Saved your changes before starting work

Replit-Commit-Author: Agent Replit-Commit-Session-Id: c446bc9e-66df-438c-a86c-f53e6da13649 Replit-Commit-Checkpoint-Type: full_checkpoint
Adjust icon sizes for better visual appearance on the site
2025-12-30 02:47:01 -05:00 · 2025-09-23 21:24:03 +00:00 · 2025-09-23 21:21:12 +00:00 · 2025-09-23 21:19:59 +00:00 · 2025-09-23 21:15:44 +00:00 · 2025-09-23 21:11:56 +00:00
1202 changed files with 28605 additions and 160297 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@@ -4,14 +4,9 @@
      "Bash(python manage.py check:*)",
      "Bash(uv run:*)",
      "Bash(find:*)",
-      "Bash(python:*)",
-      "Bash(DJANGO_SETTINGS_MODULE=config.django.local python:*)",
-      "Bash(DJANGO_SETTINGS_MODULE=config.django.local uv run python:*)",
-      "Bash(ls:*)",
-      "Bash(grep:*)",
-      "Bash(mkdir:*)"
+      "Bash(python:*)"
    ],
    "deny": [],
    "ask": []
  }
-}
+}
--- a/.env.example
+++ b/.env.example
@@ -1,372 +1,90 @@
-# ==============================================================================
-#                         ThrillWiki Environment Configuration
-# ==============================================================================
-# Copy this file to .env and fill in your actual values
-# WARNING: Never commit .env files containing real secrets to version control
-#
-# This is the primary .env.example for the entire project.
-# See docs/configuration/environment-variables.md for complete documentation.
-# See docs/PRODUCTION_CHECKLIST.md for production deployment verification.
+# [AWS-SECRET-REMOVED]===========================
+# ThrillWiki Environment Configuration
+# [AWS-SECRET-REMOVED]===========================
+# Copy this file to ***REMOVED*** and fill in your actual values

-# ==============================================================================
-#                         PRODUCTION-REQUIRED SETTINGS
-# ==============================================================================
-# These settings MUST be explicitly configured for production deployments.
-# The application will NOT function correctly without proper values.
-#
-# For complete documentation, see:
-# - docs/configuration/environment-variables.md (detailed reference)
-# - docs/PRODUCTION_CHECKLIST.md (deployment verification)
-#
-# PRODUCTION REQUIREMENTS:
-# - DEBUG=False                                    (security)
-# - DJANGO_SETTINGS_MODULE=config.django.production (correct settings)
-# - ALLOWED_HOSTS=yourdomain.com                   (host validation)
-# - CSRF_TRUSTED_ORIGINS=https://yourdomain.com    (CSRF protection)
-# - REDIS_URL=redis://host:6379/0                  (caching/sessions)
-# - SECRET_KEY=<unique-secure-key>                 (cryptographic security)
-# - DATABASE_URL=postgis://...                     (database connection)
-#
-# Validate your production config with:
-#   DJANGO_SETTINGS_MODULE=config.django.production python manage.py check --deploy
-# ==============================================================================
-
-# ==============================================================================
-#                              Core Django Settings
-# ==============================================================================
-
-# REQUIRED: Django secret key - generate a new one for each environment
-# Generate with: python -c "from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())"
+# [AWS-SECRET-REMOVED]===========================
+# Core Django Settings
+# [AWS-SECRET-REMOVED]===========================
 SECRET_KEY=your-secret-key-here-generate-a-new-one
-
-# Debug mode - MUST be False in production
-# WARNING: DEBUG=True exposes sensitive information and should NEVER be used in production
 DEBUG=True
-
-# Django settings module to use
-# Options: config.django.local, config.django.production, config.django.test
-# PRODUCTION: Must use config.django.production
-DJANGO_SETTINGS_MODULE=config.django.local
-
-# Allowed hosts (comma-separated list)
-# PRODUCTION: Must include all valid hostnames (no default in production settings)
-# Example: thrillwiki.com,www.thrillwiki.com,api.thrillwiki.com
 ALLOWED_HOSTS=localhost,127.0.0.1,beta.thrillwiki.com
-
-# CSRF trusted origins (comma-separated, MUST include https:// prefix)
-# PRODUCTION: Required for all forms and AJAX requests to work
-# Example: https://thrillwiki.com,https://www.thrillwiki.com
 CSRF_TRUSTED_ORIGINS=https://beta.thrillwiki.com,http://localhost:8000

-# ==============================================================================
-#                            Database Configuration
-# ==============================================================================
-
-# Database URL (supports PostgreSQL, PostGIS, SQLite, SpatiaLite)
-# PostGIS format: postgis://username:password@host:port/database
-# PostgreSQL format: postgres://username:password@host:port/database
-# SQLite format: sqlite:///path/to/db.sqlite3
+# [AWS-SECRET-REMOVED]===========================
+# Database Configuration
+# [AWS-SECRET-REMOVED]===========================
+# PostgreSQL with PostGIS for production/development
 DATABASE_URL=postgis://username:password@localhost:5432/thrillwiki

-# Database connection pooling (seconds to keep connections alive)
-# Set to 0 to disable connection reuse
-DATABASE_CONN_MAX_AGE=600
+# SQLite for quick local development (uncomment to use)
+# DATABASE_URL=spatialite:///path/to/your/db.sqlite3

-# Database connection timeout in seconds
-DATABASE_CONNECT_TIMEOUT=10
+# [AWS-SECRET-REMOVED]===========================
+# Cache Configuration
+# [AWS-SECRET-REMOVED]===========================
+# Local memory cache for development
+CACHE_URL=locmem://

-# Query timeout in milliseconds (prevents long-running queries)
-DATABASE_STATEMENT_TIMEOUT=30000
+# Redis for production (uncomment and configure for production)
+# CACHE_URL=redis://localhost:6379/1
+# REDIS_URL=redis://localhost:6379/0

-# Optional: Read replica URL for read-heavy workloads
-# DATABASE_READ_REPLICA_URL=postgis://username:password@replica-host:5432/thrillwiki
-
-# ==============================================================================
-#                              Cache Configuration
-# ==============================================================================
-
-# Redis URL for caching, sessions, and Celery broker
-# Format: redis://[:password@]host:port/db_number
-# PRODUCTION: Required - the application uses Redis for:
-#   - Page and API response caching
-#   - Session storage (faster than database sessions)
-#   - Celery task queue broker
-# Without REDIS_URL in production, caching will fail and performance will degrade.
-REDIS_URL=redis://localhost:6379/1
-
-# Optional: Separate Redis URLs for different cache purposes
-# REDIS_SESSIONS_URL=redis://localhost:6379/2
-# REDIS_API_URL=redis://localhost:6379/3
-
-# Redis connection settings
-REDIS_MAX_CONNECTIONS=100
-REDIS_CONNECTION_TIMEOUT=20
-REDIS_IGNORE_EXCEPTIONS=True
-
-# Cache middleware settings
 CACHE_MIDDLEWARE_SECONDS=300
 CACHE_MIDDLEWARE_KEY_PREFIX=thrillwiki
-CACHE_KEY_PREFIX=thrillwiki

-# Local development cache URL (use for development without Redis)
-# CACHE_URL=locmem://
-
-# ==============================================================================
-#                              Email Configuration
-# ==============================================================================
-
-# Email backend
-# Options:
-#   django.core.mail.backends.console.EmailBackend (development)
-#   django_forwardemail.backends.ForwardEmailBackend (production with ForwardEmail)
-#   django.core.mail.backends.smtp.EmailBackend (custom SMTP)
+# [AWS-SECRET-REMOVED]===========================
+# Email Configuration
+# [AWS-SECRET-REMOVED]===========================
 EMAIL_BACKEND=django.core.mail.backends.console.EmailBackend
-
-# Server email address
 SERVER_EMAIL=django_webmaster@thrillwiki.com

-# Default from email
-DEFAULT_FROM_EMAIL=ThrillWiki <noreply@thrillwiki.com>
+# ForwardEmail configuration (uncomment to use)
+# EMAIL_BACKEND=email_service.backends.ForwardEmailBackend
+# FORWARD_EMAIL_BASE_URL=https://api.forwardemail.net

-# Email subject prefix for admin emails
-EMAIL_SUBJECT_PREFIX=[ThrillWiki]
+# SMTP configuration (uncomment to use)
+# EMAIL_URL=smtp://username:password@smtp.example.com:587

-# ForwardEmail configuration (for ForwardEmailBackend)
-FORWARD_EMAIL_BASE_URL=https://api.forwardemail.net
-FORWARD_EMAIL_API_KEY=your-forwardemail-api-key-here
-FORWARD_EMAIL_DOMAIN=your-domain.com
-
-# SMTP configuration (for SMTPBackend)
-EMAIL_HOST=smtp.example.com
-EMAIL_PORT=587
-EMAIL_USE_TLS=True
-EMAIL_USE_SSL=False
-EMAIL_HOST_USER=your-email@example.com
-EMAIL_HOST_PASSWORD=your-app-password
-
-# Email timeout in seconds
-EMAIL_TIMEOUT=30
-
-# ==============================================================================
-#                             Security Settings
-# ==============================================================================
-
-# Cloudflare Turnstile configuration (CAPTCHA alternative)
-# Get keys from: https://dash.cloudflare.com/?to=/:account/turnstile
+# [AWS-SECRET-REMOVED]===========================
+# Security Settings
+# [AWS-SECRET-REMOVED]===========================
+# Cloudflare Turnstile (get keys from Cloudflare dashboard)
 TURNSTILE_SITE_KEY=your-turnstile-site-key
 TURNSTILE_SECRET_KEY=your-turnstile-secret-key
 TURNSTILE_VERIFY_URL=https://challenges.cloudflare.com/turnstile/v0/siteverify

-# SSL/HTTPS settings (enable all for production)
+# Security headers (set to True for production)
 SECURE_SSL_REDIRECT=False
 SESSION_COOKIE_SECURE=False
 CSRF_COOKIE_SECURE=False
-
-# HSTS settings (HTTP Strict Transport Security)
 SECURE_HSTS_SECONDS=31536000
 SECURE_HSTS_INCLUDE_SUBDOMAINS=True
-SECURE_HSTS_PRELOAD=False

-# Security headers
-SECURE_BROWSER_XSS_FILTER=True
-SECURE_CONTENT_TYPE_NOSNIFF=True
-X_FRAME_OPTIONS=DENY
-SECURE_REFERRER_POLICY=strict-origin-when-cross-origin
-SECURE_CROSS_ORIGIN_OPENER_POLICY=same-origin
-
-# Session settings
-SESSION_COOKIE_AGE=3600
-SESSION_SAVE_EVERY_REQUEST=True
-SESSION_COOKIE_HTTPONLY=True
-SESSION_COOKIE_SAMESITE=Lax
-
-# CSRF settings
-CSRF_COOKIE_HTTPONLY=True
-CSRF_COOKIE_SAMESITE=Lax
-
-# Password minimum length
-PASSWORD_MIN_LENGTH=8
-
-# ==============================================================================
-#                            GeoDjango Settings
-# ==============================================================================
-
-# Library paths for GDAL and GEOS (required for GeoDjango)
-# macOS with Homebrew:
+# [AWS-SECRET-REMOVED]===========================
+# GeoDjango Settings (macOS with Homebrew)
+# [AWS-SECRET-REMOVED]===========================
 GDAL_LIBRARY_PATH=/opt/homebrew/lib/libgdal.dylib
 GEOS_LIBRARY_PATH=/opt/homebrew/lib/libgeos_c.dylib

-# Linux alternatives:
+# Linux alternatives (uncomment if on Linux)
 # GDAL_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/libgdal.so
 # GEOS_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/libgeos_c.so

-# ==============================================================================
-#                              API Configuration
-# ==============================================================================
-
-# CORS settings
-CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5174
-CORS_ALLOW_ALL_ORIGINS=False
-
-# API rate limiting
-API_RATE_LIMIT_PER_MINUTE=60
-API_RATE_LIMIT_PER_HOUR=1000
-API_RATE_LIMIT_ANON_PER_MINUTE=60
-API_RATE_LIMIT_USER_PER_HOUR=1000
-
-# API pagination
-API_PAGE_SIZE=20
-API_MAX_PAGE_SIZE=100
-API_VERSION=1.0.0
-
-# ==============================================================================
-#                              JWT Configuration
-# ==============================================================================
-
-# JWT token lifetimes
-JWT_ACCESS_TOKEN_LIFETIME_MINUTES=15
-JWT_REFRESH_TOKEN_LIFETIME_DAYS=7
-
-# JWT issuer claim
-JWT_ISSUER=thrillwiki
-
-# ==============================================================================
-#                          Cloudflare Images Configuration
-# ==============================================================================
-
-# Get credentials from Cloudflare dashboard
-CLOUDFLARE_IMAGES_ACCOUNT_ID=your-cloudflare-account-id
-CLOUDFLARE_IMAGES_API_TOKEN=your-cloudflare-api-token
-CLOUDFLARE_IMAGES_ACCOUNT_HASH=your-cloudflare-account-hash
-CLOUDFLARE_IMAGES_WEBHOOK_SECRET=your-webhook-secret
-
-# Optional Cloudflare Images settings
-CLOUDFLARE_IMAGES_DEFAULT_VARIANT=public
-CLOUDFLARE_IMAGES_UPLOAD_TIMEOUT=300
-CLOUDFLARE_IMAGES_CLEANUP_HOURS=24
-CLOUDFLARE_IMAGES_MAX_FILE_SIZE=10485760
-CLOUDFLARE_IMAGES_REQUIRE_SIGNED_URLS=False
-
-# ==============================================================================
-#                          Road Trip Service Configuration
-# ==============================================================================
-
-# OpenStreetMap user agent (required for OSM API)
-ROADTRIP_USER_AGENT=ThrillWiki/1.0 (https://thrillwiki.com)
-
-# Cache timeouts
-ROADTRIP_CACHE_TIMEOUT=86400
-ROADTRIP_ROUTE_CACHE_TIMEOUT=21600
-
-# Request settings
-ROADTRIP_MAX_REQUESTS_PER_SECOND=1
-ROADTRIP_REQUEST_TIMEOUT=10
-ROADTRIP_MAX_RETRIES=3
-ROADTRIP_BACKOFF_FACTOR=2
-
-# ==============================================================================
-#                              Logging Configuration
-# ==============================================================================
-
-# Log directory (relative to backend/)
-LOG_DIR=logs
-
-# Log levels (DEBUG, INFO, WARNING, ERROR, CRITICAL)
-ROOT_LOG_LEVEL=INFO
-DJANGO_LOG_LEVEL=WARNING
-DB_LOG_LEVEL=WARNING
-APP_LOG_LEVEL=INFO
-PERFORMANCE_LOG_LEVEL=INFO
-QUERY_LOG_LEVEL=WARNING
-NPLUSONE_LOG_LEVEL=WARNING
-REQUEST_LOG_LEVEL=INFO
-CELERY_LOG_LEVEL=INFO
-CONSOLE_LOG_LEVEL=INFO
-FILE_LOG_LEVEL=INFO
-
-# Log formatters (verbose, json, simple)
-FILE_LOG_FORMATTER=json
-
-# ==============================================================================
-#                              Monitoring & Errors
-# ==============================================================================
-
-# Sentry configuration (optional, for error tracking)
+# [AWS-SECRET-REMOVED]===========================
+# Optional: Third-party Integrations
+# [AWS-SECRET-REMOVED]===========================
+# Sentry for error tracking (uncomment to use)
 # SENTRY_DSN=https://your-sentry-dsn-here
-# SENTRY_ENVIRONMENT=development
-# SENTRY_TRACES_SAMPLE_RATE=0.1

-# ==============================================================================
-#                              Feature Flags
-# ==============================================================================
+# Google Analytics (uncomment to use)
+# GOOGLE_ANALYTICS_ID=GA-XXXXXXXXX

-# Development tools
-ENABLE_DEBUG_TOOLBAR=True
-ENABLE_SILK_PROFILER=False
-
-# Django template support (can be disabled for API-only mode)
-TEMPLATES_ENABLED=True
-
-# Autocomplete settings
-AUTOCOMPLETE_BLOCK_UNAUTHENTICATED=False
-
-# ==============================================================================
-#                          Third-Party Configuration
-# ==============================================================================
-
-# Frontend URL for email links and redirects
-FRONTEND_DOMAIN=https://thrillwiki.com
-
-# Login/logout redirect URLs
-LOGIN_REDIRECT_URL=/
-ACCOUNT_LOGOUT_REDIRECT_URL=/
-
-# Account settings
-ACCOUNT_EMAIL_VERIFICATION=mandatory
-
-# ==============================================================================
-#                              File Upload Settings
-# ==============================================================================
-
-# Maximum file size to upload into memory (bytes)
-FILE_UPLOAD_MAX_MEMORY_SIZE=2621440
-
-# Maximum request data size (bytes)
-DATA_UPLOAD_MAX_MEMORY_SIZE=10485760
-
-# Maximum number of GET/POST parameters
-DATA_UPLOAD_MAX_NUMBER_FIELDS=1000
-
-# Static/Media URLs (usually don't need to change)
-STATIC_URL=static/
-MEDIA_URL=/media/
-
-# WhiteNoise settings
-WHITENOISE_COMPRESSION_QUALITY=90
-WHITENOISE_MAX_AGE=31536000
-WHITENOISE_MANIFEST_STRICT=False
-
-# ==============================================================================
-#                              Health Check Settings
-# ==============================================================================
-
-# Disk usage threshold (percentage)
-HEALTH_CHECK_DISK_USAGE_MAX=90
-
-# Minimum available memory (MB)
-HEALTH_CHECK_MEMORY_MIN=100
-
-# ==============================================================================
-#                              Celery Configuration
-# ==============================================================================
-
-# Celery task behavior (set to True for testing)
-CELERY_TASK_ALWAYS_EAGER=False
-CELERY_TASK_EAGER_PROPAGATES=False
-
-# ==============================================================================
-#                           Debug Toolbar Configuration
-# ==============================================================================
-
-# Internal IPs for debug toolbar (comma-separated)
+# [AWS-SECRET-REMOVED]===========================
+# Development/Debug Settings
+# [AWS-SECRET-REMOVED]===========================
+# Set to comma-separated list for debug toolbar
 # INTERNAL_IPS=127.0.0.1,::1
+
+# Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
+LOG_LEVEL=INFO
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,83 +0,0 @@
-# Security Policy
-
-## Supported Versions
-
-| Version | Supported          |
-| ------- | ------------------ |
-| latest  | :white_check_mark: |
-| < latest | :x:               |
-
-Only the latest version of ThrillWiki receives security updates.
-
-## Reporting a Vulnerability
-
-We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
-
-### How to Report
-
-1. **Do not** create a public GitHub issue for security vulnerabilities
-2. Email your report to the project maintainers
-3. Include as much detail as possible:
-   - Description of the vulnerability
-   - Steps to reproduce
-   - Potential impact
-   - Affected versions
-   - Any proof of concept (if available)
-
-### What to Expect
-
- **Acknowledgment**: We will acknowledge receipt within 48 hours
- **Assessment**: We will assess the vulnerability and its impact
- **Updates**: We will keep you informed of our progress
- **Resolution**: We aim to resolve critical vulnerabilities within 7 days
- **Credit**: With your permission, we will credit you in our security advisories
-
-### Scope
-
-The following are in scope for security reports:
-
- ThrillWiki web application vulnerabilities
- Authentication and authorization issues
- Data exposure vulnerabilities
- Injection vulnerabilities (SQL, XSS, etc.)
- CSRF vulnerabilities
- Server-side request forgery (SSRF)
- Insecure direct object references
-
-### Out of Scope
-
-The following are out of scope:
-
- Denial of service attacks
- Social engineering attacks
- Physical security issues
- Issues in third-party applications or services
- Issues requiring physical access to a user's device
- Vulnerabilities in outdated versions
-
-## Security Measures
-
-ThrillWiki implements the following security measures:
-
- HTTPS enforcement with HSTS
- Content Security Policy
- XSS protection with input sanitization
- CSRF protection
- SQL injection prevention via ORM
- Rate limiting on authentication endpoints
- Secure session management
- JWT token rotation and blacklisting
-
-For more details, see [docs/SECURITY.md](../docs/SECURITY.md).
-
-## Security Updates
-
-Security updates are released as soon as possible after a vulnerability is confirmed. We recommend:
-
-1. Keep your installation up to date
-2. Subscribe to release notifications
-3. Review security advisories
-
-## Contact
-
-For security-related inquiries, please contact the project maintainers.
--- a/.github/workflows/dependency-update.yml
+++ b/.github/workflows/dependency-update.yml
@@ -1,53 +0,0 @@
-name: Dependency Update Check
-
-on:
-  schedule:
-    - cron: '0 0 * * 1'  # Weekly on Monday at midnight UTC
-  workflow_dispatch:
-
-jobs:
-  update:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-
-      - name: Install UV
-        run: |
-          curl -LsSf https://astral.sh/uv/install.sh | sh
-          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-
-      - name: Update Dependencies
-        working-directory: backend
-        run: |
-          uv lock --upgrade
-          uv sync
-
-      - name: Run Tests
-        working-directory: backend
-        run: |
-          uv run manage.py test
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
-        with:
-          commit-message: "chore: update dependencies"
-          title: "chore: weekly dependency updates"
-          body: |
-            Automated dependency updates.
-
-            This PR was automatically generated by the dependency update workflow.
-
-            ## Changes
-            - Updated `uv.lock` with latest compatible versions
-
-            ## Checklist
-            - [ ] Review dependency changes
-            - [ ] Verify all tests pass
-            - [ ] Check for breaking changes
-          branch: "dependency-updates"
-          labels: dependencies
--- a/.github/workflows/django.yml
+++ b/.github/workflows/django.yml
@@ -12,85 +12,30 @@ jobs:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
-        python-version: ["3.13"]
-
-    services:
-      postgres:
-        image: postgis/postgis:16-3.4
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: test_thrillwiki
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        # Services only run on Linux runners
-        if: runner.os == 'Linux'
+        python-version: [3.13.1]

    steps:
    - uses: actions/checkout@v4
-
+    
    - name: Install Homebrew on Linux
      if: runner.os == 'Linux'
      run: |
        /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
        echo "/home/linuxbrew/.linuxbrew/bin" >> $GITHUB_PATH
-
+    
    - name: Install GDAL with Homebrew
      run: brew install gdal
-
-    - name: Install PostGIS on macOS
-      if: runner.os == 'macOS'
-      run: |
-        brew install postgresql@16 postgis
-        brew services start postgresql@16
-        sleep 5
-        /opt/homebrew/opt/postgresql@16/bin/createuser -s postgres || true
-        /opt/homebrew/opt/postgresql@16/bin/createdb -U postgres test_thrillwiki || true
-        /opt/homebrew/opt/postgresql@16/bin/psql -U postgres -d test_thrillwiki -c "CREATE EXTENSION IF NOT EXISTS postgis;" || true
-
+      
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
-
-    - name: Install UV
-      run: |
-        curl -LsSf https://astral.sh/uv/install.sh | sh
-        echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-
-    - name: Cache UV dependencies
-      uses: actions/cache@v4
-      with:
-        path: ~/.cache/uv
-        key: ${{ runner.os }}-uv-${{ hashFiles('backend/pyproject.toml') }}
-        restore-keys: |
-          ${{ runner.os }}-uv-
-
+        
    - name: Install Dependencies
-      working-directory: backend
      run: |
-        uv sync --frozen
-
-    - name: Security Audit
-      working-directory: backend
-      run: |
-        uv pip install pip-audit
-        uv run pip-audit || true
-      continue-on-error: true
-
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        
    - name: Run Tests
-      working-directory: backend
-      env:
-        DJANGO_SETTINGS_MODULE: config.django.test
-        TEST_DB_NAME: test_thrillwiki
-        TEST_DB_USER: postgres
-        TEST_DB_PASSWORD: postgres
-        TEST_DB_HOST: localhost
-        TEST_DB_PORT: 5432
      run: |
-        uv run python manage.py test --settings=config.django.test --parallel
+        python manage.py test
--- a/.gitignore
+++ b/.gitignore
@@ -34,12 +34,6 @@ db.sqlite3-journal
 .uv/
 backend/.uv/

-# Generated requirements files (auto-generated from pyproject.toml)
-# Uncomment if you want to track these files
-# backend/requirements.txt
-# backend/requirements-dev.txt
-# backend/requirements-test.txt
-
 # Node.js
 node_modules/
 npm-debug.log*
@@ -104,11 +98,8 @@ temp/

 # Backup files
 *.bak
-*.backup
 *.orig
 *.swp
-*_backup.*
-*_OLD_*

 # Archive files
 *.tar.gz
@@ -130,10 +121,4 @@ frontend/.env
 # Extracted packages
 django-forwardemail/
 frontend/
-frontend
-.snapshots
-web/next-env.d.ts
-web/.next/types/cache-life.d.ts
-.gitignore
-web/.next/types/routes.d.ts
-web/.next/types/validator.ts
+frontend
--- a/.pylintrc
+++ b/.pylintrc
@@ -1,251 +0,0 @@
-# =============================================================================
-# ThrillWiki Django Project - Pylint Configuration
-# =============================================================================
-#
-# Purpose: Django-aware Pylint configuration that suppresses false positives
-#          while maintaining code quality standards.
-#
-# Alignment:
-#   - Line length: 120 characters (matches Black and Ruff in pyproject.toml)
-#   - Django version: 5.2.8
-#
-# Key Features:
-#   - Suppresses false positives for Django ORM patterns (.objects, _meta, .DoesNotExist)
-#   - Whitelists Django management command styling (self.style.SUCCESS, ERROR, etc.)
-#   - Accommodates Django REST Framework patterns
-#   - Allows django-fsm state machine patterns
-#
-# Maintenance:
-#   - Review when upgrading Django or adding new dynamic attribute patterns
-#   - Keep line-length aligned with Black/Ruff settings in pyproject.toml
-#
-# =============================================================================
-
-[MASTER]
-# Use all available CPU cores for faster linting
-jobs=0
-
-# Directories and files to exclude from linting
-ignore=.git,__pycache__,.venv,venv,migrations,node_modules,.tox,.pytest_cache,build,dist
-
-# File patterns to ignore (e.g., Emacs backup files)
-ignore-patterns=^\.#
-
-# Pickle collected data for faster subsequent runs
-persistent=yes
-
-# =============================================================================
-# [MESSAGES CONTROL]
-# Disable checks that conflict with Django patterns and conventions
-# =============================================================================
-[MESSAGES CONTROL]
-disable=
-    # C0114: missing-module-docstring
-    # Django apps often don't need module docstrings; the app's purpose is
-    # typically documented in apps.py or README
-    C0114,
-
-    # C0115: missing-class-docstring
-    # Django models, forms, and serializers are often self-documenting through
-    # their field definitions and Meta classes
-    C0115,
-
-    # C0116: missing-function-docstring
-    # Allow simple functions and methods without docstrings; Django views and
-    # model methods are often self-explanatory
-    C0116,
-
-    # C0103: invalid-name
-    # Django uses non-PEP8 names by convention (e.g., 'pk', 'id', 'qs')
-    # and single-letter variables in comprehensions are acceptable
-    C0103,
-
-    # C0411: wrong-import-order
-    # Let isort/ruff handle import ordering; they have Django-specific rules
-    C0411,
-
-    # C0415: import-outside-toplevel
-    # Django often requires lazy imports to avoid circular dependencies,
-    # especially in models.py and signals
-    C0415,
-
-    # W0212: protected-access
-    # Django extensively uses _meta for model introspection; this is documented
-    # and supported API: https://docs.djangoproject.com/en/5.2/ref/models/meta/
-    W0212,
-
-    # W0613: unused-argument
-    # Django views, signals, and receivers often have unused parameters that
-    # are required by the framework's signature (e.g., request, sender, **kwargs)
-    W0613,
-
-    # R0903: too-few-public-methods
-    # Django models, forms, and serializers can be simple data containers
-    # with few or no methods beyond __str__
-    R0903,
-
-    # R0801: duplicate-code
-    # Django patterns naturally duplicate across apps (e.g., CRUD views,
-    # model patterns); this is intentional for consistency
-    R0801,
-
-    # E1101: no-member
-    # Main source of false positives for Django's dynamic attributes:
-    # - Model.objects (Manager)
-    # - Model.DoesNotExist / MultipleObjectsReturned (exceptions)
-    # - self.style.SUCCESS/ERROR (management commands)
-    # - model._meta (Options)
-    E1101
-
-# =============================================================================
-# [TYPECHECK]
-# Whitelist Django's dynamically generated attributes
-# =============================================================================
-[TYPECHECK]
-# Django generates many attributes dynamically that Pylint cannot detect
-# statically. This list covers common patterns:
-#
-# - objects.*    : Django ORM Manager methods (all, filter, get, create, etc.)
-# - DoesNotExist : Exception raised when Model.objects.get() finds nothing
-# - MultipleObjectsReturned : Exception when get() finds multiple objects
-# - _meta.*      : Django model metadata API (fields, app_label, model_name)
-# - style.*      : Django management command styling (SUCCESS, ERROR, WARNING, NOTICE)
-# - id, pk       : Django auto-generated primary key fields
-# - REQUEST      : Django request object attributes
-# - aq_*         : Acquisition attributes (Zope/Plone compatibility)
-# - acl_users    : Zope/Plone user folder
-#
-generated-members=
-    REQUEST,
-    acl_users,
-    aq_parent,
-    aq_inner,
-    aq_explicit,
-    aq_acquire,
-    aq_base,
-    objects,
-    objects.*,
-    DoesNotExist,
-    MultipleObjectsReturned,
-    _meta,
-    _meta.*,
-    style,
-    style.*,
-    id,
-    pk
-
-# =============================================================================
-# [FORMAT]
-# Code formatting settings - aligned with Black and Ruff (120 chars)
-# =============================================================================
-[FORMAT]
-# Maximum line length - matches Black and Ruff configuration in pyproject.toml
-max-line-length=120
-
-# Use 4 spaces for indentation (Python standard)
-indent-string='    '
-
-# Use Unix line endings (LF)
-expected-line-ending-format=LF
-
-# =============================================================================
-# [BASIC]
-# Naming conventions and allowed short names
-# =============================================================================
-[BASIC]
-# Short variable names commonly used in Django and Python
-# - i, j, k   : Loop counters
-# - ex        : Exception variable
-# - Run       : Django command method
-# - _         : Throwaway variable
-# - id, pk    : Primary key (Django convention)
-# - qs        : QuerySet abbreviation
-good-names=i,j,k,ex,Run,_,id,pk,qs
-
-# Enforce snake_case for most identifiers (Python/Django convention)
-argument-naming-style=snake_case
-attr-naming-style=snake_case
-function-naming-style=snake_case
-method-naming-style=snake_case
-module-naming-style=snake_case
-variable-naming-style=snake_case
-
-# PascalCase for classes
-class-naming-style=PascalCase
-
-# UPPER_CASE for constants
-const-naming-style=UPPER_CASE
-
-# =============================================================================
-# [DESIGN]
-# Complexity thresholds - relaxed for Django patterns
-# =============================================================================
-[DESIGN]
-# Django views and forms often need many arguments
-max-args=7
-
-# Django models can have many fields
-max-attributes=12
-
-# Allow complex boolean expressions
-max-bool-expr=5
-
-# Django views can have complex branching logic
-max-branches=15
-
-# Django views often have many local variables
-max-locals=20
-
-# Django uses multiple inheritance (Model, Mixin classes)
-max-parents=7
-
-# Django models and viewsets have many built-in methods
-max-public-methods=25
-
-# Allow multiple return statements
-max-returns=6
-
-# Django views can be lengthy
-max-statements=60
-
-# Allow simple classes with no methods (e.g., Django Meta classes)
-min-public-methods=0
-
-# =============================================================================
-# [SIMILARITIES]
-# Duplicate code detection settings
-# =============================================================================
-[SIMILARITIES]
-# Increase threshold to reduce false positives from Django boilerplate
-min-similarity-lines=6
-
-# Don't flag similar comments
-ignore-comments=yes
-
-# Don't flag similar docstrings
-ignore-docstrings=yes
-
-# Don't flag similar import blocks
-ignore-imports=yes
-
-# =============================================================================
-# [VARIABLES]
-# Variable naming patterns
-# =============================================================================
-[VARIABLES]
-# Patterns for dummy/unused variables
-dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
-
-# Arguments that are commonly unused but required by framework signatures
-ignored-argument-names=_.*|^ignored_|^unused_|args|kwargs|request|pk
-
-# =============================================================================
-# [IMPORTS]
-# Import checking settings
-# =============================================================================
-[IMPORTS]
-# Don't allow wildcard imports even with __all__ defined
-allow-wildcard-with-all=no
-
-# Don't analyze fallback import blocks
-analyse-fallback-blocks=no
--- a/.replit
+++ b/.replit
@@ -0,0 +1,73 @@
+modules = ["bash", "web", "nodejs-20", "python-3.13", "postgresql-16"]
+
+[nix]
+channel = "stable-25_05"
+packages = [
+  "freetype",
+  "gdal",
+  "geos",
+  "gitFull",
+  "lcms2",
+  "libimagequant",
+  "libjpeg",
+  "libtiff",
+  "libwebp",
+  "libxcrypt",
+  "openjpeg",
+  "playwright-driver",
+  "postgresql",
+  "proj",
+  "tcl",
+  "tk",
+  "uv",
+  "zlib",
+]
+
+[agent]
+expertMode = true
+
+[workflows]
+runButton = "Project"
+
+[[workflows.workflow]]
+name = "Project"
+mode = "parallel"
+author = "agent"
+
+[[workflows.workflow.tasks]]
+task = "workflow.run"
+args = "ThrillWiki Server"
+
+[[workflows.workflow]]
+name = "ThrillWiki Server"
+author = "agent"
+
+[[workflows.workflow.tasks]]
+task = "shell.exec"
+args = "/home/runner/workspace/.venv/bin/python manage.py tailwind runserver 0.0.0.0:5000"
+waitForPort = 5000
+
+[workflows.workflow.metadata]
+outputType = "webview"
+
+[[ports]]
+localPort = 5000
+externalPort = 80
+
+[[ports]]
+localPort = 41923
+externalPort = 3000
+
+[[ports]]
+localPort = 45245
+externalPort = 3001
+
+[deployment]
+deploymentTarget = "autoscale"
+run = [
+  "gunicorn",
+  "--bind=0.0.0.0:5000",
+  "--reuse-port",
+  "thrillwiki.wsgi:application",
+]
+build = ["uv", "pip", "install", "--system", "-r", "requirements.txt"]
--- a/BACKEND_STRUCTURE.md
+++ b/BACKEND_STRUCTURE.md
@@ -1,95 +0,0 @@
-# Backend Structure Plan
-
-## Apps Overview
-
-### 1. `apps.core`
- **Responsibility**: Base classes, shared utilities, history tracking.
- **Existing**: `SluggedModel`, `TrackedModel`.
- **Versioning Strategy (Section 15)**:
-  - All core entities (`Park`, `Ride`, `Company`) must utilize `django-pghistory` or `apps.core` tracking to support:
-    - **Edit History**: Chronological list of changes with `reason`, `user`, and `diff`.
-    - **Timeline**: Major events (renames, relocations).
-    - **Rollback**: Ability to restore previous versions via the Moderation Queue.
-
-### 2. `apps.accounts`
- **Responsibility**: User authentication, profiles, and settings.
- **Existing**: `User`, `UserProfile` (bio, location, home park).
- **Required Additions (Section 9)**:
-  - **UserDeletionRequest**: Support 7-day grace period for account deletion.
-  - **Privacy Settings**: Fields for `is_profile_public`, `show_location`, `show_email` on `UserProfile`.
-  - **Data Export**: Serializers/Utilities to dump all user data (Reviews, Credits, Lists) to JSON.
-
-### 3. `apps.parks`
- **Responsibility**: Park management.
- **Models**: `Park`, `ParkArea`.
- **Relationships**:
-  - `operator`: FK to `apps.companies.Company` (Type: Operator).
-  - `property_owner`: FK to `apps.companies.Company` (Type: Owner).
-
-### 4. `apps.rides`
- **Responsibility**: Ride data, Coasters, and Credits.
- **Models**:
-  - `Ride`: Core entity (Status FSM: Operating, SBNO, Closed, etc.).
-  - `RideModel`: Defines the "Type" of ride (e.g., B&M Hyper V2).
-  - `Manufacturer`: FK to `apps.companies.Company`.
-  - `Designer`: FK to `apps.companies.Company`.
- **Ride Credits (Section 10)**:
-  - **Model**: `RideCredit` (Through-Model: `User` <-> `Ride`).
-  - **Fields**:
-    - `count` (Integer): Total times ridden.
-    - `rating` (Float): Personal rating (distinct from public Review).
-    - `first_ridden_at` (Date): First time experiencing the ride.
-    - `notes` (Text): Private personal notes.
-  - **Constraints**: `Unique(user, ride)` - A user has one credit entry per ride.
-
-### 5. `apps.companies`
- **Responsibility**: Management of Industry Entities (Section 4).
- **Models**:
-  - `Company`: Single model with `type` choices or Polymorphic.
-  - **Types**: `Manufacturer`, `Designer`, `Operator`, `PropertyOwner`.
-  - **Features**: Detailed pages, hover cards, listing by type.
-
-### 6. `apps.moderation` (The Sacred Submission Pipeline)
- **Responsibility**: Centralized Content Submission System (Section 14, 16).
- **Concept**: **Live Data** (Approve) vs **Submission Data** (Pending).
- **Models**:
-  - `Submission`:
-    - `submitter`: FK to User.
-    - `content_type`: Target Model (Park, Ride, etc.).
-    - `object_id`: Target ID (Null for Creation).
-    - `data`: **JSONField** storing the proposed state.
-    - `status`: State Machine (`Pending` -> `Claimed` -> `Approved` | `Rejected` | `ChangesRequested`).
-    - `moderator`: FK to User (Claimaint).
-    - `moderator_note`: Reason for rejection/feedback.
-  - `Report`: User flags on content.
- **Workflow**:
-  1. User submits form -> `Submission` created (Status: Pending).
-  2. Moderator Claims -> Status: Claimed.
-  3. Approves -> Applies `data` to `Live Model` -> Saves Version -> Status: Approved.
-
-### 7. `apps.media`
- **Responsibility**: Media Management (Section 13).
- **Models**:
-  - `Photo`: GenericFK. Fields: `image`, `caption`, `user`, `status` (Moderation).
-  - **Banner/Card**: Entities should link to a "Primary Photo" or store a cached image field.
-
-### 8. `apps.reviews`
- **Responsibility**: Public Reviews & Ratings (Section 12).
- **Models**:
-  - `Review`: GenericFK (Park, Ride).
-  - **Fields**: `rating` (1-5, 0.5 steps), `title`, `body`, `helpful_votes`.
-  - **Logic**: Aggregates (Avg Rating, Count) calculation for Entity caches.
-
-### 9. `apps.lists`
- **Responsibility**: User Lists & Rankings (Section 11).
- **Models**:
-  - `UserList`: Title, Description, Type (Park/Ride/Coaster/Mixed), Privacy (Public/Private).
-  - `UserListItem`: FK to List, GenericFK to Item, Order, Notes.
-
-### 10. `apps.blog`
- **Responsibility**: News & Updates.
- **Models**: `Post`, `Tag`.
-
-### 11. `apps.support`
- **Responsibility**: Human interaction.
- **Models**: `Ticket` (Contact Form).
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,503 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [Phase 7] - 2025-12-24
-
-### Testing
-
-#### Added
- **Comprehensive Test Coverage Improvements**
-  - Added 30+ new test files across all apps
-  - API endpoint tests with authentication, error handling, pagination, and response format validation
-  - E2E tests for FSM workflows (parks, rides, moderation)
-  - Integration tests for FSM transition workflows
-  - Unit tests for managers, serializers, and services
-  - Accessibility tests for WCAG 2.1 AA compliance
-  - Form validation tests for all major forms
-
-#### Test Files Added
- `backend/tests/api/` - API endpoint tests (8 files)
- `backend/tests/e2e/` - End-to-end FSM workflow tests (3 files)
- `backend/tests/integration/` - Integration tests (1 file)
- `backend/tests/managers/` - Manager tests (2 files)
- `backend/tests/serializers/` - Serializer tests (3 files)
- `backend/tests/services/` - Service layer tests (3 files)
- `backend/tests/forms/` - Form validation tests (5 files)
- `backend/tests/accessibility/` - WCAG compliance tests (1 file)
- `backend/apps/*/tests/` - App-specific tests (7 files)
-
-#### Coverage Improvements
- Increased test coverage for models, views, and services
- Added tests for edge cases and error conditions
- Improved FSM transition testing with permission checks
- Added query optimization tests
-
-### Technical Details
-
-This phase focused on achieving comprehensive test coverage to ensure code quality and prevent regressions. Tests cover:
- All API endpoints with various authentication scenarios
- FSM state transitions with permission validation
- Form validation logic with edge cases
- Manager methods and custom QuerySets
- Service layer business logic
- Accessibility compliance for interactive components
-
-**Testing Infrastructure**:
- pytest with Django plugin
- Factory Boy for test data generation
- Coverage.py for coverage tracking
- Playwright for E2E tests
-
-### Files Modified
- `backend/pyproject.toml` - Updated test dependencies and coverage configuration
- `backend/tests/conftest.py` - Enhanced test fixtures and utilities
-
---
-
-## [Phase 6] - 2025-12-24
-
-### Forms & Validation
-
-#### Enhanced
- **Form Validation Coverage**
-  - Added custom `clean_*` methods for field-level validation
-  - Improved error messages for better user experience
-  - Enhanced form widgets (date pickers, rich text editors)
-  - Standardized ModelForm field definitions
-
-#### Forms Enhanced
- `backend/apps/parks/forms/base.py` - Park creation/update forms
- `backend/apps/parks/forms/review_forms.py` - Park review forms
- `backend/apps/parks/forms/area_forms.py` - Park area forms
- `backend/apps/rides/forms/base.py` - Ride creation/update forms
- `backend/apps/rides/forms/review_forms.py` - Ride review forms
- `backend/apps/rides/forms/company_forms.py` - Company forms
- `backend/apps/rides/forms/search.py` - Ride search forms
- `backend/apps/core/forms/search.py` - Core search forms
- `backend/apps/core/forms/htmx_forms.py` - HTMX-specific form patterns
-
-#### Tests Added
- `backend/tests/forms/test_area_forms.py` - Area form validation tests
- `backend/tests/forms/test_park_forms.py` - Park form validation tests
- `backend/tests/forms/test_ride_forms.py` - Ride form validation tests
- `backend/tests/forms/test_review_forms.py` - Review form validation tests
- `backend/tests/forms/test_company_forms.py` - Company form validation tests
-
-### Technical Details
-
-This phase improved form validation coverage across the application:
-1. **Field-Level Validation**: Custom `clean_*` methods for complex validation logic
-2. **User-Friendly Errors**: Clear, actionable error messages
-3. **Widget Improvements**: Better UX with appropriate input widgets
-4. **HTMX Integration**: Forms work seamlessly with HTMX partial updates
-5. **Test Coverage**: Comprehensive tests for all validation scenarios
-
-**Validation Patterns**:
- Date range validation (opening/closing dates)
- Coordinate validation (latitude/longitude bounds)
- Slug uniqueness validation
- Cross-field validation (e.g., closing date must be after opening date)
- File upload validation (size, type, dimensions)
-
---
-
-## [Phase 5] - 2025-12-24
-
-### Admin Interface
-
-#### Enhanced
- **Django Admin Completeness**
-  - Added comprehensive `list_display` with key fields
-  - Implemented `search_fields` for text search
-  - Added `list_filter` for status, category, and date filtering
-  - Organized detail views with `fieldsets`
-  - Added `readonly_fields` for computed properties and timestamps
-  - Implemented custom admin actions (bulk approve, bulk reject, etc.)
-
-#### Admin Files Enhanced
- `backend/apps/parks/admin.py` - Park, Area, Company, Review admin
- `backend/apps/rides/admin.py` - Ride, Manufacturer, Review admin
- `backend/apps/accounts/admin.py` - User, Profile admin
- `backend/apps/moderation/admin.py` - Submission, Report admin
- `backend/apps/core/admin.py` - Base admin classes and mixins
-
-#### Custom Admin Actions
- Bulk approve/reject for moderation workflows
- Bulk status changes for parks and rides
- Export to CSV for reporting
- Cache invalidation for modified entities
-
-### Technical Details
-
-This phase completed the Django admin interface to provide a powerful content management system:
-1. **List Views**: Optimized with select_related/prefetch_related
-2. **Search**: Full-text search on name, description, and location fields
-3. **Filters**: Status, category, date range, and custom filters
-4. **Detail Views**: Organized with logical fieldsets
-5. **Actions**: Bulk operations for efficient moderation
-
-**Admin Patterns**:
- Inherited from `BaseModelAdmin` for consistency
- Used `readonly_fields` for computed properties
- Implemented `get_queryset()` optimization
- Added inline admin for related objects
-
---
-
-## [Phase 4] - 2025-12-24
-
-### Models & Database
-
-#### Enhanced
- **Model Completeness & Consistency**
-  - Added/improved `__str__` methods for human-readable representations
-  - Standardized `Meta` classes with `ordering`, `verbose_name`, `verbose_name_plural`
-  - Added comprehensive `help_text` on all fields
-  - Verified database indexes on foreign keys and frequently queried fields
-  - Added model constraints (CheckConstraint, UniqueConstraint)
-
-#### Model Files Enhanced
- `backend/apps/parks/models/parks.py` - Park model
- `backend/apps/parks/models/companies.py` - Company, Operator models
- `backend/apps/parks/models/areas.py` - ParkArea model
- `backend/apps/parks/models/media.py` - ParkPhoto model
- `backend/apps/parks/models/reviews.py` - ParkReview model
- `backend/apps/parks/models/location.py` - ParkLocation model
- `backend/apps/rides/models/rides.py` - Ride model
- `backend/apps/rides/models/company.py` - Manufacturer, Designer models
- `backend/apps/rides/models/rankings.py` - RideRanking model
- `backend/apps/rides/models/media.py` - RidePhoto model
- `backend/apps/rides/models/reviews.py` - RideReview model
- `backend/apps/rides/models/location.py` - RideLocation model
- `backend/apps/accounts/models.py` - User, Profile models
- `backend/apps/moderation/models.py` - Submission, Report models
- `backend/apps/core/models.py` - Base models and mixins
-
-#### Database Improvements
- Added indexes for performance optimization
- Implemented constraints for data integrity
- Standardized field naming conventions
- Improved model documentation
-
-### Technical Details
-
-This phase improved model quality and consistency:
-1. **String Representations**: All models have meaningful `__str__` methods
-2. **Metadata**: Complete Meta classes with ordering and verbose names
-3. **Field Documentation**: Every field has descriptive help_text
-4. **Database Optimization**: Proper indexes on foreign keys and search fields
-5. **Data Integrity**: Constraints enforce business rules at database level
-
-**Model Patterns**:
- Used `TextChoices` for status and category fields
- Implemented `db_index=True` on frequently queried fields
- Added `CheckConstraint` for value ranges (e.g., ratings 1-5)
- Used `UniqueConstraint` for compound uniqueness
-
---
-
-## [Phase 3] - 2025-12-24
-
-### Logging & Observability
-
-#### Standardized
- **Logging Pattern Consistency**
-  - Added `logger = logging.getLogger(__name__)` to all view, service, and middleware files
-  - Implemented centralized logging utilities from `apps.core.logging`
-  - Standardized log levels (debug, info, warning, error)
-  - Added structured logging with context
-
-#### Files Enhanced with Logging
- `backend/apps/parks/views.py` - Park views
- `backend/apps/rides/views.py` - Ride views
- `backend/apps/accounts/views.py` - Account views
- `backend/apps/moderation/views.py` - Moderation views
- `backend/apps/accounts/services.py` - Account services
- `backend/apps/parks/signals.py` - Park signals
- `backend/apps/rides/signals.py` - Ride signals
- `backend/apps/moderation/signals.py` - Moderation signals
- `backend/apps/rides/tasks.py` - Celery tasks
- `backend/apps/parks/apps.py` - App configuration
- `backend/apps/rides/apps.py` - App configuration
- `backend/apps/moderation/apps.py` - App configuration
-
-#### Logging Utilities
- `log_exception()` - Exception logging with full context
- `log_business_event()` - Business operation logging (FSM transitions, user actions)
- `log_security_event()` - Security event logging (authentication, authorization)
-
-### Technical Details
-
-This phase standardized logging across the application for better observability:
-1. **Consistent Logger Initialization**: Every module uses `logging.getLogger(__name__)`
-2. **Centralized Utilities**: Structured logging functions in `apps.core.logging`
-3. **Contextual Logging**: All logs include relevant context (user, request, operation)
-4. **Security Logging**: Dedicated logging for security events
-5. **Performance Logging**: Query performance and cache hit/miss tracking
-
-**Logging Patterns**:
- Exception handlers use `log_exception()` with context
- FSM transitions use `log_business_event()`
- Authentication events use `log_security_event()`
- Never log sensitive data (passwords, tokens, PII)
-
-**Benefits**:
- Easier debugging with consistent log format
- Better production monitoring with structured logs
- Security audit trail for compliance
- Performance insights from cache and query logs
-
---
-
-## [Phase 15] - 2025-12-23
-
-### Documentation
-
-#### Added
- **Future Work Documentation**
-  - Created `docs/FUTURE_WORK.md` to track deferred features
-  - Documented 11 TODO items with detailed implementation specifications
-  - Added priority levels (P0-P3) and effort estimates
-  - Included code examples and architectural guidance
-
-#### Implemented
- **Cache Statistics Tracking (THRILLWIKI-109)**
-  - Added `get_cache_statistics()` method to `CacheMonitor` class
-  - Implemented real-time cache hit/miss tracking in `MapStatsAPIView`
-  - Returns Redis statistics when available, with graceful fallback
-  - Removed placeholder TODO comments
-
- **Photo Upload Counting (THRILLWIKI-105)**
-  - Implemented photo counting in user statistics endpoint
-  - Queries `ParkPhoto` and `RidePhoto` models for accurate counts
-  - Removed placeholder TODO comment
-
- **Admin Permission Checks (THRILLWIKI-103)**
-  - Verified existing admin permission checks in map cache endpoints
-  - Removed outdated TODO comments (checks were already implemented)
-
-#### Enhanced
- **TODO Comment Cleanup**
-  - Updated all TODO comments to reference `FUTURE_WORK.md`
-  - Added THRILLWIKI issue numbers for traceability
-  - Improved inline documentation with implementation context
-
-### Technical Details
-
-This phase focused on addressing technical debt by:
-1. Documenting deferred features with actionable specifications
-2. Implementing quick wins that improve observability
-3. Cleaning up TODO comments to reduce confusion
-
-**Features Documented for Future Implementation**:
- Map clustering algorithm (THRILLWIKI-106)
- Nearby locations feature (THRILLWIKI-107)
- Search relevance scoring (THRILLWIKI-108)
- Full user statistics tracking (THRILLWIKI-104)
- Geocoding service integration (THRILLWIKI-101)
- ClamAV malware scanning (THRILLWIKI-110)
- Sample data creation command (THRILLWIKI-111)
-
-**Quick Wins Implemented**:
- Cache statistics tracking for monitoring
- Photo upload counting for user profiles
- Verified admin permission checks
-
-### Files Modified
- `backend/apps/api/v1/maps/views.py` - Cache statistics, updated TODO comments
- `backend/apps/api/v1/accounts/views.py` - Photo counting, updated TODO comments
- `backend/apps/api/v1/serializers/maps.py` - Updated TODO comments
- `backend/apps/core/services/location_adapters.py` - Updated TODO comments
- `backend/apps/core/services/enhanced_cache_service.py` - Added `get_cache_statistics()` method
- `backend/apps/core/utils/file_scanner.py` - Updated TODO comments
- `backend/apps/core/views/map_views.py` - Removed outdated TODO comments
- `backend/apps/parks/management/commands/create_sample_data.py` - Updated TODO comments
- `docs/architecture/README.md` - Added reference to FUTURE_WORK.md
-
-### Files Created
- `docs/FUTURE_WORK.md` - Centralized future work documentation
-
---
-
-## [Phase 14] - 2025-12-23
-
-### Documentation
-
-#### Fixed
- Corrected architectural documentation from Vue.js SPA to Django + HTMX monolith
- Updated main README to accurately reflect technology stack (Django 5.2.8+, HTMX 1.20.0+, Alpine.js)
- Fixed deployment guide to remove frontend build steps (no separate frontend build process)
- Corrected environment setup instructions for Django + HTMX architecture
- Updated project structure diagrams to show Django monolith with HTMX templates
-
-#### Added
- **Architecture Decision Records (ADRs)**
-  - ADR-001: Django + HTMX Architecture Decision
-  - ADR-002: Hybrid API Design Pattern
-  - ADR-003: State Machine Pattern for entity status management
-  - ADR-004: Caching Strategy with Redis multi-layer caching
-  - ADR-005: Authentication Approach (JWT + Session + Social Auth)
-  - ADR-006: Media Handling with Cloudflare Images
- **New Documentation Files**
-  - `docs/SETUP_GUIDE.md` - Comprehensive setup instructions with troubleshooting
-  - `docs/HEALTH_CHECKS.md` - Health check endpoint documentation
-  - `docs/PRODUCTION_CHECKLIST.md` - Deployment verification checklist
-  - `docs/architecture/README.md` - ADR index and template
- **Environment Configuration**
-  - Complete environment variable reference in `docs/configuration/environment-variables.md`
-  - Updated `.env.example` with comprehensive documentation
-
-#### Enhanced
- Backend README with HTMX patterns and hybrid API/HTML endpoint documentation
- Deployment guide with Docker, nginx, and CI/CD pipeline configurations
- Production settings documentation with inline comments
- API documentation structure and endpoint reference
-
-#### Documentation Structure
-```
-docs/
-├── README.md                           # Updated - Django + HTMX architecture
-├── SETUP_GUIDE.md                      # New - Development setup
-├── HEALTH_CHECKS.md                    # New - Monitoring endpoints
-├── PRODUCTION_CHECKLIST.md             # New - Deployment checklist
-├── THRILLWIKI_API_DOCUMENTATION.md     # Existing - API reference
-├── htmx-patterns.md                    # Existing - HTMX conventions
-├── architecture/                       # New - ADRs
-│   ├── README.md                       # ADR index
-│   ├── adr-001-django-htmx-architecture.md
-│   ├── adr-002-hybrid-api-design.md
-│   ├── adr-003-state-machine-pattern.md
-│   ├── adr-004-caching-strategy.md
-│   ├── adr-005-authentication-approach.md
-│   └── adr-006-media-handling-cloudflare.md
-└── configuration/
-    └── environment-variables.md        # Existing - Complete reference
-```
-
-### Technical Details
-
-This phase focused on documentation-only changes to align all project documentation with the actual Django + HTMX architecture. No code changes were made.
-
-**Key Corrections:**
- The project uses Django templates with HTMX for interactivity, not a Vue.js SPA
- There is no separate frontend build process - static files are served by Django
- The API serves both JSON (for mobile/integrations) and HTML (for HTMX partials)
- Authentication uses JWT for API access and sessions for web browsing
-
---
-
-## [Unreleased] - 2025-12-23
-
-### Security
-
- **CRITICAL:** Updated Django from 5.0.x to 5.2.8+ to address CVE-2025-64459 (SQL injection, CVSS 9.1) and related vulnerabilities
- **HIGH:** Updated djangorestframework from 3.14.x to 3.15.2+ to address CVE-2024-21520 (XSS in break_long_headers filter)
- **MEDIUM:** Updated Pillow from 10.2.0 to 10.4.0+ (upper bound <11.2) to address CVE-2024-28219 (buffer overflow)
- Added cryptography>=44.0.0 for django-allauth JWT support
-
-### Changed
-
- Standardized Python version requirement to 3.13+ across all configuration files
- Consolidated pyproject.toml files (root workspace + backend)
- Implemented consistent version pinning strategy using >= operators with minimum secure versions
- Updated CI/CD pipeline to use UV package manager instead of requirements.txt
- Moved linting and dev tools to proper dependency groups
-
-### Package Updates
-
-#### Core Django Ecosystem
- Django: 5.0.x → 5.2.8+
- djangorestframework: 3.14.x → 3.15.2+
- django-cors-headers: 4.3.1 → 4.6.0+
- django-filter: 23.5 → 24.3+
- drf-spectacular: 0.27.0 → 0.28.0+
- django-htmx: 1.17.2 → 1.20.0+
- whitenoise: 6.6.0 → 6.8.0+
-
-#### Authentication
- django-allauth: 0.60.1 → 65.3.0+
- djangorestframework-simplejwt: maintained at 5.5.1+
-
-#### Task Queue & Caching
- celery: maintained at 5.5.3+ (<6)
- django-celery-beat: maintained at 2.8.1+
- django-celery-results: maintained at 2.6.0+
- django-redis: 5.4.0+
- hiredis: 2.3.0 → 3.1.0+
-
-#### Monitoring
- sentry-sdk: 1.40.0 → 2.20.0+ (<3)
-
-#### Development Tools
- black: 24.1.0 → 25.1.0+
- ruff: 0.12.10 → 0.9.2+
- pyright: 1.1.404 → 1.1.405+
- coverage: 7.9.1 → 7.9.2+
- playwright: 1.41.0 → 1.50.0+
-
-### Removed
-
- `channels>=4.2.0` - Not in INSTALLED_APPS, no WebSocket usage
- `channels-redis>=4.2.1` - Dependency of channels
- `daphne>=4.1.2` - ASGI server not used (using WSGI)
- `django-simple-history>=3.5.0` - Using django-pghistory instead
- `django-oauth-toolkit>=3.0.1` - Using dj-rest-auth + simplejwt instead
- `django-webpack-loader>=3.1.1` - No webpack configuration in project
- `reactivated>=0.47.5` - Not used in codebase
- `poetry>=2.1.3` - Using UV package manager instead
- Moved `django-silk` and `django-debug-toolbar` to optional profiling group
-
-### Added
-
- UV lock file (uv.lock) for reproducible builds
- Automated weekly dependency update workflow (.github/workflows/dependency-update.yml)
- Security audit step in CI/CD pipeline (pip-audit)
- Requirements.txt generation script (scripts/generate_requirements.sh)
- Ruff configuration in pyproject.toml
-
-### Fixed
-
- Broken CI/CD pipeline (was referencing non-existent requirements.txt)
- Python version inconsistencies between root and backend configurations
- Duplicate dependency definitions between root and backend pyproject.toml
- Root pyproject.toml name conflict (renamed to thrillwiki-workspace)
-
-### Infrastructure
-
- CI/CD now uses UV with dependency caching
- Added dependency groups: dev, test, profiling, lint
- Workspace configuration for monorepo structure
-
---
-
-## Version Pinning Strategy
-
-This project uses the following version pinning strategy:
-
-| Package Type | Format | Example |
-|-------------|--------|---------|
-| Security-critical | `>=X.Y.Z` | `django>=5.2.8` |
-| Stable packages | `>=X.Y` | `django-cors-headers>=4.6` |
-| Rapidly evolving | `>=X.Y,<X+1` | `sentry-sdk>=2.20.0,<3` |
-| Breaking changes | `>=X.Y.Z,<X.Z` | `Pillow>=10.4.0,<11.2` |
-
---
-
-## Migration Guide
-
-### For Developers
-
-1. Update Python to 3.13+
-2. Install UV: `curl -LsSf https://astral.sh/uv/install.sh | sh`
-3. Update dependencies: `cd backend && uv sync --frozen`
-4. Run tests: `uv run manage.py test`
-
-### Breaking Changes
-
- Python 3.11/3.12 no longer supported (requires 3.13+)
- django-allauth updated to 65.x (review social auth configuration)
- sentry-sdk updated to 2.x (review Sentry integration)
--- a/docs/CI_README.md
+++ b/docs/CI_README.md
--- a/docs/CRITICAL_ANALYSIS_HTMX_ALPINE.md
+++ b/docs/CRITICAL_ANALYSIS_HTMX_ALPINE.md
--- a/docs/FRONTEND_MIGRATION_PLAN.md
+++ b/docs/FRONTEND_MIGRATION_PLAN.md
--- a/GAP_ANALYSIS_MATRIX.md
+++ b/GAP_ANALYSIS_MATRIX.md
@@ -1,207 +0,0 @@
-# Gap Analysis Matrix - Deep Logic Audit
-**Generated:** 2025-12-27 | **Audit Level:** Maximum Thoroughness (Line-by-Line)
-
-## Summary Statistics
-| Category | ✅ OK | ⚠️ DEVIATION | ❌ MISSING | Total |
-|----------|-------|--------------|-----------|-------|
-| Field Fidelity | 18 | 2 | 1 | 21 |
-| State Logic | 12 | 1 | 0 | 13 |
-| UI States | 14 | 3 | 0 | 17 |
-| Permissions | 8 | 0 | 0 | 8 |
-| Entity Forms | 10 | 0 | 0 | 10 |
-| Entity CRUD API | 6 | 0 | 0 | 6 |
-| **TOTAL** | **68** | **6** | **1** | **75** |
-
-
---
-
-## 1. Field Fidelity Audit
-
-### Ride Statistics Models
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| `height_ft` as Decimal(6,2) | `rides/models/rides.py:1000` | ✅ OK | `DecimalField(max_digits=6, decimal_places=2)` |
-| `length_ft` as Decimal(7,2) | `rides/models/rides.py:1007` | ✅ OK | `DecimalField(max_digits=7, decimal_places=2)` |
-| `speed_mph` as Decimal(5,2) | `rides/models/rides.py:1014` | ✅ OK | `DecimalField(max_digits=5, decimal_places=2)` |
-| `max_drop_height_ft` | `rides/models/rides.py:1046` | ✅ OK | `DecimalField(max_digits=6, decimal_places=2)` |
-| `g_force` field for coasters | `rides/models/rides.py` | ❌ MISSING | Spec mentions G-forces but `RollerCoasterStats` lacks this field |
-| `inversions` as Integer | `rides/models/rides.py:1021` | ✅ OK | `PositiveIntegerField(default=0)` |
-
-### Water/Dark/Flat Ride Stats
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| `WaterRideStats.splash_height_ft` | `rides/models/stats.py:59` | ✅ OK | `DecimalField(max_digits=5, decimal_places=2)` |
-| `WaterRideStats.wetness_level` | `rides/models/stats.py:52` | ✅ OK | CharField with choices |
-| `DarkRideStats.scene_count` | `rides/models/stats.py:112` | ✅ OK | PositiveIntegerField |
-| `DarkRideStats.animatronic_count` | `rides/models/stats.py:117` | ✅ OK | PositiveIntegerField |
-| `FlatRideStats.max_height_ft` | `rides/models/stats.py:172` | ✅ OK | `DecimalField(max_digits=6, decimal_places=2)` |
-| `FlatRideStats.rotation_speed_rpm` | `rides/models/stats.py:180` | ✅ OK | `DecimalField(max_digits=5, decimal_places=2)` |
-| `FlatRideStats.max_g_force` | `rides/models/stats.py:213` | ✅ OK | `DecimalField(max_digits=4, decimal_places=2)` |
-
-### RideModel Technical Specs
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| `typical_height_range_*_ft` | `rides/models/rides.py:54-67` | ✅ OK | Both min/max as DecimalField |
-| `typical_speed_range_*_mph` | `rides/models/rides.py:68-81` | ✅ OK | Both min/max as DecimalField |
-| Height range constraint | `rides/models/rides.py:184-194` | ✅ OK | CheckConstraint validates min ≤ max |
-| Speed range constraint | `rides/models/rides.py:196-206` | ✅ OK | CheckConstraint validates min ≤ max |
-
-### Park Model Fields
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| `phone` contact field | `parks/models/parks.py` | ⚠️ DEVIATION | Field exists but spec wants E.164 format validation |
-| `email` contact field | `parks/models/parks.py` | ✅ OK | EmailField present |
-| Closing/opening date constraints | `parks/models/parks.py:137-183` | ✅ OK | Multiple CheckConstraints |
-
---
-
-## 2. State Logic Audit
-
-### Submission State Transitions
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| Claim requires PENDING status | `moderation/views.py:1455-1477` | ✅ OK | Explicit check: `if submission.status != "PENDING": return 400` |
-| Unclaim requires CLAIMED status | `moderation/views.py:1520-1525` | ✅ OK | Explicit check before unclaim |
-| Approve requires CLAIMED status | N/A | ⚠️ DEVIATION | Approve/Reject don't explicitly require CLAIMED - can approve from PENDING |
-| Row locking for claim concurrency | `moderation/views.py:1450-1452` | ✅ OK | Uses `select_for_update(nowait=True)` |
-| 409 Conflict on race condition | `moderation/views.py:1458-1464` | ✅ OK | Returns 409 with claimed_by info |
-
-### Ride Status Transitions
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| FSM for ride status | `rides/models/rides.py:552-558` | ✅ OK | `RichFSMField` with state machine |
-| CLOSING requires post_closing_status | `rides/models/rides.py:697-704` | ✅ OK | ValidationError if missing |
-| Transition wrapper methods | `rides/models/rides.py:672-750` | ✅ OK | All transitions have wrapper methods |
-| Status validation on save | `rides/models/rides.py:752-796` | ✅ OK | Computed fields populated on save |
-
-### Park Status Transitions
-
-| Requirement | File | Status | Notes |
-|-------------|------|--------|-------|
-| FSM for park status | `parks/models/parks.py` | ✅ OK | `RichFSMField` with StateMachineMixin |
-| Transition methods | `parks/models/parks.py:189-221` | ✅ OK | reopen, close_temporarily, etc. |
-| Closing date on permanent close | `parks/models/parks.py:204-211` | ✅ OK | Optional closing_date param |
-
---
-
-## 3. UI States Audit
-
-### Loading States
-
-| Page | File | Status | Notes |
-|------|------|--------|-------|
-| Park Detail loading spinner | `parks/[park_slug]/index.vue:119-121` | ✅ OK | Full-screen spinner with `svg-spinners:ring-resize` |
-| Park Detail error state | `parks/[park_slug]/index.vue:124-127` | ✅ OK | "Park Not Found" with back button |
-| Moderation skeleton loaders | `moderation/index.vue:252-256` | ✅ OK | `BentoCard :loading="true"` |
-| Search page loading | `search/index.vue` | ⚠️ DEVIATION | Uses basic pending state, no skeleton |
-| Rides listing loading | `rides/index.vue` | ⚠️ DEVIATION | Basic loading state, no fancy skeleton |
-| Credits page loading | `profile/credits.vue` | ✅ OK | Proper loading state |
-
-### Error Handling & Toasts
-
-| Feature | File | Status | Notes |
-|---------|------|--------|-------|
-| Moderation toast notifications | `moderation/index.vue:16,72-94` | ✅ OK | `useToast()` with success/warning/error variants |
-| Moderation 409 conflict handling | `moderation/index.vue:82-88` | ✅ OK | Special handling for already-claimed |
-| Park Detail error fallback | `parks/[park_slug]/index.vue:124-127` | ✅ OK | Error boundary with retry |
-| Form validation toasts | Various | ⚠️ DEVIATION | Inconsistent - some forms use inline errors only |
-| Global error toast composable | `composables/useToast.ts` | ✅ OK | Centralized toast system exists |
-
-### Empty States
-
-| Component | File | Status | Notes |
-|-----------|------|--------|-------|
-| Reviews empty state | `parks/[park_slug]/index.vue:283-286` | ✅ OK | Icon + message + CTA |
-| Photos empty state | `parks/[park_slug]/index.vue:321-325` | ✅ OK | "Upload one" link |
-| Moderation empty state | `moderation/index.vue:392-412` | ✅ OK | Context-aware messages per tab |
-| Rides empty state | `parks/[park_slug]/index.vue:247-250` | ✅ OK | "Add the first ride" CTA |
-| Credits empty state | N/A | ❌ MISSING | No dedicated empty state for credits page |
-| Lists empty state | N/A | ❌ MISSING | No dedicated empty state for user lists |
-
-### Real-time Updates
-
-| Feature | File | Status | Notes |
-|---------|------|--------|-------|
-| SSE for moderation dashboard | `moderation/index.vue:194-220` | ✅ OK | `subscribeToDashboardUpdates()` with cleanup |
-| Optimistic UI for claims | `moderation/index.vue:40-63` | ✅ OK | Map-based optimistic state tracking |
-| Processing indicators | `moderation/index.vue:268-273` | ✅ OK | Per-item "Processing..." indicator |
-
---
-
-## 4. Permissions Audit
-
-### Moderation Endpoints
-
-| Endpoint | File:Line | Permission | Status |
-|----------|-----------|------------|--------|
-| Report assign | `moderation/views.py:136` | `IsModeratorOrAdmin` | ✅ OK |
-| Report resolve | `moderation/views.py:215` | `IsModeratorOrAdmin` | ✅ OK |
-| Queue assign | `moderation/views.py:593` | `IsModeratorOrAdmin` | ✅ OK |
-| Queue unassign | `moderation/views.py:666` | `IsModeratorOrAdmin` | ✅ OK |
-| Queue complete | `moderation/views.py:732` | `IsModeratorOrAdmin` | ✅ OK |
-| EditSubmission claim | `moderation/views.py:1436` | `IsModeratorOrAdmin` | ✅ OK |
-| BulkOperation ViewSet | `moderation/views.py:1170` | `IsModeratorOrAdmin` | ✅ OK |
-| Moderator middleware (frontend) | `moderation/index.vue:11-13` | `middleware: ['moderator']` | ✅ OK |
-
---
-
-## 5. Entity Forms Audit
-
-| Entity | Create | Edit | Status |
-|--------|--------|------|--------|
-| Park | `CreateParkModal.vue` | `EditParkModal.vue` | ✅ OK |
-| Ride | `CreateRideModal.vue` | `EditRideModal.vue` | ✅ OK |
-| Company | `CreateCompanyModal.vue` | `EditCompanyModal.vue` | ✅ OK |
-| RideModel | `CreateRideModelModal.vue` | `EditRideModelModal.vue` | ✅ OK |
-| UserList | `CreateListModal.vue` | `EditListModal.vue` | ✅ OK |
-
---
-
-## Priority Gaps to Address
-
-### High Priority (Functionality Gaps)
-
-1. **`RollerCoasterStats` missing `g_force` field**
-   - Location: `backend/apps/rides/models/rides.py:990-1080`
-   - Impact: Coaster enthusiasts expect G-force data
-   - Fix: Add `max_g_force = models.DecimalField(max_digits=4, decimal_places=2, null=True, blank=True)`
-
-### Medium Priority (Deviations)
-
-4. **Approve/Reject don't require CLAIMED status**
-   - Location: `moderation/views.py`
-   - Impact: Moderators can approve without claiming first
-   - Fix: Add explicit CLAIMED check or document as intentional
-
-5. **Park phone field lacks E.164 validation**
-   - Location: `parks/models/parks.py`
-   - Fix: Add `phonenumbers` library validation
-
-6. **Inconsistent form validation feedback**
-   - Multiple locations
-   - Fix: Standardize to toast + inline hybrid approach
-
---
-
-## Verification Commands
-
-```bash
-# Check for missing G-force field
-uv run manage.py shell -c "from apps.rides.models import RollerCoasterStats; print([f.name for f in RollerCoasterStats._meta.fields])"
-
-# Verify state machine transitions
-uv run manage.py test apps.moderation.tests.test_state_transitions -v 2
-
-# Run full frontend type check
-cd frontend && npx nuxi typecheck
-```
-
---
-
-*Audit completed with Maximum Thoroughness setting. All findings verified against source code.*
--- a/IMPLEMENTATION_PLAN.md
+++ b/IMPLEMENTATION_PLAN.md
@@ -1,179 +0,0 @@
-# ThrillWiki Implementation Plan
-
-## User Review Required
-> [!IMPORTANT]
-> **Measurement Unit System**: The backend will store all values in **Metric**. The Frontend (`useUnits` composable) will handle conversion to Imperial based on user preference.
-> **Sacred Pipeline Enforcement**: All user edits create `Submission` records (stored as JSON). No direct database edits are allowed for non-admin users.
-
-## Proposed Changes
-
-### Backend (Django + DRF)
-
-#### 1. Core & Auth Infrastructure
- [x] **`apps.core`**: Implement `TrackedModel` using `pghistory` for all core entities to support Edit History and Versioning (Section 15).
- [x] **`apps.accounts`**:
-    - `User` & `UserProfile` models (Bio, Location, Home Park).
-    - **Settings Support**: Endpoints for changing Email, Password, MFA, and Sessions (Section 9.1-9.2).
-    - **Privacy**: Fields for `public_profile`, `show_location`, etc. (Section 9.3).
-    - **Data Export**: Endpoint to generate JSON dump of all user data (Section 9.6).
-    - **Account Deletion**: `UserDeletionRequest` model with 7-day grace period (Section 9.6).
-
-#### 2. Entity Models & Logic ("Live" Data)
- [x] **`apps.parks`**: `Park` (with Operator/Owner FKs, Geolocation).
- [x] **`apps.rides`**: `Ride` (Status FSM), `RideModel`, `Manufacturer`, `Designer`.
- [x] **`apps.rides` (Credits)**: `RideCredit` Through-Model with `count`, `rating`, `date`, `notes`. Constraint: Unique(user, ride).
- [x] **`apps.companies`**: `Company` model with types (`Manufacturer`, `Designer`, `Operator`, `Owner`).
- [x] **`apps.lists`**: `UserList` (Ranking System) and `UserListItem`.
- [x] **`apps.reviews`**: `Review` model (GenericFK) with Aggregation Logic.
-
-#### 3. The Sacred Pipeline (`apps.moderation`)
- [x] **Submission Model**: Stores `changes` (JSON), `status` (State Machine), `moderator_note`.
- [x] **Submission Serializers**: Handle validation of "Proposed Data" vs "Live Data".
- [x] **Queue Endpoints**: `list_pending`, `claim`, `approve`, `reject`, `activity_log`, `stats`.
- [x] **Reports**: `Report` model and endpoints.
-
-### Frontend (Nuxt 4)
-
-#### 1. Initial Setup & Core
- [x] **Composables**: `useUnits` (Metric/Imperial), `useAuth` (MFA, Session), `useApi`.
- [x] **Layouts**: Standard Layout (Hero, Tabs), Auth Layout.
-
-#### 2. Discovery & Search (Section 1 & 6)
- [x] **Global Search**: Hero Search with Autocomplete (Parks, Rides, Companies).
- [x] **Discovery Tabs** (11 Sections):
-    - [x] Trending Parks / Rides
-    - [x] New Parks / Rides
-    - [x] Top Parks / Rides
-    - [x] Opening Soon / Recently Opened
-    - [x] Closing Soon / Recently Closed
-    - [x] Recent Changes Feed
-
-#### 3. Content Pages (Read-Only Views)
- [ ] **Park Detail**: Tabs (Overview, Rides, Reviews, Photos, History).
- [ ] **Ride Detail**: Tabs (Overview, Specifications, Reviews, Photos, History).
- [ ] **Company Pages**: Manufacturer, Designer, Operator, Property Owner details.
- [ ] **Maps**: Interactive "Parks Nearby" map.
-
-#### 4. The Sacred Submission Pipeline (Write Views)
- [ ] **Submission Forms** (Multi-step Wizards):
-    - [ ] **Park Form**: Location, Dates, Media, Relations.
-    - [ ] **Ride Form**: Specs (with Unit Toggle), Relations, Park selection.
-    - [ ] **Company Form**: Type selection, HQ, details.
-    - [ ] **Photo Upload**: Bulk upload, captioning, crop.
- [ ] **Editing**: Load existing data into form -> Submit as JSON Diff.
-
-#### 5. Moderation Interface (Section 16)
- [ ] **Dashboard**: Queue stats, Assignments.
- [ ] **Queues**:
-    - [ ] **Pending Queue**: Filter by Type, Submitter, Date.
-    - [ ] **Reports Queue**.
-    - [ ] **Audit Log**.
- [ ] **Review Workspace**:
-    - [ ] **Diff Viewer**: Visual Old vs New comparison.
-    - [ ] **Actions**: Claim, Approve, Reject (with reason), Edit.
-
-#### 6. User Experience & Settings
- [ ] **User Profile**: Activity Feed, Credits Tab, Lists Tab, Reviews Tab.
- [ ] **Ride Credits Management**: Add/Edit Credit (Date, Count, Notes).
- [ ] **Settings Area** (6 Tabs):
-    - [ ] Account & Profile (Edit generic info).
-    - [ ] Security (MFA setup, Active Sessions).
-    - [ ] Privacy (Visibility settings).
-    - [ ] Notifications.
-    - [ ] Location & Info (Timezone, Home Park).
-    - [ ] Data & Export (JSON Download, Delete Account).
-
-#### 7. Lists System
- [ ] **List Management**: Create/Edit Lists (Public/Private).
- [ ] **List Editor**: Search items, Add to list, Drag-and-drop reorder, Add notes.
-
-## Verification Plan
-
-### Automated Tests
- **Backend**: `pytest` for all Model constraints and API permissions.
-    - Test Submission State Machine: `Pending -> Claimed -> Approved`.
-    - Test Versioning: Ensure `pghistory` tracks changes on approval.
- **Frontend**: `vitest` for Unit Tests (Composables).
-
-### Manual Verification Flows
-1. **Sacred Pipeline Flow**:
-   - **User**: Submit a change to "Top Thrill 2" (add stats).
-   - **Moderator**: Go to Queue -> Claim -> Verify Diff -> Approve.
-   - **Public**: Verify "Top Thrill 2" page shows new stats and "Last Updated" is now.
-   - **History**: Verify "History" tab shows the update event.
-
-2. **Ride Credits**:
-   - Go to "Iron Gwazi" page.
-   - Click "Add to Credits" -> Enter `Count: 5`, `Rating: 4.5`.
-   - Go to Profile -> Ride Credits. Verify Iron Gwazi is listed with correct data.
-
-3. **Data Privacy & Export**:
-   - Go to Settings -> Privacy -> Toggle "Private Profile".
-   - Open Profile URL in Incognito -> Verify 404 or "Private" message.
-   - Go to Settings -> Data -> "Download Data" -> Verify JSON structure.
-
---
-
-## Gap Reconciliation Batches (Added 2025-12-26)
-
-> [!IMPORTANT]
-> These batches were identified during the Full Project Synchronization audit.
-> Refer to `GAP_ANALYSIS_MATRIX.md` for detailed per-feature status.
-
-### BATCH 1: Critical Missing Pages (HIGH PRIORITY)
- [ ] `/my-credits` - Ride Credits Dashboard with stats, filters, quick increment
- [ ] `/settings` - Full Settings Page (6 sections: Account, Security, Privacy, Notifications, Location, Data)
- [ ] `/parks/nearby` - Location-based Discovery with Leaflet map, geolocation, radius slider
- [ ] `/my-submissions` - Submission History for user's past edits
- [ ] Static Pages: `/terms`, `/privacy`, `/guidelines`
-
-### BATCH 2: Missing Tabs on Existing Pages (HIGH PRIORITY)
- [ ] Park Detail - Add Reviews, Photos, History tabs
- [ ] Ride Detail - Add Specifications, Reviews, Photos, History tabs
- [ ] Homepage - Expand to 11 Discovery Tabs (All, Parks, Coasters, Flat, Water, Dark, Shows, Transport, Manufacturers, Designers, Recent)
- [ ] Profile Page - Add Reviews, Ride Credits tabs
-
-### BATCH 3: Missing Components (MEDIUM PRIORITY)
- [ ] `ReviewCard.vue` - User review display with voting
- [ ] `CreditCard.vue` - Ride credit display with quick actions
- [ ] `StarRating.vue` - Star rating visualization
- [ ] `DiffViewer.vue` - Side-by-side comparison for moderation
- [ ] `ImageGallery.vue` - Photo gallery with lightbox
- [ ] `AppFooter.vue` - Site-wide footer
- [ ] `Breadcrumbs.vue` - Hierarchical navigation
- [ ] DatePicker and Range Slider components
-
-### BATCH 4: Submission Forms (MEDIUM PRIORITY)
- [ ] `/submit/park` - Multi-step park submission wizard
- [ ] `/submit/ride` - Multi-step ride submission wizard
- [ ] `/submit/company` - Company submission wizard
- [ ] Edit forms for existing entities with JSON diff
-
-### BATCH 5: Company Pages (MEDIUM PRIORITY)
- [ ] `/designers` - Designers listing and detail pages
- [ ] `/operators` - Operators listing and detail pages
- [ ] `/owners` - Property Owners listing and detail pages
- [ ] `/ride-models/[slug]` - Ride Model detail with installations
-
-### BATCH 6: Enhanced Features (LOW PRIORITY)
- [ ] OAuth Authentication (Google, Discord)
- [ ] Magic Link Login
- [ ] CAPTCHA integration on forms
- [ ] MFA Setup UI
- [ ] Review voting (thumbs up/down) and replies
- [ ] Recent searches history
- [ ] Drag-and-drop list reordering
- [ ] Glass card effects (dark mode)
- [ ] Reduced motion support
-
---
-
-## Execution Order Recommendation
-
-1. **Start with BATCH 1** - Critical pages users expect
-2. **Then BATCH 2** - Complete existing pages
-3. **Then BATCH 3** - Components needed by batches 1 & 2
-4. **Then BATCH 4** - Enable user contributions
-5. **Then BATCH 5** - Additional entity types
-6. **Finally BATCH 6** - Polish and enhancements
-
--- a/MASTER_OMNI_LOG.md
+++ b/MASTER_OMNI_LOG.md
@@ -1,59 +0,0 @@
-# MASTER OMNI LOG
-
-## Phase 1: Gap Analysis [x]
- [x] Scan backend/urls.py and ViewSets vs frontend services.
- [x] Identify missing/broken endpoints.
- [x] Identify UX/UI gaps (Loading, Error Handling).
- [x] Check Theme/CSS configuration.
-
-## Phase 3: Execution Loop [x]
-
-### Feature: Core Infrastructure
- [x] **Fix Missing Composables**: Create `frontend/app/composables/useModeration.ts` matching `apps.moderation` endpoints.
- [x] **Roadtrip API**: Create `frontend/app/composables/useRoadtripApi.ts` matching `apps.parks` roadtrip endpoints.
- [x] **FSM Support**: Add generic FSM transition methods to `useApi.ts` or specific composables.
-
-### Feature: Parks & Rides
- [x] **Park API Gaps**: Add `getOperators`, `searchLocation` to `useParksApi.ts`.
- [x] **Ride API Gaps**: Add `getManufacturers`, `getDesigners` to `useRidesApi.ts`.
- [x] **Frontend Pages**: Ensure `parks/roadtrip` page exists or create it.
- [x] **Manufacturers Page**: Ensure `manufacturers/` page exists.
-
-### Feature: UX & Interactivity
- [x] **Moderation Dashboard**: Updates `useModeration` usage in `moderation/index.vue`. Add error handling.
- [x] **Status Colors**: Refactor `main.css` hardcoded hex values to use CSS variables or Tailwind tokens.
- [x] **Loading States**: Audit `pages/parks/[slug].vue` and `pages/rides/[slug].vue` for skeleton loaders.
-
-### Feature: Theme & Polish
- [x] **Dark Mode**: Verify `input.css` / `main.css` `@theme` usage.
- [x] **Contrast**: Check status badge text contrast in Dark Mode.
-
-## Execution Checklists
-
-### 1. Moderation API Parity
- [x] Implement `getReports`
- [x] Implement `getQueue`
- [x] Implement `getActions`
- [x] Implement `getBulkOperations`
- [x] Implement `userModeration` endpoints
- [x] Implement `approve`/`reject`/`escalate` actions
-
-### 2. Roadtrip API Parity
- [x] Implement `getRoadtrips` (Skipped: Backend does not persist trips)
- [x] Implement `createTrip`
- [x] Implement `getTripDetail` (Skipped: Backend does not persist trips)
- [x] Implement `findParksAlongRoute`
- [x] Implement `geocodeAddress`
- [x] Implement `calculateDistance`
- [x] Implement `optimizeRoute` (Covered by createTrip)
-
-### 3. CSS Standardization
- [x] Replace `#f59e0b` with `var(--color-warning-500)` or tailwind class.
- [x] Replace `#10b981` with `var(--color-success-500)`.
- [x] Replace `#ef4444` with `var(--color-error-500)`.
- [x] Replace `#8b5cf6` with `var(--color-violet-500)`.
-
-## Phase 4: Final Verification [x]
- [-] **Type Check**: Run `npx nuxi typecheck` (Found errors, but build succeeds).
- [x] **Build Check**: Run `npm run build` (Success).
- [x] **Lint Check**: Run `npm run lint` (Skipped).
--- a/docs/MIGRATION_IMPLEMENTATION_SUMMARY.md
+++ b/docs/MIGRATION_IMPLEMENTATION_SUMMARY.md
--- a/README.md
+++ b/README.md
@@ -0,0 +1,229 @@
+# ThrillWiki Backend
+
+Django REST API backend for the ThrillWiki monorepo.
+
+## 🏗️ Architecture
+
+This backend follows Django best practices with a modular app structure:
+
+```
+backend/
+├── apps/                 # Django applications
+│   ├── accounts/         # User management
+│   ├── parks/           # Theme park data
+│   ├── rides/           # Ride information
+│   ├── moderation/      # Content moderation
+│   ├── location/        # Geographic data
+│   ├── media/           # File management
+│   ├── email_service/   # Email functionality
+│   └── core/            # Core utilities
+├── config/              # Django configuration
+│   ├── django/          # Settings files
+│   └── settings/        # Modular settings
+├── templates/           # Django templates
+├── static/              # Static files
+└── tests/               # Test files
+```
+
+## 🛠️ Technology Stack
+
+- **Django 5.0+** - Web framework
+- **Django REST Framework** - API framework
+- **PostgreSQL** - Primary database
+- **Redis** - Caching and sessions
+- **UV** - Python package management
+- **Celery** - Background task processing
+
+## 🚀 Quick Start
+
+### Prerequisites
+
+- Python 3.11+
+- [uv](https://docs.astral.sh/uv/) package manager
+- PostgreSQL 14+
+- Redis 6+
+
+### Setup
+
+1. **Install dependencies**
+   ```bash
+   cd backend
+   uv sync
+   ```
+
+2. **Environment configuration**
+   ```bash
+   cp .env.example .env
+   # Edit .env with your settings
+   ```
+
+3. **Database setup**
+   ```bash
+   uv run manage.py migrate
+   uv run manage.py createsuperuser
+   ```
+
+4. **Start development server**
+   ```bash
+   uv run manage.py runserver
+   ```
+
+## 🔧 Configuration
+
+### Environment Variables
+
+Required environment variables:
+
+```bash
+# Database
+DATABASE_URL=postgresql://user:pass@localhost/thrillwiki
+
+# Django
+SECRET_KEY=your-secret-key
+DEBUG=True
+DJANGO_SETTINGS_MODULE=config.django.local
+
+# Redis
+REDIS_URL=redis://localhost:6379
+
+# Email (optional)
+EMAIL_HOST=smtp.gmail.com
+EMAIL_PORT=587
+EMAIL_USE_TLS=True
+EMAIL_HOST_USER=your-email@gmail.com
+EMAIL_HOST_PASSWORD=your-app-password
+```
+
+### Settings Structure
+
+- `config/django/base.py` - Base settings
+- `config/django/local.py` - Development settings
+- `config/django/production.py` - Production settings
+- `config/django/test.py` - Test settings
+
+## 📁 Apps Overview
+
+### Core Apps
+
+- **accounts** - User authentication and profile management
+- **parks** - Theme park models and operations
+- **rides** - Ride information and relationships
+- **core** - Shared utilities and base classes
+
+### Support Apps
+
+- **moderation** - Content moderation workflows
+- **location** - Geographic data and services
+- **media** - File upload and management
+- **email_service** - Email sending and templates
+
+## 🔌 API Endpoints
+
+Base URL: `http://localhost:8000/api/`
+
+### Authentication
+- `POST /auth/login/` - User login
+- `POST /auth/logout/` - User logout
+- `POST /auth/register/` - User registration
+
+### Parks
+- `GET /parks/` - List parks
+- `GET /parks/{id}/` - Park details
+- `POST /parks/` - Create park (admin)
+
+### Rides
+- `GET /rides/` - List rides
+- `GET /rides/{id}/` - Ride details
+- `GET /parks/{park_id}/rides/` - Rides by park
+
+## 🧪 Testing
+
+```bash
+# Run all tests
+uv run manage.py test
+
+# Run specific app tests
+uv run manage.py test apps.parks
+
+# Run with coverage
+uv run coverage run manage.py test
+uv run coverage report
+```
+
+## 🔧 Management Commands
+
+Custom management commands:
+
+```bash
+# Import park data
+uv run manage.py import_parks data/parks.json
+
+# Generate test data
+uv run manage.py generate_test_data
+
+# Clean up expired sessions
+uv run manage.py clearsessions
+```
+
+## 📊 Database
+
+### Entity Relationships
+
+- **Parks** have Operators (required) and PropertyOwners (optional)
+- **Rides** belong to Parks and may have Manufacturers/Designers
+- **Users** can create submissions and moderate content
+
+### Migrations
+
+```bash
+# Create migrations
+uv run manage.py makemigrations
+
+# Apply migrations
+uv run manage.py migrate
+
+# Show migration status
+uv run manage.py showmigrations
+```
+
+## 🔐 Security
+
+- CORS configured for frontend integration
+- CSRF protection enabled
+- JWT token authentication
+- Rate limiting on API endpoints
+- Input validation and sanitization
+
+## 📈 Performance
+
+- Database query optimization
+- Redis caching for frequent queries
+- Background task processing with Celery
+- Database connection pooling
+
+## 🚀 Deployment
+
+See the [Deployment Guide](../shared/docs/deployment/) for production setup.
+
+## 🐛 Debugging
+
+### Development Tools
+
+- Django Debug Toolbar
+- Django Extensions
+- Silk profiler for performance analysis
+
+### Logging
+
+Logs are written to:
+- Console (development)
+- Files in `logs/` directory (production)
+- External logging service (production)
+
+## 🤝 Contributing
+
+1. Follow Django coding standards
+2. Write tests for new features
+3. Update documentation
+4. Run linting: `uv run flake8 .`
+5. Format code: `uv run black .`
--- a/docs/README_HYBRID_ENDPOINTS.md
+++ b/docs/README_HYBRID_ENDPOINTS.md
--- a/docs/TAILWIND_V4_MIGRATION.md
+++ b/docs/TAILWIND_V4_MIGRATION.md
--- a/docs/TAILWIND_V4_QUICK_REFERENCE.md
+++ b/docs/TAILWIND_V4_QUICK_REFERENCE.md
--- a/THRILLWIKI_API_DOCUMENTATION.md
+++ b/THRILLWIKI_API_DOCUMENTATION.md
@@ -0,0 +1,470 @@
+# ThrillWiki API Documentation v1
+## Complete Frontend Developer Reference
+
+**Base URL**: `/api/v1/`  
+**Authentication**: JWT Bearer tokens  
+**Content-Type**: `application/json`
+
+---
+
+## 🔐 Authentication Endpoints (`/api/v1/auth/`)
+
+### Core Authentication
+- **POST** `/auth/login/` - User login with username/email and password
+- **POST** `/auth/signup/` - User registration (email verification required)
+- **POST** `/auth/logout/` - Logout current user (blacklist refresh token)
+- **GET** `/auth/user/` - Get current authenticated user information
+- **POST** `/auth/status/` - Check authentication status
+
+### Password Management
+- **POST** `/auth/password/reset/` - Request password reset email
+- **POST** `/auth/password/change/` - Change current user's password
+
+### Email Verification
+- **GET** `/auth/verify-email/<token>/` - Verify email with token
+- **POST** `/auth/resend-verification/` - Resend email verification
+
+### Social Authentication
+- **GET** `/auth/social/providers/` - Get available social auth providers
+- **GET** `/auth/social/providers/available/` - Get available social providers list
+- **GET** `/auth/social/connected/` - Get user's connected social providers
+- **POST** `/auth/social/connect/<provider>/` - Connect social provider (Google, Discord)
+- **POST** `/auth/social/disconnect/<provider>/` - Disconnect social provider
+- **GET** `/auth/social/status/` - Get comprehensive social auth status
+- **POST** `/auth/social/` - Social auth endpoints (dj-rest-auth)
+
+### JWT Token Management
+- **POST** `/auth/token/refresh/` - Refresh JWT access token
+
+---
+
+## 🏞️ Parks API Endpoints (`/api/v1/parks/`)
+
+### Core CRUD Operations
+- **GET** `/parks/` - List parks with comprehensive filtering and pagination
+- **POST** `/parks/` - Create new park (authenticated users)
+- **GET** `/parks/<pk>/` - Get park details (supports ID or slug)
+- **PATCH** `/parks/<pk>/` - Update park (partial update)
+- **PUT** `/parks/<pk>/` - Update park (full update)
+- **DELETE** `/parks/<pk>/` - Delete park
+
+### Filtering & Search
+- **GET** `/parks/filter-options/` - Get available filter options
+- **GET** `/parks/search/companies/?q=<query>` - Search companies/operators
+- **GET** `/parks/search-suggestions/?q=<query>` - Get park search suggestions
+- **GET** `/parks/hybrid/` - Hybrid park filtering with advanced options
+- **GET** `/parks/hybrid/filter-metadata/` - Get filter metadata for hybrid filtering
+
+### Park Photos Management
+- **GET** `/parks/<park_pk>/photos/` - List park photos
+- **POST** `/parks/<park_pk>/photos/` - Upload park photo
+- **GET** `/parks/<park_pk>/photos/<id>/` - Get park photo details
+- **PATCH** `/parks/<park_pk>/photos/<id>/` - Update park photo
+- **DELETE** `/parks/<park_pk>/photos/<id>/` - Delete park photo
+- **POST** `/parks/<park_pk>/photos/<id>/set_primary/` - Set photo as primary
+- **POST** `/parks/<park_pk>/photos/bulk_approve/` - Bulk approve/reject photos (admin)
+- **GET** `/parks/<park_pk>/photos/stats/` - Get park photo statistics
+
+### Park Settings
+- **GET** `/parks/<pk>/image-settings/` - Get park image settings
+- **POST** `/parks/<pk>/image-settings/` - Update park image settings
+
+#### Park Filtering Parameters (24 total):
+- **Pagination**: `page`, `page_size`
+- **Search**: `search`
+- **Location**: `continent`, `country`, `state`, `city`
+- **Attributes**: `park_type`, `status`
+- **Companies**: `operator_id`, `operator_slug`, `property_owner_id`, `property_owner_slug`
+- **Ratings**: `min_rating`, `max_rating`
+- **Ride Counts**: `min_ride_count`, `max_ride_count`
+- **Opening Year**: `opening_year`, `min_opening_year`, `max_opening_year`
+- **Roller Coasters**: `has_roller_coasters`, `min_roller_coaster_count`, `max_roller_coaster_count`
+- **Ordering**: `ordering`
+
+---
+
+## 🎢 Rides API Endpoints (`/api/v1/rides/`)
+
+### Core CRUD Operations
+- **GET** `/rides/` - List rides with comprehensive filtering
+- **POST** `/rides/` - Create new ride
+- **GET** `/rides/<pk>/` - Get ride details
+- **PATCH** `/rides/<pk>/` - Update ride (partial)
+- **PUT** `/rides/<pk>/` - Update ride (full)
+- **DELETE** `/rides/<pk>/` - Delete ride
+
+### Filtering & Search
+- **GET** `/rides/filter-options/` - Get available filter options
+- **GET** `/rides/search/companies/?q=<query>` - Search ride companies
+- **GET** `/rides/search/ride-models/?q=<query>` - Search ride models
+- **GET** `/rides/search-suggestions/?q=<query>` - Get ride search suggestions
+- **GET** `/rides/hybrid/` - Hybrid ride filtering
+- **GET** `/rides/hybrid/filter-metadata/` - Get ride filter metadata
+
+### Ride Photos Management
+- **GET** `/rides/<ride_pk>/photos/` - List ride photos
+- **POST** `/rides/<ride_pk>/photos/` - Upload ride photo
+- **GET** `/rides/<ride_pk>/photos/<id>/` - Get ride photo details
+- **PATCH** `/rides/<ride_pk>/photos/<id>/` - Update ride photo
+- **DELETE** `/rides/<ride_pk>/photos/<id>/` - Delete ride photo
+- **POST** `/rides/<ride_pk>/photos/<id>/set_primary/` - Set photo as primary
+
+### Ride Manufacturers
+- **GET** `/rides/manufacturers/<manufacturer_slug>/` - Manufacturer-specific endpoints
+
+### Ride Settings
+- **GET** `/rides/<pk>/image-settings/` - Get ride image settings
+- **POST** `/rides/<pk>/image-settings/` - Update ride image settings
+
+---
+
+## 👤 User Accounts API (`/api/v1/accounts/`)
+
+### User Management (Admin)
+- **DELETE** `/accounts/users/<user_id>/delete/` - Delete user while preserving submissions
+- **GET** `/accounts/users/<user_id>/deletion-check/` - Check user deletion eligibility
+
+### Self-Service Account Management
+- **POST** `/accounts/delete-account/request/` - Request account deletion
+- **POST** `/accounts/delete-account/verify/` - Verify account deletion
+- **POST** `/accounts/delete-account/cancel/` - Cancel account deletion
+
+### User Profile Management
+- **GET** `/accounts/profile/` - Get user profile
+- **PATCH** `/accounts/profile/account/` - Update user account info
+- **PATCH** `/accounts/profile/update/` - Update user profile
+
+### User Preferences
+- **GET** `/accounts/preferences/` - Get user preferences
+- **PATCH** `/accounts/preferences/update/` - Update user preferences
+- **PATCH** `/accounts/preferences/theme/` - Update theme preference
+
+### Settings Management
+- **GET** `/accounts/settings/notifications/` - Get notification settings
+- **PATCH** `/accounts/settings/notifications/update/` - Update notification settings
+- **GET** `/accounts/settings/privacy/` - Get privacy settings
+- **PATCH** `/accounts/settings/privacy/update/` - Update privacy settings
+- **GET** `/accounts/settings/security/` - Get security settings
+- **PATCH** `/accounts/settings/security/update/` - Update security settings
+
+### User Statistics & Lists
+- **GET** `/accounts/statistics/` - Get user statistics
+- **GET** `/accounts/top-lists/` - Get user's top lists
+- **POST** `/accounts/top-lists/create/` - Create new top list
+- **PATCH** `/accounts/top-lists/<list_id>/` - Update top list
+- **DELETE** `/accounts/top-lists/<list_id>/delete/` - Delete top list
+
+### Notifications
+- **GET** `/accounts/notifications/` - Get user notifications
+- **POST** `/accounts/notifications/mark-read/` - Mark notifications as read
+- **GET** `/accounts/notification-preferences/` - Get notification preferences
+- **PATCH** `/accounts/notification-preferences/update/` - Update notification preferences
+
+### Avatar Management
+- **POST** `/accounts/profile/avatar/upload/` - Upload avatar
+- **POST** `/accounts/profile/avatar/save/` - Save avatar image
+- **DELETE** `/accounts/profile/avatar/delete/` - Delete avatar
+
+---
+
+## 🗺️ Maps API (`/api/v1/maps/`)
+
+### Location Data
+- **GET** `/maps/locations/` - Get map locations data
+- **GET** `/maps/locations/<location_type>/<location_id>/` - Get location details
+- **GET** `/maps/search/` - Search locations on map
+- **GET** `/maps/bounds/` - Query locations within bounds
+
+### Map Services
+- **GET** `/maps/stats/` - Get map service statistics
+- **GET** `/maps/cache/` - Get map cache information
+- **POST** `/maps/cache/invalidate/` - Invalidate map cache
+
+---
+
+## 🔍 Core Search API (`/api/v1/core/`)
+
+### Entity Search
+- **GET** `/core/entities/search/` - Fuzzy search for entities
+- **GET** `/core/entities/not-found/` - Handle entity not found
+- **GET** `/core/entities/suggestions/` - Quick entity suggestions
+
+---
+
+## 📧 Email API (`/api/v1/email/`)
+
+### Email Services
+- **POST** `/email/send/` - Send email
+
+---
+
+## 📜 History API (`/api/v1/history/`)
+
+### Park History
+- **GET** `/history/parks/<park_slug>/` - Get park history
+- **GET** `/history/parks/<park_slug>/detail/` - Get detailed park history
+
+### Ride History
+- **GET** `/history/parks/<park_slug>/rides/<ride_slug>/` - Get ride history
+- **GET** `/history/parks/<park_slug>/rides/<ride_slug>/detail/` - Get detailed ride history
+
+### Unified Timeline
+- **GET** `/history/timeline/` - Get unified history timeline
+
+---
+
+## 📈 System & Analytics APIs
+
+### Health Checks
+- **GET** `/api/v1/health/` - Comprehensive health check
+- **GET** `/api/v1/health/simple/` - Simple health check
+- **GET** `/api/v1/health/performance/` - Performance metrics
+
+### Trending & Discovery
+- **GET** `/api/v1/trending/` - Get trending content
+- **GET** `/api/v1/new-content/` - Get new content
+- **POST** `/api/v1/trending/calculate/` - Trigger trending calculation
+
+### Statistics
+- **GET** `/api/v1/stats/` - Get system statistics
+- **POST** `/api/v1/stats/recalculate/` - Recalculate statistics
+
+### Reviews
+- **GET** `/api/v1/reviews/latest/` - Get latest reviews
+
+### Rankings
+- **GET** `/api/v1/rankings/` - Get ride rankings with filtering
+- **GET** `/api/v1/rankings/<ride_slug>/` - Get detailed ranking for specific ride
+- **GET** `/api/v1/rankings/<ride_slug>/history/` - Get ranking history for ride
+- **GET** `/api/v1/rankings/<ride_slug>/comparisons/` - Get head-to-head comparisons
+- **GET** `/api/v1/rankings/statistics/` - Get ranking system statistics
+- **POST** `/api/v1/rankings/calculate/` - Trigger ranking calculation (admin)
+
+#### Rankings Filtering Parameters:
+- **category**: Filter by ride category (RC, DR, FR, WR, TR, OT)
+- **min_riders**: Minimum number of mutual riders required
+- **park**: Filter by park slug
+- **ordering**: Order results (rank, -rank, winning_percentage, -winning_percentage)
+
+---
+
+## 🛡️ Moderation API (`/api/v1/moderation/`)
+
+### Moderation Reports
+- **GET** `/moderation/reports/` - List all moderation reports
+- **POST** `/moderation/reports/` - Create new moderation report
+- **GET** `/moderation/reports/<id>/` - Get specific report details
+- **PUT** `/moderation/reports/<id>/` - Update moderation report
+- **PATCH** `/moderation/reports/<id>/` - Partial update report
+- **DELETE** `/moderation/reports/<id>/` - Delete moderation report
+- **POST** `/moderation/reports/<id>/assign/` - Assign report to moderator
+- **POST** `/moderation/reports/<id>/resolve/` - Resolve moderation report
+- **GET** `/moderation/reports/stats/` - Get report statistics
+
+### Moderation Queue
+- **GET** `/moderation/queue/` - List moderation queue items
+- **POST** `/moderation/queue/` - Create queue item
+- **GET** `/moderation/queue/<id>/` - Get specific queue item
+- **PUT** `/moderation/queue/<id>/` - Update queue item
+- **PATCH** `/moderation/queue/<id>/` - Partial update queue item
+- **DELETE** `/moderation/queue/<id>/` - Delete queue item
+- **POST** `/moderation/queue/<id>/assign/` - Assign queue item to moderator
+- **POST** `/moderation/queue/<id>/unassign/` - Unassign queue item
+- **POST** `/moderation/queue/<id>/complete/` - Complete queue item
+- **GET** `/moderation/queue/my_queue/` - Get current user's queue items
+
+### Moderation Actions
+- **GET** `/moderation/actions/` - List all moderation actions
+- **POST** `/moderation/actions/` - Create new moderation action
+- **GET** `/moderation/actions/<id>/` - Get specific action details
+- **PUT** `/moderation/actions/<id>/` - Update moderation action
+- **PATCH** `/moderation/actions/<id>/` - Partial update action
+- **DELETE** `/moderation/actions/<id>/` - Delete moderation action
+- **POST** `/moderation/actions/<id>/deactivate/` - Deactivate action
+- **GET** `/moderation/actions/active/` - Get active moderation actions
+- **GET** `/moderation/actions/expired/` - Get expired moderation actions
+
+### Bulk Operations
+- **GET** `/moderation/bulk-operations/` - List bulk moderation operations
+- **POST** `/moderation/bulk-operations/` - Create bulk operation
+- **GET** `/moderation/bulk-operations/<id>/` - Get bulk operation details
+- **PUT** `/moderation/bulk-operations/<id>/` - Update bulk operation
+- **PATCH** `/moderation/bulk-operations/<id>/` - Partial update operation
+- **DELETE** `/moderation/bulk-operations/<id>/` - Delete bulk operation
+- **POST** `/moderation/bulk-operations/<id>/cancel/` - Cancel bulk operation
+- **POST** `/moderation/bulk-operations/<id>/retry/` - Retry failed operation
+- **GET** `/moderation/bulk-operations/<id>/logs/` - Get operation logs
+- **GET** `/moderation/bulk-operations/running/` - Get running operations
+
+### User Moderation
+- **GET** `/moderation/users/<id>/` - Get user moderation profile
+- **POST** `/moderation/users/<id>/moderate/` - Take moderation action against user
+- **GET** `/moderation/users/search/` - Search users for moderation
+- **GET** `/moderation/users/stats/` - Get user moderation statistics
+
+---
+
+## 🏗️ Ride Manufacturers & Models (`/api/v1/rides/manufacturers/<manufacturer_slug>/`)
+
+### Ride Models
+- **GET** `/rides/manufacturers/<manufacturer_slug>/` - List ride models by manufacturer
+- **POST** `/rides/manufacturers/<manufacturer_slug>/` - Create new ride model
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/` - Get ride model details
+- **PATCH** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/` - Update ride model
+- **DELETE** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/` - Delete ride model
+
+### Model Search & Filtering
+- **GET** `/rides/manufacturers/<manufacturer_slug>/search/` - Search ride models
+- **GET** `/rides/manufacturers/<manufacturer_slug>/filter-options/` - Get filter options
+- **GET** `/rides/manufacturers/<manufacturer_slug>/stats/` - Get manufacturer statistics
+
+### Model Variants
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/variants/` - List model variants
+- **POST** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/variants/` - Create variant
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/variants/<id>/` - Get variant details
+- **PATCH** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/variants/<id>/` - Update variant
+- **DELETE** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/variants/<id>/` - Delete variant
+
+### Technical Specifications
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/technical-specs/` - List technical specs
+- **POST** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/technical-specs/` - Create technical spec
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/technical-specs/<id>/` - Get spec details
+- **PATCH** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/technical-specs/<id>/` - Update spec
+- **DELETE** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/technical-specs/<id>/` - Delete spec
+
+### Model Photos
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/photos/` - List model photos
+- **POST** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/photos/` - Upload model photo
+- **GET** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/photos/<id>/` - Get photo details
+- **PATCH** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/photos/<id>/` - Update photo
+- **DELETE** `/rides/manufacturers/<manufacturer_slug>/<ride_model_slug>/photos/<id>/` - Delete photo
+
+---
+
+## 🖼️ Media Management
+
+### Cloudflare Images
+- **ALL** `/api/v1/cloudflare-images/` - Cloudflare Images toolkit endpoints
+
+---
+
+## 📚 API Documentation
+
+### Interactive Documentation
+- **GET** `/api/schema/` - OpenAPI schema
+- **GET** `/api/docs/` - Swagger UI documentation
+- **GET** `/api/redoc/` - ReDoc documentation
+
+---
+
+## 🔧 Common Request/Response Patterns
+
+### Authentication Headers
+```javascript
+headers: {
+  'Authorization': 'Bearer <access_token>',
+  'Content-Type': 'application/json'
+}
+```
+
+### Pagination Response
+```json
+{
+  "count": 100,
+  "next": "http://api.example.com/api/v1/endpoint/?page=2",
+  "previous": null,
+  "results": [...]
+}
+```
+
+### Error Response Format
+```json
+{
+  "error": "Error message",
+  "error_code": "SPECIFIC_ERROR_CODE",
+  "details": {...},
+  "suggestions": ["suggestion1", "suggestion2"]
+}
+```
+
+### Success Response Format
+```json
+{
+  "success": true,
+  "message": "Operation completed successfully",
+  "data": {...}
+}
+```
+
+---
+
+## 📝 Key Data Models
+
+### User
+- `id`, `username`, `email`, `display_name`, `date_joined`, `is_active`, `avatar_url`
+
+### Park
+- `id`, `name`, `slug`, `description`, `location`, `operator`, `park_type`, `status`, `opening_year`
+
+### Ride
+- `id`, `name`, `slug`, `park`, `category`, `manufacturer`, `model`, `opening_year`, `status`
+
+### Photo (Park/Ride)
+- `id`, `image`, `caption`, `photo_type`, `uploaded_by`, `is_primary`, `is_approved`, `created_at`
+
+### Review
+- `id`, `user`, `content_object`, `rating`, `title`, `content`, `created_at`, `updated_at`
+
+---
+
+## 🚨 Important Notes
+
+1. **Authentication Required**: Most endpoints require JWT authentication
+2. **Permissions**: Admin endpoints require staff/superuser privileges  
+3. **Rate Limiting**: May be implemented on certain endpoints
+4. **File Uploads**: Use `multipart/form-data` for photo uploads
+5. **Pagination**: Most list endpoints support pagination with `page` and `page_size` parameters
+6. **Filtering**: Parks and rides support extensive filtering options
+7. **Cloudflare Images**: Media files are handled through Cloudflare Images service
+8. **Email Verification**: New users must verify email before full access
+
+---
+
+## 📖 Usage Examples
+
+### Authentication Flow
+```javascript
+// Login
+const login = await fetch('/api/v1/auth/login/', {
+  method: 'POST',
+  headers: { 'Content-Type': 'application/json' },
+  body: JSON.stringify({ username: 'user@example.com', password: 'password' })
+});
+
+// Use tokens from response
+const { access, refresh } = await login.json();
+```
+
+### Fetch Parks with Filtering
+```javascript
+const parks = await fetch('/api/v1/parks/?continent=NA&min_rating=4.0&page=1', {
+  headers: { 'Authorization': `Bearer ${access_token}` }
+});
+```
+
+### Upload Park Photo
+```javascript
+const formData = new FormData();
+formData.append('image', file);
+formData.append('caption', 'Beautiful park entrance');
+
+const photo = await fetch('/api/v1/parks/123/photos/', {
+  method: 'POST',
+  headers: { 'Authorization': `Bearer ${access_token}` },
+  body: formData
+});
+```
+
+---
+
+This documentation covers all available API endpoints in the ThrillWiki v1 API. For detailed request/response schemas, parameter validation, and interactive testing, visit `/api/docs/` when the development server is running.
--- a/backend/VERIFICATION_COMMANDS.md
+++ b/backend/VERIFICATION_COMMANDS.md
--- a/VISUAL_REGRESSION_TEST_REPORT.md
+++ b/VISUAL_REGRESSION_TEST_REPORT.md
@@ -0,0 +1,231 @@
+# Visual Regression Testing Report
+## Cotton Components vs Original Include Components
+
+**Date:** September 21, 2025  
+**Test Domain:** https://d6d61dac-164d-45dd-929f-7dcdfd771b64-00-1bpe9dzxxnshv.worf.replit.dev  
+**Test Status:** ✅ PASSED - Zero Visual Differences Confirmed
+
+---
+
+## Executive Summary
+
+Comprehensive visual regression testing has been performed comparing original Django include-based components with new Cotton component implementations. **All tests passed with zero visual differences detected.** The Cotton components preserve exact HTML output, CSS classes, styling, and interactive functionality.
+
+## Test Pages Verified
+
+1. **Button Component Test Page:** `/test-button/`
+2. **Auth Modal Component Test Page:** `/test-auth-modal/`
+
+## Components Tested
+
+### 1. Button Component (`<c-button>`)
+
+**Original:** `{% include 'components/ui/button.html' %}`  
+**Cotton:** `<c-button>`
+
+#### ✅ Visual Parity Confirmed
+
+**Variants Tested:**
+- ✅ Default variant - Identical blue primary styling
+- ✅ Destructive variant - Identical red warning styling  
+- ✅ Outline variant - Identical border-only styling
+- ✅ Secondary variant - Identical gray secondary styling
+- ✅ Ghost variant - Identical transparent background styling
+- ✅ Link variant - Identical underlined link styling
+
+**Sizes Tested:**
+- ✅ Default size (h-10 px-4 py-2)
+- ✅ Small size (h-9 rounded-md px-3)
+- ✅ Large size (h-11 rounded-md px-8)
+- ✅ Icon size (h-10 w-10)
+
+**Additional Features:**
+- ✅ Icons (left and right) - Identical positioning and styling
+- ✅ HTMX attributes (hx-get, hx-post, hx-target, hx-swap) - Preserved exactly
+- ✅ Alpine.js directives (x-data, x-on) - Functional and identical
+- ✅ Custom classes - Applied correctly
+- ✅ Type attributes (submit, button) - Preserved
+- ✅ Disabled state - Identical styling and behavior
+- ✅ Legacy underscore props (hx_get) vs modern hyphenated (hx-get) - Both supported
+
+#### Technical Analysis
+```html
+<!-- Both produce identical HTML structure -->
+<button class="inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 bg-primary text-primary-foreground hover:bg-primary/90 h-10 px-4 py-2">
+  Button Text
+</button>
+```
+
+### 2. Input Component (`<c-input>`)
+
+**Original:** `{% include 'components/ui/input.html' %}`  
+**Cotton:** `<c-input>`
+
+#### ✅ Visual Parity Confirmed
+
+**Features Tested:**
+- ✅ Text input styling - Identical border, padding, focus states
+- ✅ Placeholder text - Identical muted foreground styling
+- ✅ Disabled state - Identical opacity and cursor styling
+- ✅ Required field validation - Functional
+- ✅ HTMX attributes - Preserved exactly
+- ✅ Alpine.js x-model binding - Functional
+
+### 3. Card Component (`<c-card>`)
+
+**Original:** `{% include 'components/ui/card.html' %}`  
+**Cotton:** `<c-card>`
+
+#### ✅ Visual Parity Confirmed
+
+**Features Tested:**
+- ✅ Card container styling - Identical border, shadow, and background
+- ✅ Header content - Identical padding and typography
+- ✅ Body content - Identical spacing and layout
+- ✅ Footer content - Identical positioning
+- ✅ Slot content mechanism - Functional replacement for include parameters
+
+### 4. Auth Modal Component (`<c-auth_modal>`)
+
+**Original:** `{% include 'components/auth/auth-modal.html' %}`  
+**Cotton:** `<c-auth_modal>`
+
+#### ✅ Visual Parity Confirmed
+
+**Modal Behavior:**
+- ✅ Modal opening animation - Identical fade-in and scale transitions
+- ✅ Modal closing behavior - ESC key, overlay click, X button all work identically
+- ✅ Background overlay - Identical blur and opacity effects
+- ✅ Modal positioning - Identical center alignment and responsive behavior
+
+**Form Functionality:**
+- ✅ Login/Register form switching - Identical behavior and animations
+- ✅ Form field styling - Identical input styling and validation states
+- ✅ Password visibility toggle - Eye icon functionality preserved
+- ✅ Social provider buttons - Identical styling and layout
+- ✅ Error message display - Identical styling and positioning
+- ✅ Loading states - Spinner animations and disabled states work identically
+
+**Alpine.js Integration:**
+- ✅ x-data="authModal" - Component initialization preserved
+- ✅ x-show directives - Conditional display logic identical
+- ✅ x-transition animations - Fade and scale effects identical
+- ✅ Event handlers (@click, @keydown.escape) - All functional
+- ✅ Template loops (x-for) - Social provider rendering identical
+- ✅ State management - Form switching and error handling identical
+
+## Interactive Functionality Testing
+
+### Button Interactions
+- ✅ Hover states - Color transitions identical
+- ✅ Click events - JavaScript handlers functional
+- ✅ HTMX requests - Network requests triggered correctly
+- ✅ Alpine.js integration - State changes handled identically
+
+### Modal Interactions  
+- ✅ Keyboard navigation - TAB, ESC, ENTER all work
+- ✅ Focus management - Focus trapping identical
+- ✅ Form validation - Client-side validation preserved
+- ✅ Social authentication - Button click handlers functional
+
+## CSS Classes Analysis
+
+### Identical Class Application
+All components generate identical CSS class strings:
+
+**Button Base Classes:**
+```css
+inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50
+```
+
+**Input Base Classes:**
+```css
+flex h-10 w-full rounded-md border border-input bg-background px-3 py-2 text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50
+```
+
+## HTMX Attribute Preservation
+
+### Verified HTMX Attributes
+- ✅ `hx-get` - Preserved in both underscore and hyphenated formats
+- ✅ `hx-post` - Preserved in both underscore and hyphenated formats  
+- ✅ `hx-target` - Element targeting preserved
+- ✅ `hx-swap` - Swap strategies preserved
+- ✅ `hx-trigger` - Event triggers preserved
+- ✅ `hx-include` - Form inclusion preserved
+
+## Alpine.js Directive Preservation
+
+### Verified Alpine.js Directives
+- ✅ `x-data` - Component initialization preserved
+- ✅ `x-show` - Conditional display preserved
+- ✅ `x-transition` - Animation configurations preserved
+- ✅ `x-model` - Two-way data binding preserved
+- ✅ `x-on/@` - Event handlers preserved
+- ✅ `x-for` - Template loops preserved
+- ✅ `x-init` - Initialization logic preserved
+
+## Legacy Compatibility
+
+### Underscore vs Hyphenated Attributes
+Cotton components support both legacy underscore props and modern hyphenated attributes:
+
+- ✅ `hx_get` and `hx-get` both work
+- ✅ `hx_post` and `hx-post` both work
+- ✅ `x_data` and `x-data` both work
+- ✅ Backward compatibility preserved
+
+## Performance Analysis
+
+### Rendering Performance
+- ✅ No measurable performance difference in rendering time
+- ✅ HTML output size identical
+- ✅ No additional HTTP requests
+- ✅ Client-side JavaScript behavior unchanged
+
+## Browser Compatibility
+
+### Tested Behaviors
+- ✅ Chrome - All features functional
+- ✅ Firefox - All features functional  
+- ✅ Safari - All features functional
+- ✅ Mobile responsive behavior identical
+
+## Test Results Summary
+
+| Component | Visual Parity | Functionality | HTMX | Alpine.js | CSS Classes | Status |
+|-----------|---------------|---------------|------|-----------|-------------|---------|
+| Button | ✅ Identical | ✅ Preserved | ✅ Working | ✅ Working | ✅ Identical | ✅ PASS |
+| Input | ✅ Identical | ✅ Preserved | ✅ Working | ✅ Working | ✅ Identical | ✅ PASS |
+| Card | ✅ Identical | ✅ Preserved | ✅ Working | ✅ Working | ✅ Identical | ✅ PASS |
+| Auth Modal | ✅ Identical | ✅ Preserved | ✅ Working | ✅ Working | ✅ Identical | ✅ PASS |
+
+## Differences Found
+
+**Total Visual Differences: 0**  
+**Total Functional Differences: 0**  
+**Total Breaking Changes: 0**
+
+## Recommendations
+
+1. ✅ **Proceed with Cotton component implementation** - Zero breaking changes detected
+2. ✅ **Migration is safe** - All functionality preserved exactly
+3. ✅ **Template updates can proceed** - Components are production-ready
+4. ✅ **Developer experience improved** - Cotton syntax is cleaner and more maintainable
+
+## Conclusion
+
+The Cotton component implementation has achieved **100% visual and functional parity** with the original include-based components. All tests pass with zero differences detected. The migration to Cotton components can proceed with confidence as:
+
+- HTML output is identical
+- CSS styling is preserved exactly  
+- Interactive functionality works identically
+- HTMX and Alpine.js integration is preserved
+- Legacy compatibility is maintained
+- Performance characteristics are unchanged
+
+**Status: ✅ APPROVED FOR PRODUCTION USE**
+
+---
+
+*Test conducted on September 21, 2025*  
+*All components verified on test domain: d6d61dac-164d-45dd-929f-7dcdfd771b64-00-1bpe9dzxxnshv.worf.replit.dev*
--- a/backend/apps/init.py
+++ b/backend/apps/init.py
--- a/backend/apps/accounts/init.py
+++ b/backend/apps/accounts/init.py
--- a/backend/apps/accounts/adapters.py
+++ b/backend/apps/accounts/adapters.py
@@ -1,6 +1,6 @@
+from django.conf import settings
 from allauth.account.adapter import DefaultAccountAdapter
 from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
-from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.contrib.sites.shortcuts import get_current_site

@@ -33,7 +33,10 @@ class CustomAccountAdapter(DefaultAccountAdapter):
            "current_site": current_site,
            "key": emailconfirmation.key,
        }
-        email_template = "account/email/email_confirmation_signup" if signup else "account/email/email_confirmation"
+        if signup:
+            email_template = "account/email/email_confirmation_signup"
+        else:
+            email_template = "account/email/email_confirmation"
        self.send_mail(email_template, emailconfirmation.email_address.email, ctx)


--- a/apps/accounts/admin.py
+++ b/apps/accounts/admin.py
@@ -0,0 +1,360 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from django.utils.html import format_html
+from django.contrib.auth.models import Group
+from .models import (
+    User,
+    UserProfile,
+    EmailVerification,
+    PasswordReset,
+    TopList,
+    TopListItem,
+)
+
+
+class UserProfileInline(admin.StackedInline):
+    model = UserProfile
+    can_delete = False
+    verbose_name_plural = "Profile"
+    fieldsets = (
+        (
+            "Personal Info",
+            {"fields": ("display_name", "avatar", "pronouns", "bio")},
+        ),
+        (
+            "Social Media",
+            {"fields": ("twitter", "instagram", "youtube", "discord")},
+        ),
+        (
+            "Ride Credits",
+            {
+                "fields": (
+                    "coaster_credits",
+                    "dark_ride_credits",
+                    "flat_ride_credits",
+                    "water_ride_credits",
+                )
+            },
+        ),
+    )
+
+
+class TopListItemInline(admin.TabularInline):
+    model = TopListItem
+    extra = 1
+    fields = ("content_type", "object_id", "rank", "notes")
+    ordering = ("rank",)
+
+
+@admin.register(User)
+class CustomUserAdmin(UserAdmin):
+    list_display = (
+        "username",
+        "email",
+        "get_avatar",
+        "get_status",
+        "role",
+        "date_joined",
+        "last_login",
+        "get_credits",
+    )
+    list_filter = (
+        "is_active",
+        "is_staff",
+        "role",
+        "is_banned",
+        "groups",
+        "date_joined",
+    )
+    search_fields = ("username", "email")
+    ordering = ("-date_joined",)
+    actions = [
+        "activate_users",
+        "deactivate_users",
+        "ban_users",
+        "unban_users",
+    ]
+    inlines = [UserProfileInline]
+
+    fieldsets = (
+        (None, {"fields": ("username", "password")}),
+        ("Personal info", {"fields": ("email", "pending_email")}),
+        (
+            "Roles and Permissions",
+            {
+                "fields": ("role", "groups", "user_permissions"),
+                "description": (
+                    "Role determines group membership. Groups determine permissions."
+                ),
+            },
+        ),
+        (
+            "Status",
+            {
+                "fields": ("is_active", "is_staff", "is_superuser"),
+                "description": "These are automatically managed based on role.",
+            },
+        ),
+        (
+            "Ban Status",
+            {
+                "fields": ("is_banned", "ban_reason", "ban_date"),
+            },
+        ),
+        (
+            "Preferences",
+            {
+                "fields": ("theme_preference",),
+            },
+        ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": (
+                    "username",
+                    "email",
+                    "password1",
+                    "password2",
+                    "role",
+                ),
+            },
+        ),
+    )
+
+    @admin.display(description="Avatar")
+    def get_avatar(self, obj):
+        if obj.profile.avatar:
+            return format_html(
+                '<img src="{}" width="30" height="30" style="border-radius:50%;" />',
+                obj.profile.avatar.url,
+            )
+        return format_html(
+            '<div style="width:30px; height:30px; border-radius:50%; '
+            "background-color:#007bff; color:white; display:flex; "
+            'align-items:center; justify-content:center;">{}</div>',
+            obj.username[0].upper(),
+        )
+
+    @admin.display(description="Status")
+    def get_status(self, obj):
+        if obj.is_banned:
+            return format_html('<span style="color: red;">Banned</span>')
+        if not obj.is_active:
+            return format_html('<span style="color: orange;">Inactive</span>')
+        if obj.is_superuser:
+            return format_html('<span style="color: purple;">Superuser</span>')
+        if obj.is_staff:
+            return format_html('<span style="color: blue;">Staff</span>')
+        return format_html('<span style="color: green;">Active</span>')
+
+    @admin.display(description="Ride Credits")
+    def get_credits(self, obj):
+        try:
+            profile = obj.profile
+            return format_html(
+                "RC: {}<br>DR: {}<br>FR: {}<br>WR: {}",
+                profile.coaster_credits,
+                profile.dark_ride_credits,
+                profile.flat_ride_credits,
+                profile.water_ride_credits,
+            )
+        except UserProfile.DoesNotExist:
+            return "-"
+
+    @admin.action(description="Activate selected users")
+    def activate_users(self, request, queryset):
+        queryset.update(is_active=True)
+
+    @admin.action(description="Deactivate selected users")
+    def deactivate_users(self, request, queryset):
+        queryset.update(is_active=False)
+
+    @admin.action(description="Ban selected users")
+    def ban_users(self, request, queryset):
+        from django.utils import timezone
+
+        queryset.update(is_banned=True, ban_date=timezone.now())
+
+    @admin.action(description="Unban selected users")
+    def unban_users(self, request, queryset):
+        queryset.update(is_banned=False, ban_date=None, ban_reason="")
+
+    def save_model(self, request, obj, form, change):
+        creating = not obj.pk
+        super().save_model(request, obj, form, change)
+        if creating and obj.role != User.Roles.USER:
+            # Ensure new user with role gets added to appropriate group
+            group = Group.objects.filter(name=obj.role).first()
+            if group:
+                obj.groups.add(group)
+
+
+@admin.register(UserProfile)
+class UserProfileAdmin(admin.ModelAdmin):
+    list_display = (
+        "user",
+        "display_name",
+        "coaster_credits",
+        "dark_ride_credits",
+        "flat_ride_credits",
+        "water_ride_credits",
+    )
+    list_filter = (
+        "coaster_credits",
+        "dark_ride_credits",
+        "flat_ride_credits",
+        "water_ride_credits",
+    )
+    search_fields = ("user__username", "user__email", "display_name", "bio")
+
+    fieldsets = (
+        (
+            "User Information",
+            {"fields": ("user", "display_name", "avatar", "pronouns", "bio")},
+        ),
+        (
+            "Social Media",
+            {"fields": ("twitter", "instagram", "youtube", "discord")},
+        ),
+        (
+            "Ride Credits",
+            {
+                "fields": (
+                    "coaster_credits",
+                    "dark_ride_credits",
+                    "flat_ride_credits",
+                    "water_ride_credits",
+                )
+            },
+        ),
+    )
+
+
+@admin.register(EmailVerification)
+class EmailVerificationAdmin(admin.ModelAdmin):
+    list_display = ("user", "created_at", "last_sent", "is_expired")
+    list_filter = ("created_at", "last_sent")
+    search_fields = ("user__username", "user__email", "token")
+    readonly_fields = ("created_at", "last_sent")
+
+    fieldsets = (
+        ("Verification Details", {"fields": ("user", "token")}),
+        ("Timing", {"fields": ("created_at", "last_sent")}),
+    )
+
+    @admin.display(description="Status")
+    def is_expired(self, obj):
+        from django.utils import timezone
+        from datetime import timedelta
+
+        if timezone.now() - obj.last_sent > timedelta(days=1):
+            return format_html('<span style="color: red;">Expired</span>')
+        return format_html('<span style="color: green;">Valid</span>')
+
+
+@admin.register(TopList)
+class TopListAdmin(admin.ModelAdmin):
+    list_display = ("title", "user", "category", "created_at", "updated_at")
+    list_filter = ("category", "created_at", "updated_at")
+    search_fields = ("title", "user__username", "description")
+    inlines = [TopListItemInline]
+
+    fieldsets = (
+        (
+            "Basic Information",
+            {"fields": ("user", "title", "category", "description")},
+        ),
+        (
+            "Timestamps",
+            {"fields": ("created_at", "updated_at"), "classes": ("collapse",)},
+        ),
+    )
+    readonly_fields = ("created_at", "updated_at")
+
+
+@admin.register(TopListItem)
+class TopListItemAdmin(admin.ModelAdmin):
+    list_display = ("top_list", "content_type", "object_id", "rank")
+    list_filter = ("top_list__category", "rank")
+    search_fields = ("top_list__title", "notes")
+    ordering = ("top_list", "rank")
+
+    fieldsets = (
+        ("List Information", {"fields": ("top_list", "rank")}),
+        ("Item Details", {"fields": ("content_type", "object_id", "notes")}),
+    )
+
+
+@admin.register(PasswordReset)
+class PasswordResetAdmin(admin.ModelAdmin):
+    """Admin interface for password reset tokens"""
+
+    list_display = (
+        "user",
+        "created_at",
+        "expires_at",
+        "is_expired",
+        "used",
+    )
+    list_filter = (
+        "used",
+        "created_at",
+        "expires_at",
+    )
+    search_fields = (
+        "user__username",
+        "user__email",
+        "token",
+    )
+    readonly_fields = (
+        "token",
+        "created_at",
+        "expires_at",
+    )
+    date_hierarchy = "created_at"
+    ordering = ("-created_at",)
+
+    fieldsets = (
+        (
+            "Reset Details",
+            {
+                "fields": (
+                    "user",
+                    "token",
+                    "used",
+                )
+            },
+        ),
+        (
+            "Timing",
+            {
+                "fields": (
+                    "created_at",
+                    "expires_at",
+                )
+            },
+        ),
+    )
+
+    @admin.display(description="Status", boolean=True)
+    def is_expired(self, obj):
+        """Display expiration status with color coding"""
+        from django.utils import timezone
+
+        if obj.used:
+            return format_html('<span style="color: blue;">Used</span>')
+        elif timezone.now() > obj.expires_at:
+            return format_html('<span style="color: red;">Expired</span>')
+        return format_html('<span style="color: green;">Valid</span>')
+
+    def has_add_permission(self, request):
+        """Disable manual creation of password reset tokens"""
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        """Allow viewing but restrict editing of password reset tokens"""
+        return getattr(request.user, "is_superuser", False)
--- a/backend/apps/accounts/apps.py
+++ b/backend/apps/accounts/apps.py
--- a/backend/apps/accounts/choices.py
+++ b/backend/apps/accounts/choices.py
@@ -7,7 +7,8 @@ replacing tuple-based choices with rich, metadata-enhanced choice objects.
 Last updated: 2025-01-15
 """

-from apps.core.choices import ChoiceGroup, RichChoice, register_choices
+from apps.core.choices import RichChoice, ChoiceGroup, register_choices
+

 # =============================================================================
 # USER ROLES
@@ -111,51 +112,6 @@ theme_preferences = ChoiceGroup(
 )


-# =============================================================================
-# UNIT SYSTEMS
-# =============================================================================
-
-unit_systems = ChoiceGroup(
-    name="unit_systems",
-    choices=[
-        RichChoice(
-            value="metric",
-            label="Metric",
-            description="Use metric units (meters, km/h)",
-            metadata={
-                "color": "blue",
-                "icon": "ruler",
-                "css_class": "text-blue-600 bg-blue-50",
-                "units": {
-                    "distance": "m",
-                    "speed": "km/h",
-                    "weight": "kg",
-                    "large_distance": "km",
-                },
-                "sort_order": 1,
-            }
-        ),
-        RichChoice(
-            value="imperial",
-            label="Imperial",
-            description="Use imperial units (feet, mph)",
-            metadata={
-                "color": "green",
-                "icon": "ruler",
-                "css_class": "text-green-600 bg-green-50",
-                "units": {
-                    "distance": "ft",
-                    "speed": "mph",
-                    "weight": "lbs",
-                    "large_distance": "mi",
-                },
-                "sort_order": 2,
-            }
-        ),
-    ]
-)
-
-
 # =============================================================================
 # PRIVACY LEVELS
 # =============================================================================
@@ -601,7 +557,6 @@ notification_priorities = ChoiceGroup(
 # Register each choice group individually
 register_choices("user_roles", user_roles.choices, "accounts", "User role classifications")
 register_choices("theme_preferences", theme_preferences.choices, "accounts", "Theme preference options")
-register_choices("unit_systems", unit_systems.choices, "accounts", "Unit system preferences")
 register_choices("privacy_levels", privacy_levels.choices, "accounts", "Privacy level settings")
 register_choices("top_list_categories", top_list_categories.choices, "accounts", "Top list category types")
 register_choices("notification_types", notification_types.choices, "accounts", "Notification type classifications")
--- a/backend/apps/accounts/management/commands/check_all_social_tables.py
+++ b/backend/apps/accounts/management/commands/check_all_social_tables.py
@@ -1,6 +1,6 @@
-from allauth.socialaccount.models import SocialAccount, SocialApp, SocialToken
-from django.contrib.sites.models import Site
 from django.core.management.base import BaseCommand
+from allauth.socialaccount.models import SocialApp, SocialAccount, SocialToken
+from django.contrib.sites.models import Site


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/check_social_apps.py
+++ b/backend/apps/accounts/management/commands/check_social_apps.py
@@ -1,5 +1,5 @@
-from allauth.socialaccount.models import SocialApp
 from django.core.management.base import BaseCommand
+from allauth.socialaccount.models import SocialApp


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/cleanup_social_auth.py
+++ b/backend/apps/accounts/management/commands/cleanup_social_auth.py
--- a/backend/apps/accounts/management/commands/cleanup_test_data.py
+++ b/backend/apps/accounts/management/commands/cleanup_test_data.py
@@ -1,7 +1,6 @@
-from django.contrib.auth import get_user_model
 from django.core.management.base import BaseCommand
-
-from apps.parks.models import Park, ParkPhoto, ParkReview
+from django.contrib.auth import get_user_model
+from apps.parks.models import ParkReview, Park, ParkPhoto
 from apps.rides.models import Ride, RidePhoto

 User = get_user_model()
@@ -53,8 +52,8 @@ class Command(BaseCommand):
        self.stdout.write(self.style.SUCCESS(f"Deleted {count} test rides"))

        # Clean up test files
-        import glob
        import os
+        import glob

        # Clean up test uploads
        media_patterns = [
--- a/backend/apps/accounts/management/commands/create_social_apps.py
+++ b/backend/apps/accounts/management/commands/create_social_apps.py
@@ -1,6 +1,6 @@
-from allauth.socialaccount.models import SocialApp
-from django.contrib.sites.models import Site
 from django.core.management.base import BaseCommand
+from django.contrib.sites.models import Site
+from allauth.socialaccount.models import SocialApp


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/create_test_users.py
+++ b/backend/apps/accounts/management/commands/create_test_users.py
@@ -1,5 +1,5 @@
-from django.contrib.auth.models import Group, Permission, User
 from django.core.management.base import BaseCommand
+from django.contrib.auth.models import Group, Permission, User


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/delete_user.py
+++ b/backend/apps/accounts/management/commands/delete_user.py
@@ -8,7 +8,6 @@ Usage:
 """

 from django.core.management.base import BaseCommand, CommandError
-
 from apps.accounts.models import User
 from apps.accounts.services import UserDeletionService

@@ -49,7 +48,10 @@ class Command(BaseCommand):

        # Find the user
        try:
-            user = User.objects.get(username=username) if username else User.objects.get(user_id=user_id)
+            if username:
+                user = User.objects.get(username=username)
+            else:
+                user = User.objects.get(user_id=user_id)
        except User.DoesNotExist:
            identifier = username or user_id
            raise CommandError(f'User "{identifier}" does not exist')
--- a/backend/apps/accounts/management/commands/fix_migration_history.py
+++ b/backend/apps/accounts/management/commands/fix_migration_history.py
--- a/backend/apps/accounts/management/commands/fix_social_apps.py
+++ b/backend/apps/accounts/management/commands/fix_social_apps.py
@@ -1,8 +1,7 @@
-import os
-
+from django.core.management.base import BaseCommand
 from allauth.socialaccount.models import SocialApp
 from django.contrib.sites.models import Site
-from django.core.management.base import BaseCommand
+import os


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/generate_letter_avatars.py
+++ b/backend/apps/accounts/management/commands/generate_letter_avatars.py
@@ -1,7 +1,6 @@
-import os
-
 from django.core.management.base import BaseCommand
 from PIL import Image, ImageDraw, ImageFont
+import os


 def generate_avatar(letter):
--- a/backend/apps/accounts/management/commands/regenerate_avatars.py
+++ b/backend/apps/accounts/management/commands/regenerate_avatars.py
@@ -1,5 +1,4 @@
 from django.core.management.base import BaseCommand
-
 from apps.accounts.models import UserProfile


--- a/apps/accounts/management/commands/reset_db.py
+++ b/apps/accounts/management/commands/reset_db.py
@@ -0,0 +1,108 @@
+from django.core.management.base import BaseCommand
+from django.db import connection
+from django.contrib.auth.hashers import make_password
+import uuid
+
+
+class Command(BaseCommand):
+    help = "Reset database and create admin user"
+
+    def handle(self, *args, **options):
+        self.stdout.write("Resetting database...")
+
+        # Drop all tables
+        with connection.cursor() as cursor:
+            cursor.execute(
+                """
+                DO $$ DECLARE
+                    r RECORD;
+                BEGIN
+                    FOR r IN (
+                        SELECT tablename FROM pg_tables
+                        WHERE schemaname = current_schema()
+                    ) LOOP
+                        EXECUTE 'DROP TABLE IF EXISTS ' || \
+                                quote_ident(r.tablename) || ' CASCADE';
+                    END LOOP;
+                END $$;
+            """
+            )
+
+            # Reset sequences
+            cursor.execute(
+                """
+                DO $$ DECLARE
+                    r RECORD;
+                BEGIN
+                    FOR r IN (
+                        SELECT sequencename FROM pg_sequences
+                        WHERE schemaname = current_schema()
+                    ) LOOP
+                        EXECUTE 'ALTER SEQUENCE ' || \
+                                quote_ident(r.sequencename) || ' RESTART WITH 1';
+                    END LOOP;
+                END $$;
+            """
+            )
+
+        self.stdout.write("All tables dropped and sequences reset.")
+
+        # Run migrations
+        from django.core.management import call_command
+
+        call_command("migrate")
+
+        self.stdout.write("Migrations applied.")
+
+        # Create superuser using raw SQL
+        try:
+            with connection.cursor() as cursor:
+                # Create user
+                user_id = str(uuid.uuid4())[:10]
+                cursor.execute(
+                    """
+                    INSERT INTO accounts_user (
+                        username, password, email, is_superuser, is_staff,
+                        is_active, date_joined, user_id, first_name,
+                        last_name, role, is_banned, ban_reason,
+                        theme_preference
+                    ) VALUES (
+                        'admin', %s, 'admin@thrillwiki.com', true, true,
+                        true, NOW(), %s, '', '', 'SUPERUSER', false, '',
+                        'light'
+                    ) RETURNING id;
+                """,
+                    [make_password("admin"), user_id],
+                )
+
+                result = cursor.fetchone()
+                if result is None:
+                    raise Exception("Failed to create user - no ID returned")
+                user_db_id = result[0]
+
+                # Create profile
+                profile_id = str(uuid.uuid4())[:10]
+                cursor.execute(
+                    """
+                    INSERT INTO accounts_userprofile (
+                        profile_id, display_name, pronouns, bio,
+                        twitter, instagram, youtube, discord,
+                        coaster_credits, dark_ride_credits,
+                        flat_ride_credits, water_ride_credits,
+                        user_id, avatar
+                    ) VALUES (
+                        %s, 'Admin', 'they/them', 'ThrillWiki Administrator',
+                        '', '', '', '',
+                        0, 0, 0, 0,
+                        %s, ''
+                    );
+                """,
+                    [profile_id, user_db_id],
+                )
+
+            self.stdout.write("Superuser created.")
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f"Error creating superuser: {str(e)}"))
+            raise
+
+        self.stdout.write(self.style.SUCCESS("Database reset complete."))
--- a/backend/apps/accounts/management/commands/reset_social_apps.py
+++ b/backend/apps/accounts/management/commands/reset_social_apps.py
@@ -1,6 +1,6 @@
+from django.core.management.base import BaseCommand
 from allauth.socialaccount.models import SocialApp
 from django.contrib.sites.models import Site
-from django.core.management.base import BaseCommand
 from django.db import connection


--- a/backend/apps/accounts/management/commands/reset_social_auth.py
+++ b/backend/apps/accounts/management/commands/reset_social_auth.py
--- a/backend/apps/accounts/management/commands/setup_groups.py
+++ b/backend/apps/accounts/management/commands/setup_groups.py
@@ -1,6 +1,5 @@
-from django.contrib.auth.models import Group
 from django.core.management.base import BaseCommand
-
+from django.contrib.auth.models import Group
 from apps.accounts.models import User
 from apps.accounts.signals import create_default_groups

--- a/backend/apps/accounts/management/commands/setup_site.py
+++ b/backend/apps/accounts/management/commands/setup_site.py
@@ -1,5 +1,5 @@
-from django.contrib.sites.models import Site
 from django.core.management.base import BaseCommand
+from django.contrib.sites.models import Site


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/setup_social_auth.py
+++ b/backend/apps/accounts/management/commands/setup_social_auth.py
@@ -1,9 +1,8 @@
-import os
-
-from allauth.socialaccount.models import SocialApp
-from django.contrib.sites.models import Site
 from django.core.management.base import BaseCommand
+from django.contrib.sites.models import Site
+from allauth.socialaccount.models import SocialApp
 from dotenv import load_dotenv
+import os


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/setup_social_auth_admin.py
+++ b/backend/apps/accounts/management/commands/setup_social_auth_admin.py
@@ -1,6 +1,6 @@
-from django.contrib.auth import get_user_model
-from django.contrib.sites.models import Site
 from django.core.management.base import BaseCommand
+from django.contrib.sites.models import Site
+from django.contrib.auth import get_user_model

 User = get_user_model()

--- a/backend/apps/accounts/management/commands/setup_social_providers.py
+++ b/backend/apps/accounts/management/commands/setup_social_providers.py
@@ -1,6 +1,6 @@
+from django.core.management.base import BaseCommand
 from allauth.socialaccount.models import SocialApp
 from django.contrib.sites.models import Site
-from django.core.management.base import BaseCommand


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/test_discord_auth.py
+++ b/backend/apps/accounts/management/commands/test_discord_auth.py
@@ -1,6 +1,6 @@
-from allauth.socialaccount.models import SocialApp
 from django.core.management.base import BaseCommand
 from django.test import Client
+from allauth.socialaccount.models import SocialApp


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/update_social_apps_sites.py
+++ b/backend/apps/accounts/management/commands/update_social_apps_sites.py
@@ -1,6 +1,6 @@
+from django.core.management.base import BaseCommand
 from allauth.socialaccount.models import SocialApp
 from django.contrib.sites.models import Site
-from django.core.management.base import BaseCommand


 class Command(BaseCommand):
--- a/backend/apps/accounts/management/commands/verify_discord_settings.py
+++ b/backend/apps/accounts/management/commands/verify_discord_settings.py
@@ -1,6 +1,6 @@
+from django.core.management.base import BaseCommand
 from allauth.socialaccount.models import SocialApp
 from django.conf import settings
-from django.core.management.base import BaseCommand


 class Command(BaseCommand):
--- a/apps/accounts/migrations/0001_initial.py
+++ b/apps/accounts/migrations/0001_initial.py
--- a/apps/accounts/migrations/0002_remove_userprofile_insert_insert_and_more.py
+++ b/apps/accounts/migrations/0002_remove_userprofile_insert_insert_and_more.py
@@ -0,0 +1,77 @@
+# Generated by Django 5.2.6 on 2025-09-21 01:29
+
+import django.db.models.deletion
+import pgtrigger.compiler
+import pgtrigger.migrations
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0001_initial"),
+        ("django_cloudflareimages_toolkit", "0001_initial"),
+    ]
+
+    operations = [
+        pgtrigger.migrations.RemoveTrigger(
+            model_name="userprofile",
+            name="insert_insert",
+        ),
+        pgtrigger.migrations.RemoveTrigger(
+            model_name="userprofile",
+            name="update_update",
+        ),
+        migrations.AddField(
+            model_name="userprofile",
+            name="avatar",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="django_cloudflareimages_toolkit.cloudflareimage",
+            ),
+        ),
+        migrations.AddField(
+            model_name="userprofileevent",
+            name="avatar",
+            field=models.ForeignKey(
+                blank=True,
+                db_constraint=False,
+                null=True,
+                on_delete=django.db.models.deletion.DO_NOTHING,
+                related_name="+",
+                related_query_name="+",
+                to="django_cloudflareimages_toolkit.cloudflareimage",
+            ),
+        ),
+        pgtrigger.migrations.AddTrigger(
+            model_name="userprofile",
+            trigger=pgtrigger.compiler.Trigger(
+                name="insert_insert",
+                sql=pgtrigger.compiler.UpsertTriggerSql(
+                    func='INSERT INTO "accounts_userprofileevent" ("avatar_id", "bio", "coaster_credits", "dark_ride_credits", "discord", "display_name", "flat_ride_credits", "id", "instagram", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "profile_id", "pronouns", "twitter", "user_id", "water_ride_credits", "youtube") VALUES (NEW."avatar_id", NEW."bio", NEW."coaster_credits", NEW."dark_ride_credits", NEW."discord", NEW."display_name", NEW."flat_ride_credits", NEW."id", NEW."instagram", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."profile_id", NEW."pronouns", NEW."twitter", NEW."user_id", NEW."water_ride_credits", NEW."youtube"); RETURN NULL;',
+                    hash="a7ecdb1ac2821dea1fef4ec917eeaf6b8e4f09c8",
+                    operation="INSERT",
+                    pgid="pgtrigger_insert_insert_c09d7",
+                    table="accounts_userprofile",
+                    when="AFTER",
+                ),
+            ),
+        ),
+        pgtrigger.migrations.AddTrigger(
+            model_name="userprofile",
+            trigger=pgtrigger.compiler.Trigger(
+                name="update_update",
+                sql=pgtrigger.compiler.UpsertTriggerSql(
+                    condition="WHEN (OLD.* IS DISTINCT FROM NEW.*)",
+                    func='INSERT INTO "accounts_userprofileevent" ("avatar_id", "bio", "coaster_credits", "dark_ride_credits", "discord", "display_name", "flat_ride_credits", "id", "instagram", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "profile_id", "pronouns", "twitter", "user_id", "water_ride_credits", "youtube") VALUES (NEW."avatar_id", NEW."bio", NEW."coaster_credits", NEW."dark_ride_credits", NEW."discord", NEW."display_name", NEW."flat_ride_credits", NEW."id", NEW."instagram", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."profile_id", NEW."pronouns", NEW."twitter", NEW."user_id", NEW."water_ride_credits", NEW."youtube"); RETURN NULL;',
+                    hash="81607e492ffea2a4c741452b860ee660374cc01d",
+                    operation="UPDATE",
+                    pgid="pgtrigger_update_update_87ef6",
+                    table="accounts_userprofile",
+                    when="AFTER",
+                ),
+            ),
+        ),
+    ]
--- a/backend/apps/accounts/migrations/init.py
+++ b/backend/apps/accounts/migrations/init.py
--- a/apps/accounts/mixins.py
+++ b/apps/accounts/mixins.py
@@ -0,0 +1,35 @@
+import requests
+from django.conf import settings
+from django.core.exceptions import ValidationError
+
+
+class TurnstileMixin:
+    """
+    Mixin to handle Cloudflare Turnstile validation.
+    Bypasses validation when DEBUG is True.
+    """
+
+    def validate_turnstile(self, request):
+        """
+        Validate the Turnstile response token.
+        Skips validation when DEBUG is True.
+        """
+        if settings.DEBUG:
+            return
+
+        token = request.POST.get("cf-turnstile-response")
+        if not token:
+            raise ValidationError("Please complete the Turnstile challenge.")
+
+        # Verify the token with Cloudflare
+        data = {
+            "secret": settings.TURNSTILE_SECRET_KEY,
+            "response": token,
+            "remoteip": request.META.get("REMOTE_ADDR"),
+        }
+
+        response = requests.post(settings.TURNSTILE_VERIFY_URL, data=data, timeout=60)
+        result = response.json()
+
+        if not result.get("success"):
+            raise ValidationError("Turnstile validation failed. Please try again.")
--- a/backend/apps/accounts/models.py
+++ b/backend/apps/accounts/models.py
@@ -1,19 +1,16 @@
-import secrets
-from datetime import timedelta
-
-import pghistory
+from django.dispatch import receiver
+from django.db.models.signals import post_save
 from django.contrib.auth.models import AbstractUser
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.db import models
-from django.db.models.signals import post_save
-from django.dispatch import receiver
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
+import secrets
+from datetime import timedelta
 from django.utils import timezone
-
-from apps.core.choices import RichChoiceField
 from apps.core.history import TrackedModel
-
-# from django_cloudflareimages_toolkit.models import CloudflareImage
+from apps.core.choices import RichChoiceField
+import pghistory


 def generate_random_id(model_class, id_field):
@@ -52,32 +49,21 @@ class User(AbstractUser):
        domain="accounts",
        max_length=10,
        default="USER",
-        db_index=True,
-        help_text="User role (user, moderator, admin)",
-    )
-    is_banned = models.BooleanField(
-        default=False, db_index=True, help_text="Whether this user is banned"
-    )
-    ban_reason = models.TextField(blank=True, help_text="Reason for ban")
-    ban_date = models.DateTimeField(
-        null=True, blank=True, help_text="Date the user was banned"
    )
+    is_banned = models.BooleanField(default=False)
+    ban_reason = models.TextField(blank=True)
+    ban_date = models.DateTimeField(null=True, blank=True)
    pending_email = models.EmailField(blank=True, null=True)
    theme_preference = RichChoiceField(
        choice_group="theme_preferences",
        domain="accounts",
        max_length=5,
        default="light",
-        help_text="User's theme preference (light/dark)",
    )

    # Notification preferences
-    email_notifications = models.BooleanField(
-        default=True, help_text="Whether to send email notifications"
-    )
-    push_notifications = models.BooleanField(
-        default=False, help_text="Whether to send push notifications"
-    )
+    email_notifications = models.BooleanField(default=True)
+    push_notifications = models.BooleanField(default=False)

    # Privacy settings
    privacy_level = RichChoiceField(
@@ -85,65 +71,31 @@ class User(AbstractUser):
        domain="accounts",
        max_length=10,
        default="public",
-        help_text="Overall privacy level",
-    )
-    show_email = models.BooleanField(
-        default=False, help_text="Whether to show email on profile"
-    )
-    show_real_name = models.BooleanField(
-        default=True, help_text="Whether to show real name on profile"
-    )
-    show_join_date = models.BooleanField(
-        default=True, help_text="Whether to show join date on profile"
-    )
-    show_statistics = models.BooleanField(
-        default=True, help_text="Whether to show statistics on profile"
-    )
-    show_reviews = models.BooleanField(
-        default=True, help_text="Whether to show reviews on profile"
-    )
-    show_photos = models.BooleanField(
-        default=True, help_text="Whether to show photos on profile"
-    )
-    show_top_lists = models.BooleanField(
-        default=True, help_text="Whether to show top lists on profile"
-    )
-    allow_friend_requests = models.BooleanField(
-        default=True, help_text="Whether to allow friend requests"
-    )
-    allow_messages = models.BooleanField(
-        default=True, help_text="Whether to allow direct messages"
-    )
-    allow_profile_comments = models.BooleanField(
-        default=False, help_text="Whether to allow profile comments"
-    )
-    search_visibility = models.BooleanField(
-        default=True, help_text="Whether profile appears in search results"
    )
+    show_email = models.BooleanField(default=False)
+    show_real_name = models.BooleanField(default=True)
+    show_join_date = models.BooleanField(default=True)
+    show_statistics = models.BooleanField(default=True)
+    show_reviews = models.BooleanField(default=True)
+    show_photos = models.BooleanField(default=True)
+    show_top_lists = models.BooleanField(default=True)
+    allow_friend_requests = models.BooleanField(default=True)
+    allow_messages = models.BooleanField(default=True)
+    allow_profile_comments = models.BooleanField(default=False)
+    search_visibility = models.BooleanField(default=True)
    activity_visibility = RichChoiceField(
        choice_group="privacy_levels",
        domain="accounts",
        max_length=10,
        default="friends",
-        help_text="Who can see user activity",
    )

    # Security settings
-    two_factor_enabled = models.BooleanField(
-        default=False, help_text="Whether two-factor authentication is enabled"
-    )
-    login_notifications = models.BooleanField(
-        default=True, help_text="Whether to send login notifications"
-    )
-    session_timeout = models.IntegerField(
-        default=30, help_text="Session timeout in days"
-    )
-    login_history_retention = models.IntegerField(
-        default=90, help_text="How long to retain login history (days)"
-    )
-    last_password_change = models.DateTimeField(
-        auto_now_add=True, help_text="When the password was last changed"
-    )
+    two_factor_enabled = models.BooleanField(default=False)
+    login_notifications = models.BooleanField(default=True)
+    session_timeout = models.IntegerField(default=30)  # days
+    login_history_retention = models.IntegerField(default=90)  # days
+    last_password_change = models.DateTimeField(auto_now_add=True)

    # Display name - core user data for better performance
    display_name = models.CharField(
@@ -175,20 +127,6 @@ class User(AbstractUser):
            return profile.display_name
        return self.username

-    class Meta:
-        verbose_name = "User"
-        verbose_name_plural = "Users"
-        indexes = [
-            models.Index(fields=['is_banned', 'role'], name='accounts_user_banned_role_idx'),
-        ]
-        constraints = [
-            models.CheckConstraint(
-                name='user_ban_consistency',
-                check=models.Q(is_banned=False) | models.Q(ban_date__isnull=False),
-                violation_error_message='Banned users must have a ban_date set'
-            ),
-        ]
-
    def save(self, *args, **kwargs):
        if not self.user_id:
            self.user_id = generate_random_id(User, "user_id")
@@ -205,60 +143,33 @@ class UserProfile(models.Model):
        help_text="Unique identifier for this profile that remains constant",
    )

-    user = models.OneToOneField(
-        User,
-        on_delete=models.CASCADE,
-        related_name="profile",
-        help_text="User this profile belongs to",
-    )
+    user = models.OneToOneField(User, on_delete=models.CASCADE, related_name="profile")
    display_name = models.CharField(
        max_length=50,
        blank=True,
        help_text="Legacy display name field - use User.display_name instead",
    )
    avatar = models.ForeignKey(
-        "django_cloudflareimages_toolkit.CloudflareImage",
+        'django_cloudflareimages_toolkit.CloudflareImage',
        on_delete=models.SET_NULL,
        null=True,
-        blank=True,
-        related_name="user_profiles",
-        help_text="User's avatar image",
-    )
-    pronouns = models.CharField(
-        max_length=50, blank=True, help_text="User's preferred pronouns"
+        blank=True
    )
+    pronouns = models.CharField(max_length=50, blank=True)

-    bio = models.TextField(max_length=500, blank=True, help_text="User biography")
-    location = models.CharField(
-        max_length=100, blank=True, help_text="User's location (City, Country)"
-    )
-    unit_system = RichChoiceField(
-        choice_group="unit_systems",
-        domain="accounts",
-        max_length=10,
-        default="metric",
-        help_text="Preferred measurement system",
-    )
+    bio = models.TextField(max_length=500, blank=True)

    # Social media links
-    twitter = models.URLField(blank=True, help_text="Twitter profile URL")
-    instagram = models.URLField(blank=True, help_text="Instagram profile URL")
-    youtube = models.URLField(blank=True, help_text="YouTube channel URL")
-    discord = models.CharField(max_length=100, blank=True, help_text="Discord username")
+    twitter = models.URLField(blank=True)
+    instagram = models.URLField(blank=True)
+    youtube = models.URLField(blank=True)
+    discord = models.CharField(max_length=100, blank=True)

    # Ride statistics
-    coaster_credits = models.IntegerField(
-        default=0, help_text="Number of roller coasters ridden"
-    )
-    dark_ride_credits = models.IntegerField(
-        default=0, help_text="Number of dark rides ridden"
-    )
-    flat_ride_credits = models.IntegerField(
-        default=0, help_text="Number of flat rides ridden"
-    )
-    water_ride_credits = models.IntegerField(
-        default=0, help_text="Number of water rides ridden"
-    )
+    coaster_credits = models.IntegerField(default=0)
+    dark_ride_credits = models.IntegerField(default=0)
+    flat_ride_credits = models.IntegerField(default=0)
+    water_ride_credits = models.IntegerField(default=0)

    def get_avatar_url(self):
        """
@@ -341,31 +252,13 @@ class UserProfile(models.Model):
    def __str__(self):
        return self.display_name

-    class Meta:
-        verbose_name = "User Profile"
-        verbose_name_plural = "User Profiles"
-        ordering = ["user"]
-

@pghistory.track()
 class EmailVerification(models.Model):
-    user = models.OneToOneField(
-        User,
-        on_delete=models.CASCADE,
-        help_text="User this verification belongs to",
-    )
-    token = models.CharField(
-        max_length=64, unique=True, help_text="Verification token"
-    )
-    created_at = models.DateTimeField(
-        auto_now_add=True, help_text="When this verification was created"
-    )
-    updated_at = models.DateTimeField(
-        auto_now=True, help_text="When this verification was last updated"
-    )
-    last_sent = models.DateTimeField(
-        auto_now_add=True, help_text="When the verification email was last sent"
-    )
+    user = models.OneToOneField(User, on_delete=models.CASCADE)
+    token = models.CharField(max_length=64, unique=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    last_sent = models.DateTimeField(auto_now_add=True)

    def __str__(self):
        return f"Email verification for {self.user.username}"
@@ -377,17 +270,11 @@ class EmailVerification(models.Model):

@pghistory.track()
 class PasswordReset(models.Model):
-    user = models.ForeignKey(
-        User,
-        on_delete=models.CASCADE,
-        help_text="User requesting password reset",
-    )
-    token = models.CharField(max_length=64, help_text="Reset token")
-    created_at = models.DateTimeField(
-        auto_now_add=True, help_text="When this reset was requested"
-    )
-    expires_at = models.DateTimeField(help_text="When this reset token expires")
-    used = models.BooleanField(default=False, help_text="Whether this token has been used")
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    token = models.CharField(max_length=64)
+    created_at = models.DateTimeField(auto_now_add=True)
+    expires_at = models.DateTimeField()
+    used = models.BooleanField(default=False)

    def __str__(self):
        return f"Password reset for {self.user.username}"
@@ -397,6 +284,54 @@ class PasswordReset(models.Model):
        verbose_name_plural = "Password Resets"


+# @pghistory.track()
+
+
+class TopList(TrackedModel):
+    user = models.ForeignKey(
+        User,
+        on_delete=models.CASCADE,
+        related_name="top_lists",  # Added related_name for User model access
+    )
+    title = models.CharField(max_length=100)
+    category = RichChoiceField(
+        choice_group="top_list_categories",
+        domain="accounts",
+        max_length=2,
+    )
+    description = models.TextField(blank=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    class Meta(TrackedModel.Meta):
+        ordering = ["-updated_at"]
+
+    def __str__(self):
+        return (
+            f"{self.user.get_display_name()}'s {self.category} Top List: {self.title}"
+        )
+
+
+# @pghistory.track()
+
+
+class TopListItem(TrackedModel):
+    top_list = models.ForeignKey(
+        TopList, on_delete=models.CASCADE, related_name="items"
+    )
+    content_type = models.ForeignKey(
+        "contenttypes.ContentType", on_delete=models.CASCADE
+    )
+    object_id = models.PositiveIntegerField()
+    rank = models.PositiveIntegerField()
+    notes = models.TextField(blank=True)
+
+    class Meta(TrackedModel.Meta):
+        ordering = ["rank"]
+        unique_together = [["top_list", "rank"]]
+
+    def __str__(self):
+        return f"#{self.rank} in {self.top_list.title}"


@pghistory.track()
@@ -439,8 +374,6 @@ class UserDeletionRequest(models.Model):
    )

    class Meta:
-        verbose_name = "User Deletion Request"
-        verbose_name_plural = "User Deletion Requests"
        ordering = ["-created_at"]
        indexes = [
            models.Index(fields=["verification_code"]),
@@ -518,10 +451,7 @@ class UserNotification(TrackedModel):

    # Core fields
    user = models.ForeignKey(
-        User,
-        on_delete=models.CASCADE,
-        related_name="notifications",
-        help_text="User this notification is for",
+        User, on_delete=models.CASCADE, related_name="notifications"
    )

    notification_type = RichChoiceField(
@@ -530,20 +460,14 @@ class UserNotification(TrackedModel):
        max_length=30,
    )

-    title = models.CharField(max_length=200, help_text="Notification title")
-    message = models.TextField(help_text="Notification message")
+    title = models.CharField(max_length=200)
+    message = models.TextField()

    # Optional related object (submission, review, etc.)
    content_type = models.ForeignKey(
-        "contenttypes.ContentType",
-        on_delete=models.CASCADE,
-        null=True,
-        blank=True,
-        help_text="Type of related object",
-    )
-    object_id = models.PositiveIntegerField(
-        null=True, blank=True, help_text="ID of related object"
+        "contenttypes.ContentType", on_delete=models.CASCADE, null=True, blank=True
    )
+    object_id = models.PositiveIntegerField(null=True, blank=True)
    related_object = GenericForeignKey("content_type", "object_id")

    # Metadata
@@ -555,24 +479,14 @@ class UserNotification(TrackedModel):
    )

    # Status tracking
-    is_read = models.BooleanField(
-        default=False, help_text="Whether this notification has been read"
-    )
-    read_at = models.DateTimeField(
-        null=True, blank=True, help_text="When this notification was read"
-    )
+    is_read = models.BooleanField(default=False)
+    read_at = models.DateTimeField(null=True, blank=True)

    # Delivery tracking
-    email_sent = models.BooleanField(default=False, help_text="Whether email was sent")
-    email_sent_at = models.DateTimeField(
-        null=True, blank=True, help_text="When email was sent"
-    )
-    push_sent = models.BooleanField(
-        default=False, help_text="Whether push notification was sent"
-    )
-    push_sent_at = models.DateTimeField(
-        null=True, blank=True, help_text="When push notification was sent"
-    )
+    email_sent = models.BooleanField(default=False)
+    email_sent_at = models.DateTimeField(null=True, blank=True)
+    push_sent = models.BooleanField(default=False)
+    push_sent_at = models.DateTimeField(null=True, blank=True)

    # Additional data (JSON field for flexibility)
    extra_data = models.JSONField(default=dict, blank=True)
@@ -582,8 +496,6 @@ class UserNotification(TrackedModel):
    expires_at = models.DateTimeField(null=True, blank=True)

    class Meta(TrackedModel.Meta):
-        verbose_name = "User Notification"
-        verbose_name_plural = "User Notifications"
        ordering = ["-created_at"]
        indexes = [
            models.Index(fields=["user", "is_read"]),
@@ -634,10 +546,7 @@ class NotificationPreference(TrackedModel):
    """

    user = models.OneToOneField(
-        User,
-        on_delete=models.CASCADE,
-        related_name="notification_preference",
-        help_text="User these preferences belong to",
+        User, on_delete=models.CASCADE, related_name="notification_preference"
    )

    # Submission notifications
--- a/backend/apps/accounts/selectors.py
+++ b/backend/apps/accounts/selectors.py
@@ -3,12 +3,11 @@ Selectors for user and account-related data retrieval.
 Following Django styleguide pattern for separating data access from business logic.
 """

-from datetime import timedelta
-from typing import Any
-
+from typing import Dict, Any
+from django.db.models import QuerySet, Q, F, Count
 from django.contrib.auth import get_user_model
-from django.db.models import Count, F, Q, QuerySet
 from django.utils import timezone
+from datetime import timedelta

 User = get_user_model()

@@ -197,7 +196,7 @@ def users_with_social_accounts() -> QuerySet:
    )


-def user_statistics_summary() -> dict[str, Any]:
+def user_statistics_summary() -> Dict[str, Any]:
    """
    Get overall user statistics for dashboard/analytics.

--- a/backend/apps/accounts/serializers.py
+++ b/backend/apps/accounts/serializers.py
@@ -1,16 +1,14 @@
-from datetime import timedelta
-from typing import cast
-
+from rest_framework import serializers
 from django.contrib.auth import get_user_model
 from django.contrib.auth.password_validation import validate_password
-from django.contrib.sites.shortcuts import get_current_site
-from django.template.loader import render_to_string
-from django.utils import timezone
 from django.utils.crypto import get_random_string
+from django.utils import timezone
+from datetime import timedelta
+from django.contrib.sites.shortcuts import get_current_site
+from .models import User, PasswordReset
 from django_forwardemail.services import EmailService
-from rest_framework import serializers
-
-from .models import PasswordReset, User
+from django.template.loader import render_to_string
+from typing import cast

 UserModel = get_user_model()

@@ -21,9 +19,7 @@ class UserSerializer(serializers.ModelSerializer):
    """

    avatar_url = serializers.SerializerMethodField()
-    display_name = serializers.CharField(source="profile.display_name", required=False)
-    unit_system = serializers.CharField(source="profile.unit_system", required=False)
-    location = serializers.CharField(source="profile.location", required=False)
+    display_name = serializers.SerializerMethodField()

    class Meta:
        model = User
@@ -35,8 +31,6 @@ class UserSerializer(serializers.ModelSerializer):
            "date_joined",
            "is_active",
            "avatar_url",
-            "unit_system",
-            "location",
        ]
        read_only_fields = ["id", "date_joined", "is_active"]

@@ -46,15 +40,9 @@ class UserSerializer(serializers.ModelSerializer):
            return obj.profile.avatar.url
        return None

-    def update(self, instance, validated_data):
-        profile_data = validated_data.pop("profile", {})
-        profile = instance.profile
-
-        for attr, value in profile_data.items():
-            setattr(profile, attr, value)
-        profile.save()
-
-        return super().update(instance, validated_data)
+    def get_display_name(self, obj) -> str:
+        """Get user display name"""
+        return obj.get_display_name()


 class LoginSerializer(serializers.Serializer):
--- a/backend/apps/accounts/services.py
+++ b/backend/apps/accounts/services.py
@@ -2,281 +2,16 @@
 User management services for ThrillWiki.

 This module contains services for user account management including
-user deletion while preserving submissions, password management,
-and email change functionality.
-
-Recent additions:
- AccountService: Handles password and email change operations
- UserDeletionService: Manages user deletion while preserving content
+user deletion while preserving submissions.
 """

-import logging
-import re
-from typing import Any
-
-from django.conf import settings
-from django.contrib.auth import update_session_auth_hash
-from django.contrib.sites.models import Site
-from django.contrib.sites.shortcuts import get_current_site
+from typing import Optional
 from django.db import transaction
-from django.http import HttpRequest
-from django.template.loader import render_to_string
 from django.utils import timezone
-from django.utils.crypto import get_random_string
+from django.conf import settings
+from django.contrib.sites.models import Site
 from django_forwardemail.services import EmailService
-
-from .models import EmailVerification, User, UserDeletionRequest, UserProfile
-
-logger = logging.getLogger(__name__)
-
-
-class AccountService:
-    """Service for account management operations including password and email changes."""
-
-    @staticmethod
-    def validate_password(password: str) -> bool:
-        """
-        Validate password meets requirements.
-
-        Args:
-            password: The password to validate
-
-        Returns:
-            True if password meets requirements, False otherwise
-        """
-        return (
-            len(password) >= 8
-            and bool(re.search(r"[A-Z]", password))
-            and bool(re.search(r"[a-z]", password))
-            and bool(re.search(r"[0-9]", password))
-        )
-
-    @staticmethod
-    def change_password(
-        *,
-        user: User,
-        old_password: str,
-        new_password: str,
-        request: HttpRequest,
-    ) -> dict[str, Any]:
-        """
-        Change user password with validation and notification.
-
-        Validates the old password, checks new password requirements,
-        updates the password, and sends a confirmation email.
-
-        Args:
-            user: The user whose password is being changed
-            old_password: Current password for verification
-            new_password: New password to set
-            request: HTTP request for session handling
-
-        Returns:
-            Dictionary with success status, message, and optional redirect URL:
-            {
-                'success': bool,
-                'message': str,
-                'redirect_url': Optional[str]
-            }
-        """
-        # Verify old password
-        if not user.check_password(old_password):
-            logger.warning(
-                f"Password change failed: incorrect current password for user {user.id}"
-            )
-            return {
-                'success': False,
-                'message': "Current password is incorrect",
-                'redirect_url': None
-            }
-
-        # Validate new password
-        if not AccountService.validate_password(new_password):
-            return {
-                'success': False,
-                'message': "Password must be at least 8 characters and contain uppercase, lowercase, and numbers",
-                'redirect_url': None
-            }
-
-        # Update password
-        user.set_password(new_password)
-        user.save()
-
-        # Keep user logged in after password change
-        update_session_auth_hash(request, user)
-
-        # Send confirmation email
-        AccountService._send_password_change_confirmation(request, user)
-
-        logger.info(f"Password changed successfully for user {user.id}")
-
-        return {
-            'success': True,
-            'message': "Password changed successfully. Please check your email for confirmation.",
-            'redirect_url': None
-        }
-
-    @staticmethod
-    def _send_password_change_confirmation(request: HttpRequest, user: User) -> None:
-        """Send password change confirmation email."""
-        site = get_current_site(request)
-        context = {
-            "user": user,
-            "site_name": site.name,
-        }
-
-        email_html = render_to_string(
-            "accounts/email/password_change_confirmation.html", context
-        )
-
-        try:
-            EmailService.send_email(
-                to=user.email,
-                subject="Password Changed Successfully",
-                text="Your password has been changed successfully.",
-                site=site,
-                html=email_html,
-            )
-        except Exception as e:
-            logger.error(f"Failed to send password change confirmation email: {e}")
-
-    @staticmethod
-    def initiate_email_change(
-        *,
-        user: User,
-        new_email: str,
-        request: HttpRequest,
-    ) -> dict[str, Any]:
-        """
-        Initiate email change with verification.
-
-        Creates a verification token and sends a verification email
-        to the new email address.
-
-        Args:
-            user: The user changing their email
-            new_email: The new email address
-            request: HTTP request for site context
-
-        Returns:
-            Dictionary with success status and message:
-            {
-                'success': bool,
-                'message': str
-            }
-        """
-        if not new_email:
-            return {
-                'success': False,
-                'message': "New email is required"
-            }
-
-        # Check if email is already in use
-        if User.objects.filter(email=new_email).exclude(id=user.id).exists():
-            return {
-                'success': False,
-                'message': "This email address is already in use"
-            }
-
-        # Generate verification token
-        token = get_random_string(64)
-
-        # Create or update email verification record
-        EmailVerification.objects.update_or_create(
-            user=user,
-            defaults={"token": token}
-        )
-
-        # Store pending email
-        user.pending_email = new_email
-        user.save()
-
-        # Send verification email
-        AccountService._send_email_verification(request, user, new_email, token)
-
-        logger.info(f"Email change initiated for user {user.id} to {new_email}")
-
-        return {
-            'success': True,
-            'message': "Verification email sent to your new email address"
-        }
-
-    @staticmethod
-    def _send_email_verification(
-        request: HttpRequest,
-        user: User,
-        new_email: str,
-        token: str
-    ) -> None:
-        """Send email verification for email change."""
-        from django.urls import reverse
-
-        site = get_current_site(request)
-        verification_url = reverse("verify_email", kwargs={"token": token})
-
-        context = {
-            "user": user,
-            "verification_url": verification_url,
-            "site_name": site.name,
-        }
-
-        email_html = render_to_string("accounts/email/verify_email.html", context)
-
-        try:
-            EmailService.send_email(
-                to=new_email,
-                subject="Verify your new email address",
-                text="Click the link to verify your new email address",
-                site=site,
-                html=email_html,
-            )
-        except Exception as e:
-            logger.error(f"Failed to send email verification: {e}")
-
-    @staticmethod
-    def verify_email_change(*, token: str) -> dict[str, Any]:
-        """
-        Verify email change token and update user email.
-
-        Args:
-            token: The verification token
-
-        Returns:
-            Dictionary with success status and message
-        """
-        try:
-            verification = EmailVerification.objects.select_related("user").get(
-                token=token
-            )
-        except EmailVerification.DoesNotExist:
-            return {
-                'success': False,
-                'message': "Invalid or expired verification token"
-            }
-
-        user = verification.user
-
-        if not user.pending_email:
-            return {
-                'success': False,
-                'message': "No pending email change found"
-            }
-
-        # Update email
-        old_email = user.email
-        user.email = user.pending_email
-        user.pending_email = None
-        user.save()
-
-        # Delete verification record
-        verification.delete()
-
-        logger.info(f"Email changed for user {user.id} from {old_email} to {user.email}")
-
-        return {
-            'success': True,
-            'message': "Email address updated successfully"
-        }
+from .models import User, UserProfile, UserDeletionRequest


 class UserDeletionService:
@@ -375,35 +110,35 @@ class UserDeletionService:
        # Transfer all submissions to deleted user
        # Reviews
        if hasattr(user, "park_reviews"):
-            user.park_reviews.update(user=deleted_user)
+            getattr(user, "park_reviews").update(user=deleted_user)
        if hasattr(user, "ride_reviews"):
-            user.ride_reviews.update(user=deleted_user)
+            getattr(user, "ride_reviews").update(user=deleted_user)

        # Photos
        if hasattr(user, "uploaded_park_photos"):
-            user.uploaded_park_photos.update(uploaded_by=deleted_user)
+            getattr(user, "uploaded_park_photos").update(uploaded_by=deleted_user)
        if hasattr(user, "uploaded_ride_photos"):
-            user.uploaded_ride_photos.update(uploaded_by=deleted_user)
+            getattr(user, "uploaded_ride_photos").update(uploaded_by=deleted_user)

        # Top Lists
        if hasattr(user, "top_lists"):
-            user.top_lists.update(user=deleted_user)
+            getattr(user, "top_lists").update(user=deleted_user)

        # Moderation submissions
        if hasattr(user, "edit_submissions"):
-            user.edit_submissions.update(user=deleted_user)
+            getattr(user, "edit_submissions").update(user=deleted_user)
        if hasattr(user, "photo_submissions"):
-            user.photo_submissions.update(user=deleted_user)
+            getattr(user, "photo_submissions").update(user=deleted_user)

        # Moderation actions - these can be set to NULL since they're not user content
        if hasattr(user, "moderated_park_reviews"):
-            user.moderated_park_reviews.update(moderated_by=None)
+            getattr(user, "moderated_park_reviews").update(moderated_by=None)
        if hasattr(user, "moderated_ride_reviews"):
-            user.moderated_ride_reviews.update(moderated_by=None)
+            getattr(user, "moderated_ride_reviews").update(moderated_by=None)
        if hasattr(user, "handled_submissions"):
-            user.handled_submissions.update(handled_by=None)
+            getattr(user, "handled_submissions").update(handled_by=None)
        if hasattr(user, "handled_photos"):
-            user.handled_photos.update(handled_by=None)
+            getattr(user, "handled_photos").update(handled_by=None)

        # Store user info for the summary
        user_info = {
@@ -426,7 +161,7 @@ class UserDeletionService:
        }

    @classmethod
-    def can_delete_user(cls, user: User) -> tuple[bool, str | None]:
+    def can_delete_user(cls, user: User) -> tuple[bool, Optional[str]]:
        """
        Check if a user can be safely deleted.

--- a/backend/apps/accounts/services/init.py
+++ b/backend/apps/accounts/services/init.py
--- a/backend/apps/accounts/services/notification_service.py
+++ b/backend/apps/accounts/services/notification_service.py
@@ -5,18 +5,17 @@ This service handles the creation, delivery, and management of notifications
 for various events including submission approvals/rejections.
 """

-import logging
-from datetime import datetime, timedelta
-from typing import Any
-
-from django.conf import settings
-from django.contrib.contenttypes.models import ContentType
-from django.db import models
-from django.template.loader import render_to_string
 from django.utils import timezone
-from django_forwardemail.services import EmailService
+from django.contrib.contenttypes.models import ContentType
+from django.template.loader import render_to_string
+from django.conf import settings
+from django.db import models
+from typing import Optional, Dict, Any, List
+from datetime import datetime, timedelta
+import logging

-from apps.accounts.models import NotificationPreference, User, UserNotification
+from apps.accounts.models import User, UserNotification, NotificationPreference
+from django_forwardemail.services import EmailService

 logger = logging.getLogger(__name__)

@@ -30,10 +29,10 @@ class NotificationService:
        notification_type: str,
        title: str,
        message: str,
-        related_object: Any | None = None,
+        related_object: Optional[Any] = None,
        priority: str = UserNotification.Priority.NORMAL,
-        extra_data: dict[str, Any] | None = None,
-        expires_at: datetime | None = None,
+        extra_data: Optional[Dict[str, Any]] = None,
+        expires_at: Optional[datetime] = None,
    ) -> UserNotification:
        """
        Create a new notification for a user.
@@ -274,9 +273,9 @@ class NotificationService:
    def get_user_notifications(
        user: User,
        unread_only: bool = False,
-        notification_types: list[str] | None = None,
-        limit: int | None = None,
-    ) -> list[UserNotification]:
+        notification_types: Optional[List[str]] = None,
+        limit: Optional[int] = None,
+    ) -> List[UserNotification]:
        """
        Get notifications for a user.

@@ -309,7 +308,7 @@ class NotificationService:

    @staticmethod
    def mark_notifications_read(
-        user: User, notification_ids: list[int] | None = None
+        user: User, notification_ids: Optional[List[int]] = None
    ) -> int:
        """
        Mark notifications as read for a user.
--- a/backend/apps/accounts/services/social_provider_service.py
+++ b/backend/apps/accounts/services/social_provider_service.py
@@ -6,14 +6,13 @@ social authentication providers while ensuring users never lock themselves
 out of their accounts.
 """

-import logging
-from typing import TYPE_CHECKING
-
+from typing import Dict, List, Tuple, TYPE_CHECKING
+from django.contrib.auth import get_user_model
 from allauth.socialaccount.models import SocialApp
 from allauth.socialaccount.providers import registry
-from django.contrib.auth import get_user_model
 from django.contrib.sites.shortcuts import get_current_site
 from django.http import HttpRequest
+import logging

 if TYPE_CHECKING:
    from apps.accounts.models import User
@@ -27,7 +26,7 @@ class SocialProviderService:
    """Service for managing social provider connections."""

    @staticmethod
-    def can_disconnect_provider(user: User, provider: str) -> tuple[bool, str]:
+    def can_disconnect_provider(user: User, provider: str) -> Tuple[bool, str]:
        """
        Check if a user can safely disconnect a social provider.

@@ -70,7 +69,7 @@ class SocialProviderService:
            return False, "Unable to verify disconnection safety. Please try again."

    @staticmethod
-    def get_connected_providers(user: "User") -> list[dict]:
+    def get_connected_providers(user: "User") -> List[Dict]:
        """
        Get all social providers connected to a user's account.

@@ -107,7 +106,7 @@ class SocialProviderService:
            return []

    @staticmethod
-    def get_available_providers(request: HttpRequest) -> list[dict]:
+    def get_available_providers(request: HttpRequest) -> List[Dict]:
        """
        Get all available social providers for the current site.

@@ -153,7 +152,7 @@ class SocialProviderService:
            return []

    @staticmethod
-    def disconnect_provider(user: "User", provider: str) -> tuple[bool, str]:
+    def disconnect_provider(user: "User", provider: str) -> Tuple[bool, str]:
        """
        Disconnect a social provider from a user's account.

@@ -192,7 +191,7 @@ class SocialProviderService:
            return False, f"Failed to disconnect {provider} account. Please try again."

    @staticmethod
-    def get_auth_status(user: "User") -> dict:
+    def get_auth_status(user: "User") -> Dict:
        """
        Get comprehensive authentication status for a user.

@@ -232,7 +231,7 @@ class SocialProviderService:
            }

    @staticmethod
-    def validate_provider_exists(provider: str) -> tuple[bool, str]:
+    def validate_provider_exists(provider: str) -> Tuple[bool, str]:
        """
        Validate that a social provider is configured and available.

--- a/backend/apps/accounts/services/user_deletion_service.py
+++ b/backend/apps/accounts/services/user_deletion_service.py
@@ -5,18 +5,19 @@ This service handles user account deletion while preserving submissions
 and maintaining data integrity across the platform.
 """

+from django.utils import timezone
+from django.db import transaction
+from django.contrib.auth import get_user_model
+from django.core.mail import send_mail
+from django.conf import settings
+from django.template.loader import render_to_string
+from typing import Dict, Any, Tuple, Optional
 import logging
 import secrets
 import string
 from datetime import datetime
-from typing import Any

-from django.conf import settings
-from django.contrib.auth import get_user_model
-from django.core.mail import send_mail
-from django.db import transaction
-from django.template.loader import render_to_string
-from django.utils import timezone
+from apps.accounts.models import User

 logger = logging.getLogger(__name__)

@@ -40,7 +41,7 @@ class UserDeletionService:
    _deletion_requests = {}

    @staticmethod
-    def can_delete_user(user: User) -> tuple[bool, str | None]:
+    def can_delete_user(user: User) -> Tuple[bool, Optional[str]]:
        """
        Check if a user can be safely deleted.

@@ -103,7 +104,7 @@ class UserDeletionService:
        return deletion_request

    @staticmethod
-    def verify_and_delete_user(verification_code: str) -> dict[str, Any]:
+    def verify_and_delete_user(verification_code: str) -> Dict[str, Any]:
        """
        Verify deletion code and delete user account.

@@ -168,7 +169,7 @@ class UserDeletionService:

    @staticmethod
    @transaction.atomic
-    def delete_user_preserve_submissions(user: User) -> dict[str, Any]:
+    def delete_user_preserve_submissions(user: User) -> Dict[str, Any]:
        """
        Delete a user account while preserving all their submissions.

@@ -216,7 +217,7 @@ class UserDeletionService:
        }

    @staticmethod
-    def _count_user_submissions(user: User) -> dict[str, int]:
+    def _count_user_submissions(user: User) -> Dict[str, int]:
        """Count all submissions for a user."""
        counts = {}

--- a/backend/apps/accounts/signals.py
+++ b/backend/apps/accounts/signals.py
@@ -1,13 +1,10 @@
-import requests
-from django.contrib.auth.models import Group
-from django.contrib.auth.signals import user_logged_in
-from django.core.files import File
-from django.core.files.temp import NamedTemporaryFile
-from django.db import transaction
 from django.db.models.signals import post_save, pre_save
 from django.dispatch import receiver
-
-from .login_history import LoginHistory
+from django.contrib.auth.models import Group
+from django.db import transaction
+from django.core.files import File
+from django.core.files.temp import NamedTemporaryFile
+import requests
 from .models import User, UserProfile


@@ -188,41 +185,3 @@ def create_default_groups():
                print(f"Permission not found: {codename}")
    except Exception as e:
        print(f"Error creating default groups: {str(e)}")
-
-
-@receiver(user_logged_in)
-def log_successful_login(sender, user, request, **kwargs):
-    """
-    Log successful login events to LoginHistory.
-
-    This signal handler captures the IP address, user agent, and login method
-    for auditing and security purposes.
-    """
-    try:
-        # Get IP address
-        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
-        ip_address = x_forwarded_for.split(',')[0].strip() if x_forwarded_for else request.META.get('REMOTE_ADDR')
-
-        # Get user agent
-        user_agent = request.META.get('HTTP_USER_AGENT', '')[:500]
-
-        # Determine login method from session or request
-        login_method = 'PASSWORD'
-        if hasattr(request, 'session'):
-            sociallogin = getattr(request, '_sociallogin', None)
-            if sociallogin:
-                provider = sociallogin.account.provider.upper()
-                if provider in ['GOOGLE', 'DISCORD']:
-                    login_method = provider
-
-        # Create login history entry
-        LoginHistory.objects.create(
-            user=user,
-            ip_address=ip_address,
-            user_agent=user_agent,
-            login_method=login_method,
-            success=True,
-        )
-    except Exception as e:
-        # Don't let login history failure prevent login
-        print(f"Error logging login history for user {user.username}: {str(e)}")
--- a/backend/apps/accounts/templatetags/init.py
+++ b/backend/apps/accounts/templatetags/init.py
--- a/backend/apps/accounts/templatetags/turnstile_tags.py
+++ b/backend/apps/accounts/templatetags/turnstile_tags.py
--- a/backend/apps/accounts/tests.py
+++ b/backend/apps/accounts/tests.py
@@ -1,9 +1,7 @@
-from unittest.mock import MagicMock, patch
-
+from django.test import TestCase
 from django.contrib.auth.models import Group, Permission
 from django.contrib.contenttypes.models import ContentType
-from django.test import TestCase
-
+from unittest.mock import patch, MagicMock
 from .models import User, UserProfile
 from .signals import create_default_groups

--- a/backend/apps/accounts/tests/test_user_deletion.py
+++ b/backend/apps/accounts/tests/test_user_deletion.py
@@ -2,11 +2,10 @@
 Tests for user deletion while preserving submissions.
 """

-from django.db import transaction
 from django.test import TestCase
-
-from apps.accounts.models import User, UserProfile
+from django.db import transaction
 from apps.accounts.services import UserDeletionService
+from apps.accounts.models import User, UserProfile


 class UserDeletionServiceTest(TestCase):
@@ -141,12 +140,13 @@ class UserDeletionServiceTest(TestCase):
        original_user_count = User.objects.count()

        # Mock a failure during the deletion process
-        with self.assertRaises(Exception), transaction.atomic():
-            # Start the deletion process
-            UserDeletionService.get_or_create_deleted_user()
+        with self.assertRaises(Exception):
+            with transaction.atomic():
+                # Start the deletion process
+                UserDeletionService.get_or_create_deleted_user()

-            # Simulate an error
-            raise Exception("Simulated error during deletion")
+                # Simulate an error
+                raise Exception("Simulated error during deletion")

        # Verify user count hasn't changed
        self.assertEqual(User.objects.count(), original_user_count)
--- a/backend/apps/accounts/urls.py
+++ b/backend/apps/accounts/urls.py
@@ -1,7 +1,6 @@
-from allauth.account.views import LogoutView
-from django.contrib.auth import views as auth_views
 from django.urls import path
-
+from django.contrib.auth import views as auth_views
+from allauth.account.views import LogoutView
 from . import views

 app_name = "accounts"
--- a/backend/apps/accounts/views.py
+++ b/backend/apps/accounts/views.py
@@ -1,44 +1,38 @@
-import logging
-import re
-from contextlib import suppress
-from datetime import timedelta
-from typing import Any, cast
-
-from allauth.account.views import LoginView, SignupView
-from django.contrib import messages
-from django.contrib.auth import get_user_model, login
+from django.views.generic import DetailView, TemplateView
+from django.contrib.auth import get_user_model
+from django.shortcuts import get_object_or_404, redirect, render
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib import messages
+from django.core.exceptions import ValidationError
+from django.template.loader import render_to_string
+from django.utils.crypto import get_random_string
+from django.utils import timezone
+from datetime import timedelta
+from django.contrib.sites.shortcuts import get_current_site
 from django.contrib.sites.models import Site
 from django.contrib.sites.requests import RequestSite
-from django.contrib.sites.shortcuts import get_current_site
-from django.core.exceptions import ValidationError
-from django.core.files.uploadedfile import UploadedFile
 from django.db.models import QuerySet
-from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
-from django.shortcuts import get_object_or_404, redirect, render
-from django.template.loader import render_to_string
+from django.http import HttpResponseRedirect, HttpResponse, HttpRequest
 from django.urls import reverse
-from django.utils import timezone
-from django.utils.crypto import get_random_string
-from django.views.generic import DetailView, TemplateView
-from django_forwardemail.services import EmailService
-from django_htmx.http import HttpResponseClientRefresh
-
+from django.contrib.auth import login
+from django.core.files.uploadedfile import UploadedFile
 from apps.accounts.models import (
-    EmailVerification,
-    PasswordReset,
    User,
+    PasswordReset,
+    TopList,
+    EmailVerification,
    UserProfile,
 )
-from apps.core.logging import log_security_event
-from apps.lists.models import UserList
+from django_forwardemail.services import EmailService
 from apps.parks.models import ParkReview
 from apps.rides.models import RideReview
-
+from allauth.account.views import LoginView, SignupView
 from .mixins import TurnstileMixin
-
-logger = logging.getLogger(__name__)
+from typing import Dict, Any, Optional, Union, cast
+from django_htmx.http import HttpResponseClientRefresh
+from contextlib import suppress
+import re

 UserModel = get_user_model()

@@ -52,15 +46,6 @@ class CustomLoginView(TurnstileMixin, LoginView):
            return self.form_invalid(form)

        response = super().form_valid(form)
-        user = self.request.user
-        log_security_event(
-            logger,
-            event_type="user_login",
-            message=f"User {user.username} logged in successfully",
-            severity="low",
-            context={"user_id": user.id, "username": user.username},
-            request=self.request,
-        )
        return (
            HttpResponseClientRefresh()
            if getattr(self.request, "htmx", False)
@@ -68,14 +53,6 @@ class CustomLoginView(TurnstileMixin, LoginView):
        )

    def form_invalid(self, form):
-        log_security_event(
-            logger,
-            event_type="login_failed",
-            message="Failed login attempt",
-            severity="medium",
-            context={"username": form.data.get("login", "unknown")},
-            request=self.request,
-        )
        if getattr(self.request, "htmx", False):
            return render(
                self.request,
@@ -103,19 +80,6 @@ class CustomSignupView(TurnstileMixin, SignupView):
            return self.form_invalid(form)

        response = super().form_valid(form)
-        user = self.user
-        log_security_event(
-            logger,
-            event_type="user_signup",
-            message=f"New user registered: {user.username}",
-            severity="low",
-            context={
-                "user_id": user.id,
-                "username": user.username,
-                "email": user.email,
-            },
-            request=self.request,
-        )
        return (
            HttpResponseClientRefresh()
            if getattr(self.request, "htmx", False)
@@ -185,7 +149,7 @@ class ProfileView(DetailView):
    def get_queryset(self) -> QuerySet[User]:
        return User.objects.select_related("profile")

-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
        context = super().get_context_data(**kwargs)
        user = cast(User, self.get_object())

@@ -209,9 +173,9 @@ class ProfileView(DetailView):
            .order_by("-created_at")[:5]
        )

-    def _get_user_top_lists(self, user: User) -> QuerySet[UserList]:
+    def _get_user_top_lists(self, user: User) -> QuerySet[TopList]:
        return (
-            UserList.objects.filter(user=user)
+            TopList.objects.filter(user=user)
            .select_related("user", "user__profile")
            .prefetch_related("items")
            .order_by("-created_at")[:5]
@@ -221,7 +185,7 @@ class ProfileView(DetailView):
 class SettingsView(LoginRequiredMixin, TemplateView):
    template_name = "accounts/settings.html"

-    def get_context_data(self, **kwargs: Any) -> dict[str, Any]:
+    def get_context_data(self, **kwargs: Any) -> Dict[str, Any]:
        context = super().get_context_data(**kwargs)
        context["user"] = self.request.user
        return context
@@ -233,22 +197,12 @@ class SettingsView(LoginRequiredMixin, TemplateView):
        if display_name := request.POST.get("display_name"):
            profile.display_name = display_name

-        if unit_system := request.POST.get("unit_system"):
-            profile.unit_system = unit_system
-
-        if location := request.POST.get("location"):
-            profile.location = location
-
        if "avatar" in request.FILES:
            avatar_file = cast(UploadedFile, request.FILES["avatar"])
            profile.avatar.save(avatar_file.name, avatar_file, save=False)
            profile.save()

        user.save()
-        logger.info(
-            f"User {user.username} updated their profile",
-            extra={"user_id": user.id, "username": user.username},
-        )
        messages.success(request, "Profile updated successfully")

    def _validate_password(self, password: str) -> bool:
@@ -284,7 +238,7 @@ class SettingsView(LoginRequiredMixin, TemplateView):

    def _handle_password_change(
        self, request: HttpRequest
-    ) -> HttpResponseRedirect | None:
+    ) -> Optional[HttpResponseRedirect]:
        user = cast(User, request.user)
        old_password = request.POST.get("old_password", "")
        new_password = request.POST.get("new_password", "")
@@ -308,15 +262,6 @@ class SettingsView(LoginRequiredMixin, TemplateView):
        user.set_password(new_password)
        user.save()

-        log_security_event(
-            logger,
-            event_type="password_changed",
-            message=f"User {user.username} changed their password",
-            severity="medium",
-            context={"user_id": user.id, "username": user.username},
-            request=request,
-        )
-
        self._send_password_change_confirmation(request, user)
        messages.success(
            request,
@@ -386,7 +331,7 @@ def create_password_reset_token(user: User) -> str:


 def send_password_reset_email(
-    user: User, site: Site | RequestSite, token: str
+    user: User, site: Union[Site, RequestSite], token: str
 ) -> None:
    reset_url = reverse("password_reset_confirm", kwargs={"token": token})
    context = {
@@ -418,14 +363,6 @@ def request_password_reset(request: HttpRequest) -> HttpResponse:
        token = create_password_reset_token(user)
        site = get_current_site(request)
        send_password_reset_email(user, site, token)
-        log_security_event(
-            logger,
-            event_type="password_reset_requested",
-            message=f"Password reset requested for {email}",
-            severity="medium",
-            context={"email": email},
-            request=request,
-        )

    messages.success(request, "Password reset email sent")
    return redirect("account_login")
@@ -436,7 +373,7 @@ def handle_password_reset(
    user: User,
    new_password: str,
    reset: PasswordReset,
-    site: Site | RequestSite,
+    site: Union[Site, RequestSite],
 ) -> None:
    user.set_password(new_password)
    user.save()
@@ -444,21 +381,12 @@ def handle_password_reset(
    reset.used = True
    reset.save()

-    log_security_event(
-        logger,
-        event_type="password_reset_complete",
-        message=f"Password reset completed for user {user.username}",
-        severity="medium",
-        context={"user_id": user.id, "username": user.username},
-        request=request,
-    )
-
    send_password_reset_confirmation(user, site)
    messages.success(request, "Password reset successfully")


 def send_password_reset_confirmation(
-    user: User, site: Site | RequestSite
+    user: User, site: Union[Site, RequestSite]
 ) -> None:
    context = {
        "user": user,
--- a/backend/apps/context_portal/alembic.ini
+++ b/backend/apps/context_portal/alembic.ini
--- a/backend/apps/context_portal/alembic/env.py
+++ b/backend/apps/context_portal/alembic/env.py
@@ -57,10 +57,8 @@ def run_migrations_online() -> None:
    # Import SQLAlchemy lazily so environments without it (e.g. static analyzers)
    # don't fail at module import time.
    try:
-        from sqlalchemy import (
-            engine_from_config,  # type: ignore
-            pool,  # type: ignore
-        )
+        from sqlalchemy import engine_from_config  # type: ignore
+        from sqlalchemy import pool  # type: ignore
    except ImportError as exc:
        raise RuntimeError(
            "SQLAlchemy is required to run online Alembic migrations. "
--- a/backend/apps/context_portal/alembic/versions/2025_06_17_initial_schema.py
+++ b/backend/apps/context_portal/alembic/versions/2025_06_17_initial_schema.py
@@ -6,8 +6,8 @@ Create Date: 2025-06-17 15:00:00.000000

 """

-import sqlalchemy as sa  # type: ignore
 from alembic import op  # type: ignore
+import sqlalchemy as sa  # type: ignore

 # revision identifiers, used by Alembic.
 revision = "20250617"
--- a/backend/apps/context_portal/context.db
+++ b/backend/apps/context_portal/context.db
--- a/backend/apps/core/init.py
+++ b/backend/apps/core/init.py
--- a/apps/core/admin.py
+++ b/apps/core/admin.py
@@ -0,0 +1,30 @@
+from django.contrib import admin
+from django.utils.html import format_html
+from .models import SlugHistory
+
+
+@admin.register(SlugHistory)
+class SlugHistoryAdmin(admin.ModelAdmin):
+    list_display = ["content_object_link", "old_slug", "created_at"]
+    list_filter = ["content_type", "created_at"]
+    search_fields = ["old_slug", "object_id"]
+    readonly_fields = ["content_type", "object_id", "old_slug", "created_at"]
+    date_hierarchy = "created_at"
+    ordering = ["-created_at"]
+
+    @admin.display(description="Object")
+    def content_object_link(self, obj):
+        """Create a link to the related object's admin page"""
+        try:
+            url = obj.content_object.get_absolute_url()
+            return format_html('<a href="{}">{}</a>', url, str(obj.content_object))
+        except (AttributeError, ValueError):
+            return str(obj.content_object)
+
+    def has_add_permission(self, request):
+        """Disable manual creation of slug history records"""
+        return False
+
+    def has_change_permission(self, request, obj=None):
+        """Disable editing of slug history records"""
+        return False
--- a/backend/apps/core/analytics.py
+++ b/backend/apps/core/analytics.py
@@ -1,11 +1,10 @@
-from datetime import timedelta
-
-import pghistory
+from django.db import models
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
-from django.db import models
-from django.db.models import Count
 from django.utils import timezone
+from django.db.models import Count
+from datetime import timedelta
+import pghistory


@pghistory.track()
--- a/backend/apps/core/api/init.py
+++ b/backend/apps/core/api/init.py
--- a/backend/apps/core/api/exceptions.py
+++ b/backend/apps/core/api/exceptions.py
@@ -3,27 +3,21 @@ Custom exception handling for ThrillWiki API.
 Provides standardized error responses following Django styleguide patterns.
 """

-from typing import Any
+from typing import Any, Dict, Optional

+from django.http import Http404
 from django.core.exceptions import (
    PermissionDenied,
-)
-from django.core.exceptions import (
    ValidationError as DjangoValidationError,
 )
-from django.http import Http404
 from rest_framework import status
-from rest_framework.exceptions import (
-    NotFound,
-)
-from rest_framework.exceptions import (
-    PermissionDenied as DRFPermissionDenied,
-)
-from rest_framework.exceptions import (
-    ValidationError as DRFValidationError,
-)
 from rest_framework.response import Response
 from rest_framework.views import exception_handler
+from rest_framework.exceptions import (
+    ValidationError as DRFValidationError,
+    NotFound,
+    PermissionDenied as DRFPermissionDenied,
+)

 from ..exceptions import ThrillWikiException
 from ..logging import get_logger, log_exception
@@ -32,8 +26,8 @@ logger = get_logger(__name__)


 def custom_exception_handler(
-    exc: Exception, context: dict[str, Any]
-) -> Response | None:
+    exc: Exception, context: Dict[str, Any]
+) -> Optional[Response]:
    """
    Custom exception handler for DRF that provides standardized error responses.

@@ -215,7 +209,7 @@ def _get_error_message(exc: Exception, response_data: Any) -> str:
    return str(exc) if str(exc) else "An error occurred"


-def _get_error_details(exc: Exception, response_data: Any) -> dict[str, Any] | None:
+def _get_error_details(exc: Exception, response_data: Any) -> Optional[Dict[str, Any]]:
    """Extract detailed error information for debugging."""
    if isinstance(response_data, dict) and len(response_data) > 1:
        return response_data
@@ -230,7 +224,7 @@ def _get_error_details(exc: Exception, response_data: Any) -> dict[str, Any] | N

 def _format_django_validation_errors(
    exc: DjangoValidationError,
-) -> dict[str, Any]:
+) -> Dict[str, Any]:
    """Format Django ValidationError for API response."""
    if hasattr(exc, "error_dict"):
        # Field-specific errors
--- a/backend/apps/core/api/mixins.py
+++ b/backend/apps/core/api/mixins.py
@@ -2,11 +2,10 @@
 Common mixins for API views following Django styleguide patterns.
 """

-from typing import Any
-
-from rest_framework import status
+from typing import Dict, Any, Optional, Type
 from rest_framework.request import Request
 from rest_framework.response import Response
+from rest_framework import status

 # Constants for error messages
 _MISSING_INPUT_SERIALIZER_MSG = "Subclasses must set input_serializer class attribute"
@@ -21,17 +20,17 @@ class ApiMixin:

    # Expose expected attributes so static type checkers know they exist on subclasses.
    # Subclasses or other bases (e.g. DRF GenericAPIView) will actually provide these.
-    input_serializer: type[Any] | None = None
-    output_serializer: type[Any] | None = None
+    input_serializer: Optional[Type[Any]] = None
+    output_serializer: Optional[Type[Any]] = None

    def create_response(
        self,
        *,
        data: Any = None,
-        message: str | None = None,
+        message: Optional[str] = None,
        status_code: int = status.HTTP_200_OK,
-        pagination: dict[str, Any] | None = None,
-        metadata: dict[str, Any] | None = None,
+        pagination: Optional[Dict[str, Any]] = None,
+        metadata: Optional[Dict[str, Any]] = None,
    ) -> Response:
        """
        Create standardized API response.
@@ -67,8 +66,8 @@ class ApiMixin:
        *,
        message: str,
        status_code: int = status.HTTP_400_BAD_REQUEST,
-        error_code: str | None = None,
-        details: dict[str, Any] | None = None,
+        error_code: Optional[str] = None,
+        details: Optional[Dict[str, Any]] = None,
    ) -> Response:
        """
        Create standardized error response.
@@ -83,7 +82,7 @@ class ApiMixin:
            Standardized error Response object
        """
        # explicitly allow any-shaped values in the error_data dict
-        error_data: dict[str, Any] = {
+        error_data: Dict[str, Any] = {
            "code": error_code or "GENERIC_ERROR",
            "message": message,
        }
--- a/backend/apps/lists/apps.py
+++ b/backend/apps/lists/apps.py
@@ -1,6 +1,6 @@
 from django.apps import AppConfig


-class ListsConfig(AppConfig):
+class CoreConfig(AppConfig):
    default_auto_field = "django.db.models.BigAutoField"
-    name = "apps.lists"
+    name = "apps.core"
--- a/backend/apps/core/choices/init.py
+++ b/backend/apps/core/choices/init.py
@@ -12,11 +12,11 @@ Key Components:
 - RichChoiceSerializer: DRF serializer for API responses
 """

-from .base import ChoiceCategory, ChoiceGroup, RichChoice
-from .fields import RichChoiceField
+from .base import RichChoice, ChoiceCategory, ChoiceGroup
 from .registry import ChoiceRegistry, register_choices
-from .serializers import RichChoiceOptionSerializer, RichChoiceSerializer
-from .utils import get_choice_display, validate_choice_value
+from .fields import RichChoiceField
+from .serializers import RichChoiceSerializer, RichChoiceOptionSerializer
+from .utils import validate_choice_value, get_choice_display

 __all__ = [
    'RichChoice',
--- a/backend/apps/core/choices/base.py
+++ b/backend/apps/core/choices/base.py
@@ -5,8 +5,8 @@ This module defines the core dataclass structures for rich choice objects.
 """

 from dataclasses import dataclass, field
+from typing import Dict, Any, Optional
 from enum import Enum
-from typing import Any


 class ChoiceCategory(Enum):
@@ -30,10 +30,10 @@ class ChoiceCategory(Enum):
 class RichChoice:
    """
    Rich choice object with metadata support.
-
+    
    This replaces simple tuple choices with a comprehensive object that can
    carry additional information like descriptions, colors, icons, and custom metadata.
-
+    
    Attributes:
        value: The stored value (equivalent to first element of tuple choice)
        label: Human-readable display name (equivalent to second element of tuple choice)
@@ -45,39 +45,39 @@ class RichChoice:
    value: str
    label: str
    description: str = ""
-    metadata: dict[str, Any] = field(default_factory=dict)
+    metadata: Dict[str, Any] = field(default_factory=dict)
    deprecated: bool = False
    category: ChoiceCategory = ChoiceCategory.OTHER
-
+    
    def __post_init__(self):
        """Validate the choice object after initialization"""
        if not self.value:
            raise ValueError("Choice value cannot be empty")
        if not self.label:
            raise ValueError("Choice label cannot be empty")
-
+    
    @property
-    def color(self) -> str | None:
+    def color(self) -> Optional[str]:
        """Get the color from metadata if available"""
        return self.metadata.get('color')
-
+    
    @property
-    def icon(self) -> str | None:
+    def icon(self) -> Optional[str]:
        """Get the icon from metadata if available"""
        return self.metadata.get('icon')
-
+    
    @property
-    def css_class(self) -> str | None:
+    def css_class(self) -> Optional[str]:
        """Get the CSS class from metadata if available"""
        return self.metadata.get('css_class')
-
+    
    @property
    def sort_order(self) -> int:
        """Get the sort order from metadata, defaulting to 0"""
        return self.metadata.get('sort_order', 0)
-
-
-    def to_dict(self) -> dict[str, Any]:
+    
+    
+    def to_dict(self) -> Dict[str, Any]:
        """Convert to dictionary representation for API serialization"""
        return {
            'value': self.value,
@@ -91,11 +91,11 @@ class RichChoice:
            'css_class': self.css_class,
            'sort_order': self.sort_order,
        }
-
-
+    
+    
    def __str__(self) -> str:
        return self.label
-
+    
    def __repr__(self) -> str:
        return f"RichChoice(value='{self.value}', label='{self.label}')"

@@ -104,47 +104,47 @@ class RichChoice:
 class ChoiceGroup:
    """
    A group of related choices with shared metadata.
-
+    
    This allows for organizing choices into logical groups with
    common properties and behaviors.
    """
    name: str
    choices: list[RichChoice]
    description: str = ""
-    metadata: dict[str, Any] = field(default_factory=dict)
-
+    metadata: Dict[str, Any] = field(default_factory=dict)
+    
    def __post_init__(self):
        """Validate the choice group after initialization"""
        if not self.name:
            raise ValueError("Choice group name cannot be empty")
        if not self.choices:
            raise ValueError("Choice group must contain at least one choice")
-
+        
        # Validate that all choice values are unique within the group
        values = [choice.value for choice in self.choices]
        if len(values) != len(set(values)):
            raise ValueError("All choice values within a group must be unique")
-
-    def get_choice(self, value: str) -> RichChoice | None:
+    
+    def get_choice(self, value: str) -> Optional[RichChoice]:
        """Get a choice by its value"""
        for choice in self.choices:
            if choice.value == value:
                return choice
        return None
-
+    
    def get_choices_by_category(self, category: ChoiceCategory) -> list[RichChoice]:
        """Get all choices in a specific category"""
        return [choice for choice in self.choices if choice.category == category]
-
+    
    def get_active_choices(self) -> list[RichChoice]:
        """Get all non-deprecated choices"""
        return [choice for choice in self.choices if not choice.deprecated]
-
+    
    def to_tuple_choices(self) -> list[tuple[str, str]]:
        """Convert to legacy tuple choices format"""
        return [(choice.value, choice.label) for choice in self.choices]
-
-    def to_dict(self) -> dict[str, Any]:
+    
+    def to_dict(self) -> Dict[str, Any]:
        """Convert to dictionary representation for API serialization"""
        return {
            'name': self.name,
--- a/backend/apps/core/choices/core_choices.py
+++ b/backend/apps/core/choices/core_choices.py
@@ -5,9 +5,10 @@ This module defines all choice objects for core system functionality,
 including health checks, API statuses, and other system-level choices.
 """

-from .base import ChoiceCategory, RichChoice
+from .base import RichChoice, ChoiceCategory
 from .registry import register_choices

+
 # Health Check Status Choices
 HEALTH_STATUSES = [
    RichChoice(
@@ -127,7 +128,7 @@ ENTITY_TYPES = [

 def register_core_choices():
    """Register all core system choices with the global registry"""
-
+    
    register_choices(
        name="health_statuses",
        choices=HEALTH_STATUSES,
@@ -135,7 +136,7 @@ def register_core_choices():
        description="Health check status options",
        metadata={'domain': 'core', 'type': 'health_status'}
    )
-
+    
    register_choices(
        name="simple_health_statuses",
        choices=SIMPLE_HEALTH_STATUSES,
@@ -143,7 +144,7 @@ def register_core_choices():
        description="Simple health check status options",
        metadata={'domain': 'core', 'type': 'simple_health_status'}
    )
-
+    
    register_choices(
        name="entity_types",
        choices=ENTITY_TYPES,
--- a/backend/apps/core/choices/fields.py
+++ b/backend/apps/core/choices/fields.py
@@ -4,12 +4,10 @@ Django Model Fields for Rich Choices
 This module provides Django model field implementations for rich choice objects.
 """

-from typing import Any
-
-from django.core.exceptions import ValidationError
+from typing import Any, Optional
 from django.db import models
+from django.core.exceptions import ValidationError
 from django.forms import ChoiceField
-
 from .base import RichChoice
 from .registry import registry

@@ -17,11 +15,11 @@ from .registry import registry
 class RichChoiceField(models.CharField):
    """
    Django model field for rich choice objects.
-
+    
    This field stores the choice value as a CharField but provides
    rich choice functionality through the registry system.
    """
-
+    
    def __init__(
        self,
        choice_group: str,
@@ -32,7 +30,7 @@ class RichChoiceField(models.CharField):
    ):
        """
        Initialize the RichChoiceField.
-
+        
        Args:
            choice_group: Name of the choice group in the registry
            domain: Domain namespace for the choice group
@@ -43,66 +41,66 @@ class RichChoiceField(models.CharField):
        self.choice_group = choice_group
        self.domain = domain
        self.allow_deprecated = allow_deprecated
-
+        
        # Set choices from registry for Django admin and forms
        if self.allow_deprecated:
            choices_list = registry.get_choices(choice_group, domain)
        else:
            choices_list = registry.get_active_choices(choice_group, domain)
-
+        
        choices = [(choice.value, choice.label) for choice in choices_list]
-
+        
        kwargs['choices'] = choices
        kwargs['max_length'] = max_length
-
+        
        super().__init__(**kwargs)
-
+    
    def validate(self, value: Any, model_instance: Any) -> None:
        """Validate the choice value"""
        super().validate(value, model_instance)
-
+        
        if value is None or value == '':
            return
-
+        
        # Check if choice exists in registry
        choice = registry.get_choice(self.choice_group, value, self.domain)
        if choice is None:
            raise ValidationError(
                f"'{value}' is not a valid choice for {self.choice_group}"
            )
-
+        
        # Check if deprecated choices are allowed
        if choice.deprecated and not self.allow_deprecated:
            raise ValidationError(
                f"'{value}' is deprecated and cannot be used for new entries"
            )
-
-    def get_rich_choice(self, value: str) -> RichChoice | None:
+    
+    def get_rich_choice(self, value: str) -> Optional[RichChoice]:
        """Get the RichChoice object for a value"""
        return registry.get_choice(self.choice_group, value, self.domain)
-
+    
    def get_choice_display(self, value: str) -> str:
        """Get the display label for a choice value"""
        return registry.get_choice_display(self.choice_group, value, self.domain)
-
+    
    def contribute_to_class(self, cls: Any, name: str, private_only: bool = False, **kwargs: Any) -> None:
        """Add helper methods to the model class (signature compatible with Django Field)"""
        super().contribute_to_class(cls, name, private_only=private_only, **kwargs)
-
+        
        # Add get_FOO_rich_choice method
        def get_rich_choice_method(instance):
            value = getattr(instance, name)
            return self.get_rich_choice(value) if value else None
-
+        
        setattr(cls, f'get_{name}_rich_choice', get_rich_choice_method)
-
+        
        # Add get_FOO_display method (Django provides this, but we enhance it)
        def get_display_method(instance):
            value = getattr(instance, name)
            return self.get_choice_display(value) if value else ''
-
+        
        setattr(cls, f'get_{name}_display', get_display_method)
-
+    
    def deconstruct(self):
        """Support for Django migrations"""
        name, path, args, kwargs = super().deconstruct()
@@ -116,7 +114,7 @@ class RichChoiceFormField(ChoiceField):
    """
    Form field for rich choices with enhanced functionality.
    """
-
+    
    def __init__(
        self,
        choice_group: str,
@@ -127,7 +125,7 @@ class RichChoiceFormField(ChoiceField):
    ):
        """
        Initialize the form field.
-
+        
        Args:
            choice_group: Name of the choice group in the registry
            domain: Domain namespace for the choice group
@@ -139,13 +137,13 @@ class RichChoiceFormField(ChoiceField):
        self.domain = domain
        self.allow_deprecated = allow_deprecated
        self.show_descriptions = show_descriptions
-
+        
        # Get choices from registry
        if allow_deprecated:
            choices_list = registry.get_choices(choice_group, domain)
        else:
            choices_list = registry.get_active_choices(choice_group, domain)
-
+        
        # Format choices for display
        choices = []
        for choice in choices_list:
@@ -153,24 +151,24 @@ class RichChoiceFormField(ChoiceField):
            if show_descriptions and choice.description:
                label = f"{choice.label} - {choice.description}"
            choices.append((choice.value, label))
-
+        
        kwargs['choices'] = choices
        super().__init__(**kwargs)
-
+    
    def validate(self, value: Any) -> None:
        """Validate the choice value"""
        super().validate(value)
-
+        
        if value is None or value == '':
            return
-
+        
        # Check if choice exists in registry
        choice = registry.get_choice(self.choice_group, value, self.domain)
        if choice is None:
            raise ValidationError(
                f"'{value}' is not a valid choice for {self.choice_group}"
            )
-
+        
        # Check if deprecated choices are allowed
        if choice.deprecated and not self.allow_deprecated:
            raise ValidationError(
@@ -187,7 +185,7 @@ def create_rich_choice_field(
 ) -> RichChoiceField:
    """
    Factory function to create a RichChoiceField.
-
+    
    This is useful for creating fields with consistent settings
    across multiple models.
    """
--- a/backend/apps/core/choices/registry.py
+++ b/backend/apps/core/choices/registry.py
@@ -4,57 +4,55 @@ Choice Registry
 Centralized registry for managing all choice definitions across the application.
 """

-from typing import Any
-
+from typing import Dict, List, Optional, Any
 from django.core.exceptions import ImproperlyConfigured
-
-from .base import ChoiceGroup, RichChoice
+from .base import RichChoice, ChoiceGroup


 class ChoiceRegistry:
    """
    Centralized registry for managing all choice definitions.
-
+    
    This provides a single source of truth for all choice objects
    throughout the application, with support for namespacing by domain.
    """
-
+    
    def __init__(self):
-        self._choices: dict[str, ChoiceGroup] = {}
-        self._domains: dict[str, list[str]] = {}
-
+        self._choices: Dict[str, ChoiceGroup] = {}
+        self._domains: Dict[str, List[str]] = {}
+    
    def register(
-        self,
-        name: str,
-        choices: list[RichChoice],
+        self, 
+        name: str, 
+        choices: List[RichChoice], 
        domain: str = "core",
        description: str = "",
-        metadata: dict[str, Any] | None = None
+        metadata: Optional[Dict[str, Any]] = None
    ) -> ChoiceGroup:
        """
        Register a group of choices.
-
+        
        Args:
            name: Unique name for the choice group
            choices: List of RichChoice objects
            domain: Domain namespace (e.g., 'rides', 'parks', 'accounts')
            description: Description of the choice group
            metadata: Additional metadata for the group
-
+            
        Returns:
            The registered ChoiceGroup
-
+            
        Raises:
            ImproperlyConfigured: If name is already registered with different choices
        """
        full_name = f"{domain}.{name}"
-
+        
        if full_name in self._choices:
            # Check if the existing registration is identical
            existing_group = self._choices[full_name]
            existing_values = [choice.value for choice in existing_group.choices]
            new_values = [choice.value for choice in choices]
-
+            
            if existing_values == new_values:
                # Same choices, return existing group (allow duplicate registration)
                return existing_group
@@ -64,69 +62,69 @@ class ChoiceRegistry:
                    f"Choice group '{full_name}' is already registered with different choices. "
                    f"Existing: {existing_values}, New: {new_values}"
                )
-
+        
        choice_group = ChoiceGroup(
            name=full_name,
            choices=choices,
            description=description,
            metadata=metadata or {}
        )
-
+        
        self._choices[full_name] = choice_group
-
+        
        # Track domain
        if domain not in self._domains:
            self._domains[domain] = []
        self._domains[domain].append(name)
-
+        
        return choice_group
-
-    def get(self, name: str, domain: str = "core") -> ChoiceGroup | None:
+    
+    def get(self, name: str, domain: str = "core") -> Optional[ChoiceGroup]:
        """Get a choice group by name and domain"""
        full_name = f"{domain}.{name}"
        return self._choices.get(full_name)
-
-    def get_choice(self, group_name: str, value: str, domain: str = "core") -> RichChoice | None:
+    
+    def get_choice(self, group_name: str, value: str, domain: str = "core") -> Optional[RichChoice]:
        """Get a specific choice by group name, value, and domain"""
        choice_group = self.get(group_name, domain)
        if choice_group:
            return choice_group.get_choice(value)
        return None
-
-    def get_choices(self, name: str, domain: str = "core") -> list[RichChoice]:
+    
+    def get_choices(self, name: str, domain: str = "core") -> List[RichChoice]:
        """Get all choices in a group"""
        choice_group = self.get(name, domain)
        return choice_group.choices if choice_group else []
-
-    def get_active_choices(self, name: str, domain: str = "core") -> list[RichChoice]:
+    
+    def get_active_choices(self, name: str, domain: str = "core") -> List[RichChoice]:
        """Get all non-deprecated choices in a group"""
        choice_group = self.get(name, domain)
        return choice_group.get_active_choices() if choice_group else []
-
-
-    def get_domains(self) -> list[str]:
+    
+    
+    def get_domains(self) -> List[str]:
        """Get all registered domains"""
        return list(self._domains.keys())
-
-    def get_domain_choices(self, domain: str) -> dict[str, ChoiceGroup]:
+    
+    def get_domain_choices(self, domain: str) -> Dict[str, ChoiceGroup]:
        """Get all choice groups for a specific domain"""
        if domain not in self._domains:
            return {}
-
+        
        return {
            name: self._choices[f"{domain}.{name}"]
            for name in self._domains[domain]
        }
-
-    def list_all(self) -> dict[str, ChoiceGroup]:
+    
+    def list_all(self) -> Dict[str, ChoiceGroup]:
        """Get all registered choice groups"""
        return self._choices.copy()
-
+    
    def validate_choice(self, group_name: str, value: str, domain: str = "core") -> bool:
        """Validate that a choice value exists in a group"""
        choice = self.get_choice(group_name, value, domain)
        return choice is not None and not choice.deprecated
-
+    
    def get_choice_display(self, group_name: str, value: str, domain: str = "core") -> str:
        """Get the display label for a choice value"""
        choice = self.get_choice(group_name, value, domain)
@@ -134,7 +132,7 @@ class ChoiceRegistry:
            return choice.label
        else:
            raise ValueError(f"Choice value '{value}' not found in group '{group_name}' for domain '{domain}'")
-
+    
    def clear_domain(self, domain: str) -> None:
        """Clear all choices for a specific domain (useful for testing)"""
        if domain in self._domains:
@@ -143,7 +141,7 @@ class ChoiceRegistry:
                if full_name in self._choices:
                    del self._choices[full_name]
            del self._domains[domain]
-
+    
    def clear_all(self) -> None:
        """Clear all registered choices (useful for testing)"""
        self._choices.clear()
@@ -156,33 +154,33 @@ registry = ChoiceRegistry()

 def register_choices(
    name: str,
-    choices: list[RichChoice],
+    choices: List[RichChoice],
    domain: str = "core",
    description: str = "",
-    metadata: dict[str, Any] | None = None
+    metadata: Optional[Dict[str, Any]] = None
 ) -> ChoiceGroup:
    """
    Convenience function to register choices with the global registry.
-
+    
    Args:
        name: Unique name for the choice group
        choices: List of RichChoice objects
        domain: Domain namespace
        description: Description of the choice group
        metadata: Additional metadata for the group
-
+        
    Returns:
        The registered ChoiceGroup
    """
    return registry.register(name, choices, domain, description, metadata)


-def get_choices(name: str, domain: str = "core") -> list[RichChoice]:
+def get_choices(name: str, domain: str = "core") -> List[RichChoice]:
    """Get choices from the global registry"""
    return registry.get_choices(name, domain)


-def get_choice(group_name: str, value: str, domain: str = "core") -> RichChoice | None:
+def get_choice(group_name: str, value: str, domain: str = "core") -> Optional[RichChoice]:
    """Get a specific choice from the global registry"""
    return registry.get_choice(group_name, value, domain)

--- a/backend/apps/core/choices/serializers.py
+++ b/backend/apps/core/choices/serializers.py
@@ -5,18 +5,16 @@ This module provides Django REST Framework serializer implementations
 for rich choice objects.
 """

-from typing import Any
-
+from typing import Any, Dict, List
 from rest_framework import serializers
-
-from .base import ChoiceGroup, RichChoice
+from .base import RichChoice, ChoiceGroup
 from .registry import registry


 class RichChoiceSerializer(serializers.Serializer):
    """
    Serializer for individual RichChoice objects.
-
+    
    This provides a consistent API representation for choice objects
    with all their metadata.
    """
@@ -30,8 +28,8 @@ class RichChoiceSerializer(serializers.Serializer):
    icon = serializers.CharField(allow_null=True)
    css_class = serializers.CharField(allow_null=True)
    sort_order = serializers.IntegerField()
-
-    def to_representation(self, instance: RichChoice) -> dict[str, Any]:
+    
+    def to_representation(self, instance: RichChoice) -> Dict[str, Any]:
        """Convert RichChoice to dictionary representation"""
        return instance.to_dict()

@@ -39,7 +37,7 @@ class RichChoiceSerializer(serializers.Serializer):
 class RichChoiceOptionSerializer(serializers.Serializer):
    """
    Serializer for choice options in filter endpoints.
-
+    
    This replaces the legacy FilterOptionSerializer with rich choice support.
    """
    value = serializers.CharField()
@@ -52,8 +50,8 @@ class RichChoiceOptionSerializer(serializers.Serializer):
    icon = serializers.CharField(allow_null=True, required=False)
    css_class = serializers.CharField(allow_null=True, required=False)
    metadata = serializers.DictField(required=False)
-
-    def to_representation(self, instance) -> dict[str, Any]:
+    
+    def to_representation(self, instance) -> Dict[str, Any]:
        """Convert choice option to dictionary representation"""
        if isinstance(instance, RichChoice):
            # Convert RichChoice to option format
@@ -90,7 +88,7 @@ class RichChoiceOptionSerializer(serializers.Serializer):
 class ChoiceGroupSerializer(serializers.Serializer):
    """
    Serializer for ChoiceGroup objects.
-
+    
    This provides API representation for entire choice groups
    with all their choices and metadata.
    """
@@ -98,8 +96,8 @@ class ChoiceGroupSerializer(serializers.Serializer):
    description = serializers.CharField()
    metadata = serializers.DictField()
    choices = RichChoiceSerializer(many=True)
-
-    def to_representation(self, instance: ChoiceGroup) -> dict[str, Any]:
+    
+    def to_representation(self, instance: ChoiceGroup) -> Dict[str, Any]:
        """Convert ChoiceGroup to dictionary representation"""
        return instance.to_dict()

@@ -107,11 +105,11 @@ class ChoiceGroupSerializer(serializers.Serializer):
 class RichChoiceFieldSerializer(serializers.CharField):
    """
    Serializer field for rich choice values.
-
+    
    This field serializes the choice value but can optionally
    include rich choice metadata in the response.
    """
-
+    
    def __init__(
        self,
        choice_group: str,
@@ -121,7 +119,7 @@ class RichChoiceFieldSerializer(serializers.CharField):
    ):
        """
        Initialize the serializer field.
-
+        
        Args:
            choice_group: Name of the choice group in the registry
            domain: Domain namespace for the choice group
@@ -132,12 +130,12 @@ class RichChoiceFieldSerializer(serializers.CharField):
        self.domain = domain
        self.include_metadata = include_metadata
        super().__init__(**kwargs)
-
+    
    def to_representation(self, value: str) -> Any:
        """Convert choice value to representation"""
        if not value:
            return value
-
+        
        if self.include_metadata:
            # Return rich choice object
            choice = registry.get_choice(self.choice_group, value, self.domain)
@@ -160,7 +158,7 @@ class RichChoiceFieldSerializer(serializers.CharField):
        else:
            # Return just the value
            return value
-
+    
    def to_internal_value(self, data: Any) -> str:
        """Convert input data to choice value"""
        if isinstance(data, dict) and 'value' in data:
@@ -177,26 +175,26 @@ def create_choice_options_serializer(
    include_counts: bool = False,
    queryset=None,
    count_field: str = 'id'
-) -> list[dict[str, Any]]:
+) -> List[Dict[str, Any]]:
    """
    Create choice options for filter endpoints.
-
+    
    This function generates choice options with optional counts
    for use in filter metadata endpoints.
-
+    
    Args:
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
        include_counts: Whether to include counts for each option
        queryset: QuerySet to count against (required if include_counts=True)
        count_field: Field to filter on for counting (default: 'id')
-
+        
    Returns:
        List of choice option dictionaries
    """
    choices = registry.get_active_choices(choice_group, domain)
    options = []
-
+    
    for choice in choices:
        option_data = {
            'value': choice.value,
@@ -209,7 +207,7 @@ def create_choice_options_serializer(
            'css_class': choice.css_class,
            'metadata': choice.metadata,
        }
-
+        
        if include_counts and queryset is not None:
            # Count items for this choice
            try:
@@ -220,9 +218,9 @@ def create_choice_options_serializer(
                option_data['count'] = None
        else:
            option_data['count'] = None
-
+        
        options.append(option_data)
-
+    
    # Sort by sort_order, then by label
    options.sort(key=lambda x: (
        (lambda c: c.sort_order if (c is not None and hasattr(c, 'sort_order')) else 0)(
@@ -230,7 +228,7 @@ def create_choice_options_serializer(
        ),
         x['label']
     ))
-
+    
    return options


@@ -242,19 +240,19 @@ def serialize_choice_value(
 ) -> Any:
    """
    Serialize a single choice value.
-
+    
    Args:
        value: The choice value to serialize
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
        include_metadata: Whether to include rich choice metadata
-
+        
    Returns:
        Serialized choice value (string or rich object)
    """
    if not value:
        return value
-
+    
    if include_metadata:
        choice = registry.get_choice(choice_group, value, domain)
        if choice:
--- a/backend/apps/core/choices/utils.py
+++ b/backend/apps/core/choices/utils.py
@@ -4,9 +4,8 @@ Utility Functions for Rich Choices
 This module provides utility functions for working with rich choice objects.
 """

-from typing import Any
-
-from .base import ChoiceCategory, RichChoice
+from typing import Any, Dict, List, Optional, Tuple
+from .base import RichChoice, ChoiceCategory
 from .registry import registry


@@ -18,24 +17,27 @@ def validate_choice_value(
 ) -> bool:
    """
    Validate that a choice value is valid for a given choice group.
-
+    
    Args:
        value: The choice value to validate
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
        allow_deprecated: Whether to allow deprecated choices
-
+        
    Returns:
        True if valid, False otherwise
    """
    if not value:
        return True  # Allow empty values (handled by field's null/blank settings)
-
+    
    choice = registry.get_choice(choice_group, value, domain)
    if choice is None:
        return False
-
-    return not (choice.deprecated and not allow_deprecated)
+    
+    if choice.deprecated and not allow_deprecated:
+        return False
+    
+    return True


 def get_choice_display(
@@ -45,21 +47,21 @@ def get_choice_display(
 ) -> str:
    """
    Get the display label for a choice value.
-
+    
    Args:
        value: The choice value
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
-
+        
    Returns:
        Display label for the choice
-
+        
    Raises:
        ValueError: If the choice value is not found in the registry
    """
    if not value:
        return ""
-
+    
    choice = registry.get_choice(choice_group, value, domain)
    if choice:
        return choice.label
@@ -70,24 +72,24 @@ def get_choice_display(


 def create_status_choices(
-    statuses: dict[str, dict[str, Any]],
+    statuses: Dict[str, Dict[str, Any]],
    category: ChoiceCategory = ChoiceCategory.STATUS
-) -> list[RichChoice]:
+) -> List[RichChoice]:
    """
    Create status choices with consistent color coding.
-
+    
    Args:
        statuses: Dictionary mapping status value to config dict
        category: Choice category (defaults to STATUS)
-
+        
    Returns:
        List of RichChoice objects for statuses
    """
    choices = []
-
+    
    for value, config in statuses.items():
        metadata = config.get('metadata', {})
-
+        
        # Add default status colors if not specified
        if 'color' not in metadata:
            if 'operating' in value.lower() or 'active' in value.lower():
@@ -100,7 +102,7 @@ def create_status_choices(
                metadata['color'] = 'blue'
            else:
                metadata['color'] = 'gray'
-
+        
        choice = RichChoice(
            value=value,
            label=config['label'],
@@ -110,26 +112,26 @@ def create_status_choices(
            category=category
        )
        choices.append(choice)
-
+    
    return choices


 def create_type_choices(
-    types: dict[str, dict[str, Any]],
+    types: Dict[str, Dict[str, Any]],
    category: ChoiceCategory = ChoiceCategory.TYPE
-) -> list[RichChoice]:
+) -> List[RichChoice]:
    """
    Create type/classification choices.
-
+    
    Args:
        types: Dictionary mapping type value to config dict
        category: Choice category (defaults to TYPE)
-
+        
    Returns:
        List of RichChoice objects for types
    """
    choices = []
-
+    
    for value, config in types.items():
        choice = RichChoice(
            value=value,
@@ -140,21 +142,21 @@ def create_type_choices(
            category=category
        )
        choices.append(choice)
-
+    
    return choices


 def merge_choice_metadata(
-    base_metadata: dict[str, Any],
-    override_metadata: dict[str, Any]
-) -> dict[str, Any]:
+    base_metadata: Dict[str, Any],
+    override_metadata: Dict[str, Any]
+) -> Dict[str, Any]:
    """
    Merge choice metadata dictionaries.
-
+    
    Args:
        base_metadata: Base metadata dictionary
        override_metadata: Override metadata dictionary
-
+        
    Returns:
        Merged metadata dictionary
    """
@@ -164,16 +166,16 @@ def merge_choice_metadata(


 def filter_choices_by_category(
-    choices: list[RichChoice],
+    choices: List[RichChoice],
    category: ChoiceCategory
-) -> list[RichChoice]:
+) -> List[RichChoice]:
    """
    Filter choices by category.
-
+    
    Args:
        choices: List of RichChoice objects
        category: Category to filter by
-
+        
    Returns:
        Filtered list of choices
    """
@@ -181,16 +183,16 @@ def filter_choices_by_category(


 def sort_choices(
-    choices: list[RichChoice],
+    choices: List[RichChoice],
    sort_by: str = "sort_order"
-) -> list[RichChoice]:
+) -> List[RichChoice]:
    """
    Sort choices by specified criteria.
-
+    
    Args:
        choices: List of RichChoice objects
        sort_by: Sort criteria ("sort_order", "label", "value")
-
+        
    Returns:
        Sorted list of choices
    """
@@ -207,14 +209,14 @@ def sort_choices(
 def get_choice_colors(
    choice_group: str,
    domain: str = "core"
-) -> dict[str, str]:
+) -> Dict[str, str]:
    """
    Get a mapping of choice values to their colors.
-
+    
    Args:
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
-
+        
    Returns:
        Dictionary mapping choice values to colors
    """
@@ -228,35 +230,35 @@ def get_choice_colors(

 def validate_choice_group_data(
    name: str,
-    choices: list[RichChoice],
+    choices: List[RichChoice],
    domain: str = "core"
-) -> list[str]:
+) -> List[str]:
    """
    Validate choice group data and return list of errors.
-
+    
    Args:
        name: Choice group name
        choices: List of RichChoice objects
        domain: Domain namespace
-
+        
    Returns:
        List of validation error messages
    """
    errors = []
-
+    
    if not name:
        errors.append("Choice group name cannot be empty")
-
+    
    if not choices:
        errors.append("Choice group must contain at least one choice")
        return errors
-
+    
    # Check for duplicate values
    values = [choice.value for choice in choices]
    if len(values) != len(set(values)):
        duplicates = [v for v in values if values.count(v) > 1]
        errors.append(f"Duplicate choice values found: {', '.join(set(duplicates))}")
-
+    
    # Validate individual choices
    for i, choice in enumerate(choices):
        try:
@@ -271,17 +273,17 @@ def validate_choice_group_data(
            )
        except ValueError as e:
            errors.append(f"Choice {i}: {str(e)}")
-
+    
    return errors


-def create_choice_from_config(config: dict[str, Any]) -> RichChoice:
+def create_choice_from_config(config: Dict[str, Any]) -> RichChoice:
    """
    Create a RichChoice from a configuration dictionary.
-
+    
    Args:
        config: Configuration dictionary with choice data
-
+        
    Returns:
        RichChoice object
    """
@@ -298,19 +300,19 @@ def create_choice_from_config(config: dict[str, Any]) -> RichChoice:
 def export_choices_to_dict(
    choice_group: str,
    domain: str = "core"
-) -> dict[str, Any]:
+) -> Dict[str, Any]:
    """
    Export a choice group to a dictionary format.
-
+    
    Args:
        choice_group: Name of the choice group in the registry
        domain: Domain namespace for the choice group
-
+        
    Returns:
        Dictionary representation of the choice group
    """
    group = registry.get(choice_group, domain)
    if not group:
        return {}
-
+    
    return group.to_dict()
--- a/backend/apps/core/decorators/init.py
+++ b/backend/apps/core/decorators/init.py
--- a/backend/apps/core/decorators/cache_decorators.py
+++ b/backend/apps/core/decorators/cache_decorators.py
@@ -4,26 +4,22 @@ Advanced caching decorators for API views and functions.

 import hashlib
 import json
-import logging
 import time
-from collections.abc import Callable
 from functools import wraps
-from typing import Any
-
+from typing import Optional, List, Callable, Any, Dict
 from django.http import HttpRequest, HttpResponseBase
 from django.utils.decorators import method_decorator
-from django.views import View
 from django.views.decorators.vary import vary_on_headers
-from rest_framework.response import Response as DRFResponse
-
+from django.views import View
 from apps.core.services.enhanced_cache_service import EnhancedCacheService
+import logging

 logger = logging.getLogger(__name__)


 def cache_api_response(
    timeout: int = 1800,
-    vary_on: list[str] | None = None,
+    vary_on: Optional[List[str]] = None,
    key_prefix: str = "api",
    cache_backend: str = "api",
 ) -> Callable[[Callable[..., Any]], Callable[..., Any]]:
@@ -85,14 +81,6 @@ def cache_api_response(
                        "cache_hit": True,
                    },
                )
-
-                # If cached data is our dict format for DRF responses, reconstruct it
-                if isinstance(cached_response, dict) and '__drf_data__' in cached_response:
-                    return DRFResponse(
-                        data=cached_response['__drf_data__'],
-                        status=cached_response.get('status', 200)
-                    )
-
                return cached_response

            # Execute view and cache result
@@ -102,18 +90,8 @@ def cache_api_response(

            # Only cache successful responses
            if hasattr(response, "status_code") and response.status_code == 200:
-                # For DRF responses, we must cache the data, not the response object
-                # because the response object is not rendered yet and cannot be pickled
-                if hasattr(response, 'data'):
-                    cache_payload = {
-                        '__drf_data__': response.data,
-                        'status': response.status_code
-                    }
-                else:
-                    cache_payload = response
-
                getattr(cache_service, cache_backend + "_cache").set(
-                    cache_key, cache_payload, timeout
+                    cache_key, response, timeout
                )
                logger.debug(
                    f"Cached API response for view {view_func.__name__}",
@@ -196,7 +174,7 @@ def cache_queryset_result(


 def invalidate_cache_on_save(
-    model_name: str, cache_patterns: list[str] | None = None
+    model_name: str, cache_patterns: Optional[List[str]] = None
 ) -> Callable[[Callable[..., Any]], Callable[..., Any]]:
    """
    Decorator to invalidate cache when model instances are saved
@@ -316,8 +294,8 @@ class CachedAPIViewMixin(View):

 def smart_cache(
    timeout: int = 3600,
-    key_func: Callable[..., str] | None = None,
-    invalidate_on: list[str] | None = None,
+    key_func: Optional[Callable[..., str]] = None,
+    invalidate_on: Optional[List[str]] = None,
    cache_backend: str = "default",
 ) -> Callable[[Callable[..., Any]], Callable[..., Any]]:
    """
@@ -381,8 +359,8 @@ def smart_cache(

        # Add cache invalidation if specified
        if invalidate_on:
-            wrapper._cache_invalidate_on = invalidate_on
-            wrapper._cache_backend = cache_backend
+            setattr(wrapper, "_cache_invalidate_on", invalidate_on)
+            setattr(wrapper, "_cache_backend", cache_backend)

        return wrapper

@@ -434,7 +412,7 @@ def generate_model_cache_key(model_instance: Any, suffix: str = "") -> str:


 def generate_queryset_cache_key(
-    queryset: Any, params: dict[str, Any] | None = None
+    queryset: Any, params: Optional[Dict[str, Any]] = None
 ) -> str:
    """Generate cache key for queryset with parameters"""
    model_name = queryset.model._meta.model_name
--- a/backend/apps/core/exceptions.py
+++ b/backend/apps/core/exceptions.py
@@ -3,7 +3,7 @@ Custom exception classes for ThrillWiki.
 Provides domain-specific exceptions with proper error codes and messages.
 """

-from typing import Any
+from typing import Optional, Dict, Any


 class ThrillWikiException(Exception):
@@ -15,16 +15,16 @@ class ThrillWikiException(Exception):

    def __init__(
        self,
-        message: str | None = None,
-        error_code: str | None = None,
-        details: dict[str, Any] | None = None,
+        message: Optional[str] = None,
+        error_code: Optional[str] = None,
+        details: Optional[Dict[str, Any]] = None,
    ):
        self.message = message or self.default_message
        self.error_code = error_code or self.error_code
        self.details = details or {}
        super().__init__(self.message)

-    def to_dict(self) -> dict[str, Any]:
+    def to_dict(self) -> Dict[str, Any]:
        """Convert exception to dictionary for API responses."""
        return {
            "error_code": self.error_code,
@@ -65,14 +65,6 @@ class BusinessLogicError(ThrillWikiException):
    status_code = 400


-class ServiceError(ThrillWikiException):
-    """Raised when a service operation fails."""
-
-    default_message = "Service operation failed"
-    error_code = "SERVICE_ERROR"
-    status_code = 500
-
-
 class ExternalServiceError(ThrillWikiException):
    """Raised when external service calls fail."""

@@ -96,7 +88,7 @@ class ParkNotFoundError(NotFoundError):
    default_message = "Park not found"
    error_code = "PARK_NOT_FOUND"

-    def __init__(self, park_slug: str | None = None, **kwargs):
+    def __init__(self, park_slug: Optional[str] = None, **kwargs):
        if park_slug:
            kwargs["details"] = {"park_slug": park_slug}
            kwargs["message"] = f"Park with slug '{park_slug}' not found"
@@ -122,7 +114,7 @@ class RideNotFoundError(NotFoundError):
    default_message = "Ride not found"
    error_code = "RIDE_NOT_FOUND"

-    def __init__(self, ride_slug: str | None = None, **kwargs):
+    def __init__(self, ride_slug: Optional[str] = None, **kwargs):
        if ride_slug:
            kwargs["details"] = {"ride_slug": ride_slug}
            kwargs["message"] = f"Ride with slug '{ride_slug}' not found"
@@ -150,8 +142,8 @@ class InvalidCoordinatesError(ValidationException):

    def __init__(
        self,
-        latitude: float | None = None,
-        longitude: float | None = None,
+        latitude: Optional[float] = None,
+        longitude: Optional[float] = None,
        **kwargs,
    ):
        if latitude is not None or longitude is not None:
@@ -198,7 +190,7 @@ class InsufficientPermissionsError(PermissionDeniedError):
    default_message = "Insufficient permissions"
    error_code = "INSUFFICIENT_PERMISSIONS"

-    def __init__(self, required_permission: str | None = None, **kwargs):
+    def __init__(self, required_permission: Optional[str] = None, **kwargs):
        if required_permission:
            kwargs["details"] = {"required_permission": required_permission}
            kwargs["message"] = f"Permission '{required_permission}' required"
@@ -226,7 +218,7 @@ class RoadTripError(ExternalServiceError):
    default_message = "Road trip planning error"
    error_code = "ROADTRIP_ERROR"

-    def __init__(self, service_name: str | None = None, **kwargs):
+    def __init__(self, service_name: Optional[str] = None, **kwargs):
        if service_name:
            kwargs["details"] = {"service": service_name}
        super().__init__(**kwargs)
--- a/backend/apps/core/forms.py
+++ b/backend/apps/core/forms.py
@@ -1,10 +1,11 @@
 """Core forms and form components."""

-from autocomplete import Autocomplete
 from django.conf import settings
 from django.core.exceptions import PermissionDenied
 from django.utils.translation import gettext_lazy as _

+from autocomplete import Autocomplete
+

 class BaseAutocomplete(Autocomplete):
    """Base autocomplete class for consistent autocomplete behavior across the project.
--- a/backend/apps/accounts/tests/init.py
+++ b/backend/apps/accounts/tests/init.py
--- a/backend/apps/core/forms/search.py
+++ b/backend/apps/core/forms/search.py
--- a/backend/apps/core/health_checks/init.py
+++ b/backend/apps/core/health_checks/init.py
--- a/backend/apps/core/health_checks/custom_checks.py
+++ b/backend/apps/core/health_checks/custom_checks.py
@@ -2,10 +2,9 @@
 Custom health checks for ThrillWiki application.
 """

-import logging
 import time
+import logging
 from pathlib import Path
-
 from django.core.cache import cache
 from django.db import connection
 from health_check.backends import BaseHealthCheckBackend
@@ -166,10 +165,9 @@ class ApplicationHealthCheck(BaseHealthCheckBackend):

            # Check if we can access critical models
            try:
-                from django.contrib.auth import get_user_model
                from parks.models import Park
-
                from apps.rides.models import Ride
+                from django.contrib.auth import get_user_model

                User = get_user_model()

@@ -187,9 +185,8 @@ class ApplicationHealthCheck(BaseHealthCheckBackend):
                self.add_error(f"Model access check failed: {e}")

            # Check media and static file configuration
-            import os
-
            from django.conf import settings
+            import os

            if not os.path.exists(settings.MEDIA_ROOT):
                self.add_error(f"Media directory does not exist: {settings.MEDIA_ROOT}")
@@ -211,8 +208,8 @@ class ExternalServiceHealthCheck(BaseHealthCheckBackend):
    def check_status(self):
        # Check email service if configured
        try:
-            from django.conf import settings
            from django.core.mail import get_connection
+            from django.conf import settings

            if (
                hasattr(settings, "EMAIL_BACKEND")
@@ -256,8 +253,8 @@ class ExternalServiceHealthCheck(BaseHealthCheckBackend):

        # Check Redis connection if configured
        try:
-            from django.conf import settings
            from django.core.cache import caches
+            from django.conf import settings

            cache_config = settings.CACHES.get("default", {})
            if "redis" in cache_config.get("BACKEND", "").lower():
@@ -282,7 +279,6 @@ class DiskSpaceHealthCheck(BaseHealthCheckBackend):
    def check_status(self):
        try:
            import shutil
-
            from django.conf import settings

            # Check disk space for media directory
--- a/backend/apps/core/history.py
+++ b/backend/apps/core/history.py
@@ -1,9 +1,8 @@
-from typing import TYPE_CHECKING, Any
-
-from django.conf import settings
-from django.contrib.contenttypes.fields import GenericForeignKey
-from django.contrib.contenttypes.models import ContentType
 from django.db import models
+from django.contrib.contenttypes.models import ContentType
+from django.contrib.contenttypes.fields import GenericForeignKey
+from django.conf import settings
+from typing import Any, Dict, Optional, TYPE_CHECKING
 from django.db.models import QuerySet

 if TYPE_CHECKING:
@@ -13,7 +12,7 @@ if TYPE_CHECKING:
 class DiffMixin:
    """Mixin to add diffing capabilities to models with pghistory"""

-    def get_prev_record(self) -> Any | None:
+    def get_prev_record(self) -> Optional[Any]:
        """Get the previous record for this instance"""
        try:
            # Use getattr to safely access objects manager and pghistory fields
@@ -38,7 +37,7 @@ class DiffMixin:
        except (AttributeError, TypeError):
            return None

-    def diff_against_previous(self) -> dict:
+    def diff_against_previous(self) -> Dict:
        """Compare this record against the previous one"""
        prev_record = self.get_prev_record()
        if not prev_record:
--- a/backend/apps/core/logging.py
+++ b/backend/apps/core/logging.py
@@ -5,8 +5,7 @@ Provides structured logging with proper formatting and context.

 import logging
 import sys
-from typing import Any
-
+from typing import Dict, Any, Optional
 from django.conf import settings
 from django.utils import timezone

@@ -66,7 +65,7 @@ def log_exception(
    logger: logging.Logger,
    exception: Exception,
    *,
-    context: dict[str, Any] | None = None,
+    context: Optional[Dict[str, Any]] = None,
    request=None,
    level: int = logging.ERROR,
 ) -> None:
@@ -112,7 +111,7 @@ def log_business_event(
    event_type: str,
    *,
    message: str,
-    context: dict[str, Any] | None = None,
+    context: Optional[Dict[str, Any]] = None,
    request=None,
    level: int = logging.INFO,
 ) -> None:
@@ -150,7 +149,7 @@ def log_performance_metric(
    operation: str,
    *,
    duration_ms: float,
-    context: dict[str, Any] | None = None,
+    context: Optional[Dict[str, Any]] = None,
    level: int = logging.INFO,
 ) -> None:
    """
@@ -178,8 +177,8 @@ def log_api_request(
    logger: logging.Logger,
    request,
    *,
-    response_status: int | None = None,
-    duration_ms: float | None = None,
+    response_status: Optional[int] = None,
+    duration_ms: Optional[float] = None,
    level: int = logging.INFO,
 ) -> None:
    """
@@ -220,7 +219,7 @@ def log_security_event(
    *,
    message: str,
    severity: str = "medium",
-    context: dict[str, Any] | None = None,
+    context: Optional[Dict[str, Any]] = None,
    request=None,
 ) -> None:
    """
--- a/backend/apps/core/management/init.py
+++ b/backend/apps/core/management/init.py
--- a/Show More
+++ b/Show More