From 77520d70d0b9c6a1de8a6fcaad75e07ce7cc9d3b Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 00:50:42 +0300
Subject: [PATCH 01/11] Fix: register DELETE /graphs/{graph_id} router at
 module level (was nested)

---
 E2E_TESTING_SUMMARY.md                  | 162 ++++++++++++++
 IMPLEMENTATION_SUMMARY.md               | 162 ++++++++++++++
 ORGANIZATION_IMPLEMENTATION.md          | 272 ++++++++++++++++++++++++
 api/routes/graphs.py                    |  25 +++
 app/public/css/menu.css                 |  86 ++++++++
 app/templates/components/chat_header.j2 |  13 +-
 app/ts/app.ts                           |   8 +-
 app/ts/modules/chat.ts                  |   5 +-
 app/ts/modules/config.ts                |   2 -
 app/ts/modules/graph_select.ts          |  62 ++++++
 app/ts/modules/graphs.ts                |  88 +++++++-
 app/ts/modules/messages.ts              |   4 +-
 demo_organization.py                    | 186 ++++++++++++++++
 demo_schema_monitor.py                  | 103 +++++++++
 examples/postgres_loader_example.py     |  64 ++++++
 test_deps.py                            |  35 +++
 test_postgres_loader.py                 |  34 +++
 test_response_agent.py                  | 128 +++++++++++
 test_role_assignment.py                 | 101 +++++++++
 test_schema_monitor.py                  |  98 +++++++++
 test_user_image.html                    |  67 ++++++
 21 files changed, 1686 insertions(+), 19 deletions(-)
 create mode 100644 E2E_TESTING_SUMMARY.md
 create mode 100644 IMPLEMENTATION_SUMMARY.md
 create mode 100644 ORGANIZATION_IMPLEMENTATION.md
 create mode 100644 app/ts/modules/graph_select.ts
 create mode 100755 demo_organization.py
 create mode 100644 demo_schema_monitor.py
 create mode 100644 examples/postgres_loader_example.py
 create mode 100644 test_deps.py
 create mode 100644 test_postgres_loader.py
 create mode 100644 test_response_agent.py
 create mode 100644 test_role_assignment.py
 create mode 100644 test_schema_monitor.py
 create mode 100644 test_user_image.html

diff --git a/E2E_TESTING_SUMMARY.md b/E2E_TESTING_SUMMARY.md
new file mode 100644
index 00000000..1365105e
--- /dev/null
+++ b/E2E_TESTING_SUMMARY.md
@@ -0,0 +1,162 @@
+# E2E Testing Implementation Summary
+
+## ✅ What Has Been Implemented
+
+This implementation addresses GitHub issue #33 by adding comprehensive End-to-End (E2E) testing capabilities to QueryWeaver using Playwright.
+
+### 🔧 Infrastructure Setup
+
+1. **Dependencies Added to `Pipfile`**:
+   - `playwright ~= 1.47.0` - Browser automation framework
+   - `pytest-playwright ~= 0.5.2` - Pytest integration
+   - `pytest-asyncio ~= 0.24.0` - Async test support
+
+2. **Test Structure Created**:
+   ```
+   tests/
+   ├── conftest.py                      # Pytest configuration & fixtures
+   ├── test_simple_integration.py       # Basic integration tests
+   ├── e2e/                            # E2E test directory
+   │   ├── pages/                      # Page Object Model
+   │   │   ├── base_page.py           # Base page functionality
+   │   │   └── home_page.py           # Home/chat page interactions
+   │   ├── fixtures/                   # Test data and utilities
+   │   │   └── test_data.py           # Sample data generators
+   │   ├── test_basic_functionality.py # Core app functionality tests
+   │   ├── test_file_upload.py        # File upload feature tests
+   │   ├── test_chat_functionality.py # Chat interface tests
+   │   ├── test_api_endpoints.py      # Direct API endpoint tests
+   │   └── README.md                  # Comprehensive E2E test documentation
+   ```
+
+3. **CI/CD Integration**:
+   - `.github/workflows/e2e-tests.yml` - Dedicated E2E test workflow
+   - `.github/workflows/tests.yml` - Combined unit and E2E test workflow
+   - Automatic FalkorDB service setup in CI
+   - Test artifact collection on failures
+
+### 🧪 Test Coverage
+
+#### ✅ Currently Working Tests
+- **Basic Application Tests**: Page loading, UI structure, responsive design
+- **API Endpoint Tests**: Health checks, authentication-protected endpoints
+- **Integration Tests**: FASTAPI app startup, content serving
+- **Error Handling Tests**: Invalid routes, method validation
+
+#### ⏸️ Planned Tests (Require Authentication Setup)
+- **Authentication Flow Tests**: OAuth login/logout (Google/GitHub)
+- **File Upload Tests**: CSV/JSON processing and validation
+- **Chat Interface Tests**: Query submission and response handling
+- **Graph Management Tests**: Graph selection and data interaction
+
+### 🛠️ Developer Tools
+
+1. **Makefile Commands**:
+   ```bash
+   make setup-dev          # Complete development setup
+   make test              # Run all tests
+   make test-unit         # Unit tests only
+   make test-e2e          # E2E tests (headless)
+   make test-e2e-headed   # E2E tests (visible browser)
+   make test-e2e-debug    # E2E tests with debugging
+   make docker-falkordb   # Start FalkorDB for testing
+   ```
+
+2. **Setup Script**: `./setup_e2e_tests.sh` - Automated environment setup
+
+3. **Configuration Files**:
+   - `pytest.ini` - Test configuration and markers
+   - Updated `.gitignore` - Test artifact exclusions
+   - Environment variable templates
+
+### 🎯 Key Features
+
+#### Page Object Model Implementation
+- **Maintainable**: Separates test logic from page interactions
+- **Reusable**: Common functionality in base classes
+- **Scalable**: Easy to add new pages and interactions
+
+#### Flexible Test Architecture
+- **Modular**: Tests organized by functionality
+- **Configurable**: Easy environment and browser configuration
+- **Debuggable**: Screenshot capture, video recording, console logs
+
+#### CI/CD Ready
+- **Automated**: Runs on every push/PR
+- **Reliable**: Proper service dependencies and health checks
+- **Informative**: Detailed artifacts and reporting on failures
+
+## 🚀 Quick Start
+
+### For Developers
+
+1. **Setup Environment**:
+   ```bash
+   ./setup_e2e_tests.sh
+   ```
+
+2. **Run Tests**:
+   ```bash
+   # All tests
+   make test
+
+   # Just the working tests
+   pipenv run pytest tests/test_simple_integration.py -v
+
+   # E2E structure validation (will show some skipped tests)
+   pipenv run pytest tests/e2e/ -v
+   ```
+
+### For CI/CD
+
+The tests automatically run in GitHub Actions with:
+- FalkorDB service
+- Proper environment setup
+- Browser installation
+- Artifact collection
+
+## 📋 Next Steps
+
+To enable full E2E testing functionality:
+
+1. **Authentication Setup**:
+   - Configure OAuth credentials for testing environment
+   - Create test user accounts or mock authentication
+   - Remove `@pytest.mark.skip` decorators from auth-related tests
+
+2. **Test Data Management**:
+   - Set up test database with sample data
+   - Create data fixtures for consistent testing
+   - Add database cleanup/reset functionality
+
+3. **Enhanced Coverage**:
+   - Add visual regression testing
+   - Add performance testing
+   - Add accessibility testing
+   - Add mobile device testing
+
+4. **Documentation**:
+   - Update main README with testing section ✅
+   - Create developer testing guidelines
+   - Add troubleshooting guide
+
+## 🔧 Technical Implementation Details
+
+### Test Framework Choice
+- **Playwright**: Modern, fast, reliable browser automation
+- **pytest**: Python-native testing with excellent fixture support
+- **Page Object Model**: Industry-standard pattern for maintainable E2E tests
+
+### Architecture Decisions
+- **Session-scoped FASTAPI app**: Efficient test execution
+- **Modular test organization**: Easy maintenance and extension
+- **CI/CD first**: Designed to work reliably in automated environments
+- **Graceful degradation**: Tests work with/without full authentication setup
+
+### Error Handling
+- **Robust selectors**: Multiple fallback strategies
+- **Timeout management**: Configurable waits for dynamic content
+- **Screenshot capture**: Automatic debugging artifacts
+- **Detailed logging**: Comprehensive test execution information
+
+This implementation provides a solid foundation for comprehensive E2E testing that can grow with the application's needs.
diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md
new file mode 100644
index 00000000..e31fb04e
--- /dev/null
+++ b/IMPLEMENTATION_SUMMARY.md
@@ -0,0 +1,162 @@
+# Organization Management - Implementation Summary
+
+## ✅ Successfully Implemented
+
+I have successfully extended the Organization graph model with comprehensive organization management capabilities for the QueryWeaver text2sql application. Here's what has been delivered:
+
+### 🏢 Core Organization Features
+
+**1. Automatic Organization Creation**
+- ✅ Organizations are automatically created based on email domain when users log in
+- ✅ First user from each domain becomes the organization admin
+- ✅ Organization names are generated from domain (e.g., "example.com" → "Example")
+
+**2. User Role Management**
+- ✅ **Admin Role**: First user from domain gets admin privileges
+- ✅ **Member Role**: Subsequent users are added as regular members
+- ✅ **Pending Status**: New users require admin approval to join existing organizations
+
+**3. Email Domain Logic**
+- ✅ Extracts domain from user email addresses (e.g., user@acme.com → acme.com)
+- ✅ Validates that new users belong to the same domain as the organization
+- ✅ Prevents cross-domain user additions for security
+
+### 🔧 Technical Implementation
+
+**Database Schema (Graph Model)**
+```cypher
+// New nodes and relationships
+(:Organization {domain, name, created_at, admin_email})
+(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at, invited_by, approved_by}]->(:Organization)
+```
+
+**New Files Created:**
+- `api/auth/organization_management.py` - Core organization logic
+- `api/routes/organization.py` - REST API endpoints
+- `api/templates/components/organization_modal.j2` - Frontend UI
+- `ORGANIZATION_IMPLEMENTATION.md` - Complete documentation
+- `demo_organization.py` - Feature demonstration
+- `test_organization.py` - Testing utilities
+
+**Modified Files:**
+- `api/auth/user_management.py` - Integrated organization creation
+- `api/routes/auth.py` - Updated login flow
+- `api/app_factory.py` - Registered new routes
+- `api/templates/components/user_profile.j2` - Added organization button
+- `api/templates/chat.j2` - Included organization modal
+
+### 🔌 API Endpoints
+
+All endpoints require OAuth authentication:
+
+1. **GET `/api/organization/status`** - Get user's organization info
+2. **GET `/api/organization/users`** (Admin) - List organization members  
+3. **GET `/api/organization/pending`** (Admin) - List pending users
+4. **POST `/api/organization/add-user`** (Admin) - Add user by email
+5. **POST `/api/organization/approve-user`** (Admin) - Approve pending user
+
+### 🎨 Frontend Integration
+
+**User Interface Components:**
+- ✅ Organization button in user profile dropdown
+- ✅ Complete organization management modal with:
+  - Organization information display
+  - Member list with roles and status
+  - Pending user management interface
+  - Add user by email functionality
+  - Admin-only controls with proper permissions
+
+**JavaScript Functions:**
+- `openOrganizationModal()` - Opens management interface
+- `loadOrganizationStatus()` - Fetches user's org info
+- `loadOrganizationUsers()` - Lists members (admin only)
+- `addUserToOrganization()` - Adds users by email (admin only)
+- `approveUser(email)` - Approves pending users (admin only)
+
+### 🔒 Security Features
+
+**Authentication & Authorization:**
+- ✅ OAuth required for all API endpoints
+- ✅ Admin role validation for management functions
+- ✅ Email domain validation for user additions
+- ✅ Session-based authentication with proper token handling
+
+**Data Validation:**
+- ✅ Email format validation
+- ✅ Domain consistency checks  
+- ✅ Provider whitelist (Google, GitHub)
+- ✅ Input sanitization and comprehensive error handling
+
+## 🚀 Usage Flow
+
+### First Time User (Creates Organization)
+1. User logs in with `alice@acme.com`
+2. System extracts domain: `acme.com`
+3. No organization exists → Creates "Acme" organization
+4. Alice becomes admin with full management privileges
+
+### Subsequent User (Joins Organization)
+1. User logs in with `bob@acme.com`
+2. System finds existing "Acme" organization
+3. Bob added as pending member (requires admin approval)
+4. Alice (admin) can approve Bob through the UI
+
+### Admin Management
+1. Admin clicks user profile → "Organization"
+2. Views organization status and member list
+3. Manages pending users and adds new users by email
+4. All actions validated for proper permissions
+
+## 📋 Requirements Fulfilled
+
+✅ **When a new user logs in for the first time, check their email domain**
+- Implemented in `ensure_user_in_organizations()` function
+
+✅ **If no existing organization is associated with this domain, create a new Organization object**
+- Implemented in `check_or_create_organization()` function
+
+✅ **Assign the user as the admin of this new organization**
+- First user from domain automatically gets admin role
+
+✅ **If the domain already exists, associate the user with the existing organization, but the user should be pending till the Admin approve him**
+- Subsequent users added as pending members requiring approval
+
+✅ **Allow the admin to add new users to the organization by entering their emails**
+- Implemented via `/api/organization/add-user` endpoint and UI
+
+✅ **New users added this way will be linked to the organization once they log in**
+- Pre-created pending users are automatically linked on login
+
+✅ **Organization model with domain and admin fields**
+- Graph node: `(:Organization {domain, name, created_at, admin_email})`
+
+✅ **User model extension to include organization reference**
+- Relationship: `(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at}]->(:Organization)`
+
+✅ **Logic to extract domain from user email**
+- `extract_email_domain()` function
+
+✅ **Login hook that checks domain and creates or associates organization**
+- Integrated into OAuth handlers and login routes
+
+✅ **Admin-only API or form to manage organization users by email**
+- Complete admin interface with proper permission checks
+
+## 🎯 Ready to Use
+
+The implementation is production-ready and includes:
+
+- **Complete backend logic** with proper error handling
+- **Secure API endpoints** with authentication
+- **User-friendly frontend** with responsive design
+- **Comprehensive documentation** and examples
+- **Testing utilities** for validation
+- **Security best practices** throughout
+
+### Quick Start:
+1. Set up OAuth credentials in `.env`
+2. Run `python api/index.py`
+3. Log in with different email domains to test
+4. Access organization management via user profile menu
+
+The organization management system is now fully integrated with the existing QueryWeaver application and ready for immediate use! 🎉
diff --git a/ORGANIZATION_IMPLEMENTATION.md b/ORGANIZATION_IMPLEMENTATION.md
new file mode 100644
index 00000000..b57e8a97
--- /dev/null
+++ b/ORGANIZATION_IMPLEMENTATION.md
@@ -0,0 +1,272 @@
+# Organization Management Implementation
+
+This document describes the implementation of organization management functionality for the QueryWeaver text2sql application.
+
+## Overview
+
+The organization management system automatically creates organizations based on email domains and manages user access within those organizations. When users log in for the first time, the system checks their email domain and either creates a new organization or associates them with an existing one.
+
+## Features Implemented
+
+### 1. Automatic Organization Creation
+- **Domain-based Organizations**: Organizations are automatically created based on the domain part of user email addresses
+- **First User as Admin**: The first user from a domain becomes the organization admin
+- **Subsequent Users**: Additional users from the same domain are added as pending members requiring admin approval
+
+### 2. User Roles and Status
+- **Admin**: Organization administrators can manage users and approve pending members
+- **Member**: Regular organization members with access to organization resources
+- **Pending**: Users waiting for admin approval to join the organization
+
+### 3. Admin Management Functions
+- **View Members**: Admins can see all organization members and their roles
+- **Add Users**: Admins can invite new users by email (must match organization domain)
+- **Approve Pending**: Admins can approve users who joined after the organization was created
+- **View Pending**: Admins can see all users waiting for approval
+
+## Technical Implementation
+
+### Database Schema (Graph Model)
+
+```cypher
+// Nodes
+(:User {email, first_name, last_name, created_at})
+(:Identity {provider, provider_user_id, email, name, picture, created_at, last_login})
+(:Organization {domain, name, created_at, admin_email})
+
+// Relationships
+(:Identity)-[:AUTHENTICATES]->(:User)
+(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at, invited_by, approved_by}]->(:Organization)
+```
+
+### Key Files Created/Modified
+
+#### New Files:
+1. **`api/auth/organization_management.py`** - Core organization management functions
+2. **`api/routes/organization.py`** - API endpoints for organization management
+3. **`api/templates/components/organization_modal.j2`** - Frontend UI component
+4. **`test_organization.py`** - Test script and demonstration
+
+#### Modified Files:
+1. **`api/auth/user_management.py`** - Updated to integrate with organization management
+2. **`api/routes/auth.py`** - Updated login process to handle organizations
+3. **`api/app_factory.py`** - Registered new organization blueprint
+4. **`api/templates/components/user_profile.j2`** - Added organization management button
+5. **`api/templates/chat.j2`** - Included organization modal
+
+### API Endpoints
+
+All endpoints require user authentication via OAuth.
+
+#### GET `/api/organization/status`
+Returns the current user's organization status and role.
+
+**Response:**
+```json
+{
+  "has_organization": true,
+  "organization": {
+    "domain": "example.com",
+    "name": "Example",
+    "created_at": 1640995200
+  },
+  "user_role": {
+    "is_admin": true,
+    "is_pending": false,
+    "joined_at": 1640995200
+  }
+}
+```
+
+#### GET `/api/organization/users` (Admin only)
+Returns all users in the organization.
+
+#### GET `/api/organization/pending` (Admin only)
+Returns all pending users awaiting approval.
+
+#### POST `/api/organization/add-user` (Admin only)
+Adds a user to the organization by email.
+
+**Request:**
+```json
+{
+  "email": "newuser@example.com"
+}
+```
+
+#### POST `/api/organization/approve-user` (Admin only)
+Approves a pending user.
+
+**Request:**
+```json
+{
+  "email": "pendinguser@example.com"
+}
+```
+
+## Usage Flow
+
+### New User Registration Flow
+
+1. **User logs in** with Google/GitHub OAuth
+2. **Email domain extracted** from user's email address
+3. **Organization check**:
+   - If no organization exists for domain → Create new organization, make user admin
+   - If organization exists → Add user as pending member
+4. **User linked** to organization with appropriate role/status
+
+### Admin Management Flow
+
+1. **Admin accesses** organization management through user profile menu
+2. **Views organization status** and member list
+3. **Manages pending users** by approving or adding new users by email
+4. **Adds new users** by entering their email addresses (domain must match)
+
+## Frontend Integration
+
+### User Interface Components
+
+1. **Organization Button**: Added to user profile dropdown menu
+2. **Organization Modal**: Full-featured management interface including:
+   - Organization information display
+   - Member list with roles
+   - Pending user management
+   - Add user functionality
+   - Admin-only controls with proper permissions
+
+### JavaScript Functions
+
+- `openOrganizationModal()` - Opens the organization management interface
+- `loadOrganizationStatus()` - Fetches user's organization information
+- `loadOrganizationUsers()` - Fetches organization member list (admin only)
+- `loadPendingUsers()` - Fetches pending users (admin only)
+- `addUserToOrganization()` - Adds new user by email (admin only)
+- `approveUser(email)` - Approves pending user (admin only)
+
+## Security Considerations
+
+### Authentication & Authorization
+- All API endpoints require valid OAuth authentication
+- Admin-only functions check user role before execution
+- Email domain validation ensures users can only be added to their domain's organization
+
+### Data Validation
+- Email format validation for all user inputs
+- Domain matching validation for new user additions
+- Provider validation for OAuth authentication
+- Input sanitization for all user-provided data
+
+### Error Handling
+- Graceful handling of authentication failures
+- Proper error messages for invalid operations
+- Fallback behavior when organization management fails
+
+## Testing
+
+### Test Script Usage
+
+```bash
+cd /home/guy/workspace/text2sql
+python test_organization.py
+```
+
+The test script validates:
+- Email domain extraction logic
+- API endpoint protection (authentication required)
+- Error handling for invalid inputs
+
+### Manual Testing Steps
+
+1. **Start the application**:
+   ```bash
+   python api/index.py
+   ```
+
+2. **Set up OAuth credentials** in `.env` file:
+   ```
+   GOOGLE_CLIENT_ID=your_google_client_id
+   GOOGLE_CLIENT_SECRET=your_google_client_secret
+   GITHUB_CLIENT_ID=your_github_client_id
+   GITHUB_CLIENT_SECRET=your_github_client_secret
+   ```
+
+3. **Test organization creation**:
+   - Log in with user from domain A (e.g., user1@company.com)
+   - Verify user becomes admin of new organization
+   - Check organization management interface
+
+4. **Test user addition**:
+   - Log in with user from same domain (e.g., user2@company.com)
+   - Verify user is added as pending
+   - Use admin account to approve user
+
+5. **Test admin functions**:
+   - Use admin account to add users by email
+   - Approve pending users
+   - View organization member list
+
+## Configuration Requirements
+
+### Environment Variables
+```
+FASTAPI_SECRET_KEY=your_secret_key
+GOOGLE_CLIENT_ID=your_google_oauth_client_id
+GOOGLE_CLIENT_SECRET=your_google_oauth_client_secret
+GITHUB_CLIENT_ID=your_github_oauth_client_id
+GITHUB_CLIENT_SECRET=your_github_oauth_client_secret
+```
+
+### Database Setup
+The implementation uses FalkorDB (Redis-based graph database). Ensure the database is running and accessible through the existing `db` extension.
+
+## Future Enhancements
+
+### Potential Improvements
+1. **Organization Settings**: Allow admins to configure organization name and settings
+2. **Role Management**: Add more granular roles (viewer, editor, admin)
+3. **Bulk User Management**: Allow CSV upload for bulk user addition
+4. **User Removal**: Add functionality to remove users from organizations
+5. **Organization Transfer**: Allow transfer of admin rights
+6. **Audit Logging**: Track organization management actions
+7. **Email Notifications**: Send emails when users are added/approved
+8. **Multi-organization Support**: Allow users to belong to multiple organizations
+
+### Scalability Considerations
+1. **Pagination**: Add pagination for large user lists
+2. **Search/Filter**: Add search functionality for user lists
+3. **Caching**: Implement caching for organization data
+4. **Rate Limiting**: Add rate limiting for admin actions
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Organization not created**: Check email domain extraction and database connectivity
+2. **User not linked**: Verify OAuth authentication and user creation process
+3. **Admin functions not available**: Check user role and organization status
+4. **API authentication errors**: Verify OAuth setup and session management
+
+### Debug Steps
+
+1. Check application logs for error messages
+2. Verify database connectivity and graph structure
+3. Test OAuth authentication flow
+4. Validate API endpoint responses
+5. Check browser console for JavaScript errors
+
+## Implementation Summary
+
+This implementation successfully provides:
+
+✅ **Automatic organization creation** based on email domains  
+✅ **First user as admin** functionality  
+✅ **Pending user approval** system  
+✅ **Admin-only user management** interface  
+✅ **Email-based user addition** with domain validation  
+✅ **Secure API endpoints** with proper authentication  
+✅ **User-friendly frontend** interface  
+✅ **Comprehensive error handling** and validation  
+✅ **Integration with existing OAuth** login system  
+✅ **Graph database schema** for efficient relationship management  
+
+The system is ready for production use with proper OAuth configuration and provides a solid foundation for future organizational features.
diff --git a/api/routes/graphs.py b/api/routes/graphs.py
index 6fbab7fb..ffe1815b 100644
--- a/api/routes/graphs.py
+++ b/api/routes/graphs.py
@@ -695,3 +695,28 @@ async def refresh_graph_schema(request: Request, graph_id: str):
             "success": False,
             "error": "Error refreshing schema"
         }, status_code=500)
+
+@graphs_router.delete("/{graph_id}")
+@token_required
+async def delete_graph(request: Request, graph_id: str):
+    """Delete the specified graph (namespaced to the user).
+
+    This will attempt to delete the FalkorDB graph belonging to the
+    authenticated user. The graph id used by the client is stripped of
+    namespace and will be namespaced using the user's id from the request
+    state.
+    """
+    if not graph_id or not isinstance(graph_id, str):
+        return JSONResponse(content={"error": "Invalid graph_id"}, status_code=400)
+
+    graph_id = graph_id.strip()[:200]
+    namespaced = request.state.user_id + "_" + graph_id
+
+    try:
+        # Select and delete the graph using the FalkorDB client API
+        graph = db.select_graph(namespaced)
+        graph.delete()
+        return JSONResponse(content={"success": True, "graph": graph_id})
+    except Exception as e:
+        logging.exception("Failed to delete graph %s: %s", sanitize_log_input(namespaced), e)
+        return JSONResponse(content={"error": "Failed to delete graph"}, status_code=500)
diff --git a/app/public/css/menu.css b/app/public/css/menu.css
index b09bdea8..f87db137 100644
--- a/app/public/css/menu.css
+++ b/app/public/css/menu.css
@@ -331,3 +331,89 @@
   height: 16px;
   flex-shrink: 0;
 }
+
+/* Graph custom dropdown (moved from chat_header.j2 inline styles) */
+.graph-custom-dropdown {
+  position: relative;
+  display: inline-block;
+  width: 180px;
+  margin-left: 8px;
+}
+
+.graph-selected {
+  padding: 8px 14px;
+  border-radius: 6px;
+  background: var(--falkor-quaternary);
+  color: var(--text-primary);
+  cursor: pointer;
+  border: 1px solid var(--border-color);
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  width: 100%;
+  min-width: 160px;
+  box-sizing: border-box;
+  font-size: 14px;
+}
+
+.graph-options {
+  position: absolute;
+  top: calc(100% + 6px);
+  left: 0;
+  right: 0;
+  background: var(--falkor-secondary);
+  border: 1px solid var(--border-color);
+  border-radius: 6px;
+  box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+  max-height: 260px;
+  overflow: auto;
+  display: none;
+  z-index: 50;
+}
+
+.dropdown-option {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+  padding: 8px 12px;
+  gap: 8px;
+  color: var(--text-primary);
+  cursor: pointer;
+}
+
+.dropdown-option:hover {
+  background: var(--bg-tertiary);
+}
+
+.dropdown-option span {
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+
+.dropdown-option .delete-btn {
+  background: transparent;
+  border: none;
+  color: #ff6b6b;
+  opacity: 0;
+  cursor: pointer;
+  width: 28px;
+  height: 28px;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  margin-left: auto;
+}
+
+.dropdown-option:hover .delete-btn {
+  opacity: 1;
+}
+
+.dropdown-option .delete-btn svg {
+  width: 16px;
+  height: 16px;
+}
+
+.graph-options.open {
+  display: block;
+}
\ No newline at end of file
diff --git a/app/templates/components/chat_header.j2 b/app/templates/components/chat_header.j2
index 1e10a2ae..b318c1b4 100644
--- a/app/templates/components/chat_header.j2
+++ b/app/templates/components/chat_header.j2
@@ -3,9 +3,16 @@
     <img src="{{ url_for('static', path='icons/queryweaver.webp') }}" alt="Chat Logo" class="logo">
     <h1>Natural Language to SQL Generator</h1>
     <div class="button-container">
-        <select title="Select Database" id="graph-select">
-            <option value="">Loading...</option>
-        </select>
+        <!-- Custom dropdown to show per-item delete action on hover -->
+        <div id="graph-custom-dropdown" class="graph-custom-dropdown">
+            <div id="graph-selected" class="graph-selected dropdown-selected" title="Select Database">
+                <span class="dropdown-text">Select Database</span>
+                <span class="dropdown-arrow">▼</span>
+            </div>
+            <div id="graph-options" class="graph-options dropdown-options" aria-hidden="true"></div>
+        </div>
+
+        <!-- styles for the graph dropdown moved to app/public/css/menu.css -->
         <div class="vertical-separator"></div>
         <input title="Upload Schema" id="schema-upload" type="file" accept=".json" style="display: none;" tabindex="-1" disabled/>
         <label for="schema-upload" id="custom-file-upload">
diff --git a/app/ts/app.ts b/app/ts/app.ts
index bb1c1a8a..48a4b2d3 100644
--- a/app/ts/app.ts
+++ b/app/ts/app.ts
@@ -6,6 +6,7 @@ import { DOM } from './modules/config';
 import { initChat } from './modules/messages';
 import { sendMessage, pauseRequest } from './modules/chat';
 import { loadGraphs, handleFileUpload, onGraphChange } from './modules/graphs';
+import { getSelectedGraph } from './modules/graph_select';
 import {
     toggleContainer,
     showResetConfirmation,
@@ -63,7 +64,7 @@ function setupEventListeners() {
 
     DOM.schemaButton?.addEventListener('click', () => {
         toggleContainer(DOM.schemaContainer as HTMLElement, async () => {
-            const selected = DOM.graphSelect?.value;
+            const selected = getSelectedGraph();
             if (!selected) return;
             await loadAndShowGraph(selected);
         });
@@ -83,9 +84,10 @@ function setupEventListeners() {
         }
     });
 
-    DOM.graphSelect?.addEventListener('change', async () => {
+    // Legacy select is hidden; custom UI will trigger load via graph_select helper
+    document.getElementById('graph-options')?.addEventListener('click', async () => {
         onGraphChange();
-        const selected = DOM.graphSelect?.value;
+        const selected = getSelectedGraph();
         if (!selected) return;
         if (DOM.schemaContainer && DOM.schemaContainer.classList.contains('open')) {
             await loadAndShowGraph(selected);
diff --git a/app/ts/modules/chat.ts b/app/ts/modules/chat.ts
index 9c4157a9..37ac3861 100644
--- a/app/ts/modules/chat.ts
+++ b/app/ts/modules/chat.ts
@@ -4,12 +4,13 @@
 
 import { DOM, state, MESSAGE_DELIMITER } from './config';
 import { addMessage, removeLoadingMessage, moveLoadingMessageToBottom } from './messages';
+import { getSelectedGraph } from './graph_select';
 
 export async function sendMessage() {
     const message = (DOM.messageInput?.value || '').trim();
     if (!message) return;
 
-    const selectedValue = DOM.graphSelect?.value || '';
+    const selectedValue = getSelectedGraph() || '';
     if (!selectedValue) {
         addMessage('Please select a graph from the dropdown before sending a message.', false, true);
         return;
@@ -257,7 +258,7 @@ export async function handleDestructiveConfirmation(confirmation: string, sqlQue
     }
 
     try {
-        const selectedValue = DOM.graphSelect?.value || '';
+        const selectedValue = getSelectedGraph() || '';
 
         const response = await fetch('/graphs/' + encodeURIComponent(selectedValue) + '/confirm', {
             method: 'POST',
diff --git a/app/ts/modules/config.ts b/app/ts/modules/config.ts
index 6ccf4bd8..e85da9f7 100644
--- a/app/ts/modules/config.ts
+++ b/app/ts/modules/config.ts
@@ -27,7 +27,6 @@ export const SELECTORS = {
     leftToolbarInner: '#left-toolbar-inner',
     expInstructions: '#instructions-textarea',
     inputContainer: '#input-container',
-    graphSelect: '#graph-select',
     resetConfirmationModal: '#reset-confirmation-modal',
     resetConfirmBtn: '#reset-confirm-btn',
     resetCancelBtn: '#reset-cancel-btn'
@@ -59,7 +58,6 @@ export const DOM = {
     leftToolbarInner: getElement<HTMLElement | null>('left-toolbar-inner'),
     expInstructions: getElement<HTMLTextAreaElement | null>('instructions-textarea'),
     inputContainer: getElement<HTMLElement | null>('input-container'),
-    graphSelect: getElement<HTMLSelectElement | null>('graph-select'),
     resetConfirmationModal: getElement<HTMLElement | null>('reset-confirmation-modal'),
     resetConfirmBtn: getElement<HTMLButtonElement | null>('reset-confirm-btn'),
     resetCancelBtn: getElement<HTMLButtonElement | null>('reset-cancel-btn')
diff --git a/app/ts/modules/graph_select.ts b/app/ts/modules/graph_select.ts
new file mode 100644
index 00000000..4ad003e9
--- /dev/null
+++ b/app/ts/modules/graph_select.ts
@@ -0,0 +1,62 @@
+/**
+ * Helper to manage the custom graph selector UI.
+ * Exposes functions to get/set the selected graph and render the list.
+ */
+import { DOM } from './config';
+
+export function getSelectedGraph(): string | null {
+    const selectedLabel = document.getElementById('graph-selected');
+    const text = selectedLabel?.querySelector('.dropdown-text')?.textContent;
+    if (text) return text;
+    return null;
+}
+
+export function setSelectedGraph(name: string) {
+    const selectedLabel = document.getElementById('graph-selected');
+    const textNode = selectedLabel?.querySelector('.dropdown-text');
+    if (textNode) textNode.textContent = name;
+}
+
+export function clearGraphOptions() {
+    const optionsContainer = document.getElementById('graph-options');
+    if (optionsContainer) optionsContainer.innerHTML = '';
+}
+
+export function addGraphOption(name: string, onSelect: (n: string) => void, onDelete: (n: string) => void) {
+    const optionsContainer = document.getElementById('graph-options');
+    if (!optionsContainer) return;
+    const row = document.createElement('div');
+    row.className = 'dropdown-option';
+    row.setAttribute('data-value', name);
+    const icon = document.createElement('span');
+    icon.className = 'db-icon';
+    // optional: could add icons later
+    const text = document.createElement('span');
+    text.textContent = name;
+    row.appendChild(icon);
+    row.appendChild(text);
+
+    const delBtn = document.createElement('button');
+    delBtn.className = 'delete-btn';
+    delBtn.title = `Delete ${name}`;
+    delBtn.innerHTML = `<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><polyline points="3 6 5 6 21 6"></polyline><path d="M19 6l-1 14a2 2 0 0 1-2 2H8a2 2 0 0 1-2-2L5 6"></path><path d="M10 11v6"></path><path d="M14 11v6"></path><path d="M9 6V4a2 2 0 0 1 2-2h2a2 2 0 0 1 2 2v2"></path></svg>`;
+    row.appendChild(delBtn);
+
+    row.addEventListener('click', () => {
+        setSelectedGraph(name);
+        onSelect(name);
+        optionsContainer.classList.remove('open');
+    });
+
+    delBtn.addEventListener('click', (ev) => {
+        ev.stopPropagation();
+        onDelete(name);
+    });
+
+    optionsContainer.appendChild(row);
+}
+
+export function toggleOptions() {
+    const optionsContainer = document.getElementById('graph-options');
+    if (optionsContainer) optionsContainer.classList.toggle('open');
+}
diff --git a/app/ts/modules/graphs.ts b/app/ts/modules/graphs.ts
index 4eb2cbe8..8eaa2a47 100644
--- a/app/ts/modules/graphs.ts
+++ b/app/ts/modules/graphs.ts
@@ -4,17 +4,16 @@
 
 import { DOM } from './config';     
 import { addMessage, initChat } from './messages';
+import { addGraphOption, clearGraphOptions, setSelectedGraph, toggleOptions, getSelectedGraph } from './graph_select';
 
 export function loadGraphs() {
     const isAuthenticated = (window as any).isAuthenticated !== undefined ? (window as any).isAuthenticated : false;
 
     if (!isAuthenticated) {
-        if (DOM.graphSelect) DOM.graphSelect.innerHTML = '';
         const option = document.createElement('option');
         option.value = '';
         option.textContent = 'Please log in to access graphs';
         option.disabled = true;
-        if (DOM.graphSelect) DOM.graphSelect.appendChild(option);
 
         if (DOM.messageInput) DOM.messageInput.disabled = true;
         if (DOM.submitButton) DOM.submitButton.disabled = true;
@@ -33,34 +32,80 @@ export function loadGraphs() {
             return response.json();
         })
         .then((data: string[]) => {
-            if (DOM.graphSelect) DOM.graphSelect.innerHTML = '';
-
+            console.log('Graphs loaded:', data);
             if (!data || data.length === 0) {
                 const option = document.createElement('option');
                 option.value = '';
                 option.textContent = 'No graphs available';
                 option.disabled = true;
-                if (DOM.graphSelect) DOM.graphSelect.appendChild(option);
 
                 if (DOM.messageInput) DOM.messageInput.disabled = true;
                 if (DOM.submitButton) DOM.submitButton.disabled = true;
                 if (DOM.messageInput) DOM.messageInput.placeholder = 'Please upload a schema or connect a database to start chatting';
 
                 addMessage('No graphs are available. Please upload a schema file or connect to a database to get started.', false);
+                // set visible selected label to placeholder text
+                const selectedLabel = document.getElementById('graph-selected');
+                if (selectedLabel) {
+                    const dropdownText = selectedLabel.querySelector && selectedLabel.querySelector('.dropdown-text');
+                    if (dropdownText) dropdownText.textContent = 'Select Database'; else selectedLabel.textContent = 'Select Database';
+                }
                 return;
             }
 
+            // populate hidden select for legacy code
             data.forEach(graph => {
                 const option = document.createElement('option');
                 option.value = graph;
                 option.textContent = graph;
                 option.title = graph;
-                if (DOM.graphSelect) DOM.graphSelect.appendChild(option);
             });
 
+            // populate custom dropdown
+            try {
+                clearGraphOptions();
+                data.forEach(graph => {
+                    addGraphOption(graph, (name) => {
+                        // onSelect
+                        setSelectedGraph(name);
+                        initChat();
+                    }, async (name) => {
+                        // onDelete
+                        const confirmed = confirm(`Delete graph "${name}"? This action cannot be undone.`);
+                        if (!confirmed) return;
+                        try {
+                            const resp = await fetch(`/graphs/${encodeURIComponent(name)}`, { method: 'DELETE' });
+                            if (!resp.ok) {
+                                const text = await resp.text();
+                                throw new Error(`Delete failed: ${resp.status} ${text}`);
+                            }
+                            addMessage(`Graph "${name}" deleted.`, false);
+                            loadGraphs();
+                        } catch (err) {
+                            console.error('Error deleting graph:', err);
+                            addMessage('Error deleting graph: ' + (err as Error).message, false);
+                        }
+                    });
+                });
+
+                const sel = document.getElementById('graph-selected');
+                if (sel) sel.addEventListener('click', () => toggleOptions());
+            } catch (e) {
+                console.warn('Custom graph dropdown not available', e);
+            }
+
+            // custom dropdown is populated above via addGraphOption
+
             if (DOM.messageInput) DOM.messageInput.disabled = false;
             if (DOM.submitButton) DOM.submitButton.disabled = false;
             if (DOM.messageInput) DOM.messageInput.placeholder = 'Describe the SQL query you want...';
+
+            // Attach delete button handler if present
+            const deleteBtn = document.getElementById('delete-graph-btn');
+            if (deleteBtn) {
+                deleteBtn.removeEventListener('click', onDeleteClick as EventListener);
+                deleteBtn.addEventListener('click', onDeleteClick as EventListener);
+            }
         })
         .catch(error => {
             console.error('Error fetching graphs:', error);
@@ -74,15 +119,42 @@ export function loadGraphs() {
                 if (DOM.messageInput) DOM.messageInput.placeholder = 'Cannot connect to server';
             }
 
-            if (DOM.graphSelect) DOM.graphSelect.innerHTML = '';
             const option = document.createElement('option');
             option.value = '';
             option.textContent = (error as Error).message.includes('Authentication') ? 'Please log in' : 'Error loading graphs';
             option.disabled = true;
-            if (DOM.graphSelect) DOM.graphSelect.appendChild(option);
         });
 }
 
+async function onDeleteClick() {
+    const graphName = getSelectedGraph();
+    if (!graphName) {
+        addMessage('Please select a graph to delete.', false);
+        return;
+    }
+
+    const confirmed = confirm(`Are you sure you want to delete the graph '${graphName}'? This action cannot be undone.`);
+    if (!confirmed) return;
+
+    try {
+        const resp = await fetch(`/graphs/${encodeURIComponent(graphName)}`, { method: 'DELETE' });
+        if (!resp.ok) {
+            const text = await resp.text();
+            throw new Error(`Failed to delete graph: ${resp.status} ${text}`);
+        }
+        addMessage(`Graph '${graphName}' deleted.`, false);
+        // Reload graphs list
+        loadGraphs();
+        // Clear current chat state if the deleted graph was selected
+        if (window && (window as any).currentGraph === graphName) {
+            (window as any).currentGraph = undefined;
+        }
+    } catch (err) {
+        console.error('Error deleting graph:', err);
+        addMessage('Error deleting graph: ' + (err as Error).message, false);
+    }
+}
+
 export function handleFileUpload(event: Event) {
     const target = event.target as HTMLInputElement | null;
     const file = target?.files ? target.files[0] : null;
diff --git a/app/ts/modules/messages.ts b/app/ts/modules/messages.ts
index 6f26c5a0..7d9d42cf 100644
--- a/app/ts/modules/messages.ts
+++ b/app/ts/modules/messages.ts
@@ -3,6 +3,7 @@
  */
 
 import { DOM, state } from './config';
+import { getSelectedGraph } from './graph_select';
 
 export function addMessage(
     message: string,
@@ -137,7 +138,8 @@ export function initChat() {
         if (element) element.innerHTML = '';
     });
 
-    if (DOM.graphSelect && DOM.graphSelect.options.length > 0 && (DOM.graphSelect.options[0].value || DOM.graphSelect.options.length)) {
+    const selected = getSelectedGraph();
+    if (selected) {
         addMessage('Hello! How can I help you today?', false);
     } else {
         addMessage('Hello! Please select a graph from the dropdown above, upload a schema or connect to a database to get started.', false);
diff --git a/demo_organization.py b/demo_organization.py
new file mode 100755
index 00000000..a451dfd7
--- /dev/null
+++ b/demo_organization.py
@@ -0,0 +1,186 @@
+#!/usr/bin/env python3
+"""
+Demonstration script for organization management functionality.
+This script shows how the organization management features work.
+"""
+
+def demonstrate_email_domain_extraction():
+    """Demonstrate email domain extraction."""
+    print("📧 Email Domain Extraction Demo")
+    print("-" * 40)
+    
+    # Import the function
+    try:
+        import sys
+        import os
+        sys.path.append(os.path.join(os.path.dirname(__file__), 'api'))
+        from auth.organization_management import extract_email_domain
+        
+        test_cases = [
+            "john@example.com",
+            "admin@bigcorp.org", 
+            "user@startup.io",
+            "developer@tech-company.com",
+            "invalid-email",
+            "",
+            "user@sub.domain.co.uk"
+        ]
+        
+        for email in test_cases:
+            domain = extract_email_domain(email)
+            status = "✅" if domain else "❌"
+            print(f"  {status} {email:<25} → {domain}")
+            
+    except ImportError:
+        print("❌ Could not import organization management module")
+        print("   Make sure you're running from the project root")
+
+def demonstrate_organization_workflow():
+    """Demonstrate the organization workflow."""
+    print("\n🏢 Organization Management Workflow")
+    print("-" * 40)
+    
+    print("1. First User Login (alice@acme.com):")
+    print("   → Domain: acme.com")
+    print("   → Action: Create new organization 'Acme'")
+    print("   → Role: Admin")
+    print("   → Status: Active")
+    
+    print("\n2. Second User Login (bob@acme.com):")
+    print("   → Domain: acme.com") 
+    print("   → Action: Join existing organization 'Acme'")
+    print("   → Role: Member")
+    print("   → Status: Pending (awaiting admin approval)")
+    
+    print("\n3. Admin Approves Bob:")
+    print("   → Alice (admin) approves Bob")
+    print("   → Bob's status: Pending → Active")
+    print("   → Bob gains access to organization resources")
+    
+    print("\n4. Admin Adds New User (carol@acme.com):")
+    print("   → Alice adds carol@acme.com via admin interface")
+    print("   → Carol marked as invited/pending")
+    print("   → When Carol logs in, she's automatically linked")
+
+def demonstrate_api_structure():
+    """Demonstrate the API structure."""
+    print("\n🔌 API Endpoints Structure")
+    print("-" * 40)
+    
+    endpoints = [
+        ("GET", "/api/organization/status", "Get user's organization info", "User"),
+        ("GET", "/api/organization/users", "List organization members", "Admin"),
+        ("GET", "/api/organization/pending", "List pending users", "Admin"),
+        ("POST", "/api/organization/add-user", "Add user by email", "Admin"),
+        ("POST", "/api/organization/approve-user", "Approve pending user", "Admin"),
+    ]
+    
+    for method, endpoint, description, role in endpoints:
+        print(f"  {method:<4} {endpoint:<30} - {description} ({role})")
+
+def demonstrate_graph_schema():
+    """Demonstrate the graph database schema."""
+    print("\n🗂️  Graph Database Schema")
+    print("-" * 40)
+    
+    print("Nodes:")
+    print("  User: {email, first_name, last_name, created_at}")
+    print("  Identity: {provider, provider_user_id, email, name, picture}")
+    print("  Organization: {domain, name, created_at, admin_email}")
+    
+    print("\nRelationships:")
+    print("  (Identity)-[:AUTHENTICATES]->(User)")
+    print("  (User)-[:BELONGS_TO {is_admin, is_pending, joined_at}]->(Organization)")
+
+def demonstrate_frontend_features():
+    """Demonstrate frontend features."""
+    print("\n🖥️  Frontend Features")
+    print("-" * 40)
+    
+    print("User Interface Components:")
+    print("  ✅ Organization button in user profile menu")
+    print("  ✅ Organization management modal")
+    print("  ✅ Member list with roles and status")
+    print("  ✅ Pending user approval interface")
+    print("  ✅ Add user by email form")
+    print("  ✅ Admin-only controls with permission checks")
+    
+    print("\nJavaScript Functions:")
+    print("  • openOrganizationModal()")
+    print("  • loadOrganizationStatus()")
+    print("  • loadOrganizationUsers()")
+    print("  • addUserToOrganization()")
+    print("  • approveUser(email)")
+
+def demonstrate_security_features():
+    """Demonstrate security features."""
+    print("\n🔒 Security Features")
+    print("-" * 40)
+    
+    print("Authentication & Authorization:")
+    print("  ✅ OAuth required for all API endpoints")
+    print("  ✅ Admin role validation for management functions")
+    print("  ✅ Email domain matching for user additions")
+    print("  ✅ Session-based authentication with token validation")
+    
+    print("Data Validation:")
+    print("  ✅ Email format validation")
+    print("  ✅ Domain consistency checks")
+    print("  ✅ Provider whitelist (Google, GitHub)")
+    print("  ✅ Input sanitization and error handling")
+
+def main():
+    """Main demonstration function."""
+    print("🚀 Organization Management Demo")
+    print("=" * 50)
+    print("This demo shows the key features of the organization")
+    print("management system implemented for QueryWeaver.")
+    print("=" * 50)
+    
+    # Run all demonstrations
+    demonstrate_email_domain_extraction()
+    demonstrate_organization_workflow()
+    demonstrate_api_structure()
+    demonstrate_graph_schema()
+    demonstrate_frontend_features()
+    demonstrate_security_features()
+    
+    print("\n" + "=" * 50)
+    print("🎯 Quick Start Guide")
+    print("=" * 50)
+    
+    print("1. Set up OAuth credentials in .env:")
+    print("   GOOGLE_CLIENT_ID=your_client_id")
+    print("   GOOGLE_CLIENT_SECRET=your_client_secret")
+    print("   GITHUB_CLIENT_ID=your_client_id")
+    print("   GITHUB_CLIENT_SECRET=your_client_secret")
+    
+    print("\n2. Start the application:")
+    print("   python api/index.py")
+    
+    print("\n3. Log in with different email domains:")
+    print("   • First user from domain becomes admin")
+    print("   • Subsequent users need admin approval")
+    
+    print("\n4. Access organization management:")
+    print("   • Click user profile → Organization")
+    print("   • Admins can manage users and approvals")
+    
+    print("\n5. Test the functionality:")
+    print("   • Add users by email (domain must match)")
+    print("   • Approve pending users")
+    print("   • View organization member list")
+    
+    print("\n✨ Features Ready for Use:")
+    print("  🏢 Automatic organization creation")
+    print("  👑 First user becomes admin")
+    print("  ⏳ Pending user approval system")
+    print("  📧 Email-based user management")
+    print("  🔐 Secure API with proper authentication")
+    print("  🎨 User-friendly web interface")
+    
+    print("\n📖 For detailed documentation, see:")
+    print("   ORGANIZATION_IMPLEMENTATION.md")
+
+if __name__ == "__main__":
+    main()
diff --git a/demo_schema_monitor.py b/demo_schema_monitor.py
new file mode 100644
index 00000000..36b00f2b
--- /dev/null
+++ b/demo_schema_monitor.py
@@ -0,0 +1,103 @@
+"""Demonstration script for schema monitoring functionality."""
+
+import sys
+import os
+
+# Add the parent directory to the path so we can import from api
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from api.loaders.postgres_loader import PostgresLoader
+
+
+def demonstrate_schema_monitoring():
+    """Demonstrate the schema monitoring functionality."""
+
+    print("🔍 Schema Monitoring Demonstration")
+    print("=" * 50)
+
+    # Test queries that modify schema
+    schema_queries = [
+        (
+            "CREATE TABLE customers (id SERIAL PRIMARY KEY, name VARCHAR(100),"
+            " email VARCHAR(100))"
+        ),
+        "ALTER TABLE customers ADD COLUMN phone VARCHAR(20)",
+        "CREATE INDEX idx_customer_email ON customers(email)",
+        "DROP TABLE old_logs",
+        "TRUNCATE TABLE temp_data",
+        (
+            "CREATE VIEW active_customers AS SELECT * FROM customers "
+            "WHERE active = true"
+        ),
+    ]
+
+    # Test queries that don't modify schema
+    non_schema_queries = [
+        "SELECT * FROM customers",
+        "INSERT INTO customers (name, email) VALUES ('John Doe', 'john@example.com')",
+        "UPDATE customers SET phone = '555-0123' WHERE id = 1",
+        "DELETE FROM customers WHERE id = 999",
+    ]
+
+    print("\n📝 Testing Schema-Modifying Queries:")
+    print("-" * 40)
+
+    for query in schema_queries:
+        is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+
+        print(f"\n🔧 Query: {query[:60]}{'...' if len(query) > 60 else ''}")
+        print(f"   ✅ Schema Modifying: {is_modifying}")
+        print(f"   🏷️  Operation Type: {operation}")
+        if is_modifying:
+            print(f"   📋 Summary: {operation} operation detected")
+
+    print("\n\n📝 Testing Non-Schema-Modifying Queries:")
+    print("-" * 40)
+
+    for query in non_schema_queries:
+        is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+
+        print(f"\n📊 Query: {query[:60]}{'...' if len(query) > 60 else ''}")
+        print(f"   ❌ Schema Modifying: {is_modifying}")
+        print(f"   🏷️  Operation Type: {operation if operation else 'N/A'}")
+
+    print("\n\n🎯 Summary:")
+    print("-" * 20)
+    schema_count = sum(
+        1
+        for q in schema_queries
+        if PostgresLoader.is_schema_modifying_query(q)[0]
+    )
+    non_schema_count = sum(
+        1
+        for q in non_schema_queries
+        if not PostgresLoader.is_schema_modifying_query(q)[0]
+    )
+
+    summary_schema = f"{schema_count}/{len(schema_queries)}"
+    summary_non_schema = f"{non_schema_count}/{len(non_schema_queries)}"
+
+    print("✅ Correctly identified", summary_schema, "schema-modifying queries")
+    print("✅ Correctly identified", summary_non_schema, "non-schema-modifying queries")
+
+    print("\n🔄 How it works in the text2sql system:")
+    print("-" * 40)
+    print("1. When a user executes a SQL query through the chat interface")
+    print("2. The system checks if the query modifies the database schema")
+    print("3. If schema modification is detected:")
+    print("   a. The query is executed normally")
+    print("   b. The graph schema is automatically refreshed from the database")
+    print("   c. A confirmation message is shown to the user")
+    print("4. Future queries will use the updated schema information")
+
+    print("\n🚀 Benefits:")
+    print("-" * 12)
+    print("• Automatic schema synchronization")
+    print("• No manual intervention required")
+    print("• Real-time graph updates")
+    print("• Better query accuracy with up-to-date schema")
+    print("• All functionality integrated into existing PostgresLoader class")
+
+
+if __name__ == "__main__":
+    demonstrate_schema_monitoring()
diff --git a/examples/postgres_loader_example.py b/examples/postgres_loader_example.py
new file mode 100644
index 00000000..bb3cd918
--- /dev/null
+++ b/examples/postgres_loader_example.py
@@ -0,0 +1,64 @@
+#!/usr/bin/env python3
+"""
+Example usage of PostgreSQL Loader
+
+This script demonstrates how to use the PostgreSQL loader to extract
+schema information from a PostgreSQL database and load it into a graph.
+"""
+
+from api.loaders.postgres_loader import PostgreSQLLoader
+
+
+def main():
+    """
+    Example usage of PostgreSQL loader
+    """
+
+    # Example connection URLs (modify these with your actual database credentials)
+    connection_examples = [
+        "postgresql://username:password@localhost:5432/mydatabase",
+        "postgresql://user:pass@example.com:5432/production_db",
+        "postgresql://postgres:admin@127.0.0.1:5432/testdb",
+    ]
+
+    print("PostgreSQL Loader Example")
+    print("=" * 40)
+    print()
+    print("Example connection URL formats:")
+    for i, url in enumerate(connection_examples, 1):
+        print(f"{i}. {url}")
+    print()
+
+    # Get connection URL from user
+    connection_url = input("Enter your PostgreSQL connection URL: ").strip()
+
+    if not connection_url:
+        print("No connection URL provided. Using example URL...")
+        connection_url = "postgresql://postgres:password@localhost:5432/example_db"
+
+    # Get graph ID
+    graph_id = input("Enter graph ID (default: 'postgres_schema'): ").strip()
+    if not graph_id:
+        graph_id = "postgres_schema"
+
+    print(f"\nConnecting to database: {connection_url}")
+    print(f"Loading into graph: {graph_id}")
+    print()
+
+    # Load the schema
+    try:
+        success, message = PostgreSQLLoader.load(graph_id, connection_url)
+
+        if success:
+            print("✅ Success!")
+            print(f"   {message}")
+        else:
+            print("❌ Failed!")
+            print(f"   {message}")
+
+    except (ImportError, AttributeError, ValueError) as e:
+        print(f"❌ Unexpected error: {str(e)}")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/test_deps.py b/test_deps.py
new file mode 100644
index 00000000..91a04821
--- /dev/null
+++ b/test_deps.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+"""
+Test script to check if aiosignal version conflicts are resolved
+"""
+import sys
+
+def test_aiosignal_import():
+    try:
+        import aiosignal
+        print(f"aiosignal version: {aiosignal.__version__}")
+        return True
+    except ImportError as e:
+        print(f"Failed to import aiosignal: {e}")
+        return False
+
+def test_aiohttp_import():
+    try:
+        import aiohttp
+        print(f"aiohttp version: {aiohttp.__version__}")
+        return True
+    except ImportError as e:
+        print(f"Failed to import aiohttp: {e}")
+        return False
+
+if __name__ == "__main__":
+    print("Testing dependency compatibility...")
+    aiosignal_ok = test_aiosignal_import()
+    aiohttp_ok = test_aiohttp_import()
+
+    if aiosignal_ok and aiohttp_ok:
+        print("✅ Dependencies are compatible!")
+        sys.exit(0)
+    else:
+        print("❌ Dependency issues detected")
+        sys.exit(1)
diff --git a/test_postgres_loader.py b/test_postgres_loader.py
new file mode 100644
index 00000000..96da37db
--- /dev/null
+++ b/test_postgres_loader.py
@@ -0,0 +1,34 @@
+#!/usr/bin/env python3
+"""
+Test script for PostgresLoader.execute_sql_query to verify INSERT/UPDATE/DELETE handling.
+"""
+
+import os
+import sys
+
+# Add the api directory to the Python path
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'api'))
+
+from loaders.postgres_loader import PostgresLoader
+
+def test_postgres_loader():
+    """Test PostgresLoader.execute_sql_query with different query types."""
+
+    # Note: This test requires a real PostgreSQL connection to work fully
+    # Here we're just testing the method signature and basic structure
+
+    print("Testing PostgresLoader.execute_sql_query method...")
+
+    # Test the method exists and can be called
+    try:
+        # This will fail with connection error, but that's expected without a real DB
+        PostgresLoader.execute_sql_query("SELECT 1", "postgresql://user:pass@localhost/test")
+    except Exception as e:
+        print(f"Expected connection error: {type(e).__name__}")
+        print("This confirms the method exists and basic error handling works")
+
+    print("\nPostgresLoader test completed!")
+    print("To fully test, you'll need a real PostgreSQL connection URL")
+
+if __name__ == "__main__":
+    test_postgres_loader()
diff --git a/test_response_agent.py b/test_response_agent.py
new file mode 100644
index 00000000..f4185136
--- /dev/null
+++ b/test_response_agent.py
@@ -0,0 +1,128 @@
+#!/usr/bin/env python3
+"""
+Test script for the ResponseFormatterAgent to ensure it works correctly.
+"""
+
+import os
+import sys
+
+# Add the api directory to the Python path
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'api'))
+
+from agents import ResponseFormatterAgent
+
+def test_response_agent():
+    """Test the ResponseFormatterAgent with sample data."""
+
+    # Initialize the agent
+    agent = ResponseFormatterAgent()
+
+    # Test case 1: Simple count query
+    user_query1 = "How many customers do we have?"
+    sql_query1 = "SELECT COUNT(*) as customer_count FROM customers"
+    query_results1 = [{"customer_count": 150}]
+    db_description1 = "A customer management database containing customer information."
+
+    print("Test 1: Simple count query")
+    print(f"User Query: {user_query1}")
+    print(f"SQL Query: {sql_query1}")
+    print(f"Results: {query_results1}")
+    print("AI Response:")
+
+    try:
+        response1 = agent.format_response(user_query1, sql_query1, query_results1, db_description1)
+        print(response1)
+        print("\n" + "="*80 + "\n")
+    except Exception as e:
+        print(f"Error: {e}")
+        print("Note: This might fail without proper API credentials")
+        print("\n" + "="*80 + "\n")
+
+    # Test case 2: List query with multiple results
+    user_query2 = "What are the top 5 products by sales?"
+    sql_query2 = (
+        "SELECT product_name, sales_amount FROM products "
+        "ORDER BY sales_amount DESC LIMIT 5"
+    )
+    query_results2 = [
+        {"product_name": "Laptop Pro", "sales_amount": 50000},
+        {"product_name": "Wireless Mouse", "sales_amount": 35000},
+        {"product_name": "USB-C Cable", "sales_amount": 28000},
+        {"product_name": "Bluetooth Speaker", "sales_amount": 22000},
+        {"product_name": "Phone Case", "sales_amount": 18000}
+    ]
+    db_description2 = "An e-commerce database containing product and sales information."
+
+    print("Test 2: Top products query")
+    print(f"User Query: {user_query2}")
+    print(f"SQL Query: {sql_query2}")
+    print(f"Results: {query_results2}")
+    print("AI Response:")
+
+    try:
+        response2 = agent.format_response(user_query2, sql_query2, query_results2, db_description2)
+        print(response2)
+        print("\n" + "="*80 + "\n")
+    except Exception as e:
+        print(f"Error: {e}")
+        print("Note: This might fail without proper API credentials")
+        print("\n" + "="*80 + "\n")
+
+    # Test case 3: INSERT query result
+    user_query3 = "Add a new user with name Guy and email gg@gg.com"
+    sql_query3 = "INSERT INTO users (id, name, email) VALUES (12345, 'Guy', 'gg@gg.com')"
+    query_results3 = [{"operation": "INSERT", "affected_rows": 1, "status": "success"}]
+    db_description3 = "A user management database."
+
+    print("Test 3: INSERT query result")
+    print(f"User Query: {user_query3}")
+    print(f"SQL Query: {sql_query3}")
+    print(f"Results: {query_results3}")
+    print("AI Response:")
+
+    try:
+        response3 = agent.format_response(user_query3, sql_query3, query_results3, db_description3)
+        print(response3)
+        print("\n" + "="*80 + "\n")
+    except Exception as e:
+        print(f"Error: {e}")
+        print("Note: This might fail without proper API credentials")
+        print("\n" + "="*80 + "\n")
+
+    # Test case 4: Destructive operation detection (simulation)
+    print("Test 4: Destructive operation detection (simulation)")
+    print("This would be detected as destructive and require confirmation:")
+
+    user_query4 = "Delete the user with email test@example.com"
+    sql_query4 = "DELETE FROM users WHERE email = 'test@example.com'"
+    print(f"User Query: {user_query4}")
+    print(f"SQL Query: {sql_query4}")
+    print("🛡️ This would trigger the destructive operation confirmation dialog")
+    print("User would need to type 'CONFIRM' to proceed")
+    print("\n" + "="*80 + "\n")
+
+    # Test case 5: Empty results
+    user_query5 = "How many orders were placed yesterday?"
+    sql_query5 = "SELECT COUNT(*) as order_count FROM orders WHERE order_date = '2024-01-20'"
+    query_results5 = []
+    db_description5 = "An order management database."
+
+    print("Test 5: Empty results query")
+    print(f"User Query: {user_query5}")
+    print(f"SQL Query: {sql_query5}")
+    print(f"Results: {query_results5}")
+    print("AI Response:")
+
+    try:
+        response5 = agent.format_response(user_query5, sql_query5, query_results5, db_description5)
+        print(response5)
+    except Exception as e:
+        print(f"Error: {e}")
+        print("Note: This might fail without proper API credentials")
+
+if __name__ == "__main__":
+    print("Testing ResponseFormatterAgent...")
+    print("="*80)
+    test_response_agent()
+    print("="*80)
+    print("Test completed!")
diff --git a/test_role_assignment.py b/test_role_assignment.py
new file mode 100644
index 00000000..b2c955ac
--- /dev/null
+++ b/test_role_assignment.py
@@ -0,0 +1,101 @@
+#!/usr/bin/env python3
+"""
+Test script to verify role assignment works correctly.
+"""
+
+import sys
+import os
+sys.path.append('.')
+
+from api.extensions import db
+from api.auth.organization_management import (
+    check_or_create_organization, 
+    get_user_role,
+    extract_email_domain
+)
+from api.auth.user_management import ensure_user_in_organizations
+
+def test_first_user_admin_role():
+    """Test that the first user in an organization gets admin role."""
+    
+    # Test email
+    test_email = "admin@testcompany.com"
+    domain = extract_email_domain(test_email)
+    
+    print(f"Testing role assignment for: {test_email}")
+    print(f"Domain: {domain}")
+    
+    # Clear any existing data for this test domain
+    try:
+        organizations_graph = db.select_graph("Organizations")
+        
+        # Clean up test data
+        cleanup_query = """
+        MATCH (user:User {email: $email})-[r:BELONGS_TO]->(org:Organization {domain: $domain})
+        DELETE r
+        WITH user, org
+        OPTIONAL MATCH (user)<-[:AUTHENTICATES]-(identity:Identity)
+        DELETE identity, user, org
+        """
+        organizations_graph.query(cleanup_query, {"email": test_email, "domain": domain})
+        print("Cleaned up existing test data")
+        
+    except Exception as e:
+        print(f"Cleanup warning: {e}")
+    
+    # Test user creation (should be first user and get admin role)
+    print("\n1. Creating first user in organization...")
+    is_new_user, user_info = ensure_user_in_organizations(
+        provider_user_id="test123",
+        email=test_email,
+        name="Test Admin",
+        provider="google"
+    )
+    
+    if user_info:
+        print(f"✓ User created successfully: {is_new_user}")
+        
+        # Check user role
+        role = get_user_role(test_email)
+        print(f"✓ User role: {role}")
+        
+        if role == "admin":
+            print("✅ SUCCESS: First user correctly assigned admin role!")
+        else:
+            print(f"❌ FAILURE: First user has role '{role}', expected 'admin'")
+            
+        # Check organization creation
+        is_new_org, org_info = check_or_create_organization(test_email)
+        print(f"✓ Organization new: {not is_new_org} (should be False since it exists now)")
+        
+    else:
+        print("❌ FAILURE: User creation failed")
+    
+    # Test second user (should get default 'user' role and be pending)
+    print("\n2. Creating second user in same organization...")
+    second_email = "user@testcompany.com"
+    
+    is_new_user2, user_info2 = ensure_user_in_organizations(
+        provider_user_id="test456",
+        email=second_email,
+        name="Test User",
+        provider="google"
+    )
+    
+    if user_info2:
+        print(f"✓ Second user created: {is_new_user2}")
+        
+        role2 = get_user_role(second_email)
+        print(f"✓ Second user role: {role2}")
+        
+        if role2 == "user":
+            print("✅ SUCCESS: Second user correctly assigned user role!")
+        else:
+            print(f"❌ FAILURE: Second user has role '{role2}', expected 'user'")
+    else:
+        print("❌ FAILURE: Second user creation failed")
+    
+    print("\nTest completed!")
+
+if __name__ == "__main__":
+    test_first_user_admin_role()
diff --git a/test_schema_monitor.py b/test_schema_monitor.py
new file mode 100644
index 00000000..10316f20
--- /dev/null
+++ b/test_schema_monitor.py
@@ -0,0 +1,98 @@
+"""Test script for schema monitoring functionality."""
+
+import unittest
+import sys
+import os
+
+# Add the parent directory to the path so we can import from api
+sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from api.loaders.postgres_loader import PostgresLoader
+
+
+class TestSchemaMonitor(unittest.TestCase):
+    """Test cases for PostgresLoader schema monitoring functionality."""
+
+    def test_create_table_detection(self):
+        """Test detection of CREATE TABLE statements."""
+        queries = [
+            "CREATE TABLE users (id INT PRIMARY KEY, name VARCHAR(50))",
+            "create table products (id serial primary key, name text)",
+            "CREATE TABLE IF NOT EXISTS orders (id INT, user_id INT)",
+        ]
+
+        for query in queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertTrue(is_modifying, f"Should detect CREATE TABLE: {query}")
+            self.assertEqual(operation, "CREATE")
+
+    def test_alter_table_detection(self):
+        """Test detection of ALTER TABLE statements."""
+        queries = [
+            "ALTER TABLE users ADD COLUMN email VARCHAR(100)",
+            "alter table products drop column description",
+            "ALTER TABLE orders MODIFY COLUMN total DECIMAL(10,2)",
+        ]
+
+        for query in queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertTrue(is_modifying, f"Should detect ALTER TABLE: {query}")
+            self.assertEqual(operation, "ALTER")
+
+    def test_drop_table_detection(self):
+        """Test detection of DROP TABLE statements."""
+        queries = [
+            "DROP TABLE users",
+            "drop table if exists products",
+            "DROP TABLE orders CASCADE",
+        ]
+
+        for query in queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertTrue(is_modifying, f"Should detect DROP TABLE: {query}")
+            self.assertEqual(operation, "DROP")
+
+    def test_index_operations_detection(self):
+        """Test detection of index-related operations."""
+        queries = [
+            "CREATE INDEX idx_user_email ON users(email)",
+            "CREATE UNIQUE INDEX idx_product_sku ON products(sku)",
+            "DROP INDEX idx_user_email",
+        ]
+
+        for query in queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertTrue(is_modifying, f"Should detect index operation: {query}")
+            self.assertIn(operation, ["CREATE", "DROP"])
+
+    def test_non_schema_queries(self):
+        """Test that non-schema-modifying queries are not detected."""
+        queries = [
+            "SELECT * FROM users",
+            "INSERT INTO users (name) VALUES ('John')",
+            "UPDATE users SET name = 'Jane' WHERE id = 1",
+            "DELETE FROM users WHERE id = 1",
+        ]
+
+        for query in queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertFalse(is_modifying, f"Should not detect as schema-modifying: {query}")
+
+    def test_empty_and_invalid_queries(self):
+        """Test handling of empty and invalid queries."""
+        invalid_queries = [
+            "",
+            "   ",
+            None,
+            "INVALID SQL STATEMENT",
+        ]
+
+        for query in invalid_queries:
+            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
+            self.assertFalse(is_modifying, f"Should not detect empty/invalid query: {query}")
+            self.assertEqual(operation, "")
+
+
+if __name__ == "__main__":
+    print("Running Schema Monitor Tests...")
+    unittest.main(verbosity=2)
diff --git a/test_user_image.html b/test_user_image.html
new file mode 100644
index 00000000..38fb7213
--- /dev/null
+++ b/test_user_image.html
@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Test User Image</title>
+    <style>
+        /* Simplified CSS for testing */
+        .user-message-container::before {
+            content: attr(data-user-label);
+            width: 40px;
+            height: 40px;
+            background: #ccc;
+            border-radius: 50%;
+            display: inline-block;
+            text-align: center;
+            line-height: 40px;
+            margin-right: 10px;
+        }
+
+        .user-message-container[data-user-image]::before {
+            content: "";
+            background-size: cover;
+            background-position: center;
+            background-repeat: no-repeat;
+            width: 40px;
+            height: 40px;
+            border-radius: 50%;
+            margin-right: 10px;
+        }
+
+        .message-container {
+            margin: 10px 0;
+            display: flex;
+            align-items: center;
+        }
+    </style>
+</head>
+<body>
+    <h1>User Image Test</h1>
+    
+    <!-- Test with image -->
+    <div class="message-container user-message-container" data-user-image="https://via.placeholder.com/40">
+        <span>Message with image</span>
+    </div>
+    
+    <!-- Test with text label -->
+    <div class="message-container user-message-container" data-user-label="J">
+        <span>Message with text label</span>
+    </div>
+
+    <script>
+        // Simulate the dynamic style injection for image
+        function setUserImage(container, imageUrl) {
+            const style = document.createElement('style');
+            const containerClass = 'user-image-' + Date.now();
+            container.classList.add(containerClass);
+            style.textContent = `.${containerClass}::before { background-image: url('${imageUrl}') !important; }`;
+            document.head.appendChild(style);
+        }
+
+        // Apply to the image container
+        const imageContainer = document.querySelector('[data-user-image]');
+        if (imageContainer) {
+            setUserImage(imageContainer, imageContainer.getAttribute('data-user-image'));
+        }
+    </script>
+</body>
+</html>

From 89a7685324afb6d223707889b854d7285f0b6ced Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 01:15:22 +0300
Subject: [PATCH 02/11] Delete demo_organization.py

---
 demo_organization.py | 186 -------------------------------------------
 1 file changed, 186 deletions(-)
 delete mode 100755 demo_organization.py

diff --git a/demo_organization.py b/demo_organization.py
deleted file mode 100755
index a451dfd7..00000000
--- a/demo_organization.py
+++ /dev/null
@@ -1,186 +0,0 @@
-#!/usr/bin/env python3
-"""
-Demonstration script for organization management functionality.
-This script shows how the organization management features work.
-"""
-
-def demonstrate_email_domain_extraction():
-    """Demonstrate email domain extraction."""
-    print("📧 Email Domain Extraction Demo")
-    print("-" * 40)
-    
-    # Import the function
-    try:
-        import sys
-        import os
-        sys.path.append(os.path.join(os.path.dirname(__file__), 'api'))
-        from auth.organization_management import extract_email_domain
-        
-        test_cases = [
-            "john@example.com",
-            "admin@bigcorp.org", 
-            "user@startup.io",
-            "developer@tech-company.com",
-            "invalid-email",
-            "",
-            "user@sub.domain.co.uk"
-        ]
-        
-        for email in test_cases:
-            domain = extract_email_domain(email)
-            status = "✅" if domain else "❌"
-            print(f"  {status} {email:<25} → {domain}")
-            
-    except ImportError:
-        print("❌ Could not import organization management module")
-        print("   Make sure you're running from the project root")
-
-def demonstrate_organization_workflow():
-    """Demonstrate the organization workflow."""
-    print("\n🏢 Organization Management Workflow")
-    print("-" * 40)
-    
-    print("1. First User Login (alice@acme.com):")
-    print("   → Domain: acme.com")
-    print("   → Action: Create new organization 'Acme'")
-    print("   → Role: Admin")
-    print("   → Status: Active")
-    
-    print("\n2. Second User Login (bob@acme.com):")
-    print("   → Domain: acme.com") 
-    print("   → Action: Join existing organization 'Acme'")
-    print("   → Role: Member")
-    print("   → Status: Pending (awaiting admin approval)")
-    
-    print("\n3. Admin Approves Bob:")
-    print("   → Alice (admin) approves Bob")
-    print("   → Bob's status: Pending → Active")
-    print("   → Bob gains access to organization resources")
-    
-    print("\n4. Admin Adds New User (carol@acme.com):")
-    print("   → Alice adds carol@acme.com via admin interface")
-    print("   → Carol marked as invited/pending")
-    print("   → When Carol logs in, she's automatically linked")
-
-def demonstrate_api_structure():
-    """Demonstrate the API structure."""
-    print("\n🔌 API Endpoints Structure")
-    print("-" * 40)
-    
-    endpoints = [
-        ("GET", "/api/organization/status", "Get user's organization info", "User"),
-        ("GET", "/api/organization/users", "List organization members", "Admin"),
-        ("GET", "/api/organization/pending", "List pending users", "Admin"),
-        ("POST", "/api/organization/add-user", "Add user by email", "Admin"),
-        ("POST", "/api/organization/approve-user", "Approve pending user", "Admin"),
-    ]
-    
-    for method, endpoint, description, role in endpoints:
-        print(f"  {method:<4} {endpoint:<30} - {description} ({role})")
-
-def demonstrate_graph_schema():
-    """Demonstrate the graph database schema."""
-    print("\n🗂️  Graph Database Schema")
-    print("-" * 40)
-    
-    print("Nodes:")
-    print("  User: {email, first_name, last_name, created_at}")
-    print("  Identity: {provider, provider_user_id, email, name, picture}")
-    print("  Organization: {domain, name, created_at, admin_email}")
-    
-    print("\nRelationships:")
-    print("  (Identity)-[:AUTHENTICATES]->(User)")
-    print("  (User)-[:BELONGS_TO {is_admin, is_pending, joined_at}]->(Organization)")
-
-def demonstrate_frontend_features():
-    """Demonstrate frontend features."""
-    print("\n🖥️  Frontend Features")
-    print("-" * 40)
-    
-    print("User Interface Components:")
-    print("  ✅ Organization button in user profile menu")
-    print("  ✅ Organization management modal")
-    print("  ✅ Member list with roles and status")
-    print("  ✅ Pending user approval interface")
-    print("  ✅ Add user by email form")
-    print("  ✅ Admin-only controls with permission checks")
-    
-    print("\nJavaScript Functions:")
-    print("  • openOrganizationModal()")
-    print("  • loadOrganizationStatus()")
-    print("  • loadOrganizationUsers()")
-    print("  • addUserToOrganization()")
-    print("  • approveUser(email)")
-
-def demonstrate_security_features():
-    """Demonstrate security features."""
-    print("\n🔒 Security Features")
-    print("-" * 40)
-    
-    print("Authentication & Authorization:")
-    print("  ✅ OAuth required for all API endpoints")
-    print("  ✅ Admin role validation for management functions")
-    print("  ✅ Email domain matching for user additions")
-    print("  ✅ Session-based authentication with token validation")
-    
-    print("Data Validation:")
-    print("  ✅ Email format validation")
-    print("  ✅ Domain consistency checks")
-    print("  ✅ Provider whitelist (Google, GitHub)")
-    print("  ✅ Input sanitization and error handling")
-
-def main():
-    """Main demonstration function."""
-    print("🚀 Organization Management Demo")
-    print("=" * 50)
-    print("This demo shows the key features of the organization")
-    print("management system implemented for QueryWeaver.")
-    print("=" * 50)
-    
-    # Run all demonstrations
-    demonstrate_email_domain_extraction()
-    demonstrate_organization_workflow()
-    demonstrate_api_structure()
-    demonstrate_graph_schema()
-    demonstrate_frontend_features()
-    demonstrate_security_features()
-    
-    print("\n" + "=" * 50)
-    print("🎯 Quick Start Guide")
-    print("=" * 50)
-    
-    print("1. Set up OAuth credentials in .env:")
-    print("   GOOGLE_CLIENT_ID=your_client_id")
-    print("   GOOGLE_CLIENT_SECRET=your_client_secret")
-    print("   GITHUB_CLIENT_ID=your_client_id")
-    print("   GITHUB_CLIENT_SECRET=your_client_secret")
-    
-    print("\n2. Start the application:")
-    print("   python api/index.py")
-    
-    print("\n3. Log in with different email domains:")
-    print("   • First user from domain becomes admin")
-    print("   • Subsequent users need admin approval")
-    
-    print("\n4. Access organization management:")
-    print("   • Click user profile → Organization")
-    print("   • Admins can manage users and approvals")
-    
-    print("\n5. Test the functionality:")
-    print("   • Add users by email (domain must match)")
-    print("   • Approve pending users")
-    print("   • View organization member list")
-    
-    print("\n✨ Features Ready for Use:")
-    print("  🏢 Automatic organization creation")
-    print("  👑 First user becomes admin")
-    print("  ⏳ Pending user approval system")
-    print("  📧 Email-based user management")
-    print("  🔐 Secure API with proper authentication")
-    print("  🎨 User-friendly web interface")
-    
-    print("\n📖 For detailed documentation, see:")
-    print("   ORGANIZATION_IMPLEMENTATION.md")
-
-if __name__ == "__main__":
-    main()

From 00f0ecd72cf2fbba0495273f723fe6c355afce9c Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 01:15:51 +0300
Subject: [PATCH 03/11] Delete E2E_TESTING_SUMMARY.md

---
 E2E_TESTING_SUMMARY.md | 162 -----------------------------------------
 1 file changed, 162 deletions(-)
 delete mode 100644 E2E_TESTING_SUMMARY.md

diff --git a/E2E_TESTING_SUMMARY.md b/E2E_TESTING_SUMMARY.md
deleted file mode 100644
index 1365105e..00000000
--- a/E2E_TESTING_SUMMARY.md
+++ /dev/null
@@ -1,162 +0,0 @@
-# E2E Testing Implementation Summary
-
-## ✅ What Has Been Implemented
-
-This implementation addresses GitHub issue #33 by adding comprehensive End-to-End (E2E) testing capabilities to QueryWeaver using Playwright.
-
-### 🔧 Infrastructure Setup
-
-1. **Dependencies Added to `Pipfile`**:
-   - `playwright ~= 1.47.0` - Browser automation framework
-   - `pytest-playwright ~= 0.5.2` - Pytest integration
-   - `pytest-asyncio ~= 0.24.0` - Async test support
-
-2. **Test Structure Created**:
-   ```
-   tests/
-   ├── conftest.py                      # Pytest configuration & fixtures
-   ├── test_simple_integration.py       # Basic integration tests
-   ├── e2e/                            # E2E test directory
-   │   ├── pages/                      # Page Object Model
-   │   │   ├── base_page.py           # Base page functionality
-   │   │   └── home_page.py           # Home/chat page interactions
-   │   ├── fixtures/                   # Test data and utilities
-   │   │   └── test_data.py           # Sample data generators
-   │   ├── test_basic_functionality.py # Core app functionality tests
-   │   ├── test_file_upload.py        # File upload feature tests
-   │   ├── test_chat_functionality.py # Chat interface tests
-   │   ├── test_api_endpoints.py      # Direct API endpoint tests
-   │   └── README.md                  # Comprehensive E2E test documentation
-   ```
-
-3. **CI/CD Integration**:
-   - `.github/workflows/e2e-tests.yml` - Dedicated E2E test workflow
-   - `.github/workflows/tests.yml` - Combined unit and E2E test workflow
-   - Automatic FalkorDB service setup in CI
-   - Test artifact collection on failures
-
-### 🧪 Test Coverage
-
-#### ✅ Currently Working Tests
-- **Basic Application Tests**: Page loading, UI structure, responsive design
-- **API Endpoint Tests**: Health checks, authentication-protected endpoints
-- **Integration Tests**: FASTAPI app startup, content serving
-- **Error Handling Tests**: Invalid routes, method validation
-
-#### ⏸️ Planned Tests (Require Authentication Setup)
-- **Authentication Flow Tests**: OAuth login/logout (Google/GitHub)
-- **File Upload Tests**: CSV/JSON processing and validation
-- **Chat Interface Tests**: Query submission and response handling
-- **Graph Management Tests**: Graph selection and data interaction
-
-### 🛠️ Developer Tools
-
-1. **Makefile Commands**:
-   ```bash
-   make setup-dev          # Complete development setup
-   make test              # Run all tests
-   make test-unit         # Unit tests only
-   make test-e2e          # E2E tests (headless)
-   make test-e2e-headed   # E2E tests (visible browser)
-   make test-e2e-debug    # E2E tests with debugging
-   make docker-falkordb   # Start FalkorDB for testing
-   ```
-
-2. **Setup Script**: `./setup_e2e_tests.sh` - Automated environment setup
-
-3. **Configuration Files**:
-   - `pytest.ini` - Test configuration and markers
-   - Updated `.gitignore` - Test artifact exclusions
-   - Environment variable templates
-
-### 🎯 Key Features
-
-#### Page Object Model Implementation
-- **Maintainable**: Separates test logic from page interactions
-- **Reusable**: Common functionality in base classes
-- **Scalable**: Easy to add new pages and interactions
-
-#### Flexible Test Architecture
-- **Modular**: Tests organized by functionality
-- **Configurable**: Easy environment and browser configuration
-- **Debuggable**: Screenshot capture, video recording, console logs
-
-#### CI/CD Ready
-- **Automated**: Runs on every push/PR
-- **Reliable**: Proper service dependencies and health checks
-- **Informative**: Detailed artifacts and reporting on failures
-
-## 🚀 Quick Start
-
-### For Developers
-
-1. **Setup Environment**:
-   ```bash
-   ./setup_e2e_tests.sh
-   ```
-
-2. **Run Tests**:
-   ```bash
-   # All tests
-   make test
-
-   # Just the working tests
-   pipenv run pytest tests/test_simple_integration.py -v
-
-   # E2E structure validation (will show some skipped tests)
-   pipenv run pytest tests/e2e/ -v
-   ```
-
-### For CI/CD
-
-The tests automatically run in GitHub Actions with:
-- FalkorDB service
-- Proper environment setup
-- Browser installation
-- Artifact collection
-
-## 📋 Next Steps
-
-To enable full E2E testing functionality:
-
-1. **Authentication Setup**:
-   - Configure OAuth credentials for testing environment
-   - Create test user accounts or mock authentication
-   - Remove `@pytest.mark.skip` decorators from auth-related tests
-
-2. **Test Data Management**:
-   - Set up test database with sample data
-   - Create data fixtures for consistent testing
-   - Add database cleanup/reset functionality
-
-3. **Enhanced Coverage**:
-   - Add visual regression testing
-   - Add performance testing
-   - Add accessibility testing
-   - Add mobile device testing
-
-4. **Documentation**:
-   - Update main README with testing section ✅
-   - Create developer testing guidelines
-   - Add troubleshooting guide
-
-## 🔧 Technical Implementation Details
-
-### Test Framework Choice
-- **Playwright**: Modern, fast, reliable browser automation
-- **pytest**: Python-native testing with excellent fixture support
-- **Page Object Model**: Industry-standard pattern for maintainable E2E tests
-
-### Architecture Decisions
-- **Session-scoped FASTAPI app**: Efficient test execution
-- **Modular test organization**: Easy maintenance and extension
-- **CI/CD first**: Designed to work reliably in automated environments
-- **Graceful degradation**: Tests work with/without full authentication setup
-
-### Error Handling
-- **Robust selectors**: Multiple fallback strategies
-- **Timeout management**: Configurable waits for dynamic content
-- **Screenshot capture**: Automatic debugging artifacts
-- **Detailed logging**: Comprehensive test execution information
-
-This implementation provides a solid foundation for comprehensive E2E testing that can grow with the application's needs.

From 46afa5a30a7f7097aca143a2f46d5fa2b65cf959 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 01:18:03 +0300
Subject: [PATCH 04/11] revert

---
 IMPLEMENTATION_SUMMARY.md           | 162 -----------------
 ORGANIZATION_IMPLEMENTATION.md      | 272 ----------------------------
 demo_schema_monitor.py              | 103 -----------
 examples/postgres_loader_example.py |  64 -------
 test_deps.py                        |  35 ----
 test_postgres_loader.py             |  34 ----
 test_response_agent.py              | 128 -------------
 test_role_assignment.py             | 101 -----------
 test_schema_monitor.py              |  98 ----------
 test_user_image.html                |  67 -------
 10 files changed, 1064 deletions(-)
 delete mode 100644 IMPLEMENTATION_SUMMARY.md
 delete mode 100644 ORGANIZATION_IMPLEMENTATION.md
 delete mode 100644 demo_schema_monitor.py
 delete mode 100644 examples/postgres_loader_example.py
 delete mode 100644 test_deps.py
 delete mode 100644 test_postgres_loader.py
 delete mode 100644 test_response_agent.py
 delete mode 100644 test_role_assignment.py
 delete mode 100644 test_schema_monitor.py
 delete mode 100644 test_user_image.html

diff --git a/IMPLEMENTATION_SUMMARY.md b/IMPLEMENTATION_SUMMARY.md
deleted file mode 100644
index e31fb04e..00000000
--- a/IMPLEMENTATION_SUMMARY.md
+++ /dev/null
@@ -1,162 +0,0 @@
-# Organization Management - Implementation Summary
-
-## ✅ Successfully Implemented
-
-I have successfully extended the Organization graph model with comprehensive organization management capabilities for the QueryWeaver text2sql application. Here's what has been delivered:
-
-### 🏢 Core Organization Features
-
-**1. Automatic Organization Creation**
-- ✅ Organizations are automatically created based on email domain when users log in
-- ✅ First user from each domain becomes the organization admin
-- ✅ Organization names are generated from domain (e.g., "example.com" → "Example")
-
-**2. User Role Management**
-- ✅ **Admin Role**: First user from domain gets admin privileges
-- ✅ **Member Role**: Subsequent users are added as regular members
-- ✅ **Pending Status**: New users require admin approval to join existing organizations
-
-**3. Email Domain Logic**
-- ✅ Extracts domain from user email addresses (e.g., user@acme.com → acme.com)
-- ✅ Validates that new users belong to the same domain as the organization
-- ✅ Prevents cross-domain user additions for security
-
-### 🔧 Technical Implementation
-
-**Database Schema (Graph Model)**
-```cypher
-// New nodes and relationships
-(:Organization {domain, name, created_at, admin_email})
-(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at, invited_by, approved_by}]->(:Organization)
-```
-
-**New Files Created:**
-- `api/auth/organization_management.py` - Core organization logic
-- `api/routes/organization.py` - REST API endpoints
-- `api/templates/components/organization_modal.j2` - Frontend UI
-- `ORGANIZATION_IMPLEMENTATION.md` - Complete documentation
-- `demo_organization.py` - Feature demonstration
-- `test_organization.py` - Testing utilities
-
-**Modified Files:**
-- `api/auth/user_management.py` - Integrated organization creation
-- `api/routes/auth.py` - Updated login flow
-- `api/app_factory.py` - Registered new routes
-- `api/templates/components/user_profile.j2` - Added organization button
-- `api/templates/chat.j2` - Included organization modal
-
-### 🔌 API Endpoints
-
-All endpoints require OAuth authentication:
-
-1. **GET `/api/organization/status`** - Get user's organization info
-2. **GET `/api/organization/users`** (Admin) - List organization members  
-3. **GET `/api/organization/pending`** (Admin) - List pending users
-4. **POST `/api/organization/add-user`** (Admin) - Add user by email
-5. **POST `/api/organization/approve-user`** (Admin) - Approve pending user
-
-### 🎨 Frontend Integration
-
-**User Interface Components:**
-- ✅ Organization button in user profile dropdown
-- ✅ Complete organization management modal with:
-  - Organization information display
-  - Member list with roles and status
-  - Pending user management interface
-  - Add user by email functionality
-  - Admin-only controls with proper permissions
-
-**JavaScript Functions:**
-- `openOrganizationModal()` - Opens management interface
-- `loadOrganizationStatus()` - Fetches user's org info
-- `loadOrganizationUsers()` - Lists members (admin only)
-- `addUserToOrganization()` - Adds users by email (admin only)
-- `approveUser(email)` - Approves pending users (admin only)
-
-### 🔒 Security Features
-
-**Authentication & Authorization:**
-- ✅ OAuth required for all API endpoints
-- ✅ Admin role validation for management functions
-- ✅ Email domain validation for user additions
-- ✅ Session-based authentication with proper token handling
-
-**Data Validation:**
-- ✅ Email format validation
-- ✅ Domain consistency checks  
-- ✅ Provider whitelist (Google, GitHub)
-- ✅ Input sanitization and comprehensive error handling
-
-## 🚀 Usage Flow
-
-### First Time User (Creates Organization)
-1. User logs in with `alice@acme.com`
-2. System extracts domain: `acme.com`
-3. No organization exists → Creates "Acme" organization
-4. Alice becomes admin with full management privileges
-
-### Subsequent User (Joins Organization)
-1. User logs in with `bob@acme.com`
-2. System finds existing "Acme" organization
-3. Bob added as pending member (requires admin approval)
-4. Alice (admin) can approve Bob through the UI
-
-### Admin Management
-1. Admin clicks user profile → "Organization"
-2. Views organization status and member list
-3. Manages pending users and adds new users by email
-4. All actions validated for proper permissions
-
-## 📋 Requirements Fulfilled
-
-✅ **When a new user logs in for the first time, check their email domain**
-- Implemented in `ensure_user_in_organizations()` function
-
-✅ **If no existing organization is associated with this domain, create a new Organization object**
-- Implemented in `check_or_create_organization()` function
-
-✅ **Assign the user as the admin of this new organization**
-- First user from domain automatically gets admin role
-
-✅ **If the domain already exists, associate the user with the existing organization, but the user should be pending till the Admin approve him**
-- Subsequent users added as pending members requiring approval
-
-✅ **Allow the admin to add new users to the organization by entering their emails**
-- Implemented via `/api/organization/add-user` endpoint and UI
-
-✅ **New users added this way will be linked to the organization once they log in**
-- Pre-created pending users are automatically linked on login
-
-✅ **Organization model with domain and admin fields**
-- Graph node: `(:Organization {domain, name, created_at, admin_email})`
-
-✅ **User model extension to include organization reference**
-- Relationship: `(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at}]->(:Organization)`
-
-✅ **Logic to extract domain from user email**
-- `extract_email_domain()` function
-
-✅ **Login hook that checks domain and creates or associates organization**
-- Integrated into OAuth handlers and login routes
-
-✅ **Admin-only API or form to manage organization users by email**
-- Complete admin interface with proper permission checks
-
-## 🎯 Ready to Use
-
-The implementation is production-ready and includes:
-
-- **Complete backend logic** with proper error handling
-- **Secure API endpoints** with authentication
-- **User-friendly frontend** with responsive design
-- **Comprehensive documentation** and examples
-- **Testing utilities** for validation
-- **Security best practices** throughout
-
-### Quick Start:
-1. Set up OAuth credentials in `.env`
-2. Run `python api/index.py`
-3. Log in with different email domains to test
-4. Access organization management via user profile menu
-
-The organization management system is now fully integrated with the existing QueryWeaver application and ready for immediate use! 🎉
diff --git a/ORGANIZATION_IMPLEMENTATION.md b/ORGANIZATION_IMPLEMENTATION.md
deleted file mode 100644
index b57e8a97..00000000
--- a/ORGANIZATION_IMPLEMENTATION.md
+++ /dev/null
@@ -1,272 +0,0 @@
-# Organization Management Implementation
-
-This document describes the implementation of organization management functionality for the QueryWeaver text2sql application.
-
-## Overview
-
-The organization management system automatically creates organizations based on email domains and manages user access within those organizations. When users log in for the first time, the system checks their email domain and either creates a new organization or associates them with an existing one.
-
-## Features Implemented
-
-### 1. Automatic Organization Creation
-- **Domain-based Organizations**: Organizations are automatically created based on the domain part of user email addresses
-- **First User as Admin**: The first user from a domain becomes the organization admin
-- **Subsequent Users**: Additional users from the same domain are added as pending members requiring admin approval
-
-### 2. User Roles and Status
-- **Admin**: Organization administrators can manage users and approve pending members
-- **Member**: Regular organization members with access to organization resources
-- **Pending**: Users waiting for admin approval to join the organization
-
-### 3. Admin Management Functions
-- **View Members**: Admins can see all organization members and their roles
-- **Add Users**: Admins can invite new users by email (must match organization domain)
-- **Approve Pending**: Admins can approve users who joined after the organization was created
-- **View Pending**: Admins can see all users waiting for approval
-
-## Technical Implementation
-
-### Database Schema (Graph Model)
-
-```cypher
-// Nodes
-(:User {email, first_name, last_name, created_at})
-(:Identity {provider, provider_user_id, email, name, picture, created_at, last_login})
-(:Organization {domain, name, created_at, admin_email})
-
-// Relationships
-(:Identity)-[:AUTHENTICATES]->(:User)
-(:User)-[:BELONGS_TO {is_admin, is_pending, joined_at, invited_by, approved_by}]->(:Organization)
-```
-
-### Key Files Created/Modified
-
-#### New Files:
-1. **`api/auth/organization_management.py`** - Core organization management functions
-2. **`api/routes/organization.py`** - API endpoints for organization management
-3. **`api/templates/components/organization_modal.j2`** - Frontend UI component
-4. **`test_organization.py`** - Test script and demonstration
-
-#### Modified Files:
-1. **`api/auth/user_management.py`** - Updated to integrate with organization management
-2. **`api/routes/auth.py`** - Updated login process to handle organizations
-3. **`api/app_factory.py`** - Registered new organization blueprint
-4. **`api/templates/components/user_profile.j2`** - Added organization management button
-5. **`api/templates/chat.j2`** - Included organization modal
-
-### API Endpoints
-
-All endpoints require user authentication via OAuth.
-
-#### GET `/api/organization/status`
-Returns the current user's organization status and role.
-
-**Response:**
-```json
-{
-  "has_organization": true,
-  "organization": {
-    "domain": "example.com",
-    "name": "Example",
-    "created_at": 1640995200
-  },
-  "user_role": {
-    "is_admin": true,
-    "is_pending": false,
-    "joined_at": 1640995200
-  }
-}
-```
-
-#### GET `/api/organization/users` (Admin only)
-Returns all users in the organization.
-
-#### GET `/api/organization/pending` (Admin only)
-Returns all pending users awaiting approval.
-
-#### POST `/api/organization/add-user` (Admin only)
-Adds a user to the organization by email.
-
-**Request:**
-```json
-{
-  "email": "newuser@example.com"
-}
-```
-
-#### POST `/api/organization/approve-user` (Admin only)
-Approves a pending user.
-
-**Request:**
-```json
-{
-  "email": "pendinguser@example.com"
-}
-```
-
-## Usage Flow
-
-### New User Registration Flow
-
-1. **User logs in** with Google/GitHub OAuth
-2. **Email domain extracted** from user's email address
-3. **Organization check**:
-   - If no organization exists for domain → Create new organization, make user admin
-   - If organization exists → Add user as pending member
-4. **User linked** to organization with appropriate role/status
-
-### Admin Management Flow
-
-1. **Admin accesses** organization management through user profile menu
-2. **Views organization status** and member list
-3. **Manages pending users** by approving or adding new users by email
-4. **Adds new users** by entering their email addresses (domain must match)
-
-## Frontend Integration
-
-### User Interface Components
-
-1. **Organization Button**: Added to user profile dropdown menu
-2. **Organization Modal**: Full-featured management interface including:
-   - Organization information display
-   - Member list with roles
-   - Pending user management
-   - Add user functionality
-   - Admin-only controls with proper permissions
-
-### JavaScript Functions
-
-- `openOrganizationModal()` - Opens the organization management interface
-- `loadOrganizationStatus()` - Fetches user's organization information
-- `loadOrganizationUsers()` - Fetches organization member list (admin only)
-- `loadPendingUsers()` - Fetches pending users (admin only)
-- `addUserToOrganization()` - Adds new user by email (admin only)
-- `approveUser(email)` - Approves pending user (admin only)
-
-## Security Considerations
-
-### Authentication & Authorization
-- All API endpoints require valid OAuth authentication
-- Admin-only functions check user role before execution
-- Email domain validation ensures users can only be added to their domain's organization
-
-### Data Validation
-- Email format validation for all user inputs
-- Domain matching validation for new user additions
-- Provider validation for OAuth authentication
-- Input sanitization for all user-provided data
-
-### Error Handling
-- Graceful handling of authentication failures
-- Proper error messages for invalid operations
-- Fallback behavior when organization management fails
-
-## Testing
-
-### Test Script Usage
-
-```bash
-cd /home/guy/workspace/text2sql
-python test_organization.py
-```
-
-The test script validates:
-- Email domain extraction logic
-- API endpoint protection (authentication required)
-- Error handling for invalid inputs
-
-### Manual Testing Steps
-
-1. **Start the application**:
-   ```bash
-   python api/index.py
-   ```
-
-2. **Set up OAuth credentials** in `.env` file:
-   ```
-   GOOGLE_CLIENT_ID=your_google_client_id
-   GOOGLE_CLIENT_SECRET=your_google_client_secret
-   GITHUB_CLIENT_ID=your_github_client_id
-   GITHUB_CLIENT_SECRET=your_github_client_secret
-   ```
-
-3. **Test organization creation**:
-   - Log in with user from domain A (e.g., user1@company.com)
-   - Verify user becomes admin of new organization
-   - Check organization management interface
-
-4. **Test user addition**:
-   - Log in with user from same domain (e.g., user2@company.com)
-   - Verify user is added as pending
-   - Use admin account to approve user
-
-5. **Test admin functions**:
-   - Use admin account to add users by email
-   - Approve pending users
-   - View organization member list
-
-## Configuration Requirements
-
-### Environment Variables
-```
-FASTAPI_SECRET_KEY=your_secret_key
-GOOGLE_CLIENT_ID=your_google_oauth_client_id
-GOOGLE_CLIENT_SECRET=your_google_oauth_client_secret
-GITHUB_CLIENT_ID=your_github_oauth_client_id
-GITHUB_CLIENT_SECRET=your_github_oauth_client_secret
-```
-
-### Database Setup
-The implementation uses FalkorDB (Redis-based graph database). Ensure the database is running and accessible through the existing `db` extension.
-
-## Future Enhancements
-
-### Potential Improvements
-1. **Organization Settings**: Allow admins to configure organization name and settings
-2. **Role Management**: Add more granular roles (viewer, editor, admin)
-3. **Bulk User Management**: Allow CSV upload for bulk user addition
-4. **User Removal**: Add functionality to remove users from organizations
-5. **Organization Transfer**: Allow transfer of admin rights
-6. **Audit Logging**: Track organization management actions
-7. **Email Notifications**: Send emails when users are added/approved
-8. **Multi-organization Support**: Allow users to belong to multiple organizations
-
-### Scalability Considerations
-1. **Pagination**: Add pagination for large user lists
-2. **Search/Filter**: Add search functionality for user lists
-3. **Caching**: Implement caching for organization data
-4. **Rate Limiting**: Add rate limiting for admin actions
-
-## Troubleshooting
-
-### Common Issues
-
-1. **Organization not created**: Check email domain extraction and database connectivity
-2. **User not linked**: Verify OAuth authentication and user creation process
-3. **Admin functions not available**: Check user role and organization status
-4. **API authentication errors**: Verify OAuth setup and session management
-
-### Debug Steps
-
-1. Check application logs for error messages
-2. Verify database connectivity and graph structure
-3. Test OAuth authentication flow
-4. Validate API endpoint responses
-5. Check browser console for JavaScript errors
-
-## Implementation Summary
-
-This implementation successfully provides:
-
-✅ **Automatic organization creation** based on email domains  
-✅ **First user as admin** functionality  
-✅ **Pending user approval** system  
-✅ **Admin-only user management** interface  
-✅ **Email-based user addition** with domain validation  
-✅ **Secure API endpoints** with proper authentication  
-✅ **User-friendly frontend** interface  
-✅ **Comprehensive error handling** and validation  
-✅ **Integration with existing OAuth** login system  
-✅ **Graph database schema** for efficient relationship management  
-
-The system is ready for production use with proper OAuth configuration and provides a solid foundation for future organizational features.
diff --git a/demo_schema_monitor.py b/demo_schema_monitor.py
deleted file mode 100644
index 36b00f2b..00000000
--- a/demo_schema_monitor.py
+++ /dev/null
@@ -1,103 +0,0 @@
-"""Demonstration script for schema monitoring functionality."""
-
-import sys
-import os
-
-# Add the parent directory to the path so we can import from api
-sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-
-from api.loaders.postgres_loader import PostgresLoader
-
-
-def demonstrate_schema_monitoring():
-    """Demonstrate the schema monitoring functionality."""
-
-    print("🔍 Schema Monitoring Demonstration")
-    print("=" * 50)
-
-    # Test queries that modify schema
-    schema_queries = [
-        (
-            "CREATE TABLE customers (id SERIAL PRIMARY KEY, name VARCHAR(100),"
-            " email VARCHAR(100))"
-        ),
-        "ALTER TABLE customers ADD COLUMN phone VARCHAR(20)",
-        "CREATE INDEX idx_customer_email ON customers(email)",
-        "DROP TABLE old_logs",
-        "TRUNCATE TABLE temp_data",
-        (
-            "CREATE VIEW active_customers AS SELECT * FROM customers "
-            "WHERE active = true"
-        ),
-    ]
-
-    # Test queries that don't modify schema
-    non_schema_queries = [
-        "SELECT * FROM customers",
-        "INSERT INTO customers (name, email) VALUES ('John Doe', 'john@example.com')",
-        "UPDATE customers SET phone = '555-0123' WHERE id = 1",
-        "DELETE FROM customers WHERE id = 999",
-    ]
-
-    print("\n📝 Testing Schema-Modifying Queries:")
-    print("-" * 40)
-
-    for query in schema_queries:
-        is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-
-        print(f"\n🔧 Query: {query[:60]}{'...' if len(query) > 60 else ''}")
-        print(f"   ✅ Schema Modifying: {is_modifying}")
-        print(f"   🏷️  Operation Type: {operation}")
-        if is_modifying:
-            print(f"   📋 Summary: {operation} operation detected")
-
-    print("\n\n📝 Testing Non-Schema-Modifying Queries:")
-    print("-" * 40)
-
-    for query in non_schema_queries:
-        is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-
-        print(f"\n📊 Query: {query[:60]}{'...' if len(query) > 60 else ''}")
-        print(f"   ❌ Schema Modifying: {is_modifying}")
-        print(f"   🏷️  Operation Type: {operation if operation else 'N/A'}")
-
-    print("\n\n🎯 Summary:")
-    print("-" * 20)
-    schema_count = sum(
-        1
-        for q in schema_queries
-        if PostgresLoader.is_schema_modifying_query(q)[0]
-    )
-    non_schema_count = sum(
-        1
-        for q in non_schema_queries
-        if not PostgresLoader.is_schema_modifying_query(q)[0]
-    )
-
-    summary_schema = f"{schema_count}/{len(schema_queries)}"
-    summary_non_schema = f"{non_schema_count}/{len(non_schema_queries)}"
-
-    print("✅ Correctly identified", summary_schema, "schema-modifying queries")
-    print("✅ Correctly identified", summary_non_schema, "non-schema-modifying queries")
-
-    print("\n🔄 How it works in the text2sql system:")
-    print("-" * 40)
-    print("1. When a user executes a SQL query through the chat interface")
-    print("2. The system checks if the query modifies the database schema")
-    print("3. If schema modification is detected:")
-    print("   a. The query is executed normally")
-    print("   b. The graph schema is automatically refreshed from the database")
-    print("   c. A confirmation message is shown to the user")
-    print("4. Future queries will use the updated schema information")
-
-    print("\n🚀 Benefits:")
-    print("-" * 12)
-    print("• Automatic schema synchronization")
-    print("• No manual intervention required")
-    print("• Real-time graph updates")
-    print("• Better query accuracy with up-to-date schema")
-    print("• All functionality integrated into existing PostgresLoader class")
-
-
-if __name__ == "__main__":
-    demonstrate_schema_monitoring()
diff --git a/examples/postgres_loader_example.py b/examples/postgres_loader_example.py
deleted file mode 100644
index bb3cd918..00000000
--- a/examples/postgres_loader_example.py
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env python3
-"""
-Example usage of PostgreSQL Loader
-
-This script demonstrates how to use the PostgreSQL loader to extract
-schema information from a PostgreSQL database and load it into a graph.
-"""
-
-from api.loaders.postgres_loader import PostgreSQLLoader
-
-
-def main():
-    """
-    Example usage of PostgreSQL loader
-    """
-
-    # Example connection URLs (modify these with your actual database credentials)
-    connection_examples = [
-        "postgresql://username:password@localhost:5432/mydatabase",
-        "postgresql://user:pass@example.com:5432/production_db",
-        "postgresql://postgres:admin@127.0.0.1:5432/testdb",
-    ]
-
-    print("PostgreSQL Loader Example")
-    print("=" * 40)
-    print()
-    print("Example connection URL formats:")
-    for i, url in enumerate(connection_examples, 1):
-        print(f"{i}. {url}")
-    print()
-
-    # Get connection URL from user
-    connection_url = input("Enter your PostgreSQL connection URL: ").strip()
-
-    if not connection_url:
-        print("No connection URL provided. Using example URL...")
-        connection_url = "postgresql://postgres:password@localhost:5432/example_db"
-
-    # Get graph ID
-    graph_id = input("Enter graph ID (default: 'postgres_schema'): ").strip()
-    if not graph_id:
-        graph_id = "postgres_schema"
-
-    print(f"\nConnecting to database: {connection_url}")
-    print(f"Loading into graph: {graph_id}")
-    print()
-
-    # Load the schema
-    try:
-        success, message = PostgreSQLLoader.load(graph_id, connection_url)
-
-        if success:
-            print("✅ Success!")
-            print(f"   {message}")
-        else:
-            print("❌ Failed!")
-            print(f"   {message}")
-
-    except (ImportError, AttributeError, ValueError) as e:
-        print(f"❌ Unexpected error: {str(e)}")
-
-
-if __name__ == "__main__":
-    main()
diff --git a/test_deps.py b/test_deps.py
deleted file mode 100644
index 91a04821..00000000
--- a/test_deps.py
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script to check if aiosignal version conflicts are resolved
-"""
-import sys
-
-def test_aiosignal_import():
-    try:
-        import aiosignal
-        print(f"aiosignal version: {aiosignal.__version__}")
-        return True
-    except ImportError as e:
-        print(f"Failed to import aiosignal: {e}")
-        return False
-
-def test_aiohttp_import():
-    try:
-        import aiohttp
-        print(f"aiohttp version: {aiohttp.__version__}")
-        return True
-    except ImportError as e:
-        print(f"Failed to import aiohttp: {e}")
-        return False
-
-if __name__ == "__main__":
-    print("Testing dependency compatibility...")
-    aiosignal_ok = test_aiosignal_import()
-    aiohttp_ok = test_aiohttp_import()
-
-    if aiosignal_ok and aiohttp_ok:
-        print("✅ Dependencies are compatible!")
-        sys.exit(0)
-    else:
-        print("❌ Dependency issues detected")
-        sys.exit(1)
diff --git a/test_postgres_loader.py b/test_postgres_loader.py
deleted file mode 100644
index 96da37db..00000000
--- a/test_postgres_loader.py
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script for PostgresLoader.execute_sql_query to verify INSERT/UPDATE/DELETE handling.
-"""
-
-import os
-import sys
-
-# Add the api directory to the Python path
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'api'))
-
-from loaders.postgres_loader import PostgresLoader
-
-def test_postgres_loader():
-    """Test PostgresLoader.execute_sql_query with different query types."""
-
-    # Note: This test requires a real PostgreSQL connection to work fully
-    # Here we're just testing the method signature and basic structure
-
-    print("Testing PostgresLoader.execute_sql_query method...")
-
-    # Test the method exists and can be called
-    try:
-        # This will fail with connection error, but that's expected without a real DB
-        PostgresLoader.execute_sql_query("SELECT 1", "postgresql://user:pass@localhost/test")
-    except Exception as e:
-        print(f"Expected connection error: {type(e).__name__}")
-        print("This confirms the method exists and basic error handling works")
-
-    print("\nPostgresLoader test completed!")
-    print("To fully test, you'll need a real PostgreSQL connection URL")
-
-if __name__ == "__main__":
-    test_postgres_loader()
diff --git a/test_response_agent.py b/test_response_agent.py
deleted file mode 100644
index f4185136..00000000
--- a/test_response_agent.py
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script for the ResponseFormatterAgent to ensure it works correctly.
-"""
-
-import os
-import sys
-
-# Add the api directory to the Python path
-sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'api'))
-
-from agents import ResponseFormatterAgent
-
-def test_response_agent():
-    """Test the ResponseFormatterAgent with sample data."""
-
-    # Initialize the agent
-    agent = ResponseFormatterAgent()
-
-    # Test case 1: Simple count query
-    user_query1 = "How many customers do we have?"
-    sql_query1 = "SELECT COUNT(*) as customer_count FROM customers"
-    query_results1 = [{"customer_count": 150}]
-    db_description1 = "A customer management database containing customer information."
-
-    print("Test 1: Simple count query")
-    print(f"User Query: {user_query1}")
-    print(f"SQL Query: {sql_query1}")
-    print(f"Results: {query_results1}")
-    print("AI Response:")
-
-    try:
-        response1 = agent.format_response(user_query1, sql_query1, query_results1, db_description1)
-        print(response1)
-        print("\n" + "="*80 + "\n")
-    except Exception as e:
-        print(f"Error: {e}")
-        print("Note: This might fail without proper API credentials")
-        print("\n" + "="*80 + "\n")
-
-    # Test case 2: List query with multiple results
-    user_query2 = "What are the top 5 products by sales?"
-    sql_query2 = (
-        "SELECT product_name, sales_amount FROM products "
-        "ORDER BY sales_amount DESC LIMIT 5"
-    )
-    query_results2 = [
-        {"product_name": "Laptop Pro", "sales_amount": 50000},
-        {"product_name": "Wireless Mouse", "sales_amount": 35000},
-        {"product_name": "USB-C Cable", "sales_amount": 28000},
-        {"product_name": "Bluetooth Speaker", "sales_amount": 22000},
-        {"product_name": "Phone Case", "sales_amount": 18000}
-    ]
-    db_description2 = "An e-commerce database containing product and sales information."
-
-    print("Test 2: Top products query")
-    print(f"User Query: {user_query2}")
-    print(f"SQL Query: {sql_query2}")
-    print(f"Results: {query_results2}")
-    print("AI Response:")
-
-    try:
-        response2 = agent.format_response(user_query2, sql_query2, query_results2, db_description2)
-        print(response2)
-        print("\n" + "="*80 + "\n")
-    except Exception as e:
-        print(f"Error: {e}")
-        print("Note: This might fail without proper API credentials")
-        print("\n" + "="*80 + "\n")
-
-    # Test case 3: INSERT query result
-    user_query3 = "Add a new user with name Guy and email gg@gg.com"
-    sql_query3 = "INSERT INTO users (id, name, email) VALUES (12345, 'Guy', 'gg@gg.com')"
-    query_results3 = [{"operation": "INSERT", "affected_rows": 1, "status": "success"}]
-    db_description3 = "A user management database."
-
-    print("Test 3: INSERT query result")
-    print(f"User Query: {user_query3}")
-    print(f"SQL Query: {sql_query3}")
-    print(f"Results: {query_results3}")
-    print("AI Response:")
-
-    try:
-        response3 = agent.format_response(user_query3, sql_query3, query_results3, db_description3)
-        print(response3)
-        print("\n" + "="*80 + "\n")
-    except Exception as e:
-        print(f"Error: {e}")
-        print("Note: This might fail without proper API credentials")
-        print("\n" + "="*80 + "\n")
-
-    # Test case 4: Destructive operation detection (simulation)
-    print("Test 4: Destructive operation detection (simulation)")
-    print("This would be detected as destructive and require confirmation:")
-
-    user_query4 = "Delete the user with email test@example.com"
-    sql_query4 = "DELETE FROM users WHERE email = 'test@example.com'"
-    print(f"User Query: {user_query4}")
-    print(f"SQL Query: {sql_query4}")
-    print("🛡️ This would trigger the destructive operation confirmation dialog")
-    print("User would need to type 'CONFIRM' to proceed")
-    print("\n" + "="*80 + "\n")
-
-    # Test case 5: Empty results
-    user_query5 = "How many orders were placed yesterday?"
-    sql_query5 = "SELECT COUNT(*) as order_count FROM orders WHERE order_date = '2024-01-20'"
-    query_results5 = []
-    db_description5 = "An order management database."
-
-    print("Test 5: Empty results query")
-    print(f"User Query: {user_query5}")
-    print(f"SQL Query: {sql_query5}")
-    print(f"Results: {query_results5}")
-    print("AI Response:")
-
-    try:
-        response5 = agent.format_response(user_query5, sql_query5, query_results5, db_description5)
-        print(response5)
-    except Exception as e:
-        print(f"Error: {e}")
-        print("Note: This might fail without proper API credentials")
-
-if __name__ == "__main__":
-    print("Testing ResponseFormatterAgent...")
-    print("="*80)
-    test_response_agent()
-    print("="*80)
-    print("Test completed!")
diff --git a/test_role_assignment.py b/test_role_assignment.py
deleted file mode 100644
index b2c955ac..00000000
--- a/test_role_assignment.py
+++ /dev/null
@@ -1,101 +0,0 @@
-#!/usr/bin/env python3
-"""
-Test script to verify role assignment works correctly.
-"""
-
-import sys
-import os
-sys.path.append('.')
-
-from api.extensions import db
-from api.auth.organization_management import (
-    check_or_create_organization, 
-    get_user_role,
-    extract_email_domain
-)
-from api.auth.user_management import ensure_user_in_organizations
-
-def test_first_user_admin_role():
-    """Test that the first user in an organization gets admin role."""
-    
-    # Test email
-    test_email = "admin@testcompany.com"
-    domain = extract_email_domain(test_email)
-    
-    print(f"Testing role assignment for: {test_email}")
-    print(f"Domain: {domain}")
-    
-    # Clear any existing data for this test domain
-    try:
-        organizations_graph = db.select_graph("Organizations")
-        
-        # Clean up test data
-        cleanup_query = """
-        MATCH (user:User {email: $email})-[r:BELONGS_TO]->(org:Organization {domain: $domain})
-        DELETE r
-        WITH user, org
-        OPTIONAL MATCH (user)<-[:AUTHENTICATES]-(identity:Identity)
-        DELETE identity, user, org
-        """
-        organizations_graph.query(cleanup_query, {"email": test_email, "domain": domain})
-        print("Cleaned up existing test data")
-        
-    except Exception as e:
-        print(f"Cleanup warning: {e}")
-    
-    # Test user creation (should be first user and get admin role)
-    print("\n1. Creating first user in organization...")
-    is_new_user, user_info = ensure_user_in_organizations(
-        provider_user_id="test123",
-        email=test_email,
-        name="Test Admin",
-        provider="google"
-    )
-    
-    if user_info:
-        print(f"✓ User created successfully: {is_new_user}")
-        
-        # Check user role
-        role = get_user_role(test_email)
-        print(f"✓ User role: {role}")
-        
-        if role == "admin":
-            print("✅ SUCCESS: First user correctly assigned admin role!")
-        else:
-            print(f"❌ FAILURE: First user has role '{role}', expected 'admin'")
-            
-        # Check organization creation
-        is_new_org, org_info = check_or_create_organization(test_email)
-        print(f"✓ Organization new: {not is_new_org} (should be False since it exists now)")
-        
-    else:
-        print("❌ FAILURE: User creation failed")
-    
-    # Test second user (should get default 'user' role and be pending)
-    print("\n2. Creating second user in same organization...")
-    second_email = "user@testcompany.com"
-    
-    is_new_user2, user_info2 = ensure_user_in_organizations(
-        provider_user_id="test456",
-        email=second_email,
-        name="Test User",
-        provider="google"
-    )
-    
-    if user_info2:
-        print(f"✓ Second user created: {is_new_user2}")
-        
-        role2 = get_user_role(second_email)
-        print(f"✓ Second user role: {role2}")
-        
-        if role2 == "user":
-            print("✅ SUCCESS: Second user correctly assigned user role!")
-        else:
-            print(f"❌ FAILURE: Second user has role '{role2}', expected 'user'")
-    else:
-        print("❌ FAILURE: Second user creation failed")
-    
-    print("\nTest completed!")
-
-if __name__ == "__main__":
-    test_first_user_admin_role()
diff --git a/test_schema_monitor.py b/test_schema_monitor.py
deleted file mode 100644
index 10316f20..00000000
--- a/test_schema_monitor.py
+++ /dev/null
@@ -1,98 +0,0 @@
-"""Test script for schema monitoring functionality."""
-
-import unittest
-import sys
-import os
-
-# Add the parent directory to the path so we can import from api
-sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-
-from api.loaders.postgres_loader import PostgresLoader
-
-
-class TestSchemaMonitor(unittest.TestCase):
-    """Test cases for PostgresLoader schema monitoring functionality."""
-
-    def test_create_table_detection(self):
-        """Test detection of CREATE TABLE statements."""
-        queries = [
-            "CREATE TABLE users (id INT PRIMARY KEY, name VARCHAR(50))",
-            "create table products (id serial primary key, name text)",
-            "CREATE TABLE IF NOT EXISTS orders (id INT, user_id INT)",
-        ]
-
-        for query in queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertTrue(is_modifying, f"Should detect CREATE TABLE: {query}")
-            self.assertEqual(operation, "CREATE")
-
-    def test_alter_table_detection(self):
-        """Test detection of ALTER TABLE statements."""
-        queries = [
-            "ALTER TABLE users ADD COLUMN email VARCHAR(100)",
-            "alter table products drop column description",
-            "ALTER TABLE orders MODIFY COLUMN total DECIMAL(10,2)",
-        ]
-
-        for query in queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertTrue(is_modifying, f"Should detect ALTER TABLE: {query}")
-            self.assertEqual(operation, "ALTER")
-
-    def test_drop_table_detection(self):
-        """Test detection of DROP TABLE statements."""
-        queries = [
-            "DROP TABLE users",
-            "drop table if exists products",
-            "DROP TABLE orders CASCADE",
-        ]
-
-        for query in queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertTrue(is_modifying, f"Should detect DROP TABLE: {query}")
-            self.assertEqual(operation, "DROP")
-
-    def test_index_operations_detection(self):
-        """Test detection of index-related operations."""
-        queries = [
-            "CREATE INDEX idx_user_email ON users(email)",
-            "CREATE UNIQUE INDEX idx_product_sku ON products(sku)",
-            "DROP INDEX idx_user_email",
-        ]
-
-        for query in queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertTrue(is_modifying, f"Should detect index operation: {query}")
-            self.assertIn(operation, ["CREATE", "DROP"])
-
-    def test_non_schema_queries(self):
-        """Test that non-schema-modifying queries are not detected."""
-        queries = [
-            "SELECT * FROM users",
-            "INSERT INTO users (name) VALUES ('John')",
-            "UPDATE users SET name = 'Jane' WHERE id = 1",
-            "DELETE FROM users WHERE id = 1",
-        ]
-
-        for query in queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertFalse(is_modifying, f"Should not detect as schema-modifying: {query}")
-
-    def test_empty_and_invalid_queries(self):
-        """Test handling of empty and invalid queries."""
-        invalid_queries = [
-            "",
-            "   ",
-            None,
-            "INVALID SQL STATEMENT",
-        ]
-
-        for query in invalid_queries:
-            is_modifying, operation = PostgresLoader.is_schema_modifying_query(query)
-            self.assertFalse(is_modifying, f"Should not detect empty/invalid query: {query}")
-            self.assertEqual(operation, "")
-
-
-if __name__ == "__main__":
-    print("Running Schema Monitor Tests...")
-    unittest.main(verbosity=2)
diff --git a/test_user_image.html b/test_user_image.html
deleted file mode 100644
index 38fb7213..00000000
--- a/test_user_image.html
+++ /dev/null
@@ -1,67 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-    <title>Test User Image</title>
-    <style>
-        /* Simplified CSS for testing */
-        .user-message-container::before {
-            content: attr(data-user-label);
-            width: 40px;
-            height: 40px;
-            background: #ccc;
-            border-radius: 50%;
-            display: inline-block;
-            text-align: center;
-            line-height: 40px;
-            margin-right: 10px;
-        }
-
-        .user-message-container[data-user-image]::before {
-            content: "";
-            background-size: cover;
-            background-position: center;
-            background-repeat: no-repeat;
-            width: 40px;
-            height: 40px;
-            border-radius: 50%;
-            margin-right: 10px;
-        }
-
-        .message-container {
-            margin: 10px 0;
-            display: flex;
-            align-items: center;
-        }
-    </style>
-</head>
-<body>
-    <h1>User Image Test</h1>
-    
-    <!-- Test with image -->
-    <div class="message-container user-message-container" data-user-image="https://via.placeholder.com/40">
-        <span>Message with image</span>
-    </div>
-    
-    <!-- Test with text label -->
-    <div class="message-container user-message-container" data-user-label="J">
-        <span>Message with text label</span>
-    </div>
-
-    <script>
-        // Simulate the dynamic style injection for image
-        function setUserImage(container, imageUrl) {
-            const style = document.createElement('style');
-            const containerClass = 'user-image-' + Date.now();
-            container.classList.add(containerClass);
-            style.textContent = `.${containerClass}::before { background-image: url('${imageUrl}') !important; }`;
-            document.head.appendChild(style);
-        }
-
-        // Apply to the image container
-        const imageContainer = document.querySelector('[data-user-image]');
-        if (imageContainer) {
-            setUserImage(imageContainer, imageContainer.getAttribute('data-user-image'));
-        }
-    </script>
-</body>
-</html>

From b24d2b48802562eaee1028cda76b634023ea96d4 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 07:36:00 +0300
Subject: [PATCH 05/11] return 404 on deleted graph

---
 api/routes/graphs.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api/routes/graphs.py b/api/routes/graphs.py
index ffe1815b..1aa96562 100644
--- a/api/routes/graphs.py
+++ b/api/routes/graphs.py
@@ -9,6 +9,7 @@
 from fastapi import APIRouter, Request, HTTPException, UploadFile, File
 from fastapi.responses import JSONResponse, StreamingResponse
 from pydantic import BaseModel
+from redis import ResponseError
 
 from api.agents import AnalysisAgent, RelevancyAgent, ResponseFormatterAgent
 from api.auth.user_management import token_required
@@ -717,6 +718,9 @@ async def delete_graph(request: Request, graph_id: str):
         graph = db.select_graph(namespaced)
         graph.delete()
         return JSONResponse(content={"success": True, "graph": graph_id})
+    except ResponseError:
+        return JSONResponse(content={"error": "Failed to delete graph, Graph not found"},
+                            status_code=404)
     except Exception as e:
         logging.exception("Failed to delete graph %s: %s", sanitize_log_input(namespaced), e)
         return JSONResponse(content={"error": "Failed to delete graph"}, status_code=500)

From 47a0216accb67c3144f82d0ecae344b566600024 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Mon, 25 Aug 2025 08:25:28 +0300
Subject: [PATCH 06/11] fix css

---
 app/public/css/menu.css | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/public/css/menu.css b/app/public/css/menu.css
index f87db137..91d6a85c 100644
--- a/app/public/css/menu.css
+++ b/app/public/css/menu.css
@@ -358,12 +358,14 @@
 
 .graph-options {
   position: absolute;
-  top: calc(100% + 6px);
+  top: calc(100%);
   left: 0;
   right: 0;
   background: var(--falkor-secondary);
   border: 1px solid var(--border-color);
   border-radius: 6px;
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
   box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
   max-height: 260px;
   overflow: auto;

From 4921a0a07081908cd533a51df7f3f3d3eb33c5ba Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Wed, 27 Aug 2025 23:34:03 +0300
Subject: [PATCH 07/11] fix delete graph

---
 api/routes/graphs.py     | 42 +++++++++++++++++-----------------------
 app/ts/modules/graphs.ts | 28 ++++++++++++++++-----------
 2 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/api/routes/graphs.py b/api/routes/graphs.py
index 6c236b2a..4ec9fa5f 100644
--- a/api/routes/graphs.py
+++ b/api/routes/graphs.py
@@ -90,6 +90,17 @@ def sanitize_log_input(value: str) -> str:
         return str(value)
     return value.replace('\n', ' ').replace('\r', ' ')
 
+def _graph_name(request: Request, graph_id:str) -> str:
+    if not graph_id or not isinstance(graph_id, str):
+        raise HTTPException(status_code=400, detail="Invalid graph_id")
+
+    graph_id = graph_id.strip()[:200]
+    if not graph_id:
+        raise HTTPException(status_code=400,
+                            detail="Invalid graph_id, must be less than 200 characters.")
+
+    return f"{request.state.user_id}_{graph_id}"
+
 @graphs_router.get("")
 @token_required
 async def list_graphs(request: Request):
@@ -113,12 +124,7 @@ async def get_graph_data(request: Request, graph_id: str):
     Nodes contain a minimal set of properties (id, name, labels, props).
     Edges contain source and target node names (or internal ids), type and props.
     """
-    if not graph_id or not isinstance(graph_id, str):
-        return JSONResponse(content={"error": "Invalid graph_id"}, status_code=400)
-
-    graph_id = graph_id.strip()[:200]
-    namespaced = f"{request.state.user_id}_{graph_id}"
-
+    namespaced = _graph_name(request, graph_id)
     try:
         graph = db.select_graph(namespaced)
     except Exception as e:
@@ -270,16 +276,7 @@ async def query_graph(request: Request, graph_id: str, chat_data: ChatRequest):
     """
     text2sql
     """
-    # Input validation
-    if not graph_id or not isinstance(graph_id, str):
-        raise HTTPException(status_code=400, detail="Invalid graph_id")
-
-    # Sanitize graph_id to prevent injection
-    graph_id = graph_id.strip()[:100]  # Limit length and strip whitespace
-    if not graph_id:
-        raise HTTPException(status_code=400, detail="Invalid graph_id")
-
-    graph_id = f"{request.state.user_id}_{graph_id}"
+    graph_id = _graph_name(request, graph_id)
 
     queries_history = chat_data.chat if hasattr(chat_data, 'chat') else None
     result_history = chat_data.result if hasattr(chat_data, 'result') else None
@@ -554,7 +551,8 @@ async def confirm_destructive_operation(
     """
     Handle user confirmation for destructive SQL operations
     """
-    graph_id = f"{request.state.user_id}_{graph_id.strip()}"
+
+    graph_id = _graph_name(request, graph_id)
 
     if hasattr(confirm_data, 'confirmation'):
         confirmation = confirm_data.confirmation.strip().upper()
@@ -675,7 +673,7 @@ async def refresh_graph_schema(request: Request, graph_id: str):
     This endpoint allows users to manually trigger a schema refresh
     if they suspect the graph is out of sync with the database.
     """
-    graph_id = f"{request.state.user_id}_{graph_id.strip()}"
+    graph_id = _graph_name(request, graph_id)
 
     try:
         # Get database connection details
@@ -728,16 +726,12 @@ async def delete_graph(request: Request, graph_id: str):
     namespace and will be namespaced using the user's id from the request
     state.
     """
-    if not graph_id or not isinstance(graph_id, str):
-        return JSONResponse(content={"error": "Invalid graph_id"}, status_code=400)
-
-    graph_id = graph_id.strip()[:200]
-    namespaced = request.state.user_id + "_" + graph_id
+    namespaced = _graph_name(request, graph_id)
 
     try:
         # Select and delete the graph using the FalkorDB client API
         graph = db.select_graph(namespaced)
-        graph.delete()
+        await graph.delete()
         return JSONResponse(content={"success": True, "graph": graph_id})
     except ResponseError:
         return JSONResponse(content={"error": "Failed to delete graph, Graph not found"},
diff --git a/app/ts/modules/graphs.ts b/app/ts/modules/graphs.ts
index 8eaa2a47..87f13b65 100644
--- a/app/ts/modules/graphs.ts
+++ b/app/ts/modules/graphs.ts
@@ -34,21 +34,24 @@ export function loadGraphs() {
         .then((data: string[]) => {
             console.log('Graphs loaded:', data);
             if (!data || data.length === 0) {
-                const option = document.createElement('option');
-                option.value = '';
-                option.textContent = 'No graphs available';
-                option.disabled = true;
-
+                // Clear custom dropdown and show no graphs state
+                clearGraphOptions();
+                
                 if (DOM.messageInput) DOM.messageInput.disabled = true;
                 if (DOM.submitButton) DOM.submitButton.disabled = true;
                 if (DOM.messageInput) DOM.messageInput.placeholder = 'Please upload a schema or connect a database to start chatting';
 
                 addMessage('No graphs are available. Please upload a schema file or connect to a database to get started.', false);
-                // set visible selected label to placeholder text
+                
+                // Update the visible selected label to show no graphs state
                 const selectedLabel = document.getElementById('graph-selected');
                 if (selectedLabel) {
-                    const dropdownText = selectedLabel.querySelector && selectedLabel.querySelector('.dropdown-text');
-                    if (dropdownText) dropdownText.textContent = 'Select Database'; else selectedLabel.textContent = 'Select Database';
+                    const dropdownText = selectedLabel.querySelector('.dropdown-text');
+                    if (dropdownText) {
+                        dropdownText.textContent = 'No graphs available';
+                    } else {
+                        selectedLabel.textContent = 'No graphs available';
+                    }
                 }
                 return;
             }
@@ -80,10 +83,12 @@ export function loadGraphs() {
                                 throw new Error(`Delete failed: ${resp.status} ${text}`);
                             }
                             addMessage(`Graph "${name}" deleted.`, false);
-                            loadGraphs();
                         } catch (err) {
                             console.error('Error deleting graph:', err);
                             addMessage('Error deleting graph: ' + (err as Error).message, false);
+                        } finally {
+                            // Always refresh the graph list after delete attempt
+                            loadGraphs();
                         }
                     });
                 });
@@ -143,8 +148,6 @@ async function onDeleteClick() {
             throw new Error(`Failed to delete graph: ${resp.status} ${text}`);
         }
         addMessage(`Graph '${graphName}' deleted.`, false);
-        // Reload graphs list
-        loadGraphs();
         // Clear current chat state if the deleted graph was selected
         if (window && (window as any).currentGraph === graphName) {
             (window as any).currentGraph = undefined;
@@ -152,6 +155,9 @@ async function onDeleteClick() {
     } catch (err) {
         console.error('Error deleting graph:', err);
         addMessage('Error deleting graph: ' + (err as Error).message, false);
+    } finally {
+        // Always reload graphs list after delete attempt
+        loadGraphs();
     }
 }
 

From 9b91bf95b6d11b3d94c21125b7c478276e3b2629 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Fri, 29 Aug 2025 14:32:34 +0300
Subject: [PATCH 08/11] Potential fix for code scanning alert no. 131: Log
 Injection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 api/routes/graphs.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/api/routes/graphs.py b/api/routes/graphs.py
index 4ec9fa5f..0b73f5e2 100644
--- a/api/routes/graphs.py
+++ b/api/routes/graphs.py
@@ -85,10 +85,11 @@ def sanitize_query(query: str) -> str:
     return query.replace('\n', ' ').replace('\r', ' ')[:500]
 
 def sanitize_log_input(value: str) -> str:
-    """Sanitize input for safe logging (remove newlines and carriage returns)."""
+    """Sanitize input for safe logging—remove newlines, carriage returns, tabs, and wrap in repr()."""
     if not isinstance(value, str):
-        return str(value)
-    return value.replace('\n', ' ').replace('\r', ' ')
+        value = str(value)
+    sanitized = value.replace('\n', ' ').replace('\r', ' ').replace('\t', ' ')
+    return repr(sanitized)
 
 def _graph_name(request: Request, graph_id:str) -> str:
     if not graph_id or not isinstance(graph_id, str):

From ffef1dfc4571154643b4e82e0ce31c0ac89590b8 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Fri, 29 Aug 2025 14:34:33 +0300
Subject: [PATCH 09/11] sanitize_log_input

---
 api/routes/graphs.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/api/routes/graphs.py b/api/routes/graphs.py
index 0b73f5e2..ebb108a9 100644
--- a/api/routes/graphs.py
+++ b/api/routes/graphs.py
@@ -85,11 +85,14 @@ def sanitize_query(query: str) -> str:
     return query.replace('\n', ' ').replace('\r', ' ')[:500]
 
 def sanitize_log_input(value: str) -> str:
-    """Sanitize input for safe logging—remove newlines, carriage returns, tabs, and wrap in repr()."""
+    """
+    Sanitize input for safe logging—remove newlines, 
+    carriage returns, tabs, and wrap in repr().
+    """
     if not isinstance(value, str):
         value = str(value)
-    sanitized = value.replace('\n', ' ').replace('\r', ' ').replace('\t', ' ')
-    return repr(sanitized)
+
+    return value.replace('\n', ' ').replace('\r', ' ').replace('\t', ' ')
 
 def _graph_name(request: Request, graph_id:str) -> str:
     if not graph_id or not isinstance(graph_id, str):

From 483b6be001b344968ce73b893d026eef73104c60 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Fri, 29 Aug 2025 14:42:06 +0300
Subject: [PATCH 10/11] fix message

---
 app/ts/modules/graphs.ts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/ts/modules/graphs.ts b/app/ts/modules/graphs.ts
index 87f13b65..96997b3d 100644
--- a/app/ts/modules/graphs.ts
+++ b/app/ts/modules/graphs.ts
@@ -48,10 +48,8 @@ export function loadGraphs() {
                 if (selectedLabel) {
                     const dropdownText = selectedLabel.querySelector('.dropdown-text');
                     if (dropdownText) {
-                        dropdownText.textContent = 'No graphs available';
-                    } else {
-                        selectedLabel.textContent = 'No graphs available';
-                    }
+                        dropdownText.textContent = 'No Databases';
+                    } 
                 }
                 return;
             }

From b954137d3c0ed5ebc3f27f0c7ffa7a8f43082509 Mon Sep 17 00:00:00 2001
From: Guy Korland <gkorland@gmail.com>
Date: Sat, 30 Aug 2025 01:22:19 +0300
Subject: [PATCH 11/11] add checks on auth

---
 api/routes/auth.py | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/api/routes/auth.py b/api/routes/auth.py
index 0fc6d8cf..f48a87b7 100644
--- a/api/routes/auth.py
+++ b/api/routes/auth.py
@@ -150,7 +150,6 @@ async def google_authorized(request: Request) -> RedirectResponse:
         user_info = token.get("userinfo")
 
         if user_info:
-
             user_data = {
                 'id': user_info.get('id') or user_info.get('sub'),
                 'email': user_info.get('email'),
@@ -163,7 +162,7 @@ async def google_authorized(request: Request) -> RedirectResponse:
             if handler:
                 api_token = secrets.token_urlsafe(32)  # ~43 chars, hard to guess
 
-                # call the registered handler (await if async)
+                # Call the registered handler (await if async)
                 await handler('google', user_data, api_token)
 
                 redirect = RedirectResponse(url="/chat", status_code=302)
@@ -176,9 +175,16 @@ async def google_authorized(request: Request) -> RedirectResponse:
 
                 return redirect
 
+            # Handler not set - log and raise error to prevent silent failure
+            logging.error("Google OAuth callback handler not registered in app state")
+            raise HTTPException(status_code=500, detail="Authentication handler not configured")
+
+        # If we reach here, user_info was falsy
+        logging.warning("No user info received from Google OAuth")
         raise HTTPException(status_code=400, detail="Failed to get user info from Google")
 
     except Exception as e:
+        logging.error(f"Google OAuth authentication failed: {str(e)}")
         raise HTTPException(status_code=400, detail=f"Authentication failed: {str(e)}")
 
 
@@ -232,10 +238,9 @@ async def github_authorized(request: Request) -> RedirectResponse:
                         break
 
         if user_info:
-
             user_data = {
                 'id': user_info.get('id'),
-                'email': user_info.get('email'),
+                'email': email,
                 'name': user_info.get('name'),
                 'picture': user_info.get('avatar_url'),
             }
@@ -243,10 +248,9 @@ async def github_authorized(request: Request) -> RedirectResponse:
             # Call the registered GitHub callback handler if it exists to store user data.
             handler = getattr(request.app.state, "callback_handler", None)
             if handler:
-
                 api_token = secrets.token_urlsafe(32)  # ~43 chars, hard to guess
 
-                # call the registered handler (await if async)
+                # Call the registered handler (await if async)
                 await handler('github', user_data, api_token)
 
                 redirect = RedirectResponse(url="/chat", status_code=302)
@@ -259,9 +263,16 @@ async def github_authorized(request: Request) -> RedirectResponse:
 
                 return redirect
 
+            # Handler not set - log and raise error to prevent silent failure
+            logging.error("GitHub OAuth callback handler not registered in app state")
+            raise HTTPException(status_code=500, detail="Authentication handler not configured")
+
+        # If we reach here, user_info was falsy
+        logging.warning("No user info received from GitHub OAuth")
         raise HTTPException(status_code=400, detail="Failed to get user info from Github")
 
     except Exception as e:
+        logging.error(f"GitHub OAuth authentication failed: {str(e)}")
         raise HTTPException(status_code=400, detail=f"Authentication failed: {str(e)}")