added reason in cancel api

payment serive
added cancel iteneray api
2026-04-20 20:04:35 +05:30 · 2026-04-20 18:57:46 +05:30 · 2026-04-20 17:25:49 +05:30 · 2026-04-17 16:28:47 +05:30 · 2026-04-17 15:33:47 +05:30 · 2026-04-17 15:06:09 +05:30
52 changed files with 7114 additions and 588 deletions
--- a/package.json
+++ b/package.json
@@ -70,6 +70,7 @@
    "pdf-lib": "^1.17.1",
    "pizzip": "^3.2.0",
    "prisma": "^7.0.1",
+    "razorpay": "^2.9.6",
    "reflect-metadata": "^0.1.13",
    "rxjs": "^7.8.1",
    "serverless": "4.24.0",
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -32,6 +32,8 @@ model User {
  isMobileVerfied       Boolean?  @default(false) @map("is_mobile_verified")
  isProfileUpdated      Boolean?  @default(false) @map("is_profile_updated")
  userRefNumber         String?   @unique @map("user_ref_number") @db.VarChar(20)
+  dataConsentAccepted   Boolean?  @default(false) @map("data_consent_accepted")
+  dataConsentAcceptedOn DateTime? @map("data_consent_accepted_on")
  isActive              Boolean?  @default(true) @map("is_active")
  createdAt             DateTime? @default(now()) @map("created_at")
  updatedAt             DateTime? @updatedAt @map("updated_at")
@@ -59,8 +61,11 @@ model User {
  ActivitySOSDetails     ActivitySOSDetails[]
  ActivityFeedbacks      ActivityFeedbacks[]
  ItineraryDetails       ItineraryDetails[]
+  paymentOrders          PaymentOrders[]
  inviteDetails          InviteDetails[]          @relation("InvitedUser")
  invitedInviteDetails   InviteDetails[]          @relation("InviterUser")
+  hostMembers           HostMembers[]            @relation("HostMemberUser")
+  invitedHostMembers    HostMembers[]            @relation("HostMemberInviter")
  userRevenues           UserRevenue[]
  userInterests          UserInterests[]
  connectDetails         ConnectDetails[]
@@ -76,6 +81,9 @@ model User {
  // 🔹 Activities where this user is Account Manager
  managedActivities Activities[]      @relation("ActivityAccountManager")
  activitySortings  ActivitySorting[]
+  sentActivityMessages     ActivityMessages[] @relation("ActivityMessageSender")
+  receivedActivityMessages ActivityMessages[] @relation("ActivityMessageReceiver")
+  chatConnections          ChatConnections[]

  @@map("users")
  @@schema("usr")
@@ -671,6 +679,8 @@ model Roles {
  updatedAt DateTime  @updatedAt @map("updated_at")
  deletedAt DateTime? @map("deleted_at")
  User      User[]
+  hostMembers             HostMembers[]             @relation("HostMemberRole")
+  hostRolePermissionMasters HostRolePermissionMasters[] @relation("HostRolePermissionMasterRole")

  @@map("roles")
  @@schema("mst")
@@ -729,6 +739,22 @@ model Token {
  @@schema("usr")
 }

+model ChatConnections {
+  id           Int       @id @default(autoincrement())
+  userXid      Int       @map("user_xid")
+  user         User      @relation(fields: [userXid], references: [id], onDelete: Cascade)
+  activityXid  Int?      @map("activity_xid")
+  connectionId String    @unique @map("connection_id") @db.VarChar(200)
+  isActive     Boolean   @default(true) @map("is_active")
+  createdAt    DateTime  @default(now()) @map("created_at")
+  updatedAt    DateTime  @updatedAt @map("updated_at")
+  deletedAt    DateTime? @map("deleted_at")
+
+  @@index([userXid, activityXid])
+  @@map("chat_connections")
+  @@schema("usr")
+}
+
 //HOST MODELS

 model HostHeader {
@@ -787,6 +813,8 @@ model HostHeader {
  HostBankDetails         HostBankDetails[]
  HostDocuments           HostDocuments[]
  HostSuggestion          HostSuggestion[]
+  hostMembers             HostMembers[]
+  hostRolePermissionMasters HostRolePermissionMasters[]
  hostParent              HostParent[]
  HostTrack               HostTrack[]
  Activities              Activities[]
@@ -818,13 +846,90 @@ model HostBankDetails {
  @@schema("hst")
 }

+model HostMembers {
+  id            Int       @id @default(autoincrement())
+  hostXid       Int       @map("host_xid")
+  host          HostHeader @relation(fields: [hostXid], references: [id], onDelete: Cascade)
+  userXid       Int       @map("user_xid")
+  user          User      @relation("HostMemberUser", fields: [userXid], references: [id], onDelete: Cascade)
+  roleXid       Int       @map("role_xid")
+  role          Roles     @relation("HostMemberRole", fields: [roleXid], references: [id], onDelete: Restrict)
+  hostRolePermissionMasterXid Int? @map("host_role_permission_master_xid")
+  hostRolePermissionMaster     HostRolePermissionMasters? @relation(fields: [hostRolePermissionMasterXid], references: [id], onDelete: Restrict)
+  memberStatus  String    @default("invited") @map("member_status") @db.VarChar(20)
+  invitedByXid  Int?      @map("invited_by_xid")
+  invitedBy     User?     @relation("HostMemberInviter", fields: [invitedByXid], references: [id], onDelete: Restrict)
+  invitedOn     DateTime  @default(now()) @map("invited_on")
+  acceptedOn    DateTime? @map("accepted_on")
+  isActive      Boolean   @default(true) @map("is_active")
+  createdAt     DateTime  @default(now()) @map("created_at")
+  updatedAt     DateTime  @updatedAt @map("updated_at")
+  deletedAt     DateTime? @map("deleted_at")
+  managedActivities HostMemberActivities[]
+
+  @@unique([hostXid, userXid])
+  @@map("host_members")
+  @@schema("hst")
+}
+
+model HostRolePermissionMasters {
+  id               Int      @id @default(autoincrement())
+  hostXid          Int      @map("host_xid")
+  host             HostHeader @relation(fields: [hostXid], references: [id], onDelete: Cascade)
+  roleXid          Int      @map("role_xid")
+  role             Roles    @relation("HostRolePermissionMasterRole", fields: [roleXid], references: [id], onDelete: Restrict)
+  permissionMasterXids Json  @map("permission_master_xids")
+  isActive         Boolean  @default(true) @map("is_active")
+  createdAt        DateTime @default(now()) @map("created_at")
+  updatedAt        DateTime @updatedAt @map("updated_at")
+  deletedAt        DateTime? @map("deleted_at")
+  hostMembers      HostMembers[]
+
+  @@unique([hostXid, roleXid])
+  @@map("host_role_permission_masters")
+  @@schema("hst")
+}
+
+model HostPermissionMasters {
+  id                Int      @id @default(autoincrement())
+  permissionKey     String   @unique @map("permission_key") @db.VarChar(120)
+  permissionGroup   String   @map("permission_group") @db.VarChar(80)
+  permissionSection String   @map("permission_section") @db.VarChar(80)
+  permissionAction  String   @map("permission_action") @db.VarChar(20)
+  displayLabel      String   @map("display_label") @db.VarChar(120)
+  displayOrder      Int      @map("display_order")
+  isActive          Boolean  @default(true) @map("is_active")
+  createdAt         DateTime @default(now()) @map("created_at")
+  updatedAt         DateTime @updatedAt @map("updated_at")
+  deletedAt         DateTime? @map("deleted_at")
+
+  @@map("host_permission_masters")
+  @@schema("mst")
+}
+
+model HostMemberActivities {
+  id           Int        @id @default(autoincrement())
+  hostMemberXid Int        @map("host_member_xid")
+  hostMember    HostMembers @relation(fields: [hostMemberXid], references: [id], onDelete: Cascade)
+  activityXid   Int        @map("activity_xid")
+  activity      Activities @relation(fields: [activityXid], references: [id], onDelete: Cascade)
+  isActive      Boolean    @default(true) @map("is_active")
+  createdAt     DateTime   @default(now()) @map("created_at")
+  updatedAt     DateTime   @updatedAt @map("updated_at")
+  deletedAt     DateTime?  @map("deleted_at")
+
+  @@unique([hostMemberXid, activityXid])
+  @@map("host_member_activities")
+  @@schema("hst")
+}
+
 model HostDocuments {
  id              Int          @id @default(autoincrement())
  hostXid         Int          @map("host_xid")
  host            HostHeader   @relation(fields: [hostXid], references: [id], onDelete: Cascade)
  documentTypeXid Int          @map("document_type_xid")
  documentType    DocumentType @relation(fields: [documentTypeXid], references: [id], onDelete: Restrict)
-  documentName    String       @map("document_name") @db.VarChar(20)
+  documentName    String       @map("document_name") @db.VarChar(50)
  filePath        String       @map("file_path") @db.VarChar(400)
  isActive        Boolean      @default(true) @map("is_active")
  createdAt       DateTime     @default(now()) @map("created_at")
@@ -874,7 +979,10 @@ model HostParent {
  id                   Int                    @id @default(autoincrement())
  hostXid              Int                    @map("host_xid")
  host                 HostHeader             @relation(fields: [hostXid], references: [id], onDelete: Cascade)
-  companyName          String                 @map("company_name") @db.VarChar(100)
+  companyName          String?                @map("company_name") @db.VarChar(100)
+  firstName            String?                @map("first_name") @db.VarChar(50)
+  lastName             String?                @map("last_name") @db.VarChar(50)
+  mobileNumber         String?                @map("mobile_number") @db.VarChar(15)
  address1             String?                @map("address_1") @db.VarChar(150)
  address2             String?                @map("address_2") @db.VarChar(150)
  cityXid              Int?                   @map("city_xid")
@@ -1030,11 +1138,31 @@ model Activities {
  activityCuisines              ActivityCuisine[]
  activityPickUpTransports      ActivityPickUpTransport[]
  userBucketInterests           UserBucketInterested[]
+  activityMessages              ActivityMessages[]
+  assignedHostMembers           HostMemberActivities[]

  @@map("activities")
  @@schema("act")
 }

+model ActivityMessages {
+  id          Int        @id @default(autoincrement())
+  activityXid Int        @map("activity_xid")
+  activity    Activities @relation(fields: [activityXid], references: [id], onDelete: Cascade)
+  senderXid   Int        @map("sender_xid")
+  sender      User       @relation("ActivityMessageSender", fields: [senderXid], references: [id], onDelete: Restrict)
+  receivedXid Int        @map("received_xid")
+  received    User       @relation("ActivityMessageReceiver", fields: [receivedXid], references: [id], onDelete: Restrict)
+  message     String     @map("message") @db.VarChar(2000)
+  status      String     @default("unread") @map("status") @db.VarChar(30)
+  createdAt   DateTime   @default(now()) @map("created_at")
+  updatedAt   DateTime   @updatedAt @map("updated_at")
+
+  @@index([activityXid, senderXid, receivedXid])
+  @@map("activity_messages")
+  @@schema("act")
+}
+
 model ActivityOtherDetails {
  id                Int        @id @default(autoincrement())
  activityXid       Int        @map("activity_xid")
@@ -1367,6 +1495,7 @@ model ActivityFoodTypes {
  createdAt                           DateTime                             @default(now()) @map("created_at")
  updatedAt                           DateTime                             @updatedAt @map("updated_at")
  deletedAt                           DateTime?                            @map("deleted_at")
+  itineraryActivitySelectionFoodTypes ItineraryActivitySelectionFoodType[]

  @@map("activity_food_types")
  @@schema("act")
@@ -1417,6 +1546,7 @@ model ActivityEquipments {
  updatedAt                            DateTime                              @updatedAt @map("updated_at")
  deletedAt                            DateTime?                             @map("deleted_at")
  ActivityEquipmentTaxes               ActivityEquipmentTaxes[]
+  itineraryActivitySelectionEquipments ItineraryActivitySelectionEquipment[]

  @@map("activity_equipments")
  @@schema("act")
@@ -1452,6 +1582,7 @@ model ActivityNavigationModes {
  updatedAt                    DateTime                       @updatedAt @map("updated_at")
  deletedAt                    DateTime?                      @map("deleted_at")
  ActivityNavigationModesTaxes ActivityNavigationModesTaxes[]
+  ItineraryActivitySelections  ItineraryActivitySelection[]

  @@map("activity_navigation_modes")
  @@schema("act")
@@ -1648,6 +1779,7 @@ model ItineraryHeader {
  toDate                    DateTime                    @map("to_date")
  toTime                    String                      @map("to_time") @db.VarChar(30)
  itineraryStatus           String                      @default("draft") @map("itinerary_status") @db.VarChar(30)
+  cancellationReason        String?                     @map("cancellation_reason")
  isActive                  Boolean                     @default(true) @map("is_active")
  createdAt                 DateTime                    @default(now()) @map("created_at")
  updatedAt                 DateTime                    @updatedAt @map("updated_at")
@@ -1655,6 +1787,7 @@ model ItineraryHeader {
  ItineraryMembers          ItineraryMembers[]
  ItineraryStartStopDetails ItineraryStartStopDetails[]
  ItineraryActivities       ItineraryActivities[]
+  paymentOrders             PaymentOrders[]

  @@map("itinerary_header")
  @@schema("itn")
@@ -1678,6 +1811,7 @@ model ItineraryMembers {
  User                        User?                        @relation(fields: [userId], references: [id])
  userId                      Int?
  ItineraryDetails            ItineraryDetails[]
+  itineraryActivitySelections ItineraryActivitySelection[]

  @@map("itinerary_members")
  @@schema("itn")
@@ -1711,17 +1845,18 @@ model ItineraryActivities {
  id                          Int                          @id @default(autoincrement())
  itineraryHeaderXid          Int                          @map("itinerary_header_xid")
  itineraryHeader             ItineraryHeader              @relation(fields: [itineraryHeaderXid], references: [id], onDelete: Cascade)
+  displayOrder                Int                          @default(0) @map("display_order")
  itineraryType               String                       @map("itinerary_type") @db.VarChar(30)
-  activityXid          Int                  @map("activity_xid")
-  activity             Activities           @relation(fields: [activityXid], references: [id], onDelete: Restrict)
-  scheduledHeaderXid   Int                  @map("scheduled_header_xid")
-  scheduledHeader      ScheduleHeader       @relation(fields: [scheduledHeaderXid], references: [id], onDelete: Restrict)
+  activityXid                 Int?                         @map("activity_xid")
+  activity                    Activities?                  @relation(fields: [activityXid], references: [id], onDelete: Restrict)
+  scheduledHeaderXid          Int?                         @map("scheduled_header_xid")
+  scheduledHeader             ScheduleHeader?              @relation(fields: [scheduledHeaderXid], references: [id], onDelete: Restrict)
  occurenceDate               DateTime                     @map("occurence_date")
  startTime                   String                       @map("start_time") @db.VarChar(30)
  endTime                     String                       @map("end_time") @db.VarChar(30)
  endDate                     DateTime                     @map("end_date")
-  venueXid             Int                  @map("venue_xid")
-  venue                ActivityVenues       @relation(fields: [venueXid], references: [id], onDelete: Restrict)
+  venueXid                    Int?                         @map("venue_xid")
+  venue                       ActivityVenues?              @relation(fields: [venueXid], references: [id], onDelete: Restrict)
  locationLat                 Float?                       @map("location_lat")
  locationLong                Float?                       @map("location_long")
  locationAddress             Json?                        @map("location_address")
@@ -1738,11 +1873,93 @@ model ItineraryActivities {
  ActivitySOSDetails          ActivitySOSDetails[]
  ActivityFeedbacks           ActivityFeedbacks[]
  ItineraryDetails            ItineraryDetails[]
+  itineraryActivitySelections ItineraryActivitySelection[]

  @@map("itinerary_activities")
  @@schema("itn")
 }

+model PaymentOrders {
+  id                 Int              @id @default(autoincrement())
+  userXid            Int              @map("user_xid")
+  user               User             @relation(fields: [userXid], references: [id], onDelete: Cascade)
+  itineraryHeaderXid Int?             @map("itinerary_header_xid")
+  itineraryHeader    ItineraryHeader? @relation(fields: [itineraryHeaderXid], references: [id], onDelete: Cascade)
+  razorpayOrderId    String?          @unique @map("razorpay_order_id") @db.VarChar(100)
+  razorpayPaymentId  String?          @unique @map("razorpay_payment_id") @db.VarChar(100)
+  razorpaySignature  String?          @map("razorpay_signature") @db.VarChar(255)
+  receipt            String           @unique @map("receipt") @db.VarChar(100)
+  amount             Int              @map("amount")
+  currency           String           @default("INR") @map("currency") @db.VarChar(10)
+  paymentStatus      String           @default("created") @map("payment_status") @db.VarChar(30)
+  notes              Json?            @map("notes")
+  verifiedAt         DateTime?        @map("verified_at")
+  paidAt             DateTime?        @map("paid_at")
+  isActive           Boolean          @default(true) @map("is_active")
+  createdAt          DateTime         @default(now()) @map("created_at")
+  updatedAt          DateTime         @updatedAt @map("updated_at")
+  deletedAt          DateTime?        @map("deleted_at")
+
+  @@index([userXid, itineraryHeaderXid])
+  @@map("payment_orders")
+  @@schema("itn")
+}
+
+model ItineraryActivitySelection {
+  id                          Int                                   @id @default(autoincrement())
+  itineraryActivityXid        Int                                   @map("itinerary_activity_xid")
+  itineraryActivity           ItineraryActivities                   @relation(fields: [itineraryActivityXid], references: [id], onDelete: Cascade)
+  itineraryMemberXid          Int                                   @map("itinerary_member_xid")
+  itineraryMember             ItineraryMembers                      @relation(fields: [itineraryMemberXid], references: [id], onDelete: Cascade)
+  isFoodOpted                 Boolean                               @default(false) @map("is_food_opted")
+  isTrainerOpted              Boolean                               @default(false) @map("is_trainer_opted")
+  isInActivityNavigationOpted Boolean                               @default(false) @map("is_in_activity_navigation_opted")
+  activityNavigationModeXid   Int?                                  @map("activity_navigation_mode_xid")
+  activityNavigationMode      ActivityNavigationModes?              @relation(fields: [activityNavigationModeXid], references: [id], onDelete: Restrict)
+  isActive                    Boolean                               @default(true) @map("is_active")
+  createdAt                   DateTime                              @default(now()) @map("created_at")
+  updatedAt                   DateTime                              @updatedAt @map("updated_at")
+  deletedAt                   DateTime?                             @map("deleted_at")
+  selectedFoodTypes           ItineraryActivitySelectionFoodType[]
+  selectedEquipments          ItineraryActivitySelectionEquipment[]
+
+  @@unique([itineraryActivityXid, itineraryMemberXid])
+  @@map("itinerary_activity_selection")
+  @@schema("itn")
+}
+
+model ItineraryActivitySelectionFoodType {
+  id                            Int                        @id @default(autoincrement())
+  itineraryActivitySelectionXid Int                        @map("itinerary_activity_selection_xid")
+  itineraryActivitySelection    ItineraryActivitySelection @relation(fields: [itineraryActivitySelectionXid], references: [id], onDelete: Cascade)
+  activityFoodTypeXid           Int                        @map("activity_food_type_xid")
+  activityFoodType              ActivityFoodTypes          @relation(fields: [activityFoodTypeXid], references: [id], onDelete: Cascade)
+  isActive                      Boolean                    @default(true) @map("is_active")
+  createdAt                     DateTime                   @default(now()) @map("created_at")
+  updatedAt                     DateTime                   @updatedAt @map("updated_at")
+  deletedAt                     DateTime?                  @map("deleted_at")
+
+  @@unique([itineraryActivitySelectionXid, activityFoodTypeXid])
+  @@map("itinerary_activity_selection_food_type")
+  @@schema("itn")
+}
+
+model ItineraryActivitySelectionEquipment {
+  id                            Int                        @id @default(autoincrement())
+  itineraryActivitySelectionXid Int                        @map("itinerary_activity_selection_xid")
+  itineraryActivitySelection    ItineraryActivitySelection @relation(fields: [itineraryActivitySelectionXid], references: [id], onDelete: Cascade)
+  activityEquipmentXid          Int                        @map("activity_equipment_xid")
+  activityEquipment             ActivityEquipments         @relation(fields: [activityEquipmentXid], references: [id], onDelete: Cascade)
+  isActive                      Boolean                    @default(true) @map("is_active")
+  createdAt                     DateTime                   @default(now()) @map("created_at")
+  updatedAt                     DateTime                   @updatedAt @map("updated_at")
+  deletedAt                     DateTime?                  @map("deleted_at")
+
+  @@unique([itineraryActivitySelectionXid, activityEquipmentXid])
+  @@map("itinerary_activity_selection_equipment")
+  @@schema("itn")
+}
+
 model ActivitySOSDetails {
  id                   Int                 @id @default(autoincrement())
  itineraryActivityXid Int                 @map("itinerary_activity_xid")
@@ -1795,8 +2012,8 @@ model ItineraryDetails {
  activityStatus       String                 @map("activity_status") @db.VarChar(30)
  isChargeable         Boolean                @default(false) @map("is_chargeable")
  baseAmount           Int                    @map("base_amount")
-  totalAmount          Int                    @map("total_amount")
-  itineraryStatus      String                 @map("itinerary_status") @db.VarChar(30)
+  totalAmount          Int?                   @map("total_amount")
+  itineraryStatus      String?                @map("itinerary_status") @db.VarChar(30)
  isPaid               Boolean                @default(false) @map("is_paid")
  paidByXid            Int?                   @map("paid_by_xid")
  paidBy               User?                  @relation(fields: [paidByXid], references: [id], onDelete: Restrict)
--- a/prisma/seed.ts
+++ b/prisma/seed.ts
@@ -7,7 +7,73 @@ const prisma = new PrismaClient({
    adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL }),
 });

+const HOST_PERMISSION_MASTER_SEED = [
+    { permissionKey: 'profile.company_profile.edit', permissionGroup: 'Profile', permissionSection: 'Company Profile', permissionAction: 'Edit', displayLabel: 'Company Profile - Edit', displayOrder: 1 },
+    { permissionKey: 'profile.company_profile.view', permissionGroup: 'Profile', permissionSection: 'Company Profile', permissionAction: 'View', displayLabel: 'Company Profile - View', displayOrder: 2 },
+    { permissionKey: 'profile.company_profile.hide', permissionGroup: 'Profile', permissionSection: 'Company Profile', permissionAction: 'Hide', displayLabel: 'Company Profile - Hide', displayOrder: 3 },
+    { permissionKey: 'activity_management.onboarding.edit', permissionGroup: 'Activity Management', permissionSection: 'Onboarding', permissionAction: 'Edit', displayLabel: 'Onboarding - Edit', displayOrder: 4 },
+    { permissionKey: 'activity_management.onboarding.view', permissionGroup: 'Activity Management', permissionSection: 'Onboarding', permissionAction: 'View', displayLabel: 'Onboarding - View', displayOrder: 5 },
+    { permissionKey: 'activity_management.onboarding.hide', permissionGroup: 'Activity Management', permissionSection: 'Onboarding', permissionAction: 'Hide', displayLabel: 'Onboarding - Hide', displayOrder: 6 },
+    { permissionKey: 'activity_management.scheduling.edit', permissionGroup: 'Activity Management', permissionSection: 'Scheduling', permissionAction: 'Edit', displayLabel: 'Scheduling - Edit', displayOrder: 7 },
+    { permissionKey: 'activity_management.scheduling.view', permissionGroup: 'Activity Management', permissionSection: 'Scheduling', permissionAction: 'View', displayLabel: 'Scheduling - View', displayOrder: 8 },
+    { permissionKey: 'activity_management.scheduling.hide', permissionGroup: 'Activity Management', permissionSection: 'Scheduling', permissionAction: 'Hide', displayLabel: 'Scheduling - Hide', displayOrder: 9 },
+    { permissionKey: 'activity_management.reservation.edit', permissionGroup: 'Activity Management', permissionSection: 'Reservation', permissionAction: 'Edit', displayLabel: 'Reservation - Edit', displayOrder: 10 },
+    { permissionKey: 'activity_management.reservation.view', permissionGroup: 'Activity Management', permissionSection: 'Reservation', permissionAction: 'View', displayLabel: 'Reservation - View', displayOrder: 11 },
+    { permissionKey: 'activity_management.reservation.hide', permissionGroup: 'Activity Management', permissionSection: 'Reservation', permissionAction: 'Hide', displayLabel: 'Reservation - Hide', displayOrder: 12 },
+    { permissionKey: 'analytics_statements.revenue_statistics.edit', permissionGroup: 'Analytics & Statements', permissionSection: 'Revenue Statistics', permissionAction: 'Edit', displayLabel: 'Revenue Statistics - Edit', displayOrder: 13 },
+    { permissionKey: 'analytics_statements.revenue_statistics.view', permissionGroup: 'Analytics & Statements', permissionSection: 'Revenue Statistics', permissionAction: 'View', displayLabel: 'Revenue Statistics - View', displayOrder: 14 },
+    { permissionKey: 'analytics_statements.revenue_statistics.hide', permissionGroup: 'Analytics & Statements', permissionSection: 'Revenue Statistics', permissionAction: 'Hide', displayLabel: 'Revenue Statistics - Hide', displayOrder: 15 },
+    { permissionKey: 'analytics_statements.technical_statistics.edit', permissionGroup: 'Analytics & Statements', permissionSection: 'Technical Statistics', permissionAction: 'Edit', displayLabel: 'Technical Statistics - Edit', displayOrder: 16 },
+    { permissionKey: 'analytics_statements.technical_statistics.view', permissionGroup: 'Analytics & Statements', permissionSection: 'Technical Statistics', permissionAction: 'View', displayLabel: 'Technical Statistics - View', displayOrder: 17 },
+    { permissionKey: 'analytics_statements.technical_statistics.hide', permissionGroup: 'Analytics & Statements', permissionSection: 'Technical Statistics', permissionAction: 'Hide', displayLabel: 'Technical Statistics - Hide', displayOrder: 18 },
+    { permissionKey: 'analytics_statements.reservation.edit', permissionGroup: 'Analytics & Statements', permissionSection: 'Reservation', permissionAction: 'Edit', displayLabel: 'Reservation - Edit', displayOrder: 19 },
+    { permissionKey: 'analytics_statements.reservation.view', permissionGroup: 'Analytics & Statements', permissionSection: 'Reservation', permissionAction: 'View', displayLabel: 'Reservation - View', displayOrder: 20 },
+    { permissionKey: 'analytics_statements.reservation.hide', permissionGroup: 'Analytics & Statements', permissionSection: 'Reservation', permissionAction: 'Hide', displayLabel: 'Reservation - Hide', displayOrder: 21 },
+    { permissionKey: 'communication.messages.edit', permissionGroup: 'Communication', permissionSection: 'Messages', permissionAction: 'Edit', displayLabel: 'Messages - Edit', displayOrder: 22 },
+    { permissionKey: 'communication.messages.view', permissionGroup: 'Communication', permissionSection: 'Messages', permissionAction: 'View', displayLabel: 'Messages - View', displayOrder: 23 },
+    { permissionKey: 'communication.messages.hide', permissionGroup: 'Communication', permissionSection: 'Messages', permissionAction: 'Hide', displayLabel: 'Messages - Hide', displayOrder: 24 },
+    { permissionKey: 'communication.broadcast.edit', permissionGroup: 'Communication', permissionSection: 'Broadcast', permissionAction: 'Edit', displayLabel: 'Broadcast - Edit', displayOrder: 25 },
+    { permissionKey: 'communication.broadcast.view', permissionGroup: 'Communication', permissionSection: 'Broadcast', permissionAction: 'View', displayLabel: 'Broadcast - View', displayOrder: 26 },
+    { permissionKey: 'communication.broadcast.hide', permissionGroup: 'Communication', permissionSection: 'Broadcast', permissionAction: 'Hide', displayLabel: 'Broadcast - Hide', displayOrder: 27 },
+    { permissionKey: 'promotions.creating_new_promotions.edit', permissionGroup: 'Promotions', permissionSection: 'Creating New Promotions', permissionAction: 'Edit', displayLabel: 'Creating New Promotions - Edit', displayOrder: 28 },
+    { permissionKey: 'promotions.creating_new_promotions.view', permissionGroup: 'Promotions', permissionSection: 'Creating New Promotions', permissionAction: 'View', displayLabel: 'Creating New Promotions - View', displayOrder: 29 },
+    { permissionKey: 'promotions.creating_new_promotions.hide', permissionGroup: 'Promotions', permissionSection: 'Creating New Promotions', permissionAction: 'Hide', displayLabel: 'Creating New Promotions - Hide', displayOrder: 30 },
+    { permissionKey: 'promotions.view_promotions.edit', permissionGroup: 'Promotions', permissionSection: 'View Promotions', permissionAction: 'Edit', displayLabel: 'View Promotions - Edit', displayOrder: 31 },
+    { permissionKey: 'promotions.view_promotions.view', permissionGroup: 'Promotions', permissionSection: 'View Promotions', permissionAction: 'View', displayLabel: 'View Promotions - View', displayOrder: 32 },
+    { permissionKey: 'promotions.view_promotions.hide', permissionGroup: 'Promotions', permissionSection: 'View Promotions', permissionAction: 'Hide', displayLabel: 'View Promotions - Hide', displayOrder: 33 },
+    { permissionKey: 'user_management.inviting_new_users.edit', permissionGroup: 'User Management', permissionSection: 'Inviting New Users', permissionAction: 'Edit', displayLabel: 'Inviting New Users - Edit', displayOrder: 34 },
+    { permissionKey: 'user_management.inviting_new_users.view', permissionGroup: 'User Management', permissionSection: 'Inviting New Users', permissionAction: 'View', displayLabel: 'Inviting New Users - View', displayOrder: 35 },
+    { permissionKey: 'user_management.inviting_new_users.hide', permissionGroup: 'User Management', permissionSection: 'Inviting New Users', permissionAction: 'Hide', displayLabel: 'Inviting New Users - Hide', displayOrder: 36 },
+];
+
+async function seedHostPermissionMasters() {
+    for (const permission of HOST_PERMISSION_MASTER_SEED) {
+        await prisma.hostPermissionMasters.upsert({
+            where: { permissionKey: permission.permissionKey },
+            update: {
+                permissionGroup: permission.permissionGroup,
+                permissionSection: permission.permissionSection,
+                permissionAction: permission.permissionAction,
+                displayLabel: permission.displayLabel,
+                displayOrder: permission.displayOrder,
+                isActive: true,
+                deletedAt: null,
+            },
+            create: {
+                permissionKey: permission.permissionKey,
+                permissionGroup: permission.permissionGroup,
+                permissionSection: permission.permissionSection,
+                permissionAction: permission.permissionAction,
+                displayLabel: permission.displayLabel,
+                displayOrder: permission.displayOrder,
+                isActive: true,
+            },
+        });
+    }
+}
+
 async function main() {
+    await seedHostPermissionMasters();
    // ✅ Countries
    // const india = await prisma.countries.upsert({
    //     where: { countryName: 'India' },
--- a/serverless.yml
+++ b/serverless.yml
@@ -34,6 +34,8 @@ provider:
    binaryMediaTypes:
      - '*/*'
    minimumCompressionSize: 1024
+  websocketsApiName: minglar-ws-${sls:stage}
+  websocketsApiRouteSelectionExpression: $request.body.action
 
  environment:
    DATABASE_URL: ${env:DATABASE_URL}
@@ -65,6 +67,9 @@ provider:
    AM_INVITATION_LINK: ${env:AM_INVITATION_LINK}
    HOST_LINK: ${env:HOST_LINK}
    HOST_LINK_PQ: ${env:HOST_LINK_PQ}
+    RAZORPAY_KEY_ID: ${env:RAZORPAY_KEY_ID}
+    RAZORPAY_KEY_SECRET: ${env:RAZORPAY_KEY_SECRET}
+    RAZORPAY_WEBHOOK_SECRET: ${env:RAZORPAY_WEBHOOK_SECRET}
 
  iam:
    role:
@@ -78,6 +83,11 @@ provider:
          Resource:
            - 'arn:aws:s3:::${env:S3_BUCKET_NAME}'
            - 'arn:aws:s3:::${env:S3_BUCKET_NAME}/*'
+        - Effect: Allow
+          Action:
+            - execute-api:ManageConnections
+          Resource:
+            - 'arn:aws:execute-api:${self:provider.region}:*:*/*/@connections/*'
 
 build:
  esbuild:
@@ -148,6 +158,7 @@ functions:
  - ${file(./serverless/functions/minglaradmin.yml)}
  - ${file(./serverless/functions/prepopulate.yml)}
  - ${file(./serverless/functions/user.yml)}
+  - ${file(./serverless/functions/websocket.yml)}
 
 plugins:
  - serverless-offline
--- a/serverless/common.yml
+++ b/serverless/common.yml
@@ -57,8 +57,12 @@ provider:
    MINGLAR_ADMIN_NAME: ${env:MINGLAR_ADMIN_NAME}
    MINGLAR_ADMIN_EMAIL: ${env:MINGLAR_ADMIN_EMAIL}
    AM_INVITATION_LINK: ${env:AM_INVITATION_LINK}
+    AM_INTERFACE_LINK: ${env:AM_INTERFACE_LINK}
    HOST_LINK: ${env:HOST_LINK}
    HOST_LINK_PQ: ${env:HOST_LINK_PQ}
+    RAZORPAY_KEY_ID: ${env:RAZORPAY_KEY_ID}
+    RAZORPAY_KEY_SECRET: ${env:RAZORPAY_KEY_SECRET}
+    RAZORPAY_WEBHOOK_SECRET: ${env:RAZORPAY_WEBHOOK_SECRET}

  iam:
    role:
--- a/serverless/functions/host.yml
+++ b/serverless/functions/host.yml
@@ -308,6 +308,86 @@ updateHostProfile:
        path: /profile
        method: patch

+inviteHostMember:
+  handler: src/modules/host/handlers/settings/inviteMember.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/host/handlers/settings/**'
+      - 'src/modules/host/services/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /settings/invite-member
+        method: post
+
+getAllInvitedCoadminAndOperator:
+  handler: src/modules/host/handlers/settings/getAllInvitedCoadminAndOperator.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/host/handlers/settings/**'
+      - 'src/modules/host/services/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /settings/invited-coadmin-operators
+        method: get
+
+saveRolePermissions:
+  handler: src/modules/host/handlers/settings/saveRolePermissions.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/host/handlers/settings/**'
+      - 'src/modules/host/services/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /settings/save-role-permissions
+        method: post
+
+getPermissionMasters:
+  handler: src/modules/host/handlers/settings/getPermissionMasters.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/host/handlers/settings/**'
+      - 'src/modules/host/services/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /settings/permission-masters
+        method: get
+
+getHostMemberRoles:
+  handler: src/modules/host/handlers/settings/getMemberRoles.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/host/handlers/settings/**'
+      - 'src/modules/host/services/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /settings/member-roles
+        method: get
+
 # Functions with S3/AWS SDK dependencies
 submitCompanyDetails:
  handler: src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.handler
--- a/serverless/functions/user.yml
+++ b/serverless/functions/user.yml
@@ -438,6 +438,21 @@ getUserItineraryDetails:
        path: /itinerary/get-user-itinerary-details
        method: get

+getItineraryCheckoutDetails:
+  handler: src/modules/user/handlers/itinerary/getItineraryCheckoutDetails.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /itinerary/get-itinerary-checkout-details
+        method: get
+
 saveUserItinerary:
  handler: src/modules/user/handlers/itinerary/saveUserItinerary.handler
  memorySize: 512
@@ -453,6 +468,21 @@ saveUserItinerary:
        path: /itinerary/save-user-itinerary
        method: post

+saveItineraryActivitySelections:
+  handler: src/modules/user/handlers/itinerary/saveItineraryActivitySelections.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /itinerary/save-itinerary-activity-selections
+        method: post
+
 getAllUserSavedItineraries:
  handler: src/modules/user/handlers/itinerary/getAllUserSavedItineraries.handler
  memorySize: 512
@@ -468,6 +498,66 @@ getAllUserSavedItineraries:
        path: /itinerary/get-all-user-saved-itineraries
        method: get

+cancelUserItinerary:
+  handler: src/modules/user/handlers/itinerary/cancelUserItinerary.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /itinerary/cancel-itinerary
+        method: post
+
+createRazorpayOrder:
+  handler: src/modules/user/handlers/payment/createOrder.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /payment/create-order
+        method: post
+
+verifyRazorpayPayment:
+  handler: src/modules/user/handlers/payment/verifyPayment.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /payment/verify-payment
+        method: post
+
+razorpayWebhook:
+  handler: src/modules/user/handlers/payment/razorpayWebhook.handler
+  memorySize: 512
+  package:
+    patterns:
+      - 'src/modules/user/**'
+      - ${file(./serverless/patterns/base.yml):pattern1}
+      - ${file(./serverless/patterns/base.yml):pattern2}
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - httpApi:
+        path: /payment/webhook/razorpay
+        method: post
+
 getMatchingBucketInterestedActivities:
  handler: src/modules/user/handlers/itinerary/getMatchingBucketInterestedActivities.handler
  memorySize: 512
--- a/serverless/functions/websocket.yml
+++ b/serverless/functions/websocket.yml
@@ -0,0 +1,64 @@
+websocketConnect:
+  handler: src/modules/websocket/handlers/connect.handler
+  memorySize: 256
+  package:
+    patterns:
+      - 'src/modules/websocket/**'
+      - 'src/common/**'
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - websocket:
+        route: $connect
+
+websocketDisconnect:
+  handler: src/modules/websocket/handlers/disconnect.handler
+  memorySize: 256
+  package:
+    patterns:
+      - 'src/modules/websocket/**'
+      - 'src/common/**'
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - websocket:
+        route: $disconnect
+
+websocketDefault:
+  handler: src/modules/websocket/handlers/default.handler
+  memorySize: 256
+  package:
+    patterns:
+      - 'src/modules/websocket/**'
+      - 'src/common/**'
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - websocket:
+        route: $default
+
+websocketSendMessage:
+  handler: src/modules/websocket/handlers/sendMessage.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/websocket/**'
+      - 'src/common/**'
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - websocket:
+        route: sendMessage
+
+websocketGetMessages:
+  handler: src/modules/websocket/handlers/getMessages.handler
+  memorySize: 384
+  package:
+    patterns:
+      - 'src/modules/websocket/**'
+      - 'src/common/**'
+      - ${file(./serverless/patterns/base.yml):pattern3}
+      - ${file(./serverless/patterns/base.yml):pattern4}
+  events:
+    - websocket:
+        route: getMessages
--- a/src/common/middlewares/jwt/authForAny.ts
+++ b/src/common/middlewares/jwt/authForAny.ts
@@ -0,0 +1,78 @@
+import jwt from 'jsonwebtoken';
+import httpStatus from 'http-status';
+import ApiError from '../../utils/helper/ApiError';
+import config from '../../../config/config';
+import { ROLE } from '@/common/utils/constants/common.constant';
+import { prisma } from '../../database/prisma.client';
+
+interface DecodedToken {
+  id?: number;
+  sub?: string | number;
+  role?: string;
+  iat: number;
+  exp: number;
+}
+
+export async function verifyAnyToken(
+  token: string
+): Promise<{ id: number; roleXid: number; role?: string }> {
+  if (!token) {
+    throw new ApiError(httpStatus.UNAUTHORIZED, 'Please authenticate');
+  }
+
+  try {
+    const decoded = jwt.verify(token, config.jwt.secret) as unknown as DecodedToken;
+
+    const userId = decoded.id ?? (decoded.sub ? Number(decoded.sub) : null);
+    if (!userId) {
+      throw new ApiError(httpStatus.UNAUTHORIZED, 'Invalid token payload');
+    }
+
+    const user = await prisma.user.findUnique({
+      where: { id: userId },
+      include: { role: true },
+    });
+
+    const latestToken = await prisma.token.findFirst({
+      where: { userXid: userId },
+      orderBy: { id: 'desc' },
+    });
+
+    if (latestToken?.isBlackListed === true) {
+      throw new ApiError(401, 'This session is expired. Please login.');
+    }
+
+    if (!user) {
+      throw new ApiError(httpStatus.UNAUTHORIZED, 'User not found');
+    }
+
+    if (user.isActive === false) {
+      throw new ApiError(
+        httpStatus.FORBIDDEN,
+        'Your account is deactivated by admin.'
+      );
+    }
+
+    if (user.roleXid !== ROLE.USER && user.roleXid !== ROLE.HOST) {
+      throw new ApiError(httpStatus.FORBIDDEN, 'Access denied.');
+    }
+
+    return { id: user.id, roleXid: user.roleXid || 0, role: user.role?.roleName };
+  } catch (error) {
+    if (error instanceof jwt.TokenExpiredError) {
+      throw new ApiError(
+        httpStatus.UNAUTHORIZED,
+        'Your session has expired. Please log in again.'
+      );
+    }
+
+    if (error instanceof ApiError) {
+      throw error;
+    }
+
+    throw new ApiError(
+      httpStatus.FORBIDDEN,
+      'Invalid or expired authentication token.'
+    );
+  }
+}
--- a/src/common/services/chat.service.ts
+++ b/src/common/services/chat.service.ts
@@ -0,0 +1,150 @@
+import { PrismaClient } from '@prisma/client';
+import ApiError from '../utils/helper/ApiError';
+
+interface SendMessageInput {
+  activityXid: number;
+  senderXid: number;
+  receiverXid: number;
+  message: string;
+  status?: string;
+}
+
+interface GetMessagesInput {
+  activityXid: number;
+  userXid: number;
+  otherUserXid: number;
+  limit?: number;
+}
+
+export class ChatService {
+  constructor(private prisma: PrismaClient) {}
+
+  private async getHostUserIdForActivity(activityXid: number): Promise<number> {
+    const activity = await this.prisma.activities.findUnique({
+      where: { id: activityXid },
+      select: { host: { select: { userXid: true } } },
+    });
+
+    if (!activity) {
+      throw new ApiError(404, 'Activity not found');
+    }
+
+    const hostUserXid = activity.host?.userXid;
+
+    if (!hostUserXid) {
+      throw new ApiError(400, 'Host user not found for activity');
+    }
+
+    return hostUserXid;
+  }
+
+  async sendMessage(input: SendMessageInput) {
+    if (!input.activityXid || isNaN(input.activityXid)) {
+      throw new ApiError(400, 'Valid activityXid is required');
+    }
+
+    if (!input.senderXid || isNaN(input.senderXid)) {
+      throw new ApiError(400, 'Valid senderXid is required');
+    }
+
+    if (!input.receiverXid || isNaN(input.receiverXid)) {
+      throw new ApiError(400, 'Valid receiverXid is required');
+    }
+
+    if (input.senderXid === input.receiverXid) {
+      throw new ApiError(400, 'Sender and receiver cannot be the same');
+    }
+
+    const message = input.message?.trim();
+    if (!message) {
+      throw new ApiError(400, 'Message is required');
+    }
+
+    const hostUserXid = await this.getHostUserIdForActivity(input.activityXid);
+
+    if (input.senderXid !== hostUserXid && input.receiverXid !== hostUserXid) {
+      throw new ApiError(
+        400,
+        'Sender or receiver must be the host for this activity'
+      );
+    }
+
+    const receiverExists = await this.prisma.user.findUnique({
+      where: { id: input.receiverXid },
+      select: { id: true },
+    });
+
+    if (!receiverExists) {
+      throw new ApiError(404, 'Receiver not found');
+    }
+
+    return this.prisma.activityMessages.create({
+      data: {
+        activityXid: input.activityXid,
+        senderXid: input.senderXid,
+        receivedXid: input.receiverXid,
+        message,
+        status: input.status?.trim() || 'unread',
+      },
+    });
+  }
+
+  async getMessages(input: GetMessagesInput) {
+    if (!input.activityXid || isNaN(input.activityXid)) {
+      throw new ApiError(400, 'Valid activityXid is required');
+    }
+
+    if (!input.userXid || isNaN(input.userXid)) {
+      throw new ApiError(400, 'Valid userXid is required');
+    }
+
+    if (!input.otherUserXid || isNaN(input.otherUserXid)) {
+      throw new ApiError(400, 'Valid otherUserXid is required');
+    }
+
+    if (input.userXid === input.otherUserXid) {
+      throw new ApiError(400, 'Invalid otherUserXid');
+    }
+
+    const hostUserXid = await this.getHostUserIdForActivity(input.activityXid);
+
+    if (input.userXid !== hostUserXid && input.otherUserXid !== hostUserXid) {
+      throw new ApiError(
+        400,
+        'Conversation must include the host for this activity'
+      );
+    }
+
+    const limit = Math.min(Math.max(input.limit || 50, 1), 200);
+
+    const messages = await this.prisma.activityMessages.findMany({
+      where: {
+        activityXid: input.activityXid,
+        OR: [
+          {
+            senderXid: input.userXid,
+            receivedXid: input.otherUserXid,
+          },
+          {
+            senderXid: input.otherUserXid,
+            receivedXid: input.userXid,
+          },
+        ],
+      },
+      orderBy: { createdAt: 'asc' },
+      take: limit,
+    });
+
+    await this.prisma.activityMessages.updateMany({
+      where: {
+        activityXid: input.activityXid,
+        senderXid: input.otherUserXid,
+        receivedXid: input.userXid,
+        status: 'unread',
+      },
+      data: { status: 'read' },
+    });
+
+    return messages;
+  }
+}
--- a/src/common/services/websocket.service.ts
+++ b/src/common/services/websocket.service.ts
@@ -0,0 +1,58 @@
+import { PrismaClient } from '@prisma/client';
+
+export class WebSocketService {
+  constructor(private prisma: PrismaClient) {}
+
+  async connect(params: {
+    connectionId: string;
+    userXid: number;
+    activityXid?: number | null;
+  }) {
+    const { connectionId, userXid, activityXid } = params;
+    return this.prisma.chatConnections.upsert({
+      where: { connectionId },
+      create: {
+        connectionId,
+        userXid,
+        activityXid: activityXid ?? null,
+        isActive: true,
+      },
+      update: {
+        userXid,
+        activityXid: activityXid ?? null,
+        isActive: true,
+        deletedAt: null,
+      },
+    });
+  }
+
+  async disconnect(connectionId: string) {
+    return this.prisma.chatConnections.updateMany({
+      where: { connectionId },
+      data: {
+        isActive: false,
+        deletedAt: new Date(),
+      },
+    });
+  }
+
+  async getConnectionById(connectionId: string) {
+    return this.prisma.chatConnections.findFirst({
+      where: { connectionId, isActive: true },
+    });
+  }
+
+  async getConnectionsForUser(params: {
+    userXid: number;
+    activityXid?: number | null;
+  }) {
+    const { userXid, activityXid } = params;
+    return this.prisma.chatConnections.findMany({
+      where: {
+        userXid,
+        isActive: true,
+        ...(activityXid ? { activityXid } : {}),
+      },
+    });
+  }
+}
--- a/src/common/utils/validation/host/hostCompanyDetails.validation.ts
+++ b/src/common/utils/validation/host/hostCompanyDetails.validation.ts
@@ -46,6 +46,18 @@ export const parentCompanySchema = z.object({
  companyTypeXid: z.number()
    .optional(),

+  firstName: z.string()
+    .max(50, "First name cannot exceed 50 characters")
+    .optional(),
+
+  lastName: z.string()
+    .max(50, "Last name cannot exceed 50 characters")
+    .optional(),
+
+  mobileNumber: z.string()
+    .max(15, "Mobile number cannot exceed 15 characters")
+    .optional(),
+
  websiteUrl: z.string().nullable().optional(),
  instagramUrl: z.string().nullable().optional(),
  facebookUrl: z.string().nullable().optional(),
--- a/src/config/config.ts
+++ b/src/config/config.ts
@@ -83,8 +83,12 @@ const envVarsSchema = yup
 		BYPASS_OTP: yup.boolean().default(false).required('Bypass OTP is required'),
 		// Email links
 		AM_INVITATION_LINK: yup.string().required('Link to send in AM invitation mail is required'),
+		AM_INTERFACE_LINK:yup.string().required('Link to am interface is required'),
 		HOST_LINK: yup.string().required('Link to host panel is required'),
-		HOST_LINK_PQ: yup.string().required('Link to host panel pqp is required')
+		HOST_LINK_PQ: yup.string().required('Link to host panel pqp is required'),
+		RAZORPAY_KEY_SECRET: yup.string().required('Razorpay key secret is required'),
+		RAZORPAY_KEY_ID: yup.string().required('Razorpay key id is required'),
+		RAZORPAY_WEBHOOK_SECRET: yup.string().required('Razorpay webhook secret is required'),
 	})
 	.noUnknown(true);

@@ -165,6 +169,11 @@ function getConfig() {
 			AM_INVITATION_LINK: envVars.AM_INVITATION_LINK,
 			HOST_LINK: envVars.HOST_LINK,
 			HOST_LINK_PQ: envVars.HOST_LINK_PQ,
+			RAZORPAY_KEY_ID: envVars.RAZORPAY_KEY_ID,
+			RAZORPAY_KEY_SECRET: envVars.RAZORPAY_KEY_SECRET,
+			RAZORPAY_WEBHOOK_SECRET: envVars.RAZORPAY_WEBHOOK_SECRET,
+			AM_INTERFACE_LINK: envVars.AM_INTERFACE_LINK,
+
 			// oneSignal: {
 			// 	appID: envVars.ONESIGNAL_APPID,
 			// 	restApiKey: envVars.ONESIGNAL_REST_APIKEY,
--- a/src/modules/host/handlers/Host_Admin/onboarding/createPassword.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/createPassword.ts
@@ -4,6 +4,7 @@ import { prismaClient } from '../../../../../common/database/prisma.lambda.servi
 import { HostService } from '../../../services/host.service';
 import ApiError from '../../../../../common/utils/helper/ApiError';
 import { verifyHostToken } from '../../../../../common/middlewares/jwt/authForHost';
+import { sendWelcomeEmailToHost } from '../../../services/sendOTPEmail.service';

 const hostService = new HostService(prismaClient);

@@ -46,7 +47,8 @@ export const handler = safeHandler(async (
    throw new ApiError(400, 'Password must be at least 8 characters long');
  }

-  await hostService.createPassword(user_xid, password);
+  const result = await hostService.createPassword(user_xid, password);
+  await sendWelcomeEmailToHost(result.emailAddress);

  return {
    statusCode: 200,
--- a/src/modules/host/handlers/Host_Admin/onboarding/signUp.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/signUp.ts
@@ -4,13 +4,9 @@ import { prismaClient } from '../../../../../common/database/prisma.lambda.servi
 import { ROLE } from '../../../../../common/utils/constants/common.constant';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { encryptUserId } from '../../../../../common/utils/helper/CodeGenerator';
 import { OtpGeneratorSixDigit } from '../../../../../common/utils/helper/OtpGenerator';
-import { HostService } from '../../../services/host.service';
 import { sendOtpEmailForHost } from '@/modules/host/services/sendOTPEmail.service';

-const hostService = new HostService(prismaClient);
-
 export async function generateHostRefNumber(tx: any) {
  const lastrecord = await tx.user.findFirst({
    orderBy: {
@@ -45,13 +41,23 @@ export const handler = safeHandler(async (
    throw new ApiError(400, 'Email is required');
  }

-  const emailToLowerCase = email.toLowerCase()
+  const emailToLowerCase = email.trim().toLowerCase();
+
+  if (!emailToLowerCase) {
+    throw new ApiError(400, 'Email is required');
+  }

  // Use a single transaction for user creation/lookup and OTP storage
  const transactionResult = await prismaClient.$transaction(async (tx) => {
    const user = await tx.user.findUnique({
      where: { emailAddress: emailToLowerCase },
-      select: { emailAddress: true, id: true, userPassword: true },
+      select: {
+        emailAddress: true,
+        id: true,
+        userPassword: true,
+        dataConsentAccepted: true,
+        dataConsentAcceptedOn: true,
+      },
    });

    if (user && user.userPassword) {
@@ -93,9 +99,18 @@ export const handler = safeHandler(async (
      },
    });

-    const encryptedId = encryptUserId(String(newUserLocal.id));
+    await tx.user.update({
+      where: { id: Number(newUserLocal.id) },
+      data: {
+        dataConsentAccepted: true,
+        dataConsentAcceptedOn:
+          user?.dataConsentAccepted && user?.dataConsentAcceptedOn
+            ? user.dataConsentAcceptedOn
+            : new Date(),
+      },
+    });

-    return { newUser: newUserLocal, otp, encryptedId };
+    return { newUser: newUserLocal, otp };
  });

  if (!transactionResult || !transactionResult.otp) {
--- a/src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.ts
+++ b/src/modules/host/handlers/Host_Admin/onboarding/submitCompanyDetails.ts
@@ -176,14 +176,46 @@ export const handler = safeHandler(async (event: APIGatewayProxyEvent): Promise<
    if (fields.userProfile) {
      const userProfileRaw = normalizeJsonField(fields, 'userProfile');
      if (userProfileRaw) {
-        const { firstName, lastName, mobileNumber } = userProfileRaw;
+        const firstName =
+          typeof userProfileRaw.firstName === 'string'
+            ? userProfileRaw.firstName.trim()
+            : undefined;
+        const lastName =
+          typeof userProfileRaw.lastName === 'string'
+            ? userProfileRaw.lastName.trim()
+            : undefined;
+        const mobileNumber =
+          typeof userProfileRaw.mobileNumber === 'string'
+            ? userProfileRaw.mobileNumber.trim()
+            : undefined;
+
+        if (mobileNumber) {
+          const existingUser = await prismaClient.user.findFirst({
+            where: {
+              mobileNumber,
+              id: {
+                not: Number(userInfo.id),
+              },
+            },
+            select: {
+              id: true,
+            },
+          });
+
+          if (existingUser) {
+            throw new ApiError(
+              409,
+              'Mobile number already exists for another user. Please use a different mobile number.',
+            );
+          }
+        }

        await prismaClient.user.update({
          where: { id: userInfo.id },
          data: {
-            ...(firstName && { firstName }),
-            ...(lastName && { lastName }),
-            ...(mobileNumber && { mobileNumber }),
+            ...(firstName !== undefined && { firstName }),
+            ...(lastName !== undefined && { lastName }),
+            ...(mobileNumber !== undefined && { mobileNumber }),
          },
        });
      }
--- a/src/modules/host/handlers/settings/getAllInvitedCoadminAndOperator.ts
+++ b/src/modules/host/handlers/settings/getAllInvitedCoadminAndOperator.ts
@@ -0,0 +1,61 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyHostToken } from '../../../../common/middlewares/jwt/authForHost';
+import { paginationService } from '../../../../common/utils/pagination/pagination.service';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { HostMemberService } from '../../services/hostMember.service';
+
+const hostMemberService = new HostMemberService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyHostToken(token);
+  const search = event.queryStringParameters?.search || '';
+
+  const paginationParams = paginationService.getPaginationFromEvent(event);
+  const paginationOptions =
+    paginationService.parsePaginationParams(paginationParams);
+
+  const { data, totalCount } =
+    await hostMemberService.getAllInvitedCoadminAndOperator({
+      hostUserXid: userInfo.id,
+      search,
+      paginationOptions,
+    });
+
+  const paginatedResponse = paginationService.createPaginatedResponse(
+    data,
+    totalCount,
+    paginationOptions,
+  );
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Invited co-admin and operator members fetched successfully',
+      ...paginatedResponse,
+    }),
+  };
+});
--- a/src/modules/host/handlers/settings/getMemberRoles.ts
+++ b/src/modules/host/handlers/settings/getMemberRoles.ts
@@ -0,0 +1,59 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyHostToken } from '../../../../common/middlewares/jwt/authForHost';
+import { ROLE } from '../../../../common/utils/constants/common.constant';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  await verifyHostToken(token);
+
+  const roles = await prismaClient.roles.findMany({
+    where: {
+      id: {
+        in: [ROLE.CO_ADMIN, ROLE.OPERATOR],
+      },
+      isActive: true,
+      deletedAt: null,
+    },
+    select: {
+      id: true,
+      roleName: true,
+    },
+    orderBy: {
+      id: 'asc',
+    },
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Host member roles fetched successfully',
+      data: {
+        roles,
+      },
+    }),
+  };
+});
--- a/src/modules/host/handlers/settings/getPermissionMasters.ts
+++ b/src/modules/host/handlers/settings/getPermissionMasters.ts
@@ -0,0 +1,60 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyHostToken } from '../../../../common/middlewares/jwt/authForHost';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  await verifyHostToken(token);
+
+  const permissionMasters = await prismaClient.hostPermissionMasters.findMany({
+    where: {
+      isActive: true,
+      deletedAt: null,
+    },
+    select: {
+      id: true,
+      permissionKey: true,
+      permissionGroup: true,
+      permissionSection: true,
+      permissionAction: true,
+      displayLabel: true,
+      displayOrder: true,
+    },
+    orderBy: {
+      displayOrder: 'asc',
+    },
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Permission masters fetched successfully',
+      data: {
+        permissionMasters,
+      },
+    }),
+  };
+});
--- a/src/modules/host/handlers/settings/inviteMember.ts
+++ b/src/modules/host/handlers/settings/inviteMember.ts
@@ -0,0 +1,111 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyHostToken } from '../../../../common/middlewares/jwt/authForHost';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { HostMemberService } from '../../services/hostMember.service';
+import { sendHostMemberInvitationEmail } from '../../services/sendHostMemberInvitationEmail.service';
+
+const hostMemberService = new HostMemberService(prismaClient);
+
+interface InviteMemberBody {
+  emailAddress: string;
+  roleXid: number;
+  permissionMasterXid: number;
+  activityXids: number[];
+}
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyHostToken(token);
+
+  let body: Partial<InviteMemberBody> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const emailAddress =
+    typeof body.emailAddress === 'string' ? body.emailAddress.trim() : '';
+  const roleXid = Number(body.roleXid);
+  const permissionMasterXid = Number(body.permissionMasterXid);
+  const activityXids = Array.isArray(body.activityXids)
+    ? body.activityXids
+    : [];
+
+  if (!emailAddress) {
+    throw new ApiError(400, 'emailAddress is required.');
+  }
+
+  if (!Number.isInteger(roleXid) || roleXid <= 0) {
+    throw new ApiError(400, 'roleXid is required.');
+  }
+
+  if (!Number.isInteger(permissionMasterXid) || permissionMasterXid <= 0) {
+    throw new ApiError(400, 'permissionMasterXid is required.');
+  }
+
+  if (!activityXids.length) {
+    throw new ApiError(400, 'activityXids is required.');
+  }
+
+  const inviteResult = await hostMemberService.inviteMember({
+    inviterUserXid: userInfo.id,
+    emailAddress,
+    roleXid,
+    permissionMasterXid,
+    activityXids,
+  });
+
+  await sendHostMemberInvitationEmail(
+    inviteResult.user.emailAddress ?? emailAddress,
+    inviteResult.host.companyName,
+    inviteResult.permissionMaster.role.roleName,
+    inviteResult.permissionDetails.map((permission) => permission.displayLabel),
+    inviteResult.activities.map((activity) => activity.activityTitle ?? `Activity #${activity.id}`),
+  );
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Host member invited successfully',
+      data: {
+        hostMemberId: inviteResult.hostMember.id,
+        hostXid: inviteResult.hostMember.hostXid,
+        userXid: inviteResult.hostMember.userXid,
+        emailAddress: inviteResult.user.emailAddress,
+        roleXid: inviteResult.hostMember.roleXid,
+        permissionMasterXid: inviteResult.hostMember.hostRolePermissionMasterXid,
+        permissionMasterXids: inviteResult.permissionMaster.permissionMasterXids,
+        permissionLabels: inviteResult.permissionDetails.map((permission) => permission.displayLabel),
+        activityXids: inviteResult.activities.map((activity) => activity.id),
+        activityNames: inviteResult.activities.map((activity) => activity.activityTitle ?? null),
+        memberStatus: inviteResult.hostMember.memberStatus,
+      },
+    }),
+  };
+});
--- a/src/modules/host/handlers/settings/saveRolePermissions.ts
+++ b/src/modules/host/handlers/settings/saveRolePermissions.ts
@@ -0,0 +1,81 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyHostToken } from '../../../../common/middlewares/jwt/authForHost';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { HostRolePermissionService } from '../../services/hostRolePermission.service';
+
+const hostRolePermissionService = new HostRolePermissionService(prismaClient);
+
+interface SaveRolePermissionsBody {
+  roleXid: number;
+  permissionMasterXids: number[];
+}
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyHostToken(token);
+
+  let body: Partial<SaveRolePermissionsBody> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const roleXid = Number(body.roleXid);
+  const permissionMasterXids = Array.isArray(body.permissionMasterXids)
+    ? body.permissionMasterXids
+    : [];
+
+  if (!Number.isInteger(roleXid) || roleXid <= 0) {
+    throw new ApiError(400, 'roleXid is required.');
+  }
+
+  if (!permissionMasterXids.length) {
+    throw new ApiError(400, 'permissionMasterXids is required.');
+  }
+
+  const result = await hostRolePermissionService.saveRolePermissions({
+    hostUserXid: userInfo.id,
+    roleXid,
+    permissionMasterXids,
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Role permissions saved successfully',
+      data: {
+        permissionMasterXid: result.saved.id,
+        hostXid: result.saved.hostXid,
+        roleXid: result.saved.roleXid,
+        permissionMasterXids: result.saved.permissionMasterXids,
+        selectedPermissions: result.selectedPermissions,
+      },
+    }),
+  };
+});
--- a/src/modules/host/services/host.service.ts
+++ b/src/modules/host/services/host.service.ts
@@ -395,6 +395,17 @@ const s3 = new AWS.S3({
  region: config.aws.region,
 });

+function getS3KeyFromStoredPath(path?: string | null) {
+  if (!path) return null;
+  return path.startsWith('http') ? path.split('.com/')[1] || null : path;
+}
+
+function resolveIncomingLogoPath(path?: string | null) {
+  if (typeof path !== 'string') return null;
+  const trimmed = path.trim();
+  return trimmed.length ? trimmed : null;
+}
+
 type UpdateHostProfileInput = {
  firstName?: string;
  lastName?: string | null;
@@ -415,6 +426,43 @@ type UpdateHostProfileInput = {
 export class HostService {
  constructor(private prisma: PrismaClient) { }

+  private async getValidLogoUrl(
+    model: 'hostHeader' | 'hostParent',
+    recordId: number,
+    logoPath?: string | null,
+  ) {
+    const key = getS3KeyFromStoredPath(logoPath);
+    if (!key) return null;
+
+    try {
+      await s3
+        .headObject({
+          Bucket: bucket,
+          Key: key,
+        })
+        .promise();
+
+      return await getPresignedUrl(bucket, key);
+    } catch (error: any) {
+      const statusCode = error?.statusCode;
+      const errorCode = error?.code;
+      const isMissingObject =
+        statusCode === 404 ||
+        errorCode === 'NotFound' ||
+        errorCode === 'NoSuchKey';
+
+      if (isMissingObject) {
+        await (this.prisma as any)[model].update({
+          where: { id: recordId },
+          data: { logoPath: null },
+        });
+        return null;
+      }
+
+      throw error;
+    }
+  }
+
  async createHost(data: CreateHostDto) {
    return this.prisma.user.create({ data });
  }
@@ -444,12 +492,50 @@ export class HostService {
  async getHostById(id: number) {
    const host = await this.prisma.hostHeader.findFirst({
      where: { userXid: id },
-      include: {
+      select: {
+        id: true,
+        logoPath: true,
+        companyName: true,
+        address1: true,
+        address2: true,
+        pinCode: true,
+        isSubsidairy: true,
+        registrationNumber: true,
+        panNumber: true,
+        gstNumber: true,
+        formationDate: true,
+        companyTypeXid: true,
+        websiteUrl: true,
+        instagramUrl: true,
+        facebookUrl: true,
+        linkedinUrl: true,
+        twitterUrl: true,
+        stepper: true,
+        hostStatusInternal: true,
+        hostStatusDisplay: true,
+        adminStatusInternal: true,
+        adminStatusDisplay: true,
+        amStatus: true,
+        agreementAccepted: true,
+        assignedOn: true,
+        agreementStartDate: true,
+        isApproved: true,
+        durationNumber: true,
+        durationFrequency: true,
+        isCommisionBase: true,
+        commisionPer: true,
+        amountPerBooking: true,
+        payoutDurationNum: true,
+        payoutDurationFrequency: true,
+        referencedBy: true,
        hostParent: {
          select: {
            id: true,
            logoPath: true,
            companyName: true,
+            firstName: true,
+            lastName: true,
+            mobileNumber: true,
            address1: true,
            address2: true,
            cities: {
@@ -615,11 +701,15 @@ export class HostService {
    }

    if (host?.logoPath) {
-      const key = host.logoPath.startsWith('http')
-        ? host.logoPath.split('.com/')[1]
-        : host.logoPath;
-
-      host.logoPath = await getPresignedUrl(bucket, key);
+      const resolvedLogoUrl = await this.getValidLogoUrl(
+        'hostHeader',
+        host.id,
+        host.logoPath,
+      );
+      if (!resolvedLogoUrl) {
+        host.logoPath = null;
+      }
+      (host as any).logoPresignedUrl = resolvedLogoUrl;
    }

    if (host.accountManager?.profileImage) {
@@ -635,11 +725,15 @@ export class HostService {

      // Parent company logo
      if (parent.logoPath) {
-        const key = parent.logoPath.startsWith('http')
-          ? parent.logoPath.split('.com/')[1]
-          : parent.logoPath;
-
-        parent.logoPath = await getPresignedUrl(bucket, key);
+        const resolvedParentLogoUrl = await this.getValidLogoUrl(
+          'hostParent',
+          parent.id,
+          parent.logoPath,
+        );
+        if (!resolvedParentLogoUrl) {
+          parent.logoPath = null;
+        }
+        (parent as any).logoPresignedUrl = resolvedParentLogoUrl;
      }

      // Parent documents
@@ -877,10 +971,10 @@ export class HostService {
    return newUser;
  }

-  async createPassword(user_xid: number, password: string): Promise<boolean> {
+  async createPassword(user_xid: number, password: string): Promise<Partial<User>> {
    // Find user by id
    const user = await this.prisma.user.findUnique({
-      where: { id: user_xid },
+      where: { id: user_xid, isActive: true },
      select: { id: true, emailAddress: true, userPassword: true },
    });

@@ -910,7 +1004,7 @@ export class HostService {
      },
    });

-    return true;
+    return user;
  }

  async getBankBranchById(bankBranchXid: number) {
@@ -1048,6 +1142,23 @@ export class HostService {
              },
            },
          },
+          ActivitiesMedia: {
+            where: {
+              isActive: true,
+              isCoverImage: true,
+              deletedAt: null,
+            },
+            select: {
+              id: true,
+              mediaFileName: true,
+              mediaType: true,
+              isCoverImage: true,
+            },
+            orderBy: {
+              displayOrder: 'asc',
+            },
+            take: 1,
+          },
        },
        skip: paginationOptions?.skip || 0,
        take: paginationOptions?.limit || 10,
@@ -1074,11 +1185,31 @@ export class HostService {
      }
    }

+    const hostActivitiesWithAssets = await Promise.all(
+      hostAllActivities.map(async (activity) => {
+        const coverImage = activity.ActivitiesMedia?.[0] ?? null;
+        const coverImagePresignedUrl = coverImage?.mediaFileName
+          ? await getPresignedUrl(
+              bucket,
+              coverImage.mediaFileName.startsWith('http')
+                ? coverImage.mediaFileName.split('.com/')[1]
+                : coverImage.mediaFileName,
+            )
+          : null;
+
+        return {
+          ...activity,
+          coverImage: coverImage?.mediaFileName ?? null,
+          coverImagePresignedUrl,
+        };
+      }),
+    );
+
    const {
      paginationService,
    } = require('@/common/utils/pagination/pagination.service');
    return paginationService.createPaginatedResponse(
-      hostAllActivities,
+      hostActivitiesWithAssets,
      totalCount,
      paginationOptions || { page: 1, limit: 10, skip: 0 },
    );
@@ -1564,6 +1695,9 @@ export class HostService {
            data: {
              host: { connect: { id: createdHost.id } },
              companyName: parentCompanyData.companyName || null,
+              firstName: parentCompanyData.firstName || null,
+              lastName: parentCompanyData.lastName || null,
+              mobileNumber: parentCompanyData.mobileNumber || null,
              address1: parentCompanyData.address1 || null,
              address2: parentCompanyData.address2 || null,
              // Safely handle city connection - only connect if valid ID exists
@@ -1600,7 +1734,7 @@ export class HostService {
              facebookUrl: parentCompanyData.facebookUrl || null,
              linkedinUrl: parentCompanyData.linkedinUrl || null,
              twitterUrl: parentCompanyData.twitterUrl || null,
-            },
+            } as any,
          });

          // parent docs
@@ -1656,8 +1790,10 @@ export class HostService {
              : undefined,
          pinCode: companyData.pinCode,
          logoPath: options?.deleteCompanyLogo
-            ? companyData.logoPath ?? null
-            : companyData.logoPath || existingHostCompany.logoPath,
+            ? null
+            : resolveIncomingLogoPath(companyData.logoPath) ??
+            existingHostCompany.logoPath ??
+            null,
          isSubsidairy: companyData.isSubsidairy,
          registrationNumber: companyData.registrationNumber,
          panNumber: companyData.panNumber,
@@ -1778,6 +1914,9 @@ export class HostService {
            data: {
              host: { connect: { id: updatedHost.id } },
              companyName: parentCompanyData.companyName || null,
+              firstName: parentCompanyData.firstName || null,
+              lastName: parentCompanyData.lastName || null,
+              mobileNumber: parentCompanyData.mobileNumber || null,
              address1: parentCompanyData.address1 || null,
              address2: parentCompanyData.address2 || null,
              cities:
@@ -1799,9 +1938,9 @@ export class HostService {
                  : undefined,
              pinCode: parentCompanyData.pinCode || null,
              logoPath: options?.deleteParentCompanyLogo
-                ? parentCompanyData?.logoPath ?? null
-                : parentCompanyData?.logoPath ||
-                  existingParentCompany?.logoPath ||
+                ? null
+                : resolveIncomingLogoPath(parentCompanyData?.logoPath) ??
+                existingParentCompany?.logoPath ??
                null,
              registrationNumber: parentCompanyData.registrationNumber || null,
              panNumber: parentCompanyData.panNumber || null,
@@ -1817,7 +1956,7 @@ export class HostService {
              facebookUrl: parentCompanyData.facebookUrl || null,
              linkedinUrl: parentCompanyData.linkedinUrl || null,
              twitterUrl: parentCompanyData.twitterUrl || null,
-            },
+            } as any,
          });

          if (parentDocuments?.length) {
@@ -1837,6 +1976,9 @@ export class HostService {
            where: { id: parentRecord.id },
            data: {
              companyName: parentCompanyData.companyName || null,
+              firstName: parentCompanyData.firstName || null,
+              lastName: parentCompanyData.lastName || null,
+              mobileNumber: parentCompanyData.mobileNumber || null,
              address1: parentCompanyData.address1 || null,
              address2: parentCompanyData.address2 || null,
              cities:
@@ -1858,9 +2000,9 @@ export class HostService {
                  : undefined,
              pinCode: parentCompanyData.pinCode || null,
              logoPath: options?.deleteParentCompanyLogo
-                ? parentCompanyData?.logoPath ?? null
-                : parentCompanyData?.logoPath ||
-                  existingParentCompany?.logoPath ||
+                ? null
+                : resolveIncomingLogoPath(parentCompanyData?.logoPath) ??
+                existingParentCompany?.logoPath ??
                null,
              registrationNumber: parentCompanyData.registrationNumber || null,
              panNumber: parentCompanyData.panNumber || null,
@@ -1876,7 +2018,7 @@ export class HostService {
              facebookUrl: parentCompanyData.facebookUrl || null,
              linkedinUrl: parentCompanyData.linkedinUrl || null,
              twitterUrl: parentCompanyData.twitterUrl || null,
-            },
+            } as any,
          });

          // if (parentDocuments?.length) {
--- a/src/modules/host/services/hostMember.service.ts
+++ b/src/modules/host/services/hostMember.service.ts
@@ -0,0 +1,497 @@
+import { Injectable } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+
+import { ROLE, USER_STATUS } from '../../../common/utils/constants/common.constant';
+import { PaginationOptions } from '../../../common/utils/pagination/pagination.types';
+import ApiError from '../../../common/utils/helper/ApiError';
+
+const ALLOWED_MEMBER_ROLES = new Set([ROLE.CO_ADMIN, ROLE.OPERATOR]);
+
+function normalizeIdArray(values: unknown): number[] {
+  if (!Array.isArray(values)) {
+    return [];
+  }
+
+  return Array.from(
+    new Set(
+      values
+        .map((item) => Number(item))
+        .filter((item) => Number.isInteger(item) && item > 0),
+    ),
+  );
+}
+
+@Injectable()
+export class HostMemberService {
+  constructor(private prisma: PrismaClient) {}
+
+  async getAllInvitedCoadminAndOperator(input: {
+    hostUserXid: number;
+    search?: string;
+    paginationOptions?: PaginationOptions;
+  }) {
+    const host = await this.prisma.hostHeader.findFirst({
+      where: {
+        userXid: input.hostUserXid,
+        isActive: true,
+        deletedAt: null,
+      },
+      select: {
+        id: true,
+        companyName: true,
+      },
+    });
+
+    if (!host) {
+      throw new ApiError(404, 'Host company not found for the logged-in user.');
+    }
+
+    const filters: any = {
+      hostXid: host.id,
+      roleXid: {
+        in: [ROLE.CO_ADMIN, ROLE.OPERATOR],
+      },
+      memberStatus: 'invited',
+      isActive: true,
+      deletedAt: null,
+      user: {
+        isActive: true,
+        deletedAt: null,
+      },
+    };
+
+    if (input.search?.trim()) {
+      const term = input.search.trim();
+      filters.user = {
+        ...filters.user,
+        OR: [
+          { emailAddress: { contains: term, mode: 'insensitive' as const } },
+          { firstName: { contains: term, mode: 'insensitive' as const } },
+          { lastName: { contains: term, mode: 'insensitive' as const } },
+          { mobileNumber: { contains: term, mode: 'insensitive' as const } },
+          { userRefNumber: { contains: term, mode: 'insensitive' as const } },
+        ],
+      };
+    }
+
+    const totalCount = await this.prisma.hostMembers.count({
+      where: filters,
+    });
+
+    const members = await this.prisma.hostMembers.findMany({
+      where: filters,
+      select: {
+        id: true,
+        hostXid: true,
+        userXid: true,
+        roleXid: true,
+        memberStatus: true,
+        invitedOn: true,
+        acceptedOn: true,
+        hostRolePermissionMasterXid: true,
+        user: {
+          select: {
+            id: true,
+            firstName: true,
+            lastName: true,
+            emailAddress: true,
+            mobileNumber: true,
+            userRefNumber: true,
+            userStatus: true,
+            role: {
+              select: {
+                id: true,
+                roleName: true,
+              },
+            },
+          },
+        },
+        role: {
+          select: {
+            id: true,
+            roleName: true,
+          },
+        },
+        invitedBy: {
+          select: {
+            id: true,
+            firstName: true,
+            lastName: true,
+            emailAddress: true,
+          },
+        },
+        hostRolePermissionMaster: {
+          select: {
+            id: true,
+            permissionMasterXids: true,
+          },
+        },
+        managedActivities: {
+          where: {
+            isActive: true,
+            deletedAt: null,
+          },
+          select: {
+            activityXid: true,
+            activity: {
+              select: {
+                id: true,
+                activityTitle: true,
+              },
+            },
+          },
+          orderBy: {
+            activityXid: 'asc',
+          },
+        },
+      },
+      orderBy: {
+        invitedOn: 'desc',
+      },
+      skip: input.paginationOptions?.skip ?? 0,
+      take: input.paginationOptions?.limit ?? 10,
+    });
+
+    const permissionIds = Array.from(
+      new Set(
+        members.flatMap((member) =>
+          normalizeIdArray(member.hostRolePermissionMaster?.permissionMasterXids),
+        ),
+      ),
+    );
+
+    const permissionMasters = permissionIds.length
+      ? await this.prisma.hostPermissionMasters.findMany({
+          where: {
+            id: { in: permissionIds },
+            isActive: true,
+            deletedAt: null,
+          },
+          select: {
+            id: true,
+            displayLabel: true,
+          },
+        })
+      : [];
+
+    const permissionLabelMap = new Map(
+      permissionMasters.map((permission) => [permission.id, permission.displayLabel]),
+    );
+
+    const data = members.map((member) => {
+      const permissionMasterXids = normalizeIdArray(
+        member.hostRolePermissionMaster?.permissionMasterXids,
+      );
+
+      return {
+        hostMemberId: member.id,
+        hostXid: member.hostXid,
+        hostCompanyName: host.companyName,
+        userXid: member.userXid,
+        roleXid: member.roleXid,
+        roleName: member.role?.roleName ?? member.user.role?.roleName ?? null,
+        permissionMasterXid: member.hostRolePermissionMasterXid,
+        permissionMasterXids,
+        permissionLabels: permissionMasterXids
+          .map((permissionId) => permissionLabelMap.get(permissionId))
+          .filter(Boolean),
+        memberStatus: member.memberStatus,
+        invitedOn: member.invitedOn,
+        acceptedOn: member.acceptedOn,
+        invitedBy: member.invitedBy
+          ? {
+              id: member.invitedBy.id,
+              firstName: member.invitedBy.firstName,
+              lastName: member.invitedBy.lastName,
+              emailAddress: member.invitedBy.emailAddress,
+            }
+          : null,
+        user: {
+          id: member.user.id,
+          firstName: member.user.firstName,
+          lastName: member.user.lastName,
+          emailAddress: member.user.emailAddress,
+          mobileNumber: member.user.mobileNumber,
+          userRefNumber: member.user.userRefNumber,
+          userStatus: member.user.userStatus,
+        },
+        activities: member.managedActivities.map((activityLink) => ({
+          id: activityLink.activity.id,
+          activityXid: activityLink.activityXid,
+          activityTitle: activityLink.activity.activityTitle,
+        })),
+      };
+    });
+
+    return {
+      data,
+      totalCount,
+    };
+  }
+
+  async inviteMember(input: {
+    inviterUserXid: number;
+    emailAddress: string;
+    roleXid: number;
+    permissionMasterXid: number;
+    activityXids: unknown;
+  }) {
+    const normalizedEmail = input.emailAddress.trim().toLowerCase();
+    const roleXid = Number(input.roleXid);
+    const permissionMasterXid = Number(input.permissionMasterXid);
+    const activityXids = normalizeIdArray(input.activityXids);
+
+    if (!normalizedEmail) {
+      throw new ApiError(400, 'emailAddress is required.');
+    }
+
+    if (!Number.isInteger(roleXid) || !ALLOWED_MEMBER_ROLES.has(roleXid)) {
+      throw new ApiError(
+        400,
+        'roleXid must be one of CO_ADMIN or OPERATOR.',
+      );
+    }
+
+    if (!Number.isInteger(permissionMasterXid) || permissionMasterXid <= 0) {
+      throw new ApiError(400, 'permissionMasterXid is required.');
+    }
+
+    if (!activityXids.length) {
+      throw new ApiError(400, 'At least one activity is required.');
+    }
+
+    return this.prisma.$transaction(async (tx) => {
+      const host = await tx.hostHeader.findFirst({
+        where: {
+          userXid: input.inviterUserXid,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          companyName: true,
+          userXid: true,
+        },
+      });
+
+      if (!host) {
+        throw new ApiError(404, 'Host company not found for the logged-in user.');
+      }
+
+      if (host.userXid !== input.inviterUserXid) {
+        throw new ApiError(403, 'Only the host owner can invite members.');
+      }
+
+      const permissionMaster = await tx.hostRolePermissionMasters.findFirst({
+        where: {
+          id: permissionMasterXid,
+          hostXid: host.id,
+          roleXid,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          hostXid: true,
+          roleXid: true,
+          permissionMasterXids: true,
+          role: {
+            select: {
+              id: true,
+              roleName: true,
+            },
+          },
+        },
+      });
+
+      if (!permissionMaster) {
+        throw new ApiError(
+          404,
+          'Permission master not found for the selected host and role.',
+        );
+      }
+
+      const selectedPermissionMasterXids = normalizeIdArray(
+        permissionMaster.permissionMasterXids,
+      );
+
+      const permissionDetails = await tx.hostPermissionMasters.findMany({
+        where: {
+          id: { in: selectedPermissionMasterXids },
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          permissionKey: true,
+          permissionGroup: true,
+          permissionSection: true,
+          permissionAction: true,
+          displayLabel: true,
+          displayOrder: true,
+        },
+        orderBy: {
+          displayOrder: 'asc',
+        },
+      });
+
+      if (permissionDetails.length !== selectedPermissionMasterXids.length) {
+        throw new ApiError(
+          400,
+          'One or more saved permission XIDs no longer exist in the master table.',
+        );
+      }
+
+      const activities = await tx.activities.findMany({
+        where: {
+          id: { in: activityXids },
+          hostXid: host.id,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          activityTitle: true,
+        },
+      });
+
+      if (activities.length !== activityXids.length) {
+        throw new ApiError(
+          400,
+          'One or more selected activities are invalid for this host.',
+        );
+      }
+
+      const existingUser = await tx.user.findFirst({
+        where: {
+          emailAddress: normalizedEmail,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          emailAddress: true,
+          roleXid: true,
+          userStatus: true,
+        },
+      });
+
+      let user =
+        existingUser ??
+        (await tx.user.create({
+          data: {
+            emailAddress: normalizedEmail,
+            roleXid: ROLE.HOST,
+            userStatus: USER_STATUS.INVITED,
+            isActive: true,
+          },
+          select: {
+            id: true,
+            emailAddress: true,
+            roleXid: true,
+            userStatus: true,
+          },
+        }));
+
+      if (existingUser && existingUser.roleXid !== ROLE.HOST) {
+        user = await tx.user.update({
+          where: { id: existingUser.id },
+          data: {
+            roleXid: ROLE.HOST,
+            userStatus: USER_STATUS.INVITED,
+            isActive: true,
+          },
+          select: {
+            id: true,
+            emailAddress: true,
+            roleXid: true,
+            userStatus: true,
+          },
+        });
+      }
+
+      const existingMembership = await tx.hostMembers.findFirst({
+        where: {
+          userXid: user.id,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          hostXid: true,
+        },
+      });
+
+      if (existingMembership && existingMembership.hostXid !== host.id) {
+        throw new ApiError(
+          409,
+          'This person is already invited or assigned to another host company.',
+        );
+      }
+
+      const membershipData = {
+        hostXid: host.id,
+        userXid: user.id,
+        roleXid,
+        hostRolePermissionMasterXid: permissionMaster.id,
+        memberStatus: 'invited',
+        invitedByXid: input.inviterUserXid,
+        invitedOn: new Date(),
+        acceptedOn: null,
+        isActive: true,
+      };
+
+      const hostMember = existingMembership
+        ? await tx.hostMembers.update({
+            where: { id: existingMembership.id },
+            data: membershipData,
+            select: {
+              id: true,
+              hostXid: true,
+              userXid: true,
+              roleXid: true,
+              hostRolePermissionMasterXid: true,
+              memberStatus: true,
+              invitedByXid: true,
+              invitedOn: true,
+            },
+          })
+        : await tx.hostMembers.create({
+            data: membershipData,
+            select: {
+              id: true,
+              hostXid: true,
+              userXid: true,
+              roleXid: true,
+              hostRolePermissionMasterXid: true,
+              memberStatus: true,
+              invitedByXid: true,
+              invitedOn: true,
+            },
+          });
+
+      await tx.hostMemberActivities.deleteMany({
+        where: {
+          hostMemberXid: hostMember.id,
+        },
+      });
+
+      await tx.hostMemberActivities.createMany({
+        data: activities.map((activity) => ({
+          hostMemberXid: hostMember.id,
+          activityXid: activity.id,
+          isActive: true,
+        })),
+      });
+
+      return {
+        host,
+        user,
+        hostMember,
+        permissionMaster,
+        permissionDetails,
+        activities,
+      };
+    });
+  }
+}
--- a/src/modules/host/services/hostRolePermission.service.ts
+++ b/src/modules/host/services/hostRolePermission.service.ts
@@ -0,0 +1,129 @@
+import { Injectable } from '@nestjs/common';
+import { PrismaClient } from '@prisma/client';
+
+import ApiError from '../../../common/utils/helper/ApiError';
+
+function normalizeIdArray(values: unknown): number[] {
+  if (!Array.isArray(values)) {
+    return [];
+  }
+
+  return Array.from(
+    new Set(
+      values
+        .map((item) => Number(item))
+        .filter((item) => Number.isInteger(item) && item > 0),
+    ),
+  );
+}
+
+@Injectable()
+export class HostRolePermissionService {
+  constructor(private prisma: PrismaClient) {}
+
+  async saveRolePermissions(input: {
+    hostUserXid: number;
+    roleXid: number;
+    permissionMasterXids: unknown;
+  }) {
+    const permissionMasterXids = normalizeIdArray(input.permissionMasterXids);
+
+    if (!permissionMasterXids.length) {
+      throw new ApiError(400, 'permissionMasterXids is required.');
+    }
+
+    return this.prisma.$transaction(async (tx) => {
+      const host = await tx.hostHeader.findFirst({
+        where: {
+          userXid: input.hostUserXid,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          companyName: true,
+          userXid: true,
+        },
+      });
+
+      if (!host) {
+        throw new ApiError(404, 'Host company not found for the logged-in user.');
+      }
+
+      const role = await tx.roles.findFirst({
+        where: {
+          id: input.roleXid,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          roleName: true,
+        },
+      });
+
+      if (!role) {
+        throw new ApiError(400, 'Invalid roleXid.');
+      }
+
+      const selectedPermissions = await tx.hostPermissionMasters.findMany({
+        where: {
+          id: { in: permissionMasterXids },
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          permissionKey: true,
+          permissionGroup: true,
+          permissionSection: true,
+          permissionAction: true,
+          displayLabel: true,
+          displayOrder: true,
+        },
+        orderBy: {
+          displayOrder: 'asc',
+        },
+      });
+
+      if (selectedPermissions.length !== permissionMasterXids.length) {
+        throw new ApiError(400, 'One or more permissionMasterXids are invalid.');
+      }
+
+      const saved = await tx.hostRolePermissionMasters.upsert({
+        where: {
+          hostXid_roleXid: {
+            hostXid: host.id,
+            roleXid: role.id,
+          },
+        },
+        create: {
+          hostXid: host.id,
+          roleXid: role.id,
+          permissionMasterXids,
+          isActive: true,
+        },
+        update: {
+          permissionMasterXids,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+          hostXid: true,
+          roleXid: true,
+          permissionMasterXids: true,
+          createdAt: true,
+          updatedAt: true,
+        },
+      });
+
+      return {
+        host,
+        role,
+        saved,
+        selectedPermissions,
+      };
+    });
+  }
+}
--- a/src/modules/host/services/resendOTPEmail.service.ts
+++ b/src/modules/host/services/resendOTPEmail.service.ts
@@ -10,13 +10,16 @@ export async function resendOtpEmail(
  //  messageId: string
 }> {

-  const subject = "New OTP from Minglar Team";
+  const subject = "Your Minglar Verification Code";

  const htmlContent = `
-    <p>Dear ${role},</p>
-    <p>Your new OTP is: <strong>${otp}</strong></p>
-    <p>This code will be valid for the next 5 minutes.</p>
-    <p>Warm regards,<br/>Minglar Team</p>
+    <p>Hi ${role},</p>
+    <p>Here's your verification code to get started:</p>
+    <p><strong>${otp}</strong></p>
+    <p>This code is valid for the next 5 minutes.</p>
+    <p>Once verified, you can continue setting up your Minglar account. If you didn't request this, you can safely ignore this email.</p>
+    <p>Need help? Reach out to us at info@minglargroup.com.</p>
+    <p>Warm regards,<br/>Team Minglar</p>
  `;

  try {
@@ -37,3 +40,5 @@ export async function resendOtpEmail(
    throw new ApiError(500, "Failed to send OTP to host via email.");
  }
 }
+
+
--- a/src/modules/host/services/sendHostMemberInvitationEmail.service.ts
+++ b/src/modules/host/services/sendHostMemberInvitationEmail.service.ts
@@ -0,0 +1,51 @@
+import { brevoService } from '../../../common/email/brevoApi';
+import ApiError from '../../../common/utils/helper/ApiError';
+import config from '../../../config/config';
+
+export async function sendHostMemberInvitationEmail(
+  emailAddress: string,
+  hostName: string,
+  memberRole: string,
+  permissionLabels: string[],
+  activityNames: string[],
+): Promise<{
+  sent: boolean;
+}> {
+  const subject = `Invitation to join ${hostName} on Minglar Host`;
+
+  const permissionsHtml = permissionLabels.length
+    ? `<ul>${permissionLabels.map((permission) => `<li>${permission}</li>`).join('')}</ul>`
+    : '<p>No permissions were assigned.</p>';
+
+  const activitiesHtml = activityNames.length
+    ? `<ul>${activityNames.map((activity) => `<li>${activity}</li>`).join('')}</ul>`
+    : '<p>No activities were assigned.</p>';
+
+  const htmlContent = `
+    <p>Hi there,</p>
+    <p>You have been invited by <strong>${hostName}</strong> to join the Minglar Host portal as <strong>${memberRole}</strong>.</p>
+    <p>The following permissions have been assigned to your account:</p>
+    ${permissionsHtml}
+    <p>The following activities have been assigned to you:</p>
+    ${activitiesHtml}
+    <p>You can access the host portal using the link below:</p>
+    <p><a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a></p>
+    <p>If you were not expecting this invitation, you can ignore this email.</p>
+    <p>Warm regards,<br/>Team Minglar</p>
+  `;
+
+  try {
+    await brevoService.sendEmail({
+      recipients: [{ email: emailAddress }],
+      subject,
+      htmlContent,
+    });
+
+    return {
+      sent: true,
+    };
+  } catch (err) {
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send host member invitation email.');
+  }
+}
--- a/src/modules/host/services/sendHostResubmitEmailToAM.service.ts
+++ b/src/modules/host/services/sendHostResubmitEmailToAM.service.ts
@@ -1,23 +1,39 @@
 import { brevoService } from "@/common/email/brevoApi";
 import ApiError from "@/common/utils/helper/ApiError";
+import config from '../../../config/config';

 export async function sendEmailToAM(
    emailAddress: string,
    amName: string,
    hostCompanyName: string,
-    hostRefNumber: string
+    activityName: string
 ): Promise<{
    sent: boolean;
    //  messageId: string
 }> {

-    const subject = `Host Application Re-Submited : ${hostCompanyName}`;
+    const subject = `${hostCompanyName} Has Resubmitted Their Application`;

  const htmlContent = `
-    <p>Dear ${amName},</p>
-    <p>Host ${hostCompanyName} with reference number: <strong>${hostRefNumber}</strong> has re-submited the application with implimented suggestions.</p>
-    <p>Please review their appliaction and take the necessary action.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hello ${amName},</p>
+
+  <p>
+    ${hostCompanyName} has updated and re-submitted their pre-qualification details of ${activityName} for your review.
+  </p>
+
+  <p>
+    Please click on the link below to log in to your dashboard to review the revised submission and proceed with the necessary action.
+  </p>
+
+  <p>
+    <strong>Review Application</strong><br/>
+    <a href="${config.AM_INTERFACE_LINK}" target="_blank">${config.AM_INTERFACE_LINK}</a>
+  </p>
+
+  <p>
+    Thank you,<br/>
+    Minglar Team
+  </p>
 `;

    try {
@@ -49,13 +65,14 @@ export async function sendEmailToMinglarAdmin(
    //  messageId: string
 }> {

-    const subject = `New Host Application Recieved : ${hostCompanyName}`;
+    const subject = "New Host Application Submitted for Review";

    const htmlContent = `
-    <p>Dear ${minglarAdminName},</p>
-    <p>Host ${hostCompanyName} with reference number: <strong>${hostRefNumber}</strong> has submited their application.</p>
-    <p>Please review their appliaction and take the necessary action.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+    <p>Hi ${minglarAdminName},</p>
+    <p>${hostCompanyName} has submitted their application and is awaiting your review.</p>
+    <p>Reference number: <strong>${hostRefNumber}</strong></p>
+    <p>Please log in to your dashboard to review the submission and take the necessary action.</p>
+    <p>Thank you,<br/>Minglar Team</p>
  `;

    try {
@@ -81,19 +98,34 @@ export async function sendPQPEmailToAM(
    emailAddress: string,
    minglarAdminName: string,
    hostCompanyName: string,
-    hostRefNumber: string
+    activityName: string
 ): Promise<{
    sent: boolean;
    //  messageId: string
 }> {

-    const subject = `New Pre-qualification Questionnaire from : ${hostCompanyName}`;
+    const subject = "New Host Application Submitted for Review";

   const htmlContent = `
-    <p>Dear ${minglarAdminName},</p>
-    <p>Host ${hostCompanyName} with reference number: <strong>${hostRefNumber}</strong> has submited their pre-qualification questionnaire.</p>
-    <p>Please review their appliaction and take the necessary action.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hi ${minglarAdminName},</p>
+
+  <p>
+    ${hostCompanyName} has submitted the pre-qualification details for ${activityName} and is awaiting your review.
+  </p>
+
+  <p>
+    Please click the link below to log in to your dashboard, review the submission, and take the necessary action:
+  </p>
+
+  <p>
+    <strong>Review Application</strong><br/>
+    <a href="${config.HOST_LINK_PQ}" target="_blank">${config.HOST_LINK_PQ}</a>
+  </p>
+
+  <p>
+    Thank you,<br/>
+    Minglar Team
+  </p>
 `;

    try {
@@ -114,3 +146,4 @@ export async function sendPQPEmailToAM(
        throw new ApiError(500, "Failed to send OTP to host via email.");
    }
 }
+
--- a/src/modules/host/services/sendOTPEmail.service.ts
+++ b/src/modules/host/services/sendOTPEmail.service.ts
@@ -1,22 +1,24 @@
-import { brevoService } from "@/common/email/brevoApi";
-import ApiError from "@/common/utils/helper/ApiError";
+import { brevoService } from '../../../common/email/brevoApi';
+import ApiError from '../../../common/utils/helper/ApiError';
+import config from '../../../config/config';

 export async function sendOtpEmailForHost(
  emailAddress: string,
-  otp: string | number
+  otp: string | number,
 ): Promise<{
  sent: boolean;
  //  messageId: string
 }> {
-
-  const subject = "OTP for Host Registration";
+  const subject = 'Your Minglar Verification Code';

  const htmlContent = `
-    <p>Dear Host,</p>
-    <p>You’re almost all set! 🎉</p>
-    <p>Enter <strong>${otp}</strong> to wrap your registration.</p>
-    <p>This code will be valid for the next 5 minutes.</p>
-    <p>Warm regards,<br/>Minglar Team</p>
+    <p>Hi there 👋</p>
+    <p>Here’s your verification code to get started:</p>
+    <p><strong>${otp}</strong></p>
+    <p>This code is valid for the next 5 minutes.</p>
+    <p>Once verified, you can continue setting up your Minglar account. If you didn’t request this, you can safely ignore this email.</p>
+    <p>Need help? Reach out to us at info@minglargroup.com.</p>
+    <p>Warm regards,<br />Team Minglar</p>
  `;

  try {
@@ -33,7 +35,67 @@ export async function sendOtpEmailForHost(
      // messageId: result.messageId
    };
  } catch (err) {
-    console.error("Brevo email send failed:", err);
-    throw new ApiError(500, "Failed to send OTP to host via email.");
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to host via email.');
+  }
+}
+
+export async function sendWelcomeEmailToHost(emailAddress: string): Promise<{
+  sent: boolean;
+  //  messageId: string
+}> {
+  const subject = 'Get Started as a Minglar Host';
+
+  const htmlContent = `
+  <p>Hi ${emailAddress},</p>
+
+  <p>We’re excited to have you join Minglar as a host. Welcome aboard! 🌟</p>
+
+  <p>To get started and bring your activities live, here’s what comes next:</p>
+
+  <p><strong>Your next steps:</strong></p>
+
+  <p>1. Complete your host profile</p>
+  <p>2. Complete the pre-qualification process for all your activities</p>
+  <p>3. Submit your activity details for review</p>
+  <p>4. Go live and start receiving bookings</p>
+
+  <p>
+    👉 <strong>Access your Host Portal:</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    If you need any support along the way, our team is always here to help.
+    You can reach us anytime at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>.
+  </p>
+
+  <p>
+    We’re looking forward to seeing your experiences come to life on Minglar.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Team Minglar
+  </p>
+`;
+
+  try {
+    const result = await brevoService.sendEmail({
+      recipients: [{ email: emailAddress }],
+      subject,
+      htmlContent,
+    });
+
+    // console.log("📧 Email sent successfully:", result);
+
+    return {
+      sent: true,
+      // messageId: result.messageId
+    };
+  } catch (err) {
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to host via email.');
  }
 }
--- a/src/modules/minglaradmin/handlers/hosthub/hosts/acceptActivityApplicationByAM.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/hosts/acceptActivityApplicationByAM.ts
@@ -3,7 +3,6 @@ import { prismaClient } from '../../../../../common/database/prisma.lambda.servi
 import { verifyMinglarAdminToken } from '../../../../../common/middlewares/jwt/authForMinglarAdmin';
 import { safeHandler } from '../../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../../common/utils/helper/ApiError';
-import { sendActivityAcceptanceMailtoHost } from '../../../../minglaradmin/services/approvalMailtoHost.service';
 import { MinglarService } from '../../../services/minglar.service';

 const minglarService = new MinglarService(prismaClient);
@@ -40,9 +39,6 @@ export const handler = safeHandler(async (
        Number(activityId),
        Number(userInfo.id)
    );
-    const hostXid = await minglarService.getHostXidByActivityId(activityId)
-    const hostDetails = await minglarService.getUserDetails(hostXid)
-    await sendActivityAcceptanceMailtoHost(hostDetails.emailAddress, hostDetails.firstName)

    return {
        statusCode: 201,
--- a/src/modules/minglaradmin/handlers/hosthub/onboarding/rejectHostApplication.ts
+++ b/src/modules/minglaradmin/handlers/hosthub/onboarding/rejectHostApplication.ts
@@ -50,7 +50,7 @@ export const handler = safeHandler(async (
  if (!hostDetails?.emailAddress) {
    throw new ApiError(404, 'Host details or email address not found');
  }
-  await sendEmailToHostForRejectedApplication(hostDetails.emailAddress)
+  await sendEmailToHostForRejectedApplication(hostDetails.emailAddress, hostDetails.firstName || 'Host');

  return {
    statusCode: 200,
--- a/src/modules/minglaradmin/services/AMEmail.service.ts
+++ b/src/modules/minglaradmin/services/AMEmail.service.ts
@@ -2,18 +2,29 @@
 import { brevoService } from '@/common/email/brevoApi';
 import ApiError from '@/common/utils/helper/ApiError';

-export async function sendAMEmailForHostAssign(emailAddress: string): Promise<{
+export async function sendAMEmailForHostAssign(emailAddress: string, accountManagerName?: string): Promise<{
  sent: boolean;
  //  messageId: string
 }> {
-  const subject = 'Minglar Admin: Host Assignment Notification';
+  const subject = "You've Been Assigned a New Host";
+
+  const displayName = accountManagerName?.trim() || "there";

 const htmlContent = `
-    <p>Hi,</p>
+  <p>Hi ${displayName},</p>

-    <p>You’ve been assigned the <strong>Host</strong> role by Minglar Admin.</p>
+  <p>
+    A new host has been assigned to you by the Minglar team.
+  </p>

-    <p>Best regards,<br/>Minglar Admin Team</p>
+  <p>
+    You can now manage and support this host through your admin dashboard. Log in to review the host’s details, connect with them, and take the next steps as needed.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Minglar Team
+  </p>
 `;

  try {
@@ -35,3 +46,5 @@ export async function sendAMEmailForHostAssign(emailAddress: string): Promise<{
  }
 }
 // ...existing code...
+
+
--- a/src/modules/minglaradmin/services/amNotification.service.ts
+++ b/src/modules/minglaradmin/services/amNotification.service.ts
@@ -24,7 +24,8 @@ export class AMNotificationService {
    }

    try {
-      await sendAMEmailForHostAssign(amUser.emailAddress);
+      const amName = [amUser.firstName, amUser.lastName].filter(Boolean).join(' ').trim();
+      await sendAMEmailForHostAssign(amUser.emailAddress, amName);
      return true;
    } catch (err) {
      console.error('Error sending AM assignment email', err);
--- a/src/modules/minglaradmin/services/approvalMailtoHost.service.ts
+++ b/src/modules/minglaradmin/services/approvalMailtoHost.service.ts
@@ -1,24 +1,45 @@
-import { brevoService } from "../../../common/email/brevoApi";
-import ApiError from "../../../common/utils/helper/ApiError";
-import config from "../../../config/config";
+import { brevoService } from '../../../common/email/brevoApi';
+import ApiError from '../../../common/utils/helper/ApiError';
+import config from '../../../config/config';

 export async function sendEmailToHostForApprovedApplication(
  emailAddress: string,
-    name: string
+  name: string,
 ): Promise<{
  sent: boolean;
  //  messageId: string
 }> {
-
-    const subject = "Approval for your application";
+  const subject = 'Host Onboarding Application Approved';

  const htmlContent = `
-    <p>Dear ${name},</p>
-    <p>Congratulations, Your application to minglar admin has been approved.</p>
-    <p>You can start onboarding your activities through the host panel.</p>
-    <p> You can login to your account using the link below:<br/> 
-    <strong>Link:</strong> ${config.HOST_LINK} </p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hi ${emailAddress},</p>
+
+  <p>
+    We’re pleased to inform you that your host onboarding application has been approved by our team.
+  </p>
+
+  <p>
+    You can now proceed with completing your activity pre-qualification process.
+  </p>
+
+  <p>
+    Please click the link below to log in to your account and continue:
+  </p>
+
+  <p>
+    <strong>Host Portal Login</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    If you have any questions or need assistance, feel free to reach out to us at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Minglar Team
+  </p>
 `;

  try {
@@ -28,15 +49,15 @@ export async function sendEmailToHostForApprovedApplication(
      htmlContent,
    });

-        console.log("📧 Email sent successfully:", result);
+    console.log('📧 Email sent successfully:', result);

    return {
      sent: true,
      // messageId: result.messageId
    };
  } catch (err) {
-        console.error("Brevo email send failed:", err);
-        throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to minglar admin via email.');
  }
 }

@@ -46,14 +67,16 @@ export async function sendEmailToHostForMinglarApproval(
  sent: boolean;
  //  messageId: string
 }> {
-
-    const subject = "Approval for your application";
+  const subject = 'Host Onboarding Application Approved';

  const htmlContent = `
-    <p>Dear Host,</p>
-    <p>Congratulations, Your application to minglar admin has been approved by minglar admin.</p>
-    <p>Minglar admin will assign account manager to your application.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+    <p>Hi there,</p>
+    <p>We're pleased to inform you that your host onboarding application has been approved by our team.</p>
+    <p>You can now proceed with completing your activity pre-qualification process.</p>
+    <p>Please click the link below to log in to your account and continue:</p>
+    <p><a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a></p>
+    <p>If you have any questions or need assistance, feel free to reach out to us at info@minglargroup.com.</p>
+    <p>Warm regards,<br/>Minglar Team</p>
  `;

  try {
@@ -63,35 +86,56 @@ export async function sendEmailToHostForMinglarApproval(
      htmlContent,
    });

-        console.log("📧 Email sent successfully:", result);
+    console.log('📧 Email sent successfully:', result);

    return {
      sent: true,
      // messageId: result.messageId
    };
  } catch (err) {
-        console.error("Brevo email send failed:", err);
-        throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to minglar admin via email.');
  }
 }

 export async function sendAMPQQAcceptanceMailtoHost(
  emailAddress: string,
-    name: string
+  name: string,
 ): Promise<{
  sent: boolean;
  //  messageId: string
 }> {
-
-    const subject = "Approval for your activity onboarding application";
+  const subject = 'Your Activity Has Been Qualified for Onboarding';

  const htmlContent = `
-    <p>Dear ${name},</p>
-    <p>Congratulations, Your activity onboarding application to minglar admin has been approved.</p>
-    <p>You can start adding other details of your activity through the host panel.</p>
-    <p> You can login to your account using the link below:<br/> 
-    <strong>Link:</strong> ${config.HOST_LINK_PQ} </p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hi ${name},</p>
+
+  <p>
+    We’re pleased to inform you that your activity has been qualified on the Minglar platform.
+  </p>
+
+  <p>
+    You can now proceed to complete the details of your activity through the Host portal.
+  </p>
+
+  <p>
+    Please click the link below to log in to your account and continue:
+  </p>
+
+  <p>
+    <strong>Host Portal Login</strong><br/>
+    <a href="${config.HOST_LINK_PQ}" target="_blank">${config.HOST_LINK_PQ}</a>
+  </p>
+
+  <p>
+    If you have any questions or need assistance, feel free to reach out at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Minglar Team
+  </p>
 `;

  try {
@@ -101,35 +145,59 @@ export async function sendAMPQQAcceptanceMailtoHost(
      htmlContent,
    });

-        console.log("📧 Email sent successfully:", result);
+    console.log('📧 Email sent successfully:', result);

    return {
      sent: true,
      // messageId: result.messageId
    };
  } catch (err) {
-        console.error("Brevo email send failed:", err);
-        throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to minglar admin via email.');
  }
 }

 export async function sendActivityAcceptanceMailtoHost(
  emailAddress: string,
-    name: string
+  name: string,
 ): Promise<{
  sent: boolean;
  //  messageId: string
 }> {
-
-    const subject = "Approval for your activity details application";
+  const subject =
+    'Onboarding Completed | You Can Now Set Up Your Activity Schedule and Listing';

  const htmlContent = `
-    <p>Dear ${name},</p>
-    <p>Congratulations, Your activity details application to minglar admin has been approved.</p>
-    <p>You can start getting orders for your activity.</p>
-    <p>You can login to your account using the link below:<br/> 
-    <strong>Link:</strong> ${config.HOST_LINK} </p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hi ${name},</p>
+
+  <p>Great news! 🎉</p>
+
+  <p>
+    You have successfully completed the onboarding process for your activity on Minglar.
+  </p>
+
+  <p>
+    You can now move on to the next step by setting up your activity’s schedule. Once this is done, your activity will be ready to be listed on the Minglar app.
+  </p>
+
+  <p>
+    👉 <strong>Access your Host Portal:</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    If you have any questions or need assistance while setting things up, our team is here to help at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>.
+  </p>
+
+  <p>
+    We’re excited to see your activity take shape and look forward to having it live on Minglar soon.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Team Minglar
+  </p>
 `;

  try {
@@ -139,14 +207,71 @@ export async function sendActivityAcceptanceMailtoHost(
      htmlContent,
    });

-        console.log("📧 Email sent successfully:", result);
+    console.log('📧 Email sent successfully:', result);

    return {
      sent: true,
      // messageId: result.messageId
    };
  } catch (err) {
-        console.error("Brevo email send failed:", err);
-        throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send OTP to minglar admin via email.');
  }
 }
+
+export async function sendActivityScheduleApprovedMailtoHost(
+  emailAddress: string,
+  name: string,
+): Promise<{
+  sent: boolean;
+}> {
+  const subject = 'Activity Schedule Approved | Let’s Go Live!!';
+
+  const htmlContent = `
+  <p>Hi ${name},</p>
+
+  <p>Your activity schedule has been officially approved.</p>
+
+  <p>
+    Everything is now in place. Your experience is fully configured and queued for launch.
+    Our team is completing the final activation before it goes live on Minglar.
+  </p>
+
+  <p>
+    You can continue managing your availability or adding new time slots anytime through your Host Portal:
+  </p>
+
+  <p>
+    👉 <strong>Host Portal</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    This is a big step. We’re excited to bring your experience to life on Minglar.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    The Minglar Team
+  </p>
+`;
+
+  try {
+    const result = await brevoService.sendEmail({
+      recipients: [{ email: emailAddress }],
+      subject,
+      htmlContent,
+    });
+
+    console.log('📧 Email sent successfully:', result);
+
+    return {
+      sent: true,
+    };
+  } catch (err) {
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send schedule approval email to host.');
+  }
+}
+
+
--- a/src/modules/minglaradmin/services/inviteTeammatesEmail.service.ts
+++ b/src/modules/minglaradmin/services/inviteTeammatesEmail.service.ts
@@ -9,22 +9,35 @@ export async function sendInvitationEmailForMinglarAdmin(
    //  messageId: string
 }> {

-    const subject = "Minglar Admin: Your Team Invitation";
+    const subject = "Team Invitation: Account Manager at Minglar";

   const htmlContent = `
-    <p>Hi there,</p>
-<p>We're excited to invite you to join the <strong>Minglar Admin Team</strong>!<br/>
-Please use the link below to set up your account and get started.</p>
+  <p>Hi ${emailAddress},</p>

-<p><strong>Access Your Invitation:</strong><br/>
-<a href="${link}">${link}</a></p>
+  <p>
+    We’re happy to invite you to join the Minglar team as an Account Manager.
+  </p>

-<p>If you have any questions or need assistance, feel free to reach out — we’re here to help.<br/>
-We look forward to having you on board!</p>
+  <p>
+    To get started, please set up your account using the link below:
+  </p>

-<p>Welcome aboard!<br/>
-<strong>The Minglar Admin Team</strong></p> 
+  <p>
+    <a href="${link}" target="_blank">${link}</a>
+  </p>

+  <p>
+    If you have any questions or need help during the setup process, feel free to reach out.
+  </p>
+
+  <p>
+    We look forward to working with you.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Minglar Team
+  </p>
 `;

    try {
@@ -45,3 +58,4 @@ We look forward to having you on board!</p>
        throw new ApiError(500, "Failed to send invitation via email.");
    }
 }
+
--- a/src/modules/minglaradmin/services/minglar.service.ts
+++ b/src/modules/minglaradmin/services/minglar.service.ts
@@ -144,10 +144,10 @@ export class MinglarService {

  async getUserDetails(id: number) {
    const hostDetail = await this.prisma.hostHeader.findFirst({
-      where: { id: id },
+      where: { id: id, isActive: true },
    });
    const userDetails = await this.prisma.user.findUnique({
-      where: { id: hostDetail.userXid },
+      where: { id: hostDetail.userXid, isActive: true },
    });
    return userDetails;
  }
@@ -1411,7 +1411,7 @@ export class MinglarService {

    const amUser = await this.prisma.user.findUnique({
      where: { id: accountManagerXid, isActive: true },
-      select: { emailAddress: true },
+      select: { emailAddress: true, firstName: true, lastName: true },
    });

    if (!amUser || !amUser.emailAddress) {
@@ -1422,7 +1422,8 @@ export class MinglarService {
    }

    try {
-      await sendAMEmailForHostAssign(amUser.emailAddress);
+      const amName = [amUser.firstName, amUser.lastName].filter(Boolean).join(' ').trim();
+      await sendAMEmailForHostAssign(amUser.emailAddress, amName);
      return true;
    } catch (err) {
      console.error('Error sending AM assignment email', err);
--- a/src/modules/minglaradmin/services/rejectionMailtoHost.service.ts
+++ b/src/modules/minglaradmin/services/rejectionMailtoHost.service.ts
@@ -4,19 +4,34 @@ import config from "../../../config/config";

 export async function sendEmailToHostForRejectedApplication(
    emailAddress: string,
+    firstName: string
 ): Promise<{
    sent: boolean;
    //  messageId: string
 }> {

-    const subject = "Rejection for your application";
+    const subject = "Action Needed: Host Onboarding Application";

  const htmlContent = `
-    <p>Dear Host,</p>
-    <p>Sorry to say that, But your application to minglar admin has been rejected.</p>
-    <p>Please update your application and resubmit it.</p>
-    <p>If you have any questions please contact to minglar admin.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+  <p>Hi ${firstName},</p>
+
+  <p>
+    After reviewing your submission, we’re unable to proceed at this stage, as some details require further updates. We encourage you to log in to your Host portal to review the feedback provided and make the necessary changes.
+  </p>
+
+  <p>
+    <strong>Host Portal Login</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    We appreciate your interest in Minglar and look forward to reviewing your updated application.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    Minglar Team
+  </p>
 `;

    try {
@@ -47,21 +62,14 @@ export async function sendAMRejectionMailtoHost(
    //  messageId: string
 }> {

-    const subject = "Improvement of your application";
+    const subject = "Action Needed: Host Onboarding Application";

    const htmlContent = `
-    <p>Dear ${name},</p>
-    <p> Your account manager has reviewed your application and provided some suggestions. <br/>
-    Please make the necessary improvements and re-submit your application to proceed with the onboarding process on Minglar.</p>
-    <p> You may access your application using the link below:<br/> 
-    <strong>Link:</strong>
-    <a href="${link}" target="_blank">
-      ${link}
-    </a>
-    </p>
-    <p> If you have any questions, please feel free to contact the Minglar Support Team. </p>
-    <p> Best regards,<br/>
-    <strong>Minglar Team</strong> </p>
+    <p>Hi ${name},</p>
+    <p>After reviewing your submission, we're unable to proceed at this stage, as some details require further updates. We encourage you to log in to your Host portal to review the feedback provided and make the necessary changes.</p>
+    <p><a href="${link}" target="_blank">${link}</a></p>
+    <p>We appreciate your interest in Minglar and look forward to reviewing your updated application.</p>
+    <p>Warm regards,<br/>Team Minglar</p>
  `;

    try {
@@ -92,22 +100,41 @@ export async function sendAMPQQRejectionMailtoHost(
    //  messageId: string
 }> {

-    const subject = "Improvement of your activity onboarding application";
+    const subject = "Action Needed: Activity Pre-qualification";

   const htmlContent = `
-    <p>Dear ${name},</p>
+  <p>Hi ${name},</p>

-    <p>Your account manager has reviewed your activity application and provided some suggestions.<br/>
-    Please make the necessary improvements and re-submit your activity application along with the pre-qualification answers to proceed with the onboarding process on Minglar.</p>
+  <p>
+    Thank you for taking the time to submit your activity pre-qualification details on the Minglar platform.
+  </p>

-    <p>You may access your activity onboarding application using the link below:<br/>
-    <strong>Link:</strong> ${config.HOST_LINK}</p>
+  <p>
+    After reviewing your submission, we’re unable to approve the application at this stage. However, we encourage you to make the suggested updates and refinements, as many applications are successfully approved after revision.
+  </p>

-    <p>If you have any questions, please feel free to contact the Minglar Support Team.</p>
+  <p>
+    You can log in to the Host portal to review the feedback and continue updating your application:
+  </p>

-    <p>Best regards,<br/>
-    <strong>Minglar Team</strong></p>
+  <p>
+    <strong>Host Portal Login</strong><br/>
+    <a href="${config.HOST_LINK_PQ}" target="_blank">${config.HOST_LINK_PQ}</a>
+  </p>

+  <p>
+    If you need any guidance, feel free to reach out to us at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>.
+  </p>
+
+  <p>
+    We appreciate your interest in partnering with Minglar and look forward to reviewing your updated submission.
+  </p>
+
+  <p>
+    Thank you,<br/>
+    Minglar Team
+  </p>
 `;

    try {
@@ -138,22 +165,41 @@ export async function sendActivityRejectionMailtoHost(
    //  messageId: string
 }> {

-    const subject = "Improvement of your activity onboarding application";
+    const subject = "Action Needed: Activity Onboarding";

  const htmlContent = `
-    <p>Dear ${name},</p>
+  <p>Hi ${name},</p>

-    <p>Your account manager has reviewed your activity application and provided some suggestions.<br/>
-    Please make the necessary improvements and re-submit your activity application along with the pre-qualification answers to proceed with the onboarding process on Minglar.</p>
+  <p>
+    Thank you for submitting your activity for review.
+  </p>

-    <p>You may access your activity onboarding application using the link below:<br/>
-    <strong>Link:</strong> ${config.HOST_LINK}</p>
+  <p>
+    After evaluating the details provided, we’re unable to approve the listing at this stage. A few updates are required before we can proceed.
+  </p>

-    <p>If you have any questions, please feel free to contact the Minglar Support Team.</p>
+  <p>
+    Please log in to your Host Portal to review the feedback and make the necessary revisions.
+  </p>

-    <p>Best regards,<br/>
-    <strong>Minglar Team</strong></p>
+  <p>
+    👉 <strong>Access your Host Portal:</strong><br/>
+    <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>

+  <p>
+    Once the updates have been submitted, our team will re-evaluate your activity promptly.
+  </p>
+
+  <p>
+    If you have any questions or need clarification on the feedback, feel free to reach out to us at
+    <a href="mailto:info@minglargroup.com">info@minglargroup.com</a>. We’re happy to assist.
+  </p>
+
+  <p>
+    Warm regards,<br/>
+    The Minglar Team
+  </p>
 `;

    try {
@@ -174,3 +220,58 @@ export async function sendActivityRejectionMailtoHost(
        throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
    }
 }
+
+export async function sendActivityScheduleRejectedMailtoHost(
+  emailAddress: string,
+  name: string,
+): Promise<{
+  sent: boolean;
+}> {
+  const subject = 'Changes Required to Approve Your Activity Schedule';
+
+ const htmlContent = `
+  <p>Hi ${name},</p>
+
+  <p>Thank you for submitting your activity schedule for review.</p>
+
+  <p>
+    At this stage, we’re unable to approve the schedule. Please log in to your Host Portal
+    to review the changes required and update the details accordingly.
+  </p>
+
+  <p>
+    👉 <a href="${config.HOST_LINK}" target="_blank">${config.HOST_LINK}</a>
+  </p>
+
+  <p>
+    Once the revisions have been made, our team will promptly review the schedule again so
+    we can move you closer to going live on Minglar.
+  </p>
+
+  <p>
+    We’re looking forward to activating your experience soon.
+  </p>
+
+  <p>
+    The Minglar Team
+  </p>
+`;
+
+  try {
+    const result = await brevoService.sendEmail({
+      recipients: [{ email: emailAddress }],
+      subject,
+      htmlContent,
+    });
+
+    console.log('📧 Email sent successfully:', result);
+
+    return {
+      sent: true,
+    };
+  } catch (err) {
+    console.error('Brevo email send failed:', err);
+    throw new ApiError(500, 'Failed to send schedule rejection email to host.');
+  }
+}
+
--- a/src/modules/minglaradmin/services/sendOTPEmail.service.ts
+++ b/src/modules/minglaradmin/services/sendOTPEmail.service.ts
@@ -9,13 +9,16 @@ export async function sendOtpEmailForMinglarAdmin(
  //  messageId: string
 }> {

-  const subject = "OTP for Minglar Admin Registration";
+  const subject = "Your Minglar Verification Code";

  const htmlContent = `
-    <p>Dear User,</p>
-    <p>Your OTP for minglar admin registration is: <strong>${otp}</strong></p>
-    <p>This code is valid for 5 minutes. Please do not share it with anyone.</p>
-    <p>Best regards,<br/>Minglar Team</p>
+    <p>Hi there,</p>
+    <p>To continue your Minglar Admin registration, please use the following One-Time Password (OTP):</p>
+    <p><strong>${otp}</strong></p>
+    <p>This code is valid for 5 minutes.</p>
+    <p>For your security, please do not share this code with anyone.</p>
+    <p>If you did not request this OTP, please ignore this email.</p>
+    <p>Warm regards,<br/>Minglar Team</p>
  `;

  try {
@@ -36,3 +39,4 @@ export async function sendOtpEmailForMinglarAdmin(
    throw new ApiError(500, "Failed to send OTP to minglar admin via email.");
  }
 }
+
--- a/src/modules/user/handlers/itinerary/cancelUserItinerary.ts
+++ b/src/modules/user/handlers/itinerary/cancelUserItinerary.ts
@@ -0,0 +1,71 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { ItineraryService } from '../../services/itinerary.service';
+
+const itineraryService = new ItineraryService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyUserToken(token);
+  const userId = Number(userInfo.id);
+
+  if (!userId || Number.isNaN(userId)) {
+    throw new ApiError(400, 'Invalid user ID');
+  }
+
+  let body: Record<string, any> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const itineraryHeaderXid =
+    body.itineraryHeaderXid !== undefined && body.itineraryHeaderXid !== null
+      ? Number(body.itineraryHeaderXid)
+      : NaN;
+  const reason =
+    typeof body.reason === 'string' ? body.reason.trim() : '';
+
+  if (!Number.isInteger(itineraryHeaderXid) || itineraryHeaderXid <= 0) {
+    throw new ApiError(400, 'Invalid itineraryHeaderXid.');
+  }
+
+  if (!reason) {
+    throw new ApiError(400, 'Cancellation reason is required.');
+  }
+
+  const result = await itineraryService.cancelUserItinerary(
+    userId,
+    itineraryHeaderXid,
+    reason,
+  );
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Itinerary cancelled successfully',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/handlers/itinerary/getAllUserSavedItineraries.ts
+++ b/src/modules/user/handlers/itinerary/getAllUserSavedItineraries.ts
@@ -7,6 +7,37 @@ import { ItineraryService } from '../../services/itinerary.service';

 const itineraryService = new ItineraryService(prismaClient);

+const parseQueryDate = (value: string, fieldName: string) => {
+  const trimmedValue = value.trim();
+  const isoMatch = trimmedValue.match(/^(\d{4})-(\d{2})-(\d{2})$/);
+
+  if (isoMatch) {
+    const [, year, month, day] = isoMatch;
+    const parsedDate = new Date(Number(year), Number(month) - 1, Number(day));
+
+    if (!Number.isNaN(parsedDate.getTime())) {
+      return parsedDate;
+    }
+  }
+
+  const slashMatch = trimmedValue.match(/^(\d{4})\/(\d{2})\/(\d{2})$/);
+  if (slashMatch) {
+    const [, year, month, day] = slashMatch;
+    const parsedDate = new Date(Number(year), Number(month) - 1, Number(day));
+
+    if (!Number.isNaN(parsedDate.getTime())) {
+      return parsedDate;
+    }
+  }
+
+  const parsedDate = new Date(trimmedValue);
+  if (Number.isNaN(parsedDate.getTime())) {
+    throw new ApiError(400, `Invalid ${fieldName}`);
+  }
+
+  return parsedDate;
+};
+
 export const handler = safeHandler(async (
  event: APIGatewayProxyEvent,
  context?: Context,
@@ -26,7 +57,61 @@ export const handler = safeHandler(async (
    throw new ApiError(400, 'Invalid user ID');
  }

-  const result = await itineraryService.getAllUserSavedItineraries(userId);
+  const itineraryHeaderXidRaw =
+    event.queryStringParameters?.itineraryHeaderXid ?? null;
+  const startDateRaw = event.queryStringParameters?.startDate ?? null;
+  const endDateRaw = event.queryStringParameters?.endDate ?? null;
+
+  let itineraryHeaderXid: number | undefined;
+  if (
+    itineraryHeaderXidRaw !== null &&
+    itineraryHeaderXidRaw !== undefined &&
+    itineraryHeaderXidRaw !== ''
+  ) {
+    itineraryHeaderXid = Number(itineraryHeaderXidRaw);
+
+    if (!Number.isInteger(itineraryHeaderXid) || itineraryHeaderXid <= 0) {
+      throw new ApiError(400, 'Invalid itineraryHeaderXid');
+    }
+  }
+
+  const hasStartDate =
+    startDateRaw !== null &&
+    startDateRaw !== undefined &&
+    startDateRaw.trim() !== '';
+  const hasEndDate =
+    endDateRaw !== null &&
+    endDateRaw !== undefined &&
+    endDateRaw.trim() !== '';
+
+  if (hasStartDate !== hasEndDate) {
+    throw new ApiError(
+      400,
+      'startDate and endDate must be provided together',
+    );
+  }
+
+  let startDate: Date | undefined;
+  let endDate: Date | undefined;
+
+  if (hasStartDate && hasEndDate) {
+    startDate = parseQueryDate(startDateRaw, 'startDate');
+    endDate = parseQueryDate(endDateRaw, 'endDate');
+
+    if (startDate > endDate) {
+      throw new ApiError(
+        400,
+        'startDate must be earlier than or equal to endDate',
+      );
+    }
+  }
+
+  const result = await itineraryService.getAllUserSavedItineraries(
+    userId,
+    itineraryHeaderXid,
+    startDate,
+    endDate,
+  );

  return {
    statusCode: 200,
--- a/src/modules/user/handlers/itinerary/getItineraryCheckoutDetails.ts
+++ b/src/modules/user/handlers/itinerary/getItineraryCheckoutDetails.ts
@@ -0,0 +1,61 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { ItineraryService } from '../../services/itinerary.service';
+
+const itineraryService = new ItineraryService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyUserToken(token);
+  const userId = Number(userInfo.id);
+
+  if (!userId || Number.isNaN(userId)) {
+    throw new ApiError(400, 'Invalid user ID');
+  }
+
+  const itineraryHeaderXidRaw = event.queryStringParameters?.itineraryHeaderXid;
+  if (!itineraryHeaderXidRaw) {
+    throw new ApiError(400, 'itineraryHeaderXid is required.');
+  }
+
+  const itineraryHeaderXid = Number(itineraryHeaderXidRaw);
+  if (!Number.isInteger(itineraryHeaderXid) || itineraryHeaderXid <= 0) {
+    throw new ApiError(400, 'Invalid itineraryHeaderXid.');
+  }
+
+  const result = await itineraryService.getItineraryCheckoutDetails(
+    userId,
+    itineraryHeaderXid,
+  );
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Itinerary checkout details retrieved successfully',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/handlers/itinerary/saveItineraryActivitySelections.ts
+++ b/src/modules/user/handlers/itinerary/saveItineraryActivitySelections.ts
@@ -0,0 +1,127 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { ItineraryService } from '../../services/itinerary.service';
+
+const itineraryService = new ItineraryService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyUserToken(token);
+  const userId = Number(userInfo.id);
+
+  if (!userId || Number.isNaN(userId)) {
+    throw new ApiError(400, 'Invalid user ID');
+  }
+
+  let body: Record<string, any> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const activities = Array.isArray(body.activities)
+    ? body.activities
+    : body.itineraryActivityXid !== undefined
+      ? [body]
+      : [];
+
+  if (!activities.length) {
+    throw new ApiError(400, 'activities is required and must be a non-empty array.');
+  }
+
+  const toOptionalId = (value: unknown) => {
+    if (value === undefined || value === null || value === '') {
+      return null;
+    }
+
+    const parsed = Number(value);
+    if (!Number.isInteger(parsed) || parsed <= 0) {
+      throw new ApiError(400, 'One or more selected option ids are invalid.');
+    }
+
+    return parsed;
+  };
+
+  const normalizedActivities = activities.map((activity: any, index: number) => {
+    const itineraryActivityXid = Number(activity.itineraryActivityXid);
+    if (!Number.isInteger(itineraryActivityXid) || itineraryActivityXid <= 0) {
+      throw new ApiError(400, `activities[${index}].itineraryActivityXid is required.`);
+    }
+
+    const selectedFoodTypeIds: number[] = Array.isArray(activity.selectedFoodTypeIds)
+      ? Array.from(
+          new Set(
+            activity.selectedFoodTypeIds.map((id: unknown): number => Number(id)),
+          ),
+        )
+      : [];
+    const selectedEquipmentIds: number[] = Array.isArray(activity.selectedEquipmentIds)
+      ? Array.from(
+          new Set(
+            activity.selectedEquipmentIds.map((id: unknown): number => Number(id)),
+          ),
+        )
+      : [];
+
+    if (selectedEquipmentIds.some((id) => !Number.isInteger(id) || id <= 0)) {
+      throw new ApiError(
+        400,
+        `activities[${index}].selectedEquipmentIds must contain valid ids.`,
+      );
+    }
+
+    if (selectedFoodTypeIds.some((id) => !Number.isInteger(id) || id <= 0)) {
+      throw new ApiError(
+        400,
+        `activities[${index}].selectedFoodTypeIds must contain valid ids.`,
+      );
+    }
+
+    return {
+      itineraryActivityXid,
+      isFoodOpted: activity.isFoodOpted === undefined ? false : Boolean(activity.isFoodOpted),
+      selectedFoodTypeIds,
+      isTrainerOpted: activity.isTrainerOpted === undefined ? false : Boolean(activity.isTrainerOpted),
+      isInActivityNavigationOpted:
+        activity.isInActivityNavigationOpted === undefined
+          ? false
+          : Boolean(activity.isInActivityNavigationOpted),
+      selectedNavigationModeXid: toOptionalId(activity.selectedNavigationModeXid),
+      selectedEquipmentIds,
+    };
+  });
+
+  const result = await itineraryService.saveItineraryActivitySelections(
+    userId,
+    normalizedActivities,
+  );
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Itinerary activity selections saved successfully.',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/handlers/itinerary/saveUserItinerary.ts
+++ b/src/modules/user/handlers/itinerary/saveUserItinerary.ts
@@ -44,22 +44,88 @@ export const handler = safeHandler(async (
    );
  }

+  if (
+    body.startLocationAddress === undefined ||
+    body.startLocationAddress === null ||
+    body.startLocationLat === undefined ||
+    body.startLocationLat === null ||
+    body.startLocationLong === undefined ||
+    body.startLocationLong === null ||
+    body.endLocationAddress === undefined ||
+    body.endLocationAddress === null ||
+    body.endLocationLat === undefined ||
+    body.endLocationLat === null ||
+    body.endLocationLong === undefined ||
+    body.endLocationLong === null
+  ) {
+    throw new ApiError(
+      400,
+      'startLocationAddress, startLocationLat, startLocationLong, endLocationAddress, endLocationLat and endLocationLong are required.',
+    );
+  }
+
+  if (
+    (typeof body.startLocationAddress === 'string' &&
+      !body.startLocationAddress.trim()) ||
+    (typeof body.endLocationAddress === 'string' &&
+      !body.endLocationAddress.trim())
+  ) {
+    throw new ApiError(400, 'Location addresses cannot be empty.');
+  }
+
  if (!activities.length) {
    throw new ApiError(400, 'At least one activity is required.');
  }

  for (const activity of activities) {
+    const itineraryType =
+      typeof activity.itineraryType === 'string'
+        ? activity.itineraryType.trim().toUpperCase().replace(/\s+/g, '_')
+        : 'ACTIVITY';
+    const isCustomItineraryType =
+      itineraryType === 'STAY' || itineraryType === 'FREE_TIME';
+
    if (
-      !activity.activityXid ||
-      !activity.venueXid ||
-      !activity.scheduleHeaderXid ||
      !activity.modeOfTravel ||
      activity.travelTimeBetweenPointsMins === undefined ||
      activity.travelTimeBetweenPointsMins === null
    ) {
      throw new ApiError(
        400,
-        'Each activity must include activityXid, venueXid, scheduleHeaderXid, modeOfTravel and travelTimeBetweenPointsMins.',
+        'Each itinerary item must include modeOfTravel and travelTimeBetweenPointsMins.',
+      );
+    }
+
+    if (isCustomItineraryType) {
+      const customStartDate = activity.startDate || activity.occurenceDate;
+      const customEndDate = activity.endDate || activity.occurenceDate;
+
+      if (
+        !customStartDate ||
+        !customEndDate ||
+        !activity.selectedStartTime ||
+        !activity.selectedEndTime
+      ) {
+        throw new ApiError(
+          400,
+          `${itineraryType} items must include startDate, endDate, selectedStartTime and selectedEndTime.`,
+        );
+      }
+
+      if (itineraryType === 'STAY' && !activity.locationAddress) {
+        throw new ApiError(
+          400,
+          'STAY items must include locationAddress.',
+        );
+      }
+
+      continue;
+    }
+
+    if (!activity.activityXid || !activity.venueXid || !activity.scheduleHeaderXid) {
+      throw new ApiError(
+        400,
+        'ACTIVITY items must include activityXid, venueXid and scheduleHeaderXid.',
      );
    }
  }
@@ -70,10 +136,51 @@ export const handler = safeHandler(async (
    endDate: body.endDate,
    startTime: body.startTime,
    endTime: body.endTime,
-    activities: activities.map((activity: any) => ({
-      activityXid: Number(activity.activityXid),
-      venueXid: Number(activity.venueXid),
-      scheduleHeaderXid: Number(activity.scheduleHeaderXid),
+    startLocationAddress: body.startLocationAddress,
+    startLocationLat:
+      body.startLocationLat !== null && body.startLocationLat !== undefined
+        ? Number(body.startLocationLat)
+        : undefined,
+    startLocationLong:
+      body.startLocationLong !== null && body.startLocationLong !== undefined
+        ? Number(body.startLocationLong)
+        : undefined,
+    endLocationAddress: body.endLocationAddress,
+    endLocationLat:
+      body.endLocationLat !== null && body.endLocationLat !== undefined
+        ? Number(body.endLocationLat)
+        : undefined,
+    endLocationLong:
+      body.endLocationLong !== null && body.endLocationLong !== undefined
+        ? Number(body.endLocationLong)
+        : undefined,
+    activities: activities.map((activity: any) => {
+      const itineraryType =
+        typeof activity.itineraryType === 'string'
+          ? activity.itineraryType.trim().toUpperCase().replace(/\s+/g, '_')
+          : 'ACTIVITY';
+      const isCustomItineraryType =
+        itineraryType === 'STAY' || itineraryType === 'FREE_TIME';
+
+      return {
+        activityXid:
+          !isCustomItineraryType &&
+          activity.activityXid !== undefined &&
+          activity.activityXid !== null
+            ? Number(activity.activityXid)
+            : undefined,
+        venueXid:
+          !isCustomItineraryType &&
+          activity.venueXid !== undefined &&
+          activity.venueXid !== null
+            ? Number(activity.venueXid)
+            : undefined,
+        scheduleHeaderXid:
+          !isCustomItineraryType &&
+          activity.scheduleHeaderXid !== undefined &&
+          activity.scheduleHeaderXid !== null
+            ? Number(activity.scheduleHeaderXid)
+            : undefined,
        modeOfTravel: activity.modeOfTravel,
        travelTimeBetweenPointsMins: Number(
          activity.travelTimeBetweenPointsMins,
@@ -83,10 +190,12 @@ export const handler = safeHandler(async (
          activity.kmForNextPoint !== null
            ? Number(activity.kmForNextPoint)
            : undefined,
+        startDate: activity.startDate ?? activity.occurenceDate,
+        endDate: activity.endDate ?? activity.occurenceDate,
        occurenceDate: activity.occurenceDate,
        selectedStartTime: activity.selectedStartTime,
        selectedEndTime: activity.selectedEndTime,
-      itineraryType: activity.itineraryType,
+        itineraryType,
        paxCount:
          activity.paxCount !== undefined && activity.paxCount !== null
            ? Number(activity.paxCount)
@@ -104,15 +213,18 @@ export const handler = safeHandler(async (
            ? Number(activity.locationLong)
            : undefined,
        locationAddress: activity.locationAddress,
-    })),
+      };
+    }),
  };

  if (
    payload.activities.some(
      (activity) =>
-        Number.isNaN(activity.activityXid) ||
-        Number.isNaN(activity.venueXid) ||
-        Number.isNaN(activity.scheduleHeaderXid) ||
+        (activity.activityXid !== undefined &&
+          Number.isNaN(activity.activityXid)) ||
+        (activity.venueXid !== undefined && Number.isNaN(activity.venueXid)) ||
+        (activity.scheduleHeaderXid !== undefined &&
+          Number.isNaN(activity.scheduleHeaderXid)) ||
        Number.isNaN(activity.travelTimeBetweenPointsMins) ||
        (activity.kmForNextPoint !== undefined &&
          Number.isNaN(activity.kmForNextPoint)) ||
@@ -123,6 +235,10 @@ export const handler = safeHandler(async (
          Number.isNaN(activity.locationLat)) ||
        (activity.locationLong !== undefined &&
          Number.isNaN(activity.locationLong)),
+        Number.isNaN(payload.startLocationLat) ||
+        Number.isNaN(payload.startLocationLong) ||
+        Number.isNaN(payload.endLocationLat) ||
+        Number.isNaN(payload.endLocationLong),
    )
  ) {
    throw new ApiError(400, 'One or more numeric itinerary values are invalid.');
--- a/src/modules/user/handlers/payment/createOrder.ts
+++ b/src/modules/user/handlers/payment/createOrder.ts
@@ -0,0 +1,95 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { PaymentService } from '../../services/payment.service';
+
+const paymentService = new PaymentService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyUserToken(token);
+  const userId = Number(userInfo.id);
+
+  if (!userId || Number.isNaN(userId)) {
+    throw new ApiError(400, 'Invalid user ID');
+  }
+
+  let body: Record<string, any> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const amount = Number(body.amount);
+  if (!Number.isFinite(amount) || amount <= 0) {
+    throw new ApiError(400, 'amount is required and must be greater than 0.');
+  }
+
+  const currency =
+    typeof body.currency === 'string' && body.currency.trim()
+      ? body.currency.trim().toUpperCase()
+      : 'INR';
+
+  const receipt =
+    typeof body.receipt === 'string' && body.receipt.trim()
+      ? body.receipt.trim()
+      : undefined;
+
+  const notes =
+    body.notes && typeof body.notes === 'object' && !Array.isArray(body.notes)
+      ? body.notes
+      : undefined;
+
+  const itineraryHeaderXid =
+    body.itineraryHeaderXid !== undefined && body.itineraryHeaderXid !== null
+      ? Number(body.itineraryHeaderXid)
+      : undefined;
+
+  if (
+    itineraryHeaderXid !== undefined &&
+    (!Number.isInteger(itineraryHeaderXid) || itineraryHeaderXid <= 0)
+  ) {
+    throw new ApiError(400, 'Invalid itineraryHeaderXid.');
+  }
+
+  const result = await paymentService.createOrder(userId, {
+    amount,
+    currency,
+    receipt,
+    notes: {
+      userId,
+      ...(itineraryHeaderXid !== undefined ? { itineraryHeaderXid } : {}),
+      ...(notes ?? {}),
+    },
+    itineraryHeaderXid,
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Order created successfully',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/handlers/payment/razorpayWebhook.ts
+++ b/src/modules/user/handlers/payment/razorpayWebhook.ts
@@ -0,0 +1,63 @@
+import {
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
+} from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { PaymentService } from '../../services/payment.service';
+
+const paymentService = new PaymentService(prismaClient);
+
+function getHeaderValue(
+  headers: APIGatewayProxyEvent['headers'],
+  name: string,
+): string | undefined {
+  const targetName = name.toLowerCase();
+
+  for (const [key, value] of Object.entries(headers ?? {})) {
+    if (key.toLowerCase() === targetName) {
+      return typeof value === 'string' ? value : undefined;
+    }
+  }
+
+  return undefined;
+}
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const signature =
+    getHeaderValue(event.headers, 'x-razorpay-signature')?.trim() ?? '';
+
+  if (!signature) {
+    throw new ApiError(400, 'Missing Razorpay webhook signature.');
+  }
+
+  const rawBody = event.body
+    ? event.isBase64Encoded
+      ? Buffer.from(event.body, 'base64').toString('utf8')
+      : event.body
+    : '';
+
+  const result = await paymentService.handleWebhook({
+    rawBody,
+    signature,
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Webhook received',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/handlers/payment/verifyPayment.ts
+++ b/src/modules/user/handlers/payment/verifyPayment.ts
@@ -0,0 +1,71 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+
+import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
+import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../../common/utils/helper/ApiError';
+import { PaymentService } from '../../services/payment.service';
+
+const paymentService = new PaymentService(prismaClient);
+
+export const handler = safeHandler(async (
+  event: APIGatewayProxyEvent,
+  context?: Context,
+): Promise<APIGatewayProxyResult> => {
+  const token = event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+  if (!token) {
+    throw new ApiError(
+      400,
+      'This is a protected route. Please provide a valid token.',
+    );
+  }
+
+  const userInfo = await verifyUserToken(token);
+  const userId = Number(userInfo.id);
+
+  if (!userId || Number.isNaN(userId)) {
+    throw new ApiError(400, 'Invalid user ID');
+  }
+
+  let body: Record<string, any> = {};
+  if (event.body) {
+    try {
+      body = JSON.parse(event.body);
+    } catch {
+      throw new ApiError(400, 'Invalid JSON body');
+    }
+  }
+
+  const paymentId =
+    typeof body.paymentId === 'string' ? body.paymentId.trim() : '';
+  const orderId =
+    typeof body.orderId === 'string' ? body.orderId.trim() : '';
+  const signature =
+    typeof body.signature === 'string' ? body.signature.trim() : '';
+
+  if (!paymentId || !orderId || !signature) {
+    throw new ApiError(
+      400,
+      'paymentId, orderId and signature are required.',
+    );
+  }
+
+  const result = await paymentService.verifyPayment(userId, {
+    paymentId,
+    orderId,
+    signature,
+  });
+
+  return {
+    statusCode: 200,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    },
+    body: JSON.stringify({
+      success: true,
+      message: 'Payment verified and itinerary booked successfully',
+      data: result,
+    }),
+  };
+});
--- a/src/modules/user/services/itinerary.service.ts
+++ b/src/modules/user/services/itinerary.service.ts
--- a/src/modules/user/services/payment.service.ts
+++ b/src/modules/user/services/payment.service.ts
@@ -0,0 +1,395 @@
+import { Injectable } from '@nestjs/common';
+import { Prisma, PrismaClient } from '@prisma/client';
+import crypto from 'crypto';
+import Razorpay from 'razorpay';
+
+import ApiError from '../../../common/utils/helper/ApiError';
+import config from '../../../config/config';
+import { ItineraryService } from './itinerary.service';
+
+const razorpay = new Razorpay({
+  key_id: config.RAZORPAY_KEY_ID,
+  key_secret: config.RAZORPAY_KEY_SECRET,
+});
+
+const buildUniqueReceipt = (input?: string) => {
+  const normalizedPrefix = (input?.trim() || 'receipt')
+    .replace(/[^a-zA-Z0-9_-]/g, '_')
+    .replace(/_+/g, '_')
+    .slice(0, 20);
+  const timePart = Date.now().toString(36);
+  const randomPart = crypto.randomBytes(4).toString('hex');
+
+  return `${normalizedPrefix}_${timePart}_${randomPart}`.slice(0, 100);
+};
+
+type RazorpayWebhookPayload = {
+  event?: string;
+  payload?: {
+    payment?: {
+      entity?: {
+        id?: string;
+        order_id?: string;
+        status?: string;
+        amount?: number;
+        currency?: string;
+      };
+    };
+    order?: {
+      entity?: {
+        id?: string;
+        status?: string;
+      };
+    };
+  };
+};
+
+@Injectable()
+export class PaymentService {
+  constructor(private prisma: PrismaClient) {}
+
+  private signaturesMatch(expectedSignature: string, receivedSignature: string) {
+    const expectedBuffer = Buffer.from(expectedSignature, 'utf8');
+    const receivedBuffer = Buffer.from(receivedSignature, 'utf8');
+
+    if (expectedBuffer.length !== receivedBuffer.length) {
+      return false;
+    }
+
+    return crypto.timingSafeEqual(expectedBuffer, receivedBuffer);
+  }
+
+  async createOrder(
+    userXid: number,
+    payload: {
+      amount: number;
+      currency?: string;
+      receipt?: string;
+      notes?: Record<string, string | number | boolean | null>;
+      itineraryHeaderXid?: number;
+    },
+  ) {
+    if (!process.env.RAZORPAY_KEY_ID || !process.env.RAZORPAY_KEY_SECRET) {
+      throw new ApiError(500, 'Razorpay credentials are not configured.');
+    }
+
+    if (!Number.isFinite(payload.amount) || payload.amount <= 0) {
+      throw new ApiError(400, 'amount must be a positive number.');
+    }
+
+    if (
+      payload.itineraryHeaderXid !== undefined &&
+      payload.itineraryHeaderXid !== null
+    ) {
+      const itineraryHeader = await this.prisma.itineraryHeader.findFirst({
+        where: {
+          id: payload.itineraryHeaderXid,
+          ownerXid: userXid,
+          isActive: true,
+          deletedAt: null,
+        },
+        select: {
+          id: true,
+        },
+      });
+
+      if (!itineraryHeader) {
+        throw new ApiError(
+          404,
+          'Itinerary not found for the logged-in user.',
+        );
+      }
+    }
+
+    const amountInPaise = Math.round(payload.amount * 100);
+    const receipt = buildUniqueReceipt(payload.receipt);
+    const currency = payload.currency ?? 'INR';
+
+    const order = (await razorpay.orders.create({
+      amount: amountInPaise,
+      currency,
+      receipt,
+      notes: payload.notes ?? undefined,
+    } as any)) as any;
+
+    const paymentOrder = await this.prisma.paymentOrders.create({
+      data: {
+        userXid,
+        itineraryHeaderXid: payload.itineraryHeaderXid ?? null,
+        razorpayOrderId: order.id,
+        receipt: order.receipt ?? receipt,
+        amount: order.amount ?? amountInPaise,
+        currency: order.currency ?? currency,
+        paymentStatus: order.status ?? 'created',
+        notes: payload.notes
+          ? (payload.notes as Prisma.InputJsonValue)
+          : null,
+        isActive: true,
+      },
+    });
+
+    return {
+      paymentOrderId: paymentOrder.id,
+      orderId: order.id,
+      amount: paymentOrder.amount,
+      currency: paymentOrder.currency,
+      receipt: paymentOrder.receipt,
+      status: paymentOrder.paymentStatus,
+    };
+  }
+
+  async verifyPayment(
+    userXid: number,
+    payload: {
+      paymentId: string;
+      orderId: string;
+      signature: string;
+    },
+  ) {
+    if (!process.env.RAZORPAY_KEY_SECRET) {
+      throw new ApiError(500, 'Razorpay credentials are not configured.');
+    }
+
+    const paymentId = payload.paymentId?.trim();
+    const orderId = payload.orderId?.trim();
+    const signature = payload.signature?.trim();
+
+    if (!paymentId || !orderId || !signature) {
+      throw new ApiError(
+        400,
+        'paymentId, orderId and signature are required.',
+      );
+    }
+
+    const generatedSignature = crypto
+      .createHmac('sha256', process.env.RAZORPAY_KEY_SECRET)
+      .update(`${orderId}|${paymentId}`)
+      .digest('hex');
+
+    if (generatedSignature !== signature) {
+      throw new ApiError(400, 'Invalid signature.');
+    }
+
+    const itineraryService = new ItineraryService(this.prisma);
+
+    const { updatedPaymentOrder, bookingResult } = await this.prisma.$transaction(
+      async (tx) => {
+        const paymentOrder = await tx.paymentOrders.findFirst({
+          where: {
+            razorpayOrderId: orderId,
+            userXid,
+            isActive: true,
+            deletedAt: null,
+          },
+        });
+
+        if (!paymentOrder) {
+          throw new ApiError(404, 'Payment order not found.');
+        }
+
+        let updatedPayment = paymentOrder;
+
+        if (paymentOrder.paymentStatus === 'paid') {
+          if (
+            paymentOrder.razorpayPaymentId &&
+            paymentOrder.razorpayPaymentId !== paymentId
+          ) {
+            throw new ApiError(
+              400,
+              'Payment order is already verified with a different payment id.',
+            );
+          }
+        } else {
+          updatedPayment = await tx.paymentOrders.update({
+            where: {
+              id: paymentOrder.id,
+            },
+            data: {
+              razorpayPaymentId: paymentId,
+              razorpaySignature: signature,
+              paymentStatus: 'paid',
+              verifiedAt: new Date(),
+              paidAt: new Date(),
+            },
+          });
+        }
+
+        let booking = null;
+        if (updatedPayment.itineraryHeaderXid) {
+          booking = await itineraryService.bookItineraryAfterPayment(
+            tx,
+            userXid,
+            updatedPayment.itineraryHeaderXid,
+          );
+        }
+
+        return {
+          updatedPaymentOrder: updatedPayment,
+          bookingResult: booking,
+        };
+      },
+    );
+
+    return {
+      paymentOrderId: updatedPaymentOrder.id,
+      orderId: updatedPaymentOrder.razorpayOrderId,
+      paymentId: updatedPaymentOrder.razorpayPaymentId,
+      status: updatedPaymentOrder.paymentStatus,
+      verifiedAt: updatedPaymentOrder.verifiedAt,
+      paidAt: updatedPaymentOrder.paidAt,
+      itineraryBooking: bookingResult,
+    };
+  }
+
+  async handleWebhook(payload: {
+    rawBody: string;
+    signature: string;
+  }) {
+    const webhookSecret = process.env.RAZORPAY_WEBHOOK_SECRET?.trim();
+
+    if (!webhookSecret) {
+      throw new ApiError(
+        500,
+        'Razorpay webhook secret is not configured.',
+      );
+    }
+
+    const rawBody = payload.rawBody;
+    const signature = payload.signature?.trim();
+
+    if (!rawBody) {
+      throw new ApiError(400, 'Webhook body is required.');
+    }
+
+    if (!signature) {
+      throw new ApiError(400, 'Razorpay webhook signature is required.');
+    }
+
+    const generatedSignature = crypto
+      .createHmac('sha256', webhookSecret)
+      .update(rawBody, 'utf8')
+      .digest('hex');
+
+    if (!this.signaturesMatch(generatedSignature, signature)) {
+      throw new ApiError(400, 'Invalid webhook signature.');
+    }
+
+    let body: RazorpayWebhookPayload;
+    try {
+      body = JSON.parse(rawBody) as RazorpayWebhookPayload;
+    } catch {
+      throw new ApiError(400, 'Invalid webhook JSON body.');
+    }
+
+    const eventType = body.event?.trim();
+    if (!eventType) {
+      throw new ApiError(400, 'Webhook event type is missing.');
+    }
+
+    const paymentEntity = body.payload?.payment?.entity;
+    const orderEntity = body.payload?.order?.entity;
+    const razorpayOrderId =
+      paymentEntity?.order_id?.trim() || orderEntity?.id?.trim();
+    const razorpayPaymentId = paymentEntity?.id?.trim();
+
+    if (!razorpayOrderId) {
+      throw new ApiError(400, 'Webhook payload is missing Razorpay order id.');
+    }
+
+    const paymentOrder = await this.prisma.paymentOrders.findFirst({
+      where: {
+        razorpayOrderId,
+        isActive: true,
+        deletedAt: null,
+      },
+    });
+
+    if (!paymentOrder) {
+      return {
+        eventType,
+        processed: false,
+        message: 'Payment order not found for webhook payload.',
+      };
+    }
+
+    if (
+      eventType === 'payment.captured' &&
+      paymentOrder.paymentStatus === 'paid' &&
+      paymentOrder.razorpayPaymentId === razorpayPaymentId
+    ) {
+      return {
+        paymentOrderId: paymentOrder.id,
+        orderId: paymentOrder.razorpayOrderId,
+        paymentId: paymentOrder.razorpayPaymentId,
+        status: paymentOrder.paymentStatus,
+        verifiedAt: paymentOrder.verifiedAt,
+        paidAt: paymentOrder.paidAt,
+        eventType,
+        processed: true,
+      };
+    }
+
+    if (eventType === 'payment.captured' || eventType === 'order.paid') {
+      const updatedPaymentOrder = await this.prisma.paymentOrders.update({
+        where: {
+          id: paymentOrder.id,
+        },
+        data: {
+          ...(razorpayPaymentId
+            ? { razorpayPaymentId }
+            : {}),
+          paymentStatus: 'paid',
+          verifiedAt: new Date(),
+          paidAt: new Date(),
+        },
+      });
+
+      return {
+        paymentOrderId: updatedPaymentOrder.id,
+        orderId: updatedPaymentOrder.razorpayOrderId,
+        paymentId: updatedPaymentOrder.razorpayPaymentId,
+        status: updatedPaymentOrder.paymentStatus,
+        verifiedAt: updatedPaymentOrder.verifiedAt,
+        paidAt: updatedPaymentOrder.paidAt,
+        eventType,
+        processed: true,
+      };
+    }
+
+    if (eventType === 'payment.failed') {
+      const updatedPaymentOrder = await this.prisma.paymentOrders.update({
+        where: {
+          id: paymentOrder.id,
+        },
+        data: {
+          ...(razorpayPaymentId
+            ? { razorpayPaymentId }
+            : {}),
+          paymentStatus: 'failed',
+        },
+      });
+
+      return {
+        paymentOrderId: updatedPaymentOrder.id,
+        orderId: updatedPaymentOrder.razorpayOrderId,
+        paymentId: updatedPaymentOrder.razorpayPaymentId,
+        status: updatedPaymentOrder.paymentStatus,
+        verifiedAt: updatedPaymentOrder.verifiedAt,
+        paidAt: updatedPaymentOrder.paidAt,
+        eventType,
+        processed: true,
+      };
+    }
+
+    return {
+      paymentOrderId: paymentOrder.id,
+      orderId: paymentOrder.razorpayOrderId,
+      paymentId: paymentOrder.razorpayPaymentId,
+      status: paymentOrder.paymentStatus,
+      verifiedAt: paymentOrder.verifiedAt,
+      paidAt: paymentOrder.paidAt,
+      eventType,
+      processed: false,
+    };
+  }
+}
--- a/src/modules/websocket/handlers/connect.ts
+++ b/src/modules/websocket/handlers/connect.ts
@@ -0,0 +1,55 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { verifyAnyToken } from '../../../common/middlewares/jwt/authForAny';
+import { WebSocketService } from '../../../common/services/websocket.service';
+import { safeHandler } from '../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../common/utils/helper/ApiError';
+
+const wsService = new WebSocketService(prismaClient);
+
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context
+  ): Promise<APIGatewayProxyResult> => {
+    const connectionId = event.requestContext.connectionId;
+    if (!connectionId) {
+      throw new ApiError(400, 'Missing connection ID');
+    }
+
+    const token =
+      event.queryStringParameters?.token ||
+      event.queryStringParameters?.['x-auth-token'] ||
+      event.headers?.['x-auth-token'] ||
+      event.headers?.['X-Auth-Token'];
+
+    if (!token) {
+      throw new ApiError(401, 'Token is required for WebSocket connection');
+    }
+
+    const userInfo = await verifyAnyToken(token);
+
+    const activityXidParam =
+      event.queryStringParameters?.activityXid ||
+      event.queryStringParameters?.activity_xid;
+    const activityXid = activityXidParam ? Number(activityXidParam) : null;
+
+    if (activityXidParam && (!activityXid || isNaN(activityXid))) {
+      throw new ApiError(400, 'Invalid activityXid');
+    }
+
+    await wsService.connect({
+      connectionId,
+      userXid: userInfo.id,
+      activityXid,
+    });
+
+    return {
+      statusCode: 200,
+      body: JSON.stringify({
+        success: true,
+        message: 'Connected',
+      }),
+    };
+  }
+);
--- a/src/modules/websocket/handlers/default.ts
+++ b/src/modules/websocket/handlers/default.ts
@@ -0,0 +1,17 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import { safeHandler } from '../../../common/utils/handlers/safeHandler';
+
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context
+  ): Promise<APIGatewayProxyResult> => {
+    return {
+      statusCode: 200,
+      body: JSON.stringify({
+        success: true,
+        message: 'Default route',
+      }),
+    };
+  }
+);
--- a/src/modules/websocket/handlers/disconnect.ts
+++ b/src/modules/websocket/handlers/disconnect.ts
@@ -0,0 +1,26 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { WebSocketService } from '../../../common/services/websocket.service';
+import { safeHandler } from '../../../common/utils/handlers/safeHandler';
+
+const wsService = new WebSocketService(prismaClient);
+
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context
+  ): Promise<APIGatewayProxyResult> => {
+    const connectionId = event.requestContext.connectionId;
+    if (connectionId) {
+      await wsService.disconnect(connectionId);
+    }
+
+    return {
+      statusCode: 200,
+      body: JSON.stringify({
+        success: true,
+        message: 'Disconnected',
+      }),
+    };
+  }
+);
--- a/src/modules/websocket/handlers/getMessages.ts
+++ b/src/modules/websocket/handlers/getMessages.ts
@@ -0,0 +1,99 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import AWS from 'aws-sdk';
+import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { ChatService } from '../../../common/services/chat.service';
+import { WebSocketService } from '../../../common/services/websocket.service';
+import { safeHandler } from '../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../common/utils/helper/ApiError';
+
+const chatService = new ChatService(prismaClient);
+const wsService = new WebSocketService(prismaClient);
+
+function getApiGatewayEndpoint(event: APIGatewayProxyEvent): string {
+  const domainName = event.requestContext.domainName;
+  const stage = event.requestContext.stage;
+  const isLocal =
+    domainName?.includes('localhost') || domainName?.includes('127.0.0.1');
+  const protocol = isLocal ? 'http' : 'https';
+  return `${protocol}://${domainName}/${stage}`;
+}
+
+async function postToConnection(
+  api: AWS.ApiGatewayManagementApi,
+  connectionId: string,
+  payload: unknown
+) {
+  await api
+    .postToConnection({
+      ConnectionId: connectionId,
+      Data: Buffer.from(JSON.stringify(payload)),
+    })
+    .promise();
+}
+
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context
+  ): Promise<APIGatewayProxyResult> => {
+    const connectionId = event.requestContext.connectionId;
+    if (!connectionId) {
+      throw new ApiError(400, 'Missing connection ID');
+    }
+
+    let body: any;
+    try {
+      body = JSON.parse(event.body || '{}');
+    } catch {
+      throw new ApiError(400, 'Invalid JSON in request body');
+    }
+
+    const activityXid = Number(body.activityXid ?? body.activity_xid);
+    const otherUserXid = Number(body.otherUserXid ?? body.other_user_xid);
+    const limit = body.limit ? Number(body.limit) : undefined;
+
+    if (!activityXid || isNaN(activityXid)) {
+      throw new ApiError(400, 'Valid activityXid is required');
+    }
+
+    if (!otherUserXid || isNaN(otherUserXid)) {
+      throw new ApiError(400, 'Valid otherUserXid is required');
+    }
+
+    const connection = await wsService.getConnectionById(connectionId);
+    if (!connection) {
+      throw new ApiError(401, 'Unauthorized WebSocket connection');
+    }
+
+    const userXid = connection.userXid;
+
+    const messages = await chatService.getMessages({
+      activityXid,
+      userXid,
+      otherUserXid,
+      limit,
+    });
+
+    const endpoint = getApiGatewayEndpoint(event);
+    const api = new AWS.ApiGatewayManagementApi({ endpoint });
+    const payload = { type: 'messages', data: messages };
+
+    try {
+      await postToConnection(api, connectionId, payload);
+    } catch (err: any) {
+      if (err?.statusCode === 410) {
+        await wsService.disconnect(connectionId);
+      } else {
+        throw err;
+      }
+    }
+
+    return {
+      statusCode: 200,
+      body: JSON.stringify({
+        success: true,
+        message: 'Messages sent',
+      }),
+    };
+  }
+);
--- a/src/modules/websocket/handlers/sendMessage.ts
+++ b/src/modules/websocket/handlers/sendMessage.ts
@@ -0,0 +1,111 @@
+import { APIGatewayProxyEvent, APIGatewayProxyResult, Context } from 'aws-lambda';
+import AWS from 'aws-sdk';
+import { prismaClient } from '../../../common/database/prisma.lambda.service';
+import { ChatService } from '../../../common/services/chat.service';
+import { WebSocketService } from '../../../common/services/websocket.service';
+import { safeHandler } from '../../../common/utils/handlers/safeHandler';
+import ApiError from '../../../common/utils/helper/ApiError';
+
+const chatService = new ChatService(prismaClient);
+const wsService = new WebSocketService(prismaClient);
+
+function getApiGatewayEndpoint(event: APIGatewayProxyEvent): string {
+  const domainName = event.requestContext.domainName;
+  const stage = event.requestContext.stage;
+  const isLocal =
+    domainName?.includes('localhost') || domainName?.includes('127.0.0.1');
+  const protocol = isLocal ? 'http' : 'https';
+  return `${protocol}://${domainName}/${stage}`;
+}
+
+async function postToConnection(
+  api: AWS.ApiGatewayManagementApi,
+  connectionId: string,
+  payload: unknown
+) {
+  await api
+    .postToConnection({
+      ConnectionId: connectionId,
+      Data: Buffer.from(JSON.stringify(payload)),
+    })
+    .promise();
+}
+
+export const handler = safeHandler(
+  async (
+    event: APIGatewayProxyEvent,
+    context?: Context
+  ): Promise<APIGatewayProxyResult> => {
+    const connectionId = event.requestContext.connectionId;
+    if (!connectionId) {
+      throw new ApiError(400, 'Missing connection ID');
+    }
+
+    let body: any;
+    try {
+      body = JSON.parse(event.body || '{}');
+    } catch {
+      throw new ApiError(400, 'Invalid JSON in request body');
+    }
+
+    const activityXid = Number(body.activityXid ?? body.activity_xid);
+    const receiverXid = Number(
+      body.receiverXid ?? body.receivedXid ?? body.received_xid
+    );
+    const message = body.message;
+
+    if (!activityXid || isNaN(activityXid)) {
+      throw new ApiError(400, 'Valid activityXid is required');
+    }
+
+    if (!receiverXid || isNaN(receiverXid)) {
+      throw new ApiError(400, 'Valid receiverXid is required');
+    }
+
+    const connection = await wsService.getConnectionById(connectionId);
+    if (!connection) {
+      throw new ApiError(401, 'Unauthorized WebSocket connection');
+    }
+
+    const senderXid = connection.userXid;
+
+    const saved = await chatService.sendMessage({
+      activityXid,
+      senderXid,
+      receiverXid,
+      message,
+    });
+
+    const endpoint = getApiGatewayEndpoint(event);
+    const api = new AWS.ApiGatewayManagementApi({ endpoint });
+
+    const [receiverConnections, senderConnections] = await Promise.all([
+      wsService.getConnectionsForUser({ userXid: receiverXid, activityXid }),
+      wsService.getConnectionsForUser({ userXid: senderXid, activityXid }),
+    ]);
+
+    const targets = [...receiverConnections, ...senderConnections];
+    const payload = { type: 'message', data: saved };
+
+    for (const target of targets) {
+      try {
+        await postToConnection(api, target.connectionId, payload);
+      } catch (err: any) {
+        if (err?.statusCode === 410) {
+          await wsService.disconnect(target.connectionId);
+          continue;
+        }
+        throw err;
+      }
+    }
+
+    return {
+      statusCode: 200,
+      body: JSON.stringify({
+        success: true,
+        message: 'Message sent',
+        data: saved,
+      }),
+    };
+  }
+);
Author	SHA1	Message	Date
paritosh18	acd31725ed	added reason in cancel api	2026-04-20 20:04:35 +05:30
paritosh18	0d96b1e67e	payment serive	2026-04-20 18:57:46 +05:30
paritosh18	f98354a1c8	added cancel iteneray api	2026-04-20 17:25:49 +05:30
paritosh18	66d65c3b84	send role	2026-04-17 16:28:47 +05:30
paritosh18	eef9bbf368	sending presignedurl in get-all-host activtiy	2026-04-17 15:33:47 +05:30
paritosh18	2eac865c51	geteallinvitedCoadminAndOperator	2026-04-17 15:06:09 +05:30
Mayank Mishra	f205dfedd6	made the role based access system for the host panel	2026-04-17 13:16:00 +05:30
Mayank Mishra	22e2e8e1b7	sending the food, pick drop, navigation and other details in the verifyPayment api	2026-04-16 14:54:29 +05:30
paritosh18	ce1be2c94e	sending activtiy details	2026-04-15 20:06:15 +05:30
paritosh18	d793852d63	added env in common	2026-04-15 12:41:48 +05:30
paritosh18	9b95149469	Sending itenary based on the start date and end date	2026-04-15 11:57:39 +05:30
paritosh18	1789084685	Email template changes	2026-04-14 13:28:46 +05:30
paritosh18	cf5bd02a04	Merge branch 'mayankSprint2' of http://git.wdipl.com/Mayank.Mishra/MinglarBackendNestJS into paritosh-main1	2026-04-14 13:27:58 +05:30
Mayank Mishra	0be293288d	fix isuue	2026-04-14 13:22:00 +05:30
paritosh18	0ba056af98	Merge branch 'mayankSprint2' of http://git.wdipl.com/Mayank.Mishra/MinglarBackendNestJS into paritosh-main1	2026-04-14 11:15:12 +05:30
Mayank Mishra	9e8d9502ae	sending the host parent company contact info	2026-04-13 16:06:32 +05:30
Mayank Mishra	94454a6f25	sending the precise error	2026-04-13 15:55:40 +05:30
paritosh18	631ae79277	add websocket support with connection management and chat functionality	2026-04-13 15:35:39 +05:30
Mayank Mishra	25b82bee31	sending precise error message	2026-04-13 15:33:27 +05:30
paritosh18	dcb2259c7d	implement chat functionality for users and hosts with message sending and retrieval	2026-04-13 15:13:43 +05:30
Mayank Mishra	c5dcc5b1f0	booking the itinerary after successful payment	2026-04-13 14:00:50 +05:30
Mayank Mishra	b47e6271a3	saving multiple activities selections at once in the api	2026-04-13 13:38:17 +05:30
Mayank Mishra	958a3e5cec	made the get itinerary checkout details api	2026-04-13 13:19:50 +05:30
Mayank Mishra	181f32b2e7	added the contact details of the host parent company	2026-04-13 12:13:11 +05:30
Mayank Mishra	c5cad4fdce	sending the activity sell price in the activity object	2026-04-10 18:48:50 +05:30
Mayank Mishra	daff265584	sending the lowest price for activity and sending the venue prices	2026-04-10 17:55:16 +05:30
Mayank Mishra	0f5061a129	sending the activity price and check in check out city same for the pick up and drop locations	2026-04-10 17:48:20 +05:30
Mayank Mishra	5e87ab84d1	made the razorpay webhook api	2026-04-10 15:06:10 +05:30
Mayank Mishra	54a4f22d2f	added the new env vars for the razorpay in the config file and the serverless yml file	2026-04-10 11:20:01 +05:30
Mayank Mishra	bb87e0ac05	Merge branch 'paritosh-main1' of http://git.wdipl.com/Mayank.Mishra/MinglarBackendNestJS into mayankSprint2	2026-04-09 14:03:20 +05:30
paritosh18	01569670b4	optinal comapny details	2026-04-09 13:58:45 +05:30
Mayank Mishra	8fccc62f33	Merge branch 'paritosh-main1' of http://git.wdipl.com/Mayank.Mishra/MinglarBackendNestJS into mayankSprint2	2026-04-09 11:37:40 +05:30
Mayank Mishra	fcdb813fb7	added the display order to send the itinerary activities in actual order	2026-04-08 19:15:47 +05:30
Mayank Mishra	5239e04621	fixed the error handling for submit company details	2026-04-08 18:42:50 +05:30
Mayank Mishra	fe0a2eb95b	made the razorpay apis and model	2026-04-08 18:41:08 +05:30
paritosh18	16d075b5f7	refactor: update email templates for clarity and consistency across notifications	2026-04-08 16:10:36 +05:30
Mayank Mishra	9df8c5443c	saving the start stop details and sending it in the get api for the itinerary	2026-04-08 15:57:36 +05:30
Mayank Mishra	be0667d8e9	sending all the details in the getUserItinerary details api	2026-04-08 14:57:49 +05:30
Mayank Mishra	a44321044f	made the api for storing the selections for the itinerary of the user	2026-04-07 19:13:06 +05:30
Mayank Mishra	fcac64e0a9	fix the company logo path issue	2026-04-07 18:45:07 +05:30
Mayank Mishra	6ea2ebe5e1	added the dataconsent flags	2026-04-07 13:36:11 +05:30
Mayank Mishra	388f3079a1	changed teh occurance date to start and end date for the saveUserItinerary creation api and sending all the data of host in the get by id api	2026-04-07 12:00:34 +05:30
Mayank Mishra	6a11c15f39	edited the mail templates	2026-04-04 19:55:48 +05:30
Mayank Mishra	ea461b6056	sending welcome email to host and changed the email template for sending otp	2026-04-04 19:12:28 +05:30
Mayank Mishra	6703dc784d	fixed the end time issue to saveuseritinerary	2026-04-03 10:13:56 +05:30
Mayank Mishra	e22c37bc65	fixed the issues of the saveuseritinerary file	2026-04-02 16:03:12 +05:30
Mayank Mishra	d32915c865	made the total amount optional	2026-04-01 19:59:31 +05:30
Mayank Mishra	1c7ad52d0e	fixed the indentation	2026-04-01 19:57:42 +05:30
Mayank Mishra	f1f1f199e8	made the total Amount optional	2026-04-01 19:57:08 +05:30
Mayank Mishra	1c32c18e03	Fixed the pax and location address	2026-04-01 19:51:13 +05:30
Mayank Mishra	0d3c71ab5a	added the stay and free time in the saveUserItinerary api	2026-04-01 16:09:04 +05:30