refactor: update serverless configuration and function definitions for Minglar service

- Renamed service from `minglarDev` to `minglar`. - Updated Prisma layer reference to use qualified ARN for better deployment handling. - Added new HTTP API endpoints for host management and onboarding processes. - Removed unnecessary patterns from the package configurations in `minglaradmin.yml` to streamline the deployment process.
feat: add Prisma layer build scripts and configuration for Lambda deployment
2025-12-05 13:17:48 +05:30 · 2025-11-30 12:17:20 +05:30 · 2025-11-30 11:30:10 +05:30 · 2025-11-29 20:42:56 +05:30 · 2025-11-29 19:45:43 +05:30 · 2025-11-29 19:39:28 +05:30
160 changed files with 3286 additions and 5179 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,44 +0,0 @@
 # Environment Configuration Template
 # Copy this file to .env.dev, .env.test, or .env.uat and fill in the values
 # Database
 DATABASE_URL=
 DB_USERNAME=
 DB_PASSWORD=
 DB_DATABASE_NAME=
 DB_HOSTNAME=
 DB_PORT=5432
 # Email Bypass (set to true for dev/test, false for production-like environments)
 BY_PASS_EMAIL=
 BYPASS_OTP=
 # Brevo Email Configuration
 BREVO_EMAIL_API_KEY=
 BREVO_API_BASEURL=https://api.brevo.com
 BREVO_FROM_EMAIL=
 BREVO_SMTP_HOST=smtp-relay.brevo.com
 BREVO_SMTP_PORT=587
 BREVO_SMTP_USER=
 BREVO_SMTP_PASS=
 # JWT Configuration
 REFRESH_TOKEN_SECRET=
 JWT_SECRET=
 JWT_ACCESS_EXPIRATION_MINUTES=30
 JWT_REFRESH_EXPIRATION_DAYS=7
 JWT_RESET_PASSWORD_EXPIRATION_MINUTES=15
 JWT_VERIFY_EMAIL_EXPIRATION_MINUTES=15
 # Security
 SALT_ROUNDS=
 NODE_ENV=
 # AWS S3
 S3_BUCKET_NAME=
 # Admin Configuration
 MINGLAR_ADMIN_NAME=
 MINGLAR_ADMIN_EMAIL=
 AM_INVITATION_LINK=
 HOST_LINK=
--- a/.gitignore
+++ b/.gitignore
@@ -40,15 +40,16 @@ lerna-debug.log*
 .env.test.local
 .env.production.local
 .env.local
 .env.dev
 .env.test
 .env.uat
 # temp
 .tmp
 .temp
 undefined/
 # tsx cache/temp directories
 **/tsx-*/
 **/temp/tsx-*
 # Runtime data
 pids
 *.pid
--- a/LAMBDA_OPTIMIZATION_GUIDE.md
+++ b/LAMBDA_OPTIMIZATION_GUIDE.md
@@ -1,490 +0,0 @@
 # AWS Lambda Bundle Size Optimization Guide
 ## Overview
 This guide documents how to optimize AWS Lambda function bundle sizes when using:
 - **Serverless Framework v4** (with built-in esbuild)
 - **Prisma ORM** (with driver adapters)
 - **NestJS** or any Node.js framework
 ## Problem
 Lambda functions can become bloated (25+ MB) due to:
 1. **Prisma binary engines** (~50MB uncompressed)
 2. **AWS SDK v3** being bundled (~5-10MB)
 3. **Dependencies copied to node_modules** instead of being bundled
 ## Solution Architecture
 ```
 ┌─────────────────────────────────────────────────────────┐
 │                    Lambda Function                       │
 │  ┌─────────────────────────────────────────────────┐    │
 │  │  Your Code (bundled by esbuild)     ~50-500 KB  │    │
 │  └─────────────────────────────────────────────────┘    │
 │                         │                                │
 │                         ▼                                │
 │  ┌─────────────────────────────────────────────────┐    │
 │  │  Prisma Layer (shared)              ~15 MB      │    │
 │  │  - @prisma/client                               │    │
 │  │  - @prisma/adapter-pg                           │    │
 │  │  - .prisma/client (generated)                   │    │
 │  │  - pg driver                                    │    │
 │  └─────────────────────────────────────────────────┘    │
 │                         │                                │
 │                         ▼                                │
 │  ┌─────────────────────────────────────────────────┐    │
 │  │  AWS Lambda Runtime                             │    │
 │  │  - AWS SDK v3 (built-in for Node.js 18+)        │    │
 │  └─────────────────────────────────────────────────┘    │
 └─────────────────────────────────────────────────────────┘
 ```
 ---
 ## Step-by-Step Setup
 ### 1. Project Structure
 ```
 your-project/
 ├── serverless.yml
 ├── package.json
 ├── prisma/
 │   └── schema.prisma
 ├── layers/
 │   └── prisma/
 │       └── nodejs/
 │           └── package.json
 ├── src/
 │   └── ... your code
 └── build-prisma-layer.ps1  (or .sh for Linux/Mac)
 ```
 ### 2. Prisma Schema Configuration
 **`prisma/schema.prisma`**
 ```prisma
 generator client {
  provider        = "prisma-client-js"
  // For Prisma 7+ with driver adapters, no binary targets needed
  // The WASM-based query engine is used automatically
 }
 datasource db {
  provider = "postgresql"
  url      = env("DATABASE_URL")
 }
 ```
 > **Note**: Prisma 7+ uses WASM-based query compiler instead of binary engines when using driver adapters, which is much smaller.
 ### 3. Layer Package.json
 **`layers/prisma/nodejs/package.json`**
 ```json
 {
  "name": "prisma-layer",
  "version": "1.0.0",
  "description": "Lambda layer for Prisma with pg driver adapter",
  "dependencies": {
    "@prisma/client": "^7.0.0",
    "@prisma/adapter-pg": "^7.0.0",
    "pg": "^8.13.0"
  }
 }
 ```
 ### 4. Serverless Configuration
 **`serverless.yml`**
 ```yaml
 service: your-service-name
 provider:
  name: aws
  runtime: nodejs22.x
  region: your-region
  memorySize: 512
  # Apply Prisma layer to ALL functions
  layers:
    - !Ref PrismaLambdaLayer
  environment:
    DATABASE_URL: ${env:DATABASE_URL}
    # ... other env vars
 # esbuild configuration (Serverless v4 built-in)
 build:
  esbuild:
    bundle: true
    minify: true
    sourcemap: false
    target: node20
    platform: node
    # Mark packages as external (not bundled into JS)
    external:
      - '@prisma/client'
      - '@prisma/adapter-pg'
      - '.prisma/client'
      - '.prisma'
      - 'pg'
      - '@aws-sdk/*'
      - '@smithy/*'
      - '@aws-crypto/*'
    # Exclude from npm install in zip (CRITICAL!)
    exclude:
      - 'aws-sdk'
      - '@aws-sdk/*'
      - '@smithy/*'
      - '@aws-crypto/*'
      - '@prisma/client'
      - '@prisma/adapter-pg'
      - '.prisma'
      - '.prisma/client'
      - 'pg'
      - 'pg-*'
      - 'postgres-*'
      - 'pgpass'
      - 'split2'
      - 'xtend'
 # Define the Prisma layer
 layers:
  prisma:
    path: layers/prisma
    name: ${self:service}-prisma-layer-${sls:stage}
    description: Prisma client with pg driver adapter
    compatibleRuntimes:
      - nodejs22.x
    retain: false
 # Package configuration
 package:
  individually: true
  patterns:
    - '!node_modules/**'
    - '!node_modules/@prisma/**'
    - '!node_modules/.prisma/**'
    - '!**/*.test.js'
    - '!**/*.spec.js'
    - '!**/test/**'
    - '!**/__tests__/**'
    - '!package-lock.json'
    - '!yarn.lock'
    - '!README.md'
    - '!.git/**'
 functions:
  myFunction:
    handler: src/handlers/myHandler.handler
    events:
      - httpApi:
          path: /my-endpoint
          method: get
 plugins:
  - serverless-offline
 ```
 ### 5. Build Script for Prisma Layer
 **Windows (PowerShell) - `build-prisma-layer.ps1`**
 ```powershell
 # Build Prisma Lambda Layer
 $layerPath = "layers\prisma\nodejs"
 Write-Host "Building Prisma Lambda Layer..." -ForegroundColor Cyan
 # 1. Clean existing node_modules in layer
 Write-Host "Cleaning layer node_modules..."
 if (Test-Path "$layerPath\node_modules") {
    Remove-Item -Recurse -Force "$layerPath\node_modules"
 }
 # 2. Install dependencies in layer
 Write-Host "Installing layer dependencies..."
 Push-Location $layerPath
 npm install --omit=dev
 Pop-Location
 # 3. Generate Prisma client
 Write-Host "Generating Prisma client..."
 npx prisma generate
 # 4. Copy .prisma/client to layer
 Write-Host "Copying generated Prisma client to layer..."
 $sourcePrisma = "node_modules\.prisma"
 $destPrisma = "$layerPath\node_modules\.prisma"
 if (Test-Path $sourcePrisma) {
    if (Test-Path $destPrisma) {
        Remove-Item -Recurse -Force $destPrisma
    }
    Copy-Item -Recurse $sourcePrisma $destPrisma
    Write-Host "Copied .prisma/client successfully!" -ForegroundColor Green
 } else {
    Write-Host "ERROR: .prisma folder not found. Run 'npx prisma generate' first." -ForegroundColor Red
    exit 1
 }
 # 5. Show layer size
 $layerSize = (Get-ChildItem "$layerPath\node_modules" -Recurse | Measure-Object -Property Length -Sum).Sum / 1MB
 Write-Host "`nTotal layer size: $([math]::Round($layerSize, 2)) MB" -ForegroundColor Yellow
 Write-Host "Prisma layer built successfully!" -ForegroundColor Green
 ```
 **Linux/Mac (Bash) - `build-prisma-layer.sh`**
 ```bash
 #!/bin/bash
 set -e
 LAYER_PATH="layers/prisma/nodejs"
 echo "Building Prisma Lambda Layer..."
 # 1. Clean existing node_modules in layer
 echo "Cleaning layer node_modules..."
 rm -rf "$LAYER_PATH/node_modules"
 # 2. Install dependencies in layer
 echo "Installing layer dependencies..."
 cd "$LAYER_PATH"
 npm install --omit=dev
 cd -
 # 3. Generate Prisma client
 echo "Generating Prisma client..."
 npx prisma generate
 # 4. Copy .prisma/client to layer
 echo "Copying generated Prisma client to layer..."
 if [ -d "node_modules/.prisma" ]; then
    rm -rf "$LAYER_PATH/node_modules/.prisma"
    cp -r "node_modules/.prisma" "$LAYER_PATH/node_modules/.prisma"
    echo "Copied .prisma/client successfully!"
 else
    echo "ERROR: .prisma folder not found. Run 'npx prisma generate' first."
    exit 1
 fi
 # 5. Show layer size
 LAYER_SIZE=$(du -sm "$LAYER_PATH/node_modules" | cut -f1)
 echo "Total layer size: ${LAYER_SIZE} MB"
 echo "Prisma layer built successfully!"
 ```
 ### 6. Prisma Client Usage
 **`src/common/database/prisma.client.ts`**
 ```typescript
 import { PrismaClient } from '@prisma/client';
 import { PrismaPg } from '@prisma/adapter-pg';
 import { Pool } from 'pg';
 // Connection pool for serverless
 const pool = new Pool({
  connectionString: process.env.DATABASE_URL,
  max: 5, // Limit connections in Lambda
 });
 const adapter = new PrismaPg(pool);
 // Single instance for Lambda warm starts
 let prisma: PrismaClient;
 export function getPrismaClient(): PrismaClient {
  if (!prisma) {
    prisma = new PrismaClient({
      adapter,
      log: process.env.NODE_ENV === 'development' ? ['query', 'error', 'warn'] : ['error'],
    });
  }
  return prisma;
 }
 export { prisma };
 ```
 ---
 ## Deployment Workflow
 ```bash
 # 1. Build the Prisma layer (run after schema changes)
 ./build-prisma-layer.ps1   # Windows
 # or
 ./build-prisma-layer.sh    # Linux/Mac
 # 2. Deploy
 npx serverless deploy --stage=dev
 # 3. Deploy single function (faster, uses existing layer)
 npx serverless deploy function -f myFunction --stage=dev
 ```
 ---
 ## Key Configuration Explained
 ### esbuild `external` vs `exclude`
 | Property | Purpose |
 |----------|---------|
 | `external` | Tells esbuild NOT to bundle these into the JS file. They become `require()` calls. |
 | `exclude` | Tells Serverless NOT to `npm install` these packages into the function zip. |
 **Both are required!** 
 - `external` alone = esbuild doesn't bundle, but Serverless still installs to node_modules
 - `exclude` alone = Serverless doesn't install, but esbuild bundles the code
 ### Layer Reference
 ```yaml
 # This creates a CloudFormation reference to the layer defined in the same stack
 layers:
  - !Ref PrismaLambdaLayer
 ```
 The `PrismaLambdaLayer` name comes from the layer key (`prisma`) converted to PascalCase + `LambdaLayer`.
 ### Why Exclude pg-* packages?
 When `pg` is external, its dependencies still get installed:
 - `pg-connection-string`
 - `pg-pool`
 - `pg-protocol`
 - `pg-types`
 - etc.
 These must all be in the `exclude` list to prevent duplication.
 ---
 ## Expected Results
 | Function Type | Before | After |
 |---------------|--------|-------|
 | Simple handlers | 25+ MB | **50-100 kB** |
 | With validation (zod/yup) | 25+ MB | **300-500 kB** |
 | With S3 uploads | 30+ MB | **1-2 MB** |
 ---
 ## Troubleshooting
 ### 1. "Cannot find module '@prisma/client'"
 **Cause**: Layer doesn't have the generated `.prisma/client`
 **Fix**: Run `build-prisma-layer.ps1` to regenerate the layer
 ### 2. Function size still large
 **Debug**: Extract and inspect the zip:
 ```powershell
 Expand-Archive ".serverless\build\your-function.zip" -DestinationPath "extracted"
 Get-ChildItem "extracted\node_modules" -Directory
 ```
 If you see `@prisma` or `pg` folders, the `exclude` config isn't working.
 ### 3. "Cannot resolve CloudFormation reference"
 **Cause**: Using `${cf:...}` reference before first deploy
 **Fix**: Use `!Ref PrismaLambdaLayer` instead (works on first deploy)
 ### 4. Cold starts still slow
 Consider:
 - **Provisioned Concurrency**: Pre-warm instances
 - **Reduce memory**: Sometimes lower memory = same speed, lower cost
 - **Connection pooling**: Use tools like PgBouncer for RDS
 ---
 ## Additional Optimizations
 ### 1. Remove duplicate validation libraries
 Pick ONE of: `zod`, `yup`, or `class-validator`. Don't use all three.
 ### 2. Tree-shake NestJS
 If not using full NestJS, import only what you need:
 ```typescript
 // Instead of
 import { Controller, Get } from '@nestjs/common';
 // For Lambda handlers, you might not need NestJS at all
 ```
 ### 3. Use AWS SDK v3 selectively
 ```yaml
 external:
  - '@aws-sdk/*'  # Exclude all
 ```
 Then in code:
 ```typescript
 // AWS SDK v3 is available in Lambda runtime (Node.js 18+)
 import { S3Client } from '@aws-sdk/client-s3';
 ```
 ---
 ## Quick Reference
 ```yaml
 # Minimal serverless.yml for Prisma + Lambda optimization
 build:
  esbuild:
    bundle: true
    minify: true
    external:
      - '@prisma/client'
      - '@prisma/adapter-pg'
      - '.prisma/client'
      - '.prisma'
      - 'pg'
      - '@aws-sdk/*'
    exclude:
      - '@prisma/client'
      - '@prisma/adapter-pg'
      - '.prisma'
      - '.prisma/client'
      - 'pg'
      - 'pg-*'
      - 'postgres-*'
      - 'pgpass'
      - 'split2'
      - 'xtend'
      - '@aws-sdk/*'
 layers:
  prisma:
    path: layers/prisma
    name: ${self:service}-prisma-${sls:stage}
    compatibleRuntimes:
      - nodejs22.x
 provider:
  layers:
    - !Ref PrismaLambdaLayer
 ```
 ---
 ## Version Compatibility
 | Tool | Tested Version |
 |------|----------------|
 | Serverless Framework | v4.x |
 | Prisma | v7.x |
 | Node.js | 20.x, 22.x |
 | AWS Lambda Runtime | nodejs20.x, nodejs22.x |
 ---
 *Last updated: December 2025*
--- a/build-prisma-layer.ps1
+++ b/build-prisma-layer.ps1
@@ -1,51 +1,46 @@
-# Build Prisma Lambda Layer
+# build-prisma-layer.ps1
-# Run this script before deploying to ensure the layer has the generated client
+# Script to rebuild the Prisma layer for Lambda deployment
 # Usage: .\build-prisma-layer.ps1
-$layerPath = "layers\prisma\nodejs"
+$ErrorActionPreference = "Stop"
-Write-Host "Building Prisma Lambda Layer..." -ForegroundColor Cyan
+$projectRoot = Split-Path -Parent $MyInvocation.MyCommand.Path
 $layerPath = Join-Path $projectRoot "layers\prisma\nodejs"
 $nodeModulesPath = Join-Path $layerPath "node_modules"
-# 1. Clean existing node_modules in layer
+Write-Host "🔄 Building Prisma layer for Lambda..." -ForegroundColor Cyan
 Write-Host "Cleaning layer node_modules..."
 if (Test-Path "$layerPath\node_modules") {
    Remove-Item -Recurse -Force "$layerPath\node_modules"
 }
-# 2. Install dependencies in layer
+# Step 1: Regenerate Prisma client
-Write-Host "Installing layer dependencies..."
+Write-Host "📦 Regenerating Prisma client..." -ForegroundColor Yellow
-Push-Location $layerPath
+Push-Location $projectRoot
-npm install --omit=dev
+npx prisma generate
 Pop-Location
-# 3. Generate Prisma client into the layer
+# Step 2: Clean layer node_modules
-Write-Host "Generating Prisma client into layer..."
+Write-Host "🧹 Cleaning layer node_modules..." -ForegroundColor Yellow
-# Set the output directory for Prisma client
+if (Test-Path $nodeModulesPath) {
-$env:PRISMA_GENERATE_DATAPROXY = "false"
+    Remove-Item -Recurse -Force $nodeModulesPath
 # Generate client - this creates .prisma/client
 npx prisma generate
 # 4. Copy .prisma/client to layer
 Write-Host "Copying generated Prisma client to layer..."
 $sourcePrisma = "node_modules\.prisma"
 $destPrisma = "$layerPath\node_modules\.prisma"
 if (Test-Path $sourcePrisma) {
    if (Test-Path $destPrisma) {
        Remove-Item -Recurse -Force $destPrisma
    }
    Copy-Item -Recurse $sourcePrisma $destPrisma
    Write-Host "Copied .prisma/client successfully!" -ForegroundColor Green
 } else {
    Write-Host "ERROR: .prisma folder not found. Run 'npx prisma generate' first." -ForegroundColor Red
    exit 1
 }
-# 5. Show layer size
+# Step 3: Install layer dependencies
-Write-Host "`nLayer contents:"
+Write-Host "📥 Installing layer dependencies..." -ForegroundColor Yellow
-Get-ChildItem "$layerPath\node_modules" -Directory | Select-Object Name
+Push-Location $layerPath
-$layerSize = (Get-ChildItem "$layerPath\node_modules" -Recurse | Measure-Object -Property Length -Sum).Sum / 1MB
+npm install --production
-Write-Host "`nTotal layer size: $([math]::Round($layerSize, 2)) MB" -ForegroundColor Yellow
+Pop-Location
-Write-Host "`nPrisma layer built successfully!" -ForegroundColor Green
+# Step 4: Copy generated Prisma client to layer
-Write-Host "Run 'serverless deploy' to deploy with the updated layer."
+Write-Host "📋 Copying generated Prisma client to layer..." -ForegroundColor Yellow
 $sourcePrisma = Join-Path $projectRoot "node_modules\.prisma\client"
 $destPrisma = Join-Path $nodeModulesPath ".prisma\client"
 New-Item -ItemType Directory -Force -Path (Split-Path $destPrisma) | Out-Null
 Copy-Item -Path $sourcePrisma -Destination $destPrisma -Recurse -Force
 # Step 5: Calculate layer size
 $layerSize = (Get-ChildItem -Path $layerPath -Recurse -File | Measure-Object -Property Length -Sum).Sum / 1MB
 Write-Host "✅ Layer built successfully!" -ForegroundColor Green
 Write-Host "📊 Layer size: $([math]::Round($layerSize, 2)) MB" -ForegroundColor Cyan
 # List contents
 Write-Host "`n📁 Layer contents:" -ForegroundColor Cyan
 Get-ChildItem $nodeModulesPath -Directory | ForEach-Object { Write-Host "   - $($_.Name)" }
--- a/build-prisma-layer.sh
+++ b/build-prisma-layer.sh
@@ -0,0 +1,40 @@
 #!/bin/bash
 # build-prisma-layer.sh
 # Script to rebuild the Prisma layer for Lambda deployment
 # Usage: ./build-prisma-layer.sh
 set -e
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 LAYER_PATH="$SCRIPT_DIR/layers/prisma/nodejs"
 echo "🔄 Building Prisma layer for Lambda..."
 # Step 1: Regenerate Prisma client
 echo "📦 Regenerating Prisma client..."
 cd "$SCRIPT_DIR"
 npx prisma generate
 # Step 2: Clean layer node_modules
 echo "🧹 Cleaning layer node_modules..."
 rm -rf "$LAYER_PATH/node_modules"
 # Step 3: Install layer dependencies
 echo "📥 Installing layer dependencies..."
 cd "$LAYER_PATH"
 npm install --production
 # Step 4: Copy generated Prisma client to layer
 echo "📋 Copying generated Prisma client to layer..."
 mkdir -p "$LAYER_PATH/node_modules/.prisma"
 cp -r "$SCRIPT_DIR/node_modules/.prisma/client" "$LAYER_PATH/node_modules/.prisma/client"
 # Step 5: Calculate layer size
 LAYER_SIZE=$(du -sh "$LAYER_PATH" | cut -f1)
 echo "✅ Layer built successfully!"
 echo "📊 Layer size: $LAYER_SIZE"
 # List contents
 echo ""
 echo "📁 Layer contents:"
 ls -d "$LAYER_PATH/node_modules"/*/ 2>/dev/null | xargs -n 1 basename | sed 's/^/   - /'
--- a/layers/prisma/nodejs/package-lock.json
+++ b/layers/prisma/nodejs/package-lock.json
@@ -10,8 +10,7 @@
      "dependencies": {
        "@prisma/adapter-pg": "^7.0.1",
        "@prisma/client": "^7.0.1",
-        "pg": "^8.13.0",
+        "pg": "^8.13.0"
        "zod": "^4.1.12"
      }
    },
    "node_modules/@prisma/adapter-pg": {
@@ -224,15 +223,6 @@
      "engines": {
        "node": ">=0.4"
      }
    },
    "node_modules/zod": {
      "version": "4.1.13",
      "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.13.tgz",
      "integrity": "sha512-AvvthqfqrAhNH9dnfmrfKzX5upOdjUVJYFqNSlkmGf64gRaTzlPwz99IHYnVs28qYAybvAlBV+H7pn0saFY4Ig==",
      "license": "MIT",
      "funding": {
        "url": "https://github.com/sponsors/colinhacks"
      }
    }
  }
 }
--- a/layers/prisma/nodejs/package.json
+++ b/layers/prisma/nodejs/package.json
@@ -1,11 +1,10 @@
 {
  "name": "prisma-layer",
  "version": "1.0.0",
-  "description": "Lambda layer for Prisma 7 with pg driver adapter and zod",
+  "description": "Lambda layer for Prisma 7 with pg driver adapter",
  "dependencies": {
    "@prisma/client": "^7.0.1",
    "@prisma/adapter-pg": "^7.0.1",
-    "pg": "^8.13.0",
+    "pg": "^8.13.0"
    "zod": "^4.1.12"
  }
 }
--- a/package-lock.json
+++ b/package-lock.json
@@ -46,7 +46,7 @@
        "prisma": "^7.0.1",
        "reflect-metadata": "^0.1.13",
        "rxjs": "^7.8.1",
-        "serverless": "4.24.0",
+        "serverless": "4.17.0",
        "swagger-ui-express": "^5.0.0",
        "tslib": "^2.8.1",
        "uuid": "^13.0.0",
@@ -14467,12 +14467,12 @@
      }
    },
    "node_modules/serverless": {
-      "version": "4.24.0",
+      "version": "4.17.0",
-      "resolved": "https://registry.npmjs.org/serverless/-/serverless-4.24.0.tgz",
+      "resolved": "https://registry.npmjs.org/serverless/-/serverless-4.17.0.tgz",
-      "integrity": "sha512-bgxFQ6QyOGJC9IZjZIXo4m6bdWMl9I7HNZ4jrmwSpdePdsRd46igGRpSnhdYFOc71GNplhSOeoCibL94yCHfrg==",
+      "integrity": "sha512-hoZmipwyN/h7y9HwkWGlJ0YT06RFq7WNOD7fFEiPfnSnnUMVTzeNHq2BRrUlpHhf5s9srCHDc2wx5I06acfq1Q==",
      "hasInstallScript": true,
      "dependencies": {
-        "axios": "^1.12.1",
+        "axios": "^1.8.3",
        "axios-proxy-builder": "^0.1.2",
        "rimraf": "^5.0.5",
        "xml2js": "0.6.2"
--- a/package.json
+++ b/package.json
@@ -23,7 +23,9 @@
    "prisma:migrate": "prisma migrate dev",
    "prisma:studio": "prisma studio",
    "prisma:seed": "ts-node prisma/seed.ts",
-    "seeder": "tsx prisma/seed.ts"
+    "seeder": "tsx prisma/seed.ts",
    "build:layer": "powershell -ExecutionPolicy Bypass -File ./build-prisma-layer.ps1",
    "build:layer:unix": "chmod +x ./build-prisma-layer.sh && ./build-prisma-layer.sh"
  },
  "dependencies": {
    "@aws-crypto/crc32c": "^5.2.0",
@@ -63,7 +65,7 @@
    "prisma": "^7.0.1",
    "reflect-metadata": "^0.1.13",
    "rxjs": "^7.8.1",
-    "serverless": "4.24.0",
+    "serverless": "4.17.0",
    "swagger-ui-express": "^5.0.0",
    "tslib": "^2.8.1",
    "uuid": "^13.0.0",
--- a/prisma/prisma.ts
+++ b/prisma/prisma.ts
@@ -1,8 +1,8 @@
 // prisma.ts
-// Re-export from the main singleton for consistency
+import { PrismaClient } from '@prisma/client';
 import { prisma } from '../src/common/database/prisma.client';
-export { prisma };
+// The DATABASE_URL environment variable will be automatically used
 export const prisma = new PrismaClient();
 process.on('SIGINT', async () => {
  await prisma.$disconnect();
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -1,7 +1,7 @@
 generator client {
-  provider        = "prisma-client-js"
+  provider = "prisma-client-js"
-  binaryTargets   = ["native", "rhel-openssl-3.0.x"] // Add Linux target
+  // No binaryTargets or previewFeatures needed - Prisma 7 uses JS-based driver adapters (no native engines)
-  previewFeatures = ["multiSchema"]
+  // multiSchema and driverAdapters are now stable features
 }
 datasource db {
@@ -66,7 +66,6 @@ model User {
  friendOf               Friends[]                @relation("FriendUser")
  userAddressDetails     UserAddressDetails[]
  userDocuments          UserDocuments[]
  activityTracks         ActivityTrack[]
  @@map("users")
  @@schema("usr")
@@ -406,15 +405,12 @@ model FoodCuisines {
 }
 model CompanyTypes {
-  id              Int          @id @default(autoincrement())
+  id              Int       @id @default(autoincrement())
-  companyTypeName String       @unique @map("company_type_name") @db.VarChar(100)
+  companyTypeName String    @unique @map("company_type_name") @db.VarChar(30)
-  displayOrder    Int          @map("display_order")
+  isActive        Boolean   @default(true) @map("is_active")
-  isActive        Boolean      @default(true) @map("is_active")
+  createdAt       DateTime  @default(now()) @map("created_at")
-  createdAt       DateTime     @default(now()) @map("created_at")
+  updatedAt       DateTime  @updatedAt @map("updated_at")
-  updatedAt       DateTime     @updatedAt @map("updated_at")
+  deletedAt       DateTime? @map("deleted_at")
  deletedAt       DateTime?    @map("deleted_at")
  hostHeaders     HostHeader[]
  hostParents     HostParent[]
  @@map("company_types")
  @@schema("mst")
@@ -668,13 +664,12 @@ model HostHeader {
  panNumber               String?           @map("pan_number") @db.VarChar(30)
  gstNumber               String?           @map("gst_number") @db.VarChar(30)
  formationDate           DateTime?         @map("formation_date")
-  companyTypeXid          Int?              @map("company_type_xid")
+  companyType             String?           @map("company_type") @db.VarChar(30)
-  companyTypes            CompanyTypes?     @relation(fields: [companyTypeXid], references: [id], onDelete: Restrict)
+  websiteUrl              String?           @map("website_url") @db.VarChar(50)
-  websiteUrl              String?           @map("website_url") @db.VarChar(250)
+  instagramUrl            String?           @map("instagram_url") @db.VarChar(80)
-  instagramUrl            String?           @map("instagram_url") @db.VarChar(250)
+  facebookUrl             String?           @map("facebook_url") @db.VarChar(80)
-  facebookUrl             String?           @map("facebook_url") @db.VarChar(250)
+  linkedinUrl             String?           @map("linkedin_url") @db.VarChar(80)
-  linkedinUrl             String?           @map("linkedin_url") @db.VarChar(250)
+  twitterUrl              String?           @map("twitter_url") @db.VarChar(80)
  twitterUrl              String?           @map("twitter_url") @db.VarChar(250)
  currencyXid             Int?              @map("currency_xid")
  currencies              Currencies?       @relation(fields: [currencyXid], references: [id], onDelete: Restrict)
  stepper                 Int?              @default(1) @map("stepper")
@@ -696,7 +691,6 @@ model HostHeader {
  amountPerBooking        Int?              @map("amount_per_booking")
  payoutDurationNum       Int?              @map("payout_duration_num")
  payoutDurationFrequency String?           @map("payout_duration_frequency") @db.VarChar(20)
  referencedBy            String?           @default("null") @map("referenced_by") @db.VarChar(100)
  isActive                Boolean           @default(true) @map("is_active")
  createdAt               DateTime          @default(now()) @map("created_at")
  updatedAt               DateTime          @updatedAt @map("updated_at")
@@ -786,17 +780,17 @@ model HostParent {
  countries            Countries?             @relation(fields: [countryXid], references: [id], onDelete: Restrict)
  pinCode              String?                @map("pin_code") @db.VarChar(30)
  logoPath             String?                @map("logo_path") @db.VarChar(400)
  isSubsidairy         Boolean                @default(false) @map("is_subsidairy")
  registrationNumber   String?                @map("registration_number") @db.VarChar(30)
  panNumber            String?                @map("pan_number") @db.VarChar(30)
  gstNumber            String?                @map("gst_number") @db.VarChar(30)
  formationDate        DateTime?              @map("formation_date")
-  companyTypeXid       Int?                   @map("company_type_xid")
+  companyType          String?                @map("company_type") @db.VarChar(30)
-  companyTypes         CompanyTypes?          @relation(fields: [companyTypeXid], references: [id], onDelete: Restrict)
+  websiteUrl           String?                @map("website_url") @db.VarChar(80)
-  websiteUrl           String?                @map("website_url") @db.VarChar(250)
+  instagramUrl         String?                @map("instagram_url") @db.VarChar(80)
-  instagramUrl         String?                @map("instagram_url") @db.VarChar(250)
+  facebookUrl          String?                @map("facebook_url") @db.VarChar(80)
-  facebookUrl          String?                @map("facebook_url") @db.VarChar(250)
+  linkedinUrl          String?                @map("linkedin_url") @db.VarChar(80)
-  linkedinUrl          String?                @map("linkedin_url") @db.VarChar(250)
+  twitterUrl           String?                @map("twitter_url") @db.VarChar(80)
  twitterUrl           String?                @map("twitter_url") @db.VarChar(250)
  isActive             Boolean                @default(true) @map("is_active")
  createdAt            DateTime               @default(now()) @map("created_at")
  updatedAt            DateTime               @updatedAt @map("updated_at")
@@ -910,7 +904,6 @@ model Activities {
  ActivityEquipmentTaxes        ActivityEquipmentTaxes[]
  ScheduleHeader                ScheduleHeader[]
  ItineraryActivities           ItineraryActivities[]
  activityTracks                ActivityTrack[]
  @@map("activities")
  @@schema("act")
@@ -935,25 +928,6 @@ model ActivityOtherDetails {
  @@schema("act")
 }
 model ActivityTrack {
  id            Int        @id @default(autoincrement())
  activityXid   Int        @map("activity_xid")
  activity      Activities @relation(fields: [activityXid], references: [id], onDelete: Cascade)
  trackType     String?    @default("PQQ") @map("track_type")
  updatedByRole String?    @map("updated_by_role")
  trackStatus   String?    @map("track_status")
  updatedByXid  Int?       @map("updated_by_xid")
  user          User?      @relation(fields: [updatedByXid], references: [id], onDelete: Cascade)
  updatedOn     DateTime?  @map("updated_on")
  isActive      Boolean    @default(true) @map("is_active")
  createdAt     DateTime   @default(now()) @map("created_at")
  updatedAt     DateTime   @updatedAt @map("updated_at")
  deletedAt     DateTime?  @map("deleted_at")
  @@map("activity_track")
  @@schema("act")
 }
 model ActivitiesMedia {
  id            Int        @id @default(autoincrement())
  activityXid   Int        @map("activity_xid")
@@ -1141,8 +1115,8 @@ model ActivityPQQheader {
  activity               Activities               @relation(fields: [activityXid], references: [id], onDelete: Cascade)
  pqqQuestionXid         Int                      @map("pqq_question_xid")
  pqqQuestions           PQQQuestions             @relation(fields: [pqqQuestionXid], references: [id], onDelete: Restrict)
-  pqqAnswerXid           Int?                     @map("pqq_answer_xid")
+  pqqAnswerXid           Int                      @map("pqq_answer_xid")
-  pqqAnswers             PQQAnswers?              @relation(fields: [pqqAnswerXid], references: [id], onDelete: Restrict)
+  pqqAnswers             PQQAnswers               @relation(fields: [pqqAnswerXid], references: [id], onDelete: Restrict)
  comments               String?                  @map("comments") @db.VarChar(200)
  isActive               Boolean                  @default(true) @map("is_active")
  createdAt              DateTime                 @default(now()) @map("created_at")
--- a/prisma/seed.ts
+++ b/prisma/seed.ts
@@ -1,10 +1,6 @@
 import { PrismaClient } from '@prisma/client';
 import { PrismaPg } from '@prisma/adapter-pg';
 import 'dotenv/config';
-const prisma = new PrismaClient({
+const prisma = new PrismaClient();
    adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL }),
 });
 async function main() {
    // ✅ Countries
@@ -33,46 +29,11 @@ async function main() {
        update: {},
        create: { countryXid: india.id, stateName: 'Maharashtra' },
    });
    const uttarpradesh = await prisma.states.upsert({
        where: { stateName: 'Uttar-Pradesh' },
        update: {},
        create: { countryXid: india.id, stateName: 'Uttar-Pradesh' },
    });
    const Rajasthan = await prisma.states.upsert({
        where: { stateName: 'Rajasthan' },
        update: {},
        create: { countryXid: india.id, stateName: 'Rajasthan' },
    });
    const Uttarakhand = await prisma.states.upsert({
        where: { stateName: 'Uttarakhand' },
        update: {},
        create: { countryXid: india.id, stateName: 'Uttarakhand' },
    });
    const HimachalPradesh = await prisma.states.upsert({
        where: { stateName: 'Himachal Pradesh' },
        update: {},
        create: { countryXid: india.id, stateName: 'Himachal Pradesh' },
    });
    const Gujrat = await prisma.states.upsert({
        where: { stateName: 'Gujrat' },
        update: {},
        create: { countryXid: india.id, stateName: 'Gujrat' },
    });
    // ✅ Cities
    await prisma.cities.createMany({
        data: [
            { stateXid: maharashtra.id, cityName: 'Mumbai' },
            { stateXid: uttarpradesh.id, cityName: 'Azamgarh' },
            { stateXid: uttarpradesh.id, cityName: 'Lucknow' },
            { stateXid: uttarpradesh.id, cityName: 'Prayagraj' },
            { stateXid: Rajasthan.id, cityName: 'Jaipur' },
            { stateXid: Rajasthan.id, cityName: 'Jaisalmer' },
            { stateXid: Uttarakhand.id, cityName: 'Haridwar' },
            { stateXid: HimachalPradesh.id, cityName: 'Manali' },
            { stateXid: Gujrat.id, cityName: 'Surat' },
            { stateXid: Gujrat.id, cityName: 'Ahemdabad' },
            { stateXid: Gujrat.id, cityName: 'Rajkot' },
        ],
        skipDuplicates: true,
    });
@@ -91,21 +52,6 @@ async function main() {
        update: {},
        create: { countryXid: india.id, bankName: 'HDFC Bank' },
    });
    const indianBank = await prisma.banks.upsert({
        where: { bankName: 'Indian Bank' },
        update: {},
        create: { countryXid: india.id, bankName: 'Indian Bank' },
    });
    const Kotak = await prisma.banks.upsert({
        where: { bankName: 'Kotak Bank' },
        update: {},
        create: { countryXid: india.id, bankName: 'Kotak Bank' },
    });
    const BOI = await prisma.banks.upsert({
        where: { bankName: 'Bank of India' },
        update: {},
        create: { countryXid: india.id, bankName: 'Bank of India' },
    });
    // ✅ Bank Branches
    await prisma.bankBranches.createMany({
@@ -117,27 +63,6 @@ async function main() {
                branchAddress: 'HDFC Fort Branch, Mumbai',
                ifscCode: 'HDFC0001234',
            },
            {
                bankXid: indianBank.id,
                stateXid: maharashtra.id,
                cityXid: (await prisma.cities.findFirst({ where: { cityName: 'Mumbai' } }))!.id,
                branchAddress: 'Indian Bank Fort Branch, Mumbai',
                ifscCode: 'IDIB0001234',
            },
            {
                bankXid: Kotak.id,
                stateXid: Uttarakhand.id,
                cityXid: (await prisma.cities.findFirst({ where: { cityName: 'Haridwar' } }))!.id,
                branchAddress: 'Kotak Fort Branch, Mumbai',
                ifscCode: 'KTB0001234',
            },
            {
                bankXid: BOI.id,
                stateXid: uttarpradesh.id,
                cityXid: (await prisma.cities.findFirst({ where: { cityName: 'Azamgarh' } }))!.id,
                branchAddress: 'Bank of India Fort Branch, Mumbai',
                ifscCode: 'BOI0001234',
            },
        ],
        skipDuplicates: true,
    });
@@ -149,51 +74,35 @@ async function main() {
        create: { interestName: 'Chill and Zen', displayOrder: 1 },
    });
    const sweatmode = await prisma.interests.upsert({
-        where: { interestName: 'Sweat Mode On' },
+        where: { interestName: 'Sweat Mode' },
        update: {},
-        create: { interestName: 'Sweat Mode On', displayOrder: 2 },
+        create: { interestName: 'Sweat Mode', displayOrder: 2 },
    });
-    const trackracer = await prisma.interests.upsert({
+    const gameon = await prisma.interests.upsert({
-        where: { interestName: 'Track Racer' },
+        where: { interestName: 'Game On' },
        update: {},
-        create: { interestName: 'Track Racer', displayOrder: 3 },
+        create: { interestName: 'Game On', displayOrder: 3 },
    });
    const circuitracer = await prisma.interests.upsert({
        where: { interestName: 'Circuit Racer' },
        update: {},
        create: { interestName: 'Circuit Racer', displayOrder: 4 },
    });
    const thermalGliding = await prisma.interests.upsert({
        where: { interestName: 'Thermal Gliding' },
        update: {},
        create: { interestName: 'Thermal Gliding', displayOrder: 5 },
    });
    const partycentral = await prisma.interests.upsert({
        where: { interestName: 'Party Central' },
        update: {},
-        create: { interestName: 'Party Central', displayOrder: 6 },
+        create: { interestName: 'Party Central', displayOrder: 4 },
    });
-    const aqua = await prisma.interests.upsert({
+    const artsy = await prisma.interests.upsert({
-        where: { interestName: 'Aqua' },
+        where: { interestName: 'Artsy' },
        update: {},
-        create: { interestName: 'Aqua', displayOrder: 7 },
+        create: { interestName: 'Artsy', displayOrder: 5 },
    });
-    const foodie = await prisma.interests.upsert({
+    const foodiediaries = await prisma.interests.upsert({
-        where: { interestName: 'Foodie' },
+        where: { interestName: 'Foodie Diaries' },
        update: {},
-        create: { interestName: 'Foodie', displayOrder: 8 },
+        create: { interestName: 'Foodie Diaries', displayOrder: 6 },
    });
    await prisma.activityTypes.createMany({
        data: [
-            { interestXid: aqua.id, activityTypeName: 'Scuba-Diving' },
+            { interestXid: chillandzen.id, activityTypeName: 'Cricket' },
-            { interestXid: sweatmode.id, activityTypeName: 'Cloudboarding' },
+            { interestXid: chillandzen.id, activityTypeName: 'Football' },
            { interestXid: partycentral.id, activityTypeName: 'Soaring Glider' },
            { interestXid: sweatmode.id, activityTypeName: 'Speedway Racer' },
            { interestXid: aqua.id, activityTypeName: 'Aerial Surfing' },
            { interestXid: foodie.id, activityTypeName: 'Wine Tasting' },
            { interestXid: trackracer.id, activityTypeName: 'Track Racer' },
            { interestXid: thermalGliding.id, activityTypeName: 'Thermal Gliding' },
        ],
        skipDuplicates: true,
    });
@@ -224,49 +133,6 @@ async function main() {
        skipDuplicates: true, // prevents error if already seeded
    });
    // ✅ Company types data
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Proprietory' },
        update: {},
        create: { companyTypeName: 'Proprietory', displayOrder: 1 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'One Person Company' },
        update: {},
        create: { companyTypeName: 'One Person Company', displayOrder: 2 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Limited Liability Partnership' },
        update: {},
        create: { companyTypeName: 'Limited Liability Partnership', displayOrder: 3 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Partnership Firm' },
        update: {},
        create: { companyTypeName: 'Partnership Firm', displayOrder: 4 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Private Limited' },
        update: {},
        create: { companyTypeName: 'Private Limited', displayOrder: 5 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Non-Profit Organisation' },
        update: {},
        create: { companyTypeName: 'Non-Profit Organisation', displayOrder: 6 },
    });
    await prisma.companyTypes.upsert({
        where: { companyTypeName: 'Public Limited' },
        update: {},
        create: { companyTypeName: 'Public Limited', displayOrder: 7 },
    });
    // ✅ Food Types
    await prisma.foodTypes.createMany({
        data: [
--- a/serverless.yml
+++ b/serverless.yml
@@ -1,32 +1,20 @@
 service: minglar
 useDotenv: true
 params:
  dev:
    stage: dev
  test:
    stage: test
  uat:
    stage: uat
 provider:
  name: aws
  runtime: nodejs22.x
  region: ap-south-1
  stage: ${opt:stage, 'dev'}
  versionFunctions: false
  memorySize: 512
  # Apply Prisma layer to all functions
-  # Reference the layer defined in this stack using CloudFormation Ref
+  # Use the published layer version ARN (works for full deploy and `deploy function`)
  layers:
    # Use the exported stack output so deploy function works (expects a string ARN)
    - ${cf:${self:service}-${sls:stage}.PrismaLambdaLayerQualifiedArn}
  apiGateway:
    binaryMediaTypes:
      - '*/*'
    minimumCompressionSize: 1024
- 
+
  environment:
    DATABASE_URL: ${env:DATABASE_URL}
    DB_USERNAME: ${env:DB_USERNAME}
@@ -54,9 +42,7 @@ provider:
    S3_BUCKET_NAME: ${env:S3_BUCKET_NAME}
    MINGLAR_ADMIN_NAME: ${env:MINGLAR_ADMIN_NAME}
    MINGLAR_ADMIN_EMAIL: ${env:MINGLAR_ADMIN_EMAIL}
-    AM_INVITATION_LINK: ${env:AM_INVITATION_LINK}
+
    HOST_LINK: ${env:HOST_LINK}
  iam:
    role:
      statements:
@@ -69,11 +55,11 @@ provider:
          Resource:
            - 'arn:aws:s3:::${env:S3_BUCKET_NAME}'
            - 'arn:aws:s3:::${env:S3_BUCKET_NAME}/*'
- 
+
 custom:
  serverless-offline:
    reloadHandler: true
- 
+
 build:
  esbuild:
    bundle: true
@@ -81,35 +67,15 @@ build:
    sourcemap: false
    target: node20
    platform: node
    # Mark as external so they're not bundled into the JS
    external:
      # These are provided by the Prisma layer
      - '@prisma/client'
      - '.prisma/client'
      - '.prisma'
      - '@prisma/adapter-pg'
      - '.prisma'
      - 'pg'
      - 'zod'
      - '@aws-sdk/*'
      - '@smithy/*'
      - '@aws-crypto/*'
    # Exclude prevents npm install of these packages in the zip
    exclude:
      - 'aws-sdk'
-      - '@aws-sdk/*'
+
      - '@smithy/*'
      - '@aws-crypto/*'
      - '@prisma/adapter-pg'
      - '@prisma/client'
      - '.prisma'
      - '.prisma/client'
      - 'pg'
      - 'zod'
      - 'pg-*'
      - 'postgres-*'
      - 'pgpass'
      - 'split2'
      - 'xtend'
 # Define layers
 layers:
  prisma:
@@ -119,13 +85,11 @@ layers:
    compatibleRuntimes:
      - nodejs22.x
    retain: false
- 
+
 package:
  individually: true
  patterns:
    - '!node_modules/**'
    - '!node_modules/@prisma/**'
    - '!node_modules/.prisma/**'
    - '!**/*.test.js'
    - '!**/*.spec.js'
    - '!**/test/**'
@@ -136,13 +100,12 @@ package:
    - '!*.config.js'
    - '!.git/**'
    - '!.github/**'
- 
+
 # Import function definitions from separate files organized by module
 functions:
  - ${file(./serverless/functions/host.yml)}
  - ${file(./serverless/functions/minglaradmin.yml)}
  - ${file(./serverless/functions/prepopulate.yml)}
-  - ${file(./serverless/functions/pqq.yml)}
+
 plugins:
  - serverless-offline
--- a/serverless/functions/host.yml
+++ b/serverless/functions/host.yml
@@ -1,353 +1,680 @@
 # Host Module Functions
 # All authentication and host management endpoints
 getHosts:
  handler: src/modules/host/handlers/host.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/host.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host
        method: get
 verifyOTP:
  handler: src/modules/host/handlers/Host_Admin/onboarding/verifyOTP.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/verifyOtp.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/verify-otp
        method: post
 login:
  handler: src/modules/host/handlers/Host_Admin/onboarding/login.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/loginForHost.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/login
        method: post
 signUp:
  handler: src/modules/host/handlers/Host_Admin/onboarding/signUp.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/registration.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/registration
        method: post
 createPassword:
  handler: src/modules/host/handlers/Host_Admin/onboarding/createPassword.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/createPassword.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/create-password
        method: post
 updateBankDetails:
  handler: src/modules/host/handlers/Host_Admin/onboarding/updateBankDetails.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/addPaymentDetails.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/add-payment-details
        method: post
 saveActivity_ForPQQ:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/saveActivity_ForPQQ.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/addActivity.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/add-activity
        method: post
 getHostById:
  handler: src/modules/host/handlers/getbyidhandler.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/getbyidhandler.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/getById
        method: get
 getPQQ_ByQuestionId:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_ByQuestionId.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/getByIdPQQ.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/get-pqq-question-details
        method: get
 getPQQ_LastUpdatedQuestion:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_LastUpdatedQuestion.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/getLatestQuestionDetailsPQQ.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/get-latest-pqq-question-details
        method: get
-prePopulateNewActivity:
+
 getAllActivityType:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getAllActivityType.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/getActivityType.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
-        path: /host/Activity_Hub/OnBoarding/prepopulate-new-activity
+
        path: /host/Activity_Hub/OnBoarding/get-activity-type
        method: get
 showSuggestion:
  handler: src/modules/host/handlers/Host_Admin/onboarding/showSuggestion.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/Host_Admin/onboarding/showSuggestion.handler.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/get-suggestion
        method: get
 getAllHostActivity:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getAllHostActivity.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/getAllHostActivity.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/get-all-host-activity
        method: get
 acceptAggrement:
  handler: src/modules/host/handlers/Host_Admin/onboarding/acceptAggrement.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/acceptAgreement.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/accept-agreement
        method: patch
 getStepperInfo:
  handler: src/modules/host/handlers/getStepper.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/getStepper.*'
      - 'src/common/utils/handlers/safeHandler.*'
      - 'src/common/database/**'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /stepper
        method: get
 # Functions with S3/AWS SDK dependencies
 submitCompanyDetails:
  handler: src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.handler
  memorySize: 1024
  timeout: 30
  package:
    patterns:
      - 'src/modules/host/handlers/addCompanyDetails.*'
      - 'src/modules/host/services/**'
      - 'src/common/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Host_Admin/onboarding/add-company-details
        method: patch
 submitPQQ_Answer:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQ_Answer.handler
  memorySize: 1024
  package:
    patterns:
      - 'src/modules/host/handlers/submitPqqAns.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/submit-pqq-answer
        method: patch
 updatePQQ_LastAnswer:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQScore.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/submitPqqAns.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/submit-final-pqq-answer
        method: post
 submitPQQForReview:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQForReview.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQForReview.*'
      - 'src/modules/host/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/submit-pqq-for-review
        method: patch
 getAllPQQwithSubmittedAns:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getAllPQQwithSubmittedAns.handler
  memorySize: 512
  package:
    patterns:
      - 'src/modules/prepopulate/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/get-all-pqq-ques-submited-ans
        method: get
 updateSuggestionAsReviewed:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/updateSuggestionAsReviewed.handler
  memorySize: 512
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/update-suggestion-reviewed
        method: patch
 resendOTPmail:
  handler: src/modules/host/handlers/resendOtp.handler
  memorySize: 512
  package:
    patterns:
      - 'src/modules/host/handlers/resendOtp/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /resend-otp
        method: post
--- a/serverless/functions/minglaradmin.yml
+++ b/serverless/functions/minglaradmin.yml
@@ -1,6 +1,8 @@
 # Minglar Admin Module Functions
 # Admin dashboard and management endpoints
 minglarRegistration:
  handler: src/modules/minglaradmin/handlers/registration.handler
  memorySize: 384
@@ -78,6 +80,7 @@ prepopulateRole:
        path: /minglaradmin/prepopulate-Roles
        method: get
 getHostDetailsById:
  handler: src/modules/minglaradmin/handlers/hosthub/hosts/getByIdHostDetails.handler
  memorySize: 384
@@ -264,8 +267,8 @@ assignAMToHost:
        path: /minglaradmin/hosthub/onboarding/assign-am
        method: patch
-editAgreementDetailsAndAccept:
+editAgreementDetails:
-  handler: src/modules/minglaradmin/handlers/hosthub/onboarding/editAgreementDetailsAndAccept.handler
+  handler: src/modules/minglaradmin/handlers/hosthub/onboarding/editAgreementDetails.handler
  memorySize: 384
  package:
    patterns:
@@ -277,24 +280,9 @@ editAgreementDetailsAndAccept:
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
-        path: /minglaradmin/hosthub/onboarding/edit-agreement-accept-host
+        path: /minglaradmin/hosthub/onboarding/edit-agreement
        method: patch
 getAllPqqQuesAnsForAM:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/getAllPQQwithSubmittedAns.handler
  memorySize: 512
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/getAllPQQwithSubmittedAns**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /minglaradmin/hosthub/onboarding/get-all-pqq-ques-ans-for-am
        method: get
 acceptHostApplication:
  handler: src/modules/minglaradmin/handlers/hosthub/hosts/acceptHostApplication.handler
  memorySize: 384
@@ -324,15 +312,15 @@ RejectPQQByAM:
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
-        path: /minglaradmin/hosthub/hosts/reject-pq-by-am
+        path: /minglaradmin/hosthub/hosts/reject-pqq-by-am
        method: patch
-acceptPQByAM:
+acceptHostApplicationMinglar:
-  handler: src/modules/minglaradmin/handlers/hosthub/hosts/acceptPQByAM.handler
+  handler: src/modules/minglaradmin/handlers/hosthub/onboarding/acceptHostAppMinglar.handler
  memorySize: 384
  package:
    patterns:
-      - 'src/modules/minglaradmin/handlers/hosthub/hosts/acceptPQByAM**'
+      - 'src/modules/minglaradmin/handlers/hosthub/onboarding/**'
      - 'src/modules/minglaradmin/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
@@ -340,7 +328,7 @@ acceptPQByAM:
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
-        path: /minglaradmin/hosthub/hosts/accept-pq-by-am
+        path: /minglaradmin/hosthub/onboarding/accept-host-application-minglar
        method: patch
 rejectHostApplication:
@@ -357,7 +345,7 @@ rejectHostApplication:
  events:
    - httpApi:
        path: /minglaradmin/hosthub/onboarding/reject-host-application
-        method: patch
+        method: post
 rejectHostApplicationAM:
  handler: src/modules/minglaradmin/handlers/hosthub/hosts/rejectHostApplicationAM.handler
@@ -373,7 +361,7 @@ rejectHostApplicationAM:
  events:
    - httpApi:
        path: /minglaradmin/hosthub/hosts/reject-host-application-am
-        method: patch
+        method: post
 addPQQSuggestion:
  handler: src/modules/minglaradmin/handlers/hosthub/hosts/addPQQSuggestion.handler
@@ -390,36 +378,3 @@ addPQQSuggestion:
    - httpApi:
        path: /minglaradmin/hosthub/hosts/add-Pqq-suggestion
        method: post
 getAllPQPDetailsForAM:
  handler: src/modules/minglaradmin/handlers/hosthub/pqp/getAllPQPDetailsForAM.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/minglaradmin/handlers/hosthub/pqp/getAllPQPDetailsForAM**'
      - 'src/modules/minglaradmin/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /minglaradmin/hosthub/pqp/pqp-details-for-am/{activityXid}
        method: get
 getSuggestionsForAM:
  handler: src/modules/minglaradmin/handlers/hosthub/onboarding/showSuggestionToAM.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/minglaradmin/handlers/hosthub/onboarding/showSuggestionToAM**'
      - 'src/modules/minglaradmin/services/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /minglaradmin/hosthub/onboarding/show-suggestion-to-am/{hostXid}
        method: get
--- a/serverless/functions/pqq.yml
+++ b/serverless/functions/pqq.yml
@@ -1,29 +0,0 @@
 createActivityAndAllQuestionsEntry:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/createActivityAndAllQuestionsEntry.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/createActivityAndAllQuestionsEntry**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/create-activity
        method: post
 submitPQAnswer:
  handler: src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQAnswer.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQAnswer**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /host/Activity_Hub/OnBoarding/submit-pq-answer
        method: patch
--- a/serverless/functions/prepopulate.yml
+++ b/serverless/functions/prepopulate.yml
@@ -91,19 +91,4 @@ getFrequenciesOfActivity:
  events:
    - httpApi:
        path: /prepopulate/get-all-Frequencies
-        method: get
+        method: get
 getAddActivityPrePopulate:
  handler: src/modules/prepopulate/handlers/getAddActivityPrePopulate.handler
  memorySize: 384
  package:
    patterns:
      - 'src/modules/prepopulate/**'
      - ${file(./serverless/patterns/base.yml):pattern1}
      - ${file(./serverless/patterns/base.yml):pattern2}
      - ${file(./serverless/patterns/base.yml):pattern3}
      - ${file(./serverless/patterns/base.yml):pattern4}
  events:
    - httpApi:
        path: /prepopulate/get-add-activity-prepopulate
        method: get
--- a/serverless/patterns/base.yml
+++ b/serverless/patterns/base.yml
@@ -1,9 +1,8 @@
 # Base packaging patterns shared across all functions
 # Note: Prisma 7 uses driver adapters (no binary engines) - everything is in the layer
 pattern1: 'src/common/**'
 pattern2: 'common/**'
-# REMOVED: Prisma is now provided by Lambda layer - DO NOT include in function packages
+# Prisma packages are now provided by the layer, no need to include in function package
 # pattern3: 'node_modules/@prisma/client/**'
 # pattern4: 'node_modules/.prisma/client/libquery_engine-rhel-openssl-3.0.x.so.node'
 pattern3: '!node_modules/@prisma/**'
 pattern4: '!node_modules/.prisma/**'
-pattern5: '!node_modules/.prisma/client/libquery_engine*'
+pattern5: '!node_modules/pg/**'
--- a/src/common/database/prisma.client.ts
+++ b/src/common/database/prisma.client.ts
@@ -1,29 +1,11 @@
 import { PrismaClient } from '@prisma/client';
 import { PrismaPg } from '@prisma/adapter-pg';
-// Singleton pattern for Prisma client - prevents "Too many database connections" error
+const adapter = new PrismaPg({ connectionString: process.env.DATABASE_URL });
 const globalForPrisma = globalThis as unknown as {
  prisma: PrismaClient | undefined;
 };
-function createPrismaClient() {
+export const prisma = new PrismaClient({
-  const adapter = new PrismaPg({ connectionString: process.env.DATABASE_URL });
+  adapter,
-  
+  log: process.env.NODE_ENV === 'dev' ? ['query', 'info', 'warn', 'error'] : ['error'],
-  return new PrismaClient({
+});
    adapter,
    log: process.env.NODE_ENV === 'dev' ? ['query', 'info', 'warn', 'error'] : ['error'],
  });
 }
 export const prisma = globalForPrisma.prisma ?? createPrismaClient();
 if (process.env.NODE_ENV !== 'production') {
  globalForPrisma.prisma = prisma;
 }
 // For serverless environments, always cache the client
 if (process.env.IS_OFFLINE || process.env.AWS_LAMBDA_FUNCTION_NAME) {
  globalForPrisma.prisma = prisma;
 }
--- a/src/common/database/prisma.lambda.service.ts
+++ b/src/common/database/prisma.lambda.service.ts
@@ -1,5 +0,0 @@
 // Re-export the singleton prisma client for Lambda handlers
 // This ensures all Lambda functions use the same cached connection
 import { prisma } from './prisma.client';
 export const prismaClient = prisma;
--- a/src/common/database/prisma.module.ts
+++ b/src/common/database/prisma.module.ts
@@ -1,5 +1,5 @@
 import { Global, Module } from '@nestjs/common';
-import { PrismaService } from './prisma.lambda.service';
+import { PrismaService } from './prisma.service';
@Global()
@Module({
--- a/src/common/database/prisma.service.ts
+++ b/src/common/database/prisma.service.ts
@@ -1,13 +1,15 @@
-import { Injectable, OnModuleInit, OnModuleDestroy } from '@nestjs/common';
+import { Injectable, OnModuleInit, OnModuleDestroy, INestApplication } from '@nestjs/common';
 import { PrismaClient } from '@prisma/client';
-import { prisma } from './prisma.client';
+import { PrismaPg } from '@prisma/adapter-pg';
@Injectable()
 export class PrismaService extends PrismaClient implements OnModuleInit, OnModuleDestroy {
  constructor() {
-    super();
+    const adapter = new PrismaPg({ connectionString: process.env.DATABASE_URL });
-    // Use the singleton instance
+    super({
-    Object.assign(this, prisma);
+      adapter,
      log: process.env.NODE_ENV === 'dev' ? ['query', 'info', 'warn', 'error'] : ['error'],
    });
  }
  async onModuleInit() {
@@ -17,4 +19,10 @@ export class PrismaService extends PrismaClient implements OnModuleInit, OnModul
  async onModuleDestroy() {
    await this.$disconnect();
  }
-}
+
  async enableShutdownHooks(app: INestApplication) {
    process.on('beforeExit', async () => {
      await app.close();
    });
  }
 }
--- a/src/common/middlewares/jwt/authForHost.ts
+++ b/src/common/middlewares/jwt/authForHost.ts
@@ -49,17 +49,6 @@ export async function verifyHostToken(token: string): Promise<{ id: number; role
      include: { role: true },
    });
    const latestToken = await prisma.token.findFirst({
      where: {
        userXid: userId
      },
      orderBy: { id: 'desc' }
    })
    if (latestToken.isBlackListed == true) {
      throw new ApiError(401, "This session is expired. Please login.")
    }
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
@@ -100,7 +89,7 @@ const verifyCallback = async (
  try {
    const userInfo = await verifyHostToken(token);
-
+    
    // Attach user to request
    req.user = { id: userInfo.id.toString(), role: userInfo.role };
@@ -115,12 +104,12 @@ const verifyCallback = async (
 */
 const authForHost =
  () =>
-    async (req: Request, res: Response, next: NextFunction) => {
+  async (req: Request, res: Response, next: NextFunction) => {
-      return new Promise((resolve, reject) => {
+    return new Promise((resolve, reject) => {
-        verifyCallback(req, resolve, reject);
+      verifyCallback(req, resolve, reject);
-      })
+    })
-        .then(() => next())
+      .then(() => next())
-        .catch((err) => next(err));
+      .catch((err) => next(err));
-    };
+  };
 export default authForHost;
--- a/src/common/middlewares/jwt/authForMinglarAdmin&Host.ts
+++ b/src/common/middlewares/jwt/authForMinglarAdmin&Host.ts
@@ -51,17 +51,6 @@ export async function verifyMinglarAdminHostToken(token: string): Promise<{ id:
            include: { role: true },
        });
        const latestToken = await prisma.token.findFirst({
            where: {
                userXid: userId
            },
            orderBy: { id: 'desc' }
        })
        if (latestToken.isBlackListed == true) {
            throw new ApiError(401, "This session is expired. Please login.")
        }
        if (!user) {
            throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
        }
--- a/src/common/middlewares/jwt/authForMinglarAdmin.ts
+++ b/src/common/middlewares/jwt/authForMinglarAdmin.ts
@@ -49,17 +49,6 @@ export async function verifyMinglarAdminToken(token: string): Promise<{ id: numb
      include: { role: true },
    });
    const latestToken = await prisma.token.findFirst({
      where: {
        userXid: userId
      },
      orderBy: { id: 'desc' }
    })
    if (latestToken.isBlackListed == true) {
      throw new ApiError(401, "This session is expired. Please login.")
    }
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
@@ -73,7 +62,7 @@ export async function verifyMinglarAdminToken(token: string): Promise<{ id: numb
    if (![ROLE.MINGLAR_ADMIN, ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER].includes(user.roleXid)) {
      throw new ApiError(httpStatus.FORBIDDEN, 'Access denied.');
    }
-
+    
    return { id: user.id, role: user.role?.roleName };
  } catch (error) {
@@ -101,7 +90,7 @@ const verifyCallback = async (
  try {
    const userInfo = await verifyMinglarAdminToken(token);
-
+    
    // Attach user to request
    req.user = { id: userInfo.id.toString(), role: userInfo.role };
@@ -116,12 +105,12 @@ const verifyCallback = async (
 */
 const authForHost =
  () =>
-    async (req: Request, res: Response, next: NextFunction) => {
+  async (req: Request, res: Response, next: NextFunction) => {
-      return new Promise((resolve, reject) => {
+    return new Promise((resolve, reject) => {
-        verifyCallback(req, resolve, reject);
+      verifyCallback(req, resolve, reject);
-      })
+    })
-        .then(() => next())
+      .then(() => next())
-        .catch((err) => next(err));
+      .catch((err) => next(err));
-    };
+  };
 export default authForHost;
--- a/src/common/middlewares/jwt/authForOnlyMinglarAdmin.ts
+++ b/src/common/middlewares/jwt/authForOnlyMinglarAdmin.ts
@@ -49,17 +49,6 @@ export async function verifyOnlyMinglarAdminToken(token: string): Promise<{ id:
      include: { role: true },
    });
    const latestToken = await prisma.token.findFirst({
      where: {
        userXid: userId
      },
      orderBy: { id: 'desc' }
    })
    if (latestToken.isBlackListed == true) {
      throw new ApiError(401, "This session is expired. Please login.")
    }
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
@@ -73,7 +62,7 @@ export async function verifyOnlyMinglarAdminToken(token: string): Promise<{ id:
    if (user.roleXid !== ROLE.MINGLAR_ADMIN) {
      throw new ApiError(httpStatus.FORBIDDEN, 'Access denied.');
    }
-
+    
    return { id: user.id, role: user.role?.roleName };
  } catch (error) {
@@ -101,7 +90,7 @@ const verifyCallback = async (
  try {
    const userInfo = await verifyOnlyMinglarAdminToken(token);
-
+    
    // Attach user to request
    req.user = { id: userInfo.id.toString(), role: userInfo.role };
@@ -116,12 +105,12 @@ const verifyCallback = async (
 */
 const authForHost =
  () =>
-    async (req: Request, res: Response, next: NextFunction) => {
+  async (req: Request, res: Response, next: NextFunction) => {
-      return new Promise((resolve, reject) => {
+    return new Promise((resolve, reject) => {
-        verifyCallback(req, resolve, reject);
+      verifyCallback(req, resolve, reject);
-      })
+    })
-        .then(() => next())
+      .then(() => next())
-        .catch((err) => next(err));
+      .catch((err) => next(err));
-    };
+  };
 export default authForHost;
--- a/src/common/middlewares/jwt/authForUser.ts
+++ b/src/common/middlewares/jwt/authForUser.ts
@@ -50,17 +50,6 @@ export async function verifyUserToken(token: string): Promise<{ id: number; role
      include: { role: true },
    });
    const latestToken = await prisma.token.findFirst({
      where: {
        userXid: userId
      },
      orderBy: { id: 'desc' }
    })
    if (latestToken.isBlackListed == true) {
      throw new ApiError(401, "This session is expired. Please login.")
    }
    if (!user) {
      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
    }
@@ -101,7 +90,7 @@ const verifyCallback = async (
  try {
    const userInfo = await verifyUserToken(token);
-
+    
    // Attach user to request
    req.user = { id: userInfo.id.toString(), role: userInfo.role };
@@ -116,12 +105,12 @@ const verifyCallback = async (
 */
 const authForHost =
  () =>
-    async (req: Request, res: Response, next: NextFunction) => {
+  async (req: Request, res: Response, next: NextFunction) => {
-      return new Promise((resolve, reject) => {
+    return new Promise((resolve, reject) => {
-        verifyCallback(req, resolve, reject);
+      verifyCallback(req, resolve, reject);
-      })
+    })
-        .then(() => next())
+      .then(() => next())
-        .catch((err) => next(err));
+      .catch((err) => next(err));
-    };
+  };
 export default authForHost;
--- a/src/common/utils/constants/host.constant.ts
+++ b/src/common/utils/constants/host.constant.ts
@@ -23,16 +23,19 @@ export const STEPPER = {
    REJECTED: 6
 }
 export const LAST_QUESTION_ID = {
    Q_ID: 55
 }
 export const ACTIVITY_INTERNAL_STATUS = {
    DRAFT_PQ: 'Draft - PQ',
    APPROVED: 'Approved',
    REJECTED: 'Rejected',
    DRAFT: 'Draft',
    UNDER_REVIEW: 'Under-Review',
-    PQ_FAILED: 'PQ Failed',
+    PQQ_FAILED: 'PQQ Failed',
-    PQ_TO_UPDATE: 'PQ To Update',
+    PQQ_TO_UPDATE: 'PQ To Update',
-    PQ_SUBMITTED: 'PQ Submitted',
+    PQQ_SUBMITTED: 'PQ Submitted'
    PQ_APPROVED: 'PQ Approved'
 }
 export const ACTIVITY_DISPLAY_STATUS = {
@@ -41,10 +44,9 @@ export const ACTIVITY_DISPLAY_STATUS = {
    REJECTED: 'Rejected',
    DRAFT: 'Draft',
    UNDER_REVIEW: 'Under-Review',
-    PQ_FAILED: 'PQ Failed',
+    PQQ_FAILED: 'PQQ Failed',
    ENHANCING: 'Enchancing',
-    PQ_IN_REVIEW: 'PQ In Review',
+    PQ_IN_REVIEW: 'PQ In Review'
    PQ_APPROVED: 'PQ Approved'
 }
 export const ACTIVITY_AM_INTERNAL_STATUS = {
@@ -53,10 +55,9 @@ export const ACTIVITY_AM_INTERNAL_STATUS = {
    REJECTED: 'Rejected',
    DRAFT: 'Draft',
    UNDER_REVIEW: 'Under-Review',
-    PQ_FAILED: 'PQ Failed',
+    PQQ_FAILED: 'PQQ Failed',
-    PQ_REJECTED: 'PQ Rejected',
+    PQQ_REJECTED: 'PQ Rejected',
-    PQ_TO_REVIEW: 'PQ To Review',
+    PQQ_TO_REVIEW: 'PQ To Review'
    PQ_APPROVED: 'PQ Approved'
 }
 export const ACTIVITY_AM_DISPLAY_STATUS = {
@@ -65,9 +66,7 @@ export const ACTIVITY_AM_DISPLAY_STATUS = {
    REJECTED: 'Rejected',
    DRAFT: 'Draft',
    UNDER_REVIEW: 'Under-Review',
-    PQ_FAILED: 'PQ Failed',
+    PQQ_FAILED: 'PQQ Failed',
    ENHANCING: 'Enchancing',
-    NEW: 'New',
+    NEW: 'New'
    PQ_APPROVED: 'PQ Approved',
    REVISED: 'Revised'
 }
--- a/src/common/utils/constants/minglar.constant.ts
+++ b/src/common/utils/constants/minglar.constant.ts
@@ -25,35 +25,23 @@ export const MINGLAR_INVITATION_STATUS = {
  INVITED: 'Invited',
 };
-export const ACTIVITY_TRACK_TYPE = {
+export const HOST_SUGGESTION_TITLES = {
-  PQ: 'PQ',
+  COMPANY_DETAILS: 'Complete Details',
-  ACTIVITY: 'Activity'
+  COMPANY_DOCUMENTATION: 'Company documentataion',
-}
+  COMPANY_SOCIAL_PROOF: 'Social Proof',
-
+  ACTIVITY_INFORMATION: 'Activity Information',
-export const ACTIVITY_TRACK_STATUS = {
+  ACTIVITY_LOCATION: 'Activity Location',
-  REJECTED_BY_AM: 'Rejected By AM',
+  PICKUP_DROP_LOCATION: 'Pickup-Drop Location',
-  ACCEPTED_BY_AM: 'Accepted By AM',
+  NUMBER_OF_PEOPLE: 'Number of People',
-  ENHANCING: 'Enhancing',
+  INCLUSION: 'Inclusion',
-  PQ_SUBMITTED: 'PQ Submitted'
+  TAX_SETUP: 'Tax Setup',
-}
+  ENERGY_LEVEL: 'Energy Level',
-
+  ELIGIBILITY_CRITERIA: 'Eligibility Criteria',
-// export const HOST_SUGGESTION_TITLES = {
+  AMENITIES: 'Amenities',
-//   COMPANY_DETAILS: 'Complete Details',
+  EXLUSIVE_NOTES: 'Exclusive Notes',
-//   COMPANY_DOCUMENTATION: 'Company documentataion',
+  CANCELLATION_POLICY: 'Cancellation Policy',
-//   COMPANY_SOCIAL_PROOF: 'Social Proof',
+  DOs_AND_DONTs: 'Do’s and Dont’s',
-//   ACTIVITY_INFORMATION: 'Activity Information',
+  TIPS_FOR_USERS: 'Tips for Users',
-//   ACTIVITY_LOCATION: 'Activity Location',
+  SUSTAINABILITY: 'Sustainability',
-//   PICKUP_DROP_LOCATION: 'Pickup-Drop Location',
+  TERMS_AND_CONDITION_FOR_USER: 'Terms and Conditions for User'
-//   NUMBER_OF_PEOPLE: 'Number of People',
+};
 //   INCLUSION: 'Inclusion',
 //   TAX_SETUP: 'Tax Setup',
 //   ENERGY_LEVEL: 'Energy Level',
 //   ELIGIBILITY_CRITERIA: 'Eligibility Criteria',
 //   AMENITIES: 'Amenities',
 //   EXLUSIVE_NOTES: 'Exclusive Notes',
 //   CANCELLATION_POLICY: 'Cancellation Policy',
 //   DOs_AND_DONTs: 'Do’s and Dont’s',
 //   TIPS_FOR_USERS: 'Tips for Users',
 //   SUSTAINABILITY: 'Sustainability',
 //   TERMS_AND_CONDITION_FOR_USER: 'Terms and Conditions for User'
 // };
--- a/src/common/utils/helper/resendOtpHelper.ts
+++ b/src/common/utils/helper/resendOtpHelper.ts
@@ -12,6 +12,7 @@ export interface OtpResult {
 export async function resendOtpHelper(
  prisma: any,                            
  userId: number,
  email: string,
  emailPurpose: "Register" | "Login" | "ForgotPassword",
  otpLength: 4 | 6 = 4,
  expiryMinutes: number = 5
--- a/src/common/utils/validation/host/activity.validation.ts
+++ b/src/common/utils/validation/host/activity.validation.ts
@@ -0,0 +1,140 @@
 /**
 * Host Activity Validation Schemas
 * Production-ready Zod validations for host activity management
 */
 import { z } from 'zod';
 import { idSchema, optionalIdSchema, searchQuerySchema, paginationSchema } from '../validation.utils';
 // ============================================
 // CREATE ACTIVITY (FOR PQQ)
 // ============================================
 /**
 * Create activity schema
 */
 export const createActivitySchema = z.object({
  activityTypeXid: idSchema.describe('Activity type ID'),
  frequenciesXid: optionalIdSchema.describe('Frequency ID'),
 });
 export type CreateActivityInput = z.infer<typeof createActivitySchema>;
 // ============================================
 // GET ACTIVITY TYPE
 // ============================================
 /**
 * Get all activity types query params
 */
 export const getActivityTypeQuerySchema = z.object({
  interestXid: z.coerce
    .number()
    .int('Interest ID must be an integer')
    .positive('Interest ID must be positive')
    .optional(),
 });
 export type GetActivityTypeQuery = z.infer<typeof getActivityTypeQuerySchema>;
 // ============================================
 // GET PQQ BY QUESTION ID
 // ============================================
 /**
 * Get PQQ by question ID query params
 */
 export const getPqqByQuestionIdQuerySchema = z.object({
  question_xid: z.coerce
    .number()
    .int('Question ID must be an integer')
    .positive('Question ID must be positive'),
  activity_xid: z.coerce
    .number()
    .int('Activity ID must be an integer')
    .positive('Activity ID must be positive'),
 });
 export type GetPqqByQuestionIdQuery = z.infer<typeof getPqqByQuestionIdQuerySchema>;
 // ============================================
 // SUBMIT PQQ ANSWER
 // ============================================
 /**
 * Submit PQQ answer schema
 */
 export const submitPqqAnswerSchema = z.object({
  activityXid: idSchema.describe('Activity ID'),
  questionXid: idSchema.describe('Question ID'),
  answerXid: idSchema.describe('Answer ID'),
  // For file uploads, these are handled separately
  documentPath: z.string().max(500).optional(),
  remarks: z.string().max(500, 'Remarks cannot exceed 500 characters').optional(),
 });
 export type SubmitPqqAnswerInput = z.infer<typeof submitPqqAnswerSchema>;
 // ============================================
 // UPDATE SUGGESTION AS REVIEWED
 // ============================================
 /**
 * Update suggestion as reviewed schema
 */
 export const updateSuggestionReviewedSchema = z.object({
  activityPqqHeaderXid: idSchema.describe('Activity PQQ Header ID'),
  activityPQQSuggestionId: idSchema.optional().describe('Activity PQQ Suggestion ID'),
 });
 export type UpdateSuggestionReviewedInput = z.infer<typeof updateSuggestionReviewedSchema>;
 // ============================================
 // GET ALL HOST ACTIVITY
 // ============================================
 /**
 * Get all host activities query params
 */
 export const getAllHostActivityQuerySchema = z.object({
  hostXid: z.coerce
    .number()
    .int('Host ID must be an integer')
    .positive('Host ID must be positive')
    .optional(),
  status: z
    .enum(['pending', 'approved', 'rejected', 'draft'])
    .optional(),
  ...paginationSchema.shape,
 });
 export type GetAllHostActivityQuery = z.infer<typeof getAllHostActivityQuerySchema>;
 // ============================================
 // GET LATEST QUESTION (activity_xid query param)
 // ============================================
 /**
 * Get latest PQQ question query params
 */
 export const getLatestPqqQuestionQuerySchema = z.object({
  activity_xid: z.coerce
    .number()
    .int('Activity ID must be an integer')
    .positive('Activity ID must be positive'),
 });
 export type GetLatestPqqQuestionQuery = z.infer<typeof getLatestPqqQuestionQuerySchema>;
 // ============================================
 // SEARCH QUERY (optional)
 // ============================================
 /**
 * Optional search query params
 */
 export const optionalSearchQuerySchema = z.object({
  search: searchQuerySchema,
  q: searchQuerySchema,
 });
 export type OptionalSearchQuery = z.infer<typeof optionalSearchQuerySchema>;
--- a/src/common/utils/validation/host/addPaymentDetails.validation.ts
+++ b/src/common/utils/validation/host/addPaymentDetails.validation.ts
@@ -1,35 +1,27 @@
-// validations/hostBankDetails.validation.ts
+/**
-import { z } from "zod";
+ * Host Bank Details Validation Schema
 * Production-ready Zod validation for payment/bank details
 */
 import { z } from 'zod';
 import { idSchema, ifscCodeSchema, accountNumberSchema } from '../validation.utils';
 export const hostBankDetailsSchema = z.object({
-  accountNumber: z
+  accountNumber: accountNumberSchema,
    .string()
    .nonempty("Account number is required"),
  accountHolderName: z
    .string()
-    .nonempty("Account holder name is required")
+    .min(2, 'Account holder name must be at least 2 characters')
-    .min(2, { message: "Account holder name must be at least 2 characters" }),
+    .max(100, 'Account holder name cannot exceed 100 characters'),
-  bankXid: z
+  ifscCode: ifscCodeSchema,
    .number()
    .int({ message: "Bank ID must be an integer" })
    .positive({ message: "Bank ID must be a positive number" }),
-  hostXid: z
+  bankXid: idSchema.describe('Bank ID'),
    .number()
    .int({ message: "Host ID must be an integer" })
    .positive({ message: "Host ID must be a positive number" }),
-  bankBranchXid: z
+  hostXid: idSchema.describe('Host ID'),
    .number()
    .int({ message: "Bank branch ID must be an integer" })
    .positive({ message: "Bank branch ID must be a positive number" }),
-  currencyXid: z
+  bankBranchXid: idSchema.describe('Bank branch ID'),
-    .number()
+
-    .int({ message: "Currency ID must be an integer" })
+  currencyXid: idSchema.describe('Currency ID'),
    .positive({ message: "Currency ID must be a positive number" }),
 });
-export type HostBankDetailsSchema = z.infer<typeof hostBankDetailsSchema>;
+export type HostBankDetailsInput = z.infer<typeof hostBankDetailsSchema>;
--- a/src/common/utils/validation/host/auth.validation.ts
+++ b/src/common/utils/validation/host/auth.validation.ts
@@ -0,0 +1,139 @@
 /**
 * Host Onboarding Validation Schemas
 * Production-ready Zod validations for host registration and authentication
 * Compatible with Zod v4
 */
 import { z } from 'zod';
 import {
  emailSchema,
  simplePasswordSchema,
  otpSchema,
  nameSchema,
  optionalNameSchema,
  mobileNumberSchema,
  isdCodeSchema,
 } from '../validation.utils';
 // ============================================
 // SIGNUP / REGISTRATION
 // ============================================
 /**
 * Host registration/signup schema
 */
 export const hostSignUpSchema = z.object({
  email: emailSchema,
 });
 export type HostSignUpInput = z.infer<typeof hostSignUpSchema>;
 // ============================================
 // OTP VERIFICATION
 // ============================================
 /**
 * OTP verification schema
 */
 export const verifyOtpSchema = z.object({
  otp: otpSchema,
 });
 export type VerifyOtpInput = z.infer<typeof verifyOtpSchema>;
 /**
 * OTP verification with email schema (for verifyOTP handler)
 */
 export const verifyOtpWithEmailSchema = z.object({
  email: emailSchema,
  otp: otpSchema,
 });
 export type VerifyOtpWithEmailInput = z.infer<typeof verifyOtpWithEmailSchema>;
 // ============================================
 // LOGIN
 // ============================================
 /**
 * Host login schema
 */
 export const hostLoginSchema = z.object({
  emailAddress: emailSchema,
  userPassword: z
    .string()
    .min(1, 'Password is required'),
 });
 export type HostLoginInput = z.infer<typeof hostLoginSchema>;
 // ============================================
 // CREATE PASSWORD
 // ============================================
 /**
 * Create password schema with confirmation matching
 */
 export const createPasswordSchema = z
  .object({
    password: simplePasswordSchema,
    confirmPassword: z.string().min(1, 'Confirm password is required'),
  })
  .refine((data) => data.password === data.confirmPassword, {
    message: 'Password and confirm password do not match',
    path: ['confirmPassword'],
  });
 export type CreatePasswordInput = z.infer<typeof createPasswordSchema>;
 // ============================================
 // RESEND OTP
 // ============================================
 /**
 * Resend OTP schema
 */
 export const resendOtpSchema = z.object({
  email: emailSchema,
  purpose: z
    .enum(['Register', 'Login', 'ForgotPassword'])
    .optional()
    .default('Register'),
 });
 export type ResendOtpInput = z.infer<typeof resendOtpSchema>;
 // ============================================
 // UPDATE PROFILE
 // ============================================
 /**
 * Host profile update schema
 */
 export const updateHostProfileSchema = z.object({
  firstName: optionalNameSchema,
  lastName: optionalNameSchema,
  mobileNumber: mobileNumberSchema,
  isdCode: isdCodeSchema,
  dateOfBirth: z
    .string()
    .refine((val) => !val || !isNaN(Date.parse(val)), 'Invalid date format')
    .optional(),
  profileImage: z.string().max(500, 'Profile image path cannot exceed 500 characters').optional(),
 });
 export type UpdateHostProfileInput = z.infer<typeof updateHostProfileSchema>;
 // ============================================
 // ACCEPT AGREEMENT
 // ============================================
 /**
 * Accept agreement schema (just confirmation)
 */
 export const acceptAgreementSchema = z.object({
  agreementAccepted: z.literal(true, {
    message: 'Agreement must be accepted',
  }),
 });
 export type AcceptAgreementInput = z.infer<typeof acceptAgreementSchema>;
--- a/src/common/utils/validation/host/hostCompanyDetails.validation.ts
+++ b/src/common/utils/validation/host/hostCompanyDetails.validation.ts
@@ -2,29 +2,31 @@ import { z } from "zod";
 export const parentCompanySchema = z.object({
  companyName: z.string()
-    .max(100, "Parent company name cannot exceed 100 characters")
+    .min(1, "Parent company name is required")
-    .optional(),
+    .max(100, "Parent company name cannot exceed 100 characters"),
  address1: z.string()
-    .max(150, "Address1 cannot exceed 150 characters")
+    .min(1, "Address1 is required")
-    .optional(),
+    .max(150, "Address1 cannot exceed 150 characters"),
  address2: z.string()
    .max(150, "Address2 cannot exceed 150 characters")
    .optional(),
-  cityXid: z.number().optional(),
+  cityXid: z.number().min(1, "City is required"),
-  stateXid: z.number().optional(),
+  stateXid: z.number().min(1, "State is required"),
-  countryXid: z.number().optional(),
+  countryXid: z.number().min(1, "Country is required"),
  pinCode: z.string()
-    .max(30, "Pincode cannot exceed 30 characters")
+    .min(4, "Pincode/Zipcode is required")
-    .optional(),
+    .max(30, "Pincode cannot exceed 30 characters"),
  logoPath: z.string()
    .max(400, "Logo path cannot exceed 400 characters")
    .optional(),
  isSubsidairy: z.boolean().optional(),
  registrationNumber: z.string()
    .max(30, "Registration number cannot exceed 30 characters")
    .optional(),
@@ -43,15 +45,15 @@ export const parentCompanySchema = z.object({
      message: "Formation date must be a valid date",
    }),
-  companyTypeXid: z.number()
+  companyType: z.string()
-    .optional(),
+    .min(1, "Company type is required")
-
+    .max(30, "Company type cannot exceed 30 characters"),
  websiteUrl: z.string().nullable().optional(),
  instagramUrl: z.string().nullable().optional(),
  facebookUrl: z.string().nullable().optional(),
  linkedinUrl: z.string().nullable().optional(),
  twitterUrl: z.string().nullable().optional(),
  websiteUrl: z.string().url().max(80, "Website URL cannot exceed 80 characters").optional(),
  instagramUrl: z.string().url().max(80, "Instagram URL cannot exceed 80 characters").optional(),
  facebookUrl: z.string().url().max(80, "Facebook URL cannot exceed 80 characters").optional(),
  linkedinUrl: z.string().url().max(80, "LinkedIn URL cannot exceed 80 characters").optional(),
  twitterUrl: z.string().url().max(80, "Twitter URL cannot exceed 80 characters").optional(),
 });
@@ -104,20 +106,15 @@ export const hostCompanyDetailsSchema = z.object({
      message: "Formation date must be a valid date",
    }),
-  companyTypeXid: z.number()
+  companyType: z.string()
-    .int("Company type must be a valid integer")
+    .min(1, "Company type is required")
-    .min(1, "Company type is required"),
+    .max(30, "Company type cannot exceed 30 characters"),
  referencedBy: z.string()
    .optional(),
  websiteUrl: z.string().nullable().optional(),
  instagramUrl: z.string().nullable().optional(),
  facebookUrl: z.string().nullable().optional(),
  linkedinUrl: z.string().nullable().optional(),
  twitterUrl: z.string().nullable().optional(),
  websiteUrl: z.string().url().max(50, "Website URL cannot exceed 50 characters").optional(),
  instagramUrl: z.string().url().max(80, "Instagram URL cannot exceed 80 characters").optional(),
  facebookUrl: z.string().url().max(80, "Facebook URL cannot exceed 80 characters").optional(),
  linkedinUrl: z.string().url().max(80, "LinkedIn URL cannot exceed 80 characters").optional(),
  twitterUrl: z.string().url().max(80, "Twitter URL cannot exceed 80 characters").optional(),
  parentCompany: parentCompanySchema.optional(),
 });
--- a/src/common/utils/validation/host/index.ts
+++ b/src/common/utils/validation/host/index.ts
@@ -0,0 +1,13 @@
 /**
 * Host Module Validation Schemas Index
 * Export all host-related validation schemas
 */
 // Authentication & Onboarding
 export * from './auth.validation';
 export * from './login.validation';
 export * from './addPaymentDetails.validation';
 export * from './hostCompanyDetails.validation';
 // Activity Management
 export * from './activity.validation';
--- a/src/common/utils/validation/host/login.validation.ts
+++ b/src/common/utils/validation/host/login.validation.ts
@@ -1,20 +1,16 @@
-// validations/hostBankDetails.validation.ts
+/**
-import { z } from "zod";
+ * Host Login Validation Schema
 * Production-ready Zod validation for host login
 */
 import { z } from 'zod';
 import { emailSchema } from '../validation.utils';
 export const loginForHostSchema = z.object({
- 
+  emailAddress: emailSchema,
  emailAddress : z
  .string()
  .nonempty("Email is required"),
  userPassword : z
  .string()
  .nonempty("Password is required")
  .min(8, { message: "Password must be at least 8 characters" }),
  userPassword: z
    .string()
    .min(1, 'Password is required'),
 });
-export type loginForHostSchema = z.infer<typeof loginForHostSchema>;
+export type LoginForHostInput = z.infer<typeof loginForHostSchema>;
--- a/src/common/utils/validation/index.ts
+++ b/src/common/utils/validation/index.ts
@@ -0,0 +1,16 @@
 /**
 * Validation Module Index
 * Central export for all validation schemas and utilities
 */
 // Validation Utilities
 export * from './validation.utils';
 // Host Module Validations
 export * as hostValidation from './host';
 // Minglar Admin Module Validations  
 export * as minglarValidation from './minglaradmin';
 // Prepopulate Module Validations
 export * as prepopulateValidation from './prepopulate';
--- a/src/common/utils/validation/minglaradmin/auth.validation.ts
+++ b/src/common/utils/validation/minglaradmin/auth.validation.ts
@@ -0,0 +1,107 @@
 /**
 * Minglar Admin Authentication Validation Schemas
 * Production-ready Zod validations for admin authentication
 * Compatible with Zod v4
 */
 import { z } from 'zod';
 import { emailSchema, simplePasswordSchema, otpSchema } from '../validation.utils';
 // ============================================
 // REGISTRATION
 // ============================================
 /**
 * Minglar admin registration schema
 */
 export const minglarRegistrationSchema = z.object({
  email: emailSchema,
 });
 export type MinglarRegistrationInput = z.infer<typeof minglarRegistrationSchema>;
 // ============================================
 // LOGIN
 // ============================================
 /**
 * Minglar admin login schema
 */
 export const minglarLoginSchema = z.object({
  emailAddress: emailSchema,
  userPassword: z
    .string()
    .min(1, 'Password is required'),
 });
 export type MinglarLoginInput = z.infer<typeof minglarLoginSchema>;
 // ============================================
 // CREATE PASSWORD
 // ============================================
 /**
 * Create password schema with confirmation
 */
 export const minglarCreatePasswordSchema = z
  .object({
    password: simplePasswordSchema,
    confirmPassword: z.string().min(1, 'Confirm password is required'),
  })
  .refine((data) => data.password === data.confirmPassword, {
    message: 'Password and confirm password do not match',
    path: ['confirmPassword'],
  });
 export type MinglarCreatePasswordInput = z.infer<typeof minglarCreatePasswordSchema>;
 // ============================================
 // VERIFY OTP
 // ============================================
 /**
 * OTP verification schema
 */
 export const minglarVerifyOtpSchema = z.object({
  otp: otpSchema,
 });
 export type MinglarVerifyOtpInput = z.infer<typeof minglarVerifyOtpSchema>;
 // ============================================
 // UPDATE PROFILE
 // ============================================
 /**
 * Admin profile update schema
 */
 export const minglarUpdateProfileSchema = z.object({
  firstName: z
    .string()
    .min(1, 'First name is required')
    .max(50, 'First name cannot exceed 50 characters')
    .optional(),
  lastName: z
    .string()
    .min(1, 'Last name is required')
    .max(50, 'Last name cannot exceed 50 characters')
    .optional(),
  mobileNumber: z
    .string()
    .max(15, 'Mobile number cannot exceed 15 digits')
    .regex(/^[0-9]*$/, 'Mobile number must contain only digits')
    .optional(),
  isdCode: z
    .string()
    .max(6, 'ISD code cannot exceed 6 characters')
    .optional(),
  dateOfBirth: z
    .string()
    .refine((val) => !val || !isNaN(Date.parse(val)), 'Invalid date format')
    .optional(),
  profileImage: z
    .string()
    .max(500, 'Profile image path cannot exceed 500 characters')
    .optional(),
 });
 export type MinglarUpdateProfileInput = z.infer<typeof minglarUpdateProfileSchema>;
--- a/src/common/utils/validation/minglaradmin/hosthub.validation.ts
+++ b/src/common/utils/validation/minglaradmin/hosthub.validation.ts
@@ -0,0 +1,252 @@
 /**
 * Minglar Admin Host Hub Validation Schemas
 * Production-ready Zod validations for host management by admins
 */
 import { z } from 'zod';
 import { idSchema, searchQuerySchema, paginationSchema } from '../validation.utils';
 // ============================================
 // GET ALL HOST APPLICATIONS
 // ============================================
 /**
 * Query params for getting all host applications
 */
 export const getAllHostApplicationsQuerySchema = z.object({
  search: searchQuerySchema,
  userStatus: z
    .string()
    .max(20, 'Status cannot exceed 20 characters')
    .optional(),
  roleFilter: z
    .string()
    .max(30, 'Role filter cannot exceed 30 characters')
    .optional(),
  ...paginationSchema.shape,
 });
 export type GetAllHostApplicationsQuery = z.infer<typeof getAllHostApplicationsQuerySchema>;
 // ============================================
 // ASSIGN AM TO HOST
 // ============================================
 /**
 * Assign account manager to host schema
 */
 export const assignAmToHostSchema = z.object({
  hostXid: idSchema.describe('Host ID'),
  accountManagerXid: idSchema.describe('Account Manager ID'),
 });
 export type AssignAmToHostInput = z.infer<typeof assignAmToHostSchema>;
 // ============================================
 // UPDATE HOST STATUS
 // ============================================
 /**
 * Update host status schema
 */
 export const updateHostStatusSchema = z.object({
  hostXid: idSchema.describe('Host ID'),
  status: z
    .enum(['approved', 'rejected', 'pending', 'resubmit'])
    .describe('New host status'),
  remarks: z
    .string()
    .max(500, 'Remarks cannot exceed 500 characters')
    .optional(),
 });
 export type UpdateHostStatusInput = z.infer<typeof updateHostStatusSchema>;
 // ============================================
 // GET HOST BY ID
 // ============================================
 /**
 * Get host by ID query params
 */
 export const getHostByIdQuerySchema = z.object({
  hostXid: z.coerce
    .number()
    .int('Host ID must be an integer')
    .positive('Host ID must be positive'),
 });
 export type GetHostByIdQuery = z.infer<typeof getHostByIdQuerySchema>;
 // ============================================
 // ADD HOST SUGGESTION
 // ============================================
 /**
 * Add suggestion to host schema
 */
 export const addHostSuggestionSchema = z.object({
  hostXid: idSchema.describe('Host ID'),
  title: z
    .string()
    .min(1, 'Title is required')
    .max(100, 'Title cannot exceed 100 characters'),
  comments: z
    .string()
    .min(1, 'Comments are required')
    .max(500, 'Comments cannot exceed 500 characters'),
  isParent: z.boolean().optional().default(false),
 });
 export type AddHostSuggestionInput = z.infer<typeof addHostSuggestionSchema>;
 // ============================================
 // AGREEMENT SETTINGS
 // ============================================
 /**
 * Update agreement settings schema
 */
 export const updateAgreementSettingsSchema = z.object({
  hostXid: idSchema.describe('Host ID'),
  agreementStartDate: z
    .string()
    .refine((val) => !isNaN(Date.parse(val)), 'Invalid date format'),
  durationNumber: z
    .number()
    .int('Duration must be an integer')
    .positive('Duration must be positive'),
  durationFrequency: z.enum(['days', 'months', 'years']),
  isCommisionBase: z.boolean(),
  commisionPer: z
    .number()
    .min(0, 'Commission percentage must be at least 0')
    .max(100, 'Commission percentage cannot exceed 100')
    .optional(),
  amountPerBooking: z
    .number()
    .int('Amount must be an integer')
    .positive('Amount must be positive')
    .optional(),
  payoutDurationNum: z
    .number()
    .int('Payout duration must be an integer')
    .positive('Payout duration must be positive')
    .optional(),
  payoutDurationFrequency: z.enum(['days', 'months', 'years']).optional(),
 });
 export type UpdateAgreementSettingsInput = z.infer<typeof updateAgreementSettingsSchema>;
 // ============================================
 // ACCEPT/REJECT HOST APPLICATION (by hostXid)
 // ============================================
 /**
 * Host application action schema (accept/reject by AM or Admin)
 */
 export const hostApplicationActionSchema = z.object({
  hostXid: idSchema.describe('Host ID'),
 });
 export type HostApplicationActionInput = z.infer<typeof hostApplicationActionSchema>;
 // ============================================
 // ADD PQQ SUGGESTION
 // ============================================
 /**
 * Add PQQ suggestion schema
 */
 export const addPqqSuggestionSchema = z.object({
  title: z
    .string()
    .min(1, 'Title is required')
    .max(100, 'Title cannot exceed 100 characters'),
  comments: z
    .string()
    .min(1, 'Comments are required')
    .max(500, 'Comments cannot exceed 500 characters'),
  activity_pqq_header_xid: idSchema.describe('Activity PQQ Header ID'),
 });
 export type AddPqqSuggestionInput = z.infer<typeof addPqqSuggestionSchema>;
 // ============================================
 // GET HOST BY ID (path param)
 // ============================================
 /**
 * Get host by ID from path params
 */
 export const getHostByIdPathSchema = z.object({
  host_xid: z.coerce
    .number()
    .int('Host ID must be an integer')
    .positive('Host ID must be positive'),
 });
 export type GetHostByIdPathInput = z.infer<typeof getHostByIdPathSchema>;
 /**
 * Get host by ID from path params (alternative with 'id')
 */
 export const getHostByIdAltPathSchema = z.object({
  id: z.coerce
    .number()
    .int('Host ID must be an integer')
    .positive('Host ID must be positive'),
 });
 export type GetHostByIdAltPathInput = z.infer<typeof getHostByIdAltPathSchema>;
 // ============================================
 // REJECT PQQ BY AM
 // ============================================
 /**
 * Reject PQQ by AM schema
 */
 export const rejectPqqByAmSchema = z.object({
  activityId: idSchema.describe('Activity ID'),
 });
 export type RejectPqqByAmInput = z.infer<typeof rejectPqqByAmSchema>;
 // ============================================
 // EDIT AGREEMENT DETAILS
 // ============================================
 /**
 * Edit agreement details schema
 */
 export const editAgreementDetailsSchema = z.object({
  host_xid: idSchema.describe('Host ID'),
  agreementStartDate: z
    .string()
    .min(1, 'Agreement start date is required')
    .refine((val) => !isNaN(Date.parse(val)), 'Invalid date format'),
  duration: z
    .number()
    .int('Duration must be an integer')
    .positive('Duration must be positive'),
  isCommisionBase: z.boolean(),
  commisionPer: z
    .number()
    .min(0, 'Commission percentage must be at least 0')
    .max(100, 'Commission percentage cannot exceed 100')
    .optional(),
  amountPerBooking: z
    .number()
    .int('Amount must be an integer')
    .positive('Amount must be positive')
    .optional(),
  durationFrequency: z.string().min(1, 'Duration frequency is required'),
  payoutDurationNum: z
    .number()
    .int('Payout duration must be an integer')
    .positive('Payout duration must be positive')
    .optional(),
  payoutDurationFrequency: z.string().optional(),
 });
 export type EditAgreementDetailsInput = z.infer<typeof editAgreementDetailsSchema>;
--- a/src/common/utils/validation/minglaradmin/index.ts
+++ b/src/common/utils/validation/minglaradmin/index.ts
@@ -0,0 +1,13 @@
 /**
 * Minglar Admin Module Validation Schemas Index
 * Export all minglar admin-related validation schemas
 */
 // Authentication
 export * from './auth.validation';
 // Teammate Management
 export * from './teammate.validation';
 // Host Hub Management
 export * from './hosthub.validation';
--- a/src/common/utils/validation/minglaradmin/teammate.validation.ts
+++ b/src/common/utils/validation/minglaradmin/teammate.validation.ts
@@ -0,0 +1,117 @@
 /**
 * Minglar Admin Teammate Management Validation Schemas
 * Production-ready Zod validations for teammate/invite management
 */
 import { z } from 'zod';
 import { emailSchema, idSchema, searchQuerySchema, paginationSchema } from '../validation.utils';
 import { ROLE } from '../../constants/common.constant';
 // ============================================
 // INVITE TEAMMATE
 // ============================================
 /**
 * Invite teammate schema
 */
 export const inviteTeammateSchema = z.object({
  emailAddress: emailSchema,
  roleXid: z
    .number()
    .int('Role ID must be an integer')
    .refine(
      (val) => [ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER].includes(val),
      'Invalid role. Only Co-Admin and Account Manager roles can be assigned'
    ),
  isFixedSalary: z.boolean(),
  perValue: z
    .number()
    .positive('Per value must be greater than 0')
    .optional(),
 }).refine(
  (data) => {
    // If Account Manager and not fixed salary, perValue is required
    if (data.roleXid === ROLE.ACCOUNT_MANAGER && !data.isFixedSalary) {
      return data.perValue !== undefined && data.perValue > 0;
    }
    return true;
  },
  {
    message: 'Per value is required for commission-based Account Managers',
    path: ['perValue'],
  }
 );
 export type InviteTeammateInput = z.infer<typeof inviteTeammateSchema>;
 // ============================================
 // GET ALL COADMIN AND AM (with search)
 // ============================================
 /**
 * Query params for getting co-admins and account managers
 */
 export const getAllCoadminAndAMQuerySchema = z.object({
  search: searchQuerySchema,
 });
 export type GetAllCoadminAndAMQuery = z.infer<typeof getAllCoadminAndAMQuerySchema>;
 // ============================================
 // GET ALL INVITED COADMIN AND AM (with search)
 // ============================================
 /**
 * Query params for getting invited co-admins and account managers
 */
 export const getAllInvitedCoadminAndAMQuerySchema = z.object({
  search: searchQuerySchema,
 });
 export type GetAllInvitedCoadminAndAMQuery = z.infer<typeof getAllInvitedCoadminAndAMQuerySchema>;
 // ============================================
 // GET INVITATION DETAILS (with search)
 // ============================================
 /**
 * Query params for getting invitation details
 */
 export const getInvitationDetailsQuerySchema = z.object({
  search: searchQuerySchema,
 });
 export type GetInvitationDetailsQuery = z.infer<typeof getInvitationDetailsQuerySchema>;
 // ============================================
 // UPDATE TEAMMATE STATUS
 // ============================================
 /**
 * Update teammate status schema
 */
 export const updateTeammateStatusSchema = z.object({
  userId: idSchema.describe('User ID'),
  status: z.enum(['active', 'inactive', 'suspended']),
 });
 export type UpdateTeammateStatusInput = z.infer<typeof updateTeammateStatusSchema>;
 // ============================================
 // ASSIGN REVENUE
 // ============================================
 /**
 * Assign revenue to teammate schema
 */
 export const assignRevenueSchema = z.object({
  userId: idSchema.describe('User ID'),
  isFixedSalary: z.boolean(),
  perValue: z
    .number()
    .positive('Per value must be greater than 0'),
 });
 export type AssignRevenueInput = z.infer<typeof assignRevenueSchema>;
--- a/src/common/utils/validation/prepopulate/index.ts
+++ b/src/common/utils/validation/prepopulate/index.ts
@@ -0,0 +1,6 @@
 /**
 * Prepopulate Module Validation Schemas Index
 * Export all prepopulate-related validation schemas
 */
 export * from './prepopulate.validation';
--- a/src/common/utils/validation/prepopulate/prepopulate.validation.ts
+++ b/src/common/utils/validation/prepopulate/prepopulate.validation.ts
@@ -0,0 +1,53 @@
 /**
 * Prepopulate Module Validation Schemas
 * Production-ready Zod validations for prepopulate endpoints
 */
 import { z } from 'zod';
 // ============================================
 // GET BANK BRANCHES BY BANK ID
 // ============================================
 /**
 * Get bank branches by bank ID query params
 */
 export const getBankBranchesByBankIdQuerySchema = z.object({
  bankXid: z.coerce
    .number()
    .int('Bank ID must be an integer')
    .positive('Bank ID must be positive'),
 });
 export type GetBankBranchesByBankIdQuery = z.infer<typeof getBankBranchesByBankIdQuerySchema>;
 // ============================================
 // GET CITY BY STATE ID
 // ============================================
 /**
 * Get city by state ID query params
 */
 export const getCityByStateIdQuerySchema = z.object({
  stateXid: z.coerce
    .number()
    .int('State ID must be an integer')
    .positive('State ID must be positive'),
 });
 export type GetCityByStateIdQuery = z.infer<typeof getCityByStateIdQuerySchema>;
 // ============================================
 // GET AM DETAIL BY ID (path param)
 // ============================================
 /**
 * Get AM detail by ID path params
 */
 export const getAmDetailByIdPathSchema = z.object({
  amXid: z.coerce
    .number()
    .int('Account Manager ID must be an integer')
    .positive('Account Manager ID must be positive'),
 });
 export type GetAmDetailByIdPath = z.infer<typeof getAmDetailByIdPathSchema>;
--- a/src/common/utils/validation/validation.utils.ts
+++ b/src/common/utils/validation/validation.utils.ts
@@ -0,0 +1,358 @@
 /**
 * Production-Ready Validation Utilities
 * Centralized validation helpers for Zod schemas
 * Compatible with Zod v4
 */
 import { z, ZodError, ZodSchema } from 'zod';
 import ApiError from '../helper/ApiError';
 /**
 * Formats Zod validation errors into user-friendly messages
 */
 export function formatZodErrors(error: ZodError): string {
  return error.issues
    .map((issue) => {
      const path = issue.path.length > 0 ? `${issue.path.join('.')}: ` : '';
      return `${path}${issue.message}`;
    })
    .join('; ');
 }
 /**
 * Validates data against a Zod schema and throws ApiError on failure
 * @param schema - Zod schema to validate against
 * @param data - Data to validate
 * @param errorCode - HTTP status code for validation errors (default: 400)
 * @returns Validated and typed data
 */
 export function validateSchema<T>(
  schema: ZodSchema<T>,
  data: unknown,
  errorCode: number = 400
 ): T {
  const result = schema.safeParse(data);
  if (!result.success) {
    const errorMessage = formatZodErrors(result.error);
    throw new ApiError(errorCode, `Validation failed: ${errorMessage}`);
  }
  return result.data;
 }
 /**
 * Safe validation that returns result object instead of throwing
 */
 export function safeValidate<T>(
  schema: ZodSchema<T>,
  data: unknown
 ): { success: true; data: T } | { success: false; errors: string } {
  const result = schema.safeParse(data);
  if (!result.success) {
    return {
      success: false,
      errors: formatZodErrors(result.error),
    };
  }
  return {
    success: true,
    data: result.data,
  };
 }
 /**
 * Parses JSON body from API Gateway event safely
 */
 export function parseBody<T>(
  body: string | null,
  schema: ZodSchema<T>
 ): T {
  if (!body) {
    throw new ApiError(400, 'Request body is required');
  }
  let parsedBody: unknown;
  try {
    parsedBody = JSON.parse(body);
  } catch {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  return validateSchema(schema, parsedBody);
 }
 /**
 * Parses query string parameters with validation
 */
 export function parseQueryParams<T>(
  params: Record<string, string | undefined> | null,
  schema: ZodSchema<T>
 ): T {
  return validateSchema(schema, params || {});
 }
 // ============================================
 // COMMON REUSABLE FIELD SCHEMAS (Zod v4 compatible)
 // ============================================
 /**
 * Email validation with proper format
 */
 export const emailSchema = z
  .string()
  .min(1, 'Email is required')
  .email('Invalid email format')
  .max(150, 'Email cannot exceed 150 characters')
  .transform((val) => val.toLowerCase().trim());
 /**
 * Password validation with security requirements
 */
 export const passwordSchema = z
  .string()
  .min(8, 'Password must be at least 8 characters')
  .max(255, 'Password cannot exceed 255 characters')
  .regex(
    /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]/,
    'Password must contain at least one uppercase letter, one lowercase letter, one number and one special character'
  );
 /**
 * Simple password (for cases where strong password isn't required)
 */
 export const simplePasswordSchema = z
  .string()
  .min(8, 'Password must be at least 8 characters')
  .max(255, 'Password cannot exceed 255 characters');
 /**
 * Mobile number validation (international format)
 */
 export const mobileNumberSchema = z
  .string()
  .min(7, 'Mobile number must be at least 7 digits')
  .max(15, 'Mobile number cannot exceed 15 digits')
  .regex(/^[0-9]+$/, 'Mobile number must contain only digits')
  .optional();
 /**
 * ISD Code validation
 */
 export const isdCodeSchema = z
  .string()
  .max(6, 'ISD code cannot exceed 6 characters')
  .regex(/^\+?[0-9]+$/, 'Invalid ISD code format')
  .optional();
 /**
 * Name validation (first name, last name, etc.)
 */
 export const nameSchema = z
  .string()
  .min(1, 'Name is required')
  .max(50, 'Name cannot exceed 50 characters')
  .regex(/^[a-zA-Z\s'-]+$/, 'Name can only contain letters, spaces, hyphens and apostrophes');
 /**
 * Optional name schema
 */
 export const optionalNameSchema = nameSchema.optional();
 /**
 * Positive integer ID validation
 */
 export const idSchema = z
  .number()
  .int('ID must be an integer')
  .positive('ID must be a positive number');
 /**
 * Optional positive integer ID
 */
 export const optionalIdSchema = z
  .number()
  .int('ID must be an integer')
  .positive('ID must be a positive number')
  .optional();
 /**
 * Coerce string to number for query params
 */
 export const numericStringSchema = z
  .string()
  .transform((val) => parseInt(val, 10))
  .pipe(z.number().int().positive());
 /**
 * Optional numeric string
 */
 export const optionalNumericStringSchema = z
  .string()
  .optional()
  .transform((val) => (val ? parseInt(val, 10) : undefined))
  .pipe(z.number().int().positive().optional());
 /**
 * Address line validation
 */
 export const addressLine1Schema = z
  .string()
  .min(1, 'Address is required')
  .max(150, 'Address cannot exceed 150 characters');
 export const addressLine2Schema = z
  .string()
  .max(150, 'Address cannot exceed 150 characters')
  .optional();
 /**
 * Pin/Zip code validation
 */
 export const pinCodeSchema = z
  .string()
  .min(4, 'Pin code must be at least 4 characters')
  .max(30, 'Pin code cannot exceed 30 characters');
 /**
 * URL validation
 */
 export const urlSchema = z
  .string()
  .url('Invalid URL format')
  .max(500, 'URL cannot exceed 500 characters')
  .optional()
  .or(z.literal(''));
 /**
 * Social media URL (with empty string handling)
 */
 export const socialUrlSchema = z
  .string()
  .max(80, 'URL cannot exceed 80 characters')
  .refine(
    (val) => !val || val === '' || z.string().url().safeParse(val).success,
    'Invalid URL format'
  )
  .optional();
 /**
 * Date string validation
 */
 export const dateStringSchema = z
  .string()
  .refine((val) => !isNaN(Date.parse(val)), 'Invalid date format')
  .transform((val) => new Date(val));
 /**
 * Optional date string
 */
 export const optionalDateStringSchema = z
  .string()
  .refine((val) => !val || !isNaN(Date.parse(val)), 'Invalid date format')
  .optional();
 /**
 * Boolean schema with string coercion (for query params)
 */
 export const booleanStringSchema = z
  .string()
  .transform((val) => val === 'true' || val === '1')
  .pipe(z.boolean());
 /**
 * OTP validation (6 digits)
 */
 export const otpSchema = z
  .string()
  .length(6, 'OTP must be exactly 6 digits')
  .regex(/^[0-9]+$/, 'OTP must contain only digits');
 /**
 * Search query validation
 */
 export const searchQuerySchema = z
  .string()
  .max(100, 'Search query cannot exceed 100 characters')
  .transform((val) => val.trim())
  .optional();
 /**
 * Pagination parameters
 */
 export const paginationSchema = z.object({
  page: z.coerce.number().int().positive().default(1),
  limit: z.coerce.number().int().positive().max(100).default(10),
 });
 /**
 * File path validation for S3
 */
 export const filePathSchema = z
  .string()
  .max(500, 'File path cannot exceed 500 characters')
  .optional();
 /**
 * Registration/Reference number validation
 */
 export const registrationNumberSchema = z
  .string()
  .max(30, 'Registration number cannot exceed 30 characters')
  .optional();
 /**
 * PAN number validation (India)
 */
 export const panNumberSchema = z
  .string()
  .max(30, 'PAN number cannot exceed 30 characters')
  .regex(/^[A-Z]{5}[0-9]{4}[A-Z]{1}$/, 'Invalid PAN number format')
  .optional()
  .or(z.literal(''));
 /**
 * GST number validation (India)
 */
 export const gstNumberSchema = z
  .string()
  .max(30, 'GST number cannot exceed 30 characters')
  .regex(
    /^[0-9]{2}[A-Z]{5}[0-9]{4}[A-Z]{1}[1-9A-Z]{1}Z[0-9A-Z]{1}$/,
    'Invalid GST number format'
  )
  .optional()
  .or(z.literal(''));
 /**
 * IFSC code validation (India)
 */
 export const ifscCodeSchema = z
  .string()
  .min(1, 'IFSC code is required')
  .regex(/^[A-Z]{4}0[A-Z0-9]{6}$/, 'Invalid IFSC code format');
 /**
 * Bank account number validation
 */
 export const accountNumberSchema = z
  .string()
  .min(9, 'Account number must be at least 9 digits')
  .max(18, 'Account number cannot exceed 18 digits')
  .regex(/^[0-9]+$/, 'Account number must contain only digits');
 /**
 * Company name validation
 */
 export const companyNameSchema = z
  .string()
  .min(1, 'Company name is required')
  .max(100, 'Company name cannot exceed 100 characters');
 /**
 * Token validation
 */
 export const tokenSchema = z
  .string()
  .min(1, 'Authentication token is required');
--- a/src/config/config.ts
+++ b/src/config/config.ts
@@ -81,9 +81,6 @@ const envVarsSchema = yup
 		DB_PORT: yup.number().default(3306).required('DB Port is required'),
 		//OTP Bypass
 		BYPASS_OTP: yup.boolean().default(false).required('Bypass OTP is required'),
 		// Email links
 		AM_INVITATION_LINK: yup.string().required('Link to send in AM invitation mail is required'),
 		HOST_LINK: yup.string().required('Link to host panel is required')
 	})
 	.noUnknown(true);
@@ -161,8 +158,6 @@ function getConfig() {
 			//Minglar admin
 			MinglarAdminEmail: envVars.MINGLAR_ADMIN_EMAIL,
 			MinglarAdminName: envVars.MINGLAR_ADMIN_NAME,
 			AM_INVITATION_LINK: envVars.AM_INVITATION_LINK,
 			HOST_LINK: envVars.HOST_LINK,
 			// oneSignal: {
 			// 	appID: envVars.ONESIGNAL_APPID,
 			// 	restApiKey: envVars.ONESIGNAL_REST_APIKEY,
--- a/src/modules/host/dto/host.dto.ts
+++ b/src/modules/host/dto/host.dto.ts
@@ -90,6 +90,5 @@ export class AddPaymentDetailsDTO {
    this.accountHolderName = accountHolderName;
    this.ifscCode = ifscCode;
    this.hostXid = hostXid;
    this.currencyXid = currencyXid;
  }
 }
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/createActivityAndAllQuestionsEntry.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/createActivityAndAllQuestionsEntry.ts
@@ -1,61 +0,0 @@
 import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
 import {
    APIGatewayProxyEvent,
    APIGatewayProxyResult,
    Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 const hostService = new HostService(prismaClient);
 export const handler = safeHandler(
    async (
        event: APIGatewayProxyEvent,
        context?: Context,
    ): Promise<APIGatewayProxyResult> => {
        // Verify authentication token
        const token =
            event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
        if (!token) {
            throw new ApiError(
                401,
                'This is a protected route. Please provide a valid token.',
            );
        }
        // Verify token and get user info
        const userInfo = await verifyHostToken(token);
        let body: any = {};
        try {
            body = event.body ? JSON.parse(event.body) : {};
        } catch (err) {
            throw new ApiError(400, 'Invalid JSON in request body');
        }
        const { activityTypeXid, frequenciesXid } = body;
        if (!activityTypeXid || !frequenciesXid) {
            throw new ApiError(400, 'activityType and frequency ID is required');
        }
        // Get all host applications from service based on user role
        const createdData = await hostService.createActivityAndAllQuestionsEntry(userInfo.id, activityTypeXid, frequenciesXid);
        return {
            statusCode: 200,
            headers: {
                'Content-Type': 'application/json',
                'Access-Control-Allow-Origin': '*',
            },
            body: JSON.stringify({
                success: true,
                message: 'Activity created successfully',
                data: createdData
            }),
        };
    },
 );
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllActivityType.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllActivityType.ts
@@ -1,18 +1,19 @@
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { PrePopulateService } from '../../../../prepopulate/services/prepopulate.service';
 import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { optionalSearchQuerySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
-const prePopulateService = new PrePopulateService(prismaClient);
+const hostService = new HostService(prismaService);
 const prePopulateService = new PrePopulateService(prismaService);
 /**
- * Add suggestion handler for host applications
+ * Get all activity types with interest handler
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -27,11 +28,11 @@ export const handler = safeHandler(async (
    // Verify token and get user info
    const userInfo = await verifyHostToken(token);
    // Parse and validate query params using Zod
    const { search, q } = parseQueryParams(event.queryStringParameters, optionalSearchQuerySchema);
    const searchTerm = search || q || undefined;
-    // Read optional search query (supports ?search= or ?q=)
+    const data = await hostService.getAllActivityTypesWithInterest(searchTerm);
    const search = event.queryStringParameters?.search || event.queryStringParameters?.q || undefined;
    const data = await hostService.getAllActivityTypesWithInterest(search);
    const frequencies = await prePopulateService.getAllFrequencies();
    return {
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllHostActivity.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllHostActivity.ts
@@ -1,19 +1,19 @@
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
-import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
+import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { optionalSearchQuerySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 /**
- * Add suggestion handler for host applications
+ * Get all host activities handler
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -28,18 +28,11 @@ export const handler = safeHandler(async (
    // Verify token and get user info
    const userInfo = await verifyHostToken(token);
-    // Get pagination params from event
+    // Parse and validate query params using Zod
-    const paginationParams = paginationService.getPaginationFromEvent(event);
+    const { search, q } = parseQueryParams(event.queryStringParameters, optionalSearchQuerySchema);
-    const paginationOptions = paginationService.parsePaginationParams(paginationParams);
+    const searchTerm = search || q || undefined;
-    // Read optional search query (supports ?search= or ?q=)
+    const data = await hostService.getAllHostActivity(searchTerm, Number(userInfo.id));
    const search = event.queryStringParameters?.search || event.queryStringParameters?.q || undefined;
    const result = await hostService.getAllHostActivity(
        search ? String(search) : undefined,
        Number(userInfo.id),
        paginationOptions
    );
    return {
@@ -51,7 +44,8 @@ export const handler = safeHandler(async (
        body: JSON.stringify({
            success: true,
            message: 'Data retrieved successfully',
-            ...result,
+            data,
        }),
    };
 });
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllPQQwithSubmittedAns.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getAllPQQwithSubmittedAns.ts
@@ -1,11 +1,14 @@
 import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { PrePopulateService } from '../../../../prepopulate/services/prepopulate.service';
 import { HostService } from '../../../services/host.service';
-import { verifyMinglarAdminHostToken } from '../../../../../common/middlewares/jwt/authForMinglarAdminHost';
+import { verifyMinglarAdminHostToken } from '@/common/middlewares/jwt/authForMinglarAdmin&Host';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -20,15 +23,7 @@ export const handler = safeHandler(async (
    // Authenticate user using the shared authForHost function
    await verifyMinglarAdminHostToken(token);
-    const activity_xid = event.queryStringParameters?.activity_xid
+    const result = await hostService.getAllPQQQuesAndSubmittedAns();
        ? Number(event.queryStringParameters.activity_xid)
        : null;
    if (!activity_xid) {
        throw new ApiError(409, "Activity ID is required")
    }
    const result = await hostService.getAllPQQQuesAndSubmittedAns(Number(activity_xid));
    return {
        statusCode: 200,
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQScore.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQScore.ts
@@ -1,42 +1,55 @@
-import config from '../../../../../config/config';
+import config from '@/config/config';
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import AWS from 'aws-sdk';
 import Busboy from 'busboy';
 import crypto from 'crypto';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { LAST_QUESTION_ID } from '@/common/utils/constants/host.constant';
-const hostService = new HostService(prismaClient);
+const prisma = new PrismaService();
 const pqqService = new HostService(prisma);
 const s3 = new AWS.S3({ region: config.aws.region });
-// Extract S3 key from URL
+// Function to extract S3 key from URL
 function getS3KeyFromUrl(url: string): string {
    const bucketBaseUrl = `https://${config.aws.bucketName}.s3.${config.aws.region}.amazonaws.com/`;
    return url.replace(bucketBaseUrl, '');
 }
-// Delete file from S3
+// Function to delete file from S3
 async function deleteFromS3(s3Key: string): Promise<void> {
    try {
        await s3.deleteObject({
            Bucket: config.aws.bucketName,
            Key: s3Key,
        }).promise();
-        console.log(`✅ Deleted from S3: ${s3Key}`);
+        console.log(`✅ File deleted from S3: ${s3Key}`);
-    } catch (err) {
+    } catch (error) {
-        console.error(`❌ Failed to delete from S3: ${s3Key}`, err);
+        console.error(`❌ Error deleting file from S3: ${s3Key}`, error);
        // Don't throw error here, continue with upload
    }
 }
-// Upload new file
+async function uploadToS3(buffer: Buffer, mimeType: string, originalName: string, prefix: string, existingUrl?: string): Promise<string> {
-async function uploadToS3(buffer: Buffer, mimeType: string, originalName: string, prefix: string): Promise<string> {
+    let s3Key: string;
    const uniqueKey = `${crypto.randomUUID()}_${originalName}`;
    const s3Key = `${prefix}/${uniqueKey}`;
    // If existing URL provided, use the same S3 key to replace the file
    if (existingUrl) {
        s3Key = getS3KeyFromUrl(existingUrl);
        // Delete existing file first
        await deleteFromS3(s3Key);
    } else {
        // Generate new unique key for new file
        const uniqueKey = `${crypto.randomUUID()}_${originalName}`;
        s3Key = `${prefix}/${uniqueKey}`;
    }
    // Upload new file (replaces existing if same key)
    await s3.upload({
        Bucket: config.aws.bucketName,
        Key: s3Key,
@@ -45,160 +58,253 @@ async function uploadToS3(buffer: Buffer, mimeType: string, originalName: string
        ACL: 'private'
    }).promise();
-    console.log(`✅ Uploaded to S3: ${s3Key}`);
+    console.log(`✅ File uploaded to S3: ${s3Key}`);
    return `https://${config.aws.bucketName}.s3.${config.aws.region}.amazonaws.com/${s3Key}`;
 }
 export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
    try {
-        // AUTH
+        // 1) Auth
        const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
-        if (!token) throw new ApiError(401, 'Missing token');
+        if (!token) throw new ApiError(401, 'Missing token.');
        const user = await verifyHostToken(token);
-        // Content-Type
+        // 2) Content-Type check
        const contentType = event.headers["content-type"] || event.headers["Content-Type"];
        if (!contentType?.startsWith("multipart/form-data"))
            throw new ApiError(400, "Content-Type must be multipart/form-data");
-        if (!event.isBase64Encoded) throw new ApiError(400, "Body must be base64 encoded");
+        if (!event.isBase64Encoded)
            throw new ApiError(400, "Body must be base64 encoded");
        const bodyBuffer = Buffer.from(event.body!, "base64");
        const fields: any = {};
        const files: Array<{ buffer: Buffer; mimeType: string; fileName: string; fieldName: string }> = [];
-        // Parse multipart
+        // 3) Parse multipart data
        await new Promise<void>((resolve, reject) => {
            const bb = Busboy({ headers: { 'content-type': contentType } });
            bb.on('file', (fieldname, file, info) => {
                const { filename, mimeType } = info;
-                if (!filename) return file.resume();
+
                // Skip if no filename (empty file field)
                if (!filename) {
                    file.resume();
                    return;
                }
                const chunks: Buffer[] = [];
-                let size = 0;
+                let totalSize = 0;
-
+                const MAX_SIZE = 5 * 1024 * 1024; // 5 MB
                file.on('data', chunk => {
                    size += chunk.length;
                    if (size > 5 * 1024 * 1024)
                        return reject(new ApiError(400, `File ${filename} exceeds 5MB limit`));
                file.on('data', (chunk) => {
                    totalSize += chunk.length;
                    if (totalSize > MAX_SIZE) {
                        file.resume();
                        return reject(new ApiError(400, `File ${filename} exceeds 5MB limit.`));
                    }
                    chunks.push(chunk);
                });
                file.on('end', () => {
                    // Only add file if we have data
                    if (chunks.length > 0) {
                        files.push({
                            buffer: Buffer.concat(chunks),
                            mimeType,
                            fileName: filename,
-                            fieldName: fieldname
+                            fieldName: fieldname,
                        });
                    }
                });
                file.on('error', (err) => {
                    reject(new ApiError(400, `File upload error: ${err.message}`));
                });
            });
            bb.on('field', (fieldname, val) => {
-                try { fields[fieldname] = JSON.parse(val); }
+                // Handle empty or null values
-                catch { fields[fieldname] = val; }
+                if (val === '' || val === 'null' || val === 'undefined') {
                    fields[fieldname] = null;
                } else {
                    try {
                        fields[fieldname] = JSON.parse(val);
                    } catch {
                        fields[fieldname] = val;
                    }
                }
            });
            bb.on('close', () => {
                console.log("✅ Busboy parsing completed");
                console.log("📌 Fields:", fields);
                console.log("📁 Files:", files.length);
                resolve();
            });
            bb.on('error', (err) => {
                console.error("❌ Busboy error:", err);
                reject(new ApiError(400, `Multipart parsing error: ${err.message}`));
            });
            bb.on('close', resolve);
            bb.on('error', err => reject(new ApiError(400, err.message)));
            bb.end(bodyBuffer);
        });
-        // Required fields
+        // 4) Extract required fields - only activityXid, pqqQuestionXid, pqqAnswerXid are required
        const activityXid = Number(fields.activityXid);
        const pqqQuestionXid = Number(fields.pqqQuestionXid);
        const pqqAnswerXid = Number(fields.pqqAnswerXid);
        // Comments and files are optional
        const comments = fields.comments || null;
-        if (!activityXid || !pqqQuestionXid || !pqqAnswerXid)
+        // Validate required fields
-            throw new ApiError(400, "Missing required fields");
+        if (!activityXid || isNaN(activityXid)) throw new ApiError(400, "Valid activityXid is required");
        if (!pqqQuestionXid || isNaN(pqqQuestionXid)) throw new ApiError(400, "Valid pqqQuestionXid is required");
        if (pqqQuestionXid !== LAST_QUESTION_ID.Q_ID) throw new ApiError(400, "Wrong question id.")
        if (!pqqAnswerXid || isNaN(pqqAnswerXid)) throw new ApiError(400, "Valid pqqAnswerXid is required");
        // console.log(`📝 Processing - Activity: ${activityXid}, Question: ${pqqQuestionXid}, Answer: ${pqqAnswerXid}`);
        // console.log(`💬 Comments: ${comments ? 'Provided' : 'Not provided'}`);
        // console.log(`📎 Files: ${files.length}`);
        // 5) UPSERT: Check if header already exists for this combination
        const existingHeader = await pqqService.findHeaderByCompositeKey(
            activityXid,
            pqqQuestionXid,
            pqqAnswerXid
        );
        // UPSERT header
        const existingHeader = await hostService.findHeaderByCompositeKey(activityXid, pqqQuestionXid);
        let header;
        if (existingHeader) {
-            header = await hostService.updateHeader(existingHeader.id, pqqAnswerXid, comments);
+            console.log("🔄 Updating existing PQQ header");
            // Update existing header (comments can be null)
            header = await pqqService.updateHeader(
                existingHeader.id,
                comments
            );
        } else {
-            header = await hostService.createHeader(activityXid, pqqQuestionXid, pqqAnswerXid, comments);
+            console.log("🆕 Creating new PQQ header");
            // Create new header (comments can be null)
            header = await pqqService.createHeader(
                activityXid,
                pqqQuestionXid,
                pqqAnswerXid,
                comments
            );
        }
        // Calculate score after answer submission
        const score = await pqqService.calculatePqqScoreForUser(activityXid);
        // SCORE
        const score = await hostService.calculatePqqScoreForUser(activityXid);
-        // Existing supporting files
+        // 6) Get existing supporting files for this header
-        const existingSupportingFiles = await hostService.getSupportingFilesByHeaderId(header.id);
+        const existingSupportingFiles = await pqqService.getSupportingFilesByHeaderId(header.id);
        console.log(`📁 Found ${existingSupportingFiles.length} existing supporting files`);
-        // Read deletedFiles from frontend
+        // 7) Handle file UPSERT - only if files are provided
-        const deletedFiles = Array.isArray(fields.deletedFiles) ? fields.deletedFiles : [];
+        const uploadedFiles: any[] = [];
        const deleteResults = [];
        const addResults = [];
        // DELETE explicitly requested files (Case 3)
        if (deletedFiles.length > 0) {
            for (const del of deletedFiles) {
                const id = Number(del.id);
                const record = existingSupportingFiles.find(f => f.id === id);
                if (!record) continue;
                // Delete from S3
                if (record.mediaFileName) {
                    const key = getS3KeyFromUrl(record.mediaFileName);
                    await deleteFromS3(key);
                }
                // Delete from DB
                await hostService.deleteSupportingFile(record.id);
                deleteResults.push({ id: record.id, deleted: true });
            }
        }
        // ADD new uploaded files (Case 1 + Case 3 new files)
        if (files.length > 0) {
-            for (const file of files) {
+            console.log("📤 Processing file uploads...");
            for (let i = 0; i < files.length; i++) {
                const file = files[i];
                const existingFile = existingSupportingFiles[i] || null;
                const url = await uploadToS3(
                    file.buffer,
                    file.mimeType,
                    file.fileName,
-                    `ActivityOnboarding/supportings/${activityXid}`
+                    `ActivityOnboarding/supportings/${activityXid}`,
                    existingFile ? existingFile.mediaFileName : undefined
                );
-                const newRec = await hostService.addSupportingFile(header.id, file.mimeType, url);
+                let supporting;
-                addResults.push(newRec);
+                if (existingFile) {
                    // Update existing supporting file record
                    supporting = await pqqService.updateSupportingFile(
                        existingFile.id,
                        file.mimeType,
                        url
                    );
                    console.log(`🔄 Updated supporting file: ${existingFile.id}`);
                } else {
                    // Create new supporting file record
                    supporting = await pqqService.addSupportingFile(
                        header.id,
                        file.mimeType,
                        url
                    );
                    console.log(`🆕 Created new supporting file: ${supporting.id}`);
                }
                uploadedFiles.push(supporting);
            }
            // 8) Delete any remaining existing files that weren't replaced
            if (existingSupportingFiles.length > files.length) {
                const filesToDelete = existingSupportingFiles.slice(files.length);
                console.log(`🗑️ Deleting ${filesToDelete.length} unused supporting files`);
                for (const fileToDelete of filesToDelete) {
                    await pqqService.deleteSupportingFile(fileToDelete.id);
                    // Also delete from S3
                    const s3Key = getS3KeyFromUrl(fileToDelete.mediaFileName);
                    await deleteFromS3(s3Key);
                    console.log(`🗑️ Deleted supporting file: ${fileToDelete.id}`);
                }
            }
        } else {
            console.log("📭 No files provided in request");
            // If no files provided but existing files exist, delete them (cleanup)
            if (existingSupportingFiles.length > 0) {
                console.log(`🗑️ No new files provided, deleting ${existingSupportingFiles.length} existing files`);
                for (const fileToDelete of existingSupportingFiles) {
                    await pqqService.deleteSupportingFile(fileToDelete.id);
                    const s3Key = getS3KeyFromUrl(fileToDelete.mediaFileName);
                    await deleteFromS3(s3Key);
                    console.log(`🗑️ Deleted supporting file: ${fileToDelete.id}`);
                }
            }
        }
-        const getAllUpdatedQuestionResponse = await hostService.getAllPQUpdatedResponse(activityXid)
+        // 9) Prepare response
-
+        const responseMessage = existingHeader ? "PQQ answer updated successfully" : "PQQ answer submitted successfully";
        // CASE 2 — NO deletion & NO new files => DO NOTHING to existing files
        return {
            statusCode: 200,
-            headers: { "Content-Type": "application/json", "Access-Control-Allow-Origin": "*" },
+            headers: {
                "Content-Type": "application/json",
                "Access-Control-Allow-Origin": "*"
            },
            body: JSON.stringify({
                success: true,
-                message: existingHeader ? "PQQ answer updated successfully" : "PQQ answer submitted successfully",
+                message: responseMessage,
                data: {
                    headerId: header.id,
                    activityXid,
                    pqqQuestionXid,
                    pqqAnswerXid,
-                    comments,
+                    comments: comments,
                    score,
-                    getAllUpdatedQuestionResponse
+                    files: {
                        uploaded: uploadedFiles,
                        total: uploadedFiles.length
                    },
                    operation: existingHeader ? 'updated' : 'created',
                    fileOperation: files.length > 0 ?
                        (existingSupportingFiles.length > 0 ? 'replaced' : 'added') :
                        (existingSupportingFiles.length > 0 ? 'removed' : 'unchanged')
                }
            })
        };
-    } catch (err: any) {
+    } catch (error: any) {
-        console.error("❌ Error:", err);
+        console.error("❌ Error in submitPqqAnswer:", error);
-        throw err;
+        throw error;
    }
-});
+});
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_ByQuestionId.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_ByQuestionId.ts
@@ -1,11 +1,14 @@
 import { verifyMinglarAdminHostToken } from '../../../../../common/middlewares/jwt/authForMinglarAdminHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import { PrismaService } from '../../../../../common/database/prisma.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { verifyMinglarAdminHostToken } from '@/common/middlewares/jwt/authForMinglarAdmin&Host';
 import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getPqqByQuestionIdQuerySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
    context?: Context
@@ -20,12 +23,11 @@ export const handler = safeHandler(async (
    const userInfo = await verifyMinglarAdminHostToken(token);
    const userId = Number(userInfo.id);
-    const question_xid = Number(event.queryStringParameters?.question_xid);
+    // Parse and validate query params using Zod
-    const activity_xid = Number(event.queryStringParameters?.activity_xid);
+    const { question_xid, activity_xid } = parseQueryParams(
-
+        event.queryStringParameters,
-    if (!question_xid || !activity_xid) {
+        getPqqByQuestionIdQuerySchema
-        throw new ApiError(400, "Question and activity xid are required.")
+    );
    }
    // Fetch user with their HostHeader stepper info
    const pqqQuestionDetails = await hostService.getPQQQuestionDetail(question_xid, activity_xid);
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_LastUpdatedQuestion.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/getPQQ_LastUpdatedQuestion.ts
@@ -1,11 +1,14 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { HostService } from '../../../services/host.service';
 import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getLatestPqqQuestionQuerySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
    context?: Context
@@ -20,26 +23,20 @@ export const handler = safeHandler(async (
    const userInfo = await verifyHostToken(token);
    const userId = Number(userInfo.id);
-    const activity_xid = event.queryStringParameters?.activity_xid
+    // Parse and validate query params using Zod
-        ? Number(event.queryStringParameters.activity_xid)
+    const { activity_xid } = parseQueryParams(
-        : null;
+        event.queryStringParameters,
-
+        getLatestPqqQuestionQuerySchema
-    // Validate it
+    );
    if (!activity_xid || isNaN(activity_xid)) {
        throw new ApiError(400, "Activity id is required and must be a number.");
    }
    let result = null;
    // Fetch user with their HostHeader stepper info
    const pqqQuestionDetails = await hostService.getLatestQuestionDetailsPQQ(activity_xid);
-    if (pqqQuestionDetails) {
+    const result = {
-        result = {
+        pqqQuestionXid: pqqQuestionDetails.pqqQuestionXid,
-            pqqQuestionXid: pqqQuestionDetails.pqqQuestionXid,
+        pqqAnswerXid: pqqQuestionDetails.pqqAnswerXid,
-            pqqAnswerXid: pqqQuestionDetails.pqqAnswerXid || null,
+        pqqSubCategoryXid: pqqQuestionDetails.pqqQuestions.pqqSubCategoryXid,
-            pqqSubCategoryXid: pqqQuestionDetails.pqqQuestions.pqqSubCategoryXid || null,
+        categoryXid: pqqQuestionDetails.pqqQuestions.pqqSubCategories.categoryXid
            categoryXid: pqqQuestionDetails.pqqQuestions.pqqSubCategories.categoryXid || null
        }
    }
    return {
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/saveActivity_ForPQQ.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/saveActivity_ForPQQ.ts
@@ -1,11 +1,14 @@
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { createActivitySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -16,23 +19,13 @@ export const handler = safeHandler(async (
  const userInfo = await verifyHostToken(token);
-  let body: any = {};
+  // Parse and validate request body using Zod
-  try {
+  const { activityTypeXid, frequenciesXid } = parseBody(event.body, createActivitySchema);
    body = event.body ? JSON.parse(event.body) : {};
  } catch (err) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { activityTypeXid, frequenciesXid } = body;
  if (!activityTypeXid) {
    throw new ApiError(400, 'activityTypeXid is required');
  }
  await hostService.createActivity(
    userInfo.id,
-    Number(activityTypeXid),
+    activityTypeXid,
-    frequenciesXid ? Number(frequenciesXid) : undefined,
+    frequenciesXid,
  );
  return {
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQAnswer.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQAnswer.ts
@@ -1,300 +0,0 @@
 import config from '../../../../../config/config';
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import AWS from 'aws-sdk';
 import Busboy from 'busboy';
 import crypto from 'crypto';
 import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 const hostService = new HostService(prismaClient);
 const s3 = new AWS.S3({ region: config.aws.region });
 // Function to extract S3 key from URL
 function getS3KeyFromUrl(url: string): string {
    const bucketBaseUrl = `https://${config.aws.bucketName}.s3.${config.aws.region}.amazonaws.com/`;
    return url.replace(bucketBaseUrl, '');
 }
 // Function to delete file from S3
 async function deleteFromS3(s3Key: string): Promise<void> {
    try {
        await s3.deleteObject({
            Bucket: config.aws.bucketName,
            Key: s3Key,
        }).promise();
        console.log(`✅ File deleted from S3: ${s3Key}`);
    } catch (error) {
        console.error(`❌ Error deleting file from S3: ${s3Key}`, error);
        // continue — we don't want S3 deletion failure to crash the whole request
    }
 }
 async function uploadToS3(buffer: Buffer, mimeType: string, originalName: string, prefix: string, existingUrl?: string): Promise<string> {
    // We intentionally do NOT reuse old key. If existingUrl is provided we delete old file and create a new random key.
    if (existingUrl) {
        try {
            const oldKey = getS3KeyFromUrl(existingUrl);
            await deleteFromS3(oldKey);
        } catch (err) {
            console.warn('Warning deleting existingUrl before upload', err);
        }
    }
    const uniqueKey = `${crypto.randomUUID()}_${originalName}`;
    const s3Key = `${prefix}/${uniqueKey}`;
    await s3.upload({
        Bucket: config.aws.bucketName,
        Key: s3Key,
        Body: buffer,
        ContentType: mimeType,
        ACL: 'private'
    }).promise();
    console.log(`✅ File uploaded to S3: ${s3Key}`);
    return `https://${config.aws.bucketName}.s3.${config.aws.region}.amazonaws.com/${s3Key}`;
 }
 export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
    try {
        // 1) Auth
        const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
        if (!token) throw new ApiError(401, 'Missing token.');
        const user = await verifyHostToken(token);
        // 2) Content-Type check
        const contentType = event.headers["content-type"] || event.headers["Content-Type"];
        if (!contentType?.includes("multipart/form-data"))
            throw new ApiError(400, "Content-Type must be multipart/form-data");
        // 3) Body decoding
        const bodyBuffer = event.isBase64Encoded
            ? Buffer.from(event.body!, "base64")
            : Buffer.from(event.body!, "binary");
        const fields: any = {};
        const files: Array<{ buffer: Buffer; mimeType: string; fileName: string; fieldName: string }> = [];
        // 4) Parse multipart data
        await new Promise<void>((resolve, reject) => {
            const bb = Busboy({ headers: { 'content-type': contentType } });
            bb.on('file', (fieldname, file, info) => {
                const { filename, mimeType } = info;
                if (!filename) {
                    file.resume();
                    return;
                }
                const chunks: Buffer[] = [];
                let size = 0;
                const MAX_SIZE = 5 * 1024 * 1024;
                file.on("data", (chunk) => {
                    size += chunk.length;
                    if (size > MAX_SIZE) {
                        file.destroy(new Error(`File ${filename} exceeds 5MB limit.`));
                        return;
                    }
                    chunks.push(chunk);
                });
                file.on("end", () => {
                    if (chunks.length > 0) {
                        files.push({
                            buffer: Buffer.concat(chunks),
                            mimeType,
                            fileName: filename,
                            fieldName: fieldname,
                        });
                    }
                });
                file.on("error", (err) =>
                    reject(new ApiError(400, `File upload error: ${err.message}`))
                );
            });
            bb.on("field", (fieldname, val) => {
                console.log(`FIELD RAW: ${fieldname} =`, val);
                if (val === '' || val === 'null' || val === 'undefined') fields[fieldname] = null;
                else {
                    try {
                        const cleaned = val.trim();
                        // If it starts and ends with quotes, remove them
                        const withoutQuotes =
                            (cleaned.startsWith('"') && cleaned.endsWith('"'))
                                ? cleaned.slice(1, -1)
                                : cleaned;
                        fields[fieldname] = JSON.parse(withoutQuotes);
                    } catch {
                        fields[fieldname] = val;
                    }
                }
            });
            bb.on("close", () => resolve());
            bb.on("error", (err) =>
                reject(new ApiError(400, `Multipart parsing error: ${err.message}`))
            );
            // IMPORTANT FIX for HTTP API
            bb.write(bodyBuffer);
            bb.end();
        });
        // 5) Extract required fields
        const activityXid = Number(fields.activityXid);
        const pqqQuestionXid = Number(fields.pqqQuestionXid);
        const pqqAnswerXid = Number(fields.pqqAnswerXid);
        const comments = fields.comments || null;
        if (!activityXid || isNaN(activityXid)) throw new ApiError(400, "Valid activityXid is required");
        if (!pqqQuestionXid || isNaN(pqqQuestionXid)) throw new ApiError(400, "Valid pqqQuestionXid is required");
        if (!pqqAnswerXid || isNaN(pqqAnswerXid)) throw new ApiError(400, "Valid pqqAnswerXid is required");
        // 6) UPSERT header
        const existingHeader = await hostService.findHeaderByCompositeKey(
            activityXid,
            pqqQuestionXid,
        );
        let header;
        if (existingHeader) {
            console.log("🔄 Updating existing PQQ header");
            header = await hostService.updateHeader(
                existingHeader.id,
                pqqAnswerXid,
                comments
            );
        } else {
            console.log("🆕 Creating new PQQ header");
            header = await hostService.createHeader(
                activityXid,
                pqqQuestionXid,
                pqqAnswerXid,
                comments
            );
        }
        // 7) Get existing supporting files
        const existingSupportingFiles = await hostService.getSupportingFilesByHeaderId(header.id);
        console.log(`📁 Found ${existingSupportingFiles.length} existing supporting files`);
        // 8) Parse incoming control fields
        // fields.deletedFiles should be array like [{ id: number, url: string }, ...] or null
        const deletedFiles: Array<{ id: number; url?: string }> = Array.isArray(fields.deletedFiles) ? fields.deletedFiles : [];
        // fields.existingFiles can be an array of urls; we accept it but do not require it
        const existingFilesFromFront: string[] = Array.isArray(fields.existingFiles) ? fields.existingFiles : [];
        // Prepare response trackers
        const deletedResults: Array<{ id: number; success: boolean; reason?: string }> = [];
        const addedResults: Array<any> = [];
        // 9) Handle explicit deletions (ONLY delete ids provided in deletedFiles)
        if (deletedFiles.length > 0) {
            console.log(`🗑️ Processing ${deletedFiles.length} explicit deletions`);
            // Build a map of existing supporting files by id for quick lookup
            const existingById = new Map<number, any>();
            for (const f of existingSupportingFiles) {
                existingById.set(f.id, f);
            }
            for (const del of deletedFiles) {
                const id = Number(del.id);
                if (!id || !existingById.has(id)) {
                    deletedResults.push({ id, success: false, reason: 'Not found or invalid id' });
                    continue;
                }
                const record = existingById.get(id);
                try {
                    // delete from s3
                    if (record.mediaFileName) {
                        const s3Key = getS3KeyFromUrl(record.mediaFileName);
                        await deleteFromS3(s3Key);
                    }
                    // delete DB record
                    await hostService.deleteSupportingFile(record.id);
                    deletedResults.push({ id: record.id, success: true });
                    console.log(`🗑️ Deleted supporting file record ${record.id}`);
                } catch (err: any) {
                    console.error(`❌ Failed to delete supporting file id ${id}`, err);
                    deletedResults.push({ id, success: false, reason: err.message || 'delete failed' });
                }
            }
        } else {
            console.log('ℹ️ No explicit deletions requested (deletedFiles empty)');
        }
        // 10) Handle new uploaded files (these are ALWAYS added as new rows)
        if (files.length > 0) {
            console.log(`📤 Processing ${files.length} uploaded new file(s)`);
            for (const file of files) {
                try {
                    const url = await uploadToS3(
                        file.buffer,
                        file.mimeType,
                        file.fileName,
                        `ActivityOnboarding/supportings/${activityXid}`
                    );
                    // create DB record
                    const supporting = await hostService.addSupportingFile(
                        header.id,
                        file.mimeType,
                        url
                    );
                    addedResults.push(supporting);
                    console.log(`🆕 Created new supporting file record: ${supporting.id}`);
                } catch (err: any) {
                    console.error('❌ Error uploading/creating supporting file', err);
                    // push failure result but continue processing other files
                    addedResults.push({ success: false, reason: err.message || 'upload/create failed' });
                }
            }
        } else {
            console.log('📭 No new files uploaded in request');
        }
        // NOTE: We DO NOT delete or modify existing supporting files that were not listed in deletedFiles.
        // This satisfies your Case 2: "if no files are provided, do not touch existing supporting files".
        const allPQPQuestionAnswerResponse = await hostService.getAllPQUpdatedResponse(activityXid)
        // 11) Compose response
        const responseMessage = existingHeader ? "PQQ answer updated successfully" : "PQQ answer submitted successfully";
        return {
            statusCode: 200,
            headers: {
                "Content-Type": "application/json",
                "Access-Control-Allow-Origin": "*"
            },
            body: JSON.stringify({
                success: true,
                message: responseMessage,
                data: {
                    responseOfUpdatedData: allPQPQuestionAnswerResponse,
                    operation: existingHeader ? 'updated' : 'created',
                    // summary label for UI convenience:
                    fileOperation: (deletedResults.length > 0 || addedResults.length > 0) ? 'modified' : 'unchanged'
                }
            })
        };
    } catch (error: any) {
        console.error("❌ Error in submitPqqAnswer:", error);
        throw error;
    }
 });
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQForReview.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQForReview.ts
@@ -1,40 +0,0 @@
 import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 const pqqService = new HostService(prismaClient);
 export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
    try {
        // 1) Auth
        const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
        if (!token) throw new ApiError(401, 'Missing token.');
        const user = await verifyHostToken(token);
        const activity_xid = event.queryStringParameters?.activity_xid
            ? Number(event.queryStringParameters.activity_xid)
            : null;
        await pqqService.submitpqqforreview(Number(activity_xid), Number(user.id))
        return {
            statusCode: 200,
            headers: {
                "Content-Type": "application/json",
                "Access-Control-Allow-Origin": "*"
            },
            body: JSON.stringify({
                success: true,
                message: "Your PQQ has been submitted for review.",
                data: null
            })
        };
    } catch (error: any) {
        console.error("❌ Error in submitPqqAnswer:", error);
        throw error;
    }
 });
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQ_Answer.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/submitPQQ_Answer.ts
@@ -1,15 +1,16 @@
-import config from '../../../../../config/config';
+import config from '@/config/config';
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import AWS from 'aws-sdk';
 import Busboy from 'busboy';
 import crypto from 'crypto';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
-const pqqService = new HostService(prismaClient);
+const prisma = new PrismaService();
 const pqqService = new HostService(prisma);
 const s3 = new AWS.S3({ region: config.aws.region });
@@ -29,24 +30,34 @@ async function deleteFromS3(s3Key: string): Promise<void> {
    console.log(`✅ File deleted from S3: ${s3Key}`);
  } catch (error) {
    console.error(`❌ Error deleting file from S3: ${s3Key}`, error);
-    // continue — we don't want S3 deletion failure to crash the whole request
+    // Don't throw error here, continue with upload
  }
 }
 async function uploadToS3(buffer: Buffer, mimeType: string, originalName: string, prefix: string, existingUrl?: string): Promise<string> {
-  // We intentionally do NOT reuse old key. If existingUrl is provided we delete old file and create a new random key.
+  let s3Key: string;
  // If existing URL provided, use the same S3 key to replace the file
  // if (existingUrl) {
  //   s3Key = getS3KeyFromUrl(existingUrl);
  //   // Delete existing file first
  //   await deleteFromS3(s3Key);
  // } else {
  //   // Generate new unique key for new file
  //   const uniqueKey = `${crypto.randomUUID()}_${originalName}`;
  //   s3Key = `${prefix}/${uniqueKey}`;
  // }
  if (existingUrl) {
-    try {
+    // Delete old file, but DO NOT reuse its name
-      const oldKey = getS3KeyFromUrl(existingUrl);
+    const oldKey = getS3KeyFromUrl(existingUrl);
-      await deleteFromS3(oldKey);
+    await deleteFromS3(oldKey);
    } catch (err) {
      console.warn('Warning deleting existingUrl before upload', err);
    }
  }
  // Create new key always
  const uniqueKey = `${crypto.randomUUID()}_${originalName}`;
-  const s3Key = `${prefix}/${uniqueKey}`;
+  s3Key = `${prefix}/${uniqueKey}`;
  // Upload new file (replaces existing if same key)
  await s3.upload({
    Bucket: config.aws.bucketName,
    Key: s3Key,
@@ -71,7 +82,7 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    if (!contentType?.includes("multipart/form-data"))
      throw new ApiError(400, "Content-Type must be multipart/form-data");
-    // 3) Body decoding
+    // 3) Body decoding (FIXED – same as addCompanyDetails)
    const bodyBuffer = event.isBase64Encoded
      ? Buffer.from(event.body!, "base64")
      : Buffer.from(event.body!, "binary");
@@ -79,7 +90,7 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    const fields: any = {};
    const files: Array<{ buffer: Buffer; mimeType: string; fileName: string; fieldName: string }> = [];
-    // 4) Parse multipart data
+    // 4) Parse multipart data (FIXED – using bb.write + bb.end exactly like working lambda)
    await new Promise<void>((resolve, reject) => {
      const bb = Busboy({ headers: { 'content-type': contentType } });
@@ -141,32 +152,41 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      bb.end();
    });
-    // 5) Extract required fields
+    // 4) Extract required fields - only activityXid, pqqQuestionXid, pqqAnswerXid are required
    const activityXid = Number(fields.activityXid);
    const pqqQuestionXid = Number(fields.pqqQuestionXid);
    const pqqAnswerXid = Number(fields.pqqAnswerXid);
    // Comments and files are optional
    const comments = fields.comments || null;
    // Validate required fields
    if (!activityXid || isNaN(activityXid)) throw new ApiError(400, "Valid activityXid is required");
    if (!pqqQuestionXid || isNaN(pqqQuestionXid)) throw new ApiError(400, "Valid pqqQuestionXid is required");
    if (!pqqAnswerXid || isNaN(pqqAnswerXid)) throw new ApiError(400, "Valid pqqAnswerXid is required");
-    // 6) UPSERT header
+    // console.log(`📝 Processing - Activity: ${activityXid}, Question: ${pqqQuestionXid}, Answer: ${pqqAnswerXid}`);
    // console.log(`💬 Comments: ${comments ? 'Provided' : 'Not provided'}`);
    // console.log(`📎 Files: ${files.length}`);
    // 5) UPSERT: Check if header already exists for this combination
    const existingHeader = await pqqService.findHeaderByCompositeKey(
      activityXid,
      pqqQuestionXid,
      pqqAnswerXid
    );
    let header;
    if (existingHeader) {
      console.log("🔄 Updating existing PQQ header");
      // Update existing header (comments can be null)
      header = await pqqService.updateHeader(
        existingHeader.id,
        pqqAnswerXid,
        comments
      );
    } else {
      console.log("🆕 Creating new PQQ header");
      // Create new header (comments can be null)
      header = await pqqService.createHeader(
        activityXid,
        pqqQuestionXid,
@@ -175,93 +195,79 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      );
    }
-    // 7) Get existing supporting files
+    // 6) Get existing supporting files for this header
    const existingSupportingFiles = await pqqService.getSupportingFilesByHeaderId(header.id);
    console.log(`📁 Found ${existingSupportingFiles.length} existing supporting files`);
-    // 8) Parse incoming control fields
+    // 7) Handle file UPSERT - only if files are provided
-    // fields.deletedFiles should be array like [{ id: number, url: string }, ...] or null
+    const uploadedFiles: any[] = [];
    const deletedFiles: Array<{ id: number; url?: string }> = Array.isArray(fields.deletedFiles) ? fields.deletedFiles : [];
    // fields.existingFiles can be an array of urls; we accept it but do not require it
    const existingFilesFromFront: string[] = Array.isArray(fields.existingFiles) ? fields.existingFiles : [];
    // Prepare response trackers
    const deletedResults: Array<{ id: number; success: boolean; reason?: string }> = [];
    const addedResults: Array<any> = [];
    // 9) Handle explicit deletions (ONLY delete ids provided in deletedFiles)
    if (deletedFiles.length > 0) {
      console.log(`🗑️ Processing ${deletedFiles.length} explicit deletions`);
      // Build a map of existing supporting files by id for quick lookup
      const existingById = new Map<number, any>();
      for (const f of existingSupportingFiles) {
        existingById.set(f.id, f);
      }
      for (const del of deletedFiles) {
        const id = Number(del.id);
        if (!id || !existingById.has(id)) {
          deletedResults.push({ id, success: false, reason: 'Not found or invalid id' });
          continue;
        }
        const record = existingById.get(id);
        try {
          // delete from s3
          if (record.mediaFileName) {
            const s3Key = getS3KeyFromUrl(record.mediaFileName);
            await deleteFromS3(s3Key);
          }
          // delete DB record
          await pqqService.deleteSupportingFile(record.id);
          deletedResults.push({ id: record.id, success: true });
          console.log(`🗑️ Deleted supporting file record ${record.id}`);
        } catch (err: any) {
          console.error(`❌ Failed to delete supporting file id ${id}`, err);
          deletedResults.push({ id, success: false, reason: err.message || 'delete failed' });
        }
      }
    } else {
      console.log('ℹ️ No explicit deletions requested (deletedFiles empty)');
    }
    // 10) Handle new uploaded files (these are ALWAYS added as new rows)
    if (files.length > 0) {
-      console.log(`📤 Processing ${files.length} uploaded new file(s)`);
+      console.log("📤 Processing file uploads...");
      for (const file of files) {
        try {
          const url = await uploadToS3(
            file.buffer,
            file.mimeType,
            file.fileName,
            `ActivityOnboarding/supportings/${activityXid}`
          );
-          // create DB record
+      for (let i = 0; i < files.length; i++) {
-          const supporting = await pqqService.addSupportingFile(
+        const file = files[i];
        const existingFile = existingSupportingFiles[i] || null;
        const url = await uploadToS3(
          file.buffer,
          file.mimeType,
          file.fileName,
          `ActivityOnboarding/supportings/${activityXid}`,
          existingFile ? existingFile.mediaFileName : undefined
        );
        let supporting;
        if (existingFile) {
          // Update existing supporting file record
          supporting = await pqqService.updateSupportingFile(
            existingFile.id,
            file.mimeType,
            url
          );
          console.log(`🔄 Updated supporting file: ${existingFile.id}`);
        } else {
          // Create new supporting file record
          supporting = await pqqService.addSupportingFile(
            header.id,
            file.mimeType,
            url
          );
          console.log(`🆕 Created new supporting file: ${supporting.id}`);
        }
-          addedResults.push(supporting);
+        uploadedFiles.push(supporting);
-          console.log(`🆕 Created new supporting file record: ${supporting.id}`);
+      }
-        } catch (err: any) {
+
-          console.error('❌ Error uploading/creating supporting file', err);
+      // 8) Delete any remaining existing files that weren't replaced
-          // push failure result but continue processing other files
+      if (existingSupportingFiles.length > files.length) {
-          addedResults.push({ success: false, reason: err.message || 'upload/create failed' });
+        const filesToDelete = existingSupportingFiles.slice(files.length);
        console.log(`🗑️ Deleting ${filesToDelete.length} unused supporting files`);
        for (const fileToDelete of filesToDelete) {
          await pqqService.deleteSupportingFile(fileToDelete.id);
          // Also delete from S3
          const s3Key = getS3KeyFromUrl(fileToDelete.mediaFileName);
          await deleteFromS3(s3Key);
          console.log(`🗑️ Deleted supporting file: ${fileToDelete.id}`);
        }
      }
    } else {
-      console.log('📭 No new files uploaded in request');
+      console.log("📭 No files provided in request");
      // If no files provided but existing files exist, delete them (cleanup)
      if (existingSupportingFiles.length > 0) {
        console.log(`🗑️ No new files provided, deleting ${existingSupportingFiles.length} existing files`);
        for (const fileToDelete of existingSupportingFiles) {
          await pqqService.deleteSupportingFile(fileToDelete.id);
          const s3Key = getS3KeyFromUrl(fileToDelete.mediaFileName);
          await deleteFromS3(s3Key);
          console.log(`🗑️ Deleted supporting file: ${fileToDelete.id}`);
        }
      }
    }
-    // NOTE: We DO NOT delete or modify existing supporting files that were not listed in deletedFiles.
+    // 9) Prepare response
    // This satisfies your Case 2: "if no files are provided, do not touch existing supporting files".
    // 11) Compose response
    const responseMessage = existingHeader ? "PQQ answer updated successfully" : "PQQ answer submitted successfully";
    return {
@@ -278,15 +284,15 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
          activityXid,
          pqqQuestionXid,
          pqqAnswerXid,
-          comments,
+          comments: comments,
          files: {
-            added: addedResults,
+            uploaded: uploadedFiles,
-            deleted: deletedResults,
+            total: uploadedFiles.length
            existingKeptCount: (existingSupportingFiles.length - deletedResults.filter(d => d.success).length)
          },
          operation: existingHeader ? 'updated' : 'created',
-          // summary label for UI convenience:
+          fileOperation: files.length > 0 ?
-          fileOperation: (deletedResults.length > 0 || addedResults.length > 0) ? 'modified' : 'unchanged'
+            (existingSupportingFiles.length > 0 ? 'replaced' : 'added') :
            (existingSupportingFiles.length > 0 ? 'removed' : 'unchanged')
        }
      })
    };
@@ -295,4 +301,4 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    console.error("❌ Error in submitPqqAnswer:", error);
    throw error;
  }
-});
+});
--- a/src/modules/host/handlers/Activity_Hub/OnBoarding/updateSuggestionAsReviewed.ts
+++ b/src/modules/host/handlers/Activity_Hub/OnBoarding/updateSuggestionAsReviewed.ts
@@ -1,11 +1,14 @@
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { updateSuggestionReviewedSchema } from '../../../../../common/utils/validation/host/activity.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -16,18 +19,8 @@ export const handler = safeHandler(async (
  const userInfo = await verifyHostToken(token);
-  let body: any = {};
+  // Parse and validate body using Zod
-  try {
+  const { activityPqqHeaderXid, activityPQQSuggestionId } = parseBody(event.body, updateSuggestionReviewedSchema);
    body = event.body ? JSON.parse(event.body) : {};
  } catch (err) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { activityPqqHeaderXid, activityPQQSuggestionId } = body;
  if (!activityPqqHeaderXid) {
    throw new ApiError(400, 'activityPqqHeaderXid is required');
  }
  await hostService.markPQQSuggestionReviewed(
    userInfo.id,
--- a/src/modules/host/handlers/Host_Admin/onboarding/acceptAggrement.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/acceptAggrement.ts
@@ -1,11 +1,12 @@
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { HostService } from '../../../services/host.service';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 /**
 * Add suggestion handler for host applications
--- a/src/modules/host/handlers/Host_Admin/onboarding/createPassword.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/createPassword.ts
@@ -1,11 +1,14 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { HostService } from '../../../services/host.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { createPasswordSchema } from '../../../../../common/utils/validation/host/auth.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -21,30 +24,8 @@ export const handler = safeHandler(async (
  const userInfo = await verifyHostToken(token);
  const user_xid = userInfo.id;
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { password?: string; confirmPassword?: string };
+  const { password } = parseBody(event.body, createPasswordSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { password, confirmPassword } = body;
  if (!password || !confirmPassword) {
    throw new ApiError(400, 'Password and confirm password are required');
  }
  // Validate password match
  if (password !== confirmPassword) {
    throw new ApiError(400, 'Password and confirm password do not match');
  }
  // Validate password length
  if (password.length < 8) {
    throw new ApiError(400, 'Password must be at least 8 characters long');
  }
  await hostService.createPassword(user_xid, password);
--- a/src/modules/host/handlers/Host_Admin/onboarding/login.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/login.ts
@@ -1,36 +1,26 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { HostService } from '../../../services/host.service';
 import { TokenService } from '../../../services/token.service';
 import { GetHostLoginResponseDTO } from '../../../dto/host.dto';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import * as bcrypt from 'bcryptjs';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostLoginSchema } from '../../../../../common/utils/validation/host/auth.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
-const tokenService = new TokenService(prismaClient);
+const hostService = new HostService(prismaService);
 const tokenService = new TokenService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { emailAddress?: string; userPassword?: string };
+  const { emailAddress, userPassword } = parseBody(event.body, hostLoginSchema);
-  try {
+  const loginForHost = await hostService.loginForHost(emailAddress, userPassword);
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { emailAddress, userPassword } = body;
  if (!emailAddress || !userPassword) {
    throw new ApiError(400, 'Email and password are required');
  }
  const emailToLowerCase = emailAddress.toLowerCase()
  const loginForHost = await hostService.loginForHost(emailToLowerCase, userPassword);
  if (!loginForHost) {
    throw new ApiError(400, 'Failed to login');
@@ -40,6 +30,15 @@ export const handler = safeHandler(async (
    throw new ApiError(401, 'Invalid credentials');
  }
  const matchPassword = await bcrypt.compare(
    userPassword,
    loginForHost.userPassword
  );
  if (!matchPassword) {
    throw new ApiError(401, 'Invalid credentials');
  }
  const generateTokenForHost = await tokenService.generateAuthToken(
    loginForHost.id
  );
--- a/src/modules/host/handlers/Host_Admin/onboarding/showSuggestion.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/showSuggestion.ts
@@ -1,11 +1,12 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { MinglarService } from '../../../../minglaradmin/services/minglar.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
 * Get suggestions handler
--- a/src/modules/host/handlers/Host_Admin/onboarding/signUp.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/signUp.ts
@@ -1,15 +1,18 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import * as bcrypt from 'bcryptjs';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { ROLE } from '../../../../../common/utils/constants/common.constant';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { encryptUserId } from '../../../../../common/utils/helper/CodeGenerator';
+import * as bcrypt from 'bcryptjs';
 import { OtpGeneratorSixDigit } from '../../../../../common/utils/helper/OtpGenerator';
 import { encryptUserId } from '../../../../../common/utils/helper/CodeGenerator';
 import { HostService } from '../../../services/host.service';
-import { sendOtpEmailForHost } from '@/modules/host/services/sendOTPEmail.service';
+import { sendOtpEmailForHost } from '../../../services/sendOTPEmail.service';
 import { ROLE } from '../../../../../common/utils/constants/common.constant';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostSignUpSchema } from '../../../../../common/utils/validation/host/auth.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export async function generateHostRefNumber(tx: any) {
  const lastrecord = await tx.user.findFirst({
@@ -30,27 +33,13 @@ export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { email?: string };
+  const { email } = parseBody(event.body, hostSignUpSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { email } = body;
  if (!email) {
    throw new ApiError(400, 'Email is required');
  }
  const emailToLowerCase = email.toLowerCase()
  // Use a single transaction for user creation/lookup and OTP storage
-  const transactionResult = await prismaClient.$transaction(async (tx) => {
+  const transactionResult = await prismaService.$transaction(async (tx) => {
    const user = await tx.user.findUnique({
-      where: { emailAddress: emailToLowerCase },
+      where: { emailAddress: email },
      select: { emailAddress: true, id: true, userPassword: true },
    });
@@ -68,7 +57,7 @@ export const handler = safeHandler(async (
    } else {
      // create new user record within the transaction
      newUserLocal = await tx.user.create({
-        data: { emailAddress: emailToLowerCase, roleXid: ROLE.HOST, userRefNumber: referenceNumber },
+        data: { emailAddress: email, roleXid: ROLE.HOST, userRefNumber: referenceNumber },
      });
    }
@@ -103,7 +92,7 @@ export const handler = safeHandler(async (
  }
  // Send OTP email outside the DB transaction
-  await sendOtpEmailForHost(transactionResult.newUser.emailAddress, transactionResult.otp);
+  // await sendOtpEmailForHost(transactionResult.newUser.emailAddress, transactionResult.otp);
  return {
    statusCode: 200,
--- a/src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.ts
@@ -1,10 +1,10 @@
 // modules/host/handlers/addCompanyDetails.ts
-import config from '../../../../../config/config';
+import config from '@/config/config';
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from 'aws-lambda';
 import AWS from 'aws-sdk';
 import Busboy from 'busboy';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import {
@@ -15,17 +15,8 @@ import {
 import { HostService } from '../../../services/host.service';
 import { sendEmailToAM, sendEmailToMinglarAdmin } from '../../../services/sendHostResubmitEmailToAM.service';
-const hostService = new HostService(prismaClient);
+const prisma = new PrismaService();
-
+const hostService = new HostService(prisma);
 function getExtensionFromMime(mimeType: string) {
  const map: Record<string, string> = {
    'image/jpeg': 'jpg',
    'image/png': 'png',
    'application/pdf': 'pdf',
    'image/webp': 'webp',
  };
  return map[mimeType] || 'bin';
 }
 const s3 = new AWS.S3({
  region: config.aws.region,
@@ -59,25 +50,6 @@ function cleanEmptyStrings(obj: any) {
  return cleaned;
 }
 function getS3KeyFromUrl(url: string): string {
  const base = `https://${config.aws.bucketName}.s3.${config.aws.region}.amazonaws.com/`;
  return url.replace(base, "");
 }
 async function deleteFromS3(key: string) {
  try {
    await s3.deleteObject({
      Bucket: config.aws.bucketName,
      Key: key
    }).promise();
    console.log("✅ Deleted from S3:", key);
  } catch (err) {
    console.error("❌ Failed to delete from S3:", key, err);
  }
 }
 export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
  try {
@@ -140,9 +112,6 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      bb.end();
    });
    const deletedFiles = normalizeJsonField(fields, "deletedFiles") || [];
    const parentDeletedFiles = normalizeJsonField(fields, "parentDeletedFiles") || [];
    /** 4) Extract and clean isDraft flag */
    const isDraft = fields.isDraft === 'true' || fields.isDraft === true;
@@ -159,22 +128,13 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      }
    }
    if (
      companyDetailsRaw.parentCompany &&
      Object.values(companyDetailsRaw.parentCompany).every(
        (v) => v === undefined || v === null
      )
    ) {
      companyDetailsRaw.parentCompany = null;
    }
    /** 6) Profile update if provided */
    if (fields.userProfile) {
      const userProfileRaw = normalizeJsonField(fields, 'userProfile');
      if (userProfileRaw) {
        const { firstName, lastName, mobileNumber } = userProfileRaw;
-        await prismaClient.user.update({
+        await prisma.user.update({
          where: { id: userInfo.id },
          data: {
            ...(firstName && { firstName }),
@@ -218,10 +178,15 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      const file = files.find((f) => f.fieldName === doc.fieldName);
      // In DRAFT mode → allow missing documents
-      if (!file) {
+      if (isDraft && !file) {
        return { ...doc, file: null };
      }
      // In FINAL mode → file must exist
      if (!file) {
        throw new ApiError(400, `File not found for field: ${doc.fieldName}`);
      }
      return { ...doc, file };
    });
@@ -248,65 +213,9 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
      parsedParentCompany = parsedCompany.parentCompany || null;
    }
    /** 9.5) DELETE DOCUMENTS IF REQUESTED **/
    if (Array.isArray(deletedFiles) && deletedFiles.length > 0) {
      console.log(`🗑️ Deleting ${deletedFiles.length} documents...`);
      for (const del of deletedFiles) {
        const id = Number(del.id);
        const url = del.url;
        if (!id || !url) {
          console.log("❌ Invalid delete entry:", del);
          continue;
        }
        // Extract S3 key
        const s3Key = getS3KeyFromUrl(url);
        // Delete from S3
        await deleteFromS3(s3Key);
        // Delete from DB
        await prismaClient.hostDocuments.delete({
          where: { id }
        });
        console.log(`🗑️ Deleted host document ID ${id}`);
      }
    }
    /** 9.6) DELETE PARENT DOCUMENTS **/
    if (parsedCompany.isSubsidairy && Array.isArray(parentDeletedFiles) && parentDeletedFiles.length > 0) {
      console.log(`🗑️ Deleting ${parentDeletedFiles.length} PARENT documents...`);
      for (const del of parentDeletedFiles) {
        const id = Number(del.id);
        const url = del.url;
        if (!id || !url) {
          console.log("⚠️ Invalid parent delete entry:", del);
          continue;
        }
        const s3Key = getS3KeyFromUrl(url);
        // Delete S3
        await deleteFromS3(s3Key);
        // Delete DB
        await prismaClient.hostParenetDocuments.delete({
          where: { id }
        });
        console.log(`🗑️ Deleted PARENT document ID ${id}`);
      }
    }
    /** 11) UPLOAD DOCUMENTS */
    async function uploadToS3(buffer, mimeType, originalName, folderType, documentTypeXid?, fieldName?) {
-      // const ext = originalName.split('.').pop() || 'jpg';
+      const ext = originalName.split('.').pop() || 'jpg';
      const ext = getExtensionFromMime(mimeType);
      let s3Key = '';
@@ -340,7 +249,7 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    /** Upload host docs */
    const uploadedHostDocs: Array<any> = [];
    for (const doc of hostDocs) {
-      if (!doc.file) continue;
+      if (isDraft && !doc.file) continue;
      const path = await uploadToS3(
        doc.file.buffer,
@@ -361,7 +270,7 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    /** Upload parent docs */
    const uploadedParentDocs: Array<any> = [];
    for (const doc of parentDocs) {
-      if (!doc.file) continue; // skip missing files in draft mode
+      if (!doc.file && isDraft) continue; // skip missing files in draft mode
      const path = await uploadToS3(
        doc.file.buffer,
@@ -380,67 +289,31 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    }
    /** UPLOAD LOGO (if provided) */
-    const logoFile = files.find(
+    const logoFile = files.find((f) => f.fieldName === 'companyLogo' || f.fieldName === 'companyLogoFile');
-      (f) => f.fieldName === 'companyLogo' || f.fieldName === 'companyLogoFile'
+    if (logoFile) {
-    );
+      const logoUrl = await uploadToS3(logoFile.buffer, logoFile.mimeType, logoFile.fileName, 'logo');
    if (logoFile && logoFile.buffer && logoFile.fileName) {
      const logoUrl = await uploadToS3(
        logoFile.buffer,
        logoFile.mimeType,
        logoFile.fileName,
        'logo'
      );
      parsedCompany.logoPath = logoUrl;
    }
    /** UPLOAD PARENT COMPANY LOGO (if provided) */
-    const parentLogoFile = files.find(
+    const parentLogoFile = files.find((f) => f.fieldName === 'parentCompanyLogo');
-      (f) => f.fieldName === 'parentCompanyLogo'
+    if (parentLogoFile) {
    );
    if (parentLogoFile && parentLogoFile.buffer && parentLogoFile.mimeType) {
      // 🔒 Only upload when an actual file is present
      const parentLogoUrl = await uploadToS3(
        parentLogoFile.buffer,
        parentLogoFile.mimeType,
-        parentLogoFile.fileName, // safe here because it's a real file
+        parentLogoFile.fileName,
        'parent_company_logo',
      );
      if (parsedParentCompany) {
        parsedParentCompany.logoPath = parentLogoUrl;
      } else {
-        parsedParentCompany = {
+        // if no parent object exists yet (drafts or other flows), attach it safely
-          logoPath: parentLogoUrl,
+        parsedParentCompany = parsedParentCompany || {};
-        };
+        parsedParentCompany.logoPath = parentLogoUrl;
      }
    }
    if (parsedCompany.cityXid) {
      const city = await prismaClient.cities.findUnique({
        where: { id: Number(parsedCompany.cityXid) }
      });
      if (!city) {
        throw new ApiError(400, `City with ID ${parsedCompany.cityXid} not found`);
      }
    }
    if (!parsedCompany.isSubsidairy) {
      const parentDocuments = await hostService.getParentDocumentsByHostId(userInfo.id);
      if (parentDocuments.length > 0) {
        for (const doc of parentDocuments) {
          try {
            const s3Key = getS3KeyFromUrl(doc.filePath);
            await deleteFromS3(s3Key);
          } catch (e) {
            console.error("S3 delete failed:", doc.filePath, e);
          }
        }
      }
      await hostService.deleteExistingParentRecords(userInfo.id)
    }
    /** 12) SAVE / UPDATE HOST ENTRY */
    const createdOrUpdated = await hostService.addOrUpdateCompanyDetails(
      userInfo.id,
--- a/src/modules/host/handlers/Host_Admin/onboarding/updateBankDetails.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/updateBankDetails.ts
@@ -1,12 +1,13 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { HostService } from '../../../services/host.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { verifyHostToken } from '@/common/middlewares/jwt/authForHost';
-import { hostBankDetailsSchema } from '../../../../../common/utils/validation/host/addPaymentDetails.validation';
+import { hostBankDetailsSchema } from '@/common/utils/validation/host/addPaymentDetails.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -32,7 +33,7 @@ export const handler = safeHandler(async (
    }
    // Parse request body
-    let body: { bankXid?: number; bankBranchXid?: number; accountNumber?: string; confirmAccountNumber?: string; accountHolderName?: string; currencyXid?: number };
+    let body: { bankXid?: number; bankBranchXid?: number; accountNumber?: string; confirmAccountNumber?: string; accountHolderName?: string; ifscCode?: string; currencyXid?: number };
    try {
        body = event.body ? JSON.parse(event.body) : {};
@@ -43,7 +44,7 @@ export const handler = safeHandler(async (
    // ✅ Validate payload using Zod
    const validationResult = hostBankDetailsSchema.safeParse({
        ...(body as object),
-        hostXid: host.host.id, // inject hostId from token (not from user input)
+        hostXid: host.id, // inject hostId from token (not from user input)
    });
    if (!validationResult.success) {
@@ -53,16 +54,7 @@ export const handler = safeHandler(async (
    const validatedData = validationResult.data;
-    // Fetch IFSC code from bank branch
+    await hostService.addPaymentDetails(validatedData);
    const bankBranch = await hostService.getBankBranchById(validatedData.bankBranchXid);
    if (!bankBranch) {
        throw new ApiError(404, 'Bank branch not found');
    }
    await hostService.addPaymentDetails({
        ...validatedData,
        ifscCode: bankBranch.ifscCode,
    });
    return {
        statusCode: 200,
--- a/src/modules/host/handlers/Host_Admin/onboarding/verifyOTP.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/verifyOTP.ts
@@ -1,36 +1,24 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { HostService } from '../../../services/host.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { TokenService } from '../../../services/token.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { verifyOtpWithEmailSchema } from '../../../../../common/utils/validation/host/auth.validation';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
-const tokenService = new TokenService(prismaClient);
+const hostService = new HostService(prismaService);
 const tokenService = new TokenService(prismaService);
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
    context?: Context
 ): Promise<APIGatewayProxyResult> => {
-    // Parse request body
+    // Parse and validate request body using Zod
-    let body: { email?: string; otp?: string };
+    const { email, otp } = parseBody(event.body, verifyOtpWithEmailSchema);
-    try {
+    await hostService.verifyHostOtp(email, otp);
-        body = event.body ? JSON.parse(event.body) : {};
+    const user = await hostService.getHostByEmail(email);
    } catch (error) {
        throw new ApiError(400, 'Invalid JSON in request body');
    }
    const { email, otp } = body;
    if (!email || !otp) {
        throw new ApiError(400, 'Email and OTP are required');
    }
    const emailToLowerCase = email.toLowerCase();
    await hostService.verifyHostOtp(emailToLowerCase, otp);
    const user = await hostService.getHostByEmail(emailToLowerCase);
    const generateTokenForHost = await tokenService.generateAuthToken(
        user.id
    );
--- a/src/modules/host/handlers/getStepper.ts
+++ b/src/modules/host/handlers/getStepper.ts
@@ -1,11 +1,12 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
-import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../common/database/prisma.service';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { verifyHostToken } from '../../../common/middlewares/jwt/authForHost';
 import { HostService } from '../services/host.service';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
@@ -25,7 +26,11 @@ export const handler = safeHandler(async (
  }
  // Fetch user with their HostHeader stepper info
-  const host = await hostService.getHostIdByUserXid(userId);
+  const host = await hostService.getHostById(userId);
  if (!host) {
    throw new ApiError(404, 'Host record not found');
  }
  return {
    statusCode: 200,
@@ -37,8 +42,7 @@ export const handler = safeHandler(async (
      success: true,
      message: 'Stepper information retrieved successfully',
      data: {
-        stepper: host?.host?.stepper || null,
+        stepper: host.stepper,
        emailAddress: host.user?.emailAddress || null,
      },
    }),
  };
--- a/src/modules/host/handlers/getbyidhandler.ts
+++ b/src/modules/host/handlers/getbyidhandler.ts
@@ -1,11 +1,12 @@
-import { verifyMinglarAdminHostToken } from '../../../common/middlewares/jwt/authForMinglarAdminHost';
+import { verifyMinglarAdminHostToken } from '@/common/middlewares/jwt/authForMinglarAdmin&Host';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../common/database/prisma.service';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { HostService } from '../services/host.service';
-const hostService = new HostService(prismaClient);
+const prismaService = new PrismaService();
 const hostService = new HostService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -13,7 +14,7 @@ export const handler = safeHandler(async (
 ): Promise<APIGatewayProxyResult> => {
  // Get host ID from path parameters
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token']
-  if (!token) {
+  if(!token) {
    throw new ApiError(400, 'This is a protected route. Please provide a valid token.');
  }
--- a/src/modules/host/handlers/host.ts
+++ b/src/modules/host/handlers/host.ts
@@ -1,8 +1,8 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { PrismaClient } from '@prisma/client';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import { prismaClient } from '../../../common/database/prisma.lambda.service';
-const prisma = prismaClient;
+const prisma = new PrismaClient();
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent
@@ -10,6 +10,7 @@ export const handler = safeHandler(async (
  const result = await prisma.hostHeader.findMany({
    select: {
      id: true,
      hostParent: true,
      hostStatusDisplay: true,
      accountManager: true,
--- a/src/modules/host/handlers/resendOtp.ts
+++ b/src/modules/host/handlers/resendOtp.ts
@@ -1,11 +1,13 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult } from "aws-lambda";
-import { prismaClient } from "../../../common/database/prisma.lambda.service";
+import { PrismaService } from "../../../common/database/prisma.service";
 import { safeHandler } from "../../../common/utils/handlers/safeHandler";
 import ApiError from "../../../common/utils/helper/ApiError";
 import { resendOtpHelper } from "../../../common/utils/helper/resendOtpHelper";
 import { resendOtpEmail } from "../services/resendOTPEmail.service";
 import { parseBody } from "../../../common/utils/validation/validation.utils";
 import { resendOtpSchema } from "../../../common/utils/validation/host/auth.validation";
-const prisma = prismaClient;
+const prisma = new PrismaService();
 // allowed purposes
 const ALLOWED_PURPOSES = ["Register", "Login", "ForgotPassword"] as const;
@@ -13,39 +15,16 @@ type OtpPurpose = typeof ALLOWED_PURPOSES[number];
 export const handler = safeHandler(
  async (event: APIGatewayProxyEvent): Promise<APIGatewayProxyResult> => {
-    // parse body safely
+    // Parse and validate body using Zod
-    let body: { email?: string; purpose?: string } = {};
+    const { email, purpose: purposeFromBody } = parseBody(event.body, resendOtpSchema);
    try {
      body = event.body ? JSON.parse(event.body) : {};
    } catch {
      throw new ApiError(400, "Invalid JSON in request body");
    }
    // allow passing purpose via query string too (useful for GET requests)
    const qsPurpose = event.queryStringParameters?.purpose;
-    const purposeRaw = (body.purpose || qsPurpose || "").trim();
+    const purpose = (purposeFromBody || qsPurpose || "Register") as OtpPurpose;
    if (!purposeRaw) {
      throw new ApiError(400, "purpose is required. Allowed values: Register, Login, ForgotPassword");
    }
    if (!ALLOWED_PURPOSES.includes(purposeRaw as OtpPurpose)) {
      throw new ApiError(
        400,
        `Invalid purpose '${purposeRaw}'. Allowed values: ${ALLOWED_PURPOSES.join(", ")}`
      );
    }
    const purpose = purposeRaw as OtpPurpose;
    const email = (body.email || "").trim();
    if (!email) throw new ApiError(400, "Email is required");
    const emailToLowerCase = email.toLowerCase();
    // find user (you can adapt the isActive / userStatus checks per your rules)
    const user = await prisma.user.findUnique({
-      where: { emailAddress: emailToLowerCase, isActive: true },
+      where: { emailAddress: email, isActive: true },
      select: { id: true, emailAddress: true, role: true },
    });
@@ -58,6 +37,7 @@ export const handler = safeHandler(
    const otpResult = await resendOtpHelper(
      prisma,
      user.id,
      user.emailAddress,
      purpose,
      6, // 6-digit OTP
      5  // expires in 5 minutes
--- a/src/modules/host/services/host.service.ts
+++ b/src/modules/host/services/host.service.ts
--- a/src/modules/host/services/resendOTPEmail.service.ts
+++ b/src/modules/host/services/resendOTPEmail.service.ts
@@ -15,8 +15,8 @@ export async function resendOtpEmail(
  const htmlContent = `
    <p>Dear ${role},</p>
    <p>Your new OTP is: <strong>${otp}</strong></p>
-    <p>This code will be valid for the next 5 minutes.</p>
+    <p>This code is valid for 5 minutes. Please do not share it with anyone.</p>
-    <p>Warm regards,<br/>Minglar Team</p>
+    <p>Best regards,<br/>Minglar Team</p>
  `;
  try {
--- a/src/modules/host/services/sendOTPEmail.service.ts
+++ b/src/modules/host/services/sendOTPEmail.service.ts
@@ -13,10 +13,9 @@ export async function sendOtpEmailForHost(
  const htmlContent = `
    <p>Dear Host,</p>
-    <p>You’re almost all set! 🎉</p>
+    <p>Your OTP for registration is: <strong>${otp}</strong></p>
-    <p>Enter <strong>${otp}</strong> to wrap your registration.</p>
+    <p>This code is valid for 5 minutes. Please do not share it with anyone.</p>
-    <p>This code will be valid for the next 5 minutes.</p>
+    <p>Best regards,<br/>Minglar Team</p>
    <p>Warm regards,<br/>Minglar Team</p>
  `;
  try {
--- a/src/modules/host/services/token.service.ts
+++ b/src/modules/host/services/token.service.ts
@@ -1,10 +1,10 @@
-import { PrismaClient } from '@prisma/client';
+import { PrismaService } from "../../../common/database/prisma.service";
 import jwt, { JwtPayload } from "jsonwebtoken";
 import moment from "moment";
 import config from "../../../config/config";
 export class TokenService {
-  constructor(private prisma: PrismaClient) { }
+  constructor(private readonly prisma: PrismaService = new PrismaService()) {}
  private generateToken(
    user_xid: number,
@@ -53,10 +53,6 @@ export class TokenService {
      config.jwt.secret
    );
    await this.prisma.token.deleteMany({
      where: { userXid: user_xid }
    })
    await this.prisma.token.create({
      data: {
        token: refreshToken.token,
@@ -104,10 +100,6 @@ export class TokenService {
      config.jwt.secret
    );
    await this.prisma.token.deleteMany({
      where: { userXid: user_xid }
    })
    await this.prisma.token.create({
      data: {
        token: refreshToken.token,
--- a/src/modules/minglaradmin/handlers/createPassword.ts
+++ b/src/modules/minglaradmin/handlers/createPassword.ts
@@ -1,11 +1,13 @@
 import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../common/database/prisma.service';
 import { MinglarService } from '../services/minglar.service';
 import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { parseBody } from '../../../common/utils/validation/validation.utils';
 import { minglarCreatePasswordSchema } from '../../../common/utils/validation/minglaradmin/auth.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -14,37 +16,15 @@ export const handler = safeHandler(async (
  // Extract token from headers
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token']
  if(!token) {
-    throw new ApiError(400, 'This is a protected route. Please provide a valid token.');
+    throw new (await import('../../../common/utils/helper/ApiError')).default(400, 'This is a protected route. Please provide a valid token.');
  }
  // Authenticate user using the shared authForHost function
  const userInfo = await verifyMinglarAdminToken(token);
  const user_xid = userInfo.id;
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { password?: string; confirmPassword?: string };
+  const { password } = parseBody(event.body, minglarCreatePasswordSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { password, confirmPassword } = body;
  if (!password || !confirmPassword) {
    throw new ApiError(400, 'Password and confirm password are required');
  }
  // Validate password match
  if (password !== confirmPassword) {
    throw new ApiError(400, 'Password and confirm password do not match');
  }
  // Validate password length
  if (password.length < 8) {
    throw new ApiError(400, 'Password must be at least 8 characters long');
  }
  await minglarService.createPassword(user_xid, password);
  const userDetails = await minglarService.getBasicUserDetails(user_xid)
--- a/src/modules/minglaradmin/handlers/getAMDetail_ById.ts
+++ b/src/modules/minglaradmin/handlers/getAMDetail_ById.ts
@@ -3,17 +3,19 @@ import {
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../common/database/prisma.lambda.service';
 import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../common/database/prisma.service';
 import { MinglarService } from '../services/minglar.service';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
 import { parseQueryParams } from '../../../common/utils/validation/validation.utils';
 import { getAmDetailByIdPathSchema } from '../../../common/utils/validation/prepopulate/prepopulate.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
- * Get all host applications handler
+ * Get AM details by ID handler
 * Returns host details with status, submission date, and account manager info
 */
 export const handler = safeHandler(
  async (
@@ -32,22 +34,12 @@ export const handler = safeHandler(
    await verifyMinglarAdminToken(token);
-    const amXid = event.pathParameters?.amXid;
+    // Parse and validate path params using Zod
-    if (!amXid) {
+    const { amXid } = parseQueryParams(event.pathParameters, getAmDetailByIdPathSchema);
      throw new ApiError(
        400,
        'Account Manager XID is required in path parameters.',
      );
    }
    const amId = Number(amXid);
    if (Number.isNaN(amId)) {
      throw new ApiError(400, 'Account Manager XID must be a valid number.');
    }
-    // Get all host applications from service based on user role
+    // Get AM details by ID from service
-    const getAmDetailsByid = await minglarService.getAMdetailById( amId );
+    const getAmDetailsByid = await minglarService.getAMdetailById(amXid);
    return {
      statusCode: 200,
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/acceptHostApplication.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/acceptHostApplication.ts
@@ -1,23 +1,18 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { sendEmailToHostForApprovedApplication } from '../../../services/approvalMailtoHost.service';
 import { MinglarService } from '../../../services/minglar.service';
 import { sendEmailToHostForApprovedApplication } from '../../../services/approvalMailtoHost.service'
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostApplicationActionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface AddSuggestionBody {
  hostXid: number;
  title: string;
  comments: string;
 }
 /**
- * Add suggestion handler for host applications
+ * Accept host application handler
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -32,22 +27,14 @@ export const handler = safeHandler(async (
  // Verify token and get user info
  const userInfo = await verifyMinglarAdminToken(token);
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: AddSuggestionBody;
+  const { hostXid } = parseBody(event.body, hostApplicationActionSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { hostXid } = body;
  // Add suggestion using service
  await minglarService.acceptHostApplication(hostXid, userInfo.id);
-  const hostDetails = await minglarService.getUserDetails(hostXid)
+  const hostDetails = await minglarService.getUserDetails(userInfo.id)
-  await sendEmailToHostForApprovedApplication(hostDetails.emailAddress, hostDetails.firstName)
+  await sendEmailToHostForApprovedApplication(hostDetails.emailAddress)
  return {
    statusCode: 200,
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/acceptPQByAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/acceptPQByAM.ts
@@ -1,59 +0,0 @@
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { MinglarService } from '../../../services/minglar.service';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { sendAMPQQAcceptanceMailtoHost } from '../../../../minglaradmin/services/approvalMailtoHost.service';
 const minglarService = new MinglarService(prismaClient);
 interface Body {
  activityId: number;
 }
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
  if (!token) throw new ApiError(401, 'This is a protected route. Please provide a valid token.');
  const userInfo = await verifyMinglarAdminToken(token);
  // Parse request body
  let body: Body;
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { activityId } = body;
  if (!activityId) {
    throw new ApiError(400, 'activityId is required');
  }
  await minglarService.acceptPQByAM(
    Number(activityId),
    Number(userInfo.id)
  );
  const hostXid = await minglarService.getHostXidByActivityId(activityId)
  const hostDetails = await minglarService.getUserDetails(hostXid)
  await sendAMPQQAcceptanceMailtoHost(hostDetails.emailAddress, hostDetails.firstName)
  return {
    statusCode: 201,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'Approved PQ successfully',
      data: null,
    }),
  };
 });
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/addPQQSuggestion.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/addPQQSuggestion.ts
@@ -1,18 +1,15 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { MinglarService } from '../../../services/minglar.service';
-// import { HOST_SUGGESTION_TITLES } from '../../../../../common/utils/constants/minglar.constant';
+import ApiError from '../../../../../common/utils/helper/ApiError';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { HOST_SUGGESTION_TITLES } from '../../../../../common/utils/constants/minglar.constant';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { addPqqSuggestionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface AddSuggestionBody {
  title: string;
  comments: string;
  activity_pqq_header_xid:number
 }
 /**
 * Add suggestion handler for host applications
@@ -33,7 +30,7 @@ export const handler = safeHandler(async (
  const userInfo = await verifyMinglarAdminToken(token);
  // Get user details
-  const user = await prismaClient.user.findUnique({
+  const user = await prismaService.user.findUnique({
    where: { id: userInfo.id },
    select: { id: true, roleXid: true }
  });
@@ -42,34 +39,14 @@ export const handler = safeHandler(async (
    throw new ApiError(404, 'User not found');
  }
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: AddSuggestionBody;
+  const { title, comments, activity_pqq_header_xid } = parseBody(event.body, addPqqSuggestionSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { title, comments , activity_pqq_header_xid} = body;
  if (!title) {
    throw new ApiError(400, 'Title is required');
  }
  if (!comments) {
    throw new ApiError(400, 'Comments are required');
  }
  if(!activity_pqq_header_xid){
    throw new ApiError(400 , "Activity Pqq HeaderXid Required");
  }
  // Validate title is one of the allowed types
-  // const allowedTitles = Object.values(HOST_SUGGESTION_TITLES);
+  const allowedTitles = Object.values(HOST_SUGGESTION_TITLES);
-  // if (!allowedTitles.includes(title)) {
+  if (!allowedTitles.includes(title)) {
-  //   throw new ApiError(400, `Invalid title. Allowed values: ${allowedTitles.join(', ')}`);
+    throw new ApiError(400, `Invalid title. Allowed values: ${allowedTitles.join(', ')}`);
-  // }
+  }
  // Add suggestion using service
  await minglarService.addPqqSuggestion(title, comments, activity_pqq_header_xid,user.id);
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/addSuggestion.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/addSuggestion.ts
@@ -1,18 +1,15 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { MinglarService } from '../../../services/minglar.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { HOST_SUGGESTION_TITLES } from '../../../../../common/utils/constants/minglar.constant';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { addHostSuggestionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface AddSuggestionBody {
  hostXid: number;
  title: string;
  comments: string;
  isParent: boolean;
 }
 /**
 * Add suggestion handler for host applications
@@ -33,7 +30,7 @@ export const handler = safeHandler(async (
  const userInfo = await verifyMinglarAdminToken(token);
  // Get user details
-  const user = await prismaClient.user.findUnique({
+  const user = await prismaService.user.findUnique({
    where: { id: userInfo.id },
    select: { id: true, roleXid: true }
  });
@@ -42,38 +39,17 @@ export const handler = safeHandler(async (
    throw new ApiError(404, 'User not found');
  }
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: AddSuggestionBody;
+  const { hostXid, title, comments } = parseBody(event.body, addHostSuggestionSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { hostXid, title, comments, isParent } = body;
  // Validate required fields
  if (!hostXid) {
    throw new ApiError(400, 'Host ID is required');
  }
  if (!title) {
    throw new ApiError(400, 'Title is required');
  }
  if (!comments) {
    throw new ApiError(400, 'Comments are required');
  }
  // Validate title is one of the allowed types
-  // const allowedTitles = Object.values(HOST_SUGGESTION_TITLES);
+  const allowedTitles = Object.values(HOST_SUGGESTION_TITLES);
-  // if (!allowedTitles.includes(title)) {
+  if (!allowedTitles.includes(title)) {
-  //   throw new ApiError(400, `Invalid title. Allowed values: ${allowedTitles.join(', ')}`);
+    throw new ApiError(400, `Invalid title. Allowed values: ${allowedTitles.join(', ')}`);
-  // }
+  }
  // Add suggestion using service
-  await minglarService.addHostSuggestion(hostXid, title, comments, user.id, isParent);
+  await minglarService.addHostSuggestion(hostXid, title, comments, user.id);
  return {
    statusCode: 200,
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/getAllHostApplicationForAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/getAllHostApplicationForAM.ts
@@ -1,12 +1,15 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
 import { MinglarService } from '../../../services/minglar.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
 import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getAllHostApplicationsQuerySchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
 * Get all host applications handler with pagination
@@ -25,7 +28,7 @@ export const handler = safeHandler(async (
  const userInfo = await verifyMinglarAdminToken(token);
  // Get user details including role
-  const user = await prismaClient.user.findUnique({
+  const user = await prismaService.user.findUnique({
    where: { id: userInfo.id },
    select: { id: true, roleXid: true }
  });
@@ -34,15 +37,15 @@ export const handler = safeHandler(async (
    throw new ApiError(404, 'User not found');
  }
-  // Get query parameters
+  // Parse and validate query params using Zod
-  const search = event.queryStringParameters?.search || '';
+  const { search, userStatus, roleFilter } = parseQueryParams(
-  const userStatus = event.queryStringParameters?.userStatus || '';
+    event.queryStringParameters,
-  const roleFilter = event.queryStringParameters?.roleFilter || '';
+    getAllHostApplicationsQuerySchema
  );
  // Parse pagination parameters
  const paginationParams = paginationService.getPaginationFromEvent(event);
  const paginationOptions = paginationService.parsePaginationParams(paginationParams);
  const applicationStatus = event.queryStringParameters?.applicationStatus || '';
  // Get paginated host applications
  const { data, totalCount } = await minglarService.getAllHostApplications(
@@ -51,8 +54,7 @@ export const handler = safeHandler(async (
    search, 
    userStatus, 
    paginationOptions,
-    roleFilter,
+    roleFilter
    applicationStatus
  );
  // Create paginated response
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/getByIdHostDetails.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/getByIdHostDetails.ts
@@ -1,11 +1,15 @@
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { verifyMinglarAdminHostToken } from '@/common/middlewares/jwt/authForMinglarAdmin&Host';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { MinglarService } from '../../../services/minglar.service';
 import { PrismaService } from '@/common/database/prisma.service';
 import { safeHandler } from '@/common/utils/handlers/safeHandler';
 import ApiError from '@/common/utils/helper/ApiError';
 import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { parseQueryParams } from '@/common/utils/validation/validation.utils';
 import { getHostByIdPathSchema } from '@/common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -19,13 +23,8 @@ export const handler = safeHandler(async (
  await verifyMinglarAdminToken(token);
-  const host_xid = event.pathParameters?.host_xid;
+  // Parse and validate path params using Zod
-  if (!host_xid) {
+  const { host_xid } = parseQueryParams(event.pathParameters, getHostByIdPathSchema);
    throw new ApiError(
      400,
      'Host ID is required in path parameters.',
    );
  }
  const hostDetails = await minglarService.getHostDetailsById(Number(host_xid));
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/rejectHostApplicationAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/rejectHostApplicationAM.ts
@@ -1,23 +1,18 @@
-import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
+import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
 import { sendAMRejectionMailtoHost } from '../../../services/rejectionMailtoHost.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostApplicationActionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface AddSuggestionBody {
  hostXid: number;
  title: string;
  comments: string;
 }
 /**
- * Add suggestion handler for host applications
+ * Reject host application handler for Account Managers
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -32,22 +27,14 @@ export const handler = safeHandler(async (
  // Verify token and get user info
  const userInfo = await verifyMinglarAdminToken(token);
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: AddSuggestionBody;
+  const { hostXid } = parseBody(event.body, hostApplicationActionSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { hostXid } = body;
  // Add suggestion using service
  await minglarService.rejectHostApplicationAM(hostXid, userInfo.id);
-  const hostDetails = await minglarService.getUserDetails(hostXid)
+  const hostDetails = await minglarService.getUserDetails(userInfo.id)
-  await sendAMRejectionMailtoHost(hostDetails.emailAddress, hostDetails.firstName)
+  await sendAMRejectionMailtoHost(hostDetails.emailAddress)
  return {
    statusCode: 200,
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/rejectPQQbyAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/rejectPQQbyAM.ts
@@ -1,16 +1,14 @@
 import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { MinglarService } from '@/modules/minglaradmin/services/minglar.service';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { MinglarService } from '../../../services/minglar.service';
+import { parseBody } from '../../../../../common/utils/validation/validation.utils';
-import { sendAMPQQRejectionMailtoHost } from '../../../../minglaradmin/services/rejectionMailtoHost.service';
+import { rejectPqqByAmSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface Body {
  activityId: number;
 }
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -21,28 +19,10 @@ export const handler = safeHandler(async (
  const userInfo = await verifyMinglarAdminToken(token);
-  // Parse request body
+  // Parse and validate body using Zod
-  let body: Body;
+  const { activityId } = parseBody(event.body, rejectPqqByAmSchema);
-  try {
+  await minglarService.rejectPQQbyAM(activityId);
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { activityId } = body;
  if (!activityId) {
    throw new ApiError(400, 'activityId is required');
  }
  await minglarService.rejectPQQbyAM(
    Number(activityId),
    Number(userInfo.id)
  );
  const hostXid = await minglarService.getHostXidByActivityId(activityId)
  const hostDetails = await minglarService.getUserDetails(hostXid)
  await sendAMPQQRejectionMailtoHost(hostDetails.emailAddress, hostDetails.firstName)
  return {
    statusCode: 201,
@@ -52,7 +32,7 @@ export const handler = safeHandler(async (
    },
    body: JSON.stringify({
      success: true,
-      message: 'Rejected PQ successfully',
+      message: 'Rejected successfully',
      data: null,
    }),
  };
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/acceptHostAppMinglar.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/acceptHostAppMinglar.ts
@@ -0,0 +1,54 @@
 import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { sendEmailToHostForMinglarApproval } from '../../../services/approvalMailtoHost.service';
 import { MinglarService } from '../../../services/minglar.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostApplicationActionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
 const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
 * Accept host application handler for Minglar Admin
 */
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
  // Verify authentication token
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
  if (!token) {
    throw new ApiError(401, 'This is a protected route. Please provide a valid token.');
  }
  // Verify token and get user info
  const userInfo = await verifyOnlyMinglarAdminToken(token);
  // Parse and validate request body using Zod
  const { hostXid } = parseBody(event.body, hostApplicationActionSchema);
  // Add suggestion using service
  await minglarService.acceptHostApplicationMinglarAdmin(hostXid, userInfo.id);
  const hostDetails = await minglarService.getUserDetails(userInfo.id)
  if (!hostDetails?.emailAddress) {
    throw new ApiError(404, 'Host details or email address not found');
  }
  await sendEmailToHostForMinglarApproval(hostDetails.emailAddress)
  return {
    statusCode: 200,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'Application accepted successfully',
      data: null,
    }),
  };
 });
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/assignAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/assignAM.ts
@@ -3,18 +3,17 @@ import {
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
-import ApiError from '../../../../../common/utils/helper/ApiError';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { MinglarService } from '../../../services/minglar.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { sendAMEmailForHostAssign } from '../../../services/AMEmail.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { assignAmToHostSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface assignAMToHostBody {
  host_xid: number;
  account_manager_xid: number;
 }
 /**
 * Get all host applications handler
@@ -39,7 +38,7 @@ export const handler = safeHandler(
    const userInfo = await verifyOnlyMinglarAdminToken(token);
    // Get user details including role
-    const user = await prismaClient.user.findUnique({
+    const user = await prismaService.user.findUnique({
      where: { id: userInfo.id },
      select: { id: true, roleXid: true },
    });
@@ -48,16 +47,11 @@ export const handler = safeHandler(
      throw new ApiError(404, 'User not found');
    }
-    // Parse request body
+    // Parse and validate request body using Zod
-    let body: assignAMToHostBody;
+    const { hostXid: host_xid, accountManagerXid: account_manager_xid } = parseBody(
-
+      event.body,
-    try {
+      assignAmToHostSchema
-      body = event.body ? JSON.parse(event.body) : {};
+    );
    } catch (error) {
      throw new ApiError(400, 'Invalid JSON in request body');
    }
    const { host_xid, account_manager_xid } = body;
    // Get all host applications from service based on user role
    await minglarService.assignAMToHost(user.id, host_xid, account_manager_xid);
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/editAgreementDetailsAndAccept.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/editAgreementDetailsAndAccept.ts
@@ -1,23 +1,14 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { editAgreementDetailsSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface assignAMToHostBody {
    host_xid: number,
    agreementStartDate: string,
    duration: number,
    isCommisionBase: boolean,
    commisionPer: number,
    amountPerBooking: number,
    durationFrequency: string,
    payoutDurationNum: number,
    payoutDurationFrequency: string
 }
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -33,7 +24,7 @@ export const handler = safeHandler(async (
    const userInfo = await verifyOnlyMinglarAdminToken(token);
    // Get user details including role
-    const user = await prismaClient.user.findUnique({
+    const user = await prismaService.user.findUnique({
        where: { id: userInfo.id },
        select: { id: true, roleXid: true }
    });
@@ -42,15 +33,7 @@ export const handler = safeHandler(async (
        throw new ApiError(404, 'User not found');
    }
-    // Parse request body
+    // Parse and validate request body using Zod
    let body: assignAMToHostBody;
    try {
        body = event.body ? JSON.parse(event.body) : {};
    } catch (error) {
        throw new ApiError(400, 'Invalid JSON in request body');
    }
    const {
        host_xid,
        agreementStartDate,
@@ -61,11 +44,10 @@ export const handler = safeHandler(async (
        durationFrequency,
        payoutDurationNum,
        payoutDurationFrequency
-    } = body;
+    } = parseBody(event.body, editAgreementDetailsSchema);
-    await minglarService.acceptHostApplicationMinglarAdmin(
+    await minglarService.editAgreementDetails(
        host_xid,
        userInfo.id,
        agreementStartDate,
        duration,
        isCommisionBase,
@@ -73,8 +55,8 @@ export const handler = safeHandler(async (
        amountPerBooking,
        durationFrequency,
        payoutDurationNum,
-        payoutDurationFrequency);
+        payoutDurationFrequency
-    // await sendEmailToHostForMinglarApproval(hostDetails.emailAddress)
+    );
    return {
        statusCode: 200,
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/getAllActivityOfHost.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/getAllActivityOfHost.ts
@@ -1,19 +1,20 @@
-import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
+import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { PrePopulateService } from '../../../../prepopulate/services/prepopulate.service';
 import { MinglarService } from '../../../services/minglar.service';
-import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
+import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getHostByIdAltPathSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
 import { optionalSearchQuerySchema } from '../../../../../common/utils/validation/host/activity.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-const prePopulateService = new PrePopulateService(prismaClient);
+const minglarService = new MinglarService(prismaService);
 const prePopulateService = new PrePopulateService(prismaService);
 /**
- * Add suggestion handler for host applications
+ * Get all activities of a host handler
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
    event: APIGatewayProxyEvent,
@@ -28,20 +29,14 @@ export const handler = safeHandler(async (
    // Verify token and get user info
    const userInfo = await verifyMinglarAdminToken(token);
-    const hostXid = Number(event.pathParameters?.id)
+    // Parse and validate path params using Zod
    const { id: hostXid } = parseQueryParams(event.pathParameters, getHostByIdAltPathSchema);
-    // Get pagination params from event
+    // Parse and validate query params using Zod
-    const paginationParams = paginationService.getPaginationFromEvent(event);
+    const { search, q } = parseQueryParams(event.queryStringParameters, optionalSearchQuerySchema);
-    const paginationOptions = paginationService.parsePaginationParams(paginationParams);
+    const searchTerm = search || q || undefined;
-    // Read optional search query (supports ?search= or ?q=)
+    const data = await minglarService.getAllHostActivityForMinglar(searchTerm, hostXid);
    const search = event.queryStringParameters?.search || event.queryStringParameters?.q || undefined;
    const result = await minglarService.getAllHostActivityForMinglar(
        search ? String(search) : undefined,
        hostXid,
        paginationOptions
    );
    return {
@@ -53,7 +48,7 @@ export const handler = safeHandler(async (
        body: JSON.stringify({
            success: true,
            message: 'Data retrieved successfully',
-            ...result,
+            data,
        }),
    };
 });
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/getAllOnboardingHosts.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/getAllOnboardingHosts.ts
@@ -1,85 +1,53 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
-import {
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-  APIGatewayProxyEvent,
+import { PrismaService } from '../../../../../common/database/prisma.service';
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
 import { MinglarService } from '../../../services/minglar.service';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
 * Get all host applications handler
 * Returns host details with status, submission date, and account manager info
 */
-export const handler = safeHandler(
+export const handler = safeHandler(async (
-  async (
+  event: APIGatewayProxyEvent,
-    event: APIGatewayProxyEvent,
+  context?: Context
-    context?: Context,
+): Promise<APIGatewayProxyResult> => {
-  ): Promise<APIGatewayProxyResult> => {
+  // Verify authentication token
-    // Verify authentication token
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
-    const token =
+  if (!token) {
-      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    throw new ApiError(401, 'This is a protected route. Please provide a valid token.');
-    if (!token) {
+  }
      throw new ApiError(
        401,
        'This is a protected route. Please provide a valid token.',
      );
    }
-    // Verify token and get user info
+  // Verify token and get user info
-    const userInfo = await verifyOnlyMinglarAdminToken(token);
+  const userInfo = await verifyOnlyMinglarAdminToken(token);
-    // Get user details including role
+  // Get user details including role
-    const user = await prismaClient.user.findUnique({
+  const user = await prismaService.user.findUnique({
-      where: { id: userInfo.id },
+    where: { id: userInfo.id },
-      select: { id: true, roleXid: true },
+    select: { id: true, roleXid: true }
-    });
+  });
-    if (!user) {
+  if (!user) {
-      throw new ApiError(404, 'User not found');
+    throw new ApiError(404, 'User not found');
-    }
+  }
-    // Extract optional search query
+  // Get all host applications from service based on user role
-    const queryParams = event.queryStringParameters || {};
+  const hostApplications = await minglarService.getAllOnboardingHostApplications();
    const search =
      (queryParams.search as string) ||
      (queryParams.q as string) ||
      undefined;
-    // Pagination
+  return {
-    const paginationParams = paginationService.getPaginationFromEvent(event);
+    statusCode: 200,
-    const paginationOptions =
+    headers: {
-      paginationService.parsePaginationParams(paginationParams);
+      'Content-Type': 'application/json',
-
+      'Access-Control-Allow-Origin': '*',
-    // Get all host applications from service based on user role
+    },
-    const { data, totalCount } =
+    body: JSON.stringify({
-      await minglarService.getAllOnboardingHostApplications(
+      success: true,
-        paginationOptions,
+      message: 'Host applications retrieved successfully',
-        search,
+      data: hostApplications,
-      );
+    }),
-
+  };
-    const paginatedResponse = paginationService.createPaginatedResponse(
+});
      data,
      totalCount,
      paginationOptions,
    );
    return {
      statusCode: 200,
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
      },
      body: JSON.stringify({
        success: true,
        message: 'Host applications retrieved successfully',
        ...paginatedResponse,
      }),
    };
  },
 );
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/getOnboardingNewApplications.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/getOnboardingNewApplications.ts
@@ -1,85 +1,53 @@
 import {
  APIGatewayProxyEvent,
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
 import { MinglarService } from '../../../services/minglar.service';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 /**
- * Get all NEW host applications handler
+ * Get all host applications handler
 * Returns host details with status, submission date, and account manager info
 */
-export const handler = safeHandler(
+export const handler = safeHandler(async (
  async (
    event: APIGatewayProxyEvent,
-    context?: Context,
+    context?: Context
-  ): Promise<APIGatewayProxyResult> => {
+): Promise<APIGatewayProxyResult> => {
    // Verify authentication token
-    const token =
+    const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
    if (!token) {
-      throw new ApiError(
+        throw new ApiError(401, 'This is a protected route. Please provide a valid token.');
        401,
        'This is a protected route. Please provide a valid token.',
      );
    }
    // Verify token and get user info
    const userInfo = await verifyOnlyMinglarAdminToken(token);
    // Get user details including role
-    const user = await prismaClient.user.findUnique({
+    const user = await prismaService.user.findUnique({
-      where: { id: userInfo.id },
+        where: { id: userInfo.id },
-      select: { id: true, roleXid: true },
+        select: { id: true, roleXid: true }
    });
    if (!user) {
-      throw new ApiError(404, 'User not found');
+        throw new ApiError(404, 'User not found');
    }
    // Extract optional search query
    const queryParams = event.queryStringParameters || {};
    const search =
      (queryParams.search as string) ||
      (queryParams.q as string) ||
      undefined;
    // Pagination
    const paginationParams = paginationService.getPaginationFromEvent(event);
    const paginationOptions =
      paginationService.parsePaginationParams(paginationParams);
    // Get all host applications from service based on user role
-    const { data, totalCount } =
+    const hostApplications = await minglarService.getAllOnboardingHostApplications_New();
      await minglarService.getAllOnboardingHostApplications_New(
        paginationOptions,
        search,
      );
    const paginatedResponse = paginationService.createPaginatedResponse(
      data,
      totalCount,
      paginationOptions,
    );
    return {
-      statusCode: 200,
+        statusCode: 200,
-      headers: {
+        headers: {
-        'Content-Type': 'application/json',
+            'Content-Type': 'application/json',
-        'Access-Control-Allow-Origin': '*',
+            'Access-Control-Allow-Origin': '*',
-      },
+        },
-      body: JSON.stringify({
+        body: JSON.stringify({
-        success: true,
+            success: true,
-        message: 'Host applications retrieved successfully',
+            message: 'Host applications retrieved successfully',
-        ...paginatedResponse,
+            data: hostApplications,
-      }),
+        }),
    };
-  },
+});
 );
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/rejectHostApplication.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/rejectHostApplication.ts
@@ -1,23 +1,18 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
 import { sendEmailToHostForRejectedApplication } from '../../../services/rejectionMailtoHost.service';
 import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { hostApplicationActionSchema } from '../../../../../common/utils/validation/minglaradmin/hosthub.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface AddSuggestionBody {
  hostXid: number;
  title: string;
  comments: string;
 }
 /**
- * Add suggestion handler for host applications
+ * Reject host application handler for Minglar Admin
 * Allows Minglar Admin, Co_Admin, and Account Manager to add suggestions
 * Types: Setup Profile, Review Account, Add Payment Details, Agreement
 */
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -32,21 +27,13 @@ export const handler = safeHandler(async (
  // Verify token and get user info
  const userInfo = await verifyOnlyMinglarAdminToken(token);
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: AddSuggestionBody;
+  const { hostXid } = parseBody(event.body, hostApplicationActionSchema);
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { hostXid } = body;
  // Add suggestion using service
  await minglarService.rejectHostApplication(hostXid, userInfo.id);
-  const hostDetails = await minglarService.getUserDetails(hostXid)
+  const hostDetails = await minglarService.getUserDetails(userInfo.id)
  if (!hostDetails?.emailAddress) {
    throw new ApiError(404, 'Host details or email address not found');
  }
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/showSuggestionToAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/showSuggestionToAM.ts
@@ -1,51 +0,0 @@
 import { verifyMinglarAdminToken } from '@/common/middlewares/jwt/authForMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../../minglaradmin/services/minglar.service';
 const minglarService = new MinglarService(prismaClient);
 /**
 * Get suggestions handler
 * Retrieves suggestions based on user's role and host assignments
 */
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
  // Verify authentication token
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
  if (!token) {
    throw new ApiError(401, 'This is a protected route. Please provide a valid token.');
  }
  // Verify token and get user info
  await verifyMinglarAdminToken(token);
  const hostXid = Number(event.pathParameters?.hostXid)
  if (!hostXid) {
    throw new ApiError(
      400,
      'Host ID is required in path parameters.',
    );
  }
  // Get suggestions using service
  const suggestions = await minglarService.getSuggestionsForAM(hostXid);
  return {
    statusCode: 200,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'Suggestions retrieved successfully',
      data: suggestions,
    }),
  };
 });
--- a/src/modules/minglaradmin/handlers/hosthub/pqp/getAllPQPDetailsForAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/pqp/getAllPQPDetailsForAM.ts
@@ -1,49 +0,0 @@
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
 import { MinglarService } from '../../../services/minglar.service';
 import { verifyMinglarAdminHostToken } from '../../../../../common/middlewares/jwt/authForMinglarAdminHost';
 const minglarService = new MinglarService(prismaClient);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
  // Get host ID from path parameters
  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token']
  if (!token) {
    throw new ApiError(400, 'This is a protected route. Please provide a valid token.');
  }
  await verifyMinglarAdminHostToken(token);
  const activityXid = event.pathParameters?.activityXid;
  if (!activityXid) {
    throw new ApiError(
      400,
      'Host ID is required in path parameters.',
    );
  }
  const pqpDetails = await minglarService.getAllPQPDetailsForAM(Number(activityXid));
  if (!pqpDetails) {
    throw new ApiError(404, 'Record not found');
  }
  return {
    statusCode: 200,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'PQ details retrieved successfully',
      data: pqpDetails,
    }),
  };
 });
--- a/src/modules/minglaradmin/handlers/loginForMinglar.ts
+++ b/src/modules/minglaradmin/handlers/loginForMinglar.ts
@@ -1,36 +1,25 @@
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../common/database/prisma.service';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { GetMinglarLoginResponseDTO } from '../dto/minglar.dto';
 import { MinglarService } from '../services/minglar.service';
 import { TokenService } from "../services/token.service";
 import { parseBody } from '../../../common/utils/validation/validation.utils';
 import { minglarLoginSchema } from '../../../common/utils/validation/minglaradmin/auth.validation';
-const minglarSerivce = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-const tokenService = new TokenService(prismaClient);
+const minglarSerivce = new MinglarService(prismaService);
 const tokenService = new TokenService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { emailAddress?: string; userPassword?: string };
+  const { emailAddress, userPassword } = parseBody(event.body, minglarLoginSchema);
-  try {
+  const loginForMinglar = await minglarSerivce.loginForMinglar(emailAddress, userPassword);
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { emailAddress, userPassword } = body;
  if (!emailAddress) {
    throw new ApiError(400, 'Email is required');
  }
  const emailToLowerCase = emailAddress.toLowerCase()
  const loginForMinglar = await minglarSerivce.loginForMinglar(emailToLowerCase, userPassword);
  if (!loginForMinglar) {
    throw new ApiError(400, 'Failed to login');
--- a/src/modules/minglaradmin/handlers/prepopulateRole.ts
+++ b/src/modules/minglaradmin/handlers/prepopulateRole.ts
@@ -3,13 +3,13 @@ import {
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../common/database/prisma.lambda.service';
 import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
 import { ROLE } from '../../../common/utils/constants/common.constant';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import { PrismaService } from '../../../common/database/prisma.service';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { ROLE } from '../../../common/utils/constants/common.constant';
 import { verifyMinglarAdminToken } from '../../../common/middlewares/jwt/authForMinglarAdmin';
-const prismaService = prismaClient;
+const prismaService = new PrismaService();
 export const handler = safeHandler(
  async (
    event: APIGatewayProxyEvent,
--- a/src/modules/minglaradmin/handlers/registration.ts
+++ b/src/modules/minglaradmin/handlers/registration.ts
@@ -1,41 +1,28 @@
-import { ROLE, USER_STATUS } from '../../../common/utils/constants/common.constant';
+import { ROLE, USER_STATUS } from '@/common/utils/constants/common.constant';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../common/database/prisma.service';
 import { safeHandler } from '../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../common/utils/helper/ApiError';
 import { generateOtpHelper } from '../../../common/utils/helper/sendOtp';
 import { MinglarService } from './../services/minglar.service';
 import { sendOtpEmailForMinglarAdmin } from '../services/sendOTPEmail.service';
 import { MinglarService } from './../services/minglar.service';
 import { parseBody } from '../../../common/utils/validation/validation.utils';
 import { minglarRegistrationSchema } from '../../../common/utils/validation/minglaradmin/auth.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context
 ): Promise<APIGatewayProxyResult> => {
-  // Parse request body
+  // Parse and validate request body using Zod
-  let body: { email?: string };
+  const { email } = parseBody(event.body, minglarRegistrationSchema);
-  try {
+  const user = await prismaService.user.findUnique({
-    body = event.body ? JSON.parse(event.body) : {};
+    where: { emailAddress: email, isActive: true, userStatus: USER_STATUS.INVITED },
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const { email } = body;
  if (!email) {
    throw new ApiError(400, 'Email is required');
  }
  console.log(email, " -: Email")
  const emailToLowerCase = email.toLowerCase()
  const user = await prismaClient.user.findUnique({
    where: { emailAddress: emailToLowerCase, isActive: true, userStatus: USER_STATUS.INVITED },
    select: { emailAddress: true, id: true, userPassword: true, roleXid: true },
  });
  console.log(user, "sljdfjdf")
  if (!user) {
    throw new ApiError(403, 'You are not allowed to register directly. Please contact minglar admin.');
@@ -58,7 +45,7 @@ export const handler = safeHandler(async (
  }
  const otpResult = await generateOtpHelper(
-    prismaClient,          // ⭐ pass Prisma from here
+    prismaService,          // ⭐ pass Prisma from here
    Number(newUser?.id),
    newUser?.emailAddress,
    'Register',
@@ -71,7 +58,7 @@ export const handler = safeHandler(async (
    throw new ApiError(500, 'Failed to send OTP');
  }
-  await sendOtpEmailForMinglarAdmin(newUser?.emailAddress, otpResult.otp);
+  // await sendOtpEmailForMinglarAdmin(newUser?.emailAddress, otpResult.otp);
  return {
    statusCode: 200,
--- a/src/modules/minglaradmin/handlers/settings/teammates/getAllCoadminAndAM.ts
+++ b/src/modules/minglaradmin/handlers/settings/teammates/getAllCoadminAndAM.ts
@@ -1,11 +1,14 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
 import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getAllCoadminAndAMQuerySchema } from '../../../../../common/utils/validation/minglaradmin/teammate.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
@@ -20,8 +23,8 @@ export const handler = safeHandler(async (
  // Authenticate user using the shared authForHost function
  await verifyOnlyMinglarAdminToken(token);
-  // Extract search parameter from query string
+  // Parse and validate query params using Zod
-  const search = event.queryStringParameters?.search || '';
+  const { search } = parseQueryParams(event.queryStringParameters, getAllCoadminAndAMQuerySchema);
  const response = await minglarService.getAllCoadminAndAM(search);
--- a/src/modules/minglaradmin/handlers/settings/teammates/getAllInvitationDetails.ts
+++ b/src/modules/minglaradmin/handlers/settings/teammates/getAllInvitationDetails.ts
@@ -1,64 +1,44 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
-import {
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-  APIGatewayProxyEvent,
+import { PrismaService } from '../../../../../common/database/prisma.service';
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
-import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
+import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getInvitationDetailsQuerySchema } from '../../../../../common/utils/validation/minglaradmin/teammate.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
-export const handler = safeHandler(
+export const handler = safeHandler(async (
-  async (
+  event: APIGatewayProxyEvent,
-    event: APIGatewayProxyEvent,
+  context?: Context
-    context?: Context,
+): Promise<APIGatewayProxyResult> => {
-  ): Promise<APIGatewayProxyResult> => {
+  // Extract token from headers
-    // Extract token from headers
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token']
-    const token =
+  if(!token) {
-      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    throw new ApiError(400, 'This is a protected route. Please provide a valid token.');
-    if (!token) {
+  }
      throw new ApiError(
        400,
        'This is a protected route. Please provide a valid token.',
      );
    }
-    // Authenticate user using the shared authForHost function
+  // Authenticate user using the shared authForHost function
-    await verifyOnlyMinglarAdminToken(token);
+  await verifyOnlyMinglarAdminToken(token);
-    // Extract search parameter from query string
+  // Parse and validate query params using Zod
-    const search = event.queryStringParameters?.search || '';
+  const { search } = parseQueryParams(event.queryStringParameters, getInvitationDetailsQuerySchema);
-    const paginationParams = paginationService.getPaginationFromEvent(event);
+  const result = await minglarService.getAllInvitationDetails(search);
    const paginationOptions =
      paginationService.parsePaginationParams(paginationParams);
-    const { data, totalCount } = await minglarService.getAllInvitationDetails(
+  return {
-      search,
+    statusCode: 200,
-      paginationOptions,
+    headers: {
-    );
+      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'Data retrieved successfully',
      data: result,
    }),
  };
 });
    const paginatedResponse = paginationService.createPaginatedResponse(
      data,
      totalCount,
      paginationOptions,
    );
    return {
      statusCode: 200,
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
      },
      body: JSON.stringify({
        success: true,
        message: 'Data retrieved successfully',
        ...paginatedResponse,
      }),
    };
  },
 );
--- a/src/modules/minglaradmin/handlers/settings/teammates/getAllInvitedCoadminAndAM.ts
+++ b/src/modules/minglaradmin/handlers/settings/teammates/getAllInvitedCoadminAndAM.ts
@@ -1,63 +1,44 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
-import {
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-  APIGatewayProxyEvent,
+import { PrismaService } from '../../../../../common/database/prisma.service';
  APIGatewayProxyResult,
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { MinglarService } from '../../../services/minglar.service';
-import { paginationService } from '../../../../../common/utils/pagination/pagination.service';
+import { parseQueryParams } from '../../../../../common/utils/validation/validation.utils';
 import { getAllInvitedCoadminAndAMQuerySchema } from '../../../../../common/utils/validation/minglaradmin/teammate.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
 const minglarService = new MinglarService(prismaService);
-export const handler = safeHandler(
+export const handler = safeHandler(async (
-  async (
+  event: APIGatewayProxyEvent,
-    event: APIGatewayProxyEvent,
+  context?: Context
-    context?: Context,
+): Promise<APIGatewayProxyResult> => {
-  ): Promise<APIGatewayProxyResult> => {
+  // Extract token from headers
-    // Extract token from headers
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token']
-    const token =
+  if(!token) {
-      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    throw new ApiError(400, 'This is a protected route. Please provide a valid token.');
-    if (!token) {
+  }
      throw new ApiError(
        400,
        'This is a protected route. Please provide a valid token.',
      );
    }
-    // Authenticate user using the shared authForHost function
+  // Authenticate user using the shared authForHost function
-    await verifyOnlyMinglarAdminToken(token);
+  await verifyOnlyMinglarAdminToken(token);
-    // Extract search parameter from query string
+  // Parse and validate query params using Zod
-    const search = event.queryStringParameters?.search || '';
+  const { search } = parseQueryParams(event.queryStringParameters, getAllInvitedCoadminAndAMQuerySchema);
-    // Pagination
+  const response = await minglarService.getAllInvitedCoadminAndAM(search);
    const paginationParams = paginationService.getPaginationFromEvent(event);
    const paginationOptions =
      paginationService.parsePaginationParams(paginationParams);
-    const { data, totalCount } =
+  return {
-      await minglarService.getAllInvitedCoadminAndAM(search, paginationOptions);
+    statusCode: 200,
    headers: {
      'Content-Type': 'application/json',
      'Access-Control-Allow-Origin': '*',
    },
    body: JSON.stringify({
      success: true,
      message: 'Data retrieved successfully',
      data: response,
    }),
  };
 });
    const paginatedResponse = paginationService.createPaginatedResponse(
      data,
      totalCount,
      paginationOptions,
    );
    return {
      statusCode: 200,
      headers: {
        'Content-Type': 'application/json',
        'Access-Control-Allow-Origin': '*',
      },
      body: JSON.stringify({
        success: true,
        message: 'Data retrieved successfully',
        ...paginatedResponse,
      }),
    };
  },
 );
--- a/src/modules/minglaradmin/handlers/settings/teammates/inviteTeammate.ts
+++ b/src/modules/minglaradmin/handlers/settings/teammates/inviteTeammate.ts
@@ -1,21 +1,15 @@
-import { verifyOnlyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForOnlyMinglarAdmin';
+import { verifyOnlyMinglarAdminToken } from '@/common/middlewares/jwt/authForOnlyMinglarAdmin';
 import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
-import { prismaClient } from '../../../../../common/database/prisma.lambda.service';
+import { PrismaService } from '../../../../../common/database/prisma.service';
 import { ROLE } from '../../../../../common/utils/constants/common.constant';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { sendInvitationEmailForMinglarAdmin } from '../../../services/inviteTeammatesEmail.service';
 import { MinglarService } from '../../../services/minglar.service';
-import config from '../../../../../config/config';
+import { parseBody } from '../../../../../common/utils/validation/validation.utils';
 import { inviteTeammateSchema } from '../../../../../common/utils/validation/minglaradmin/teammate.validation';
-const minglarService = new MinglarService(prismaClient);
+const prismaService = new PrismaService();
-
+const minglarService = new MinglarService(prismaService);
 interface InviteTeammateBody {
  emailAddress: string;
  roleXid: number;
  isFixedSalary: boolean;
  perValue?: number;
 }
 /**
 * Invite teammate handler
@@ -36,52 +30,17 @@ export const handler = safeHandler(async (
  // Verify token and get user info
  const userInfo = await verifyOnlyMinglarAdminToken(token);
-  // Parse request body
+  // Parse and validate request body using Zod
  let body: InviteTeammateBody;
  try {
    body = event.body ? JSON.parse(event.body) : {};
  } catch (error) {
    throw new ApiError(400, 'Invalid JSON in request body');
  }
  const {
    emailAddress,
    roleXid,
    isFixedSalary,
    perValue
-  } = body;
+  } = parseBody(event.body, inviteTeammateSchema);
  // Validate required fields
  if (!emailAddress) {
    throw new ApiError(400, 'Email address is required');
  }
  if (!roleXid) {
    throw new ApiError(400, 'Role is required');
  }
  const emailToLowerCase = emailAddress.toLowerCase()
  // Validate role is either Co_Admin or Account_Manager
  if (![ROLE.CO_ADMIN, ROLE.ACCOUNT_MANAGER].includes(roleXid)) {
    throw new ApiError(400, 'Invalid role. Only Co_Admin and Account_Manager roles can be assigned.');
  }
  // Validate revenue details
  if (ROLE.ACCOUNT_MANAGER === roleXid) {
    if (!isFixedSalary && !perValue) {
      throw new ApiError(400, 'Revenue details are required');
    }
  }
  if (perValue && perValue <= 0) {
    throw new ApiError(400, 'Per value must be greater than 0');
  }
  // Use single service method that encapsulates the transaction
  await minglarService.inviteTeammate(
-    emailToLowerCase,
+    emailAddress,
    roleXid,
    isFixedSalary,
    perValue || 0,
@@ -89,7 +48,7 @@ export const handler = safeHandler(async (
  );
  // send email after transaction commits
-  await sendInvitationEmailForMinglarAdmin(emailToLowerCase, config.AM_INVITATION_LINK);
+  await sendInvitationEmailForMinglarAdmin(emailAddress);
  return {
    statusCode: 200,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
paritosh18	507797d27a	refactor: update serverless configuration and function definitions for Minglar service - Renamed service from `minglarDev` to `minglar`. - Updated Prisma layer reference to use qualified ARN for better deployment handling. - Added new HTTP API endpoints for host management and onboarding processes. - Removed unnecessary patterns from the package configurations in `minglaradmin.yml` to streamline the deployment process.	2025-12-05 13:17:48 +05:30
paritosh18	d8687edb9f	feat: add Prisma layer build scripts and configuration for Lambda deployment	2025-11-30 12:17:20 +05:30
paritosh18	6011318986	refactor: remove unused middleware and utility files related to Minglar Admin authentication and constants - Deleted `authForMinglarAdmin.ts` middleware as it is no longer needed. - Removed `minglar.constant.ts` which contained constants for Minglar-related functionalities. - Eliminated `prisma.service.ts` as it was redundant in the current architecture. - Cleared out `ApiError.ts` utility that handled error responses for Prisma-related operations.	2025-11-30 11:30:10 +05:30
paritosh18	28175bbd7d	Replace verifyHostToken with verifyMinglarAdminHostToken for user authentication in getCityByState handler	2025-11-29 20:42:56 +05:30
paritosh18	572420823c	Refactor validation schemas to remove unnecessary required_error messages and update host user query to use correct field names	2025-11-29 19:45:43 +05:30
paritosh18	9706e5b66b	Refactor handlers to use Zod for request body and query parameter validation - Updated `resendOtp.ts` to parse and validate request body using Zod. - Refactored `createPassword.ts` to utilize Zod for body validation. - Modified `getAMDetail_ById.ts` to implement Zod for path parameter validation. - Changed `acceptHostApplication.ts` to use Zod for request body validation. - Updated `addPQQSuggestion.ts` to validate request body with Zod. - Refactored `addSuggestion.ts` to use Zod for body validation. - Modified `getAllHostApplicationForAM.ts` to implement Zod for query parameter validation. - Changed `getByIdHostDetails.ts` to use Zod for path parameter validation. - Updated `rejectHostApplicationAM.ts` to validate request body with Zod. - Refactored `rejectPQQbyAM.ts` to use Zod for body validation. - Modified `acceptHostAppMinglar.ts` to implement Zod for request body validation. - Changed `assignAM.ts` to use Zod for request body validation. - Updated `editAgreementDetails.ts` to validate request body with Zod. - Refactored `getAllActivityOfHost.ts` to implement Zod for path and query parameter validation. - Changed `rejectHostApplication.ts` to use Zod for request body validation. - Updated `loginForMinglar.ts` to validate request body with Zod. - Refactored `registration.ts` to implement Zod for request body validation. - Modified `getAllCoadminAndAM.ts` to use Zod for query parameter validation. - Changed `getAllInvitationDetails.ts` to implement Zod for query parameter validation. - Updated `getAllInvitedCoadminAndAM.ts` to validate query parameters with Zod. - Refactored `inviteTeammate.ts` to use Zod for request body validation. - Modified `getBranchByBank.ts` to implement Zod for query parameter validation. - Changed `getCityByState.ts` to use Zod for query parameter validation.	2025-11-29 19:39:28 +05:30