From 9c23c25ebb4ed9edee4fbf7fc76608ac799c0453 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Thu, 5 Feb 2026 13:40:11 -0500
Subject: [PATCH 01/46] Add macOS Desktop Services Store file to gitignore

---
 .gitignore | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index d2cdbd62..984178dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 config/env/*
 !config/env/*.example
-.idea/
\ No newline at end of file
+.idea/
+.DS_Store
\ No newline at end of file

From 59b40f0eeff3b87b207a8598dbb9a79023afd01b Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 13 Feb 2026 15:51:21 -0500
Subject: [PATCH 02/46] REFACTOR Pull apart get_closest_embeddings to make
 testing easier

---
 server/api/services/embedding_services.py | 161 +++++++++++++++-------
 1 file changed, 112 insertions(+), 49 deletions(-)

diff --git a/server/api/services/embedding_services.py b/server/api/services/embedding_services.py
index e35f7965..0720a9c8 100644
--- a/server/api/services/embedding_services.py
+++ b/server/api/services/embedding_services.py
@@ -11,18 +11,17 @@
 
 logger = logging.getLogger(__name__)
 
-def get_closest_embeddings(
-    user, message_data, document_name=None, guid=None, num_results=10
-):
+
+def build_query(user, embedding_vector, document_name=None, guid=None, num_results=10):
     """
-    Find the closest embeddings to a given message for a specific user.
+    Build an unevaluated QuerySet for the closest embeddings.
 
     Parameters
     ----------
     user : User
         The user whose uploaded documents will be searched
-    message_data : str
-        The input message to find similar embeddings for
+    embedding_vector : array-like
+        Pre-computed embedding vector to compare against
     document_name : str, optional
         Filter results to a specific document name
     guid : str, optional
@@ -32,59 +31,52 @@ def get_closest_embeddings(
 
     Returns
     -------
-    list[dict]
-        List of dictionaries containing embedding results with keys:
-        - name: document name
-        - text: embedded text content
-        - page_number: page number in source document
-        - chunk_number: chunk number within the document
-        - distance: L2 distance from query embedding
-        - file_id: GUID of the source file
+    QuerySet
+        Unevaluated Django QuerySet ordered by L2 distance, sliced to num_results
     """
-
-    encoding_start = time.time()
-    transformerModel = TransformerModel.get_instance().model
-    embedding_message = transformerModel.encode(message_data)
-    encoding_time = time.time() - encoding_start
-
-    db_query_start = time.time()
-
     # Django QuerySets are lazily evaluated
     if user.is_authenticated:
         # User sees their own files + files uploaded by superusers
-        closest_embeddings_query = (
-            Embeddings.objects.filter(
-                Q(upload_file__uploaded_by=user) | Q(upload_file__uploaded_by__is_superuser=True)
-            )
-            .annotate(
-                distance=L2Distance("embedding_sentence_transformers", embedding_message)
-            )
-            .order_by("distance")
+        queryset = Embeddings.objects.filter(
+            Q(upload_file__uploaded_by=user) | Q(upload_file__uploaded_by__is_superuser=True)
         )
     else:
         # Unauthenticated users only see superuser-uploaded files
-        closest_embeddings_query = (
-            Embeddings.objects.filter(upload_file__uploaded_by__is_superuser=True)
-            .annotate(
-                distance=L2Distance("embedding_sentence_transformers", embedding_message)
-            )
-            .order_by("distance")
-        )
+        queryset = Embeddings.objects.filter(upload_file__uploaded_by__is_superuser=True)
+
+    queryset = (
+        queryset
+        .annotate(distance=L2Distance("embedding_sentence_transformers", embedding_vector))
+        .order_by("distance")
+    )
 
     # Filtering to a document GUID takes precedence over a document name
     if guid:
-        closest_embeddings_query = closest_embeddings_query.filter(
-            upload_file__guid=guid
-        )
+        queryset = queryset.filter(upload_file__guid=guid)
     elif document_name:
-        closest_embeddings_query = closest_embeddings_query.filter(name=document_name)
+        queryset = queryset.filter(name=document_name)
 
     # Slicing is equivalent to SQL's LIMIT clause
-    closest_embeddings_query = closest_embeddings_query[:num_results]
+    return queryset[:num_results]
+
+
+def format_results(queryset):
+    """
+    Evaluate a QuerySet and return a list of result dicts.
+
+    Parameters
+    ----------
+    queryset : iterable
+        Iterable of Embeddings objects (or any objects with the expected attributes)
 
+    Returns
+    -------
+    list[dict]
+        List of dicts with keys: name, text, page_number, chunk_number, distance, file_id
+    """
     # Iterating evaluates the QuerySet and hits the database
     # TODO: Research improving the query evaluation performance
-    results = [
+    return [
         {
             "name": obj.name,
             "text": obj.text,
@@ -93,13 +85,36 @@ def get_closest_embeddings(
             "distance": obj.distance,
             "file_id": obj.upload_file.guid if obj.upload_file else None,
         }
-        for obj in closest_embeddings_query
+        for obj in queryset
     ]
 
-    db_query_time = time.time() - db_query_start
 
+def log_search_usage(
+    results, message_data, user, guid, document_name, num_results, encoding_time, db_query_time
+):
+    """
+    Create a SemanticSearchUsage record. Swallows exceptions so search isn't interrupted.
+
+    Parameters
+    ----------
+    results : list[dict]
+        The search results, each containing a "distance" key
+    message_data : str
+        The original search query text
+    user : User
+        The user who performed the search
+    guid : str or None
+        Document GUID filter used in the search
+    document_name : str or None
+        Document name filter used in the search
+    num_results : int
+        Number of results requested
+    encoding_time : float
+        Time in seconds to encode the query
+    db_query_time : float
+        Time in seconds for the database query
+    """
     try:
-        # Handle user having no uploaded docs or doc filtering returning no matches
         if results:
             distances = [r["distance"] for r in results]
             SemanticSearchUsage.objects.create(
@@ -113,11 +128,10 @@ def get_closest_embeddings(
                 num_results_returned=len(results),
                 max_distance=max(distances),
                 median_distance=median(distances),
-                min_distance=min(distances)
+                min_distance=min(distances),
             )
         else:
             logger.warning("Semantic search returned no results")
-
             SemanticSearchUsage.objects.create(
                 query_text=message_data,
                 user=user if (user and user.is_authenticated) else None,
@@ -129,9 +143,58 @@ def get_closest_embeddings(
                 num_results_returned=0,
                 max_distance=None,
                 median_distance=None,
-                min_distance=None
+                min_distance=None,
             )
     except Exception as e:
         logger.error(f"Failed to create semantic search usage database record: {e}")
 
+
+def get_closest_embeddings(
+    user, message_data, document_name=None, guid=None, num_results=10
+):
+    """
+    Find the closest embeddings to a given message for a specific user.
+
+    Parameters
+    ----------
+    user : User
+        The user whose uploaded documents will be searched
+    message_data : str
+        The input message to find similar embeddings for
+    document_name : str, optional
+        Filter results to a specific document name
+    guid : str, optional
+        Filter results to a specific document GUID (takes precedence over document_name)
+    num_results : int, default 10
+        Maximum number of results to return
+
+    Returns
+    -------
+    list[dict]
+        List of dictionaries containing embedding results with keys:
+        - name: document name
+        - text: embedded text content
+        - page_number: page number in source document
+        - chunk_number: chunk number within the document
+        - distance: L2 distance from query embedding
+        - file_id: GUID of the source file
+
+    Notes
+    -----
+    Creates a SemanticSearchUsage record. Swallows exceptions so search isn't interrupted.
+    """
+    encoding_start = time.time()
+    model = TransformerModel.get_instance().model
+    embedding_vector = model.encode(message_data)
+    encoding_time = time.time() - encoding_start
+
+    db_query_start = time.time()
+    queryset = build_query(user, embedding_vector, document_name, guid, num_results)
+    results = format_results(queryset)
+    db_query_time = time.time() - db_query_start
+
+    log_search_usage(
+        results, message_data, user, guid, document_name, num_results, encoding_time, db_query_time
+    )
+
     return results

From 3ffb74af318cc927d9c11ba37e63a3093d5ecfc6 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 13 Feb 2026 16:12:49 -0500
Subject: [PATCH 03/46] ADD Add infra required to run pytest

---
 .github/workflows/python-app.yml | 5 +++++
 server/pytest.ini                | 3 +++
 server/requirements.txt          | 4 +++-
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 server/pytest.ini

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index dcb7a4bb..41bc74d9 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -27,3 +27,8 @@ jobs:
       run: pipx install ruff
     - name: Lint code with Ruff
       run: ruff check --output-format=github --target-version=py39
+    - name: Install test dependencies
+      run: pip install -r server/requirements.txt
+      # Discover and run all files matching test_*.py or *_test.py under server/
+    - name: Run tests
+      run: pytest server/ -v
diff --git a/server/pytest.ini b/server/pytest.ini
new file mode 100644
index 00000000..235b9752
--- /dev/null
+++ b/server/pytest.ini
@@ -0,0 +1,3 @@
+[pytest]
+DJANGO_SETTINGS_MODULE = balancer_backend.settings
+pythonpath = .
diff --git a/server/requirements.txt b/server/requirements.txt
index bbaf7bc9..001708e9 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -18,4 +18,6 @@ sentence_transformers
 PyMuPDF==1.24.0
 Pillow
 pytesseract
-anthropic
\ No newline at end of file
+anthropic
+pytest
+pytest-django
\ No newline at end of file

From 12b09a733a1dc79b8fbec63d358d4354764a5116 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 13 Feb 2026 16:33:41 -0500
Subject: [PATCH 04/46] ADD Start adding tests for embedding_services"

---
 server/api/services/embedding_services.py     |  8 +-
 .../api/services/test_embedding_services.py   | 85 +++++++++++++++++++
 2 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 server/api/services/test_embedding_services.py

diff --git a/server/api/services/embedding_services.py b/server/api/services/embedding_services.py
index 0720a9c8..3fa9bb68 100644
--- a/server/api/services/embedding_services.py
+++ b/server/api/services/embedding_services.py
@@ -60,7 +60,7 @@ def build_query(user, embedding_vector, document_name=None, guid=None, num_resul
     return queryset[:num_results]
 
 
-def format_results(queryset):
+def evaluate_query(queryset):
     """
     Evaluate a QuerySet and return a list of result dicts.
 
@@ -89,7 +89,7 @@ def format_results(queryset):
     ]
 
 
-def log_search_usage(
+def log_usage(
     results, message_data, user, guid, document_name, num_results, encoding_time, db_query_time
 ):
     """
@@ -190,10 +190,10 @@ def get_closest_embeddings(
 
     db_query_start = time.time()
     queryset = build_query(user, embedding_vector, document_name, guid, num_results)
-    results = format_results(queryset)
+    results = evaluate_query(queryset)
     db_query_time = time.time() - db_query_start
 
-    log_search_usage(
+    log_usage(
         results, message_data, user, guid, document_name, num_results, encoding_time, db_query_time
     )
 
diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
new file mode 100644
index 00000000..677c1e7b
--- /dev/null
+++ b/server/api/services/test_embedding_services.py
@@ -0,0 +1,85 @@
+from unittest.mock import MagicMock, patch
+
+from api.services.embedding_services import evaluate_query, log_usage
+
+
+def test_evaluate_query_maps_fields():
+    obj = MagicMock()
+    obj.name = "doc.pdf"
+    obj.text = "some text"
+    obj.page_num = 3
+    obj.chunk_number = 1
+    obj.distance = 0.42
+    obj.upload_file.guid = "abc-123"
+
+    results = evaluate_query([obj])
+
+    assert results == [
+        {
+            "name": "doc.pdf",
+            "text": "some text",
+            "page_number": 3,
+            "chunk_number": 1,
+            "distance": 0.42,
+            "file_id": "abc-123",
+        }
+    ]
+
+
+def test_evaluate_query_none_upload_file():
+    obj = MagicMock()
+    obj.name = "doc.pdf"
+    obj.text = "some text"
+    obj.page_num = 1
+    obj.chunk_number = 0
+    obj.distance = 1.0
+    obj.upload_file = None
+
+    results = evaluate_query([obj])
+
+    assert results[0]["file_id"] is None
+
+
+@patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
+def test_log_usage_computes_distance_stats(mock_create):
+    results = [{"distance": 1.0}, {"distance": 3.0}, {"distance": 2.0}]
+    user = MagicMock(is_authenticated=True)
+
+    log_usage(
+        results,
+        message_data="test query",
+        user=user,
+        guid=None,
+        document_name=None,
+        num_results=10,
+        encoding_time=0.1,
+        db_query_time=0.2,
+    )
+
+    mock_create.assert_called_once()
+    kwargs = mock_create.call_args.kwargs
+    assert kwargs["min_distance"] == 1.0
+    assert kwargs["max_distance"] == 3.0
+    assert kwargs["median_distance"] == 2.0
+    assert kwargs["num_results_returned"] == 3
+
+
+@patch(
+    "api.services.embedding_services.SemanticSearchUsage.objects.create",
+    side_effect=Exception("DB error"),
+)
+def test_log_usage_swallows_exceptions(mock_create):
+    results = [{"distance": 1.0}]
+    user = MagicMock(is_authenticated=True)
+
+    # pytest fails the test if it catches unhandled Exception
+    log_usage(
+        results,
+        message_data="test query",
+        user=user,
+        guid=None,
+        document_name=None,
+        num_results=10,
+        encoding_time=0.1,
+        db_query_time=0.2,
+    )

From 2d2ccd10911291061d23bcdf9b56855590477494 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 16 Feb 2026 16:33:54 -0500
Subject: [PATCH 05/46] Fix duplicate healthcheck key for db service build

---
 docker-compose.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 9182cdb6..7a6e7fe9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,11 +18,6 @@ services:
     networks:
       app_net:
         ipv4_address: 192.168.0.2
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U balancer -d balancer_dev"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
 
   pgadmin:
     image: dpage/pgadmin4

From 01ccf9ab0995645e0ad0c0782eb9bc5efb6ed595 Mon Sep 17 00:00:00 2001
From: Akhil Bolla <129509874+AkhilRB0204@users.noreply.github.com>
Date: Mon, 16 Feb 2026 22:01:40 -0500
Subject: [PATCH 06/46] Enhance input sanitization and normalize pronouns

Updated the sanitizer function to improve input sanitization by removing style tags, normalizing pronouns, and increasing the maximum length limit.
---
 server/api/views/assistant/sanitizer.py | 62 ++++++++++++++++++++++---
 1 file changed, 56 insertions(+), 6 deletions(-)

diff --git a/server/api/views/assistant/sanitizer.py b/server/api/views/assistant/sanitizer.py
index bdbbc77f..fd851df6 100644
--- a/server/api/views/assistant/sanitizer.py
+++ b/server/api/views/assistant/sanitizer.py
@@ -1,26 +1,76 @@
 import re
 import logging
+
 logger = logging.getLogger(__name__)
 def sanitize_input(user_input:str) -> str:
     """
     Sanitize user input to prevent injection attacks and remove unwanted characters.
+    
     Args:
         user_input (str): The raw input string from the user.
+        
     Returns:
         str: The sanitized input string.
     """
     try:
-        # Remove any script tags
-        sanitized = re.sub(r'<script.*?>.*?</script>', '', user_input, flags=re.IGNORECASE)
-        # Remove any HTML tags
+        sanitized = user_input
+        
+        # Remove any style tags
+        sanitized = re.sub(r'<style.*?>.*?</style>', '', sanitized, flags=re.IGNORECASE)
+
+        # Remove any HTML/script tags
         sanitized = re.sub(r'<.*?>', '', sanitized)
+
+        # Remove Phone Numbers
+        sanitized = re.sub(r'\+?\d[\d -]{8,}\d', '[Phone Number]', sanitized)
+
+        # Remove Email Addresses
+        sanitized = re.sub(r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}', '[Email Address]', sanitized)
+
+        # Remove Medical Record Numbers (simple pattern)
+        sanitized = re.sub(r'\bMRN[:\s]*\d+\b', '[Medical Record Number]', sanitized, flags=re.IGNORECASE)
+
+        # Normalize pronouns
+        sanitized = normalize_pronouns(sanitized)
+
         # Escape special characters
-        sanitized = re.sub(r'["\'\\]', '', sanitized)
+        sanitized = re.sub(r'\s+', '', sanitized)
+
         # Limit length to prevent buffer overflow attacks
-        max_length = 1000
+        max_length = 5000
         if len(sanitized) > max_length:
             sanitized = sanitized[:max_length]
+        
         return sanitized.strip()
     except Exception as e:
         logger.error(f"Error sanitizing input: {e}")
-        return ""
\ No newline at end of file
+        return ""
+    
+def normalize_pronouns(text:str) -> str:
+    """
+    Normalize first and second person pronouns to third person clinical language.
+
+    Converts patient centric pronouns to a more neutral form.
+    Args:
+        text (str): The input text containing pronouns.
+    Returns:
+        str: The text with normalized pronouns.
+    """
+    # Normalize first person possessives: I, me, my, mine -> the patient
+    text = re.sub(r'\bMy\b', 'The patient\'s', text)
+    text = re.sub(r'\bmy\b', 'the patient\'s', text)
+
+    # First person subject: I -> the patient
+    text = re.sub(r'\bI\b', 'the patient', text)
+
+    # First person object: me -> the patient
+    text = re.sub(r'\bme\b', 'the patient', text)
+
+    # First person reflexive: myself -> the patient
+    text = re.sub(r'\bmyself\b', 'the patient', text)
+
+    # Second person: you, your -> the clinician
+    text = re.sub(r'\bYour\b', 'the clinician', text)
+    return text
+
+

From da9afaa905a43218e1f947360aa141662359e1aa Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 17 Feb 2026 14:40:13 -0500
Subject: [PATCH 07/46] DOC Add a note about running pytest in the README

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index f1cea06b..15018d37 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,11 @@ df = pd.read_sql(query, engine)
 
 #### Django REST
 - The email and password are set in `server/api/management/commands/createsu.py`
+- Backend tests can be run using `pytest` by running the below command inside the running backend container:
+
+```
+docker compose exec backend pytest api/ -v
+```
 
 ## Local Kubernetes Deployment
 

From b08152f94a079b24681e79203476dcbbbdcb0d83 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Wed, 18 Feb 2026 14:18:12 -0500
Subject: [PATCH 08/46] fix: changed link to direct to balancer github page

---
 frontend/src/components/Footer/Footer.tsx   | 2 +-
 frontend/src/components/Header/Header.tsx   | 2 +-
 frontend/src/components/Header/MdNavBar.tsx | 2 +-
 frontend/src/pages/About/About.tsx          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/src/components/Footer/Footer.tsx b/frontend/src/components/Footer/Footer.tsx
index d656f5ad..2f68ec49 100644
--- a/frontend/src/components/Footer/Footer.tsx
+++ b/frontend/src/components/Footer/Footer.tsx
@@ -62,7 +62,7 @@ function Footer() {
           >
             Leave feedback
           </Link>
-          <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+          <a href="https://github.com/CodeForPhilly/balancer-main"
             target="_blank"
             className="flex justify-center text-black hover:border-blue-600 hover:text-blue-600 hover:no-underline"
           >
diff --git a/frontend/src/components/Header/Header.tsx b/frontend/src/components/Header/Header.tsx
index cbbd2c93..a0edc859 100644
--- a/frontend/src/components/Header/Header.tsx
+++ b/frontend/src/components/Header/Header.tsx
@@ -165,7 +165,7 @@ const Header: React.FC<LoginFormProps> = ({ isAuthenticated, isSuperuser }) => {
               Leave Feedback
             </Link>
             <a
-              href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+              href="https://github.com/CodeForPhilly/balancer-main"
               target="_blank"
               className="header-nav-item"
             >
diff --git a/frontend/src/components/Header/MdNavBar.tsx b/frontend/src/components/Header/MdNavBar.tsx
index 5a8d5bce..00d45f55 100644
--- a/frontend/src/components/Header/MdNavBar.tsx
+++ b/frontend/src/components/Header/MdNavBar.tsx
@@ -120,7 +120,7 @@ const MdNavBar = (props: LoginFormProps) => {
                         </Link>
                     </li>
                     <li className="border-b border-gray-300 p-4">
-                        <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+                        <a href="https://github.com/CodeForPhilly/balancer-main"
                           target="_blank"
                           className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
                         >
diff --git a/frontend/src/pages/About/About.tsx b/frontend/src/pages/About/About.tsx
index c50f6705..e1c7242e 100644
--- a/frontend/src/pages/About/About.tsx
+++ b/frontend/src/pages/About/About.tsx
@@ -77,7 +77,7 @@ function About() {
             </div>
           </div>
           <div className="mb-20 mt-5 flex flex-row flex-wrap justify-center gap-4">
-            <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw" target="_blank">
+            <a href="https://github.com/CodeForPhilly/balancer-main" target="_blank">
               <button className="btnBlue transition-transform focus:outline-none focus:ring focus:ring-blue-200">
                 Donate
               </button>

From b94e998d8c355eb19153b2d8af5527c3fa17ff14 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Fri, 20 Feb 2026 15:33:35 -0500
Subject: [PATCH 09/46] Fix error 1, added unit tests and more logging

---
 server/api/views/uploadFile/test_title.py | 30 +++++++++++++++++++++++
 server/api/views/uploadFile/title.py      |  3 ++-
 server/api/views/uploadFile/views.py      |  4 +++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 69979620..5391ed05 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -67,3 +67,33 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
         title.generate_title(doc)
 
         self.assertTrue(mock_openAI.called)
+
+    @patch("api.services.openai_services.openAIServices.openAI")
+    def test_strips_quotes_from_openai_title(self, mock_openAI):
+        doc = MagicMock()
+        doc.metadata = {"title": None}
+        doc.get_text.return_value = []
+
+        mock_response = MagicMock()
+        mock_response.choices = [MagicMock()]
+        mock_response.choices[0].message.content = '"Updated CANMAT/ISBD Guidelines for Treating Mixed Features in Bipolar Disorder"'
+        mock_openAI.return_value = mock_response
+
+        result = title.generate_title(doc)
+
+        self.assertEqual(result, "Updated CANMAT/ISBD Guidelines for Treating Mixed Features in Bipolar Disorder")
+
+    @patch("api.services.openai_services.openAIServices.openAI")
+    def test_truncates_long_openai_title(self, mock_openAI):
+        doc = MagicMock()
+        doc.metadata = {"title": None}
+        doc.get_text.return_value = []
+
+        mock_response = MagicMock()
+        mock_response.choices = [MagicMock()]
+        mock_response.choices[0].message.content = "A" * 300
+        mock_openAI.return_value = mock_response
+
+        result = title.generate_title(doc)
+
+        self.assertLessEqual(len(result), 255)
diff --git a/server/api/views/uploadFile/title.py b/server/api/views/uploadFile/title.py
index 06e0ce0c..b3f8aded 100644
--- a/server/api/views/uploadFile/title.py
+++ b/server/api/views/uploadFile/title.py
@@ -58,4 +58,5 @@ def summarize_pdf(pdf: fitz.Document) -> str:
     prompt = "Please provide a title for this document. The title should be less than 256 characters and will be displayed on a webpage."
     response = openAIServices.openAI(
         first_page_content, prompt, model='gpt-4o', temp=0.0)
-    return response.choices[0].message.content
+    title = response.choices[0].message.content.strip().strip('"').strip("'")
+    return title[:255]
diff --git a/server/api/views/uploadFile/views.py b/server/api/views/uploadFile/views.py
index 69dfb996..58bd8752 100644
--- a/server/api/views/uploadFile/views.py
+++ b/server/api/views/uploadFile/views.py
@@ -12,6 +12,9 @@
 import fitz
 from django.db import transaction
 from .title import generate_title
+import logging
+
+logger = logging.getLogger(__name__)
 
 
 class UploadFileView(APIView):
@@ -124,6 +127,7 @@ def post(self, request, format=None):
             )
         except Exception as e:
             # Handle potential errors
+            logger.exception("File upload failed for '%s': %s", uploaded_file.name, e)
             return Response({"message": f"Error processing file and embeddings: {str(e)}"},
                             status=status.HTTP_400_BAD_REQUEST)
 

From 530b90a17afa6136e6c9de9abd472794c4058193 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 23 Feb 2026 12:19:50 -0500
Subject: [PATCH 10/46] Changed button text from "donate" to "Support
 Developoment"

---
 frontend/src/components/Footer/Footer.tsx   | 4 ++--
 frontend/src/components/Header/Header.tsx   | 2 +-
 frontend/src/components/Header/MdNavBar.tsx | 2 +-
 frontend/src/pages/About/About.tsx          | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/frontend/src/components/Footer/Footer.tsx b/frontend/src/components/Footer/Footer.tsx
index 2f68ec49..977c59d4 100644
--- a/frontend/src/components/Footer/Footer.tsx
+++ b/frontend/src/components/Footer/Footer.tsx
@@ -64,9 +64,9 @@ function Footer() {
           </Link>
           <a href="https://github.com/CodeForPhilly/balancer-main"
             target="_blank"
-            className="flex justify-center text-black hover:border-blue-600 hover:text-blue-600 hover:no-underline"
+            className="flex justify-center text-center text-black hover:border-blue-600 hover:text-blue-600 hover:no-underline"
           >
-            Donate
+            Support Development
           </a>
           <Link
             to="/help"
diff --git a/frontend/src/components/Header/Header.tsx b/frontend/src/components/Header/Header.tsx
index a0edc859..c2fe3cfc 100644
--- a/frontend/src/components/Header/Header.tsx
+++ b/frontend/src/components/Header/Header.tsx
@@ -169,7 +169,7 @@ const Header: React.FC<LoginFormProps> = ({ isAuthenticated, isSuperuser }) => {
               target="_blank"
               className="header-nav-item"
             >
-              Donate
+              Support Development
             </a>
             {isAuthenticated && isSuperuser && (
               <div
diff --git a/frontend/src/components/Header/MdNavBar.tsx b/frontend/src/components/Header/MdNavBar.tsx
index 00d45f55..ccd06fcd 100644
--- a/frontend/src/components/Header/MdNavBar.tsx
+++ b/frontend/src/components/Header/MdNavBar.tsx
@@ -124,7 +124,7 @@ const MdNavBar = (props: LoginFormProps) => {
                           target="_blank"
                           className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
                         >
-                          Donate
+                          Support Development
                         </a>
                     </li>
                     {isAuthenticated &&
diff --git a/frontend/src/pages/About/About.tsx b/frontend/src/pages/About/About.tsx
index e1c7242e..9481c74d 100644
--- a/frontend/src/pages/About/About.tsx
+++ b/frontend/src/pages/About/About.tsx
@@ -79,7 +79,7 @@ function About() {
           <div className="mb-20 mt-5 flex flex-row flex-wrap justify-center gap-4">
             <a href="https://github.com/CodeForPhilly/balancer-main" target="_blank">
               <button className="btnBlue transition-transform focus:outline-none focus:ring focus:ring-blue-200">
-                Donate
+                Support Development
               </button>
             </a>
 

From f96606d18b0f9fa2aca25033ba26079c290b54ac Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 23 Feb 2026 16:46:38 -0500
Subject: [PATCH 11/46] Fix 401 by using adminApi instead of raw axios

---
 frontend/src/pages/DocumentManager/UploadFile.tsx | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/frontend/src/pages/DocumentManager/UploadFile.tsx b/frontend/src/pages/DocumentManager/UploadFile.tsx
index 2ee7b5db..32b727e8 100644
--- a/frontend/src/pages/DocumentManager/UploadFile.tsx
+++ b/frontend/src/pages/DocumentManager/UploadFile.tsx
@@ -1,5 +1,5 @@
 import React, { useState, useRef } from "react";
-import axios from "axios";
+import { adminApi } from "../../api/apiClient";
 import TypingAnimation from "../../components/Header/components/TypingAnimation.tsx";
 import Layout from "../Layout/Layout.tsx";
 
@@ -22,14 +22,9 @@ const UploadFile: React.FC = () => {
     formData.append("file", file);
 
     try {
-      const response = await axios.post(
+      const response = await adminApi.post(
         `/api/v1/api/uploadFile`,
         formData,
-        {
-          headers: {
-            "Content-Type": "multipart/form-data"
-          },
-        }
       );
       console.log("File uploaded successfully", response.data);
     } catch (error) {

From bbf1034d065774a252bee3cae07300584e84fbe6 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 15:48:51 -0500
Subject: [PATCH 12/46] Fixed wrong API url path in handleDownload

---
 frontend/src/pages/Files/ListOfFiles.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/pages/Files/ListOfFiles.tsx b/frontend/src/pages/Files/ListOfFiles.tsx
index b6fff4ee..cac0836c 100644
--- a/frontend/src/pages/Files/ListOfFiles.tsx
+++ b/frontend/src/pages/Files/ListOfFiles.tsx
@@ -61,7 +61,7 @@ const ListOfFiles: React.FC<{ showTable?: boolean }> = ({
   const handleDownload = async (guid: string, fileName: string) => {
     try {
       setDownloading(guid);
-      const { data } = await publicApi.get(`/v1/api/uploadFile/${guid}`, { responseType: 'blob' });
+      const { data } = await publicApi.get(`/api/v1/api/uploadFile/${guid}`, { responseType: 'blob' });
 
       const url = window.URL.createObjectURL(new Blob([data]));
       const link = document.createElement("a");

From 128418b5cc05a867c0419d504be42cdbd6b7cf51 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 16:22:45 -0500
Subject: [PATCH 13/46] Fixed API URL in handleOpen as well

---
 frontend/src/pages/Files/ListOfFiles.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/pages/Files/ListOfFiles.tsx b/frontend/src/pages/Files/ListOfFiles.tsx
index cac0836c..37bd459a 100644
--- a/frontend/src/pages/Files/ListOfFiles.tsx
+++ b/frontend/src/pages/Files/ListOfFiles.tsx
@@ -82,7 +82,7 @@ const ListOfFiles: React.FC<{ showTable?: boolean }> = ({
   const handleOpen = async (guid: string) => {
     try {
       setOpening(guid);
-      const { data } = await publicApi.get(`/v1/api/uploadFile/${guid}`, { responseType: 'arraybuffer' });
+      const { data } = await publicApi.get(`/api/v1/api/uploadFile/${guid}`, { responseType: 'arraybuffer' });
 
       const file = new Blob([data], { type: 'application/pdf' });
       const fileURL = window.URL.createObjectURL(file);

From 332af9fca17085196bdad7db35d7fbe46c981274 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 16:57:36 -0500
Subject: [PATCH 14/46] drf-spectacular configuration

---
 server/balancer_backend/settings.py | 8 ++++++++
 server/requirements.txt             | 3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
index 9f917a94..cfa90dce 100644
--- a/server/balancer_backend/settings.py
+++ b/server/balancer_backend/settings.py
@@ -51,6 +51,7 @@
     "corsheaders",
     "rest_framework",
     "djoser",
+    'drf_spectacular',
 ]
 
 MIDDLEWARE = [
@@ -195,8 +196,15 @@
     "DEFAULT_AUTHENTICATION_CLASSES": (
         "rest_framework_simplejwt.authentication.JWTAuthentication",
     ),
+    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
 }
 
+SPECTACULAR_SETTINGS = {
+    'TITLE': 'Balancer API',
+    'DESCRIPTION': 'API for the Balancer medication decision support tool',
+    'VERSION': '1.0.0',
+    'SERVE_INCLUDE_SCHEMA': False,
+}
 
 SIMPLE_JWT = {
     "AUTH_HEADER_TYPES": ("JWT",),
diff --git a/server/requirements.txt b/server/requirements.txt
index bbaf7bc9..880500c6 100644
--- a/server/requirements.txt
+++ b/server/requirements.txt
@@ -18,4 +18,5 @@ sentence_transformers
 PyMuPDF==1.24.0
 Pillow
 pytesseract
-anthropic
\ No newline at end of file
+anthropic
+drf-spectacular
\ No newline at end of file

From a34a9f8ceda2358cebd8607c9dcb04136e590cb3 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 17:10:03 -0500
Subject: [PATCH 15/46] Added URL routes for API docs generation

---
 server/balancer_backend/urls.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/balancer_backend/urls.py b/server/balancer_backend/urls.py
index c8bd290d..55bd2032 100644
--- a/server/balancer_backend/urls.py
+++ b/server/balancer_backend/urls.py
@@ -6,6 +6,9 @@
 # Import TemplateView for rendering templates
 from django.views.generic import TemplateView
 import importlib  # Import the importlib module for dynamic module importing
+from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView, SpectacularRedocView
+
+
 
 # Define a list of URL patterns for the application
 # Keep admin outside /api/ prefix
@@ -50,6 +53,9 @@
 # Wrap all API routes under /api/ prefix
 urlpatterns += [
     path("api/", include(api_urlpatterns)),
+    path("api/schema/", SpectacularAPIView.as_view(), name="schema"),
+    path("api/docs/", SpectacularSwaggerView.as_view(url_name="schema"), name="swagger-ui"),
+    path("api/redoc/", SpectacularRedocView.as_view(url_name="schema"), name="redoc"),
 ]
 
 import os

From fe660d2eb03db708b30b782f4fab787610640a90 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 17:26:44 -0500
Subject: [PATCH 16/46] Added OpenAPI security scheme

---
 server/balancer_backend/settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
index cfa90dce..a4ccaaae 100644
--- a/server/balancer_backend/settings.py
+++ b/server/balancer_backend/settings.py
@@ -204,6 +204,10 @@
     'DESCRIPTION': 'API for the Balancer medication decision support tool',
     'VERSION': '1.0.0',
     'SERVE_INCLUDE_SCHEMA': False,
+    'SECURITY': [{'jwtAuth': []}],
+    'SWAGGER_UI_SETTINGS': {
+        'persistAuthorization': True,
+    },
 }
 
 SIMPLE_JWT = {

From 3c83abdc2a32cc6c300fc833671e8f7a937ba88e Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 26 Feb 2026 18:12:52 -0500
Subject: [PATCH 17/46] Added extend_schema and serializer_class to endpoints
 that drf-spectacular missed with default settings

---
 server/api/views/ai_promptStorage/views.py    |  3 ++
 server/api/views/ai_settings/views.py         |  2 +
 server/api/views/assistant/views.py           | 17 +++++++
 server/api/views/conversations/views.py       | 31 ++++++++++++
 server/api/views/embeddings/embeddingsView.py | 23 ++++++++-
 server/api/views/feedback/views.py            |  1 +
 server/api/views/listMeds/views.py            | 48 ++++++++++++++++++-
 server/api/views/medRules/serializers.py      |  2 +
 server/api/views/medRules/views.py            | 25 +++++++++-
 .../api/views/risk/views_riskWithSources.py   | 25 +++++++++-
 server/api/views/text_extraction/views.py     | 29 +++++++++++
 server/api/views/uploadFile/views.py          | 46 +++++++++++++++++-
 server/api/views/version/views.py             |  7 +++
 13 files changed, 254 insertions(+), 5 deletions(-)

diff --git a/server/api/views/ai_promptStorage/views.py b/server/api/views/ai_promptStorage/views.py
index 7354feb3..cc50f22e 100644
--- a/server/api/views/ai_promptStorage/views.py
+++ b/server/api/views/ai_promptStorage/views.py
@@ -1,10 +1,12 @@
 from rest_framework import status
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
+from drf_spectacular.utils import extend_schema
 from .models import AI_PromptStorage
 from .serializers import AI_PromptStorageSerializer
 
 
+@extend_schema(request=AI_PromptStorageSerializer, responses={201: AI_PromptStorageSerializer})
 @api_view(['POST'])
 # @permission_classes([IsAuthenticated])
 def store_prompt(request):
@@ -21,6 +23,7 @@ def store_prompt(request):
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
+@extend_schema(responses={200: AI_PromptStorageSerializer(many=True)})
 @api_view(['GET'])
 def get_all_prompts(request):
     """
diff --git a/server/api/views/ai_settings/views.py b/server/api/views/ai_settings/views.py
index 349b9fd9..9ee6aad7 100644
--- a/server/api/views/ai_settings/views.py
+++ b/server/api/views/ai_settings/views.py
@@ -2,10 +2,12 @@
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
+from drf_spectacular.utils import extend_schema
 from .models import AI_Settings
 from .serializers import AISettingsSerializer
 
 
+@extend_schema(request=AISettingsSerializer, responses={200: AISettingsSerializer(many=True), 201: AISettingsSerializer})
 @api_view(['GET', 'POST'])
 @permission_classes([IsAuthenticated])
 def settings_view(request):
diff --git a/server/api/views/assistant/views.py b/server/api/views/assistant/views.py
index f31ab475..e3e8d6f7 100644
--- a/server/api/views/assistant/views.py
+++ b/server/api/views/assistant/views.py
@@ -10,6 +10,8 @@
 from rest_framework.permissions import AllowAny
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
+from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework import serializers as drf_serializers
 
 from openai import OpenAI
 
@@ -113,6 +115,21 @@ def invoke_functions_from_response(
 class Assistant(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        request=inline_serializer(name='AssistantRequest', fields={
+            'message': drf_serializers.CharField(help_text='User message to send to the assistant'),
+            'previous_response_id': drf_serializers.CharField(required=False, allow_null=True, help_text='ID of previous response for conversation continuity'),
+        }),
+        responses={
+            200: inline_serializer(name='AssistantResponse', fields={
+                'response_output_text': drf_serializers.CharField(),
+                'final_response_id': drf_serializers.CharField(),
+            }),
+            500: inline_serializer(name='AssistantError', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request):
         try:
             user = request.user
diff --git a/server/api/views/conversations/views.py b/server/api/views/conversations/views.py
index eeb68809..de927cf1 100644
--- a/server/api/views/conversations/views.py
+++ b/server/api/views/conversations/views.py
@@ -16,6 +16,8 @@
 from .models import Conversation, Message
 from .serializers import ConversationSerializer
 from ...services.tools.tools import tools, execute_tool
+from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework import serializers as drf_serializers
 
 
 @csrf_exempt
@@ -95,6 +97,21 @@ def destroy(self, request, *args, **kwargs):
         self.perform_destroy(instance)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @extend_schema(
+        request=inline_serializer(name='ContinueConversationRequest', fields={
+            'message': drf_serializers.CharField(help_text='User message to continue the conversation'),
+            'page_context': drf_serializers.CharField(required=False, help_text='Optional page context'),
+        }),
+        responses={
+            200: inline_serializer(name='ContinueConversationResponse', fields={
+                'response': drf_serializers.CharField(),
+                'title': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='ContinueConversationBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     @action(detail=True, methods=['post'])
     def continue_conversation(self, request, pk=None):
         conversation = self.get_object()
@@ -123,6 +140,20 @@ def continue_conversation(self, request, pk=None):
 
         return Response({"response": chatgpt_response, "title": conversation.title})
 
+    @extend_schema(
+        request=inline_serializer(name='UpdateTitleRequest', fields={
+            'title': drf_serializers.CharField(help_text='New conversation title'),
+        }),
+        responses={
+            200: inline_serializer(name='UpdateTitleResponse', fields={
+                'status': drf_serializers.CharField(),
+                'title': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='UpdateTitleBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     @action(detail=True, methods=['patch'])
     def update_title(self, request, pk=None):
         conversation = self.get_object()
diff --git a/server/api/views/embeddings/embeddingsView.py b/server/api/views/embeddings/embeddingsView.py
index d0bdd8ca..ebcf0774 100644
--- a/server/api/views/embeddings/embeddingsView.py
+++ b/server/api/views/embeddings/embeddingsView.py
@@ -1,8 +1,9 @@
 from rest_framework.views import APIView
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import status
+from rest_framework import status, serializers as drf_serializers
 from django.http import StreamingHttpResponse
+from drf_spectacular.utils import extend_schema, inline_serializer, OpenApiParameter
 from ...services.embedding_services import get_closest_embeddings
 from ...services.conversions_services import convert_uuids
 from ...services.openai_services import openAIServices
@@ -15,6 +16,26 @@
 class AskEmbeddingsAPIView(APIView):
     permission_classes = [IsAuthenticated]
 
+    @extend_schema(
+        parameters=[
+            OpenApiParameter(name='guid', type=str, location=OpenApiParameter.QUERY, required=False, description='Optional file GUID to filter embeddings'),
+            OpenApiParameter(name='stream', type=bool, location=OpenApiParameter.QUERY, required=False, description='Enable streaming response'),
+        ],
+        request=inline_serializer(name='AskEmbeddingsRequest', fields={
+            'message': drf_serializers.CharField(help_text='Question to ask against embedded documents'),
+        }),
+        responses={
+            200: inline_serializer(name='AskEmbeddingsResponse', fields={
+                'question': drf_serializers.CharField(),
+                'llm_response': drf_serializers.CharField(),
+                'embeddings_info': drf_serializers.CharField(),
+                'sent_to_llm': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='AskEmbeddingsBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request, *args, **kwargs):
         try:
             user = request.user
diff --git a/server/api/views/feedback/views.py b/server/api/views/feedback/views.py
index d0f0e1da..424e0758 100644
--- a/server/api/views/feedback/views.py
+++ b/server/api/views/feedback/views.py
@@ -9,6 +9,7 @@
 
 class FeedbackView(APIView):
     permission_classes = [AllowAny]
+    serializer_class = FeedbackSerializer
 
     def post(self, request, *args, **kwargs):
         serializer = FeedbackSerializer(data=request.data)
diff --git a/server/api/views/listMeds/views.py b/server/api/views/listMeds/views.py
index fcd0edf2..1b199a7e 100644
--- a/server/api/views/listMeds/views.py
+++ b/server/api/views/listMeds/views.py
@@ -1,7 +1,8 @@
-from rest_framework import status
+from rest_framework import status, serializers as drf_serializers
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from drf_spectacular.utils import extend_schema, inline_serializer
 
 from .models import Diagnosis, Medication, Suggestion
 from .serializers import MedicationSerializer
@@ -24,6 +25,33 @@
 class GetMedication(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        request=inline_serializer(
+            name='GetMedicationRequest',
+            fields={
+                'state': drf_serializers.CharField(help_text='Diagnosis state, e.g. "depressed", "manic"'),
+                'suicideHistory': drf_serializers.BooleanField(default=False),
+                'kidneyHistory': drf_serializers.BooleanField(default=False),
+                'liverHistory': drf_serializers.BooleanField(default=False),
+                'bloodPressureHistory': drf_serializers.BooleanField(default=False),
+                'weightGainConcern': drf_serializers.BooleanField(default=False),
+                'priorMedications': drf_serializers.CharField(required=False, default='', help_text='Comma-separated medication names'),
+            }
+        ),
+        responses={
+            200: inline_serializer(
+                name='GetMedicationResponse',
+                fields={
+                    'first': drf_serializers.ListField(child=drf_serializers.DictField()),
+                    'second': drf_serializers.ListField(child=drf_serializers.DictField()),
+                    'third': drf_serializers.ListField(child=drf_serializers.DictField()),
+                }
+            ),
+            404: inline_serializer(name='GetMedicationNotFound', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request):
         data = request.data
         state_query = data.get('state', '')
@@ -75,6 +103,7 @@ def post(self, request):
 
 class ListOrDetailMedication(APIView):
     permission_classes = [AllowAny]
+    serializer_class = MedicationSerializer
 
     def get(self, request):
         name_query = request.query_params.get('name', None)
@@ -98,6 +127,7 @@ class AddMedication(APIView):
     """
     API endpoint to add a medication to the database with its risks and benefits.
     """
+    serializer_class = MedicationSerializer
 
     def post(self, request):
         data = request.data
@@ -129,6 +159,22 @@ class DeleteMedication(APIView):
     API endpoint to delete medication if medication in database.
     """
 
+    @extend_schema(
+        request=inline_serializer(name='DeleteMedicationRequest', fields={
+            'name': drf_serializers.CharField(),
+        }),
+        responses={
+            200: inline_serializer(name='DeleteMedicationSuccess', fields={
+                'success': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='DeleteMedicationBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+            404: inline_serializer(name='DeleteMedicationNotFound', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def delete(self, request):
         data = request.data
         name = data.get('name', '').strip()
diff --git a/server/api/views/medRules/serializers.py b/server/api/views/medRules/serializers.py
index df5e3663..e0d7d3f3 100644
--- a/server/api/views/medRules/serializers.py
+++ b/server/api/views/medRules/serializers.py
@@ -1,4 +1,5 @@
 from rest_framework import serializers
+from drf_spectacular.utils import extend_schema_field
 from ...models.model_medRule import MedRule, MedRuleSource
 from ..listMeds.serializers import MedicationSerializer
 from ...models.model_embeddings import Embeddings
@@ -30,6 +31,7 @@ class Meta:
             "medication_sources",
         ]
 
+    @extend_schema_field(MedicationWithSourcesSerializer(many=True))
     def get_medication_sources(self, obj):
         medrule_sources = MedRuleSource.objects.filter(medrule=obj).select_related(
             "medication", "embedding"
diff --git a/server/api/views/medRules/views.py b/server/api/views/medRules/views.py
index 2fae140b..2f80f8f3 100644
--- a/server/api/views/medRules/views.py
+++ b/server/api/views/medRules/views.py
@@ -1,9 +1,10 @@
 from rest_framework.views import APIView
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import status
+from rest_framework import status, serializers as drf_serializers
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
+from drf_spectacular.utils import extend_schema, inline_serializer
 from ...models.model_medRule import MedRule
 from .serializers import MedRuleSerializer  # You'll need to create this
 from ..listMeds.models import Medication
@@ -13,6 +14,7 @@
 @method_decorator(csrf_exempt, name='dispatch')
 class MedRules(APIView):
     permission_classes = [IsAuthenticated]
+    serializer_class = MedRuleSerializer
 
     def get(self, request, format=None):
         # Get all med rules
@@ -29,6 +31,27 @@ def get(self, request, format=None):
 
         return Response(data, status=status.HTTP_200_OK)
     
+    @extend_schema(
+        request=inline_serializer(name='MedRuleCreateRequest', fields={
+            'rule_type': drf_serializers.CharField(help_text='INCLUDE or EXCLUDE'),
+            'history_type': drf_serializers.CharField(help_text='e.g. DIAGNOSIS_DEPRESSED, DIAGNOSIS_MANIC'),
+            'reason': drf_serializers.CharField(),
+            'label': drf_serializers.CharField(),
+            'explanation': drf_serializers.CharField(),
+            'medication_names': drf_serializers.ListField(child=drf_serializers.CharField()),
+            'chunk_ids': drf_serializers.ListField(child=drf_serializers.IntegerField()),
+            'file_guid': drf_serializers.CharField(),
+        }),
+        responses={
+            201: MedRuleSerializer,
+            400: inline_serializer(name='MedRuleCreateBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+            404: inline_serializer(name='MedRuleCreateNotFound', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request):
 
         data = request.data
diff --git a/server/api/views/risk/views_riskWithSources.py b/server/api/views/risk/views_riskWithSources.py
index c02908fc..26cad9f8 100644
--- a/server/api/views/risk/views_riskWithSources.py
+++ b/server/api/views/risk/views_riskWithSources.py
@@ -1,7 +1,8 @@
 from rest_framework.views import APIView
 from rest_framework.response import Response
-from rest_framework import status
+from rest_framework import status, serializers as drf_serializers
 from rest_framework.permissions import AllowAny
+from drf_spectacular.utils import extend_schema, inline_serializer
 from api.views.listMeds.models import Medication
 from api.models.model_medRule import MedRule, MedRuleSource
 import openai
@@ -11,6 +12,28 @@
 class RiskWithSourcesView(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        request=inline_serializer(name='RiskWithSourcesRequest', fields={
+            'drug': drf_serializers.CharField(help_text='Medication name'),
+            'source': drf_serializers.CharField(required=False, help_text='One of: include, diagnosis, diagnosis_depressed, diagnosis_manic, diagnosis_hypomanic, diagnosis_euthymic'),
+        }),
+        responses={
+            200: inline_serializer(name='RiskWithSourcesResponse', fields={
+                'benefits': drf_serializers.ListField(child=drf_serializers.CharField()),
+                'risks': drf_serializers.ListField(child=drf_serializers.CharField()),
+                'sources': drf_serializers.ListField(child=drf_serializers.DictField()),
+                'medrules_found': drf_serializers.IntegerField(required=False),
+                'source_type': drf_serializers.CharField(required=False),
+                'note': drf_serializers.CharField(required=False),
+            }),
+            400: inline_serializer(name='RiskWithSourcesBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+            404: inline_serializer(name='RiskWithSourcesNotFound', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request):
         openai.api_key = os.environ.get("OPENAI_API_KEY")
 
diff --git a/server/api/views/text_extraction/views.py b/server/api/views/text_extraction/views.py
index e4122851..020740ad 100644
--- a/server/api/views/text_extraction/views.py
+++ b/server/api/views/text_extraction/views.py
@@ -9,6 +9,8 @@
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 import anthropic
+from drf_spectacular.utils import extend_schema, inline_serializer, OpenApiParameter
+from rest_framework import serializers as drf_serializers
 
 from ...services.openai_services import openAIServices
 from api.models.model_embeddings import Embeddings
@@ -97,6 +99,20 @@ class RuleExtractionAPIView(APIView):
 
     permission_classes = [IsAuthenticated]
 
+    @extend_schema(
+        parameters=[
+            OpenApiParameter(name='guid', type=str, location=OpenApiParameter.QUERY, required=True, description='File GUID to extract rules from'),
+        ],
+        responses={
+            200: inline_serializer(name='RuleExtractionResponse', fields={
+                'texts': drf_serializers.CharField(),
+                'cited_texts': drf_serializers.CharField(),
+            }),
+            500: inline_serializer(name='RuleExtractionError', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def get(self, request):
         try:
 
@@ -141,6 +157,19 @@ def openai_extraction(content_chunks, user_prompt):
 class RuleExtractionAPIOpenAIView(APIView):
     permission_classes = [IsAuthenticated]
 
+    @extend_schema(
+        parameters=[
+            OpenApiParameter(name='guid', type=str, location=OpenApiParameter.QUERY, required=True, description='File GUID to extract rules from'),
+        ],
+        responses={
+            200: inline_serializer(name='RuleExtractionOpenAIResponse', fields={
+                'rules': drf_serializers.ListField(child=drf_serializers.DictField()),
+            }),
+            500: inline_serializer(name='RuleExtractionOpenAIError', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def get(self, request):
         try:
             user_prompt = """
diff --git a/server/api/views/uploadFile/views.py b/server/api/views/uploadFile/views.py
index 69dfb996..b9f0cd3d 100644
--- a/server/api/views/uploadFile/views.py
+++ b/server/api/views/uploadFile/views.py
@@ -1,8 +1,9 @@
 from rest_framework.views import APIView
 from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import status
+from rest_framework import status, serializers as drf_serializers
 from rest_framework.generics import UpdateAPIView
+from drf_spectacular.utils import extend_schema, inline_serializer, OpenApiResponse
 import pdfplumber
 from .models import UploadFile  # Import your UploadFile model
 from .serializers import UploadFileSerializer
@@ -15,6 +16,8 @@
 
 
 class UploadFileView(APIView):
+    serializer_class = UploadFileSerializer
+
     def get_permissions(self):
         if self.request.method == 'GET':
             return [AllowAny()]  # Public access
@@ -28,6 +31,23 @@ def get(self, request, format=None):
         serializer = UploadFileSerializer(files, many=True)
         return Response(serializer.data)
 
+    @extend_schema(
+        request={'multipart/form-data': inline_serializer(
+            name='UploadFileRequest',
+            fields={
+                'file': drf_serializers.FileField(help_text='PDF file to upload'),
+            }
+        )},
+        responses={
+            201: inline_serializer(name='UploadFileSuccess', fields={
+                'message': drf_serializers.CharField(),
+                'file_id': drf_serializers.IntegerField(),
+            }),
+            400: inline_serializer(name='UploadFileBadRequest', fields={
+                'message': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request, format=None):
         print(request.auth)
         print(f"UploadFileView post called. Path: {request.path}")
@@ -127,6 +147,22 @@ def post(self, request, format=None):
             return Response({"message": f"Error processing file and embeddings: {str(e)}"},
                             status=status.HTTP_400_BAD_REQUEST)
 
+    @extend_schema(
+        request=inline_serializer(name='DeleteFileRequest', fields={
+            'guid': drf_serializers.CharField(help_text='GUID of file to delete'),
+        }),
+        responses={
+            200: inline_serializer(name='DeleteFileSuccess', fields={
+                'message': drf_serializers.CharField(),
+            }),
+            403: inline_serializer(name='DeleteFileForbidden', fields={
+                'message': drf_serializers.CharField(),
+            }),
+            404: inline_serializer(name='DeleteFileNotFound', fields={
+                'message': drf_serializers.CharField(),
+            }),
+        }
+    )
     def delete(self, request, format=None):
         guid = request.data.get('guid')
         if not guid:
@@ -157,6 +193,14 @@ def delete(self, request, format=None):
 class RetrieveUploadFileView(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        responses={
+            (200, 'application/pdf'): OpenApiResponse(description='PDF file binary content'),
+            404: inline_serializer(name='RetrieveFileNotFound', fields={
+                'message': drf_serializers.CharField(),
+            }),
+        }
+    )
     def get(self, request, guid, format=None):
         try:
             file = UploadFile.objects.get(guid=guid)
diff --git a/server/api/views/version/views.py b/server/api/views/version/views.py
index b79d6577..af59e9e0 100644
--- a/server/api/views/version/views.py
+++ b/server/api/views/version/views.py
@@ -3,11 +3,18 @@
 from rest_framework.permissions import AllowAny
 from rest_framework.views import APIView
 from rest_framework.response import Response
+from rest_framework import serializers as drf_serializers
+from drf_spectacular.utils import extend_schema, inline_serializer
 
 
 class VersionView(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        responses={200: inline_serializer(name='VersionResponse', fields={
+            'version': drf_serializers.CharField(),
+        })}
+    )
     def get(self, request, *args, **kwargs):
         version = os.environ.get("VERSION") or "dev"
         return Response({"version": version})

From 5ce77823c25f0a45fbcdc828e13214b515496bc2 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 27 Feb 2026 16:09:05 -0500
Subject: [PATCH 18/46] Preload SentenceTransformer model at Django startup
 before traffic is routed to the application instance

---
 server/api/apps.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/api/apps.py b/server/api/apps.py
index 66656fd2..4d502cba 100644
--- a/server/api/apps.py
+++ b/server/api/apps.py
@@ -4,3 +4,7 @@
 class ApiConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'api'
+
+    def ready(self):
+        from .services.sentencetTransformer_model import TransformerModel
+        TransformerModel.get_instance()

From 7085aa0c71f210bbe450034deb5ae5af1ef6cbef Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 2 Mar 2026 11:59:48 -0500
Subject: [PATCH 19/46] Requested changes: fix patch decorators to point to
 where openAI is used, not where it's defined

---
 server/api/views/uploadFile/test_title.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 5391ed05..07e1b1ba 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -53,7 +53,7 @@ def test_falls_back_to_first_page_text_if_metadata_title_does_not_match_regex(se
         expected_title = "Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia"
         self.assertEqual(expected_title, title.generate_title(doc))
 
-    @patch("api.services.openai_services.openAIServices.openAI")
+    @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}
@@ -68,7 +68,7 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
 
         self.assertTrue(mock_openAI.called)
 
-    @patch("api.services.openai_services.openAIServices.openAI")
+    @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_strips_quotes_from_openai_title(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}
@@ -83,7 +83,7 @@ def test_strips_quotes_from_openai_title(self, mock_openAI):
 
         self.assertEqual(result, "Updated CANMAT/ISBD Guidelines for Treating Mixed Features in Bipolar Disorder")
 
-    @patch("api.services.openai_services.openAIServices.openAI")
+    @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_truncates_long_openai_title(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}

From e6754df366d1762a1b2028f0ec296c2bbd5eb3b6 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 2 Mar 2026 12:07:57 -0500
Subject: [PATCH 20/46] Requested changes: added comments explaining title
 truncation

---
 server/api/views/uploadFile/test_title.py | 1 +
 server/api/views/uploadFile/title.py      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 07e1b1ba..d5945da8 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -96,4 +96,5 @@ def test_truncates_long_openai_title(self, mock_openAI):
 
         result = title.generate_title(doc)
 
+        # Ensure the title is truncated to fit the UploadFile model's title field (max_length=255), since OpenAI responses may exceed this limit
         self.assertLessEqual(len(result), 255)
diff --git a/server/api/views/uploadFile/title.py b/server/api/views/uploadFile/title.py
index b3f8aded..17f52a74 100644
--- a/server/api/views/uploadFile/title.py
+++ b/server/api/views/uploadFile/title.py
@@ -59,4 +59,5 @@ def summarize_pdf(pdf: fitz.Document) -> str:
     response = openAIServices.openAI(
         first_page_content, prompt, model='gpt-4o', temp=0.0)
     title = response.choices[0].message.content.strip().strip('"').strip("'")
+    # Truncate to fit UploadFile model's max_length=255 title field as a final safeguard
     return title[:255]

From 4b4d7275ed7d580c9ee7b7d51287cdb99a78b9bc Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Mon, 2 Mar 2026 12:15:32 -0500
Subject: [PATCH 21/46] Fix mock setups to match how generate_title accesses
 title

---
 server/api/views/uploadFile/test_title.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index d5945da8..0ec9e1bc 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -57,7 +57,7 @@ def test_falls_back_to_first_page_text_if_metadata_title_does_not_match_regex(se
     def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}
-        doc.get_text.return_value = []
+        doc[0].get_text.return_value = []
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]
@@ -72,7 +72,7 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
     def test_strips_quotes_from_openai_title(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}
-        doc.get_text.return_value = []
+        doc[0].get_text.return_value = []
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]
@@ -87,7 +87,7 @@ def test_strips_quotes_from_openai_title(self, mock_openAI):
     def test_truncates_long_openai_title(self, mock_openAI):
         doc = MagicMock()
         doc.metadata = {"title": None}
-        doc.get_text.return_value = []
+        doc[0].get_text.return_value = []
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]

From e8b0fc1de6be8f89c500a117a4533ad26e632200 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 18:56:12 -0500
Subject: [PATCH 22/46] fix: treat openAIServices.openAI() return value as
 string

---
 server/api/views/uploadFile/title.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/views/uploadFile/title.py b/server/api/views/uploadFile/title.py
index 17f52a74..41e67757 100644
--- a/server/api/views/uploadFile/title.py
+++ b/server/api/views/uploadFile/title.py
@@ -58,6 +58,6 @@ def summarize_pdf(pdf: fitz.Document) -> str:
     prompt = "Please provide a title for this document. The title should be less than 256 characters and will be displayed on a webpage."
     response = openAIServices.openAI(
         first_page_content, prompt, model='gpt-4o', temp=0.0)
-    title = response.choices[0].message.content.strip().strip('"').strip("'")
+    title = response.strip().strip('"').strip("'")
     # Truncate to fit UploadFile model's max_length=255 title field as a final safeguard
     return title[:255]

From e0b7c23bae2a1284202a23a19b16293cecdf4411 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 19:01:34 -0500
Subject: [PATCH 23/46] fix mock test setup to return string instead of mocked
 response object

---
 server/api/views/uploadFile/test_title.py | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 0ec9e1bc..6d95905c 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -59,10 +59,7 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
         doc.metadata = {"title": None}
         doc[0].get_text.return_value = []
 
-        mock_response = MagicMock()
-        mock_response.choices = [MagicMock()]
-        mock_response.choices[0].message.content = "A Study Regarding The Efficacy of Drugs"
-        mock_openAI.return_value = mock_response
+        mock_openAI.return_value = "A Study Regarding The Efficacy of Drugs"
 
         title.generate_title(doc)
 
@@ -74,10 +71,7 @@ def test_strips_quotes_from_openai_title(self, mock_openAI):
         doc.metadata = {"title": None}
         doc[0].get_text.return_value = []
 
-        mock_response = MagicMock()
-        mock_response.choices = [MagicMock()]
-        mock_response.choices[0].message.content = '"Updated CANMAT/ISBD Guidelines for Treating Mixed Features in Bipolar Disorder"'
-        mock_openAI.return_value = mock_response
+        mock_openAI.return_value = '"Updated CANMAT/ISBD Guidelines for Treating Mixed Features in Bipolar Disorder"'
 
         result = title.generate_title(doc)
 
@@ -89,10 +83,7 @@ def test_truncates_long_openai_title(self, mock_openAI):
         doc.metadata = {"title": None}
         doc[0].get_text.return_value = []
 
-        mock_response = MagicMock()
-        mock_response.choices = [MagicMock()]
-        mock_response.choices[0].message.content = "A" * 300
-        mock_openAI.return_value = mock_response
+        mock_openAI.return_value = "A" * 300
 
         result = title.generate_title(doc)
 

From d68fa62b03e9890cab17b46164a4bda6511a5c2f Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 19:05:46 -0500
Subject: [PATCH 24/46] fix to make
 test_falls_back_to_chatgpt_if_no_title_found more robust

---
 server/api/views/uploadFile/test_title.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 6d95905c..e57ee507 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -61,9 +61,10 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
 
         mock_openAI.return_value = "A Study Regarding The Efficacy of Drugs"
 
-        title.generate_title(doc)
+        result = title.generate_title(doc)
 
         self.assertTrue(mock_openAI.called)
+        self.assertEqual(result, "A Study Regarding The Efficacy of Drugs")
 
     @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_strips_quotes_from_openai_title(self, mock_openAI):

From 03b7639bcddf837a78f542ee3eda29c75bc669c3 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 22:25:50 -0500
Subject: [PATCH 25/46] Replace block-position title extraction with
 font-size-based approach

The old "scan first couple pages" logic used get_text("blocks") and picked the first
block matching a title regex, which frequently selected preambles,
journal names, and article headers instead of the actual title.

The new approach uses get_text("dict") to find the largest font size
across the first few pages and collects contiguous runs of text at
that size, since research paper titles are typically the
largest font.
---
 server/api/views/uploadFile/title.py | 91 +++++++++++++++++++++-------
 1 file changed, 68 insertions(+), 23 deletions(-)

diff --git a/server/api/views/uploadFile/title.py b/server/api/views/uploadFile/title.py
index 17f52a74..76afbfd3 100644
--- a/server/api/views/uploadFile/title.py
+++ b/server/api/views/uploadFile/title.py
@@ -15,35 +15,80 @@ def generate_title(pdf: fitz.Document) -> str | None:
     document_metadata_title = pdf.metadata["title"]
     if document_metadata_title is not None and document_metadata_title != "":
         if title_regex.match(document_metadata_title):
-            print("suitable title was found in metadata")
             return document_metadata_title.strip()
-        else:
-            print("metadata title did not match regex")
 
-    print("Looking for title in first page text")
-    first_page = pdf[0]
-    first_page_blocks = first_page.get_text("blocks")
-    text_blocks = [
-        block[4].strip().replace("\n", " ")
-        for block in first_page_blocks
-        if block[6] == 0  # only include text blocks.
-    ]
-
-    # For some reason, extracted PDF text has extra spaces. Collapse them here.
-    regex = r"\s{2,}"
-    text_blocks = [re.sub(regex, " ", text) for text in text_blocks]
-
-    if len(text_blocks) != 0:
-        for text in text_blocks:
-            if title_regex.match(text):
-                return text
-
-    print(
-        "no suitable title found in first page text. Using GPT-4 to summarize the PDF")
+    font_title = extract_title_by_font_size(pdf)
+    if font_title:
+        return font_title
+
     gpt_title = summarize_pdf(pdf)
     return gpt_title or None
 
 
+def extract_title_by_font_size(pdf: fitz.Document, max_pages: int = 3) -> str | None:
+    """
+    Extract the title by finding the largest font size across the first few pages
+    and collecting contiguous runs of text at that size.
+    """
+    pages_to_scan = min(max_pages, len(pdf))
+
+    # First pass: collect all spans with their font size, and find the max font size.
+    all_spans = []
+    max_font_size = 0.0
+
+    for page_idx in range(pages_to_scan):
+        page_dict = pdf[page_idx].get_text("dict")
+        for block in page_dict["blocks"]:
+            if block.get("type") != 0:
+                continue
+            for line in block["lines"]:
+                for span in line["spans"]:
+                    text = span["text"].strip()
+                    size = span["size"]
+                    if len(text) < 2 or size < 6.0:
+                        continue
+                    all_spans.append({"text": text, "size": size})
+                    if size > max_font_size:
+                        max_font_size = size
+
+    if max_font_size == 0.0:
+        return None
+
+    # Second pass: gather contiguous runs of spans at the max font size.
+    # Runs continue across block boundaries so multi-block titles (e.g.,
+    # "BIPOLAR DISORDER IN PRIMARY CARE:" in one block and "DIAGNOSIS AND
+    # MANAGEMENT" in the next) are joined into a single candidate.
+    # A run only ends when a non-max-size span interrupts it.
+    candidates = []
+    current_run = []
+
+    for span in all_spans:
+        if span["size"] == max_font_size:
+            current_run.append(span["text"])
+        else:
+            if current_run:
+                candidates.append(" ".join(current_run))
+                current_run = []
+
+    if current_run:
+        candidates.append(" ".join(current_run))
+
+    # Collapse extra whitespace, validate against title regex, and pick the longest match.
+    # Longest wins because real titles are typically longer than section headers
+    # (e.g., "About the Author") that may share the same max font size.
+    best = None
+    for candidate in candidates:
+        cleaned = re.sub(r"\s{2,}", " ", candidate).strip()
+        if title_regex.match(cleaned):
+            if best is None or len(cleaned) > len(best):
+                best = cleaned
+
+    if best:
+        return best[:255]
+
+    return None
+
+
 def summarize_pdf(pdf: fitz.Document) -> str:
     """
     Summarize a PDF document using OpenAI's GPT-4 model.

From 2a822f60f86857672af5a8d5f688ed3ee5208326 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 22:26:27 -0500
Subject: [PATCH 26/46] loosens the title regex to allow years, question marks,
 apostrophes, and non-breaking spaces in titles.

---
 server/api/views/uploadFile/title.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/api/views/uploadFile/title.py b/server/api/views/uploadFile/title.py
index 76afbfd3..f4e562c1 100644
--- a/server/api/views/uploadFile/title.py
+++ b/server/api/views/uploadFile/title.py
@@ -6,9 +6,9 @@
 
 
 # regular expression to match common research white paper titles. Created by Chat-gpt
-# requires at least 3 words, no dates, no version numbers.
+# requires at least 3 words, no version numbers.
 title_regex = re.compile(
-    r'^(?=(?:\b\w+\b[\s:,\-\(\)]*){3,})(?!.*\b(?:19|20)\d{2}\b)(?!.*\bv\d+\b)[A-Za-z0-9][\w\s:,\-\(\)]*[A-Za-z\)]$', re.IGNORECASE)
+    r"^(?=(?:\b\w+\b[^A-Za-z0-9]*){3,})(?!.*\bv\d+\b)[A-Za-z0-9].+[A-Za-z\)?!]$", re.IGNORECASE)
 
 
 def generate_title(pdf: fitz.Document) -> str | None:

From edf1eb64a77f4dd153a0c075933693831dfaed9f Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Thu, 5 Mar 2026 22:26:58 -0500
Subject: [PATCH 27/46] Update tests for font-size-based title extraction

Refactor test helpers to use get_text("dict") structure instead of
get_text("blocks"). Add tests for multi-span joining, short span
filtering, regex rejection, and multi-page title detection.
---
 server/api/views/uploadFile/test_title.py | 153 +++++++++++++++-------
 1 file changed, 108 insertions(+), 45 deletions(-)

diff --git a/server/api/views/uploadFile/test_title.py b/server/api/views/uploadFile/test_title.py
index 0ec9e1bc..531a3f07 100644
--- a/server/api/views/uploadFile/test_title.py
+++ b/server/api/views/uploadFile/test_title.py
@@ -4,6 +4,39 @@
 from . import title
 
 
+def make_page_dict(blocks):
+    """Helper to build a get_text("dict") return value from a simple list of blocks.
+    Each block is a list of (text, font_size) tuples representing spans.
+    """
+    dict_blocks = []
+    for spans in blocks:
+        dict_blocks.append({
+            "type": 0,
+            "lines": [{
+                "spans": [{"text": text, "size": size} for text, size in spans]
+            }]
+        })
+    return {"blocks": dict_blocks}
+
+
+def make_mock_doc(pages_data, metadata=None):
+    """Build a mock fitz.Document.
+    pages_data: list of block lists, one per page. Each block is a list of (text, size) tuples.
+    """
+    doc = MagicMock()
+    doc.metadata = metadata or {"title": None}
+    doc.__len__ = lambda self: len(pages_data)
+
+    mock_pages = []
+    for page_blocks in pages_data:
+        page = MagicMock()
+        page.get_text.return_value = make_page_dict(page_blocks)
+        mock_pages.append(page)
+
+    doc.__getitem__ = lambda self, idx: mock_pages[idx]
+    return doc
+
+
 class TestGenerateTitle(unittest.TestCase):
     def test_prefers_metadata_title_if_valid(self):
         doc = MagicMock()
@@ -11,53 +44,35 @@ def test_prefers_metadata_title_if_valid(self):
         self.assertEqual(
             "A Study Regarding The Efficacy of Drugs", title.generate_title(doc))
 
-    def test_falls_back_to_first_page_text_if_metadata_title_is_empty(self):
-        doc = MagicMock()
-        doc.metadata = {"title": ""}
-        doc[0].get_text = MagicMock()
-
-        foo_block = [None] * 7
-        foo_block[4] = "foo"
-        foo_block[6] = 0
-
-        title_block = [None] * 7
-        title_block[4] = "Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia"
-        title_block[6] = 0
-
-        bar_block = [None] * 7
-        bar_block[4] = "bar"
-        bar_block[6] = 0
-        doc[0].get_text.return_value = [foo_block, title_block, bar_block]
-
+    def test_falls_back_to_font_size_if_metadata_title_is_empty(self):
+        doc = make_mock_doc(
+            pages_data=[[
+                [("foo", 10.0)],
+                [("Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia", 18.0)],
+                [("bar", 10.0)],
+            ]],
+            metadata={"title": ""},
+        )
         expected_title = "Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia"
         self.assertEqual(expected_title, title.generate_title(doc))
 
-    def test_falls_back_to_first_page_text_if_metadata_title_does_not_match_regex(self):
-        doc = MagicMock()
-        doc.metadata = {"title": "abcd1234"}
-        doc[0].get_text = MagicMock()
-
-        foo_block = [None] * 7
-        foo_block[4] = "foo"
-        foo_block[6] = 0
-
-        title_block = [None] * 7
-        title_block[4] = "Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia"
-        title_block[6] = 0
-
-        bar_block = [None] * 7
-        bar_block[4] = "bar"
-        bar_block[6] = 0
-        doc[0].get_text.return_value = [foo_block, title_block, bar_block]
-
+    def test_falls_back_to_font_size_if_metadata_title_does_not_match_regex(self):
+        doc = make_mock_doc(
+            pages_data=[[
+                [("foo", 10.0)],
+                [("Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia", 18.0)],
+                [("bar", 10.0)],
+            ]],
+            metadata={"title": "abcd1234"},
+        )
         expected_title = "Advances in Mood Disorder Pharmacotherapy: Evaluating New Antipsychotics and Mood Stabilizers for Bipolar Disorder and Schizophrenia"
         self.assertEqual(expected_title, title.generate_title(doc))
 
     @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
-        doc = MagicMock()
-        doc.metadata = {"title": None}
-        doc[0].get_text.return_value = []
+        doc = make_mock_doc(
+            pages_data=[[]]  # no blocks at all
+        )
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]
@@ -70,9 +85,7 @@ def test_falls_back_to_chatgpt_if_no_title_found(self, mock_openAI):
 
     @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_strips_quotes_from_openai_title(self, mock_openAI):
-        doc = MagicMock()
-        doc.metadata = {"title": None}
-        doc[0].get_text.return_value = []
+        doc = make_mock_doc(pages_data=[[]])
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]
@@ -85,9 +98,7 @@ def test_strips_quotes_from_openai_title(self, mock_openAI):
 
     @patch("api.views.uploadFile.title.openAIServices.openAI")
     def test_truncates_long_openai_title(self, mock_openAI):
-        doc = MagicMock()
-        doc.metadata = {"title": None}
-        doc[0].get_text.return_value = []
+        doc = make_mock_doc(pages_data=[[]])
 
         mock_response = MagicMock()
         mock_response.choices = [MagicMock()]
@@ -98,3 +109,55 @@ def test_truncates_long_openai_title(self, mock_openAI):
 
         # Ensure the title is truncated to fit the UploadFile model's title field (max_length=255), since OpenAI responses may exceed this limit
         self.assertLessEqual(len(result), 255)
+
+    def test_font_size_joins_adjacent_spans_in_same_block(self):
+        """A title split across multiple spans in the same block should be joined."""
+        doc = make_mock_doc(
+            pages_data=[[
+                [("Author Name", 10.0)],
+                [("Advances in Mood Disorder", 18.0), ("Pharmacotherapy", 18.0)],
+                [("Some journal info", 10.0)],
+            ]],
+        )
+        result = title.extract_title_by_font_size(doc)
+        self.assertEqual(result, "Advances in Mood Disorder Pharmacotherapy")
+
+    def test_font_size_ignores_short_spans(self):
+        """Superscript markers and other tiny spans should be filtered out."""
+        doc = make_mock_doc(
+            pages_data=[[
+                [("Advances in Mood Disorder Pharmacotherapy", 18.0), ("*", 18.0)],
+                [("Author Name et al.", 10.0)],
+            ]],
+        )
+        # The "*" span is < 2 chars, so it should be ignored; title is just the real text
+        result = title.extract_title_by_font_size(doc)
+        self.assertEqual(result, "Advances in Mood Disorder Pharmacotherapy")
+
+    def test_font_size_returns_none_when_no_regex_match(self):
+        """If the largest-font text doesn't match the title regex, return None."""
+        doc = make_mock_doc(
+            pages_data=[[
+                # Only 2 words — regex requires at least 3
+                [("Psychiatry Research", 18.0)],
+                [("Author Name et al.", 10.0)],
+            ]],
+        )
+        result = title.extract_title_by_font_size(doc)
+        self.assertIsNone(result)
+
+    def test_font_size_finds_title_on_later_page(self):
+        """Title on page 2 should still be found if it has the largest font."""
+        doc = make_mock_doc(
+            pages_data=[
+                [  # page 1: cover page with smaller text
+                    [("Some preamble text here", 12.0)],
+                ],
+                [  # page 2: actual title in larger font
+                    [("Advances in Mood Disorder Pharmacotherapy", 18.0)],
+                    [("Author Name et al.", 10.0)],
+                ],
+            ],
+        )
+        result = title.extract_title_by_font_size(doc)
+        self.assertEqual(result, "Advances in Mood Disorder Pharmacotherapy")

From 4bae7460cc4a2f4805a3e49286dc49d340fd8163 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Tue, 10 Mar 2026 12:28:50 -0400
Subject: [PATCH 28/46] update documentation to include instructions about how
 to use the API docs

---
 CLAUDE.md | 10 ++++++++++
 README.md | 17 +++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/CLAUDE.md b/CLAUDE.md
index 712082e7..b9f417e7 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -147,6 +147,16 @@ Each module contains:
 - Auth endpoints via Djoser: `/auth/`
 - JWT token lifetime: 60 minutes (access), 1 day (refresh)
 
+#### API Documentation
+- Auto-generated using **drf-spectacular** (OpenAPI 3.0)
+- **Swagger UI**: `http://localhost:8000/api/docs/` — interactive API explorer
+- **ReDoc**: `http://localhost:8000/api/redoc/` — readable reference docs
+- **Raw schema**: `http://localhost:8000/api/schema/`
+- Configuration in `SPECTACULAR_SETTINGS` in `settings.py`
+- Views use `@extend_schema` decorators and `serializer_class` attributes for schema generation
+- JWT auth is configured in the schema — use `JWT <token>` (not `Bearer`) in Swagger UI's Authorize dialog
+- To document a new endpoint: add `serializer_class` to the view if it has one, or add `@extend_schema` with `inline_serializer` for views returning raw dicts
+
 #### Key Data Models
 - **Medication** (`api.views.listMeds.models`) - Medication catalog with benefits/risks
 - **MedRule** (`api.models.model_medRule`) - Include/Exclude rules for medications based on patient history
diff --git a/README.md b/README.md
index e5a246b1..8988ea75 100644
--- a/README.md
+++ b/README.md
@@ -74,6 +74,23 @@ df = pd.read_sql(query, engine)
 #### Django REST
 - The email and password are set in `server/api/management/commands/createsu.py`
 
+## API Documentation
+
+Interactive API docs are auto-generated using [drf-spectacular](https://drf-spectacular.readthedocs.io/) and available at:
+
+- **Swagger UI**: [http://localhost:8000/api/docs/](http://localhost:8000/api/docs/) — interactive explorer with "Try it out" functionality
+- **ReDoc**: [http://localhost:8000/api/redoc/](http://localhost:8000/api/redoc/) — clean, readable reference docs
+- **Raw schema**: [http://localhost:8000/api/schema/](http://localhost:8000/api/schema/) — OpenAPI 3.0 JSON/YAML
+
+### Testing authenticated endpoints
+
+Most endpoints require JWT authentication. To test them in Swagger UI:
+
+1. **Get a token**: Find the `POST /auth/jwt/create/` endpoint in Swagger UI, click **Try it out**, enter an authorized `email` and `password`, and click **Execute**. Copy the `access` token from the response.
+2. **Authorize**: Click the **Authorize** button (lock icon) at the top of the page. Enter `JWT <your-access-token>` in the value field. The prefix must be `JWT`, not `Bearer`.
+3. **Test endpoints**: All subsequent requests will include your token. Use **Try it out** on any protected endpoint.
+4. **Token refresh**: Access tokens expire after 60 minutes. Use `POST /auth/jwt/refresh/` with your `refresh` token, or repeat step 1.
+
 ## Architecture
 
 The Balancer website is a Postgres, Django REST, and React project. The source code layout is:

From 6f0deedb5505abf5917320daa9539167adda0447 Mon Sep 17 00:00:00 2001
From: anishamahuli <anisha.mahuli@gmail.com>
Date: Tue, 10 Mar 2026 19:40:16 -0400
Subject: [PATCH 29/46] update site links on README

The links were for the old site and needed an update
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e5a246b1..4603df49 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ for patients with bipolar disorder, helping them shorten their journey to stabil
 
 ## Usage
 
-You can view the current build of the website here: [https://balancertestsite.com](https://balancertestsite.com/)
+You can view the current build of the website here: [https://balancerproject.org/](https://balancerproject.org/)
 
 ## Contributing 
 
@@ -53,7 +53,7 @@ The application supports connecting to PostgreSQL databases via:
 See [Database Connection Documentation](./docs/DATABASE_CONNECTION.md) for detailed configuration.
 
 **Local Development:**
-- Download a sample of papers to upload from [https://balancertestsite.com](https://balancertestsite.com/) 
+- Download a sample of papers to upload from [https://balancerproject.org/](https://balancerproject.org/) 
 - The email and password of `pgAdmin` are specified in `balancer-main/docker-compose.yml`
 - The first time you use `pgAdmin` after building the Docker containers you will need to register the server.
     - The `Host name/address` is the Postgres server service name in the Docker Compose file

From 795f21885e766de9f6379319c5555ef7db48d989 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Wed, 11 Mar 2026 13:09:14 -0400
Subject: [PATCH 30/46] Run python-app workflow on pushes and PRs to develop
 branch

---
 .github/workflows/python-app.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 41bc74d9..a6c07075 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -5,9 +5,9 @@ name: Python application
 
 on:
   push:
-    branches: [ "listOfMed" ]
+    branches: [ "develop" ]
   pull_request:
-    branches: [ "listOfMed" ]
+    branches: [ "develop" ]
 
 permissions:
   contents: read

From d498a0057008b1b2c80bdb176e5940940899639b Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Thu, 19 Mar 2026 13:15:47 -0400
Subject: [PATCH 31/46] =?UTF-8?q?Pytest=20won=E2=80=99t=20automatically=20?=
 =?UTF-8?q?discover=20config=20files=20in=20subdirectories?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/python-app.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index a6c07075..2afa2828 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -29,6 +29,6 @@ jobs:
       run: ruff check --output-format=github --target-version=py39
     - name: Install test dependencies
       run: pip install -r server/requirements.txt
-      # Discover and run all files matching test_*.py or *_test.py under server/
+      # Pytest won’t automatically discover config files in subdirectories
     - name: Run tests
-      run: pytest server/ -v
+      run: pytest -c server/pytest.ini server/ -v

From 3824d81ae0fb722383f7e80df07ca7ba28d0c4e6 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Thu, 19 Mar 2026 13:47:52 -0400
Subject: [PATCH 32/46] Suppress E402 import violations

---
 evaluation/evals.py             | 16 ++++++++--------
 server/balancer_backend/urls.py |  6 +++---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/evaluation/evals.py b/evaluation/evals.py
index 8eb7e9e6..5110076f 100755
--- a/evaluation/evals.py
+++ b/evaluation/evals.py
@@ -21,18 +21,18 @@
 # Ensure the parent directory is in the path to import ModelFactory
 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "..")))
 
-import argparse
-import logging
-import asyncio
-import time
+import argparse  # noqa: E402
+import logging  # noqa: E402
+import asyncio  # noqa: E402
+import time  # noqa: E402
 
-import pandas as pd
+import pandas as pd  # noqa: E402
 
 # lighteval depends on `sentencepiece` and it only has prebuilt wheels for Python 3.11 or below
-from lighteval.tasks.requests import Doc
-from lighteval.metrics.metrics_sample import Extractiveness
+from lighteval.tasks.requests import Doc  # noqa: E402
+from lighteval.metrics.metrics_sample import Extractiveness  # noqa: E402
 
-from server.api.services.llm_services import ModelFactory
+from server.api.services.llm_services import ModelFactory  # noqa: E402
 
 logging.basicConfig(
     level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s"
diff --git a/server/balancer_backend/urls.py b/server/balancer_backend/urls.py
index 55bd2032..cdb92dbb 100644
--- a/server/balancer_backend/urls.py
+++ b/server/balancer_backend/urls.py
@@ -58,9 +58,9 @@
     path("api/redoc/", SpectacularRedocView.as_view(url_name="schema"), name="redoc"),
 ]
 
-import os
-from django.conf import settings
-from django.http import HttpResponseNotFound
+import os # noqa: E402
+from django.conf import settings # noqa: E402
+from django.http import HttpResponseNotFound # noqa: E402
 
 
 def spa_fallback(request):

From 46e9969dade55777098286cd6316bc18444e5b1f Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 20 Mar 2026 12:00:44 -0400
Subject: [PATCH 33/46] Add build_query tests and document coverage gaps in
 embedding_services

---
 server/api/services/embedding_services.py     |   1 +
 .../api/services/test_embedding_services.py   | 202 +++++++++++++++++-
 2 files changed, 201 insertions(+), 2 deletions(-)

diff --git a/server/api/services/embedding_services.py b/server/api/services/embedding_services.py
index 3fa9bb68..aca99133 100644
--- a/server/api/services/embedding_services.py
+++ b/server/api/services/embedding_services.py
@@ -2,6 +2,7 @@
 import logging
 from statistics import median
 
+# filter() only does ADD logic
 from django.db.models import Q
 from pgvector.django import L2Distance
 
diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index 677c1e7b..ea322645 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -1,9 +1,175 @@
 from unittest.mock import MagicMock, patch
 
-from api.services.embedding_services import evaluate_query, log_usage
+from django.db.models import Q
 
+from api.services.embedding_services import build_query, evaluate_query, log_usage
+
+# ---------------------------------------------------------------------------
+# build_query tests
+#
+# build_query only constructs a lazy Django QuerySet — it never evaluates it
+# (no iteration, .get(), .exists(), etc.), so no database is needed.
+#
+# We patch Embeddings.objects so every chained ORM call (.filter, .annotate,
+# .order_by, __getitem__) returns a MagicMock instead of hitting the DB.
+# All assertions inspect which methods were called with which arguments.
+# ---------------------------------------------------------------------------
+
+# Only forwarded to L2Distance
+EMBEDDING_VECTOR = [0.1, 0.2, 0.3]  
+
+# Test authenticated/unauthenticated user access control
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_authenticated_uses_or_filter(mock_objects):
+    # An authenticated user should see their own files OR files uploaded by a
+    # superuser. The initial filter must use an OR-connected Q expression.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR)
+
+    # Q objects support equality comparison in pure Python — no DB needed.
+    expected_q = Q(upload_file__uploaded_by=user) | Q(upload_file__uploaded_by__is_superuser=True)
+    actual_q = mock_objects.filter.call_args.args[0]
+    assert actual_q == expected_q
+
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_unauthenticated_uses_superuser_only_filter(mock_objects):
+    # An unauthenticated user may only see files uploaded by superusers.
+    # The OR branch for the user's own files must NOT be present.
+    user = MagicMock(is_authenticated=False)
+
+    build_query(user, EMBEDDING_VECTOR)
+
+    expected_q = Q(upload_file__uploaded_by__is_superuser=True)
+    actual_q = mock_objects.filter.call_args.args[0]
+    assert actual_q == expected_q
+    
+# Test application of annotate and order_by
+
+# TODO: Strengthen test_build_query_annotates_and_orders_by_distance to also
+#       assert the *arguments* to annotate — specifically that it receives
+#       distance=L2Distance("embedding_sentence_transformers", EMBEDDING_VECTOR).
+#       Currently only the call count is checked, so a wrong field name or a
+#       dropped vector would go undetected.
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_annotates_and_orders_by_distance(mock_objects):
+    # Regardless of other arguments, annotate(distance=L2Distance(...)) and
+    # order_by("distance") must always be applied to the queryset.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR)
+
+    # Retrieve the mock chain that .filter() returned, then check its methods.
+    filtered_qs = mock_objects.filter.return_value
+    filtered_qs.annotate.assert_called_once()
+    filtered_qs.annotate.return_value.order_by.assert_called_once_with("distance")
+
+# Test guid-over-document precedence logic
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_no_document_filter_when_both_none(mock_objects):
+    # When neither guid nor document_name is provided, only the access-control
+    # filter should fire — no secondary filter call for a document.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, document_name=None, guid=None)
+
+    # Exactly one filter call: the auth/access-control filter.
+    assert mock_objects.filter.call_count == 1
+
+
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_guid_takes_precedence_over_document_name(mock_objects):
+    # When both guid and document_name are provided, the guid branch runs and
+    # the document_name branch is skipped entirely (only two filter calls total).
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, guid="abc-123", document_name="study.pdf")
+
+    # Two calls: auth filter + guid filter. No third call for document_name.
+    assert mock_objects.filter.call_count == 2
+
+    # The second filter must use upload_file__guid, not name.
+    # We follow the mock chain to the queryset that .annotate().order_by() returned.
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    ordered_qs.filter.assert_called_once_with(upload_file__guid="abc-123")
+
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_guid_filter_applied(mock_objects):
+    # When only guid is given, a second filter on upload_file__guid is applied.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, guid="doc-guid-456")
+
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    ordered_qs.filter.assert_called_once_with(upload_file__guid="doc-guid-456")
+
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_document_name_filter_applied(mock_objects):
+    # When only document_name is given (guid is None), a second filter on
+    # name is applied instead of upload_file__guid.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, document_name="study.pdf", guid=None)
+
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    ordered_qs.filter.assert_called_once_with(name="study.pdf")
+    
+    
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_empty_string_guid_falls_back_to_document_name(mock_objects):
+    # An empty-string guid is falsy in Python, so it should not trigger the
+    # guid branch. The document_name filter should fire instead. This guards
+    # against callers passing guid="" from an unset form field.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, guid="", document_name="fallback.pdf")
+
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    ordered_qs.filter.assert_called_once_with(name="fallback.pdf")
+
+# Cover LIMIT slicing
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_respects_num_results(mock_objects):
+    # num_results controls the SQL LIMIT via queryset slicing. Verify that a
+    # non-default value propagates correctly to the __getitem__ call.
+    user = MagicMock(is_authenticated=True)
+
+    build_query(user, EMBEDDING_VECTOR, num_results=5)
+
+    # Django translates qs[:5] into qs.__getitem__(slice(None, 5, None)).
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    ordered_qs.__getitem__.assert_called_once_with(slice(None, 5, None))
+
+@patch("api.services.embedding_services.Embeddings.objects")
+def test_build_query_returns_unevaluated_queryset(mock_objects):
+    # build_query must NOT evaluate the queryset (no list(), no iteration).
+    # The return value should be the mock produced by the final __getitem__ call.
+    user = MagicMock(is_authenticated=True)
+
+    result = build_query(user, EMBEDDING_VECTOR)
+
+    ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
+    assert result is ordered_qs.__getitem__.return_value
+    assert not isinstance(result, list)
+
+
+# ---------------------------------------------------------------------------
+# evaluate_query tests
+# ---------------------------------------------------------------------------
+
+# TODO: Add test for empty queryset — evaluate_query([]) should return [].
 
 def test_evaluate_query_maps_fields():
+    # Verify that each Embeddings model attribute is mapped to the correct
+    # output dict key. Note the rename: obj.page_num -> result["page_number"].
     obj = MagicMock()
     obj.name = "doc.pdf"
     obj.text = "some text"
@@ -27,6 +193,8 @@ def test_evaluate_query_maps_fields():
 
 
 def test_evaluate_query_none_upload_file():
+    # When upload_file is None (e.g. the FK was deleted), file_id must be None
+    # rather than raising an AttributeError on None.guid.
     obj = MagicMock()
     obj.name = "doc.pdf"
     obj.text = "some text"
@@ -39,9 +207,26 @@ def test_evaluate_query_none_upload_file():
 
     assert results[0]["file_id"] is None
 
+# ---------------------------------------------------------------------------
+# log_usage tests
+# ---------------------------------------------------------------------------
+
+# TODO: Add test for empty results list — log_usage([]) hits the else branch and
+#       should call SemanticSearchUsage.objects.create with num_results_returned=0
+#       and max_distance=None, median_distance=None, min_distance=None.
+
+# TODO: Add test for unauthenticated user — user.is_authenticated=False should
+#       result in user=None being stored in the SemanticSearchUsage record.
+
+# TODO: Add test for user=None — passing None directly as the user argument
+#       should also store user=None (the expression `user if (user and
+#       user.is_authenticated) else None` handles both cases, but only the
+#       authenticated path is currently exercised).
 
 @patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
 def test_log_usage_computes_distance_stats(mock_create):
+    # Verify min, max, and median are computed correctly from the distance
+    # values in the results list and forwarded to the DB record.
     results = [{"distance": 1.0}, {"distance": 3.0}, {"distance": 2.0}]
     user = MagicMock(is_authenticated=True)
 
@@ -69,10 +254,12 @@ def test_log_usage_computes_distance_stats(mock_create):
     side_effect=Exception("DB error"),
 )
 def test_log_usage_swallows_exceptions(mock_create):
+    # log_usage must not propagate exceptions — a logging failure should never
+    # interrupt the caller's search flow.
+    # pytest fails the test if it catches unhandled Exception
     results = [{"distance": 1.0}]
     user = MagicMock(is_authenticated=True)
 
-    # pytest fails the test if it catches unhandled Exception
     log_usage(
         results,
         message_data="test query",
@@ -83,3 +270,14 @@ def test_log_usage_swallows_exceptions(mock_create):
         encoding_time=0.1,
         db_query_time=0.2,
     )
+
+
+# ---------------------------------------------------------------------------
+# get_closest_embeddings tests
+# ---------------------------------------------------------------------------
+
+# TODO: Add smoke test for get_closest_embeddings verifying the wiring between
+#       its three steps: encode → build_query → evaluate_query → log_usage.
+#       Patch TransformerModel.get_instance, build_query, evaluate_query, and
+#       log_usage. Assert that evaluate_query receives the queryset returned by
+#       build_query, and that the function returns evaluate_query's result.

From 64a19ef56dad988d1a2ea61a0b409c7878d0370c Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 20 Mar 2026 12:39:51 -0400
Subject: [PATCH 34/46] Fill test gaps in test_embedding_services

---
 server/api/services/embedding_services.py     |   2 +-
 .../api/services/test_embedding_services.py   | 149 ++++++++++++++----
 2 files changed, 119 insertions(+), 32 deletions(-)

diff --git a/server/api/services/embedding_services.py b/server/api/services/embedding_services.py
index aca99133..dada28a2 100644
--- a/server/api/services/embedding_services.py
+++ b/server/api/services/embedding_services.py
@@ -2,7 +2,7 @@
 import logging
 from statistics import median
 
-# filter() only does ADD logic
+# Django filter() only does ADD logic
 from django.db.models import Q
 from pgvector.django import L2Distance
 
diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index ea322645..8cbc1be9 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -1,20 +1,21 @@
 from unittest.mock import MagicMock, patch
 
 from django.db.models import Q
+from pgvector.django import L2Distance
 
-from api.services.embedding_services import build_query, evaluate_query, log_usage
+from api.services.embedding_services import (
+    build_query,
+    evaluate_query,
+    get_closest_embeddings,
+    log_usage,
+)
 
 # ---------------------------------------------------------------------------
 # build_query tests
-#
-# build_query only constructs a lazy Django QuerySet — it never evaluates it
-# (no iteration, .get(), .exists(), etc.), so no database is needed.
-#
-# We patch Embeddings.objects so every chained ORM call (.filter, .annotate,
-# .order_by, __getitem__) returns a MagicMock instead of hitting the DB.
-# All assertions inspect which methods were called with which arguments.
 # ---------------------------------------------------------------------------
 
+# All assertions inspect which methods and arguments were called on Embeddings.objects
+
 # Only forwarded to L2Distance
 EMBEDDING_VECTOR = [0.1, 0.2, 0.3]  
 
@@ -48,12 +49,6 @@ def test_build_query_unauthenticated_uses_superuser_only_filter(mock_objects):
     
 # Test application of annotate and order_by
 
-# TODO: Strengthen test_build_query_annotates_and_orders_by_distance to also
-#       assert the *arguments* to annotate — specifically that it receives
-#       distance=L2Distance("embedding_sentence_transformers", EMBEDDING_VECTOR).
-#       Currently only the call count is checked, so a wrong field name or a
-#       dropped vector would go undetected.
-
 @patch("api.services.embedding_services.Embeddings.objects")
 def test_build_query_annotates_and_orders_by_distance(mock_objects):
     # Regardless of other arguments, annotate(distance=L2Distance(...)) and
@@ -67,6 +62,12 @@ def test_build_query_annotates_and_orders_by_distance(mock_objects):
     filtered_qs.annotate.assert_called_once()
     filtered_qs.annotate.return_value.order_by.assert_called_once_with("distance")
 
+    # L2Distance is a Django Func subclass, which implements __eq__ by comparing
+    # class and source expressions — so we can assert the exact field name and
+    # vector without patching L2Distance itself.
+    actual_distance_expr = filtered_qs.annotate.call_args.kwargs["distance"]
+    assert actual_distance_expr == L2Distance("embedding_sentence_transformers", EMBEDDING_VECTOR)
+
 # Test guid-over-document precedence logic
 
 @patch("api.services.embedding_services.Embeddings.objects")
@@ -165,7 +166,10 @@ def test_build_query_returns_unevaluated_queryset(mock_objects):
 # evaluate_query tests
 # ---------------------------------------------------------------------------
 
-# TODO: Add test for empty queryset — evaluate_query([]) should return [].
+def test_evaluate_query_empty_queryset():
+    # An empty iterable should return an empty list, not raise an exception.
+    assert evaluate_query([]) == []
+
 
 def test_evaluate_query_maps_fields():
     # Verify that each Embeddings model attribute is mapped to the correct
@@ -193,8 +197,8 @@ def test_evaluate_query_maps_fields():
 
 
 def test_evaluate_query_none_upload_file():
-    # When upload_file is None (e.g. the FK was deleted), file_id must be None
-    # rather than raising an AttributeError on None.guid.
+    # When upload_file is None, file_id must be None rather than raising
+    # an AttributeError on None.guid.
     obj = MagicMock()
     obj.name = "doc.pdf"
     obj.text = "some text"
@@ -211,17 +215,71 @@ def test_evaluate_query_none_upload_file():
 # log_usage tests
 # ---------------------------------------------------------------------------
 
-# TODO: Add test for empty results list — log_usage([]) hits the else branch and
-#       should call SemanticSearchUsage.objects.create with num_results_returned=0
-#       and max_distance=None, median_distance=None, min_distance=None.
+@patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
+def test_log_usage_empty_results(mock_create):
+    # Empty results hits the else branch. The record should still be created
+    # with num_results_returned=0 and all distance fields set to None.
+    user = MagicMock(is_authenticated=True)
+
+    log_usage(
+        [],
+        message_data="test query",
+        user=user,
+        guid=None,
+        document_name=None,
+        num_results=10,
+        encoding_time=0.1,
+        db_query_time=0.2,
+    )
+
+    mock_create.assert_called_once()
+    kwargs = mock_create.call_args.kwargs
+    assert kwargs["num_results_returned"] == 0
+    assert kwargs["max_distance"] is None
+    assert kwargs["median_distance"] is None
+    assert kwargs["min_distance"] is None
+
+
+@patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
+def test_log_usage_unauthenticated_user_stored_as_none(mock_create):
+    # An unauthenticated user should be stored as None in the DB record, not as
+    # the user object itself, so the FK constraint is not violated.
+    user = MagicMock(is_authenticated=False)
+
+    log_usage(
+        [{"distance": 1.0}],
+        message_data="test query",
+        user=user,
+        guid=None,
+        document_name=None,
+        num_results=10,
+        encoding_time=0.1,
+        db_query_time=0.2,
+    )
+
+    kwargs = mock_create.call_args.kwargs
+    assert kwargs["user"] is None
+
+
+@patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
+def test_log_usage_none_user_stored_as_none(mock_create):
+    # Passing user=None directly (e.g. from an anonymous request) should also
+    # store None — the expression `user if (user and user.is_authenticated)`
+    # short-circuits on the falsy None before accessing .is_authenticated.
+    log_usage(
+        [{"distance": 1.0}],
+        message_data="test query",
+        user=None,
+        guid=None,
+        document_name=None,
+        num_results=10,
+        encoding_time=0.1,
+        db_query_time=0.2,
+    )
 
-# TODO: Add test for unauthenticated user — user.is_authenticated=False should
-#       result in user=None being stored in the SemanticSearchUsage record.
+    kwargs = mock_create.call_args.kwargs
+    assert kwargs["user"] is None
 
-# TODO: Add test for user=None — passing None directly as the user argument
-#       should also store user=None (the expression `user if (user and
-#       user.is_authenticated) else None` handles both cases, but only the
-#       authenticated path is currently exercised).
 
 @patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
 def test_log_usage_computes_distance_stats(mock_create):
@@ -276,8 +334,37 @@ def test_log_usage_swallows_exceptions(mock_create):
 # get_closest_embeddings tests
 # ---------------------------------------------------------------------------
 
-# TODO: Add smoke test for get_closest_embeddings verifying the wiring between
-#       its three steps: encode → build_query → evaluate_query → log_usage.
-#       Patch TransformerModel.get_instance, build_query, evaluate_query, and
-#       log_usage. Assert that evaluate_query receives the queryset returned by
-#       build_query, and that the function returns evaluate_query's result.
+@patch("api.services.embedding_services.log_usage")
+@patch("api.services.embedding_services.evaluate_query")
+@patch("api.services.embedding_services.build_query")
+@patch("api.services.embedding_services.TransformerModel")
+def test_get_closest_embeddings_wiring(mock_transformer, mock_build, mock_evaluate, mock_log):
+    # Smoke test verifying that get_closest_embeddings correctly wires together
+    # encode → build_query → evaluate_query → log_usage and returns the results.
+    user = MagicMock(is_authenticated=True)
+
+    # Simulate the model encoding the message to a vector.
+    fake_vector = [0.1, 0.2, 0.3]
+    mock_transformer.get_instance.return_value.model.encode.return_value = fake_vector
+
+    # build_query returns a queryset; evaluate_query turns it into a results list.
+    fake_queryset = MagicMock()
+    mock_build.return_value = fake_queryset
+    fake_results = [{"name": "doc.pdf", "distance": 0.5}]
+    mock_evaluate.return_value = fake_results
+
+    result = get_closest_embeddings(user, "some query", document_name="doc.pdf", guid=None, num_results=5)
+
+    # The encoded vector must be forwarded to build_query.
+    mock_build.assert_called_once_with(user, fake_vector, "doc.pdf", None, 5)
+
+    # evaluate_query must receive the queryset that build_query returned.
+    mock_evaluate.assert_called_once_with(fake_queryset)
+
+    # log_usage must be called with the results and original parameters.
+    mock_log.assert_called_once()
+    log_kwargs = mock_log.call_args.args
+    assert log_kwargs[0] is fake_results
+
+    # The function must return evaluate_query's result unchanged.
+    assert result is fake_results

From dec3c12a71c1fefc81f30768fe2aec8e48df2fb8 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Fri, 20 Mar 2026 14:05:17 -0400
Subject: [PATCH 35/46] Fix incorrect build_query test assertions

---
 .../api/services/test_embedding_services.py   | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index 8cbc1be9..dcbb2fc7 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -38,14 +38,13 @@ def test_build_query_authenticated_uses_or_filter(mock_objects):
 @patch("api.services.embedding_services.Embeddings.objects")
 def test_build_query_unauthenticated_uses_superuser_only_filter(mock_objects):
     # An unauthenticated user may only see files uploaded by superusers.
-    # The OR branch for the user's own files must NOT be present.
+    # The source uses a plain kwarg here (not a positional Q object), so the
+    # value lives in call_args.kwargs, not call_args.args.
     user = MagicMock(is_authenticated=False)
 
     build_query(user, EMBEDDING_VECTOR)
 
-    expected_q = Q(upload_file__uploaded_by__is_superuser=True)
-    actual_q = mock_objects.filter.call_args.args[0]
-    assert actual_q == expected_q
+    assert mock_objects.filter.call_args.kwargs == {"upload_file__uploaded_by__is_superuser": True}
     
 # Test application of annotate and order_by
 
@@ -86,16 +85,18 @@ def test_build_query_no_document_filter_when_both_none(mock_objects):
 @patch("api.services.embedding_services.Embeddings.objects")
 def test_build_query_guid_takes_precedence_over_document_name(mock_objects):
     # When both guid and document_name are provided, the guid branch runs and
-    # the document_name branch is skipped entirely (only two filter calls total).
+    # the document_name branch is skipped entirely.
     user = MagicMock(is_authenticated=True)
 
     build_query(user, EMBEDDING_VECTOR, guid="abc-123", document_name="study.pdf")
 
-    # Two calls: auth filter + guid filter. No third call for document_name.
-    assert mock_objects.filter.call_count == 2
+    # The auth filter fires on mock_objects.filter (call_count == 1).
+    # The document filter fires on the chained ordered_qs.filter — a different
+    # mock object — so mock_objects.filter.call_count stays at 1.
+    assert mock_objects.filter.call_count == 1
 
-    # The second filter must use upload_file__guid, not name.
-    # We follow the mock chain to the queryset that .annotate().order_by() returned.
+    # The document filter must use upload_file__guid, not name, and must be
+    # called exactly once (confirming document_name branch was skipped).
     ordered_qs = mock_objects.filter.return_value.annotate.return_value.order_by.return_value
     ordered_qs.filter.assert_called_once_with(upload_file__guid="abc-123")
 

From f9e890a21a3c716fe2bcfb17b8dfef92fcebb905 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Mon, 23 Mar 2026 14:43:39 -0400
Subject: [PATCH 36/46] Guard TransformerModel preload to runserver processes
 only

---
 server/api/apps.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/server/api/apps.py b/server/api/apps.py
index 4d502cba..d8b9eaa7 100644
--- a/server/api/apps.py
+++ b/server/api/apps.py
@@ -6,5 +6,28 @@ class ApiConfig(AppConfig):
     name = 'api'
 
     def ready(self):
+        import os
+        import sys
+
+        # ready() runs in every Django process: migrate, test, shell, runserver, etc.
+        # Only preload the model when we're actually going to serve requests.
+        # Dev (docker-compose.yml) runs `manage.py runserver 0.0.0.0:8000`.
+        # Prod (Dockerfile.prod CMD) runs `manage.py runserver 0.0.0.0:8000 --noreload`.
+        # entrypoint.prod.sh also runs migrate, createsu, and populatedb before exec'ing
+        # runserver — the guard below correctly skips model loading for those commands too.
+        if sys.argv[1:2] != ['runserver']:
+            return
+
+        # Dev's autoreloader spawns two processes: a parent file-watcher and a child
+        # server. ready() runs in both, but only the child (RUN_MAIN=true) serves
+        # requests. Skip the parent to avoid loading the model twice on each file change.
+        # Prod uses --noreload so RUN_MAIN is never set; 'noreload' in sys.argv handles that case.
+        if os.environ.get('RUN_MAIN') != 'true' and '--noreload' not in sys.argv:
+            return
+
+        # Note: paraphrase-MiniLM-L6-v2 (~80MB) is downloaded from HuggingFace on first
+        # use and cached to ~/.cache/torch/sentence_transformers/ inside the container.
+        # That cache is ephemeral — every container rebuild re-downloads the model unless
+        # a volume is mounted at that path.
         from .services.sentencetTransformer_model import TransformerModel
         TransformerModel.get_instance()

From 67176a8541be4d2862d213783873e1651f6fe761 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Wed, 25 Mar 2026 16:42:20 -0400
Subject: [PATCH 37/46] Revert GitHub Workflow changes

---
 .github/workflows/python-app.yml |  9 ++-------
 evaluation/evals.py              | 16 ++++++++--------
 server/balancer_backend/urls.py  |  6 +++---
 3 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml
index 2afa2828..dcb7a4bb 100644
--- a/.github/workflows/python-app.yml
+++ b/.github/workflows/python-app.yml
@@ -5,9 +5,9 @@ name: Python application
 
 on:
   push:
-    branches: [ "develop" ]
+    branches: [ "listOfMed" ]
   pull_request:
-    branches: [ "develop" ]
+    branches: [ "listOfMed" ]
 
 permissions:
   contents: read
@@ -27,8 +27,3 @@ jobs:
       run: pipx install ruff
     - name: Lint code with Ruff
       run: ruff check --output-format=github --target-version=py39
-    - name: Install test dependencies
-      run: pip install -r server/requirements.txt
-      # Pytest won’t automatically discover config files in subdirectories
-    - name: Run tests
-      run: pytest -c server/pytest.ini server/ -v
diff --git a/evaluation/evals.py b/evaluation/evals.py
index 5110076f..8eb7e9e6 100755
--- a/evaluation/evals.py
+++ b/evaluation/evals.py
@@ -21,18 +21,18 @@
 # Ensure the parent directory is in the path to import ModelFactory
 sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "..")))
 
-import argparse  # noqa: E402
-import logging  # noqa: E402
-import asyncio  # noqa: E402
-import time  # noqa: E402
+import argparse
+import logging
+import asyncio
+import time
 
-import pandas as pd  # noqa: E402
+import pandas as pd
 
 # lighteval depends on `sentencepiece` and it only has prebuilt wheels for Python 3.11 or below
-from lighteval.tasks.requests import Doc  # noqa: E402
-from lighteval.metrics.metrics_sample import Extractiveness  # noqa: E402
+from lighteval.tasks.requests import Doc
+from lighteval.metrics.metrics_sample import Extractiveness
 
-from server.api.services.llm_services import ModelFactory  # noqa: E402
+from server.api.services.llm_services import ModelFactory
 
 logging.basicConfig(
     level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s"
diff --git a/server/balancer_backend/urls.py b/server/balancer_backend/urls.py
index cdb92dbb..55bd2032 100644
--- a/server/balancer_backend/urls.py
+++ b/server/balancer_backend/urls.py
@@ -58,9 +58,9 @@
     path("api/redoc/", SpectacularRedocView.as_view(url_name="schema"), name="redoc"),
 ]
 
-import os # noqa: E402
-from django.conf import settings # noqa: E402
-from django.http import HttpResponseNotFound # noqa: E402
+import os
+from django.conf import settings
+from django.http import HttpResponseNotFound
 
 
 def spa_fallback(request):

From d27392190c45e465dc81bf363f7bb381ec9c7aad Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Thu, 26 Mar 2026 14:35:35 -0400
Subject: [PATCH 38/46] Add section header comments to all four test groups in
 test_embedding_services.py

---
 .../api/services/test_embedding_services.py   | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index dcbb2fc7..d1095366 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -12,10 +12,14 @@
 
 # ---------------------------------------------------------------------------
 # build_query tests
+#
+# build_query is responsible for access control, annotate/order, document filter
+# and slicing and only constructs a lazy Django QuerySet without evaluating it
+#
+# We can test build_query by patching Embeddings.objects and inspecting which
+# methods and arguments were called on Embeddings.objects
 # ---------------------------------------------------------------------------
 
-# All assertions inspect which methods and arguments were called on Embeddings.objects
-
 # Only forwarded to L2Distance
 EMBEDDING_VECTOR = [0.1, 0.2, 0.3]  
 
@@ -165,6 +169,13 @@ def test_build_query_returns_unevaluated_queryset(mock_objects):
 
 # ---------------------------------------------------------------------------
 # evaluate_query tests
+#
+# evaluate_query is responsible for iterating the queryset and mapping each
+# Embeddings object's attributes to a result dict, including the rename
+# page_num -> page_number and the None-safe file_id lookup
+#
+# We can test evaluate_query by passing plain MagicMock objects directly as
+# the iterable and asserting on the shape and values of the returned list
 # ---------------------------------------------------------------------------
 
 def test_evaluate_query_empty_queryset():
@@ -214,6 +225,13 @@ def test_evaluate_query_none_upload_file():
 
 # ---------------------------------------------------------------------------
 # log_usage tests
+#
+# log_usage is responsible for computing distance stats, storing the correct
+# user (None for unauthenticated), handling empty results, and swallowing
+# exceptions so search is never interrupted
+#
+# We can test log_usage by patching SemanticSearchUsage.objects.create and
+# inspecting the keyword arguments it was called with
 # ---------------------------------------------------------------------------
 
 @patch("api.services.embedding_services.SemanticSearchUsage.objects.create")
@@ -333,6 +351,12 @@ def test_log_usage_swallows_exceptions(mock_create):
 
 # ---------------------------------------------------------------------------
 # get_closest_embeddings tests
+#
+# get_closest_embeddings is responsible for wiring together encode,
+# build_query, evaluate_query, and log_usage and returning the results
+#
+# We can test get_closest_embeddings by patching all four collaborators and
+# asserting that each is called with the correct arguments in the correct order
 # ---------------------------------------------------------------------------
 
 @patch("api.services.embedding_services.log_usage")

From 8198574dc63e04e03d0c7198dfa2186c458c206e Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Thu, 26 Mar 2026 15:24:12 -0400
Subject: [PATCH 39/46] Document why tests are split by responsibility

---
 server/api/services/test_embedding_services.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index d1095366..b1e5d5a7 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -10,6 +10,11 @@
     log_usage,
 )
 
+# Each function is tested one responsibility at a time. One test for the whole
+# function collapses all responsibilities into a single assertion block — when
+# it fails you know something is broken but not which responsibility. You have
+# to debug to find out.
+
 # ---------------------------------------------------------------------------
 # build_query tests
 #

From 5d8c8b37403ccc98e0b02dc0e491f0f30a61bd9c Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 31 Mar 2026 11:00:08 -0400
Subject: [PATCH 40/46] Improve logging and comments

---
 server/api/services/embedding_services.py     |  6 +--
 .../api/services/test_embedding_services.py   |  2 +-
 server/balancer_backend/settings.py           | 48 +++++++++----------
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/server/api/services/embedding_services.py b/server/api/services/embedding_services.py
index dada28a2..213519e5 100644
--- a/server/api/services/embedding_services.py
+++ b/server/api/services/embedding_services.py
@@ -2,7 +2,7 @@
 import logging
 from statistics import median
 
-# Django filter() only does ADD logic
+# Use Q objects to express OR conditions in Django queries
 from django.db.models import Q
 from pgvector.django import L2Distance
 
@@ -146,8 +146,8 @@ def log_usage(
                 median_distance=None,
                 min_distance=None,
             )
-    except Exception as e:
-        logger.error(f"Failed to create semantic search usage database record: {e}")
+    except Exception:
+        logger.exception("Failed to create semantic search usage database record")
 
 
 def get_closest_embeddings(
diff --git a/server/api/services/test_embedding_services.py b/server/api/services/test_embedding_services.py
index b1e5d5a7..e43c0d74 100644
--- a/server/api/services/test_embedding_services.py
+++ b/server/api/services/test_embedding_services.py
@@ -26,7 +26,7 @@
 # ---------------------------------------------------------------------------
 
 # Only forwarded to L2Distance
-EMBEDDING_VECTOR = [0.1, 0.2, 0.3]  
+EMBEDDING_VECTOR = [0.1, 0.2, 0.3]
 
 # Test authenticated/unauthenticated user access control
 
diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
index a4ccaaae..c56a3435 100644
--- a/server/balancer_backend/settings.py
+++ b/server/balancer_backend/settings.py
@@ -254,27 +254,27 @@
 
 # Logging configuration
 
-# LOGGING = {
-#     "version": 1,
-#     "disable_existing_loggers": False,
-#     "formatters": {
-#         "verbose": {
-#             "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
-#             "style": "{",
-#         },
-#         "simple": {
-#             "format": "{levelname} {message}",
-#             "style": "{",
-#         },
-#     },
-#     "handlers": {
-#         "console": {
-#             "class": "logging.StreamHandler",
-#             "formatter": "verbose",
-#         },
-#     },
-#     "root": {
-#         "handlers": ["console"],
-#         "level": "INFO",
-#     },
-# }
+LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "verbose": {
+            "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
+            "style": "{",
+        },
+        "simple": {
+            "format": "{levelname} {message}",
+            "style": "{",
+        },
+    },
+    "handlers": {
+        "console": {
+            "class": "logging.StreamHandler",
+            "formatter": "verbose",
+        },
+    },
+    "root": {
+        "handlers": ["console"],
+        "level": "INFO",
+    },
+}

From 31498dcb62874899302acc72bfc9031d06800f05 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 31 Mar 2026 11:06:03 -0400
Subject: [PATCH 41/46] Fall back to lazy load using try except block

---
 server/api/apps.py | 54 +++++++++++++++++++++++++---------------------
 1 file changed, 29 insertions(+), 25 deletions(-)

diff --git a/server/api/apps.py b/server/api/apps.py
index d8b9eaa7..c7eccc53 100644
--- a/server/api/apps.py
+++ b/server/api/apps.py
@@ -6,28 +6,32 @@ class ApiConfig(AppConfig):
     name = 'api'
 
     def ready(self):
-        import os
-        import sys
-
-        # ready() runs in every Django process: migrate, test, shell, runserver, etc.
-        # Only preload the model when we're actually going to serve requests.
-        # Dev (docker-compose.yml) runs `manage.py runserver 0.0.0.0:8000`.
-        # Prod (Dockerfile.prod CMD) runs `manage.py runserver 0.0.0.0:8000 --noreload`.
-        # entrypoint.prod.sh also runs migrate, createsu, and populatedb before exec'ing
-        # runserver — the guard below correctly skips model loading for those commands too.
-        if sys.argv[1:2] != ['runserver']:
-            return
-
-        # Dev's autoreloader spawns two processes: a parent file-watcher and a child
-        # server. ready() runs in both, but only the child (RUN_MAIN=true) serves
-        # requests. Skip the parent to avoid loading the model twice on each file change.
-        # Prod uses --noreload so RUN_MAIN is never set; 'noreload' in sys.argv handles that case.
-        if os.environ.get('RUN_MAIN') != 'true' and '--noreload' not in sys.argv:
-            return
-
-        # Note: paraphrase-MiniLM-L6-v2 (~80MB) is downloaded from HuggingFace on first
-        # use and cached to ~/.cache/torch/sentence_transformers/ inside the container.
-        # That cache is ephemeral — every container rebuild re-downloads the model unless
-        # a volume is mounted at that path.
-        from .services.sentencetTransformer_model import TransformerModel
-        TransformerModel.get_instance()
+        
+        try: 
+            import os
+            import sys
+    
+            # ready() runs in every Django process: migrate, test, shell, runserver, etc.
+            # Only preload the model when we're actually going to serve requests.
+            # Dev (docker-compose.yml) runs `manage.py runserver 0.0.0.0:8000`.
+            # Prod (Dockerfile.prod CMD) runs `manage.py runserver 0.0.0.0:8000 --noreload`.
+            # entrypoint.prod.sh also runs migrate, createsu, and populatedb before exec'ing
+            # runserver — the guard below correctly skips model loading for those commands too.
+            if sys.argv[1:2] != ['runserver']:
+                return
+    
+            # Dev's autoreloader spawns two processes: a parent file-watcher and a child
+            # server. ready() runs in both, but only the child (RUN_MAIN=true) serves
+            # requests. Skip the parent to avoid loading the model twice on each file change.
+            # Prod uses --noreload so RUN_MAIN is never set; 'noreload' in sys.argv handles that case.
+            if os.environ.get('RUN_MAIN') != 'true' and '--noreload' not in sys.argv:
+                return
+    
+            # Note: paraphrase-MiniLM-L6-v2 (~80MB) is downloaded from HuggingFace on first
+            # use and cached to ~/.cache/torch/sentence_transformers/ inside the container.
+            # That cache is ephemeral — every container rebuild re-downloads the model unless
+            # a volume is mounted at that path.
+            from .services.sentencetTransformer_model import TransformerModel
+            TransformerModel.get_instance()
+        except Exception:
+            logger.exception("Failed to preload the embedding model at startup")

From a39d33c75564b564b3740134223eaa09333331b6 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 31 Mar 2026 11:17:04 -0400
Subject: [PATCH 42/46] Revert settings.py to develop state

---
 server/balancer_backend/settings.py | 48 ++++++++++++++---------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/server/balancer_backend/settings.py b/server/balancer_backend/settings.py
index c56a3435..a4ccaaae 100644
--- a/server/balancer_backend/settings.py
+++ b/server/balancer_backend/settings.py
@@ -254,27 +254,27 @@
 
 # Logging configuration
 
-LOGGING = {
-    "version": 1,
-    "disable_existing_loggers": False,
-    "formatters": {
-        "verbose": {
-            "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
-            "style": "{",
-        },
-        "simple": {
-            "format": "{levelname} {message}",
-            "style": "{",
-        },
-    },
-    "handlers": {
-        "console": {
-            "class": "logging.StreamHandler",
-            "formatter": "verbose",
-        },
-    },
-    "root": {
-        "handlers": ["console"],
-        "level": "INFO",
-    },
-}
+# LOGGING = {
+#     "version": 1,
+#     "disable_existing_loggers": False,
+#     "formatters": {
+#         "verbose": {
+#             "format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
+#             "style": "{",
+#         },
+#         "simple": {
+#             "format": "{levelname} {message}",
+#             "style": "{",
+#         },
+#     },
+#     "handlers": {
+#         "console": {
+#             "class": "logging.StreamHandler",
+#             "formatter": "verbose",
+#         },
+#     },
+#     "root": {
+#         "handlers": ["console"],
+#         "level": "INFO",
+#     },
+# }

From fe1eecaf133c8e82f5df765fd2161874a0def2a7 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 31 Mar 2026 12:27:29 -0400
Subject: [PATCH 43/46] Manually test fall back to lazy loading

---
 server/api/apps.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/api/apps.py b/server/api/apps.py
index c7eccc53..13977850 100644
--- a/server/api/apps.py
+++ b/server/api/apps.py
@@ -7,7 +7,7 @@ class ApiConfig(AppConfig):
 
     def ready(self):
         
-        try: 
+        try:
             import os
             import sys
     
@@ -34,4 +34,8 @@ def ready(self):
             from .services.sentencetTransformer_model import TransformerModel
             TransformerModel.get_instance()
         except Exception:
+            # TransformerModel._instance stays None on failure, so the first actual request 
+            # that calls get_instance() will attempt to load the model again.
+            import logging
+            logger = logging.getLogger(__name__)
             logger.exception("Failed to preload the embedding model at startup")

From 88adfb1cac637a1f2913857918e64924f44c23ee Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 14 Apr 2026 14:33:16 -0400
Subject: [PATCH 44/46] Add issue template

---
 .github/ISSUE_TEMPLATE/issue.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/issue.md

diff --git a/.github/ISSUE_TEMPLATE/issue.md b/.github/ISSUE_TEMPLATE/issue.md
new file mode 100644
index 00000000..70fca447
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/issue.md
@@ -0,0 +1,23 @@
+## Title
+<!-- Title: [Type]: Short description of the problem or goal  -->
+
+## Background
+<!-- Why does this change need to happen? -->
+
+## Existing Behavior
+<!-- What code or docs are changing? Link or paste as needed -->
+
+## Acceptance Criteria
+- [] <!-- What does done look like? -->
+
+## Approach
+<!-- How are you tackling this? Update as you go -->
+
+## References
+<!-- Anything useful — docs, links, decisions -->
+
+## Risks and Rollback
+<!-- Anything that could go wrong, or leave blank if low risk -->
+
+## Screenshots / Recordings
+<!-- Before/after visuals or console output if helpful -->
\ No newline at end of file

From 55acb2ead6cd75b407501b43742645379e93da97 Mon Sep 17 00:00:00 2001
From: Sahil D Shah <sahildshah1@gmail.com>
Date: Tue, 14 Apr 2026 15:01:34 -0400
Subject: [PATCH 45/46] Update README

---
 README.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 0d7d531a..34947225 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ for patients with bipolar disorder, helping them shorten their journey to stabil
 ## Usage
 
 You can view the current build of the website here: [https://balancerproject.org/](https://balancerproject.org/)
+You can view the website in a sandbox here: [https://sandbox.balancerproject.org/](https://sandbox.balancerproject.org/)
 
 ## Contributing 
 
@@ -31,11 +32,9 @@ Get the code using git by either forking or cloning `CodeForPhilly/balancer-main
    ```
 2. (Optional) Add your API keys to `config/env/dev.env`:
    - `OpenAI API`
-   - `Anthropic API`
 
 Tools used for development:
 1. `Docker`: Install Docker Desktop
-2. `Postman`: Ask to get invited to the Balancer Postman team `balancer_dev`
 3. `npm`: In the terminal run 1) 'cd frontend' 2) 'npm install' 3) 'cd ..'
 
 ### Running Balancer for development
@@ -91,6 +90,14 @@ Most endpoints require JWT authentication. To test them in Swagger UI:
 3. **Test endpoints**: All subsequent requests will include your token. Use **Try it out** on any protected endpoint.
 4. **Token refresh**: Access tokens expire after 60 minutes. Use `POST /auth/jwt/refresh/` with your `refresh` token, or repeat step 1.
 
+### Deployment 
+
+1. Merging your PR into develop automatically triggers a GitHub Release
+2. The release triggers a container build workflow that builds and pushes the Docker image
+3. [Go to GitHub Packages](https://github.com/CodeForPhilly/balancer-main/pkgs/container/balancer-main%2Fapp) to find the new image tag 
+4. Update newTag in kustomization.yaml [in the cluster repo](https://github.com/CodeForPhilly/cfp-live-cluster/blob/main/balancer/kustomization.yaml)
+5. Open a PR to [cfp-sandbox-cluster](https://github.com/CodeForPhilly/cfp-sandbox-cluster) (or [cfp-live-cluster](https://github.com/CodeForPhilly/cfp-live-cluster))
+
 ## Architecture
 
 The Balancer website is a Postgres, Django REST, and React project. The source code layout is:

From cedc58ad2ba8008787ea1a902f63452febf284db Mon Sep 17 00:00:00 2001
From: Sahil Shah <sahildshah1@gmail.com>
Date: Tue, 14 Apr 2026 15:04:38 -0400
Subject: [PATCH 46/46] Add sandbox link to README usage section

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index b0480844..fe765910 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ for patients with bipolar disorder, helping them shorten their journey to stabil
 ## Usage
 
 You can view the current build of the website here: [https://balancerproject.org/](https://balancerproject.org/)
+
 You can view the website in a sandbox here: [https://sandbox.balancerproject.org/](https://sandbox.balancerproject.org/)
 
 ## Contributing