getattr(record, "cost", 0.0))
        description = getattr(record, "description", "") or ""
@@ -283,7 +305,9 @@ def _load_maintenance(db: Session) -> Dict[str, Any]:
                "scenario_id": scenario_id,
                "equipment_id": equipment_id,
                "equipment_name": equipment_name,
-                "maintenance_date": maintenance_date.isoformat() if maintenance_date else "",
+                "maintenance_date": (
                    maintenance_date.isoformat() if maintenance_date else ""
                ),
                "cost": cost_value,
                "description": description,
            }
@@ -319,8 +343,11 @@ def _load_simulations(db: Session) -> Dict[str, Any]:
    for item in scenarios:
        scenario_id = int(item["id"])
        scenario_results = results_grouped.get(scenario_id, [])
-        summary = generate_report(
+        summary = (
-            scenario_results) if scenario_results else generate_report([])
+            generate_report(scenario_results)
            if scenario_results
            else generate_report([])
        )
        runs.append(
            {
                "scenario_id": scenario_id,
@@ -375,11 +402,11 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
    simulation_context = _load_simulations(db)
    simulation_runs = simulation_context["simulation_runs"]
-    runs_by_scenario = {
+    runs_by_scenario = {run["scenario_id"]: run for run in simulation_runs}
        run["scenario_id"]: run for run in simulation_runs
    }
-    def sum_amounts(grouped: Dict[int, list[Dict[str, Any]]], field: str = "amount") -> float:
+    def sum_amounts(
        grouped: Dict[int, list[Dict[str, Any]]], field: str = "amount"
    ) -> float:
        total = 0.0
        for items in grouped.values():
            for item in items:
@@ -394,14 +421,18 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
    total_production = sum_amounts(production_by_scenario)
    total_maintenance_cost = sum_amounts(maintenance_by_scenario, field="cost")
-    total_parameters = sum(len(items)
+    total_parameters = sum(
-                           for items in parameters_by_scenario.values())
+        len(items) for items in parameters_by_scenario.values()
-    total_equipment = sum(len(items)
+    )
-                          for items in equipment_by_scenario.values())
+    total_equipment = sum(
-    total_maintenance_events = sum(len(items)
+        len(items) for items in equipment_by_scenario.values()
-                                   for items in maintenance_by_scenario.values())
+    )
    total_maintenance_events = sum(
        len(items) for items in maintenance_by_scenario.values()
    )
    total_simulation_iterations = sum(
-        run["iterations"] for run in simulation_runs)
+        run["iterations"] for run in simulation_runs
    )
    scenario_rows: list[Dict[str, Any]] = []
    scenario_labels: list[str] = []
@@ -481,20 +512,40 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
    overall_report = generate_report(all_simulation_results)
    overall_report_metrics = [
-        {"label": "Runs", "value": _format_int(
+        {
-            int(overall_report.get("count", 0)))},
+            "label": "Runs",
-        {"label": "Mean", "value": _format_decimal(
+            "value": _format_int(int(overall_report.get("count", 0))),
-            float(overall_report.get("mean", 0.0)))},
+        },
-        {"label": "Median", "value": _format_decimal(
+        {
-            float(overall_report.get("median", 0.0)))},
+            "label": "Mean",
-        {"label": "Std Dev", "value": _format_decimal(
+            "value": _format_decimal(float(overall_report.get("mean", 0.0))),
-            float(overall_report.get("std_dev", 0.0)))},
+        },
-        {"label": "95th Percentile", "value": _format_decimal(
+        {
-            float(overall_report.get("percentile_95", 0.0)))},
+            "label": "Median",
-        {"label": "VaR (95%)", "value": _format_decimal(
+            "value": _format_decimal(float(overall_report.get("median", 0.0))),
-            float(overall_report.get("value_at_risk_95", 0.0)))},
+        },
-        {"label": "Expected Shortfall (95%)", "value": _format_decimal(
+        {
-            float(overall_report.get("expected_shortfall_95", 0.0)))},
+            "label": "Std Dev",
            "value": _format_decimal(float(overall_report.get("std_dev", 0.0))),
        },
        {
            "label": "95th Percentile",
            "value": _format_decimal(
                float(overall_report.get("percentile_95", 0.0))
            ),
        },
        {
            "label": "VaR (95%)",
            "value": _format_decimal(
                float(overall_report.get("value_at_risk_95", 0.0))
            ),
        },
        {
            "label": "Expected Shortfall (95%)",
            "value": _format_decimal(
                float(overall_report.get("expected_shortfall_95", 0.0))
            ),
        },
    ]
    recent_simulations: list[Dict[str, Any]] = [
@@ -502,8 +553,12 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
            "scenario_name": run["scenario_name"],
            "iterations": run["iterations"],
            "iterations_display": _format_int(run["iterations"]),
-            "mean_display": _format_decimal(float(run["summary"].get("mean", 0.0))),
+            "mean_display": _format_decimal(
-            "p95_display": _format_decimal(float(run["summary"].get("percentile_95", 0.0))),
+                float(run["summary"].get("mean", 0.0))
            ),
            "p95_display": _format_decimal(
                float(run["summary"].get("percentile_95", 0.0))
            ),
        }
        for run in simulation_runs
        if run["iterations"] > 0
@@ -521,10 +576,20 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
        maintenance_date = getattr(record, "maintenance_date", None)
        upcoming_maintenance.append(
            {
-                "scenario_name": getattr(getattr(record, "scenario", None), "name", "Unknown"),
+                "scenario_name": getattr(
-                "equipment_name": getattr(getattr(record, "equipment", None), "name", "Unknown"),
+                    getattr(record, "scenario", None), "name", "Unknown"
-                "date_display": maintenance_date.strftime("%Y-%m-%d") if maintenance_date else "—",
+                ),
-                "cost_display": _format_currency(float(getattr(record, "cost", 0.0))),
+                "equipment_name": getattr(
                    getattr(record, "equipment", None), "name", "Unknown"
                ),
                "date_display": (
                    maintenance_date.strftime("%Y-%m-%d")
                    if maintenance_date
                    else "—"
                ),
                "cost_display": _format_currency(
                    float(getattr(record, "cost", 0.0))
                ),
                "description": getattr(record, "description", "") or "—",
            }
        )
@@ -532,9 +597,9 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
    cost_chart_has_data = any(value > 0 for value in scenario_capex) or any(
        value > 0 for value in scenario_opex
    )
-    activity_chart_has_data = any(value > 0 for value in activity_production) or any(
+    activity_chart_has_data = any(
-        value > 0 for value in activity_consumption
+        value > 0 for value in activity_production
-    )
+    ) or any(value > 0 for value in activity_consumption)
    scenario_cost_chart: Dict[str, list[Any]] = {
        "labels": scenario_labels,
@@ -553,14 +618,20 @@ def _load_dashboard(db: Session) -> Dict[str, Any]:
        {"label": "CAPEX Total", "value": _format_currency(total_capex)},
        {"label": "OPEX Total", "value": _format_currency(total_opex)},
        {"label": "Equipment Assets", "value": _format_int(total_equipment)},
-        {"label": "Maintenance Events",
+        {
-            "value": _format_int(total_maintenance_events)},
+            "label": "Maintenance Events",
            "value": _format_int(total_maintenance_events),
        },
        {"label": "Consumption", "value": _format_decimal(total_consumption)},
        {"label": "Production", "value": _format_decimal(total_production)},
-        {"label": "Simulation Iterations",
+        {
-            "value": _format_int(total_simulation_iterations)},
+            "label": "Simulation Iterations",
-        {"label": "Maintenance Cost",
+            "value": _format_int(total_simulation_iterations),
-            "value": _format_currency(total_maintenance_cost)},
+        },
        {
            "label": "Maintenance Cost",
            "value": _format_currency(total_maintenance_cost),
        },
    ]
    return {
@@ -672,8 +743,42 @@ async def reporting_view(request: Request, db: Session = Depends(get_db)):
    return _render(request, "reporting.html", _load_reporting(db))
@router.get("/ui/settings", response_class=HTMLResponse)
 async def settings_view(request: Request, db: Session = Depends(get_db)):
    """Render the settings landing page."""
    context = _load_css_settings(db)
    return _render(request, "settings.html", context)
@router.get("/ui/currencies", response_class=HTMLResponse)
 async def currencies_view(request: Request, db: Session = Depends(get_db)):
    """Render the currency administration page with full currency context."""
    context = _load_currency_settings(db)
    return _render(request, "currencies.html", context)
@router.get("/login", response_class=HTMLResponse)
 async def login_page(request: Request):
    return _render(request, "login.html")
@router.get("/register", response_class=HTMLResponse)
 async def register_page(request: Request):
    return _render(request, "register.html")
@router.get("/profile", response_class=HTMLResponse)
 async def profile_page(request: Request):
    return _render(request, "profile.html")
@router.get("/forgot-password", response_class=HTMLResponse)
 async def forgot_password_page(request: Request):
    return _render(request, "forgot_password.html")
@router.get("/theme-settings", response_class=HTMLResponse)
 async def theme_settings_page(request: Request, db: Session = Depends(get_db)):
    """Render the theme settings page."""
    context = _load_css_settings(db)
    return _render(request, "theme_settings.html", context)
--- a/routes/users.py
+++ b/routes/users.py
@@ -0,0 +1,107 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.orm import Session
 from config.database import get_db
 from models.user import User
 from services.security import create_access_token, get_current_user
 from schemas.user import (
    PasswordReset,
    PasswordResetRequest,
    UserCreate,
    UserInDB,
    UserLogin,
    UserUpdate,
 )
 router = APIRouter(prefix="/users", tags=["users"])
@router.post("/register", response_model=UserInDB, status_code=status.HTTP_201_CREATED)
 async def register_user(user: UserCreate, db: Session = Depends(get_db)):
    db_user = db.query(User).filter(User.username == user.username).first()
    if db_user:
        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST,
                            detail="Username already registered")
    db_user = db.query(User).filter(User.email == user.email).first()
    if db_user:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered")
    # Get or create default role
    from models.role import Role
    default_role = db.query(Role).filter(Role.name == "user").first()
    if not default_role:
        default_role = Role(name="user")
        db.add(default_role)
        db.commit()
        db.refresh(default_role)
    new_user = User(username=user.username, email=user.email,
                    role_id=default_role.id)
    new_user.set_password(user.password)
    db.add(new_user)
    db.commit()
    db.refresh(new_user)
    return new_user
@router.post("/login")
 async def login_user(user: UserLogin, db: Session = Depends(get_db)):
    db_user = db.query(User).filter(User.username == user.username).first()
    if not db_user or not db_user.check_password(user.password):
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
                            detail="Incorrect username or password")
    access_token = create_access_token(subject=db_user.username)
    return {"access_token": access_token, "token_type": "bearer"}
@router.get("/me")
 async def read_users_me(current_user: User = Depends(get_current_user)):
    return current_user
@router.put("/me", response_model=UserInDB)
 async def update_user_me(user_update: UserUpdate, current_user: User = Depends(get_current_user), db: Session = Depends(get_db)):
    if user_update.username and user_update.username != current_user.username:
        existing_user = db.query(User).filter(
            User.username == user_update.username).first()
        if existing_user:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST, detail="Username already taken")
    setattr(current_user, "username", user_update.username)
    if user_update.email and user_update.email != current_user.email:
        existing_user = db.query(User).filter(
            User.email == user_update.email).first()
        if existing_user:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST, detail="Email already registered")
    setattr(current_user, "email", user_update.email)
    if user_update.password:
        current_user.set_password(user_update.password)
    db.add(current_user)
    db.commit()
    db.refresh(current_user)
    return current_user
@router.post("/forgot-password")
 async def forgot_password(request: PasswordResetRequest):
    # In a real application, this would send an email with a reset token
    return {"message": "Password reset email sent (not really)"}
@router.post("/reset-password")
 async def reset_password(request: PasswordReset, db: Session = Depends(get_db)):
    # In a real application, the token would be verified
    user = db.query(User).filter(User.username ==
                                 request.token).first()  # Use token as username for test
    if not user:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid token or user")
    user.set_password(request.new_password)
    db.add(user)
    db.commit()
    return {"message": "Password has been reset successfully"}
--- a/schemas/user.py
+++ b/schemas/user.py
@@ -0,0 +1,41 @@
 from pydantic import BaseModel, ConfigDict
 class UserCreate(BaseModel):
    username: str
    email: str
    password: str
 class UserInDB(BaseModel):
    id: int
    username: str
    email: str
    role_id: int
    model_config = ConfigDict(from_attributes=True)
 class UserLogin(BaseModel):
    username: str
    password: str
 class UserUpdate(BaseModel):
    username: str | None = None
    email: str | None = None
    password: str | None = None
 class PasswordResetRequest(BaseModel):
    email: str
 class PasswordReset(BaseModel):
    token: str
    new_password: str
 class Token(BaseModel):
    access_token: str
    token_type: str
--- a/scripts/backfill_currency.py
+++ b/scripts/backfill_currency.py
@@ -9,6 +9,7 @@ This script is intentionally cautious: it defaults to dry-run mode and will refu
 if database connection settings are missing. It supports creating missing currency rows when `--create-missing`
 is provided. Always run against a development/staging database first.
 """
 from __future__ import annotations
 import argparse
 import importlib
@@ -36,26 +37,42 @@ def load_database_url() -> str:
    return getattr(db_module, "DATABASE_URL")
-def backfill(db_url: str, dry_run: bool = True, create_missing: bool = False) -> None:
+def backfill(
    db_url: str, dry_run: bool = True, create_missing: bool = False
 ) -> None:
    engine = create_engine(db_url)
    with engine.begin() as conn:
        # Ensure currency table exists
-        res = conn.execute(text("SELECT name FROM sqlite_master WHERE type='table' AND name='currency';")) if db_url.startswith(
+        if db_url.startswith("sqlite:"):
-            'sqlite:') else conn.execute(text("SELECT to_regclass('public.currency');"))
+            conn.execute(
                text(
                    "SELECT name FROM sqlite_master WHERE type='table' AND name='currency';"
                )
            )
        else:
            conn.execute(text("SELECT to_regclass('public.currency');"))
        # Note: we don't strictly depend on the above - we assume migration was already applied
        # Helper: find or create currency by code
        def find_currency_id(code: str):
-            r = conn.execute(text("SELECT id FROM currency WHERE code = :code"), {
+            r = conn.execute(
-                             "code": code}).fetchone()
+                text("SELECT id FROM currency WHERE code = :code"),
                {"code": code},
            ).fetchone()
            if r:
                return r[0]
            if create_missing:
                # insert and return id
-                conn.execute(text("INSERT INTO currency (code, name, symbol, is_active) VALUES (:c, :n, NULL, TRUE)"), {
+                conn.execute(
-                             "c": code, "n": code})
+                    text(
-                r2 = conn.execute(text("SELECT id FROM currency WHERE code = :code"), {
+                        "INSERT INTO currency (code, name, symbol, is_active) VALUES (:c, :n, NULL, TRUE)"
-                                  "code": code}).fetchone()
+                    ),
                    {"c": code, "n": code},
                )
                r2 = conn.execute(
                    text("SELECT id FROM currency WHERE code = :code"),
                    {"code": code},
                ).fetchone()
                if not r2:
                    raise RuntimeError(
                        f"Unable to determine currency ID for '{code}' after insert"
@@ -67,8 +84,15 @@ def backfill(db_url: str, dry_run: bool = True, create_missing: bool = False) ->
        for table in ("capex", "opex"):
            # Check if currency_id column exists
            try:
-                cols = conn.execute(text(f"SELECT 1 FROM information_schema.columns WHERE table_name = '{table}' AND column_name = 'currency_id'")) if not db_url.startswith(
+                cols = (
-                    'sqlite:') else [(1,)]
+                    conn.execute(
                        text(
                            f"SELECT 1 FROM information_schema.columns WHERE table_name = '{table}' AND column_name = 'currency_id'"
                        )
                    )
                    if not db_url.startswith("sqlite:")
                    else [(1,)]
                )
            except Exception:
                cols = [(1,)]
@@ -77,8 +101,11 @@ def backfill(db_url: str, dry_run: bool = True, create_missing: bool = False) ->
                continue
            # Find rows where currency_id IS NULL but currency_code exists
-            rows = conn.execute(text(
+            rows = conn.execute(
-                f"SELECT id, currency_code FROM {table} WHERE currency_id IS NULL OR currency_id = ''"))
+                text(
                    f"SELECT id, currency_code FROM {table} WHERE currency_id IS NULL OR currency_id = ''"
                )
            )
            changed = 0
            for r in rows:
                rid = r[0]
@@ -86,14 +113,20 @@ def backfill(db_url: str, dry_run: bool = True, create_missing: bool = False) ->
                cid = find_currency_id(code)
                if cid is None:
                    print(
-                        f"Row {table}:{rid} has unknown currency code '{code}' and create_missing=False; skipping")
+                        f"Row {table}:{rid} has unknown currency code '{code}' and create_missing=False; skipping"
                    )
                    continue
                if dry_run:
                    print(
-                        f"[DRY RUN] Would set {table}.currency_id = {cid} for row id={rid} (code={code})")
+                        f"[DRY RUN] Would set {table}.currency_id = {cid} for row id={rid} (code={code})"
                    )
                else:
-                    conn.execute(text(f"UPDATE {table} SET currency_id = :cid WHERE id = :rid"), {
+                    conn.execute(
-                                 "cid": cid, "rid": rid})
+                        text(
                            f"UPDATE {table} SET currency_id = :cid WHERE id = :rid"
                        ),
                        {"cid": cid, "rid": rid},
                    )
                    changed += 1
            print(f"{table}: processed, changed={changed} (dry_run={dry_run})")
@@ -101,11 +134,19 @@ def backfill(db_url: str, dry_run: bool = True, create_missing: bool = False) ->
 def main() -> None:
    parser = argparse.ArgumentParser(
-        description="Backfill currency_id from currency_code for capex/opex tables")
+        description="Backfill currency_id from currency_code for capex/opex tables"
-    parser.add_argument("--dry-run", action="store_true",
+    )
-                        default=True, help="Show actions without writing")
+    parser.add_argument(
-    parser.add_argument("--create-missing", action="store_true",
+        "--dry-run",
-                        help="Create missing currency rows in the currency table")
+        action="store_true",
        default=True,
        help="Show actions without writing",
    )
    parser.add_argument(
        "--create-missing",
        action="store_true",
        help="Create missing currency rows in the currency table",
    )
    args = parser.parse_args()
    db = load_database_url()
--- a/scripts/check_docs_links.py
+++ b/scripts/check_docs_links.py
@@ -4,25 +4,30 @@ Checks only local file links (relative paths) and reports missing targets.
 Run from the repository root using the project's Python environment.
 """
 import re
 from pathlib import Path
 ROOT = Path(__file__).resolve().parent.parent
-DOCS = ROOT / 'docs'
+DOCS = ROOT / "docs"
 MD_LINK_RE = re.compile(r"\[([^\]]+)\]\(([^)]+)\)")
 errors = []
-for md in DOCS.rglob('*.md'):
+for md in DOCS.rglob("*.md"):
-    text = md.read_text(encoding='utf-8')
+    text = md.read_text(encoding="utf-8")
    for m in MD_LINK_RE.finditer(text):
        label, target = m.groups()
        # skip URLs
-        if target.startswith('http://') or target.startswith('https://') or target.startswith('#'):
+        if (
            target.startswith("http://")
            or target.startswith("https://")
            or target.startswith("#")
        ):
            continue
        # strip anchors
-        target_path = target.split('#')[0]
+        target_path = target.split("#")[0]
        # if link is to a directory index, allow
        candidate = (md.parent / target_path).resolve()
        if candidate.exists():
@@ -30,14 +35,16 @@ for md in DOCS.rglob('*.md'):
        # check common implicit index: target/ -> target/README.md or target/index.md
        candidate_dir = md.parent / target_path
        if candidate_dir.is_dir():
-            if (candidate_dir / 'README.md').exists() or (candidate_dir / 'index.md').exists():
+            if (candidate_dir / "README.md").exists() or (
                candidate_dir / "index.md"
            ).exists():
                continue
        errors.append((str(md.relative_to(ROOT)), target, label))
 if errors:
-    print('Broken local links found:')
+    print("Broken local links found:")
    for src, tgt, label in errors:
-        print(f'- {src} -> {tgt}  ({label})')
+        print(f"- {src} -> {tgt}  ({label})")
    exit(2)
-print('No broken local links detected.')
+print("No broken local links detected.")
--- a/scripts/format_docs_md.py
+++ b/scripts/format_docs_md.py
@@ -2,16 +2,17 @@
 This is intentionally small and non-destructive; it touches only files under docs/ and makes safe changes.
 """
 import re
 from pathlib import Path
 DOCS = Path(__file__).resolve().parents[1] / "docs"
 CODE_LANG_HINTS = {
-    'powershell': ('powershell',),
+    "powershell": ("powershell",),
-    'bash': ('bash', 'sh'),
+    "bash": ("bash", "sh"),
-    'sql': ('sql',),
+    "sql": ("sql",),
-    'python': ('python',),
+    "python": ("python",),
 }
@@ -19,48 +20,60 @@ def add_code_fence_language(match):
    fence = match.group(0)
    inner = match.group(1)
    # If language already present, return unchanged
-    if fence.startswith('```') and len(fence.splitlines()[0].strip()) > 3:
+    if fence.startswith("```") and len(fence.splitlines()[0].strip()) > 3:
        return fence
    # Try to infer language from the code content
-    code = inner.strip().splitlines()[0] if inner.strip() else ''
+    code = inner.strip().splitlines()[0] if inner.strip() else ""
-    lang = ''
+    lang = ""
-    if code.startswith('$') or code.startswith('PS') or code.lower().startswith('powershell'):
+    if (
-        lang = 'powershell'
+        code.startswith("$")
-    elif code.startswith('#') or code.startswith('import') or code.startswith('from'):
+        or code.startswith("PS")
-        lang = 'python'
+        or code.lower().startswith("powershell")
-    elif re.match(r'^(select|insert|update|create)\b', code.strip(), re.I):
+    ):
-        lang = 'sql'
+        lang = "powershell"
-    elif code.startswith('git') or code.startswith('./') or code.startswith('sudo'):
+    elif (
-        lang = 'bash'
+        code.startswith("#")
        or code.startswith("import")
        or code.startswith("from")
    ):
        lang = "python"
    elif re.match(r"^(select|insert|update|create)\b", code.strip(), re.I):
        lang = "sql"
    elif (
        code.startswith("git")
        or code.startswith("./")
        or code.startswith("sudo")
    ):
        lang = "bash"
    if lang:
-        return f'```{lang}\n{inner}\n```'
+        return f"```{lang}\n{inner}\n```"
    return fence
 def normalize_file(path: Path):
-    text = path.read_text(encoding='utf-8')
+    text = path.read_text(encoding="utf-8")
    orig = text
    # Trim trailing whitespace and ensure single trailing newline
-    text = '\n'.join(line.rstrip() for line in text.splitlines()) + '\n'
+    text = "\n".join(line.rstrip() for line in text.splitlines()) + "\n"
    # Ensure first non-empty line is H1
    lines = text.splitlines()
    for i, ln in enumerate(lines):
        if ln.strip():
-            if not ln.startswith('#'):
+            if not ln.startswith("#"):
-                lines[i] = '# ' + ln
+                lines[i] = "# " + ln
            break
-    text = '\n'.join(lines) + '\n'
+    text = "\n".join(lines) + "\n"
    # Add basic code fence languages where missing (simple heuristic)
-    text = re.sub(r'```\n([\s\S]*?)\n```', add_code_fence_language, text)
+    text = re.sub(r"```\n([\s\S]*?)\n```", add_code_fence_language, text)
    if text != orig:
-        path.write_text(text, encoding='utf-8')
+        path.write_text(text, encoding="utf-8")
        return True
    return False
 def main():
    changed = []
-    for p in DOCS.rglob('*.md'):
+    for p in DOCS.rglob("*.md"):
        if p.is_file():
            try:
                if normalize_file(p):
@@ -68,12 +81,12 @@ def main():
            except Exception as e:
                print(f"Failed to format {p}: {e}")
    if changed:
-        print('Formatted files:')
+        print("Formatted files:")
        for c in changed:
-            print(' -', c)
+            print(" -", c)
    else:
-        print('No formatting changes required.')
+        print("No formatting changes required.")
-if __name__ == '__main__':
+if __name__ == "__main__":
    main()
--- a/scripts/migrations/000_base.sql
+++ b/scripts/migrations/000_base.sql
@@ -27,6 +27,25 @@ SET name = EXCLUDED.name,
    symbol = EXCLUDED.symbol,
    is_active = EXCLUDED.is_active;
 -- Application-level settings table
 CREATE TABLE IF NOT EXISTS application_setting (
    id SERIAL PRIMARY KEY,
    key VARCHAR(128) NOT NULL UNIQUE,
    value TEXT NOT NULL,
    value_type VARCHAR(32) NOT NULL DEFAULT 'string',
    category VARCHAR(32) NOT NULL DEFAULT 'general',
    description TEXT,
    is_editable BOOLEAN NOT NULL DEFAULT TRUE,
    created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
 );
 CREATE UNIQUE INDEX IF NOT EXISTS ux_application_setting_key
    ON application_setting (key);
 CREATE INDEX IF NOT EXISTS ix_application_setting_category
    ON application_setting (category);
 -- Measurement unit reference table
 CREATE TABLE IF NOT EXISTS measurement_unit (
    id SERIAL PRIMARY KEY,
@@ -139,4 +158,32 @@ ALTER TABLE capex
 ALTER TABLE opex
    DROP COLUMN IF EXISTS currency_code;
 -- Role-based access control tables
 CREATE TABLE IF NOT EXISTS roles (
    id SERIAL PRIMARY KEY,
    name VARCHAR(255) UNIQUE NOT NULL
 );
 CREATE TABLE IF NOT EXISTS users (
    id SERIAL PRIMARY KEY,
    username VARCHAR(255) UNIQUE NOT NULL,
    email VARCHAR(255) UNIQUE NOT NULL,
    hashed_password VARCHAR(255) NOT NULL,
    role_id INTEGER NOT NULL REFERENCES roles (id) ON DELETE RESTRICT
 );
 CREATE INDEX IF NOT EXISTS ix_users_username ON users (username);
 CREATE INDEX IF NOT EXISTS ix_users_email ON users (email);
 -- Theme settings configuration table
 CREATE TABLE IF NOT EXISTS theme_settings (
    id SERIAL PRIMARY KEY,
    theme_name VARCHAR(255) UNIQUE NOT NULL,
    primary_color VARCHAR(7) NOT NULL,
    secondary_color VARCHAR(7) NOT NULL,
    accent_color VARCHAR(7) NOT NULL,
    background_color VARCHAR(7) NOT NULL,
    text_color VARCHAR(7) NOT NULL
 );
 COMMIT;
--- a/scripts/seed_data.py
+++ b/scripts/seed_data.py
@@ -16,8 +16,7 @@ from __future__ import annotations
 import argparse
 import logging
-import os
+from typing import Optional
 from typing import Iterable, Optional
 import psycopg2
 from psycopg2 import errors
@@ -47,22 +46,82 @@ MEASUREMENT_UNIT_SEEDS = (
    ("kilowatt_hours", "Kilowatt Hours", "kWh", "energy", True),
 )
 THEME_SETTING_SEEDS = (
    ("--color-background", "#f4f5f7", "color",
     "theme", "CSS variable --color-background", True),
    ("--color-surface", "#ffffff", "color",
     "theme", "CSS variable --color-surface", True),
    ("--color-text-primary", "#2a1f33", "color",
     "theme", "CSS variable --color-text-primary", True),
    ("--color-text-secondary", "#624769", "color",
     "theme", "CSS variable --color-text-secondary", True),
    ("--color-text-muted", "#64748b", "color",
     "theme", "CSS variable --color-text-muted", True),
    ("--color-text-subtle", "#94a3b8", "color",
     "theme", "CSS variable --color-text-subtle", True),
    ("--color-text-invert", "#ffffff", "color",
     "theme", "CSS variable --color-text-invert", True),
    ("--color-text-dark", "#0f172a", "color",
     "theme", "CSS variable --color-text-dark", True),
    ("--color-text-strong", "#111827", "color",
     "theme", "CSS variable --color-text-strong", True),
    ("--color-primary", "#5f320d", "color",
     "theme", "CSS variable --color-primary", True),
    ("--color-primary-strong", "#7e4c13", "color",
     "theme", "CSS variable --color-primary-strong", True),
    ("--color-primary-stronger", "#837c15", "color",
     "theme", "CSS variable --color-primary-stronger", True),
    ("--color-accent", "#bff838", "color",
     "theme", "CSS variable --color-accent", True),
    ("--color-border", "#e2e8f0", "color",
     "theme", "CSS variable --color-border", True),
    ("--color-border-strong", "#cbd5e1", "color",
     "theme", "CSS variable --color-border-strong", True),
    ("--color-highlight", "#eef2ff", "color",
     "theme", "CSS variable --color-highlight", True),
    ("--color-panel-shadow", "rgba(15, 23, 42, 0.08)", "color",
     "theme", "CSS variable --color-panel-shadow", True),
    ("--color-panel-shadow-deep", "rgba(15, 23, 42, 0.12)", "color",
     "theme", "CSS variable --color-panel-shadow-deep", True),
    ("--color-surface-alt", "#f8fafc", "color",
     "theme", "CSS variable --color-surface-alt", True),
    ("--color-success", "#047857", "color",
     "theme", "CSS variable --color-success", True),
    ("--color-error", "#b91c1c", "color",
     "theme", "CSS variable --color-error", True),
 )
 def parse_args() -> argparse.Namespace:
    parser = argparse.ArgumentParser(description="Seed baseline CalMiner data")
    parser.add_argument("--currencies", action="store_true", help="Seed currency table")
    parser.add_argument("--units", action="store_true", help="Seed unit table")
    parser.add_argument("--defaults", action="store_true", help="Seed default records")
    parser.add_argument("--dry-run", action="store_true", help="Print actions without executing")
    parser.add_argument(
-        "--verbose", "-v", action="count", default=0, help="Increase logging verbosity"
+        "--currencies", action="store_true", help="Seed currency table"
    )
    parser.add_argument("--units", action="store_true", help="Seed unit table")
    parser.add_argument(
        "--theme", action="store_true", help="Seed theme settings"
    )
    parser.add_argument(
        "--defaults", action="store_true", help="Seed default records"
    )
    parser.add_argument(
        "--dry-run", action="store_true", help="Print actions without executing"
    )
    parser.add_argument(
        "--verbose",
        "-v",
        action="count",
        default=0,
        help="Increase logging verbosity",
    )
    return parser.parse_args()
 def _configure_logging(args: argparse.Namespace) -> None:
    level = logging.WARNING - (10 * min(args.verbose, 2))
-    logging.basicConfig(level=max(level, logging.INFO), format="%(levelname)s %(message)s")
+    logging.basicConfig(
        level=max(level, logging.INFO), format="%(levelname)s %(message)s"
    )
 def main() -> None:
@@ -75,22 +134,36 @@ def run_with_namespace(
    *,
    config: Optional[DatabaseConfig] = None,
 ) -> None:
    if not hasattr(args, "verbose"):
        args.verbose = 0
    if not hasattr(args, "dry_run"):
        args.dry_run = False
    _configure_logging(args)
-    if not any((args.currencies, args.units, args.defaults)):
+    currencies = bool(getattr(args, "currencies", False))
    units = bool(getattr(args, "units", False))
    theme = bool(getattr(args, "theme", False))
    defaults = bool(getattr(args, "defaults", False))
    dry_run = bool(getattr(args, "dry_run", False))
    if not any((currencies, units, theme, defaults)):
        logger.info("No seeding options provided; exiting")
        return
    config = config or DatabaseConfig.from_env()
    with psycopg2.connect(config.application_dsn()) as conn:
        conn.autocommit = True
        with conn.cursor() as cursor:
-            if args.currencies:
+            if currencies:
-                _seed_currencies(cursor, dry_run=args.dry_run)
+                _seed_currencies(cursor, dry_run=dry_run)
-            if args.units:
+            if units:
-                _seed_units(cursor, dry_run=args.dry_run)
+                _seed_units(cursor, dry_run=dry_run)
-            if args.defaults:
+            if theme:
-                _seed_defaults(cursor, dry_run=args.dry_run)
+                _seed_theme(cursor, dry_run=dry_run)
            if defaults:
                _seed_defaults(cursor, dry_run=dry_run)
 def _seed_currencies(cursor, *, dry_run: bool) -> None:
@@ -152,11 +225,44 @@ def _seed_units(cursor, *, dry_run: bool) -> None:
    logger.info("Measurement unit seed complete")
-def _seed_defaults(cursor, *, dry_run: bool) -> None:
+def _seed_theme(cursor, *, dry_run: bool) -> None:
-    logger.info("Seeding default records - not yet implemented")
+    logger.info("Seeding theme settings (%d rows)", len(THEME_SETTING_SEEDS))
    if dry_run:
        for key, value, _, _, _, _ in THEME_SETTING_SEEDS:
            logger.info(
                "Dry run: would upsert theme setting %s = %s", key, value)
        return
    try:
        execute_values(
            cursor,
            """
            INSERT INTO application_setting (key, value, value_type, category, description, is_editable)
            VALUES %s
            ON CONFLICT (key) DO UPDATE
            SET value = EXCLUDED.value,
                value_type = EXCLUDED.value_type,
                category = EXCLUDED.category,
                description = EXCLUDED.description,
                is_editable = EXCLUDED.is_editable
            """,
            THEME_SETTING_SEEDS,
        )
    except errors.UndefinedTable:
        logger.warning(
            "application_setting table does not exist; skipping theme seeding."
        )
        cursor.connection.rollback()
        return
    logger.info("Theme settings seed complete")
 def _seed_defaults(cursor, *, dry_run: bool) -> None:
    logger.info("Seeding default records")
    _seed_theme(cursor, dry_run=dry_run)
    logger.info("Default records seed complete")
 if __name__ == "__main__":
    main()
--- a/scripts/setup_database.py
+++ b/scripts/setup_database.py
@@ -22,6 +22,7 @@ connection string; this script will still honor the granular inputs above.
 """
 from __future__ import annotations
 from config.database import Base
 import argparse
 import importlib
 import logging
@@ -39,10 +40,10 @@ from psycopg2 import extensions
 from psycopg2.extensions import connection as PGConnection, parse_dsn
 from dotenv import load_dotenv
 from sqlalchemy import create_engine, inspect
 ROOT_DIR = Path(__file__).resolve().parents[1]
 if str(ROOT_DIR) not in sys.path:
    sys.path.insert(0, str(ROOT_DIR))
 from config.database import Base
 logger = logging.getLogger(__name__)
@@ -208,12 +209,17 @@ class DatabaseConfig:
 class DatabaseSetup:
    """Encapsulates the full setup workflow."""
-    def __init__(self, config: DatabaseConfig, *, dry_run: bool = False) -> None:
+    def __init__(
        self, config: DatabaseConfig, *, dry_run: bool = False
    ) -> None:
        self.config = config
        self.dry_run = dry_run
        self._models_loaded = False
        self._rollback_actions: list[tuple[str, Callable[[], None]]] = []
-    def _register_rollback(self, label: str, action: Callable[[], None]) -> None:
+
    def _register_rollback(
        self, label: str, action: Callable[[], None]
    ) -> None:
        if self.dry_run:
            return
        self._rollback_actions.append((label, action))
@@ -237,7 +243,6 @@ class DatabaseSetup:
    def clear_rollbacks(self) -> None:
        self._rollback_actions.clear()
    def _describe_connection(self, user: str, database: str) -> str:
        return f"{user}@{self.config.host}:{self.config.port}/{database}"
@@ -245,7 +250,7 @@ class DatabaseSetup:
        descriptor = self._describe_connection(
            self.config.admin_user, self.config.admin_database
        )
-        logger.info("Validating admin connection (%s)", descriptor)
+        logger.info("[CONNECT] Validating admin connection (%s)", descriptor)
        try:
            with self._admin_connection(self.config.admin_database) as conn:
                with conn.cursor() as cursor:
@@ -256,13 +261,14 @@ class DatabaseSetup:
                "Check DATABASE_ADMIN_URL or DATABASE_SUPERUSER settings."
                f" Target: {descriptor}"
            ) from exc
-        logger.info("Admin connection verified (%s)", descriptor)
+        logger.info("[CONNECT] Admin connection verified (%s)", descriptor)
    def validate_application_connection(self) -> None:
        descriptor = self._describe_connection(
            self.config.user, self.config.database
        )
-        logger.info("Validating application connection (%s)", descriptor)
+        logger.info(
            "[CONNECT] Validating application connection (%s)", descriptor)
        try:
            with self._application_connection() as conn:
                with conn.cursor() as cursor:
@@ -273,7 +279,8 @@ class DatabaseSetup:
                "Ensure the role exists and credentials are correct. "
                f"Target: {descriptor}"
            ) from exc
-        logger.info("Application connection verified (%s)", descriptor)
+        logger.info(
            "[CONNECT] Application connection verified (%s)", descriptor)
    def ensure_database(self) -> None:
        """Create the target database when it does not already exist."""
@@ -336,7 +343,8 @@ class DatabaseSetup:
                    rollback_label = f"drop database {self.config.database}"
                    self._register_rollback(
                        rollback_label,
-                        lambda db=self.config.database: self._drop_database(db),
+                        lambda db=self.config.database: self._drop_database(
                            db),
                    )
                logger.info("Created database '%s'", self.config.database)
            finally:
@@ -384,9 +392,9 @@ class DatabaseSetup:
                    try:
                        if self.config.password:
                            cursor.execute(
-                                sql.SQL("CREATE ROLE {} WITH LOGIN PASSWORD %s").format(
+                                sql.SQL(
-                                    sql.Identifier(self.config.user)
+                                    "CREATE ROLE {} WITH LOGIN PASSWORD %s"
-                                ),
+                                ).format(sql.Identifier(self.config.user)),
                                (self.config.password,),
                            )
                        else:
@@ -405,7 +413,8 @@ class DatabaseSetup:
                        rollback_label = f"drop role {self.config.user}"
                        self._register_rollback(
                            rollback_label,
-                            lambda role=self.config.user: self._drop_role(role),
+                            lambda role=self.config.user: self._drop_role(
                                role),
                        )
                else:
                    logger.info("Role '%s' already present", self.config.user)
@@ -579,32 +588,28 @@ class DatabaseSetup:
        except RuntimeError:
            raise
    def _connect(self, dsn: str, descriptor: str) -> PGConnection:
        try:
            return psycopg2.connect(dsn)
        except psycopg2.Error as exc:
            raise RuntimeError(
                f"Unable to establish connection. Target: {descriptor}"
            ) from exc
    def _admin_connection(self, database: Optional[str] = None) -> PGConnection:
        target_db = database or self.config.admin_database
        dsn = self.config.admin_dsn(database)
        descriptor = self._describe_connection(
            self.config.admin_user, target_db
        )
-        try:
+        return self._connect(dsn, descriptor)
            return psycopg2.connect(dsn)
        except psycopg2.Error as exc:
            raise RuntimeError(
                "Unable to establish admin connection. "
                f"Target: {descriptor}"
            ) from exc
    def _application_connection(self) -> PGConnection:
        dsn = self.config.application_dsn()
        descriptor = self._describe_connection(
            self.config.user, self.config.database
        )
-        try:
+        return self._connect(dsn, descriptor)
            return psycopg2.connect(dsn)
        except psycopg2.Error as exc:
            raise RuntimeError(
                "Unable to establish application connection. "
                f"Target: {descriptor}"
            ) from exc
    def initialize_schema(self) -> None:
        """Create database objects from SQLAlchemy metadata if missing."""
@@ -645,7 +650,9 @@ class DatabaseSetup:
            importlib.import_module(f"{package.__name__}.{module_info.name}")
        self._models_loaded = True
-    def run_migrations(self, migrations_dir: Optional[Path | str] = None) -> None:
+    def run_migrations(
        self, migrations_dir: Optional[Path | str] = None
    ) -> None:
        """Execute pending SQL migrations in chronological order."""
        directory = (
@@ -673,7 +680,8 @@ class DatabaseSetup:
            conn.autocommit = True
            with conn.cursor() as cursor:
                table_exists = self._migrations_table_exists(
-                    cursor, schema_name)
+                    cursor, schema_name
                )
                if not table_exists:
                    if self.dry_run:
                        logger.info(
@@ -692,73 +700,15 @@ class DatabaseSetup:
                        applied = set()
                else:
                    applied = self._fetch_applied_migrations(
-                        cursor, schema_name)
+                        cursor, schema_name
                    )
-                if (
+                self._handle_baseline_migration(
-                    baseline_path.exists()
+                    cursor, schema_name, baseline_path, baseline_name, migration_files, applied
-                    and baseline_name not in applied
+                )
                ):
                    if self.dry_run:
                        logger.info(
                            "Dry run: baseline migration '%s' pending; would apply and mark legacy files",
                            baseline_name,
                        )
                    else:
                        logger.info(
                            "Baseline migration '%s' pending; applying and marking older migrations",
                            baseline_name,
                        )
                        try:
                            baseline_applied = self._apply_migration_file(
                                cursor, schema_name, baseline_path
                            )
                        except Exception:
                            logger.error(
                                "Failed while applying baseline migration '%s'."
                                " Review the migration contents and rerun with --dry-run for diagnostics.",
                                baseline_name,
                                exc_info=True,
                            )
                            raise
                        applied.add(baseline_applied)
                        legacy_files = [
                            path
                            for path in migration_files
                            if path.name != baseline_name
                        ]
                        for legacy in legacy_files:
                            if legacy.name not in applied:
                                try:
                                    cursor.execute(
                                        sql.SQL(
                                            "INSERT INTO {} (filename, applied_at) VALUES (%s, NOW())"
                                        ).format(
                                            sql.Identifier(
                                                schema_name,
                                                MIGRATIONS_TABLE,
                                            )
                                        ),
                                        (legacy.name,),
                                    )
                                except Exception:
                                    logger.error(
                                        "Unable to record legacy migration '%s' after baseline application."
                                        " Check schema_migrations table in schema '%s' for partial state.",
                                        legacy.name,
                                        schema_name,
                                        exc_info=True,
                                    )
                                    raise
                                applied.add(legacy.name)
                                logger.info(
                                    "Marked legacy migration '%s' as applied via baseline",
                                    legacy.name,
                                )
                pending = [
-                    path
+                    path for path in migration_files if path.name not in applied
                    for path in migration_files
                    if path.name not in applied
                ]
                if not pending:
@@ -779,6 +729,85 @@ class DatabaseSetup:
                logger.info("Applied %d migrations", len(pending))
    def _handle_baseline_migration(
        self,
        cursor: extensions.cursor,
        schema_name: str,
        baseline_path: Path,
        baseline_name: str,
        migration_files: list[Path],
        applied: set[str],
    ) -> None:
        if baseline_path.exists() and baseline_name not in applied:
            if self.dry_run:
                logger.info(
                    "Dry run: baseline migration '%s' pending; would apply and mark legacy files",
                    baseline_name,
                )
            else:
                logger.info(
                    "[MIGRATE] Baseline migration '%s' pending; applying and marking older migrations",
                    baseline_name,
                )
                try:
                    baseline_applied = self._apply_migration_file(
                        cursor, schema_name, baseline_path
                    )
                except Exception:
                    logger.error(
                        "Failed while applying baseline migration '%s'."
                        " Review the migration contents and rerun with --dry-run for diagnostics.",
                        baseline_name,
                        exc_info=True,
                    )
                    raise
                applied.add(baseline_applied)
                self._mark_legacy_migrations_as_applied(
                    cursor, schema_name, migration_files, baseline_name, applied
                )
    def _mark_legacy_migrations_as_applied(
        self,
        cursor: extensions.cursor,
        schema_name: str,
        migration_files: list[Path],
        baseline_name: str,
        applied: set[str],
    ) -> None:
        legacy_files = [
            path
            for path in migration_files
            if path.name != baseline_name
        ]
        for legacy in legacy_files:
            if legacy.name not in applied:
                try:
                    cursor.execute(
                        sql.SQL(
                            "INSERT INTO {} (filename, applied_at) VALUES (%s, NOW())"
                        ).format(
                            sql.Identifier(
                                schema_name,
                                MIGRATIONS_TABLE,
                            )
                        ),
                        (legacy.name,),
                    )
                except Exception:
                    logger.error(
                        "Unable to record legacy migration '%s' after baseline application."
                        " Check schema_migrations table in schema '%s' for partial state.",
                        legacy.name,
                        schema_name,
                        exc_info=True,
                    )
                    raise
                applied.add(legacy.name)
                logger.info(
                    "Marked legacy migration '%s' as applied via baseline",
                    legacy.name,
                )
    def _apply_migration_file(
        self,
        cursor,
@@ -792,9 +821,7 @@ class DatabaseSetup:
            cursor.execute(
                sql.SQL(
                    "INSERT INTO {} (filename, applied_at) VALUES (%s, NOW())"
-                ).format(
+                ).format(sql.Identifier(schema_name, MIGRATIONS_TABLE)),
                    sql.Identifier(schema_name, MIGRATIONS_TABLE)
                ),
                (path.name,),
            )
            return path.name
@@ -820,9 +847,7 @@ class DatabaseSetup:
                "filename TEXT PRIMARY KEY,"
                "applied_at TIMESTAMPTZ NOT NULL DEFAULT NOW()"
                ")"
-            ).format(
+            ).format(sql.Identifier(schema_name, MIGRATIONS_TABLE))
                sql.Identifier(schema_name, MIGRATIONS_TABLE)
            )
        )
    def _fetch_applied_migrations(self, cursor, schema_name: str) -> set[str]:
@@ -841,14 +866,23 @@ class DatabaseSetup:
        seed_args = argparse.Namespace(
            currencies=True,
            units=True,
            theme=True,
            defaults=False,
            dry_run=dry_run,
            verbose=0,
        )
-        seed_data.run_with_namespace(seed_args, config=self.config)
+        try:
            seed_data.run_with_namespace(seed_args, config=self.config)
        except Exception:
            logger.error(
                "[SEED] Failed during baseline data seeding. "
                "Review seed_data.py and rerun with --dry-run for diagnostics.",
                exc_info=True,
            )
            raise
        if dry_run:
-            logger.info("Dry run: skipped seed verification")
+            logger.info("[SEED] Dry run: skipped seed verification")
            return
        expected_currencies = {
@@ -894,7 +928,7 @@ class DatabaseSetup:
                        raise RuntimeError(message)
                    logger.info(
-                        "Verified %d seeded currencies present",
+                        "[VERIFY] Verified %d seeded currencies present",
                        len(found_codes),
                    )
@@ -916,7 +950,8 @@ class DatabaseSetup:
                        logger.error(message)
                        raise RuntimeError(message)
                    else:
-                        logger.info("Verified default currency 'USD' active")
+                        logger.info(
                            "[VERIFY] Verified default currency 'USD' active")
                if expected_unit_codes:
                    try:
@@ -974,7 +1009,7 @@ class DatabaseSetup:
                    (database,),
                )
                cursor.execute(
-                    sql.SQL("DROP DATABASE IF EXISTS {}" ).format(
+                    sql.SQL("DROP DATABASE IF EXISTS {}").format(
                        sql.Identifier(database)
                    )
                )
@@ -985,7 +1020,7 @@ class DatabaseSetup:
            conn.autocommit = True
            with conn.cursor() as cursor:
                cursor.execute(
-                    sql.SQL("DROP ROLE IF EXISTS {}" ).format(
+                    sql.SQL("DROP ROLE IF EXISTS {}").format(
                        sql.Identifier(role)
                    )
                )
@@ -1000,27 +1035,35 @@ class DatabaseSetup:
            conn.autocommit = True
            with conn.cursor() as cursor:
                cursor.execute(
-                    sql.SQL("REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA {} FROM {}" ).format(
+                    sql.SQL(
                        "REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA {} FROM {}"
                    ).format(
                        sql.Identifier(schema_name),
-                        sql.Identifier(self.config.user)
+                        sql.Identifier(self.config.user),
                    )
                )
                cursor.execute(
-                    sql.SQL("REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {} FROM {}" ).format(
+                    sql.SQL(
                        "REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA {} FROM {}"
                    ).format(
                        sql.Identifier(schema_name),
-                        sql.Identifier(self.config.user)
+                        sql.Identifier(self.config.user),
                    )
                )
                cursor.execute(
-                    sql.SQL("ALTER DEFAULT PRIVILEGES IN SCHEMA {} REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM {}" ).format(
+                    sql.SQL(
                        "ALTER DEFAULT PRIVILEGES IN SCHEMA {} REVOKE SELECT, INSERT, UPDATE, DELETE ON TABLES FROM {}"
                    ).format(
                        sql.Identifier(schema_name),
-                        sql.Identifier(self.config.user)
+                        sql.Identifier(self.config.user),
                    )
                )
                cursor.execute(
-                    sql.SQL("ALTER DEFAULT PRIVILEGES IN SCHEMA {} REVOKE USAGE, SELECT ON SEQUENCES FROM {}" ).format(
+                    sql.SQL(
                        "ALTER DEFAULT PRIVILEGES IN SCHEMA {} REVOKE USAGE, SELECT ON SEQUENCES FROM {}"
                    ).format(
                        sql.Identifier(schema_name),
-                        sql.Identifier(self.config.user)
+                        sql.Identifier(self.config.user),
                    )
                )
@@ -1064,19 +1107,18 @@ def parse_args() -> argparse.Namespace:
    )
    parser.add_argument("--db-driver", help="Override DATABASE_DRIVER")
    parser.add_argument("--db-host", help="Override DATABASE_HOST")
-    parser.add_argument("--db-port", type=int,
+    parser.add_argument("--db-port", type=int, help="Override DATABASE_PORT")
                        help="Override DATABASE_PORT")
    parser.add_argument("--db-name", help="Override DATABASE_NAME")
    parser.add_argument("--db-user", help="Override DATABASE_USER")
-    parser.add_argument(
+    parser.add_argument("--db-password", help="Override DATABASE_PASSWORD")
        "--db-password", help="Override DATABASE_PASSWORD")
    parser.add_argument("--db-schema", help="Override DATABASE_SCHEMA")
    parser.add_argument(
        "--admin-url",
        help="Override DATABASE_ADMIN_URL for administrative operations",
    )
    parser.add_argument(
-        "--admin-user", help="Override DATABASE_SUPERUSER for admin ops")
+        "--admin-user", help="Override DATABASE_SUPERUSER for admin ops"
    )
    parser.add_argument(
        "--admin-password",
        help="Override DATABASE_SUPERUSER_PASSWORD for admin ops",
@@ -1091,7 +1133,11 @@ def parse_args() -> argparse.Namespace:
        help="Log actions without applying changes.",
    )
    parser.add_argument(
-        "--verbose", "-v", action="count", default=0, help="Increase logging verbosity"
+        "--verbose",
        "-v",
        action="count",
        default=0,
        help="Increase logging verbosity",
    )
    return parser.parse_args()
@@ -1099,8 +1145,9 @@ def parse_args() -> argparse.Namespace:
 def main() -> None:
    args = parse_args()
    level = logging.WARNING - (10 * min(args.verbose, 2))
-    logging.basicConfig(level=max(level, logging.INFO),
+    logging.basicConfig(
-                        format="%(levelname)s %(message)s")
+        level=max(level, logging.INFO), format="%(levelname)s %(message)s"
    )
    override_args: dict[str, Optional[str]] = {
        "DATABASE_DRIVER": args.db_driver,
@@ -1120,7 +1167,9 @@ def main() -> None:
    config = DatabaseConfig.from_env(overrides=override_args)
    setup = DatabaseSetup(config, dry_run=args.dry_run)
-    admin_tasks_requested = args.ensure_database or args.ensure_role or args.ensure_schema
+    admin_tasks_requested = (
        args.ensure_database or args.ensure_role or args.ensure_schema
    )
    if admin_tasks_requested:
        setup.validate_admin_connection()
@@ -1141,6 +1190,12 @@ def main() -> None:
        app_validated = True
        return True
    should_run_migrations = args.run_migrations
    auto_run_migrations_reason: Optional[str] = None
    if args.seed_data and not should_run_migrations:
        should_run_migrations = True
        auto_run_migrations_reason = "Seed data requested without explicit --run-migrations; applying migrations first."
    try:
        if args.ensure_database:
            setup.ensure_database()
@@ -1154,12 +1209,12 @@ def main() -> None:
                "SQLAlchemy schema initialization"
            ):
                setup.initialize_schema()
-        if args.run_migrations:
+        if should_run_migrations:
            if ensure_application_connection_for("migration execution"):
                if auto_run_migrations_reason:
                    logger.info(auto_run_migrations_reason)
                migrations_path = (
-                    Path(args.migrations_dir)
+                    Path(args.migrations_dir) if args.migrations_dir else None
                    if args.migrations_dir
                    else None
                )
                setup.run_migrations(migrations_path)
        if args.seed_data:
--- a/services/reporting.py
+++ b/services/reporting.py
@@ -27,7 +27,9 @@ def _percentile(values: List[float], percentile: float) -> float:
    return sorted_values[lower] * (1 - weight) + sorted_values[upper] * weight
-def generate_report(simulation_results: List[Dict[str, float]]) -> Dict[str, Union[float, int]]:
+def generate_report(
    simulation_results: List[Dict[str, float]],
 ) -> Dict[str, Union[float, int]]:
    """Aggregate basic statistics for simulation outputs."""
    values = _extract_results(simulation_results)
@@ -63,7 +65,7 @@ def generate_report(simulation_results: List[Dict[str, float]]) -> Dict[str, Uni
    std_dev = pstdev(values) if len(values) > 1 else 0.0
    summary["std_dev"] = std_dev
-    summary["variance"] = std_dev ** 2
+    summary["variance"] = std_dev**2
    var_95 = summary["percentile_5"]
    summary["value_at_risk_95"] = var_95
--- a/services/security.py
+++ b/services/security.py
@@ -0,0 +1,59 @@
 from datetime import datetime, timedelta
 from typing import Any, Union
 from fastapi import HTTPException, status, Depends
 from fastapi.security import OAuth2PasswordBearer
 from jose import jwt, JWTError
 from passlib.context import CryptContext
 from sqlalchemy.orm import Session
 from config.database import get_db
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 SECRET_KEY = "your-secret-key"  # Change this in production
 ALGORITHM = "HS256"
 pwd_context = CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="users/login")
 def create_access_token(
    subject: Union[str, Any], expires_delta: Union[timedelta, None] = None
 ) -> str:
    if expires_delta:
        expire = datetime.utcnow() + expires_delta
    else:
        expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    to_encode = {"exp": expire, "sub": str(subject)}
    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
    return encoded_jwt
 def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)
 def get_password_hash(password: str) -> str:
    return pwd_context.hash(password)
 async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
    from models.user import User
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if username is None:
            raise credentials_exception
    except JWTError:
        raise credentials_exception
    user = db.query(User).filter(User.username == username).first()
    if user is None:
        raise credentials_exception
    return user
--- a/services/settings.py
+++ b/services/settings.py
@@ -0,0 +1,230 @@
 from __future__ import annotations
 import os
 import re
 from typing import Dict, Mapping
 from sqlalchemy.orm import Session
 from models.application_setting import ApplicationSetting
 from models.theme_setting import ThemeSetting  # Import ThemeSetting model
 CSS_COLOR_CATEGORY = "theme"
 CSS_COLOR_VALUE_TYPE = "color"
 CSS_ENV_PREFIX = "CALMINER_THEME_"
 CSS_COLOR_DEFAULTS: Dict[str, str] = {
    "--color-background": "#f4f5f7",
    "--color-surface": "#ffffff",
    "--color-text-primary": "#2a1f33",
    "--color-text-secondary": "#624769",
    "--color-text-muted": "#64748b",
    "--color-text-subtle": "#94a3b8",
    "--color-text-invert": "#ffffff",
    "--color-text-dark": "#0f172a",
    "--color-text-strong": "#111827",
    "--color-primary": "#5f320d",
    "--color-primary-strong": "#7e4c13",
    "--color-primary-stronger": "#837c15",
    "--color-accent": "#bff838",
    "--color-border": "#e2e8f0",
    "--color-border-strong": "#cbd5e1",
    "--color-highlight": "#eef2ff",
    "--color-panel-shadow": "rgba(15, 23, 42, 0.08)",
    "--color-panel-shadow-deep": "rgba(15, 23, 42, 0.12)",
    "--color-surface-alt": "#f8fafc",
    "--color-success": "#047857",
    "--color-error": "#b91c1c",
 }
 _COLOR_VALUE_PATTERN = re.compile(
    r"^(#([0-9a-fA-F]{3}|[0-9a-fA-F]{6}|[0-9a-fA-F]{8})|rgba?\([^)]+\)|hsla?\([^)]+\))$",
    re.IGNORECASE,
 )
 def ensure_css_color_settings(db: Session) -> Dict[str, ApplicationSetting]:
    """Ensure the CSS color defaults exist in the settings table."""
    existing = (
        db.query(ApplicationSetting)
        .filter(ApplicationSetting.key.in_(CSS_COLOR_DEFAULTS.keys()))
        .all()
    )
    by_key = {setting.key: setting for setting in existing}
    created = False
    for key, default_value in CSS_COLOR_DEFAULTS.items():
        if key in by_key:
            continue
        setting = ApplicationSetting(
            key=key,
            value=default_value,
            value_type=CSS_COLOR_VALUE_TYPE,
            category=CSS_COLOR_CATEGORY,
            description=f"CSS variable {key}",
            is_editable=True,
        )
        db.add(setting)
        by_key[key] = setting
        created = True
    if created:
        db.commit()
        for key, setting in by_key.items():
            db.refresh(setting)
    return by_key
 def get_css_color_settings(db: Session) -> Dict[str, str]:
    """Return CSS color variables, filling missing values with defaults."""
    settings = ensure_css_color_settings(db)
    values: Dict[str, str] = {
        key: settings[key].value if key in settings else default
        for key, default in CSS_COLOR_DEFAULTS.items()
    }
    env_overrides = read_css_color_env_overrides(os.environ)
    if env_overrides:
        values.update(env_overrides)
    return values
 def update_css_color_settings(
    db: Session, updates: Mapping[str, str]
 ) -> Dict[str, str]:
    """Persist provided CSS color overrides and return the final values."""
    if not updates:
        return get_css_color_settings(db)
    invalid_keys = sorted(set(updates.keys()) - set(CSS_COLOR_DEFAULTS.keys()))
    if invalid_keys:
        invalid_list = ", ".join(invalid_keys)
        raise ValueError(f"Unsupported CSS variables: {invalid_list}")
    normalized: Dict[str, str] = {}
    for key, value in updates.items():
        normalized[key] = _normalize_color_value(value)
    settings = ensure_css_color_settings(db)
    changed = False
    for key, value in normalized.items():
        setting = settings[key]
        if setting.value != value:
            setting.value = value
            changed = True
        if setting.value_type != CSS_COLOR_VALUE_TYPE:
            setting.value_type = CSS_COLOR_VALUE_TYPE
            changed = True
        if setting.category != CSS_COLOR_CATEGORY:
            setting.category = CSS_COLOR_CATEGORY
            changed = True
        if not setting.is_editable:
            setting.is_editable = True
            changed = True
    if changed:
        db.commit()
        for key in normalized.keys():
            db.refresh(settings[key])
    return get_css_color_settings(db)
 def read_css_color_env_overrides(
    env: Mapping[str, str] | None = None,
 ) -> Dict[str, str]:
    """Return validated CSS overrides sourced from environment variables."""
    if env is None:
        env = os.environ
    overrides: Dict[str, str] = {}
    for css_key in CSS_COLOR_DEFAULTS.keys():
        env_name = css_key_to_env_var(css_key)
        raw_value = env.get(env_name)
        if raw_value is None:
            continue
        overrides[css_key] = _normalize_color_value(raw_value)
    return overrides
 def _normalize_color_value(value: str) -> str:
    if not isinstance(value, str):
        raise ValueError("Color value must be a string")
    trimmed = value.strip()
    if not trimmed:
        raise ValueError("Color value cannot be empty")
    if not _COLOR_VALUE_PATTERN.match(trimmed):
        raise ValueError(
            "Color value must be a hex code or an rgb/rgba/hsl/hsla expression"
        )
    _validate_functional_color(trimmed)
    return trimmed
 def _validate_functional_color(value: str) -> None:
    lowered = value.lower()
    if lowered.startswith("rgb(") or lowered.startswith("hsl("):
        _ensure_component_count(value, expected=3)
    elif lowered.startswith("rgba(") or lowered.startswith("hsla("):
        _ensure_component_count(value, expected=4)
 def _ensure_component_count(value: str, expected: int) -> None:
    if not value.endswith(")"):
        raise ValueError(
            "Color function expressions must end with a closing parenthesis"
        )
    inner = value[value.index("(") + 1: -1]
    parts = [segment.strip() for segment in inner.split(",")]
    if len(parts) != expected:
        raise ValueError(
            "Color function expressions must provide the expected number of components"
        )
    if any(not component for component in parts):
        raise ValueError("Color function components cannot be empty")
 def css_key_to_env_var(css_key: str) -> str:
    sanitized = css_key.lstrip("-").replace("-", "_").upper()
    return f"{CSS_ENV_PREFIX}{sanitized}"
 def list_css_env_override_rows(
    env: Mapping[str, str] | None = None,
 ) -> list[Dict[str, str]]:
    overrides = read_css_color_env_overrides(env)
    rows: list[Dict[str, str]] = []
    for css_key, value in overrides.items():
        rows.append(
            {
                "css_key": css_key,
                "env_var": css_key_to_env_var(css_key),
                "value": value,
            }
        )
    return rows
 def save_theme_settings(db: Session, theme_data: dict):
    theme = db.query(ThemeSetting).first() or ThemeSetting()
    for key, value in theme_data.items():
        setattr(theme, key, value)
    db.add(theme)
    db.commit()
    db.refresh(theme)
    return theme
 def get_theme_settings(db: Session):
    theme = db.query(ThemeSetting).first()
    if theme:
        return {c.name: getattr(theme, c.name) for c in theme.__table__.columns}
    return {}
--- a/services/simulation.py
+++ b/services/simulation.py
@@ -25,12 +25,13 @@ def _ensure_positive_span(span: float, fallback: float) -> float:
    return span if span and span > 0 else fallback
-def _compile_parameters(parameters: Sequence[Dict[str, float]]) -> List[SimulationParameter]:
+def _compile_parameters(
    parameters: Sequence[Dict[str, float]],
 ) -> List[SimulationParameter]:
    compiled: List[SimulationParameter] = []
    for index, item in enumerate(parameters):
        if "value" not in item:
-            raise ValueError(
+            raise ValueError(f"Parameter at index {index} must include 'value'")
                f"Parameter at index {index} must include 'value'")
        name = str(item.get("name", f"param_{index}"))
        base_value = float(item["value"])
        distribution = str(item.get("distribution", "normal")).lower()
@@ -43,8 +44,11 @@ def _compile_parameters(parameters: Sequence[Dict[str, float]]) -> List[Simulati
        if distribution == "normal":
            std_dev = item.get("std_dev")
-            std_dev_value = float(std_dev) if std_dev is not None else abs(
+            std_dev_value = (
-                base_value) * DEFAULT_STD_DEV_RATIO or 1.0
+                float(std_dev)
                if std_dev is not None
                else abs(base_value) * DEFAULT_STD_DEV_RATIO or 1.0
            )
            compiled.append(
                SimulationParameter(
                    name=name,
--- a/static/css/main.css
+++ b/static/css/main.css
@@ -117,6 +117,37 @@ body {
  gap: 0.5rem;
 }
 .sidebar-section {
  display: flex;
  flex-direction: column;
  gap: 0.35rem;
 }
 .sidebar-section + .sidebar-section {
  margin-top: 1.4rem;
 }
 .sidebar-section-label {
  font-size: 0.75rem;
  font-weight: 600;
  letter-spacing: 0.06em;
  text-transform: uppercase;
  color: rgba(255, 255, 255, 0.52);
  padding: 0 1rem;
 }
 .sidebar-section-links {
  display: flex;
  flex-direction: column;
  gap: 0.25rem;
 }
 .sidebar-link-block {
  display: flex;
  flex-direction: column;
  gap: 0.2rem;
 }
 .sidebar-link {
  display: inline-flex;
  align-items: center;
@@ -142,6 +173,39 @@ body {
  box-shadow: inset 0 0 0 1px rgba(255, 255, 255, 0.25);
 }
 .sidebar-sublinks {
  display: flex;
  flex-direction: column;
  gap: 0.2rem;
  padding-left: 1.75rem;
 }
 .sidebar-sublink {
  display: inline-flex;
  align-items: center;
  gap: 0.5rem;
  color: rgba(255, 255, 255, 0.74);
  font-weight: 500;
  font-size: 0.9rem;
  text-decoration: none;
  padding: 0.35rem 0.75rem;
  border-radius: 8px;
  transition: background 0.2s ease, color 0.2s ease, transform 0.2s ease;
 }
 .sidebar-sublink:hover,
 .sidebar-sublink:focus {
  background: rgba(148, 197, 255, 0.18);
  color: var(--color-text-invert);
  transform: translateX(3px);
 }
 .sidebar-sublink.is-active {
  background: rgba(148, 197, 255, 0.28);
  color: var(--color-text-invert);
  box-shadow: inset 0 0 0 1px rgba(255, 255, 255, 0.18);
 }
 .app-main {
  background-color: var(--color-background);
  display: flex;
@@ -185,6 +249,159 @@ body {
  align-items: center;
 }
 .page-header {
  display: flex;
  align-items: flex-start;
  justify-content: space-between;
  gap: 1.5rem;
  margin-bottom: 2rem;
 }
 .page-subtitle {
  margin-top: 0.35rem;
  color: var(--color-text-muted);
  font-size: 0.95rem;
 }
 .settings-grid {
  display: grid;
  grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
  gap: 1.5rem;
  margin-bottom: 2rem;
 }
 .settings-card {
  background: var(--color-surface);
  border-radius: 12px;
  padding: 1.5rem;
  box-shadow: 0 4px 14px var(--color-panel-shadow);
  display: flex;
  flex-direction: column;
  gap: 0.75rem;
 }
 .settings-card h2 {
  margin: 0;
  font-size: 1.2rem;
 }
 .settings-card p {
  margin: 0;
  color: var(--color-text-muted);
 }
 .settings-card-note {
  font-size: 0.85rem;
  color: var(--color-text-subtle);
 }
 .color-form-grid {
  max-width: none;
  grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
 }
 .color-form-field {
  background: var(--color-surface-alt);
  border: 1px solid var(--color-border);
  border-radius: 10px;
  padding: var(--space-sm);
  box-shadow: inset 0 1px 2px rgba(15, 23, 42, 0.08);
  gap: var(--space-sm);
 }
 .color-form-field.is-env-override {
  background: rgba(191, 248, 56, 0.12);
  border-color: var(--color-accent);
 }
 .color-field-header {
  display: flex;
  justify-content: space-between;
  gap: var(--space-sm);
  font-weight: 600;
  color: var(--color-text-strong);
  font-family: "Fira Code", "Consolas", "Courier New", monospace;
  font-size: 0.85rem;
 }
 .color-field-default {
  color: var(--color-text-muted);
  font-weight: 500;
 }
 .color-field-helper {
  font-size: 0.8rem;
  color: var(--color-text-subtle);
 }
 .color-env-flag {
  font-size: 0.78rem;
  font-weight: 600;
  color: var(--color-accent);
  text-transform: uppercase;
  letter-spacing: 0.04em;
 }
 .color-input-row {
  display: flex;
  align-items: center;
  gap: var(--space-sm);
 }
 .color-value-input {
  font-family: "Fira Code", "Consolas", "Courier New", monospace;
 }
 .color-value-input[disabled] {
  background-color: rgba(148, 197, 255, 0.16);
  cursor: not-allowed;
 }
 .color-preview {
  width: 32px;
  height: 32px;
  border-radius: 8px;
  border: 1px solid var(--color-border-strong);
  box-shadow: inset 0 0 0 1px rgba(15, 23, 42, 0.05);
 }
 .env-overrides-table table {
  width: 100%;
  border-collapse: collapse;
 }
 .env-overrides-table th,
 .env-overrides-table td {
  padding: 0.65rem 0.75rem;
  text-align: left;
  border-bottom: 1px solid var(--color-border);
 }
 .env-overrides-table code {
  font-family: "Fira Code", "Consolas", "Courier New", monospace;
  font-size: 0.85rem;
 }
 .button-link {
  display: inline-flex;
  align-items: center;
  justify-content: center;
  width: fit-content;
  padding: 0.55rem 1.2rem;
  border-radius: 999px;
  font-weight: 600;
  text-decoration: none;
  background: var(--color-primary);
  color: var(--color-text-invert);
  transition: transform 0.2s ease, box-shadow 0.2s ease;
 }
 .button-link:hover,
 .button-link:focus {
  transform: translateY(-1px);
  box-shadow: 0 8px 18px var(--color-panel-shadow);
 }
 .dashboard-metrics-grid {
  display: grid;
  grid-template-columns: repeat(auto-fit, minmax(180px, 1fr));
--- a/static/js/settings.js
+++ b/static/js/settings.js
@@ -0,0 +1,200 @@
 (function () {
  const dataScript = document.getElementById("theme-settings-data");
  const form = document.getElementById("theme-settings-form");
  const feedbackEl = document.getElementById("theme-settings-feedback");
  const resetBtn = document.getElementById("theme-settings-reset");
  const panel = document.getElementById("theme-settings");
  if (!dataScript || !form || !feedbackEl || !panel) {
    return;
  }
  const apiUrl = panel.getAttribute("data-api");
  if (!apiUrl) {
    return;
  }
  const parsed = JSON.parse(dataScript.textContent || "{}");
  const currentValues = { ...(parsed.variables || {}) };
  const defaultValues = parsed.defaults || {};
  let envOverrides = { ...(parsed.envOverrides || {}) };
  const previewElements = new Map();
  const inputs = Array.from(form.querySelectorAll(".color-value-input"));
  inputs.forEach((input) => {
    const key = input.name;
    const field = input.closest(".color-form-field");
    const preview = field ? field.querySelector(".color-preview") : null;
    if (preview) {
      previewElements.set(input, preview);
    }
    if (Object.prototype.hasOwnProperty.call(envOverrides, key)) {
      const overrideValue = envOverrides[key];
      input.value = overrideValue;
      input.disabled = true;
      input.setAttribute("aria-disabled", "true");
      input.dataset.envOverride = "true";
      if (field) {
        field.classList.add("is-env-override");
      }
      if (preview) {
        preview.style.background = overrideValue;
      }
      return;
    }
    input.addEventListener("input", () => {
      const previewEl = previewElements.get(input);
      if (previewEl) {
        previewEl.style.background = input.value || defaultValues[key] || "";
      }
    });
  });
  function setFeedback(message, type) {
    feedbackEl.textContent = message;
    feedbackEl.classList.remove("hidden", "success", "error");
    if (type) {
      feedbackEl.classList.add(type);
    }
  }
  function clearFeedback() {
    feedbackEl.textContent = "";
    feedbackEl.classList.add("hidden");
    feedbackEl.classList.remove("success", "error");
  }
  function updateRootVariables(values) {
    if (!values) {
      return;
    }
    const root = document.documentElement;
    Object.entries(values).forEach(([key, value]) => {
      if (typeof key === "string" && typeof value === "string") {
        root.style.setProperty(key, value);
      }
    });
  }
  function resetTo(source) {
    inputs.forEach((input) => {
      const key = input.name;
      if (input.disabled) {
        const previewEl = previewElements.get(input);
        const fallback = envOverrides[key] || currentValues[key];
        if (previewEl && fallback) {
          previewEl.style.background = fallback;
        }
        return;
      }
      if (Object.prototype.hasOwnProperty.call(source, key)) {
        input.value = source[key];
        const previewEl = previewElements.get(input);
        if (previewEl) {
          previewEl.style.background = source[key];
        }
      }
    });
  }
  // Initialize previews to current values after page load.
  resetTo(currentValues);
  resetBtn?.addEventListener("click", () => {
    resetTo(defaultValues);
    clearFeedback();
    setFeedback("Reverted to default values. Submit to save.", "success");
  });
  form.addEventListener("submit", async (event) => {
    event.preventDefault();
    clearFeedback();
    const payload = {};
    inputs.forEach((input) => {
      if (input.disabled) {
        return;
      }
      payload[input.name] = input.value.trim();
    });
    try {
      const response = await fetch(apiUrl, {
        method: "PUT",
        headers: {
          "Content-Type": "application/json",
        },
        body: JSON.stringify({ variables: payload }),
      });
      if (!response.ok) {
        let detail = "Unable to save theme settings.";
        try {
          const errorData = await response.json();
          if (errorData?.detail) {
            detail = Array.isArray(errorData.detail)
              ? errorData.detail.map((item) => item.msg || item).join("; ")
              : errorData.detail;
          }
        } catch (parseError) {
          // Ignore JSON parse errors and use default detail message.
        }
        setFeedback(detail, "error");
        return;
      }
      const data = await response.json();
      const variables = data?.variables || {};
      const responseOverrides = data?.env_overrides || {};
      Object.assign(currentValues, variables);
      envOverrides = { ...responseOverrides };
      inputs.forEach((input) => {
        const key = input.name;
        const field = input.closest(".color-form-field");
        const previewEl = previewElements.get(input);
        const isOverride = Object.prototype.hasOwnProperty.call(
          envOverrides,
          key,
        );
        if (isOverride) {
          const overrideValue = envOverrides[key];
          input.value = overrideValue;
          if (!input.disabled) {
            input.disabled = true;
            input.setAttribute("aria-disabled", "true");
          }
          if (field) {
            field.classList.add("is-env-override");
          }
          if (previewEl) {
            previewEl.style.background = overrideValue;
          }
        } else if (input.disabled) {
          input.disabled = false;
          input.removeAttribute("aria-disabled");
          if (field) {
            field.classList.remove("is-env-override");
          }
          if (
            previewEl &&
            Object.prototype.hasOwnProperty.call(variables, key)
          ) {
            previewEl.style.background = variables[key];
          }
        }
      });
      updateRootVariables(variables);
      resetTo(variables);
      setFeedback("Theme colors updated successfully.", "success");
    } catch (error) {
      setFeedback("Network error: unable to save settings.", "error");
    }
  });
 })();
--- a/static/js/theme.js
+++ b/static/js/theme.js
@@ -0,0 +1,134 @@
 // static/js/theme.js
 document.addEventListener('DOMContentLoaded', () => {
  const themeSettingsForm = document.getElementById('theme-settings-form');
  const colorInputs = themeSettingsForm
    ? themeSettingsForm.querySelectorAll('input[type="color"]')
    : [];
  // Function to apply theme settings to CSS variables
  function applyTheme(theme) {
    const root = document.documentElement;
    if (theme.primary_color)
      root.style.setProperty('--color-primary', theme.primary_color);
    if (theme.secondary_color)
      root.style.setProperty('--color-secondary', theme.secondary_color);
    if (theme.accent_color)
      root.style.setProperty('--color-accent', theme.accent_color);
    if (theme.background_color)
      root.style.setProperty('--color-background', theme.background_color);
    if (theme.text_color)
      root.style.setProperty('--color-text-primary', theme.text_color);
    // Add other theme properties as needed
  }
  // Save theme to local storage
  function saveTheme(theme) {
    localStorage.setItem('user-theme', JSON.stringify(theme));
  }
  // Load theme from local storage
  function loadTheme() {
    const savedTheme = localStorage.getItem('user-theme');
    return savedTheme ? JSON.parse(savedTheme) : null;
  }
  // Real-time preview for color inputs
  colorInputs.forEach((input) => {
    input.addEventListener('input', (event) => {
      const cssVar = `--color-${event.target.id.replace('-', '_')}`;
      document.documentElement.style.setProperty(cssVar, event.target.value);
    });
  });
  const THEME_API_URL = '/api/settings/theme';
  const normalizeTheme = (theme) => {
    if (!theme || typeof theme !== 'object') {
      return {};
    }
    const {
      theme_name,
      primary_color,
      secondary_color,
      accent_color,
      background_color,
      text_color,
    } = theme;
    return {
      theme_name,
      primary_color,
      secondary_color,
      accent_color,
      background_color,
      text_color,
    };
  };
  if (themeSettingsForm) {
    themeSettingsForm.addEventListener('submit', async (event) => {
      event.preventDefault();
      const formData = new FormData(themeSettingsForm);
      const themeData = Object.fromEntries(formData.entries());
      try {
        const response = await fetch(THEME_API_URL, {
          method: 'POST',
          headers: {
            'Content-Type': 'application/json',
          },
          body: JSON.stringify(themeData),
        });
        if (response.ok) {
          const payload = await response.json();
          const savedTheme = normalizeTheme(payload?.theme ?? themeData);
          alert('Theme settings saved successfully!');
          applyTheme(savedTheme);
          saveTheme(savedTheme);
        } else {
          const errorData = await response.json();
          alert(`Error saving theme settings: ${errorData.detail}`);
        }
      } catch (error) {
        console.error('Error:', error);
        alert('An error occurred while saving theme settings.');
      }
    });
  }
  // Load and apply theme on page load
  const initialTheme = loadTheme();
  if (initialTheme) {
    applyTheme(initialTheme);
    // Populate form fields if on the theme settings page
    if (themeSettingsForm) {
      for (const key in initialTheme) {
        const input = themeSettingsForm.querySelector(
          `#${key.replace('_', '-')}`
        );
        if (input) {
          input.value = initialTheme[key];
        }
      }
    }
  } else {
    // If no saved theme, load from backend (if available)
    async function loadAndApplyThemeFromServer() {
      try {
        const response = await fetch(THEME_API_URL);
        if (response.ok) {
          const theme = normalizeTheme(await response.json());
          applyTheme(theme);
          saveTheme(theme); // Save to local storage for future use
        } else {
          console.error('Failed to load theme settings from server');
        }
      } catch (error) {
        console.error('Error loading theme settings from server:', error);
      }
    }
    loadAndApplyThemeFromServer();
  }
 });
--- a/templates/base.html
+++ b/templates/base.html
@@ -20,5 +20,6 @@
      </div>
    </div>
    {% block scripts %}{% endblock %}
    <script src="/static/js/theme.js"></script>
  </body>
 </html>
--- a/templates/forgot_password.html
+++ b/templates/forgot_password.html
@@ -0,0 +1,17 @@
 {% extends "base.html" %}
 {% block title %}Forgot Password{% endblock %}
 {% block content %}
 <div class="container">
    <h1>Forgot Password</h1>
    <form id="forgot-password-form">
        <div class="form-group">
            <label for="email">Email:</label>
            <input type="email" id="email" name="email" required>
        </div>
        <button type="submit">Reset Password</button>
    </form>
    <p>Remember your password? <a href="/login">Login here</a></p>
 </div>
 {% endblock %}
--- a/templates/login.html
+++ b/templates/login.html
@@ -0,0 +1,22 @@
 {% extends "base.html" %}
 {% block title %}Login{% endblock %}
 {% block content %}
 <div class="container">
    <h1>Login</h1>
    <form id="login-form">
        <div class="form-group">
            <label for="username">Username:</label>
            <input type="text" id="username" name="username" required>
        </div>
        <div class="form-group">
            <label for="password">Password:</label>
            <input type="password" id="password" name="password" required>
        </div>
        <button type="submit">Login</button>
    </form>
    <p>Don't have an account? <a href="/register">Register here</a></p>
    <p><a href="/forgot-password">Forgot password?</a></p>
 </div>
 {% endblock %}
--- a/templates/partials/base_header.html
+++ b/templates/partials/base_header.html
@@ -1,17 +1,3 @@
 {% set nav_links = [
  ("/", "Dashboard"),
  ("/ui/scenarios", "Scenarios"),
  ("/ui/parameters", "Parameters"),
  ("/ui/currencies", "Currencies"),
  ("/ui/costs", "Costs"),
  ("/ui/consumption", "Consumption"),
  ("/ui/production", "Production"),
  ("/ui/equipment", "Equipment"),
  ("/ui/maintenance", "Maintenance"),
  ("/ui/simulations", "Simulations"),
  ("/ui/reporting", "Reporting"),
 ] %}
 <div class="sidebar-inner">
  <div class="sidebar-brand">
    <span class="brand-logo" aria-hidden="true">CM</span>
@@ -20,20 +6,5 @@
      <span class="brand-subtitle">Mining Planner</span>
    </div>
  </div>
-  <nav class="sidebar-nav" aria-label="Primary navigation">
+  {% include "partials/sidebar_nav.html" %}
    {% set current_path = request.url.path if request else "" %}
    {% for href, label in nav_links %}
      {% if href == "/" %}
        {% set is_active = current_path == "/" %}
      {% else %}
        {% set is_active = current_path.startswith(href) %}
      {% endif %}
      <a
        href="{{ href }}"
        class="sidebar-link{% if is_active %} is-active{% endif %}"
      >
        {{ label }}
      </a>
    {% endfor %}
  </nav>
 </div>
--- a/templates/partials/sidebar_nav.html
+++ b/templates/partials/sidebar_nav.html
@@ -0,0 +1,49 @@
 {% set nav_groups = [ { "label": "Dashboard", "links": [ {"href": "/", "label":
 "Dashboard"}, ], }, { "label": "Overview", "links": [ {"href": "/ui/parameters",
 "label": "Parameters"}, {"href": "/ui/costs", "label": "Costs"}, {"href":
 "/ui/consumption", "label": "Consumption"}, {"href": "/ui/production", "label":
 "Production"}, { "href": "/ui/equipment", "label": "Equipment", "children": [
 {"href": "/ui/maintenance", "label": "Maintenance"}, ], }, ], }, { "label":
 "Simulations", "links": [ {"href": "/ui/simulations", "label": "Simulations"},
 ], }, { "label": "Analytics", "links": [ {"href": "/ui/reporting", "label":
 "Reporting"}, ], }, { "label": "Settings", "links": [ { "href": "/ui/settings",
 "label": "Settings", "children": [ {"href": "/theme-settings", "label":
 "Themes"}, {"href": "/ui/currencies", "label": "Currency Management"}, ], }, ],
 }, ] %}
 <nav class="sidebar-nav" aria-label="Primary navigation">
  {% set current_path = request.url.path if request else "" %} {% for group in
  nav_groups %}
  <div class="sidebar-section">
    <div class="sidebar-section-label">{{ group.label }}</div>
    <div class="sidebar-section-links">
      {% for link in group.links %} {% set href = link.href %} {% if href == "/"
      %} {% set is_active = current_path == "/" %} {% else %} {% set is_active =
      current_path.startswith(href) %} {% endif %}
      <div class="sidebar-link-block">
        <a
          href="{{ href }}"
          class="sidebar-link{% if is_active %} is-active{% endif %}"
        >
          {{ link.label }}
        </a>
        {% if link.children %}
        <div class="sidebar-sublinks">
          {% for child in link.children %} {% if child.href == "/" %} {% set
          child_active = current_path == "/" %} {% else %} {% set child_active =
          current_path.startswith(child.href) %} {% endif %}
          <a
            href="{{ child.href }}"
            class="sidebar-sublink{% if child_active %} is-active{% endif %}"
          >
            {{ child.label }}
          </a>
          {% endfor %}
        </div>
        {% endif %}
      </div>
      {% endfor %}
    </div>
  </div>
  {% endfor %}
 </nav>
--- a/templates/profile.html
+++ b/templates/profile.html
@@ -0,0 +1,31 @@
 {% extends "base.html" %}
 {% block title %}Profile{% endblock %}
 {% block content %}
 <div class="container">
    <h1>User Profile</h1>
    <p>Username: <span id="profile-username"></span></p>
    <p>Email: <span id="profile-email"></span></p>
    <button id="edit-profile-button">Edit Profile</button>
    <div id="edit-profile-form" style="display:none;">
        <h2>Edit Profile</h2>
        <form>
            <div class="form-group">
                <label for="edit-username">Username:</label>
                <input type="text" id="edit-username" name="username">
            </div>
            <div class="form-group">
                <label for="edit-email">Email:</label>
                <input type="email" id="edit-email" name="email">
            </div>
            <div class="form-group">
                <label for="edit-password">New Password:</label>
                <input type="password" id="edit-password" name="password">
            </div>
            <button type="submit">Save Changes</button>
        </form>
    </div>
 </div>
 {% endblock %}
--- a/Show More
+++ b/Show More