From ab42d86127ac308499b6c933a359f237a761a986 Mon Sep 17 00:00:00 2001
From: Iliyan Angelov <angelov@angeloviliyan.com>
Date: Wed, 10 Dec 2025 01:41:57 +0200
Subject: [PATCH] updates

---
 .../add_shift_update_to_notification_type.py  |   86 +
 Backend/src/__pycache__/main.cpython-312.pyc  |  Bin 28268 -> 28965 bytes
 .../__pycache__/admin_session.cpython-312.pyc |  Bin 0 -> 3761 bytes
 Backend/src/auth/models/admin_session.py      |   95 ++
 .../admin_security_routes.cpython-312.pyc     |  Bin 0 -> 12466 bytes
 .../__pycache__/auth_routes.cpython-312.pyc   |  Bin 41083 -> 37969 bytes
 .../src/auth/routes/admin_security_routes.py  |  259 +++
 Backend/src/auth/routes/auth_routes.py        |  159 +-
 .../admin_security_service.cpython-312.pyc    |  Bin 0 -> 10949 bytes
 .../auth/services/admin_security_service.py   |  296 ++++
 .../staff_shift_routes.cpython-312.pyc        |  Bin 26479 -> 34371 bytes
 .../routes/staff_shift_routes.py              |  214 ++-
 .../shift_automation_service.cpython-312.pyc  |  Bin 0 -> 22169 bytes
 .../shift_scheduler.cpython-312.pyc           |  Bin 0 -> 5676 bytes
 .../services/shift_automation_service.py      |  603 +++++++
 .../services/shift_scheduler.py               |  120 ++
 Backend/src/main.py                           |   12 +
 Backend/src/models/__init__.py                |    3 +-
 .../__pycache__/__init__.cpython-312.pyc      |  Bin 8605 -> 8705 bytes
 .../__pycache__/notification.cpython-312.pyc  |  Bin 7216 -> 7244 bytes
 .../src/notifications/models/notification.py  |    1 +
 .../__pycache__/step_up_auth.cpython-312.pyc  |  Bin 7150 -> 7214 bytes
 .../src/security/middleware/step_up_auth.py   |   17 +-
 Frontend/src/App.tsx                          |    4 +-
 .../auth/components/StepUpAuthModal.tsx       |    9 +-
 .../services/accountantSecurityService.ts     |    9 -
 .../security/services/adminSecurityService.ts |   68 +
 .../staffShifts/services/staffShiftService.ts |   14 +
 .../pages/admin/StaffShiftDashboardPage.tsx   | 1401 +++++++++++++++++
 .../pages/admin/StaffShiftManagementPage.tsx  |  620 --------
 Frontend/src/routes/adminRoutes.tsx           |    2 +
 .../src/shared/components/SidebarAdmin.tsx    |    4 +-
 32 files changed, 3235 insertions(+), 761 deletions(-)
 create mode 100644 Backend/alembic/versions/add_shift_update_to_notification_type.py
 create mode 100644 Backend/src/auth/models/__pycache__/admin_session.cpython-312.pyc
 create mode 100644 Backend/src/auth/models/admin_session.py
 create mode 100644 Backend/src/auth/routes/__pycache__/admin_security_routes.cpython-312.pyc
 create mode 100644 Backend/src/auth/routes/admin_security_routes.py
 create mode 100644 Backend/src/auth/services/__pycache__/admin_security_service.cpython-312.pyc
 create mode 100644 Backend/src/auth/services/admin_security_service.py
 create mode 100644 Backend/src/hotel_services/services/__pycache__/shift_automation_service.cpython-312.pyc
 create mode 100644 Backend/src/hotel_services/services/__pycache__/shift_scheduler.cpython-312.pyc
 create mode 100644 Backend/src/hotel_services/services/shift_automation_service.py
 create mode 100644 Backend/src/hotel_services/services/shift_scheduler.py
 create mode 100644 Frontend/src/features/security/services/adminSecurityService.ts
 create mode 100644 Frontend/src/pages/admin/StaffShiftDashboardPage.tsx
 delete mode 100644 Frontend/src/pages/admin/StaffShiftManagementPage.tsx

diff --git a/Backend/alembic/versions/add_shift_update_to_notification_type.py b/Backend/alembic/versions/add_shift_update_to_notification_type.py
new file mode 100644
index 00000000..7a4edc18
--- /dev/null
+++ b/Backend/alembic/versions/add_shift_update_to_notification_type.py
@@ -0,0 +1,86 @@
+"""add_shift_update_to_notification_type
+
+Revision ID: add_shift_update_001
+Revises: add_staff_shifts_001
+Create Date: 2025-12-09 20:55:00.000000
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'add_shift_update_001'
+down_revision = 'add_staff_shifts_001'
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # Add 'shift_update' to notification_type enum in notifications table
+    op.execute("""
+        ALTER TABLE notifications 
+        MODIFY COLUMN notification_type ENUM(
+            'booking_confirmation', 
+            'payment_receipt', 
+            'pre_arrival_reminder', 
+            'check_in_reminder', 
+            'check_out_reminder', 
+            'marketing_campaign', 
+            'loyalty_update', 
+            'shift_update',
+            'system_alert', 
+            'custom'
+        ) NOT NULL
+    """)
+    
+    # Also update notification_templates table if it exists
+    op.execute("""
+        ALTER TABLE notification_templates 
+        MODIFY COLUMN notification_type ENUM(
+            'booking_confirmation', 
+            'payment_receipt', 
+            'pre_arrival_reminder', 
+            'check_in_reminder', 
+            'check_out_reminder', 
+            'marketing_campaign', 
+            'loyalty_update', 
+            'shift_update',
+            'system_alert', 
+            'custom'
+        ) NOT NULL
+    """)
+
+
+def downgrade() -> None:
+    # Remove 'shift_update' from notification_type enum
+    op.execute("""
+        ALTER TABLE notifications 
+        MODIFY COLUMN notification_type ENUM(
+            'booking_confirmation', 
+            'payment_receipt', 
+            'pre_arrival_reminder', 
+            'check_in_reminder', 
+            'check_out_reminder', 
+            'marketing_campaign', 
+            'loyalty_update', 
+            'system_alert', 
+            'custom'
+        ) NOT NULL
+    """)
+    
+    op.execute("""
+        ALTER TABLE notification_templates 
+        MODIFY COLUMN notification_type ENUM(
+            'booking_confirmation', 
+            'payment_receipt', 
+            'pre_arrival_reminder', 
+            'check_in_reminder', 
+            'check_out_reminder', 
+            'marketing_campaign', 
+            'loyalty_update', 
+            'system_alert', 
+            'custom'
+        ) NOT NULL
+    """)
+
diff --git a/Backend/src/__pycache__/main.cpython-312.pyc b/Backend/src/__pycache__/main.cpython-312.pyc
index 05eb17505341c5bbcba73d24cfc569237ec26629..f8f1698e3987f9410075f9f68faf5e56442b67ae 100644
GIT binary patch
delta 3012
zcmaKtdrTBZ9LINdx#Ny|c=nFR9o(zZBKT?ytwP!qDi0Mzt+9qtOHX%z!yTY|2Z<DF
zgH5ZZwbn^v8nwRK{-aH;SD*C(2nRmU6H(znt7xMM{y}U*V{Ei@i>+41ZtiA&^ZEVe
zJHPqOWcO}A_-+6g&ln6b9DTgfbnjBnm&OF}+D|F>^l75B1%D2=0!}oFrP4Qe8{CGs
z!|iwn+<|w(op=}ArTEGu@}}X{Rd^rVhXXL6uyW~VydUnz2jBr^?3E7UL+}tj3=iWY
z@QA`Hq+jq+cvP`P=@?z>xMHu6PT(fkgqvYAZh<ZMBs{5bNovJyunh-c5Vym2g<+`!
zpMt0GY3MnvfJ*5MJ`2y{PS}ah!E^XLJdZ;#r1+|&3%Cn*DR#AV5qHCG#TKPYbn(lI
z{l0Vs_rM<93wxEZEH&aV3{%@jlI%88YP1^q_V{=6k&1B~;E2PXK)z+t0VZ{gVJMi;
zdNf-06ILi`Wm4Y6kR@3xYC>O)Ud)6xvEbJ%xS0jFj)p{SVI>v!0*iJeu&CO~qD?Hy
zqabmOjURnHJlfB8kPtJIhb(nc7t6}T$jrKlx$h1$OQDe&`;bWsnF_BnGdskj!%UhU
z$I5Kj#-Kdf_nczZvBJs5c&5l<wg``ovK=OLoN>R5%zDU)j3r4ZiADD^cfO8!syVEC
z!K0n*jEQ3`Yr#gA2${&P(y8Z2uVd|-M=j3@&tYDsjm*oxmsLC-oo7q)sGIFDq05Z(
z+Q>Qs9`&*{cob$kNP41Gps!1EUF{|YyD9oATC@RF93wX}&19NAF8bG}#%1=nRoBrC
z@q-oPIc@`xQ$<cRNCR*{>7CH2^f%#6rME*n?RAn3C&EPf*02AVgSU7N-K6@#k$3*n
zt-?<~O-5{V>&X{_=cfMe^s}t#WU?bW{x)5>9^Doj>U12p8;r!kJ7hz29NFS9fG%aj
z#~em*i8SXVYCno>5e}k3GUS-08lWlnL?Y&{M&qa*W~>w8{R}>+%(yn%L*waM(`;%q
zC=2KgX>u+G#epPO?|8794A1Q2j|k-AtUWF*Cjv2AGGJqa063nj7j{1uYly0ks)&tf
zkk|q@(2(ZY<H^?9I&vVx9JQGfW5|iw69k=~C;h2OL|ZUP&{MlJL$M78|Kl$&$5kW~
zSG0xb3iRa1f(GygnN;WlIke3NT5_YnLjIf=AI*J8&-}9jvZF8-7|FrHO{u9MY%W9o
z5?{Hul(x&ukys-kxh{V}1h}$m{8iZF_f}PsTZOJ%g<(&nrwn0K>35+@&oT*#brbVE
zUfR3-RW6_3Bl}&?&UP*MM>*3)iss}1Ga++oCWKSUtNchR@gcd^yBzr@KQaEBk9?n~
zijo(q<Z4<sd6+g~?Z3&&_aoym&uqb`qSO_6WKYCzP%^8jE<v?4b(yCZ=zIG2Rg==9
z{InsxTD25h)y(U)O}c2CvSv(=CjN@XenDgJ);Rk$#xHbhbs@{rZq2*ohoTiAgIMP-
zTlL@%3#X60#{oJu5~E+M55>=DozVeK<~2<Z#TJGZEncI)qFK_VS@K{=h=l#+tEI^_
z>hcr8dP|O*+ch;eg=>zRn&;+PG;dicZgp#OlZDo_DY;Ie&8nuP&8ecKEm?@zDcU@T
z(Dur>JgYDzXpXppRux4-N5ma;Yx5I?VA{BRv(Rpcc-ze?O4<{sH_$b=6MzR~`}_=^
z1Eg>MODZ+3z?p#R?LMF~Q1e>gw*@``h62S4V*t<w#CKLkfro)>(8i~_JvILF$#PYV
zpPrLP#NJAJY|Cq8uYYC92o1+7IB<K3#H%CqmDQxU#0d;!Wl3$!rxeg1=c@?ZFL_Tb
zT;+-a#ig47=_s?1HRZNIO!?g?(~BVUcY))rLp-&HW`ckUI|0AYKwhp)b=&FmHZD7J
ZRXX=5U6q}cAUw*jWM`R$<}9-^{2QUfH@*M>

delta 2932
zcmb7GZA=_R7~a|C_&&alkGlhUrvwVUN};8(&_Jby*cNG#kYc8h0^TBp9l*PzMlGeH
z{<NVPYoiuQ1^-wQqf1MR2&LQ=ECm4(3RDG>Hi0yXXqwm%ac*g26KBkNx$Hdi%=<p`
z%-7C-wgB$m0Rcl=tuIG@#qVu9I#zT#Ko9sYH?H`{l}YDN6Kq1wuo<0)=TQr6K^Nc!
zz*z&VuS%byR@jQ#Al{?hUaxTF(pN}^GU|XGO8uyG30;PlQ77y~SKt+etB|guF4(1D
ztMoN`A9gFaQu+q<z#h~Kd(ky`4fVl3g_or3s2}ztCv+kgbSWH?ZlD1;fCk~9Qm>Lq
zzC}0TO*90D&@Ffi4Z~qH0!Ng_YUw*P3P%-OBaNYPIIdu;^gZc(Lcy;|KcGoCiKgI`
zQnyJB=r+7fupLf|g^i%%5-tv~=%(8p7kT$gaU9?t@y!hW4udxaT6R)&)>WT;il;<M
z96lLH_tC@PR~dX-kXj#Ss6JYP!c>mqBWnI~P#ASS%M6x{lyN^fGwWFFz{>#<Dr1}e
zM{Kh@mg?<9uv%|UriMO}zJ4nqbiN~k&M$=0`645ok7vX`7fg?zVd#`Gbe42<oi;|i
zIgB1(#n35Y#GhmEGhu4is)xB&ReH4=olK1dgW7Y}O+6>$;c7h$F+H^F)N1syHT3lL
z>SpYphYWs+q0?rd>+fKkizL-!8f1>?1J!fe#?;V<(|xZ*F?hy#J`|~TpG;8qNl;X%
z+oQ_&;S_T`I~cx`^cFCUH$-m(v$!Tik1L`hz>f<0I69*KC-G<NTb1z~*9dG0R?e!G
z=HQ%CnxIK3=i$6kM#E@Q`bkC<2_wl3d;DDvF7TW<Pj1=kl()Q_zd_*_{<(>HF6BSd
z2kGhfbDs=7yi58%F5b1)z3Ins7r}ZcyoVdT!tv+^Ef~ScX}Z7@*80c&5kF%%dB4%$
zdeS{$xF{~#p2j151Wq?4Y34}tggYhj9WjRBNlM=_xXKj1L0nV<X8s-UxCc+7EQt5;
zAEv`#mz-ywjt6h!P5Wl~IUalMZ^wq51e_eG^Z10bdg0%4ELv~JqpuT=tBAs<b9M<n
z4j#{^M&Vy`o)LTr4%+0#0eIgFb-)+z%+18!xm!Un{vtOF_+eM>S-f;0i`2Iqti|I8
zpGp^OHN>Co0eQ^$*k36Zt+kS9vkRndHk)lFZeDA5l-L}#HAlo_VwJ<TMz}UIk9Hm2
zoA*4vnpX*8aqNqwg{$^_($wIWod`~a?n&fYw`QeqePO!|gy>K7$x0UbpWTwRS#ZXA
z62`e%Ll|eW;KnIF*%rZ>9+Mp>xXkWWSDc10E(>Xux91N7@DK|Hsr+9Y&M1i02&DU7
zxx8Q&XnYAAm-imB1MrL7UFZvdr#$e|8y;X)&V1R(%V&-p<~`k(Z32E!Vj`0gUV6;8
zfn<?CXU~^EEG_nw|13WX@axqf_&}w%+*5JiBTx_0eiu02u*?&*oFaEsn*d+uk7sKV
dq75X|#bu_|8@V;3ranVhGlkZt3Tvru{5LjB3I+fG

diff --git a/Backend/src/auth/models/__pycache__/admin_session.cpython-312.pyc b/Backend/src/auth/models/__pycache__/admin_session.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..9262f14fcc586934ff0e6888a1849f7aba237778
GIT binary patch
literal 3761
zcmcIn&2JmW6<?Aoa``DyA|+Cv^atuNmc-UkW212#OOfnYj@<;7V|!a*v*C>Bwf94w
zT{@OgpepJ=z(Ed`;fsP^C|E#r<WWZhy%5kAjTZ2s=t(yRc2U5W_Ptqt$+gk;&^7!t
z^XAQaZ)V>7e#1W{lQ99l-`qN-eU=i0zhS5K^)wqV9zf#{0uf|^1V~U17(qE`gyfJR
z%A(OD_ZVS0Y((UUA<2>vm7_*Xjs?&*q{oefoZxLyPZ~)%3GE&d)>B5W+#3*r!g+y2
z9tcFDy-z}ZJh_i+qo9p-Y16CmV&eYqW3$B2%z{mATeHl9!_@L^&8!p*i%`9=Y%v%r
zSDEIlg38n!i^1r0><V2`nd;EOGP8_=S}t2v(@{;Q<;X5LR>4p;P=fcePE~Zo=U^CX
zxlp#uGG(Sc9oxq|i%~E9v87iH(~Dd%9a^Ex3tw?CnkUUeq$SOuUS!U)z?bR8&RL9V
z74srp^~A+1zr5`ATrdf}=ZQ=7o>L5X2}X6*fmrrUZ3X%g0Ur+d*vD-Fg*d0e%KR<z
zWw_aSkqF}XP(cpB83jo|4w0ZN1_jzf!z6_Nw!|l*Z!JfBJxGc4JPG((0(M)GwoMdm
z;D3xrZHo}MiMDOxZJSufW-I;#a=}lAq#%A0{C0Gy_M9%iUE{s&@x&W_LS;1bO1^PC
z&13e%ig7)ucCG_lpP|`XlYVyH@-^F`rjIZQZ*^)i=X*G?nmpGHAJC2b50OTjKK;FK
zRsR@h$4MWJRsvh;_HIsqwm|yH0LhSSYh7G7NQOwJb$6D7@}bpSG4Cb#HM!#7lKWFj
zcufjw_tmlAdRe>_H&mK;%wF0IdGQsd87f;<ZbJe0XuNcjYSpncv&^VLP3M(VwJEcw
zHF9n<=t*W(*VV6d%CfN6`~L({40++IsokkkmWQrCFa@p609Wi|<?ItwguDo$%W743
zI;NXJb_l28Tu;0Tu{Pn>z=g+ag=yK|m`3g?2Xa?1Cq*qg+FiJeyrU5>s@W}FQde!q
z?*L?Y`G5C7@2zNz+Fq>LP*mq~@vtW;im4h@QM{O<0QgjOY$p`uPF2;LBN0U*RvFYu
zMR9O5d_BXXW_TaHphlR4y<;d4aJ^)6+ZD&UO#wKx6<8913~Uz1@tD7)3T(O8Pv~8(
zOqFFo9m?Q{Ko{ZA#sFr@up$;g$M2v(xL`?i5w1FA)B2hfv6HnOx}sDeO4YduPPH-s
z5Aph2>dvxR6z%(3`5Dwv0i;wf1{HvFU}xBI43a=Q5%XloE?%m+d_`pyTTwQJ7oZhh
zeNwt<8MIU}@0I4MecQ2CN}pH`)u#Y75z|X^P_)z}C7YE?m|cm3yj?nQ#M3LQEDi3s
zz#X#Z0n{D{d*aC-GDp`g{WaSAFtV|<o!MD(ql;^EKZb?g?89r1Zq<f&$7kx*r}J*=
z^R@G!&W=2Kf8)sG4{A=GKAmwhpRHZmOAkE?ud~Oo+LD_-v9<{Pb#cRS)05E7Pka~N
zu>Tm}CT{+NhB(MQfAhuq?6)^+88<b(c789O{^lp^1K%F6iEeyqZ5}MrLl3{MiQCnk
zdAIMv+J(K$@cOCR_3xEUWvAL$y6$FftX%@Lu_GHNw-<I6+|k8`n1@gs()Ns-KjnwX
zjjt2PXy`;k%z$x!Ze6Oq^L=Tvw6oCo{HmM&!p~Hy{k$%^=?~Wy!6=bi57#QS8*cn0
zBq9mXR3kN2Tdg18`R%TBZBI%zQpMWo`pB-d@VqB982;U5cDA*x2WST?3cnY?-v0;M
zp<#eE=>YL`Q&S8^k(%Np+NOYm0NNs+@K&r1pDp5vlX!bpsB4@P4=1b6oEF){NjDjF
z#yQ#WOuEUaGv43MG}VsT3#8K50&BTROF%%lf^-Yk<t)ymgP`kp^JytZ^S5UF?eCVa
z%|{X%CH<U22HJao#4<`UGzP@d(T;<5f@BHMNGmU{$&ox623_;nz;z>Jv}3g#k_)S2
z#c{817HMS`F%|&lQ>$|SG>9hIaOlOy*jrv^1=S=4wMsMxpK_XRPkRIY^={2nbgN=7
zu>n{w8v=2T<v`v~9{>TQo&6JNGKOLl#W;!y5c?SrUPuSTJB+#liX$kFqCoKQMmxaY
z4$OfTpJ6^apGLdkH`$q08$chR+E%KqHq-3eicarR-5Ywt9A|ZfddYSu>|QP&V)#5^
z$cbzkMG3`EQM4(8{S3Qp&hTO_I0hy`{$Q6-aHhz#-4kk;nYMz@OZFa)V-2zQQJh3^
z5d~+8MQm}LPq$~cfWE^Z>=c^ehH$KBA41EEG&A9t&(7fBM<~vsm__k%OJGoYwh7bc
ze#jL6YnVm=j(j)VnEYt>(AlRmjcdPh)4%5U#?kxm<6ms|)R)}M9ANjzp^c;4S$E`Q
zL(FlMd^?n<GXDv;`*Y3N3-tvzJ?8^#q?WB`cZi$5$WzEqtUER0=H6?F*|)&*>p;Ah
z8eTtBAFe0d)B=!@56hD^tv<Rdo#UYVZtc_h<kQ5ibd`6H)h6nbyVCjR5wU~OxUrXu
z{k&eFBJSv_UcO0<)vmJPwZWeN{G53K;W_)K#p@;2nK*4R!#`U7U>LM-s*I9p_zkqI
zRi=^kzk**QtQQ?{^5sW+@VH+|r~P-)8Fm%y;IsuB>*jeV5D5Gj3<bo0NJ2mj{6+Zk
o&%&3_gk#Tyv1h`&FT=$^_~Fb;_{|f3c|C9pI?mq(_`?h7Uxl9Oj{pDw

literal 0
HcmV?d00001

diff --git a/Backend/src/auth/models/admin_session.py b/Backend/src/auth/models/admin_session.py
new file mode 100644
index 00000000..7003d7bc
--- /dev/null
+++ b/Backend/src/auth/models/admin_session.py
@@ -0,0 +1,95 @@
+"""
+Admin session tracking model for security monitoring.
+Separate from accountant sessions to maintain clear separation of concerns.
+"""
+from sqlalchemy import Column, Integer, String, DateTime, Boolean, ForeignKey, JSON, Index, Text
+from sqlalchemy.orm import relationship
+from datetime import datetime
+from ...shared.config.database import Base
+
+
+class AdminSession(Base):
+    """Track admin sessions for security monitoring."""
+    __tablename__ = 'admin_sessions'
+    
+    id = Column(Integer, primary_key=True, index=True, autoincrement=True)
+    
+    # User reference
+    user_id = Column(Integer, ForeignKey('users.id'), nullable=False, index=True)
+    
+    # Session details
+    session_token = Column(String(255), unique=True, nullable=False, index=True)
+    ip_address = Column(String(45), nullable=True)  # IPv6 compatible
+    user_agent = Column(Text, nullable=True)
+    device_fingerprint = Column(String(255), nullable=True)
+    
+    # Location (if available)
+    country = Column(String(2), nullable=True)  # ISO country code
+    city = Column(String(100), nullable=True)
+    
+    # Session status
+    is_active = Column(Boolean, default=True, nullable=False, index=True)
+    last_activity = Column(DateTime, default=datetime.utcnow, nullable=False, index=True)
+    
+    # Step-up authentication
+    step_up_authenticated = Column(Boolean, default=False, nullable=False)
+    step_up_expires_at = Column(DateTime, nullable=True)
+    
+    # Session metadata
+    session_metadata = Column(JSON, nullable=True)
+    
+    # Timestamps
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False, index=True)
+    expires_at = Column(DateTime, nullable=False, index=True)
+    
+    # Relationships
+    user = relationship('User', foreign_keys=[user_id])
+    
+    # Indexes
+    __table_args__ = (
+        Index('idx_admin_session_user_active', 'user_id', 'is_active', 'last_activity'),
+        Index('idx_admin_session_expires', 'expires_at', 'is_active'),
+    )
+
+
+class AdminActivityLog(Base):
+    """Log admin activity for security monitoring and audit trails."""
+    __tablename__ = 'admin_activity_logs'
+    
+    id = Column(Integer, primary_key=True, index=True, autoincrement=True)
+    
+    # User reference
+    user_id = Column(Integer, ForeignKey('users.id'), nullable=False, index=True)
+    session_id = Column(Integer, ForeignKey('admin_sessions.id'), nullable=True, index=True)
+    
+    # Activity details
+    activity_type = Column(String(50), nullable=False, index=True)  # 'login', 'user_management', 'system_config', etc.
+    activity_description = Column(Text, nullable=False)
+    
+    # Location and device
+    ip_address = Column(String(45), nullable=True)
+    user_agent = Column(Text, nullable=True)
+    country = Column(String(2), nullable=True)
+    city = Column(String(100), nullable=True)
+    
+    # Risk indicators
+    risk_level = Column(String(20), default='low', nullable=False)  # 'low', 'medium', 'high', 'critical'
+    is_unusual = Column(Boolean, default=False, nullable=False, index=True)
+    
+    # Additional context
+    activity_metadata = Column(JSON, nullable=True)
+    
+    # Timestamp
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False, index=True)
+    
+    # Relationships
+    user = relationship('User', foreign_keys=[user_id])
+    session = relationship('AdminSession', foreign_keys=[session_id])
+    
+    # Indexes
+    __table_args__ = (
+        Index('idx_admin_activity_user_date', 'user_id', 'created_at'),
+        Index('idx_admin_activity_unusual', 'is_unusual', 'risk_level', 'created_at'),
+        Index('idx_admin_activity_type', 'activity_type', 'created_at'),
+    )
+
diff --git a/Backend/src/auth/routes/__pycache__/admin_security_routes.cpython-312.pyc b/Backend/src/auth/routes/__pycache__/admin_security_routes.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..d18fc05e0759475d415de404ed6496c9b67cd12c
GIT binary patch
literal 12466
zcmbVSYit|Wm7d}7&EZ2N^_D2o){C|!*-GMvtk{xe%T6p?j;$t++Ad3TMlxwWl$ntq
zEajwbu$8d|Vj%@=qbaPQKWeYFTX$2S?zTXa6o?HZU2sAzNYC0>2b&-DKl)KLX!~Q&
zo#EwB^e9O?0B6oU_ug~g=X~c}er&f}33xKGt<g8S2;%=x0zZxt@wka1h>HY6OcD&q
z=;CBTH>pcdlT<=KsZSUt4GH6<kwke^+>|g+nq^uaw<N5SR+%=$Z3)|?4QL}{iqi@E
zq+O=XaYw>A>6B?p+?A-AtVy^h-H^62wzwzZo%G5y9j{H)P1ecf?D6_U!(@X@JK~Lr
zrpYFmcE+0%Et4%Ip(9u)+j^Z;dOzudw2pBxHPhsh`?{{gZDZSF!+4<Tm+|0wP>W*S
zD^hlxn$j^|*2vVd0j7@iGWD!^%FHypX}DezG`R+(?^UH@ifP0WkaYOfFin_)zjC{k
zE#VgQOmjsG?W^>^rBcq<Y@wCyD38O)_$pfIT&0z^f1nk09R7+Hx>lK~Kt&4%W(~7u
zX)Rtm7?pu(2VTcg=XKbb=#hC{E9z9HzTR9LnQoYgApF*`R<^ql<TC4l3d$7jKh12Y
z=>NJiUBRC8qV;fUR$zJmREqP5nM5?{=h?_C7ZuJ7_<4by>6xAJhi8T38-UOA(Nxl(
z2q(kSY=TV+8~ovj5IqTH{qfW^-)lX>&V;$J!1|}SR01+1soA6uP6}n2eokpkNP(Cr
z<UxCpI2-1mgj^Lhkec#GQppI*B|+o^G)X~&WEnp6g4|V3GVNw(*d)VC_I(o*hxVL~
zurmVGlMFA-vfLTTbeMf@mgR*YDVdHaeFoAzE*A>N5zRm!g=m6(fEEE5#%WdvF~@+i
zA_@jG&2mAV<U}J+anUpz;!<&zms}_triX*khh}+}dw`B5)YE?h67a2)=P-ol5D4yM
zG{QoTi=T}|pgSRs<!4e!9`S66sc=ORbCeIs_0!Hi`P+x(q#bg)2dANL#u<*Cik_DA
zLU@{o3Z=#BJIQj<DVPOLnFWbP8KK#k5DYpj(UqN-bj-1c9!+rRvBCHI@O%7)ks$UH
zB<N0|q>Vt+>M|7G$-G@C?O)hwpjns7Ip;_V!RQ%79Q5p*o+L74%!0+MU&e@c{G4Hx
z5~gwq<0>W0<r1chiQk$bVzNb0TS1g&>lR$|G|4wZABh;fvev3Kt+?hKw0VK#JsB$I
ze7bH%kIThsv~pu^4X!TceVTis8)jY~t9v?!v6b=~p3W1RF)!AFDfNrB{fXTKf%Q<V
zP0hy?wCl&T`i-qsX-r{><xzLw9QBLK%$YN0&Ym&HI@LT(&6$!hA&674b(m7W87iYW
zPq2m?)KZw@>a_W>UR*-`CP{|=JN8i7(k(fzm(I|fC1cSZRmQ;eTL@tjZY|c2DfPSR
z$P9Rm=Byd(ij(JLT$Lv;IhiqX`x!Sw$6My;3?199O2<^j7<(Sm>Q_Y%FuOZcKBm6B
zPFX87RcHk#<E`vlMNSP<yCO$j?;+ft`h{6BX|MQFU3p&Y8T*QPsbT6XThQJEfA8Ly
zbNnN_W6oKzpLeO_!qjT3&NMKM8Ary+G%?Mvdvr_->`zmaTxz{;R_cP@qGEfn9QBLO
z8A%9bB**v|Ta;wlmi&0Fju2}J;aOa(o#2}1Y?W&yY{7XM8$Q*QbIQ<jwzIZV<SF7b
z^(t|S1ZgFNN)RATM-t}<VIP(OoP%>V=<j~aQNI=a9mCw%IHuGu6VU3@kBOh?7~9es
zJT4fuYMIt*)%dbe{2O(O47R6Vd|5W4D*zB!{AeVMfQE{dcz^eS(P6)kI>7>L;rugU
zo<Ei17(d7MKzZ&=us8ZP7|^tTG{qf@G7Os>@DIx<3&0V80Vw#|Y?Nb}YdXos3t?fF
z4@FW8D;XIUz)_rY!T7I{5-nFMp&7}7V1wMKWX4TO_7Xl*GSbeYJ*DD36R3NVM@A5U
zHe?j1l$to0wj$utGdvC54eB{$HY5`QHlZjZS)((6M;HJsykwP`0Q_JY7SNDtUPzt{
z$D@qDJOj}Sz~|5|NE>E_sh+KA7cPT)neN^b6^^r<zdV8!(-u`HBuL4f;o3nQhb%=p
zI0_TOGBDc!4-+$S7I0=ILRA+?s>7HE;Ww3^?o{SpyH;5$BT@0xDan{%0sKJ%`WiGV
zy+Iw3>=^Zigfla&<Si!|mXB~z8E10fk`f%)ZbGthQT{|I&YooBk{M)%Wgu3AyNJia
zq<fB3;BB?nYQOv?2st$ykDq}Zqn9O_60kn7FzL2E90!|F0f5ouG{*Ca)B!*2BQtwC
z5{f3LQV*WMS_QkgTGUMg>ZUgV`!3G+uGl7A0A*2tdL`3wHq5XbFPS2#)QKp7VFSQy
zz}v>DXk1`9d66U?Y#R%LvB)uCB`bS+2DUe(1rC8T$v7)Sk}$buI3=*jj-8S0@h~qa
z<-w7FF~KBChN&pW3(Ddns3bWe91EZwZ(qq6iAQ0IB>nLeltZ{lvMK`)!E#B~m&5T{
zR-O-uf&!B9ScE$>1EYu>XCo(OV0GCfI%pgMGm;B0La4MV5)D3p+9@OCC!zx9L4_@<
z$6*GqAbu<yIUyMppFuLfM5MT&i$kD{L+%&XgkI=i$&<;gK@@6L9-ZV+W~w|eTarCh
zP9TRsK4cQfa!5H!rqULWEXo9gqBHU?<B_89S3Q3@)OS3UVEd+%r~7uZ{0Sj7)3+}r
zu<@Q<XbF?keY>FV;7axJT%-@3l|IEkQ@ju8hT;i=^MicE-kCF!qcq8-dE&ke%_3~d
zJ3#CHk@(^b;)#o(y%)w7*DTvQ?mC*UQrTx;UUs~aHNR5SPmqSed*&_oz5cwnUG%mu
zelzFYG;b+*+VY;YqG#>mi#bo<yt&ZOo^R+D8@jKy<r=ol+dp%*+;3TXW&HAZzNJrW
z>C0{$&b93Nv}NY~>07A}Qu)zW#nD%@ld0V3%>02zX2R84Xl=W4^zzZgc&_!CeCvSN
zI#6)6<X!EetNkkdbLTau=-MK4Iz?CKRbcnZsV>pgwbcFdzH5ECb=yVP_Qxi@&+%t7
z;jBM@{6Z#Qze%j$l&{|`)^E<$Z_PQj{jTHJ9lz-+S_pgdLz-~;3jW@_e^B%fF4#Z!
zJ)8H9h`y0RePf}e8+E?0`T1WZ|08+n)RnWB&*t0uKW*#3-Ck(xyz=_x*C8pk_1_rG
zwGBP77~0$yY(<&~Y{>h!iT-UD><^6uU0c){?7PXk&7Jw?O=9z=8*6UFf0g=0>isjh
z=9ey*@6@;5ZR)x)k{vp-+%%E(P82Dk!4KVX)cp_LSnxDn+_A7@vHNFz@Alp3%B>l=
zIhG%MNgRABKX_CeJeqy=JGsH|vgg>{y0tf`?BK!Wy78=Q{Bw8P)sgJhW6SPHmX16z
z5}sh*y-jp)D>!QkO<e`A|Kj+<_!E=fW1TmlDX71z)QBv*nJmo|jl_m$e!k;hcU;(e
z@!-P2ytnI9Z`Vx$mb|v*VrU_huk99VyRWw7YB$eYKR5gG=Jld^Jrb@+E;RKQ0xuNm
z{e}8Kp}wV1=eySUuHmLNTRZZn8jHnRtRpP8w=Cx^KeT=BY%91s7KLohhJttGiGgxi
ziv(q{e(~f0NqBva2og;m8r^S4-Y0)Ex?DGsb&dSBNFn}TpG=Sh-3WyYj)K{K*XDgh
zP=>*R+4`34yzPhfyJp8*^m#g4zxkK^%}wu}ym35RyYqJYJiTllmpAz@M{bhujV?R3
zXU*IHS~Nl3zwrpeoNGETK>lRZHdar36x_IfBXO&7cO4`??js@N<BgUvFZJ=Zx-lp9
ziPHe|CteD2KdE;g*g}009JU<jr~c4yfW#lRP*5RlfslY~z(M`WnmSTOUC<hedww5&
zkN+J`qvF4VH;y8oM1q_HOa`7bQub9(Mu!nz%v6;HNkHEv#95iAjfG{8RHx-lGZf0h
zC{5F6*2Rz#t9oKc=T<!!F_wFctXS29%gj;J#GF1u?Iynch#(-^ppVs86@_HRpcOj+
zu7+<7T%^*g9^h(t+Q9Wy6@(;kHAc!cY4c;q23I|Jbl?-{p%$_!RS$3xbgFvfHZ=HO
zqYVvjU6!W7{~FQ|GOBuHX&U^mlExU`DMw{U;)hT4gs>iqW{ep<_)O(klI-=A;{@Q9
z?3gnO<yb(h?4RTM5Zy8h&)`(19JP|Y4r<AQ_cM4M&*4&xRjbC54VOI!Yc^**YgBzF
z+3TRw>-VyP5>aI_bSs^8+2bfh?)(Ud_sWg|=Z7{Y4hF3pa@i{&CqOg^yaG1UM*vfC
zBakcAV!&B}iCIQ+W44OaB&!0p7=+q}P+c=tI@d@J%?5^=Q>+j<UV$`A-5v0AXf`<H
zLUOI}3N~|F5sh{-H;7&+1|cIxrRzIUau<4`zH+<aB~jscTr!4dP^?!S8}}VlAdCtC
z&P+krIsv^rhL{obV$f>{y^!MI4x`rudVK@E_M;clfI(9=E@OcU!BS-ip?H)BuvkiQ
zuR<P=RAUKXao<9PJt!Ew629?V9CA*h;{QyR08x={Qc#bl_Ttust(V4fU_?C|MbE|p
z-H@mKBJE!s``P%r<0Acx%vmGSYZe)iUia8Qd98mo5;o8I?hAu?Pmk#7$$R=mPk+wy
zY|i@JuOh#QyvG(zgr%lvB^sLM=|X+mBZ9U#=l9Bz+C;joP}h1fwh$}$I`Y1aqHm*0
zG_Sd`^YYF@L)#VlGF=!wkRSc#r=#Cotj`BFi-FDgz>pXiS`O^WhS@@JV?H=421g5r
zUdbPdeR?RiIGyht5<7?ToiB==FD`eEWoLxK(BAye;ZKJSUz%2$%KHXH-@vkOFnjb{
zUz+)_))sL5iLlw7MGAWVq=j(#7h^XzWIJ{)JBPC7p)X{MtTPP$orc%|RsP1K0Mj{g
zZ!P)esBzRrd}KxRM>fk|H}#Qs+g>|$%WeSrmYV{8y0vU#`@V~}LzJ28<JgnnNK00g
z7Xd3<e$e*#KKvg45f=U_+e?A%)oI#Z>N=E1kEZRVv~90!XDLmaMQYVpVSDXLdzEi&
zPry>@A(B>(XfqU}Uouo^F3_i;G8%vpp+i>nU|FCO%XXPDEtRA7vJS>Kv}&xV9O0H@
zMFx<Kyr-(CLU!2($B>4pdKimPj%Q~Kc!p)IZB;cf^iUlstyN>i*zI$MvxX|I?MV9%
z%lpC~_VY7rBsvw1tW@3=syg~3Sn71m5k<%NlPLid`z&ZTG=kA|3(in>8neRP50V^;
z)}?)llP?!}O7jl*CsfUQ5WG+=tt;CKWVN|H=!LW)C+pvr5T$C(BPh92bq0-G0&%Nc
z+7pN;>qsL|ijGuNq(d1Bc4)a2<o_6cya+GZT`W4higt8+FLp0<UmDE0yYuco(cK3c
z?5*+h<CoGR9ei3-f^PK4y3uvM<6pXv4s<=Vs{Y6RW%pQ?9=qQXm^Uq(8xfGlUP88e
zblJH#Yu*b=rQxd)|8u{L+zh-ob>nEZcE@cmLi`6;Mf~W#;v6~BPrkX!y30v?=s@&`
zPWMP3^<iMxGO~{P{W=3Ae&0tyM%t@t8fBh(z~rp}^kt<oTA@_bE4f%D_=mR9lOX|`
z>lM24jSumh4x9iDm|t<U$`^JFnbASmSeMcLm|&=%P)m9&MLxvk>o)nwQXuzBR0|xo
z@}bwd6k`lRS((5^V@WB>N7e`ct~AmWO2w>ILj`33w5)T~SqSOkAhis%Z0Y{Pr6U`U
ze_gyK*_9PyAUq4uDqVX-xy_YBaS+8trh)ON-B@19NObc-4qf%6*H#}})O6{(UGe8u
zoLyNX91PkxIr!C}$PdBpkT0F_apD#5^wsB9fjoNk+)4%oA<BmqZ5DKBOQ@!zvC=4b
zPJkl6h9Cbnyp(fG+rS#TI`gibqHE{-y7$L!jejtnb4|<}Di2%19awxWTN5nQt-reG
z>XvN(?yPrDrE_kEz{V=R_P}qSx%t{}Hs9<9Z~r!fPTrBPIC;AQ<eS5~VH5Fzkp%h!
zlVz8W`oJ}8+0{sW*l2*nhdv52(vChHwCzFvTzG(X8{Eh1rr8H*xgH=C8Pstn;Unqd
z>_JIC0})oq5RalTU>{;zAvQOgoaJZ3@d#3T_(2v$#sLnP*Qam*{M!gTGo*8?9@V$d
zI-GE8SGKxpMet?IM^NR;w!U<H;Fem)`7)+eWYTIaOl5Rc^{MZzUcY>xacxjPil48x
zZ_+yKSlPf`F#KB}4Wr1AX_ytbK{aV%3K+jvZ39zUo;;R}6^Is!$dvE@V<;|L^<>C$
zT@7S`<<D6mu3*bpA+B%@`b}qSnm6dQ)(XMRtiP&JNCJ0_CbwOatKoNp1P%WgxX3P5
zJ;2pkeLAMKrnJ`GI!Mr16Y%0S`7v~8svbO-5XGRti!a|Zf)@{0>gsKI#+HG70*1{D
zy98vEcMKQ>#`un&F}<U!!k6e2%a82i+tr)SSovNPmjD?SVH-|m%J=#jXmL9(#n4(c
zmh9L}f$5><>}Ty&rpJ*EmVJEuuc;Njy<!qn4<B@rYZ#e{;nE+i#!}M<xmoB2*ajKM
z^#INFqE{Dsq4if?WLZ;j8Q@7ZSmA~66_o5M2lbLcND1LMhbET$E-Gr186l+cc=)4{
z9%)F)3dv|vzW?N=pj5hDv1nBx0NjfFhp?wjTF|FJ(zB>Btv~?UC31&39#Ol{3n^nI
zBw$QUP4TQCcaxh&?BnS5<#X^lDiTF6gfCW)2sqR!Q0GlGnVj0^H;|k+(d!(%Br{Bq
z5-@;!!)XNwqf>-zs`@C_wWb_1fb~azG~>A+K+!+IkN+=Fnu=}pu1A=7`+b-DqItob
zZ4BmI>+-HmqH9xuZpqW_B8{&x=q-;aU5$0#@DL1XUBTOUacp5M8`zW&42prl_pM^!
z#hiEl{GNiXHfsy4o`2s}d(pOFd)p4?+g*3529P)_)~ua37M$L<&YnM;_4Vd`+eF{C
zyl;o-+mZ7P<($KL=RVQ7?{;0zc_{CES#-XfedSv@=eP6Du;>iuoRN9`eNQc1=XmNL
z5q1blj1*`ug7k&D#*0%6Q-wf#KF}`)`U~Cb^W8&Y_fWwXxRSh_#Ghv0mF<_e7aE$c
zm@k_#vs9#`JKr%Nb_^5-cmD3+e;&LPK^619&7yDfvTtkl(8R-fx)ovyG>R!e<4=4L
zQz&>_?l<}h4J`$D`#Y{0-nHK#MgOK7tk|~wp~cYbcxW(pTAvVRm#s*cEw(S7xMh4&
z8F|>Q+#lTBnyuY^TR^a6LIajmMjrMVAo8$zbUX3U015O*+b#Qa)GhtCz0Xs(o;Lt}
zTSoyuxLz`aLQE<W3Q49ZxD^e<-6;w&aDXIAjv7K5976AsgMTd!(Bn9pIMWM3Fb?4Z
z$p|;n;1zNR!7CT8b^P%#{J)?V{!uv<o$f_9#>c`CK}5=5YFU{H+Y!$AG(cQbmP24(
zYQUF(y$SgLLYzGX(t1${kwaUYLud#7#;9B!BfZ7dAWj=l=zovub#mz@vBXz!ZELCd
zSs@A+&-j0lq2p|P1}>VF+tx<ZR&QAx`riPSfvk_zxKalEOS4=bMIR({D3lB**icAz
zWhJA0mB|5~gL`ARY>q|*`3{pq20#wpNfi7qRd!Tm)GLP!CH=8fDlVVYYs6zHNyw-9
zFXllQ`D~os!My`Kgn9THut{*IM3N766sd>1Lvob-Z(`3qV$D6G`5w`FkJxaJ*!;i5
z3-<`$J!1Dg;`w{Tv-gNipIJN?_T?<CZy4`b+}Wn}*=I%oEH7L3ykUe(G@bbe&EIRz
z+I=~)4NiJf0FHRBvHy;{@lxm8eGe`FM3RFAySGRo;=a4CXg~y1^wbwkGHC_}`H@`i
zF-7S7MV-vu1+@7GP2X#p-=8BJK5O*9+jgTq7uc3-9Kf;-Z6F#XQt-WRc0NLBB%-mX
z1FE<i{<dD~+=d+40~eJ|fv1I-nm~xlQ>5T4cMrbMJLnS1LE?IgI>Z|&OIw>G+qFC7
zDs>3Ha);oHBy<#YKovVnBg)b(IkNRLSM7!HrQshr?$p#>;4Xz1N0w{4@Ax|wnV;J3
z1UeUmpElpo8nyjdXvAtSQt-WRa}*8mg$~y=Uh*v1izbvZqm*~SQM90x6-~7bQ8XGB
Qs*gJ5d#D47Lotv42h@_%S^xk5

literal 0
HcmV?d00001

diff --git a/Backend/src/auth/routes/__pycache__/auth_routes.cpython-312.pyc b/Backend/src/auth/routes/__pycache__/auth_routes.cpython-312.pyc
index 4f2206e4efed9db0c08f1edf63422acb36430899..6cf040d8077cfb7542de0da0a94f467d9188608b 100644
GIT binary patch
delta 7851
zcmbU`33O9ecK_>ZvE)St%XpJ4d68{-18j^p0+z7>12)*0%>?9c{cl@FmYgTq0V9vY
zG+R5)#PFJh3_Z!5o-{DfWHM?qou=nBNqeU08InLwGLWBzeUf(C9%q?3r%9XBd*7F2
z0ZFFqKXCn)`|kGcyZ64QuU^qyIHk$>ReHLKgYT`eCST2;AIr$)=U*&;j<1jkWrJjw
zHx6s1qWiT2o1|iSqf`R_aZE3j!dREQZtO8Crf2D#vUcoox^jOOUq<iK*zDzUfm9*u
zC6}B&oFY};uRDV*;2YQ)U&B|?^MF|`Taz$rk}$jDn7UfI=<IS@Dpc8#<_eHOrMof-
zyC;ENCl>?ugF<sj9J^kwVk=D2s-zX$V8xG7dcJ|4H#pNZQXEe!t)_1aCF(ex)$8qz
za(QAlMQTc-vLnH_nen|(Q;=84xM`)9B)t9vUTX}`R<K64Gfcg7R}$vV1m@ZpW?sR%
zn9f?MEeUg19Mj-N%rhF=qjlCVYSEsAyIV3!OZ|Js>j&z2PBKXA{d>m;1_pQzXsA}`
zKr7git<agYeqWpyzX9=>RW{0{NmkjEgnf4$o9@+D7sMsfOPiB$_QyFJw#a31=@YnG
zX=@VhfjB+B`wl64lJGonJoC0Qyy|fpPBu#0VO5pAS58Tiw=Zek;9<RMM>IbrpryaF
zKBHH(qrp&^K4mMcQw*cBD9I$G2qSWsGy~BPQg)CQfJzz+dWOW1?3pBf(g{P=^f$Jz
z`E~SWVUd0V^vOn=W_RkgKyx`=Z4aj_siCkKo(y@sK}n`B*sWScBMn7=Wq($?`b*Q!
zkW6aaBXS_Dn23DOq#O!+e3DB?wjn!hKpdA9ojfl3{7TA%7z*7RBock9w2kkg@0V^~
zrI;pxfJbBmwAfZOKIwF9xq(gkB*o;L@Q9K`<WPu=&`r+%W&J4X4&-47O?tgBaoR|>
z(dV57nFn#ok6;8rAAQfc(ySQ90SEXfT1gCx)Kcc0MG?t82nd3tCD;ui&;wA?WkQ0)
z6DOc!-P0O2NhSdU+FKFP;0*@CU<#L2(R=+qXpuG;C+iV(FbuH27!DKC#Buag*^*3D
zfiPuuVrv)u=Q1n5hyJFlq(aH?5?Kt(o)Adx3kDP+6efzX^N?4b2xDLG4~~q;gxbpU
z(-hM#(LX77qNH?9c|~0}lIuahcEYI2<MB<ztO7HN9t=9^50gEJCeitFi*X#sd6`Vp
z7s{=fM{xoHh|7f@)zF&V8=^%OCP7nap^qNANdMO1j&@e}>IF?`fL^Ws)1G+^$uM$K
zie&UJ9nYFE!QoAjD*P4Wu9>B*?ebg3vu9GrD`&D;ztUedUOi*sISm&{jTj@s84d7)
zZ=NSBqMrIzUY8va#`aP7ihQJ2HM1;Y8M~Xhi?UOz1H4o-lM~U5d01Gljbx7vQa;n7
zWhlqYS%#d*GHLnQ6|}kG2<=;*ogerG@X1Q%Lw;)HB1^{_Y471|dY~bP{$Q0^mz&IT
z<#({Gi{#$MGCRidj6v0dN9xTn>Lps}w8lEwB~rFjAJIm1Qcfh}Z0?zq_zJLD+%9zf
za83r%NUK5D#+kft)7{(@F-XmMKtM{3D-V+7q4G(R#4KfQ0qmArv7L8d!#;8|`4Jt_
zO05x{kDtj8%hX<KrSGlIw&j!5FrF{=Me^g}3#8=EuA!-o>x8w^I@;a%KJUZ5F|<g_
z<8m#@IoozdtF8p=XvS2GrbP?^Fz6FaLEcRb&FlGgy0SKh&L1#Qe{)97`jeWOf=CK6
zfu;pg#~L6cbwX<cwju>PxJGW?Ft-_?elAF#Yu+O0=Zw_dYNszX7t_@(`Ot5oFScem
zb#u!AOFQ>6Kw<7*OSmwSU|%Um>SxU01zvPK`fSU7!>#=y+p389N8F!j;+pf^UbL6_
zd**q~+_^YETf=u?eFa!<;jZuqeW109e*|T+Y37!KH2fR^X~vSI`T2|)@UFIIZL~(L
zGd5{s#5%==w9+R0OR}VmGqx}WA@+@7EW7QSDGanrT`}y<Gd6n98hcJ*pi0^jqqH?P
z*R9T#6b3SrC<bmL2i=)M`eI{IYLAqTJ{-|YPAVQ)mg3{3!ie?kHu~Rd%5{a3Jz}G-
zyOs}Z?;*Xgi1Y#2;L@|Ov>5r6R3eYd<3o@PAY&NEheb~~cu)>N@I5pkd&9EiAwj=P
zMq#y*hMC3(!OH`9#7EEGwKWT4C<Zh!6bz6cGMb>NYwI#ukWWepw0muSYSJJjYs)hf
z!5_TWm7>aYkPa+!Whb%$<TYRDpvNyy$$t6|YxnRwsC8X|jm7N8kZG#u4Nr=GRlY;W
z`3UV_S34WQ<_uyig+T2Kps=2p<dUj6%H<N&MDjSIvjJXNCQ9S5AS8Pyi7$K@8f41n
zm0cS01Y)@m>;~X#gTPD%u)7a{k{(MHXuDZCK)P_|03zNu0n=G=vMisd2A*E#MqUmk
zq9c||hbR5hg)EmiSPt?9MjULdBgUY`F<q|CkBR}wkMp=aH6hq5->}aMconMbEe^7m
z3DC=P<ZhH_KZ0QdEI*G?M_Xf~2m3ODAp~9kO1f&cm`tENvpI#Sc=Da1KWrQ0C+UB-
z6=qE@=?YAVexKy%-r#mH=b={j7Y&C2-_=BBk!%}+L^dY(VHZ;y$wF`vftrhHXM4Fr
z(Lp^!4#P<VVf4d3e;6{q4?DVHAAy4Ff%fgyxFL$!$6V1P2Zn>hD@&vlN&N|ehjCu(
z!-)qdzuwxYq=8x<@EP9}Y%O^Rk^UHwbl`(f|L7pgLzX^;<Es&{5+RND<k)6Q#mVq!
zZOj`&wejt|)l0~;xQhA6_p!AH0MsMF@o`_6{1J}akKiwGI0bgiKO}k&5(|z!h-2xJ
z?3bbJ@CJhieKPq0j%9D^@89m3UA1DRXJ?OlXaA;ceO&{c9b^tBU3OB3i;p2lR2<|H
z?6Muk6Hk7K;4cy25hmpbnC()*b_u&Zg~LBaFb_a6vI3ADd^~EiNvbiemWp0)a54}U
z1K~uKWR9PKaq$oqmgG^SlpePgbA2Kq3s&o-Ll~I|2B0Fwx{ypG@{*7k@P&QT5OiWi
zAFJ;|yq&&qynsH_q04os1-0rk=s2i-=$MJV+_6bBsEg`4{lc;-en}typ~e59<-lc2
z|A&_LPxV|b+(kAW*J!I~R#%ldle5{M?mE$Ra?66ATi!x@yB^x#cd2UCrK*NYRVx7g
zeu>dm_-P@RU;IqzDa|{1RSTM`yk7oNb^FEY-V4>emr9(MDym;FoHoQ()i*Aray5PY
z=bXN#@X79lJ2}`)&6mpRFP6D4l)34lu9Dt1{-SI51=sFdXe}7H$~{0uTUq$z=7luQ
zR)5jD?t*n)5>jo$rH1ZgVHcKgwl@9?F8Xm-zeaP!NblO}H>@$)3cviqPk*|#Vc!9s
zbGSa^G^l~K@aZilww&z#z*_ut&xxM%HCtYHzg~a7YTHHY_P4Fuzgo~C+E-tI$%;PX
z(2^fm@}KBA)^pyu_4VG@*Pk!he$mqVwx##01p#KGY2C&A?7MK+`Mx`6G>d;V-))gI
zxz}oWPm}hw<?aUP{G-!dK3K#3GL84NYJZttiR~tLsb?+sy0xPc5Z=)9qE-8b!HMl^
z9>}~=(+KT1OL@_*ebbqS?UgwGW}Vv%o%0&^YHta5p@|oZwHKOaUC?>Eq`gjba_?rF
zp!2Syefdx+cggHt0q6?XAT8yThIRouA2ji@N&7*wy97EPS&`~Twzbf{T)@le+RN4g
zY&YWgWk7{?D-RN1UTYkz6s{O@2c5zdyB<caICVHuDGbg+r^YDe30GF<iWcE&h8~t(
zwdi2vYMvI`b|iGQm<Q3WI*mg`!qwV}A**n0nI1;2S#>aStw_LjsnP2YuGLg{3xw<0
zID5T72P4-VID5UsD4B)p)wz;MxS>TZH%vOoyid4cM%8XCHOdCzMnRFR5pJx(>6;oI
zjNCM!5I56Nh?|+l(M;iHUVF}Hs_^j&exzRi@k$G{Khg0p@rhmsihq)-!*-@HnnmB=
zR>}|mZ2MdMK>WU?m*6(#^OH<G&6p1tQz1(_i}|L1F%_!C0SiKBVTmh^=x`<8^vG+}
z-e>PgM9rjV*@4p-3R#SF8P$--q8&?RtfF8s4g(X5IckuZr*nN}`nO>4Yd-oneRe)m
zNrQMz;Bx4}=;qbYSJN!ff8Vh}Gn=T7zELB_hh_AiAPdZ;><Sp143iT$!ctcdTafIz
z=_Ol(BQTeg(@6xzU76pO3ulv);oC^(HcPyUV~eQ`Qz2vOGTm;D^Ekz9a$6cmSSMrx
z6i4F2=ZQ3qFs=x!(em9-Yf_mu>R!<cdo88sU<!<n=~_v}w~PrAgv2bfv>e+XY8)u8
zXNgHm7Uf_>=3!k(3jq1D7ZLI<^cZkQ4-9y94T(KSl!M622o;gvgRdD(VI^&1G#HRQ
zfk~`b$xixvPh%Hyh`nd92M^|Gr%kFE?m;#L0hV}J?S_JrP%6M<$sG?5bZYSKC1F6D
zHU@%W$1r3#iJYU?2RF@rXBDGphk`*rVGjw+7nqqcCMO`X$+ueSJ(NU2Nz5^4+#Y+J
zAs^t>;wC429#2RP$1*;78F7A%fSsL(=&NE?{zdFB8a!#^seZ_rnb-i9W64(9I#gh~
ziE9vSi4G1m2<m=M;$Vb6BU@`w4JeT7aD=%N9<h)BAhChJ#W@7?(SMPz2|0@!D5y(V
zy}6TK^EG#~ErQ!a2s~$84vz*UwHjq^b{Pq&ys`BT0_JblZ$2<|bgWPxBR)4)H2WX0
z0G{8((5T-xr07GVVqL>(MK1^N;Y=}(%7-N12)vJxpCRQag1<trXlry0)rna&LLX+~
zX3^BHbk!FBhEunmucho}rPf&}3i+I)tp|(s=<}+z&7Wcu!DAY*;`iv4qZ^~|9DI)F
z_eUe+&+{FOAZpa32FXQZpdF@j)QW!!PTTNdEcuz6w>bJw^Gb?*$m_u>myQHG_A#ef
z46BQZuxj^V6ypejj{&%}>K-Jvmz93Eoznk8Yy>Yy^%GG|0YgS}-6<)3hg9)j9uM8!
z!Q#{ZQItjhWx;%&J`*a}aZpwK6FnFDoZlUNCH!|he~!*f+46!Yy#{t#hD%adG2BDg
z8!0(Uqf?Fi9R2N7e(!yNqgLRV@Wv?<Jc)5Uc1D>+&<<*1(I=fC0oW=j;>3g+c(l+Z
z^K{p}g?b}2f31m5-}{SXf7hxW!MsSIn~zkgXYL~;j<S-=^!_8&vtewq4YjBnDhI?N
zc7=nBQ;Wlu{mt%<tC|p008mV9k*r?8aTJ9mX$ThmnJIYt28<#0g9s9;$MXlg?|n-I
zL3E}<2BNSqerNvRh#6-Q+&~BK00-}iUW<Gr>`nv)@->iBmauyT-p3_h2$Y8#8w*cK
zrUJC-JiJN9F_QAA|1is>5R-F`+OoefCeyB?1+&Zn|A0AAv)im;P|x_HD<*|fL}%(7
zpan4yKQ)oT^D0LW@DLtD@VLrFuOEG0qeq27(kJe3Jn+9b5a@|;A``q5um9|J#5ikX
zoK?2)a?23}h0*E<oH2Gmy8EH3RJK>Dx6wx)+PLfg!JaJc_pNMmkS&6WXywDx2KYJQ
z*+;kWLHfH#Yi*1VyEQWh+y(L~dT|P`cjOdpo42mU%?2%*N3l@LBHa{>PUos;VsgSC
z6eafV!4|?Z#yNU?zLd|WKc9E%3y{5)UYoDvoizQJvk84!$%B|rWT|#C?DL0eW0yz~
z-|9&bEKpLgRAE1f=tGmk!@fiCb~SdaV)pNGv4P0LkeNo=uQFr{3=x*46FR6*0!%L!
zT3<mFCOvMN8a{GW*U3fk5_?GUk-3@OhnX^-5ZrCa_iz;|q5(~^j<4s7=<eeyO5pc4
ztam_C&x9BrRrq1D0WmisC`ZEc^e4v~be+(wi{3c?wZMz?`s4SeHsV|Z0(Vq?qKxPN
zn$A7x;$NaKJvq!jOl>DN462^qiIh-5MLPk%TPd0BaiI?07S{K5y8Gc-;V5F9MDP{@
zEC|`}C#+CYgbAp4v1njvpCvSw8wf|=Jdt0zShQl8RAT}=9L!aj<8;!rr}9%pn1+8`
z=o1}X`PB2Y<wvL5#&rAye<|IvAh6bzEc=3vwcvhk&RH<1?G(<K`I(WmKNmPn&VoiA
M-;)|GKDk%>KSrVpx&QzG

delta 10451
zcmbU{3v^r6k?-m0|FL9SvTVt=<k*faJO1Y5e4NCN6X)Z^CdA3+uPAyiu^d}6PjWs+
zMuhT7N@yG|TcCvny8R?gfKau3T4*WTLunVX7S68CBY~vNIos{&7DK|81-9Lp`}9i)
zr`^>d<GJ_FotZmx@64V1NSsuB_NpT1pG_t`13%ZI`GFTtp2#U=|M*<h_gJN{wEs9c
zVa{jE$RD}djv2x#zFer~D+JRXEnj)J>NHM*-`3T9si5Iq!kRrwe&*fEtzCSTu!gUO
zf7qwyJ<zu{#Z6TsDEq%bPHf9(YsoE2XPJhdB{=yyL7n7WpT)U5HH&Q^cWUgFES1zK
z6lc*lWzqMf=vB=^*_qkobw#ZUInM!IWWDERQQwlLo+r!z>S}I5eu_G^Qa#^7e$AD$
z^T7sH&Q!0GUy#LT1MoRTErnFIu7yHXmZcVDQEp62Y^4%!QI^<IFD1V?i)vGvYDtpH
zS)$>W3NE?^HQ$y+`*&&D_9ShQb6Ik=O1>kDa&wAOvm7Z;E66lgIXknW6<M@fcpaZN
zuyt_u*4Zq>YxvHAZG+plZf6<b@g2I-l{eU9Ro3hsDM@6DdX{UAP?2Sgt}MEpDLQs7
z+AVEeHNP&4%A1m@=@w?D^iI<%`JOD=T`7*_HqFcuMOv<sU!O(gOHr9`J<ZB{SiuN7
zegkMxS;^5o)+=b!v$g!jtl7H{sXd$GFKdFz*odvc#}5XA4dI9|R5v`-uwM`Zdk#rP
zY<q`?yu2^slZ^ghQ51p^?{HWUB?Z6Ruat#SXaM*X_;+=_hGDuGmU)<oB$Z;As3OXp
zR>;(0XM~e6hKW!Pq&F}#Psi{auN+Vgsz#M86J`5N=pWKmtW%Gw(#;Sy)v2aMlUnzv
zCaMX~kCI*6Yzld1t~NDxkPSP5BSTn=H92UzZsHgl&X02a`J`-pzCoFq)^Ec$t0al_
zHdgUqu~oaT8djq0cc5Y#o!lb1xmHEQMSfgdOvc?>^}gi{bDAUDwma?0{)*H(Gk^Q5
z2)n(U^#F8eN3~I{Xo_md<?UAGs3zD?F6OxvQ52?(GX0IDZk65En3<fy`kRT*Y*Xm7
z*K0SV6hC7;opj8oE~-P`dN7YlY}PT6x#U8Xi>_v2RCPM(hf#f0A2wyY!khS<Gm4bI
z?qY*mqiV5>xA6Lb(otj7NZM*aKXrdQ8bX(wl1nUi6_A(R)?Pl{mEsY0T*o~xn|s!X
zna{s&q%OVS<>aaLAX9_3vDI1Anwz4g>ohm>wrmc6-H1y4XwJ>eIBJe$<aeTc*)!FA
z0dJ4yM9q95Uj$}V@QxtMs{`yA=V`61Fzhz2e>J+ekYyrWsa43k9b5ft(R8t5zJ%8W
zAQ|wk$G9`@l(jZ6<xFILYE}g!I!6uJR*Ec2jYTs~&+-?qA2r-zIKUoY4su(V11xY$
zo;`*EZVHyUi-~kIj74SxUEQMw(0Dy+oC6x)n&RKTk?L7?Gl}119#`<XGc!_J!@Tsl
z=F4w3Bil1K>i9Hwfb~?2Jf?TUZ-X3$+%yaY{4rl75DL2YghV$DQ{jbfpWiPGMchNa
zaQHw-<lQi|uCv`83GEYt^_0iPun=}f`UE5m4F@B>V8k63AcO@XhX4tOk!3g%5(W3}
z;fQ<pA>;*9vdG2IfZ+D`2{He^u*_7_b%w;<0iG9vrxcPQ9Pvel!(M-g7bG<=M0|k(
z5sm6$rQG(k*bTBUNjJF1=cO7-+LYpwDXEG)Fk;?Zmn5(2#kKTyf2!XIG-6%*UI@J&
zrMQ%wuolK7JqBT~4?6=VAkKc8yE?evHxS@6b_k3?zlfe6Q4L4-)Xg8Uq-av&N2*r@
zz(%4wtr}V~HR=w8-J)>Ya6lAz4<{}KPU0#AYhuXM(+TSpcrd!#9~vAQ5F!E?lqL|j
zZy4BuYJTcEshIlBn@T6wkB-c2$K>-RbJM(ei5mzVkko@hq|Xw97U=BJ%37@<YZ^T<
zJZR!t0Fqt|g!g#|g#E&Rq=gASn!q&SVc0g|u#}rpB&9b$QkU9u*Xx#%?oLkLGdwVG
z2&|z-IZB!DATagqjR~g|Vh46>{Gnh3mOtWJA&Ov7Ih_WAd*%I`TIoXfDOS=72mRha
za8D?34cz6a6+O5L6#^<EZ&h#aE#5hev%Q@?w=P?~eEEuQX~vN6&>-*+*AK$h8wl6a
zO&g<|+?(7`;tJG++bcvQO`qW71u=|zh4ux6u%x<eSP&0M>OFyhh#-n<kW>-iC0!uw
z_4y-#{eq+y4i16ip&b#;IIbR!_=Dg8Eu1&ldb<xvrU73#BGbd6l443;2>T_~o`4vR
z$Qz{!C+7G?!50xyib-n!Kme4NlzkzfgPaQfk}c!~mrD9gzJXzZ8cyPXKvM7ai-(3_
z8E_Q+`-Wf(2thn@;!2!qN%_zlOL|o@4utk*)KUY%U?3tIk=j75+1%LZ?dg(qD-L25
zfj}T>;j9nr_WAcoYM8ti?l&s1OGxxs#AcW$E=I5f0X+q1Td@-X>Oj{j<t&#imtLnK
zC>%&Pv|w3!J|z}Bfs-}?kaV&wyn!LQal;m}z9l~<F2pfw(kR!R9q}tLGz<QP%OTqS
zj``$H=2`(`w2rNPa>jW><%JyQ8TDj!d!oAijoR}$o5r=9rj=`1RqI7<*Cnfa(pr(Q
zRy?_F!rF91H<j<2%r8&mmp{2?BER8?cB-&qvamW)SRFg*nkZaw#B|wQJXKu&M9-r=
zlf?~*;)e0Y_KD(UZx{E!y7!l%pNA$pw<J2ZjBgE0boL)v_ZuKCaXqp5(aqyCTP8~8
zPnIlAlq{XHlucSZ35)0C_Gi7Pya`Jy?Ws*zYEMQImf5s5D`A;+=HRojQ?ZGLwuGfE
zc2%P+&H0m-G24&!joYgy?eh}$d6V`<3Hzc6`{Ie5B|jT}Y4|4xrge<T`Js`qluo(p
zC*7?Hck2n$mC^;1rK=L9tETKlQ^nP&{nWh0F9d%OeB{6rcRYH>q^tRDSMwVcQ?8j$
z#2$@7GvR7J+dAQDyQWjQ^2Q9)#u!sJYtp?S;a)Iix@@pcD^#ZC>;>n{NoP~S*>rZs
z*?|{A&xKw+G~rx7rhUimy5Oif+cDm@;k=`F+}b<MF@^3AwM<UIyT+oa{Gx}KoLKT?
z_4gW{YB*apF=OG2YbRURCtBA}wr)<eZXVyVYogV6K7aRxg7UN6cx(6hf}Zi1rRPeX
z>tx6H{N3mC{NqOdmAtyiyd{aeB~#|yDM!_m)%|eKiJog3WxoE11`S}pAk+KL=keo4
z{!(r8vrE3eWNhWb-6y&ytyOPZt6q$N!)?V6drx>LZPf`|^~vH1+q@(CE86l&ZDT^)
zh^%G4Q!&T<sj}5mcK4LMY|36dRZx1W=qc5U`f*#w$GJM4e!76s8IJ3Y>W&$%n4K32
zOD79!5`{HWuIlmGoo^_|o7YV<%r<t7;zNe9bt$f?IE#Lo;dJ^>uB~7hYw1S}iw4CN
zzufUE`;*S|1s&s-j?bn!?EmaqY%R+ei-1a%Go>|MFjzlgI92PER)5@Z)NssnL7Q{j
zc+@y<pZCM?i%s$UXZyx&OW&wCVmz<yf&G7y`(ek6Y`pV)&Z2ScqR*x^F!%Ft4;-1h
zs=FQR=}yDi7UuPq#<dpamsQKFq4B1fg@HFMy0vq-H;W3^RyA;MHmI;Mhr{8Pyly-9
zmabjboyVQaQ$gdLor4*q#`vU43;|~{ZY<S{KET9X*!<k+QXK{42yvVK%-%~}Ic4gv
z;^_UPGpAB@9MJp8P)<Ze^9A`Zr#PN#{*JOnTn!_Ty&&ld5LyGgM@0jUqzw871&B$5
zc*Ve&L;jH8#y&vmtZT~Ul&8cCfhfSxDR~Z!>Y|(z$!Tlv;=hM6@gW2ldQRzN&T5QW
z5CKgP>qEn$U+_i_4GGzkaRwo6wkEx}1@X-Q$ep%IFAarfu<L0A>GUfSY(9g4rZ5u?
zrCvEp3gRdXK&HeYnc-HzJjG%VJJ6a*LlSF2nT6_0HK&pG>*T5X^YvjN5`k<Q79SzI
z3(BqHAWjkyj39^tAWs)KRN`%jO%zmjjbZ-@1XSs}5W|}SRaH{M+J^@s;v?AeZ2(eE
z80;MmK-Pkw4Y~3ZjvPi1Cu{7*`sWcv@KAinzKK&*=aI5iJ;X71<Uvb&{E~CMTE&JR
ziE`x5n3W98(38iCBg!#WTubswY7m)AmXtKaSCkuBRbJ}qJrCX}w0!k|XRu~8A8^m8
zHJaa#&br|THAfB99JQmisG@%hUeQ&vqIvyWDQ3VqSh{L#Q7d0}rk-4>xE<b|c2!yp
zS?tOB8hbr3Y6M12qXmDfAaiq6!_O`Ph4{1}n=M*^f=+8>J)!(bs%4%7)N`(<uKWTu
zl>W@99ZD%BKR2ohu%q^f7wXie61!-K;Gv?ws6AC^g2v35d8DR#scJsI03LwGTr<d6
z^$V;Y4WOCB*QHF5Ydf<rRSZ+DWQyhtg+4<;c9iw8i^$BH4zBev1^IJX8F`?_Shx5w
z#b_ba>3UdjA-|**l;M{G)`nQLa0AoAjH!<u0jN6mG#Q)KME+Fc;8e#}k~?R$lZ~~G
zMXF=_VS(m5%$br5sFlZh0dmLwo5Fceq#;B4gNkhSs2R4!4y?$?FKTy?CuYq+UYz3C
z%fQz~{%6(<Q%ja{%;a#MGX^ro6vw)6B8@#Z0dm-5vq27@CFcbwb2BD3r%XIr6fGKc
z@a@r}{Y+TNFT=lLKHom-h~TlIzy3WbEcG{!VMd+7Wqe1HeEFz@<kY+D&R{LSBFU;V
zIkr+BD|ZGhSuFcftTKN`on*Yaj9bN<$a`gFs?uoDnbl-*eu+6<S4W+^E9xMx*EjU8
z>82r+9_vnzT0ZUR@F5vQVNe*{4cFH}f!^OF6I^oze?;KDSnY}51G$nhS@eYQJ}L^N
zr(tbA^1wLZ3x|R<eu}5bGY!oa8cy*3oQky54Gu$AC$TkF)rgpV(zOZ_V}&hl$V@}5
z7XUfZxS4&3TyAuhP_18sKFI(fde}E0Yxo?Jj*_CLdi4(x-AdLq6?Rc#R3llLi2sCR
zRIi5t3$(#=g7^*W`z8Wf#XW%7KL8jh%M_~(KJr16%`H9({ee5zvyAu{l0A;#y9j91
zJV^$dTUwsL_ID6`3&B4EfSMq*HxTqDizSajq?-L4hEgGaGkLeUpWQ+_XP2tPbud5<
z%)U1F2Y`6yejx`yulOSb_#7hUBlr~p%5^1qa!yr|=*Nz71h}zj3KRzbBmX|<me?-<
zk<4)U#tK(}G7B;sFIFJoPY^_LT#5A;%_5Q=%6Qlh-r?YI7;R4P^ibW12auYkmmlL4
z71W|wB|w1!clUERI1d5MS4PBWev9oy^dN#45YP<sB4RHgpnkX=F)IR0VUh_dI?w@L
z6|h#LDNM2@i@+xD#_slwy{md|UA=Y1a`9!Lhs4>8bAN{53mFdX6LL0w1&1dP;1(CF
z5K!9~z&2^S{1Ur=jR13<q@#}v^kBS3F3z)Wp!!SZ)SJbi?;t)wh(E;{-$sCWl3pc-
zLcy>=-;KpM_T`3s!9XN10tYR159omYa4{4-t^!){$eu;_{wIzM>B!NRRf^k`@rjlJ
zE@vg1+rwV84qUXZxooc>8y7vOP}h<FSX7&z$3We&`q9;ob$zU6O1jvo`UOO@xP-K|
z_M10P)y|o!ojX<A2=L?F__r4KDik}k<ddZXntA$?(oe66WMA7{rJ5-$Bh76U@z2}J
z*x2`3xGc8Y`8@XLj&`fh%)D05Zl9-ot)YD`G=5RpUbUl^dELlvU!Z*5RD<~Z_KNMT
z%p1kaYk=S_HM`THd`nY__$(IKyj9l%__+#pXNmG$r4jKa>_6AsZidFVqP^NXgGtn|
zJKf4eZOj9Ww{6Sj?<{Bj)zsby6#uql?yg*Ba`rL~8t=?weLCekE$!vdc-Mi9-gPbk
z{6Z1yGb%4QoQTiG{tG|~_yQJ`ywIxKQO#Xc749hKE|#dF=VG}Ed#X9aYjr#A+{HPC
zJM&`Pdqy=(doND~UGLeIh?gLv_uMR~_FlQp>*C&<Rqb_f?_1T-^S(m`J@30X#AoPs
z<#6xU7Vgq<mpJ5eNvDFIOF5|frCgm)&0TVo`B?7KA{@QUs-Wkx8l_w|qLjwVW*u+l
zE*CDd^Lp;L4XnRe{o6(>;8&C^3|vvEU};zMD#XnkpGQ9Ks9?VvcP#%GHYP5E%|l<|
zM2vh{K@US(CYtq%>G&tdb9ye`1{#ks^ZX)S!buo+B&#UwfqP;fgamv<k{|58aH{DW
z!7iMHcTakvJv#Y>(!)t(D9sP_MACSWIX;KU+0L2j-^0vWMf^gii;e46bt+<Tij&6}
zUl(s&7iCEoGmfJeujwmBXgDIijy*J3;x$q{4PYd9ZD=oyWj$z#m`UKN<Hj2}PJ!qf
z$PT}Mz|I?D+56a+iK$qGP@x|EjVq_-q07Ji3N8o6pOR;W3iVV1g4OXYT~8=FsOD+!
ze3}C<yP`W7iok>LaFD0|1`|^s8Q{6gJ0ynST}zM?f$RmcsC&k28ZDJsuQ-$^2D-2k
z06sj+ap(ioA3-oa*6ml#O`AVEg-beo3G`xJM%OAChx$T6!5bXL`-QlYRQI;5MhVHM
zTDf$?wVcw+*OD_R=4k|&r}1u*EWiT%7iuYTvUhvIvp_bYyME;(ZKQo~A!*)N8~YOP
z$<C9MyF($lbd>i4wO7vY5WHXt*PHArs&oxiGAF<I-I9D}7yk=~GLBAfaZGl0hUO#j
zBGSMEK=KiDgj|Jt>xbCBsq@MFO_i3kCup(|JILTBr~WTE2f@MkgPZ1Zy>uUJ!A`ne
zIoaiA$lQBF;PsS_xZB|tM3W-jX?W1W9DuZgRS@4r1h2%MTYtmZGY(F^azBnzRub#Z
z1?#8_;YJ8GCuFWjUx=44LsXmpM!K|0;vcbz@#iMhEDrsMd}C*+I?4Q}JIfSWmR#Nm
z?|s8CD(U)!gM45w6#nv+hQ}!b2r?F@H#%x|uz1qocx%WQ++&iLuEsUq?4+SNL@kb*
z07%9@AKC9MRv*T0+3*G&MDSYt74KD+eLVi0?-|xfnW6ICa=^^2dl?z=muST8Fg7xa
z?#EaBHQT6~Dr9?uuIVD3J_U#@NP-U=)GTR-(F@28=MrjSh{XVY7hlH56|zETk((%F
z*;~tQC#`$8FQ?Jy|ENo5r&4PjCKvWrsq7&68qxM$Wgm`z-uE)gE+a4XmlWYf@F*lT
zd|VRovHdoYeh?DhCLi>-#4zZ{Z`@}1RwIb=LpV~(_gYK<k|jNqnoL7BwG&!LP9y59
z1LS~SN$VRLk^>NY-<GdzVKg=DbNJC%mMdukaPOjpj2nnJF8=(!m$G*}d{IIb>Be%9
zdqXwyVf+L;<vmVb4b6&S?4etG#JYlh(-4Bb-2?bZV_j$aLbu2EWyvF%JLG46I!Tbr
zDrAVu5X%u{wm4n-jsC*BV%7@}3sX|br3|NM9Ckxqp-ZSllEau>3^Nf$kjuprL$%80
z^w}3}&@1KAD=!ucd>{-fgkpgPr)+!F54&O*f@FKxWP8Zu8H42iEe0_pg=8%9SL~27
zLzi5NP&;Vk1OKHaI1H1*8USwjCnq@%8UjIm+`j*Lg&J2cE+Z2MTXy~pCx!~n%BAUV
zq4+`UW@on+*(2zR_Z_NCirYlU?X?E#9eIC|U){cP)Bi)fD0>(es!T3aUS&OsMX)ix
zCpw~m7t_mM>0vjKrn~D)sGNs@Tuz8z2TW4?_TvJ?b0m6qu^l}Rk%{gh8pCMF+f1Il
zyA%%pxw|XaCUW)eN_8_znN3RXsbO2m>U%2L5fZw`1^=(r@p}qbfqeI#YTrTRu1Q`Y
z#iJ<oI0Bk%>6S<Nav@1|Qel&phEy^dTn+<;vb!6wBjfWX(r~ZMuni|AwduLH12iD_
zHde0zQn;?bod~jIq)%e^h+jp*`w=WbK8FDd7eXoKB<lNYD)=9y7;oHt-=8^nQghvZ
zz|f6E@G8%U_r;&Oe<sULkvEQc*muZB$M&#MvgLu!eUfqrKIg#~(SScfKT^rZHN8^F
zlKk}6<n6e1MSCxlug|0WUm^HC0($S;h1drGByI@quYbWNW@?&`Xz&;9<S!36Dl%74
zjBE5r)9p+*8Fjh1oh<&E!*B?O;Xfwap(eY(_RKa$p}o&}*g0;hm|!d6JB_1kysT-W
zsQI0|qDN+uh7WaHShjV_WS!;^xs+EhtwLm4&E(ssH5An{I?G3t?kdM9W=<<;?|ucb
t96#B1yOJGZ>3oV^%6CnxC<YwNz(K}k78FMw_GyLOKcb6&a(s*Oe*yEPu(|*M

diff --git a/Backend/src/auth/routes/admin_security_routes.py b/Backend/src/auth/routes/admin_security_routes.py
new file mode 100644
index 00000000..cbe87618
--- /dev/null
+++ b/Backend/src/auth/routes/admin_security_routes.py
@@ -0,0 +1,259 @@
+"""
+Routes for admin security: step-up auth, session management, activity logs.
+Separate from accountant security routes to maintain clear separation of concerns.
+"""
+from fastapi import APIRouter, Depends, HTTPException, Query, Request
+from sqlalchemy.orm import Session
+from typing import Optional
+from datetime import datetime
+from ...shared.config.database import get_db
+from ...shared.config.logging_config import get_logger
+from ...security.middleware.auth import authorize_roles, get_current_user
+from ..models.user import User
+from ..services.admin_security_service import admin_security_service
+from ...shared.utils.response_helpers import success_response
+from ...auth.services.mfa_service import mfa_service
+from ...shared.utils.role_helpers import is_admin
+
+logger = get_logger(__name__)
+router = APIRouter(prefix='/admin/security', tags=['admin-security'])
+
+
+@router.post('/step-up/verify')
+async def verify_step_up(
+    request: Request,
+    step_up_data: dict,
+    current_user: User = Depends(get_current_user),
+    db: Session = Depends(get_db)
+):
+    """Verify step-up authentication for admins (MFA token or password re-entry)."""
+    if not is_admin(current_user, db):
+        raise HTTPException(status_code=403, detail='Forbidden: Admin access required')
+    
+    try:
+        from ..models.admin_session import AdminSession
+        
+        mfa_token = step_up_data.get('mfa_token')
+        password = step_up_data.get('password')
+        session_token = step_up_data.get('session_token')
+        
+        if not session_token:
+            # Try to get from header or cookie
+            session_token = request.headers.get('X-Session-Token') or request.cookies.get('admin_session_token')
+        
+        # If still no session token, try to find the most recent active session for this user
+        # If none exists, create a fresh session so password-based step-up can proceed
+        if not session_token:
+            active_session = db.query(AdminSession).filter(
+                AdminSession.user_id == current_user.id,
+                AdminSession.is_active == True,
+                AdminSession.expires_at > datetime.utcnow()
+            ).order_by(AdminSession.last_activity.desc()).first()
+            
+            if active_session:
+                session_token = active_session.session_token
+            else:
+                new_session = admin_security_service.create_session(
+                    db=db,
+                    user_id=current_user.id,
+                    ip_address=request.client.host if request.client else None,
+                    user_agent=request.headers.get('User-Agent')
+                )
+                session_token = new_session.session_token
+        
+        # Verify MFA if token provided
+        if mfa_token:
+            try:
+                is_valid = mfa_service.verify_mfa(db, current_user.id, mfa_token)
+                if not is_valid:
+                    raise HTTPException(status_code=401, detail='Invalid MFA token')
+            except ValueError as e:
+                raise HTTPException(status_code=400, detail=str(e))
+        
+        # Or verify password if provided
+        elif password:
+            import bcrypt
+            if not bcrypt.checkpw(password.encode('utf-8'), current_user.password.encode('utf-8')):
+                raise HTTPException(status_code=401, detail='Invalid password')
+        else:
+            raise HTTPException(status_code=400, detail='Either mfa_token or password is required')
+        
+        # Complete step-up authentication
+        success = admin_security_service.complete_step_up(
+            db=db,
+            session_token=session_token,
+            user_id=current_user.id
+        )
+        
+        if not success:
+            raise HTTPException(status_code=400, detail='Failed to complete step-up authentication')
+        
+        # Log step-up activity
+        client_ip = request.client.host if request.client else None
+        user_agent = request.headers.get('User-Agent')
+        
+        admin_security_service.log_activity(
+            db=db,
+            user_id=current_user.id,
+            activity_type='step_up_authentication',
+            activity_description='Admin step-up authentication completed',
+            ip_address=client_ip,
+            user_agent=user_agent,
+            risk_level='low',
+            metadata={'method': 'mfa' if mfa_token else 'password'}
+        )
+        
+        db.commit()
+        
+        return success_response(
+            data={'step_up_completed': True},
+            message='Step-up authentication completed successfully'
+        )
+    except HTTPException:
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f'Error verifying admin step-up: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.get('/sessions')
+async def get_active_sessions(
+    current_user: User = Depends(authorize_roles('admin')),
+    db: Session = Depends(get_db)
+):
+    """Get active admin sessions for current user."""
+    try:
+        from ..models.admin_session import AdminSession
+        
+        sessions = db.query(AdminSession).filter(
+            AdminSession.user_id == current_user.id,
+            AdminSession.is_active == True
+        ).order_by(AdminSession.last_activity.desc()).all()
+        
+        session_list = []
+        for session in sessions:
+            session_list.append({
+                'id': session.id,
+                'ip_address': session.ip_address,
+                'user_agent': session.user_agent,
+                'country': session.country,
+                'city': session.city,
+                'last_activity': session.last_activity.isoformat() if session.last_activity else None,
+                'step_up_authenticated': session.step_up_authenticated,
+                'step_up_expires_at': session.step_up_expires_at.isoformat() if session.step_up_expires_at else None,
+                'created_at': session.created_at.isoformat() if session.created_at else None,
+                'expires_at': session.expires_at.isoformat() if session.expires_at else None
+            })
+        
+        return success_response(data={'sessions': session_list})
+    except Exception as e:
+        logger.error(f'Error fetching admin sessions: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.post('/sessions/{session_id}/revoke')
+async def revoke_session(
+    session_id: int,
+    current_user: User = Depends(authorize_roles('admin')),
+    db: Session = Depends(get_db)
+):
+    """Revoke a specific admin session."""
+    try:
+        from ..models.admin_session import AdminSession
+        
+        session = db.query(AdminSession).filter(
+            AdminSession.id == session_id,
+            AdminSession.user_id == current_user.id
+        ).first()
+        
+        if not session:
+            raise HTTPException(status_code=404, detail='Session not found')
+        
+        session.is_active = False
+        db.commit()
+        
+        return success_response(message='Session revoked successfully')
+    except HTTPException:
+        raise
+    except Exception as e:
+        db.rollback()
+        logger.error(f'Error revoking admin session: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.post('/sessions/revoke-all')
+async def revoke_all_sessions(
+    current_user: User = Depends(authorize_roles('admin')),
+    db: Session = Depends(get_db)
+):
+    """Revoke all active admin sessions for current user."""
+    try:
+        count = admin_security_service.revoke_all_user_sessions(db, current_user.id)
+        db.commit()
+        
+        return success_response(
+            data={'revoked_count': count},
+            message=f'Successfully revoked {count} active session(s)'
+        )
+    except Exception as e:
+        db.rollback()
+        logger.error(f'Error revoking all admin sessions: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.get('/activity-logs')
+async def get_activity_logs(
+    page: int = Query(1, ge=1),
+    limit: int = Query(50, ge=1, le=100),
+    risk_level: Optional[str] = Query(None),
+    is_unusual: Optional[bool] = Query(None),
+    current_user: User = Depends(authorize_roles('admin')),
+    db: Session = Depends(get_db)
+):
+    """Get activity logs for current admin user."""
+    try:
+        from ..models.admin_session import AdminActivityLog
+        
+        query = db.query(AdminActivityLog).filter(
+            AdminActivityLog.user_id == current_user.id
+        )
+        
+        if risk_level:
+            query = query.filter(AdminActivityLog.risk_level == risk_level)
+        if is_unusual is not None:
+            query = query.filter(AdminActivityLog.is_unusual == is_unusual)
+        
+        total = query.count()
+        offset = (page - 1) * limit
+        logs = query.order_by(AdminActivityLog.created_at.desc()).offset(offset).limit(limit).all()
+        
+        log_list = []
+        for log in logs:
+            log_list.append({
+                'id': log.id,
+                'activity_type': log.activity_type,
+                'activity_description': log.activity_description,
+                'ip_address': log.ip_address,
+                'user_agent': log.user_agent,
+                'country': log.country,
+                'city': log.city,
+                'risk_level': log.risk_level,
+                'is_unusual': log.is_unusual,
+                'activity_metadata': log.activity_metadata,
+                'created_at': log.created_at.isoformat() if log.created_at else None
+            })
+        
+        return success_response(data={
+            'logs': log_list,
+            'pagination': {
+                'total': total,
+                'page': page,
+                'limit': limit,
+                'total_pages': (total + limit - 1) // limit
+            }
+        })
+    except Exception as e:
+        logger.error(f'Error fetching admin activity logs: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=str(e))
+
diff --git a/Backend/src/auth/routes/auth_routes.py b/Backend/src/auth/routes/auth_routes.py
index cc18eea4..a84e7e25 100644
--- a/Backend/src/auth/routes/auth_routes.py
+++ b/Backend/src/auth/routes/auth_routes.py
@@ -41,98 +41,6 @@ def get_limiter(request: Request) -> Limiter:
     return limiter
 
 
-@router.post('/admin/step-up/verify')
-async def verify_admin_step_up(
-    request: Request,
-    step_up_data: dict,
-    current_user: User = Depends(get_current_user),
-    db: Session = Depends(get_db)
-):
-    """
-    Step-up verification for admins: accept password or MFA token.
-    Uses the accountant security session store but bypasses accountant role checks.
-    """
-    if not is_admin(current_user, db):
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail='Forbidden')
-
-    try:
-        from ...payments.models.accountant_session import AccountantSession
-
-        mfa_token = step_up_data.get('mfa_token')
-        password = step_up_data.get('password')
-        session_token = step_up_data.get('session_token')
-
-        if not session_token:
-            session_token = request.headers.get('X-Session-Token') or request.cookies.get('session_token')
-
-        if not session_token:
-            active_session = db.query(AccountantSession).filter(
-                AccountantSession.user_id == current_user.id,
-                AccountantSession.is_active == True,
-                AccountantSession.expires_at > datetime.utcnow()
-            ).order_by(AccountantSession.last_activity.desc()).first()
-
-            if active_session:
-                session_token = active_session.session_token
-            else:
-                new_session = accountant_security_service.create_session(
-                    db=db,
-                    user_id=current_user.id,
-                    ip_address=request.client.host if request.client else None,
-                    user_agent=request.headers.get('User-Agent')
-                )
-                session_token = new_session.session_token
-
-        if mfa_token:
-            try:
-                is_valid = mfa_service.verify_mfa(db, current_user.id, mfa_token)
-                if not is_valid:
-                    raise HTTPException(status_code=401, detail='Invalid MFA token')
-            except ValueError as e:
-                raise HTTPException(status_code=400, detail=str(e))
-        elif password:
-            import bcrypt
-            if not bcrypt.checkpw(password.encode('utf-8'), current_user.password.encode('utf-8')):
-                raise HTTPException(status_code=401, detail='Invalid password')
-        else:
-            raise HTTPException(status_code=400, detail='Either mfa_token or password is required')
-
-        success = accountant_security_service.complete_step_up(
-            db=db,
-            session_token=session_token,
-            user_id=current_user.id
-        )
-
-        if not success:
-            raise HTTPException(status_code=400, detail='Failed to complete step-up authentication')
-
-        client_ip = request.client.host if request.client else None
-        user_agent = request.headers.get('User-Agent')
-
-        accountant_security_service.log_activity(
-            db=db,
-            user_id=current_user.id,
-            activity_type='admin_step_up_authentication',
-            activity_description='Admin step-up authentication completed',
-            ip_address=client_ip,
-            user_agent=user_agent,
-            risk_level='low',
-            metadata={'method': 'mfa' if mfa_token else 'password'}
-        )
-
-        db.commit()
-
-        return JSONResponse(
-            status_code=status.HTTP_200_OK,
-            content={'status': 'success', 'data': {'step_up_completed': True}, 'message': 'Step-up authentication completed successfully'}
-        )
-    except HTTPException:
-        raise
-    except Exception as e:
-        db.rollback()
-        logger.error(f'Error verifying admin step-up: {str(e)}', exc_info=True)
-        raise HTTPException(status_code=500, detail=str(e))
-
 def get_base_url(request: Request) -> str:
     return os.getenv('SERVER_URL') or f'http://{request.headers.get('host', 'localhost:8000')}'
 
@@ -352,14 +260,17 @@ async def login(
                 )
             return {'status': 'success', 'requires_mfa': True, 'user_id': result['user_id']}
         
-        # After successful login (MFA passed if required), check MFA for accountant role
+        # After successful login (MFA passed if required), handle role-specific security
         if not requires_mfa_setup:
             user = db.query(User).filter(User.id == result['user']['id']).first()
             if user:
                 try:
                     from ...payments.services.accountant_security_service import accountant_security_service
-                    from ...shared.utils.role_helpers import is_accountant
+                    from ...auth.services.admin_security_service import admin_security_service
+                    from ...shared.utils.role_helpers import is_accountant, is_admin
+                    from ...shared.config.settings import settings
                     
+                    # Handle accountant role
                     if is_accountant(user, db):
                         # Check if MFA is required but not enabled
                         is_enforced, reason = accountant_security_service.is_mfa_enforced(user, db)
@@ -378,23 +289,20 @@ async def login(
                                 status='success'
                             )
                             logger.info(f'User {user.id} logged in but MFA setup required: {reason}')
-                        # Always create an accountant security session so step-up auth
-                        # works even if MFA is not yet enabled (password re-auth fallback).
+                        # Always create an accountant security session so step-up auth works
                         try:
                             accountant_session = accountant_security_service.create_session(
                                 db=db,
                                 user_id=user.id,
                                 ip_address=client_ip,
                                 user_agent=user_agent,
-                                device_fingerprint=None  # Can be enhanced with device fingerprinting
+                                device_fingerprint=None
                             )
                             
-                            # Commit the session to database so it's available for step-up auth
                             db.commit()
                             
                             # Store session_token in cookie for step-up authentication
-                            from ...shared.config.settings import settings
-                            session_max_age = 4 * 60 * 60  # 4 hours (matches ACCOUNTANT_SESSION_TIMEOUT_HOURS)
+                            session_max_age = 4 * 60 * 60  # 4 hours
                             samesite_value = 'strict' if settings.is_production else 'lax'
                             response.set_cookie(
                                 key='session_token',
@@ -417,7 +325,7 @@ async def login(
                                 db=db,
                                 user_id=user.id,
                                 activity_type='login',
-                                activity_description='Accountant/admin login successful',
+                                activity_description='Accountant login successful',
                                 ip_address=client_ip,
                                 user_agent=user_agent,
                                 risk_level='low',
@@ -426,8 +334,55 @@ async def login(
                         except Exception as e:
                             db.rollback()
                             logger.warning(f'Error creating accountant session: {e}')
+                    
+                    # Handle admin role (separate from accountant)
+                    elif is_admin(user, db):
+                        try:
+                            admin_session = admin_security_service.create_session(
+                                db=db,
+                                user_id=user.id,
+                                ip_address=client_ip,
+                                user_agent=user_agent,
+                                device_fingerprint=None
+                            )
+                            
+                            db.commit()
+                            
+                            # Store admin session_token in cookie for step-up authentication
+                            session_max_age = 8 * 60 * 60  # 8 hours
+                            samesite_value = 'strict' if settings.is_production else 'lax'
+                            response.set_cookie(
+                                key='admin_session_token',
+                                value=admin_session.session_token,
+                                httponly=True,
+                                secure=settings.is_production,
+                                samesite=samesite_value,
+                                max_age=session_max_age,
+                                path='/'
+                            )
+                            
+                            # Log login activity
+                            is_unusual = admin_security_service.detect_unusual_activity(
+                                db=db,
+                                user_id=user.id,
+                                ip_address=client_ip
+                            )
+                            
+                            admin_security_service.log_activity(
+                                db=db,
+                                user_id=user.id,
+                                activity_type='login',
+                                activity_description='Admin login successful',
+                                ip_address=client_ip,
+                                user_agent=user_agent,
+                                risk_level='low',
+                                is_unusual=is_unusual
+                            )
+                        except Exception as e:
+                            db.rollback()
+                            logger.warning(f'Error creating admin session: {e}')
                 except Exception as e:
-                    logger.warning(f'Error enforcing MFA for accountant: {e}')
+                    logger.warning(f'Error handling role-specific security: {e}')
         
         from ...shared.config.settings import settings
         max_age = 7 * 24 * 60 * 60 if login_request.rememberMe else 1 * 24 * 60 * 60
diff --git a/Backend/src/auth/services/__pycache__/admin_security_service.cpython-312.pyc b/Backend/src/auth/services/__pycache__/admin_security_service.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..a7d968b12d05d4746534ef8f58fa7b960c277c21
GIT binary patch
literal 10949
zcmd5?du&u!dO!1iKRjc5{O0<JCwRt?1QH04B>@B3U`Xt2va?O^4s);VvFG8Odk5mt
z&_z`$87)#^l@`)u6(VgFD6W=Dsg$Z!oBoFssq4X3J$siZt{SQ3zcHjrH-Gi}&V9__
z41u=lwg-IP=R4<o=X}5OeczqWd_FgUP?~)@-LjRCf5CzttXk&YpF`#n5lDgvCc&IB
zWz7k*3G<eWC2LJsv$ljSYfsp-j)a5NTQknAGvUm-5-up)1bfDv^&~uycL>gmH|tCI
zvi^jhwYf5ZY%mdId3UBM8%l&AZxTG2a3X9bVn}ShZc<m0Xfcz+MDV^v1mAVDR@VxB
zTCZzMO+*$vQGapCJt5Ll>6FM#<tdjGvguq*nio^)sdS2y#8iQ%<pnO4&&f2Ok@j$s
zEY8OY^IWnZ&x}9^NlNE)TsE0YPK#MFCy#K+l$<_=gEIMPDGuc4lQby<eVWfgV=7<B
z$;q5tBQED*d>Sg#IWCnElN6fR7^Iw^!pT!2%>k`Dxb~<?aZIT5My-nT_`D4Lk{QK%
zFrAVW%Yod2Vw)_?XT+#kaSAZAoX(1h3u8gd$jLhvm5B8fNu+m>H_*|00C%pDRf4Q^
zK-<WR`DvKbnU;9Q9>}|=MVW`~O^b9qg=^A7x0bm#4s<UOkt9rT7tDewVG+y;t6)jk
z1Z%=BIs}{O6zrl)aER_HyWo7wYMhJbzE-d37JZ_>9SBdES!@?vb-e?k!$tIeLLZ~)
z5rcwPA0_yVoZrX=j9k#jImD)^pwRS|%~(kYX$$>~W=Ql4VbKli^@&Yv9ZsRSu5Vaf
zhcIBQAY@Q(fw2zp+dFX!t#uTdVc*CRoC$Y;oN)?~y1lm4?^WHiFlfxz2IJb{uLI@{
z;tCt`pwZ4dVN@6Fts6$RihePoa+=X_h;36HLQmZ~+qInz88g>-U89bxcMDtU#&y)~
zPd#<6Zf~7htGe?b+=<@0)~*G2bgR;=T~bvjHMuPgd`p09qNU4i{EibCa%V3_0f-c9
z0WQB{7EUU5D#`_#OKBhhjcPzCxrexRi7c3+=Hj8}XT;PTm!48Vf<pov72hbNsVH&B
z#tv}9c})~+P$G?RxxCDYIRKZGC`999*T^+9Z3VJ40+EEXa@;o)qci!eI69qsbM&An
z&B^)s(Ia_T%*39{=jYP7>CxwssW~wxj7l^$iqJC(vm<Irqf91w9jPG0>f`eZidSD9
zpPfn;dmAw?Uf-n?7vzBGEU7w4u;m_P$wT?_S8h%V27{0pY021ijU9|>abv*CjPnvV
z4A7#pXb*QXpU;c{XOmJshj>f55;vaDiBV(RIIw09V>!(7P^NPy7dSzjN)|G5ZR%_0
zv2oe~`=e~v>M_tRs89m18eo{QqT)b9&TZ<|3qy701xc`z_CUqB;=pUdrv=5Go(K38
z;I2rDn^nStk&~5>AmTalQ*g>6ou}{)C=T{U&;`Ysf_Ef^N1_KGWZ2E*;Gw%jWbL^l
zWOnoYg^q$re-6($WSdT6)~@GjsSbIvORtmJV~?d-uU=P6m&`ilB2=Dn$|zJUluRW@
z$y~COtR-8?E?6FIUcp*&F4?YoR2pYoB{JKj5v)r}E`3%Lfga(yCM~P)1KM2^Bx)~q
zJ`WcO9^WLF6HjZBt3BHBI~<IH*UUDPFHmW6Eb5_sP^0*?4!oQPnWOzsM+Yz(#Apa3
z(0_>H!WR+WNKx@+l9H?z;KY;`)DrjtoH&RooN_t^Yk)f-zB!L*!6)UYTXBHQ0`^FX
zkIlmuXhup-i4>7au@~f2E`OThdC(BnbRIZ(?C3Z@acE-V=<#uW^60Tc$6uM`j~svH
z<q3+{Lb1U8QfyP1f;1C#Gk9V9dEf@<HY7fZLt!mUk&*D!b$RAERUrJZOjtia3+q$t
zZzvD<cS6$AS%}V(ui8jEx7HRbx5ciWTxr{}==;h}T6-?>7x|Tzp{4fK-N)8;r^~z3
ztI^qV%j}~2%TQ0HxwF!-wG!#Y|66uov8kof+Ht$1?}O2IM^`$wRr;{`tB5!3UUXEu
zh|BY~{hWRA^!Y%=>3-XJ&UxOw9%x<kGdW~CRRV>1RELaXN}(X>0mXv})?*+@m+*QS
zqNR5sL^gy>zlgJjST*X^NYqNEx#4<Bvv}T{g24Lddh4tv7WJL<i+;vZvPh-{5V%HS
zS`*9JVEt${uhW==UC}lHDDhUk*TckX!Te~n<rbZyjE^1*vu%2=mM&R!juznxp0UDy
z5S=%LlJ&p0){>b<A8ozB1C%8e9>#-`1t7*&9Q;8tlg5k1C36C&-Z8^4(2ark<oMV%
zP~1VuF36%3^((eF3L;%lCD%Tc&d4HF1#$!?2Qf}lc=}K{86eQdF}D+=8YFb6kZ|<i
zi-!z60E~EL^3Vj0LD#5FMFA8>`ZPwnAX2<(AtUl=59AB7gcq1eyejO$Q`&9}aUX0b
z?wh+E2Qt!cAOhvVPr@yihA$4kzjq}xycQZQhemIE+t$28W$)0{SlRm&EA^GVeOH9C
z_py66OW6Ijop^%h27kJ>>L9M*hMNQ<m2jkLC*JUyr@QRw{)O|Sz=weqZpSUpjtV!p
zczD&@UGe(gK638J`4^xofJz&8=_eO|vJx3y+P%8(rL}#T^1jUKwrn|)UG!Ewp*0Uz
z_HbAB-tvq#BCr8-b>1Er`RMqE$5#e+;sm|M1T`#CLU^Y6950Acil&*$monrA7=X_;
zLlQ&_KoYa`@&5-jsbSZw@wCHAwICa}e%7zo)lvf~4ia)*L(N7Hbln{IW^D?y1{TyB
zbjrH)&!SemDd>Fw6|B@(vNpnxGv*wiplo2qtZs?c(JH}N2o^vZZ3ky;B^zKT#1Fvf
zr$Ay%3wCHnWo}cThoGL@R0&18yK()aa~S4y02<r)no>n(`@cPt&KKqbah5Fak)NBV
z%z#O*;(53Jh#N|Iz2ibtNzlIl8nk8u2z7e8dc|w%vZ1LP_JXG2Jc_zL88uH9M<?nW
zCw24RH@Q3m%TebZi<%f@;n<F&IR-ZzcxY4=O3(oon_DJS#Y8p9vS}%slv6Vl&jyUc
zN0>GmqG%a1ET;P~*M|`T@g@XToOvpMLVt3B0jy$WAg~`hZo>#~Jw1R?93my8afz=f
zehkB-_B!>94SWu}``K$@C|V4yCDhi{!_>?Zjbpq<`vK<3rd|}NNOn+Z&XSEb66~&Y
zZ~5T0cVGKOW~KXyweCIT?mf4IU2DOCa&X|PqZ}M%rJ-_g=qgmjS!ruIxOHjxm!sE4
zR~~z&9DL@U!`kEj+DQVDb2IOh)*?H~ksWK1UFFEGmB`a8{@s5+_}7Dfv$g6XzRnFV
z3HDUD_!_sj%<aACTaS!?85&v(Jyi}p^@;hDW6MAK@p9;?l~8ig@#{cqCA@Rp6MFmE
zbI)F$zU3LLgtu$Y!0;{4@YPq>Vux?V4p#!LYk_Dv5M4U*%j4IMuZ--w71&pa^sR5-
zdBL$7j8%f6OU{eVcR&jaFGrqP-aEeh%<<)x6U%`U%gz%_E4)wtLpC$i&H<DDul2u@
zd6SOV0I@Y4QAc9~zhNI*(D6an5d{-yH-<4O8wS>F1FY7^KC=F1(GeUC!cAIK11#3*
zo6xypEk=(e>D+z3)jEhsO5g&`f<qH*sQBa<-2*d31Di#biBU~%nM|S()~Qc5&8cl-
z^3VzXl@t6A4!n5u;L*t+^19wMhC@)#idyTGCq@^QCkbDA6h}>4(idh(V`FV;bGP@9
z)E`6i$l4ND_HtJam%ZCI=}rzS=uS>ucLJwi5QPnNr?&OskwwR<bMW?H>?8g|er0gi
z-?raw9$srcP;Nf(mBqZry+O=FU_Grm`>Jj<pqSNE351z+C_aWpV9xUL!n~+78^t=s
zM{(=6GP*cuTAJfC;wdo$?hc7B<O)&&9MjIMC?`QdPNwQT38-c;f%`|u)O#|(gJ5MI
z1n?h#FTq)ImE0xIn<fc9B&5lb$?y_*L9NoRKaem&$*W&Q<|Sxgpw%v4$t9Riffugi
zru{NP01LB*7eucCUy7w<evg2k!UWGO#IQnKmrby}Z(FkKrW(xXg$LMC+y+i_&E25$
zjXkfrpN`Asb7?sb?w;wm=69guFdKalqhlELV>E!#5Ju>7pr~cj6A&p)I$2)lE_m^+
zGwJCW#R+ODx*Rga{v%M1;jwI9ivYru0(siQ6<z2cW8O@#7uZE-YcQr_3qd!D_@+#g
z&<9VBK8X>^iDFkj1SpQvNt%QGM16ISTWvdRci*`u`Vx|}067WK45iEns<?Tf%`o2|
z;L)t_@-dK+eg+YEAvhA)f_?;WD1c|7cc<oDP(2H(qoHT$PjgrMz^4#!FIs9o1?jxU
z@G0O+)VkarD|=#p*>T$&dVBobcqO#+M)n5(>Cv0hH-ESse06=xP-XD(O5ce3f5T&s
zgsL`p2EQUMpTF8lg5gEC`T`-E=)v$n{EWRo-|gDduW-%1CYb7+a;gnYW(~C0Cjrlc
z;cw8zq>+E2)~k_ULGxi4lp5I#V5|QgSPN!#=0?_nz6VVY2LYplvf<PdtZ$K$?I6*6
z>8m|s2hp>iGSNWoZ7SLIR>3xR5H2Qa?UwtfIUYdG0j^5NCTfmvQ(Le^oyENenbhDn
z0Qdw!;fbn!>;uJB!#nO|QW6CYbZaJ5pwfbzFU0Sl4FO_g6_N|mSPIVA2*{%+;O`#F
z$oGkf=^wAdt9iy$GR+#@Y8lCNKG?YBPfV9gCUSm@l`N3Iu$(qsGmV2HjbeArteE55
z!AY2sC7e)u!oG3s1wS<Cr*wbu*@l+B3Kcq<8{!w=o5=&lNc-akfp37UgeKU(k^eYL
zZgnQEN;jYQ)&9@+Uw;0B@t=>EI}^XXhj-==n+8qqz#qkRO#ZG|L3x-Bn8DEW$B?gQ
z15H82|Cj-AboC7AP2A|enfle-XLDEjKic+Z+seI(-%<fr;n}Q}F#Cf6t6_gAZq=nK
zfV&uuEt63!k_fqsn2S2=AeLb&Zb}J&{Y2rt#v8^br}Ih^6;p6a^)pM0lH!^Jw{nh8
z&r3=`&8i<8piRQF(Ggb#+{gnCzc}(=xhh`*UFlPZ0ER=PvtM)JE~P(tc{TpMa>w@;
z1M6Kq9~^o2$m-zEm9AZDUHi&i`)+%?*1Q8{FB&9Xa3DcxYuUT?>a%6<9&j0TGnbM7
zT>no8(Ph+uE~DP{a2vXDT5q>?!fjjLb$GQivC@`UJX#5~UuiD~9$S)b?7sd7pPFus
z9;ie*v2XZxPcIzI^6nQ_dlM@?iN)h!T3pVT1F?_$Z{$}VAG_If>+u($^Ln6J1#Jz|
zU_XRd;m-np_x=u||9!JT2c||EiVl=#%;0h|Eto*vH}i(}1G>_8m<XVTo1>Ou+soo9
z_~rqQ%uSz4#wMeVh6*=Rvqxa>s?Kbw)0vsNjJ$y>rQRk#W#kRdV&e}9_jf{@RYJu8
zG-dC@{EGK1=CJ!;-2vuDw4p8x-!Yjk+|`SEZoBc0>ss!8pEr#c_@90!hgs(>GhR}d
zSPKvT1|WbpD_#4<XMWfbm(Vw4Eynai&Scc*OVphylIj7{4<Dbe_#|_KjD7p~`(T}{
z4Zc;e?<)7*0Bluk3|gf7?m(M%yntss`wXgoc`C*lLdt`>NAO;}4zsX((G*5w|NX9&
z;LutyRu0CPmGmH+$!2L{;L&t$=)$(kh2^Hf755N=i2pu2sCm)L1U_mT#}GAvBWt`E
zL>*hxshJ}<>SWERxSk#xhc4sMZpF#-xnx%4dBx51*}PByk2|k;dHxNsh_n_5&kOk!
z&r^K+>9ZKUfNb+hauW1+(CcUN0`*`$vQV+&mvM^5G)29RBKE+WAXD1Qa`5R`bzy<u
zQu9I`!QA&T!n;k;!co=t1m<!W&0{2EgfBPSFq2l*mxZnYbQDNGf+f5~er=6|2HZce
zY~51n?O(R`K#A*Hwsx)CnyO}tt>yBQRRYPCS6OnS`7W03S%^Kvnt{KVbJ#jB3snNi
zRR>FM9QtJ7Q|Ha_KlqmS94kLLeiz%cVUVkaaF~+}Mk@oum67e0-oZ*w-$tO<7O8l{
zRSTr+P0dvsq_Cit?#mMwk5wI5a_S`)mfWO!@XExy$EqGIc}b|_a{tBdst-$kaAaMO
z&Sk4ewHhSu*1JuR(-whsV<vSKy@MMLPMaCh^+-q61}V(k(No11nAIJ+Fj97Hx$A<W
zMgkiSY9xliHh6NwHDr6q#5RB#wgb!np*HS{<>HyDgB6{mo2#<EumN{qQNHln<<!O3
zmjiueSN~lP_R*$b-A}MN%&oR&MjBGKLP&vdsHN(_9IViP*9AFkB-U-m?RhmO1D_d_
zD;--Zom?fhW1~H03p0w4vb92rOYN*WFy|y&`l>F>xpkg<u;kTCJ}mk5QUFUq{REn@
z6w*&1jHPDM(pGK3Tq|j5uSPJ}M#7z!pS)tZGI7QE?*4M<u_`XA+CkhMcRL}cZ3gRp
zU*j}f88|Q37F!EjJEUywkiy#an}Q{$z836@jP~F4Ku#lxb<e4c^=piUlra`kAO+nW
zkkh(j9mlS^N1GT@HZi2w+jrLiIo5l_3^`TqP}-txbO92@FTIgTW>Pa^b|IdpSrr28
z;EDkgn~8p%NHaLVH-vp0RD$@kgE*j$n33WLvJ6C&X00ZPKlRfeVHGh@^HkcUnIr`l
zTR~34IQY4v$j^wGd67yKzeFfqT08uxYAQV)N3$Q+!mCA!ADHQOj80+nDn_^;rB$C#
z{n-{w%zmM?32we|?p0xOKm8*Z1?WzsqYzasCX;EyY%y8?-APRSUy#@eiG4waKPLlU
vkOQBS9iNk3zajpAc7-n-S#forwSR4Y*=lOpAS})}Nk@F8eY8wk8HfK9+ti*1

literal 0
HcmV?d00001

diff --git a/Backend/src/auth/services/admin_security_service.py b/Backend/src/auth/services/admin_security_service.py
new file mode 100644
index 00000000..4ca4e809
--- /dev/null
+++ b/Backend/src/auth/services/admin_security_service.py
@@ -0,0 +1,296 @@
+"""
+Service for admin-specific security controls: step-up auth, session management, activity logs.
+Separate from accountant security to maintain clear separation of concerns.
+"""
+from sqlalchemy.orm import Session
+from typing import Optional, Dict, Any, Tuple
+from datetime import datetime, timedelta
+from ...auth.models.user import User
+from ..models.admin_session import AdminSession, AdminActivityLog
+from ...shared.utils.role_helpers import is_admin
+from ...shared.config.logging_config import get_logger
+import secrets
+
+logger = get_logger(__name__)
+
+
+class AdminSecurityService:
+    """Service for admin security controls."""
+    
+    # Session timeout for admins (shorter than default user sessions)
+    ADMIN_SESSION_TIMEOUT_HOURS = 8  # 8 hours for admin sessions
+    ADMIN_IDLE_TIMEOUT_MINUTES = 60  # 60 minutes idle timeout
+    
+    # Step-up authentication validity
+    STEP_UP_VALIDITY_MINUTES = 15  # Step-up auth valid for 15 minutes
+    
+    @staticmethod
+    def requires_mfa(user: User, db: Session) -> bool:
+        """Check if admin user requires MFA (optional for admins, not enforced)."""
+        # MFA is optional for admins, but recommended
+        return False  # Not enforced, but can be enabled
+    
+    @staticmethod
+    def is_mfa_enforced(user: User, db: Session) -> Tuple[bool, Optional[str]]:
+        """
+        Check if MFA is enforced for admin user.
+        Returns (is_enforced: bool, reason: str | None)
+        Note: MFA is optional for admins, not enforced by default.
+        """
+        # Admins can use MFA if enabled, but it's not required
+        return False, None
+    
+    @staticmethod
+    def create_session(
+        db: Session,
+        user_id: int,
+        ip_address: Optional[str] = None,
+        user_agent: Optional[str] = None,
+        device_fingerprint: Optional[str] = None,
+        country: Optional[str] = None,
+        city: Optional[str] = None
+    ) -> AdminSession:
+        """Create a new admin session."""
+        # Generate session token
+        session_token = secrets.token_urlsafe(32)
+        
+        # Calculate expiration
+        expires_at = datetime.utcnow() + timedelta(hours=AdminSecurityService.ADMIN_SESSION_TIMEOUT_HOURS)
+        
+        session = AdminSession(
+            user_id=user_id,
+            session_token=session_token,
+            ip_address=ip_address,
+            user_agent=user_agent,
+            device_fingerprint=device_fingerprint,
+            country=country,
+            city=city,
+            is_active=True,
+            last_activity=datetime.utcnow(),
+            step_up_authenticated=False,
+            expires_at=expires_at
+        )
+        
+        db.add(session)
+        db.flush()
+        
+        return session
+    
+    @staticmethod
+    def validate_session(
+        db: Session,
+        session_token: str,
+        update_activity: bool = True
+    ) -> Optional[AdminSession]:
+        """Validate and update session activity."""
+        session = db.query(AdminSession).filter(
+            AdminSession.session_token == session_token,
+            AdminSession.is_active == True
+        ).first()
+        
+        if not session:
+            return None
+        
+        # Check if session expired
+        if session.expires_at < datetime.utcnow():
+            session.is_active = False
+            db.flush()
+            return None
+        
+        # Check idle timeout
+        idle_timeout = datetime.utcnow() - timedelta(minutes=AdminSecurityService.ADMIN_IDLE_TIMEOUT_MINUTES)
+        if session.last_activity < idle_timeout:
+            session.is_active = False
+            db.flush()
+            return None
+        
+        # Update last activity
+        if update_activity:
+            session.last_activity = datetime.utcnow()
+            db.flush()
+        
+        return session
+    
+    @staticmethod
+    def require_step_up(
+        db: Session,
+        user_id: int,
+        session_token: Optional[str] = None,
+        action_description: str = "high-risk action"
+    ) -> Tuple[bool, Optional[str]]:
+        """
+        Check if step-up authentication is required for admin action.
+        Returns (requires_step_up: bool, reason: str | None)
+        """
+        # If no session token provided, try to find the most recent active session for this user
+        if not session_token:
+            active_session = db.query(AdminSession).filter(
+                AdminSession.user_id == user_id,
+                AdminSession.is_active == True,
+                AdminSession.expires_at > datetime.utcnow()
+            ).order_by(AdminSession.last_activity.desc()).first()
+            
+            if active_session:
+                session_token = active_session.session_token
+            else:
+                return True, "Step-up authentication required for this action"
+        
+        session = AdminSecurityService.validate_session(db, session_token, update_activity=False)
+        if not session:
+            return True, "Invalid or expired session"
+        
+        if session.user_id != user_id:
+            return True, "Session user mismatch"
+        
+        # Check if step-up is still valid
+        if session.step_up_authenticated and session.step_up_expires_at:
+            if session.step_up_expires_at > datetime.utcnow():
+                return False, None  # Step-up still valid
+            else:
+                session.step_up_authenticated = False
+                db.flush()
+        
+        return True, f"Step-up authentication required for {action_description}"
+    
+    @staticmethod
+    def complete_step_up(
+        db: Session,
+        session_token: str,
+        user_id: int
+    ) -> bool:
+        """Mark step-up authentication as completed."""
+        session = db.query(AdminSession).filter(
+            AdminSession.session_token == session_token,
+            AdminSession.user_id == user_id,
+            AdminSession.is_active == True
+        ).first()
+        
+        if not session:
+            return False
+        
+        session.step_up_authenticated = True
+        session.step_up_expires_at = datetime.utcnow() + timedelta(
+            minutes=AdminSecurityService.STEP_UP_VALIDITY_MINUTES
+        )
+        
+        # Use flush to ensure changes are visible in the same transaction
+        db.flush()
+        return True
+    
+    @staticmethod
+    def log_activity(
+        db: Session,
+        user_id: int,
+        activity_type: str,
+        activity_description: str,
+        session_id: Optional[int] = None,
+        ip_address: Optional[str] = None,
+        user_agent: Optional[str] = None,
+        country: Optional[str] = None,
+        city: Optional[str] = None,
+        risk_level: str = 'low',
+        is_unusual: bool = False,
+        metadata: Optional[Dict[str, Any]] = None
+    ) -> AdminActivityLog:
+        """Log admin activity for security monitoring."""
+        log = AdminActivityLog(
+            user_id=user_id,
+            session_id=session_id,
+            activity_type=activity_type,
+            activity_description=activity_description,
+            ip_address=ip_address,
+            user_agent=user_agent,
+            country=country,
+            city=city,
+            risk_level=risk_level,
+            is_unusual=is_unusual,
+            activity_metadata=metadata or {}
+        )
+        
+        db.add(log)
+        db.flush()
+        
+        # Alert on high-risk or unusual activity
+        if risk_level in ['high', 'critical'] or is_unusual:
+            logger.warning(
+                f"High-risk admin activity detected: {activity_type} by user {user_id}",
+                extra={
+                    'user_id': user_id,
+                    'activity_type': activity_type,
+                    'risk_level': risk_level,
+                    'is_unusual': is_unusual,
+                    'ip_address': ip_address
+                }
+            )
+        
+        return log
+    
+    @staticmethod
+    def detect_unusual_activity(
+        db: Session,
+        user_id: int,
+        ip_address: Optional[str] = None,
+        country: Optional[str] = None
+    ) -> bool:
+        """Detect if current activity is unusual based on user history."""
+        # Get user's recent activity (last 30 days)
+        thirty_days_ago = datetime.utcnow() - timedelta(days=30)
+        
+        recent_activities = db.query(AdminActivityLog).filter(
+            AdminActivityLog.user_id == user_id,
+            AdminActivityLog.created_at >= thirty_days_ago
+        ).all()
+        
+        if not recent_activities:
+            # First activity - not unusual
+            return False
+        
+        # Check for new IP address
+        if ip_address:
+            known_ips = set(act.ip_address for act in recent_activities if act.ip_address)
+            if ip_address not in known_ips and len(known_ips) > 0:
+                return True
+        
+        # Check for new country
+        if country:
+            known_countries = set(act.country for act in recent_activities if act.country)
+            if country not in known_countries and len(known_countries) > 0:
+                return True
+        
+        return False
+    
+    @staticmethod
+    def revoke_session(
+        db: Session,
+        session_token: str
+    ) -> bool:
+        """Revoke an admin session."""
+        session = db.query(AdminSession).filter(
+            AdminSession.session_token == session_token
+        ).first()
+        
+        if not session:
+            return False
+        
+        session.is_active = False
+        db.flush()
+        return True
+    
+    @staticmethod
+    def revoke_all_user_sessions(
+        db: Session,
+        user_id: int
+    ) -> int:
+        """Revoke all active sessions for an admin user."""
+        count = db.query(AdminSession).filter(
+            AdminSession.user_id == user_id,
+            AdminSession.is_active == True
+        ).update({'is_active': False})
+        
+        db.flush()
+        return count
+
+
+# Singleton instance
+admin_security_service = AdminSecurityService()
+
diff --git a/Backend/src/hotel_services/routes/__pycache__/staff_shift_routes.cpython-312.pyc b/Backend/src/hotel_services/routes/__pycache__/staff_shift_routes.cpython-312.pyc
index 6308753dc23500cbbd72df7e7acde269f7df3d03..169c31b0288cef18eae7ca988ec22625efcbc080 100644
GIT binary patch
delta 11654
zcmb_C32+<7k-J#@KL~($NRZ2)kobzCL{XGv>ZLx)lx*v>#6Z|335o=i1!!3`X!ubQ
zDW^n|CwI0JJGOJVSS~ST`{b*WlT>V<Q?cxG5>QkXX+(C(b*WTbb-6&cuab(duC99)
z3xE=JSCz|Fq0uwb(=*f4)7{g%fA}T)_8FD+Uo93R15azbD^h#(yw$6EMti>T{q=%b
zu#VM_HymhS8Nh90jpM-sL6%W5qDNeEk;Og?b6_cyS-~zihS}+oi>h30lh`zRki1&v
z9CRv_K&KX5e__cjxTi}M?v#^9t|8x4weQpme$ghj_+W6M46s&;mFKZQ9;*;rgi84F
zV!2QyYKQDX^-0Y|dD6^*Hkfr7XU#gv8C7RxjkqjNsTFFAC_8{Mf|TTMR9#gqLNTRY
zXegrWR3t$@;mr5`l_ekqr<YvhZj(WMUK#}%Ed5_(&{Q<v6^aaCzAGx57f7I`h;F4K
z0k#!oRnrDiEvD8B?M2jGiWF?i7HR-_U)@>Pk)NBgFIr)FQSVjIdm<-ow_51D$UUL1
ztgJ8EN3F1;h<>%QhO(8)Xc5#~75w~ySMbR!0(G2#OuC8|sTWoiG3rqmxw{oc1vVF1
zm_?Z~W3{llsN))Cy=!_F>nJOn(lW%NmJO+dHANiOo^S=%UaHruXFGyy#v31r3?&9b
z6N%V(C=rQ82jimjKqM?en{!x949e~C@Q5f(jENE%(e{$pwd3q=a;T;637>(q`rNFR
z+`P~A#6}Al@|9ckN&SPYWMi46e$<S@b+Shr8D`3GYkiH1)*F)sNhNSmR!~owlA5IH
z=thQ-R7um6CaEJgYux0aRs%WQ8gM&v=ZQ&J6>QW+&hPV^6Gcs=-Cs_cpv$jxdYw6G
zl$w)f;_x9GBl-Sbrz)u>=WAfPX5*AOTAO5~>V*U(wcV<kGLyB2)#RbOOys1Yj<e)Q
z-ZE5BKA#xM-4>j_BI_x0QY9@dVzkP*97g9BFek=pjX7x^Z71ywe(jVM&<?`xa+2R0
zjjWa2Fw~NAlL@d-4k$~|k$X%Y)=0)oI|DYsl(cPR&f3GOVJ56P#~%7ekgGicW;AKX
zHE9VeSOCqMJOOLcKI&4$RQQ)lvHl5LP-g>TI}o?`yVR0jM#v-PN&_}HfNDLNv@B)q
z<mQ1K0U$^~dpe=Rjpez98_V6K&RRhmT+r~KWof_-9Qq35Dj1G5+DGoPv{P!B4Y6Bu
zZ0yz!I=BZ&c96R}+!`-nEfn(s)=x2Ha5u%u0NYKma=`9Ej0*rmM;$Ok&VY~=W={vK
z=sbw)%s;6?Y*Y56HK_(gvnDl@FfGA234RK2@G(NgGisso8I{13`)ySkouHpKkUt#s
zx$Vc98YXd{vWi+p>YZ|sS8SD*s>C6sHt8TcHu?J!L8U^d73zwc6=nGj^Q>yxptzmK
zSiv^sc-V2AJ<dGH?Prd&Kje<H!FsaRUTsHS(h>lX-*F7{i9ka3eQf=uAK8zx4d{(B
z+M&o;LX@O6SkOtaF>x>=WHdt&DW1rvqoHw;)RxqcSjjMZ7nv(*GOa^G%>$va36VIR
zH7co(bU16+60+CXxGSSZ4jFwUJ{S_lBT<UQ6QQA@jA1<V;NVzfJd%*^K^A%;ln@7F
zM@FUXP?UC3w$xl?STSA#MV=@B?0lf~%Yc@`FTPjJFu!B|^azvn_Oav)zqx7N>AC7`
zdurozTc6%~!823dc1nL!%LMAqZ@f@*$}n%TpIdd+R6g$toZ57QY;i5u+%z&~*QK{z
z7r7k`?8%Ld1AgXb&Ap9xuV#Mk-r$AOyUm-s2He_oof``2ZgzJAn_lf1DB)&G^iVV7
zH|(zEW@>tNS8`V?HGp5O<#soaA9-s)svmi?Dz+NVVL91a<{|%4W+GqndpO%gmOSbY
zz)?6@UT1MYI6?y(ID1<1a(SsbsRe>}$}7n82E7{Wo{D_DzqCZzY>0B4f=h7AW~VX2
z3Z>6*dr+O4Kq&M9b*h-sB^*jw@CaUVKHw$K-f#2i9@ZUa6D>*`&<+4?8^e(4Wqy_5
z145s}KV7D%6HZ{X6D^FLWr}!~3ju|vlk!}kZ55=lVoz!nj3VK*q)r4Y5Kw*5h9~0S
zBBZ;prWXMiY37p(#BgfTCIJ0GqqGzYlmqrFqHo3`b}G<kOrdx@G8`3!!6PT69#|1u
zS;4L$e5Ff!H&U)7-IX2T0YvuznDlNAMaD#dPsI4JB!c?!RNuP!U>Vg(2~UJ{F9JLc
z5}sFSFM@plG8{NGNrS~Q1U3W*5!_GGmG0CCqPPbVE-PbDoSu;3LV}RdhGXNP{BXv^
zAxVsnNO<lg5y23GVeF)b<1=<76h0c%OA^+$BUpwYf?yN@l~EM27=XAQ0MGL+@Z)*u
z7?d(*d3mz;l^%ntairW1CQ3d))<!r#NzLb4#!*I0Rlm^AIU8r3jpTP#e_ZBZPxcx6
zY|IrayUoE~u^F~mxhq~@UpsfD-HiB}Uh_5s_ntumh4-x7HV1Lkw6Gg5-Bt4jt4^xH
zr=m~##Rlpw$@?2jq^8ZeWJvV@BUutAm<W9Yw2qvjbzsB{Nfs!Y69Lk`FQ9`m?gn{e
zqbnsC1(QOk9E+rSu%Pc|+SQq;%kgHCtYF6OMbvp04=xS|>MYn<ptc}&0u3d7l+h$_
zqM0Gf_LY;b*4s8m)e0qy?ont3>mvNDcjkx7TgD2MLYW`sOlyF%H_zEdIU8YAn~(H0
zgw;uIbTuB$7R4$&qoSq&lwW>wrl45LrHQ2^)>uk{jg}hElxz;x7SW?QxJxOIZorU>
z^U^*Zhi}@ihyv^aH@XQ2C%?bj!RC3ob37NAg8=!Wu`KXs+a3%L`DiS`55*>;g0u?8
zk*H5fkd9z5wGzsc;)YNZNkk!%kWVC^7zri#NSu#E`D0RS7|u(ak4Zcnp<`oWLKIr~
zUD2@<eEx{h#!xgYj^X*Hr#jAuLs9;SNZCS<#q1JaWMCHB7HKoiw1-Rw8?+}7og^Ox
zD-JJeOD2w?E6dxG8rham8&R+&)QnK$ftn$k7PKnzX{Oc<Lc?Hrs>rNhGqr^Q#Hc|`
zB37_8cVRJaPYb3|o_-2j7cn!^qtE~r=5cJl#msD_hNWO^icL(hg^?GXvoK!=M$f@7
z{_VVlvA2`1rT@^OXUvYXJ*Rt~**;g^F;m|0+QGTbZ8M$Q(q-FcOxv%QRL+-I&U+sI
zT*Eo7S%$M%vqtjK(rfGu;%ff)9ou-YMZUfY=1PDC{7QvkTY$UL;M>Y@?=oh<-!+3R
z@^bHaHBfjjzyZ;uwlxuoAB{`Pagi#i0sb<oG4WDQ%XNdl9!lscau%LSfZEfwWLZ}&
zdxq@o`gLj(cCqJ_4KFpIonl<tiruyW2&ys~d5nIn+67>;bdw~3h7O5|@JJ*&%+vO6
z{vN5IGM<9_p=1gTJr%(YS#8Q0<`5(8N4{v-Y3wE)K#Xn-Ri1)YE%Z>bF3~knh2pW>
z83dIG4kH*O)^1PgNkqSdpbbF?!4U-CL~s_tIRpZN^9aHSo<Kkld<((fBKSK5Pa$|3
z!M7272LVb^dIo`rAn)Wref?0zvk<i1I^{Fur`_IF7$C|H?<iv15j+bZqeijHZV%51
zRmcL6juG2xx8?<C`SqpX>Nkuvh5cQ)u#9e4jEYidOgckMoBe%siJdsi3IP4`Lh16T
zr0%%9<Jbjso{?n5BIBDY-D|M?AcB<$@RA^{A}?$%*UGv;-riiFdI)PNCEXhyi@2m*
zM1k1D2<Qr^JPHP7FE;ccpeOth#ON_cnabAT7Ln5fua&-s?d=Fw(3s+RM5$iI0E=q@
z$kLR<2vaVMphCX@jUAW1yX9pA{}n(dt@prI+`+Vu4>Wca1Wq-OD&#5XD4hoI2|a=Z
z!BI8YgsnZ~7Xy{1uOTW+kNj~Upa{;tyD~*(0jH!mP@@8&i(kyR7G^?4U6>A!T<Dxo
z@)_+!A{>n!mlYgmNwqw~MWTs}B@s)6#vr>f5{^ZMxUBVbZ|JscLF&RH=(f-u8Nr6d
zHp3*ngiVDVDQrjt8%9ZBkEgw`H|Ws|nx2dEOgSq|H|SNM7``O#dEC&D*JN3SUC3}1
z0t|3A2X*qPTT5(*D%mZh^-#SB_XCWj9sV-<<1y*zSS%z+yU5rfUJ?EihZ<AU$OMUs
z)U=>^bZflGLOmLbM2o`deb|Ls87eMnajEj-vSc4ew-nD|MjJYIOoU+J2o|_8F)At6
ztX|e0=?B=0ZX7jBx5#&d3?AOJekamAi!9iLY%vxUp$oHA%7O>u6XW9{>4fwK^n3Br
zZx8>ssxD(5iA}`CqoQ~W?0T4k7Ue;Pr~{v^B_DZ*$RpdAa9oljKinQ*Rgihw&#|Lc
zGO(|d+})-p-`LI@bBQhWsGTOZ)HH#mNvfgV3h`C0-l2H_u7*iXyfLYjd=Pb&kaoyF
zUGw?Ln>&n7t)MH8o1uL{!2QHVb<2V{TQ3-j=?##v5KLp1aqE;0v*wT_oAH(EA(d`P
zLWoD~?KGW25sbd^R;q{Wnl(2Orw0a9BvAMtt)@|bs@<R(ttaR2D<h9?bYkBU!3IeY
z`?TXCniqJc^yF9N9!?LJ-j@RvWNd?l%Uw7@28B!Q=t`84&Y5Js!w4>%;|j=osFjEr
z0${t~hP$vF0Ouoj2!NMP8H(7nA{((Jfo6|BNrS=z^C$|=GW!|9I%Rm+aAs2eFXU6;
zu5DC$1Ai6EJXUm9pf_qdBI!5zn*`6Dh7!EfzM^PaC5Q45O<Qb!p{%$U2{igrbTWlW
z(4<cJWdBAHBVaz1i<FyrnrNZHu8?bro@nA}(xtUnb&E+7BVt72W5=V?S72e%R}oMH
z5d`cd721guBfW{$2>_Ed`(qQde+<L!+&Cv<6O>0T-ln!@av&GX=V<Z~dyc4u-=M_s
zxf(ts!D=LknjV1AeF$PGNess%A;ss8T#JNPH%KV!dne$Aup>5{vCs&AP##0bnCN2V
zShPQ=mhB0(F=#k4#vI*XC_zKNpf;m}6D?t)OB)Jf+B#!_D+VklEDk1491}ApNlfL+
zK%^7I1Y{24)DBHn6vDW%*l=ze=n%lDo1fImm!3&SPEG=U<OGl7@sobJDK{TJJ`oPX
z&1Ps~Z0v-DE>DRfksy`8Fp@5GVHjDI#gG{(M8S%`_~rp)Q@@<?hoYge6NyMTo@yD7
z0snYQ2&Fy<OO@V6vL*y!1T;9LF$;AIG+fD>;*9QiNQ%M|Xgre9%2TBQOGX`u!affp
z4;q*l<tT>+Ce#h0+q=Ig<8c&8arBI#FdG`O;JGZg#a#A79xHb@nE{FqS%_|WA>7Di
zKUTrr<YbCw57*1t!*p<cx_td9{l_-X3*HO&zI^zl!<Un9q+U;5ZSGfYDLqBE6ti-#
zSv^<QHdEGi)zqetjTVzR44c^x&1*mK^7G!>=WI{g<~{ZE6-(#KYj331Z<$-a`|A4L
z&)3aWFPo`eHdoy<Q{8i|dTn~&{qua?i`Eyc^A$DEjXga!SJ5_8(RRIh$&0Now9Zy{
z%vG<Msa`W%z3!$#<15LU8E@6+9<$GSYHQZdSZrrEpWb|K)irY<t7i<Rvxd`#b9LAB
z-g&(d@iV61=&ff>r+ub#Lr?8{YFoN~<z@35w%2Xxm3?W~)@%B0<jc*jZU<xceaf&f
z|Lf+Gv;C+0(}C4L+3+U&<IR`5(q$Xx%$sJ+o4&|$Nb$wzUdD{n8tc5?LSAYfNa4-o
zF?L%3vaH^|mCVlq>%Dyp^YhMLBb44*hb>naL*H`lilM5nmAkS;1NB#0HCVHpLwse)
zHb3{S0WNrM?mf2#3h((j=r&o>`jCA7Bf?ZGT=L=8pE1e*gK!fMh1CpG@KAb~$m8()
z?5FBWy)`jbqd{*=&er-Y=x23FE%;fT<RjnMvF0}4dWU3IH6*iGsjeuQ1x^+-UocMY
zA#b*oyTEf9pXG|ZZ;~Zn+UT+iCc&(@f+@XR=@l%BGXe)zr7!}=+U|2|xTHE!N>j`4
z)|R#<^-06DHSbZ4Nn^Zr!E9`|&xX`B+Ew7-UoCf)Bp3QoM^X*%f83VaR?s4pz}pOG
zF5!H;6KqswNu8jH@S7@^x)QBQZPKKy2wiRQyK<UMqVKV&|AT~eaWC+HWhv9crdzz9
zfAXXe4?DOR*mJ(%0;yLT4@D<JP)iLu9~v8r9Tx>k-;1vzsQZ$&gbzg_cZ8{_JNn6R
zC`HG}J4%^8PWdh7G^KxmMK9(ob3-obEURE8nEA@l&?)i9BZ(1k->FbyA`b4PYq4Bc
zB-)(Mi_u>BY?sUmvS2M4E#$c4=-YPo_TSsPV{k)n|AtLF=)F9sm6OV7XfwvBczh6C
zD2yk)gR8iPfM!7^>lT?I`0xoy5~Gl;qn)~W>Q*Pq_t0!#eg+Ht8(c2%6w0AIUXCZd
za>gV_ew(vP-JY|Tx1FxHo9_?${$K8H3TH#_5Y&&+`#2uDj7wIeR8Ay=;gL{uSj-sm
z>yjS9u6a)<JF*e1qu$IcFZ3!_EOcqNdNeBMO-P5=FZq&U28=qiHVO+FeY*IZPx}Cf
zYQUYvtMfjswCk_t)4p$-<2z^g&etBATiHLevOit9YsR!I=iYqXmpk9+dA(<D_0E~q
zJJa3$S%%rgZc)LXw@;NS@_k08B=BVA`O4?L7uL->R-e+&+smG`owq%&o3%Hd()^}m
z$y~|0nUZz$HphI4=ennQ&eJsGX_|NOPwqOuYu@RD+RrUIr}32TW(i~WC=*zFdE$-a
z>&dxw12gLe(rb68J$v$_rXYWaF3)({c&_uB-j~%f9)8}_d854QxxT0S=KYn=H9g%l
z=Wm+vH{H~5ZtG2*&Th;yI)m{~pWBOk*maZZQ-;&*XRm{=G@mx7J*}^Cuk>EhUU)F=
z?s{|iDf2abA39XiY10|Yb!*uLF1@1veR8AOe-MIaaD7|B^=(<U1)SXq#NSz2veggH
zuGhTP&Asc^K;d0K2Mv?X*23o#tqCbIJS<9K*w_4%_h8o<^3Z*aElF0fs#7X~6;w(1
z{2^zd!Sl%v*yG+QE&*3AvTlbzC8!JDA;~G-sZrKUYZXrf*Ds600AJ7Csn3FU&&Db4
zVR+xXApLKeY}rYzF<cgKMJZU4Y(V+KTKPu#=7PpMC|i(Rd|X76zdz7~+GIes896DT
z%_z_=jFO9@^n{e6LR~;huRHya3ZZA-3)U1vart}|eb2J!G1q{Q;F^&?+!+lT!nk~Z
zaSQP1%CTq(ooWg$8-<BV9|B1Pk1yIFIV3e3HG}MRd*htFcgEiPX7#Ln(<x0(dpqV`
zzMDEV>Zuy_6y9OGKV?+dK~c`-ukE?)xOCqueQEcaD{55EojIMn=i0sd(y9FiX74?i
zzUTh*@<Z3GhtvAQUt~4N;J@OvFonn1-X`{>zmoYbBF`CmgWQFl-dgUhS`DCY1v#jN
zsH?DoR@v}}S?H`hc`f}7)NE&1=1IoDBxDM_BwWl9PO%W~*w<rT!B7SI3)-v7UE=Sk
zz1*ENQBY577S&!zlH94!v|j0fFC7=rUgPAlEu!)!3KpHpecP0O-2}Q!9pCL5EWZn=
zlC=~vOY{y`kXzni7QYs#D%>ZbN0E{$)G0o%tkodIj1f~-@(lhj^(?%FmSoRMFHH+o
z)Q#*4b5uBg3_~SRNgu&%rmUq#qvi;E-PJJb3c}|V4*#5^ZpKkJ>u5Nom37tS2dj#T
z%Aumd%O9$!&__|!uAewB5B#|FvOewZy|NJ%bs(pxd#~*~n7;qe?7qY4y@ToHU%F-u
zrS&1y(^eQXuc&S8$%-20du(qT`}c<4W^THtw~>3RQ3L2(%^cJQ*IoK;Xg!;%%6*9z
zZ=nIhf)&c&sO66SEp*B|MM<K<)(;NiM=*nf^aTdQRIv&CT!w}VKLo+Z>Gm(<zNnAI
z@S7PS5>7~u4Pp&<Y$73j9jRVGZ~?)q2r$1W{Sv_p0`%w9Do7}G=|upa!H=Of<j?vZ
zxQWBpb8Dr~p$<<}T&p2J2zQzPQ_rwl*$<iSj}1=pZ{c04Z&i}FL~m*j%kF3At)=JU
zr^mA#E#0ttpK_kJWHqz|yJc~o+jDwnRwtMBjKfFU4RYDYn5<cojKf{mmbJ*Zm2rBq
zHW{}w2K%QDihss2Do0i&*N>533JonSI0d^a%OP^3q%^BR1O|pqIz+KgNmfN`kB}O%
zVO1A)u{yFGA~&F~1`+52W9ldh_gVX=21K!USyn}BAGq|m_%WNxs+O?_+3YA}HT7Q$
zJQ_GPHOmIzdmw++3ze^UE;qcncD8EwtZ&Z;CBCQXN$XABI%PaW=oAsjO%YKXq#~=L
zwcAw4w(QZew54j6tp+Mz*#|zpz&cgT+pu2V0$2>iZaCao_-0aOkIRv9c|8=zv1+m^
zxxQ$y>RGntV|kp}s#UYTZe{u!8#~C(gJ3yCZs>Q~KBZO2s5Yy@%4{vp+5f0NZRTg$
ass(Ira#r>T_WzV3*sJ=c3hN})z5fA;|2mlf

delta 5737
zcmcIodvH`&8NZLc`+jC$+3Y5}NyuXZNg&~!q(BH5D33s(77A>Z+)c6}*`;SUJmQA%
zQj4W+;8dk8eK@sFJ5WJ0wH=)it9AxTtputvE2Gr$4;kxpv45zY(fWPo=4KP5{^5*w
zW`Ft4Ip6ut`5xzY?#<6m3Ln4ETd!IyMh>3r^2T_2<0)&Q@Tulh^?Nk}7xTs{&+$0M
zaoek)&C6EV*2|x_pA#l~t7Fyuo%C&oGvZJ+K~EzW{EscC>^$#Mtusq**(rO@d+C6<
zWL1q1mX-Z6TWmIy0#j1)lvEO{k%RCH#R76^Oxt6Z%Z^Lul<jic=ftY%C5M}LoYpJ|
zmdEO*)U@)fX=?T0RutW$8znbAECvmNTnR>D2K}AjmFB5#)6Yb6=l|E;N^nhaJnwG!
zzqng7&5s7fUD)Nq;OrUR&Y7mwsCvuSLRiY{z|rZ-dbxg@@_f~G+uWHsKCNl266JYQ
zJ5v*&l^do_UvRJ>+&F$&+se}x{R;aX88Q<VNCo`K3Ij2ENI%FI(2w-(^z___S*?T-
zeMU!D_}$dDw}7^_IjME8k-lB&qU8-`Lcg1yYV=zS8N&gd*my2u==ZSPT{LKQ#*C5F
zX7rQ~xae}(M4#T~6f#;i_k!PS9MLCcWjIncQ-ki3t@Nn|Ns1e|w4c5}0<_oU6$M$O
zM@+S%X;S+gQ;?2T7^q|kcrvCv)f}fr1okVC+0%?hJDhZrxm2gmh%**DV=j~Q8GZje
zbU`wM)JRJWPSb+Pg5}Zz{inH}7ig_zC9k88TGkg^WPQfc#yw^27J9jEVT|ATeU2Nk
z#yQ!Lv7%>M%F9L+jZ8Fw_~FAY4e=-fZL)fGX3()f`%x<l6fvREfSuNiwZD~?E^^YJ
zSUsW*M((OAcdd$w9aL6Rht(;;M37Lq#$Li~I$%Oqhl^ga`b2AgJ8Fq&KDfv|rQ^iq
z7OCqh18i*<m|I6*w7VrYNOeqtP4{m=N%X?Bd5b+-xe&TGvo0TWP1wC`A4XWq4Qm?N
zewwYGMsVj8gy-ZN8VJ*fHDk_bG7_LP4AGT!!$5l=1C`1Cvl=;YR*;Kn)KMyFWa+$?
z{(h&Ax6*GpoV<;`;RqI&q<5-G$=K9HKgT^U$ied=de`A@DV57UPv^W=E#;%UY#y;4
zvhC;ha|gt2+<yLbaX%j}rz;D}PA}Ea0|i_8S>x{)?BQwDRaS*Om(}*f2huS@nz5lH
z$$?lTE@!2lI7y|mnnZLkMvuDs_+|9Zt~vGxP)XVs9T<v{<sj2CcR5|_4)J!n$6dXc
zbmF)Mjb!!lR3w#-_Vi@+ax@)_BzO0dwJ=Q9p^lX5i}$3nd@N;0Gk<XJD@uUif?sNm
zhU5Ok{rxbPD{SSZZTwAo+cRItndy%QR?_dbn8r)JFN^DR{P8w@$5QU+mKD_<e(s$G
zD+{4@#j<*F#{%s&$qkKbMf_$Rf6edhXb`V8pz^h)hRqsrLTui&Oq^IIfqY#fZq`w|
zznpKT|LE=+f7bssK`e(Y?JOy_SY)dj+H*YglnAn&K2j1C;X*<MV3X%cDjayNuxk#E
ziZ&zkSI~))QaaY?r++CabY-+^LU~Sh%O2Sa95Hv3t2)lhg=fW1uAEEPfZyzy#gUQ`
zUD~0xWuII`CxV6aiJ+z2IifqH+s~)xsH3303AF3fHXL=hS9m|n@JWI5#peXNtG9$+
z?9khJZko{&Ij9<SPa2(3Fd-TVb&f6uvjo>7^AV6X2rB?>_fRUG93;!IXE{PGK-Q4z
z?u*Go12LJbg!Y{h9KpSjHh>LbBbkj2W)bb&GoMY$>u0T|Xet%&O~mBL?t`R>)|ZAL
zM;)au?M9rukoK20c6Xq-8DO|@bu<o3htkPVH;F;Tg;<F#4TXzXSrV*v@(==+I{6~P
z!wA~|vSM#6O(bmk5o`$C5gs{R=C<~tgh?Uj6s;@sj_$w~-Y_JF&;yXwL*)<bj&|<}
zgM_{F5E>Br*f^Yts5}@?D3REM0|NjlJwRykA%m!DR-A}1C&*#w!evsOz$ol&h&gK&
zO?XyQefdK1kM<(EviukJGs7<)dgjopeQ%j=1lw*nS5eQbzcmE-<L&PDBJQ$}UmM^r
z7a7+2#LMNr_Ga;Nvl-+o`W5E2F7aKL1dVrn;@SXRR#C_QU_4QAi8so+48IQ&oOaWs
zF<{K_vJL~;@54$9>t#d!fIv4q8BN5ZNWgud50jngV%o9MUx7hok8EQ73(}=(57;%K
z-E<j!yV%KB;9{+6r+R)88np)&ajH{g^L>n&?=?0GQ(5N>W2^^^A@8sU?k(JLB8{cW
z9++oAW9mH6_Dl|O>X>ZB3z}4BH2qU&QPqK@6{X#rVY1yn7jEOCR<Pn#H4?Q`c5KW}
z1=zu&x#vmwz|Q2On4#t2F0<@pTgKEl>FrJPEG}f3vjQWQ2k7_0KFKQ=rpxIs!{t8T
zB!w(j4NX!=D;-%B(8xth%|lNtu?iWH9^ULi@}Pq?7O7Y+QEaTAv@wG*g2S$@dy(fu
z(GX*O<@DWo8eZ{-ZJkK=p+qtr>PZeIWWtyw3|k<N(vNGx!TXTRbaJ3wa{_Lplsr3-
zRoHBzZ_ci&-;d%#gaZH@hCQnYNs`bI?kAq;Re4|wQOJVo=ah`jQaFK~^*kpqI$$J#
z8CNJ`8%m70rf~xHu}v4F#K;WqeUj&iJU22LM1mwM0J7Slba!Gjxu3LR*ZsW8;J|(8
zg&cwbV3s2|eh<AcDnX7RqX?fzDl8_kNU8`ELLLLvZ@@2gMP-$oy`GK?9H*CSOL;8~
z)P1n~rpY-rJYg!m<*$5c_+s@$RnrZB^JA+{uDfaTovEI%mA^D{-8TQNt-op6a=m5C
zt(t}l^{>_6sA(FLer2z^>F}RvpKw&X>c8$_I-9SzY`#@J_k!&;+l}faW6}rqiktLq
z-ABz2`uO8(3f6eJD;^%?D_+Bc9`Q=Zw`PfWWr-Q&ccm5P2OZ*7hXjqQ9ubs=we{&}
zYENoBJolENXcqe2guv*X1&O7tg$9?-;!n`FrN8CdXsF5KYe%g$0AV33F%x7xc5R>=
zn~F#CSBf`(rS!zo-F+dZyEMe=H{7U{PylCcLC_=MO-{BVu#~Vm$`{zoOGhaywo_Ig
zA)GdP0x^hy?}TI*f*AlRhxEo0@KV+n@9iT`V}Ar;E<zVV6yb4%lL${BbR#^8up8ki
zgfWCu2&WM!!q*X?8oV6&CW>be@Zu)VAjovy8s{jUjj-+BeX||cqZZpr{?fzOL3Z<z
zI7;mG?^%$t8jPe;rFg2;t8c~)XoDMBd4r57IeLK;IqurHr{$7yG@ss??q+omq8Nz|
z5ZqK&n@EyDXkd7=y1lW441}OWW9pq|gAx-K2^Lf}68{m1A+SQ=sBlE9R2$vi9(1#E
z+lRdi5s-t(V)|rzK&w;|z1UtkdJub=Cd+IHo9OxEI|fQ$LSTNeu;r<VvC<cCG=ngL
zumgcH6{DP)?;#3NXvvGH#ImuFy@NcDZB~|yAGFX^BCfo0m?mF2SZ-c{!RqnH*IY1!
zj)6FA-2xf=917pwS-m))238HMo{!^tUk13tJZF((fnycbhNDgNhn>N?ub?;;y$!?e
zdl(#dv@|qD;JPirQ5K^B&U*-fE%4vzJHJDgg8Vi^Xn^gNW#p^aWG4i-&W=e|jKjIJ
zq?76BKqM9GPQpuRN;x(xVJugxQ9JKh2Aew&J~u-q@*Nz{rzxK$h03XAt9M>LVJ6U?
zJR<mKGHa8Z&a(D8XzUo@y7ic$YO21Kz%Ig-79$`-tq$vyL)=0?+ZE(j(_p01i{uIa
zF0sR(tbTuz>={T#Wgx{Jk&s%-M<dmvEIz0-t#+B8tQ=Wh3ekk7KM60oK2&5W+J;gW
z0t?q{lvvu(E#)>1poCnN)kgQ?X=RL-6$fGoc7#cY<0_SsA}^yZ%NpY~8JjVL9)w=H
zv1?W9Iuse<@M(o@?i)fEGL7nRBsDZR7$pbEk6`lI@n3iSOAx{f$33I1{HQ(>!4Kj{
zgsqg-lH?G6Iv>PkUSrE5BmlCSy-ECjmgC)Nau_?ry+g{4OI|>wR}e5=Y#s7#kUoJQ
z$CCP~zIiZ-Us4Z{_n?o5U+SkKM;9GgB;7S~Mi(7EvXOQiD;{0X^YDRe^^B!X4CX}E
zx@|8!<2+@_NvxIAau)Yk=ZW<>ozm8G4j&sgC~YHWvgS;RZ05|ioJEnXoYR}LDYBh2
z*#GKa@+TrEIC6s0-$i#Ht*WcVE!bT-5rx|Yo}7dNEDV!$DB_%goWOd!=$l8YmMp|6
uR!2@m;Wo^bP=G10rjChvoNYi6XZv#k>m}pfV;}OSyFvs12v4p;T>cGf761+a

diff --git a/Backend/src/hotel_services/routes/staff_shift_routes.py b/Backend/src/hotel_services/routes/staff_shift_routes.py
index e6f14984..0328df4f 100644
--- a/Backend/src/hotel_services/routes/staff_shift_routes.py
+++ b/Backend/src/hotel_services/routes/staff_shift_routes.py
@@ -12,6 +12,8 @@ from ..models.staff_shift import (
     StaffShift, StaffTask, ShiftType, ShiftStatus, 
     StaffTaskPriority, StaffTaskStatus
 )
+from ..services.shift_automation_service import shift_automation_service
+from ..services.shift_scheduler import get_shift_scheduler
 
 logger = get_logger(__name__)
 router = APIRouter(prefix='/staff-shifts', tags=['staff-shifts'])
@@ -24,21 +26,27 @@ async def get_shifts(
     status: Optional[str] = Query(None),
     department: Optional[str] = Query(None),
     page: int = Query(1, ge=1),
-    limit: int = Query(20, ge=1, le=100),
+    limit: int = Query(20, ge=1),
     current_user: User = Depends(authorize_roles('admin', 'staff')),
     db: Session = Depends(get_db)
 ):
     """Get staff shifts with filtering"""
     try:
+        # Check if user is admin or staff to set appropriate limit
+        role = db.query(Role).filter(Role.id == current_user.role_id).first()
+        is_admin = role and role.name == 'admin'
+        is_staff = role and role.name == 'staff'
+        
+        # Admin can request more records for analytics, staff is limited to 100
+        max_limit = 1000 if is_admin else 100
+        if limit > max_limit:
+            limit = max_limit
+        
         query = db.query(StaffShift).options(
             joinedload(StaffShift.staff),
             joinedload(StaffShift.assigner)
         )
         
-        # Check if user is staff (not admin) - staff should only see their own shifts
-        role = db.query(Role).filter(Role.id == current_user.role_id).first()
-        is_staff = role and role.name == 'staff'
-        
         if is_staff:
             query = query.filter(StaffShift.staff_id == current_user.id)
         elif staff_id:
@@ -117,13 +125,14 @@ async def create_shift(
         if not staff_id:
             staff_id = current_user.id
         
+        # Always create shifts as 'scheduled' - automation will handle status changes
         shift = StaffShift(
             staff_id=staff_id,
             shift_date=datetime.fromisoformat(shift_data['shift_date'].replace('Z', '+00:00')),
             shift_type=ShiftType(shift_data.get('shift_type', 'custom')),
             start_time=time.fromisoformat(shift_data['start_time']) if isinstance(shift_data.get('start_time'), str) else shift_data.get('start_time'),
             end_time=time.fromisoformat(shift_data['end_time']) if isinstance(shift_data.get('end_time'), str) else shift_data.get('end_time'),
-            status=ShiftStatus(shift_data.get('status', 'scheduled')),
+            status=ShiftStatus.scheduled,  # Always start as scheduled - automation handles the rest
             break_duration_minutes=shift_data.get('break_duration_minutes', 30),
             department=shift_data.get('department'),
             notes=shift_data.get('notes'),
@@ -167,7 +176,14 @@ async def update_shift(
         if not is_admin and shift.staff_id != current_user.id:
             raise HTTPException(status_code=403, detail='You can only update your own shifts')
         
-        # Update fields
+        # Update fields - status changes are handled automatically by scheduler
+        # Only allow editing of scheduled or cancelled shifts (not in_progress or completed)
+        if shift.status in [ShiftStatus.in_progress, ShiftStatus.completed]:
+            raise HTTPException(
+                status_code=400,
+                detail='Cannot edit shift that is in progress or completed. Only scheduled or cancelled shifts can be edited.'
+            )
+        
         if 'shift_date' in shift_data:
             shift.shift_date = datetime.fromisoformat(shift_data['shift_date'].replace('Z', '+00:00'))
         if 'shift_type' in shift_data:
@@ -176,12 +192,7 @@ async def update_shift(
             shift.start_time = time.fromisoformat(shift_data['start_time']) if isinstance(shift_data['start_time'], str) else shift_data['start_time']
         if 'end_time' in shift_data:
             shift.end_time = time.fromisoformat(shift_data['end_time']) if isinstance(shift_data['end_time'], str) else shift_data['end_time']
-        if 'status' in shift_data:
-            shift.status = ShiftStatus(shift_data['status'])
-            if shift_data['status'] == 'in_progress' and not shift.actual_start_time:
-                shift.actual_start_time = datetime.utcnow()
-            elif shift_data['status'] == 'completed' and not shift.actual_end_time:
-                shift.actual_end_time = datetime.utcnow()
+        # Status changes are automatic - do not allow manual status updates via update endpoint
         if 'break_duration_minutes' in shift_data:
             shift.break_duration_minutes = shift_data['break_duration_minutes']
         if 'department' in shift_data:
@@ -462,3 +473,180 @@ async def get_workload_summary(
         logger.error(f'Error fetching workload: {str(e)}', exc_info=True)
         raise HTTPException(status_code=500, detail=f'Failed to fetch workload: {str(e)}')
 
+
+@router.delete('/{shift_id}')
+async def delete_shift(
+    shift_id: int,
+    current_user: User = Depends(authorize_roles('admin', 'staff', 'housekeeping')),
+    db: Session = Depends(get_db)
+):
+    """Delete a shift - admin can delete any, staff/housekeeping can delete their own"""
+    try:
+        shift = db.query(StaffShift).filter(StaffShift.id == shift_id).first()
+        if not shift:
+            raise HTTPException(status_code=404, detail='Shift not found')
+        
+        # Check permissions - admin can delete any, staff/housekeeping can delete their own
+        role = db.query(Role).filter(Role.id == current_user.role_id).first()
+        is_admin = role and role.name == 'admin'
+        is_staff = role and role.name in ['staff', 'housekeeping']
+        
+        if not is_admin and (not is_staff or shift.staff_id != current_user.id):
+            raise HTTPException(
+                status_code=403,
+                detail='You can only delete your own shifts'
+            )
+        
+        # Cannot delete completed shifts
+        if shift.status == ShiftStatus.completed:
+            raise HTTPException(
+                status_code=400,
+                detail='Cannot delete completed shifts. Completed shifts are archived for record keeping.'
+            )
+        
+        # Log deletion in audit log
+        try:
+            from ...analytics.models.audit_log import AuditLog
+            audit_log = AuditLog(
+                user_id=current_user.id,
+                action="shift_deleted",
+                resource_type="staff_shift",
+                resource_id=shift_id,
+                details={
+                    "shift_date": shift.shift_date.isoformat() if shift.shift_date else None,
+                    "staff_id": shift.staff_id,
+                    "status": shift.status.value,
+                    "deleted_at": datetime.utcnow().isoformat()
+                },
+                status="success"
+            )
+            db.add(audit_log)
+        except Exception as e:
+            logger.warning(f"Failed to log shift deletion: {str(e)}")
+        
+        db.delete(shift)
+        db.commit()
+        
+        logger.info(f"Shift {shift_id} deleted by user {current_user.id}")
+        
+        return {
+            'status': 'success',
+            'message': 'Shift deleted successfully'
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f'Error deleting shift: {str(e)}', exc_info=True)
+        db.rollback()
+        raise HTTPException(status_code=500, detail=f'Failed to delete shift: {str(e)}')
+
+
+# Removed manual start/complete endpoints - automation handles these automatically
+
+
+@router.post('/{shift_id}/cancel')
+async def cancel_shift(
+    shift_id: int,
+    cancel_data: dict = {},
+    current_user: User = Depends(authorize_roles('admin', 'staff', 'housekeeping')),
+    db: Session = Depends(get_db)
+):
+    """
+    Cancel a shift - only manual action allowed
+    Admin can cancel any shift, staff/housekeeping can cancel their own shifts
+    """
+    try:
+        shift = db.query(StaffShift).filter(StaffShift.id == shift_id).first()
+        if not shift:
+            raise HTTPException(status_code=404, detail='Shift not found')
+        
+        # Check permissions - admin can cancel any, staff/housekeeping can cancel their own
+        role = db.query(Role).filter(Role.id == current_user.role_id).first()
+        is_admin = role and role.name == 'admin'
+        is_staff = role and role.name in ['staff', 'housekeeping']
+        
+        if not is_admin and (not is_staff or shift.staff_id != current_user.id):
+            raise HTTPException(
+                status_code=403,
+                detail='You can only cancel your own shifts'
+            )
+        
+        # Only allow cancellation of scheduled or in_progress shifts
+        if shift.status not in [ShiftStatus.scheduled, ShiftStatus.in_progress]:
+            raise HTTPException(
+                status_code=400,
+                detail=f'Cannot cancel shift with status: {shift.status.value}. Only scheduled or in-progress shifts can be cancelled.'
+            )
+        
+        reason = cancel_data.get('reason', 'MANUAL_CANCEL')
+        notes = cancel_data.get('notes')
+        
+        success = shift_automation_service.manual_status_change(
+            db=db,
+            shift=shift,
+            new_status=ShiftStatus.cancelled,
+            user_id=current_user.id,
+            reason=reason,
+            notes=notes
+        )
+        
+        if not success:
+            raise HTTPException(
+                status_code=400,
+                detail=f'Cannot cancel shift. Current status: {shift.status.value}'
+            )
+        
+        db.refresh(shift)
+        
+        return {
+            'status': 'success',
+            'message': 'Shift cancelled successfully',
+            'data': {
+                'shift_id': shift.id,
+                'status': shift.status.value,
+            }
+        }
+    except HTTPException:
+        raise
+    except Exception as e:
+        logger.error(f'Error cancelling shift: {str(e)}', exc_info=True)
+        db.rollback()
+        raise HTTPException(status_code=500, detail=f'Failed to cancel shift: {str(e)}')
+
+
+@router.post('/automation/trigger')
+async def trigger_automation(
+    current_user: User = Depends(authorize_roles('admin')),
+    db: Session = Depends(get_db)
+):
+    """Manually trigger shift automation (admin only)"""
+    try:
+        stats = shift_automation_service.process_shift_automation(db)
+        
+        return {
+            'status': 'success',
+            'message': 'Shift automation completed',
+            'data': stats
+        }
+    except Exception as e:
+        logger.error(f'Error triggering automation: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=f'Failed to trigger automation: {str(e)}')
+
+
+@router.get('/automation/status')
+async def get_automation_status(
+    current_user: User = Depends(authorize_roles('admin')),
+):
+    """Get shift automation scheduler status (admin only)"""
+    try:
+        scheduler = get_shift_scheduler()
+        status = scheduler.get_status()
+        
+        return {
+            'status': 'success',
+            'data': status
+        }
+    except Exception as e:
+        logger.error(f'Error getting automation status: {str(e)}', exc_info=True)
+        raise HTTPException(status_code=500, detail=f'Failed to get automation status: {str(e)}')
+
diff --git a/Backend/src/hotel_services/services/__pycache__/shift_automation_service.cpython-312.pyc b/Backend/src/hotel_services/services/__pycache__/shift_automation_service.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..e91ea079b1ce8d81d2b55ab021a835fc880879f7
GIT binary patch
literal 22169
zcmdsfdu$umx#y6>;hPdAQ4%Rp7WK3#$&xKQu`Brz$(Cf<vgC*Sq8~J^8B3J;aE4TD
z^HNE1QD7Z3cWd|FUMqXuty1)&E*jvviwjg2yFk@8iRCug&R8nQ5-#e+cK_&K%Q#-N
za2C7!eP=ks5luNx((Nwp*gEsg%y+)?o%ip2=R5qR&1R<H`tb7h;FO=D{wqGnmo7(q
z@&Jfi6ifLiR>NvTny|*F32S}YFzur?_>K<g!i<jz>wWsL!Dk2?ea5iKXCmKpA#>Q`
zvk;mIS;ID;EnMO&377gx;hml}gzVumUm4Iw))XoaSNJNz4xb}j>8m8)&7rDrwXd4c
zmXI^-^0^3Y4b_BeeYIh?&#j@f6j#R8{ZJ!m>|3X$hA7tdHHt0yp*Huf9(d}1n9GvS
zbFI{CPfVJR#se2GdX7#7FUCE6Gx2CR5D!Kpo}(Q9T5y6h4@BY|f0+-)xQ&y1faN>^
ziHBo7F%l;h55#9;o^T)%nB>A-B<{Hqj8Azk%*28bE*A5IqLaZ1^B*u-FP$;6fjAcr
zhPjN6geDAGE))-VnT&2E7>j3gdxI144BZ#GmNAZ9Mr8t_3^P7+ImCH28N*Q!3hzLc
zE)Ze;89K`QGrEg2k%>Rhn1&`}p5)?wNOqFr|A2W1Rw<VxlNk%SLAF8djEOvqU%QO5
zjeRq0Fg_BU1iE508V_C!PLR^b6^2)vv8!KWwAGAzrUH=&7n;D_%2!2>_{0gy+@d(j
zr-6o~Wi>vU)%tWS?PK6i&ly-9XJi@9#F;tsMXd{>UDUDquj!O3v*dUToEiA67xk=B
z_0{&wSCi^%$unQgs;{M-!9<xT*3DWuJJG`c&B=^9ur{E|3598z*^;j@ibfTmBVMU0
zp5t@Gv#a7&J`=But76N!a<&4rtR`AI6bkh%VJlVfolpu@5CdaLC0MO01s6(Z>qr?m
zL8i=Eu9QFpSIxTMsfMfOYNa|N^;E*vs8Vr5Dw33ZDKhFfP;<2^{<>=x@48GCX^QzS
zm}_*2jXA<|G0J~-@B2e3)ESS>KEuSYgJ$$R7oXuH6S<)QzEBhnY}i{q@xj|$R9yL%
zq^5Jj1+vLkTpkE1c`)H?igQjI<T&}e+*%@*;&Em*aYp8zHp*1~p431*GDzp&AtmcF
zt9^m^*41%W#iv1jk?+M*y#(dMmnP{r7Bsn7&AVE8;7!;lYL-rFlk`RHQ5bm=GiFcj
z+7peu#_{pou!-ZK2L><?4uGC`)N^qr6!OTUqbGV{nwyBnl*mU&9mYHxV7TSuewnYs
z!@(FRKY11QKVXIaK$Fq2fon0ZF=GzGXbe#!6I{kjngxl(V;exGIF~U@M8g+g$cFDE
z2{JqzQ9M#S){s}nyWz$+VXTtXnq;hMO=8$!FyBx8T~pC8*EJcr+O?O9U5ZC9ckPSD
zxzNV`X!KGrGTGH1n79N{yJGwVu)-IAOqzOPU3mf<vOhQTz~C>lbY8xeDaX-1pCwc_
z;Vs^kI-h05{KWn(1Yf0|SgFmu3ooU54~V@7K0LXy>G+Lfsmd0yvL#j7CRVnsRCWkw
z0;w}0@l5Et`H7yYX-v7iqRV@y?Jk#kc~E?LaM?9<z2sqaeX4rBSiSy^`R>4vM}IWB
zT)pSIHLItrW#8EK=B~Mcl)FQ8cRa9kq^-`|!*@2XxHpQ{jn_vWmDbHAh0=Dx*!~G<
zL}jcKGdvG7Dye}9b-%=VBmMU(5Vt63sTiT)iYqaumHwM&xwH*xQgclc*URswO){0g
zCn>pQp8;vJT4>vvr1sJoih|ayP3+w>#Z6rD1TV^9U@AHjVm%iWm;e)KD0Iz3+6q91
zjh;Z<!(9zbKsUfvMq2+MO#OOzg!!1q$ueV#O-ym@Oo(Io8hGa0A&}eNMtrdWxio&I
zmGN!(qAW&IC+);f#3wea(GZ^D>;wU^UI@NQNj0_O%^kOUQ?;AK+D#8Eo6;4|-@Ch0
z?g7y~u*faDM?|CRddZvyc<t`F*TvF}f^j3?0rCGoswVn#R}%~YfU@GND+)TNTupoz
z<WQ<3OEBWU%tt4AfMaXa(q?4#LQqgo4t43vNhaD~psHl%ub|K#2nuSeTdeJVVClx%
zs@asP*(28MSsYld+5cwgb<Oo1Qe`DY(!-vuEbJqsPf1|^FWRTHaSNnQE>(XlGAF5K
z8sMJQL2uMyHDA^6B^n$DN^)XUH<q5k-l|Kqt=U_{0sa!ydLZVBL}4(EUKs=kYzPM<
zGjT39>NVyop5FwL^A%3!g^X)-%zt#>*a`pmz9R!bjO_Iv93DM3K5#Ts27P@d0E4<R
zsdyP_7EyXKj}0Yb&818RyBJP4IDdGgu3eF9GN`9N$Czk)ev47_?geqN00adM=CixE
zv-MrmO3$HG&$QSxy|UqwSbgcb^-*c<9JZqerDJ!Q)TSYE)6mjZVbhpk93$;&G^1rN
zWUO&Mh>H-8^<TI)fz3<403=9F?SH{r7``=MeE3dkuWDir4HZ{_S1|}BL$Fz`X^qro
zb*ky22-r$$U~!zg0N!Z)%CteAl+>XKmdSkiyPQ7gSuVewu9T_#J&D>?<)39L`B~b*
zQi=uGHH~Pz;F8l0YTniTFsG*m7CR;?UMsUsBMvCIh%W02UczJCBfpz&l&SnZ-YnD8
ztumFrvkd5nLt??j>g8$nAE<9@SwrzsK>Gk|zD>Vt$>$@EGZ(q0VL~sw*wW&X{()lc
z&o3>|LnrH`p{|*ls5nlt<Z7n)&@A(%OAn{Zg6l6`dZ#GXI?KGyy!AclenoSIx=Np-
zu4oGKdt_FxDrp?B3NF^RW=WUCx5&&%bv>)f7kVW%{gTX;zsqe`Lq!Ztl!iJ*MQBMs
zqPhNc{SD1qTF@P+HFe*=N_U()3of?o^Xtx<-Yu6GU}WNXuJ*FF*EEH?dMgq^W!WMx
zepR5+6Of>#!XvMQ#`zhJ08h#ObOq+F39!CQa%_iZFc6Ayo@jiE<FA0_N{Ks|G4~xC
zhq-FJ@5s1%d=A8aVBmK^v1E)fvepQ)8FMtm;<SZkB6EbhBGZN$SeN*L0T$MQSTvF`
zuv|P448;-~PDN+<91@-aedGm;DmysI#ywA&mVG@f2NO0jgL#hP+z4QID=0ATrTKoi
zlNmQ-MG?~6$+0;V`2p0kETXbc`QvDbGGP9}`h-h4u-Zl98AEJ_tRpj~FsO)2zQE|y
z)<IAf^nf*I46&VB5V0|k67W3L_IRG^B?S{TYv(0VGr;pX%fv=9%fqTJR|v2IHF8%c
z{K3e@sJE^VL?GD8=x5>+k?0kYcOKhj#yoQw7o@B|0JaN2eBof6;EhZ<8ufCu;Fsz;
zqlJ1f1!GaLjey~j$EgF>0k{-ZXA5c-t(;J4d^K`drAn3(;+;efz_WqNmywgdNY=il
zfvXc7u|ER;wOE`B`vW0Zz-RQ5Z82lG65u0{*$fSFGDbcc3SEH3Y(|IK%`hAmi(F?o
zzwiX{>_lo0CTZp(Ghshr%V@Y5PE7>z$e_obuY75Nn^;e(L+&NfNX|0US;%-8M8&#b
z!3J=r3fG;_tY#inH$AA{{=KW;f8(7ume+5G^{H;R$(44k`;Pl<_x1e`Yg<#bh^DU(
zyfu<;h1-g?DP7-=clRS}$v1}I9DeHntbuJ!DeFt3^`&%0B}R6>?M&CUD6!Md=5%#a
z+O__UJLTOidUr2-`vhlywv@8H{Dd;vO0rc=Hdj{bE~|RzSf6ryMRa^6U0av-w0yth
zosx%bJ*l=Kv2Ey~XG_Y{BYJw$jr*5&qz;@H51bbQQ_BZ}!v1N&b1CiVdbDBVKN){u
zOt)@HcWnCDplho6AEnmHswaaQ%2x4>18*LfYn`wBzVjXDyjf`5yLcuwa9SKVy*zMM
z*n3WJ`d6&y(-qZ!deTKX8y-_7WmUibbF1@5ROc}T!KYaU68QAVI?7S^m||?MhxV#l
zB{xfihM^_qSH}Cs#e{J9=*svB;pD01ai4JXv`~L$#eO!crORAtN7bzZHxGR4;GeQu
zO_}RA4(I>=pIHkC`Sgi{vb!Erw8{0*TK<iZH%Elpm+o>up8C<$UEc!#UejXW=dFuQ
z!L?sFcIx`biq)5fYJ`G$>)^u*=cic%M0^_iD`+?i{q#OB^|PIQjRO_bd-Yr3;r$BJ
zkdc1h-Pbro(;w_&hAh-Qnt@mMj5N{~)4o>vo}+VL1HDAs_c^pn6&j=++I>!Dsft0m
zRu6)f8W`YQYQ+?myr$tD^ip>pHN1_!zm0*1;vo4rEC&9Sfn?3J9ZI_3iq(GxIM&F3
zjM!qBS$&cLAg)+U0Yc#DR&eDZgi3l5m`va<np+C47lGaYCF=^J!K0iqOS8J$+IN{e
zXeHpgUXC&Ck*WNhX!E(@bsP;t<eFB%s{96aGW4J)j==>NYmm#8fNvv!p(5n~(3^e+
ze0R&DrqOm(a1robL{biXKc~bBz&8zGRDt;fd>i6lw)AirUvT}UOOJp;!|MhDzTv(K
zz^e0mWY!qZmvj-JNx*mUk}ioW%c7)FRnLXsy9g|n+wU6S+xWUM2fl$?Q}_L=bjQiR
z;3DArbL!601>pO++LLky9SQher7M8%kOGcnSRtWR+0^!D#@{xAzxRwCJTx*eJ}~ap
z@~=R7WJ(Bvk<(=PK6shvDuB}$I4)9vLzNhas`-5wt5kxldt_5)#-uQ*p*0@?W_~{e
zqx>Nx5i{{eAV|2Mmq@~`g1b4%dBDpb1p(fA71BjaPqtb3V@O3I$du-6VhB^o=E`yW
zgmtJgtewEelNg-Bz=r|CTmCc#VDh5~mgUbPg%FlMhXGn?`12T`xr@Jm!2|{@1{?+#
zF_?tFYa(kNl{pUECjqC##7+!zd=TGFLlDFLfgD1WF>1xCip#;&wG4Abc)yEs&uX7R
zs(DLp5u`e#DTJzM$0Ja+8Ez}q1{tb?$=BgZRkS^*XnWY)lWIOFHXmH#mYc^#d&7;A
zc}==)`weErzW&7^Ev7;sZR?}vO{wM{vAJitc}Kdn?PG>^mFG~c1yHT~bE4YA!jW^S
zBa`BhNnt9weB`ol_*KEfr#+h$Si3ph+5K6tc5pG78agWuon0RC3xnqcXJEy8;S0gq
z&!Nx%3tYQxf%%E?UyOGXi{<a_S<?J`aB;if8WB#MMqGPlZCu+mTuJ@h3%GVS^}b~b
zJiNc#G_;lezzDdui@w*!3~i(CbusYj-c}mvZKmOJdWq^Bw$V#n_F+o9v|9u8eM&p5
zWA1Aiqz!rybl=7R=lyaT=}Oc74fOqWeboLY`WH<MJQT;Zcm6dPf2nC@9~`=J?#j=c
zaRuj2<JMlmMNpoj;3Yi1Am)4y+Fb*4y5zKqAv~f@5kqiXF#;Dus&NISPAjHgITgg5
z#F$$ok6_HDSrZs@&3Rm$H?bDQsU?6+i%0@ISqjMZIi*nqPb$V~z>_{O=6>0dQIK~&
z?|;sc0SsdyhT3mR_f>dHotML4>{PIS(NeUoS&Fte?r)OoxrW-!GFSedZ}CM8wH7qb
zzV+Wh^FlMNT5~kh<~3JL#`!eBWWQGZm#wAwGf45dx|31{9RVp8=n6<NZ$>=`yKpit
zRP7lmNb<{>XsrYy=5`bnglHk)LE5L3;9;K%9-{SE`X=eK5%(}VJ%>VIq2)Yi4n>!P
zYs5S|a~b_hVo|<Rw!e->Hy#E4j3KwPxC$r6p#qBI#HweLL>QWINC*-2$s@yrO{H0n
zM*@m9Dxio9G8Isq!AF7%2@u2u!WTe;=P}xvKoBt?KLx?Fwnr;!uk5rotzmamGkuD3
z=x32!ev7pTlIwd0$#sggodn5!E@LCcBFL;|6*6mD|7DTcgxa>)m2U5P284~iIXZWI
ze&GB2-q|<bBW&EWIFj1y6ZiU-_nr~<oE2)%tyukE2!s_+`u`r@`gBb@V%J^f$HpHS
z?<5xL-is}5{`qT*Q-W(u@SQ`v<zEwT_3a$mMg44BpM7sH^`2o1JiOOy8eB)euj{i9
zy66ua%wPlcfs27xAFQL1ZZHk?(jT;S4!um@bJ>U5wD-Ikq}#MZoy@%s2I<WV2)g$&
z1DyAIX{2|VhRf(B1K1I*^nEJ>5By$i*|<-_4?>V(U^9S=P3VD^FGMXg{C#p4?Cxt>
z7hyz39&#1)p^``aSwm8*^4l=Vaq@TKZM7wCmfuXH3qZlef@f7R{|%VmVZ*(c#Sp&G
zNg8H%Wm^%pYIQ0*Uu8iO@R$TEn7nZpd*w4UVv_nbG(uZi$+OZyBiy`JP+y)y(N(d+
zpsuj-iOvKHTM}aXE%M{4QpGiH!F35x2k(INir7zLMj}fo=g8qz(u&|bB5fB)Q}A9s
zxmY)mreNJQ(o|b;8}hMbD!JN%Yn(MD!P@9obWAe*QIM=4N;w|nvOTG}TJ#GG`J8Ua
zbIKHJ%3HfwbCN*}h~B9aT7Q|$6LGVa7mp2^Dlx&<yk3@)zsvn$m77NqcL##Bi?k7J
zn@KvU1D6&p9C5IMecLeIo|i9EayqOH?8+s1{0!dPrL&M%-k3B4TEaYQiASy(oIN(m
zv8NT=qWlJW1v;MK6kKqr?2cOtKEY%BW%=FocA3iGK?mGeFOpBT9CMju*oxcCyN<m6
zs@}LKFGr?WXK`uJvs_=GpGqT#x;NH<ow-L&4b}y-vlf*`N-LE)V0BX&S1g)IOTN8*
zTk(g6mhffEeOEp`nfh~=JK)}`S<CB|w|*+!SFJA8B{DE;{frW+R+Wggc!>~ak3Kms
z`Mcbzi`tv3X05MV!QKp~5|CO`!^kYGZ}^5dPJZM{YS>zNyyw;RRkUTw8b>s&d)B7P
z>yRuje`o8GHfVe6*2uArt$DXzP8l7pV9fYJxxS_=%(K^%cxaX_kp}}2a4-ZXW632T
z=XxMHZh*t_*yzY9;?^*M-tVChInbj-?gOWL;wOUs$as!P5+Xa=cfi^~a*6eN0zBsd
z2MZQ`CvY)>2c;xi`2}!r&Uq~JisUb|2ue7mOs!T5JvI`(=&#{{{6?>EY^P@|f*Duk
z%o7B^6X`3S$s#4wnLFN<FnK^#bYJldChCVHuLVLuIL0MqJkAFqu^>77b&-#TJqaC2
z&!Tb(NodWd6D2LDHnxN}wy++_hednV^Hg&>qd(X;daQ2*4Ek4~g=EZ9IieGXv|6iE
zt=7;th8Xj6igRqj-03+&ylHwoiUnWF6$cI;3Lp56_JerIIYvq2!ZiZ(NXlfXmUv0+
z-~neOX2Mdjy#}r?feRt714@Cc%~XCJJ)Y6T))(`QQ5QI@<;bo<rCgA?oO?(qjuY#B
z#xN7P1YRzYM5VMgBs{9cp(z(xUKln@3qu5-(!K#2&-f$;7ciKBAj3fY&2ZB800N+l
z!yk<KNu~PpwJ9wkaq^OO7@|mB#sDW)sm#cx0a<5~4F?~7c!9l!^T<c`7041(*<8pN
zpoRnSI4|uol&E$YRs(Y>b)4!X-xxF^N#4K?brJi+;A9S`3-enMvIkEPJ+$~30#SK5
zknWP(utVwrt9^#n^fWKVJgR|J?N6W{z>~&JRn^`)bMwq~GaT`_^~TLNma8{N2Ro{6
z*QQ*ZqO0?Pr4zj`U`?1VZ@bfzYVQ@>dxf?gSxU3>6;1k;fqTZE8W$2vF5#$8IC45m
zYs$`Qp3pSx85m)w0vu}Wt*O!;v9xEQXECu-dPI@7`EFaPyI<_?7dG!%+`42=?K>&%
zJ1GpE0?|HAUAnIEJ15^hIk$g4c-L^}8Vc^o%gyRoTxi#}s8`nL4qtQobgFKvShw{-
z>DGl~sh#5wc8;gpUcSNn+P*$rR(t!eQuSNK`mGPj$k!teb{<J@*or$QEsv_*sp`%L
z)twJF>`HAoEN*~3gA>aePKu6}8>91m>CPQD238#HA44LQ;E#W+_nW<GhwIjXZyuOG
zirzrGMDH$P_t>)ckN{B+9~H(=VVN|Y79FSm{=lQ=mibVswO4HI6?Tj)w;mK)Mwc!K
zhmQ+~P6&-BZw&n1fzRBsf$XN8_37%m2i4wr=cBsDbYo|#al6>KeYvsc8M{E2&6V~J
z3ijsTR5;U)4R@v&Di;hw$19@a6~VC~t8aKw7bVZu)%!MWo71fw>6W&SEqZiHDgmdY
zaoH&;UGAK#M5n1av(UJ0!JOK@Pu#vw*fzZ6Sej0ao)bsU2?za9!{;@%>DtCQFV<^|
zQm@WGJ=skhmdem!spi(`%~7Gnw{rTN;14dJo)&zUgr?AnBm82%RnJxYkEl3!MxpzX
z0h0UlNi%U@GT2<dm))0+tsFlk_)ae$KO-DFE7YG`vHP>SwS1OJAtw4jq0f@R<oZp=
z=6{}C;1<VMUfzFu%iPR&uD*Ts_D<mtxGE{`Oq=ey@0KhCKctuXeyLx)D!2{_r~PPx
zI1jE-w#u}<{FddW<y$s%jj~n##_o7ZJex{E{L|RKgCXK)yY{voTu0q&v5wfNd)<BI
z`*qZP-EMgG3!Q1iO#i~xw`GK(KcpD={vpG_s}IdI(l*n<TKdDPhJ#h~huiH3P1=u)
z8lXQiX%E_%k1Pz*c0CCCsEPs3k7{Y8*O|sD>5ta;S;p-2f8Jsr(`kQ2Yk>ZhPCI5~
zex+xSwlly)_FPvT9YRY14*#Eg6Gk9B;g!^o^(mg%g4fbj^sJ`*kt$}fP{mbSLvnFc
zUyIl<CTZ1oosx_~sJ<$84&@`I`dTFANv-O8k=T=;6<__mi0&%s#ZuP<nOQAZG>WWo
zlGJ4Wq$!?$qhFKGzU5DL9!DI7=Q-gVTtJ2a`59OR$rN;$KUSYVDbK@+x0nRC3L#nk
zAn3T)Kn`F@=Ww<{`AV>W*o$#)&(Ltn5l+jISrw<-Oj#i$h-C~ph`9P>7XMXXUvqja
z1}=V$)8l`DSTH@7P}Zusng^C9uy#H%QZ{GG+8|mR9@=YD_VuEDJt0~|dkZ0&M0-=#
zpldF9VkWFjqP1x?2eM`vy0t_lY`*)UwOW#!BkM(Ly%H}=Ya2_luF^WQV02|0sfy-Q
z`FgP&Ph$2jmv6gnNSC_iP6(yVg0Yz#)RE96u5Bj345(a6=c^%|4~z$Jm#!pCrD%?W
z#saqP!YfG^eG3QtZ_`P=WY!2$|EOVg;0~8-h+sUVrkO%XV3JVW(ujY(TE84~e!+On
z2upXR*~8Mk6WorJZd9yUgEO24jdl5B%xk$v!Q$9Bi|#{4>7HMDdQFLD__c)9D=rEC
z;@TmAzovk{|B!*>TX=w1T4~6x+ZK2PpKS68c3hP9Dw%A-b$wz2V4qhn`Mc|30|!q2
zW^8ca5Vmn9ILYVTqCA3cH`XHo&Iy%|JESjn$((9<j-I6IAx=MdybbN7{2LHt=m5*|
z1PY(WcLZ%uBE>==JIs(ZNM2!FYfCE-)F5Lb8AoUJwcKXNPR^RAl%I8Te}diY??E>D
zbC;P;Y92a01lx3^*R`kJ&5s&8QjOhWV|Q91)-``@V8AKGNIC1jIXmB&HQ|#L;KGw?
ztE=StaJGiBm40LJ&A}UAS+Ulk5g&ZI|K`A-9+o;EQyNS|b|dav+^|@))cxUvaOCJO
zFD{)FT*p(^6QcFRrvOKQ@o5ZAvwz)Z@2jAGT4Cxp(?4}L_cQd*7zXH7vzi4MY54oZ
z4GkWx?zzKjO7|+(edK07tAVa3|I^-v5gTj@nqpl?j*&kU2m7Fk$6o?E2ApH2ik)}P
zcbXsObSl<)@|`BGSVW7?w)rkt4!JJ4<P?(Rpl&|pVtf3>cK73oMZB2(TlKYwt$R|j
z(8(4WS)1wl0yW`LE>Acl=#jrpH_24~&NA^9`6;QCHw-iSZ_~1T7|e8gsk1+YI$+TH
z&l;|3uaaLoVQFHYh8D8}gv48ANyQG#q35%#Ip3n<ZI@%^?|_|<8`~XRybaPc7Ekl7
z5tSsxZYjmXaLrV^@;owCBvsQIss0;Pszvta*G#pDk3f-B&1<Ckv$uY(Qy*q5R-a{1
zR^(S;pbpD{Hldpc&=pvQIobhqX^yV^wzBI0^$fp&0n-v<6mr3|v=4UFJh?}z=z&E`
zk|}0OhcvBm#m9QJcLr;NJ%HR~jH$Av#d8c3nH@baz>4~cMCGTl0zG$prk+)6Xrp~m
zZIapvt*p_}oMw4_yw!;xnPrp4AwG&zA=>q%i7V!bPl2aFgj1U$<ylTT)ucj<Q(zK=
z|8N=(EP}y^2hM^`MOm;KhR~D=7D4>7wgD4oZTMZL-~=deAvzQHz_EW+2jY@hG@lar
z*%|mT2b03V4?|@WSKCa9<ewq?6lC<|;8Tpp;fBXHk+9_QiFUC>m7G)6uin7?&;Kp5
z{~ZRzffwZ`swJaZF4eqQjZE+3#MOfT7BG$`+(!|JDCS%Eoh#YC%Yxz2j75ki@j5&S
zYyJy7S-^Zqd`e>QVDLz)Cz_;mp-3e-AzOt(Y)+RRk9VEQsiPV7MyQuzUIokDH6CY$
zjQ(OU1V6IH<8gl;O<CjzRwNrI4ad?7@IFA4P)GtM7cn{=;v$mYF!m4rH4I+D;8hH|
zF}Q@mc?<}YIfWF#Gt!|)Vtj+23xbM{Wh@h5+Xh@leiR0NQUl5>=7&Rwxg1H(!qXt(
zS*H<ajz_|Ds^4o#bdhrJ%UR9y2iMk$PyyXJ_67uGUEyqAeOB#}t0wKPORuZP|5eps
zSt&DLXR`J!CKnjBYS*V~+Qpjo<(iHEY+87AWmBJ6(|7&ABTwV^jqe!Wty%VLO?i4n
zPwzv!<DtWOYxw5y?djCIE#kT@%Z{xJ7SXZip<`Xj(E_Hdl*21Jyzlm=+FuddUwN-R
z)qhItKP9yJmK~=*Vd%2*PiUs0<d0^mwEWG9uX9-oWn1^8L_TuX{=EsIt#`R~htRT9
z*m+cNj;~mcJ#w`@rkpnK4JNCtF7tv>Y_5IT(R!yrbl@FKfX>cTb)Q(>x7f1eUa3C*
zuy%8*c9&SYYk^;UX{lqS_C(s<AT)L_ySLnZRdjEMd)n#A#p@TV`w3U|2@-EWtQ}aq
zu+$<PKD$zT?l}>6i`BaqnZ@Kv^*D*xFV^-ib}!B>g;r`$L%jLUW%uU0heh|xaEJ7=
z2FiI%lWl^WJlUGdaJszn&dl9&V%J`wb70X2W<LRbAg7{DC~v>BV}TKNjf&gHgl&g}
zL#N@}ob%>xp}c8+Tb9w5bv&VUU<9>-5%l`VpPp0_vzE5Z`w+}pBR5Bcrk;hDezN^v
zwlB0T_A5Rp4d{b%V`RnQ$5Pzzw`23KijEDp#%_+m89Rvl=@aKOXX1AKr`Y1=|M=Ph
zc(4o!M~<WU=tSCDc4NcW$L3xYt)8!sfogv<A|HqgKtuoTp88=u^`5rRFx0Jm-=u+u
z_su;(f1pG91BTGMyMeyfZ5pPTd%ZjN?P8X;>*3APE(YG*r)i+?>rMMD^!?J!`}OoM
zC=JlR&@&KvwWFh6%_#f^n9=W#1j3x(pE3LW;VAwF4$xM=|5ez?$$c^S{cLo?@8@yL
zIpbb+pu*pOY;bVki1O<jF7lNecP{*7CFA;pG#QYAh)1+4jaG=FGP(=VXh<4B$aq4A
z7Yp*>L4XVlO>t>tAp;E=cgQvcjx7AwF!(A41`Kd*D*3Pdd!T+mNvrQRe2ZHbBya!`
zYXX?|HR?CIZP1e&ngm^4x~W;vdD5N+pdT@1S#2rPG2fP@;C8q2?o~L_xNTV6y#F!2
z_=KkP<%9zk|412`&iR@w1-FIm<hG=Hj88d6pt6n}W5@h{<mgzKBDbZj$S6w$D#vJM
z4r%6lvJ~DIPD=Ns=EvkYClx<soha5wb!@`p0j5z6<4RjAvNRHpN?ln73CLn~{oGZt
zYD3mQo{jh%yBW@s2w5{_E_rOhFFDDC>AZH8=;N|zB#3Av)S}6AUNm`>L?f9KP2OH!
zE&7lw8VMpA3AJeQoEJ?VCDBOcM3c8H5pAU!TGI7RAKUh7a|MC~5sd_hu7r_=kVdM!
zGHW8FnJRP5Rot{?E#%Qk*`0Iro3mLW1?)~xN~QQEmmXmn(UE#}Gc9*&vlQGG+sO_3
z{9}B~@dB0Ift+?~<K~Y`YnhW8Qcp-c0tFZ(a%vIMh#Hy*X{O3+=9+HSWi8~<N|iaX
zHbR!*m*%<H{GPe1Z+D7i-p538E=|IMiGHl@hf<n9k)`myuy66CxMNg$fPqc$Ul7<y
z!9OYbrXCXx5?_iW^&jjyquvJoyV!+reZ%W8AP7SbzX<?Ph({}vst;n<B^@1p!0pvg
zAO!o?;cK06dY;Fg4L|;-yp-?=T0{vb$+%-vum#R`f;a8O;AAJ5Hzq;8UwY)x%Oz6|
zLlzf`b;8ghTXv+8g^UZ>zcV%PJE5U#h$cI8%z0}`B{H<D5AK7g+>gO^s$a{$|0bRH
zZ%}_y#HwFPC#7(?%zp=i3m9PGWt;@ysGy1>`VR8oPn3|Y#HYp`(r~<sM{_6I24cq`
z01Jpl^RbrJ=l}$0x<sn;chr_&Q(JyZHU5rj6{*($M!ozyYL7_m`7PD`TWa)o)bamf
js<^Rl*;Myc{U7!HCXMT3ii9KOl)HPmc8f?kNwWV3f&(9P

literal 0
HcmV?d00001

diff --git a/Backend/src/hotel_services/services/__pycache__/shift_scheduler.cpython-312.pyc b/Backend/src/hotel_services/services/__pycache__/shift_scheduler.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..47c85d300dbff48f858fc6c1ec8091ffc069b4d7
GIT binary patch
literal 5676
zcmb7IO>i8=74F%Y{nbcXNo)OhB{bL|SYxk{F!FC~EG*k#BQSDIP!hIAJ0of3*%{F@
zLe`cHu9Oclm`JW1WC|!ar66$d(J81DP)UlaTvm}NDHFNkRLH@%#a2})bIE%>JF_c!
zZIa&F?l;}9U;n(<-+SGEsjiL?NEvN+W*|z)zwpCNLXo)rJ0RxCPl-YXiNYy9jT_`x
z=^OMx$!mO;ALO&bpul0fp!u_b!2qNES}+?L3;`Wbf?7Bm8H_MGq*Z0bK@sS%649!&
z)q~X>@ex&2Yd+zeaR+OC<S0?9E)Yfh#8<3~Dn7YR4XDu;s8H*b>itkEHEML&r_^2$
z1{<b)iD>SZkpW8{9+n11GsBj2Xu>kGvXwD(X&^nSDifMYBfWC^%m_6mbVV}VN@>`j
zl3e6YOD5}WTCz1^N?BQ#N7SsUTalYMm;Qv$4k@ywTA8eBhcQ=F&5{$G9eREo2a`3R
zg9EB*!pBV>`oMQ!M72`N5Ks}MG-G5$r8jZKP}R&vOt~{K^pvU6*D`4}jU&3LxE18~
zQ&2NcR07H%sE9#c@m(N;g2F@YR|LodiXZZz5>P|1K|$D{aFGrH9hnLzB6bbiC2wbP
zyZ+y;nHa}?Fw;f7v3cSoamlw)Kl5M}(<H?jFjEM8dEAN*zT8DQZP=5gDU#s(kK9Bd
z3BeB130=?VBX+<VrK+shji9;onN&u%V4q|SwkvJuifLDCvT3D&JB51rn6m{_)rL(R
zQo3`xbJWPHog@0$&cmvC#xlk`j~SM#?dUa(Ga$Va*RSeIr%BVm3N5Z0%+8`dfI!<w
zd6ttLpRz+Km`KJ-rE*Q{cQolXG{X3%1lf7A($qR5ToPBhd!VRV>3DQTSPE@j>3VWT
z_$IXZHt>*j`-x|f?I(dn%)|bTA<KqD8!c}i$NU=_;Zxz<v&E4qpTd{x#0t9nV<DF+
zl`tN|iBb(x3je9#o=lJxa9e>}bm>w#R$HQ7>XRbDk+PZBxviyA@t4m$5y(9R2b@}x
zHL6NOWhdD=vF>@!ZDEQioq8!_O0tHgGbI&mss9ul<NyeR<7fvIS<M=HZvV!900Puf
z6=}y^@KC}9N!8^cO;r+M3P?)qfOEL*;G|5M)rK9bWd?l8G2q&g2>})u;}q9!``K`|
zkkJ8<Vo>8)E=BvH4?>oUZLl!bp%pn_g6urGQB^y;|IPiYV*PCY#r}N!;F9>%idcW6
zDUMdR+StC_*s;*q@sYBe>|IFqe!X+4@dajxA#t|qV%2h}Wg*nE6pF8gYVbQBd-0pl
z0Br`@>#Pzjl3C?%fw-4dn%orljB;B8`|#`(Iu;Xctz2KxlF{;t2m-d_S>9OKl~yX(
z*$xM`vvmN@{EwJU|B(?#LhLC3<{-j|F<})?c9}t$AZi?R?q@o8)F+G?8J(gw=oZX2
zXb`{%I^`PfQlT;a2(X(7cA&x9hS}*ir<u|mr~sAjdvo847@a+S@%XaXx*)cGIFJ`x
zm&AmprXAmel6R}A3M4W$HA6m6EckTN7}jn`<se~sATs7{afw~=l~e$#s{k8w9QB8Z
zh2yhS2^L%kILDREs{&Lg{JPO9fP^Q>H;wMbGX-mtJN~q9tjVQIr6Pcd6b(}GpE*p(
zJ@~+z{!e_tjeH~C-0AaWtE{y9p?i#7Hph1%Xu1bi*$jazau2Su`2kne`@z!A-e2RO
zWyF9Dsnol&6;R(CcS)FvPDQs8YqQ(=Awql4@nyTw=C+hdMYP)8uW4@&-zD$+l<H4w
zTwMSF+}}=XOEY|#DA9BL>-?qDPC3a<lC%8FWRgqN<@P-%XY{gg5D^)0LblLZn8kRo
z6rD-qD$N*5CM|2)RIYWS&tScaj^ieJ&)j1#I`NA)1jL@qW0lEd5lu3gv_-5;75h^(
zPrHUyrH$;krh+%JYqByuqbeyK_(qM%Tru7)lLqsaJpR2>E+Q2LZkKXmsRh2ml5Xrk
zDQ2#{k5UMPaVysQQwf)}S2_g&RY*OXhHz)txcLCgtUnPg;hin8kl1f(sygn#A{x3K
zn6T2iF=_i1b!cM5-o)ZFHbPm%OB;}tm-Q)|2aina@iW|aHm$Ol+V-nBH=8#tnh+=+
zY+FoEPzrH5i}jfAv`m{*O$?bNNRHc-;4Ak4(~%eICO3HBF5ofy!L6Jp-@1;kdnxq9
zT7ZPBXCoIQbKRF}Zq(GzYHw);Uu$*yYWpJ}yz$N(i|vokiNI9XG%sEj^KH*AMUSsE
zw=Oq#FEn>AHt(GC-*~udPFRX=0j5~fN~~r6naj^y(La(GV~=0$T8Ql|R^=Z^UgZ{J
z-B(X8#Cj^#6@o%@{TdNs4QmmyDL#Mv^6{0;dspJp2YcSx^WiI3PcFuH<u~uX7AaQc
zAAa)ctBdhH`OSN;ZLd(5C<OVIK5mWoZ)#kNlDbXvk;{=QJD1}<3-O+%=&nK+0Y9Yu
zTKj%&CyBM)B0MZQ+Q^pKe&BQSi>}XJyEd9{JDPv-^qja9ed*h1jEU%;uen_F14yrK
zzhfe1{Ql`D4<8_ZJP<w-=KmDjeMI2@Eck)815~vpsJ<?)z*rP*=Jqib?OH`oPlyNc
zoaKS%v=`N$^MSLuFBD9BF6$gW%>z7oP69?NCU*>u3=jY;FYX1v>N_V`USwM-o>e%@
zb4=4-gu(#J_bFcjEO0r_&#wgD^QV0POTlx(>%x!E$l)u&)>d>@_g#etaG~5!0D$g>
zoN;QT;g%{*W~@;Ou5$8_Y^sv!TwKd8zB$PO1^^X|XYUdO$UwKlCNi+1xNix+9WF{&
z6`H`dZJ0d<nH^w9+3bgS8AAtK(ABdRtwOT7*a=__uUREPv;Aq!fJ;~pN?{S!E~Iut
z1|b-OgMc!W8c}uIrwq}(*tice6RiTlpoj)fz$e@xP<j~}z{2ht5#wp|ZO8x<>Y9Gj
zJQG;0uAA$4>lZV=f)ETht;V)5$NCmxeP0YM#-5q!TWM%6L`Ze*?6Hf--hTG`wJ?dc
z+#<fP&S5Zq;^K*XeBb9!f5Clr<l63h%i*uBnG;Lmsg(z}Ts`!4UH+9+{*1QJkX;h9
zH^dr8#t(%scK@Le^2FXTcfgG18xN2_gnLE)%iy-&Apd0-hjh2lTT8wQ`hosR<dLqe
z?|qP8cfJrB+4=evin+&avT`&|H&?E&6s5Z-Nr%@W=v6U<e2*W1JAO_&s#=~~r0Ava
z(S==roTr=q1n>9~bP&uf0RH1W%kdcDjA_7S33yrCT`@O%ZE>XLS~ln%A7Y#)737&{
zFXu@iK$=_Ur!P;h9DI8D;K{!pJbC5Ra$Dy@Tjz4yo`tqOOKtn|Fa3O_W7~4ap@oh^
z-vxzeq(FplgoWSzi7I>#(B-U}O4*TADr?}g6VPHR_3DJI6<dO-lwzb)DT-k!yV}tX
zq$J2}0YVFlqN&oOkbO*;XvdvZV=ZR59VYTzAb%4M-4X<U&n+?RKgHc@4EZ~6#UApv
z7fx`Zzv)BkHi4qh8t_N199|<(IPy@69W5HZ_o6}Z8j^;;moNljMw0}h{1$OOQUYUF
z<#O3A0~E~VcA|nIsz}4_+fv!>%LEXCKn9-W*fB3te?|v==xH_Kqx~=#TPS@FDRd=l
z2kZu>Hii$SNxy*2@Hg>!@H_!`8*0u6+gIa>#rR|SQ1fb4JTJtVlthdkM{bN?XeVa4
zIEqID-UFt_VR95v!>%!3)npCgvg}k6ER3QV+l}U^OjRWb?@hy*k)(^74wAL5Z^U;1
zkd|_IDS|bFIeH8!hGI;exKz6~m6CPc0Q-kmLlZ26EouGQ?}YX{_H=-rhCb*W&6go7
z@Eph8^6{K-J3_d+zmuwekVmhR_;s@7-(>rB(sP|0_-D9b?$~0u?R?-rfuC_)<U4|S
i;jE7&yYnPE_vn=a3-#L;Nmn7@=UT74vPPg_8}?tTzZJ3o

literal 0
HcmV?d00001

diff --git a/Backend/src/hotel_services/services/shift_automation_service.py b/Backend/src/hotel_services/services/shift_automation_service.py
new file mode 100644
index 00000000..4850746f
--- /dev/null
+++ b/Backend/src/hotel_services/services/shift_automation_service.py
@@ -0,0 +1,603 @@
+"""
+Staff Shift Automation Service
+Enterprise-grade automated shift status management with business logic
+"""
+
+from datetime import datetime, time, timedelta
+from typing import List, Dict, Any, Optional, Tuple
+from sqlalchemy.orm import Session
+from sqlalchemy import and_, or_, func
+
+from ...shared.config.logging_config import get_logger
+from ..models.staff_shift import StaffShift, ShiftStatus, ShiftType
+from ...analytics.models.audit_log import AuditLog
+from ...notifications.services.notification_service import NotificationService
+from ...notifications.models.notification import NotificationType, NotificationChannel
+
+logger = get_logger(__name__)
+
+
+class ShiftAutomationService:
+    """Service for automated shift status management"""
+    
+    # Configuration constants
+    NO_SHOW_THRESHOLD_MINUTES = 15  # Mark as no_show if 15 minutes past start time
+    AUTO_COMPLETE_BUFFER_MINUTES = 0  # Auto-complete at exact end time
+    AUTO_START_BUFFER_MINUTES = 0  # Auto-start at exact start time
+    
+    @staticmethod
+    def get_shift_datetime(shift: StaffShift) -> Tuple[datetime, datetime]:
+        """
+        Convert shift date and time to full datetime objects
+        Returns (start_datetime, end_datetime)
+        """
+        shift_date = shift.shift_date.date() if isinstance(shift.shift_date, datetime) else shift.shift_date
+        
+        # Combine date with time
+        start_datetime = datetime.combine(shift_date, shift.start_time)
+        end_datetime = datetime.combine(shift_date, shift.end_time)
+        
+        # Handle overnight shifts (end time is next day)
+        if shift.end_time < shift.start_time:
+            end_datetime += timedelta(days=1)
+        
+        return start_datetime, end_datetime
+    
+    @staticmethod
+    def should_auto_start(shift: StaffShift, current_time: datetime) -> bool:
+        """Check if shift should be automatically started - at exact start time"""
+        if shift.status != ShiftStatus.scheduled:
+            return False
+        
+        start_datetime, _ = ShiftAutomationService.get_shift_datetime(shift)
+        
+        # Auto-start at exact start time (or after)
+        return current_time >= start_datetime
+    
+    @staticmethod
+    def should_auto_complete(shift: StaffShift, current_time: datetime) -> bool:
+        """Check if shift should be automatically completed - at exact end time"""
+        if shift.status != ShiftStatus.in_progress:
+            return False
+        
+        _, end_datetime = ShiftAutomationService.get_shift_datetime(shift)
+        
+        # Auto-complete at exact end time (or after)
+        return current_time >= end_datetime
+    
+    @staticmethod
+    def should_mark_no_show(shift: StaffShift, current_time: datetime) -> bool:
+        """Check if shift should be marked as no_show"""
+        if shift.status != ShiftStatus.scheduled:
+            return False
+        
+        start_datetime, _ = ShiftAutomationService.get_shift_datetime(shift)
+        
+        # Mark as no_show if past start time + threshold and no actual start recorded
+        no_show_time = start_datetime + timedelta(minutes=ShiftAutomationService.NO_SHOW_THRESHOLD_MINUTES)
+        
+        return current_time >= no_show_time and shift.actual_start_time is None
+    
+    @staticmethod
+    def auto_start_shift(
+        db: Session,
+        shift: StaffShift,
+        current_time: Optional[datetime] = None,
+        triggered_by: Optional[int] = None
+    ) -> bool:
+        """
+        Automatically start a shift
+        Returns True if status was changed, False otherwise
+        """
+        if shift.status != ShiftStatus.scheduled:
+            return False
+        
+        current_time = current_time or datetime.utcnow()
+        
+        try:
+            old_status = shift.status
+            shift.status = ShiftStatus.in_progress
+            shift.actual_start_time = current_time
+            shift.updated_at = current_time
+            
+            db.commit()
+            
+            # Log audit trail
+            ShiftAutomationService._log_status_change(
+                db=db,
+                shift_id=shift.id,
+                old_status=old_status,
+                new_status=ShiftStatus.in_progress,
+                user_id=triggered_by,
+                reason="AUTO_START",
+                details={"triggered_at": current_time.isoformat()}
+            )
+            
+            # Send notification to staff (with fallback)
+            try:
+                try:
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.shift_update,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift has automatically started at {current_time.strftime('%H:%M')}",
+                        subject="Shift Started",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "in_progress",
+                            "auto_started": True
+                        }
+                    )
+                except Exception as enum_error:
+                    # Fallback to system_alert if shift_update enum not in database yet
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.system_alert,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift has automatically started at {current_time.strftime('%H:%M')}",
+                        subject="Shift Started",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "in_progress",
+                            "auto_started": True
+                        }
+                    )
+            except Exception as e:
+                logger.warning(f"Failed to send notification for shift {shift.id}: {str(e)}")
+                try:
+                    db.rollback()
+                except:
+                    pass
+            
+            logger.info(f"Shift {shift.id} automatically started at {current_time.isoformat()}")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Error auto-starting shift {shift.id}: {str(e)}", exc_info=True)
+            db.rollback()
+            return False
+    
+    @staticmethod
+    def auto_complete_shift(
+        db: Session,
+        shift: StaffShift,
+        current_time: Optional[datetime] = None,
+        triggered_by: Optional[int] = None
+    ) -> bool:
+        """
+        Automatically complete a shift
+        Returns True if status was changed, False otherwise
+        """
+        if shift.status != ShiftStatus.in_progress:
+            return False
+        
+        current_time = current_time or datetime.utcnow()
+        
+        try:
+            old_status = shift.status
+            shift.status = ShiftStatus.completed
+            shift.actual_end_time = current_time
+            shift.updated_at = current_time
+            
+            # If no actual start time was recorded, set it to scheduled start
+            if not shift.actual_start_time:
+                start_datetime, _ = ShiftAutomationService.get_shift_datetime(shift)
+                shift.actual_start_time = start_datetime
+            
+            db.commit()
+            
+            # Log audit trail
+            ShiftAutomationService._log_status_change(
+                db=db,
+                shift_id=shift.id,
+                old_status=old_status,
+                new_status=ShiftStatus.completed,
+                user_id=triggered_by,
+                reason="AUTO_COMPLETE",
+                details={
+                    "triggered_at": current_time.isoformat(),
+                    "auto_completed": True
+                }
+            )
+            
+            # Send notification to staff (with fallback)
+            try:
+                try:
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.shift_update,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift has been automatically completed at {current_time.strftime('%H:%M')}",
+                        subject="Shift Completed",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "completed",
+                            "auto_completed": True
+                        }
+                    )
+                except Exception as enum_error:
+                    # Fallback to system_alert if shift_update enum not in database yet
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.system_alert,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift has been automatically completed at {current_time.strftime('%H:%M')}",
+                        subject="Shift Completed",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "completed",
+                            "auto_completed": True
+                        }
+                    )
+            except Exception as e:
+                logger.warning(f"Failed to send notification for shift {shift.id}: {str(e)}")
+                try:
+                    db.rollback()
+                except:
+                    pass
+            
+            logger.info(f"Shift {shift.id} automatically completed at {current_time.isoformat()}")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Error auto-completing shift {shift.id}: {str(e)}", exc_info=True)
+            db.rollback()
+            return False
+    
+    @staticmethod
+    def mark_no_show(
+        db: Session,
+        shift: StaffShift,
+        current_time: Optional[datetime] = None,
+        triggered_by: Optional[int] = None
+    ) -> bool:
+        """
+        Mark a shift as no_show
+        Returns True if status was changed, False otherwise
+        """
+        if shift.status != ShiftStatus.scheduled:
+            return False
+        
+        current_time = current_time or datetime.utcnow()
+        
+        try:
+            old_status = shift.status
+            shift.status = ShiftStatus.no_show
+            shift.updated_at = current_time
+            
+            db.commit()
+            
+            # Log audit trail
+            ShiftAutomationService._log_status_change(
+                db=db,
+                shift_id=shift.id,
+                old_status=old_status,
+                new_status=ShiftStatus.no_show,
+                user_id=triggered_by,
+                reason="AUTO_NO_SHOW",
+                details={
+                    "triggered_at": current_time.isoformat(),
+                    "auto_marked": True
+                }
+            )
+            
+            # Send notification to staff and admin (with fallback)
+            try:
+                try:
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.shift_update,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift was marked as no-show. Please contact your supervisor.",
+                        subject="Shift No-Show",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "no_show",
+                            "auto_marked": True
+                        }
+                    )
+                except Exception as enum_error:
+                    # Fallback to system_alert if shift_update enum not in database yet
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.system_alert,
+                        channel=NotificationChannel.in_app,
+                        content=f"Your shift was marked as no-show. Please contact your supervisor.",
+                        subject="Shift No-Show",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "no_show",
+                            "auto_marked": True
+                        }
+                    )
+            except Exception as e:
+                logger.warning(f"Failed to send notification for shift {shift.id}: {str(e)}")
+                try:
+                    db.rollback()
+                except:
+                    pass
+            
+            logger.warning(f"Shift {shift.id} marked as no-show at {current_time.isoformat()}")
+            return True
+            
+        except Exception as e:
+            logger.error(f"Error marking shift {shift.id} as no-show: {str(e)}", exc_info=True)
+            db.rollback()
+            return False
+    
+    @staticmethod
+    def manual_status_change(
+        db: Session,
+        shift: StaffShift,
+        new_status: ShiftStatus,
+        user_id: int,
+        reason: Optional[str] = None,
+        notes: Optional[str] = None
+    ) -> bool:
+        """
+        Manually change shift status - ONLY for cancellation
+        All other status changes (start, complete) are handled automatically by scheduler
+        Returns True if status was changed, False otherwise
+        """
+        old_status = shift.status
+        current_time = datetime.utcnow()
+        
+        # Only allow manual cancellation - all other status changes are automatic
+        if new_status != ShiftStatus.cancelled:
+            logger.warning(
+                f"Manual status change to {new_status.value} not allowed. "
+                f"Only cancellation is allowed manually. Shift {shift.id} by user {user_id}"
+            )
+            return False
+        
+        # Validate status transition (only cancellation allowed)
+        if not ShiftAutomationService._is_valid_transition(old_status, new_status):
+            logger.warning(
+                f"Invalid status transition from {old_status.value} to {new_status.value} "
+                f"for shift {shift.id} by user {user_id}"
+            )
+            return False
+        
+        try:
+            shift.status = new_status
+            shift.updated_at = current_time
+            
+            # Update timestamps based on status
+            if new_status == ShiftStatus.in_progress and not shift.actual_start_time:
+                shift.actual_start_time = current_time
+            elif new_status == ShiftStatus.completed and not shift.actual_end_time:
+                shift.actual_end_time = current_time
+                # If no actual start time, set it to scheduled start
+                if not shift.actual_start_time:
+                    start_datetime, _ = ShiftAutomationService.get_shift_datetime(shift)
+                    shift.actual_start_time = start_datetime
+            
+            # Update notes if provided
+            if notes:
+                if shift.notes:
+                    shift.notes += f"\n[{current_time.strftime('%Y-%m-%d %H:%M')}] {notes}"
+                else:
+                    shift.notes = f"[{current_time.strftime('%Y-%m-%d %H:%M')}] {notes}"
+            
+            db.commit()
+            
+            # Log audit trail
+            ShiftAutomationService._log_status_change(
+                db=db,
+                shift_id=shift.id,
+                old_status=old_status,
+                new_status=new_status,
+                user_id=user_id,
+                reason=reason or "MANUAL",
+                details={
+                    "notes": notes,
+                    "changed_at": current_time.isoformat()
+                }
+            )
+            
+            # Send notification for cancellation (use system_alert as fallback if shift_update not in DB)
+            try:
+                cancellation_message = f"Your shift has been cancelled"
+                if notes:
+                    cancellation_message += f". Reason: {notes}"
+                
+                # Try shift_update first, fallback to system_alert if enum not updated in DB
+                try:
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.shift_update,
+                        channel=NotificationChannel.in_app,
+                        content=cancellation_message,
+                        subject="Shift Cancelled",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "cancelled",
+                            "changed_by": user_id,
+                            "reason": reason,
+                            "notes": notes
+                        }
+                    )
+                except Exception as enum_error:
+                    # Fallback to system_alert if shift_update enum not in database yet
+                    logger.warning(f"shift_update enum not available, using system_alert: {str(enum_error)}")
+                    NotificationService.send_notification(
+                        db=db,
+                        user_id=shift.staff_id,
+                        notification_type=NotificationType.system_alert,
+                        channel=NotificationChannel.in_app,
+                        content=cancellation_message,
+                        subject="Shift Cancelled",
+                        meta_data={
+                            "shift_id": shift.id,
+                            "status": "cancelled",
+                            "changed_by": user_id,
+                            "reason": reason,
+                            "notes": notes
+                        }
+                    )
+            except Exception as e:
+                # Log but don't fail the operation if notification fails
+                logger.warning(f"Failed to send notification for shift cancellation: {str(e)}")
+                # Rollback notification transaction if it failed
+                try:
+                    db.rollback()
+                except:
+                    pass
+            
+            logger.info(
+                f"Shift {shift.id} status changed from {old_status.value} to {new_status.value} "
+                f"by user {user_id}"
+            )
+            return True
+            
+        except Exception as e:
+            shift_id_str = str(shift.id) if shift and hasattr(shift, 'id') else 'unknown'
+            logger.error(f"Error changing shift {shift_id_str} status: {str(e)}", exc_info=True)
+            try:
+                db.rollback()
+            except:
+                pass
+            return False
+    
+    @staticmethod
+    def _is_valid_transition(old_status: ShiftStatus, new_status: ShiftStatus) -> bool:
+        """
+        Validate if a status transition is allowed
+        Enterprise business rules for status transitions
+        """
+        # Same status is always valid (no-op)
+        if old_status == new_status:
+            return True
+        
+        # Define valid transitions
+        valid_transitions = {
+            ShiftStatus.scheduled: [
+                ShiftStatus.in_progress,
+                ShiftStatus.cancelled,
+                ShiftStatus.no_show
+            ],
+            ShiftStatus.in_progress: [
+                ShiftStatus.completed,
+                ShiftStatus.cancelled
+            ],
+            ShiftStatus.completed: [],  # Terminal state - cannot transition from
+            ShiftStatus.cancelled: [],  # Terminal state - cannot transition from
+            ShiftStatus.no_show: [
+                ShiftStatus.cancelled  # Can cancel a no-show
+            ]
+        }
+        
+        allowed = valid_transitions.get(old_status, [])
+        return new_status in allowed
+    
+    @staticmethod
+    def _log_status_change(
+        db: Session,
+        shift_id: int,
+        old_status: ShiftStatus,
+        new_status: ShiftStatus,
+        user_id: Optional[int],
+        reason: str,
+        details: Optional[Dict[str, Any]] = None
+    ):
+        """Log shift status change to audit log"""
+        try:
+            audit_log = AuditLog(
+                user_id=user_id,
+                action="shift_status_change",
+                resource_type="staff_shift",
+                resource_id=shift_id,
+                details={
+                    "old_status": old_status.value,
+                    "new_status": new_status.value,
+                    "reason": reason,
+                    **(details or {})
+                },
+                status="success"
+            )
+            db.add(audit_log)
+            db.commit()
+        except Exception as e:
+            logger.error(f"Failed to log status change for shift {shift_id}: {str(e)}")
+            # Don't fail the operation if audit logging fails
+    
+    @staticmethod
+    def process_shift_automation(db: Session, current_time: Optional[datetime] = None) -> Dict[str, Any]:
+        """
+        Process all shifts that need automatic status updates
+        This is the main method called by the scheduler
+        Returns statistics about processed shifts
+        """
+        current_time = current_time or datetime.utcnow()
+        stats = {
+            "processed": 0,
+            "auto_started": 0,
+            "auto_completed": 0,
+            "marked_no_show": 0,
+            "errors": 0
+        }
+        
+        try:
+            # Get all shifts that need processing
+            # Only process shifts from today and future (not too far in the past)
+            cutoff_date = current_time.date() - timedelta(days=1)
+            
+            shifts_to_process = db.query(StaffShift).filter(
+                and_(
+                    func.date(StaffShift.shift_date) >= cutoff_date,
+                    StaffShift.status.in_([ShiftStatus.scheduled, ShiftStatus.in_progress])
+                )
+            ).all()
+            
+            logger.info(f"Processing {len(shifts_to_process)} shifts for automation")
+            
+            for shift in shifts_to_process:
+                try:
+                    stats["processed"] += 1
+                    
+                    # Check for no-show first (highest priority)
+                    if ShiftAutomationService.should_mark_no_show(shift, current_time):
+                        if ShiftAutomationService.mark_no_show(db, shift, current_time):
+                            stats["marked_no_show"] += 1
+                        continue
+                    
+                    # Check for auto-complete
+                    if ShiftAutomationService.should_auto_complete(shift, current_time):
+                        if ShiftAutomationService.auto_complete_shift(db, shift, current_time):
+                            stats["auto_completed"] += 1
+                        continue
+                    
+                    # Check for auto-start
+                    if ShiftAutomationService.should_auto_start(shift, current_time):
+                        if ShiftAutomationService.auto_start_shift(db, shift, current_time):
+                            stats["auto_started"] += 1
+                        continue
+                    
+                except Exception as e:
+                    logger.error(f"Error processing shift {shift.id}: {str(e)}", exc_info=True)
+                    stats["errors"] += 1
+            
+            logger.info(
+                f"Shift automation completed: {stats['auto_started']} started, "
+                f"{stats['auto_completed']} completed, {stats['marked_no_show']} no-shows, "
+                f"{stats['errors']} errors"
+            )
+            
+            return stats
+            
+        except Exception as e:
+            logger.error(f"Error in shift automation process: {str(e)}", exc_info=True)
+            stats["errors"] += 1
+            return stats
+
+
+# Singleton instance
+shift_automation_service = ShiftAutomationService()
+
diff --git a/Backend/src/hotel_services/services/shift_scheduler.py b/Backend/src/hotel_services/services/shift_scheduler.py
new file mode 100644
index 00000000..de5c224b
--- /dev/null
+++ b/Backend/src/hotel_services/services/shift_scheduler.py
@@ -0,0 +1,120 @@
+"""
+Staff Shift Automation Scheduler
+Background scheduler for automatic shift status management
+"""
+
+import threading
+import time
+from datetime import datetime, timedelta
+from typing import Optional
+from sqlalchemy.orm import Session
+
+from ...shared.config.database import get_db
+from ...shared.config.logging_config import get_logger
+from .shift_automation_service import shift_automation_service
+
+logger = get_logger(__name__)
+
+
+class ShiftScheduler:
+    """Background scheduler for automatic shift status updates"""
+    
+    def __init__(self):
+        self.running = False
+        self.thread: Optional[threading.Thread] = None
+        self.check_interval_seconds = 60  # Check every minute
+        self.last_run_time: Optional[datetime] = None
+    
+    def start(self):
+        """Start the background shift scheduler"""
+        if self.running:
+            logger.warning("Shift Scheduler is already running")
+            return
+        
+        self.running = True
+        self.thread = threading.Thread(target=self._scheduler_loop, daemon=True)
+        self.thread.start()
+        logger.info("Shift Scheduler started - automatic shift management enabled")
+    
+    def stop(self):
+        """Stop the background shift scheduler"""
+        if not self.running:
+            return
+        
+        self.running = False
+        if self.thread:
+            self.thread.join(timeout=5.0)
+        logger.info("Shift Scheduler stopped")
+    
+    def _scheduler_loop(self):
+        """Main scheduler loop that runs shift automation periodically"""
+        logger.info("Shift Scheduler loop started")
+        
+        # Wait a bit for the app to fully start
+        time.sleep(10)
+        
+        while self.running:
+            try:
+                current_time = datetime.utcnow()
+                
+                # Run shift automation
+                logger.debug("Running scheduled shift automation check...")
+                stats = self._run_shift_automation()
+                
+                self.last_run_time = current_time
+                
+                # Log summary if there were changes
+                if any([
+                    stats.get("auto_started", 0) > 0,
+                    stats.get("auto_completed", 0) > 0,
+                    stats.get("marked_no_show", 0) > 0
+                ]):
+                    logger.info(
+                        f"Shift automation run completed: "
+                        f"{stats.get('auto_started', 0)} started, "
+                        f"{stats.get('auto_completed', 0)} completed, "
+                        f"{stats.get('marked_no_show', 0)} no-shows"
+                    )
+                
+                # Sleep until next check
+                time.sleep(self.check_interval_seconds)
+                
+            except Exception as e:
+                logger.error(f"Error in shift scheduler loop: {str(e)}", exc_info=True)
+                # Sleep for 30 seconds before retrying on error
+                time.sleep(30)
+    
+    def _run_shift_automation(self) -> dict:
+        """Run shift automation process with database session management"""
+        db_gen = get_db()
+        db = next(db_gen)
+        
+        try:
+            stats = shift_automation_service.process_shift_automation(db)
+            return stats
+        except Exception as e:
+            logger.error(f"Error running shift automation: {str(e)}", exc_info=True)
+            return {"processed": 0, "auto_started": 0, "auto_completed": 0, "marked_no_show": 0, "errors": 1}
+        finally:
+            db.close()
+    
+    def get_status(self) -> dict:
+        """Get scheduler status information"""
+        return {
+            "running": self.running,
+            "last_run_time": self.last_run_time.isoformat() if self.last_run_time else None,
+            "check_interval_seconds": self.check_interval_seconds
+        }
+
+
+# Singleton instance
+_shift_scheduler: Optional[ShiftScheduler] = None
+
+
+def get_shift_scheduler() -> ShiftScheduler:
+    """Get or create the singleton shift scheduler instance"""
+    global _shift_scheduler
+    if _shift_scheduler is None:
+        _shift_scheduler = ShiftScheduler()
+    return _shift_scheduler
+
diff --git a/Backend/src/main.py b/Backend/src/main.py
index af99f453..230ff0d4 100644
--- a/Backend/src/main.py
+++ b/Backend/src/main.py
@@ -293,6 +293,7 @@ from .payments.routes.approval_routes import router as financial_approval_routes
 from .payments.routes.gl_routes import router as gl_routes
 from .payments.routes.reconciliation_routes import router as reconciliation_routes
 from .payments.routes.accountant_security_routes import router as accountant_security_routes
+from .auth.routes.admin_security_routes import router as admin_security_routes
 from .hotel_services.routes import service_routes, service_booking_routes, inventory_routes, guest_request_routes, staff_shift_routes
 from .content.routes import (
     banner_routes, page_content_routes, home_routes, about_routes,
@@ -330,6 +331,7 @@ app.include_router(financial_approval_routes, prefix=api_prefix)
 app.include_router(gl_routes, prefix=api_prefix)
 app.include_router(reconciliation_routes, prefix=api_prefix)
 app.include_router(accountant_security_routes, prefix=api_prefix)
+app.include_router(admin_security_routes, prefix=api_prefix)
 app.include_router(banner_routes.router, prefix=api_prefix)
 app.include_router(favorite_routes.router, prefix=api_prefix)
 app.include_router(service_routes.router, prefix=api_prefix)
@@ -439,6 +441,16 @@ async def startup_event():
         logger.error(f'Failed to start AI Training Scheduler: {str(e)}', exc_info=True)
         # Don't fail app startup if scheduler fails
     
+    # Start Shift Automation Scheduler for automatic shift management
+    try:
+        from .hotel_services.services.shift_scheduler import get_shift_scheduler
+        shift_scheduler = get_shift_scheduler()
+        shift_scheduler.start()
+        logger.info('Shift Automation Scheduler started - automatic shift management enabled')
+    except Exception as e:
+        logger.error(f'Failed to start Shift Automation Scheduler: {str(e)}', exc_info=True)
+        # Don't fail app startup if scheduler fails
+    
     logger.info(f'{settings.APP_NAME} started successfully')
     logger.info(f'Environment: {settings.ENVIRONMENT}')
     logger.info(f'Debug mode: {settings.DEBUG}')
diff --git a/Backend/src/models/__init__.py b/Backend/src/models/__init__.py
index 5a805f6a..94b7b9d9 100644
--- a/Backend/src/models/__init__.py
+++ b/Backend/src/models/__init__.py
@@ -8,6 +8,7 @@ from ..auth.models.role import Role
 from ..auth.models.user import User
 from ..auth.models.refresh_token import RefreshToken
 from ..auth.models.password_reset_token import PasswordResetToken
+from ..auth.models.admin_session import AdminSession, AdminActivityLog
 
 # Room models
 from ..rooms.models.room_type import RoomType
@@ -111,7 +112,7 @@ from ..integrations.models.webhook import Webhook, WebhookDelivery, WebhookEvent
 
 __all__ = [
     # Auth
-    'Role', 'User', 'RefreshToken', 'PasswordResetToken',
+    'Role', 'User', 'RefreshToken', 'PasswordResetToken', 'AdminSession', 'AdminActivityLog',
     # Rooms
     'RoomType', 'Room', 'RoomAttribute', 'RoomMaintenance', 'MaintenanceType', 'MaintenanceStatus',
     'RoomInspection', 'InspectionType', 'InspectionStatus', 'RatePlan', 'RatePlanRule', 'RatePlanType', 'RatePlanStatus',
diff --git a/Backend/src/models/__pycache__/__init__.cpython-312.pyc b/Backend/src/models/__pycache__/__init__.cpython-312.pyc
index ef8cd9736238300b9a4af96a855abbc9b5c04322..b4c0312b90e8154e8506fc4c3c475d023f9083c7 100644
GIT binary patch
delta 2437
zcmaKsZE#f88OL)QSdwhAWV6}#_uae-2?Rn2MTC&>CINL?KptMgvb#wxInUnY?j>PC
zTmccCsnztsq5{64U~3z!#QMp0rc)K6(~oLh1u9|%)G{5Xop#y}z0V2BhYr)7+28!1
z|NlAXo;`ccJ=uAn%l3zgin1c}(>~Cy-d{gz^C*$g`p!IB!KxIcl++ASjulWLb&0Uy
zOqeNksi;Id*rhHLRp<Z*Rzo#9!6`kfaG@LA=m8IU!7IIT;X^<8F#rJ!LJ&g`l758<
zV+0}?g($`#W_l$`$|mAi1EYVdy$@%@Y}scQP1p?0QdfyNI2Yzh?GP<E59Uc-E#_k@
zwBiC-fNju*3t=I)Lpv^lMKX5^N-MRUQhUU5?1WD2f-YPEE2QTYD{&R9!qu=E*T5R-
z`NX}r7S>`nbj#W=*5P`fKPuk5tb^i*xB)icM%aj(V3YJh;z8UDn-KtT3v9uyuobt#
zHkpORcI<&3sUu<sCLkeoRP4kgBrydkOhX!bp%?q05Bs5C=Kp`6@^{>)m{4&S?7{&U
zKmh^~P|g(>8Pq_-K^Vj#7(yL%%t96oFl1gMcH=M%OI<5Qa1ZQ}x=!S9FYLvAuus<Y
z;vw7*`%S$}Ni~RvF%J`)(kLFm18_h#-6am<Avh%UEb%BFhQm_N7LVZ(I3jhEpmoLG
zJU#_a;nVOmj>4$)o5fF%fbb|B#b@9d>CF*8#ba;`pM_`fId~4Ahv)G)9GBT#aRN`m
zNqhlbkadfA5nqCrq@E{U##3+#8=(<jfmftAU%ZN^;WVCsGx!?NjpE>99D^~LwTZL%
z2D~BlLh&nn6W+vga1O^|9N&Vsq~9)njc>!-QZEwJG0iz~aTber@Haq-Y2H~fTOxjs
z@4~zI9=wO|!~1w1&f^F00bYO$co8njo_hqnJgqj5AHs+D5qyLn!^hHJD*l9@z$aLM
z0)7gg;%D#~UV=+_87|`$xFUO&i9h4#@Ht+EtM~<cf!E*~ehFX7tV8?-zk;u%UM{ZV
z4Y+|f;U<0!U*k9M4SoyXDn)%osm@ah{54nH)wqK0p8nhD_X_15DO58*NN2OEmMK)q
zsv~Kr!>W<%*80Z(HT{}J365Vb|97!6Mup0arPb!UM0c8?GIxkJ*>_p)W@ibVx5q4N
zSl&yw>@Ais%Lvs~oww>Nvy349v#LM*ILjv(_b`?+mN7aQ%PH?TSD}xwK5Jrq<1K2f
z&PTn8-9~>iYN@oyHYa%5J=uwM>od5wgc43iOw+K($PK3TQqwEgb+gV+4&p*DqifYs
z#Yz@u+*;1#Di}6ub;hhSSynRa=464&DwYn$#IL3&olTW4uH6iei9!txxgt*0NTcp$
z)5q|0GRsV&6meNC0rrB_;#yz{u?&-NwS^<x<ld=i18SykYLT~VJxafG)hRK$?uze-
z^Pn0=Eu)T6&uB1Fa1SPOn9dkeQ{1lg#yh5JW>`~`Y5gvqU>3L3(h0ZUzB{EFJ%*l8
zg+803COYPBur{-t!<b7K-Obh(mh%|%so2wCX=S;9T0HgEHkJz+?UeMyEsI!wpMK<t
zS1x8baZXHCsHdS|h%R}`oOeC||MA3?PKtONEnVDRONuv0!dvQF!Sk$StYWNY+&*&=
zub*D`+MH|I>t?KDtT$1JniIIoj6`p5Pqts}HE2myh{}B){{~JSNiAcT`!{(^b_%Ue
z-$+Y+QR^n2;z4c-(2sqtl0i+V$(+8Kp71qq1@@hKdRR@5Ozr(dsc+%T{Xbc6Vp!A7
zlcI0s)R)L4M9xr?Q)3hIFW{$dBZog8*v@UPY%XgauF1uXX!<~}&_?LVs-{4}mQW{y
zWPifY`^^!$%GgE6{bAbxOTj=Bbj$Cj9f1<7p{8|xknJJ*hd*lJ3tDKP2Lf(t4OCg=
zRW+zP5V!8;reVei?G4m5?qQkZcDK-S31Q?WpRcET%}EnN-^(rg=t3Z*JVe(60q1@;
z9%kejkC-qYW}X21pd6IWn5XdoyD@ex8O_|HgCv6W)<ZntQI5>ZWFDD!g0{-T>^;Uf
z!a*$uj%>P*uYf-FYBB%w2SQGYgevHeBS!ay>L?#-nV}!&fhTAzR6|!y|GQAk`6^qd
z8D|);F@8qfVQ*<-Q0*B==k%YORn+-92ftwak}>guqJ!b>Wq&to#r$T^(#^2H_)5{r
N@#&GH%CzrH@4q9M)MWqw

delta 2152
zcmb7^S#*@;8OQkw9Uzm8Gnvf3&zOB91OkW)Bw&qz7R&m8gdv$s2HyY7@XaI;Y7HQQ
zo?g`OfKn}$B6g9Y!HC{?yb-19p?7r|tQ+D&d%Aelp4M|Z&l}A}Pj5Qs%>VqJ|NnWv
z@7-n&tT@?Yd#kFdVn+FMreZ<nTHUzKYuLx@d&Z0z1IEB?Wkn@bYM!I2U?ZF6x#|Yk
z$qolOP)*g^t58nVPz_w<f}7mhvnmg~<b{uX@RJ__3TVGl1reeU!W2e?BHF7`QN$>Q
zIK`2mISFmr)cD_P@7Cy0Eoh}y&DE+6?bNQ>spg@BIxwH+qmw$ZfEHjOEkqY}>AXfQ
z!eUyi*`=1?CgPM)+k<ZE)}B}OU<IwfN?M8A>2~e;)c0@)-GN@})wN&UiB+@;t7$dX
z&>HOp6kj%cV^~M)bRAObv4J*VBW=Vc+Jw!t8APPBu-byHv{iFN-HUCsO><QBVLNR{
zl9Jd#JJ3)47@z^9D5dlNZ=a^lET#sLrZk3V2pP&?C+*bFimP2vqyPf4ltqqm$WtD>
zX}8W3%0z(*nr~D^4AZdYS~Y?_v<G`>udeIVDE84l&GqVsxR37B+@Nm$5$>n^b<wEC
zu%Gs8Zc+zukPd2YRuAA19n##Q9>iffj3aae4-v1O>6=<WtNIBZp+_)I<2Xu3b#I$u
z9HV16PRH>mJ&MQZF`S?iI%`)y#pCoio}edmJx~1%C+Vc-4)t?9Nl&7V>TrrqX>Y#z
z1y0jxJVj6844u(lr+ON{B)&E?wp7<$>KvY>XYm|8hY6a%c{;ECMe2D>(xm3a>IGb&
z3!0ax7x5DD@>wn`UZ$6|w^VU*maiVK(yO>g7x5ashS%wJT%t=lzeW8HZ_pcflitKz
z#81zvom&5`>JNCE-o`uh4&J4A@gBX05|wa;uHb!oUyr>_{ShC~2l$Xa#7FcIKBkZH
z34NloW$G$ErB5|4SJ&_veTL8Jb9_Nx;7j@v*Xg=3BRylF`?NuS8trLZv2TAxPbyn9
zlf3@B7baUQS1m?h(q8qinZ{YJbZoFh%Kr{#l!qKYwk#Ly=6^ckmKs49$ErIly@Gf0
zrs_-9fS@T-;3nr#<YvKJL~a$iO=OwKLn06JdFS&p?`r%r=WE8e#^p6;bF0f^%;A-;
zm@${ru7p+ooJ^}oB_DUi7gY(`L~bZc$!+FxD6}CrkWz&<Gg(aa<yA6k+NHxGQZ3@-
zzqnfMQ*)NuU6#^~yxkqOXNoD99x=TlKHlQ)u=)jMF{O5C;+NcZOHjNJUv_sz!jgD)
z<Z`<*+4S_=zp2d#$31mMlzTl1R*q0l$&*ixqP)e^o!``Ey?)Mrr<v?XF4Lbf8{~zJ
z(o)M`djgK(flRTld`=l<Hc8aX|L`<eTLfE0+PK-<W^EUoC(^+K-UiEj!A?Hvt+y@^
zTqx4T7rhC7#T)SL%nh5_r0SC!FlsK5@FtO^9PqWe{^$Aey}pF8oDcXKjcz{cYv!*V
zAwJ~uvej>MO<e|g!YYx~WhupY!sn?iCI<)m3PYK}qPa$*yF~65`M$_nk$ZTjKM?pq
z8B5OoT((%A)wgH6L*>%uIzHu(S=USJ25AcNU;XYm`JBr1kD43#y1&iX#J)ga*=9*S
zW@;pp+B3cFgUOMcSw3%*B=slD>mDs;`ls`x-eGyq7A^)7##TNN2=a^7Ey0p4nfZ1i
z{X@y3IVe*|iwyC<0}=kJ+RL56FgFGLyen8`<aspMX4x$bCZ7u?tOdcM$S_|C)>%db
z_wejc$g)>(l$%0fV;}d1g1px0{7$KXqrR{sZ>9!QW-4304rArEQe0e1HdkK6e!d*4
zw;qte2PJAQM=_3ut@a1RJ0$X;1hq28R!F7g4w{F>Kf>v7y=D4G803j?9sl0BlpT>6
zSJcFLT_nz}HC~>GxaTJGnZ8}AQS(=PE)sM7TE_oI<Qb8(BERLUk!=-UmC-1F3uk#%
PG%%To9y4bBtz7>HxB!94

diff --git a/Backend/src/notifications/models/__pycache__/notification.cpython-312.pyc b/Backend/src/notifications/models/__pycache__/notification.cpython-312.pyc
index 3e05570e2c39533f7a7f1a64b96e5cf2a0ccce3a..09bea8818b0c5dde6dc92bdaa96c09601f9d22a3 100644
GIT binary patch
delta 772
zcmZvZ%TE(g7{$5mjFz?|t&izEz^25IOpGy7gDqg{b1Di&#f4(DHtkeKai-i(7r0Q@
zu4?W=To7Y0ChRctXK4HbChm3Rin#Wk%K{|K;y35M&-uQs()W_`O;M5q{BxH}Zs)6_
zN#s16ju%)}$|PFJ#q?^*O0$R3y0qlB1NKMC6NMd-FOsvYDi=tZxpFalFTaU%sSQpH
zPxGs2nPW3fp`(QF^*XIa;LvjTY*39Q&tV5p2;ZjGi456%mpu_)RyN4%t2m>2e&Dv<
zW+QNYuO2urI?Mcm?mb$>*+~wYmLR8q3qS?91YF^;NR)2-)N!AB_2<rNSG-3Xd}Wi+
z8~j(Z@-&Ct8lVF=fm9rnfLqKP(v3ODEKmdHfdp`yeHyAvJ%W4;)PXcdbht^KM&MIA
zjwu5$fnfmo1S-tT{FX5k;YYGRVv8ak;@DP96fru~^W2r5vlI0Hj5TZQzzBO1;4L(l
z&W6{I|0LrFxTR09zR#qOIp9vXpnf4Tq;Ppm%MoI;(|Umv*_@s;L>JJIod%$nv;{1&
zSGt-JHQi%~eb!IqMIldO(_KIY9sr`Q_t`If^vtePl$2J1eI{+p0V{06*x;@rqn{B5
mM2$rTo4qtgNT02lvqzIe?RVF%eVq9)vpv8E+Zy|8PW}UTR-5$z

delta 754
zcmajcO-~a+7zc2syQ_WM&?5F_TVPA{P!9+~paK?cgr<lUy~qKqYrBw*vWwI9fFAVZ
zRm^kI1MxsY!cDUtyqI{`Pq6W>AAor9<opMXFEMcsznz(#*_r1*A4{)F`UhQ)_J}9A
zIPTP6>lu}e(yUUTs+v%@qs16C)Ln{dCs~|K?E>A=2G|5W*2ev}+CznvXd*J1pAqYM
zNpPTWw1cqccDGtq$L1yfNhB4Dj$#Hd{r%W36MLA+tiPu3F;*egJMicnCY%>6@F_H>
z!6YbyIdDl(WI=r0<F>QmHtyQnZTVAvTYNcSyeeMx;t)@ZH_w19r~w72U=e77Ky|H6
zn@2>`<fk#Z1d`w?sDm)LM(=v(W>(Q$1Ghk25FBrE+v<3nk739FIgkgHpOk4T@r6}<
zGx<4mM%Iej7K$MmTX3xFI`_NwQPsZ{Ok@2i<6p<emGLXS)&GgHRVo-K1{)apYkL=C
zVA=Ol`;56V^|P5YWAjwa7FKYQ2MO2fIO|T+>NuX;9&uVft^l`jl)k*ZCb}DfdeQh_
z!t_3SYDh*nh*j4C66Y&GCVG<;V>tFJ(KtQJrDJ>^6TlYTF!sbTzZyFua(|hntVquJ
pv(#_l*-fw2y=RyCQ+ktI>Wi?{PW$=gm$etQ!yeH&Oi^Ec`a3bfm_h&m

diff --git a/Backend/src/notifications/models/notification.py b/Backend/src/notifications/models/notification.py
index 6865a3fc..fc6d5e9d 100644
--- a/Backend/src/notifications/models/notification.py
+++ b/Backend/src/notifications/models/notification.py
@@ -26,6 +26,7 @@ class NotificationType(str, enum.Enum):
     check_out_reminder = 'check_out_reminder'
     marketing_campaign = 'marketing_campaign'
     loyalty_update = 'loyalty_update'
+    shift_update = 'shift_update'
     system_alert = 'system_alert'
     custom = 'custom'
 
diff --git a/Backend/src/security/middleware/__pycache__/step_up_auth.cpython-312.pyc b/Backend/src/security/middleware/__pycache__/step_up_auth.cpython-312.pyc
index b9bab30af062dc68b4bc348a691c9efb8d991e8b..01e2f374873e5294e4ff1ec10b4501eda839afec 100644
GIT binary patch
delta 1530
zcmZ9MO>7%Q6o6;^Z^w@R5_@eY&gLICsgs7ZwP+HO5K2=Cs-{1xtRi=@*NPL{8)nzg
zqDqNG4oFCdbR<+H1m)I%K$R@+aN@urNmG$(RSTgaggAf;L9I9--rK|k*uyvP&70Zx
zGjHaX<DaLRzwvln1ip=hR3RE)YZmC;wf^OFDU=RTlC$RA#c)YT3zV3MEXa{hDJ~`?
z9d(jiOU@(5@}^w#sx{pPdh5RK1-(7zTP5ju&Tp&;tXk3?*Mf=A8_HUJJb6xDl9;5)
zswic%N~NqxWlfaIIZ?`$3T081vlUj*u8CQtoRt|*(3>M6!<1>5Kwz&GvU0+tdkSji
z;5WJhRs2nLgMMNPuUl9M;??aH*pVsZSQIoC;O|-#>b+r|8(Fur7MyBD;8J6S?ql++
zl>(F1jH<~?naYxGW3r?wW!SrFy+tFu*Y<NDfa`|=stIsKWJA2u9<@FVN{~<5f2Fti
zu;a>QBc8+RlAJB%3)zGG_LCTdnZ1IDd8U;9U6e+?NtX!U|04~9pBv^7P4Td~-*TNS
znD~mhpO?%|+f}N@DB;)5wPhB8WqPntKvgX$<&35*%4HS<3u{Nj5gmwbK*Gg*DEA@y
z5l<nS5edX0gau(m3?K#psvUr#isA|z!r5Uy*p#|-3T>YOp8Q0ftdLz7@d-EGw_dsD
zP23N5Y`Qz@HWCp(^1kog5eBw|fz843ZDHcBQ2et0>!GiPcBU_EO<&l&xVSxCe9N<I
zBR$XTbkA;e&+<2Ia$9&hO4$)~HiB*%M**@P<wu&L7g-AADYTsgp#K1g_ulJ0y4`;4
zL8$$MJXaps+pTR6{6gIf;}4-|-3lW(^0d^^vg;tO=0BVu)hCEMwrPp7(dr$ygEk%X
zO_)ywTdF&rA8DTmZdfNk5B$?drMv`Pt5ud7754In-T``udws2kv49E7K@;jt(8h8(
zudu9~V@a^8SZ%B;^w?S73|07hzHi+xpat(FPG9wRT4zCC;2-*D=xFt!|J;A#t4;+w
z%(R<Jp|j!%SjWZ?<A@2wvw-t#5|{|_k6mqjFM_E1q>475EGap;s3w_Gl-Wx-ZJ(D^
zNz)iR!~Y6JAPpfLU&b_am#RrjQ(rG=^UMnq%!8OlJcpP;JP$}X4-#hRYwyp^##Kd6
znX*)p*%`Fp!5MX6r$JJk04xT6dyS?G`2znUe4g^EOUTmrC~m;EOPGu;>@x0a^ag)B
zB3fUDnRob|$VocNA4kTi$d5)hj_W-}!uxkqO*Zb$-ka2Tc=qnX96B*_^zo)x*RmgU
z-H|ck&SZ>qb+ZaZ!WY5lLWT##(DOQBMvQn%{&b8%fh$FMf-QoI2dXN7x|ve?$YiFL
z#|}crw#kVa>8g=fjSSXEsz!Qh<Wh~C{*Fx6$g%I8d_C6H-A7~hh1l<A7=N3iom8lw
PqAA*QTiqov7(V|7H`t1|

delta 1741
zcmZ8hU2GIp6ux(NXa9e@ZFjo6bO%~nhL%z!V1>3~!O{qnDAZsj8J3+{yS2Mp@5}}v
z+mw(#NDPT^K`?6M!T48{hrVe{)E8rTuoWYl37bg5gCRzXf)buQXO>#*&E&iHp84jU
zbI<waeBSf>6Tz#2fS16C^z`ITt~wJG>9=Rvr=O+7MzjX4ahBpsLPldAqDED}CT4AF
zU`7~if_?qNeGv9>H8ev;6KdFEL}nbL$zyeL!|}eew2v3*xnLltE9p$8SSlFlf-$$*
z_Ngr<J6Js&Zn{dk#+01OMA)$~|JzZdL7o+!kIF7qhqfpJa+%1l3e7akZwr@bjKAT$
zy)lgDP5|8oa9Cm;Fq!pCd$p8fnxY%pq*9tx(j{YzZGcx1{-Ns+`T>8-eR#we(<D8e
z2LRUk(xjBvGGpmNPR~n6N``dg*koGQHC<YcTw=uuP0EaEnOF2KuLNUdgbjS3r)h9I
zWbQoOO(?lQRI1u0NS;pFF|TENnU-y{7%U9kR;K$&nT$JX`$uuy#cwu5+wDtLc#Y}_
zid^@jtlGN94LFv#Qx3z&uSAp1GB_9y@;lM!M#m|aDqMEX3bjuTK?qaAl(Q_bHY2ih
zq=5;y#&|utpLUg<;8>tUb)Ry*L*BE&DV}%jm%U3@I7#sepV^O6**DBQ@U2WuH`ZIt
z=L#$a2CK4zvQVpG(~^Z@?aVr@kS(%|reJCnE43_+lmvn=i6{ZcKK^}Ua(WZ)TM$|i
z9zzHqv>~)3U@jTnlC1@h-78CE9bt)0M$$S23`NJpVohP3uykYz>-eT6F~N=a7T?<G
zK_p)Rxc@7;e}dfe63^C~q1Z+Lr6WIu<VrL(?@#?Arrr;|9l9=dEQlTRoqgBD{vXBc
z*X`eJ_-4cPfsuuQk@*+2YXjNW1GifGueS^@v<z25kxIREVc(g3m3Vt4wXu?Fz3X$f
zdKcW%yj#53b|*~y$s2Vk9&~L_CI*@*TMsd?E{x_;@yB_GFYaSo!2T4z+r<z0<BvBB
z$r}-I(GK&i#`vND^Iazi)GxYl<tE<XJrArFLAw6Lyd%!K=RWegsc-q`Ynb~Y@PM|h
zLZ{6DX5GWY=t@4DR&>oMP1Z`~WkGI+I(A?=OhL=1a}z78;#mHxO&_S`p$b&196FW|
z%fLGLP<SUT@YCU+{m+0=$CiZVVq~?j3)VS)KC+W`&zX_^|BtmNnzB=gA8dSX&y&Do
zTM@P)^dj^D9AN!`awFS}mfZkm7#l@bzNl&wdKW5^?Lo6^EUl*vgR#Bb7i*ff?&Y!s
zn^R38n`64M;)14EH`2_|kLIB91o3=JrQ31!G{OMF4glG+oC+(5n#-Wo7A+qI=uvDh
z@^>Pvv$Q(|OC5hV%o7ffEdMh05<NQ?6En2A8>y&N*~XB|UIh40C;VcQB#eUPH2<n;
zkalxNypOKp1MweRwQL0WP-4w=2pFbYQ7{5Uu>v>ka9699S_)%W1coPlLYU<f8}I{n
zFXXT^q4l$uVT(o6Cjb`hl+rsk8+H8SB((P$*;XZMsw7b*omJ9PC9PF*uu8VTbJG)j
lbBO<zNVT-nL`6*eWrz9C19UYN7l&vMZT(okOJK5m{tF*Pk3|3g

diff --git a/Backend/src/security/middleware/step_up_auth.py b/Backend/src/security/middleware/step_up_auth.py
index 78a0c8f5..64ce57a6 100644
--- a/Backend/src/security/middleware/step_up_auth.py
+++ b/Backend/src/security/middleware/step_up_auth.py
@@ -1,5 +1,6 @@
 """
 Step-up authentication middleware for high-risk operations.
+Separates accountant and admin security concerns.
 """
 from fastapi import Depends, HTTPException, status, Request
 from sqlalchemy.orm import Session
@@ -8,7 +9,8 @@ from ...shared.config.database import get_db
 from ...security.middleware.auth import get_current_user
 from ...auth.models.user import User
 from ...payments.services.accountant_security_service import accountant_security_service
-from ...shared.utils.role_helpers import is_accountant
+from ...auth.services.admin_security_service import admin_security_service
+from ...shared.utils.role_helpers import is_accountant, is_admin
 from ...shared.config.logging_config import get_logger
 
 logger = get_logger(__name__)
@@ -65,26 +67,25 @@ def require_admin_step_up_auth(
 ):
     """
     Dependency to require step-up authentication for admin-only high-risk operations.
-    Uses the same step-up mechanism but bypasses accountant role checks.
+    Uses admin-specific security service, separate from accountant security.
     """
     async def step_up_checker(
         request: Request,
         current_user: User = Depends(get_current_user),
         db: Session = Depends(get_db)
     ) -> User:
-        from ...shared.utils.role_helpers import is_admin
-
         if not is_admin(current_user, db):
             return current_user  # Only admins are subject to this dependency
 
-        session_token = request.headers.get('X-Session-Token') or request.cookies.get('session_token')
+        # Try to get session token from header or cookie
+        session_token = request.headers.get('X-Session-Token') or request.cookies.get('admin_session_token')
 
-        requires_step_up, reason = accountant_security_service.require_step_up(
+        # Check if step-up is required using admin security service
+        requires_step_up, reason = admin_security_service.require_step_up(
             db=db,
             user_id=current_user.id,
             session_token=session_token,
-            action_description=action_description,
-            enforce_role_check=False,  # allow admin
+            action_description=action_description
         )
 
         if requires_step_up:
diff --git a/Frontend/src/App.tsx b/Frontend/src/App.tsx
index 399678ff..165f16be 100644
--- a/Frontend/src/App.tsx
+++ b/Frontend/src/App.tsx
@@ -119,7 +119,7 @@ const ServiceManagementPage = lazy(() => import('./pages/admin/ServiceManagement
 const InventoryManagementPage = lazy(() => import('./pages/admin/InventoryManagementPage'));
 const MaintenanceManagementPage = lazy(() => import('./pages/admin/MaintenanceManagementPage'));
 const InspectionManagementPage = lazy(() => import('./pages/admin/InspectionManagementPage'));
-const StaffShiftManagementPage = lazy(() => import('./pages/admin/StaffShiftManagementPage'));
+const StaffShiftDashboardPage = lazy(() => import('./pages/admin/StaffShiftDashboardPage'));
 
 const StaffDashboardPage = lazy(() => import('./pages/staff/DashboardPage'));
 const StaffInventoryViewPage = lazy(() => import('./pages/staff/InventoryViewPage'));
@@ -751,7 +751,7 @@ function App() {
           />
           <Route
             path="shifts" 
-            element={<StaffShiftManagementPage />} 
+            element={<StaffShiftDashboardPage />} 
           />
           <Route
             path="profile" 
diff --git a/Frontend/src/features/auth/components/StepUpAuthModal.tsx b/Frontend/src/features/auth/components/StepUpAuthModal.tsx
index 59824272..eaeccedf 100644
--- a/Frontend/src/features/auth/components/StepUpAuthModal.tsx
+++ b/Frontend/src/features/auth/components/StepUpAuthModal.tsx
@@ -5,6 +5,7 @@ import { yupResolver } from '@hookform/resolvers/yup';
 import * as yup from 'yup';
 import { toast } from 'react-toastify';
 import accountantSecurityService from '../../security/services/accountantSecurityService';
+import adminSecurityService from '../../security/services/adminSecurityService';
 import useAuthStore from '../../../store/useAuthStore';
 
 const mfaTokenSchema = yup.object({
@@ -94,11 +95,11 @@ const StepUpAuthModal: React.FC<StepUpAuthModalProps> = ({
       setError(null);
 
       const response = await (isAdmin
-        ? accountantSecurityService.verifyAdminStepUp({
+        ? adminSecurityService.verifyStepUp({
             mfa_token: data.mfaToken,
           })
         : accountantSecurityService.verifyStepUp({
-        mfa_token: data.mfaToken,
+            mfa_token: data.mfaToken,
           }));
 
       if (response.status === 'success' && response.data.step_up_completed) {
@@ -132,11 +133,11 @@ const StepUpAuthModal: React.FC<StepUpAuthModalProps> = ({
       setError(null);
 
       const response = await (isAdmin
-        ? accountantSecurityService.verifyAdminStepUp({
+        ? adminSecurityService.verifyStepUp({
             password: data.password,
           })
         : accountantSecurityService.verifyStepUp({
-        password: data.password,
+            password: data.password,
           }));
 
       if (response.status === 'success' && response.data.step_up_completed) {
diff --git a/Frontend/src/features/security/services/accountantSecurityService.ts b/Frontend/src/features/security/services/accountantSecurityService.ts
index 5945e59d..06756052 100644
--- a/Frontend/src/features/security/services/accountantSecurityService.ts
+++ b/Frontend/src/features/security/services/accountantSecurityService.ts
@@ -45,15 +45,6 @@ class AccountantSecurityService {
     return response.data;
   }
 
-  async verifyAdminStepUp(data: {
-    mfa_token?: string;
-    password?: string;
-    session_token?: string;
-  }): Promise<{ status: string; data: { step_up_completed: boolean } }> {
-    const response = await apiClient.post('/auth/admin/step-up/verify', data);
-    return response.data;
-  }
-
   async getSessions(): Promise<{ status: string; data: { sessions: AccountantSession[] } }> {
     const response = await apiClient.get('/accountant/security/sessions');
     return response.data;
diff --git a/Frontend/src/features/security/services/adminSecurityService.ts b/Frontend/src/features/security/services/adminSecurityService.ts
new file mode 100644
index 00000000..ae4bf59d
--- /dev/null
+++ b/Frontend/src/features/security/services/adminSecurityService.ts
@@ -0,0 +1,68 @@
+import apiClient from '../../../shared/services/apiClient';
+
+export interface AdminSession {
+  id: number;
+  ip_address?: string;
+  user_agent?: string;
+  country?: string;
+  city?: string;
+  last_activity: string;
+  step_up_authenticated: boolean;
+  step_up_expires_at?: string;
+  created_at: string;
+  expires_at: string;
+}
+
+export interface AdminActivityLog {
+  id: number;
+  user_id: number;
+  activity_type: string;
+  activity_description: string;
+  ip_address?: string;
+  country?: string;
+  city?: string;
+  risk_level: 'low' | 'medium' | 'high' | 'critical';
+  is_unusual: boolean;
+  metadata?: any;
+  created_at: string;
+}
+
+class AdminSecurityService {
+  async verifyStepUp(data: {
+    mfa_token?: string;
+    password?: string;
+    session_token?: string;
+  }): Promise<{ status: string; data: { step_up_completed: boolean } }> {
+    const response = await apiClient.post('/admin/security/step-up/verify', data);
+    return response.data;
+  }
+
+  async getSessions(): Promise<{ status: string; data: { sessions: AdminSession[] } }> {
+    const response = await apiClient.get('/admin/security/sessions');
+    return response.data;
+  }
+
+  async revokeSession(sessionId: number): Promise<{ status: string; message: string }> {
+    const response = await apiClient.post(`/admin/security/sessions/${sessionId}/revoke`);
+    return response.data;
+  }
+
+  async revokeAllSessions(): Promise<{ status: string; data: { revoked_count: number } }> {
+    const response = await apiClient.post('/admin/security/sessions/revoke-all');
+    return response.data;
+  }
+
+  async getActivityLogs(params?: {
+    page?: number;
+    limit?: number;
+    risk_level?: string;
+    is_unusual?: boolean;
+  }): Promise<{ status: string; data: { logs: AdminActivityLog[]; pagination: any } }> {
+    const response = await apiClient.get('/admin/security/activity-logs', { params });
+    return response.data;
+  }
+}
+
+const adminSecurityService = new AdminSecurityService();
+export default adminSecurityService;
+
diff --git a/Frontend/src/features/staffShifts/services/staffShiftService.ts b/Frontend/src/features/staffShifts/services/staffShiftService.ts
index a73fa878..a1a6906a 100644
--- a/Frontend/src/features/staffShifts/services/staffShiftService.ts
+++ b/Frontend/src/features/staffShifts/services/staffShiftService.ts
@@ -144,6 +144,20 @@ const staffShiftService = {
     const response = await apiClient.get('/staff-shifts/workload', { params: { date } });
     return response.data;
   },
+
+  // Status change methods - only cancellation is manual, start/complete are automatic
+  async cancelShift(shiftId: number, reason?: string, notes?: string) {
+    const response = await apiClient.post(`/staff-shifts/${shiftId}/cancel`, {
+      reason,
+      notes,
+    });
+    return response.data;
+  },
+
+  async deleteShift(shiftId: number) {
+    const response = await apiClient.delete(`/staff-shifts/${shiftId}`);
+    return response.data;
+  },
 };
 
 export default staffShiftService;
diff --git a/Frontend/src/pages/admin/StaffShiftDashboardPage.tsx b/Frontend/src/pages/admin/StaffShiftDashboardPage.tsx
new file mode 100644
index 00000000..8dfb5ab3
--- /dev/null
+++ b/Frontend/src/pages/admin/StaffShiftDashboardPage.tsx
@@ -0,0 +1,1401 @@
+import React, { useEffect, useState } from 'react';
+import { 
+  Calendar, Clock, TrendingUp, Trash2, ChevronLeft, ChevronRight, 
+  Sparkles, Crown, Activity, X, AlertCircle, Plus, Edit, Search, 
+  Users, XCircle, BarChart3, Settings
+} from 'lucide-react';
+import staffShiftService, { StaffShift } from '../../features/staffShifts/services/staffShiftService';
+import userService, { User } from '../../features/auth/services/userService';
+import { toast } from 'react-toastify';
+import Loading from '../../shared/components/Loading';
+import Pagination from '../../shared/components/Pagination';
+import { formatDate } from '../../shared/utils/format';
+import DatePicker from 'react-datepicker';
+import 'react-datepicker/dist/react-datepicker.css';
+
+// Custom scrollbar styles - Luxury design
+const customScrollbarStyles = `
+  .custom-scrollbar::-webkit-scrollbar {
+    width: 4px;
+  }
+  @media (min-width: 640px) {
+    .custom-scrollbar::-webkit-scrollbar {
+      width: 6px;
+    }
+  }
+  .custom-scrollbar::-webkit-scrollbar-track {
+    background: rgba(255, 255, 255, 0.05);
+    border-radius: 10px;
+  }
+  .custom-scrollbar::-webkit-scrollbar-thumb {
+    background: linear-gradient(180deg, rgba(251, 191, 36, 0.6), rgba(245, 158, 11, 0.6));
+    border-radius: 10px;
+    border: 1px solid rgba(251, 191, 36, 0.3);
+  }
+  .custom-scrollbar::-webkit-scrollbar-thumb:hover {
+    background: linear-gradient(180deg, rgba(251, 191, 36, 0.8), rgba(245, 158, 11, 0.8));
+  }
+  .custom-scrollbar {
+    scrollbar-width: thin;
+    scrollbar-color: rgba(251, 191, 36, 0.6) rgba(255, 255, 255, 0.05);
+  }
+`;
+
+interface MonthlyStats {
+  month: string;
+  monthKey: string;
+  total: number;
+  scheduled: number;
+  in_progress: number;
+  completed: number;
+  cancelled: number;
+  no_show: number;
+}
+
+interface DailyStats {
+  date: string;
+  total: number;
+  scheduled: number;
+  in_progress: number;
+  completed: number;
+  cancelled: number;
+  no_show: number;
+  shifts: StaffShift[];
+}
+
+type TabType = 'dashboard' | 'management';
+
+const StaffShiftDashboardPage: React.FC = () => {
+  // Tab state
+  const [activeTab, setActiveTab] = useState<TabType>('dashboard');
+  
+  // Dashboard states
+  const [allShifts, setAllShifts] = useState<StaffShift[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [selectedMonth, setSelectedMonth] = useState(new Date());
+  const [monthlyStats, setMonthlyStats] = useState<MonthlyStats[]>([]);
+  const [dailyStats, setDailyStats] = useState<DailyStats[]>([]);
+  const [showDeleteModal, setShowDeleteModal] = useState(false);
+  const [shiftToDelete, setShiftToDelete] = useState<StaffShift | null>(null);
+  const [deleting, setDeleting] = useState(false);
+  const [expandedMonths, setExpandedMonths] = useState<Set<string>>(new Set());
+  const [actionBlocked, setActionBlocked] = useState<{ title: string; message: string } | null>(null);
+
+  // Management states
+  const [shifts, setShifts] = useState<StaffShift[]>([]);
+  const [showModal, setShowModal] = useState(false);
+  const [editingShift, setEditingShift] = useState<StaffShift | null>(null);
+  const [staffMembers, setStaffMembers] = useState<User[]>([]);
+  const [showCancelModal, setShowCancelModal] = useState(false);
+  const [selectedShift, setSelectedShift] = useState<StaffShift | null>(null);
+  const [cancelReason, setCancelReason] = useState('');
+  const [cancelNotes, setCancelNotes] = useState('');
+  const [processingStatus, setProcessingStatus] = useState<number | null>(null);
+  const [filters, setFilters] = useState({
+    search: '',
+    status: '',
+    staff_id: '',
+    shift_date: '',
+    department: '',
+  });
+  const [currentPage, setCurrentPage] = useState(1);
+  const [totalPages, setTotalPages] = useState(1);
+  const [totalItems, setTotalItems] = useState(0);
+  const itemsPerPage = 20;
+  const [formData, setFormData] = useState({
+    staff_id: 0,
+    shift_date: new Date(),
+    shift_type: 'full_day',
+    start_time: '08:00',
+    end_time: '20:00',
+    break_duration_minutes: 30,
+    department: '',
+    notes: '',
+  });
+
+  const shiftTypes = [
+    { value: 'morning', label: 'Morning (6 AM - 2 PM)' },
+    { value: 'afternoon', label: 'Afternoon (2 PM - 10 PM)' },
+    { value: 'night', label: 'Night (10 PM - 6 AM)' },
+    { value: 'full_day', label: 'Full Day (8 AM - 8 PM)' },
+    { value: 'custom', label: 'Custom' },
+  ];
+
+  const statuses = [
+    { value: 'scheduled', label: 'Scheduled', color: 'bg-yellow-100 text-yellow-800' },
+    { value: 'in_progress', label: 'In Progress', color: 'bg-blue-100 text-blue-800' },
+    { value: 'completed', label: 'Completed', color: 'bg-green-100 text-green-800' },
+    { value: 'cancelled', label: 'Cancelled', color: 'bg-gray-100 text-gray-800' },
+    { value: 'no_show', label: 'No Show', color: 'bg-red-100 text-red-800' },
+  ];
+
+  // Fetch all shifts for dashboard
+  const fetchAllShifts = async () => {
+    try {
+      setLoading(true);
+      const response = await staffShiftService.getShifts({ limit: 1000 });
+      if (response.status === 'success' && response.data) {
+        setAllShifts(response.data.shifts || []);
+      }
+    } catch (error: any) {
+      toast.error(error.response?.data?.message || 'Unable to load shifts');
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // Fetch shifts for management (paginated)
+  const fetchShifts = async () => {
+    try {
+      setLoading(true);
+      const params: any = { page: currentPage, limit: itemsPerPage };
+      if (filters.status) params.status = filters.status;
+      if (filters.staff_id) params.staff_id = parseInt(filters.staff_id);
+      if (filters.shift_date) params.shift_date = filters.shift_date;
+      if (filters.department) params.department = filters.department;
+
+      const response = await staffShiftService.getShifts(params);
+      if (response.status === 'success' && response.data) {
+        let shiftList = response.data.shifts || [];
+        if (filters.search) {
+          shiftList = shiftList.filter((shift: StaffShift) =>
+            shift.staff_name?.toLowerCase().includes(filters.search.toLowerCase()) ||
+            shift.department?.toLowerCase().includes(filters.search.toLowerCase())
+          );
+        }
+        setShifts(shiftList);
+        setTotalPages(response.data.pagination?.total_pages || 1);
+        setTotalItems(response.data.pagination?.total || 0);
+      }
+    } catch (error: any) {
+      toast.error(error.response?.data?.message || 'Unable to load shifts');
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const fetchStaffMembers = async () => {
+    try {
+      const [staffResponse, housekeepingResponse] = await Promise.all([
+        userService.getUsers({ role: 'staff', limit: 100 }),
+        userService.getUsers({ role: 'housekeeping', limit: 100 })
+      ]);
+      const allUsers: User[] = [];
+      if (staffResponse.data?.users) allUsers.push(...staffResponse.data.users);
+      if (housekeepingResponse.data?.users) allUsers.push(...housekeepingResponse.data.users);
+      setStaffMembers(allUsers);
+    } catch (error) {
+      console.error('Error fetching staff members:', error);
+    }
+  };
+
+  useEffect(() => {
+    if (activeTab === 'dashboard') {
+      fetchAllShifts();
+    } else {
+      fetchShifts();
+      fetchStaffMembers();
+    }
+  }, [activeTab]);
+
+  useEffect(() => {
+    if (activeTab === 'management') {
+      setCurrentPage(1);
+    }
+  }, [filters, activeTab]);
+
+  useEffect(() => {
+    if (activeTab === 'management') {
+      fetchShifts();
+    }
+  }, [filters, currentPage, activeTab]);
+
+  useEffect(() => {
+    if (allShifts.length > 0 && activeTab === 'dashboard') {
+      calculateStats();
+    }
+  }, [allShifts, selectedMonth, activeTab]);
+
+  // Auto-refresh for management tab
+  useEffect(() => {
+    if (activeTab === 'management') {
+      const interval = setInterval(() => fetchShifts(), 30000);
+      return () => clearInterval(interval);
+    }
+  }, [filters, currentPage, activeTab]);
+
+  const calculateStats = () => {
+    const months: { [key: string]: MonthlyStats } = {};
+    allShifts.forEach(shift => {
+      const shiftDate = new Date(shift.shift_date);
+      const monthKey = `${shiftDate.getFullYear()}-${String(shiftDate.getMonth() + 1).padStart(2, '0')}`;
+      const monthName = shiftDate.toLocaleString('default', { month: 'long', year: 'numeric' });
+      if (!months[monthKey]) {
+        months[monthKey] = {
+          month: monthName,
+          monthKey,
+          total: 0,
+          scheduled: 0,
+          in_progress: 0,
+          completed: 0,
+          cancelled: 0,
+          no_show: 0,
+        };
+      }
+      months[monthKey].total++;
+      months[monthKey][shift.status as keyof MonthlyStats]++;
+    });
+    setMonthlyStats(Object.values(months).sort((a, b) => b.monthKey.localeCompare(a.monthKey)));
+
+    const selectedMonthStart = new Date(selectedMonth.getFullYear(), selectedMonth.getMonth(), 1);
+    const selectedMonthEnd = new Date(selectedMonth.getFullYear(), selectedMonth.getMonth() + 1, 0);
+    const days: { [key: string]: DailyStats } = {};
+    allShifts.forEach(shift => {
+      const shiftDate = new Date(shift.shift_date);
+      if (shiftDate >= selectedMonthStart && shiftDate <= selectedMonthEnd) {
+        const dayKey = shiftDate.toISOString().split('T')[0];
+        if (!days[dayKey]) {
+          days[dayKey] = {
+            date: dayKey,
+            total: 0,
+            scheduled: 0,
+            in_progress: 0,
+            completed: 0,
+            cancelled: 0,
+            no_show: 0,
+            shifts: [],
+          };
+        }
+        days[dayKey].total++;
+        days[dayKey][shift.status as keyof DailyStats]++;
+        days[dayKey].shifts.push(shift);
+      }
+    });
+    setDailyStats(Object.values(days).sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime()));
+  };
+
+  const handleDelete = async () => {
+    if (!shiftToDelete) return;
+    try {
+      setDeleting(true);
+      await staffShiftService.deleteShift(shiftToDelete.id);
+      toast.success('Shift deleted successfully');
+      setShowDeleteModal(false);
+      setShiftToDelete(null);
+      fetchAllShifts();
+    } catch (error: any) {
+      toast.error(error.response?.data?.detail || 'Unable to delete shift');
+    } finally {
+      setDeleting(false);
+    }
+  };
+
+  const canEditShift = (shift: StaffShift) =>
+    !(shift.status === 'in_progress' || shift.status === 'completed');
+
+  const canDeleteShift = (shift: StaffShift) =>
+    shift.status === 'scheduled' || shift.status === 'cancelled';
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!formData.staff_id) {
+      toast.error('Please select a staff member or housekeeping user');
+      return;
+    }
+    try {
+      const dataToSubmit: any = {
+        staff_id: formData.staff_id,
+        shift_date: formData.shift_date.toISOString(),
+        shift_type: formData.shift_type,
+        start_time: formData.start_time,
+        end_time: formData.end_time,
+        break_duration_minutes: formData.break_duration_minutes,
+      };
+      if (formData.department) dataToSubmit.department = formData.department;
+      if (formData.notes) dataToSubmit.notes = formData.notes;
+
+      if (editingShift) {
+        await staffShiftService.updateShift(editingShift.id, dataToSubmit);
+        toast.success('Shift updated successfully');
+      } else {
+        await staffShiftService.createShift(dataToSubmit);
+        toast.success('Shift created successfully');
+      }
+      setShowModal(false);
+      resetForm();
+      fetchShifts();
+      fetchAllShifts();
+    } catch (error: any) {
+      toast.error(error.response?.data?.message || 'Unable to save shift');
+    }
+  };
+
+  const handleEdit = (shift: StaffShift) => {
+    if (!canEditShift(shift)) {
+      setActionBlocked({
+        title: 'Edit not allowed',
+        message: 'Shifts that are in progress or completed cannot be modified. Please cancel and recreate if needed.',
+      });
+      return;
+    }
+    setEditingShift(shift);
+    const shiftDate = shift.shift_date ? new Date(shift.shift_date) : new Date();
+    setFormData({
+      staff_id: shift.staff_id,
+      shift_date: shiftDate,
+      shift_type: shift.shift_type,
+      start_time: shift.start_time || '08:00',
+      end_time: shift.end_time || '20:00',
+      break_duration_minutes: shift.break_duration_minutes || 30,
+      department: shift.department || '',
+      notes: shift.notes || '',
+    });
+    setShowModal(true);
+  };
+
+  const handleCancelShift = async () => {
+    if (!selectedShift) return;
+    try {
+      setProcessingStatus(selectedShift.id);
+      await staffShiftService.cancelShift(selectedShift.id, cancelReason || 'MANUAL_CANCEL', cancelNotes);
+      toast.success('Shift cancelled successfully');
+      setShowCancelModal(false);
+      setSelectedShift(null);
+      setCancelReason('');
+      setCancelNotes('');
+      fetchShifts();
+      fetchAllShifts();
+    } catch (error: any) {
+      toast.error(error.response?.data?.detail || 'Unable to cancel shift');
+    } finally {
+      setProcessingStatus(null);
+    }
+  };
+
+  const canCancelShift = (shift: StaffShift) => {
+    return shift.status === 'scheduled' || shift.status === 'in_progress';
+  };
+
+  const resetForm = () => {
+    setEditingShift(null);
+    setFormData({
+      staff_id: 0,
+      shift_date: new Date(),
+      shift_type: 'full_day',
+      start_time: '08:00',
+      end_time: '20:00',
+      break_duration_minutes: 30,
+      department: '',
+      notes: '',
+    });
+  };
+
+  const getStatusColor = (status: string) => {
+    const colors: { [key: string]: string } = {
+      scheduled: 'bg-gradient-to-r from-amber-400 to-amber-600',
+      in_progress: 'bg-gradient-to-r from-blue-400 to-blue-600',
+      completed: 'bg-gradient-to-r from-emerald-400 to-emerald-600',
+      cancelled: 'bg-gradient-to-r from-slate-400 to-slate-600',
+      no_show: 'bg-gradient-to-r from-red-400 to-red-600',
+    };
+    return colors[status] || 'bg-gradient-to-r from-gray-400 to-gray-600';
+  };
+
+  const getStatusIcon = (status: string) => {
+    switch (status) {
+      case 'scheduled': return <Clock className="w-4 h-4" />;
+      case 'in_progress': return <Activity className="w-4 h-4" />;
+      case 'completed': return <TrendingUp className="w-4 h-4" />;
+      case 'cancelled': return <X className="w-4 h-4" />;
+      case 'no_show': return <AlertCircle className="w-4 h-4" />;
+      default: return <Calendar className="w-4 h-4" />;
+    }
+  };
+
+  const getStatusBadge = (status: string) => {
+    return statuses.find((s) => s.value === status) || statuses[0];
+  };
+
+  const navigateMonth = (direction: 'prev' | 'next') => {
+    const newDate = new Date(selectedMonth);
+    if (direction === 'prev') {
+      newDate.setMonth(newDate.getMonth() - 1);
+    } else {
+      newDate.setMonth(newDate.getMonth() + 1);
+    }
+    setSelectedMonth(newDate);
+  };
+
+  const toggleMonthExpansion = (monthKey: string) => {
+    const newExpanded = new Set(expandedMonths);
+    if (newExpanded.has(monthKey)) {
+      newExpanded.delete(monthKey);
+    } else {
+      newExpanded.add(monthKey);
+    }
+    setExpandedMonths(newExpanded);
+  };
+
+  if (loading && (activeTab === 'dashboard' ? allShifts.length === 0 : shifts.length === 0)) {
+    return <Loading fullScreen text="Loading dashboard..." />;
+  }
+
+  return (
+    <>
+      <style>{customScrollbarStyles}</style>
+      <div className="h-screen w-full flex flex-col bg-gradient-to-br from-slate-900 via-purple-900/40 to-slate-900 overflow-hidden relative">
+        {/* Luxury Background Effects */}
+        <div className="absolute inset-0 overflow-hidden pointer-events-none">
+          <div className="absolute top-0 left-1/4 w-96 h-96 bg-amber-500/10 rounded-full blur-3xl animate-pulse"></div>
+          <div className="absolute bottom-0 right-1/4 w-96 h-96 bg-purple-500/10 rounded-full blur-3xl animate-pulse delay-1000"></div>
+        </div>
+
+        {/* Luxury Header - Fixed */}
+        <div className="flex-shrink-0 p-2 sm:p-3 md:p-4 lg:p-6 border-b border-white/10 bg-gradient-to-r from-slate-900/95 via-slate-900/90 to-slate-900/95 backdrop-blur-xl shadow-2xl relative z-10">
+          <div className="flex flex-col sm:flex-row sm:items-center gap-2 sm:gap-3 md:gap-4 mb-2 sm:mb-3 md:mb-4">
+            <div className="p-1.5 sm:p-2 md:p-2.5 bg-gradient-to-br from-amber-400 via-amber-500 to-amber-600 rounded-lg sm:rounded-xl md:rounded-2xl shadow-2xl shadow-amber-500/50 ring-2 ring-amber-400/30">
+              <Crown className="w-4 h-4 sm:w-5 sm:h-5 md:w-6 md:h-6 lg:w-7 lg:h-7 text-white" />
+            </div>
+            <div className="flex-1 min-w-0">
+              <h1 className="text-lg sm:text-xl md:text-2xl lg:text-3xl xl:text-4xl font-bold text-white tracking-tight leading-tight">
+                <span className="bg-gradient-to-r from-white via-amber-100 to-white bg-clip-text text-transparent drop-shadow-lg">
+                  Staff Shift Management
+                </span>
+              </h1>
+              <p className="text-slate-300 mt-0.5 sm:mt-1 text-xs sm:text-sm md:text-base font-light flex items-center gap-1.5 sm:gap-2">
+                <Sparkles className="w-3 h-3 sm:w-4 sm:h-4 text-amber-400 flex-shrink-0 animate-pulse" />
+                <span>Analytics, insights and management</span>
+              </p>
+            </div>
+            {activeTab === 'management' && (
+              <button
+                onClick={() => {
+                  resetForm();
+                  setShowModal(true);
+                }}
+                className="px-3 sm:px-4 md:px-6 py-1.5 sm:py-2 md:py-3 bg-gradient-to-r from-amber-500 to-amber-600 text-white rounded-lg sm:rounded-xl font-semibold transition-all duration-200 hover:scale-105 shadow-lg shadow-amber-500/50 flex items-center gap-1.5 sm:gap-2 text-xs sm:text-sm md:text-base"
+              >
+                <Plus className="w-3 h-3 sm:w-4 sm:h-4" />
+                <span className="hidden sm:inline">New Shift</span>
+                <span className="sm:hidden">New</span>
+              </button>
+            )}
+          </div>
+
+          {/* Tabs */}
+          <div className="flex flex-wrap gap-1.5 sm:gap-2 md:gap-3">
+            <button
+              onClick={() => setActiveTab('dashboard')}
+              className={`px-3 sm:px-4 md:px-5 lg:px-6 py-1.5 sm:py-2 md:py-2.5 rounded-lg sm:rounded-xl text-xs sm:text-sm md:text-base font-semibold transition-all duration-300 transform hover:scale-105 flex items-center gap-1.5 sm:gap-2 ${
+                activeTab === 'dashboard'
+                  ? 'bg-gradient-to-r from-amber-500 to-amber-600 text-white shadow-lg shadow-amber-500/50 ring-2 ring-amber-400/30'
+                  : 'bg-white/10 text-slate-300 hover:bg-white/20 backdrop-blur-sm border border-white/10'
+              }`}
+            >
+              <BarChart3 className="w-3 h-3 sm:w-4 sm:h-4 md:w-5 md:h-5" />
+              <span className="hidden xs:inline">Dashboard</span>
+              <span className="xs:hidden">Stats</span>
+            </button>
+            <button
+              onClick={() => setActiveTab('management')}
+              className={`px-3 sm:px-4 md:px-5 lg:px-6 py-1.5 sm:py-2 md:py-2.5 rounded-lg sm:rounded-xl text-xs sm:text-sm md:text-base font-semibold transition-all duration-300 transform hover:scale-105 flex items-center gap-1.5 sm:gap-2 ${
+                activeTab === 'management'
+                  ? 'bg-gradient-to-r from-amber-500 to-amber-600 text-white shadow-lg shadow-amber-500/50 ring-2 ring-amber-400/30'
+                  : 'bg-white/10 text-slate-300 hover:bg-white/20 backdrop-blur-sm border border-white/10'
+              }`}
+            >
+              <Settings className="w-3 h-3 sm:w-4 sm:h-4 md:w-5 md:h-5" />
+              <span className="hidden xs:inline">Management</span>
+              <span className="xs:hidden">Manage</span>
+            </button>
+          </div>
+
+          {/* Month Navigation for Dashboard */}
+          {activeTab === 'dashboard' && (
+            <div className="flex items-center justify-between gap-2 sm:gap-3 mt-2 sm:mt-3">
+              <button
+                onClick={() => navigateMonth('prev')}
+                className="p-1.5 sm:p-2 bg-white/10 hover:bg-white/20 rounded-lg transition-all duration-200 hover:scale-110 flex-shrink-0 ring-1 ring-white/10"
+              >
+                <ChevronLeft className="w-4 h-4 sm:w-5 sm:h-5 text-white" />
+              </button>
+              <h2 className="text-sm sm:text-base md:text-lg lg:text-xl font-bold text-white text-center flex-1 truncate">
+                {selectedMonth.toLocaleString('default', { month: 'long', year: 'numeric' })}
+              </h2>
+              <button
+                onClick={() => navigateMonth('next')}
+                className="p-1.5 sm:p-2 bg-white/10 hover:bg-white/20 rounded-lg transition-all duration-200 hover:scale-110 flex-shrink-0 ring-1 ring-white/10"
+              >
+                <ChevronRight className="w-4 h-4 sm:w-5 sm:h-5 text-white" />
+              </button>
+            </div>
+          )}
+        </div>
+
+        {/* Scrollable Content Area */}
+        <div className="flex-1 min-h-0 overflow-hidden p-2 sm:p-3 md:p-4 lg:p-6 w-full relative z-10">
+          <div className="h-full overflow-y-auto overflow-x-hidden custom-scrollbar">
+            {activeTab === 'dashboard' ? (
+              // Dashboard View
+              <div className="space-y-2 sm:space-y-3 md:space-y-4 lg:space-y-6 w-full max-w-full">
+                {monthlyStats.length === 0 ? (
+                  <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-xl sm:rounded-2xl p-4 sm:p-6 md:p-8 border border-white/20 shadow-2xl text-center ring-1 ring-white/10">
+                    <Calendar className="w-8 h-8 sm:w-10 sm:h-10 md:w-12 md:h-12 text-slate-400 mx-auto mb-2 sm:mb-3" />
+                    <p className="text-slate-300 text-xs sm:text-sm md:text-base">No shifts found</p>
+                  </div>
+                ) : (
+                  monthlyStats.map((stat, index) => {
+                    const isExpanded = expandedMonths.has(stat.monthKey);
+                    const monthDate = new Date(stat.monthKey + '-01');
+                    const monthDailyStats = dailyStats.filter(day => {
+                      const dayDate = new Date(day.date);
+                      return dayDate.getMonth() === monthDate.getMonth() && 
+                             dayDate.getFullYear() === monthDate.getFullYear();
+                    });
+
+                    return (
+                      <div
+                        key={index}
+                        className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl md:rounded-2xl p-2 sm:p-3 md:p-4 lg:p-6 border border-white/20 shadow-2xl hover:shadow-amber-500/30 transition-all duration-300 w-full max-w-full ring-1 ring-white/10 hover:ring-amber-500/30"
+                      >
+                        <button
+                          onClick={() => toggleMonthExpansion(stat.monthKey)}
+                          className="w-full text-left"
+                        >
+                          <div className="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-2 sm:gap-3 mb-2 sm:mb-3 md:mb-4 pb-2 sm:pb-3 md:pb-4 border-b border-white/10">
+                            <div className="flex items-center gap-1.5 sm:gap-2 md:gap-3 min-w-0">
+                              <div className="p-1 sm:p-1.5 md:p-2 bg-gradient-to-br from-amber-400 via-amber-500 to-amber-600 rounded-lg sm:rounded-xl shadow-lg shadow-amber-500/50 flex-shrink-0 ring-1 ring-amber-400/30">
+                                <Calendar className="w-3 h-3 sm:w-4 sm:h-4 md:w-5 md:h-5 text-white" />
+                              </div>
+                              <div className="min-w-0">
+                                <h3 className="text-sm sm:text-base md:text-lg lg:text-xl xl:text-2xl font-bold text-white truncate">{stat.month}</h3>
+                                <p className="text-slate-400 mt-0.5 text-xs">Complete monthly overview</p>
+                              </div>
+                            </div>
+                            <div className="flex items-center gap-2 sm:gap-3">
+                              <div className="text-left sm:text-right flex-shrink-0">
+                                <div className="text-xl sm:text-2xl md:text-3xl font-bold bg-gradient-to-r from-amber-400 to-amber-300 bg-clip-text text-transparent">
+                                  {stat.total}
+                                </div>
+                                <p className="text-slate-400 text-xs mt-0.5">Total Shifts</p>
+                              </div>
+                              <ChevronRight className={`w-4 h-4 sm:w-5 sm:h-5 text-amber-400 transition-transform duration-300 ${isExpanded ? 'rotate-90' : ''}`} />
+                            </div>
+                          </div>
+                        </button>
+
+                        {/* Status Grid */}
+                        <div className="grid grid-cols-2 sm:grid-cols-3 md:grid-cols-5 gap-1.5 sm:gap-2 md:gap-3 mb-2 sm:mb-3 md:mb-4">
+                          <div className="bg-gradient-to-br from-amber-500/20 to-amber-600/20 rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-amber-500/30 backdrop-blur-sm ring-1 ring-amber-500/20 hover:ring-amber-500/40 transition-all">
+                            <div className="flex items-center gap-1 sm:gap-1.5 mb-1 sm:mb-1.5">
+                              <div className="p-0.5 sm:p-1 bg-amber-500/30 rounded-md flex-shrink-0">
+                                <Clock className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-amber-300" />
+                              </div>
+                              <span className="text-[10px] sm:text-xs font-semibold text-amber-200 truncate">Scheduled</span>
+                            </div>
+                            <div className="text-lg sm:text-xl md:text-2xl font-bold text-white">{stat.scheduled}</div>
+                            <div className="text-[10px] sm:text-xs text-amber-300/70 mt-0.5 sm:mt-1">
+                              {stat.total > 0 ? Math.round((stat.scheduled / stat.total) * 100) : 0}%
+                            </div>
+                          </div>
+                          
+                          <div className="bg-gradient-to-br from-blue-500/20 to-blue-600/20 rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-blue-500/30 backdrop-blur-sm ring-1 ring-blue-500/20 hover:ring-blue-500/40 transition-all">
+                            <div className="flex items-center gap-1 sm:gap-1.5 mb-1 sm:mb-1.5">
+                              <div className="p-0.5 sm:p-1 bg-blue-500/30 rounded-md flex-shrink-0">
+                                <Activity className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-blue-300" />
+                              </div>
+                              <span className="text-[10px] sm:text-xs font-semibold text-blue-200 truncate">In Progress</span>
+                            </div>
+                            <div className="text-lg sm:text-xl md:text-2xl font-bold text-white">{stat.in_progress}</div>
+                            <div className="text-[10px] sm:text-xs text-blue-300/70 mt-0.5 sm:mt-1">
+                              {stat.total > 0 ? Math.round((stat.in_progress / stat.total) * 100) : 0}%
+                            </div>
+                          </div>
+                          
+                          <div className="bg-gradient-to-br from-emerald-500/20 to-emerald-600/20 rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-emerald-500/30 backdrop-blur-sm ring-1 ring-emerald-500/20 hover:ring-emerald-500/40 transition-all">
+                            <div className="flex items-center gap-1 sm:gap-1.5 mb-1 sm:mb-1.5">
+                              <div className="p-0.5 sm:p-1 bg-emerald-500/30 rounded-md flex-shrink-0">
+                                <TrendingUp className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-emerald-300" />
+                              </div>
+                              <span className="text-[10px] sm:text-xs font-semibold text-emerald-200 truncate">Completed</span>
+                            </div>
+                            <div className="text-lg sm:text-xl md:text-2xl font-bold text-white">{stat.completed}</div>
+                            <div className="text-[10px] sm:text-xs text-emerald-300/70 mt-0.5 sm:mt-1">
+                              {stat.total > 0 ? Math.round((stat.completed / stat.total) * 100) : 0}%
+                            </div>
+                          </div>
+                          
+                          <div className="bg-gradient-to-br from-slate-500/20 to-slate-600/20 rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-slate-500/30 backdrop-blur-sm ring-1 ring-slate-500/20 hover:ring-slate-500/40 transition-all">
+                            <div className="flex items-center gap-1 sm:gap-1.5 mb-1 sm:mb-1.5">
+                              <div className="p-0.5 sm:p-1 bg-slate-500/30 rounded-md flex-shrink-0">
+                                <X className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-slate-300" />
+                              </div>
+                              <span className="text-[10px] sm:text-xs font-semibold text-slate-200 truncate">Cancelled</span>
+                            </div>
+                            <div className="text-lg sm:text-xl md:text-2xl font-bold text-white">{stat.cancelled}</div>
+                            <div className="text-[10px] sm:text-xs text-slate-300/70 mt-0.5 sm:mt-1">
+                              {stat.total > 0 ? Math.round((stat.cancelled / stat.total) * 100) : 0}%
+                            </div>
+                          </div>
+                          
+                          {stat.no_show > 0 && (
+                            <div className="bg-gradient-to-br from-red-500/20 to-red-600/20 rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-red-500/30 backdrop-blur-sm ring-1 ring-red-500/20 hover:ring-red-500/40 transition-all">
+                              <div className="flex items-center gap-1 sm:gap-1.5 mb-1 sm:mb-1.5">
+                                <div className="p-0.5 sm:p-1 bg-red-500/30 rounded-md flex-shrink-0">
+                                  <AlertCircle className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-red-300" />
+                                </div>
+                                <span className="text-[10px] sm:text-xs font-semibold text-red-200 truncate">No Show</span>
+                              </div>
+                              <div className="text-lg sm:text-xl md:text-2xl font-bold text-white">{stat.no_show}</div>
+                              <div className="text-[10px] sm:text-xs text-red-300/70 mt-0.5 sm:mt-1">
+                                {stat.total > 0 ? Math.round((stat.no_show / stat.total) * 100) : 0}%
+                              </div>
+                            </div>
+                          )}
+                        </div>
+
+                        {/* Expanded Daily Breakdown */}
+                        {isExpanded && (
+                          <div className="space-y-2 sm:space-y-3 md:space-y-4 mt-2 sm:mt-3 md:mt-4 pt-2 sm:pt-3 md:pt-4 border-t border-white/10">
+                            {monthDailyStats.length > 0 ? (
+                              monthDailyStats.map((day, dayIndex) => (
+                                <div
+                                  key={dayIndex}
+                                  className="bg-gradient-to-br from-white/5 to-white/0 backdrop-blur-md rounded-lg sm:rounded-xl p-2 sm:p-2.5 md:p-3 border border-white/10 shadow-lg hover:shadow-blue-500/20 transition-all duration-200 ring-1 ring-white/5"
+                                >
+                                  <div className="flex flex-col sm:flex-row sm:items-center sm:justify-between gap-1.5 sm:gap-2 mb-2 sm:mb-2.5 pb-1.5 sm:pb-2 border-b border-white/5">
+                                    <div className="flex items-center gap-1.5 sm:gap-2 min-w-0">
+                                      <div className="p-1 sm:p-1.5 bg-gradient-to-br from-blue-400 to-blue-600 rounded-md sm:rounded-lg shadow-md flex-shrink-0 ring-1 ring-blue-400/30">
+                                        <Calendar className="w-2.5 h-2.5 sm:w-3 sm:h-3 md:w-4 md:h-4 text-white" />
+                                      </div>
+                                      <div className="min-w-0">
+                                        <h4 className="text-xs sm:text-sm md:text-base font-bold text-white truncate">
+                                          {formatDate(day.date)}
+                                        </h4>
+                                        <p className="text-slate-400 text-[10px] sm:text-xs mt-0.5">
+                                          {new Date(day.date).toLocaleDateString('en-US', { weekday: 'long' })}
+                                        </p>
+                                      </div>
+                                    </div>
+                                    <div className="flex items-center justify-between sm:justify-end gap-1.5 sm:gap-2">
+                                      <div className="text-left sm:text-right flex-shrink-0">
+                                        <div className="text-base sm:text-lg md:text-xl font-bold text-white">{day.total}</div>
+                                        <p className="text-slate-400 text-[10px] sm:text-xs">Shifts</p>
+                                      </div>
+                                      <div className="flex flex-wrap gap-1">
+                                        {day.scheduled > 0 && (
+                                          <span className="px-1 sm:px-1.5 py-0.5 bg-amber-500/20 border border-amber-500/30 text-amber-300 rounded text-[10px] sm:text-xs font-semibold backdrop-blur-sm">
+                                            {day.scheduled}
+                                          </span>
+                                        )}
+                                        {day.in_progress > 0 && (
+                                          <span className="px-1 sm:px-1.5 py-0.5 bg-blue-500/20 border border-blue-500/30 text-blue-300 rounded text-[10px] sm:text-xs font-semibold backdrop-blur-sm">
+                                            {day.in_progress}
+                                          </span>
+                                        )}
+                                        {day.completed > 0 && (
+                                          <span className="px-1 sm:px-1.5 py-0.5 bg-emerald-500/20 border border-emerald-500/30 text-emerald-300 rounded text-[10px] sm:text-xs font-semibold backdrop-blur-sm">
+                                            {day.completed}
+                                          </span>
+                                        )}
+                                        {day.cancelled > 0 && (
+                                          <span className="px-1 sm:px-1.5 py-0.5 bg-slate-500/20 border border-slate-500/30 text-slate-300 rounded text-[10px] sm:text-xs font-semibold backdrop-blur-sm">
+                                            {day.cancelled}
+                                          </span>
+                                        )}
+                                      </div>
+                                    </div>
+                                  </div>
+
+                                  <div className="space-y-1 sm:space-y-1.5 max-h-32 sm:max-h-40 md:max-h-48 overflow-y-auto pr-1 custom-scrollbar">
+                                    {day.shifts
+                                      .sort((a, b) => {
+                                        const statusOrder = { 'in_progress': 0, 'scheduled': 1, 'completed': 2, 'cancelled': 3, 'no_show': 4 };
+                                        return (statusOrder[a.status as keyof typeof statusOrder] || 99) - 
+                                               (statusOrder[b.status as keyof typeof statusOrder] || 99);
+                                      })
+                                      .map((shift) => (
+                                        <div
+                                          key={shift.id}
+                                          className={`bg-gradient-to-r from-white/5 to-white/0 rounded-md p-1.5 sm:p-2 flex flex-col sm:flex-row sm:items-center sm:justify-between gap-1.5 hover:bg-white/10 transition-all duration-200 border backdrop-blur-sm ${
+                                            shift.status === 'completed' 
+                                              ? 'border-emerald-500/20 ring-1 ring-emerald-500/10' 
+                                              : shift.status === 'in_progress'
+                                              ? 'border-blue-500/20 ring-1 ring-blue-500/10'
+                                              : 'border-white/10 ring-1 ring-white/5'
+                                          }`}
+                                        >
+                                          <div className="flex items-start sm:items-center gap-1.5 flex-1 min-w-0">
+                                            <div className={`p-1 rounded-md ${getStatusColor(shift.status)} shadow-md flex-shrink-0 ring-1 ring-white/20`}>
+                                              {getStatusIcon(shift.status)}
+                                            </div>
+                                            <div className="flex-1 min-w-0">
+                                              <div className="flex flex-wrap items-center gap-1 mb-0.5">
+                                                <span className="text-[10px] sm:text-xs font-bold text-white truncate">
+                                                  {shift.staff_name || `Staff #${shift.staff_id}`}
+                                                </span>
+                                                <span className={`px-1 py-0.5 rounded text-[10px] font-bold ${getStatusColor(shift.status)} text-white whitespace-nowrap`}>
+                                                  {shift.status.replace('_', ' ').toUpperCase()}
+                                                </span>
+                                              </div>
+                                              <div className="flex flex-wrap items-center gap-1 text-[10px] text-slate-300">
+                                                <span className="flex items-center gap-0.5">
+                                                  <Clock className="w-2.5 h-2.5 flex-shrink-0" />
+                                                  <span className="font-medium whitespace-nowrap">{shift.start_time} - {shift.end_time}</span>
+                                                </span>
+                                                {shift.department && (
+                                                  <span className="text-slate-400 whitespace-nowrap">{shift.department}</span>
+                                                )}
+                                              </div>
+                                            </div>
+                                          </div>
+                                          <div className="flex items-center justify-end gap-1.5 flex-shrink-0">
+                                            <button
+                                              onClick={(e) => {
+                                                e.stopPropagation();
+                                                if (!canDeleteShift(shift)) {
+                                                  setActionBlocked({
+                                                    title: 'Delete not allowed',
+                                                    message: 'Only scheduled or cancelled shifts can be deleted. Please cancel first if it is in progress, or leave completed shifts archived.',
+                                                  });
+                                                  return;
+                                                }
+                                                setShiftToDelete(shift);
+                                                setShowDeleteModal(true);
+                                              }}
+                                              className={`p-1 bg-red-500/20 border border-red-500/30 text-red-300 rounded-md transition-all duration-200 flex-shrink-0 ${canDeleteShift(shift) ? 'hover:bg-red-500/30 hover:scale-110' : 'opacity-60 cursor-not-allowed'}`}
+                                              title={canDeleteShift(shift) ? 'Delete shift' : 'Cannot delete this shift'}
+                                            >
+                                              <Trash2 className="w-3 h-3 sm:w-3.5 sm:h-3.5" />
+                                            </button>
+                                            {shift.status === 'completed' && (
+                                              <div className="px-1.5 py-0.5 bg-emerald-500/20 border border-emerald-500/30 text-emerald-300 rounded-md text-[10px] font-semibold flex items-center gap-1 whitespace-nowrap">
+                                                <Crown className="w-2.5 h-2.5" />
+                                                <span className="hidden sm:inline">Archived</span>
+                                              </div>
+                                            )}
+                                          </div>
+                                        </div>
+                                      ))}
+                                  </div>
+                                </div>
+                              ))
+                            ) : (
+                              <div className="bg-white/5 rounded-lg p-3 text-center border border-white/10">
+                                <p className="text-slate-400 text-xs sm:text-sm">No daily shifts for this month</p>
+                              </div>
+                            )}
+                          </div>
+                        )}
+
+                        {/* Monthly Shifts Summary */}
+                        <div className="mt-2 sm:mt-3 md:mt-4 pt-2 sm:pt-3 md:pt-4 border-t border-white/10">
+                          <h4 className="text-xs sm:text-sm md:text-base font-semibold text-white mb-1.5 sm:mb-2 md:mb-3">All Shifts in {stat.month}</h4>
+                          <div className="space-y-1.5 sm:space-y-2 max-h-32 sm:max-h-40 md:max-h-48 lg:max-h-56 overflow-y-auto pr-1 sm:pr-2 custom-scrollbar">
+                            {allShifts
+                              .filter(shift => {
+                                const shiftDate = new Date(shift.shift_date);
+                                const monthKey = `${shiftDate.getFullYear()}-${String(shiftDate.getMonth() + 1).padStart(2, '0')}`;
+                                return monthKey === stat.monthKey;
+                              })
+                              .sort((a, b) => {
+                                const dateA = new Date(a.shift_date);
+                                const dateB = new Date(b.shift_date);
+                                return dateB.getTime() - dateA.getTime();
+                              })
+                              .map((shift) => (
+                                <div
+                                  key={shift.id}
+                                  className={`bg-gradient-to-r from-white/5 to-white/0 rounded-md sm:rounded-lg p-1.5 sm:p-2 md:p-2.5 flex flex-col sm:flex-row sm:items-center sm:justify-between gap-1.5 sm:gap-2 hover:bg-white/10 transition-all duration-200 border backdrop-blur-sm ${
+                                    shift.status === 'completed' 
+                                      ? 'border-emerald-500/20 ring-1 ring-emerald-500/10' 
+                                      : shift.status === 'in_progress'
+                                      ? 'border-blue-500/20 ring-1 ring-blue-500/10'
+                                      : 'border-white/10 ring-1 ring-white/5'
+                                  }`}
+                                >
+                                  <div className="flex items-start sm:items-center gap-1.5 sm:gap-2 flex-1 min-w-0">
+                                    <div className={`p-1 sm:p-1.5 rounded-md ${getStatusColor(shift.status)} shadow-md flex-shrink-0 ring-1 ring-white/20`}>
+                                      {getStatusIcon(shift.status)}
+                                    </div>
+                                    <div className="flex-1 min-w-0">
+                                      <div className="flex flex-wrap items-center gap-1 sm:gap-1.5 mb-0.5 sm:mb-1">
+                                        <span className="text-[10px] sm:text-xs md:text-sm font-bold text-white truncate">
+                                          {shift.staff_name || `Staff #${shift.staff_id}`}
+                                        </span>
+                                        <span className={`px-1 sm:px-1.5 py-0.5 rounded text-[10px] sm:text-xs font-bold ${getStatusColor(shift.status)} text-white whitespace-nowrap`}>
+                                          {shift.status.replace('_', ' ').toUpperCase()}
+                                        </span>
+                                      </div>
+                                      <div className="flex flex-wrap items-center gap-1 sm:gap-1.5 md:gap-2 text-[10px] sm:text-xs text-slate-300">
+                                        <span className="whitespace-nowrap">{formatDate(shift.shift_date)}</span>
+                                        <span className="whitespace-nowrap">{shift.start_time} - {shift.end_time}</span>
+                                        {shift.department && (
+                                          <span className="text-slate-400 whitespace-nowrap">{shift.department}</span>
+                                        )}
+                                      </div>
+                                    </div>
+                                  </div>
+                                  <div className="flex items-center justify-end gap-1.5 sm:gap-2 flex-shrink-0">
+                                <button
+                                  onClick={() => {
+                                    if (!canDeleteShift(shift)) {
+                                      setActionBlocked({
+                                        title: 'Delete not allowed',
+                                        message: 'Only scheduled or cancelled shifts can be deleted. Please cancel first if it is in progress, or leave completed shifts archived.',
+                                      });
+                                      return;
+                                    }
+                                    setShiftToDelete(shift);
+                                    setShowDeleteModal(true);
+                                  }}
+                                  className={`p-1 sm:p-1.5 bg-red-500/20 border border-red-500/30 text-red-300 rounded-md transition-all duration-200 flex-shrink-0 ${canDeleteShift(shift) ? 'hover:bg-red-500/30 hover:scale-110' : 'opacity-60 cursor-not-allowed'}`}
+                                  title={canDeleteShift(shift) ? 'Delete shift' : 'Cannot delete this shift'}
+                                >
+                                  <Trash2 className="w-3 h-3 sm:w-3.5 sm:h-3.5 md:w-4 md:h-4" />
+                                </button>
+                                    {shift.status === 'completed' && (
+                                      <div className="px-1.5 sm:px-2 py-0.5 sm:py-1 bg-emerald-500/20 border border-emerald-500/30 text-emerald-300 rounded-md text-[10px] sm:text-xs font-semibold flex items-center gap-1 whitespace-nowrap">
+                                        <Crown className="w-2.5 h-2.5 sm:w-3 sm:h-3" />
+                                        <span className="hidden sm:inline">Archived</span>
+                                      </div>
+                                    )}
+                                  </div>
+                                </div>
+                              ))}
+                            {allShifts.filter(shift => {
+                              const shiftDate = new Date(shift.shift_date);
+                              const monthKey = `${shiftDate.getFullYear()}-${String(shiftDate.getMonth() + 1).padStart(2, '0')}`;
+                              return monthKey === stat.monthKey;
+                            }).length === 0 && (
+                              <p className="text-slate-400 text-[10px] sm:text-xs text-center py-2 sm:py-3">No shifts to display</p>
+                            )}
+                          </div>
+                        </div>
+                      </div>
+                    );
+                  })
+                )}
+              </div>
+            ) : (
+              // Management View
+              <div className="space-y-2 sm:space-y-3 md:space-y-4 w-full max-w-full">
+                {/* Filters */}
+                <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl p-2 sm:p-3 md:p-4 border border-white/20 shadow-2xl ring-1 ring-white/10">
+                  <div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-5 gap-2 sm:gap-3">
+                    <div className="relative group">
+                      <Search className="absolute left-2 sm:left-3 top-1/2 transform -translate-y-1/2 text-slate-400 w-4 h-4 sm:w-5 sm:h-5 group-focus-within:text-amber-500 transition-colors" />
+                      <input
+                        type="text"
+                        placeholder="Search..."
+                        value={filters.search}
+                        onChange={(e) => setFilters({ ...filters, search: e.target.value })}
+                        className="w-full pl-8 sm:pl-10 pr-3 sm:pr-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 transition-all text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                      />
+                    </div>
+                    <select
+                      value={filters.status}
+                      onChange={(e) => setFilters({ ...filters, status: e.target.value })}
+                      className="px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 transition-all text-white text-xs sm:text-sm backdrop-blur-sm cursor-pointer"
+                    >
+                      <option value="" className="bg-slate-800">All Statuses</option>
+                      {statuses.map((status) => (
+                        <option key={status.value} value={status.value} className="bg-slate-800">
+                          {status.label}
+                        </option>
+                      ))}
+                    </select>
+                    <select
+                      value={filters.staff_id}
+                      onChange={(e) => setFilters({ ...filters, staff_id: e.target.value })}
+                      className="px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 transition-all text-white text-xs sm:text-sm backdrop-blur-sm cursor-pointer"
+                    >
+                      <option value="" className="bg-slate-800">All Staff</option>
+                      {staffMembers.map((staff) => (
+                        <option key={staff.id} value={staff.id} className="bg-slate-800">
+                          {staff.full_name}
+                        </option>
+                      ))}
+                    </select>
+                    <input
+                      type="date"
+                      value={filters.shift_date}
+                      onChange={(e) => setFilters({ ...filters, shift_date: e.target.value })}
+                      className="px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 transition-all text-white text-xs sm:text-sm backdrop-blur-sm"
+                    />
+                    <input
+                      type="text"
+                      value={filters.department}
+                      onChange={(e) => setFilters({ ...filters, department: e.target.value })}
+                      placeholder="Department"
+                      className="px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 transition-all text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                    />
+                  </div>
+                </div>
+
+                {/* Stats Cards */}
+                <div className="grid grid-cols-2 sm:grid-cols-4 gap-2 sm:gap-3">
+                  <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl p-2 sm:p-3 border border-white/20 shadow-lg ring-1 ring-white/10">
+                    <div className="flex items-center justify-between">
+                      <div>
+                        <p className="text-slate-400 text-[10px] sm:text-xs font-medium">Total</p>
+                        <p className="text-lg sm:text-xl md:text-2xl font-bold text-white mt-1">{totalItems}</p>
+                      </div>
+                      <Calendar className="w-6 h-6 sm:w-8 sm:h-8 text-amber-400" />
+                    </div>
+                  </div>
+                  <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl p-2 sm:p-3 border border-white/20 shadow-lg ring-1 ring-white/10">
+                    <div className="flex items-center justify-between">
+                      <div>
+                        <p className="text-slate-400 text-[10px] sm:text-xs font-medium">Scheduled</p>
+                        <p className="text-lg sm:text-xl md:text-2xl font-bold text-amber-400 mt-1">
+                          {shifts.filter(s => s.status === 'scheduled').length}
+                        </p>
+                      </div>
+                      <Clock className="w-6 h-6 sm:w-8 sm:h-8 text-amber-400" />
+                    </div>
+                  </div>
+                  <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl p-2 sm:p-3 border border-white/20 shadow-lg ring-1 ring-white/10">
+                    <div className="flex items-center justify-between">
+                      <div>
+                        <p className="text-slate-400 text-[10px] sm:text-xs font-medium">In Progress</p>
+                        <p className="text-lg sm:text-xl md:text-2xl font-bold text-blue-400 mt-1">
+                          {shifts.filter(s => s.status === 'in_progress').length}
+                        </p>
+                      </div>
+                      <Users className="w-6 h-6 sm:w-8 sm:h-8 text-blue-400" />
+                    </div>
+                  </div>
+                  <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl p-2 sm:p-3 border border-white/20 shadow-lg ring-1 ring-white/10">
+                    <div className="flex items-center justify-between">
+                      <div>
+                        <p className="text-slate-400 text-[10px] sm:text-xs font-medium">Completed</p>
+                        <p className="text-lg sm:text-xl md:text-2xl font-bold text-emerald-400 mt-1">
+                          {shifts.filter(s => s.status === 'completed').length}
+                        </p>
+                      </div>
+                      <Clock className="w-6 h-6 sm:w-8 sm:h-8 text-emerald-400" />
+                    </div>
+                  </div>
+                </div>
+
+                {/* Shifts Table */}
+                <div className="bg-gradient-to-br from-white/10 to-white/5 backdrop-blur-xl rounded-lg sm:rounded-xl border border-white/20 shadow-2xl overflow-hidden ring-1 ring-white/10">
+                  <div className="overflow-x-auto">
+                    <table className="w-full">
+                      <thead className="bg-white/5 border-b border-white/10">
+                        <tr>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider">Staff</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider">Date</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider hidden sm:table-cell">Type</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider">Time</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider hidden md:table-cell">Dept</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-left text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider">Status</th>
+                          <th className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-right text-[10px] sm:text-xs font-semibold text-slate-300 uppercase tracking-wider">Actions</th>
+                        </tr>
+                      </thead>
+                      <tbody className="divide-y divide-white/10">
+                        {shifts.map((shift) => {
+                          const statusBadge = getStatusBadge(shift.status);
+                          return (
+                            <tr key={shift.id} className="hover:bg-white/5 transition-colors">
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3">
+                                <div className="font-semibold text-white text-xs sm:text-sm">{shift.staff_name || `Staff #${shift.staff_id}`}</div>
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3">
+                                <div className="text-white font-medium text-xs sm:text-sm">{formatDate(shift.shift_date)}</div>
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 hidden sm:table-cell">
+                                <span className="px-2 py-1 rounded text-[10px] sm:text-xs font-medium bg-white/10 text-slate-300">
+                                  {shiftTypes.find((t) => t.value === shift.shift_type)?.label || shift.shift_type}
+                                </span>
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3">
+                                <div className="text-white font-medium text-xs sm:text-sm">{shift.start_time} - {shift.end_time}</div>
+                                {shift.break_duration_minutes && (
+                                  <div className="text-[10px] text-slate-400 mt-0.5">Break: {shift.break_duration_minutes} min</div>
+                                )}
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-slate-300 text-xs sm:text-sm hidden md:table-cell">
+                                {shift.department || '—'}
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3">
+                                <div className="flex items-center gap-1 sm:gap-2 flex-wrap">
+                                  <span className={`px-2 py-1 rounded text-[10px] sm:text-xs font-medium ${statusBadge.color}`}>
+                                    {statusBadge.label}
+                                  </span>
+                                  {shift.actual_start_time && (
+                                    <span className="text-[10px] text-slate-400" title={`Started: ${new Date(shift.actual_start_time).toLocaleTimeString()}`}>
+                                      ✓
+                                    </span>
+                                  )}
+                                </div>
+                              </td>
+                              <td className="px-2 sm:px-3 md:px-4 lg:px-6 py-2 sm:py-3 text-right">
+                                <div className="flex items-center justify-end gap-1 sm:gap-2">
+                                  <button
+                                    onClick={() => {
+                                      if (!canEditShift(shift)) {
+                                        setActionBlocked({
+                                          title: 'Edit not allowed',
+                                          message: 'Shifts that are in progress or completed cannot be modified. Please cancel and recreate if needed.',
+                                        });
+                                        return;
+                                      }
+                                      handleEdit(shift);
+                                    }}
+                                    className={`p-1 sm:p-1.5 text-blue-400 rounded-lg transition-colors ${canEditShift(shift) ? 'hover:bg-blue-500/20' : 'opacity-60 cursor-not-allowed'}`}
+                                    title={canEditShift(shift) ? 'Edit' : 'Cannot edit this shift'}
+                                  >
+                                    <Edit className="w-3 h-3 sm:w-4 sm:h-4" />
+                                  </button>
+                                  {canCancelShift(shift) && (
+                                    <button
+                                      onClick={() => {
+                                        setSelectedShift(shift);
+                                        setShowCancelModal(true);
+                                      }}
+                                      disabled={processingStatus === shift.id}
+                                      className="flex items-center gap-1 px-2 py-1 text-[10px] sm:text-xs bg-red-500/20 text-red-300 rounded-lg hover:bg-red-500/30 transition-colors disabled:opacity-50"
+                                      title="Cancel"
+                                    >
+                                      <XCircle className="w-3 h-3 sm:w-4 sm:h-4" />
+                                      <span className="hidden sm:inline">Cancel</span>
+                                    </button>
+                                  )}
+                                </div>
+                              </td>
+                            </tr>
+                          );
+                        })}
+                      </tbody>
+                    </table>
+                  </div>
+                  {shifts.length === 0 && !loading && (
+                    <div className="text-center py-8 sm:py-12">
+                      <Calendar className="w-12 h-12 sm:w-16 sm:h-16 text-slate-400 mx-auto mb-3 sm:mb-4" />
+                      <p className="text-slate-300 text-sm sm:text-base md:text-lg">No shifts found</p>
+                    </div>
+                  )}
+                </div>
+
+                {/* Pagination */}
+                {totalPages > 1 && (
+                  <div className="flex justify-center">
+                    <Pagination
+                      currentPage={currentPage}
+                      totalPages={totalPages}
+                      onPageChange={setCurrentPage}
+                    />
+                  </div>
+                )}
+              </div>
+            )}
+          </div>
+        </div>
+
+        {/* Delete Confirmation Modal */}
+        {showDeleteModal && shiftToDelete && (
+          <div className="fixed inset-0 z-50 flex items-center justify-center p-3 sm:p-4 bg-black/70 backdrop-blur-md">
+            <div className="bg-gradient-to-br from-slate-800/95 to-slate-900/95 backdrop-blur-xl rounded-xl sm:rounded-2xl shadow-2xl max-w-md w-full border border-white/20 ring-2 ring-white/10">
+              <div className="p-3 sm:p-4 md:p-6">
+                <div className="flex items-center gap-2 sm:gap-3 mb-3 sm:mb-4">
+                  <div className="p-1.5 sm:p-2 bg-red-500/20 rounded-lg ring-1 ring-red-500/30">
+                    <AlertCircle className="w-4 h-4 sm:w-5 sm:h-5 md:w-6 md:h-6 text-red-400" />
+                  </div>
+                  <h3 className="text-lg sm:text-xl md:text-2xl font-bold text-white">Delete Shift</h3>
+                </div>
+                <p className="text-slate-300 mb-3 sm:mb-4 md:mb-6 text-xs sm:text-sm md:text-base leading-relaxed">
+                  Are you sure you want to delete the shift for{' '}
+                  <span className="font-semibold text-white">
+                    {shiftToDelete.staff_name || `Staff #${shiftToDelete.staff_id}`}
+                  </span>{' '}
+                  on {formatDate(shiftToDelete.shift_date)}? This action cannot be undone.
+                </p>
+                <div className="flex flex-col sm:flex-row gap-2 sm:gap-3">
+                  <button
+                    onClick={() => {
+                      setShowDeleteModal(false);
+                      setShiftToDelete(null);
+                    }}
+                    className="flex-1 px-3 sm:px-4 md:px-6 py-2 sm:py-2.5 md:py-3 bg-white/10 hover:bg-white/20 text-white rounded-lg sm:rounded-xl font-semibold transition-all duration-200 text-xs sm:text-sm md:text-base ring-1 ring-white/10 hover:ring-white/20"
+                    disabled={deleting}
+                  >
+                    Cancel
+                  </button>
+                  <button
+                    onClick={handleDelete}
+                    disabled={deleting}
+                    className="flex-1 px-3 sm:px-4 md:px-6 py-2 sm:py-2.5 md:py-3 bg-gradient-to-r from-red-500 to-red-600 hover:from-red-600 hover:to-red-700 text-white rounded-lg sm:rounded-xl font-semibold transition-all duration-200 shadow-lg shadow-red-500/50 disabled:opacity-50 text-xs sm:text-sm md:text-base ring-2 ring-red-500/30 hover:ring-red-500/50"
+                  >
+                    {deleting ? 'Deleting...' : 'Delete'}
+                  </button>
+                </div>
+              </div>
+            </div>
+          </div>
+        )}
+
+        {/* Create/Edit Modal */}
+        {showModal && (
+          <div className="fixed inset-0 z-50 flex items-center justify-center p-3 sm:p-4 bg-black/70 backdrop-blur-md">
+            <div className="bg-gradient-to-br from-slate-800/95 to-slate-900/95 backdrop-blur-xl rounded-xl sm:rounded-2xl shadow-2xl max-w-2xl w-full max-h-[90vh] overflow-y-auto border border-white/20 ring-2 ring-white/10 custom-scrollbar">
+              <div className="sticky top-0 bg-slate-800/95 backdrop-blur-xl border-b border-white/10 px-4 sm:px-6 py-3 sm:py-4 flex items-center justify-between">
+                <h2 className="text-lg sm:text-xl md:text-2xl font-bold text-white">
+                  {editingShift ? 'Edit Shift' : 'Create Shift'}
+                </h2>
+                <button
+                  onClick={() => {
+                    setShowModal(false);
+                    resetForm();
+                  }}
+                  className="p-2 hover:bg-white/10 rounded-lg transition-colors"
+                >
+                  <X className="w-5 h-5 sm:w-6 sm:h-6 text-white" />
+                </button>
+              </div>
+              <form onSubmit={handleSubmit} className="p-4 sm:p-6 space-y-4 sm:space-y-6">
+                <div className="grid grid-cols-1 sm:grid-cols-2 gap-3 sm:gap-4">
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Staff Member / Housekeeping *</label>
+                    <select
+                      value={formData.staff_id}
+                      onChange={(e) => setFormData({ ...formData, staff_id: parseInt(e.target.value) || 0 })}
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      required
+                      disabled={!!editingShift}
+                    >
+                      <option value={0} className="bg-slate-800">Select Staff or Housekeeping</option>
+                      {staffMembers.map((staff) => (
+                        <option key={staff.id} value={staff.id} className="bg-slate-800">
+                          {staff.full_name} ({staff.role})
+                        </option>
+                      ))}
+                    </select>
+                  </div>
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Shift Date *</label>
+                    <DatePicker
+                      selected={formData.shift_date}
+                      onChange={(date: Date | null) => {
+                        if (date) setFormData({ ...formData, shift_date: date });
+                      }}
+                      dateFormat="MMMM d, yyyy"
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      required
+                    />
+                  </div>
+                </div>
+
+                <div className="grid grid-cols-1 sm:grid-cols-2 gap-3 sm:gap-4">
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Shift Type *</label>
+                    <select
+                      value={formData.shift_type}
+                      onChange={(e) => setFormData({ ...formData, shift_type: e.target.value })}
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      required
+                    >
+                      {shiftTypes.map((type) => (
+                        <option key={type.value} value={type.value} className="bg-slate-800">
+                          {type.label}
+                        </option>
+                      ))}
+                    </select>
+                  </div>
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Status</label>
+                    <input
+                      type="text"
+                      value="Scheduled (Auto-managed)"
+                      disabled
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/5 border border-white/10 rounded-lg sm:rounded-xl text-slate-400 text-xs sm:text-sm cursor-not-allowed"
+                    />
+                    <p className="text-[10px] sm:text-xs text-slate-400 mt-1">
+                      Shifts are automatically managed. Status will change based on time.
+                    </p>
+                  </div>
+                </div>
+
+                <div className="grid grid-cols-1 sm:grid-cols-3 gap-3 sm:gap-4">
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Start Time *</label>
+                    <input
+                      type="time"
+                      value={formData.start_time}
+                      onChange={(e) => setFormData({ ...formData, start_time: e.target.value })}
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      required
+                    />
+                  </div>
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">End Time *</label>
+                    <input
+                      type="time"
+                      value={formData.end_time}
+                      onChange={(e) => setFormData({ ...formData, end_time: e.target.value })}
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      required
+                    />
+                  </div>
+                  <div>
+                    <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Break (minutes)</label>
+                    <input
+                      type="number"
+                      value={formData.break_duration_minutes}
+                      onChange={(e) => setFormData({ ...formData, break_duration_minutes: parseInt(e.target.value) || 30 })}
+                      className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white text-xs sm:text-sm backdrop-blur-sm"
+                      min="0"
+                    />
+                  </div>
+                </div>
+
+                <div>
+                  <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Department</label>
+                  <input
+                    type="text"
+                    value={formData.department}
+                    onChange={(e) => setFormData({ ...formData, department: e.target.value })}
+                    placeholder="e.g., reception, housekeeping"
+                    className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                  />
+                </div>
+
+                <div>
+                  <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Notes</label>
+                  <textarea
+                    value={formData.notes}
+                    onChange={(e) => setFormData({ ...formData, notes: e.target.value })}
+                    className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                    rows={3}
+                  />
+                </div>
+
+                <div className="flex gap-3 sm:gap-4 pt-3 sm:pt-4 border-t border-white/10">
+                  <button
+                    type="button"
+                    onClick={() => {
+                      setShowModal(false);
+                      resetForm();
+                    }}
+                    className="flex-1 px-4 sm:px-6 py-2 sm:py-2.5 md:py-3 bg-white/10 text-white rounded-lg sm:rounded-xl font-semibold hover:bg-white/20 transition-colors text-xs sm:text-sm md:text-base"
+                  >
+                    Cancel
+                  </button>
+                  <button
+                    type="submit"
+                    className="flex-1 px-4 sm:px-6 py-2 sm:py-2.5 md:py-3 bg-gradient-to-r from-amber-500 to-amber-600 text-white rounded-lg sm:rounded-xl font-semibold hover:from-amber-600 hover:to-amber-700 transition-all shadow-lg shadow-amber-500/50 text-xs sm:text-sm md:text-base"
+                  >
+                    {editingShift ? 'Update Shift' : 'Create Shift'}
+                  </button>
+                </div>
+              </form>
+            </div>
+          </div>
+        )}
+
+        {/* Cancel Shift Modal */}
+        {showCancelModal && selectedShift && (
+          <div className="fixed inset-0 z-50 flex items-center justify-center p-3 sm:p-4 bg-black/70 backdrop-blur-md">
+            <div className="bg-gradient-to-br from-slate-800/95 to-slate-900/95 backdrop-blur-xl rounded-xl sm:rounded-2xl shadow-2xl max-w-md w-full border border-white/20 ring-2 ring-white/10">
+              <div className="sticky top-0 bg-slate-800/95 backdrop-blur-xl border-b border-white/10 px-4 sm:px-6 py-3 sm:py-4 flex items-center justify-between">
+                <h2 className="text-lg sm:text-xl md:text-2xl font-bold text-white">Cancel Shift</h2>
+                <button
+                  onClick={() => {
+                    setShowCancelModal(false);
+                    setSelectedShift(null);
+                    setCancelReason('');
+                    setCancelNotes('');
+                  }}
+                  className="p-2 hover:bg-white/10 rounded-lg transition-colors"
+                >
+                  <X className="w-5 h-5 sm:w-6 sm:h-6 text-white" />
+                </button>
+              </div>
+              <div className="p-4 sm:p-6 space-y-3 sm:space-y-4">
+                <div className="bg-amber-500/10 border border-amber-500/30 rounded-lg p-3 sm:p-4">
+                  <div className="flex items-start gap-2 sm:gap-3">
+                    <AlertCircle className="w-4 h-4 sm:w-5 sm:h-5 text-amber-400 mt-0.5 flex-shrink-0" />
+                    <div>
+                      <p className="font-semibold text-amber-300 text-xs sm:text-sm">Cancel Shift</p>
+                      <p className="text-xs sm:text-sm text-amber-200/80 mt-1">
+                        Are you sure you want to cancel this shift for {selectedShift.staff_name}?
+                      </p>
+                    </div>
+                  </div>
+                </div>
+                <div>
+                  <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Reason (Optional)</label>
+                  <input
+                    type="text"
+                    value={cancelReason}
+                    onChange={(e) => setCancelReason(e.target.value)}
+                    placeholder="e.g., Staff request, Emergency"
+                    className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                  />
+                </div>
+                <div>
+                  <label className="block text-xs sm:text-sm font-semibold text-slate-300 mb-1.5 sm:mb-2">Notes (Optional)</label>
+                  <textarea
+                    value={cancelNotes}
+                    onChange={(e) => setCancelNotes(e.target.value)}
+                    placeholder="Additional notes..."
+                    className="w-full px-3 sm:px-4 py-2 sm:py-2.5 bg-white/10 border border-white/20 rounded-lg sm:rounded-xl focus:border-amber-400 focus:ring-2 focus:ring-amber-500/30 text-white placeholder-slate-400 text-xs sm:text-sm backdrop-blur-sm"
+                    rows={3}
+                  />
+                </div>
+                <div className="flex gap-3 sm:gap-4 pt-3 sm:pt-4 border-t border-white/10">
+                  <button
+                    type="button"
+                    onClick={() => {
+                      setShowCancelModal(false);
+                      setSelectedShift(null);
+                      setCancelReason('');
+                      setCancelNotes('');
+                    }}
+                    className="flex-1 px-4 sm:px-6 py-2 sm:py-2.5 md:py-3 bg-white/10 text-white rounded-lg sm:rounded-xl font-semibold hover:bg-white/20 transition-colors text-xs sm:text-sm md:text-base"
+                  >
+                    Cancel
+                  </button>
+                  <button
+                    type="button"
+                    onClick={handleCancelShift}
+                    disabled={processingStatus === selectedShift.id}
+                    className="flex-1 px-4 sm:px-6 py-2 sm:py-2.5 md:py-3 bg-gradient-to-r from-red-500 to-red-600 text-white rounded-lg sm:rounded-xl font-semibold hover:from-red-600 hover:to-red-700 transition-all disabled:opacity-50 disabled:cursor-not-allowed shadow-lg shadow-red-500/50 text-xs sm:text-sm md:text-base"
+                  >
+                    {processingStatus === selectedShift.id ? 'Cancelling...' : 'Confirm Cancel'}
+                  </button>
+                </div>
+              </div>
+            </div>
+          </div>
+        )}
+
+        {/* Action Blocked Modal */}
+        {actionBlocked && (
+          <div className="fixed inset-0 z-50 flex items-center justify-center p-3 sm:p-4 bg-black/70 backdrop-blur-md">
+            <div className="bg-gradient-to-br from-slate-800/95 to-slate-900/95 backdrop-blur-xl rounded-xl sm:rounded-2xl shadow-2xl max-w-md w-full border border-white/20 ring-2 ring-amber-500/30">
+              <div className="p-4 sm:p-5">
+                <div className="flex items-center gap-2 sm:gap-3 mb-3">
+                  <AlertCircle className="w-5 h-5 sm:w-6 sm:h-6 text-amber-400" />
+                  <h3 className="text-lg sm:text-xl font-bold text-white">{actionBlocked.title}</h3>
+                </div>
+                <p className="text-slate-300 text-sm sm:text-base mb-4">{actionBlocked.message}</p>
+                <div className="flex justify-end">
+                  <button
+                    onClick={() => setActionBlocked(null)}
+                    className="px-4 sm:px-5 py-2 bg-white/10 hover:bg-white/20 text-white rounded-lg sm:rounded-xl font-semibold transition-all ring-1 ring-white/10"
+                  >
+                    Got it
+                  </button>
+                </div>
+              </div>
+            </div>
+          </div>
+        )}
+      </div>
+    </>
+  );
+};
+
+export default StaffShiftDashboardPage;
diff --git a/Frontend/src/pages/admin/StaffShiftManagementPage.tsx b/Frontend/src/pages/admin/StaffShiftManagementPage.tsx
deleted file mode 100644
index c0ee705f..00000000
--- a/Frontend/src/pages/admin/StaffShiftManagementPage.tsx
+++ /dev/null
@@ -1,620 +0,0 @@
-import React, { useEffect, useState } from 'react';
-import { Search, Plus, Edit, Calendar, Clock, Users, X, Filter } from 'lucide-react';
-import staffShiftService, { StaffShift } from '../../features/staffShifts/services/staffShiftService';
-import userService, { User } from '../../features/auth/services/userService';
-import { toast } from 'react-toastify';
-import Loading from '../../shared/components/Loading';
-import Pagination from '../../shared/components/Pagination';
-import { formatDate } from '../../shared/utils/format';
-import DatePicker from 'react-datepicker';
-import 'react-datepicker/dist/react-datepicker.css';
-
-const StaffShiftManagementPage: React.FC = () => {
-  const [shifts, setShifts] = useState<StaffShift[]>([]);
-  const [loading, setLoading] = useState(true);
-  const [showModal, setShowModal] = useState(false);
-  const [editingShift, setEditingShift] = useState<StaffShift | null>(null);
-  const [staffMembers, setStaffMembers] = useState<User[]>([]);
-  
-  const [filters, setFilters] = useState({
-    search: '',
-    status: '',
-    staff_id: '',
-    shift_date: '',
-    department: '',
-  });
-  
-  const [currentPage, setCurrentPage] = useState(1);
-  const [totalPages, setTotalPages] = useState(1);
-  const [totalItems, setTotalItems] = useState(0);
-  const itemsPerPage = 20;
-
-  const [formData, setFormData] = useState({
-    staff_id: 0,
-    shift_date: new Date(),
-    shift_type: 'full_day',
-    start_time: '08:00',
-    end_time: '20:00',
-    status: 'scheduled',
-    break_duration_minutes: 30,
-    department: '',
-    notes: '',
-  });
-
-  const shiftTypes = [
-    { value: 'morning', label: 'Morning (6 AM - 2 PM)' },
-    { value: 'afternoon', label: 'Afternoon (2 PM - 10 PM)' },
-    { value: 'night', label: 'Night (10 PM - 6 AM)' },
-    { value: 'full_day', label: 'Full Day (8 AM - 8 PM)' },
-    { value: 'custom', label: 'Custom' },
-  ];
-
-  const statuses = [
-    { value: 'scheduled', label: 'Scheduled', color: 'bg-yellow-100 text-yellow-800' },
-    { value: 'in_progress', label: 'In Progress', color: 'bg-blue-100 text-blue-800' },
-    { value: 'completed', label: 'Completed', color: 'bg-green-100 text-green-800' },
-    { value: 'cancelled', label: 'Cancelled', color: 'bg-gray-100 text-gray-800' },
-    { value: 'no_show', label: 'No Show', color: 'bg-red-100 text-red-800' },
-  ];
-
-  useEffect(() => {
-    setCurrentPage(1);
-  }, [filters]);
-
-  useEffect(() => {
-    fetchShifts();
-    fetchStaffMembers();
-  }, [filters, currentPage]);
-
-  const fetchShifts = async () => {
-    try {
-      setLoading(true);
-      const params: any = {
-        page: currentPage,
-        limit: itemsPerPage,
-      };
-      
-      if (filters.status) params.status = filters.status;
-      if (filters.staff_id) params.staff_id = parseInt(filters.staff_id);
-      if (filters.shift_date) params.shift_date = filters.shift_date;
-      if (filters.department) params.department = filters.department;
-
-      const response = await staffShiftService.getShifts(params);
-      
-      if (response.status === 'success' && response.data) {
-        let shiftList = response.data.shifts || [];
-        
-        if (filters.search) {
-          shiftList = shiftList.filter((shift: StaffShift) =>
-            shift.staff_name?.toLowerCase().includes(filters.search.toLowerCase()) ||
-            shift.department?.toLowerCase().includes(filters.search.toLowerCase())
-          );
-        }
-        
-        setShifts(shiftList);
-        setTotalPages(response.data.pagination?.total_pages || 1);
-        setTotalItems(response.data.pagination?.total || 0);
-      }
-    } catch (error: any) {
-      toast.error(error.response?.data?.message || 'Unable to load shifts');
-    } finally {
-      setLoading(false);
-    }
-  };
-
-  const fetchStaffMembers = async () => {
-    try {
-      // Fetch both staff and housekeeping users
-      const [staffResponse, housekeepingResponse] = await Promise.all([
-        userService.getUsers({ role: 'staff', limit: 100 }),
-        userService.getUsers({ role: 'housekeeping', limit: 100 })
-      ]);
-      
-      const allUsers: User[] = [];
-      if (staffResponse.data && staffResponse.data.users) {
-        allUsers.push(...staffResponse.data.users);
-      }
-      if (housekeepingResponse.data && housekeepingResponse.data.users) {
-        allUsers.push(...housekeepingResponse.data.users);
-      }
-      
-      setStaffMembers(allUsers);
-    } catch (error) {
-      console.error('Error fetching staff members:', error);
-    }
-  };
-
-  const handleSubmit = async (e: React.FormEvent) => {
-    e.preventDefault();
-    
-    if (!formData.staff_id) {
-      toast.error('Please select a staff member or housekeeping user');
-      return;
-    }
-    
-    try {
-      const dataToSubmit: any = {
-        staff_id: formData.staff_id,
-        shift_date: formData.shift_date.toISOString(),
-        shift_type: formData.shift_type,
-        start_time: formData.start_time,
-        end_time: formData.end_time,
-        status: formData.status,
-        break_duration_minutes: formData.break_duration_minutes,
-      };
-
-      if (formData.department) {
-        dataToSubmit.department = formData.department;
-      }
-
-      if (formData.notes) {
-        dataToSubmit.notes = formData.notes;
-      }
-
-      if (editingShift) {
-        await staffShiftService.updateShift(editingShift.id, dataToSubmit);
-        toast.success('Shift updated successfully');
-      } else {
-        await staffShiftService.createShift(dataToSubmit);
-        toast.success('Shift created successfully');
-      }
-      
-      setShowModal(false);
-      resetForm();
-      fetchShifts();
-    } catch (error: any) {
-      toast.error(error.response?.data?.message || 'Unable to save shift');
-    }
-  };
-
-  const handleEdit = (shift: StaffShift) => {
-    setEditingShift(shift);
-    const shiftDate = shift.shift_date ? new Date(shift.shift_date) : new Date();
-    setFormData({
-      staff_id: shift.staff_id,
-      shift_date: shiftDate,
-      shift_type: shift.shift_type,
-      start_time: shift.start_time || '08:00',
-      end_time: shift.end_time || '20:00',
-      status: shift.status,
-      break_duration_minutes: shift.break_duration_minutes || 30,
-      department: shift.department || '',
-      notes: shift.notes || '',
-    });
-    setShowModal(true);
-  };
-
-  const handleStatusUpdate = async (shiftId: number, newStatus: string) => {
-    try {
-      await staffShiftService.updateShift(shiftId, {
-        status: newStatus,
-      });
-      toast.success('Shift status updated successfully');
-      fetchShifts();
-    } catch (error: any) {
-      toast.error(error.response?.data?.message || 'Unable to update status');
-    }
-  };
-
-  const resetForm = () => {
-    setEditingShift(null);
-    setFormData({
-      staff_id: 0,
-      shift_date: new Date(),
-      shift_type: 'full_day',
-      start_time: '08:00',
-      end_time: '20:00',
-      status: 'scheduled',
-      break_duration_minutes: 30,
-      department: '',
-      notes: '',
-    });
-  };
-
-  const getStatusBadge = (status: string) => {
-    const statusObj = statuses.find((s) => s.value === status);
-    return statusObj || statuses[0];
-  };
-
-  const getScheduledShifts = () => shifts.filter((s) => s.status === 'scheduled').length;
-  const getCompletedShifts = () => shifts.filter((s) => s.status === 'completed').length;
-  const getInProgressShifts = () => shifts.filter((s) => s.status === 'in_progress').length;
-
-  if (loading && shifts.length === 0) {
-    return <Loading fullScreen text="Loading shifts..." />;
-  }
-
-  return (
-    <div className="space-y-8 bg-gradient-to-br from-slate-50 via-white to-slate-50 min-h-screen -m-6 p-8">
-      {/* Header */}
-      <div className="flex flex-col sm:flex-row justify-between items-start sm:items-center gap-4 animate-fade-in">
-        <div>
-          <div className="flex items-center gap-3 mb-2">
-            <div className="h-1 w-16 bg-gradient-to-r from-amber-400 to-amber-600 rounded-full"></div>
-            <h1 className="text-4xl font-bold bg-gradient-to-r from-slate-900 via-slate-800 to-slate-900 bg-clip-text text-transparent tracking-tight">
-              Staff Shift Management
-            </h1>
-          </div>
-          <p className="text-slate-600 mt-3 text-lg font-light">Manage staff and housekeeping schedules and shifts</p>
-        </div>
-        <button
-          onClick={() => {
-            resetForm();
-            setShowModal(true);
-          }}
-          className="flex items-center gap-2 px-6 py-3 bg-gradient-to-r from-amber-500 to-amber-600 text-white rounded-xl font-semibold hover:from-amber-600 hover:to-amber-700 transition-all duration-200 shadow-lg hover:shadow-xl"
-        >
-          <Plus className="w-5 h-5" />
-          New Shift
-        </button>
-      </div>
-
-      {/* Filters */}
-      <div className="bg-white/80 backdrop-blur-sm rounded-2xl shadow-xl border border-slate-200/60 p-6 animate-fade-in">
-        <div className="grid grid-cols-1 md:grid-cols-5 gap-5">
-          <div className="relative group">
-            <Search className="absolute left-4 top-1/2 transform -translate-y-1/2 text-slate-400 w-5 h-5 group-focus-within:text-amber-500 transition-colors" />
-            <input
-              type="text"
-              placeholder="Search shifts..."
-              value={filters.search}
-              onChange={(e) => setFilters({ ...filters, search: e.target.value })}
-              className="w-full pl-12 pr-4 py-3.5 bg-white border-2 border-slate-200 rounded-xl focus:border-amber-400 focus:ring-4 focus:ring-amber-100 transition-all duration-200 text-slate-700 placeholder-slate-400 font-medium shadow-sm hover:shadow-md"
-            />
-          </div>
-          <select
-            value={filters.status}
-            onChange={(e) => setFilters({ ...filters, status: e.target.value })}
-            className="px-4 py-3.5 bg-white border-2 border-slate-200 rounded-xl focus:border-amber-400 focus:ring-4 focus:ring-amber-100 transition-all duration-200 text-slate-700 font-medium shadow-sm hover:shadow-md cursor-pointer"
-          >
-            <option value="">All Statuses</option>
-            {statuses.map((status) => (
-              <option key={status.value} value={status.value}>
-                {status.label}
-              </option>
-            ))}
-          </select>
-          <select
-            value={filters.staff_id}
-            onChange={(e) => setFilters({ ...filters, staff_id: e.target.value })}
-            className="px-4 py-3.5 bg-white border-2 border-slate-200 rounded-xl focus:border-amber-400 focus:ring-4 focus:ring-amber-100 transition-all duration-200 text-slate-700 font-medium shadow-sm hover:shadow-md cursor-pointer"
-          >
-            <option value="">All Staff / Housekeeping</option>
-            {staffMembers.map((staff) => (
-              <option key={staff.id} value={staff.id}>
-                {staff.full_name}
-              </option>
-            ))}
-          </select>
-          <input
-            type="date"
-            value={filters.shift_date}
-            onChange={(e) => setFilters({ ...filters, shift_date: e.target.value })}
-            className="px-4 py-3.5 bg-white border-2 border-slate-200 rounded-xl focus:border-amber-400 focus:ring-4 focus:ring-amber-100 transition-all duration-200 text-slate-700 font-medium shadow-sm hover:shadow-md"
-            placeholder="Shift Date"
-          />
-          <input
-            type="text"
-            value={filters.department}
-            onChange={(e) => setFilters({ ...filters, department: e.target.value })}
-            placeholder="Department"
-            className="px-4 py-3.5 bg-white border-2 border-slate-200 rounded-xl focus:border-amber-400 focus:ring-4 focus:ring-amber-100 transition-all duration-200 text-slate-700 placeholder-slate-400 font-medium shadow-sm hover:shadow-md"
-          />
-        </div>
-      </div>
-
-      {/* Stats */}
-      <div className="grid grid-cols-1 md:grid-cols-4 gap-6 animate-fade-in">
-        <div className="bg-white/80 backdrop-blur-sm rounded-xl shadow-lg border border-slate-200/60 p-6">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="text-slate-600 text-sm font-medium">Total Shifts</p>
-              <p className="text-3xl font-bold text-slate-900 mt-2">{totalItems}</p>
-            </div>
-            <Calendar className="w-12 h-12 text-amber-500" />
-          </div>
-        </div>
-        <div className="bg-white/80 backdrop-blur-sm rounded-xl shadow-lg border border-slate-200/60 p-6">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="text-slate-600 text-sm font-medium">Scheduled</p>
-              <p className="text-3xl font-bold text-yellow-600 mt-2">{getScheduledShifts()}</p>
-            </div>
-            <Clock className="w-12 h-12 text-yellow-500" />
-          </div>
-        </div>
-        <div className="bg-white/80 backdrop-blur-sm rounded-xl shadow-lg border border-slate-200/60 p-6">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="text-slate-600 text-sm font-medium">In Progress</p>
-              <p className="text-3xl font-bold text-blue-600 mt-2">{getInProgressShifts()}</p>
-            </div>
-            <Users className="w-12 h-12 text-blue-500" />
-          </div>
-        </div>
-        <div className="bg-white/80 backdrop-blur-sm rounded-xl shadow-lg border border-slate-200/60 p-6">
-          <div className="flex items-center justify-between">
-            <div>
-              <p className="text-slate-600 text-sm font-medium">Completed</p>
-              <p className="text-3xl font-bold text-green-600 mt-2">{getCompletedShifts()}</p>
-            </div>
-            <Clock className="w-12 h-12 text-green-500" />
-          </div>
-        </div>
-      </div>
-
-      {/* Shifts Table */}
-      <div className="bg-white/80 backdrop-blur-sm rounded-2xl shadow-xl border border-slate-200/60 overflow-hidden animate-fade-in">
-        <div className="overflow-x-auto">
-          <table className="w-full">
-            <thead className="bg-gradient-to-r from-slate-50 to-gray-50 border-b-2 border-slate-200">
-              <tr>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Staff Member
-                </th>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Date
-                </th>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Shift Type
-                </th>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Time
-                </th>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Department
-                </th>
-                <th className="px-6 py-4 text-left text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Status
-                </th>
-                <th className="px-6 py-4 text-right text-xs font-semibold text-slate-700 uppercase tracking-wider">
-                  Actions
-                </th>
-              </tr>
-            </thead>
-            <tbody className="bg-white divide-y divide-slate-200">
-              {shifts.map((shift) => {
-                const statusBadge = getStatusBadge(shift.status);
-                return (
-                  <tr key={shift.id} className="hover:bg-slate-50 transition-colors">
-                    <td className="px-6 py-4">
-                      <div className="font-semibold text-slate-900">{shift.staff_name || `Staff #${shift.staff_id}`}</div>
-                    </td>
-                    <td className="px-6 py-4">
-                      <div className="text-slate-900 font-medium">
-                        {formatDate(shift.shift_date)}
-                      </div>
-                    </td>
-                    <td className="px-6 py-4">
-                      <span className="px-3 py-1 rounded-full text-sm font-medium bg-slate-100 text-slate-800">
-                        {shiftTypes.find((t) => t.value === shift.shift_type)?.label || shift.shift_type}
-                      </span>
-                    </td>
-                    <td className="px-6 py-4">
-                      <div className="text-slate-900 font-medium">
-                        {shift.start_time} - {shift.end_time}
-                      </div>
-                      {shift.break_duration_minutes && (
-                        <div className="text-xs text-slate-500 mt-1">
-                          Break: {shift.break_duration_minutes} min
-                        </div>
-                      )}
-                    </td>
-                    <td className="px-6 py-4 text-slate-600">
-                      {shift.department || '—'}
-                    </td>
-                    <td className="px-6 py-4">
-                      <span className={`px-3 py-1 rounded-full text-sm font-medium ${statusBadge.color}`}>
-                        {statusBadge.label}
-                      </span>
-                    </td>
-                    <td className="px-6 py-4 text-right">
-                      <div className="flex items-center justify-end gap-2">
-                        <button
-                          onClick={() => handleEdit(shift)}
-                          className="p-2 text-blue-600 hover:bg-blue-50 rounded-lg transition-colors"
-                          title="Edit"
-                        >
-                          <Edit className="w-5 h-5" />
-                        </button>
-                        <select
-                          value={shift.status}
-                          onChange={(e) => handleStatusUpdate(shift.id, e.target.value)}
-                          className="px-3 py-1.5 text-sm border-2 border-slate-200 rounded-lg focus:border-amber-400 cursor-pointer"
-                          onClick={(e) => e.stopPropagation()}
-                        >
-                          {statuses.map((status) => (
-                            <option key={status.value} value={status.value}>
-                              {status.label}
-                            </option>
-                          ))}
-                        </select>
-                      </div>
-                    </td>
-                  </tr>
-                );
-              })}
-            </tbody>
-          </table>
-        </div>
-        {shifts.length === 0 && !loading && (
-          <div className="text-center py-12">
-            <Calendar className="w-16 h-16 text-slate-400 mx-auto mb-4" />
-            <p className="text-slate-600 text-lg">No shifts found</p>
-          </div>
-        )}
-      </div>
-
-      {/* Pagination */}
-      {totalPages > 1 && (
-        <Pagination
-          currentPage={currentPage}
-          totalPages={totalPages}
-          onPageChange={setCurrentPage}
-        />
-      )}
-
-      {/* Create/Edit Modal */}
-      {showModal && (
-        <div className="fixed inset-0 z-50 flex items-center justify-center p-4 bg-black/50 backdrop-blur-sm">
-          <div className="bg-white rounded-2xl shadow-2xl max-w-2xl w-full max-h-[90vh] overflow-y-auto">
-            <div className="sticky top-0 bg-white border-b border-slate-200 px-6 py-4 flex items-center justify-between">
-              <h2 className="text-2xl font-bold text-slate-900">
-                {editingShift ? 'Edit Shift' : 'Create Shift'}
-              </h2>
-              <button
-                onClick={() => {
-                  setShowModal(false);
-                  resetForm();
-                }}
-                className="p-2 hover:bg-slate-100 rounded-lg transition-colors"
-              >
-                <X className="w-6 h-6" />
-              </button>
-            </div>
-            <form onSubmit={handleSubmit} className="p-6 space-y-6">
-              <div className="grid grid-cols-2 gap-4">
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Staff Member / Housekeeping *</label>
-                  <select
-                    value={formData.staff_id}
-                    onChange={(e) => setFormData({ ...formData, staff_id: parseInt(e.target.value) || 0 })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                    disabled={!!editingShift}
-                  >
-                    <option value={0}>Select Staff or Housekeeping</option>
-                    {staffMembers.map((staff) => (
-                      <option key={staff.id} value={staff.id}>
-                        {staff.full_name} ({staff.role})
-                      </option>
-                    ))}
-                  </select>
-                </div>
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Shift Date *</label>
-                  <DatePicker
-                    selected={formData.shift_date}
-                    onChange={(date: Date) => setFormData({ ...formData, shift_date: date })}
-                    dateFormat="MMMM d, yyyy"
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                  />
-                </div>
-              </div>
-
-              <div className="grid grid-cols-2 gap-4">
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Shift Type *</label>
-                  <select
-                    value={formData.shift_type}
-                    onChange={(e) => setFormData({ ...formData, shift_type: e.target.value })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                  >
-                    {shiftTypes.map((type) => (
-                      <option key={type.value} value={type.value}>
-                        {type.label}
-                      </option>
-                    ))}
-                  </select>
-                </div>
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Status *</label>
-                  <select
-                    value={formData.status}
-                    onChange={(e) => setFormData({ ...formData, status: e.target.value })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                  >
-                    {statuses.map((status) => (
-                      <option key={status.value} value={status.value}>
-                        {status.label}
-                      </option>
-                    ))}
-                  </select>
-                </div>
-              </div>
-
-              <div className="grid grid-cols-3 gap-4">
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Start Time *</label>
-                  <input
-                    type="time"
-                    value={formData.start_time}
-                    onChange={(e) => setFormData({ ...formData, start_time: e.target.value })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                  />
-                </div>
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">End Time *</label>
-                  <input
-                    type="time"
-                    value={formData.end_time}
-                    onChange={(e) => setFormData({ ...formData, end_time: e.target.value })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    required
-                  />
-                </div>
-                <div>
-                  <label className="block text-sm font-semibold text-slate-700 mb-2">Break (minutes)</label>
-                  <input
-                    type="number"
-                    value={formData.break_duration_minutes}
-                    onChange={(e) => setFormData({ ...formData, break_duration_minutes: parseInt(e.target.value) || 30 })}
-                    className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                    min="0"
-                  />
-                </div>
-              </div>
-
-              <div>
-                <label className="block text-sm font-semibold text-slate-700 mb-2">Department</label>
-                <input
-                  type="text"
-                  value={formData.department}
-                  onChange={(e) => setFormData({ ...formData, department: e.target.value })}
-                  placeholder="e.g., reception, housekeeping"
-                  className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                />
-              </div>
-
-              <div>
-                <label className="block text-sm font-semibold text-slate-700 mb-2">Notes</label>
-                <textarea
-                  value={formData.notes}
-                  onChange={(e) => setFormData({ ...formData, notes: e.target.value })}
-                  className="w-full px-4 py-2 border-2 border-slate-200 rounded-xl focus:border-amber-400"
-                  rows={3}
-                />
-              </div>
-
-              <div className="flex gap-4 pt-4 border-t border-slate-200">
-                <button
-                  type="button"
-                  onClick={() => {
-                    setShowModal(false);
-                    resetForm();
-                  }}
-                  className="flex-1 px-6 py-3 bg-slate-100 text-slate-700 rounded-xl font-semibold hover:bg-slate-200 transition-colors"
-                >
-                  Cancel
-                </button>
-                <button
-                  type="submit"
-                  className="flex-1 px-6 py-3 bg-gradient-to-r from-amber-500 to-amber-600 text-white rounded-xl font-semibold hover:from-amber-600 hover:to-amber-700 transition-all"
-                >
-                  {editingShift ? 'Update Shift' : 'Create Shift'}
-                </button>
-              </div>
-            </form>
-          </div>
-        </div>
-      )}
-    </div>
-  );
-};
-
-export default StaffShiftManagementPage;
-
diff --git a/Frontend/src/routes/adminRoutes.tsx b/Frontend/src/routes/adminRoutes.tsx
index fdf00576..3c6055cf 100644
--- a/Frontend/src/routes/adminRoutes.tsx
+++ b/Frontend/src/routes/adminRoutes.tsx
@@ -29,6 +29,7 @@ const PackageManagementPage = lazy(() => import('../pages/admin/PackageManagemen
 const SecurityManagementPage = lazy(() => import('../pages/admin/SecurityManagementPage'));
 const EmailCampaignManagementPage = lazy(() => import('../pages/admin/EmailCampaignManagementPage'));
 const InvoicePage = lazy(() => import('../pages/customer/InvoicePage'));
+const StaffShiftDashboardPage = lazy(() => import('../pages/admin/StaffShiftDashboardPage'));
 
 const adminRoutes: RouteObject[] = [
   {
@@ -57,6 +58,7 @@ const adminRoutes: RouteObject[] = [
       { path: 'packages', element: <PackageManagementPage /> },
       { path: 'security', element: <SecurityManagementPage /> },
       { path: 'email-campaigns', element: <EmailCampaignManagementPage /> },
+      { path: 'shifts', element: <StaffShiftDashboardPage /> },
     ],
   },
 ];
diff --git a/Frontend/src/shared/components/SidebarAdmin.tsx b/Frontend/src/shared/components/SidebarAdmin.tsx
index f58c4771..c74b7065 100644
--- a/Frontend/src/shared/components/SidebarAdmin.tsx
+++ b/Frontend/src/shared/components/SidebarAdmin.tsx
@@ -153,8 +153,8 @@ const SidebarAdmin: React.FC<SidebarAdminProps> = ({
         },
         { 
           path: '/admin/shifts', 
-          icon: Calendar, 
-          label: 'Staff Shifts' 
+          icon: BarChart3, 
+          label: 'Shifts & Analytics' 
         },
       ]
     },